@noy-db/hub 0.2.0-pre.3 → 0.2.0-pre.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/dist/adapter/index.d.ts +9 -0
- package/dist/adapter/index.js +14 -0
- package/dist/aggregate/index.d.ts +3 -2
- package/dist/aggregate/index.js +10 -8
- package/dist/aggregate/index.js.map +1 -1
- package/dist/attestation/index.d.ts +7 -5
- package/dist/attestation/index.js +7 -6
- package/dist/attestation/index.js.map +1 -1
- package/dist/blobs/index.d.ts +9 -7
- package/dist/blobs/index.js +12 -6
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +29 -18
- package/dist/bundle/index.js +53 -192
- package/dist/bundle/index.js.map +1 -1
- package/dist/{chunk-75QDHSE4.js → chunk-2QDWRK3B.js} +5 -5
- package/dist/{chunk-74JEQFMT.js → chunk-2UT7HJJR.js} +5 -5
- package/dist/chunk-2UT7HJJR.js.map +1 -0
- package/dist/{chunk-FCDO7UAO.js → chunk-2ZYIN3BL.js} +2 -2
- package/dist/{chunk-BFI3RS42.js → chunk-33EQCZXE.js} +2 -2
- package/dist/chunk-33EQCZXE.js.map +1 -0
- package/dist/{chunk-WRLHNG6H.js → chunk-4K4QKYK4.js} +4 -4
- package/dist/chunk-4K4QKYK4.js.map +1 -0
- package/dist/{chunk-HGZ7DC5H.js → chunk-4L6N56B4.js} +2 -2
- package/dist/chunk-4L6N56B4.js.map +1 -0
- package/dist/{chunk-YMYK7US4.js → chunk-4YD7VZH4.js} +2 -2
- package/dist/chunk-4YD7VZH4.js.map +1 -0
- package/dist/{chunk-ZUMGGHRB.js → chunk-5PTX7PKD.js} +4 -4
- package/dist/{chunk-QAU5HM6Q.js → chunk-6EKRQ7QF.js} +3 -3
- package/dist/{chunk-ZC2AAE6J.js → chunk-7GPQPLGO.js} +19 -4
- package/dist/chunk-7GPQPLGO.js.map +1 -0
- package/dist/{chunk-EPK6A3WJ.js → chunk-A3JMGXPG.js} +2 -2
- package/dist/chunk-A3JMGXPG.js.map +1 -0
- package/dist/{chunk-FXQYZNOW.js → chunk-A7DNZVAV.js} +1 -1
- package/dist/chunk-A7DNZVAV.js.map +1 -0
- package/dist/{chunk-UMLVJTYV.js → chunk-ADB7GPM3.js} +7 -4
- package/dist/chunk-ADB7GPM3.js.map +1 -0
- package/dist/{chunk-YL2DR3HY.js → chunk-ASIGWYRA.js} +2 -2
- package/dist/chunk-ASIGWYRA.js.map +1 -0
- package/dist/{chunk-2EYC3WDT.js → chunk-AWU4JF7C.js} +93 -93
- package/dist/chunk-AWU4JF7C.js.map +1 -0
- package/dist/chunk-BEZ2EV43.js +129 -0
- package/dist/chunk-BEZ2EV43.js.map +1 -0
- package/dist/{chunk-IS5HWQO7.js → chunk-CIZDUAHI.js} +30 -4
- package/dist/chunk-CIZDUAHI.js.map +1 -0
- package/dist/{chunk-4OQWR46B.js → chunk-CUPTCF4R.js} +5 -5
- package/dist/chunk-CUPTCF4R.js.map +1 -0
- package/dist/{chunk-5ZGZ6HIZ.js → chunk-DEE4CRYN.js} +30 -7
- package/dist/chunk-DEE4CRYN.js.map +1 -0
- package/dist/{chunk-UOF74WQY.js → chunk-E2MDPPOC.js} +37 -2
- package/dist/chunk-E2MDPPOC.js.map +1 -0
- package/dist/{chunk-SAVQ6E2O.js → chunk-FFKQ65YX.js} +10 -3
- package/dist/chunk-FFKQ65YX.js.map +1 -0
- package/dist/{chunk-2XLVPKXG.js → chunk-G7ALNCQH.js} +10 -2
- package/dist/chunk-G7ALNCQH.js.map +1 -0
- package/dist/chunk-GGXN73NM.js +252 -0
- package/dist/chunk-GGXN73NM.js.map +1 -0
- package/dist/{chunk-UVPGJXVO.js → chunk-JOJPBZSZ.js} +5 -5
- package/dist/{chunk-YDLAFP36.js → chunk-JZ5DS4DP.js} +346 -3
- package/dist/chunk-JZ5DS4DP.js.map +1 -0
- package/dist/{chunk-KMI2NBBF.js → chunk-K4JID2ZE.js} +44 -8
- package/dist/chunk-K4JID2ZE.js.map +1 -0
- package/dist/{aggregate/index.cjs → chunk-K6NVSHAH.js} +241 -210
- package/dist/chunk-K6NVSHAH.js.map +1 -0
- package/dist/chunk-KJ3K5VZM.js +524 -0
- package/dist/chunk-KJ3K5VZM.js.map +1 -0
- package/dist/chunk-L5HHBOMS.js +232 -0
- package/dist/chunk-L5HHBOMS.js.map +1 -0
- package/dist/{chunk-YK72A4IT.js → chunk-LBILABKZ.js} +4 -4
- package/dist/chunk-LXKBG52H.js +151 -0
- package/dist/chunk-LXKBG52H.js.map +1 -0
- package/dist/{chunk-NGSPBLLE.js → chunk-MPIZQGFA.js} +50 -20
- package/dist/chunk-MPIZQGFA.js.map +1 -0
- package/dist/{chunk-4X2S7PBF.js → chunk-MRJPSXPE.js} +84 -70
- package/dist/chunk-MRJPSXPE.js.map +1 -0
- package/dist/{chunk-6S3LLAQ5.js → chunk-MSMDDDDJ.js} +3 -3
- package/dist/{chunk-6S3LLAQ5.js.map → chunk-MSMDDDDJ.js.map} +1 -1
- package/dist/{chunk-GAUBWHAF.js → chunk-OCYFFBZS.js} +4 -4
- package/dist/{chunk-NCO2JGKK.js → chunk-PDVP3C2I.js} +1 -1
- package/dist/chunk-PDVP3C2I.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/{chunk-P6256WTJ.js → chunk-QBLPY44S.js} +3 -3
- package/dist/chunk-QBLPY44S.js.map +1 -0
- package/dist/{query/index.cjs → chunk-QGBBQKDS.js} +706 -831
- package/dist/chunk-QGBBQKDS.js.map +1 -0
- package/dist/{chunk-FS7A4XNF.js → chunk-QWJCNXH2.js} +3 -3
- package/dist/chunk-QXWJQ7UU.js +380 -0
- package/dist/chunk-QXWJQ7UU.js.map +1 -0
- package/dist/{chunk-GDTCGIPX.js → chunk-RCB6GWTC.js} +27 -5
- package/dist/chunk-RCB6GWTC.js.map +1 -0
- package/dist/{chunk-K5PVGKE4.js → chunk-SAAJYSVV.js} +2 -2
- package/dist/{chunk-G7PAZ3TD.js → chunk-SHJ3BRTZ.js} +46 -10
- package/dist/chunk-SHJ3BRTZ.js.map +1 -0
- package/dist/chunk-SQXTKZL7.js +125 -0
- package/dist/chunk-SQXTKZL7.js.map +1 -0
- package/dist/chunk-STNPB3UM.js +9 -0
- package/dist/chunk-STNPB3UM.js.map +1 -0
- package/dist/{chunk-NSLTPGEN.js → chunk-TMUMMAWV.js} +12 -2
- package/dist/{chunk-NSLTPGEN.js.map → chunk-TMUMMAWV.js.map} +1 -1
- package/dist/{chunk-LS3JLEIB.js → chunk-TZGWI5AX.js} +4 -4
- package/dist/{chunk-GD3BGKAR.js → chunk-UBF5JEOJ.js} +44 -5
- package/dist/chunk-UBF5JEOJ.js.map +1 -0
- package/dist/{chunk-T6HQMVML.js → chunk-W5NVNJDX.js} +5250 -801
- package/dist/chunk-W5NVNJDX.js.map +1 -0
- package/dist/chunk-XAYDHD2O.js +123 -0
- package/dist/chunk-XAYDHD2O.js.map +1 -0
- package/dist/{chunk-LOL725S4.js → chunk-XYW2CSCI.js} +31 -3
- package/dist/chunk-XYW2CSCI.js.map +1 -0
- package/dist/{chunk-TLFUDXVV.js → chunk-ZCMOS4H2.js} +31 -10
- package/dist/chunk-ZCMOS4H2.js.map +1 -0
- package/dist/{chunk-FBMXWVGP.js → chunk-ZK66B5EY.js} +450 -30
- package/dist/chunk-ZK66B5EY.js.map +1 -0
- package/dist/{chunk-GVXBHCZ2.js → chunk-ZPJSQPQH.js} +66 -7
- package/dist/chunk-ZPJSQPQH.js.map +1 -0
- package/dist/consent/index.d.ts +8 -6
- package/dist/consent/index.js +4 -3
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.js +1 -0
- package/dist/crdt/index.js.map +1 -1
- package/dist/{crypto-H2Y3DDFW.js → crypto-OSIV2IIW.js} +8 -3
- package/dist/{ulid-CiM2OAeM.d.ts → decrypt-partition-CXS5KopB.d.ts} +37 -82
- package/dist/{delegation-QSC7G5QC.js → delegation-BQTRJATI.js} +6 -5
- package/dist/derivations/index.d.ts +11 -9
- package/dist/derivations/index.js +9 -6
- package/dist/{dev-unlock-Cf2B7Kih.d.ts → dev-unlock-CnHTTVea.d.ts} +1 -1
- package/dist/discriminant-BN9REW3o.d.ts +60 -0
- package/dist/errors-BAWO5Z5a.d.ts +1500 -0
- package/dist/executor-KYSKFJ2R.js +9 -0
- package/dist/executor-M7W3NEKR.js +9 -0
- package/dist/executor-VDTDGWO6.js +13 -0
- package/dist/{fanout-sidecar-NRBWSLRK.js → fanout-sidecar-AZALISHB.js} +3 -2
- package/dist/fanout-sidecar-AZALISHB.js.map +1 -0
- package/dist/forget/index.d.ts +1 -0
- package/dist/forget/index.js +15 -0
- package/dist/guards/index.d.ts +16 -8
- package/dist/guards/index.js +12 -5
- package/dist/{hash-gVn_uKhp.d.ts → hash-oc5paYl0.d.ts} +1 -1
- package/dist/history/index.d.ts +9 -7
- package/dist/history/index.js +10 -7
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +8 -6
- package/dist/i18n/index.js +116 -15
- package/dist/i18n/index.js.map +1 -1
- package/dist/index-BMmajblo.d.ts +362 -0
- package/dist/index-BmhGztUi.d.ts +93 -0
- package/dist/{types-D9eB0Rvh.d.ts → index-DHn9lEP0.d.ts} +4305 -1523
- package/dist/{index-BF1B2HB9.d.ts → index-Ddm8D3Oo.d.ts} +186 -1151
- package/dist/index.d.ts +342 -70
- package/dist/index.js +420 -112
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +3 -3
- package/dist/indexing/index.js +5 -4
- package/dist/indexing/index.js.map +1 -1
- package/dist/issue-DPHRF2TI.js +13 -0
- package/dist/kernel/index.d.ts +11 -0
- package/dist/kernel/index.js +50 -0
- package/dist/{lazy-builder-Rpd-V3jP.d.ts → lazy-builder-ChSqcF5t.d.ts} +2 -2
- package/dist/{ledger-WOEJUYTP.js → ledger-CI7GSMLB.js} +7 -6
- package/dist/materialized-views/index.d.ts +23 -20
- package/dist/materialized-views/index.js +9 -7
- package/dist/mime-magic-JeLKHRng.d.ts +103 -0
- package/dist/noydb-NAU2DTFP.js +40 -0
- package/dist/overlay-views/index.d.ts +32 -12
- package/dist/overlay-views/index.js +7 -6
- package/dist/periods/index.d.ts +8 -6
- package/dist/periods/index.js +7 -6
- package/dist/{predicate-Dnu81tsS.d.cts → predicate-BmhBSPCH.d.ts} +87 -5
- package/dist/{public-envelope-OHQ5UZFM.js → public-envelope-MFMBFJLZ.js} +5 -4
- package/dist/query/index.d.ts +4 -3
- package/dist/query/index.js +14 -6
- package/dist/read-only-facade-3OQRZ3VS.js +8 -0
- package/dist/registry-IX5WKK4F.js +8 -0
- package/dist/registry-LMHO5265.js +11 -0
- package/dist/registry-TXCKWH26.js +9 -0
- package/dist/registry-VFEDQSYV.js +9 -0
- package/dist/revoke-5PUOZPJJ.js +18 -0
- package/dist/revoke-5PUOZPJJ.js.map +1 -0
- package/dist/sealed-record/index.d.ts +123 -0
- package/dist/sealed-record/index.js +43 -0
- package/dist/sealed-record/index.js.map +1 -0
- package/dist/session/index.d.ts +9 -7
- package/dist/session/index.js +4 -3
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +8 -6
- package/dist/shadow/index.js +3 -2
- package/dist/shadow/index.js.map +1 -1
- package/dist/{signer-M4K5HBLD.js → signer-UB5TQOZ6.js} +6 -5
- package/dist/signer-UB5TQOZ6.js.map +1 -0
- package/dist/snapshots/index.d.ts +30 -0
- package/dist/snapshots/index.js +153 -0
- package/dist/snapshots/index.js.map +1 -0
- package/dist/{stale-PAGCS4K5.js → stale-J3TUF5C5.js} +3 -2
- package/dist/stale-J3TUF5C5.js.map +1 -0
- package/dist/store/index.d.ts +15 -6
- package/dist/store/index.js +3 -2
- package/dist/{strategy-DSTrsZ8t.d.ts → strategy-8QGs5KQE.d.ts} +475 -7
- package/dist/sync/index.d.ts +7 -5
- package/dist/sync/index.js +5 -4
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +8 -6
- package/dist/team/index.js +9 -8
- package/dist/transition-guard-Dy3NioQr.d.ts +165 -0
- package/dist/tx/index.d.ts +26 -8
- package/dist/tx/index.js +10 -5
- package/dist/tx/index.js.map +1 -1
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/{ulid-COREQ2RQ.js → ulid-KEPZMD2N.js} +2 -1
- package/dist/ulid-KEPZMD2N.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +6 -1
- package/dist/util/index.js.map +1 -1
- package/dist/{with-materialized-view-qtoJ3xKJ.d.ts → with-materialized-view-DIVeez0W.d.ts} +2 -2
- package/dist/{with-overlayed-view-DFaRfgMr.d.ts → with-overlayed-view-DVZrc5Hb.d.ts} +2 -2
- package/dist/with-rollup-CbU-O4wP.d.ts +47 -0
- package/dist/zod-HAJM7LMS.js +14763 -0
- package/dist/zod-HAJM7LMS.js.map +1 -0
- package/package.json +73 -191
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -38
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -52
- package/dist/blobs/index.cjs +0 -1480
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -46
- package/dist/bundle/index.cjs +0 -18561
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -176
- package/dist/chunk-2EYC3WDT.js.map +0 -1
- package/dist/chunk-2XLVPKXG.js.map +0 -1
- package/dist/chunk-4OQWR46B.js.map +0 -1
- package/dist/chunk-4UBOTYP5.js +0 -1367
- package/dist/chunk-4UBOTYP5.js.map +0 -1
- package/dist/chunk-4X2S7PBF.js.map +0 -1
- package/dist/chunk-5YHWBPOT.js +0 -19
- package/dist/chunk-5YHWBPOT.js.map +0 -1
- package/dist/chunk-5ZGZ6HIZ.js.map +0 -1
- package/dist/chunk-74JEQFMT.js.map +0 -1
- package/dist/chunk-A6SWRXUQ.js +0 -118
- package/dist/chunk-A6SWRXUQ.js.map +0 -1
- package/dist/chunk-BFI3RS42.js.map +0 -1
- package/dist/chunk-EMEX37ZN.js +0 -51
- package/dist/chunk-EMEX37ZN.js.map +0 -1
- package/dist/chunk-EPK6A3WJ.js.map +0 -1
- package/dist/chunk-FBMXWVGP.js.map +0 -1
- package/dist/chunk-FXQYZNOW.js.map +0 -1
- package/dist/chunk-G7PAZ3TD.js.map +0 -1
- package/dist/chunk-GD3BGKAR.js.map +0 -1
- package/dist/chunk-GDTCGIPX.js.map +0 -1
- package/dist/chunk-GVXBHCZ2.js.map +0 -1
- package/dist/chunk-HGZ7DC5H.js.map +0 -1
- package/dist/chunk-IS5HWQO7.js.map +0 -1
- package/dist/chunk-KMI2NBBF.js.map +0 -1
- package/dist/chunk-KYKMKLJ6.js +0 -340
- package/dist/chunk-KYKMKLJ6.js.map +0 -1
- package/dist/chunk-LOL725S4.js.map +0 -1
- package/dist/chunk-MRIBLZL3.js +0 -86
- package/dist/chunk-MRIBLZL3.js.map +0 -1
- package/dist/chunk-NCO2JGKK.js.map +0 -1
- package/dist/chunk-NGSPBLLE.js.map +0 -1
- package/dist/chunk-P6256WTJ.js.map +0 -1
- package/dist/chunk-SAVQ6E2O.js.map +0 -1
- package/dist/chunk-T6HQMVML.js.map +0 -1
- package/dist/chunk-TLFUDXVV.js.map +0 -1
- package/dist/chunk-UMLVJTYV.js.map +0 -1
- package/dist/chunk-UOF74WQY.js.map +0 -1
- package/dist/chunk-WRLHNG6H.js.map +0 -1
- package/dist/chunk-YDLAFP36.js.map +0 -1
- package/dist/chunk-YL2DR3HY.js.map +0 -1
- package/dist/chunk-YMYK7US4.js.map +0 -1
- package/dist/chunk-ZC2AAE6J.js.map +0 -1
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -25
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/derivations/index.cjs +0 -351
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -72
- package/dist/dev-unlock-De3mjQWv.d.cts +0 -263
- package/dist/executor-BZKFZVRC.js +0 -8
- package/dist/executor-GFZFDQXV.js +0 -8
- package/dist/executor-KT2IOZVP.js +0 -11
- package/dist/fanout-sidecar-NRBWSLRK.js.map +0 -1
- package/dist/guards/index.cjs +0 -322
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -31
- package/dist/hash-vBCB0-Ps.d.cts +0 -63
- package/dist/history/index.cjs +0 -1222
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -63
- package/dist/i18n/index.cjs +0 -840
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -39
- package/dist/index-DVkvrgpm.d.cts +0 -2290
- package/dist/index.cjs +0 -23590
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -778
- package/dist/indexing/index.cjs +0 -738
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/issue-BAJ7ZB4S.js +0 -12
- package/dist/lazy-builder-C-rPfWG0.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -837
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -184
- package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
- package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
- package/dist/noydb-XNQSKXGO.js +0 -34
- package/dist/overlay-views/index.cjs +0 -359
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -82
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -22
- package/dist/predicate-Dnu81tsS.d.ts +0 -185
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -3
- package/dist/read-only-facade-ITU6L7BL.js +0 -7
- package/dist/registry-2IEARCGT.js +0 -7
- package/dist/registry-CDHASH73.js +0 -10
- package/dist/registry-EMGLZGR6.js +0 -8
- package/dist/registry-NQALYR77.js +0 -8
- package/dist/revoke-7JOVLZFD.js +0 -17
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -46
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -17
- package/dist/store/index.cjs +0 -1083
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -492
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-DSTrsZ8t.d.cts +0 -601
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -43
- package/dist/team/index.cjs +0 -2798
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -118
- package/dist/tx/index.cjs +0 -544
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -21
- package/dist/types-CSLcfytP.d.cts +0 -12493
- package/dist/ulid-CG2YvAbg.d.cts +0 -603
- package/dist/util/index.cjs +0 -230
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -77
- package/dist/with-derivation-Bzpj6UTv.d.ts +0 -13
- package/dist/with-derivation-DWajFh4K.d.cts +0 -13
- package/dist/with-guard-DF_Ul3DT.d.cts +0 -18
- package/dist/with-guard-DR7U-l4v.d.ts +0 -18
- package/dist/with-materialized-view-_piodoIz.d.cts +0 -27
- package/dist/with-overlayed-view-DwzCKxn2.d.cts +0 -13
- /package/dist/{crypto-H2Y3DDFW.js.map → adapter/index.js.map} +0 -0
- /package/dist/{chunk-75QDHSE4.js.map → chunk-2QDWRK3B.js.map} +0 -0
- /package/dist/{chunk-FCDO7UAO.js.map → chunk-2ZYIN3BL.js.map} +0 -0
- /package/dist/{chunk-ZUMGGHRB.js.map → chunk-5PTX7PKD.js.map} +0 -0
- /package/dist/{chunk-QAU5HM6Q.js.map → chunk-6EKRQ7QF.js.map} +0 -0
- /package/dist/{chunk-UVPGJXVO.js.map → chunk-JOJPBZSZ.js.map} +0 -0
- /package/dist/{chunk-YK72A4IT.js.map → chunk-LBILABKZ.js.map} +0 -0
- /package/dist/{chunk-GAUBWHAF.js.map → chunk-OCYFFBZS.js.map} +0 -0
- /package/dist/{delegation-QSC7G5QC.js.map → chunk-PZ5AY32C.js.map} +0 -0
- /package/dist/{chunk-FS7A4XNF.js.map → chunk-QWJCNXH2.js.map} +0 -0
- /package/dist/{chunk-K5PVGKE4.js.map → chunk-SAAJYSVV.js.map} +0 -0
- /package/dist/{chunk-LS3JLEIB.js.map → chunk-TZGWI5AX.js.map} +0 -0
- /package/dist/{executor-BZKFZVRC.js.map → crypto-OSIV2IIW.js.map} +0 -0
- /package/dist/{executor-GFZFDQXV.js.map → delegation-BQTRJATI.js.map} +0 -0
- /package/dist/{executor-KT2IOZVP.js.map → executor-KYSKFJ2R.js.map} +0 -0
- /package/dist/{issue-BAJ7ZB4S.js.map → executor-M7W3NEKR.js.map} +0 -0
- /package/dist/{ledger-WOEJUYTP.js.map → executor-VDTDGWO6.js.map} +0 -0
- /package/dist/{noydb-XNQSKXGO.js.map → forget/index.js.map} +0 -0
- /package/dist/{public-envelope-OHQ5UZFM.js.map → issue-DPHRF2TI.js.map} +0 -0
- /package/dist/{read-only-facade-ITU6L7BL.js.map → kernel/index.js.map} +0 -0
- /package/dist/{registry-2IEARCGT.js.map → ledger-CI7GSMLB.js.map} +0 -0
- /package/dist/{registry-CDHASH73.js.map → noydb-NAU2DTFP.js.map} +0 -0
- /package/dist/{registry-EMGLZGR6.js.map → public-envelope-MFMBFJLZ.js.map} +0 -0
- /package/dist/{registry-NQALYR77.js.map → read-only-facade-3OQRZ3VS.js.map} +0 -0
- /package/dist/{revoke-7JOVLZFD.js.map → registry-IX5WKK4F.js.map} +0 -0
- /package/dist/{signer-M4K5HBLD.js.map → registry-LMHO5265.js.map} +0 -0
- /package/dist/{stale-PAGCS4K5.js.map → registry-TXCKWH26.js.map} +0 -0
- /package/dist/{ulid-COREQ2RQ.js.map → registry-VFEDQSYV.js.map} +0 -0
package/dist/team/index.d.cts
DELETED
|
@@ -1,118 +0,0 @@
|
|
|
1
|
-
import { aO as NoydbStore, aM as UnlockedKeyring } from '../types-CSLcfytP.cjs';
|
|
2
|
-
export { bc as BundleRecipient, b$ as EnrollAuthenticatorOptions, c0 as EnrollAuthenticatorWrappingDEKsOptions, c1 as EnrollAuthenticatorWrappingKEKOptions, cw as ListUsersOptions, cV as PaperRecoveryEntry, d1 as PresenceHandle, dm as RecoverPassphraseInput, dn as RecoverPassphraseResult, dp as RecoverUserOptions, dq as RecoveryProof, dt as RotatePassphraseInput, dF as SlotRewrapCeremony, dG as SlotRewrapContext, dN as SyncEngine, dV as SyncTransaction, e6 as UpdateAuthenticatorOptions, el as WrappedDeksBlob, er as buildRecipientKeyringFile, es as burnPaperRecoveryEntry, fb as changeSecret, fc as createOwnerKeyring, ev as deriveMagicLinkContentKey, ew as enrollAuthenticator, fd as ensureCollectionDEK, ey as evaluateExportCapability, ez as evaluateImportCapability, eA as findAuthenticator, fe as grant, eB as hasExportCapability, eC as hasImportCapability, eE as isMagicLinkGrantExpired, eJ as listMagicLinkGrants, eK as listUsers, eL as listUsersWithEnvelopes, ff as loadKeyring, eN as loadPaperRecoveryEntries, eQ as magicLinkGrantRecordId, eR as mintPaperRecoveryEntry, eT as mintWrappedDeksBlob, fg as persistKeyring, eV as readMagicLinkGrantRecord, eH as recoverPassphrase, eW as recoverUser, eX as removeAuthenticator, fh as revoke, e_ as revokeMagicLinkGrant, eI as rotatePassphrase, e$ as savePaperRecoveryEntries, f2 as unwrapDeksFromBlob, f3 as unwrapDeksFromPaperEntry, f5 as unwrapMagicLinkGrant, fi as updateAuthenticator, fj as updateKeyringIdentity, fa as writeMagicLinkGrant } from '../types-CSLcfytP.cjs';
|
|
3
|
-
import '../lazy-builder-C-rPfWG0.cjs';
|
|
4
|
-
import '../predicate-Dnu81tsS.cjs';
|
|
5
|
-
import '../strategy-DSTrsZ8t.cjs';
|
|
6
|
-
import '../strategy-BSxFXGzb.cjs';
|
|
7
|
-
import '../index-DVkvrgpm.cjs';
|
|
8
|
-
import '@noy-db/attestation';
|
|
9
|
-
|
|
10
|
-
/**
|
|
11
|
-
* _sync_credentials reserved collection —
|
|
12
|
-
*
|
|
13
|
-
* Stores per-adapter OAuth tokens (and any other long-lived sync secrets) as
|
|
14
|
-
* encrypted records inside the vault itself. Tokens are wrapped with the
|
|
15
|
-
* compartment's own DEK, live on disk as ciphertext like any other record, and
|
|
16
|
-
* are accessed only through the dedicated API in this module — never via
|
|
17
|
-
* `vault.collection('_sync_credentials')`.
|
|
18
|
-
*
|
|
19
|
-
* Design decisions
|
|
20
|
-
* ────────────────
|
|
21
|
-
*
|
|
22
|
-
* **Why a reserved collection, not a separate store?**
|
|
23
|
-
* The compartment's existing encryption stack (AES-256-GCM + collection DEK)
|
|
24
|
-
* is exactly the right primitive for protecting OAuth tokens at rest. Using a
|
|
25
|
-
* separate store would require a new encryption surface, new adapter calls,
|
|
26
|
-
* and a new backup/restore path — all of which already exist for collections.
|
|
27
|
-
*
|
|
28
|
-
* **Why not exposed as a regular collection?**
|
|
29
|
-
* The same reason `_keyring` and `_ledger` aren't: they have invariants that
|
|
30
|
-
* must be enforced (naming scheme, no cross-user leakage, no schema
|
|
31
|
-
* validation, no history/ledger writes for privacy). Routing through a
|
|
32
|
-
* dedicated API enforces those invariants.
|
|
33
|
-
*
|
|
34
|
-
* **Token lifecycle:**
|
|
35
|
-
* - `putCredential(vault, adapterId, token)` — store or overwrite
|
|
36
|
-
* - `getCredential(vault, adapterId)` — load and decrypt
|
|
37
|
-
* - `deleteCredential(vault, adapterId)` — remove
|
|
38
|
-
* - `listCredentials(vault)` — enumerate adapter IDs (not tokens)
|
|
39
|
-
*
|
|
40
|
-
* The `adapterId` is the record ID within the `_sync_credentials` collection.
|
|
41
|
-
* It should be a stable, human-readable identifier for the adapter instance
|
|
42
|
-
* (e.g. `'google-drive'`, `'dropbox'`, `'s3-prod'`).
|
|
43
|
-
*
|
|
44
|
-
* **ACL:** only `owner` and `admin` roles can read/write sync credentials.
|
|
45
|
-
* Operators, viewers, and clients cannot call this API. The check is made
|
|
46
|
-
* against the caller's keyring role at call time.
|
|
47
|
-
*/
|
|
48
|
-
|
|
49
|
-
/** The reserved collection name. Never collides with user collections. */
|
|
50
|
-
declare const SYNC_CREDENTIALS_COLLECTION = "_sync_credentials";
|
|
51
|
-
/**
|
|
52
|
-
* An OAuth/auth token stored in `_sync_credentials`.
|
|
53
|
-
*
|
|
54
|
-
* Fields mirror the OAuth2 token response shape. `customData` is an escape
|
|
55
|
-
* hatch for adapter-specific secrets (API keys, connection strings, etc.)
|
|
56
|
-
* that don't fit the OAuth2 shape.
|
|
57
|
-
*/
|
|
58
|
-
interface SyncCredential {
|
|
59
|
-
/** Stable identifier for the adapter instance (e.g. 'google-drive'). */
|
|
60
|
-
readonly adapterId: string;
|
|
61
|
-
/** OAuth token type, usually 'Bearer'. */
|
|
62
|
-
readonly tokenType: string;
|
|
63
|
-
/** The access token. Expires at `expiresAt` if set. */
|
|
64
|
-
readonly accessToken: string;
|
|
65
|
-
/** Long-lived refresh token for renewing the access token. */
|
|
66
|
-
readonly refreshToken?: string;
|
|
67
|
-
/** ISO timestamp when `accessToken` expires. Absent means "no expiry". */
|
|
68
|
-
readonly expiresAt?: string;
|
|
69
|
-
/** Space-separated OAuth scopes. */
|
|
70
|
-
readonly scopes?: string;
|
|
71
|
-
/** Adapter-specific opaque data (API keys, endpoints, etc.). */
|
|
72
|
-
readonly customData?: Record<string, string>;
|
|
73
|
-
}
|
|
74
|
-
/**
|
|
75
|
-
* Store or overwrite a sync credential for the given adapter.
|
|
76
|
-
*
|
|
77
|
-
* The credential is encrypted with the `_sync_credentials` collection DEK
|
|
78
|
-
* (auto-generated on first use). The record ID is the `adapterId`.
|
|
79
|
-
*
|
|
80
|
-
* Requires owner or admin role.
|
|
81
|
-
*/
|
|
82
|
-
declare function putCredential(adapter: NoydbStore, vault: string, keyring: UnlockedKeyring, credential: SyncCredential): Promise<void>;
|
|
83
|
-
/**
|
|
84
|
-
* Load and decrypt a sync credential for the given adapter ID.
|
|
85
|
-
*
|
|
86
|
-
* Returns `null` if no credential exists for this adapter.
|
|
87
|
-
* Requires owner or admin role.
|
|
88
|
-
*/
|
|
89
|
-
declare function getCredential(adapter: NoydbStore, vault: string, keyring: UnlockedKeyring, adapterId: string): Promise<SyncCredential | null>;
|
|
90
|
-
/**
|
|
91
|
-
* Delete a sync credential by adapter ID.
|
|
92
|
-
*
|
|
93
|
-
* No-op if the credential doesn't exist. Requires owner or admin role.
|
|
94
|
-
*/
|
|
95
|
-
declare function deleteCredential(adapter: NoydbStore, vault: string, keyring: UnlockedKeyring, adapterId: string): Promise<void>;
|
|
96
|
-
/**
|
|
97
|
-
* List all adapter IDs that have stored credentials.
|
|
98
|
-
*
|
|
99
|
-
* Returns only the IDs, never the credential payloads. Useful for
|
|
100
|
-
* displaying "connected adapters" in UI without decrypting tokens.
|
|
101
|
-
* Requires owner or admin role.
|
|
102
|
-
*/
|
|
103
|
-
declare function listCredentials(adapter: NoydbStore, vault: string, keyring: UnlockedKeyring): Promise<string[]>;
|
|
104
|
-
/**
|
|
105
|
-
* Check whether a credential exists and whether its access token has expired.
|
|
106
|
-
*
|
|
107
|
-
* Returns `{ exists: false }` if no credential is stored, or
|
|
108
|
-
* `{ exists: true, expired: boolean }` based on the `expiresAt` field.
|
|
109
|
-
* Requires owner or admin role.
|
|
110
|
-
*/
|
|
111
|
-
declare function credentialStatus(adapter: NoydbStore, vault: string, keyring: UnlockedKeyring, adapterId: string): Promise<{
|
|
112
|
-
exists: false;
|
|
113
|
-
} | {
|
|
114
|
-
exists: true;
|
|
115
|
-
expired: boolean;
|
|
116
|
-
}>;
|
|
117
|
-
|
|
118
|
-
export { SYNC_CREDENTIALS_COLLECTION, type SyncCredential, UnlockedKeyring, credentialStatus, deleteCredential, getCredential, listCredentials, putCredential };
|
package/dist/tx/index.cjs
DELETED
|
@@ -1,544 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __esm = (fn, res) => function __init() {
|
|
7
|
-
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
8
|
-
};
|
|
9
|
-
var __export = (target, all) => {
|
|
10
|
-
for (var name in all)
|
|
11
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
12
|
-
};
|
|
13
|
-
var __copyProps = (to, from, except, desc) => {
|
|
14
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
15
|
-
for (let key of __getOwnPropNames(from))
|
|
16
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
17
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
18
|
-
}
|
|
19
|
-
return to;
|
|
20
|
-
};
|
|
21
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
22
|
-
|
|
23
|
-
// src/errors.ts
|
|
24
|
-
var NoydbError, FieldFrozenError, InvariantError, AmendmentForbiddenError, ConflictError, ValidationError;
|
|
25
|
-
var init_errors = __esm({
|
|
26
|
-
"src/errors.ts"() {
|
|
27
|
-
"use strict";
|
|
28
|
-
NoydbError = class extends Error {
|
|
29
|
-
/** Machine-readable error code. Stable across library versions. */
|
|
30
|
-
code;
|
|
31
|
-
constructor(code, message) {
|
|
32
|
-
super(message);
|
|
33
|
-
this.name = "NoydbError";
|
|
34
|
-
this.code = code;
|
|
35
|
-
}
|
|
36
|
-
};
|
|
37
|
-
FieldFrozenError = class extends NoydbError {
|
|
38
|
-
collection;
|
|
39
|
-
id;
|
|
40
|
-
fields;
|
|
41
|
-
constructor(collection, id, fields) {
|
|
42
|
-
super(
|
|
43
|
-
"FIELD_FROZEN",
|
|
44
|
-
`Cannot change frozen field(s) on ${collection}/${id}: ${fields.join(", ")}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
|
|
45
|
-
);
|
|
46
|
-
this.name = "FieldFrozenError";
|
|
47
|
-
this.collection = collection;
|
|
48
|
-
this.id = id;
|
|
49
|
-
this.fields = fields;
|
|
50
|
-
}
|
|
51
|
-
};
|
|
52
|
-
InvariantError = class extends NoydbError {
|
|
53
|
-
constructor(message) {
|
|
54
|
-
super("INVARIANT_VIOLATED", message);
|
|
55
|
-
this.name = "InvariantError";
|
|
56
|
-
}
|
|
57
|
-
};
|
|
58
|
-
AmendmentForbiddenError = class extends NoydbError {
|
|
59
|
-
userId;
|
|
60
|
-
role;
|
|
61
|
-
constructor(userId, role) {
|
|
62
|
-
super(
|
|
63
|
-
"AMENDMENT_FORBIDDEN",
|
|
64
|
-
`User "${userId}" with role "${role}" cannot open an amendment transaction. Amendments require admin or owner role.`
|
|
65
|
-
);
|
|
66
|
-
this.name = "AmendmentForbiddenError";
|
|
67
|
-
this.userId = userId;
|
|
68
|
-
this.role = role;
|
|
69
|
-
}
|
|
70
|
-
};
|
|
71
|
-
ConflictError = class extends NoydbError {
|
|
72
|
-
/** The actual stored version at the time of conflict. */
|
|
73
|
-
version;
|
|
74
|
-
constructor(version, message = "Version conflict") {
|
|
75
|
-
super("CONFLICT", message);
|
|
76
|
-
this.name = "ConflictError";
|
|
77
|
-
this.version = version;
|
|
78
|
-
}
|
|
79
|
-
};
|
|
80
|
-
ValidationError = class extends NoydbError {
|
|
81
|
-
constructor(message = "Validation error") {
|
|
82
|
-
super("VALIDATION_ERROR", message);
|
|
83
|
-
this.name = "ValidationError";
|
|
84
|
-
}
|
|
85
|
-
};
|
|
86
|
-
}
|
|
87
|
-
});
|
|
88
|
-
|
|
89
|
-
// src/guards/executor.ts
|
|
90
|
-
var executor_exports = {};
|
|
91
|
-
__export(executor_exports, {
|
|
92
|
-
GuardExecutor: () => GuardExecutor
|
|
93
|
-
});
|
|
94
|
-
function deepEqual(a, b) {
|
|
95
|
-
if (a === b) return true;
|
|
96
|
-
if (a === null || b === null) return a === b;
|
|
97
|
-
if (typeof a !== typeof b) return false;
|
|
98
|
-
if (typeof a !== "object") return a === b;
|
|
99
|
-
if (Array.isArray(a) !== Array.isArray(b)) return false;
|
|
100
|
-
if (Array.isArray(a)) {
|
|
101
|
-
const aa = a;
|
|
102
|
-
const bb = b;
|
|
103
|
-
if (aa.length !== bb.length) return false;
|
|
104
|
-
for (let i = 0; i < aa.length; i++) if (!deepEqual(aa[i], bb[i])) return false;
|
|
105
|
-
return true;
|
|
106
|
-
}
|
|
107
|
-
const ao = a;
|
|
108
|
-
const bo = b;
|
|
109
|
-
const ak = Object.keys(ao);
|
|
110
|
-
const bk = Object.keys(bo);
|
|
111
|
-
if (ak.length !== bk.length) return false;
|
|
112
|
-
for (const k of ak) {
|
|
113
|
-
if (!Object.prototype.hasOwnProperty.call(bo, k)) return false;
|
|
114
|
-
if (!deepEqual(ao[k], bo[k])) return false;
|
|
115
|
-
}
|
|
116
|
-
return true;
|
|
117
|
-
}
|
|
118
|
-
var GuardExecutor;
|
|
119
|
-
var init_executor = __esm({
|
|
120
|
-
"src/guards/executor.ts"() {
|
|
121
|
-
"use strict";
|
|
122
|
-
init_errors();
|
|
123
|
-
GuardExecutor = {
|
|
124
|
-
/**
|
|
125
|
-
* Compare existing vs incoming for each `frozenFields.fields` entry
|
|
126
|
-
* when `frozenFields.when(existing)` is true. Throws
|
|
127
|
-
* `FieldFrozenError` listing every changed frozen field.
|
|
128
|
-
*/
|
|
129
|
-
async checkFrozenFields(guard, id, existing, incoming) {
|
|
130
|
-
const ff = guard.frozenFields;
|
|
131
|
-
if (!ff) return;
|
|
132
|
-
if (existing === null) return;
|
|
133
|
-
if (!ff.when(existing)) return;
|
|
134
|
-
const changed = [];
|
|
135
|
-
for (const f of ff.fields) {
|
|
136
|
-
if (existing[f] !== incoming[f]) {
|
|
137
|
-
if (!deepEqual(existing[f], incoming[f])) changed.push(String(f));
|
|
138
|
-
}
|
|
139
|
-
}
|
|
140
|
-
if (changed.length > 0) {
|
|
141
|
-
throw new FieldFrozenError(guard.collection, id, changed);
|
|
142
|
-
}
|
|
143
|
-
},
|
|
144
|
-
/**
|
|
145
|
-
* Run a single guard's invariant over its slice of the change-set.
|
|
146
|
-
* Any throw is converted to `InvariantError` unless it already is one.
|
|
147
|
-
*/
|
|
148
|
-
async runInvariant(guard, changes, ctx) {
|
|
149
|
-
const amendment = guard.amendment;
|
|
150
|
-
if (!amendment) return;
|
|
151
|
-
try {
|
|
152
|
-
await amendment.invariant(changes, ctx);
|
|
153
|
-
} catch (err) {
|
|
154
|
-
if (err instanceof InvariantError) throw err;
|
|
155
|
-
throw new InvariantError(
|
|
156
|
-
err instanceof Error ? err.message : `invariant violated: ${String(err)}`
|
|
157
|
-
);
|
|
158
|
-
}
|
|
159
|
-
}
|
|
160
|
-
};
|
|
161
|
-
}
|
|
162
|
-
});
|
|
163
|
-
|
|
164
|
-
// src/tx/index.ts
|
|
165
|
-
var tx_exports = {};
|
|
166
|
-
__export(tx_exports, {
|
|
167
|
-
TxCollection: () => TxCollection,
|
|
168
|
-
TxContext: () => TxContext,
|
|
169
|
-
TxVault: () => TxVault,
|
|
170
|
-
runTransaction: () => runTransaction,
|
|
171
|
-
withTransactions: () => withTransactions
|
|
172
|
-
});
|
|
173
|
-
module.exports = __toCommonJS(tx_exports);
|
|
174
|
-
|
|
175
|
-
// src/tx/transaction.ts
|
|
176
|
-
init_errors();
|
|
177
|
-
|
|
178
|
-
// src/bundle/ulid.ts
|
|
179
|
-
var CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
|
|
180
|
-
function encodeBase32(value, length) {
|
|
181
|
-
let out = "";
|
|
182
|
-
let v = value;
|
|
183
|
-
for (let i = 0; i < length; i++) {
|
|
184
|
-
out = CROCKFORD_ALPHABET[v % 32] + out;
|
|
185
|
-
v = Math.floor(v / 32);
|
|
186
|
-
}
|
|
187
|
-
return out;
|
|
188
|
-
}
|
|
189
|
-
function generateULID() {
|
|
190
|
-
const now = Date.now();
|
|
191
|
-
const timestampHigh = Math.floor(now / 16777216);
|
|
192
|
-
const timestampLow = now & 16777215;
|
|
193
|
-
const tsPart = encodeBase32(timestampHigh, 5) + encodeBase32(timestampLow, 5);
|
|
194
|
-
const randBytes = new Uint8Array(10);
|
|
195
|
-
crypto.getRandomValues(randBytes);
|
|
196
|
-
const rand1 = randBytes[0] * 2 ** 32 + (randBytes[1] << 24 >>> 0) + (randBytes[2] << 16) + (randBytes[3] << 8) + randBytes[4];
|
|
197
|
-
const rand2 = randBytes[5] * 2 ** 32 + (randBytes[6] << 24 >>> 0) + (randBytes[7] << 16) + (randBytes[8] << 8) + randBytes[9];
|
|
198
|
-
const randPart = encodeBase32(rand1, 8) + encodeBase32(rand2, 8);
|
|
199
|
-
return tsPart + randPart;
|
|
200
|
-
}
|
|
201
|
-
|
|
202
|
-
// src/tx/transaction.ts
|
|
203
|
-
var TxContext = class {
|
|
204
|
-
/** Stable id for this transaction; shared by all writes it performs (#230). */
|
|
205
|
-
txId = generateULID();
|
|
206
|
-
/** @internal */
|
|
207
|
-
_ops = [];
|
|
208
|
-
/**
|
|
209
|
-
* @internal — write log built up in Phase 2. Each entry records the
|
|
210
|
-
* envelope captured BEFORE the write so a mid-batch failure can
|
|
211
|
-
* restore prior state via `revertExecuted`. Side-effect writes (e.g.
|
|
212
|
-
* recursive derivation outputs fired inside `Collection.put`) are
|
|
213
|
-
* appended here in execution order so they roll back alongside the
|
|
214
|
-
* main staged ops (#133).
|
|
215
|
-
*/
|
|
216
|
-
_executed = [];
|
|
217
|
-
/** @internal */
|
|
218
|
-
_db;
|
|
219
|
-
/**
|
|
220
|
-
* @internal — true when this TxContext was opened in amendment
|
|
221
|
-
* mode. Toggles the lazy-`beginAmendment` + role-check path on first
|
|
222
|
-
* `tx.vault(name)` and unlocks the post-Phase-2 invariant + audit run.
|
|
223
|
-
*/
|
|
224
|
-
_amendment;
|
|
225
|
-
/** @internal — vaults that have already had `beginAmendment` called. */
|
|
226
|
-
_amendmentVaults = /* @__PURE__ */ new Map();
|
|
227
|
-
/** @internal */
|
|
228
|
-
constructor(db, amendment = false) {
|
|
229
|
-
this._db = db;
|
|
230
|
-
this._amendment = amendment;
|
|
231
|
-
}
|
|
232
|
-
/** Scope subsequent `collection()` calls to the named vault. */
|
|
233
|
-
vault(name) {
|
|
234
|
-
const v = this._db.vault(name);
|
|
235
|
-
if (this._amendment && !this._amendmentVaults.has(name)) {
|
|
236
|
-
const role = v.role;
|
|
237
|
-
if (role !== "admin" && role !== "owner") {
|
|
238
|
-
throw new AmendmentForbiddenError(v.userId, role);
|
|
239
|
-
}
|
|
240
|
-
const reg = v._getGuardRegistry();
|
|
241
|
-
if (reg === null) {
|
|
242
|
-
throw new ValidationError(
|
|
243
|
-
`Vault "${name}": amendment mode requires at least one guardStrategy registered via createNoydb({ guardStrategies }). Open the vault with guardStrategies before calling db.transaction({ amendment: true }).`
|
|
244
|
-
);
|
|
245
|
-
}
|
|
246
|
-
reg.beginAmendment();
|
|
247
|
-
this._amendmentVaults.set(name, v);
|
|
248
|
-
}
|
|
249
|
-
return new TxVault(this, v);
|
|
250
|
-
}
|
|
251
|
-
};
|
|
252
|
-
var TxVault = class {
|
|
253
|
-
/** @internal */
|
|
254
|
-
_ctx;
|
|
255
|
-
/** @internal */
|
|
256
|
-
_vault;
|
|
257
|
-
/** @internal */
|
|
258
|
-
constructor(ctx, vault) {
|
|
259
|
-
this._ctx = ctx;
|
|
260
|
-
this._vault = vault;
|
|
261
|
-
}
|
|
262
|
-
/** Scope subsequent op calls to the named collection. */
|
|
263
|
-
collection(name) {
|
|
264
|
-
const c = this._vault.collection(name);
|
|
265
|
-
return new TxCollection(this._ctx, this._vault, c, name);
|
|
266
|
-
}
|
|
267
|
-
};
|
|
268
|
-
var TxCollection = class {
|
|
269
|
-
/** @internal */
|
|
270
|
-
_ctx;
|
|
271
|
-
/** @internal */
|
|
272
|
-
_vault;
|
|
273
|
-
/** @internal */
|
|
274
|
-
_coll;
|
|
275
|
-
/** @internal */
|
|
276
|
-
_name;
|
|
277
|
-
/** @internal */
|
|
278
|
-
constructor(ctx, vault, coll, name) {
|
|
279
|
-
this._ctx = ctx;
|
|
280
|
-
this._vault = vault;
|
|
281
|
-
this._coll = coll;
|
|
282
|
-
this._name = name;
|
|
283
|
-
}
|
|
284
|
-
/**
|
|
285
|
-
* Read the current committed value, or the most-recently-staged
|
|
286
|
-
* value from the same transaction if one exists.
|
|
287
|
-
*/
|
|
288
|
-
async get(id) {
|
|
289
|
-
for (let i = this._ctx._ops.length - 1; i >= 0; i--) {
|
|
290
|
-
const op = this._ctx._ops[i];
|
|
291
|
-
if (op.vaultName === this._vault.name && op.collectionName === this._name && op.id === id) {
|
|
292
|
-
if (op.type === "delete") return null;
|
|
293
|
-
return op.record;
|
|
294
|
-
}
|
|
295
|
-
}
|
|
296
|
-
return this._coll.get(id);
|
|
297
|
-
}
|
|
298
|
-
/**
|
|
299
|
-
* Stage a put. Does not write until the transaction body returns.
|
|
300
|
-
* Supply `{ expectedVersion }` to enforce optimistic concurrency
|
|
301
|
-
* during the commit pre-flight.
|
|
302
|
-
*/
|
|
303
|
-
put(id, record, options) {
|
|
304
|
-
const op = {
|
|
305
|
-
type: "put",
|
|
306
|
-
vaultName: this._vault.name,
|
|
307
|
-
collectionName: this._name,
|
|
308
|
-
id,
|
|
309
|
-
record
|
|
310
|
-
};
|
|
311
|
-
if (options?.expectedVersion !== void 0) op.expectedVersion = options.expectedVersion;
|
|
312
|
-
if (options?.reason !== void 0) op.reason = options.reason;
|
|
313
|
-
this._ctx._ops.push(op);
|
|
314
|
-
}
|
|
315
|
-
/**
|
|
316
|
-
* Stage a delete. Does not write until the transaction body returns.
|
|
317
|
-
* Supply `{ expectedVersion }` to enforce optimistic concurrency
|
|
318
|
-
* during the commit pre-flight.
|
|
319
|
-
*/
|
|
320
|
-
delete(id, options) {
|
|
321
|
-
const op = {
|
|
322
|
-
type: "delete",
|
|
323
|
-
vaultName: this._vault.name,
|
|
324
|
-
collectionName: this._name,
|
|
325
|
-
id
|
|
326
|
-
};
|
|
327
|
-
if (options?.expectedVersion !== void 0) op.expectedVersion = options.expectedVersion;
|
|
328
|
-
this._ctx._ops.push(op);
|
|
329
|
-
}
|
|
330
|
-
};
|
|
331
|
-
async function runTransaction(db, fn, options) {
|
|
332
|
-
if (options?.amendment) {
|
|
333
|
-
if (typeof options.reason !== "string" || options.reason.trim().length === 0) {
|
|
334
|
-
throw new ValidationError(
|
|
335
|
-
"db.transaction({ amendment: true }) requires a non-empty `reason` string."
|
|
336
|
-
);
|
|
337
|
-
}
|
|
338
|
-
}
|
|
339
|
-
const ctx = new TxContext(db, options?.amendment === true);
|
|
340
|
-
const bodyResult = await fn(ctx);
|
|
341
|
-
if (ctx._ops.length === 0) {
|
|
342
|
-
if (ctx._amendment) {
|
|
343
|
-
for (const v of ctx._amendmentVaults.values()) {
|
|
344
|
-
const reg = v._getGuardRegistry();
|
|
345
|
-
if (reg !== null) {
|
|
346
|
-
reg.consumeChanges();
|
|
347
|
-
reg.consumeMeta();
|
|
348
|
-
}
|
|
349
|
-
}
|
|
350
|
-
}
|
|
351
|
-
return bodyResult;
|
|
352
|
-
}
|
|
353
|
-
const priorEnvelopes = /* @__PURE__ */ new Map();
|
|
354
|
-
const store = db._store;
|
|
355
|
-
for (const op of ctx._ops) {
|
|
356
|
-
const key = keyOf(op);
|
|
357
|
-
if (!priorEnvelopes.has(key)) {
|
|
358
|
-
const env = await store.get(op.vaultName, op.collectionName, op.id);
|
|
359
|
-
priorEnvelopes.set(key, env);
|
|
360
|
-
}
|
|
361
|
-
if (op.expectedVersion !== void 0) {
|
|
362
|
-
const env = priorEnvelopes.get(key) ?? null;
|
|
363
|
-
const actual = env?._v ?? 0;
|
|
364
|
-
if (actual !== op.expectedVersion) {
|
|
365
|
-
throw new ConflictError(
|
|
366
|
-
actual,
|
|
367
|
-
`Transaction pre-flight: ${op.vaultName}/${op.collectionName}/${op.id} expected v${op.expectedVersion}, found v${actual}`
|
|
368
|
-
);
|
|
369
|
-
}
|
|
370
|
-
}
|
|
371
|
-
}
|
|
372
|
-
db._setActiveTxContext(ctx);
|
|
373
|
-
try {
|
|
374
|
-
try {
|
|
375
|
-
for (const op of ctx._ops) {
|
|
376
|
-
const coll = db.vault(op.vaultName).collection(op.collectionName);
|
|
377
|
-
const key = keyOf(op);
|
|
378
|
-
const prior = priorEnvelopes.get(key) ?? null;
|
|
379
|
-
ctx._executed.push({ op, priorEnvelope: prior });
|
|
380
|
-
if (op.type === "put") {
|
|
381
|
-
await coll.put(op.id, op.record, op.reason !== void 0 ? { reason: op.reason } : void 0);
|
|
382
|
-
} else {
|
|
383
|
-
await coll.delete(op.id);
|
|
384
|
-
}
|
|
385
|
-
}
|
|
386
|
-
} catch (err) {
|
|
387
|
-
await revertExecuted(ctx._executed, store, db);
|
|
388
|
-
if (ctx._amendment) {
|
|
389
|
-
for (const v of ctx._amendmentVaults.values()) {
|
|
390
|
-
const reg = v._getGuardRegistry();
|
|
391
|
-
if (reg !== null) {
|
|
392
|
-
reg.consumeChanges();
|
|
393
|
-
reg.consumeMeta();
|
|
394
|
-
}
|
|
395
|
-
}
|
|
396
|
-
}
|
|
397
|
-
throw err;
|
|
398
|
-
}
|
|
399
|
-
} finally {
|
|
400
|
-
db._clearActiveTxContext(ctx);
|
|
401
|
-
}
|
|
402
|
-
if (ctx._amendment) {
|
|
403
|
-
const { GuardExecutor: GuardExecutor2 } = await Promise.resolve().then(() => (init_executor(), executor_exports));
|
|
404
|
-
try {
|
|
405
|
-
for (const [vaultName, v] of ctx._amendmentVaults) {
|
|
406
|
-
const registry = v._getGuardRegistry();
|
|
407
|
-
if (registry === null) continue;
|
|
408
|
-
const changesByCollection = registry.consumeChanges();
|
|
409
|
-
const meta = registry.consumeMeta();
|
|
410
|
-
if (changesByCollection.size === 0) continue;
|
|
411
|
-
const readOnlyVault = v._getReadOnlyFacade();
|
|
412
|
-
if (readOnlyVault === null) continue;
|
|
413
|
-
const invariantsPassed = [];
|
|
414
|
-
for (const [collection, changes] of changesByCollection) {
|
|
415
|
-
const guards = registry.guardsFor(collection).filter((g) => g.amendment !== void 0);
|
|
416
|
-
for (const guard of guards) {
|
|
417
|
-
await GuardExecutor2.runInvariant(guard, changes, {
|
|
418
|
-
existing: null,
|
|
419
|
-
vault: readOnlyVault,
|
|
420
|
-
userId: v.userId,
|
|
421
|
-
role: v.role
|
|
422
|
-
});
|
|
423
|
-
}
|
|
424
|
-
if (guards.length > 0) invariantsPassed.push(collection);
|
|
425
|
-
}
|
|
426
|
-
const ledger = v._getLedgerOrNull();
|
|
427
|
-
if (ledger) {
|
|
428
|
-
const role = v.role;
|
|
429
|
-
const amendment = {
|
|
430
|
-
reason: options.reason,
|
|
431
|
-
role,
|
|
432
|
-
changes: meta,
|
|
433
|
-
invariantsPassed
|
|
434
|
-
};
|
|
435
|
-
await ledger.append({
|
|
436
|
-
op: "amendment",
|
|
437
|
-
collection: "",
|
|
438
|
-
id: "",
|
|
439
|
-
version: 0,
|
|
440
|
-
actor: v.userId,
|
|
441
|
-
// No payload to hash — the per-record entries already
|
|
442
|
-
// captured `payloadHash` at their own append time. We use
|
|
443
|
-
// a sha256 of the canonical reason string so the field is
|
|
444
|
-
// populated with something deterministic and non-empty.
|
|
445
|
-
payloadHash: "",
|
|
446
|
-
amendment
|
|
447
|
-
});
|
|
448
|
-
}
|
|
449
|
-
void vaultName;
|
|
450
|
-
}
|
|
451
|
-
} catch (err) {
|
|
452
|
-
await revertExecuted(ctx._executed, store, db);
|
|
453
|
-
throw err instanceof InvariantError ? err : new InvariantError(
|
|
454
|
-
err instanceof Error ? err.message : `invariant violated: ${String(err)}`
|
|
455
|
-
);
|
|
456
|
-
}
|
|
457
|
-
}
|
|
458
|
-
return bodyResult;
|
|
459
|
-
}
|
|
460
|
-
async function revertExecuted(executed, store, db) {
|
|
461
|
-
for (const { op, priorEnvelope } of executed.slice().reverse()) {
|
|
462
|
-
try {
|
|
463
|
-
if (priorEnvelope) {
|
|
464
|
-
await store.put(op.vaultName, op.collectionName, op.id, priorEnvelope);
|
|
465
|
-
} else {
|
|
466
|
-
await store.delete(op.vaultName, op.collectionName, op.id);
|
|
467
|
-
}
|
|
468
|
-
if (db) {
|
|
469
|
-
const coll = db.vault(op.vaultName).collection(op.collectionName);
|
|
470
|
-
await coll._invalidateCacheEntry(op.id);
|
|
471
|
-
}
|
|
472
|
-
} catch {
|
|
473
|
-
}
|
|
474
|
-
}
|
|
475
|
-
}
|
|
476
|
-
function keyOf(op) {
|
|
477
|
-
return `${op.vaultName}\0${op.collectionName}\0${op.id}`;
|
|
478
|
-
}
|
|
479
|
-
|
|
480
|
-
// src/tx/dry-run.ts
|
|
481
|
-
var SEP = " ";
|
|
482
|
-
var keyOf2 = (op) => `${op.vaultName}${SEP}${op.collectionName}${SEP}${op.id}`;
|
|
483
|
-
async function runDryRun(db, fn) {
|
|
484
|
-
const ctx = new TxContext(db);
|
|
485
|
-
await fn(ctx);
|
|
486
|
-
const lastOp = /* @__PURE__ */ new Map();
|
|
487
|
-
for (const op of ctx._ops) lastOp.set(keyOf2(op), op);
|
|
488
|
-
const affected = [];
|
|
489
|
-
const guardViolations = [];
|
|
490
|
-
for (const op of lastOp.values()) {
|
|
491
|
-
const v = db.vault(op.vaultName);
|
|
492
|
-
const coll = v.collection(op.collectionName);
|
|
493
|
-
const before = await coll.get(op.id);
|
|
494
|
-
if (op.type === "delete") {
|
|
495
|
-
affected.push({ vault: op.vaultName, op: "delete", collection: op.collectionName, docId: op.id, before, after: null });
|
|
496
|
-
continue;
|
|
497
|
-
}
|
|
498
|
-
const after = op.record ?? null;
|
|
499
|
-
affected.push({
|
|
500
|
-
vault: op.vaultName,
|
|
501
|
-
op: before === null ? "create" : "update",
|
|
502
|
-
collection: op.collectionName,
|
|
503
|
-
docId: op.id,
|
|
504
|
-
before,
|
|
505
|
-
after
|
|
506
|
-
});
|
|
507
|
-
const registry = v._getGuardRegistry();
|
|
508
|
-
if (!registry) continue;
|
|
509
|
-
const guards = registry.guardsFor(op.collectionName);
|
|
510
|
-
if (guards.length === 0) continue;
|
|
511
|
-
const facade = v._getReadOnlyFacade();
|
|
512
|
-
if (!facade) continue;
|
|
513
|
-
const gctx = { existing: before, vault: facade, userId: v.userId, role: v.role };
|
|
514
|
-
try {
|
|
515
|
-
await registry.runChecks(op.collectionName, after, gctx);
|
|
516
|
-
const { GuardExecutor: GuardExecutor2 } = await Promise.resolve().then(() => (init_executor(), executor_exports));
|
|
517
|
-
for (const g of guards) {
|
|
518
|
-
await GuardExecutor2.checkFrozenFields(g, op.id, before, after);
|
|
519
|
-
}
|
|
520
|
-
} catch (err) {
|
|
521
|
-
guardViolations.push({
|
|
522
|
-
vault: op.vaultName,
|
|
523
|
-
collection: op.collectionName,
|
|
524
|
-
docId: op.id,
|
|
525
|
-
message: err instanceof Error ? err.message : String(err)
|
|
526
|
-
});
|
|
527
|
-
}
|
|
528
|
-
}
|
|
529
|
-
return { affected, guardViolations };
|
|
530
|
-
}
|
|
531
|
-
|
|
532
|
-
// src/tx/active.ts
|
|
533
|
-
function withTransactions() {
|
|
534
|
-
return { runTransaction, runDryRun };
|
|
535
|
-
}
|
|
536
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
537
|
-
0 && (module.exports = {
|
|
538
|
-
TxCollection,
|
|
539
|
-
TxContext,
|
|
540
|
-
TxVault,
|
|
541
|
-
runTransaction,
|
|
542
|
-
withTransactions
|
|
543
|
-
});
|
|
544
|
-
//# sourceMappingURL=index.cjs.map
|