@noy-db/hub 0.2.0-pre.8 → 0.3.0-pre.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +129 -3
- package/dist/adapter/index.d.ts +5 -0
- package/dist/adapter/index.js +15 -0
- package/dist/aggregate/index.d.ts +6 -2
- package/dist/aggregate/index.js +24 -16
- package/dist/aggregate/index.js.map +1 -1
- package/dist/api-RW3KP7WU.js +14 -0
- package/dist/as/index.d.ts +7 -0
- package/dist/as/index.js +24 -0
- package/dist/at/index.d.ts +5 -0
- package/dist/at/index.js +1 -0
- package/dist/attestation/index.d.ts +15 -47
- package/dist/attestation/index.js +54 -10
- package/dist/attestation/index.js.map +1 -1
- package/dist/backup-XV3IOEGB.js +217 -0
- package/dist/backup-XV3IOEGB.js.map +1 -0
- package/dist/blobs/index.d.ts +6 -8
- package/dist/blobs/index.js +19 -12
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +16 -70
- package/dist/bundle/index.js +39 -476
- package/dist/bundle/index.js.map +1 -1
- package/dist/{ulid-BFJkYRRW.d.ts → bundle-CH-H06dp.d.ts} +31 -86
- package/dist/by/index.d.ts +1 -0
- package/dist/by/index.js +11 -0
- package/dist/cargo/index.d.ts +9 -0
- package/dist/cargo/index.js +89 -0
- package/dist/chunk-26LGBE4T.js +42 -0
- package/dist/chunk-26LGBE4T.js.map +1 -0
- package/dist/chunk-2P2HZEXU.js +233 -0
- package/dist/chunk-2P2HZEXU.js.map +1 -0
- package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
- package/dist/chunk-3YFXJ3ZP.js.map +1 -0
- package/dist/chunk-4Q6HSHHL.js +90 -0
- package/dist/chunk-4Q6HSHHL.js.map +1 -0
- package/dist/chunk-5LUY7UTV.js +380 -0
- package/dist/chunk-5LUY7UTV.js.map +1 -0
- package/dist/chunk-5N6CZTCY.js +367 -0
- package/dist/chunk-5N6CZTCY.js.map +1 -0
- package/dist/chunk-5O3AOPDT.js +992 -0
- package/dist/chunk-5O3AOPDT.js.map +1 -0
- package/dist/chunk-5R3ERCDH.js +239 -0
- package/dist/chunk-5R3ERCDH.js.map +1 -0
- package/dist/{chunk-6774ZOQ7.js → chunk-5R5JW2JT.js} +7095 -4769
- package/dist/chunk-5R5JW2JT.js.map +1 -0
- package/dist/chunk-5TDJ56JE.js +32 -0
- package/dist/chunk-5TDJ56JE.js.map +1 -0
- package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
- package/dist/chunk-62QYRORB.js.map +1 -0
- package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
- package/dist/chunk-6S7T6WC4.js.map +1 -0
- package/dist/chunk-76722EBH.js +451 -0
- package/dist/chunk-76722EBH.js.map +1 -0
- package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
- package/dist/chunk-AIWULCUO.js.map +1 -0
- package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
- package/dist/chunk-AQTBSL7R.js.map +1 -0
- package/dist/chunk-AURFOK3D.js +35 -0
- package/dist/chunk-AURFOK3D.js.map +1 -0
- package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
- package/dist/chunk-AXRXJTE2.js.map +1 -0
- package/dist/chunk-AZAOEIKW.js +155 -0
- package/dist/chunk-AZAOEIKW.js.map +1 -0
- package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
- package/dist/chunk-BG3SPSR4.js.map +1 -0
- package/dist/chunk-BGIZAFY7.js +1 -0
- package/dist/chunk-CHFZDSE4.js +1 -0
- package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
- package/dist/chunk-CMGR4ZEW.js.map +1 -0
- package/dist/chunk-CWPPNPOH.js +23 -0
- package/dist/chunk-CWPPNPOH.js.map +1 -0
- package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
- package/dist/chunk-DFEMTNPJ.js.map +1 -0
- package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
- package/dist/chunk-DGDI2D4M.js.map +1 -0
- package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
- package/dist/chunk-EIZUR2XW.js.map +1 -0
- package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
- package/dist/chunk-FISN7WE4.js.map +1 -0
- package/dist/chunk-GHVIKOHT.js +1 -0
- package/dist/chunk-GYGWYIOZ.js +200 -0
- package/dist/chunk-GYGWYIOZ.js.map +1 -0
- package/dist/chunk-HCIPRAGS.js +45 -0
- package/dist/chunk-HCIPRAGS.js.map +1 -0
- package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
- package/dist/chunk-I2NOIW44.js.map +1 -0
- package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
- package/dist/chunk-I3TIKTJO.js.map +1 -0
- package/dist/chunk-I7FD46FF.js +9 -0
- package/dist/chunk-I7FD46FF.js.map +1 -0
- package/dist/chunk-IAGBDSCS.js +40 -0
- package/dist/chunk-IAGBDSCS.js.map +1 -0
- package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
- package/dist/chunk-IELYAOGG.js.map +1 -0
- package/dist/chunk-IGUYVGGI.js +205 -0
- package/dist/chunk-IGUYVGGI.js.map +1 -0
- package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
- package/dist/chunk-IO6GRPT6.js.map +1 -0
- package/dist/chunk-IPB7FTQX.js +273 -0
- package/dist/chunk-IPB7FTQX.js.map +1 -0
- package/dist/chunk-ITNUCOXM.js +148 -0
- package/dist/chunk-ITNUCOXM.js.map +1 -0
- package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
- package/dist/chunk-IUEN57TV.js.map +1 -0
- package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
- package/dist/chunk-JNUWZ6D3.js.map +1 -0
- package/dist/chunk-K2WCO3NX.js +1 -0
- package/dist/chunk-KVOXU4T5.js +30 -0
- package/dist/chunk-KVOXU4T5.js.map +1 -0
- package/dist/chunk-KXGNJJXB.js +135 -0
- package/dist/chunk-KXGNJJXB.js.map +1 -0
- package/dist/chunk-LB7FD65R.js +163 -0
- package/dist/chunk-LB7FD65R.js.map +1 -0
- package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
- package/dist/chunk-LFLXAY2W.js.map +1 -0
- package/dist/chunk-LMTH2RM6.js +129 -0
- package/dist/chunk-LMTH2RM6.js.map +1 -0
- package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
- package/dist/chunk-LV7M27WM.js.map +1 -0
- package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
- package/dist/chunk-LXQT4WMP.js.map +1 -0
- package/dist/chunk-M2YKN37S.js +524 -0
- package/dist/chunk-M2YKN37S.js.map +1 -0
- package/dist/chunk-M6OST55S.js +14 -0
- package/dist/chunk-M6OST55S.js.map +1 -0
- package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
- package/dist/chunk-MD3Y6J3L.js.map +1 -0
- package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
- package/dist/chunk-MTMJVJ5W.js.map +1 -0
- package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
- package/dist/chunk-NF5JWERG.js.map +1 -0
- package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
- package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
- package/dist/chunk-PSMV73A5.js +117 -0
- package/dist/chunk-PSMV73A5.js.map +1 -0
- package/dist/chunk-PY4KJPYU.js +9 -0
- package/dist/chunk-PY4KJPYU.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
- package/dist/chunk-Q7SS3IME.js.map +1 -0
- package/dist/chunk-QHJW5EXU.js +54 -0
- package/dist/chunk-QHJW5EXU.js.map +1 -0
- package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
- package/dist/chunk-RUEKROOS.js.map +1 -0
- package/dist/chunk-RUIMKQTA.js +23 -0
- package/dist/chunk-RUIMKQTA.js.map +1 -0
- package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
- package/dist/chunk-SKF73JOP.js.map +1 -0
- package/dist/chunk-SM3AVUHC.js +42 -0
- package/dist/chunk-SM3AVUHC.js.map +1 -0
- package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
- package/dist/chunk-SMXWYP24.js.map +1 -0
- package/dist/chunk-SRB2XEWB.js +148 -0
- package/dist/chunk-SRB2XEWB.js.map +1 -0
- package/dist/chunk-SVLR4POP.js +64 -0
- package/dist/chunk-SVLR4POP.js.map +1 -0
- package/dist/chunk-TA66UMI4.js +123 -0
- package/dist/chunk-TA66UMI4.js.map +1 -0
- package/dist/chunk-TEILUWOI.js +664 -0
- package/dist/chunk-TEILUWOI.js.map +1 -0
- package/dist/chunk-TJYQIGAP.js +82 -0
- package/dist/chunk-TJYQIGAP.js.map +1 -0
- package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
- package/dist/chunk-UAG5KWVA.js.map +1 -0
- package/dist/chunk-UDRIWL7A.js +382 -0
- package/dist/chunk-UDRIWL7A.js.map +1 -0
- package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
- package/dist/chunk-UIU2THRG.js.map +1 -0
- package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
- package/dist/chunk-UPJNJGGA.js.map +1 -0
- package/dist/chunk-UV5MFVO3.js +21 -0
- package/dist/chunk-UV5MFVO3.js.map +1 -0
- package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
- package/dist/chunk-V7RWQRG7.js.map +1 -0
- package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
- package/dist/chunk-VCTFO5CO.js.map +1 -0
- package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
- package/dist/chunk-VFQGRQIH.js.map +1 -0
- package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
- package/dist/chunk-VQNJ7UZL.js.map +1 -0
- package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
- package/dist/chunk-WWGT2MDV.js.map +1 -0
- package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
- package/dist/chunk-WXSYDNBT.js.map +1 -0
- package/dist/chunk-WYSO2NIH.js +30 -0
- package/dist/chunk-WYSO2NIH.js.map +1 -0
- package/dist/chunk-XXYIOFUB.js +164 -0
- package/dist/chunk-XXYIOFUB.js.map +1 -0
- package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
- package/dist/chunk-Y22T3KQE.js.map +1 -0
- package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
- package/dist/chunk-YMUGBZN2.js.map +1 -0
- package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
- package/dist/chunk-ZCGAHGUS.js.map +1 -0
- package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
- package/dist/chunk-ZJADGNYF.js.map +1 -0
- package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
- package/dist/chunk-ZYUC53LT.js.map +1 -0
- package/dist/collection-facade-GQAOGJP2.js +33 -0
- package/dist/consent/index.d.ts +5 -7
- package/dist/consent/index.js +7 -5
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +6 -2
- package/dist/crdt/index.js +3 -2
- package/dist/crdt/index.js.map +1 -1
- package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
- package/dist/delegation-UL5HKLER.js +19 -0
- package/dist/derivations/index.d.ts +7 -9
- package/dist/derivations/index.js +11 -6
- package/dist/describe/index.d.ts +1 -0
- package/dist/describe/index.js +1 -0
- package/dist/describe-aBkJR2sd.d.ts +131 -0
- package/dist/{dev-unlock-p3ysikWP.d.ts → dev-unlock-C9Ro3v_O.d.ts} +1 -1
- package/dist/discriminant-BN9REW3o.d.ts +60 -0
- package/dist/enclave-UL5LW66V.js +88 -0
- package/dist/executor-2FWQRLMG.js +15 -0
- package/dist/executor-QZ7BXICW.js +9 -0
- package/dist/executor-Z5ZLJVTV.js +9 -0
- package/dist/export-accessible-KRV5W4GH.js +17 -0
- package/dist/extract-partition-GLKBOXFQ.js +30 -0
- package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
- package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
- package/dist/forget/index.d.ts +36 -0
- package/dist/forget/index.js +19 -0
- package/dist/forget/index.js.map +1 -0
- package/dist/guards/index.d.ts +13 -9
- package/dist/guards/index.js +12 -5
- package/dist/{hash-BPsYPcv_.d.cts → hash-Cp5uwiox.d.ts} +5 -1
- package/dist/history/index.d.ts +6 -8
- package/dist/history/index.js +19 -12
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +5 -7
- package/dist/i18n/index.js +104 -15
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +5 -0
- package/dist/in/index.js +1 -0
- package/dist/in/index.js.map +1 -0
- package/dist/index-B9QdHytu.d.ts +123 -0
- package/dist/index-BF9_96A5.d.ts +123 -0
- package/dist/{types-DGU60JDt.d.ts → index-BzUo1B6n.d.ts} +16306 -8352
- package/dist/index.d.ts +1088 -450
- package/dist/index.js +1165 -293
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +6 -3
- package/dist/indexing/index.js +6 -5
- package/dist/indexing/index.js.map +1 -1
- package/dist/issue-Y6UVIR43.js +13 -0
- package/dist/issue-Y6UVIR43.js.map +1 -0
- package/dist/kernel/index.d.ts +32 -0
- package/dist/kernel/index.js +53 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
- package/dist/ledger-RYI35CDS.js.map +1 -0
- package/dist/liberate-CRPZEV7O.js +18 -0
- package/dist/liberate-CRPZEV7O.js.map +1 -0
- package/dist/materialized-views/index.d.ts +6 -19
- package/dist/materialized-views/index.js +16 -12
- package/dist/mime-magic-CGhw37_E.d.ts +103 -0
- package/dist/noydb-367AM4HT.js +50 -0
- package/dist/noydb-367AM4HT.js.map +1 -0
- package/dist/on/index.d.ts +5 -0
- package/dist/on/index.js +11 -0
- package/dist/on/index.js.map +1 -0
- package/dist/overlay-views/index.d.ts +27 -11
- package/dist/overlay-views/index.js +7 -6
- package/dist/periods/index.d.ts +5 -7
- package/dist/periods/index.js +13 -9
- package/dist/pod/index.d.ts +63 -0
- package/dist/pod/index.js +61 -0
- package/dist/pod/index.js.map +1 -0
- package/dist/policy-IXK4FVXP.js +41 -0
- package/dist/policy-IXK4FVXP.js.map +1 -0
- package/dist/portability/index.d.ts +20 -0
- package/dist/portability/index.js +43 -0
- package/dist/portability/index.js.map +1 -0
- package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
- package/dist/public-envelope-JHDQCPSX.js.map +1 -0
- package/dist/query/index.d.ts +5 -3
- package/dist/query/index.js +21 -13
- package/dist/read-only-facade-5ADRJVTM.js +8 -0
- package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
- package/dist/registry-45RJNWGU.js +9 -0
- package/dist/registry-45RJNWGU.js.map +1 -0
- package/dist/registry-5GRV5VXI.js +13 -0
- package/dist/registry-5GRV5VXI.js.map +1 -0
- package/dist/registry-VW6P6A3J.js +8 -0
- package/dist/registry-VW6P6A3J.js.map +1 -0
- package/dist/registry-WEUCHBO4.js +11 -0
- package/dist/registry-WEUCHBO4.js.map +1 -0
- package/dist/request-withdrawal-GBPH2FDY.js +25 -0
- package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
- package/dist/revoke-TUFRGI6S.js +18 -0
- package/dist/revoke-TUFRGI6S.js.map +1 -0
- package/dist/sealed-record/index.d.ts +69 -0
- package/dist/sealed-record/index.js +65 -0
- package/dist/sealed-record/index.js.map +1 -0
- package/dist/session/index.d.ts +6 -8
- package/dist/session/index.js +7 -5
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +5 -7
- package/dist/shadow/index.js +4 -3
- package/dist/shadow/index.js.map +1 -1
- package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
- package/dist/signer-PNKTBVF7.js.map +1 -0
- package/dist/snapshots/index.d.ts +16 -11
- package/dist/snapshots/index.js +49 -13
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
- package/dist/stale-3JWHNDIY.js.map +1 -0
- package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
- package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
- package/dist/subject-index-O75wKshW.d.ts +362 -0
- package/dist/sync/index.d.ts +4 -6
- package/dist/sync/index.js +7 -6
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +5 -7
- package/dist/team/index.js +20 -16
- package/dist/tiers/index.d.ts +5 -0
- package/dist/tiers/index.js +33 -0
- package/dist/tiers/index.js.map +1 -0
- package/dist/to/index.d.ts +5 -0
- package/dist/to/index.js +17 -0
- package/dist/to/index.js.map +1 -0
- package/dist/transition-guard-C7ol6oPw.d.ts +165 -0
- package/dist/tx/index.d.ts +23 -9
- package/dist/tx/index.js +13 -8
- package/dist/tx/index.js.map +1 -1
- package/dist/ui/index.d.ts +1 -0
- package/dist/ui/index.js +1 -0
- package/dist/ui/index.js.map +1 -0
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/ulid-PTAIMDG4.js +10 -0
- package/dist/ulid-PTAIMDG4.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +7 -2
- package/dist/util/index.js.map +1 -1
- package/dist/vault-diff-B5fYNBL7.d.ts +147 -0
- package/dist/with/index.d.ts +38 -0
- package/dist/with/index.js +25 -0
- package/dist/with/index.js.map +1 -0
- package/dist/{with-materialized-view-BiasFcYx.d.ts → with-materialized-view-6p0Fk8bL.d.ts} +1 -1
- package/dist/{with-overlayed-view-CQViuko_.d.ts → with-overlayed-view-BJ6mXGMd.d.ts} +2 -3
- package/dist/with-rollup-BvQo3ROo.d.ts +47 -0
- package/dist/withdraw-accessible-FFS46EOD.js +22 -0
- package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
- package/dist/zod-HAJM7LMS.js +14763 -0
- package/dist/zod-HAJM7LMS.js.map +1 -0
- package/package.json +121 -201
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -38
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -52
- package/dist/blobs/index.cjs +0 -1480
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -46
- package/dist/bundle/index.cjs +0 -19104
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -176
- package/dist/chunk-22DWZL57.js.map +0 -1
- package/dist/chunk-2GLDA55J.js.map +0 -1
- package/dist/chunk-2QR2PQTT.js.map +0 -1
- package/dist/chunk-2WUSG3IT.js.map +0 -1
- package/dist/chunk-3BFJOWSU.js.map +0 -1
- package/dist/chunk-3YPCK6JX.js.map +0 -1
- package/dist/chunk-53XBRIRT.js.map +0 -1
- package/dist/chunk-5T22KDPN.js.map +0 -1
- package/dist/chunk-5XHKQ56N.js +0 -340
- package/dist/chunk-5XHKQ56N.js.map +0 -1
- package/dist/chunk-6774ZOQ7.js.map +0 -1
- package/dist/chunk-6STK5TQP.js +0 -139
- package/dist/chunk-6STK5TQP.js.map +0 -1
- package/dist/chunk-A3JMGXPG.js.map +0 -1
- package/dist/chunk-B6PB7JLN.js.map +0 -1
- package/dist/chunk-BVRYKATC.js.map +0 -1
- package/dist/chunk-DE6GKS6G.js.map +0 -1
- package/dist/chunk-DFMLEQZB.js.map +0 -1
- package/dist/chunk-DJHHA6XH.js.map +0 -1
- package/dist/chunk-DL3HWOQ5.js.map +0 -1
- package/dist/chunk-DONMZAD2.js.map +0 -1
- package/dist/chunk-EMIGCR7X.js.map +0 -1
- package/dist/chunk-F3GDRNUT.js.map +0 -1
- package/dist/chunk-FZU343FL.js.map +0 -1
- package/dist/chunk-H2X3ISXG.js.map +0 -1
- package/dist/chunk-HNRHLRDC.js.map +0 -1
- package/dist/chunk-I5FOWO4J.js.map +0 -1
- package/dist/chunk-J66GRPNH.js.map +0 -1
- package/dist/chunk-JWRVQKRZ.js.map +0 -1
- package/dist/chunk-K3DK3NU5.js.map +0 -1
- package/dist/chunk-ML236QKC.js.map +0 -1
- package/dist/chunk-NONAAENK.js.map +0 -1
- package/dist/chunk-O3VZPBZG.js.map +0 -1
- package/dist/chunk-OIF6LZUR.js.map +0 -1
- package/dist/chunk-OQ6PIGHA.js +0 -19
- package/dist/chunk-OQ6PIGHA.js.map +0 -1
- package/dist/chunk-PE2FR4J3.js.map +0 -1
- package/dist/chunk-PP6W64Y3.js +0 -275
- package/dist/chunk-PP6W64Y3.js.map +0 -1
- package/dist/chunk-PX35GA7L.js.map +0 -1
- package/dist/chunk-QEILDE6R.js +0 -793
- package/dist/chunk-QEILDE6R.js.map +0 -1
- package/dist/chunk-QODLLGQ7.js.map +0 -1
- package/dist/chunk-RAZ4OVLL.js +0 -51
- package/dist/chunk-RAZ4OVLL.js.map +0 -1
- package/dist/chunk-SYMWGEET.js.map +0 -1
- package/dist/chunk-T7JEBOGN.js.map +0 -1
- package/dist/chunk-TFBP23BX.js.map +0 -1
- package/dist/chunk-TV3YZ35S.js +0 -90
- package/dist/chunk-TV3YZ35S.js.map +0 -1
- package/dist/chunk-U26HQ6KJ.js.map +0 -1
- package/dist/chunk-UF3BUNQZ.js +0 -1
- package/dist/chunk-UMLVJTYV.js +0 -20
- package/dist/chunk-UMLVJTYV.js.map +0 -1
- package/dist/chunk-VTKGMEPP.js.map +0 -1
- package/dist/chunk-W6EQLGMB.js +0 -100
- package/dist/chunk-W6EQLGMB.js.map +0 -1
- package/dist/chunk-WIRRPTFH.js +0 -17
- package/dist/chunk-WIRRPTFH.js.map +0 -1
- package/dist/chunk-WPLVTJ5D.js.map +0 -1
- package/dist/chunk-XJFLDA7A.js.map +0 -1
- package/dist/chunk-Z6FNBOTC.js.map +0 -1
- package/dist/chunk-ZYWZWG6G.js.map +0 -1
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -25
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/crypto-HTZ4FJOP.js +0 -44
- package/dist/delegation-RI54P6I5.js +0 -17
- package/dist/derivations/index.cjs +0 -351
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -72
- package/dist/dev-unlock-M4VAWNq_.d.cts +0 -263
- package/dist/executor-5PNY7LGW.js +0 -8
- package/dist/executor-B4QIYGZX.js +0 -8
- package/dist/executor-BWXXDQ7K.js +0 -11
- package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
- package/dist/guards/index.cjs +0 -322
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -31
- package/dist/hash-C1GtiOhR.d.ts +0 -63
- package/dist/history/index.cjs +0 -1222
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -63
- package/dist/i18n/index.cjs +0 -1100
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -39
- package/dist/index-4fBVt8j9.d.cts +0 -2387
- package/dist/index-D8I_pyJD.d.ts +0 -2387
- package/dist/index.cjs +0 -24334
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -776
- package/dist/indexing/index.cjs +0 -742
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/issue-VGDPP4B5.js +0 -12
- package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
- package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -854
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -186
- package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
- package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
- package/dist/noydb-LZBH3XDK.js +0 -34
- package/dist/overlay-views/index.cjs +0 -359
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -82
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -22
- package/dist/predicate-BSAGEyu5.d.cts +0 -209
- package/dist/predicate-BSAGEyu5.d.ts +0 -209
- package/dist/query/index.cjs +0 -2375
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -3
- package/dist/read-only-facade-ITU6L7BL.js +0 -7
- package/dist/registry-3QP3YKQS.js +0 -8
- package/dist/registry-DKEXOJVO.js +0 -7
- package/dist/registry-OJIOSBV6.js +0 -10
- package/dist/registry-USRVT6YF.js +0 -8
- package/dist/revoke-JCC7N56X.js +0 -17
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -46
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -17
- package/dist/snapshots/index.cjs +0 -903
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -21
- package/dist/store/index.cjs +0 -1083
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -492
- package/dist/store/index.d.ts +0 -492
- package/dist/store/index.js +0 -37
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-BSxFXGzb.d.ts +0 -110
- package/dist/strategy-DSTrsZ8t.d.cts +0 -601
- package/dist/strategy-DSTrsZ8t.d.ts +0 -601
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -43
- package/dist/team/index.cjs +0 -2798
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -118
- package/dist/tx/index.cjs +0 -544
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -21
- package/dist/types-DjunxzJa.d.cts +0 -12776
- package/dist/ulid-COREQ2RQ.js +0 -9
- package/dist/ulid-DPeuPgi3.d.cts +0 -603
- package/dist/util/index.cjs +0 -230
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -77
- package/dist/with-derivation-Df0kMlED.d.cts +0 -13
- package/dist/with-derivation-DfOpKjFw.d.ts +0 -13
- package/dist/with-guard-0KksDtSR.d.ts +0 -18
- package/dist/with-guard-C6W5RVrH.d.cts +0 -18
- package/dist/with-materialized-view-BmDKyHrm.d.cts +0 -27
- package/dist/with-overlayed-view-CA66vhHz.d.cts +0 -13
- /package/dist/{store → adapter}/index.js.map +0 -0
- /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
- /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
- /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
- /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
- /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
- /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
- /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
- /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
- /package/dist/{noydb-LZBH3XDK.js.map → chunk-K2WCO3NX.js.map} +0 -0
- /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
- /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
- /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
- /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
- /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
- /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
- /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
- /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
- /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
- /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
package/dist/query/index.js
CHANGED
|
@@ -7,17 +7,10 @@ import {
|
|
|
7
7
|
buildLiveQuery,
|
|
8
8
|
executePlan,
|
|
9
9
|
resetJoinWarnings
|
|
10
|
-
} from "../chunk-
|
|
10
|
+
} from "../chunk-UIU2THRG.js";
|
|
11
11
|
import {
|
|
12
12
|
CollectionIndexes
|
|
13
|
-
} from "../chunk-
|
|
14
|
-
import {
|
|
15
|
-
avg,
|
|
16
|
-
count,
|
|
17
|
-
max,
|
|
18
|
-
min,
|
|
19
|
-
sum
|
|
20
|
-
} from "../chunk-W6EQLGMB.js";
|
|
13
|
+
} from "../chunk-I3TIKTJO.js";
|
|
21
14
|
import {
|
|
22
15
|
Aggregation,
|
|
23
16
|
GROUPBY_MAX_CARDINALITY,
|
|
@@ -25,16 +18,26 @@ import {
|
|
|
25
18
|
GroupedAggregation,
|
|
26
19
|
GroupedQuery,
|
|
27
20
|
GroupedQueryN,
|
|
21
|
+
avg,
|
|
28
22
|
buildLiveAggregation,
|
|
23
|
+
count,
|
|
29
24
|
groupAndReduce,
|
|
25
|
+
max,
|
|
26
|
+
min,
|
|
27
|
+
moneyMax,
|
|
28
|
+
moneyMin,
|
|
29
|
+
moneySum,
|
|
30
30
|
reduceRecords,
|
|
31
|
-
|
|
32
|
-
|
|
31
|
+
reducerBuilder,
|
|
32
|
+
resetGroupByWarnings,
|
|
33
|
+
sum
|
|
34
|
+
} from "../chunk-LV7M27WM.js";
|
|
33
35
|
import {
|
|
34
36
|
evaluateClause,
|
|
35
37
|
evaluateFieldClause,
|
|
36
38
|
readPath
|
|
37
|
-
} from "../chunk-
|
|
39
|
+
} from "../chunk-M2YKN37S.js";
|
|
40
|
+
import "../chunk-5LUY7UTV.js";
|
|
38
41
|
import {
|
|
39
42
|
CrossJoinSourceUnknownError,
|
|
40
43
|
CrossJoinTooLargeError,
|
|
@@ -43,7 +46,8 @@ import {
|
|
|
43
46
|
IndexRequiredError,
|
|
44
47
|
IndexWriteFailureError,
|
|
45
48
|
JoinTooLargeError
|
|
46
|
-
} from "../chunk-
|
|
49
|
+
} from "../chunk-ZYUC53LT.js";
|
|
50
|
+
import "../chunk-PZ5AY32C.js";
|
|
47
51
|
export {
|
|
48
52
|
Aggregation,
|
|
49
53
|
CollectionIndexes,
|
|
@@ -74,8 +78,12 @@ export {
|
|
|
74
78
|
groupAndReduce,
|
|
75
79
|
max,
|
|
76
80
|
min,
|
|
81
|
+
moneyMax,
|
|
82
|
+
moneyMin,
|
|
83
|
+
moneySum,
|
|
77
84
|
readPath,
|
|
78
85
|
reduceRecords,
|
|
86
|
+
reducerBuilder,
|
|
79
87
|
resetGroupByWarnings,
|
|
80
88
|
resetJoinWarnings,
|
|
81
89
|
sum
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import {
|
|
2
|
+
MaterializedViewRegistry,
|
|
3
|
+
wrapDbWithPredicates
|
|
4
|
+
} from "./chunk-62QYRORB.js";
|
|
5
|
+
import "./chunk-5O3AOPDT.js";
|
|
6
|
+
import "./chunk-5TDJ56JE.js";
|
|
7
|
+
import "./chunk-ZYUC53LT.js";
|
|
8
|
+
import "./chunk-PZ5AY32C.js";
|
|
9
|
+
export {
|
|
10
|
+
MaterializedViewRegistry,
|
|
11
|
+
wrapDbWithPredicates
|
|
12
|
+
};
|
|
13
|
+
//# sourceMappingURL=registry-5GRV5VXI.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import {
|
|
2
|
+
DerivationRegistry
|
|
3
|
+
} from "./chunk-Q7SS3IME.js";
|
|
4
|
+
import "./chunk-5O3AOPDT.js";
|
|
5
|
+
import "./chunk-5TDJ56JE.js";
|
|
6
|
+
import "./chunk-ZYUC53LT.js";
|
|
7
|
+
import "./chunk-PZ5AY32C.js";
|
|
8
|
+
export {
|
|
9
|
+
DerivationRegistry
|
|
10
|
+
};
|
|
11
|
+
//# sourceMappingURL=registry-WEUCHBO4.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import {
|
|
2
|
+
WITHDRAWAL_REQUESTS_COLLECTION,
|
|
3
|
+
WithdrawalRequestError,
|
|
4
|
+
approveWithdrawal,
|
|
5
|
+
listWithdrawalRequests,
|
|
6
|
+
rejectWithdrawal,
|
|
7
|
+
requestWithdrawal
|
|
8
|
+
} from "./chunk-XXYIOFUB.js";
|
|
9
|
+
import "./chunk-PSMV73A5.js";
|
|
10
|
+
import "./chunk-HCIPRAGS.js";
|
|
11
|
+
import "./chunk-FISN7WE4.js";
|
|
12
|
+
import "./chunk-SMXWYP24.js";
|
|
13
|
+
import "./chunk-5O3AOPDT.js";
|
|
14
|
+
import "./chunk-5TDJ56JE.js";
|
|
15
|
+
import "./chunk-ZYUC53LT.js";
|
|
16
|
+
import "./chunk-PZ5AY32C.js";
|
|
17
|
+
export {
|
|
18
|
+
WITHDRAWAL_REQUESTS_COLLECTION,
|
|
19
|
+
WithdrawalRequestError,
|
|
20
|
+
approveWithdrawal,
|
|
21
|
+
listWithdrawalRequests,
|
|
22
|
+
rejectWithdrawal,
|
|
23
|
+
requestWithdrawal
|
|
24
|
+
};
|
|
25
|
+
//# sourceMappingURL=request-withdrawal-GBPH2FDY.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import {
|
|
2
|
+
getRevokedDocIdsCore,
|
|
3
|
+
publishRevocationListCore,
|
|
4
|
+
revokeDocCore,
|
|
5
|
+
unrevokeDocCore
|
|
6
|
+
} from "./chunk-I2NOIW44.js";
|
|
7
|
+
import "./chunk-JNUWZ6D3.js";
|
|
8
|
+
import "./chunk-5O3AOPDT.js";
|
|
9
|
+
import "./chunk-5TDJ56JE.js";
|
|
10
|
+
import "./chunk-ZYUC53LT.js";
|
|
11
|
+
import "./chunk-PZ5AY32C.js";
|
|
12
|
+
export {
|
|
13
|
+
getRevokedDocIdsCore,
|
|
14
|
+
publishRevocationListCore,
|
|
15
|
+
revokeDocCore,
|
|
16
|
+
unrevokeDocCore
|
|
17
|
+
};
|
|
18
|
+
//# sourceMappingURL=revoke-TUFRGI6S.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { d8 as SealedRecordStrategy, d9 as SealedCekDeliveryEnvelope } from '../index-BzUo1B6n.js';
|
|
2
|
+
export { da as NO_SEALED_RECORD, db as SealedCekBinding, dc as SealedRecordExpiredError, dd as SealedRecordMismatchError, de as SealedRecordNotEnabledError } from '../index-BzUo1B6n.js';
|
|
3
|
+
import '../subject-index-O75wKshW.js';
|
|
4
|
+
import '../describe-aBkJR2sd.js';
|
|
5
|
+
import '../index-B9QdHytu.js';
|
|
6
|
+
import '@noy-db/attestation';
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* Enable the sealed-record (grantor-side) capability.
|
|
10
|
+
* Pass to `createNoydb({ sealedRecordStrategy: withSealedRecord() })` to make a
|
|
11
|
+
* vault's `sealRecordToHost` / `revokeSealedRecord` / `rotateRecordCek` methods
|
|
12
|
+
* live. The `record-keys` grantor engine is dynamically imported here, so it is
|
|
13
|
+
* reached only via opt-in.
|
|
14
|
+
*/
|
|
15
|
+
|
|
16
|
+
declare function withSealedRecord(): SealedRecordStrategy;
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* `@noy-db/hub/sealed-record` — host-side opener for record-scoped CEK
|
|
20
|
+
* sealing.
|
|
21
|
+
*
|
|
22
|
+
* The **grantor** side (sealing a record's CEK to a host, revoking, and hard
|
|
23
|
+
* rotation) lives on `Vault` (`vault.sealRecordToHost` /
|
|
24
|
+
* `vault.revokeSealedRecord` / `vault.rotateRecordCek`) because it needs the
|
|
25
|
+
* collection DEK. This subpath exposes the **recipient host** side:
|
|
26
|
+
* {@link openSealedRecord} reconstructs a single record's plaintext from
|
|
27
|
+
* (a) the sealed-CEK delivery envelope, (b) the record's encrypted envelope
|
|
28
|
+
* body, and (c) the host's own unsealer — and **nothing else**. The host never
|
|
29
|
+
* touches a vault DEK and can decrypt exactly the one bound record.
|
|
30
|
+
*
|
|
31
|
+
* @module
|
|
32
|
+
*/
|
|
33
|
+
|
|
34
|
+
/**
|
|
35
|
+
* Host-side: decrypt a single record whose CEK was sealed to this host by a
|
|
36
|
+
* vault grantor via `vault.sealRecordToHost()`.
|
|
37
|
+
*
|
|
38
|
+
* Verification order (security-critical — do NOT reorder past the unseal):
|
|
39
|
+
* 1. **Fast-path expiry** — reject on the delivery envelope's clear-text
|
|
40
|
+
* `expiresAt` before doing any (potentially expensive) unseal work. This is
|
|
41
|
+
* a hint only.
|
|
42
|
+
* 2. **Unseal** the `payload` with the host's `recipientSealer.unseal` →
|
|
43
|
+
* parse the {@link SealedCekBinding}.
|
|
44
|
+
* 3. **Binding match** — the binding's `{collection, id}` MUST equal the
|
|
45
|
+
* expected pair, else {@link SealedRecordMismatchError}. This is the
|
|
46
|
+
* host-denial boundary (a CEK sealed for record A cannot open record B).
|
|
47
|
+
* 4. **Authoritative expiry** — re-check `binding.expiresAt` (the copy that
|
|
48
|
+
* cannot be forged by editing the delivery envelope), else
|
|
49
|
+
* {@link SealedRecordExpiredError}.
|
|
50
|
+
* 5. **Decrypt** the record body under the unsealed CEK. A CEK from a
|
|
51
|
+
* PRE-rotation seal applied to a POST-rotation live envelope passes (1)-(4)
|
|
52
|
+
* but fails the AES-GCM auth tag → `TamperedError` from `decrypt`.
|
|
53
|
+
*
|
|
54
|
+
* @param sealedCekEnvelope The `SealedCekDeliveryEnvelope` written by the grantor.
|
|
55
|
+
* @param recordEnvelope The record's `{ _iv, _data }` (the encrypted body).
|
|
56
|
+
* @param recipientSealer The host's unsealer (`{ unseal(bytes) }`) — e.g. a
|
|
57
|
+
* KMS-backed sealer or `MemoryRecipientSealer`.
|
|
58
|
+
* @param expectedCollection Collection the caller believes `recordEnvelope` is in.
|
|
59
|
+
* @param expectedId Record id the caller believes `recordEnvelope` is.
|
|
60
|
+
* @returns The decrypted record body as a JSON string.
|
|
61
|
+
*/
|
|
62
|
+
declare function openSealedRecord(sealedCekEnvelope: SealedCekDeliveryEnvelope, recordEnvelope: {
|
|
63
|
+
readonly _iv: string;
|
|
64
|
+
readonly _data: string;
|
|
65
|
+
}, recipientSealer: {
|
|
66
|
+
unseal(bytes: Uint8Array): Promise<Uint8Array>;
|
|
67
|
+
}, expectedCollection: string, expectedId: string): Promise<string>;
|
|
68
|
+
|
|
69
|
+
export { SealedCekDeliveryEnvelope, SealedRecordStrategy, openSealedRecord, withSealedRecord };
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import {
|
|
2
|
+
NO_SEALED_RECORD
|
|
3
|
+
} from "../chunk-UV5MFVO3.js";
|
|
4
|
+
import {
|
|
5
|
+
base64ToBuffer,
|
|
6
|
+
decrypt,
|
|
7
|
+
importCek
|
|
8
|
+
} from "../chunk-5O3AOPDT.js";
|
|
9
|
+
import "../chunk-5TDJ56JE.js";
|
|
10
|
+
import {
|
|
11
|
+
SealedRecordExpiredError,
|
|
12
|
+
SealedRecordMismatchError,
|
|
13
|
+
SealedRecordNotEnabledError
|
|
14
|
+
} from "../chunk-ZYUC53LT.js";
|
|
15
|
+
import "../chunk-PZ5AY32C.js";
|
|
16
|
+
|
|
17
|
+
// src/with-audit/sealed-record/active.ts
|
|
18
|
+
function withSealedRecord() {
|
|
19
|
+
return {
|
|
20
|
+
async sealRecordToHost(ctx, collection, id, hostSealer, opts) {
|
|
21
|
+
const { sealRecordToHost } = await import("../enclave-UL5LW66V.js");
|
|
22
|
+
return sealRecordToHost(ctx, collection, id, hostSealer, opts);
|
|
23
|
+
},
|
|
24
|
+
async revokeSealedRecord(ctx, collection, id, pid, opts) {
|
|
25
|
+
const { revokeSealedRecord } = await import("../enclave-UL5LW66V.js");
|
|
26
|
+
return revokeSealedRecord(ctx, collection, id, pid, opts);
|
|
27
|
+
},
|
|
28
|
+
async rotateRecordCek(ctx, collection, id) {
|
|
29
|
+
const { rotateRecordCek } = await import("../enclave-UL5LW66V.js");
|
|
30
|
+
return rotateRecordCek(ctx, collection, id);
|
|
31
|
+
}
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
// src/with-audit/sealed-record/index.ts
|
|
36
|
+
async function openSealedRecord(sealedCekEnvelope, recordEnvelope, recipientSealer, expectedCollection, expectedId) {
|
|
37
|
+
const fastT = Date.parse(sealedCekEnvelope.expiresAt);
|
|
38
|
+
if (!Number.isFinite(fastT) || fastT <= Date.now()) {
|
|
39
|
+
throw new SealedRecordExpiredError(sealedCekEnvelope.expiresAt);
|
|
40
|
+
}
|
|
41
|
+
const payloadBytes = base64ToBuffer(sealedCekEnvelope.payload);
|
|
42
|
+
const openedBytes = await recipientSealer.unseal(payloadBytes);
|
|
43
|
+
const binding = JSON.parse(new TextDecoder().decode(openedBytes));
|
|
44
|
+
if (binding.collection !== expectedCollection || binding.id !== expectedId) {
|
|
45
|
+
throw new SealedRecordMismatchError(
|
|
46
|
+
{ collection: expectedCollection, id: expectedId },
|
|
47
|
+
{ collection: binding.collection, id: binding.id }
|
|
48
|
+
);
|
|
49
|
+
}
|
|
50
|
+
const t = Date.parse(binding.expiresAt);
|
|
51
|
+
if (!Number.isFinite(t) || t <= Date.now()) {
|
|
52
|
+
throw new SealedRecordExpiredError(binding.expiresAt);
|
|
53
|
+
}
|
|
54
|
+
const cek = await importCek(base64ToBuffer(binding.cek));
|
|
55
|
+
return decrypt(recordEnvelope._iv, recordEnvelope._data, cek);
|
|
56
|
+
}
|
|
57
|
+
export {
|
|
58
|
+
NO_SEALED_RECORD,
|
|
59
|
+
SealedRecordExpiredError,
|
|
60
|
+
SealedRecordMismatchError,
|
|
61
|
+
SealedRecordNotEnabledError,
|
|
62
|
+
openSealedRecord,
|
|
63
|
+
withSealedRecord
|
|
64
|
+
};
|
|
65
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/with-audit/sealed-record/active.ts","../../src/with-audit/sealed-record/index.ts"],"sourcesContent":["/**\n * Enable the sealed-record (grantor-side) capability.\n * Pass to `createNoydb({ sealedRecordStrategy: withSealedRecord() })` to make a\n * vault's `sealRecordToHost` / `revokeSealedRecord` / `rotateRecordCek` methods\n * live. The `record-keys` grantor engine is dynamically imported here, so it is\n * reached only via opt-in.\n */\nimport type { SealedRecordStrategy } from './strategy.js'\n\nexport function withSealedRecord(): SealedRecordStrategy {\n return {\n async sealRecordToHost(ctx, collection, id, hostSealer, opts) {\n const { sealRecordToHost } = await import('../../kernel/enclave/index.js')\n return sealRecordToHost(ctx, collection, id, hostSealer, opts)\n },\n async revokeSealedRecord(ctx, collection, id, pid, opts) {\n const { revokeSealedRecord } = await import('../../kernel/enclave/index.js')\n return revokeSealedRecord(ctx, collection, id, pid, opts)\n },\n async rotateRecordCek(ctx, collection, id) {\n const { rotateRecordCek } = await import('../../kernel/enclave/index.js')\n return rotateRecordCek(ctx, collection, id)\n },\n }\n}\n","/**\n * `@noy-db/hub/sealed-record` — host-side opener for record-scoped CEK\n * sealing.\n *\n * The **grantor** side (sealing a record's CEK to a host, revoking, and hard\n * rotation) lives on `Vault` (`vault.sealRecordToHost` /\n * `vault.revokeSealedRecord` / `vault.rotateRecordCek`) because it needs the\n * collection DEK. This subpath exposes the **recipient host** side:\n * {@link openSealedRecord} reconstructs a single record's plaintext from\n * (a) the sealed-CEK delivery envelope, (b) the record's encrypted envelope\n * body, and (c) the host's own unsealer — and **nothing else**. The host never\n * touches a vault DEK and can decrypt exactly the one bound record.\n *\n * @module\n */\n\nimport { decrypt, base64ToBuffer, importCek } from '../../kernel/enclave/index.js'\nimport {\n SealedRecordExpiredError,\n SealedRecordMismatchError,\n} from '../../kernel/errors.js'\nimport type {\n SealedCekDeliveryEnvelope,\n SealedCekBinding,\n} from './types.js'\n\nexport type { SealedCekDeliveryEnvelope, SealedCekBinding } from './types.js'\nexport { SealedRecordExpiredError, SealedRecordMismatchError } from '../../kernel/errors.js'\nexport { withSealedRecord } from './active.js'\nexport { NO_SEALED_RECORD, type SealedRecordStrategy } from './strategy.js'\nexport { SealedRecordNotEnabledError } from '../../kernel/errors.js'\n\n/**\n * Host-side: decrypt a single record whose CEK was sealed to this host by a\n * vault grantor via `vault.sealRecordToHost()`.\n *\n * Verification order (security-critical — do NOT reorder past the unseal):\n * 1. **Fast-path expiry** — reject on the delivery envelope's clear-text\n * `expiresAt` before doing any (potentially expensive) unseal work. This is\n * a hint only.\n * 2. **Unseal** the `payload` with the host's `recipientSealer.unseal` →\n * parse the {@link SealedCekBinding}.\n * 3. **Binding match** — the binding's `{collection, id}` MUST equal the\n * expected pair, else {@link SealedRecordMismatchError}. This is the\n * host-denial boundary (a CEK sealed for record A cannot open record B).\n * 4. **Authoritative expiry** — re-check `binding.expiresAt` (the copy that\n * cannot be forged by editing the delivery envelope), else\n * {@link SealedRecordExpiredError}.\n * 5. **Decrypt** the record body under the unsealed CEK. A CEK from a\n * PRE-rotation seal applied to a POST-rotation live envelope passes (1)-(4)\n * but fails the AES-GCM auth tag → `TamperedError` from `decrypt`.\n *\n * @param sealedCekEnvelope The `SealedCekDeliveryEnvelope` written by the grantor.\n * @param recordEnvelope The record's `{ _iv, _data }` (the encrypted body).\n * @param recipientSealer The host's unsealer (`{ unseal(bytes) }`) — e.g. a\n * KMS-backed sealer or `MemoryRecipientSealer`.\n * @param expectedCollection Collection the caller believes `recordEnvelope` is in.\n * @param expectedId Record id the caller believes `recordEnvelope` is.\n * @returns The decrypted record body as a JSON string.\n */\nexport async function openSealedRecord(\n sealedCekEnvelope: SealedCekDeliveryEnvelope,\n recordEnvelope: { readonly _iv: string; readonly _data: string },\n recipientSealer: { unseal(bytes: Uint8Array): Promise<Uint8Array> },\n expectedCollection: string,\n expectedId: string,\n): Promise<string> {\n // (1) Fast-path expiry on the (unauthenticated) delivery envelope. Fail\n // CLOSED (M-4): a malformed/empty `expiresAt` parses to NaN — treat it as\n // expired rather than letting `NaN <= now` (which is `false`) skip the check.\n const fastT = Date.parse(sealedCekEnvelope.expiresAt)\n if (!Number.isFinite(fastT) || fastT <= Date.now()) {\n throw new SealedRecordExpiredError(sealedCekEnvelope.expiresAt)\n }\n\n // (2) Unseal → parse binding.\n const payloadBytes = base64ToBuffer(sealedCekEnvelope.payload)\n const openedBytes = await recipientSealer.unseal(payloadBytes)\n const binding = JSON.parse(new TextDecoder().decode(openedBytes)) as SealedCekBinding\n\n // (3) Binding match — host-denial boundary.\n if (binding.collection !== expectedCollection || binding.id !== expectedId) {\n throw new SealedRecordMismatchError(\n { collection: expectedCollection, id: expectedId },\n { collection: binding.collection, id: binding.id },\n )\n }\n\n // (4) Authoritative expiry — the copy that cannot be forged on the envelope.\n // Fail CLOSED (M-4): a malformed/empty `expiresAt` → NaN → treat as expired.\n const t = Date.parse(binding.expiresAt)\n if (!Number.isFinite(t) || t <= Date.now()) {\n throw new SealedRecordExpiredError(binding.expiresAt)\n }\n\n // (5) Import the raw CEK + decrypt the body. Wrong-key (pre-rotation CEK vs\n // post-rotation body) surfaces as TamperedError from decrypt's GCM tag check.\n const cek = await importCek(base64ToBuffer(binding.cek))\n return decrypt(recordEnvelope._iv, recordEnvelope._data, cek)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AASO,SAAS,mBAAyC;AACvD,SAAO;AAAA,IACL,MAAM,iBAAiB,KAAK,YAAY,IAAI,YAAY,MAAM;AAC5D,YAAM,EAAE,iBAAiB,IAAI,MAAM,OAAO,wBAA+B;AACzE,aAAO,iBAAiB,KAAK,YAAY,IAAI,YAAY,IAAI;AAAA,IAC/D;AAAA,IACA,MAAM,mBAAmB,KAAK,YAAY,IAAI,KAAK,MAAM;AACvD,YAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,wBAA+B;AAC3E,aAAO,mBAAmB,KAAK,YAAY,IAAI,KAAK,IAAI;AAAA,IAC1D;AAAA,IACA,MAAM,gBAAgB,KAAK,YAAY,IAAI;AACzC,YAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,wBAA+B;AACxE,aAAO,gBAAgB,KAAK,YAAY,EAAE;AAAA,IAC5C;AAAA,EACF;AACF;;;ACoCA,eAAsB,iBACpB,mBACA,gBACA,iBACA,oBACA,YACiB;AAIjB,QAAM,QAAQ,KAAK,MAAM,kBAAkB,SAAS;AACpD,MAAI,CAAC,OAAO,SAAS,KAAK,KAAK,SAAS,KAAK,IAAI,GAAG;AAClD,UAAM,IAAI,yBAAyB,kBAAkB,SAAS;AAAA,EAChE;AAGA,QAAM,eAAe,eAAe,kBAAkB,OAAO;AAC7D,QAAM,cAAc,MAAM,gBAAgB,OAAO,YAAY;AAC7D,QAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,WAAW,CAAC;AAGhE,MAAI,QAAQ,eAAe,sBAAsB,QAAQ,OAAO,YAAY;AAC1E,UAAM,IAAI;AAAA,MACR,EAAE,YAAY,oBAAoB,IAAI,WAAW;AAAA,MACjD,EAAE,YAAY,QAAQ,YAAY,IAAI,QAAQ,GAAG;AAAA,IACnD;AAAA,EACF;AAIA,QAAM,IAAI,KAAK,MAAM,QAAQ,SAAS;AACtC,MAAI,CAAC,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,IAAI,GAAG;AAC1C,UAAM,IAAI,yBAAyB,QAAQ,SAAS;AAAA,EACtD;AAIA,QAAM,MAAM,MAAM,UAAU,eAAe,QAAQ,GAAG,CAAC;AACvD,SAAO,QAAQ,eAAe,KAAK,eAAe,OAAO,GAAG;AAC9D;","names":[]}
|
package/dist/session/index.d.ts
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from '../dev-unlock-
|
|
2
|
-
import {
|
|
3
|
-
export { P as PolicyEnforcer,
|
|
4
|
-
|
|
5
|
-
import '../
|
|
6
|
-
import '../
|
|
7
|
-
import '../strategy-DSTrsZ8t.js';
|
|
8
|
-
import '../strategy-BSxFXGzb.js';
|
|
1
|
+
export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from '../dev-unlock-C9Ro3v_O.js';
|
|
2
|
+
import { H as SessionStrategy } from '../index-BzUo1B6n.js';
|
|
3
|
+
export { P as PolicyEnforcer, J as SessionExpiredError, K as SessionNotFoundError, N as SessionPolicyError, Q as createEnforcer, W as validateSessionPolicy } from '../index-BzUo1B6n.js';
|
|
4
|
+
import '../subject-index-O75wKshW.js';
|
|
5
|
+
import '../describe-aBkJR2sd.js';
|
|
6
|
+
import '../index-B9QdHytu.js';
|
|
9
7
|
import '@noy-db/attestation';
|
|
10
8
|
|
|
11
9
|
/**
|
package/dist/session/index.js
CHANGED
|
@@ -12,16 +12,18 @@ import {
|
|
|
12
12
|
revokeAllSessions,
|
|
13
13
|
revokeSession,
|
|
14
14
|
validateSessionPolicy
|
|
15
|
-
} from "../chunk-
|
|
16
|
-
import "../chunk-
|
|
17
|
-
import "../chunk-
|
|
15
|
+
} from "../chunk-UAG5KWVA.js";
|
|
16
|
+
import "../chunk-ZJADGNYF.js";
|
|
17
|
+
import "../chunk-5O3AOPDT.js";
|
|
18
|
+
import "../chunk-5TDJ56JE.js";
|
|
18
19
|
import {
|
|
19
20
|
SessionExpiredError,
|
|
20
21
|
SessionNotFoundError,
|
|
21
22
|
SessionPolicyError
|
|
22
|
-
} from "../chunk-
|
|
23
|
+
} from "../chunk-ZYUC53LT.js";
|
|
24
|
+
import "../chunk-PZ5AY32C.js";
|
|
23
25
|
|
|
24
|
-
// src/session/active.ts
|
|
26
|
+
// src/with-party/session/active.ts
|
|
25
27
|
function withSession() {
|
|
26
28
|
return {
|
|
27
29
|
validateSessionPolicy,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/session/active.ts"],"sourcesContent":["/**\n * Active session strategy — `withSession()` returns the real\n * implementation that wires `SessionPolicy` validation, the\n * `PolicyEnforcer`, and the global session-token registry into the\n * Noydb lifecycle.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withSession } from '@noy-db/hub/session'\n *\n * const db = await createNoydb({\n * store: ...,\n * user: ...,\n * sessionPolicy: { idleTimeoutMs: 15 * 60_000 },\n * sessionStrategy: withSession(),\n * })\n * ```\n *\n * The factory delegates to the existing `session-policy.ts` and\n * `session.ts` modules. Splitting the import chain through this file\n * is what lets tsup tree-shake the ~495 LOC of policy + token code\n * out of the default bundle when no `withSession()` import is\n * present.\n *\n * Note: dev-unlock (`devUnlock`, `cancelDevUnlock`) is a separate\n * named import from `@noy-db/hub` and tree-shakes independently —\n * apps that don't import it never include it.\n *\n * @public\n */\n\nimport type { SessionStrategy } from './strategy.js'\nimport { createEnforcer, validateSessionPolicy } from './session-policy.js'\nimport { revokeAllSessions } from './session.js'\n\nexport function withSession(): SessionStrategy {\n return {\n validateSessionPolicy,\n createEnforcer,\n revokeAllSessions,\n }\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../src/with-party/session/active.ts"],"sourcesContent":["/**\n * Active session strategy — `withSession()` returns the real\n * implementation that wires `SessionPolicy` validation, the\n * `PolicyEnforcer`, and the global session-token registry into the\n * Noydb lifecycle.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withSession } from '@noy-db/hub/session'\n *\n * const db = await createNoydb({\n * store: ...,\n * user: ...,\n * sessionPolicy: { idleTimeoutMs: 15 * 60_000 },\n * sessionStrategy: withSession(),\n * })\n * ```\n *\n * The factory delegates to the existing `session-policy.ts` and\n * `session.ts` modules. Splitting the import chain through this file\n * is what lets tsup tree-shake the ~495 LOC of policy + token code\n * out of the default bundle when no `withSession()` import is\n * present.\n *\n * Note: dev-unlock (`devUnlock`, `cancelDevUnlock`) is a separate\n * named import from `@noy-db/hub` and tree-shakes independently —\n * apps that don't import it never include it.\n *\n * @public\n */\n\nimport type { SessionStrategy } from './strategy.js'\nimport { createEnforcer, validateSessionPolicy } from './session-policy.js'\nimport { revokeAllSessions } from './session.js'\n\nexport function withSession(): SessionStrategy {\n return {\n validateSessionPolicy,\n createEnforcer,\n revokeAllSessions,\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAqCO,SAAS,cAA+B;AAC7C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
|
package/dist/shadow/index.d.ts
CHANGED
|
@@ -1,10 +1,8 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
import '../
|
|
4
|
-
import '../
|
|
5
|
-
import '../
|
|
6
|
-
import '../strategy-BSxFXGzb.js';
|
|
7
|
-
import '../index-D8I_pyJD.js';
|
|
1
|
+
import { bU as ShadowStrategy } from '../index-BzUo1B6n.js';
|
|
2
|
+
export { bV as CollectionFrame, bW as VaultFrame } from '../index-BzUo1B6n.js';
|
|
3
|
+
import '../subject-index-O75wKshW.js';
|
|
4
|
+
import '../describe-aBkJR2sd.js';
|
|
5
|
+
import '../index-B9QdHytu.js';
|
|
8
6
|
import '@noy-db/attestation';
|
|
9
7
|
|
|
10
8
|
/**
|
package/dist/shadow/index.js
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
CollectionFrame,
|
|
3
3
|
VaultFrame
|
|
4
|
-
} from "../chunk-
|
|
5
|
-
import "../chunk-
|
|
4
|
+
} from "../chunk-NF5JWERG.js";
|
|
5
|
+
import "../chunk-ZYUC53LT.js";
|
|
6
|
+
import "../chunk-PZ5AY32C.js";
|
|
6
7
|
|
|
7
|
-
// src/shadow/active.ts
|
|
8
|
+
// src/with-fork/shadow/active.ts
|
|
8
9
|
function withShadow() {
|
|
9
10
|
return {
|
|
10
11
|
buildFrame(vault) {
|
package/dist/shadow/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/shadow/active.ts"],"sourcesContent":["/**\n * Active shadow strategy — the only place `VaultFrame` is constructed.\n * Only reachable through `@noy-db/hub/shadow`.\n */\n\nimport { VaultFrame } from './vault-frame.js'\nimport type { ShadowStrategy } from './strategy.js'\nimport type { Vault } from '
|
|
1
|
+
{"version":3,"sources":["../../src/with-fork/shadow/active.ts"],"sourcesContent":["/**\n * Active shadow strategy — the only place `VaultFrame` is constructed.\n * Only reachable through `@noy-db/hub/shadow`.\n */\n\nimport { VaultFrame } from './vault-frame.js'\nimport type { ShadowStrategy } from './strategy.js'\nimport type { Vault } from '../../kernel/vault.js'\n\nexport function withShadow(): ShadowStrategy {\n return {\n buildFrame(vault) { return new VaultFrame(vault as Vault) },\n }\n}\n"],"mappings":";;;;;;;;AASO,SAAS,aAA6B;AAC3C,SAAO;AAAA,IACL,WAAW,OAAO;AAAE,aAAO,IAAI,WAAW,KAAc;AAAA,IAAE;AAAA,EAC5D;AACF;","names":[]}
|
|
@@ -4,10 +4,11 @@ import {
|
|
|
4
4
|
SIGNER_RECORD_ID,
|
|
5
5
|
loadOrCreateSigner,
|
|
6
6
|
loadSigner
|
|
7
|
-
} from "./chunk-
|
|
8
|
-
import "./chunk-
|
|
9
|
-
import "./chunk-
|
|
10
|
-
import "./chunk-
|
|
7
|
+
} from "./chunk-JNUWZ6D3.js";
|
|
8
|
+
import "./chunk-5O3AOPDT.js";
|
|
9
|
+
import "./chunk-5TDJ56JE.js";
|
|
10
|
+
import "./chunk-ZYUC53LT.js";
|
|
11
|
+
import "./chunk-PZ5AY32C.js";
|
|
11
12
|
export {
|
|
12
13
|
ATTESTATIONS_COLLECTION,
|
|
13
14
|
REVOKED_RECORD_ID,
|
|
@@ -15,4 +16,4 @@ export {
|
|
|
15
16
|
loadOrCreateSigner,
|
|
16
17
|
loadSigner
|
|
17
18
|
};
|
|
18
|
-
//# sourceMappingURL=signer-
|
|
19
|
+
//# sourceMappingURL=signer-PNKTBVF7.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -1,21 +1,26 @@
|
|
|
1
|
-
import {
|
|
2
|
-
export {
|
|
3
|
-
|
|
4
|
-
import '../
|
|
5
|
-
import '../
|
|
6
|
-
import '../strategy-DSTrsZ8t.js';
|
|
7
|
-
import '../strategy-BSxFXGzb.js';
|
|
1
|
+
import { bX as NoydbPodStore, bY as RetentionPolicy, bZ as SnapshotPolicy, b_ as SnapshotStrategy } from '../index-BzUo1B6n.js';
|
|
2
|
+
export { b$ as SnapshotMeta, c0 as SnapshotMode, c1 as SnapshotNotFoundError } from '../index-BzUo1B6n.js';
|
|
3
|
+
import '../subject-index-O75wKshW.js';
|
|
4
|
+
import '../describe-aBkJR2sd.js';
|
|
5
|
+
import '../index-B9QdHytu.js';
|
|
8
6
|
import '@noy-db/attestation';
|
|
9
7
|
|
|
10
8
|
interface WithSnapshotsOptions {
|
|
11
9
|
/** Bundle store where snapshot blobs and the sidecar index are written. */
|
|
12
|
-
store:
|
|
10
|
+
store: NoydbPodStore;
|
|
13
11
|
/**
|
|
14
|
-
* Declarative retention policy. Enforced eagerly after each `snapshot()
|
|
15
|
-
* Defaults to no retention (all snapshots kept forever).
|
|
12
|
+
* Declarative retention policy. Enforced eagerly after each on-demand `snapshot()`.
|
|
13
|
+
* Defaults to no retention (all on-demand snapshots kept forever). Never affects
|
|
14
|
+
* the rolling auto-snapshot.
|
|
16
15
|
*/
|
|
17
16
|
retention?: RetentionPolicy;
|
|
17
|
+
/**
|
|
18
|
+
* Automatic-snapshot cadence. Default `mode:'manual'` ⇒ no timers; snapshots
|
|
19
|
+
* stay on-demand. Set `mode:'debounce'`/`'interval'` to enable auto-snapshots
|
|
20
|
+
* to the rolling `<vault>__auto` key.
|
|
21
|
+
*/
|
|
22
|
+
snapshotPolicy?: SnapshotPolicy;
|
|
18
23
|
}
|
|
19
24
|
declare function withSnapshots(opts: WithSnapshotsOptions): SnapshotStrategy;
|
|
20
25
|
|
|
21
|
-
export { RetentionPolicy, SnapshotStrategy, type WithSnapshotsOptions, withSnapshots };
|
|
26
|
+
export { RetentionPolicy, SnapshotPolicy, SnapshotStrategy, type WithSnapshotsOptions, withSnapshots };
|
package/dist/snapshots/index.js
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
import {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
} from "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
2
|
+
readPod,
|
|
3
|
+
writePod
|
|
4
|
+
} from "../chunk-FISN7WE4.js";
|
|
5
|
+
import "../chunk-SMXWYP24.js";
|
|
6
|
+
import "../chunk-5O3AOPDT.js";
|
|
7
|
+
import "../chunk-5TDJ56JE.js";
|
|
7
8
|
import {
|
|
8
9
|
SnapshotNotFoundError
|
|
9
|
-
} from "../chunk-
|
|
10
|
+
} from "../chunk-ZYUC53LT.js";
|
|
11
|
+
import "../chunk-PZ5AY32C.js";
|
|
10
12
|
|
|
11
|
-
// src/snapshots/engine.ts
|
|
13
|
+
// src/with-fork/snapshots/engine.ts
|
|
12
14
|
var SnapshotEngine = class {
|
|
13
15
|
constructor(store, retention) {
|
|
14
16
|
this.store = store;
|
|
@@ -22,6 +24,9 @@ var SnapshotEngine = class {
|
|
|
22
24
|
snapKey(vaultName, n) {
|
|
23
25
|
return `${vaultName}__snap_${n.toString().padStart(6, "0")}`;
|
|
24
26
|
}
|
|
27
|
+
autoKey(vaultName) {
|
|
28
|
+
return `${vaultName}__auto`;
|
|
29
|
+
}
|
|
25
30
|
async readIndex(vaultName) {
|
|
26
31
|
const result = await this.store.readBundle(this.indexKey(vaultName));
|
|
27
32
|
if (!result) return { index: { snapshots: [], nextCounter: 1 }, indexVersion: null };
|
|
@@ -33,7 +38,7 @@ var SnapshotEngine = class {
|
|
|
33
38
|
await this.store.writeBundle(this.indexKey(vaultName), bytes, expectedVersion);
|
|
34
39
|
}
|
|
35
40
|
async snapshot(vault, by, opts) {
|
|
36
|
-
const bytes = await
|
|
41
|
+
const bytes = await writePod(vault, {});
|
|
37
42
|
const { index, indexVersion } = await this.readIndex(vault.name);
|
|
38
43
|
const key = this.snapKey(vault.name, index.nextCounter);
|
|
39
44
|
await this.store.writeBundle(key, bytes, null);
|
|
@@ -48,7 +53,9 @@ var SnapshotEngine = class {
|
|
|
48
53
|
};
|
|
49
54
|
const newIndex = {
|
|
50
55
|
snapshots: [...index.snapshots, meta],
|
|
51
|
-
nextCounter: index.nextCounter + 1
|
|
56
|
+
nextCounter: index.nextCounter + 1,
|
|
57
|
+
// Preserve the rolling auto slot — on-demand snapshots never touch it.
|
|
58
|
+
...index.auto ? { auto: index.auto } : {}
|
|
52
59
|
};
|
|
53
60
|
const toDelete = this.applyRetention(newIndex);
|
|
54
61
|
await this.writeIndex(vault.name, newIndex, indexVersion);
|
|
@@ -57,15 +64,40 @@ var SnapshotEngine = class {
|
|
|
57
64
|
}
|
|
58
65
|
return meta;
|
|
59
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Rolling auto-snapshot. Overwrites the single fixed `<vault>__auto` key and
|
|
69
|
+
* stores its meta in `index.auto`, separate from the immutable `snapshots`
|
|
70
|
+
* pool — retention never prunes it. Used by the cadence scheduler.
|
|
71
|
+
*/
|
|
72
|
+
async autoSnapshot(vault, by, opts) {
|
|
73
|
+
const bytes = await writePod(vault, {});
|
|
74
|
+
const { index, indexVersion } = await this.readIndex(vault.name);
|
|
75
|
+
const key = this.autoKey(vault.name);
|
|
76
|
+
await this.store.writeBundle(key, bytes, null);
|
|
77
|
+
const meta = {
|
|
78
|
+
version: key,
|
|
79
|
+
label: opts?.label ?? "auto",
|
|
80
|
+
...opts?.note !== void 0 ? { note: opts.note } : {},
|
|
81
|
+
exportedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
82
|
+
exportedBy: by,
|
|
83
|
+
size: bytes.length,
|
|
84
|
+
integrity: "verified",
|
|
85
|
+
auto: true
|
|
86
|
+
};
|
|
87
|
+
index.auto = meta;
|
|
88
|
+
await this.writeIndex(vault.name, index, indexVersion);
|
|
89
|
+
return meta;
|
|
90
|
+
}
|
|
60
91
|
async listSnapshots(vaultId) {
|
|
61
92
|
const { index } = await this.readIndex(vaultId);
|
|
62
|
-
|
|
93
|
+
const immutable = [...index.snapshots].reverse();
|
|
94
|
+
return index.auto ? [index.auto, ...immutable] : immutable;
|
|
63
95
|
}
|
|
64
96
|
async restoreSnapshot(vault, version) {
|
|
65
97
|
if (!version.startsWith(`${vault.name}__`)) throw new SnapshotNotFoundError(version);
|
|
66
98
|
const result = await this.store.readBundle(version);
|
|
67
99
|
if (!result) throw new SnapshotNotFoundError(version);
|
|
68
|
-
const { dumpJson } = await
|
|
100
|
+
const { dumpJson } = await readPod(result.bytes);
|
|
69
101
|
await vault.load(dumpJson);
|
|
70
102
|
}
|
|
71
103
|
/**
|
|
@@ -96,7 +128,7 @@ var SnapshotEngine = class {
|
|
|
96
128
|
}
|
|
97
129
|
};
|
|
98
130
|
|
|
99
|
-
// src/snapshots/active.ts
|
|
131
|
+
// src/with-fork/snapshots/active.ts
|
|
100
132
|
function withSnapshots(opts) {
|
|
101
133
|
const engine = new SnapshotEngine(opts.store, opts.retention ?? {});
|
|
102
134
|
return {
|
|
@@ -108,7 +140,11 @@ function withSnapshots(opts) {
|
|
|
108
140
|
},
|
|
109
141
|
restoreSnapshot(vault, version) {
|
|
110
142
|
return engine.restoreSnapshot(vault, version);
|
|
111
|
-
}
|
|
143
|
+
},
|
|
144
|
+
autoSnapshot(vault, by, snapOpts) {
|
|
145
|
+
return engine.autoSnapshot(vault, by, snapOpts);
|
|
146
|
+
},
|
|
147
|
+
...opts.snapshotPolicy ? { policy: opts.snapshotPolicy } : {}
|
|
112
148
|
};
|
|
113
149
|
}
|
|
114
150
|
export {
|