@noy-db/hub 0.2.0-pre.3 → 0.2.0-pre.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (384) hide show
  1. package/README.md +126 -0
  2. package/dist/adapter/index.d.ts +9 -0
  3. package/dist/adapter/index.js +14 -0
  4. package/dist/aggregate/index.d.ts +3 -2
  5. package/dist/aggregate/index.js +10 -8
  6. package/dist/aggregate/index.js.map +1 -1
  7. package/dist/attestation/index.d.ts +7 -5
  8. package/dist/attestation/index.js +7 -6
  9. package/dist/attestation/index.js.map +1 -1
  10. package/dist/blobs/index.d.ts +9 -7
  11. package/dist/blobs/index.js +12 -6
  12. package/dist/blobs/index.js.map +1 -1
  13. package/dist/bundle/index.d.ts +29 -18
  14. package/dist/bundle/index.js +53 -192
  15. package/dist/bundle/index.js.map +1 -1
  16. package/dist/{chunk-75QDHSE4.js → chunk-2QDWRK3B.js} +5 -5
  17. package/dist/{chunk-74JEQFMT.js → chunk-2UT7HJJR.js} +5 -5
  18. package/dist/chunk-2UT7HJJR.js.map +1 -0
  19. package/dist/{chunk-FCDO7UAO.js → chunk-2ZYIN3BL.js} +2 -2
  20. package/dist/{chunk-BFI3RS42.js → chunk-33EQCZXE.js} +2 -2
  21. package/dist/chunk-33EQCZXE.js.map +1 -0
  22. package/dist/{chunk-WRLHNG6H.js → chunk-4K4QKYK4.js} +4 -4
  23. package/dist/chunk-4K4QKYK4.js.map +1 -0
  24. package/dist/{chunk-HGZ7DC5H.js → chunk-4L6N56B4.js} +2 -2
  25. package/dist/chunk-4L6N56B4.js.map +1 -0
  26. package/dist/{chunk-YMYK7US4.js → chunk-4YD7VZH4.js} +2 -2
  27. package/dist/chunk-4YD7VZH4.js.map +1 -0
  28. package/dist/{chunk-ZUMGGHRB.js → chunk-5PTX7PKD.js} +4 -4
  29. package/dist/{chunk-QAU5HM6Q.js → chunk-6EKRQ7QF.js} +3 -3
  30. package/dist/{chunk-ZC2AAE6J.js → chunk-7GPQPLGO.js} +19 -4
  31. package/dist/chunk-7GPQPLGO.js.map +1 -0
  32. package/dist/{chunk-EPK6A3WJ.js → chunk-A3JMGXPG.js} +2 -2
  33. package/dist/chunk-A3JMGXPG.js.map +1 -0
  34. package/dist/{chunk-FXQYZNOW.js → chunk-A7DNZVAV.js} +1 -1
  35. package/dist/chunk-A7DNZVAV.js.map +1 -0
  36. package/dist/{chunk-UMLVJTYV.js → chunk-ADB7GPM3.js} +7 -4
  37. package/dist/chunk-ADB7GPM3.js.map +1 -0
  38. package/dist/{chunk-YL2DR3HY.js → chunk-ASIGWYRA.js} +2 -2
  39. package/dist/chunk-ASIGWYRA.js.map +1 -0
  40. package/dist/{chunk-2EYC3WDT.js → chunk-AWU4JF7C.js} +93 -93
  41. package/dist/chunk-AWU4JF7C.js.map +1 -0
  42. package/dist/chunk-BEZ2EV43.js +129 -0
  43. package/dist/chunk-BEZ2EV43.js.map +1 -0
  44. package/dist/{chunk-IS5HWQO7.js → chunk-CIZDUAHI.js} +30 -4
  45. package/dist/chunk-CIZDUAHI.js.map +1 -0
  46. package/dist/{chunk-4OQWR46B.js → chunk-CUPTCF4R.js} +5 -5
  47. package/dist/chunk-CUPTCF4R.js.map +1 -0
  48. package/dist/{chunk-5ZGZ6HIZ.js → chunk-DEE4CRYN.js} +30 -7
  49. package/dist/chunk-DEE4CRYN.js.map +1 -0
  50. package/dist/{chunk-UOF74WQY.js → chunk-E2MDPPOC.js} +37 -2
  51. package/dist/chunk-E2MDPPOC.js.map +1 -0
  52. package/dist/{chunk-SAVQ6E2O.js → chunk-FFKQ65YX.js} +10 -3
  53. package/dist/chunk-FFKQ65YX.js.map +1 -0
  54. package/dist/{chunk-2XLVPKXG.js → chunk-G7ALNCQH.js} +10 -2
  55. package/dist/chunk-G7ALNCQH.js.map +1 -0
  56. package/dist/chunk-GGXN73NM.js +252 -0
  57. package/dist/chunk-GGXN73NM.js.map +1 -0
  58. package/dist/{chunk-UVPGJXVO.js → chunk-JOJPBZSZ.js} +5 -5
  59. package/dist/{chunk-YDLAFP36.js → chunk-JZ5DS4DP.js} +346 -3
  60. package/dist/chunk-JZ5DS4DP.js.map +1 -0
  61. package/dist/{chunk-KMI2NBBF.js → chunk-K4JID2ZE.js} +44 -8
  62. package/dist/chunk-K4JID2ZE.js.map +1 -0
  63. package/dist/{aggregate/index.cjs → chunk-K6NVSHAH.js} +241 -210
  64. package/dist/chunk-K6NVSHAH.js.map +1 -0
  65. package/dist/chunk-KJ3K5VZM.js +524 -0
  66. package/dist/chunk-KJ3K5VZM.js.map +1 -0
  67. package/dist/chunk-L5HHBOMS.js +232 -0
  68. package/dist/chunk-L5HHBOMS.js.map +1 -0
  69. package/dist/{chunk-YK72A4IT.js → chunk-LBILABKZ.js} +4 -4
  70. package/dist/chunk-LXKBG52H.js +151 -0
  71. package/dist/chunk-LXKBG52H.js.map +1 -0
  72. package/dist/{chunk-NGSPBLLE.js → chunk-MPIZQGFA.js} +50 -20
  73. package/dist/chunk-MPIZQGFA.js.map +1 -0
  74. package/dist/{chunk-4X2S7PBF.js → chunk-MRJPSXPE.js} +84 -70
  75. package/dist/chunk-MRJPSXPE.js.map +1 -0
  76. package/dist/{chunk-6S3LLAQ5.js → chunk-MSMDDDDJ.js} +3 -3
  77. package/dist/{chunk-6S3LLAQ5.js.map → chunk-MSMDDDDJ.js.map} +1 -1
  78. package/dist/{chunk-GAUBWHAF.js → chunk-OCYFFBZS.js} +4 -4
  79. package/dist/{chunk-NCO2JGKK.js → chunk-PDVP3C2I.js} +1 -1
  80. package/dist/chunk-PDVP3C2I.js.map +1 -0
  81. package/dist/chunk-PZ5AY32C.js +10 -0
  82. package/dist/{chunk-P6256WTJ.js → chunk-QBLPY44S.js} +3 -3
  83. package/dist/chunk-QBLPY44S.js.map +1 -0
  84. package/dist/{query/index.cjs → chunk-QGBBQKDS.js} +706 -831
  85. package/dist/chunk-QGBBQKDS.js.map +1 -0
  86. package/dist/{chunk-FS7A4XNF.js → chunk-QWJCNXH2.js} +3 -3
  87. package/dist/chunk-QXWJQ7UU.js +380 -0
  88. package/dist/chunk-QXWJQ7UU.js.map +1 -0
  89. package/dist/{chunk-GDTCGIPX.js → chunk-RCB6GWTC.js} +27 -5
  90. package/dist/chunk-RCB6GWTC.js.map +1 -0
  91. package/dist/{chunk-K5PVGKE4.js → chunk-SAAJYSVV.js} +2 -2
  92. package/dist/{chunk-G7PAZ3TD.js → chunk-SHJ3BRTZ.js} +46 -10
  93. package/dist/chunk-SHJ3BRTZ.js.map +1 -0
  94. package/dist/chunk-SQXTKZL7.js +125 -0
  95. package/dist/chunk-SQXTKZL7.js.map +1 -0
  96. package/dist/chunk-STNPB3UM.js +9 -0
  97. package/dist/chunk-STNPB3UM.js.map +1 -0
  98. package/dist/{chunk-NSLTPGEN.js → chunk-TMUMMAWV.js} +12 -2
  99. package/dist/{chunk-NSLTPGEN.js.map → chunk-TMUMMAWV.js.map} +1 -1
  100. package/dist/{chunk-LS3JLEIB.js → chunk-TZGWI5AX.js} +4 -4
  101. package/dist/{chunk-GD3BGKAR.js → chunk-UBF5JEOJ.js} +44 -5
  102. package/dist/chunk-UBF5JEOJ.js.map +1 -0
  103. package/dist/{chunk-T6HQMVML.js → chunk-W5NVNJDX.js} +5250 -801
  104. package/dist/chunk-W5NVNJDX.js.map +1 -0
  105. package/dist/chunk-XAYDHD2O.js +123 -0
  106. package/dist/chunk-XAYDHD2O.js.map +1 -0
  107. package/dist/{chunk-LOL725S4.js → chunk-XYW2CSCI.js} +31 -3
  108. package/dist/chunk-XYW2CSCI.js.map +1 -0
  109. package/dist/{chunk-TLFUDXVV.js → chunk-ZCMOS4H2.js} +31 -10
  110. package/dist/chunk-ZCMOS4H2.js.map +1 -0
  111. package/dist/{chunk-FBMXWVGP.js → chunk-ZK66B5EY.js} +450 -30
  112. package/dist/chunk-ZK66B5EY.js.map +1 -0
  113. package/dist/{chunk-GVXBHCZ2.js → chunk-ZPJSQPQH.js} +66 -7
  114. package/dist/chunk-ZPJSQPQH.js.map +1 -0
  115. package/dist/consent/index.d.ts +8 -6
  116. package/dist/consent/index.js +4 -3
  117. package/dist/consent/index.js.map +1 -1
  118. package/dist/crdt/index.js +1 -0
  119. package/dist/crdt/index.js.map +1 -1
  120. package/dist/{crypto-H2Y3DDFW.js → crypto-OSIV2IIW.js} +8 -3
  121. package/dist/{ulid-CiM2OAeM.d.ts → decrypt-partition-CXS5KopB.d.ts} +37 -82
  122. package/dist/{delegation-QSC7G5QC.js → delegation-BQTRJATI.js} +6 -5
  123. package/dist/derivations/index.d.ts +11 -9
  124. package/dist/derivations/index.js +9 -6
  125. package/dist/{dev-unlock-Cf2B7Kih.d.ts → dev-unlock-CnHTTVea.d.ts} +1 -1
  126. package/dist/discriminant-BN9REW3o.d.ts +60 -0
  127. package/dist/errors-BAWO5Z5a.d.ts +1500 -0
  128. package/dist/executor-KYSKFJ2R.js +9 -0
  129. package/dist/executor-M7W3NEKR.js +9 -0
  130. package/dist/executor-VDTDGWO6.js +13 -0
  131. package/dist/{fanout-sidecar-NRBWSLRK.js → fanout-sidecar-AZALISHB.js} +3 -2
  132. package/dist/fanout-sidecar-AZALISHB.js.map +1 -0
  133. package/dist/forget/index.d.ts +1 -0
  134. package/dist/forget/index.js +15 -0
  135. package/dist/guards/index.d.ts +16 -8
  136. package/dist/guards/index.js +12 -5
  137. package/dist/{hash-gVn_uKhp.d.ts → hash-oc5paYl0.d.ts} +1 -1
  138. package/dist/history/index.d.ts +9 -7
  139. package/dist/history/index.js +10 -7
  140. package/dist/history/index.js.map +1 -1
  141. package/dist/i18n/index.d.ts +8 -6
  142. package/dist/i18n/index.js +116 -15
  143. package/dist/i18n/index.js.map +1 -1
  144. package/dist/index-BMmajblo.d.ts +362 -0
  145. package/dist/index-BmhGztUi.d.ts +93 -0
  146. package/dist/{types-D9eB0Rvh.d.ts → index-DHn9lEP0.d.ts} +4305 -1523
  147. package/dist/{index-BF1B2HB9.d.ts → index-Ddm8D3Oo.d.ts} +186 -1151
  148. package/dist/index.d.ts +342 -70
  149. package/dist/index.js +420 -112
  150. package/dist/index.js.map +1 -1
  151. package/dist/indexing/index.d.ts +3 -3
  152. package/dist/indexing/index.js +5 -4
  153. package/dist/indexing/index.js.map +1 -1
  154. package/dist/issue-DPHRF2TI.js +13 -0
  155. package/dist/kernel/index.d.ts +11 -0
  156. package/dist/kernel/index.js +50 -0
  157. package/dist/{lazy-builder-Rpd-V3jP.d.ts → lazy-builder-ChSqcF5t.d.ts} +2 -2
  158. package/dist/{ledger-WOEJUYTP.js → ledger-CI7GSMLB.js} +7 -6
  159. package/dist/materialized-views/index.d.ts +23 -20
  160. package/dist/materialized-views/index.js +9 -7
  161. package/dist/mime-magic-JeLKHRng.d.ts +103 -0
  162. package/dist/noydb-NAU2DTFP.js +40 -0
  163. package/dist/overlay-views/index.d.ts +32 -12
  164. package/dist/overlay-views/index.js +7 -6
  165. package/dist/periods/index.d.ts +8 -6
  166. package/dist/periods/index.js +7 -6
  167. package/dist/{predicate-Dnu81tsS.d.cts → predicate-BmhBSPCH.d.ts} +87 -5
  168. package/dist/{public-envelope-OHQ5UZFM.js → public-envelope-MFMBFJLZ.js} +5 -4
  169. package/dist/query/index.d.ts +4 -3
  170. package/dist/query/index.js +14 -6
  171. package/dist/read-only-facade-3OQRZ3VS.js +8 -0
  172. package/dist/registry-IX5WKK4F.js +8 -0
  173. package/dist/registry-LMHO5265.js +11 -0
  174. package/dist/registry-TXCKWH26.js +9 -0
  175. package/dist/registry-VFEDQSYV.js +9 -0
  176. package/dist/revoke-5PUOZPJJ.js +18 -0
  177. package/dist/revoke-5PUOZPJJ.js.map +1 -0
  178. package/dist/sealed-record/index.d.ts +123 -0
  179. package/dist/sealed-record/index.js +43 -0
  180. package/dist/sealed-record/index.js.map +1 -0
  181. package/dist/session/index.d.ts +9 -7
  182. package/dist/session/index.js +4 -3
  183. package/dist/session/index.js.map +1 -1
  184. package/dist/shadow/index.d.ts +8 -6
  185. package/dist/shadow/index.js +3 -2
  186. package/dist/shadow/index.js.map +1 -1
  187. package/dist/{signer-M4K5HBLD.js → signer-UB5TQOZ6.js} +6 -5
  188. package/dist/signer-UB5TQOZ6.js.map +1 -0
  189. package/dist/snapshots/index.d.ts +30 -0
  190. package/dist/snapshots/index.js +153 -0
  191. package/dist/snapshots/index.js.map +1 -0
  192. package/dist/{stale-PAGCS4K5.js → stale-J3TUF5C5.js} +3 -2
  193. package/dist/stale-J3TUF5C5.js.map +1 -0
  194. package/dist/store/index.d.ts +15 -6
  195. package/dist/store/index.js +3 -2
  196. package/dist/{strategy-DSTrsZ8t.d.ts → strategy-8QGs5KQE.d.ts} +475 -7
  197. package/dist/sync/index.d.ts +7 -5
  198. package/dist/sync/index.js +5 -4
  199. package/dist/sync/index.js.map +1 -1
  200. package/dist/team/index.d.ts +8 -6
  201. package/dist/team/index.js +9 -8
  202. package/dist/transition-guard-Dy3NioQr.d.ts +165 -0
  203. package/dist/tx/index.d.ts +26 -8
  204. package/dist/tx/index.js +10 -5
  205. package/dist/tx/index.js.map +1 -1
  206. package/dist/ulid-DRH25k3y.d.ts +66 -0
  207. package/dist/{ulid-COREQ2RQ.js → ulid-KEPZMD2N.js} +2 -1
  208. package/dist/ulid-KEPZMD2N.js.map +1 -0
  209. package/dist/util/index.d.ts +2 -0
  210. package/dist/util/index.js +6 -1
  211. package/dist/util/index.js.map +1 -1
  212. package/dist/{with-materialized-view-qtoJ3xKJ.d.ts → with-materialized-view-DIVeez0W.d.ts} +2 -2
  213. package/dist/{with-overlayed-view-DFaRfgMr.d.ts → with-overlayed-view-DVZrc5Hb.d.ts} +2 -2
  214. package/dist/with-rollup-CbU-O4wP.d.ts +47 -0
  215. package/dist/zod-HAJM7LMS.js +14763 -0
  216. package/dist/zod-HAJM7LMS.js.map +1 -0
  217. package/package.json +73 -191
  218. package/dist/aggregate/index.cjs.map +0 -1
  219. package/dist/aggregate/index.d.cts +0 -38
  220. package/dist/attestation/index.cjs +0 -305
  221. package/dist/attestation/index.cjs.map +0 -1
  222. package/dist/attestation/index.d.cts +0 -52
  223. package/dist/blobs/index.cjs +0 -1480
  224. package/dist/blobs/index.cjs.map +0 -1
  225. package/dist/blobs/index.d.cts +0 -46
  226. package/dist/bundle/index.cjs +0 -18561
  227. package/dist/bundle/index.cjs.map +0 -1
  228. package/dist/bundle/index.d.cts +0 -176
  229. package/dist/chunk-2EYC3WDT.js.map +0 -1
  230. package/dist/chunk-2XLVPKXG.js.map +0 -1
  231. package/dist/chunk-4OQWR46B.js.map +0 -1
  232. package/dist/chunk-4UBOTYP5.js +0 -1367
  233. package/dist/chunk-4UBOTYP5.js.map +0 -1
  234. package/dist/chunk-4X2S7PBF.js.map +0 -1
  235. package/dist/chunk-5YHWBPOT.js +0 -19
  236. package/dist/chunk-5YHWBPOT.js.map +0 -1
  237. package/dist/chunk-5ZGZ6HIZ.js.map +0 -1
  238. package/dist/chunk-74JEQFMT.js.map +0 -1
  239. package/dist/chunk-A6SWRXUQ.js +0 -118
  240. package/dist/chunk-A6SWRXUQ.js.map +0 -1
  241. package/dist/chunk-BFI3RS42.js.map +0 -1
  242. package/dist/chunk-EMEX37ZN.js +0 -51
  243. package/dist/chunk-EMEX37ZN.js.map +0 -1
  244. package/dist/chunk-EPK6A3WJ.js.map +0 -1
  245. package/dist/chunk-FBMXWVGP.js.map +0 -1
  246. package/dist/chunk-FXQYZNOW.js.map +0 -1
  247. package/dist/chunk-G7PAZ3TD.js.map +0 -1
  248. package/dist/chunk-GD3BGKAR.js.map +0 -1
  249. package/dist/chunk-GDTCGIPX.js.map +0 -1
  250. package/dist/chunk-GVXBHCZ2.js.map +0 -1
  251. package/dist/chunk-HGZ7DC5H.js.map +0 -1
  252. package/dist/chunk-IS5HWQO7.js.map +0 -1
  253. package/dist/chunk-KMI2NBBF.js.map +0 -1
  254. package/dist/chunk-KYKMKLJ6.js +0 -340
  255. package/dist/chunk-KYKMKLJ6.js.map +0 -1
  256. package/dist/chunk-LOL725S4.js.map +0 -1
  257. package/dist/chunk-MRIBLZL3.js +0 -86
  258. package/dist/chunk-MRIBLZL3.js.map +0 -1
  259. package/dist/chunk-NCO2JGKK.js.map +0 -1
  260. package/dist/chunk-NGSPBLLE.js.map +0 -1
  261. package/dist/chunk-P6256WTJ.js.map +0 -1
  262. package/dist/chunk-SAVQ6E2O.js.map +0 -1
  263. package/dist/chunk-T6HQMVML.js.map +0 -1
  264. package/dist/chunk-TLFUDXVV.js.map +0 -1
  265. package/dist/chunk-UMLVJTYV.js.map +0 -1
  266. package/dist/chunk-UOF74WQY.js.map +0 -1
  267. package/dist/chunk-WRLHNG6H.js.map +0 -1
  268. package/dist/chunk-YDLAFP36.js.map +0 -1
  269. package/dist/chunk-YL2DR3HY.js.map +0 -1
  270. package/dist/chunk-YMYK7US4.js.map +0 -1
  271. package/dist/chunk-ZC2AAE6J.js.map +0 -1
  272. package/dist/consent/index.cjs +0 -204
  273. package/dist/consent/index.cjs.map +0 -1
  274. package/dist/consent/index.d.cts +0 -25
  275. package/dist/crdt/index.cjs +0 -152
  276. package/dist/crdt/index.cjs.map +0 -1
  277. package/dist/crdt/index.d.cts +0 -30
  278. package/dist/derivations/index.cjs +0 -351
  279. package/dist/derivations/index.cjs.map +0 -1
  280. package/dist/derivations/index.d.cts +0 -72
  281. package/dist/dev-unlock-De3mjQWv.d.cts +0 -263
  282. package/dist/executor-BZKFZVRC.js +0 -8
  283. package/dist/executor-GFZFDQXV.js +0 -8
  284. package/dist/executor-KT2IOZVP.js +0 -11
  285. package/dist/fanout-sidecar-NRBWSLRK.js.map +0 -1
  286. package/dist/guards/index.cjs +0 -322
  287. package/dist/guards/index.cjs.map +0 -1
  288. package/dist/guards/index.d.cts +0 -31
  289. package/dist/hash-vBCB0-Ps.d.cts +0 -63
  290. package/dist/history/index.cjs +0 -1222
  291. package/dist/history/index.cjs.map +0 -1
  292. package/dist/history/index.d.cts +0 -63
  293. package/dist/i18n/index.cjs +0 -840
  294. package/dist/i18n/index.cjs.map +0 -1
  295. package/dist/i18n/index.d.cts +0 -39
  296. package/dist/index-DVkvrgpm.d.cts +0 -2290
  297. package/dist/index.cjs +0 -23590
  298. package/dist/index.cjs.map +0 -1
  299. package/dist/index.d.cts +0 -778
  300. package/dist/indexing/index.cjs +0 -738
  301. package/dist/indexing/index.cjs.map +0 -1
  302. package/dist/indexing/index.d.cts +0 -36
  303. package/dist/issue-BAJ7ZB4S.js +0 -12
  304. package/dist/lazy-builder-C-rPfWG0.d.cts +0 -304
  305. package/dist/materialized-views/index.cjs +0 -837
  306. package/dist/materialized-views/index.cjs.map +0 -1
  307. package/dist/materialized-views/index.d.cts +0 -184
  308. package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
  309. package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
  310. package/dist/noydb-XNQSKXGO.js +0 -34
  311. package/dist/overlay-views/index.cjs +0 -359
  312. package/dist/overlay-views/index.cjs.map +0 -1
  313. package/dist/overlay-views/index.d.cts +0 -82
  314. package/dist/periods/index.cjs +0 -1041
  315. package/dist/periods/index.cjs.map +0 -1
  316. package/dist/periods/index.d.cts +0 -22
  317. package/dist/predicate-Dnu81tsS.d.ts +0 -185
  318. package/dist/query/index.cjs.map +0 -1
  319. package/dist/query/index.d.cts +0 -3
  320. package/dist/read-only-facade-ITU6L7BL.js +0 -7
  321. package/dist/registry-2IEARCGT.js +0 -7
  322. package/dist/registry-CDHASH73.js +0 -10
  323. package/dist/registry-EMGLZGR6.js +0 -8
  324. package/dist/registry-NQALYR77.js +0 -8
  325. package/dist/revoke-7JOVLZFD.js +0 -17
  326. package/dist/session/index.cjs +0 -495
  327. package/dist/session/index.cjs.map +0 -1
  328. package/dist/session/index.d.cts +0 -46
  329. package/dist/shadow/index.cjs +0 -133
  330. package/dist/shadow/index.cjs.map +0 -1
  331. package/dist/shadow/index.d.cts +0 -17
  332. package/dist/store/index.cjs +0 -1083
  333. package/dist/store/index.cjs.map +0 -1
  334. package/dist/store/index.d.cts +0 -492
  335. package/dist/strategy-BSxFXGzb.d.cts +0 -110
  336. package/dist/strategy-DSTrsZ8t.d.cts +0 -601
  337. package/dist/sync/index.cjs +0 -1062
  338. package/dist/sync/index.cjs.map +0 -1
  339. package/dist/sync/index.d.cts +0 -43
  340. package/dist/team/index.cjs +0 -2798
  341. package/dist/team/index.cjs.map +0 -1
  342. package/dist/team/index.d.cts +0 -118
  343. package/dist/tx/index.cjs +0 -544
  344. package/dist/tx/index.cjs.map +0 -1
  345. package/dist/tx/index.d.cts +0 -21
  346. package/dist/types-CSLcfytP.d.cts +0 -12493
  347. package/dist/ulid-CG2YvAbg.d.cts +0 -603
  348. package/dist/util/index.cjs +0 -230
  349. package/dist/util/index.cjs.map +0 -1
  350. package/dist/util/index.d.cts +0 -77
  351. package/dist/with-derivation-Bzpj6UTv.d.ts +0 -13
  352. package/dist/with-derivation-DWajFh4K.d.cts +0 -13
  353. package/dist/with-guard-DF_Ul3DT.d.cts +0 -18
  354. package/dist/with-guard-DR7U-l4v.d.ts +0 -18
  355. package/dist/with-materialized-view-_piodoIz.d.cts +0 -27
  356. package/dist/with-overlayed-view-DwzCKxn2.d.cts +0 -13
  357. /package/dist/{crypto-H2Y3DDFW.js.map → adapter/index.js.map} +0 -0
  358. /package/dist/{chunk-75QDHSE4.js.map → chunk-2QDWRK3B.js.map} +0 -0
  359. /package/dist/{chunk-FCDO7UAO.js.map → chunk-2ZYIN3BL.js.map} +0 -0
  360. /package/dist/{chunk-ZUMGGHRB.js.map → chunk-5PTX7PKD.js.map} +0 -0
  361. /package/dist/{chunk-QAU5HM6Q.js.map → chunk-6EKRQ7QF.js.map} +0 -0
  362. /package/dist/{chunk-UVPGJXVO.js.map → chunk-JOJPBZSZ.js.map} +0 -0
  363. /package/dist/{chunk-YK72A4IT.js.map → chunk-LBILABKZ.js.map} +0 -0
  364. /package/dist/{chunk-GAUBWHAF.js.map → chunk-OCYFFBZS.js.map} +0 -0
  365. /package/dist/{delegation-QSC7G5QC.js.map → chunk-PZ5AY32C.js.map} +0 -0
  366. /package/dist/{chunk-FS7A4XNF.js.map → chunk-QWJCNXH2.js.map} +0 -0
  367. /package/dist/{chunk-K5PVGKE4.js.map → chunk-SAAJYSVV.js.map} +0 -0
  368. /package/dist/{chunk-LS3JLEIB.js.map → chunk-TZGWI5AX.js.map} +0 -0
  369. /package/dist/{executor-BZKFZVRC.js.map → crypto-OSIV2IIW.js.map} +0 -0
  370. /package/dist/{executor-GFZFDQXV.js.map → delegation-BQTRJATI.js.map} +0 -0
  371. /package/dist/{executor-KT2IOZVP.js.map → executor-KYSKFJ2R.js.map} +0 -0
  372. /package/dist/{issue-BAJ7ZB4S.js.map → executor-M7W3NEKR.js.map} +0 -0
  373. /package/dist/{ledger-WOEJUYTP.js.map → executor-VDTDGWO6.js.map} +0 -0
  374. /package/dist/{noydb-XNQSKXGO.js.map → forget/index.js.map} +0 -0
  375. /package/dist/{public-envelope-OHQ5UZFM.js.map → issue-DPHRF2TI.js.map} +0 -0
  376. /package/dist/{read-only-facade-ITU6L7BL.js.map → kernel/index.js.map} +0 -0
  377. /package/dist/{registry-2IEARCGT.js.map → ledger-CI7GSMLB.js.map} +0 -0
  378. /package/dist/{registry-CDHASH73.js.map → noydb-NAU2DTFP.js.map} +0 -0
  379. /package/dist/{registry-EMGLZGR6.js.map → public-envelope-MFMBFJLZ.js.map} +0 -0
  380. /package/dist/{registry-NQALYR77.js.map → read-only-facade-3OQRZ3VS.js.map} +0 -0
  381. /package/dist/{revoke-7JOVLZFD.js.map → registry-IX5WKK4F.js.map} +0 -0
  382. /package/dist/{signer-M4K5HBLD.js.map → registry-LMHO5265.js.map} +0 -0
  383. /package/dist/{stale-PAGCS4K5.js.map → registry-TXCKWH26.js.map} +0 -0
  384. /package/dist/{ulid-COREQ2RQ.js.map → registry-VFEDQSYV.js.map} +0 -0
package/dist/index.d.ts CHANGED
@@ -1,21 +1,28 @@
1
- import { aO as NoydbStore, bo as UserEnvelope, ba as PublicEnvelope, bp as GateName, bq as GatePolicy, br as VaultPolicy, bs as ActiveTier, bt as FactorProof, bu as SchemaUpdateStrategy, bv as TransformFn, bw as PersistedSchemaEnvelope, bx as UpdateDecision, by as DirectoryConfig, bz as UserVisibility, aM as UnlockedKeyring, bf as Vault, aV as DiffEntry } from './types-D9eB0Rvh.js';
2
- export { bA as AccessibleVault, bB as AffectedDocument, aS as AppendInput, ay as ArrayOutputSpec, p as BLOB_CHUNKS_COLLECTION, q as BLOB_COLLECTION, t as BLOB_INDEX_COLLECTION, u as BLOB_SLOTS_PREFIX, w as BLOB_VERSIONS_PREFIX, bC as BUNDLE_STORE_POLICY, A as BlobObject, C as BlobPutOptions, E as BlobResponseOptions, F as BlobSet, bD as BuiltInGateName, bc as BundleRecipient, _ as CONSENT_AUDIT_COLLECTION, bE as CacheOptions, bF as CacheStats, bG as ChangeEvent, aT as ChangeType, a7 as ClosePeriodOptions, aH as Collection, bH as CollectionChangeEvent, bI as CollectionConflictResolver, bJ as CollectionDescriptor, ao as CollectionFrame, aU as CollectionInstant, bK as CollectionStats, bL as Conflict, bM as ConflictPolicy, bN as ConflictStrategy, $ as ConsentAuditEntry, a0 as ConsentAuditFilter, a1 as ConsentContext, a2 as ConsentOp, bO as CrossTierAccessEvent, L as DEFAULT_CHUNK_SIZE, bP as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, bQ as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, bR as DeepPartial, bS as DeepPartialOrNull, bT as DelegationToken, bU as DeleteManyResult, bV as DerivationDescriptor, aw as DerivationStrategy, aA as DerivationStrategyHandle, aB as DerivedFromMeta, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, bW as DirtyEntry, bX as DryRunResult, bY as DumpSchemaOptions, bZ as ELEVATION_AUDIT_COLLECTION, b_ as ElevatedHandle, aQ as EncryptedEnvelope, b$ as EnrollAuthenticatorOptions, c0 as EnrollAuthenticatorWrappingDEKsOptions, c1 as EnrollAuthenticatorWrappingKEKOptions, c2 as EnrollRecoveryResult, c3 as ExportCapability, c4 as ExportChunk, c5 as ExportFormat, c6 as ExportStreamOptions, c7 as FactorKind, c8 as FactorProofBundle, c9 as FactorRequirement, ca as FenceDoc, cb as FenceState, cc as FieldChange, cd as FieldDescriptor, ce as FieldSource, cf as GhostRecord, cg as GrantOptions, ai as GuardChange, aj as GuardContext, ah as GuardStrategy, al as GuardStrategyHandle, ch as GuardViolation, ci as HistoryConfig, cj as HistoryEntry, aP as HistoryOptions, e as I18nTextDescriptor, f as I18nTextOptions, ck as INDEXED_STORE_POLICY, cl as ImportCapability, cm as InferOutput, cn as InternalCollectionStats, co as IssueDelegationOptions, cp as IssueMagicLinkGrantOptions, aW as JsonPatch, aX as JsonPatchOp, cq as KeyringAuthenticator, cr as KeyringAuthenticatorWrappingDEKs, cs as KeyringAuthenticatorWrappingKEK, ct as KeyringFile, aY as LedgerEntry, aZ as LedgerStore, cu as ListAccessibleVaultsOptions, cv as ListPageResult, cw as ListUsersOptions, cx as LiveUserEnvelope, cy as LocaleReadOptions, cz as Lru, cA as LruOptions, cB as LruStats, cC as MAGIC_LINK_CONTENT_INFO_PREFIX, cD as MAGIC_LINK_GRANTS_COLLECTION, cE as MAGIC_LINK_KEK_INFO_PREFIX, cF as MagicLinkGrantPayload, cG as MagicLinkGrantRecord, bl as MaterializedFromMeta, cH as MaterializedViewDescriptor, bm as MaterializedViewOutput, aE as MaterializedViewStrategy, aF as MaterializedViewStrategyHandle, cI as MemoryRecipientSealer, cJ as MemorySealingKeyProvider, cK as NOYDB_BACKUP_VERSION, cL as NOYDB_FORMAT_VERSION, cM as NOYDB_KEYRING_VERSION, cN as NOYDB_SYNC_VERSION, cO as Noydb, cP as NoydbBundleStore, cQ as NoydbEventMap, cR as NoydbOptions, a8 as OpenPeriodOptions, aC as OutputSpec, cS as OverlayViewDescriptor, aG as OverlayedViewStrategy, aJ as OverlayedViewStrategyHandle, a9 as PERIODS_COLLECTION, cT as PUBLIC_ENVELOPE_FIELDS, cU as PaperRecoveryDoc, cV as PaperRecoveryEntry, cW as PassphrasePolicy, cX as PassphraseValidationResult, aa as PeriodRecord, cY as Permission, cZ as Permissions, c_ as PersistedSchemaKind, c$ as PlaintextTranslatorContext, d0 as PlaintextTranslatorFn, P as PolicyEnforcer, d1 as PresenceHandle, d2 as PresencePeer, aR as PruneOptions, d3 as PublicEnvelopeField, d4 as PublicEnvelopeSchema, d5 as PublicEnvelopeText, d6 as PullMode, d7 as PullOptions, d8 as PullPolicy, d9 as PullResult, da as PushMode, db as PushOptions, dc as PushPolicy, dd as PushResult, de as PutManyItemOptions, df as PutManyOptions, dg as PutManyResult, dh as QueryAcrossOptions, di as QueryAcrossResult, dj as QuickUnlockState, dk as QuickUnlockStore, dl as ReAuthOperation, be as RecipientHint, bd as RecipientSealer, aD as RecordOutputSpec, dm as RecoverPassphraseInput, dn as RecoverPassphraseResult, dp as RecoverUserOptions, dq as RecoveryProof, dr as ResolvedPublicEnvelopeSchema, ds as RevokeOptions, aL as Role, dt as RotatePassphraseInput, du as RotateRecoveryOptions, dv as RotateRecoveryResult, dw as SEALED_PASSPHRASE_RECORD_ID, dx as SchemaDelta, dy as SchemaIntrospection, dz as SealedEnvelope, dA as SealedPassphrase, bb as SealingKeyProvider, dB as SessionPolicy, dC as SetPublicEnvelopeInput, dD as ShamirRecoveryDoc, dE as ShamirRecoveryEntry, bh as ShamirRecoveryProvider, U as SlotInfo, V as SlotRecord, dF as SlotRewrapCeremony, dG as SlotRewrapContext, dH as StandardSchemaV1, dI as StandardSchemaV1Issue, dJ as StandardSchemaV1SyncResult, dK as StoreAuth, dL as StoreAuthKind, dM as StoreCapabilities, dN as SyncEngine, dO as SyncMetadata, dP as SyncPolicy, dQ as SyncScheduler, dR as SyncSchedulerStatus, dS as SyncStatus, dT as SyncTarget, dU as SyncTargetRole, dV as SyncTransaction, dW as SyncTransactionResult, dX as TabChannel, dY as TabCoordinationOptions, dZ as TabLockManager, d_ as TabPresence, d$ as TabRole, e0 as TierMode, e1 as TranslatorAuditEntry, as as TxCollection, at as TxContext, e2 as TxOp, au as TxVault, e3 as USER_ENVELOPE_COLLECTION, e4 as USER_ENVELOPE_MAX_BYTES, bn as UnionSource, e5 as Unsubscribe, e6 as UpdateAuthenticatorOptions, e7 as UpdateContext, e8 as UpdateUserOptions, e9 as UserApi, ea as UserEnvelopeCheckGate, eb as UserEnvelopeOversizedError, ec as UserEnvelopePresented, ed as UserInfo, ee as VaultBackup, a_ as VaultEngine, ap as VaultFrame, a$ as VaultInstant, ef as VaultPolicyOnDisk, eg as VaultSchemaSnapshot, eh as VaultSnapshot, b0 as VerifyResult, W as VersionRecord, ei as WarningRules, ej as WeakPassphraseError, ek as WeakPassphraseReason, el as WrappedDeksBlob, em as WriteConflict, en as WriteEvent, eo as WriteHook, ep as WriteQueue, g as applyI18nLocale, b1 as applyPatch, eq as assertStrongPassphrase, er as buildRecipientKeyringFile, es as burnPaperRecoveryEntry, b2 as canonicalJson, b3 as computePatch, n as createEnforcer, et as createNoydb, eu as createStore, ev as deriveMagicLinkContentKey, h as dictCollectionName, i as dictKey, b4 as diff, ew as enrollAuthenticator, ex as estimateEntropy, ey as evaluateExportCapability, ez as evaluateImportCapability, eA as findAuthenticator, b5 as formatDiff, eB as hasExportCapability, eC as hasImportCapability, eD as hasRecoveryEnrolled, b6 as hashEntry, j as i18nText, k as isDictCollectionName, l as isDictKeyDescriptor, m as isI18nTextDescriptor, eE as isMagicLinkGrantExpired, eF as isPublicEnvelope, eG as issueDelegation, eH as keyringRecoverPassphrase, eI as keyringRotatePassphrase, eJ as listMagicLinkGrants, eK as listUsers, eL as listUsersWithEnvelopes, eM as loadActiveDelegations, eN as loadPaperRecoveryEntries, eO as loadSealedPassphrase, eP as loadShamirRecoveryEntries, eQ as magicLinkGrantRecordId, eR as mintPaperRecoveryEntry, eS as mintShamirRecoveryEntry, eT as mintWrappedDeksBlob, b7 as paddedIndex, b8 as parseIndex, eU as parseSealedEnvelope, eV as readMagicLinkGrantRecord, eW as recoverUser, eX as removeAuthenticator, r as resolveI18nText, eY as resolvePublicEnvelopeSchema, eZ as revokeDelegation, e_ as revokeMagicLinkGrant, av as runTransaction, e$ as savePaperRecoveryEntries, f0 as saveSealedPassphrase, f1 as saveShamirRecoveryEntries, b9 as sha256Hex, f2 as unwrapDeksFromBlob, f3 as unwrapDeksFromPaperEntry, f4 as unwrapDeksFromShamirEntry, f5 as unwrapMagicLinkGrant, v as validateI18nTextValue, f6 as validatePassphrase, f7 as validatePublicEnvelopeInput, f8 as validateSchemaInput, f9 as validateSchemaOutput, o as validateSessionPolicy, fa as writeMagicLinkGrant } from './types-D9eB0Rvh.js';
3
- export { d as detectMagic, a as detectMimeType, i as isPreCompressed } from './mime-magic-CBBSOkjm.js';
1
+ import { aW as NoydbStore, bs as UserEnvelope, bc as PublicEnvelope, bt as GateName, bu as GatePolicy, bv as VaultPolicy, bw as ActiveTier, bx as FactorProof, aY as EncryptedEnvelope, by as SchemaUpdateStrategy, bz as TransformFn, bA as PersistedSchemaEnvelope, bB as UpdateDecision, bd as SealingKeyProvider, aU as UnlockedKeyring, bC as DirectoryConfig, bD as UserVisibility, bh as Vault, b1 as DiffEntry } from './index-DHn9lEP0.js';
2
+ export { bE as AccessibleVault, bF as AffectedDocument, a_ as AppendInput, bG as ApproveWithdrawalOptions, bH as ArchivePolicy, bI as ArchiveResult, bJ as ArchiveRunOptions, bK as ArchiveStrategy, aE as ArrayOutputSpec, o as BLOB_CHUNKS_COLLECTION, p as BLOB_COLLECTION, r as BLOB_INDEX_COLLECTION, t as BLOB_SLOTS_PREFIX, u as BLOB_VERSIONS_PREFIX, bL as BUNDLE_STORE_POLICY, z as BlobObject, A as BlobPutOptions, C as BlobResponseOptions, E as BlobSet, bM as BuiltInGateName, be as BundleRecipient, a4 as CONSENT_AUDIT_COLLECTION, bN as CacheOptions, bO as CacheStats, bP as ChangeEvent, a$ as ChangeType, ad as ClosePeriodOptions, aN as Collection, bQ as CollectionChangeEvent, bR as CollectionConfig, bS as CollectionConflictResolver, bT as CollectionDescription, bU as CollectionDescriptor, au as CollectionFrame, b0 as CollectionInstant, bV as CollectionMeta, bW as CollectionStats, bX as ComputedFieldError, bY as ComputedFields, bZ as ComputedFn, b_ as Conflict, b$ as ConflictPolicy, c0 as ConflictStrategy, a5 as ConsentAuditEntry, a6 as ConsentAuditFilter, a7 as ConsentContext, a8 as ConsentOp, c1 as CrossTierAccessEvent, c2 as CustodyApi, K as DEFAULT_CHUNK_SIZE, c3 as DEFAULT_PUBLIC_ENVELOPE_SCHEMA, c4 as DELEGATIONS_COLLECTION, D as DICT_COLLECTION_PREFIX, c5 as DeepPartial, c6 as DeepPartialOrNull, c7 as DeferredNumberingConfig, c8 as DelegationToken, c9 as DeleteManyResult, ca as DerivationDescriptor, aC as DerivationStrategy, aG as DerivationStrategyHandle, aH as DerivedFromMeta, cb as DescribeOptions, cc as DescribedField, a as DictEntry, b as DictKeyDescriptor, c as DictionaryHandle, d as DictionaryOptions, cd as DirtyEntry, ce as DryRunResult, cf as DumpSchemaOptions, cg as ELEVATION_AUDIT_COLLECTION, ch as ElevatedHandle, ci as EmbeddingDescriptor, cj as EnrollAuthenticatorOptions, ck as EnrollAuthenticatorWrappingDEKsOptions, cl as EnrollAuthenticatorWrappingKEKOptions, cm as EnrollRecoveryResult, cn as ExportAccessibleOptions, co as ExportCapability, cp as ExportChunk, cq as ExportFormat, cr as ExportStreamOptions, cs as FactorKind, ct as FactorProofBundle, cu as FactorRequirement, cv as FenceDoc, cw as FenceState, cx as FieldChange, cy as FieldDescriptor, cz as FieldMeta, cA as FieldSource, cB as FormattedSequenceHandle, cC as FrozenSnapshotRef, cD as GhostRecord, cE as GrantCustodianOptions, cF as GrantOptions, ao as GuardChange, ap as GuardContext, an as GuardStrategy, ar as GuardStrategyHandle, cG as GuardViolation, cH as HistoryConfig, cI as HistoryEntry, aX as HistoryOptions, cJ as INDEXED_STORE_POLICY, cK as ImportCapability, cL as InferOutput, cM as InternalCollectionStats, cN as IssueDelegationOptions, cO as IssueMagicLinkGrantOptions, b2 as JsonPatch, b3 as JsonPatchOp, cP as KeyringAuthenticator, cQ as KeyringAuthenticatorWrappingDEKs, cR as KeyringAuthenticatorWrappingKEK, cS as KeyringFile, b4 as LedgerStore, cT as LiberateOptions, cU as LiberateResult, cV as LinkEndpointError, cW as LinkIntegrityError, cX as LinkOnDelete, cY as LinkRow, cZ as LinkSetHandle, c_ as LinkSpec, c$ as ListAccessibleVaultsOptions, d0 as ListPageResult, d1 as ListUsersOptions, d2 as LiveUserEnvelope, d3 as LocaleReadOptions, d4 as Lru, d5 as LruOptions, d6 as LruStats, d7 as MAGIC_LINK_CONTENT_INFO_PREFIX, d8 as MAGIC_LINK_GRANTS_COLLECTION, d9 as MAGIC_LINK_KEK_INFO_PREFIX, da as MagicLinkGrantPayload, db as MagicLinkGrantRecord, bo as MaterializedFromMeta, dc as MaterializedViewDescriptor, bp as MaterializedViewOutput, aK as MaterializedViewStrategy, aL as MaterializedViewStrategyHandle, dd as MemoryRecipientSealer, de as MemorySealingKeyProvider, df as NOYDB_BACKUP_VERSION, dg as NOYDB_FORMAT_VERSION, dh as NOYDB_KEYRING_VERSION, di as NOYDB_SYNC_VERSION, dj as NextOptions, dk as Noydb, aw as NoydbBundleStore, dl as NoydbEventMap, dm as NoydbOptions, dn as NumberingAssignment, T as ObjectListEntry, U as ObjectMeta, V as ObjectProjection, W as ObjectUrlOptions, ae as OpenPeriodOptions, aI as OutputSpec, aO as OverlayFieldMergeMode, aP as OverlayFieldMergeRule, dp as OverlayViewDescriptor, aM as OverlayedViewStrategy, aR as OverlayedViewStrategyHandle, af as PERIODS_COLLECTION, dq as PUBLIC_ENVELOPE_FIELDS, dr as PaperRecoveryDoc, ds as PaperRecoveryEntry, dt as PassphrasePolicy, du as PassphraseValidationResult, ag as PeriodRecord, dv as Permission, dw as Permissions, dx as PersistedSchemaKind, dy as PlaintextTranslatorContext, dz as PlaintextTranslatorFn, P as PolicyEnforcer, dA as PresenceHandle, dB as PresencePeer, aZ as PruneOptions, dC as PublicEnvelopeField, dD as PublicEnvelopeSchema, dE as PublicEnvelopeText, dF as PullMode, dG as PullOptions, dH as PullPolicy, dI as PullResult, dJ as PushMode, dK as PushOptions, dL as PushPolicy, dM as PushResult, dN as PutManyItemOptions, dO as PutManyOptions, dP as PutManyResult, X as PutObjectOptions, Y as PutUrlOptions, dQ as QueryAcrossOptions, dR as QueryAcrossResult, dS as QuickUnlockState, dT as QuickUnlockStore, dU as ReAuthOperation, bg as RecipientHint, bf as RecipientSealer, aJ as RecordOutputSpec, dV as RecoverPassphraseInput, dW as RecoverPassphraseResult, dX as RecoverUserOptions, dY as RecoveryProof, dZ as RejectWithdrawalOptions, d_ as RequestWithdrawalOptions, d$ as RequestWithdrawalResult, e0 as ResolvedPublicEnvelopeSchema, ax as RetentionPolicy, e1 as RetrieveHit, e2 as RetrieveOptions, e3 as RevokeOptions, aT as Role, e4 as RotatePassphraseInput, e5 as RotateRecoveryOptions, e6 as RotateRecoveryResult, e7 as SEALED_PASSPHRASE_RECORD_ID, e8 as SchemaDelta, e9 as SchemaIntrospection, S as ScriptWarning, ea as SealedEnvelope, eb as SealedPassphrase, ec as SearchEntry, ed as SearchOptions, ee as SearchResult, ef as SemanticType, eg as SequenceHandle, eh as SequenceOptions, ei as SequenceStore, ej as SessionPolicy, ek as SetPublicEnvelopeInput, el as ShamirRecoveryDoc, em as ShamirRecoveryEntry, bj as ShamirRecoveryProvider, Z as SlotInfo, _ as SlotRecord, en as SlotRewrapCeremony, eo as SlotRewrapContext, aA as SnapshotMeta, ep as StandardSchemaV1, eq as StandardSchemaV1Issue, er as StandardSchemaV1SyncResult, e as StaticDictDescriptor, es as StoreAuth, et as StoreAuthKind, eu as StoreCapabilities, ev as StoreTime, ew as SyncEngine, ex as SyncMetadata, ey as SyncPolicy, ez as SyncScheduler, eA as SyncSchedulerStatus, eB as SyncStatus, eC as SyncTarget, eD as SyncTargetRole, eE as SyncTransaction, eF as SyncTransactionResult, eG as TabChannel, eH as TabCoordinationOptions, eI as TabLockManager, eJ as TabPresence, eK as TabRole, eL as TierMode, eM as TransactionInvariant, eN as TranslatorAuditEntry, eO as TxCollection, bk as TxContext, eP as TxOp, eQ as TxVault, eR as USER_ENVELOPE_COLLECTION, eS as USER_ENVELOPE_MAX_BYTES, bq as UnionArmJoin, br as UnionSource, eT as Unsubscribe, eU as UpdateAuthenticatorOptions, eV as UpdateContext, eW as UpdateUserOptions, eX as UserApi, eY as UserEnvelopeCheckGate, eZ as UserEnvelopeOversizedError, e_ as UserEnvelopePresented, e$ as UserInfo, f0 as VaultBackup, b5 as VaultEngine, av as VaultFrame, b6 as VaultInstant, f1 as VaultMeta, f2 as VaultPolicyOnDisk, f3 as VaultSchemaSnapshot, f4 as VaultSnapshot, b7 as VerifyResult, $ as VersionRecord, f5 as WarningRules, f6 as WeakPassphraseError, f7 as WeakPassphraseReason, f8 as WithArchiveOptions, f9 as WithdrawAccessibleOptions, fa as WithdrawResult, fb as WithdrawalRequest, fc as WithdrawalRequestError, fd as WithdrawalRequestStatus, fe as WrappedDeksBlob, ff as WriteConflict, fg as WriteEvent, fh as WriteHook, fi as WriteQueue, fj as aesGcmOpen, b8 as applyPatch, fk as approveWithdrawal, fl as assertStrongPassphrase, fm as buildRecipientKeyringFile, fn as burnPaperRecoveryEntry, fo as compileSequenceFormat, b9 as computePatch, n as createEnforcer, fp as createNoydb, fq as createStore, fr as deriveMagicLinkContentKey, f as dictCollectionName, g as dictKey, ba as diff, h as enforceScript, fs as enrollAuthenticator, ft as estimateEntropy, fu as evalComputedFields, fv as evaluateExportCapability, fw as evaluateImportCapability, fx as exportAccessibleData, fy as findAuthenticator, bb as formatDiff, fz as hasExportCapability, fA as hasImportCapability, fB as hasRecoveryEnrolled, i as inferScripts, j as isDictCollectionName, k as isDictKeyDescriptor, fC as isLinkCollectionName, fD as isMagicLinkGrantExpired, fE as isPublicEnvelope, l as isStaticDictDescriptor, fF as issueDelegation, fG as keyringRecoverPassphrase, fH as keyringRotatePassphrase, fI as liberateVault, fJ as listMagicLinkGrants, fK as listUsers, fL as listUsersWithEnvelopes, fM as listWithdrawalRequests, fN as loadActiveDelegations, fO as loadPaperRecoveryEntries, fP as loadSealedPassphrase, fQ as loadShamirRecoveryEntries, fR as magicLinkGrantRecordId, a1 as memoryObjectProjection, fS as mintPaperRecoveryEntry, fT as mintShamirRecoveryEntry, fU as mintWrappedDeksBlob, fV as parseRsaOaepTlv, fW as parseSealedEnvelope, fX as readMagicLinkGrantRecord, fY as recoverUser, fZ as rejectWithdrawal, f_ as removeAuthenticator, f$ as requestWithdrawal, g0 as resolvePublicEnvelopeSchema, g1 as resolveSequenceKey, g2 as revokeDelegation, g3 as revokeMagicLinkGrant, g4 as runTransaction, g5 as savePaperRecoveryEntries, g6 as saveSealedPassphrase, g7 as saveShamirRecoveryEntries, g8 as sealRsaOaepTlv, s as staticDict, g9 as unwrapDeksFromBlob, ga as unwrapDeksFromPaperEntry, gb as unwrapDeksFromShamirEntry, gc as unwrapMagicLinkGrant, gd as validatePassphrase, ge as validatePublicEnvelopeInput, gf as validateSchemaInput, gg as validateSchemaOutput, v as validateSessionPolicy, gh as withArchive, gi as withDeferredNumbering, gj as withdrawAccessibleData, gk as writeMagicLinkGrant } from './index-DHn9lEP0.js';
3
+ export { I as ImportExternalOptions, a as ImportExternalResult, b as ImportableCollection, d as detectMagic, c as detectMimeType, i as importExternalObjects, e as isPreCompressed } from './mime-magic-JeLKHRng.js';
4
4
  export { AgeRoute, BlobLifecyclePolicy, BlobStoreRoute, CircuitBreakerOptions, HealthCheckOptions, LogLevel, LoggingOptions, MetricsOptions, OverrideOptions, OverrideTarget, RetryOptions, RouteStatus, RouteStoreOptions, RoutedNoydbStore, StoreCacheOptions, StoreMiddleware, StoreOperation, SuspendOptions, WrapBundleStoreOptions, WrappedBundleNoydbStore, createBundleStore, routeStore, withCache, withCircuitBreaker, withHealthCheck, withLogging, withMetrics, withRetry, wrapBundleStore, wrapStore } from './store/index.js';
5
- import { N as NoydbError } from './index-BF1B2HB9.js';
6
- export { x as AlreadyElevatedError, A as AmendmentForbiddenError, m as AttestationError, B as BackupCorruptedError, o as BackupLedgerError, p as BundleIntegrityError, q as BundleSealMismatchError, r as BundleVersionConflictError, C as ConflictError, y as DEFAULT_JOIN_MAX_ROWS, z as DanglingReferenceError, E as DecryptionError, G as DelegationTargetMissingError, e as DerivationCapExceededError, f as DerivationCycleError, g as DerivationDepthError, h as DerivationOutputShapeError, i as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, H as DirectoryDisabledError, J as ElevationExpiredError, K as ExportCapabilityError, F as FieldFrozenError, U as FilenameSanitizationError, V as GroupCardinalityError, W as ImportCapabilityError, X as IndexRequiredError, Y as IndexWriteFailureError, Z as InvalidKeyError, I as InvariantError, _ as JoinContext, $ as JoinLeg, a0 as JoinStrategy, a1 as JoinTooLargeError, a2 as JoinableSource, a3 as KeyringCorruptError, a4 as KeyringExpiredError, a5 as LedgerContentionError, a6 as LiveQuery, a7 as LiveUpstream, L as LocaleNotSpecifiedError, t as MaterializedViewConfigError, u as MaterializedViewCycleError, v as MaterializedViewSourceUnknownError, w as MaterializedViewTooLargeError, a8 as MigrationRequiredError, M as MissingTranslationError, a9 as NetworkError, aa as NoAccessError, ab as NonAdditiveSchemaChangeError, ac as NotFoundError, ad as OrderBy, O as OverlayBaseIsVirtualError, j as OverlayCollectionUnavailableError, k as OverlayIdMismatchError, l as OverlayNameCollisionError, ae as PathEscapeError, af as PeriodClosedError, ag as PermissionDeniedError, ah as PrivilegeEscalationError, Q as Query, ai as QueryPlan, aj as QuerySource, ak as QuiesceTimeoutError, al as ReadOnlyAtInstantError, am as ReadOnlyError, an as ReadOnlyFrameError, d as RecordLockedError, ao as RefDescriptor, ap as RefIntegrityError, aq as RefMode, ar as RefRegistry, as as RefScopeError, at as RefViolation, R as ReservedCollectionNameError, au as ScanBuilder, av as ScanPageProvider, aw as SchemaFenceError, ax as SchemaLockedError, ay as SchemaUpdateError, az as SchemaValidationError, S as SessionExpiredError, b as SessionNotFoundError, c as SessionPolicyError, aA as StoreCapabilityError, aB as TamperedError, aC as TierDemoteDeniedError, aD as TierNotGrantedError, T as TranslatorNotConfiguredError, aE as ValidationError, aF as applyJoins, aG as buildLiveQuery, aH as executePlan, aI as ref, aJ as resetJoinWarnings } from './index-BF1B2HB9.js';
7
- export { A as AutoCredential, n as AutoCredentialKind, c as CompressionAlgo, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, j as generateULID, o as hasNoydbBundleMagic, k as isULID, r as readNoydbBundle, l as readNoydbBundleHeader, p as readNoydbBundlePublicEnvelope, m as resetBrotliSupportCache, w as writeNoydbBundle } from './ulid-CiM2OAeM.js';
5
+ import { N as NoydbError } from './errors-BAWO5Z5a.js';
6
+ export { H as AlreadyElevatedError, A as AmendmentForbiddenError, s as AttestationError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, J as ConflictError, K as CrossJoinSourceUnknownError, Q as CrossJoinTooLargeError, V as DanglingReferenceError, W as DataResidencyError, X as DebugPlaintextError, Y as DebugReservedFieldError, Z as DecryptionError, _ as DelegationTargetMissingError, i as DerivationCapExceededError, j as DerivationCycleError, k as DerivationDepthError, l as DerivationOutputShapeError, m as DerivationOutputUnknownError, D as DictKeyInUseError, a as DictKeyMissingError, $ as DirectoryDisabledError, a0 as ElevationExpiredError, a1 as EmbeddingDimMismatchError, a2 as EmbeddingModelMismatchError, a3 as ExportCapabilityError, F as FieldFrozenError, a4 as FilenameSanitizationError, a5 as ForgetStrategyNotConfiguredError, a6 as GroupCardinalityError, I as IllegalTransitionError, a7 as ImportCapabilityError, a8 as IndexRequiredError, a9 as IndexWriteFailureError, aa as InvalidKeyError, f as InvariantError, ab as JoinTooLargeError, ac as KeyringCorruptError, ad as KeyringExpiredError, ae as LedgerContentionError, L as LocaleNotSpecifiedError, z as MaterializedViewConfigError, C as MaterializedViewCycleError, E as MaterializedViewSourceUnknownError, G as MaterializedViewTooLargeError, af as MigrationRequiredError, M as MissingTranslationError, ag as NetworkError, ah as NoAccessError, ai as NonAdditiveSchemaChangeError, aj as NotFoundError, ak as NumberingUncertaintyError, O as OverlayBaseIsVirtualError, n as OverlayCollectionUnavailableError, o as OverlayIdMismatchError, p as OverlayNameCollisionError, al as PathEscapeError, am as PeriodClosedError, an as PermissionDeniedError, ao as PrivilegeEscalationError, ap as QuiesceTimeoutError, aq as ReadOnlyAtInstantError, ar as ReadOnlyError, as as ReadOnlyFrameError, at as RecordCekNotFoundError, g as RecordLockedError, R as ReservedCollectionNameError, au as ReservedVaultNameError, av as SchemaFenceError, aw as SchemaLockedError, ax as SchemaUpdateError, ay as SchemaValidationError, S as ScriptViolationError, q as SealedRecordExpiredError, r as SealedRecordMismatchError, az as SequenceContentionError, aA as SequenceOfflineError, c as SessionExpiredError, d as SessionNotFoundError, e as SessionPolicyError, aB as ShardProvisioningError, h as SnapshotNotFoundError, b as StaticDictReadonlyError, aC as StoreCapabilityError, aD as TamperedError, aE as TierDemoteDeniedError, aF as TierNotGrantedError, T as TranslatorNotConfiguredError, aG as UniqueConstraintError, U as UnknownDictCodeError, aH as UnknownShardError, aI as UnsupportedIndexOptionError, aJ as ValidationError, aK as VaultTemplateNotFoundError } from './errors-BAWO5Z5a.js';
7
+ export { A as AutoCredential, m as AutoCredentialKind, c as CompressionAlgo, D as DecryptedRecord, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as decryptExtractedPartition, n as hasNoydbBundleMagic, r as readNoydbBundle, k as readNoydbBundleHeader, o as readNoydbBundlePublicEnvelope, l as resetBrotliSupportCache, w as writeNoydbBundle } from './decrypt-partition-CXS5KopB.js';
8
+ export { g as generateULID, i as isULID } from './ulid-DRH25k3y.js';
9
+ export { D as DEFAULT_CROSS_JOIN_MAX_ROWS, a as DEFAULT_JOIN_MAX_ROWS, J as JoinContext, b as JoinLeg, c as JoinStrategy, d as JoinableSource, L as LiveQuery, e as LiveUpstream, O as OrderBy, Q as Query, f as QueryPlan, g as QuerySource, R as RefDescriptor, h as RefIntegrityError, i as RefMode, j as RefRegistry, k as RefScopeError, l as RefViolation, S as ScanBuilder, m as ScanPageProvider, n as applyJoins, o as buildLiveQuery, p as executePlan, q as isRefArray, r as ref, s as refArray, t as resetJoinWarnings } from './index-Ddm8D3Oo.js';
10
+ export { L as LedgerEntry, c as canonicalJson, h as hashEntry, p as paddedIndex, a as parseIndex, s as sha256Hex } from './index-BMmajblo.js';
8
11
  export { a as CrdtMode, b as CrdtState, L as LwwMapState, R as RgaState, Y as YjsState, m as mergeCrdtStates, r as resolveCrdtSnapshot } from './strategy-BSxFXGzb.js';
9
- export { w as withGuard } from './with-guard-DR7U-l4v.js';
10
- export { w as withDerivation } from './with-derivation-Bzpj6UTv.js';
11
- export { w as withMaterializedView } from './with-materialized-view-qtoJ3xKJ.js';
12
- export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-Dnu81tsS.js';
13
- export { w as withOverlayedView } from './with-overlayed-view-DFaRfgMr.js';
12
+ export { F as FuseOptions, b as base64ToBuffer, a as bufferToBase64, d as decryptBytes, c as decryptDeterministic, e as derivePresenceKey, f as encryptBytes, g as encryptDeterministic, h as fuseRetrieval } from './index-BmhGztUi.js';
13
+ export { TransactionStrategyOptions } from './tx/index.js';
14
+ export { I as ImmutableGuardConfig, T as TransitionGuardConfig, i as immutableGuard, t as transitionGuard, w as withGuard } from './transition-guard-Dy3NioQr.js';
15
+ import { M as RoundingMode } from './strategy-8QGs5KQE.js';
16
+ export { j as AggregateResult, k as AggregateSpec, l as Aggregation, m as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, n as GROUPBY_WARN_CARDINALITY, o as GroupedAggregation, p as GroupedQuery, q as GroupedQueryN, t as GroupedRow, u as GroupedRowN, I as I18nMap, a as I18nTextDescriptor, b as I18nTextOptions, L as Layer, w as LiveAggregation, N as MoneyCurrencyError, P as MoneyDescriptor, Q as MoneyOptions, S as MoneyOptionsFixed, T as MoneyOptionsMulti, U as MoneyPrecisionError, V as MoneyUnsupportedError, O as OnMissing, c as OnMissingPolicy, x as Reducer, y as ReducerOptions, R as ResolveI18nOptions, d as applyI18nLocale, z as avg, C as count, D as groupAndReduce, i as i18nText, e as isI18nTextDescriptor, W as isMoneyDescriptor, E as max, F as min, X as money, H as reduceRecords, r as resolveI18nText, f as resolvePolicy, K as sum, v as validateI18nTextValue } from './strategy-8QGs5KQE.js';
17
+ export { w as withDerivation, a as withRollup } from './with-rollup-CbU-O4wP.js';
18
+ export { w as withMaterializedView } from './with-materialized-view-DIVeez0W.js';
19
+ export { a as Clause, C as CollectionIndexes, F as FieldClause, b as FilterClause, G as GroupClause, H as HashIndex, I as IndexDef, O as Operator, e as evaluateClause, c as evaluateFieldClause, r as readPath } from './predicate-BmhBSPCH.js';
20
+ export { w as withOverlayedView } from './with-overlayed-view-DVZrc5Hb.js';
14
21
  export { SYNC_CREDENTIALS_COLLECTION, SyncCredential, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential } from './team/index.js';
15
- export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-Cf2B7Kih.js';
16
- export { a as AggregateResult, b as AggregateSpec, c as Aggregation, d as AggregationUpstream, G as GROUPBY_MAX_CARDINALITY, e as GROUPBY_WARN_CARDINALITY, f as GroupedAggregation, g as GroupedQuery, h as GroupedQueryN, i as GroupedRow, j as GroupedRowN, L as LiveAggregation, R as Reducer, k as ReducerOptions, l as avg, n as count, o as groupAndReduce, p as max, q as min, r as reduceRecords, t as sum } from './strategy-DSTrsZ8t.js';
17
- export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-gVn_uKhp.js';
18
- import './lazy-builder-Rpd-V3jP.js';
22
+ export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from './dev-unlock-CnHTTVea.js';
23
+ export { i as isDiscriminant } from './discriminant-BN9REW3o.js';
24
+ export { L as LEDGER_COLLECTION, a as LEDGER_DELTAS_COLLECTION, e as envelopePayloadHash } from './hash-oc5paYl0.js';
25
+ import './lazy-builder-ChSqcF5t.js';
19
26
  import '@noy-db/attestation';
20
27
 
21
28
  /**
@@ -72,6 +79,19 @@ declare function deleteUserEnvelope(store: NoydbStore, vault: string, keyringId:
72
79
  */
73
80
  declare function listUserEnvelopeIds(store: NoydbStore, vault: string): Promise<string[]>;
74
81
 
82
+ /**
83
+ * Default text tokenizer for scan-mode search (#308).
84
+ *
85
+ * NFKC-normalize → lowercase → split on Unicode letter/number runs. This is a
86
+ * word-boundary tokenizer: it does **not** segment scripts written without
87
+ * inter-word spaces (Thai, Lao, Khmer, CJK) — those collapse to one token per
88
+ * run. For such data, a dictionary/ICU segmenter is the right `tokenizer`
89
+ * (the engine takes one as a parameter); substring/`contains` matching is the
90
+ * pragmatic fallback until then. See the #308 design note.
91
+ */
92
+ type Tokenizer = (text: string) => string[];
93
+ declare const tokenize: Tokenizer;
94
+
75
95
  /**
76
96
  * Cache policy helpers — parse human-friendly byte budgets into raw numbers.
77
97
  *
@@ -162,15 +182,14 @@ declare class PolicyDeniedError extends NoydbError {
162
182
  * MUST have at least one recovery path enrolled before being
163
183
  * production-ready (paper, shamir, multi-channel, or admin-mediated).
164
184
  *
165
- * The error references issue #10 in its message so a developer hitting
166
- * it gets a one-line pointer to the design.
185
+ * The error message carries a pointer to the recovery design docs.
167
186
  */
168
187
  declare class RecoveryNotEnrolledError extends NoydbError {
169
188
  constructor(message?: string);
170
189
  }
171
190
  /**
172
191
  * Raised by `openVault` when a managed-passphrase-mode vault has no
173
- * STRONG recovery profile enrolled (#195).
192
+ * STRONG recovery profile enrolled.
174
193
  *
175
194
  * Managed mode means the user never types a passphrase — the unlock
176
195
  * material lives in a `SealingKeyProvider` (`at-*` package). If that
@@ -196,9 +215,8 @@ declare class ManagedRecoveryNotEnrolledError extends NoydbError {
196
215
  * `db.rotateRecovery` when the developer requests a recovery profile
197
216
  * not yet wired in this hub release.
198
217
  *
199
- * Implemented: `paper` (#10, pre.5) and `shamir` (#196 slice 1, pre.16).
200
- * Pending: `multi-channel` and `admin-mediated` (tracked under #196
201
- * follow-up slices).
218
+ * Implemented: `paper` and `shamir`.
219
+ * Pending: `multi-channel` and `admin-mediated` (follow-up slices).
202
220
  *
203
221
  * The carried `profile` and `tracking` fields let consumers steer the
204
222
  * UI ("multi-channel recovery is not yet wired up — open issue #N to follow").
@@ -339,6 +357,32 @@ declare function loadVaultPolicy(store: NoydbStore, vault: string): Promise<Vaul
339
357
  */
340
358
  declare function saveVaultPolicy(store: NoydbStore, vault: string, policy: VaultPolicy): Promise<void>;
341
359
 
360
+ /**
361
+ * Helpers for reading records out of a *plaintext* store (`encrypt: false`)
362
+ * with native tooling — the programmatic core of a `noydb cat`-style unwrap.
363
+ * See the plaintext/debug-store-mode design.
364
+ */
365
+
366
+ /**
367
+ * Extract the record from a plaintext stored envelope, handling both layouts:
368
+ *
369
+ * - **classic plaintext** (`encrypt: false`): the record is JSON in `_data`.
370
+ * - **debugPlaintext**: the record's fields are inlined beside the
371
+ * `_`-prefixed metadata (marked by `_debug`).
372
+ *
373
+ * Returns `null` for an empty/absent body. Throws if handed an **encrypted**
374
+ * envelope (non-empty `_iv`) — there is no key here; decrypt through the vault
375
+ * instead. Intended for record envelopes, not blob chunks.
376
+ *
377
+ * @example
378
+ * ```ts
379
+ * // node script over a to-file store, no vault needed:
380
+ * const env = JSON.parse(readFileSync('data/acme/invoices/inv-1.json', 'utf8'))
381
+ * console.log(readPlaintextRecord(env)) // → { id: 'inv-1', total: '120.00', … }
382
+ * ```
383
+ */
384
+ declare function readPlaintextRecord<T = Record<string, unknown>>(envelope: EncryptedEnvelope): T | null;
385
+
342
386
  /** Allow any schema change. Explicit blind / back-compat. */
343
387
  declare function blindUpdate(): SchemaUpdateStrategy;
344
388
  /** Allow additive changes; reject non-additive ones. The safety backstop. */
@@ -351,16 +395,25 @@ declare function lockSchema(opts?: {
351
395
  readonly fields?: readonly string[];
352
396
  }): SchemaUpdateStrategy;
353
397
 
354
- /** The coordinatedCutover update strategy (#232, single-step — no from/to). */
398
+ /** The coordinatedCutover update strategy (single-step — no from/to). */
355
399
 
356
400
  declare function coordinatedCutover(opts: {
357
401
  readonly transform: TransformFn;
358
402
  }): SchemaUpdateStrategy;
359
403
 
404
+ /**
405
+ * Hub-core constants that must be referenceable without pulling any
406
+ * subsystem chunk. Kept import-free.
407
+ */
408
+ /** Reserved fleet-wide control-plane vault name. Hub reserves it for an outward orchestration framework's state/control-plane vault. */
409
+ declare const STATE_VAULT_NAME = "__noydb_state__";
410
+
360
411
  /**
361
412
  * Derive a {@link PersistedSchemaEnvelope} from a Standard Schema v1
362
- * validator. v0 supports Zod via `zod-to-json-schema` (optional peer-dep);
363
- * other families write a stub envelope flagging the kind.
413
+ * validator. Supports zod 3 (via the optional `zod-to-json-schema` peer-dep)
414
+ * and zod 4 (via its native `z.toJSONSchema()`); both are loaded lazily so
415
+ * hub never statically imports zod. Other validator families write a stub
416
+ * envelope flagging the kind.
364
417
  *
365
418
  * @see docs/superpowers/specs/2026-05-22-schema-dump-design.md
366
419
  *
@@ -368,9 +421,10 @@ declare function coordinatedCutover(opts: {
368
421
  */
369
422
 
370
423
  /**
371
- * Heuristic Zod detection — Zod schemas carry a `_def.typeName` property
372
- * starting with `Zod` (e.g. `ZodObject`, `ZodString`). This survives Zod's
373
- * minor-version bumps because the typeName naming is stable across v3.
424
+ * Heuristic Zod detection — uses the Standard Schema v1 `~standard.vendor`
425
+ * property (present in Zod v3.23+ and Zod v4+). Falls back to the
426
+ * `_def.typeName` heuristic for older Zod v3 builds that predate Standard
427
+ * Schema support.
374
428
  */
375
429
  declare function isZodSchema(value: unknown): boolean;
376
430
  declare function derivePersistedSchema(validator: unknown): Promise<PersistedSchemaEnvelope>;
@@ -431,7 +485,7 @@ interface PersistSchemaResult {
431
485
  readonly skipped: boolean;
432
486
  /** The envelope that was either written or matched. */
433
487
  readonly envelope: PersistedSchemaEnvelope;
434
- /** The update-strategy decision, present when strategies ran (#245). */
488
+ /** The update-strategy decision, present when strategies ran. */
435
489
  readonly decision?: UpdateDecision;
436
490
  }
437
491
  declare function persistSchemaIfNeeded(opts: {
@@ -444,7 +498,91 @@ declare function persistSchemaIfNeeded(opts: {
444
498
  }): Promise<PersistSchemaResult>;
445
499
 
446
500
  /**
447
- * Authentication introspection issue #13.
501
+ * FR-6Deed: sealed / hidden-owner provisioning.
502
+ *
503
+ * A **Deed** is a vault owned by a *latent* principal who never
504
+ * authenticates. The owner credential (the random passphrase that
505
+ * derives `KEK_owner`) is minted machine-side and sealed under a
506
+ * **non-firm** {@link SealingKeyProvider} — that sealing boundary is
507
+ * the cryptographic *inalienability anchor*: whoever holds the
508
+ * provider (the client / their KMS) is the only party that can ever
509
+ * re-derive `KEK_owner`. A firm-side custodian operates the vault
510
+ * fully but can never reach the owner key — there is deliberately NO
511
+ * firm-controlled fallback.
512
+ *
513
+ * Provisioning reuses the managed-mode seam:
514
+ * - {@link resolveManagedSecret} mints + seals + persists the random
515
+ * passphrase at `_meta/sealed-passphrase` (and unseals it on every
516
+ * subsequent open through the same provider).
517
+ * - {@link createOwnerKeyring} derives `KEK_owner` from that
518
+ * passphrase and writes the `_keyring/<ownerUserId>` file.
519
+ *
520
+ * On top of that, a Deed writes a `_meta/deed` **marker**. The marker
521
+ * is PLAINTEXT metadata — it records WHO the latent owner is and WHICH
522
+ * sealing boundary protects them, so it must be readable without
523
+ * unlocking the vault (a custodian or auditor inspecting the vault must
524
+ * be able to see "this is a Deed vault, owner = X, sealed under Y"
525
+ * without any key). The marker itself is therefore never sealed; only
526
+ * the owner *credential* is.
527
+ *
528
+ * @module
529
+ */
530
+
531
+ /** Reserved id for the Deed marker under `_meta`. */
532
+ declare const DEED_RECORD_ID: "deed";
533
+ /**
534
+ * Plaintext metadata recording a vault's latent-owner Deed. Persisted
535
+ * at `_meta/deed`. Readable without unlocking the vault by design — it
536
+ * carries no secret material, only the identity of the latent owner
537
+ * and the sealing boundary that anchors inalienability.
538
+ */
539
+ interface DeedMarker {
540
+ /** The latent owner principal — the user id of the `_keyring/<id>` owner file. */
541
+ readonly ownerUserId: string;
542
+ /**
543
+ * The `SealingKeyProvider.id` the owner credential is sealed under.
544
+ * The inalienability anchor: only the holder of this (non-firm)
545
+ * provider can re-derive `KEK_owner`. Audit metadata — never secret.
546
+ */
547
+ readonly sealedUnder: string;
548
+ /** Always `true` for a Deed — the owner never authenticates interactively. */
549
+ readonly latent: true;
550
+ /** ISO-8601 timestamp the Deed was issued. */
551
+ readonly issuedAt: string;
552
+ /**
553
+ * ISO-8601 timestamp the vault was liberated (a new owner claimed it
554
+ * via the audited Liberate ceremony), if any. Absent until liberation.
555
+ */
556
+ readonly liberatedAt?: string;
557
+ }
558
+ /**
559
+ * Provision a Deed: a latent owner whose credential is sealed under
560
+ * `sealing` (a NON-firm provider). Mints + seals the owner passphrase
561
+ * via {@link resolveManagedSecret}, derives the owner keyring via
562
+ * {@link createOwnerKeyring}, then writes the plaintext `_meta/deed`
563
+ * marker. Returns the unlocked owner keyring.
564
+ *
565
+ * The returned keyring is the only in-memory window onto `KEK_owner`
566
+ * for this call; the persistent re-entry point is the sealing provider
567
+ * (re-run {@link resolveManagedSecret} with the same provider to
568
+ * re-resolve the passphrase, then {@link createOwnerKeyring}/load to
569
+ * unlock — no interactive passphrase is ever required).
570
+ *
571
+ * There is deliberately no firm-controlled fallback: the marker's
572
+ * `sealedUnder` is the single cryptographic anchor of ownership.
573
+ */
574
+ declare function createDeedOwner(store: NoydbStore, vault: string, ownerUserId: string, sealing: SealingKeyProvider): Promise<UnlockedKeyring>;
575
+ /**
576
+ * Read the {@link DeedMarker} from `_meta/deed`, or `null` if the vault
577
+ * has no Deed marker (i.e. it is not a Deed vault). Plaintext read — no
578
+ * unlocking required.
579
+ */
580
+ declare function loadDeedMarker(store: NoydbStore, vault: string): Promise<DeedMarker | null>;
581
+ /** Whether `vault` carries a Deed marker (a sealed/latent owner). */
582
+ declare function isDeedVault(store: NoydbStore, vault: string): Promise<boolean>;
583
+
584
+ /**
585
+ * Authentication introspection.
448
586
  *
449
587
  * Three surfaces over the configured tier model and the actual
450
588
  * per-user enrollment state:
@@ -566,60 +704,168 @@ declare function persistUserVisibility(store: NoydbStore, vault: string, keyring
566
704
  */
567
705
  declare function deleteUserVisibility(store: NoydbStore, vault: string, keyringId: string): Promise<void>;
568
706
 
569
- interface EncryptResult {
570
- iv: string;
571
- data: string;
572
- }
573
707
  /**
574
- * Encrypt raw bytes with AES-256-GCM using a fresh random IV.
575
- * Used by the attachment store so binary blobs avoid double base64 encoding
576
- * (the existing `encrypt()` function calls `TextEncoder` on a string — here
577
- * we pass the `Uint8Array` directly to `subtle.encrypt`).
708
+ * Return the ISO-4217 minor-unit scale for a currency code, or `null`
709
+ * when the code is not in the known set (caller must supply an explicit
710
+ * scale).
578
711
  */
579
- declare function encryptBytes(data: Uint8Array, dek: CryptoKey): Promise<EncryptResult>;
712
+ declare function scaleForCurrency(code: string): number | null;
713
+
580
714
  /**
581
- * Decrypt AES-256-GCM ciphertext back to raw bytes.
582
- * Counterpart to `encryptBytes`. Throws `TamperedError` on auth-tag failure.
715
+ * Money-aware aggregation: exact `sum` / `min` / `max` over money
716
+ * fields.
717
+ *
718
+ * The generic reducers (`aggregate/reducers.ts`) read a field via
719
+ * `readNumber`, which coerces a string (the stored scaled-integer form
720
+ * of money, e.g. `'12345'`) to `0` — so an un-wrapped money `sum` would
721
+ * silently return zero. {@link wrapMoneyReducers} rewrites any `sum` /
722
+ * `min` / `max` over a declared money field into a reducer that
723
+ * accumulates per-currency `BigInt` totals of the stored integers, so
724
+ * the result is exact for any magnitude (past `Number.MAX_SAFE_INTEGER`
725
+ * included).
726
+ *
727
+ * Results are currency-aware and never silently mix currencies:
728
+ * - **fixed** mode → a single exact decimal string.
729
+ * - **multi** mode → an exact `Record<currency, string>` map.
730
+ * - **`sum` with `convertTo` + `fx`** → a single exact string, with
731
+ * each currency converted via BigInt arithmetic (no float).
732
+ *
733
+ * `remove()` is implemented for every money reducer so they participate
734
+ * in incremental live-aggregation and materialized-view maintenance
735
+ * exactly like the generic reducers they replace.
583
736
  */
584
- declare function decryptBytes(ivBase64: string, dataBase64: string, dek: CryptoKey): Promise<Uint8Array>;
737
+
738
+ type FxRates = Record<string, number | string>;
739
+
740
+ /**
741
+ * Exact money arithmetic helpers (#337) — `mulRate` and `allocate`.
742
+ *
743
+ * Both operate on the canonical decoded string form that `get()`
744
+ * returns (`'10000.00'`), entirely in scaled-`BigInt` space — no
745
+ * floating-point step anywhere, exact past 2^53. They are pure
746
+ * functions with no vault or descriptor dependency: the working scale
747
+ * is inferred from the amount's fractional digits (a canonical money
748
+ * string always carries exactly the field's scale) or pinned with
749
+ * `opts.scale`.
750
+ *
751
+ * Why these two: app-side invariants of the form
752
+ * `Σ parts === whole` (receipt totals, net-zero WHT pairs, proration)
753
+ * carry ±0.01 tolerances ONLY because the math is major-unit floats +
754
+ * round2. `mulRate` (VAT-style rate application with explicit
755
+ * rounding) and `allocate` (largest-remainder split — parts sum to the
756
+ * input EXACTLY, by construction) make those tolerances zero.
757
+ */
758
+
759
+ interface MulRateOptions {
760
+ /**
761
+ * Output scale (fraction digits). Defaults to the amount's own
762
+ * fractional digits — for a canonical money string that IS the
763
+ * field's scale.
764
+ */
765
+ readonly scale?: number;
766
+ /** Rounding for the final re-scale. Default `'half-up'`. */
767
+ readonly rounding?: RoundingMode;
768
+ }
769
+ interface AllocateOptions {
770
+ /** Working scale. Defaults to the amount's own fractional digits. */
771
+ readonly scale?: number;
772
+ }
773
+ /**
774
+ * Multiply a money amount by a decimal rate, exactly.
775
+ *
776
+ * The rate is parsed at its OWN full precision (`0.07` → `7` at scale
777
+ * 2), the product computed in `BigInt` at `amountScale + rateScale`,
778
+ * then re-scaled back to the output scale with the requested rounding —
779
+ * one rounding step, at the very end.
780
+ *
781
+ * ```ts
782
+ * mulRate('10000.00', 0.07) // '700.00' (VAT)
783
+ * mulRate('33.33', '0.07') // '2.33' (half-up)
784
+ * mulRate('33.33', 0.07, { rounding: 'floor' }) // '2.33'
785
+ * mulRate(100, 0.07, { scale: 2 }) // '7.00'
786
+ * ```
787
+ */
788
+ declare function mulRate(amount: number | string, rate: number | string, opts?: MulRateOptions): string;
585
789
  /**
586
- * Derive an AES-256-GCM presence key from a collection DEK using HKDF-SHA256.
790
+ * Split a money amount across weighted buckets with ZERO drift: the
791
+ * returned parts sum to the input exactly, by construction
792
+ * (largest-remainder method).
587
793
  *
588
- * The presence key is domain-separated from the data DEK by the fixed salt
589
- * `'noydb-presence'` and the `info` = collection name. This means:
590
- * - The adapter never sees the presence key.
591
- * - Presence payloads rotate automatically when the collection DEK is rotated.
592
- * - Revoked users cannot derive the new presence key after a DEK rotation.
794
+ * Each bucket gets `floor(amount × weightᵢ / Σweights)`; the leftover
795
+ * minor units (always fewer than the bucket count) go one each to the
796
+ * buckets with the largest truncated remainders — ties broken by
797
+ * position, earlier bucket first. Weights are parsed as exact decimals
798
+ * (no float division anywhere); they must be non-negative with a
799
+ * positive sum.
593
800
  *
594
- * @param dek The collection's AES-256-GCM DEK (extractable).
595
- * @param collectionName Used as the HKDF `info` parameter for domain separation.
596
- * @returns A non-extractable AES-256-GCM key suitable for presence payload encryption.
801
+ * ```ts
802
+ * allocate('100.00', [1, 1, 1]) // ['33.34', '33.33', '33.33']
803
+ * allocate('0.05', [3, 7]) // ['0.02', '0.03']
804
+ * allocate('-100.00', [1, 1, 1]) // ['-33.34', '-33.33', '-33.33']
805
+ * ```
597
806
  */
598
- declare function derivePresenceKey(dek: CryptoKey, collectionName: string): Promise<CryptoKey>;
807
+ declare function allocate(amount: number | string, weights: ReadonlyArray<number | string>, opts?: AllocateOptions): string[];
808
+
599
809
  /**
600
- * Encrypt a plaintext string with AES-256-GCM and a deterministic,
601
- * HKDF-derived IV.
810
+ * Branded money output type (#338).
811
+ *
812
+ * The decoded read shape of a money field is an exact decimal STRING
813
+ * (`'10000.00'`) — but a hand-written schema types it `string | number`,
814
+ * which is honest about the input side and unhelpful on the output
815
+ * side: every read site hand-coerces, and a missed coercion passes
816
+ * typecheck silently (then surfaces as a runtime template warning, or
817
+ * worse, as `'10000.00' * 100` arithmetic).
602
818
  *
603
- * The same `{ dek, context, plaintext }` triple always produces the
604
- * same `{ iv, data }` call this twice and you can string-compare the
605
- * ciphertexts to check equality of the inputs without decrypting them.
819
+ * {@link MoneyString} is the output-side brand: a `string` that has
820
+ * been through noy-db's decode (or {@link asMoney}'s guard). Branding
821
+ * is type-level only zero runtime cost on the read path.
606
822
  *
607
- * @param context Domain-separation string by convention
608
- * `'<collection>/<field>'`. Different contexts encrypt
609
- * the same plaintext to different ciphertexts, so
610
- * `email` in collection `users` does not collide with
611
- * `email` in collection `customers`.
823
+ * ## Wiring the brand through a validator (the input/output asymmetry)
824
+ *
825
+ * Keep the permissive `string | number` on the INPUT side so write
826
+ * sites are untouched, and brand the OUTPUT side. With Zod:
827
+ *
828
+ * ```ts
829
+ * import type { MoneyString } from '@noy-db/hub'
830
+ *
831
+ * const moneyValue = z.union([z.number(), z.string()]) as unknown as
832
+ * z.ZodType<MoneyString, z.ZodTypeDef, string | number>
833
+ *
834
+ * const Invoice = z.object({ id: z.string(), total: moneyValue })
835
+ * type InvoiceOut = z.output<typeof Invoice> // total: MoneyString
836
+ * type InvoiceIn = z.input<typeof Invoice> // total: string | number
837
+ * ```
838
+ *
839
+ * The cast is sound for fields declared in `moneyFields`: reads pass
840
+ * through `decodeMoneyFields`, which always produces the canonical
841
+ * decimal string.
842
+ */
843
+ declare const MONEY_BRAND: unique symbol;
844
+ /**
845
+ * An exact decimal string produced by noy-db's money decode
846
+ * (`'10000.00'`). The brand exists only at the type level — at runtime
847
+ * a `MoneyString` is a plain string.
612
848
  */
613
- declare function encryptDeterministic(plaintext: string, dek: CryptoKey, context: string): Promise<EncryptResult>;
849
+ type MoneyString = string & {
850
+ readonly [MONEY_BRAND]: true;
851
+ };
614
852
  /**
615
- * Counterpart to {@link encryptDeterministic}. The IV is stored
616
- * alongside the ciphertext (exactly like the randomized path), so
617
- * decrypt uses the stored IV and verifies the GCM auth tag — a tampered
618
- * ciphertext throws `TamperedError` just like randomized AES-GCM.
853
+ * Runtime-guarded cast to {@link MoneyString}. Accepts a decimal string
854
+ * or a number, returns the canonical decimal string branded throws
855
+ * `MoneyUnsupportedError` on anything non-finite / non-decimal. Use at
856
+ * trust boundaries (deserialized JSON, route params); values read
857
+ * through `get()`/`list()` are already canonical.
619
858
  */
620
- declare function decryptDeterministic(ivBase64: string, dataBase64: string, dek: CryptoKey): Promise<string>;
621
- declare function bufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
622
- declare function base64ToBuffer(base64: string): Uint8Array<ArrayBuffer>;
859
+ declare function asMoney(value: string | number): MoneyString;
860
+ /** Type guard: is `value` a decimal string acceptable as money? */
861
+ declare function isMoneyString(value: unknown): value is MoneyString;
862
+ /**
863
+ * The ONE sanctioned escape hatch to a JS `number` — explicit because
864
+ * the conversion is lossy past 2^53. For display math and chart axes;
865
+ * never feed the result back into stored amounts (use `mulRate` /
866
+ * `allocate` for exact arithmetic).
867
+ */
868
+ declare function moneyNumber(value: MoneyString | string | number): number;
623
869
 
624
870
  /**
625
871
  * Hierarchical access — tier-aware keyring helpers.
@@ -708,6 +954,23 @@ interface VaultDiffEntry<T = unknown> {
708
954
  readonly collection: string;
709
955
  readonly id: string;
710
956
  readonly record: T;
957
+ /**
958
+ * Unencrypted envelope metadata for the RECEIVER-side record.
959
+ * Populated only when `diffVault` is called with `{includeMetadata: true}`.
960
+ * Default: `undefined` (zero extra reads, no behavior change).
961
+ *
962
+ * Populated for `modified` (the CURRENT receiver state, before the candidate
963
+ * is applied) and `deleted` (the receiver envelope of the record being
964
+ * removed). `added` entries have no receiver envelope at diff time, so their
965
+ * `metadata` is always absent.
966
+ */
967
+ readonly metadata?: {
968
+ readonly version: number;
969
+ readonly timestamp: string;
970
+ readonly by?: string;
971
+ readonly source?: string;
972
+ readonly sourceTs?: string;
973
+ };
711
974
  }
712
975
  /** Modified records carry both halves of the diff plus the field-level breakdown. */
713
976
  interface VaultDiffModifiedEntry<T = unknown> extends VaultDiffEntry<T> {
@@ -754,6 +1017,15 @@ interface DiffOptions {
754
1017
  readonly compareFn?: (a: unknown, b: unknown) => boolean;
755
1018
  /** If true, include unchanged records in the diff (off by default to save memory). */
756
1019
  readonly includeUnchanged?: boolean;
1020
+ /**
1021
+ * When `true`, each entry in `added`, `modified`, and `deleted` will carry a
1022
+ * `metadata` field with the RECEIVER-side envelope metadata
1023
+ * (`version`, `timestamp`, `by?`, `source?`, `sourceTs?`).
1024
+ *
1025
+ * Off by default — no extra adapter reads, no behavior change for existing callers.
1026
+ * (FR-5 read surface, #445)
1027
+ */
1028
+ readonly includeMetadata?: boolean;
757
1029
  }
758
1030
  /**
759
1031
  * Candidate state to diff the vault against:
@@ -775,4 +1047,4 @@ type DiffCandidate<T = unknown> = Vault | Record<string, readonly T[]> | string;
775
1047
  */
776
1048
  declare function diffVault<T = unknown>(vault: Vault, candidate: DiffCandidate<T>, options?: DiffOptions): Promise<VaultDiff<T>>;
777
1049
 
778
- export { ActiveTier, type CheckGateContext, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, FactorProof, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, SCHEMAS_COLLECTION, STRICT_POLICY, SchemaUpdateStrategy, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, assertTierAccess, base64ToBuffer, blindUpdate, bufferToBase64, checkGate, coordinatedCutover, decryptBytes, decryptDeterministic, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, derivePresenceKey, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, encryptBytes, encryptDeterministic, estimateRecordBytes, isZodSchema, listUserEnvelopeIds, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, visibilityRecordId };
1050
+ export { ActiveTier, type AllocateOptions, type CheckGateContext, DEED_RECORD_ID, DEFAULT_FRESHNESS_MS, DIRECTORY_RECORD_ID, type DeedMarker, type DiffCandidate, DiffEntry, type DiffOptions, DirectoryConfig, EncryptedEnvelope, FactorProof, type FxRates, GateName, GatePolicy, META_COLLECTION, ManagedRecoveryNotEnrolledError, type MoneyString, type MulRateOptions, NoydbError, NoydbStore, PERSONAL_POLICY, POLICY_RECORD_ID, PUBLIC_ENVELOPE_RECORD_ID, type PersistSchemaResult, PersistedSchemaEnvelope, PolicyDeniedError, type PolicyDenyReason, PublicEnvelope, RecoveryNotEnrolledError, RecoveryProfileNotImplementedError, RoundingMode, SCHEMAS_COLLECTION, STATE_VAULT_NAME, STRICT_POLICY, SchemaUpdateStrategy, SealingKeyProvider, type Tokenizer, UnlockedKeyring, UpdateDecision, UserEnvelope, UserVisibility, VISIBILITY_RECORD_PREFIX, Vault, type VaultDiff, type VaultDiffEntry, type VaultDiffModifiedEntry, VaultPolicy, additiveOnly, allocate, asMoney, assertTierAccess, blindUpdate, checkGate, coordinatedCutover, createDeedOwner, dekKey, deleteUserEnvelope, deleteUserVisibility, derivePersistedSchema, describeAllUsersAuth, describeAuthConfig, describeGate, describeUserAuth, diagramAuthConfig, diffVault, effectiveClearance, estimateRecordBytes, isDeedVault, isMoneyString, isZodSchema, listUserEnvelopeIds, loadDeedMarker, loadPersistedSchema, loadPublicEnvelope, loadUserEnvelope, loadVaultPolicy, lockSchema, mergePolicy, moneyNumber, mulRate, parseBytes, persistDirectoryConfig, persistSchemaIfNeeded, persistUserVisibility, readDirectoryConfig, readPlaintextRecord, readPublicEnvelope, readUserVisibility, savePersistedSchema, savePublicEnvelope, saveUserEnvelope, saveVaultPolicy, scaleForCurrency, tokenize, visibilityRecordId };