@noy-db/hub 0.2.0-pre.29 → 0.2.0-pre.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (170) hide show
  1. package/dist/aggregate/index.js +1 -0
  2. package/dist/aggregate/index.js.map +1 -1
  3. package/dist/attestation/index.d.cts +1 -1
  4. package/dist/attestation/index.d.ts +1 -1
  5. package/dist/attestation/index.js +4 -3
  6. package/dist/attestation/index.js.map +1 -1
  7. package/dist/blobs/index.d.cts +3 -3
  8. package/dist/blobs/index.d.ts +3 -3
  9. package/dist/blobs/index.js +2 -1
  10. package/dist/blobs/index.js.map +1 -1
  11. package/dist/bundle/index.cjs +16825 -893
  12. package/dist/bundle/index.cjs.map +1 -1
  13. package/dist/bundle/index.d.cts +3 -3
  14. package/dist/bundle/index.d.ts +3 -3
  15. package/dist/bundle/index.js +2 -1
  16. package/dist/bundle/index.js.map +1 -1
  17. package/dist/{chunk-DJO4OYCJ.js → chunk-33EQCZXE.js} +2 -2
  18. package/dist/{chunk-ZDW22N3E.js → chunk-BVKLJBJJ.js} +694 -191
  19. package/dist/chunk-BVKLJBJJ.js.map +1 -0
  20. package/dist/{chunk-REHF3HSJ.js → chunk-K4JID2ZE.js} +16 -3
  21. package/dist/chunk-K4JID2ZE.js.map +1 -0
  22. package/dist/{chunk-553CK4E2.js → chunk-OCYFFBZS.js} +2 -2
  23. package/dist/chunk-PZ5AY32C.js +10 -0
  24. package/dist/{chunk-45QJXLLS.js → chunk-Y6YUWZTS.js} +2 -2
  25. package/dist/{chunk-6BSYMFYS.js → chunk-ZK66B5EY.js} +2 -2
  26. package/dist/{chunk-BITB3T5Z.js → chunk-ZPJSQPQH.js} +2 -2
  27. package/dist/consent/index.d.cts +2 -2
  28. package/dist/consent/index.d.ts +2 -2
  29. package/dist/consent/index.js +1 -0
  30. package/dist/consent/index.js.map +1 -1
  31. package/dist/crdt/index.js +1 -0
  32. package/dist/crdt/index.js.map +1 -1
  33. package/dist/{crypto-G6XU2V2Y.js → crypto-OSIV2IIW.js} +2 -1
  34. package/dist/{decrypt-partition-DDSArPPW.d.cts → decrypt-partition-C0iDpbSd.d.cts} +1 -1
  35. package/dist/{decrypt-partition-5Gt0EcTc.d.ts → decrypt-partition-Mhjh6nnG.d.ts} +1 -1
  36. package/dist/{delegation-ZEH4LKEM.js → delegation-BQTRJATI.js} +2 -1
  37. package/dist/derivations/index.d.cts +3 -3
  38. package/dist/derivations/index.d.ts +3 -3
  39. package/dist/derivations/index.js +1 -0
  40. package/dist/{dev-unlock-CIkHrcRm.d.cts → dev-unlock-0Z6yxfS7.d.cts} +1 -1
  41. package/dist/{dev-unlock-BF9IhLPn.d.ts → dev-unlock-DJ3IhgY9.d.ts} +1 -1
  42. package/dist/{executor-DWVP4BSJ.js → executor-KYSKFJ2R.js} +2 -1
  43. package/dist/{executor-HO3SIRSF.js → executor-M7W3NEKR.js} +2 -1
  44. package/dist/{executor-HB2YMIYC.js → executor-VDTDGWO6.js} +2 -1
  45. package/dist/{fanout-sidecar-BMT7I6FI.js → fanout-sidecar-AZALISHB.js} +2 -1
  46. package/dist/{fanout-sidecar-BMT7I6FI.js.map → fanout-sidecar-AZALISHB.js.map} +1 -1
  47. package/dist/forget/index.js +1 -0
  48. package/dist/guards/index.d.cts +3 -3
  49. package/dist/guards/index.d.ts +3 -3
  50. package/dist/guards/index.js +1 -0
  51. package/dist/{hash-Jl0qarQx.d.ts → hash-DLwkYf1d.d.ts} +1 -1
  52. package/dist/{hash-DfhndFcd.d.cts → hash-Db8ncXGr.d.cts} +1 -1
  53. package/dist/history/index.d.cts +3 -3
  54. package/dist/history/index.d.ts +3 -3
  55. package/dist/history/index.js +1 -0
  56. package/dist/history/index.js.map +1 -1
  57. package/dist/i18n/index.cjs +15 -2
  58. package/dist/i18n/index.cjs.map +1 -1
  59. package/dist/i18n/index.d.cts +2 -2
  60. package/dist/i18n/index.d.ts +2 -2
  61. package/dist/i18n/index.js +2 -1
  62. package/dist/i18n/index.js.map +1 -1
  63. package/dist/{index-DcxTv3zx.d.ts → index-CMRIx_zx.d.ts} +1 -1
  64. package/dist/{index-DPG2nFmT.d.cts → index-xJEPkvMb.d.cts} +1 -1
  65. package/dist/index.cjs +16956 -1011
  66. package/dist/index.cjs.map +1 -1
  67. package/dist/index.d.cts +19 -16
  68. package/dist/index.d.ts +19 -16
  69. package/dist/index.js +8 -7
  70. package/dist/index.js.map +1 -1
  71. package/dist/indexing/index.js +1 -0
  72. package/dist/indexing/index.js.map +1 -1
  73. package/dist/{issue-FZRTVGRE.js → issue-DPHRF2TI.js} +2 -1
  74. package/dist/kernel/index.cjs.map +1 -1
  75. package/dist/kernel/index.d.cts +2 -2
  76. package/dist/kernel/index.d.ts +2 -2
  77. package/dist/kernel/index.js +1 -0
  78. package/dist/{ledger-PMTR2Q62.js → ledger-CI7GSMLB.js} +2 -1
  79. package/dist/materialized-views/index.d.cts +3 -3
  80. package/dist/materialized-views/index.d.ts +3 -3
  81. package/dist/materialized-views/index.js +2 -1
  82. package/dist/{mime-magic-BOI-I5dq.d.ts → mime-magic-CacDBwYp.d.ts} +1 -1
  83. package/dist/{mime-magic-C0TM7FtF.d.cts → mime-magic-sdMzsfVK.d.cts} +1 -1
  84. package/dist/{noydb-Y3ZLZNXA.js → noydb-5MIBD77B.js} +6 -5
  85. package/dist/overlay-views/index.d.cts +3 -3
  86. package/dist/overlay-views/index.d.ts +3 -3
  87. package/dist/overlay-views/index.js +1 -0
  88. package/dist/periods/index.d.cts +2 -2
  89. package/dist/periods/index.d.ts +2 -2
  90. package/dist/periods/index.js +2 -1
  91. package/dist/{public-envelope-S2S2VR3F.js → public-envelope-MFMBFJLZ.js} +2 -1
  92. package/dist/query/index.js +1 -0
  93. package/dist/{read-only-facade-EX6WZZBP.js → read-only-facade-3OQRZ3VS.js} +2 -1
  94. package/dist/{registry-DKEXOJVO.js → registry-IX5WKK4F.js} +2 -1
  95. package/dist/{registry-53A55ZZE.js → registry-LMHO5265.js} +2 -1
  96. package/dist/{registry-IEU6ATO7.js → registry-TXCKWH26.js} +2 -1
  97. package/dist/{registry-FKL4SLU4.js → registry-VFEDQSYV.js} +2 -1
  98. package/dist/{revoke-AOCAVR56.js → revoke-5PUOZPJJ.js} +2 -1
  99. package/dist/sealed-record/index.js +1 -0
  100. package/dist/sealed-record/index.js.map +1 -1
  101. package/dist/session/index.d.cts +3 -3
  102. package/dist/session/index.d.ts +3 -3
  103. package/dist/session/index.js +1 -0
  104. package/dist/session/index.js.map +1 -1
  105. package/dist/shadow/index.d.cts +2 -2
  106. package/dist/shadow/index.d.ts +2 -2
  107. package/dist/shadow/index.js +1 -0
  108. package/dist/shadow/index.js.map +1 -1
  109. package/dist/{signer-JMK6W2Y6.js → signer-UB5TQOZ6.js} +2 -1
  110. package/dist/snapshots/index.d.cts +2 -2
  111. package/dist/snapshots/index.d.ts +2 -2
  112. package/dist/snapshots/index.js +1 -0
  113. package/dist/snapshots/index.js.map +1 -1
  114. package/dist/{stale-IIIGOHBW.js → stale-J3TUF5C5.js} +3 -2
  115. package/dist/store/index.d.cts +2 -2
  116. package/dist/store/index.d.ts +2 -2
  117. package/dist/store/index.js +1 -0
  118. package/dist/sync/index.d.cts +1 -1
  119. package/dist/sync/index.d.ts +1 -1
  120. package/dist/sync/index.js +1 -0
  121. package/dist/sync/index.js.map +1 -1
  122. package/dist/team/index.d.cts +2 -2
  123. package/dist/team/index.d.ts +2 -2
  124. package/dist/team/index.js +1 -0
  125. package/dist/{transition-guard-BixCDmBI.d.ts → transition-guard-J04-jime.d.ts} +1 -1
  126. package/dist/{transition-guard-DnAlUf9R.d.cts → transition-guard-tWZIsaXe.d.cts} +1 -1
  127. package/dist/tx/index.d.cts +2 -2
  128. package/dist/tx/index.d.ts +2 -2
  129. package/dist/tx/index.js +3 -2
  130. package/dist/tx/index.js.map +1 -1
  131. package/dist/{types-Ba1vQ3AY.d.cts → types-CdVfiQgt.d.cts} +444 -161
  132. package/dist/{types-CUmZYJwN.d.ts → types-DHn9lEP0.d.ts} +444 -161
  133. package/dist/{ulid-COREQ2RQ.js → ulid-KEPZMD2N.js} +2 -1
  134. package/dist/ulid-KEPZMD2N.js.map +1 -0
  135. package/dist/util/index.js +1 -0
  136. package/dist/util/index.js.map +1 -1
  137. package/dist/{with-materialized-view-Bjx6VYPc.d.ts → with-materialized-view-DNfzC5lH.d.ts} +1 -1
  138. package/dist/{with-materialized-view-Z_aHLln6.d.cts → with-materialized-view-DfgPcvi9.d.cts} +1 -1
  139. package/dist/{with-overlayed-view-pTOFgHRq.d.cts → with-overlayed-view-Cvfkx1lg.d.cts} +1 -1
  140. package/dist/{with-overlayed-view-B8PkL179.d.ts → with-overlayed-view-qk3lbhOd.d.ts} +1 -1
  141. package/dist/{with-rollup-Cd3t01Mz.d.ts → with-rollup-Dd3_ZG4b.d.ts} +1 -1
  142. package/dist/{with-rollup-D9qQoffP.d.cts → with-rollup-nIxo7h9z.d.cts} +1 -1
  143. package/dist/zod-HAJM7LMS.js +14763 -0
  144. package/dist/zod-HAJM7LMS.js.map +1 -0
  145. package/package.json +4 -4
  146. package/dist/chunk-REHF3HSJ.js.map +0 -1
  147. package/dist/chunk-ZDW22N3E.js.map +0 -1
  148. /package/dist/{chunk-DJO4OYCJ.js.map → chunk-33EQCZXE.js.map} +0 -0
  149. /package/dist/{chunk-553CK4E2.js.map → chunk-OCYFFBZS.js.map} +0 -0
  150. /package/dist/{crypto-G6XU2V2Y.js.map → chunk-PZ5AY32C.js.map} +0 -0
  151. /package/dist/{chunk-45QJXLLS.js.map → chunk-Y6YUWZTS.js.map} +0 -0
  152. /package/dist/{chunk-6BSYMFYS.js.map → chunk-ZK66B5EY.js.map} +0 -0
  153. /package/dist/{chunk-BITB3T5Z.js.map → chunk-ZPJSQPQH.js.map} +0 -0
  154. /package/dist/{delegation-ZEH4LKEM.js.map → crypto-OSIV2IIW.js.map} +0 -0
  155. /package/dist/{executor-DWVP4BSJ.js.map → delegation-BQTRJATI.js.map} +0 -0
  156. /package/dist/{executor-HB2YMIYC.js.map → executor-KYSKFJ2R.js.map} +0 -0
  157. /package/dist/{executor-HO3SIRSF.js.map → executor-M7W3NEKR.js.map} +0 -0
  158. /package/dist/{issue-FZRTVGRE.js.map → executor-VDTDGWO6.js.map} +0 -0
  159. /package/dist/{ledger-PMTR2Q62.js.map → issue-DPHRF2TI.js.map} +0 -0
  160. /package/dist/{noydb-Y3ZLZNXA.js.map → ledger-CI7GSMLB.js.map} +0 -0
  161. /package/dist/{public-envelope-S2S2VR3F.js.map → noydb-5MIBD77B.js.map} +0 -0
  162. /package/dist/{read-only-facade-EX6WZZBP.js.map → public-envelope-MFMBFJLZ.js.map} +0 -0
  163. /package/dist/{registry-53A55ZZE.js.map → read-only-facade-3OQRZ3VS.js.map} +0 -0
  164. /package/dist/{registry-DKEXOJVO.js.map → registry-IX5WKK4F.js.map} +0 -0
  165. /package/dist/{registry-FKL4SLU4.js.map → registry-LMHO5265.js.map} +0 -0
  166. /package/dist/{registry-IEU6ATO7.js.map → registry-TXCKWH26.js.map} +0 -0
  167. /package/dist/{revoke-AOCAVR56.js.map → registry-VFEDQSYV.js.map} +0 -0
  168. /package/dist/{signer-JMK6W2Y6.js.map → revoke-5PUOZPJJ.js.map} +0 -0
  169. /package/dist/{stale-IIIGOHBW.js.map → signer-UB5TQOZ6.js.map} +0 -0
  170. /package/dist/{ulid-COREQ2RQ.js.map → stale-J3TUF5C5.js.map} +0 -0
@@ -2,8 +2,9 @@ import {
2
2
  generateULID,
3
3
  isULID
4
4
  } from "./chunk-FZU343FL.js";
5
+ import "./chunk-PZ5AY32C.js";
5
6
  export {
6
7
  generateULID,
7
8
  isULID
8
9
  };
9
- //# sourceMappingURL=ulid-COREQ2RQ.js.map
10
+ //# sourceMappingURL=ulid-KEPZMD2N.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
@@ -4,6 +4,7 @@ import {
4
4
  import {
5
5
  FilenameSanitizationError
6
6
  } from "../chunk-JZ5DS4DP.js";
7
+ import "../chunk-PZ5AY32C.js";
7
8
 
8
9
  // src/util/sanitize-filename.ts
9
10
  var REPLACEMENT = "_";
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/util/sanitize-filename.ts"],"sourcesContent":["/**\n * Target-profile aware filename sanitizer.\n *\n * Pure string in / string out. No filesystem access, no I/O. Use this\n * at the boundary where a user-supplied filename meets a storage\n * destination — local FS, ZIP archive, S3 key, URL path, SMB share —\n * to defuse the canonical 14-class footgun before it reaches that\n * destination.\n *\n * ## Threat model\n *\n * 1. Path injection — `..`, NUL bytes, `\\` on POSIX, absolute paths.\n * 2. Windows reserved names — `CON`, `PRN`, `AUX`, `NUL`,\n * `COM1-9`, `LPT1-9`, with or without an extension.\n * 3. Windows reserved chars — `< > : \" / \\ | ? *` plus ASCII 0-31.\n * 4. Trailing `.` and ` ` on Windows / SMB.\n * 5. Unicode normalization drift — same display, different bytes →\n * \"two files with the same name\" sync ghosts.\n * 6. Bidi override spoofing — U+202E reversing `harmless.exe.txt`\n * into `harmless.txt.exe`.\n * 7. URL `+` ambiguity in S3 presigned URLs.\n * 8. ZIP general-purpose-flag bit 11 (UTF-8 filename) optional in\n * pre-2006 readers.\n * 9-14. Length caps, leading/trailing whitespace + controls,\n * `.DS_Store`-style hidden noise, etc.\n *\n * ## Always-on transforms (every profile)\n *\n * - NFC normalize (`String.prototype.normalize('NFC')`).\n * - Reject NUL — hard fail, not strip. Silent strip enables a\n * classic truncation bypass (`safe.txt\\0.exe` → `safe.txt`).\n * - Strip bidi overrides (`U+202A..U+202E`, `U+2066..U+2069`).\n * - Trim leading/trailing whitespace and ASCII control chars.\n *\n * ## Non-goals (i18n boundary policy, )\n *\n * - No transliteration.\n * - No locale-aware slugging.\n * - No script-specific segmentation.\n *\n * @module\n */\n\nimport { FilenameSanitizationError } from '../errors.js'\n\n/**\n * One of seven storage destinations the sanitizer knows how to defang\n * for. Pick the most restrictive that covers your write site:\n * `'macos-smb'` is the safe default for \"I don't know where these\n * files end up but they're going to a real filesystem somewhere.\"\n */\nexport type FilenameProfile =\n | 'posix'\n | 'windows'\n | 'macos-smb'\n | 'zip'\n | 'url-path'\n | 's3-key'\n | 'opaque'\n\nexport interface SanitizeFilenameOptions {\n /** Target-destination profile. */\n readonly profile: FilenameProfile\n /**\n * Override the per-profile length cap. Useful when leaving headroom\n * for a collision suffix — e.g. `maxBytes: 240` on a `posix` write\n * site that wants 15 bytes of slack for `-1`, `-2`, …\n */\n readonly maxBytes?: number\n /**\n * Required when `profile === 'opaque'`. The opaque profile replaces\n * the entire input with `${opaqueId}.${ext}` (extension preserved\n * from the input when present).\n */\n readonly opaqueId?: string\n}\n\nconst REPLACEMENT = '_'\n\n// Bidi overrides: U+202A LRE, U+202B RLE, U+202C PDF, U+202D LRO,\n// U+202E RLO, U+2066 LRI, U+2067 RLI, U+2068 FSI, U+2069 PDI.\nconst BIDI_OVERRIDES = /[‪-‮⁦-⁩]/g\n\n// Reserved by Windows / NTFS / FAT / SMB.\nconst WINDOWS_RESERVED_CHARS = /[<>:\"/\\\\|?*]/g\n\nconst WINDOWS_RESERVED_NAMES = new Set([\n 'CON', 'PRN', 'AUX', 'NUL',\n 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9',\n 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9',\n])\n\n// macOS legacy hidden-noise files. Match the full name.\nconst MAC_HIDDEN_NOISE = /^(?:\\.DS_Store|\\.localized|\\.fseventsd|\\._.+)$/i\n\n// RFC 3986 unreserved set.\nconst URL_UNRESERVED = /[A-Za-z0-9\\-._~]/\n\nconst utf8 = new TextEncoder()\n\nfunction isControlCode(cp: number): boolean {\n return (cp >= 0 && cp <= 0x1f) || cp === 0x7f\n}\n\nfunction stripControlChars(s: string): string {\n let out = ''\n for (let i = 0; i < s.length; i++) {\n out += isControlCode(s.charCodeAt(i)) ? REPLACEMENT : s[i]\n }\n return out\n}\n\nfunction trimWhitespaceAndControls(s: string): string {\n let start = 0\n let end = s.length\n while (start < end) {\n const ch = s[start]!\n if (!isControlCode(s.charCodeAt(start)) && ch.trim() !== '') break\n start++\n }\n while (end > start) {\n const ch = s[end - 1]!\n if (!isControlCode(s.charCodeAt(end - 1)) && ch.trim() !== '') break\n end--\n }\n return s.slice(start, end)\n}\n\n/**\n * Sanitize a filename for a target-destination profile. Pure: same\n * input + options always returns the same output, no I/O.\n *\n * Returns the sanitized name. Throws {@link FilenameSanitizationError}\n * when the input cannot be made safe at all (NUL byte, empty after\n * normalization, missing `opaqueId` for the opaque profile,\n * `..` segment that would fall out of any reasonable target).\n */\nexport function sanitizeFilename(name: string, opts: SanitizeFilenameOptions): string {\n if (typeof name !== 'string') {\n throw new FilenameSanitizationError('input must be a string')\n }\n if (name.includes('\\0')) {\n throw new FilenameSanitizationError('NUL byte in filename')\n }\n\n let s = name.normalize('NFC').replace(BIDI_OVERRIDES, '')\n\n if (opts.profile === 'opaque') {\n return applyOpaque(s, opts)\n }\n\n s = trimWhitespaceAndControls(s)\n\n switch (opts.profile) {\n case 'posix': return cap(applyPosix(s), opts.maxBytes ?? 255, 'utf8')\n case 'windows': return cap(applyWindows(s), opts.maxBytes ?? 255, 'utf16')\n case 'macos-smb': return cap(applyMacosSmb(s), opts.maxBytes ?? 240, 'utf8')\n case 'zip': return cap(applyZip(s), opts.maxBytes ?? 255, 'utf8')\n case 'url-path': return cap(applyUrlPath(s), opts.maxBytes ?? 1024, 'bytes-pre-encode')\n case 's3-key': return cap(applyS3Key(s), opts.maxBytes ?? 1024, 'utf8')\n }\n}\n\n// ─── Profile implementations ────────────────────────────────────────────\n\nfunction applyPosix(s: string): string {\n // POSIX is permissive; only `/` and NUL are off-limits.\n const cleaned = s.replace(/\\//g, REPLACEMENT)\n return rejectDotSegments(cleaned)\n}\n\nfunction applyWindows(s: string): string {\n let cleaned = s.replace(WINDOWS_RESERVED_CHARS, REPLACEMENT)\n cleaned = stripControlChars(cleaned)\n // Trailing space/dot are stripped by Win32 path resolution.\n cleaned = cleaned.replace(/[. ]+$/g, '')\n cleaned = rejectDotSegments(cleaned)\n return avoidWindowsReservedName(cleaned)\n}\n\nfunction applyMacosSmb(s: string): string {\n let cleaned = applyWindows(s)\n if (MAC_HIDDEN_NOISE.test(cleaned)) {\n cleaned = REPLACEMENT + cleaned\n }\n return cleaned\n}\n\nfunction applyZip(s: string): string {\n let cleaned = s.replace(/^\\/+/, '')\n cleaned = rejectDotSegments(cleaned)\n return stripControlChars(cleaned)\n}\n\nfunction applyUrlPath(s: string): string {\n // RFC 3986 percent-encoding for path segment. Keep `unreserved`,\n // encode everything else. `+` is encoded as `%2B` because S3 and\n // legacy servers treat raw `+` as space ambiguously.\n let out = ''\n for (const ch of s) {\n if (URL_UNRESERVED.test(ch)) { out += ch; continue }\n const bytes = utf8.encode(ch)\n for (const b of bytes) {\n out += '%' + b.toString(16).toUpperCase().padStart(2, '0')\n }\n }\n return out\n}\n\nfunction applyS3Key(s: string): string {\n // Strip leading slashes BEFORE percent-encoding — once `/` is\n // encoded to `%2F` the leading-slash regex no longer matches.\n return applyUrlPath(s.replace(/^\\/+/, ''))\n}\n\nfunction applyOpaque(s: string, opts: SanitizeFilenameOptions): string {\n if (!opts.opaqueId) {\n throw new FilenameSanitizationError('opaque profile requires opaqueId')\n }\n // Preserve a \"safe-looking\" extension only — alphanumeric, ≤16 bytes.\n const dot = s.lastIndexOf('.')\n if (dot > 0 && dot < s.length - 1) {\n const ext = s.slice(dot + 1)\n if (/^[A-Za-z0-9]{1,16}$/.test(ext)) {\n return `${opts.opaqueId}.${ext.toLowerCase()}`\n }\n }\n return opts.opaqueId\n}\n\n// ─── Helpers ────────────────────────────────────────────────────────────\n\nfunction rejectDotSegments(s: string): string {\n if (s === '.' || s === '..' || s.split(/[/\\\\]/).some((seg) => seg === '..')) {\n throw new FilenameSanitizationError('path traversal segment in filename')\n }\n if (s.length === 0) {\n throw new FilenameSanitizationError('empty filename after sanitization')\n }\n return s\n}\n\nfunction avoidWindowsReservedName(s: string): string {\n const dot = s.indexOf('.')\n const base = dot === -1 ? s : s.slice(0, dot)\n if (WINDOWS_RESERVED_NAMES.has(base.toUpperCase())) {\n return REPLACEMENT + s\n }\n return s\n}\n\ntype LengthUnit = 'utf8' | 'utf16' | 'bytes-pre-encode'\n\nfunction cap(s: string, max: number, unit: LengthUnit): string {\n if (max <= 0) {\n throw new FilenameSanitizationError('maxBytes must be positive')\n }\n if (unit === 'utf16') {\n if (s.length <= max) return s\n return s.slice(0, max)\n }\n if (unit === 'bytes-pre-encode') {\n if (utf8.encode(s).byteLength <= max) return s\n return truncateToByteCap(s, max)\n }\n if (utf8.encode(s).byteLength <= max) return s\n return truncateToByteCap(s, max)\n}\n\nfunction truncateToByteCap(s: string, max: number): string {\n // Walk by code points so we never split a multi-byte sequence in\n // the middle. Whole-grapheme handling (ZWJ-joined emoji) is a\n // documented non-goal; we only protect against UTF-8 boundary\n // splits here.\n let out = ''\n let used = 0\n for (const cp of s) {\n const n = utf8.encode(cp).byteLength\n if (used + n > max) break\n out += cp\n used += n\n }\n if (out.length === 0) {\n throw new FilenameSanitizationError('maxBytes too small for a single code point')\n }\n return out\n}\n"],"mappings":";;;;;;;;AA6EA,IAAM,cAAc;AAIpB,IAAM,iBAAiB;AAGvB,IAAM,yBAAyB;AAE/B,IAAM,yBAAyB,oBAAI,IAAI;AAAA,EACrC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAO;AAAA,EACrB;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAChE;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAClE,CAAC;AAGD,IAAM,mBAAmB;AAGzB,IAAM,iBAAiB;AAEvB,IAAM,OAAO,IAAI,YAAY;AAE7B,SAAS,cAAc,IAAqB;AAC1C,SAAQ,MAAM,KAAK,MAAM,MAAS,OAAO;AAC3C;AAEA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,WAAO,cAAc,EAAE,WAAW,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC;AAAA,EAC3D;AACA,SAAO;AACT;AAEA,SAAS,0BAA0B,GAAmB;AACpD,MAAI,QAAQ;AACZ,MAAI,MAAM,EAAE;AACZ,SAAO,QAAQ,KAAK;AAClB,UAAM,KAAK,EAAE,KAAK;AAClB,QAAI,CAAC,cAAc,EAAE,WAAW,KAAK,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC7D;AAAA,EACF;AACA,SAAO,MAAM,OAAO;AAClB,UAAM,KAAK,EAAE,MAAM,CAAC;AACpB,QAAI,CAAC,cAAc,EAAE,WAAW,MAAM,CAAC,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC/D;AAAA,EACF;AACA,SAAO,EAAE,MAAM,OAAO,GAAG;AAC3B;AAWO,SAAS,iBAAiB,MAAc,MAAuC;AACpF,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,IAAI,0BAA0B,wBAAwB;AAAA,EAC9D;AACA,MAAI,KAAK,SAAS,IAAI,GAAG;AACvB,UAAM,IAAI,0BAA0B,sBAAsB;AAAA,EAC5D;AAEA,MAAI,IAAI,KAAK,UAAU,KAAK,EAAE,QAAQ,gBAAgB,EAAE;AAExD,MAAI,KAAK,YAAY,UAAU;AAC7B,WAAO,YAAY,GAAG,IAAI;AAAA,EAC5B;AAEA,MAAI,0BAA0B,CAAC;AAE/B,UAAQ,KAAK,SAAS;AAAA,IACpB,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,KAAM,OAAO;AAAA,IAC9E,KAAK;AAAa,aAAO,IAAI,cAAc,CAAC,GAAI,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,SAAS,CAAC,GAAS,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,MAAM,kBAAkB;AAAA,IACzF,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,MAAM,MAAM;AAAA,EAC/E;AACF;AAIA,SAAS,WAAW,GAAmB;AAErC,QAAM,UAAU,EAAE,QAAQ,OAAO,WAAW;AAC5C,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AACvC,MAAI,UAAU,EAAE,QAAQ,wBAAwB,WAAW;AAC3D,YAAU,kBAAkB,OAAO;AAEnC,YAAU,QAAQ,QAAQ,WAAW,EAAE;AACvC,YAAU,kBAAkB,OAAO;AACnC,SAAO,yBAAyB,OAAO;AACzC;AAEA,SAAS,cAAc,GAAmB;AACxC,MAAI,UAAU,aAAa,CAAC;AAC5B,MAAI,iBAAiB,KAAK,OAAO,GAAG;AAClC,cAAU,cAAc;AAAA,EAC1B;AACA,SAAO;AACT;AAEA,SAAS,SAAS,GAAmB;AACnC,MAAI,UAAU,EAAE,QAAQ,QAAQ,EAAE;AAClC,YAAU,kBAAkB,OAAO;AACnC,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AAIvC,MAAI,MAAM;AACV,aAAW,MAAM,GAAG;AAClB,QAAI,eAAe,KAAK,EAAE,GAAG;AAAE,aAAO;AAAI;AAAA,IAAS;AACnD,UAAM,QAAQ,KAAK,OAAO,EAAE;AAC5B,eAAW,KAAK,OAAO;AACrB,aAAO,MAAM,EAAE,SAAS,EAAE,EAAE,YAAY,EAAE,SAAS,GAAG,GAAG;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,WAAW,GAAmB;AAGrC,SAAO,aAAa,EAAE,QAAQ,QAAQ,EAAE,CAAC;AAC3C;AAEA,SAAS,YAAY,GAAW,MAAuC;AACrE,MAAI,CAAC,KAAK,UAAU;AAClB,UAAM,IAAI,0BAA0B,kCAAkC;AAAA,EACxE;AAEA,QAAM,MAAM,EAAE,YAAY,GAAG;AAC7B,MAAI,MAAM,KAAK,MAAM,EAAE,SAAS,GAAG;AACjC,UAAM,MAAM,EAAE,MAAM,MAAM,CAAC;AAC3B,QAAI,sBAAsB,KAAK,GAAG,GAAG;AACnC,aAAO,GAAG,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC;AAAA,IAC9C;AAAA,EACF;AACA,SAAO,KAAK;AACd;AAIA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM,OAAO,MAAM,QAAQ,EAAE,MAAM,OAAO,EAAE,KAAK,CAAC,QAAQ,QAAQ,IAAI,GAAG;AAC3E,UAAM,IAAI,0BAA0B,oCAAoC;AAAA,EAC1E;AACA,MAAI,EAAE,WAAW,GAAG;AAClB,UAAM,IAAI,0BAA0B,mCAAmC;AAAA,EACzE;AACA,SAAO;AACT;AAEA,SAAS,yBAAyB,GAAmB;AACnD,QAAM,MAAM,EAAE,QAAQ,GAAG;AACzB,QAAM,OAAO,QAAQ,KAAK,IAAI,EAAE,MAAM,GAAG,GAAG;AAC5C,MAAI,uBAAuB,IAAI,KAAK,YAAY,CAAC,GAAG;AAClD,WAAO,cAAc;AAAA,EACvB;AACA,SAAO;AACT;AAIA,SAAS,IAAI,GAAW,KAAa,MAA0B;AAC7D,MAAI,OAAO,GAAG;AACZ,UAAM,IAAI,0BAA0B,2BAA2B;AAAA,EACjE;AACA,MAAI,SAAS,SAAS;AACpB,QAAI,EAAE,UAAU,IAAK,QAAO;AAC5B,WAAO,EAAE,MAAM,GAAG,GAAG;AAAA,EACvB;AACA,MAAI,SAAS,oBAAoB;AAC/B,QAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,WAAO,kBAAkB,GAAG,GAAG;AAAA,EACjC;AACA,MAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,SAAO,kBAAkB,GAAG,GAAG;AACjC;AAEA,SAAS,kBAAkB,GAAW,KAAqB;AAKzD,MAAI,MAAM;AACV,MAAI,OAAO;AACX,aAAW,MAAM,GAAG;AAClB,UAAM,IAAI,KAAK,OAAO,EAAE,EAAE;AAC1B,QAAI,OAAO,IAAI,IAAK;AACpB,WAAO;AACP,YAAQ;AAAA,EACV;AACA,MAAI,IAAI,WAAW,GAAG;AACpB,UAAM,IAAI,0BAA0B,4CAA4C;AAAA,EAClF;AACA,SAAO;AACT;","names":[]}
1
+ {"version":3,"sources":["../../src/util/sanitize-filename.ts"],"sourcesContent":["/**\n * Target-profile aware filename sanitizer.\n *\n * Pure string in / string out. No filesystem access, no I/O. Use this\n * at the boundary where a user-supplied filename meets a storage\n * destination — local FS, ZIP archive, S3 key, URL path, SMB share —\n * to defuse the canonical 14-class footgun before it reaches that\n * destination.\n *\n * ## Threat model\n *\n * 1. Path injection — `..`, NUL bytes, `\\` on POSIX, absolute paths.\n * 2. Windows reserved names — `CON`, `PRN`, `AUX`, `NUL`,\n * `COM1-9`, `LPT1-9`, with or without an extension.\n * 3. Windows reserved chars — `< > : \" / \\ | ? *` plus ASCII 0-31.\n * 4. Trailing `.` and ` ` on Windows / SMB.\n * 5. Unicode normalization drift — same display, different bytes →\n * \"two files with the same name\" sync ghosts.\n * 6. Bidi override spoofing — U+202E reversing `harmless.exe.txt`\n * into `harmless.txt.exe`.\n * 7. URL `+` ambiguity in S3 presigned URLs.\n * 8. ZIP general-purpose-flag bit 11 (UTF-8 filename) optional in\n * pre-2006 readers.\n * 9-14. Length caps, leading/trailing whitespace + controls,\n * `.DS_Store`-style hidden noise, etc.\n *\n * ## Always-on transforms (every profile)\n *\n * - NFC normalize (`String.prototype.normalize('NFC')`).\n * - Reject NUL — hard fail, not strip. Silent strip enables a\n * classic truncation bypass (`safe.txt\\0.exe` → `safe.txt`).\n * - Strip bidi overrides (`U+202A..U+202E`, `U+2066..U+2069`).\n * - Trim leading/trailing whitespace and ASCII control chars.\n *\n * ## Non-goals (i18n boundary policy, )\n *\n * - No transliteration.\n * - No locale-aware slugging.\n * - No script-specific segmentation.\n *\n * @module\n */\n\nimport { FilenameSanitizationError } from '../errors.js'\n\n/**\n * One of seven storage destinations the sanitizer knows how to defang\n * for. Pick the most restrictive that covers your write site:\n * `'macos-smb'` is the safe default for \"I don't know where these\n * files end up but they're going to a real filesystem somewhere.\"\n */\nexport type FilenameProfile =\n | 'posix'\n | 'windows'\n | 'macos-smb'\n | 'zip'\n | 'url-path'\n | 's3-key'\n | 'opaque'\n\nexport interface SanitizeFilenameOptions {\n /** Target-destination profile. */\n readonly profile: FilenameProfile\n /**\n * Override the per-profile length cap. Useful when leaving headroom\n * for a collision suffix — e.g. `maxBytes: 240` on a `posix` write\n * site that wants 15 bytes of slack for `-1`, `-2`, …\n */\n readonly maxBytes?: number\n /**\n * Required when `profile === 'opaque'`. The opaque profile replaces\n * the entire input with `${opaqueId}.${ext}` (extension preserved\n * from the input when present).\n */\n readonly opaqueId?: string\n}\n\nconst REPLACEMENT = '_'\n\n// Bidi overrides: U+202A LRE, U+202B RLE, U+202C PDF, U+202D LRO,\n// U+202E RLO, U+2066 LRI, U+2067 RLI, U+2068 FSI, U+2069 PDI.\nconst BIDI_OVERRIDES = /[‪-‮⁦-⁩]/g\n\n// Reserved by Windows / NTFS / FAT / SMB.\nconst WINDOWS_RESERVED_CHARS = /[<>:\"/\\\\|?*]/g\n\nconst WINDOWS_RESERVED_NAMES = new Set([\n 'CON', 'PRN', 'AUX', 'NUL',\n 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9',\n 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9',\n])\n\n// macOS legacy hidden-noise files. Match the full name.\nconst MAC_HIDDEN_NOISE = /^(?:\\.DS_Store|\\.localized|\\.fseventsd|\\._.+)$/i\n\n// RFC 3986 unreserved set.\nconst URL_UNRESERVED = /[A-Za-z0-9\\-._~]/\n\nconst utf8 = new TextEncoder()\n\nfunction isControlCode(cp: number): boolean {\n return (cp >= 0 && cp <= 0x1f) || cp === 0x7f\n}\n\nfunction stripControlChars(s: string): string {\n let out = ''\n for (let i = 0; i < s.length; i++) {\n out += isControlCode(s.charCodeAt(i)) ? REPLACEMENT : s[i]\n }\n return out\n}\n\nfunction trimWhitespaceAndControls(s: string): string {\n let start = 0\n let end = s.length\n while (start < end) {\n const ch = s[start]!\n if (!isControlCode(s.charCodeAt(start)) && ch.trim() !== '') break\n start++\n }\n while (end > start) {\n const ch = s[end - 1]!\n if (!isControlCode(s.charCodeAt(end - 1)) && ch.trim() !== '') break\n end--\n }\n return s.slice(start, end)\n}\n\n/**\n * Sanitize a filename for a target-destination profile. Pure: same\n * input + options always returns the same output, no I/O.\n *\n * Returns the sanitized name. Throws {@link FilenameSanitizationError}\n * when the input cannot be made safe at all (NUL byte, empty after\n * normalization, missing `opaqueId` for the opaque profile,\n * `..` segment that would fall out of any reasonable target).\n */\nexport function sanitizeFilename(name: string, opts: SanitizeFilenameOptions): string {\n if (typeof name !== 'string') {\n throw new FilenameSanitizationError('input must be a string')\n }\n if (name.includes('\\0')) {\n throw new FilenameSanitizationError('NUL byte in filename')\n }\n\n let s = name.normalize('NFC').replace(BIDI_OVERRIDES, '')\n\n if (opts.profile === 'opaque') {\n return applyOpaque(s, opts)\n }\n\n s = trimWhitespaceAndControls(s)\n\n switch (opts.profile) {\n case 'posix': return cap(applyPosix(s), opts.maxBytes ?? 255, 'utf8')\n case 'windows': return cap(applyWindows(s), opts.maxBytes ?? 255, 'utf16')\n case 'macos-smb': return cap(applyMacosSmb(s), opts.maxBytes ?? 240, 'utf8')\n case 'zip': return cap(applyZip(s), opts.maxBytes ?? 255, 'utf8')\n case 'url-path': return cap(applyUrlPath(s), opts.maxBytes ?? 1024, 'bytes-pre-encode')\n case 's3-key': return cap(applyS3Key(s), opts.maxBytes ?? 1024, 'utf8')\n }\n}\n\n// ─── Profile implementations ────────────────────────────────────────────\n\nfunction applyPosix(s: string): string {\n // POSIX is permissive; only `/` and NUL are off-limits.\n const cleaned = s.replace(/\\//g, REPLACEMENT)\n return rejectDotSegments(cleaned)\n}\n\nfunction applyWindows(s: string): string {\n let cleaned = s.replace(WINDOWS_RESERVED_CHARS, REPLACEMENT)\n cleaned = stripControlChars(cleaned)\n // Trailing space/dot are stripped by Win32 path resolution.\n cleaned = cleaned.replace(/[. ]+$/g, '')\n cleaned = rejectDotSegments(cleaned)\n return avoidWindowsReservedName(cleaned)\n}\n\nfunction applyMacosSmb(s: string): string {\n let cleaned = applyWindows(s)\n if (MAC_HIDDEN_NOISE.test(cleaned)) {\n cleaned = REPLACEMENT + cleaned\n }\n return cleaned\n}\n\nfunction applyZip(s: string): string {\n let cleaned = s.replace(/^\\/+/, '')\n cleaned = rejectDotSegments(cleaned)\n return stripControlChars(cleaned)\n}\n\nfunction applyUrlPath(s: string): string {\n // RFC 3986 percent-encoding for path segment. Keep `unreserved`,\n // encode everything else. `+` is encoded as `%2B` because S3 and\n // legacy servers treat raw `+` as space ambiguously.\n let out = ''\n for (const ch of s) {\n if (URL_UNRESERVED.test(ch)) { out += ch; continue }\n const bytes = utf8.encode(ch)\n for (const b of bytes) {\n out += '%' + b.toString(16).toUpperCase().padStart(2, '0')\n }\n }\n return out\n}\n\nfunction applyS3Key(s: string): string {\n // Strip leading slashes BEFORE percent-encoding — once `/` is\n // encoded to `%2F` the leading-slash regex no longer matches.\n return applyUrlPath(s.replace(/^\\/+/, ''))\n}\n\nfunction applyOpaque(s: string, opts: SanitizeFilenameOptions): string {\n if (!opts.opaqueId) {\n throw new FilenameSanitizationError('opaque profile requires opaqueId')\n }\n // Preserve a \"safe-looking\" extension only — alphanumeric, ≤16 bytes.\n const dot = s.lastIndexOf('.')\n if (dot > 0 && dot < s.length - 1) {\n const ext = s.slice(dot + 1)\n if (/^[A-Za-z0-9]{1,16}$/.test(ext)) {\n return `${opts.opaqueId}.${ext.toLowerCase()}`\n }\n }\n return opts.opaqueId\n}\n\n// ─── Helpers ────────────────────────────────────────────────────────────\n\nfunction rejectDotSegments(s: string): string {\n if (s === '.' || s === '..' || s.split(/[/\\\\]/).some((seg) => seg === '..')) {\n throw new FilenameSanitizationError('path traversal segment in filename')\n }\n if (s.length === 0) {\n throw new FilenameSanitizationError('empty filename after sanitization')\n }\n return s\n}\n\nfunction avoidWindowsReservedName(s: string): string {\n const dot = s.indexOf('.')\n const base = dot === -1 ? s : s.slice(0, dot)\n if (WINDOWS_RESERVED_NAMES.has(base.toUpperCase())) {\n return REPLACEMENT + s\n }\n return s\n}\n\ntype LengthUnit = 'utf8' | 'utf16' | 'bytes-pre-encode'\n\nfunction cap(s: string, max: number, unit: LengthUnit): string {\n if (max <= 0) {\n throw new FilenameSanitizationError('maxBytes must be positive')\n }\n if (unit === 'utf16') {\n if (s.length <= max) return s\n return s.slice(0, max)\n }\n if (unit === 'bytes-pre-encode') {\n if (utf8.encode(s).byteLength <= max) return s\n return truncateToByteCap(s, max)\n }\n if (utf8.encode(s).byteLength <= max) return s\n return truncateToByteCap(s, max)\n}\n\nfunction truncateToByteCap(s: string, max: number): string {\n // Walk by code points so we never split a multi-byte sequence in\n // the middle. Whole-grapheme handling (ZWJ-joined emoji) is a\n // documented non-goal; we only protect against UTF-8 boundary\n // splits here.\n let out = ''\n let used = 0\n for (const cp of s) {\n const n = utf8.encode(cp).byteLength\n if (used + n > max) break\n out += cp\n used += n\n }\n if (out.length === 0) {\n throw new FilenameSanitizationError('maxBytes too small for a single code point')\n }\n return out\n}\n"],"mappings":";;;;;;;;;AA6EA,IAAM,cAAc;AAIpB,IAAM,iBAAiB;AAGvB,IAAM,yBAAyB;AAE/B,IAAM,yBAAyB,oBAAI,IAAI;AAAA,EACrC;AAAA,EAAO;AAAA,EAAO;AAAA,EAAO;AAAA,EACrB;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAChE;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAQ;AAClE,CAAC;AAGD,IAAM,mBAAmB;AAGzB,IAAM,iBAAiB;AAEvB,IAAM,OAAO,IAAI,YAAY;AAE7B,SAAS,cAAc,IAAqB;AAC1C,SAAQ,MAAM,KAAK,MAAM,MAAS,OAAO;AAC3C;AAEA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,WAAO,cAAc,EAAE,WAAW,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC;AAAA,EAC3D;AACA,SAAO;AACT;AAEA,SAAS,0BAA0B,GAAmB;AACpD,MAAI,QAAQ;AACZ,MAAI,MAAM,EAAE;AACZ,SAAO,QAAQ,KAAK;AAClB,UAAM,KAAK,EAAE,KAAK;AAClB,QAAI,CAAC,cAAc,EAAE,WAAW,KAAK,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC7D;AAAA,EACF;AACA,SAAO,MAAM,OAAO;AAClB,UAAM,KAAK,EAAE,MAAM,CAAC;AACpB,QAAI,CAAC,cAAc,EAAE,WAAW,MAAM,CAAC,CAAC,KAAK,GAAG,KAAK,MAAM,GAAI;AAC/D;AAAA,EACF;AACA,SAAO,EAAE,MAAM,OAAO,GAAG;AAC3B;AAWO,SAAS,iBAAiB,MAAc,MAAuC;AACpF,MAAI,OAAO,SAAS,UAAU;AAC5B,UAAM,IAAI,0BAA0B,wBAAwB;AAAA,EAC9D;AACA,MAAI,KAAK,SAAS,IAAI,GAAG;AACvB,UAAM,IAAI,0BAA0B,sBAAsB;AAAA,EAC5D;AAEA,MAAI,IAAI,KAAK,UAAU,KAAK,EAAE,QAAQ,gBAAgB,EAAE;AAExD,MAAI,KAAK,YAAY,UAAU;AAC7B,WAAO,YAAY,GAAG,IAAI;AAAA,EAC5B;AAEA,MAAI,0BAA0B,CAAC;AAE/B,UAAQ,KAAK,SAAS;AAAA,IACpB,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,KAAM,OAAO;AAAA,IAC9E,KAAK;AAAa,aAAO,IAAI,cAAc,CAAC,GAAI,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,SAAS,CAAC,GAAS,KAAK,YAAY,KAAM,MAAM;AAAA,IAC7E,KAAK;AAAa,aAAO,IAAI,aAAa,CAAC,GAAK,KAAK,YAAY,MAAM,kBAAkB;AAAA,IACzF,KAAK;AAAa,aAAO,IAAI,WAAW,CAAC,GAAO,KAAK,YAAY,MAAM,MAAM;AAAA,EAC/E;AACF;AAIA,SAAS,WAAW,GAAmB;AAErC,QAAM,UAAU,EAAE,QAAQ,OAAO,WAAW;AAC5C,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AACvC,MAAI,UAAU,EAAE,QAAQ,wBAAwB,WAAW;AAC3D,YAAU,kBAAkB,OAAO;AAEnC,YAAU,QAAQ,QAAQ,WAAW,EAAE;AACvC,YAAU,kBAAkB,OAAO;AACnC,SAAO,yBAAyB,OAAO;AACzC;AAEA,SAAS,cAAc,GAAmB;AACxC,MAAI,UAAU,aAAa,CAAC;AAC5B,MAAI,iBAAiB,KAAK,OAAO,GAAG;AAClC,cAAU,cAAc;AAAA,EAC1B;AACA,SAAO;AACT;AAEA,SAAS,SAAS,GAAmB;AACnC,MAAI,UAAU,EAAE,QAAQ,QAAQ,EAAE;AAClC,YAAU,kBAAkB,OAAO;AACnC,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,aAAa,GAAmB;AAIvC,MAAI,MAAM;AACV,aAAW,MAAM,GAAG;AAClB,QAAI,eAAe,KAAK,EAAE,GAAG;AAAE,aAAO;AAAI;AAAA,IAAS;AACnD,UAAM,QAAQ,KAAK,OAAO,EAAE;AAC5B,eAAW,KAAK,OAAO;AACrB,aAAO,MAAM,EAAE,SAAS,EAAE,EAAE,YAAY,EAAE,SAAS,GAAG,GAAG;AAAA,IAC3D;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,WAAW,GAAmB;AAGrC,SAAO,aAAa,EAAE,QAAQ,QAAQ,EAAE,CAAC;AAC3C;AAEA,SAAS,YAAY,GAAW,MAAuC;AACrE,MAAI,CAAC,KAAK,UAAU;AAClB,UAAM,IAAI,0BAA0B,kCAAkC;AAAA,EACxE;AAEA,QAAM,MAAM,EAAE,YAAY,GAAG;AAC7B,MAAI,MAAM,KAAK,MAAM,EAAE,SAAS,GAAG;AACjC,UAAM,MAAM,EAAE,MAAM,MAAM,CAAC;AAC3B,QAAI,sBAAsB,KAAK,GAAG,GAAG;AACnC,aAAO,GAAG,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC;AAAA,IAC9C;AAAA,EACF;AACA,SAAO,KAAK;AACd;AAIA,SAAS,kBAAkB,GAAmB;AAC5C,MAAI,MAAM,OAAO,MAAM,QAAQ,EAAE,MAAM,OAAO,EAAE,KAAK,CAAC,QAAQ,QAAQ,IAAI,GAAG;AAC3E,UAAM,IAAI,0BAA0B,oCAAoC;AAAA,EAC1E;AACA,MAAI,EAAE,WAAW,GAAG;AAClB,UAAM,IAAI,0BAA0B,mCAAmC;AAAA,EACzE;AACA,SAAO;AACT;AAEA,SAAS,yBAAyB,GAAmB;AACnD,QAAM,MAAM,EAAE,QAAQ,GAAG;AACzB,QAAM,OAAO,QAAQ,KAAK,IAAI,EAAE,MAAM,GAAG,GAAG;AAC5C,MAAI,uBAAuB,IAAI,KAAK,YAAY,CAAC,GAAG;AAClD,WAAO,cAAc;AAAA,EACvB;AACA,SAAO;AACT;AAIA,SAAS,IAAI,GAAW,KAAa,MAA0B;AAC7D,MAAI,OAAO,GAAG;AACZ,UAAM,IAAI,0BAA0B,2BAA2B;AAAA,EACjE;AACA,MAAI,SAAS,SAAS;AACpB,QAAI,EAAE,UAAU,IAAK,QAAO;AAC5B,WAAO,EAAE,MAAM,GAAG,GAAG;AAAA,EACvB;AACA,MAAI,SAAS,oBAAoB;AAC/B,QAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,WAAO,kBAAkB,GAAG,GAAG;AAAA,EACjC;AACA,MAAI,KAAK,OAAO,CAAC,EAAE,cAAc,IAAK,QAAO;AAC7C,SAAO,kBAAkB,GAAG,GAAG;AACjC;AAEA,SAAS,kBAAkB,GAAW,KAAqB;AAKzD,MAAI,MAAM;AACV,MAAI,OAAO;AACX,aAAW,MAAM,GAAG;AAClB,UAAM,IAAI,KAAK,OAAO,EAAE,EAAE;AAC1B,QAAI,OAAO,IAAI,IAAK;AACpB,WAAO;AACP,YAAQ;AAAA,EACV;AACA,MAAI,IAAI,WAAW,GAAG;AACpB,UAAM,IAAI,0BAA0B,4CAA4C;AAAA,EAClF;AACA,SAAO;AACT;","names":[]}
@@ -1,4 +1,4 @@
1
- import { aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle } from './types-CUmZYJwN.js';
1
+ import { aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle } from './types-DHn9lEP0.js';
2
2
 
3
3
  /**
4
4
  * Register a materialized view: a declared query whose result is
@@ -1,4 +1,4 @@
1
- import { aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle } from './types-Ba1vQ3AY.cjs';
1
+ import { aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle } from './types-CdVfiQgt.cjs';
2
2
 
3
3
  /**
4
4
  * Register a materialized view: a declared query whose result is
@@ -1,4 +1,4 @@
1
- import { aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle } from './types-Ba1vQ3AY.cjs';
1
+ import { aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle } from './types-CdVfiQgt.cjs';
2
2
 
3
3
  /**
4
4
  * Register a read-shadow overlay: bind an MV-owned base collection to
@@ -1,4 +1,4 @@
1
- import { aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle } from './types-CUmZYJwN.js';
1
+ import { aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle } from './types-DHn9lEP0.js';
2
2
 
3
3
  /**
4
4
  * Register a read-shadow overlay: bind an MV-owned base collection to
@@ -1,4 +1,4 @@
1
- import { aC as DerivationStrategy, aG as DerivationStrategyHandle } from './types-CUmZYJwN.js';
1
+ import { aC as DerivationStrategy, aG as DerivationStrategyHandle } from './types-DHn9lEP0.js';
2
2
 
3
3
  /**
4
4
  * Register a deterministic derivation: one source collection → one or
@@ -1,4 +1,4 @@
1
- import { aC as DerivationStrategy, aG as DerivationStrategyHandle } from './types-Ba1vQ3AY.cjs';
1
+ import { aC as DerivationStrategy, aG as DerivationStrategyHandle } from './types-CdVfiQgt.cjs';
2
2
 
3
3
  /**
4
4
  * Register a deterministic derivation: one source collection → one or