@noy-db/hub 0.2.0-pre.30 → 0.2.0-pre.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter/index.d.ts +9 -0
- package/dist/adapter/index.js +14 -0
- package/dist/attestation/index.d.ts +1 -1
- package/dist/attestation/index.js +3 -3
- package/dist/blobs/index.d.ts +3 -3
- package/dist/bundle/index.d.ts +3 -3
- package/dist/bundle/index.js +1 -1
- package/dist/{chunk-Y6YUWZTS.js → chunk-L5HHBOMS.js} +2 -2
- package/dist/{chunk-BVKLJBJJ.js → chunk-W5NVNJDX.js} +2 -1
- package/dist/{chunk-BVKLJBJJ.js.map → chunk-W5NVNJDX.js.map} +1 -1
- package/dist/consent/index.d.ts +2 -2
- package/dist/{decrypt-partition-Mhjh6nnG.d.ts → decrypt-partition-CXS5KopB.d.ts} +1 -1
- package/dist/derivations/index.d.ts +3 -3
- package/dist/{dev-unlock-DJ3IhgY9.d.ts → dev-unlock-CnHTTVea.d.ts} +1 -1
- package/dist/guards/index.d.ts +3 -3
- package/dist/{hash-DLwkYf1d.d.ts → hash-oc5paYl0.d.ts} +1 -1
- package/dist/history/index.d.ts +3 -3
- package/dist/i18n/index.d.ts +2 -2
- package/dist/{index-CMRIx_zx.d.ts → index-BmhGztUi.d.ts} +1 -1
- package/dist/index.d.ts +11 -11
- package/dist/index.js +2 -2
- package/dist/kernel/index.d.ts +2 -2
- package/dist/materialized-views/index.d.ts +3 -3
- package/dist/{mime-magic-CacDBwYp.d.ts → mime-magic-JeLKHRng.d.ts} +1 -1
- package/dist/{noydb-5MIBD77B.js → noydb-NAU2DTFP.js} +2 -2
- package/dist/noydb-NAU2DTFP.js.map +1 -0
- package/dist/overlay-views/index.d.ts +3 -3
- package/dist/periods/index.d.ts +2 -2
- package/dist/session/index.d.ts +3 -3
- package/dist/shadow/index.d.ts +2 -2
- package/dist/snapshots/index.d.ts +2 -2
- package/dist/store/index.d.ts +2 -2
- package/dist/sync/index.d.ts +1 -1
- package/dist/team/index.d.ts +2 -2
- package/dist/{transition-guard-J04-jime.d.ts → transition-guard-Dy3NioQr.d.ts} +1 -1
- package/dist/tx/index.d.ts +2 -2
- package/dist/{with-materialized-view-DNfzC5lH.d.ts → with-materialized-view-DIVeez0W.d.ts} +1 -1
- package/dist/{with-overlayed-view-qk3lbhOd.d.ts → with-overlayed-view-DVZrc5Hb.d.ts} +1 -1
- package/dist/{with-rollup-Dd3_ZG4b.d.ts → with-rollup-CbU-O4wP.d.ts} +1 -1
- package/package.json +62 -221
- package/dist/aggregate/index.cjs +0 -1144
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -39
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -54
- package/dist/blobs/index.cjs +0 -1967
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -48
- package/dist/bundle/index.cjs +0 -41045
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -187
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -27
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/decrypt-partition-C0iDpbSd.d.cts +0 -558
- package/dist/derivations/index.cjs +0 -469
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -74
- package/dist/dev-unlock-0Z6yxfS7.d.cts +0 -263
- package/dist/discriminant-BN9REW3o.d.cts +0 -60
- package/dist/errors-BAWO5Z5a.d.cts +0 -1500
- package/dist/forget/index.cjs +0 -43
- package/dist/forget/index.cjs.map +0 -1
- package/dist/forget/index.d.cts +0 -1
- package/dist/guards/index.cjs +0 -455
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -39
- package/dist/hash-Db8ncXGr.d.cts +0 -63
- package/dist/history/index.cjs +0 -1245
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -65
- package/dist/i18n/index.cjs +0 -1280
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -41
- package/dist/index-BMmajblo.d.cts +0 -362
- package/dist/index-C1SC1EPe.d.cts +0 -1325
- package/dist/index-xJEPkvMb.d.cts +0 -93
- package/dist/index.cjs +0 -48100
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -1050
- package/dist/indexing/index.cjs +0 -803
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/kernel/index.cjs +0 -751
- package/dist/kernel/index.cjs.map +0 -1
- package/dist/kernel/index.d.cts +0 -11
- package/dist/lazy-builder-eYZzLEL1.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -1518
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -187
- package/dist/mime-magic-sdMzsfVK.d.cts +0 -103
- package/dist/overlay-views/index.cjs +0 -399
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -102
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -24
- package/dist/predicate-BmhBSPCH.d.cts +0 -267
- package/dist/query/index.cjs +0 -3480
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -4
- package/dist/sealed-record/index.cjs +0 -139
- package/dist/sealed-record/index.cjs.map +0 -1
- package/dist/sealed-record/index.d.cts +0 -123
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -48
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -19
- package/dist/snapshots/index.cjs +0 -937
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -30
- package/dist/store/index.cjs +0 -1091
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -501
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-mJExw4LQ.d.cts +0 -1069
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -45
- package/dist/team/index.cjs +0 -2805
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -120
- package/dist/transition-guard-tWZIsaXe.d.cts +0 -165
- package/dist/tx/index.cjs +0 -614
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -39
- package/dist/types-CdVfiQgt.d.cts +0 -15275
- package/dist/ulid-DRH25k3y.d.cts +0 -66
- package/dist/util/index.cjs +0 -237
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -79
- package/dist/with-materialized-view-DfgPcvi9.d.cts +0 -27
- package/dist/with-overlayed-view-Cvfkx1lg.d.cts +0 -13
- package/dist/with-rollup-nIxo7h9z.d.cts +0 -47
- /package/dist/{noydb-5MIBD77B.js.map → adapter/index.js.map} +0 -0
- /package/dist/{chunk-Y6YUWZTS.js.map → chunk-L5HHBOMS.js.map} +0 -0
- /package/dist/{types-DHn9lEP0.d.ts → index-DHn9lEP0.d.ts} +0 -0
package/dist/bundle/index.d.cts
DELETED
|
@@ -1,187 +0,0 @@
|
|
|
1
|
-
import { T as TransferSealPayload } from '../decrypt-partition-C0iDpbSd.cjs';
|
|
2
|
-
export { C as COMPRESSION_BROTLI, a as COMPRESSION_GZIP, b as COMPRESSION_NONE, c as CompressionAlgo, D as DecryptedRecord, F as FLAG_COMPRESSED, d as FLAG_HAS_INTEGRITY_HASH, N as NOYDB_BUNDLE_FORMAT_VERSION, e as NOYDB_BUNDLE_MAGIC, f as NOYDB_BUNDLE_PREFIX_BYTES, g as NoydbBundleHeader, h as NoydbBundleReadResult, R as ReadNoydbBundleOptions, W as WriteNoydbBundleOptions, i as decryptExtractedPartition, j as encodeBundleHeader, r as readNoydbBundle, k as readNoydbBundleHeader, l as resetBrotliSupportCache, v as validateBundleHeader, w as writeNoydbBundle } from '../decrypt-partition-C0iDpbSd.cjs';
|
|
3
|
-
export { g as generateULID, i as isULID } from '../ulid-DRH25k3y.cjs';
|
|
4
|
-
import { bh as Vault, aW as NoydbStore, bd as SealingKeyProvider, bi as RecoveryEnrollmentInput, bj as ShamirRecoveryProvider } from '../types-CdVfiQgt.cjs';
|
|
5
|
-
export { t as AdoptionStateError, B as BackupCorruptedError, u as BackupLedgerError, v as BundleIntegrityError, w as BundleSealMismatchError, x as BundleVersionConflictError, P as PartitionExtractionError, y as TransferSealError } from '../errors-BAWO5Z5a.cjs';
|
|
6
|
-
import '../lazy-builder-eYZzLEL1.cjs';
|
|
7
|
-
import '../predicate-BmhBSPCH.cjs';
|
|
8
|
-
import '../strategy-mJExw4LQ.cjs';
|
|
9
|
-
import '../strategy-BSxFXGzb.cjs';
|
|
10
|
-
import '../index-BMmajblo.cjs';
|
|
11
|
-
import '../index-C1SC1EPe.cjs';
|
|
12
|
-
import '@noy-db/attestation';
|
|
13
|
-
|
|
14
|
-
/**
|
|
15
|
-
* Transitive-closure FK walker. Computes the set of
|
|
16
|
-
* (collection, id) tuples reachable from seed predicates, so a
|
|
17
|
-
* partition extraction ships a referentially-complete subset.
|
|
18
|
-
*
|
|
19
|
-
* Two-phase, plaintext, read-only (runs inside the unlocked vault
|
|
20
|
-
* session — see foundation §13.4 / spec invariant 7):
|
|
21
|
-
* 1. INBOUND expansion: from selected records, pull every record
|
|
22
|
-
* that references them (children travel with parents), to a
|
|
23
|
-
* fixed point.
|
|
24
|
-
* 2. OUTBOUND completion: pull every parent the selected set
|
|
25
|
-
* references (no dangling FKs), transitively, WITHOUT
|
|
26
|
-
* re-expanding inbound from those parents (bounds the closure).
|
|
27
|
-
*
|
|
28
|
-
* The FK graph is auto-derived from the vault's existing RefRegistry
|
|
29
|
-
* (the `ref('target')` declarations on collections) — no hand-written
|
|
30
|
-
* edge list. See the design spec §4.1.
|
|
31
|
-
*
|
|
32
|
-
* @module
|
|
33
|
-
*/
|
|
34
|
-
|
|
35
|
-
/** Seed predicate per collection. Records that return true become roots. */
|
|
36
|
-
interface WalkClosureOptions {
|
|
37
|
-
readonly seeds: Record<string, (record: Record<string, unknown>) => boolean | Promise<boolean>>;
|
|
38
|
-
/** Max fixed-point iterations before throwing. Default 16. */
|
|
39
|
-
readonly maxDepth?: number;
|
|
40
|
-
}
|
|
41
|
-
interface ClosureResult {
|
|
42
|
-
/** collection → set of record ids that travel together. */
|
|
43
|
-
readonly closure: Map<string, Set<string>>;
|
|
44
|
-
readonly graph: {
|
|
45
|
-
/** Fixed-point iterations the walk needed to converge. */
|
|
46
|
-
readonly depth: number;
|
|
47
|
-
/** True if an edge pointed back to an already-selected node. */
|
|
48
|
-
readonly cyclesDetected: boolean;
|
|
49
|
-
};
|
|
50
|
-
}
|
|
51
|
-
declare function walkClosure(vault: Vault, opts: WalkClosureOptions): Promise<ClosureResult>;
|
|
52
|
-
|
|
53
|
-
/**
|
|
54
|
-
* Partition-extraction dry-run. Read-only preview of what an
|
|
55
|
-
* `extractPartition` would move: record counts, byte totals, and the
|
|
56
|
-
* timestamp span per collection — computed from raw encrypted
|
|
57
|
-
* envelopes WITHOUT decrypting them. Writes nothing, mutates nothing.
|
|
58
|
-
*
|
|
59
|
-
* @module
|
|
60
|
-
*/
|
|
61
|
-
|
|
62
|
-
interface ExtractionPreview {
|
|
63
|
-
readonly totalRecords: number;
|
|
64
|
-
/** Sum of serialized encrypted-envelope sizes (bytes). */
|
|
65
|
-
readonly totalBytes: number;
|
|
66
|
-
readonly byCollection: ReadonlyArray<{
|
|
67
|
-
readonly name: string;
|
|
68
|
-
readonly recordCount: number;
|
|
69
|
-
readonly bytes: number;
|
|
70
|
-
/** Earliest envelope `_ts` in this collection (lexicographic). */
|
|
71
|
-
readonly oldestTs?: string;
|
|
72
|
-
readonly newestTs?: string;
|
|
73
|
-
}>;
|
|
74
|
-
readonly graph: {
|
|
75
|
-
readonly depth: number;
|
|
76
|
-
readonly cyclesDetected: boolean;
|
|
77
|
-
};
|
|
78
|
-
/** Records the walk reached but whose envelope couldn't be read. */
|
|
79
|
-
readonly inaccessible: ReadonlyArray<{
|
|
80
|
-
readonly collection: string;
|
|
81
|
-
readonly id: string;
|
|
82
|
-
}>;
|
|
83
|
-
}
|
|
84
|
-
declare function describeExtraction(vault: Vault, opts: WalkClosureOptions): Promise<ExtractionPreview>;
|
|
85
|
-
|
|
86
|
-
/**
|
|
87
|
-
* Partition extraction. Walks the FK closure, re-encrypts
|
|
88
|
-
* the selected records under fresh per-collection DEKs, seals those DEKs
|
|
89
|
-
* under a one-time transfer key, and serializes an unowned
|
|
90
|
-
* `extracted-partition` bundle.
|
|
91
|
-
*
|
|
92
|
-
* @module
|
|
93
|
-
*/
|
|
94
|
-
|
|
95
|
-
interface ExtractPartitionResult {
|
|
96
|
-
readonly bundleBytes: Uint8Array;
|
|
97
|
-
/** Raw 32-byte transfer key — deliver out-of-band; required to adopt. */
|
|
98
|
-
readonly transferKey: Uint8Array;
|
|
99
|
-
readonly sealId: string;
|
|
100
|
-
}
|
|
101
|
-
/**
|
|
102
|
-
* Extract a re-keyed, transfer-sealed partition. Owner-only
|
|
103
|
-
* (invariant 5): producing a standalone re-keyed vault is an
|
|
104
|
-
* ownership operation. Non-destructive on the source.
|
|
105
|
-
*/
|
|
106
|
-
declare function extractPartition(vault: Vault, opts: WalkClosureOptions & {
|
|
107
|
-
readonly compression?: 'auto' | 'brotli' | 'gzip' | 'none';
|
|
108
|
-
readonly carrySchemas?: boolean;
|
|
109
|
-
readonly carryLedger?: boolean;
|
|
110
|
-
/**
|
|
111
|
-
* FR-7 structural field projection: per-collection allow-list of fields
|
|
112
|
-
* to keep. Non-listed fields are dropped from each record BEFORE
|
|
113
|
-
* re-encryption (so they never travel in the bundle); `id` is always
|
|
114
|
-
* preserved. A projected collection's persisted schema is NOT carried.
|
|
115
|
-
* Absent/empty → un-projected behavior (byte-identical to today).
|
|
116
|
-
*/
|
|
117
|
-
readonly fieldProjection?: Record<string, readonly string[]>;
|
|
118
|
-
}): Promise<ExtractPartitionResult>;
|
|
119
|
-
|
|
120
|
-
/**
|
|
121
|
-
* Reverse of `sealDeks`. Imports the transfer key, decrypts the
|
|
122
|
-
* sealed `{ collection: base64(rawDEK) }` map (layout iv(12)‖ct‖tag), and
|
|
123
|
-
* re-imports each DEK as an AES-GCM key. Throws `TransferSealError` on a
|
|
124
|
-
* wrong key (AES-GCM auth-tag failure) or malformed payload.
|
|
125
|
-
*/
|
|
126
|
-
declare function unsealDeks(seal: TransferSealPayload, transferKey: Uint8Array): Promise<Map<string, CryptoKey>>;
|
|
127
|
-
interface AdoptPartitionOptions {
|
|
128
|
-
readonly transferKey: Uint8Array;
|
|
129
|
-
readonly destinationStore: NoydbStore;
|
|
130
|
-
readonly vaultName: string;
|
|
131
|
-
}
|
|
132
|
-
interface AdoptPartitionResult {
|
|
133
|
-
readonly vaultName: string;
|
|
134
|
-
readonly needsOwner: true;
|
|
135
|
-
readonly sealId: string;
|
|
136
|
-
}
|
|
137
|
-
declare function adoptPartition(bundleBytes: Uint8Array, opts: AdoptPartitionOptions): Promise<AdoptPartitionResult>;
|
|
138
|
-
interface CreateOwnerResult {
|
|
139
|
-
readonly vaultName: string;
|
|
140
|
-
readonly userId: string;
|
|
141
|
-
}
|
|
142
|
-
/** Standard-mode owner: recipient supplies the passphrase. */
|
|
143
|
-
interface CreateOwnerStandardOptions {
|
|
144
|
-
readonly userId: string;
|
|
145
|
-
readonly passphrase: string;
|
|
146
|
-
readonly transferKey: Uint8Array;
|
|
147
|
-
}
|
|
148
|
-
/**
|
|
149
|
-
* Managed-mode owner: the passphrase is minted + sealed under
|
|
150
|
-
* a `SealingKeyProvider` (e.g. an `at-*` OS keychain) so the partition
|
|
151
|
-
* auto-unlocks on the recipient's device. Managed mode mandates a strong
|
|
152
|
-
* (Shamir) recovery profile at creation, which needs the
|
|
153
|
-
* `shamirRecovery` provider injected.
|
|
154
|
-
*/
|
|
155
|
-
interface CreateOwnerManagedOptions {
|
|
156
|
-
readonly userId: string;
|
|
157
|
-
readonly passphraseMode: 'managed';
|
|
158
|
-
readonly sealingKey: SealingKeyProvider;
|
|
159
|
-
readonly recovery: ReadonlyArray<RecoveryEnrollmentInput>;
|
|
160
|
-
readonly shamirRecovery: ShamirRecoveryProvider;
|
|
161
|
-
readonly transferKey: Uint8Array;
|
|
162
|
-
}
|
|
163
|
-
type CreateOwnerOptions = CreateOwnerStandardOptions | CreateOwnerManagedOptions;
|
|
164
|
-
/**
|
|
165
|
-
* Mint the first owner keyring on an adopted-but-unowned partition,
|
|
166
|
-
* then destroy the transfer seal.
|
|
167
|
-
*
|
|
168
|
-
* Standard mode: the recipient supplies a passphrase. Managed mode: the
|
|
169
|
-
* passphrase is minted + sealed under a `SealingKeyProvider` and a strong
|
|
170
|
-
* (Shamir) recovery profile is enrolled — orchestrated via the existing
|
|
171
|
-
* `openVaultAndEnrollRecovery` ceremony.
|
|
172
|
-
*
|
|
173
|
-
* Either way, reuses `createOwnerKeyring` to derive the KEK + write the base
|
|
174
|
-
* keyring, then wraps the partition's DEKs (recovered from the seal) under that
|
|
175
|
-
* KEK and re-persists the merged keyring file.
|
|
176
|
-
*
|
|
177
|
-
* Idempotent under retry: the seal is destroyed LAST (Stage D), after the
|
|
178
|
-
* keyring (Stage A), the ledger transition (Stage B), and — in managed mode —
|
|
179
|
-
* strong-recovery enrollment (Stage C). A failure in the fallible enrollment
|
|
180
|
-
* step leaves the seal intact, and re-running with the same `userId` +
|
|
181
|
-
* `transferKey` resumes from the first incomplete stage. (Multi-profile recovery
|
|
182
|
-
* arrays may re-enroll an already-enrolled profile on retry; managed mode's
|
|
183
|
-
* mandated single Shamir profile does not.)
|
|
184
|
-
*/
|
|
185
|
-
declare function createOwnerOnAdoptedPartition(store: NoydbStore, vaultName: string, opts: CreateOwnerOptions): Promise<CreateOwnerResult>;
|
|
186
|
-
|
|
187
|
-
export { type AdoptPartitionOptions, type AdoptPartitionResult, type ClosureResult, type CreateOwnerManagedOptions, type CreateOwnerOptions, type CreateOwnerResult, type CreateOwnerStandardOptions, type ExtractPartitionResult, type ExtractionPreview, type WalkClosureOptions, adoptPartition, createOwnerOnAdoptedPartition, describeExtraction, extractPartition, unsealDeks, walkClosure };
|
package/dist/consent/index.cjs
DELETED
|
@@ -1,204 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __export = (target, all) => {
|
|
7
|
-
for (var name in all)
|
|
8
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
-
};
|
|
10
|
-
var __copyProps = (to, from, except, desc) => {
|
|
11
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
-
for (let key of __getOwnPropNames(from))
|
|
13
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
-
}
|
|
16
|
-
return to;
|
|
17
|
-
};
|
|
18
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
|
|
20
|
-
// src/consent/index.ts
|
|
21
|
-
var consent_exports = {};
|
|
22
|
-
__export(consent_exports, {
|
|
23
|
-
CONSENT_AUDIT_COLLECTION: () => CONSENT_AUDIT_COLLECTION,
|
|
24
|
-
loadConsentEntries: () => loadConsentEntries,
|
|
25
|
-
withConsent: () => withConsent,
|
|
26
|
-
writeConsentEntry: () => writeConsentEntry
|
|
27
|
-
});
|
|
28
|
-
module.exports = __toCommonJS(consent_exports);
|
|
29
|
-
|
|
30
|
-
// src/errors.ts
|
|
31
|
-
var NoydbError = class extends Error {
|
|
32
|
-
/** Machine-readable error code. Stable across library versions. */
|
|
33
|
-
code;
|
|
34
|
-
constructor(code, message) {
|
|
35
|
-
super(message);
|
|
36
|
-
this.name = "NoydbError";
|
|
37
|
-
this.code = code;
|
|
38
|
-
}
|
|
39
|
-
};
|
|
40
|
-
var DecryptionError = class extends NoydbError {
|
|
41
|
-
constructor(message = "Decryption failed") {
|
|
42
|
-
super("DECRYPTION_FAILED", message);
|
|
43
|
-
this.name = "DecryptionError";
|
|
44
|
-
}
|
|
45
|
-
};
|
|
46
|
-
var TamperedError = class extends NoydbError {
|
|
47
|
-
constructor(message = "Data integrity check failed \u2014 record may have been tampered with") {
|
|
48
|
-
super("TAMPERED", message);
|
|
49
|
-
this.name = "TamperedError";
|
|
50
|
-
}
|
|
51
|
-
};
|
|
52
|
-
|
|
53
|
-
// src/crypto.ts
|
|
54
|
-
var IV_BYTES = 12;
|
|
55
|
-
var subtle = globalThis.crypto.subtle;
|
|
56
|
-
async function encrypt(plaintext, dek) {
|
|
57
|
-
const iv = generateIV();
|
|
58
|
-
const encoded = new TextEncoder().encode(plaintext);
|
|
59
|
-
const ciphertext = await subtle.encrypt(
|
|
60
|
-
{ name: "AES-GCM", iv },
|
|
61
|
-
dek,
|
|
62
|
-
encoded
|
|
63
|
-
);
|
|
64
|
-
return {
|
|
65
|
-
iv: bufferToBase64(iv),
|
|
66
|
-
data: bufferToBase64(ciphertext)
|
|
67
|
-
};
|
|
68
|
-
}
|
|
69
|
-
async function decrypt(ivBase64, dataBase64, dek) {
|
|
70
|
-
const iv = base64ToBuffer(ivBase64);
|
|
71
|
-
const ciphertext = base64ToBuffer(dataBase64);
|
|
72
|
-
try {
|
|
73
|
-
const plaintext = await subtle.decrypt(
|
|
74
|
-
{ name: "AES-GCM", iv },
|
|
75
|
-
dek,
|
|
76
|
-
ciphertext
|
|
77
|
-
);
|
|
78
|
-
return new TextDecoder().decode(plaintext);
|
|
79
|
-
} catch (err) {
|
|
80
|
-
if (err instanceof Error && err.name === "OperationError") {
|
|
81
|
-
throw new TamperedError();
|
|
82
|
-
}
|
|
83
|
-
throw new DecryptionError(
|
|
84
|
-
err instanceof Error ? err.message : "Decryption failed"
|
|
85
|
-
);
|
|
86
|
-
}
|
|
87
|
-
}
|
|
88
|
-
function generateIV() {
|
|
89
|
-
return globalThis.crypto.getRandomValues(new Uint8Array(IV_BYTES));
|
|
90
|
-
}
|
|
91
|
-
function bufferToBase64(buffer) {
|
|
92
|
-
const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
|
|
93
|
-
let binary = "";
|
|
94
|
-
for (let i = 0; i < bytes.length; i++) {
|
|
95
|
-
binary += String.fromCharCode(bytes[i]);
|
|
96
|
-
}
|
|
97
|
-
return btoa(binary);
|
|
98
|
-
}
|
|
99
|
-
function base64ToBuffer(base64) {
|
|
100
|
-
const binary = atob(base64);
|
|
101
|
-
const bytes = new Uint8Array(binary.length);
|
|
102
|
-
for (let i = 0; i < binary.length; i++) {
|
|
103
|
-
bytes[i] = binary.charCodeAt(i);
|
|
104
|
-
}
|
|
105
|
-
return bytes;
|
|
106
|
-
}
|
|
107
|
-
|
|
108
|
-
// src/bundle/ulid.ts
|
|
109
|
-
var CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
|
|
110
|
-
function encodeBase32(value, length) {
|
|
111
|
-
let out = "";
|
|
112
|
-
let v = value;
|
|
113
|
-
for (let i = 0; i < length; i++) {
|
|
114
|
-
out = CROCKFORD_ALPHABET[v % 32] + out;
|
|
115
|
-
v = Math.floor(v / 32);
|
|
116
|
-
}
|
|
117
|
-
return out;
|
|
118
|
-
}
|
|
119
|
-
function generateULID() {
|
|
120
|
-
const now = Date.now();
|
|
121
|
-
const timestampHigh = Math.floor(now / 16777216);
|
|
122
|
-
const timestampLow = now & 16777215;
|
|
123
|
-
const tsPart = encodeBase32(timestampHigh, 5) + encodeBase32(timestampLow, 5);
|
|
124
|
-
const randBytes = new Uint8Array(10);
|
|
125
|
-
crypto.getRandomValues(randBytes);
|
|
126
|
-
const rand1 = randBytes[0] * 2 ** 32 + (randBytes[1] << 24 >>> 0) + (randBytes[2] << 16) + (randBytes[3] << 8) + randBytes[4];
|
|
127
|
-
const rand2 = randBytes[5] * 2 ** 32 + (randBytes[6] << 24 >>> 0) + (randBytes[7] << 16) + (randBytes[8] << 8) + randBytes[9];
|
|
128
|
-
const randPart = encodeBase32(rand1, 8) + encodeBase32(rand2, 8);
|
|
129
|
-
return tsPart + randPart;
|
|
130
|
-
}
|
|
131
|
-
|
|
132
|
-
// src/consent/consent.ts
|
|
133
|
-
var CONSENT_AUDIT_COLLECTION = "_consent_audit";
|
|
134
|
-
async function writeConsentEntry(adapter, vault, encrypted, entry, getDEK) {
|
|
135
|
-
const id = generateULID();
|
|
136
|
-
const full = {
|
|
137
|
-
id,
|
|
138
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString(),
|
|
139
|
-
...entry
|
|
140
|
-
};
|
|
141
|
-
const envelope = await buildEnvelope(full, encrypted, getDEK);
|
|
142
|
-
await adapter.put(vault, CONSENT_AUDIT_COLLECTION, id, envelope);
|
|
143
|
-
}
|
|
144
|
-
async function loadConsentEntries(adapter, vault, encrypted, getDEK, filter = {}) {
|
|
145
|
-
const ids = await adapter.list(vault, CONSENT_AUDIT_COLLECTION);
|
|
146
|
-
const entries = [];
|
|
147
|
-
for (const id of ids.sort()) {
|
|
148
|
-
const envelope = await adapter.get(vault, CONSENT_AUDIT_COLLECTION, id);
|
|
149
|
-
if (!envelope) continue;
|
|
150
|
-
const entry = await decryptEntry(envelope, encrypted, getDEK);
|
|
151
|
-
if (!matchesFilter(entry, filter)) continue;
|
|
152
|
-
entries.push(entry);
|
|
153
|
-
}
|
|
154
|
-
return entries;
|
|
155
|
-
}
|
|
156
|
-
async function buildEnvelope(entry, encrypted, getDEK) {
|
|
157
|
-
const json = JSON.stringify(entry);
|
|
158
|
-
if (!encrypted) {
|
|
159
|
-
return {
|
|
160
|
-
_noydb: 1,
|
|
161
|
-
_v: 1,
|
|
162
|
-
_ts: entry.timestamp,
|
|
163
|
-
_iv: "",
|
|
164
|
-
_data: json
|
|
165
|
-
};
|
|
166
|
-
}
|
|
167
|
-
const dek = await getDEK(CONSENT_AUDIT_COLLECTION);
|
|
168
|
-
const { iv, data } = await encrypt(json, dek);
|
|
169
|
-
return {
|
|
170
|
-
_noydb: 1,
|
|
171
|
-
_v: 1,
|
|
172
|
-
_ts: entry.timestamp,
|
|
173
|
-
_iv: iv,
|
|
174
|
-
_data: data
|
|
175
|
-
};
|
|
176
|
-
}
|
|
177
|
-
async function decryptEntry(envelope, encrypted, getDEK) {
|
|
178
|
-
const json = encrypted ? await decrypt(envelope._iv, envelope._data, await getDEK(CONSENT_AUDIT_COLLECTION)) : envelope._data;
|
|
179
|
-
return JSON.parse(json);
|
|
180
|
-
}
|
|
181
|
-
function matchesFilter(entry, f) {
|
|
182
|
-
if (f.since && entry.timestamp < f.since) return false;
|
|
183
|
-
if (f.until && entry.timestamp > f.until) return false;
|
|
184
|
-
if (f.collection && entry.collection !== f.collection) return false;
|
|
185
|
-
if (f.actor && entry.actor !== f.actor) return false;
|
|
186
|
-
if (f.purpose && entry.purpose !== f.purpose) return false;
|
|
187
|
-
return true;
|
|
188
|
-
}
|
|
189
|
-
|
|
190
|
-
// src/consent/active.ts
|
|
191
|
-
function withConsent() {
|
|
192
|
-
return {
|
|
193
|
-
write: writeConsentEntry,
|
|
194
|
-
read: loadConsentEntries
|
|
195
|
-
};
|
|
196
|
-
}
|
|
197
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
198
|
-
0 && (module.exports = {
|
|
199
|
-
CONSENT_AUDIT_COLLECTION,
|
|
200
|
-
loadConsentEntries,
|
|
201
|
-
withConsent,
|
|
202
|
-
writeConsentEntry
|
|
203
|
-
});
|
|
204
|
-
//# sourceMappingURL=index.cjs.map
|