@noy-db/hub 0.2.0-pre.3 → 0.2.0-pre.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (384) hide show
  1. package/README.md +126 -0
  2. package/dist/adapter/index.d.ts +9 -0
  3. package/dist/adapter/index.js +14 -0
  4. package/dist/aggregate/index.d.ts +3 -2
  5. package/dist/aggregate/index.js +10 -8
  6. package/dist/aggregate/index.js.map +1 -1
  7. package/dist/attestation/index.d.ts +7 -5
  8. package/dist/attestation/index.js +7 -6
  9. package/dist/attestation/index.js.map +1 -1
  10. package/dist/blobs/index.d.ts +9 -7
  11. package/dist/blobs/index.js +12 -6
  12. package/dist/blobs/index.js.map +1 -1
  13. package/dist/bundle/index.d.ts +29 -18
  14. package/dist/bundle/index.js +53 -192
  15. package/dist/bundle/index.js.map +1 -1
  16. package/dist/{chunk-75QDHSE4.js → chunk-2QDWRK3B.js} +5 -5
  17. package/dist/{chunk-74JEQFMT.js → chunk-2UT7HJJR.js} +5 -5
  18. package/dist/chunk-2UT7HJJR.js.map +1 -0
  19. package/dist/{chunk-FCDO7UAO.js → chunk-2ZYIN3BL.js} +2 -2
  20. package/dist/{chunk-BFI3RS42.js → chunk-33EQCZXE.js} +2 -2
  21. package/dist/chunk-33EQCZXE.js.map +1 -0
  22. package/dist/{chunk-WRLHNG6H.js → chunk-4K4QKYK4.js} +4 -4
  23. package/dist/chunk-4K4QKYK4.js.map +1 -0
  24. package/dist/{chunk-HGZ7DC5H.js → chunk-4L6N56B4.js} +2 -2
  25. package/dist/chunk-4L6N56B4.js.map +1 -0
  26. package/dist/{chunk-YMYK7US4.js → chunk-4YD7VZH4.js} +2 -2
  27. package/dist/chunk-4YD7VZH4.js.map +1 -0
  28. package/dist/{chunk-ZUMGGHRB.js → chunk-5PTX7PKD.js} +4 -4
  29. package/dist/{chunk-QAU5HM6Q.js → chunk-6EKRQ7QF.js} +3 -3
  30. package/dist/{chunk-ZC2AAE6J.js → chunk-7GPQPLGO.js} +19 -4
  31. package/dist/chunk-7GPQPLGO.js.map +1 -0
  32. package/dist/{chunk-EPK6A3WJ.js → chunk-A3JMGXPG.js} +2 -2
  33. package/dist/chunk-A3JMGXPG.js.map +1 -0
  34. package/dist/{chunk-FXQYZNOW.js → chunk-A7DNZVAV.js} +1 -1
  35. package/dist/chunk-A7DNZVAV.js.map +1 -0
  36. package/dist/{chunk-UMLVJTYV.js → chunk-ADB7GPM3.js} +7 -4
  37. package/dist/chunk-ADB7GPM3.js.map +1 -0
  38. package/dist/{chunk-YL2DR3HY.js → chunk-ASIGWYRA.js} +2 -2
  39. package/dist/chunk-ASIGWYRA.js.map +1 -0
  40. package/dist/{chunk-2EYC3WDT.js → chunk-AWU4JF7C.js} +93 -93
  41. package/dist/chunk-AWU4JF7C.js.map +1 -0
  42. package/dist/chunk-BEZ2EV43.js +129 -0
  43. package/dist/chunk-BEZ2EV43.js.map +1 -0
  44. package/dist/{chunk-IS5HWQO7.js → chunk-CIZDUAHI.js} +30 -4
  45. package/dist/chunk-CIZDUAHI.js.map +1 -0
  46. package/dist/{chunk-4OQWR46B.js → chunk-CUPTCF4R.js} +5 -5
  47. package/dist/chunk-CUPTCF4R.js.map +1 -0
  48. package/dist/{chunk-5ZGZ6HIZ.js → chunk-DEE4CRYN.js} +30 -7
  49. package/dist/chunk-DEE4CRYN.js.map +1 -0
  50. package/dist/{chunk-UOF74WQY.js → chunk-E2MDPPOC.js} +37 -2
  51. package/dist/chunk-E2MDPPOC.js.map +1 -0
  52. package/dist/{chunk-SAVQ6E2O.js → chunk-FFKQ65YX.js} +10 -3
  53. package/dist/chunk-FFKQ65YX.js.map +1 -0
  54. package/dist/{chunk-2XLVPKXG.js → chunk-G7ALNCQH.js} +10 -2
  55. package/dist/chunk-G7ALNCQH.js.map +1 -0
  56. package/dist/chunk-GGXN73NM.js +252 -0
  57. package/dist/chunk-GGXN73NM.js.map +1 -0
  58. package/dist/{chunk-UVPGJXVO.js → chunk-JOJPBZSZ.js} +5 -5
  59. package/dist/{chunk-YDLAFP36.js → chunk-JZ5DS4DP.js} +346 -3
  60. package/dist/chunk-JZ5DS4DP.js.map +1 -0
  61. package/dist/{chunk-KMI2NBBF.js → chunk-K4JID2ZE.js} +44 -8
  62. package/dist/chunk-K4JID2ZE.js.map +1 -0
  63. package/dist/{aggregate/index.cjs → chunk-K6NVSHAH.js} +241 -210
  64. package/dist/chunk-K6NVSHAH.js.map +1 -0
  65. package/dist/chunk-KJ3K5VZM.js +524 -0
  66. package/dist/chunk-KJ3K5VZM.js.map +1 -0
  67. package/dist/chunk-L5HHBOMS.js +232 -0
  68. package/dist/chunk-L5HHBOMS.js.map +1 -0
  69. package/dist/{chunk-YK72A4IT.js → chunk-LBILABKZ.js} +4 -4
  70. package/dist/chunk-LXKBG52H.js +151 -0
  71. package/dist/chunk-LXKBG52H.js.map +1 -0
  72. package/dist/{chunk-NGSPBLLE.js → chunk-MPIZQGFA.js} +50 -20
  73. package/dist/chunk-MPIZQGFA.js.map +1 -0
  74. package/dist/{chunk-4X2S7PBF.js → chunk-MRJPSXPE.js} +84 -70
  75. package/dist/chunk-MRJPSXPE.js.map +1 -0
  76. package/dist/{chunk-6S3LLAQ5.js → chunk-MSMDDDDJ.js} +3 -3
  77. package/dist/{chunk-6S3LLAQ5.js.map → chunk-MSMDDDDJ.js.map} +1 -1
  78. package/dist/{chunk-GAUBWHAF.js → chunk-OCYFFBZS.js} +4 -4
  79. package/dist/{chunk-NCO2JGKK.js → chunk-PDVP3C2I.js} +1 -1
  80. package/dist/chunk-PDVP3C2I.js.map +1 -0
  81. package/dist/chunk-PZ5AY32C.js +10 -0
  82. package/dist/{chunk-P6256WTJ.js → chunk-QBLPY44S.js} +3 -3
  83. package/dist/chunk-QBLPY44S.js.map +1 -0
  84. package/dist/{query/index.cjs → chunk-QGBBQKDS.js} +706 -831
  85. package/dist/chunk-QGBBQKDS.js.map +1 -0
  86. package/dist/{chunk-FS7A4XNF.js → chunk-QWJCNXH2.js} +3 -3
  87. package/dist/chunk-QXWJQ7UU.js +380 -0
  88. package/dist/chunk-QXWJQ7UU.js.map +1 -0
  89. package/dist/{chunk-GDTCGIPX.js → chunk-RCB6GWTC.js} +27 -5
  90. package/dist/chunk-RCB6GWTC.js.map +1 -0
  91. package/dist/{chunk-K5PVGKE4.js → chunk-SAAJYSVV.js} +2 -2
  92. package/dist/{chunk-G7PAZ3TD.js → chunk-SHJ3BRTZ.js} +46 -10
  93. package/dist/chunk-SHJ3BRTZ.js.map +1 -0
  94. package/dist/chunk-SQXTKZL7.js +125 -0
  95. package/dist/chunk-SQXTKZL7.js.map +1 -0
  96. package/dist/chunk-STNPB3UM.js +9 -0
  97. package/dist/chunk-STNPB3UM.js.map +1 -0
  98. package/dist/{chunk-NSLTPGEN.js → chunk-TMUMMAWV.js} +12 -2
  99. package/dist/{chunk-NSLTPGEN.js.map → chunk-TMUMMAWV.js.map} +1 -1
  100. package/dist/{chunk-LS3JLEIB.js → chunk-TZGWI5AX.js} +4 -4
  101. package/dist/{chunk-GD3BGKAR.js → chunk-UBF5JEOJ.js} +44 -5
  102. package/dist/chunk-UBF5JEOJ.js.map +1 -0
  103. package/dist/{chunk-T6HQMVML.js → chunk-W5NVNJDX.js} +5250 -801
  104. package/dist/chunk-W5NVNJDX.js.map +1 -0
  105. package/dist/chunk-XAYDHD2O.js +123 -0
  106. package/dist/chunk-XAYDHD2O.js.map +1 -0
  107. package/dist/{chunk-LOL725S4.js → chunk-XYW2CSCI.js} +31 -3
  108. package/dist/chunk-XYW2CSCI.js.map +1 -0
  109. package/dist/{chunk-TLFUDXVV.js → chunk-ZCMOS4H2.js} +31 -10
  110. package/dist/chunk-ZCMOS4H2.js.map +1 -0
  111. package/dist/{chunk-FBMXWVGP.js → chunk-ZK66B5EY.js} +450 -30
  112. package/dist/chunk-ZK66B5EY.js.map +1 -0
  113. package/dist/{chunk-GVXBHCZ2.js → chunk-ZPJSQPQH.js} +66 -7
  114. package/dist/chunk-ZPJSQPQH.js.map +1 -0
  115. package/dist/consent/index.d.ts +8 -6
  116. package/dist/consent/index.js +4 -3
  117. package/dist/consent/index.js.map +1 -1
  118. package/dist/crdt/index.js +1 -0
  119. package/dist/crdt/index.js.map +1 -1
  120. package/dist/{crypto-H2Y3DDFW.js → crypto-OSIV2IIW.js} +8 -3
  121. package/dist/{ulid-CiM2OAeM.d.ts → decrypt-partition-CXS5KopB.d.ts} +37 -82
  122. package/dist/{delegation-QSC7G5QC.js → delegation-BQTRJATI.js} +6 -5
  123. package/dist/derivations/index.d.ts +11 -9
  124. package/dist/derivations/index.js +9 -6
  125. package/dist/{dev-unlock-Cf2B7Kih.d.ts → dev-unlock-CnHTTVea.d.ts} +1 -1
  126. package/dist/discriminant-BN9REW3o.d.ts +60 -0
  127. package/dist/errors-BAWO5Z5a.d.ts +1500 -0
  128. package/dist/executor-KYSKFJ2R.js +9 -0
  129. package/dist/executor-M7W3NEKR.js +9 -0
  130. package/dist/executor-VDTDGWO6.js +13 -0
  131. package/dist/{fanout-sidecar-NRBWSLRK.js → fanout-sidecar-AZALISHB.js} +3 -2
  132. package/dist/fanout-sidecar-AZALISHB.js.map +1 -0
  133. package/dist/forget/index.d.ts +1 -0
  134. package/dist/forget/index.js +15 -0
  135. package/dist/guards/index.d.ts +16 -8
  136. package/dist/guards/index.js +12 -5
  137. package/dist/{hash-gVn_uKhp.d.ts → hash-oc5paYl0.d.ts} +1 -1
  138. package/dist/history/index.d.ts +9 -7
  139. package/dist/history/index.js +10 -7
  140. package/dist/history/index.js.map +1 -1
  141. package/dist/i18n/index.d.ts +8 -6
  142. package/dist/i18n/index.js +116 -15
  143. package/dist/i18n/index.js.map +1 -1
  144. package/dist/index-BMmajblo.d.ts +362 -0
  145. package/dist/index-BmhGztUi.d.ts +93 -0
  146. package/dist/{types-D9eB0Rvh.d.ts → index-DHn9lEP0.d.ts} +4305 -1523
  147. package/dist/{index-BF1B2HB9.d.ts → index-Ddm8D3Oo.d.ts} +186 -1151
  148. package/dist/index.d.ts +342 -70
  149. package/dist/index.js +420 -112
  150. package/dist/index.js.map +1 -1
  151. package/dist/indexing/index.d.ts +3 -3
  152. package/dist/indexing/index.js +5 -4
  153. package/dist/indexing/index.js.map +1 -1
  154. package/dist/issue-DPHRF2TI.js +13 -0
  155. package/dist/kernel/index.d.ts +11 -0
  156. package/dist/kernel/index.js +50 -0
  157. package/dist/{lazy-builder-Rpd-V3jP.d.ts → lazy-builder-ChSqcF5t.d.ts} +2 -2
  158. package/dist/{ledger-WOEJUYTP.js → ledger-CI7GSMLB.js} +7 -6
  159. package/dist/materialized-views/index.d.ts +23 -20
  160. package/dist/materialized-views/index.js +9 -7
  161. package/dist/mime-magic-JeLKHRng.d.ts +103 -0
  162. package/dist/noydb-NAU2DTFP.js +40 -0
  163. package/dist/overlay-views/index.d.ts +32 -12
  164. package/dist/overlay-views/index.js +7 -6
  165. package/dist/periods/index.d.ts +8 -6
  166. package/dist/periods/index.js +7 -6
  167. package/dist/{predicate-Dnu81tsS.d.cts → predicate-BmhBSPCH.d.ts} +87 -5
  168. package/dist/{public-envelope-OHQ5UZFM.js → public-envelope-MFMBFJLZ.js} +5 -4
  169. package/dist/query/index.d.ts +4 -3
  170. package/dist/query/index.js +14 -6
  171. package/dist/read-only-facade-3OQRZ3VS.js +8 -0
  172. package/dist/registry-IX5WKK4F.js +8 -0
  173. package/dist/registry-LMHO5265.js +11 -0
  174. package/dist/registry-TXCKWH26.js +9 -0
  175. package/dist/registry-VFEDQSYV.js +9 -0
  176. package/dist/revoke-5PUOZPJJ.js +18 -0
  177. package/dist/revoke-5PUOZPJJ.js.map +1 -0
  178. package/dist/sealed-record/index.d.ts +123 -0
  179. package/dist/sealed-record/index.js +43 -0
  180. package/dist/sealed-record/index.js.map +1 -0
  181. package/dist/session/index.d.ts +9 -7
  182. package/dist/session/index.js +4 -3
  183. package/dist/session/index.js.map +1 -1
  184. package/dist/shadow/index.d.ts +8 -6
  185. package/dist/shadow/index.js +3 -2
  186. package/dist/shadow/index.js.map +1 -1
  187. package/dist/{signer-M4K5HBLD.js → signer-UB5TQOZ6.js} +6 -5
  188. package/dist/signer-UB5TQOZ6.js.map +1 -0
  189. package/dist/snapshots/index.d.ts +30 -0
  190. package/dist/snapshots/index.js +153 -0
  191. package/dist/snapshots/index.js.map +1 -0
  192. package/dist/{stale-PAGCS4K5.js → stale-J3TUF5C5.js} +3 -2
  193. package/dist/stale-J3TUF5C5.js.map +1 -0
  194. package/dist/store/index.d.ts +15 -6
  195. package/dist/store/index.js +3 -2
  196. package/dist/{strategy-DSTrsZ8t.d.ts → strategy-8QGs5KQE.d.ts} +475 -7
  197. package/dist/sync/index.d.ts +7 -5
  198. package/dist/sync/index.js +5 -4
  199. package/dist/sync/index.js.map +1 -1
  200. package/dist/team/index.d.ts +8 -6
  201. package/dist/team/index.js +9 -8
  202. package/dist/transition-guard-Dy3NioQr.d.ts +165 -0
  203. package/dist/tx/index.d.ts +26 -8
  204. package/dist/tx/index.js +10 -5
  205. package/dist/tx/index.js.map +1 -1
  206. package/dist/ulid-DRH25k3y.d.ts +66 -0
  207. package/dist/{ulid-COREQ2RQ.js → ulid-KEPZMD2N.js} +2 -1
  208. package/dist/ulid-KEPZMD2N.js.map +1 -0
  209. package/dist/util/index.d.ts +2 -0
  210. package/dist/util/index.js +6 -1
  211. package/dist/util/index.js.map +1 -1
  212. package/dist/{with-materialized-view-qtoJ3xKJ.d.ts → with-materialized-view-DIVeez0W.d.ts} +2 -2
  213. package/dist/{with-overlayed-view-DFaRfgMr.d.ts → with-overlayed-view-DVZrc5Hb.d.ts} +2 -2
  214. package/dist/with-rollup-CbU-O4wP.d.ts +47 -0
  215. package/dist/zod-HAJM7LMS.js +14763 -0
  216. package/dist/zod-HAJM7LMS.js.map +1 -0
  217. package/package.json +73 -191
  218. package/dist/aggregate/index.cjs.map +0 -1
  219. package/dist/aggregate/index.d.cts +0 -38
  220. package/dist/attestation/index.cjs +0 -305
  221. package/dist/attestation/index.cjs.map +0 -1
  222. package/dist/attestation/index.d.cts +0 -52
  223. package/dist/blobs/index.cjs +0 -1480
  224. package/dist/blobs/index.cjs.map +0 -1
  225. package/dist/blobs/index.d.cts +0 -46
  226. package/dist/bundle/index.cjs +0 -18561
  227. package/dist/bundle/index.cjs.map +0 -1
  228. package/dist/bundle/index.d.cts +0 -176
  229. package/dist/chunk-2EYC3WDT.js.map +0 -1
  230. package/dist/chunk-2XLVPKXG.js.map +0 -1
  231. package/dist/chunk-4OQWR46B.js.map +0 -1
  232. package/dist/chunk-4UBOTYP5.js +0 -1367
  233. package/dist/chunk-4UBOTYP5.js.map +0 -1
  234. package/dist/chunk-4X2S7PBF.js.map +0 -1
  235. package/dist/chunk-5YHWBPOT.js +0 -19
  236. package/dist/chunk-5YHWBPOT.js.map +0 -1
  237. package/dist/chunk-5ZGZ6HIZ.js.map +0 -1
  238. package/dist/chunk-74JEQFMT.js.map +0 -1
  239. package/dist/chunk-A6SWRXUQ.js +0 -118
  240. package/dist/chunk-A6SWRXUQ.js.map +0 -1
  241. package/dist/chunk-BFI3RS42.js.map +0 -1
  242. package/dist/chunk-EMEX37ZN.js +0 -51
  243. package/dist/chunk-EMEX37ZN.js.map +0 -1
  244. package/dist/chunk-EPK6A3WJ.js.map +0 -1
  245. package/dist/chunk-FBMXWVGP.js.map +0 -1
  246. package/dist/chunk-FXQYZNOW.js.map +0 -1
  247. package/dist/chunk-G7PAZ3TD.js.map +0 -1
  248. package/dist/chunk-GD3BGKAR.js.map +0 -1
  249. package/dist/chunk-GDTCGIPX.js.map +0 -1
  250. package/dist/chunk-GVXBHCZ2.js.map +0 -1
  251. package/dist/chunk-HGZ7DC5H.js.map +0 -1
  252. package/dist/chunk-IS5HWQO7.js.map +0 -1
  253. package/dist/chunk-KMI2NBBF.js.map +0 -1
  254. package/dist/chunk-KYKMKLJ6.js +0 -340
  255. package/dist/chunk-KYKMKLJ6.js.map +0 -1
  256. package/dist/chunk-LOL725S4.js.map +0 -1
  257. package/dist/chunk-MRIBLZL3.js +0 -86
  258. package/dist/chunk-MRIBLZL3.js.map +0 -1
  259. package/dist/chunk-NCO2JGKK.js.map +0 -1
  260. package/dist/chunk-NGSPBLLE.js.map +0 -1
  261. package/dist/chunk-P6256WTJ.js.map +0 -1
  262. package/dist/chunk-SAVQ6E2O.js.map +0 -1
  263. package/dist/chunk-T6HQMVML.js.map +0 -1
  264. package/dist/chunk-TLFUDXVV.js.map +0 -1
  265. package/dist/chunk-UMLVJTYV.js.map +0 -1
  266. package/dist/chunk-UOF74WQY.js.map +0 -1
  267. package/dist/chunk-WRLHNG6H.js.map +0 -1
  268. package/dist/chunk-YDLAFP36.js.map +0 -1
  269. package/dist/chunk-YL2DR3HY.js.map +0 -1
  270. package/dist/chunk-YMYK7US4.js.map +0 -1
  271. package/dist/chunk-ZC2AAE6J.js.map +0 -1
  272. package/dist/consent/index.cjs +0 -204
  273. package/dist/consent/index.cjs.map +0 -1
  274. package/dist/consent/index.d.cts +0 -25
  275. package/dist/crdt/index.cjs +0 -152
  276. package/dist/crdt/index.cjs.map +0 -1
  277. package/dist/crdt/index.d.cts +0 -30
  278. package/dist/derivations/index.cjs +0 -351
  279. package/dist/derivations/index.cjs.map +0 -1
  280. package/dist/derivations/index.d.cts +0 -72
  281. package/dist/dev-unlock-De3mjQWv.d.cts +0 -263
  282. package/dist/executor-BZKFZVRC.js +0 -8
  283. package/dist/executor-GFZFDQXV.js +0 -8
  284. package/dist/executor-KT2IOZVP.js +0 -11
  285. package/dist/fanout-sidecar-NRBWSLRK.js.map +0 -1
  286. package/dist/guards/index.cjs +0 -322
  287. package/dist/guards/index.cjs.map +0 -1
  288. package/dist/guards/index.d.cts +0 -31
  289. package/dist/hash-vBCB0-Ps.d.cts +0 -63
  290. package/dist/history/index.cjs +0 -1222
  291. package/dist/history/index.cjs.map +0 -1
  292. package/dist/history/index.d.cts +0 -63
  293. package/dist/i18n/index.cjs +0 -840
  294. package/dist/i18n/index.cjs.map +0 -1
  295. package/dist/i18n/index.d.cts +0 -39
  296. package/dist/index-DVkvrgpm.d.cts +0 -2290
  297. package/dist/index.cjs +0 -23590
  298. package/dist/index.cjs.map +0 -1
  299. package/dist/index.d.cts +0 -778
  300. package/dist/indexing/index.cjs +0 -738
  301. package/dist/indexing/index.cjs.map +0 -1
  302. package/dist/indexing/index.d.cts +0 -36
  303. package/dist/issue-BAJ7ZB4S.js +0 -12
  304. package/dist/lazy-builder-C-rPfWG0.d.cts +0 -304
  305. package/dist/materialized-views/index.cjs +0 -837
  306. package/dist/materialized-views/index.cjs.map +0 -1
  307. package/dist/materialized-views/index.d.cts +0 -184
  308. package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
  309. package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
  310. package/dist/noydb-XNQSKXGO.js +0 -34
  311. package/dist/overlay-views/index.cjs +0 -359
  312. package/dist/overlay-views/index.cjs.map +0 -1
  313. package/dist/overlay-views/index.d.cts +0 -82
  314. package/dist/periods/index.cjs +0 -1041
  315. package/dist/periods/index.cjs.map +0 -1
  316. package/dist/periods/index.d.cts +0 -22
  317. package/dist/predicate-Dnu81tsS.d.ts +0 -185
  318. package/dist/query/index.cjs.map +0 -1
  319. package/dist/query/index.d.cts +0 -3
  320. package/dist/read-only-facade-ITU6L7BL.js +0 -7
  321. package/dist/registry-2IEARCGT.js +0 -7
  322. package/dist/registry-CDHASH73.js +0 -10
  323. package/dist/registry-EMGLZGR6.js +0 -8
  324. package/dist/registry-NQALYR77.js +0 -8
  325. package/dist/revoke-7JOVLZFD.js +0 -17
  326. package/dist/session/index.cjs +0 -495
  327. package/dist/session/index.cjs.map +0 -1
  328. package/dist/session/index.d.cts +0 -46
  329. package/dist/shadow/index.cjs +0 -133
  330. package/dist/shadow/index.cjs.map +0 -1
  331. package/dist/shadow/index.d.cts +0 -17
  332. package/dist/store/index.cjs +0 -1083
  333. package/dist/store/index.cjs.map +0 -1
  334. package/dist/store/index.d.cts +0 -492
  335. package/dist/strategy-BSxFXGzb.d.cts +0 -110
  336. package/dist/strategy-DSTrsZ8t.d.cts +0 -601
  337. package/dist/sync/index.cjs +0 -1062
  338. package/dist/sync/index.cjs.map +0 -1
  339. package/dist/sync/index.d.cts +0 -43
  340. package/dist/team/index.cjs +0 -2798
  341. package/dist/team/index.cjs.map +0 -1
  342. package/dist/team/index.d.cts +0 -118
  343. package/dist/tx/index.cjs +0 -544
  344. package/dist/tx/index.cjs.map +0 -1
  345. package/dist/tx/index.d.cts +0 -21
  346. package/dist/types-CSLcfytP.d.cts +0 -12493
  347. package/dist/ulid-CG2YvAbg.d.cts +0 -603
  348. package/dist/util/index.cjs +0 -230
  349. package/dist/util/index.cjs.map +0 -1
  350. package/dist/util/index.d.cts +0 -77
  351. package/dist/with-derivation-Bzpj6UTv.d.ts +0 -13
  352. package/dist/with-derivation-DWajFh4K.d.cts +0 -13
  353. package/dist/with-guard-DF_Ul3DT.d.cts +0 -18
  354. package/dist/with-guard-DR7U-l4v.d.ts +0 -18
  355. package/dist/with-materialized-view-_piodoIz.d.cts +0 -27
  356. package/dist/with-overlayed-view-DwzCKxn2.d.cts +0 -13
  357. /package/dist/{crypto-H2Y3DDFW.js.map → adapter/index.js.map} +0 -0
  358. /package/dist/{chunk-75QDHSE4.js.map → chunk-2QDWRK3B.js.map} +0 -0
  359. /package/dist/{chunk-FCDO7UAO.js.map → chunk-2ZYIN3BL.js.map} +0 -0
  360. /package/dist/{chunk-ZUMGGHRB.js.map → chunk-5PTX7PKD.js.map} +0 -0
  361. /package/dist/{chunk-QAU5HM6Q.js.map → chunk-6EKRQ7QF.js.map} +0 -0
  362. /package/dist/{chunk-UVPGJXVO.js.map → chunk-JOJPBZSZ.js.map} +0 -0
  363. /package/dist/{chunk-YK72A4IT.js.map → chunk-LBILABKZ.js.map} +0 -0
  364. /package/dist/{chunk-GAUBWHAF.js.map → chunk-OCYFFBZS.js.map} +0 -0
  365. /package/dist/{delegation-QSC7G5QC.js.map → chunk-PZ5AY32C.js.map} +0 -0
  366. /package/dist/{chunk-FS7A4XNF.js.map → chunk-QWJCNXH2.js.map} +0 -0
  367. /package/dist/{chunk-K5PVGKE4.js.map → chunk-SAAJYSVV.js.map} +0 -0
  368. /package/dist/{chunk-LS3JLEIB.js.map → chunk-TZGWI5AX.js.map} +0 -0
  369. /package/dist/{executor-BZKFZVRC.js.map → crypto-OSIV2IIW.js.map} +0 -0
  370. /package/dist/{executor-GFZFDQXV.js.map → delegation-BQTRJATI.js.map} +0 -0
  371. /package/dist/{executor-KT2IOZVP.js.map → executor-KYSKFJ2R.js.map} +0 -0
  372. /package/dist/{issue-BAJ7ZB4S.js.map → executor-M7W3NEKR.js.map} +0 -0
  373. /package/dist/{ledger-WOEJUYTP.js.map → executor-VDTDGWO6.js.map} +0 -0
  374. /package/dist/{noydb-XNQSKXGO.js.map → forget/index.js.map} +0 -0
  375. /package/dist/{public-envelope-OHQ5UZFM.js.map → issue-DPHRF2TI.js.map} +0 -0
  376. /package/dist/{read-only-facade-ITU6L7BL.js.map → kernel/index.js.map} +0 -0
  377. /package/dist/{registry-2IEARCGT.js.map → ledger-CI7GSMLB.js.map} +0 -0
  378. /package/dist/{registry-CDHASH73.js.map → noydb-NAU2DTFP.js.map} +0 -0
  379. /package/dist/{registry-EMGLZGR6.js.map → public-envelope-MFMBFJLZ.js.map} +0 -0
  380. /package/dist/{registry-NQALYR77.js.map → read-only-facade-3OQRZ3VS.js.map} +0 -0
  381. /package/dist/{revoke-7JOVLZFD.js.map → registry-IX5WKK4F.js.map} +0 -0
  382. /package/dist/{signer-M4K5HBLD.js.map → registry-LMHO5265.js.map} +0 -0
  383. /package/dist/{stale-PAGCS4K5.js.map → registry-TXCKWH26.js.map} +0 -0
  384. /package/dist/{ulid-COREQ2RQ.js.map → registry-VFEDQSYV.js.map} +0 -0
@@ -1,1142 +1,6 @@
1
- import { C as CollectionIndexes, a as Clause, O as Operator } from './predicate-Dnu81tsS.js';
2
- import { A as AggregateStrategy, b as AggregateSpec, c as Aggregation, a as AggregateResult, g as GroupedQuery, h as GroupedQueryN } from './strategy-DSTrsZ8t.js';
3
-
4
- /**
5
- * All NOYDB error classes — a single import surface for `catch` blocks and
6
- * `instanceof` checks.
7
- *
8
- * ## Class hierarchy
9
- *
10
- * ```
11
- * Error
12
- * └─ NoydbError (code: string)
13
- * ├─ Crypto errors
14
- * │ ├─ DecryptionError — AES-GCM tag failure
15
- * │ ├─ TamperedError — ciphertext modified after write
16
- * │ └─ InvalidKeyError — wrong passphrase / corrupt keyring
17
- * ├─ Access errors
18
- * │ ├─ NoAccessError — no DEK for this collection
19
- * │ ├─ ReadOnlyError — ro permission, write attempted
20
- * │ ├─ PermissionDeniedError — role too low for operation
21
- * │ ├─ PrivilegeEscalationError — grant wider than grantor holds
22
- * │ └─ StoreCapabilityError — optional store method missing
23
- * ├─ Sync errors
24
- * │ ├─ ConflictError — optimistic-lock version mismatch
25
- * │ ├─ BundleVersionConflictError — bundle push rejected by remote
26
- * │ └─ NetworkError — push/pull network failure
27
- * ├─ Data errors
28
- * │ ├─ NotFoundError — get(id) on missing record
29
- * │ ├─ ValidationError — application-level guard failed
30
- * │ └─ SchemaValidationError — Standard Schema v1 rejection
31
- * ├─ Query errors
32
- * │ ├─ JoinTooLargeError — join row ceiling exceeded
33
- * │ ├─ DanglingReferenceError — strict ref() points at nothing
34
- * │ ├─ GroupCardinalityError — groupBy bucket cap exceeded
35
- * │ ├─ IndexRequiredError — lazy-mode query touches unindexed field
36
- * │ └─ IndexWriteFailureError — index side-car put/delete failed post-main
37
- * ├─ i18n / Dictionary errors
38
- * │ ├─ ReservedCollectionNameError
39
- * │ ├─ DictKeyMissingError
40
- * │ ├─ DictKeyInUseError
41
- * │ ├─ MissingTranslationError
42
- * │ ├─ LocaleNotSpecifiedError
43
- * │ └─ TranslatorNotConfiguredError
44
- * ├─ Backup errors
45
- * │ ├─ BackupLedgerError — hash-chain verification failed
46
- * │ └─ BackupCorruptedError — envelope hash mismatch in dump
47
- * ├─ Bundle errors
48
- * │ └─ BundleIntegrityError — .noydb body sha256 mismatch
49
- * └─ Session errors
50
- * ├─ SessionExpiredError
51
- * ├─ SessionNotFoundError
52
- * └─ SessionPolicyError
53
- * ```
54
- *
55
- * ## Catching all NOYDB errors
56
- *
57
- * ```ts
58
- * import { NoydbError, InvalidKeyError, ConflictError } from '@noy-db/hub'
59
- *
60
- * try {
61
- * await vault.unlock(passphrase)
62
- * } catch (e) {
63
- * if (e instanceof InvalidKeyError) { showBadPassphraseUI(); return }
64
- * if (e instanceof NoydbError) { logToSentry(e.code, e); return }
65
- * throw e // unexpected — re-throw
66
- * }
67
- * ```
68
- *
69
- * @module
70
- */
71
- /**
72
- * Base class for all NOYDB errors.
73
- *
74
- * Every error thrown by `@noy-db/hub` extends this class, so consumers can
75
- * catch all NOYDB errors in a single `catch (e) { if (e instanceof NoydbError) ... }`
76
- * block. The `code` field is a machine-readable string (e.g. `'DECRYPTION_FAILED'`)
77
- * suitable for `switch` statements and logging pipelines.
78
- */
79
- declare class NoydbError extends Error {
80
- /** Machine-readable error code. Stable across library versions. */
81
- readonly code: string;
82
- constructor(code: string, message: string);
83
- }
84
- /**
85
- * Thrown when AES-GCM decryption fails.
86
- *
87
- * The most common cause is a wrong passphrase or a corrupted ciphertext.
88
- * A `DecryptionError` at the wrong passphrase level is caught internally
89
- * and re-thrown as `InvalidKeyError` — so in practice this surfaces for
90
- * per-record corruption rather than authentication failures.
91
- */
92
- declare class DecryptionError extends NoydbError {
93
- constructor(message?: string);
94
- }
95
- /**
96
- * Thrown when GCM tag verification fails, indicating the ciphertext was
97
- * modified after encryption.
98
- *
99
- * AES-256-GCM is authenticated encryption — the tag over the ciphertext
100
- * is checked on every decrypt. If any byte was flipped (accidental
101
- * corruption or deliberate tampering), decryption throws this error.
102
- * Treat it as a security alert: the stored bytes are not what NOYDB wrote.
103
- */
104
- declare class TamperedError extends NoydbError {
105
- constructor(message?: string);
106
- }
107
- /**
108
- * Thrown when key unwrapping fails, typically because the passphrase is wrong
109
- * or the keyring file is corrupted.
110
- *
111
- * NOYDB uses AES-KW (RFC 3394) to wrap DEKs with the KEK. If AES-KW
112
- * unwrapping fails, it means either the KEK was derived from the wrong
113
- * passphrase (PBKDF2 with 600K iterations) or the keyring bytes are
114
- * corrupted. This is the error shown to the user on a failed unlock attempt.
115
- */
116
- declare class InvalidKeyError extends NoydbError {
117
- constructor(message?: string);
118
- }
119
- /**
120
- * Thrown when a keyring's wrapped-DEK set unwraps partially — at least
121
- * one DEK succeeds (proving the KEK is correct) but at least one fails.
122
- * The passphrase is right; the failed entries are corrupted.
123
- *
124
- * This is distinct from {@link InvalidKeyError} so that
125
- * `NoydbOptions.onInvalidKey: 'reset'` does NOT fire — resetting on
126
- * partial corruption would destroy the still-valid DEKs and the data
127
- * they protect, which is silent data loss in response to a feature
128
- * designed for stale-credential recovery.
129
- */
130
- declare class KeyringCorruptError extends NoydbError {
131
- readonly failedCollections: readonly string[];
132
- readonly intactCount: number;
133
- constructor(opts: {
134
- failedCollections: readonly string[];
135
- intactCount: number;
136
- message?: string;
137
- });
138
- }
139
- /**
140
- * Thrown when the authenticated user does not have a DEK for the requested
141
- * collection — i.e. the collection is not in their keyring at all.
142
- *
143
- * This is the "no key for this door" error. It is different from
144
- * `ReadOnlyError` (user has a key but it only grants ro) and from
145
- * `PermissionDeniedError` (user's role doesn't allow the operation).
146
- */
147
- declare class NoAccessError extends NoydbError {
148
- constructor(message?: string);
149
- }
150
- /**
151
- * Thrown when a user with read-only (`ro`) permission attempts a write
152
- * operation (`put` or `delete`) on a collection.
153
- *
154
- * The user has a DEK for the collection (they can decrypt and read), but
155
- * their keyring grants only `ro`. To fix: re-grant the user with `rw`
156
- * permission, or do not attempt writes as a viewer/client role.
157
- */
158
- declare class ReadOnlyError extends NoydbError {
159
- constructor(message?: string);
160
- }
161
- /**
162
- * Thrown when a write is attempted against a historical view produced
163
- * by `vault.at(timestamp)`. Time-machine views are read-only by
164
- * contract — mutating the past would require either the shadow-vault
165
- * mechanism or a ledger-history rewrite (which breaks
166
- * the tamper-evidence guarantee).
167
- *
168
- * Distinct from {@link ReadOnlyError} (keyring-level) and
169
- * {@link PermissionDeniedError} (role-level): this error is about the
170
- * *view* being historical, independent of the caller's permissions.
171
- */
172
- declare class ReadOnlyAtInstantError extends NoydbError {
173
- constructor(operation: string, timestamp: string);
174
- }
175
- /**
176
- * Thrown when a write is attempted against a shadow-vault frame
177
- * produced by `vault.frame()`. Frames are read-only by contract —
178
- * the use case is screen-sharing / demos / compliance review where
179
- * the operator wants to prevent accidental edits.
180
- *
181
- * Behavioural enforcement only — the underlying keyring still holds
182
- * write-capable DEKs. See {@link VaultFrame} for the full caveat.
183
- */
184
- declare class ReadOnlyFrameError extends NoydbError {
185
- constructor(operation: string);
186
- }
187
- /**
188
- * Thrown when the authenticated user's role does not permit the requested
189
- * operation — e.g. a `viewer` calling `grantAccess()`, or an `operator`
190
- * calling `rotateKeys()`.
191
- *
192
- * This is a role-level check (what the user's role allows), distinct from
193
- * `NoAccessError` (collection not in keyring) and `ReadOnlyError` (in
194
- * keyring, but write not allowed).
195
- */
196
- declare class PermissionDeniedError extends NoydbError {
197
- constructor(message?: string);
198
- }
199
- /**
200
- * Thrown when an `@noy-db/as-*` export is attempted without the
201
- * required capability bit on the invoking keyring.
202
- *
203
- * Two sub-cases discriminated by the `tier` field:
204
- *
205
- * - `tier: 'plaintext'` — a plaintext-tier export (`as-xlsx`,
206
- * `as-csv`, `as-blob`, `as-zip`, …) was attempted but the
207
- * keyring's `exportCapability.plaintext` does not include the
208
- * requested `format` (nor the `'*'` wildcard). Default for every
209
- * role is `plaintext: []` — the owner must positively grant.
210
- * - `tier: 'bundle'` — an encrypted `as-noydb` bundle export was
211
- * attempted but the keyring's `exportCapability.bundle` is
212
- * `false`. Default for `owner`/`admin` is `true`; for
213
- * `operator`/`viewer`/`client` it is `false`.
214
- *
215
- * Distinct from `PermissionDeniedError` (role-level check) and
216
- * `NoAccessError` (collection not readable). Surfaces separately so
217
- * UI layers can show a "request the export capability from your
218
- * admin" flow rather than a generic permission error.
219
- */
220
- declare class ExportCapabilityError extends NoydbError {
221
- readonly tier: 'plaintext' | 'bundle';
222
- readonly format?: string;
223
- readonly userId: string;
224
- constructor(opts: {
225
- tier: 'plaintext' | 'bundle';
226
- userId: string;
227
- format?: string;
228
- message?: string;
229
- });
230
- }
231
- /**
232
- * Thrown when a keyring file's `expires_at` cutoff has passed.
233
- * Surfaced by `loadKeyring` before any DEK unwrap is attempted —
234
- * past the cutoff the slot refuses to open even with the right
235
- * passphrase. Distinct from PBKDF2 / unwrap errors so consumer code
236
- * can show a precise "this bundle slot has expired" message instead
237
- * of the generic decryption-failure UX.
238
- *
239
- * Used predominantly on `BundleRecipient` slots produced by
240
- * `writeNoydbBundle({ recipients: [...] })` to time-box audit access.
241
- */
242
- declare class KeyringExpiredError extends NoydbError {
243
- readonly userId: string;
244
- readonly expiresAt: string;
245
- constructor(opts: {
246
- userId: string;
247
- expiresAt: string;
248
- });
249
- }
250
- /**
251
- * Thrown when an `@noy-db/as-*` import is attempted but the invoking
252
- * keyring lacks the required import-capability bit.
253
- *
254
- * - `tier: 'plaintext'` — a plaintext-tier import (`as-csv`, `as-json`,
255
- * `as-ndjson`, `as-zip`, …) was attempted but the keyring's
256
- * `importCapability.plaintext` does not include the requested
257
- * `format` (nor the `'*'` wildcard).
258
- * - `tier: 'bundle'` — a `.noydb` bundle import was attempted but the
259
- * keyring's `importCapability.bundle` is not `true`.
260
- *
261
- * Default for every role on every dimension is closed — owners and
262
- * admins must positively grant the capability. Distinct from
263
- * `PermissionDeniedError` and `NoAccessError` so UI layers can show a
264
- * specific "request the import capability" flow.
265
- */
266
- declare class ImportCapabilityError extends NoydbError {
267
- readonly tier: 'plaintext' | 'bundle';
268
- readonly format?: string;
269
- readonly userId: string;
270
- constructor(opts: {
271
- tier: 'plaintext' | 'bundle';
272
- userId: string;
273
- format?: string;
274
- message?: string;
275
- });
276
- }
277
- /**
278
- * Thrown when a grant would give the grantee a permission the grantor
279
- * does not themselves hold — the "admin cannot grant what admin cannot
280
- * do" rule from the admin-delegation work.
281
- *
282
- * Distinct from `PermissionDeniedError` so callers can tell the two
283
- * cases apart in logs and tests:
284
- *
285
- * - `PermissionDeniedError` — "you are not allowed to perform this
286
- * operation at all" (wrong role).
287
- * - `PrivilegeEscalationError` — "you are allowed to grant, but not
288
- * with these specific permissions" (widening attempt).
289
- *
290
- * Under the admin model the grantee of an admin-grants-admin call
291
- * inherits the caller's entire DEK set by construction, so this error
292
- * is structurally unreachable in typical flows. The check and error
293
- * class exist so that future per-collection admin scoping cannot
294
- * accidentally bypass the subset rule — the guard is already wired in.
295
- *
296
- * `offendingCollection` carries the first collection name that failed
297
- * the subset check, to make the violation actionable in error output.
298
- */
299
- /**
300
- * Thrown when a caller invokes an API that requires an optional
301
- * store capability the active store does not implement.
302
- *
303
- * Today the only call site is `Noydb.listAccessibleVaults()`,
304
- * which depends on the optional `NoydbStore.listVaults()`
305
- * method. The error message names the missing method and the calling
306
- * API so consumers know exactly which combination is unsupported,
307
- * and the `capability` field is machine-readable so library code can
308
- * pattern-match in catch blocks (e.g. fall back to a candidate-list
309
- * shape).
310
- *
311
- * The class lives in `errors.ts` rather than as a generic
312
- * `ValidationError` because the diagnostic shape is different: a
313
- * `ValidationError` says "the inputs you passed are wrong"; this
314
- * error says "the inputs are fine, but the store you wired up
315
- * doesn't support what you're asking for." Different fix, different
316
- * documentation.
317
- */
318
- declare class StoreCapabilityError extends NoydbError {
319
- /** The store method/capability that was missing. */
320
- readonly capability: string;
321
- constructor(capability: string, callerApi: string, storeName?: string);
322
- }
323
- declare class PrivilegeEscalationError extends NoydbError {
324
- readonly offendingCollection: string;
325
- constructor(offendingCollection: string, message?: string);
326
- }
327
- /**
328
- * Thrown by `Collection.put` / `.delete` when the target record's
329
- * envelope `_ts` falls within a closed accounting period.
330
- *
331
- * Distinct from `ReadOnlyError` (keyring-level), `ReadOnlyAtInstantError`
332
- * (historical view), and `ReadOnlyFrameError` (shadow vault): this
333
- * error is about the STORED RECORD being sealed by an operator call
334
- * to `vault.closePeriod()`, independent of caller permissions or
335
- * view type. The `periodName` and `endDate` fields name the sealing
336
- * period so audit UIs can surface a "this record is locked in
337
- * FY2026-Q1 (closed 2026-03-31)" message without parsing the error
338
- * string.
339
- *
340
- * To apply a correction after close, book a compensating entry in a
341
- * new period rather than unlocking the old one. Re-opening a closed
342
- * period is deliberately unsupported.
343
- */
344
- declare class PeriodClosedError extends NoydbError {
345
- readonly periodName: string;
346
- readonly endDate: string;
347
- readonly recordTs: string;
348
- constructor(periodName: string, endDate: string, recordTs: string);
349
- }
350
- /**
351
- * Thrown when a `put()` or `delete()` is rejected by a guard's `check`
352
- * function. The `reason` is the message the guard supplied — typically a
353
- * short business description (e.g. "invoice is issued"). The full
354
- * collection + id are surfaced so audit UIs can link back to the record.
355
- */
356
- declare class RecordLockedError extends NoydbError {
357
- readonly collection: string;
358
- readonly id: string;
359
- readonly reason: string;
360
- constructor(collection: string, id: string, reason: string);
361
- }
362
- /**
363
- * Thrown when a `put()` changes one or more fields that are frozen by a
364
- * `frozenFields` guard. The `fields` list contains the specific paths
365
- * that were detected as changed.
366
- */
367
- declare class FieldFrozenError extends NoydbError {
368
- readonly collection: string;
369
- readonly id: string;
370
- readonly fields: readonly string[];
371
- constructor(collection: string, id: string, fields: readonly string[]);
372
- }
373
- /**
374
- * Thrown by an amendment invariant when the proposed change-set violates
375
- * the declared business rule (e.g. disbursement total not preserved).
376
- * Triggers a full transaction rollback via the existing revert pass.
377
- */
378
- declare class InvariantError extends NoydbError {
379
- constructor(message: string);
380
- }
381
- /**
382
- * Thrown at `withTransactions({ amendment: true })` open if the caller's
383
- * role is not in the guard's allowed amendment roles. Fail-fast: thrown
384
- * before any writes are attempted.
385
- */
386
- declare class AmendmentForbiddenError extends NoydbError {
387
- readonly userId: string;
388
- readonly role: string;
389
- constructor(userId: string, role: string);
390
- }
391
- /**
392
- * Thrown by `listUsersWithEnvelopes` when the vault's user directory
393
- * has been disabled (via `db.setDirectoryEnabled(vault, false)`) and
394
- * the caller's role is neither `owner` nor `admin`. Owner/admin can
395
- * still enumerate users — the toggle is a UX privacy switch, not a
396
- * security boundary.
397
- *
398
- * Honest caveat: this is a UX flag, not a privacy guarantee. The
399
- * envelope ciphertext is still in the store, the keyring file is
400
- * still listed at `_keyring/*`, and anyone with direct store read
401
- * access can count keyrings without going through the hub. See
402
- * `docs/subsystems/user-envelope.md` → "Directory visibility".
403
- */
404
- declare class DirectoryDisabledError extends NoydbError {
405
- readonly vault: string;
406
- constructor(vault: string);
407
- }
408
- /**
409
- * Thrown when a user tries to act at a tier they are not cleared for.
410
- *
411
- * This is the umbrella error for tier write refusals:
412
- * - `put({ tier: N })` when the user's keyring lacks tier-N DEK.
413
- * - `elevate(id, N)` when the caller cannot reach tier N.
414
- *
415
- * Distinct from `TierAccessDeniedError` which covers *read* refusals on
416
- * the invisibility/ghost path.
417
- */
418
- declare class TierNotGrantedError extends NoydbError {
419
- readonly tier: number;
420
- readonly collection: string;
421
- constructor(collection: string, tier: number);
422
- }
423
- /**
424
- * Thrown when an elevated-handle operation runs after the elevation's
425
- * TTL expired. Reads continue at the original tier; only writes
426
- * through the scoped handle flip to throwing once expired.
427
- */
428
- declare class ElevationExpiredError extends NoydbError {
429
- readonly tier: number;
430
- readonly expiresAt: number;
431
- constructor(opts: {
432
- tier: number;
433
- expiresAt: number;
434
- });
435
- }
436
- /**
437
- * Thrown by `vault.elevate(...)` when an elevation is already active
438
- * on the vault. Adopters must `release()` the existing handle before
439
- * starting a new elevation.
440
- */
441
- declare class AlreadyElevatedError extends NoydbError {
442
- readonly activeTier: number;
443
- constructor(activeTier: number);
444
- }
445
- /**
446
- * Thrown when `demote()` is called by someone who is not the original
447
- * elevator and not an owner.
448
- */
449
- declare class TierDemoteDeniedError extends NoydbError {
450
- constructor(id: string, tier: number);
451
- }
452
- /**
453
- * Thrown when `db.delegate()` is called against a user that has no
454
- * keyring in the target vault — the delegation token cannot be
455
- * constructed without the target user's KEK wrap.
456
- */
457
- declare class DelegationTargetMissingError extends NoydbError {
458
- readonly toUser: string;
459
- constructor(toUser: string);
460
- }
461
- /**
462
- * Thrown when a `put()` detects an optimistic concurrency conflict.
463
- *
464
- * NOYDB uses version numbers (`_v`) for optimistic locking. If a `put()`
465
- * is called with `expectedVersion: N` but the stored record is at version
466
- * `M ≠ N`, the write is rejected and the caller must re-read, re-apply their
467
- * change, and retry. The `version` field carries the actual stored version
468
- * so callers can decide whether to retry or surface the conflict to the user.
469
- */
470
- declare class ConflictError extends NoydbError {
471
- /** The actual stored version at the time of conflict. */
472
- readonly version: number;
473
- constructor(version: number, message?: string);
474
- }
475
- /**
476
- * Thrown by `LedgerStore.append()` after exhausting its CAS retry
477
- * budget under multi-writer contention. Two browser tabs, a
478
- * web app + an offline mobile peer, or a server worker pool all
479
- * producing ledger entries against the same vault can race on the
480
- * "read head, write head+1" cycle; the optimistic-CAS retry loop
481
- * resolves the race for `casAtomic: true` stores, but pathological
482
- * contention (or a buggy peer) can still exhaust the budget. When
483
- * that happens, the chain is intact — the failed writer simply
484
- * couldn't claim a slot. Caller's choice whether to retry, queue,
485
- * or surface the failure to the user.
486
- */
487
- declare class LedgerContentionError extends NoydbError {
488
- readonly attempts: number;
489
- constructor(attempts: number);
490
- }
491
- /**
492
- * Thrown when a bundle push is rejected because the remote has been updated
493
- * since the local bundle was last pulled.
494
- *
495
- * Unlike `ConflictError` (per-record), this is a whole-bundle conflict —
496
- * the remote's bundle handle has changed. The caller must pull the new
497
- * bundle, merge, and re-push. `remoteVersion` is the handle of the newer
498
- * remote bundle for use in diagnostics.
499
- */
500
- declare class BundleVersionConflictError extends NoydbError {
501
- /** The bundle handle of the newer remote version that rejected the push. */
502
- readonly remoteVersion: string;
503
- constructor(remoteVersion: string, message?: string);
504
- }
505
- /**
506
- * Thrown when a sync operation (push or pull) fails due to a network error.
507
- *
508
- * NOYDB's offline-first design means network errors are expected during sync.
509
- * Callers should catch `NetworkError`, surface connectivity status in the UI,
510
- * and rely on the `SyncScheduler` to retry when connectivity is restored.
511
- */
512
- declare class NetworkError extends NoydbError {
513
- constructor(message?: string);
514
- }
515
- /**
516
- * Thrown when `collection.get(id)` is called with an ID that does not exist.
517
- *
518
- * NOYDB collections are memory-first, so this error is synchronous and cheap —
519
- * it does not make a network round-trip. Callers that expect the record to be
520
- * absent should use `collection.getOrNull(id)` instead.
521
- */
522
- declare class NotFoundError extends NoydbError {
523
- constructor(message?: string);
524
- }
525
- /**
526
- * Thrown when application-level validation fails before encryption.
527
- *
528
- * Distinct from `SchemaValidationError` (Standard Schema v1 validator)
529
- * and `MissingTranslationError` (i18nText). `ValidationError` is the
530
- * general-purpose validation base — use it for custom guards in `put()`
531
- * hooks or store middleware.
532
- */
533
- declare class ValidationError extends NoydbError {
534
- constructor(message?: string);
535
- }
536
- /**
537
- * Thrown when a Standard Schema v1 validator rejects a record on
538
- * `put()` (input validation) or on read (output validation). Carries
539
- * the raw issue list so callers can render field-level errors.
540
- *
541
- * `direction` distinguishes the two cases:
542
- * - `'input'`: the user passed bad data into `put()`. This is a
543
- * normal error case that application code should handle — typically
544
- * by showing validation messages in the UI.
545
- * - `'output'`: stored data does not match the current schema. This
546
- * indicates a schema drift (the schema was changed without
547
- * migrating the existing records) and should be treated as a bug
548
- * — the application should not swallow it silently.
549
- *
550
- * The `issues` type is deliberately `readonly unknown[]` on this class
551
- * so that `errors.ts` doesn't need to import from `schema.ts` (and
552
- * create a dependency cycle). Callers who know they're holding a
553
- * `SchemaValidationError` can cast to the more precise
554
- * `readonly StandardSchemaV1Issue[]` from `schema.ts`.
555
- */
556
- declare class SchemaValidationError extends NoydbError {
557
- readonly issues: readonly unknown[];
558
- readonly direction: 'input' | 'output';
559
- constructor(message: string, issues: readonly unknown[], direction: 'input' | 'output');
560
- }
561
- /** Base for schema-evolution strategy rejections (#245). */
562
- declare class SchemaUpdateError extends NoydbError {
563
- constructor(code: string, message: string);
564
- }
565
- /** A non-additive schema change was rejected by the `additiveOnly()` strategy. */
566
- declare class NonAdditiveSchemaChangeError extends SchemaUpdateError {
567
- constructor(message: string);
568
- }
569
- /** A schema change was rejected by the `lockSchema()` strategy. */
570
- declare class SchemaLockedError extends SchemaUpdateError {
571
- constructor(message: string);
572
- }
573
- /** Write attempted while a schema cutover fence is up (draining/migrating, or this collection has a pending cutover). */
574
- declare class SchemaFenceError extends SchemaUpdateError {
575
- constructor(message: string);
576
- }
577
- /** Write attempted by a client whose generation snapshot is behind the live fence — reload required. */
578
- declare class MigrationRequiredError extends SchemaUpdateError {
579
- constructor(message: string);
580
- }
581
- /** A coordinated cutover timed out waiting for active clients to quiesce. */
582
- declare class QuiesceTimeoutError extends SchemaUpdateError {
583
- constructor(message: string);
584
- }
585
- /**
586
- * Thrown when `.groupBy().aggregate()` produces more than the hard
587
- * cardinality cap (default 100_000 groups)..
588
- *
589
- * The cap exists because `.groupBy()` materializes one bucket per
590
- * distinct key value in memory, and runaway cardinality — a groupBy
591
- * on a high-uniqueness field like `id` or `createdAt` — is almost
592
- * always a query mistake rather than legitimate use. A hard error is
593
- * better than silent OOM: the consumer sees an actionable message
594
- * naming the field and the observed cardinality, with guidance to
595
- * either narrow the query with `.where()` or accept the ceiling
596
- * override.
597
- *
598
- * A separate one-shot warning fires at 10% of the cap (10_000
599
- * groups) so consumers get a heads-up before the hard error — same
600
- * pattern as `JoinTooLargeError` and the `.join()` row ceiling.
601
- *
602
- * **Not overridable in.** The 100k cap is a fixed constant so
603
- * the failure mode is consistent across the codebase; a
604
- * `{ maxGroups }` override can be added later without a break if a
605
- * real consumer asks.
606
- */
607
- declare class GroupCardinalityError extends NoydbError {
608
- /** The field being grouped on. */
609
- readonly field: string;
610
- /** Observed number of distinct groups at the moment the cap tripped. */
611
- readonly cardinality: number;
612
- /** The cap that was exceeded. */
613
- readonly maxGroups: number;
614
- constructor(field: string, cardinality: number, maxGroups: number);
615
- }
616
- /**
617
- * Thrown in lazy mode when a `.query()` / `.where()` / `.orderBy()` clause
618
- * references a field that does not have a declared index.
619
- *
620
- * Lazy-mode queries only work when every touched field is indexed.
621
- * This is deliberate — silent scan-fallback would hide the performance
622
- * cliff that lazy-mode indexes exist to prevent.
623
- *
624
- * Payload:
625
- * - `collection` — name of the collection queried
626
- * - `touchedFields` — every field referenced by the query (filter + order)
627
- * - `missingFields` — subset of `touchedFields` that have no declared index
628
- */
629
- declare class IndexRequiredError extends NoydbError {
630
- readonly collection: string;
631
- readonly touchedFields: readonly string[];
632
- readonly missingFields: readonly string[];
633
- constructor(args: {
634
- collection: string;
635
- touchedFields: readonly string[];
636
- missingFields: readonly string[];
637
- });
638
- }
639
- /**
640
- * Thrown (or surfaced via the `index:write-partial` event) when one or more
641
- * per-indexed-field side-car writes fail after the main record write has
642
- * already succeeded.
643
- *
644
- * Not thrown out of `.put()` / `.delete()` directly — those succeed when the
645
- * main record succeeds. Instead, `IndexWriteFailureError` instances are collected
646
- * into the session-scoped reconcile queue and emitted on the Collection
647
- * emitter as `index:write-partial`.
648
- *
649
- * Payload:
650
- * - `recordId` — the id of the main record whose side-car writes failed
651
- * - `field` — the indexed field whose side-car write failed
652
- * - `op` — `'put'` or `'delete'`, indicating which mutation was in flight
653
- * - `cause` — the underlying error from the store
654
- */
655
- declare class IndexWriteFailureError extends NoydbError {
656
- readonly recordId: string;
657
- readonly field: string;
658
- readonly op: 'put' | 'delete';
659
- readonly cause: unknown;
660
- constructor(args: {
661
- recordId: string;
662
- field: string;
663
- op: 'put' | 'delete';
664
- cause: unknown;
665
- });
666
- }
667
- /**
668
- * Thrown by `readNoydbBundle()` when the body bytes don't match
669
- * the integrity hash declared in the bundle header — i.e. someone
670
- * modified the bytes between write and read.
671
- *
672
- * Distinct from a generic `Error` (which would be thrown for
673
- * format violations like a missing magic prefix or malformed
674
- * header JSON) so consumers can pattern-match the corruption case
675
- * and handle it differently from a producer bug. A
676
- * `BundleIntegrityError` indicates "the bytes you got are not
677
- * what was written"; a plain `Error` from `parsePrefixAndHeader`
678
- * indicates "what was written wasn't a valid bundle in the first
679
- * place."
680
- *
681
- * Also thrown when decompression fails after the integrity hash
682
- * passed — that's a producer bug (the wrong algorithm byte was
683
- * written) but it surfaces with the same error class because the
684
- * end result is "the body cannot be turned back into a dump."
685
- */
686
- declare class BundleIntegrityError extends NoydbError {
687
- constructor(message: string);
688
- }
689
- /**
690
- * Thrown by `readNoydbBundle` (#197) when the bundle carries
691
- * sealed per-user passphrases but no supplied `SealingKeyProvider`
692
- * has a `.id` (= `pid`) matching the sealed entry's `pid`.
693
- *
694
- * Carries the failing pid + the user id so the recipient can
695
- * surface an actionable prompt:
696
- *
697
- * ```
698
- * BundleSealMismatchError: bundle carries sealed passphrase for user "alice"
699
- * under provider "macos-keychain:com.acme.app/alice@acme.example",
700
- * but no registered provider matches that pid.
701
- * ```
702
- *
703
- * Three resolution paths the message names (per foundation §11.9.4):
704
- *
705
- * 1. Configure a provider matching the pid and retry import.
706
- * 2. Pass `attemptUnsealAcrossProviders: true` to try each
707
- * registered provider regardless of pid.
708
- * 3. Inspect without unsealing — pass no `sealingProviders` to
709
- * receive the sealed entries unmodified for offline analysis.
710
- */
711
- declare class BundleSealMismatchError extends NoydbError {
712
- readonly userId: string;
713
- readonly pid: string;
714
- constructor(userId: string, pid: string);
715
- }
716
- /**
717
- * Thrown when `vault.collection()` is called with a name that is
718
- * reserved for NOYDB internal use (any name starting with `_dict_`).
719
- *
720
- * Dictionary collections are accessed exclusively via
721
- * `vault.dictionary(name)` — attempting to open one as a regular
722
- * collection would bypass the dictionary invariants (ACL, rename
723
- * tracking, reserved-name policy).
724
- */
725
- declare class ReservedCollectionNameError extends NoydbError {
726
- /** The rejected collection name. */
727
- readonly collectionName: string;
728
- constructor(collectionName: string);
729
- }
730
- /**
731
- * Thrown by `DictionaryHandle.get()` and `DictionaryHandle.delete()` when
732
- * the requested key does not exist in the dictionary.
733
- *
734
- * Distinct from `NotFoundError` (which is for data records) so callers
735
- * can distinguish "data record missing" from "dictionary key missing"
736
- * without inspecting error messages.
737
- */
738
- declare class DictKeyMissingError extends NoydbError {
739
- /** The dictionary name. */
740
- readonly dictionaryName: string;
741
- /** The key that was not found. */
742
- readonly key: string;
743
- constructor(dictionaryName: string, key: string);
744
- }
745
- /**
746
- * Thrown by `DictionaryHandle.delete()` in strict mode when the key to
747
- * be deleted is still referenced by one or more records.
748
- *
749
- * The caller must either rename the key first (the only sanctioned
750
- * mass-mutation path) or pass `{ mode: 'warn' }` to skip the check
751
- * (development only).
752
- */
753
- declare class DictKeyInUseError extends NoydbError {
754
- /** The dictionary name. */
755
- readonly dictionaryName: string;
756
- /** The key that is still referenced. */
757
- readonly key: string;
758
- /** Name of the first collection found to reference this key. */
759
- readonly usedBy: string;
760
- /** Number of records in `usedBy` that reference this key. */
761
- readonly count: number;
762
- constructor(dictionaryName: string, key: string, usedBy: string, count: number);
763
- }
764
- /**
765
- * Thrown by `Collection.put()` when an `i18nText` field is missing one
766
- * or more required translations.
767
- *
768
- * The `missing` array names each locale code that was absent from the
769
- * field value. The `field` property names the field so callers can
770
- * render a field-level error message without parsing the string.
771
- */
772
- declare class MissingTranslationError extends NoydbError {
773
- /** The field name whose translation(s) are missing. */
774
- readonly field: string;
775
- /** Locale codes that were required but absent. */
776
- readonly missing: readonly string[];
777
- constructor(field: string, missing: readonly string[], message?: string);
778
- }
779
- /**
780
- * Thrown when reading an `i18nText` field without specifying a locale —
781
- * either at the call site (`get(id, { locale })`) or on the vault
782
- * (`openVault(name, { locale })`).
783
- *
784
- * Also thrown when `resolveI18nText()` exhausts the fallback chain and
785
- * no translation is available for the requested locale.
786
- *
787
- * The `field` property names the field that triggered the error so the
788
- * caller can surface it in the UI.
789
- */
790
- declare class LocaleNotSpecifiedError extends NoydbError {
791
- /** The field name that required a locale. */
792
- readonly field: string;
793
- constructor(field: string, message?: string);
794
- }
795
- /**
796
- * Thrown when a collection has an `i18nText` field with
797
- * `autoTranslate: true` but no `plaintextTranslator` was configured
798
- * on `createNoydb()`.
799
- *
800
- * The error is raised at `put()` time (not at schema construction) so
801
- * the mis-configuration is surfaced by the first write rather than
802
- * silently at startup.
803
- */
804
- declare class TranslatorNotConfiguredError extends NoydbError {
805
- /** The field that requested auto-translation. */
806
- readonly field: string;
807
- /** The collection the put was targeting. */
808
- readonly collection: string;
809
- constructor(field: string, collection: string);
810
- }
811
- /**
812
- * Thrown when `Vault.load()` finds that a backup's hash chain
813
- * doesn't verify, or that its embedded `ledgerHead.hash` doesn't
814
- * match the chain head reconstructed from the loaded entries.
815
- *
816
- * Distinct from `BackupCorruptedError` so callers can choose to
817
- * recover from one but not the other (e.g., a corrupted JSON file is
818
- * unrecoverable; a chain mismatch might mean the backup is from an
819
- * incompatible noy-db version).
820
- */
821
- declare class BackupLedgerError extends NoydbError {
822
- /** First-broken-entry index, if known. */
823
- readonly divergedAt?: number;
824
- constructor(message: string, divergedAt?: number);
825
- }
826
- /**
827
- * Thrown when `Vault.load()` finds that the backup's data
828
- * collection content doesn't match the ledger's recorded
829
- * `payloadHash`es. This is the "envelope was tampered with after
830
- * dump" detection — the chain itself can be intact, but if any
831
- * encrypted record bytes were swapped, this check catches it.
832
- */
833
- declare class BackupCorruptedError extends NoydbError {
834
- /** The (collection, id) pair whose envelope failed the hash check. */
835
- readonly collection: string;
836
- readonly id: string;
837
- constructor(collection: string, id: string, message: string);
838
- }
839
- /**
840
- * Thrown by partition-extraction primitives (#198 epic) when the
841
- * transitive-closure walk fails — e.g. the FK graph is deeper than
842
- * `maxDepth`, signalling a runaway or unexpectedly cyclic graph.
843
- */
844
- declare class PartitionExtractionError extends NoydbError {
845
- constructor(message: string);
846
- }
847
- /**
848
- * Thrown by `adoptPartition` (#207) when the transfer seal can't be
849
- * opened — a wrong/short transfer key (AES-GCM auth-tag failure) or a
850
- * malformed sealed payload.
851
- */
852
- declare class TransferSealError extends NoydbError {
853
- constructor(message: string);
854
- }
855
- /**
856
- * Thrown when an adoption-lifecycle precondition fails — re-adopting a
857
- * partition already consumed in this store (#207), or owner-creation on a
858
- * vault that isn't in the adopted-unowned state (#208).
859
- */
860
- declare class AdoptionStateError extends NoydbError {
861
- constructor(message: string);
862
- }
863
- /** Document-attestation failures: undeclared field-schema, non-owner issue, missing field, signer failure. */
864
- declare class AttestationError extends NoydbError {
865
- constructor(message: string);
866
- }
867
- /**
868
- * Thrown by `resolveSession()` when the session token's `expiresAt`
869
- * timestamp is in the past. The session key is also removed from the
870
- * in-memory store when this is thrown, so retrying with the same sessionId
871
- * will produce `SessionNotFoundError`.
872
- *
873
- * Separate from `SessionNotFoundError` so callers can distinguish between
874
- * "session is gone" (key store cleared, tab reloaded) and "session is
875
- * still in the store but has exceeded its lifetime" (idle timeout, absolute
876
- * timeout, policy-driven expiry). The remediation differs: expired sessions
877
- * should prompt a fresh unlock; not-found sessions may indicate a bug or a
878
- * cross-tab scenario where the session was never established.
879
- */
880
- declare class SessionExpiredError extends NoydbError {
881
- readonly sessionId: string;
882
- constructor(sessionId: string);
883
- }
884
- /**
885
- * Thrown by `resolveSession()` when the session key cannot be found in
886
- * the module-level store. This happens when:
887
- * - The session was explicitly revoked via `revokeSession()`.
888
- * - The JS context was reloaded (tab navigation, page refresh, worker restart).
889
- * - `Noydb.close()` was called (which calls `revokeAllSessions()`).
890
- * - The sessionId is wrong or was generated by a different JS context.
891
- *
892
- * The session token (if the caller holds it) is permanently useless after
893
- * this error — the key is gone and cannot be recovered.
894
- */
895
- declare class SessionNotFoundError extends NoydbError {
896
- readonly sessionId: string;
897
- constructor(sessionId: string);
898
- }
899
- /**
900
- * Thrown when a session policy blocks an operation — for example,
901
- * `requireReAuthFor: ['export']` is set and the caller attempts to
902
- * call `exportStream()` without re-authenticating for this session.
903
- *
904
- * The `operation` field names the specific operation that was blocked
905
- * (e.g. `'export'`, `'grant'`, `'rotate'`) so the caller can surface
906
- * a targeted prompt ("Please re-enter your passphrase to export data").
907
- */
908
- declare class SessionPolicyError extends NoydbError {
909
- readonly operation: string;
910
- constructor(operation: string, message?: string);
911
- }
912
- /**
913
- * Thrown when a `.join()` would exceed its configured row ceiling on
914
- * either side. The ceiling defaults to 50,000 per side and can be
915
- * overridden via the `{ maxRows }` option on `.join()`.
916
- *
917
- * Carries both row counts so the error message can show which side
918
- * tripped the limit (e.g. "left had 60,000 rows, right had 1,200,
919
- * max was 50,000"). The `side` field is machine-readable so test
920
- * code and devtools can match on it without regex-parsing the
921
- * message.
922
- *
923
- * The row ceiling exists because joins are bounded in-memory
924
- * operations over materialized record sets. Consumers whose
925
- * collections genuinely exceed the ceiling should track
926
- * (streaming joins over `scan()`) or filter the left side further
927
- * with `where()` / `limit()` before joining.
928
- */
929
- declare class JoinTooLargeError extends NoydbError {
930
- readonly leftRows: number;
931
- readonly rightRows: number;
932
- readonly maxRows: number;
933
- readonly side: 'left' | 'right';
934
- constructor(opts: {
935
- leftRows: number;
936
- rightRows: number;
937
- maxRows: number;
938
- side: 'left' | 'right';
939
- message: string;
940
- });
941
- }
942
- /**
943
- * Thrown by `.join()` in strict `ref()` mode when a left-side record
944
- * points at a right-side id that does not exist in the target
945
- * collection.
946
- *
947
- * Distinct from `RefIntegrityError` so test code can pattern-match
948
- * on the *read-time* dangling case without catching *write-time*
949
- * integrity violations. Both indicate "ref points at nothing" but
950
- * happen at different lifecycle phases and deserve different
951
- * remediation in documentation: a RefIntegrityError on `put()`
952
- * means the input is invalid; a DanglingReferenceError on `.join()`
953
- * means stored data has drifted and `vault.checkIntegrity()`
954
- * is the right tool to find the full set of orphans.
955
- */
956
- declare class DanglingReferenceError extends NoydbError {
957
- readonly field: string;
958
- readonly target: string;
959
- readonly refId: string;
960
- constructor(opts: {
961
- field: string;
962
- target: string;
963
- refId: string;
964
- message: string;
965
- });
966
- }
967
- /**
968
- * Thrown by {@link sanitizeFilename} when an input filename cannot be
969
- * made safe — NUL byte, empty after normalization, missing
970
- * `opaqueId` for the opaque profile, `..` segment, or a `maxBytes`
971
- * cap too small to hold a single code point.
972
- */
973
- declare class FilenameSanitizationError extends NoydbError {
974
- constructor(message: string);
975
- }
976
- /**
977
- * Thrown when a write target resolves OUTSIDE the requested
978
- * directory after sanitization — the canonical Zip-Slip class. The
979
- * sanitizer's job is to strip path-traversal segments; this error
980
- * is the defense-in-depth fallback at the FS write site.
981
- */
982
- declare class PathEscapeError extends NoydbError {
983
- readonly attempted: string;
984
- readonly targetDir: string;
985
- constructor(opts: {
986
- attempted: string;
987
- targetDir: string;
988
- });
989
- }
990
- /**
991
- * Thrown at vault open if the derivation graph contains a cycle.
992
- * `path` is the offending chain (e.g. `['a', 'b', 'c', 'a']`).
993
- */
994
- declare class DerivationCycleError extends NoydbError {
995
- readonly path: readonly string[];
996
- constructor(path: readonly string[]);
997
- }
998
- /**
999
- * Thrown when a cascade of source → output → source → … exceeds the
1000
- * configured `maxDepth` (default 5).
1001
- */
1002
- declare class DerivationDepthError extends NoydbError {
1003
- readonly limit: number;
1004
- readonly attempted: number;
1005
- constructor(limit: number, attempted: number);
1006
- }
1007
- /**
1008
- * Thrown at registration if a `withDerivation` strategy references an
1009
- * output `collection` that isn't otherwise declared (no schema, no use
1010
- * elsewhere). Surfacing this early catches typos in collection names.
1011
- */
1012
- declare class DerivationOutputUnknownError extends NoydbError {
1013
- readonly collection: string;
1014
- constructor(collection: string);
1015
- }
1016
- /**
1017
- * Thrown when the user's `derive` function returns a value that doesn't
1018
- * match the declared output spec (e.g. wrong shape, wrong key set).
1019
- */
1020
- declare class DerivationOutputShapeError extends NoydbError {
1021
- readonly outputKey: string;
1022
- constructor(outputKey: string, detail: string);
1023
- }
1024
- /**
1025
- * Thrown by array-shape derivations (#200) when the `derive` function
1026
- * returns more rows than the output's `maxFanout` cap. The cap exists
1027
- * to keep dispatch cost bounded — without it a single source-row
1028
- * update could fan out to thousands of derived rows, dominating the
1029
- * write path.
1030
- *
1031
- * Defaults to `maxFanout: 64`. Raise on the output spec for
1032
- * carry-forward expansion cases (e.g. monthly rows across multi-year
1033
- * contracts).
1034
- */
1035
- declare class DerivationCapExceededError extends NoydbError {
1036
- readonly outputKey: string;
1037
- readonly returned: number;
1038
- readonly maxFanout: number;
1039
- constructor(outputKey: string, returned: number, maxFanout: number);
1040
- }
1041
- /**
1042
- * Thrown at vault open if the materialized-view graph contains a
1043
- * cycle. `path` is the offending chain (e.g. `['a-mv', 'b-mv', 'a-mv']`).
1044
- * Detected by the same shared DFS that catches `DerivationCycleError`;
1045
- * surfaces with a distinct error type so consumers can disambiguate.
1046
- */
1047
- declare class MaterializedViewCycleError extends NoydbError {
1048
- readonly path: readonly string[];
1049
- constructor(path: readonly string[]);
1050
- }
1051
- /**
1052
- * Thrown at MV registration if the query references a source
1053
- * collection that isn't declared on the vault. Surfacing this early
1054
- * catches typos in collection names.
1055
- */
1056
- declare class MaterializedViewSourceUnknownError extends NoydbError {
1057
- readonly mvName: string;
1058
- readonly collection: string;
1059
- constructor(mvName: string, collection: string);
1060
- }
1061
- /**
1062
- * Thrown by the MV executor when a refresh produces more rows than
1063
- * the configured ceiling. Default ceiling is 100k rows; override
1064
- * per-MV via `maxRows`. Mirrors `JoinTooLargeError` /
1065
- * `GroupCardinalityError` from the query DSL — the explosion is
1066
- * detected BEFORE writes hit the store, so the source-write
1067
- * transaction can roll back cleanly via strict-mode.
1068
- */
1069
- declare class MaterializedViewTooLargeError extends NoydbError {
1070
- readonly mvName: string;
1071
- readonly expected: number;
1072
- readonly limit: number;
1073
- constructor(mvName: string, expected: number, limit: number);
1074
- }
1075
- /**
1076
- * Thrown by `withMaterializedView()` at registration time when the
1077
- * strategy is structurally malformed. Distinct from
1078
- * `MaterializedViewSourceUnknownError` (the source list is well-formed
1079
- * but names a collection the vault doesn't know) and
1080
- * `MaterializedViewCycleError` (the source graph has a cycle): this
1081
- * error fires before either check, at the moment the spec is being
1082
- * normalized.
1083
- *
1084
- * Today the trigger cases are all about the `query` / `unionSources`
1085
- * dichotomy introduced by #165:
1086
- * - both `query` and `unionSources` were set (mutually exclusive),
1087
- * - neither `query` nor `unionSources` was set,
1088
- * - `unionSources` has fewer than 2 arms,
1089
- * - two arms in `unionSources` reference the same `collection`.
1090
- *
1091
- * The error message is prefixed with `[noy-db] withMaterializedView:`
1092
- * so it's grep-friendly in logs and looks consistent with the existing
1093
- * `ValidationError` messages from the same factory.
1094
- */
1095
- declare class MaterializedViewConfigError extends NoydbError {
1096
- constructor(message: string);
1097
- }
1098
- /**
1099
- * Thrown at vault open when a `withOverlayedView` declaration uses
1100
- * another virtual-overlay name as its `base`. Multi-overlay stacking
1101
- * is a v2 non-goal — the shallow expansion in
1102
- * `QueryDependencyAnalyzer` would truncate at the inner overlay
1103
- * name, leaving downstream MVs silently stale.
1104
- */
1105
- declare class OverlayBaseIsVirtualError extends NoydbError {
1106
- readonly overlayName: string;
1107
- readonly base: string;
1108
- constructor(overlayName: string, base: string);
1109
- }
1110
- /**
1111
- * Thrown at vault open when a `withOverlayedView`'s `overlay`
1112
- * references an unknown collection or an MV-owned collection. The
1113
- * overlay collection is user-writable; MV-owned collections aren't.
1114
- */
1115
- declare class OverlayCollectionUnavailableError extends NoydbError {
1116
- readonly overlayName: string;
1117
- readonly overlay: string;
1118
- constructor(overlayName: string, overlay: string);
1119
- }
1120
- /**
1121
- * Thrown at vault open when a `withOverlayedView`'s virtual `name`
1122
- * collides with an MV output or a concrete source collection.
1123
- */
1124
- declare class OverlayNameCollisionError extends NoydbError {
1125
- readonly overlayName: string;
1126
- constructor(overlayName: string);
1127
- }
1128
- /**
1129
- * Thrown by the virtual overlay's `put(id, record)` when the
1130
- * consumer-supplied `id` doesn't match `rowKey(record)`. Catches
1131
- * fat-finger separator typos that would otherwise silently produce
1132
- * orphaned overlay rows. Direct writes to the underlying overlay
1133
- * collection (bypass the virtual layer) skip this validation.
1134
- */
1135
- declare class OverlayIdMismatchError extends NoydbError {
1136
- readonly actual: string;
1137
- readonly expected: string;
1138
- constructor(actual: string, expected: string);
1139
- }
1
+ import { C as CollectionIndexes, a as Clause, O as Operator } from './predicate-BmhBSPCH.js';
2
+ import { N as NoydbError } from './errors-BAWO5Z5a.js';
3
+ import { a as I18nTextDescriptor, P as MoneyDescriptor, A as AggregateStrategy, k as AggregateSpec, l as Aggregation, j as AggregateResult, p as GroupedQuery, q as GroupedQueryN } from './strategy-8QGs5KQE.js';
1140
4
 
1141
5
  /**
1142
6
  * Foreign-key references — the soft-FK mechanism.
@@ -1195,7 +59,19 @@ type RefMode = 'strict' | 'warn' | 'cascade';
1195
59
  interface RefDescriptor {
1196
60
  readonly target: string;
1197
61
  readonly mode: RefMode;
62
+ /**
63
+ * Present and `true` only for an array ref (#377-A, `refArray()`): the
64
+ * field holds an ARRAY of ids, each validated against `target`
65
+ * independently (M:N). Absent for a scalar `ref()`. The same `mode`
66
+ * semantics apply per element — strict rejects on a missing element at
67
+ * put + blocks delete of a referenced target; cascade deletes every
68
+ * record whose array contains the deleted id; warn surfaces orphans
69
+ * only via `checkIntegrity()`.
70
+ */
71
+ readonly isArray?: true;
1198
72
  }
73
+ /** Runtime predicate: is this an array ref (`refArray()`) vs a scalar `ref()`? */
74
+ declare function isRefArray(desc: RefDescriptor): boolean;
1199
75
  /**
1200
76
  * Thrown when a strict reference is violated — either `put()` with a
1201
77
  * missing target id, or `delete()` of a target that still has
@@ -1238,6 +114,30 @@ declare class RefScopeError extends NoydbError {
1238
114
  * fails at collection construction time, not at the first put.
1239
115
  */
1240
116
  declare function ref(target: string, mode?: RefMode): RefDescriptor;
117
+ /**
118
+ * Array reference (#377-A) — the many-to-many soft-FK. The field holds an
119
+ * array of ids; each element is validated against `target` independently.
120
+ *
121
+ * ```ts
122
+ * const orders = company.collection<Order>('orders', {
123
+ * refs: { productIds: refArray('products', 'warn') },
124
+ * })
125
+ * ```
126
+ *
127
+ * Same three `mode` semantics as `ref()`, applied per element:
128
+ * - **strict** — `put()` rejects if ANY element's target is missing;
129
+ * `delete()` of a target is blocked while any record's array still
130
+ * contains its id.
131
+ * - **warn** — both succeed; orphaned elements surface via
132
+ * `vault.checkIntegrity()` (one violation per dangling element).
133
+ * - **cascade** — `delete()` of a target deletes every record whose
134
+ * array contains its id (cycle-safe, like scalar cascade).
135
+ *
136
+ * A `null`/`undefined` field is allowed (no links). Non-array values, or
137
+ * non-string/number elements, are an integrity error. Cross-vault targets
138
+ * are rejected exactly as in `ref()`.
139
+ */
140
+ declare function refArray(target: string, mode?: RefMode): RefDescriptor;
1241
141
  /**
1242
142
  * Per-vault registry of reference declarations.
1243
143
  *
@@ -1280,6 +180,7 @@ declare class RefRegistry {
1280
180
  collection: string;
1281
181
  field: string;
1282
182
  mode: RefMode;
183
+ isArray?: true;
1283
184
  }>;
1284
185
  /**
1285
186
  * Iterate every (collection → refs) pair that has at least one
@@ -1414,6 +315,23 @@ interface JoinLeg {
1414
315
  interface JoinableSource {
1415
316
  snapshot(): readonly unknown[];
1416
317
  lookupById?(id: string): unknown;
318
+ /**
319
+ * Default locale a label-resolving query falls back to when the query
320
+ * itself is locale-less. Set by a `staticDict()`-backed source from its
321
+ * `displayLocale` so `{ by: 'label' }` resolves under a locale-less read
322
+ * (#291). Plain `_dict_*`-backed sources omit it.
323
+ */
324
+ readonly displayLocale?: string;
325
+ /**
326
+ * i18nText descriptors of the right-side collection (#285 §3, `join`
327
+ * layer). When present and the query carries a locale, each joined
328
+ * right-side record's i18n fields resolve to that locale at the `join`
329
+ * layer (`resolvePolicy(onMissing, 'join')`) BEFORE it is attached under
330
+ * the leg's alias — so a joined `i18nText` field is a resolved string, not
331
+ * a raw `{ locale }` map. Locale-less queries leave joined fields raw
332
+ * (consistent with a locale-less read).
333
+ */
334
+ readonly i18nFields?: Record<string, I18nTextDescriptor>;
1417
335
  /**
1418
336
  * Subscribe to mutations on this source. The callback fires
1419
337
  * AFTER the underlying record set has been updated. Returns an
@@ -1436,6 +354,13 @@ interface JoinableSource {
1436
354
  interface JoinContext {
1437
355
  /** Name of the left-side (owning) collection. */
1438
356
  readonly leftCollection: string;
357
+ /**
358
+ * The owning collection's default locale (#285 §3). Used to resolve joined
359
+ * i18n fields at the `join` layer when a terminal call doesn't pass an
360
+ * explicit locale — so `openVault({ locale })` flows to joins like it does
361
+ * to `get`/`list`. A per-call `toArray({ locale })` overrides it.
362
+ */
363
+ readonly defaultLocale?: string;
1439
364
  /** Look up a `RefDescriptor` by field name on the left collection. */
1440
365
  resolveRef(field: string): RefDescriptor | null;
1441
366
  /** Resolve a right-side source by target collection name. */
@@ -1477,7 +402,7 @@ interface JoinContext {
1477
402
  * query like `.join('a', { maxRows: 100_000 }).join('b', { maxRows: 50 })`,
1478
403
  * which should throw on the second leg if the left set exceeds 50.
1479
404
  */
1480
- declare function applyJoins(rows: readonly unknown[], joins: readonly JoinLeg[], context: JoinContext): unknown[];
405
+ declare function applyJoins(rows: readonly unknown[], joins: readonly JoinLeg[], context: JoinContext, locale?: string): unknown[];
1481
406
  /**
1482
407
  * Test-only: reset the join warning deduplication state between
1483
408
  * tests. Production code never calls this — the dedup state is
@@ -1608,6 +533,13 @@ declare function buildLiveQuery<T>(recompute: () => T[], upstreams: readonly Liv
1608
533
  interface OrderBy {
1609
534
  readonly field: string;
1610
535
  readonly direction: 'asc' | 'desc';
536
+ /**
537
+ * Sort key for a `dictKey`/`staticDict` field (#285): `'value'` (default)
538
+ * sorts by the stored code; `'label'` sorts by the code's resolved label at
539
+ * the query locale (`toArray({ locale })`, or a `staticDict` `displayLocale`).
540
+ * Falls back to the code when no label resolves.
541
+ */
542
+ readonly by?: 'value' | 'label';
1611
543
  }
1612
544
  /**
1613
545
  * A complete query plan: zero-or-more clauses, optional ordering, pagination,
@@ -1632,6 +564,8 @@ interface QueryPlan {
1632
564
  */
1633
565
  readonly joins: readonly JoinLeg[];
1634
566
  }
567
+ /** Default row ceiling for cross-join expansion. Matches JoinTooLargeError's ceiling. */
568
+ declare const DEFAULT_CROSS_JOIN_MAX_ROWS = 50000;
1635
569
  /**
1636
570
  * Source of records that a query executes against.
1637
571
  *
@@ -1652,6 +586,19 @@ interface QuerySource<T> {
1652
586
  getIndexes?(): CollectionIndexes | null;
1653
587
  /** O(1) record lookup by id, used to materialize index hits. */
1654
588
  lookupById?(id: string): T | undefined;
589
+ /**
590
+ * Money field descriptors for the backing collection, used to rewrite
591
+ * `sum`/`min`/`max` over money fields into exact BigInt reducers.
592
+ */
593
+ moneyFields?: Record<string, MoneyDescriptor>;
594
+ /**
595
+ * #308 L3 — id-paired snapshot for `Query._idArray()` (the `retrieve({within})`
596
+ * id projection). Optional: only collection-backed queries supply it.
597
+ */
598
+ snapshotEntries?(): readonly {
599
+ id: string;
600
+ record: T;
601
+ }[];
1655
602
  }
1656
603
  /**
1657
604
  * The chainable builder. All methods return a new Query — the original
@@ -1669,7 +616,7 @@ interface QuerySource<T> {
1669
616
  * error. See `query/join.ts` for the full design.
1670
617
  */
1671
618
  /**
1672
- * Declared deterministic predicate (#153). Carries the consumer's
619
+ * Declared deterministic predicate. Carries the consumer's
1673
620
  * stable `hash` (for function-body identity), the function itself,
1674
621
  * and is keyed by name when registered on a `Query<T>` via
1675
622
  * `_withPredicates()`.
@@ -1700,12 +647,21 @@ declare class Query<T> {
1700
647
  /**
1701
648
  * @internal — clone this Query with a declared-predicate map
1702
649
  * attached. Used by the materialized-view registry to enable
1703
- * `.wherePredicate(name, ctx?)` for the MV's query callback (#153).
650
+ * `.wherePredicate(name, ctx?)` for the MV's query callback.
1704
651
  * Consumers don't call this directly.
1705
652
  */
1706
653
  _withPredicates(predicates: ReadonlyMap<string, DeclaredPredicate>): Query<T>;
1707
654
  /**
1708
- * Filter by a registered deterministic predicate (#153). Requires
655
+ * @internal #308 L3. The ids of records matching this query's plan,
656
+ * recovered by reference identity: `executePlanWithSource` returns the
657
+ * ORIGINAL snapshot record references (money-decode and joins are applied
658
+ * later, in `toArray`), so each matched record is found in the id-paired
659
+ * `snapshotEntries()` map. Used by `collection.retrieve({ within })`.
660
+ * Throws if the source is not collection-backed (no `snapshotEntries`).
661
+ */
662
+ _idArray(): string[];
663
+ /**
664
+ * Filter by a registered deterministic predicate. Requires
1709
665
  * the Query to have been augmented with a predicates map (typically
1710
666
  * via the materialized-view registry — bare Queries constructed
1711
667
  * outside an MV throw on `.wherePredicate()`).
@@ -1716,7 +672,15 @@ declare class Query<T> {
1716
672
  * either changing forces refresh on next visit.
1717
673
  */
1718
674
  wherePredicate(name: string, ctx?: unknown): Query<T>;
1719
- /** Add a field comparison. Multiple where() calls are AND-combined. */
675
+ /**
676
+ * Add a field comparison. Multiple where() calls are AND-combined.
677
+ *
678
+ * A declared money field compares in MAJOR units (#336): the operand
679
+ * (`10000`, `'10000.00'`, or `{ amount, currency }` in multi mode) is
680
+ * quantized into stored scaled-int space at build time and evaluated
681
+ * BigInt-exact per record. A malformed operand or a string operator
682
+ * (`contains`/`startsWith`) throws here, at the call site.
683
+ */
1720
684
  where(field: string, op: Operator, value: unknown): Query<T>;
1721
685
  /**
1722
686
  * Logical OR group. Pass a callback that builds a sub-query.
@@ -1731,8 +695,14 @@ declare class Query<T> {
1731
695
  and(builder: (q: Query<T>) => Query<T>): Query<T>;
1732
696
  /** Escape hatch: add an arbitrary predicate function. Not serializable. */
1733
697
  filter(fn: (record: T) => boolean): Query<T>;
1734
- /** Sort by a field. Subsequent calls are tie-breakers. */
1735
- orderBy(field: string, direction?: 'asc' | 'desc'): Query<T>;
698
+ /**
699
+ * Sort by a field. Subsequent calls are tie-breakers. Pass
700
+ * `{ by: 'label' }` to sort a `dictKey`/`staticDict` field by its resolved
701
+ * label at the query locale instead of the stored code (#285).
702
+ */
703
+ orderBy(field: string, direction?: 'asc' | 'desc', opts?: {
704
+ by?: 'value' | 'label';
705
+ }): Query<T>;
1736
706
  /** Cap the result size. */
1737
707
  limit(n: number): Query<T>;
1738
708
  /** Skip the first N matching records (after ordering). */
@@ -1800,15 +770,67 @@ declare class Query<T> {
1800
770
  strategy?: JoinStrategy;
1801
771
  maxRows?: number;
1802
772
  }): Query<T & Record<As, R | null>>;
773
+ /**
774
+ * Cartesian-product cross-join against `target` collection. Each result row
775
+ * carries the original `T` fields plus `result[as]` populated from every
776
+ * right-side row (or the filtered subset when `on:` is supplied).
777
+ *
778
+ * **Order matters:** `.where().crossJoin()` filters BEFORE expanding (cheaper);
779
+ * `.crossJoin().where('alias.field', ...)` filters AFTER (required when the
780
+ * where clause references the aliased fields).
781
+ *
782
+ * **Cost ceiling:** `CrossJoinTooLargeError` fires before allocation when
783
+ * `leftRows × rightRows` (or the cumulative lateral count) exceeds the limit.
784
+ * Default: 50,000 rows. Override per-clause with `{ maxRows: N }`.
785
+ *
786
+ * **`on:` shapes:**
787
+ * - `on: (left) => TTarget[]` — subset form (most efficient)
788
+ * - `on: (left) => (right) => boolean` — predicate form
789
+ * - `on: { predicate: 'name' }` — MV-safe, hash-tracked form
790
+ * (requires the Query to have been augmented via `_withPredicates`)
791
+ *
792
+ * Requires a JoinContext (constructed via `collection.query()`).
793
+ */
794
+ crossJoin<TTarget = unknown, As extends string = string>(target: string, opts: {
795
+ as: As;
796
+ on?: ((left: T) => unknown[] | ((right: TTarget) => boolean)) | {
797
+ readonly predicate: string;
798
+ };
799
+ maxRows?: number;
800
+ }): Query<T & {
801
+ [K in As]: TTarget;
802
+ }>;
1803
803
  /**
1804
804
  * Execute the plan and return the matching records. When the plan
1805
805
  * carries any join legs, they are applied after `where` / `orderBy`
1806
806
  * / `limit` / `offset` narrow the left set. See the `.join()` doc
1807
807
  * for the ordering rationale.
808
+ *
809
+ * `opts.locale` (#285 §3) resolves JOINED right-side i18n fields at the
810
+ * `join` layer to that locale; without it, the owning collection's default
811
+ * locale applies, and a locale-less query leaves joined i18n fields raw.
812
+ * (Left/base i18n fields are resolved by `get`/`list`, not here.)
1808
813
  */
1809
- toArray(): T[];
1810
- /** Return the first matching record, or null. Joins are applied. */
1811
- first(): T | null;
814
+ toArray(opts?: {
815
+ locale?: string;
816
+ }): T[];
817
+ /**
818
+ * Decode this source's money fields on read (stored scaled-int → canonical
819
+ * decimal), so `query().toArray()` agrees with `get()`/`sum()` on the value.
820
+ * No-op when the source declares no money fields.
821
+ *
822
+ * The query layer carries no locale context, so we decode with `'raw'` —
823
+ * canonical decimal, WITHOUT fabricating locale-formatted `<field>Formatted`
824
+ * / `<field>Number` virtuals. Producing a guessed-locale string here would
825
+ * just reintroduce #322's "two read paths disagree" failure on the virtual
826
+ * field (e.g. it-IT via `get()` vs en-US here). Consumers who need formatted
827
+ * money read through `get()`/`list()` with a locale.
828
+ */
829
+ private decodeMoney;
830
+ /** Return the first matching record, or null. Joins are applied. `opts.locale` resolves joined i18n fields (#285 §3). */
831
+ first(opts?: {
832
+ locale?: string;
833
+ }): T | null;
1812
834
  /**
1813
835
  * Return the number of matching records (after where/filter,
1814
836
  * before limit). **Joins are NOT applied** — count() reports the
@@ -2096,7 +1118,20 @@ declare class ScanBuilder<T> implements AsyncIterable<T> {
2096
1118
  * context throws with an actionable error.
2097
1119
  */
2098
1120
  private readonly joinContext;
2099
- constructor(pageProvider: ScanPageProvider<T>, pageSize?: number, clauses?: readonly Clause[], joins?: readonly JoinLeg[], joinContext?: JoinContext);
1121
+ /**
1122
+ * Money field descriptors for the backing collection. When present, yielded
1123
+ * records are decoded (stored scaled-int → canonical decimal) so `scan()`
1124
+ * agrees with `get()`/`list()`/`query().toArray()` — #322. Decoded with
1125
+ * `'raw'` (canonical decimal, no locale-formatted virtuals) since the scan
1126
+ * stream carries no locale context, mirroring `Query.toArray()`.
1127
+ */
1128
+ private readonly moneyFields;
1129
+ constructor(pageProvider: ScanPageProvider<T>, pageSize?: number, clauses?: readonly Clause[], joins?: readonly JoinLeg[], joinContext?: JoinContext, moneyFields?: Record<string, MoneyDescriptor>);
1130
+ /**
1131
+ * Decode this scan's money fields on a record (stored scaled-int → canonical
1132
+ * decimal). No-op when no money fields are declared. See {@link moneyFields}.
1133
+ */
1134
+ private decodeMoney;
2100
1135
  /**
2101
1136
  * Add a field comparison. Runs per record as the scan stream
2102
1137
  * flows through, so non-matching records are dropped before they
@@ -2287,4 +1322,4 @@ declare class ScanBuilder<T> implements AsyncIterable<T> {
2287
1322
  private recordMatches;
2288
1323
  }
2289
1324
 
2290
- export { type JoinLeg as $, AmendmentForbiddenError as A, BackupCorruptedError as B, ConflictError as C, DictKeyInUseError as D, DecryptionError as E, FieldFrozenError as F, DelegationTargetMissingError as G, DirectoryDisabledError as H, InvariantError as I, ElevationExpiredError as J, ExportCapabilityError as K, LocaleNotSpecifiedError as L, MissingTranslationError as M, NoydbError as N, OverlayBaseIsVirtualError as O, PartitionExtractionError as P, Query as Q, ReservedCollectionNameError as R, SessionExpiredError as S, TranslatorNotConfiguredError as T, FilenameSanitizationError as U, GroupCardinalityError as V, ImportCapabilityError as W, IndexRequiredError as X, IndexWriteFailureError as Y, InvalidKeyError as Z, type JoinContext as _, DictKeyMissingError as a, type JoinStrategy as a0, JoinTooLargeError as a1, type JoinableSource as a2, KeyringCorruptError as a3, KeyringExpiredError as a4, LedgerContentionError as a5, type LiveQuery as a6, type LiveUpstream as a7, MigrationRequiredError as a8, NetworkError as a9, StoreCapabilityError as aA, TamperedError as aB, TierDemoteDeniedError as aC, TierNotGrantedError as aD, ValidationError as aE, applyJoins as aF, buildLiveQuery as aG, executePlan as aH, ref as aI, resetJoinWarnings as aJ, NoAccessError as aa, NonAdditiveSchemaChangeError as ab, NotFoundError as ac, type OrderBy as ad, PathEscapeError as ae, PeriodClosedError as af, PermissionDeniedError as ag, PrivilegeEscalationError as ah, type QueryPlan as ai, type QuerySource as aj, QuiesceTimeoutError as ak, ReadOnlyAtInstantError as al, ReadOnlyError as am, ReadOnlyFrameError as an, type RefDescriptor as ao, RefIntegrityError as ap, type RefMode as aq, RefRegistry as ar, RefScopeError as as, type RefViolation as at, ScanBuilder as au, type ScanPageProvider as av, SchemaFenceError as aw, SchemaLockedError as ax, SchemaUpdateError as ay, SchemaValidationError as az, SessionNotFoundError as b, SessionPolicyError as c, RecordLockedError as d, DerivationCapExceededError as e, DerivationCycleError as f, DerivationDepthError as g, DerivationOutputShapeError as h, DerivationOutputUnknownError as i, OverlayCollectionUnavailableError as j, OverlayIdMismatchError as k, OverlayNameCollisionError as l, AttestationError as m, AdoptionStateError as n, BackupLedgerError as o, BundleIntegrityError as p, BundleSealMismatchError as q, BundleVersionConflictError as r, TransferSealError as s, MaterializedViewConfigError as t, MaterializedViewCycleError as u, MaterializedViewSourceUnknownError as v, MaterializedViewTooLargeError as w, AlreadyElevatedError as x, DEFAULT_JOIN_MAX_ROWS as y, DanglingReferenceError as z };
1325
+ export { DEFAULT_CROSS_JOIN_MAX_ROWS as D, type JoinContext as J, type LiveQuery as L, type OrderBy as O, Query as Q, type RefDescriptor as R, ScanBuilder as S, DEFAULT_JOIN_MAX_ROWS as a, type JoinLeg as b, type JoinStrategy as c, type JoinableSource as d, type LiveUpstream as e, type QueryPlan as f, type QuerySource as g, RefIntegrityError as h, type RefMode as i, RefRegistry as j, RefScopeError as k, type RefViolation as l, type ScanPageProvider as m, applyJoins as n, buildLiveQuery as o, executePlan as p, isRefArray as q, ref as r, refArray as s, resetJoinWarnings as t };