@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (541) hide show
  1. package/README.md +129 -3
  2. package/dist/adapter/index.d.ts +5 -0
  3. package/dist/adapter/index.js +15 -0
  4. package/dist/aggregate/index.d.ts +6 -2
  5. package/dist/aggregate/index.js +24 -16
  6. package/dist/aggregate/index.js.map +1 -1
  7. package/dist/api-RW3KP7WU.js +14 -0
  8. package/dist/as/index.d.ts +7 -0
  9. package/dist/as/index.js +24 -0
  10. package/dist/at/index.d.ts +5 -0
  11. package/dist/at/index.js +1 -0
  12. package/dist/attestation/index.d.ts +15 -47
  13. package/dist/attestation/index.js +54 -10
  14. package/dist/attestation/index.js.map +1 -1
  15. package/dist/backup-XV3IOEGB.js +217 -0
  16. package/dist/backup-XV3IOEGB.js.map +1 -0
  17. package/dist/blobs/index.d.ts +6 -8
  18. package/dist/blobs/index.js +19 -12
  19. package/dist/blobs/index.js.map +1 -1
  20. package/dist/bundle/index.d.ts +16 -70
  21. package/dist/bundle/index.js +39 -476
  22. package/dist/bundle/index.js.map +1 -1
  23. package/dist/{ulid-CJ8RzRrm.d.ts → bundle-CH-H06dp.d.ts} +31 -86
  24. package/dist/by/index.d.ts +1 -0
  25. package/dist/by/index.js +11 -0
  26. package/dist/cargo/index.d.ts +9 -0
  27. package/dist/cargo/index.js +89 -0
  28. package/dist/chunk-26LGBE4T.js +42 -0
  29. package/dist/chunk-26LGBE4T.js.map +1 -0
  30. package/dist/chunk-2P2HZEXU.js +233 -0
  31. package/dist/chunk-2P2HZEXU.js.map +1 -0
  32. package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
  33. package/dist/chunk-3YFXJ3ZP.js.map +1 -0
  34. package/dist/chunk-4Q6HSHHL.js +90 -0
  35. package/dist/chunk-4Q6HSHHL.js.map +1 -0
  36. package/dist/chunk-5LUY7UTV.js +380 -0
  37. package/dist/chunk-5LUY7UTV.js.map +1 -0
  38. package/dist/chunk-5N6CZTCY.js +367 -0
  39. package/dist/chunk-5N6CZTCY.js.map +1 -0
  40. package/dist/chunk-5O3AOPDT.js +992 -0
  41. package/dist/chunk-5O3AOPDT.js.map +1 -0
  42. package/dist/chunk-5R3ERCDH.js +239 -0
  43. package/dist/chunk-5R3ERCDH.js.map +1 -0
  44. package/dist/{chunk-6CME4UEK.js → chunk-5R5JW2JT.js} +7000 -4827
  45. package/dist/chunk-5R5JW2JT.js.map +1 -0
  46. package/dist/chunk-5TDJ56JE.js +32 -0
  47. package/dist/chunk-5TDJ56JE.js.map +1 -0
  48. package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
  49. package/dist/chunk-62QYRORB.js.map +1 -0
  50. package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
  51. package/dist/chunk-6S7T6WC4.js.map +1 -0
  52. package/dist/chunk-76722EBH.js +451 -0
  53. package/dist/chunk-76722EBH.js.map +1 -0
  54. package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
  55. package/dist/chunk-AIWULCUO.js.map +1 -0
  56. package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
  57. package/dist/chunk-AQTBSL7R.js.map +1 -0
  58. package/dist/chunk-AURFOK3D.js +35 -0
  59. package/dist/chunk-AURFOK3D.js.map +1 -0
  60. package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
  61. package/dist/chunk-AXRXJTE2.js.map +1 -0
  62. package/dist/chunk-AZAOEIKW.js +155 -0
  63. package/dist/chunk-AZAOEIKW.js.map +1 -0
  64. package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
  65. package/dist/chunk-BG3SPSR4.js.map +1 -0
  66. package/dist/chunk-BGIZAFY7.js +1 -0
  67. package/dist/chunk-CHFZDSE4.js +1 -0
  68. package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
  69. package/dist/chunk-CMGR4ZEW.js.map +1 -0
  70. package/dist/chunk-CWPPNPOH.js +23 -0
  71. package/dist/chunk-CWPPNPOH.js.map +1 -0
  72. package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
  73. package/dist/chunk-DFEMTNPJ.js.map +1 -0
  74. package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
  75. package/dist/chunk-DGDI2D4M.js.map +1 -0
  76. package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
  77. package/dist/chunk-EIZUR2XW.js.map +1 -0
  78. package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
  79. package/dist/chunk-FISN7WE4.js.map +1 -0
  80. package/dist/chunk-GHVIKOHT.js +1 -0
  81. package/dist/chunk-GYGWYIOZ.js +200 -0
  82. package/dist/chunk-GYGWYIOZ.js.map +1 -0
  83. package/dist/chunk-HCIPRAGS.js +45 -0
  84. package/dist/chunk-HCIPRAGS.js.map +1 -0
  85. package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
  86. package/dist/chunk-I2NOIW44.js.map +1 -0
  87. package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
  88. package/dist/chunk-I3TIKTJO.js.map +1 -0
  89. package/dist/chunk-I7FD46FF.js +9 -0
  90. package/dist/chunk-I7FD46FF.js.map +1 -0
  91. package/dist/chunk-IAGBDSCS.js +40 -0
  92. package/dist/chunk-IAGBDSCS.js.map +1 -0
  93. package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
  94. package/dist/chunk-IELYAOGG.js.map +1 -0
  95. package/dist/chunk-IGUYVGGI.js +205 -0
  96. package/dist/chunk-IGUYVGGI.js.map +1 -0
  97. package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
  98. package/dist/chunk-IO6GRPT6.js.map +1 -0
  99. package/dist/chunk-IPB7FTQX.js +273 -0
  100. package/dist/chunk-IPB7FTQX.js.map +1 -0
  101. package/dist/chunk-ITNUCOXM.js +148 -0
  102. package/dist/chunk-ITNUCOXM.js.map +1 -0
  103. package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
  104. package/dist/chunk-IUEN57TV.js.map +1 -0
  105. package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
  106. package/dist/chunk-JNUWZ6D3.js.map +1 -0
  107. package/dist/chunk-K2WCO3NX.js +1 -0
  108. package/dist/chunk-KVOXU4T5.js +30 -0
  109. package/dist/chunk-KVOXU4T5.js.map +1 -0
  110. package/dist/chunk-KXGNJJXB.js +135 -0
  111. package/dist/chunk-KXGNJJXB.js.map +1 -0
  112. package/dist/chunk-LB7FD65R.js +163 -0
  113. package/dist/chunk-LB7FD65R.js.map +1 -0
  114. package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
  115. package/dist/chunk-LFLXAY2W.js.map +1 -0
  116. package/dist/chunk-LMTH2RM6.js +129 -0
  117. package/dist/chunk-LMTH2RM6.js.map +1 -0
  118. package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
  119. package/dist/chunk-LV7M27WM.js.map +1 -0
  120. package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
  121. package/dist/chunk-LXQT4WMP.js.map +1 -0
  122. package/dist/chunk-M2YKN37S.js +524 -0
  123. package/dist/chunk-M2YKN37S.js.map +1 -0
  124. package/dist/chunk-M6OST55S.js +14 -0
  125. package/dist/chunk-M6OST55S.js.map +1 -0
  126. package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
  127. package/dist/chunk-MD3Y6J3L.js.map +1 -0
  128. package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
  129. package/dist/chunk-MTMJVJ5W.js.map +1 -0
  130. package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
  131. package/dist/chunk-NF5JWERG.js.map +1 -0
  132. package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
  133. package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
  134. package/dist/chunk-PSMV73A5.js +117 -0
  135. package/dist/chunk-PSMV73A5.js.map +1 -0
  136. package/dist/chunk-PY4KJPYU.js +9 -0
  137. package/dist/chunk-PY4KJPYU.js.map +1 -0
  138. package/dist/chunk-PZ5AY32C.js +10 -0
  139. package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
  140. package/dist/chunk-Q7SS3IME.js.map +1 -0
  141. package/dist/chunk-QHJW5EXU.js +54 -0
  142. package/dist/chunk-QHJW5EXU.js.map +1 -0
  143. package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
  144. package/dist/chunk-RUEKROOS.js.map +1 -0
  145. package/dist/chunk-RUIMKQTA.js +23 -0
  146. package/dist/chunk-RUIMKQTA.js.map +1 -0
  147. package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
  148. package/dist/chunk-SKF73JOP.js.map +1 -0
  149. package/dist/chunk-SM3AVUHC.js +42 -0
  150. package/dist/chunk-SM3AVUHC.js.map +1 -0
  151. package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
  152. package/dist/chunk-SMXWYP24.js.map +1 -0
  153. package/dist/chunk-SRB2XEWB.js +148 -0
  154. package/dist/chunk-SRB2XEWB.js.map +1 -0
  155. package/dist/chunk-SVLR4POP.js +64 -0
  156. package/dist/chunk-SVLR4POP.js.map +1 -0
  157. package/dist/chunk-TA66UMI4.js +123 -0
  158. package/dist/chunk-TA66UMI4.js.map +1 -0
  159. package/dist/chunk-TEILUWOI.js +664 -0
  160. package/dist/chunk-TEILUWOI.js.map +1 -0
  161. package/dist/chunk-TJYQIGAP.js +82 -0
  162. package/dist/chunk-TJYQIGAP.js.map +1 -0
  163. package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
  164. package/dist/chunk-UAG5KWVA.js.map +1 -0
  165. package/dist/chunk-UDRIWL7A.js +382 -0
  166. package/dist/chunk-UDRIWL7A.js.map +1 -0
  167. package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
  168. package/dist/chunk-UIU2THRG.js.map +1 -0
  169. package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
  170. package/dist/chunk-UPJNJGGA.js.map +1 -0
  171. package/dist/chunk-UV5MFVO3.js +21 -0
  172. package/dist/chunk-UV5MFVO3.js.map +1 -0
  173. package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
  174. package/dist/chunk-V7RWQRG7.js.map +1 -0
  175. package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
  176. package/dist/chunk-VCTFO5CO.js.map +1 -0
  177. package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
  178. package/dist/chunk-VFQGRQIH.js.map +1 -0
  179. package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
  180. package/dist/chunk-VQNJ7UZL.js.map +1 -0
  181. package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
  182. package/dist/chunk-WWGT2MDV.js.map +1 -0
  183. package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
  184. package/dist/chunk-WXSYDNBT.js.map +1 -0
  185. package/dist/chunk-WYSO2NIH.js +30 -0
  186. package/dist/chunk-WYSO2NIH.js.map +1 -0
  187. package/dist/chunk-XXYIOFUB.js +164 -0
  188. package/dist/chunk-XXYIOFUB.js.map +1 -0
  189. package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
  190. package/dist/chunk-Y22T3KQE.js.map +1 -0
  191. package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
  192. package/dist/chunk-YMUGBZN2.js.map +1 -0
  193. package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
  194. package/dist/chunk-ZCGAHGUS.js.map +1 -0
  195. package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
  196. package/dist/chunk-ZJADGNYF.js.map +1 -0
  197. package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
  198. package/dist/chunk-ZYUC53LT.js.map +1 -0
  199. package/dist/collection-facade-GQAOGJP2.js +33 -0
  200. package/dist/consent/index.d.ts +5 -7
  201. package/dist/consent/index.js +7 -5
  202. package/dist/consent/index.js.map +1 -1
  203. package/dist/crdt/index.d.ts +6 -2
  204. package/dist/crdt/index.js +3 -2
  205. package/dist/crdt/index.js.map +1 -1
  206. package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
  207. package/dist/delegation-UL5HKLER.js +19 -0
  208. package/dist/derivations/index.d.ts +7 -9
  209. package/dist/derivations/index.js +11 -6
  210. package/dist/describe/index.d.ts +1 -0
  211. package/dist/describe/index.js +1 -0
  212. package/dist/describe-aBkJR2sd.d.ts +131 -0
  213. package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-C9Ro3v_O.d.ts} +1 -1
  214. package/dist/discriminant-BN9REW3o.d.ts +60 -0
  215. package/dist/enclave-UL5LW66V.js +88 -0
  216. package/dist/executor-2FWQRLMG.js +15 -0
  217. package/dist/executor-QZ7BXICW.js +9 -0
  218. package/dist/executor-Z5ZLJVTV.js +9 -0
  219. package/dist/export-accessible-KRV5W4GH.js +17 -0
  220. package/dist/extract-partition-GLKBOXFQ.js +30 -0
  221. package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
  222. package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
  223. package/dist/forget/index.d.ts +36 -0
  224. package/dist/forget/index.js +19 -0
  225. package/dist/forget/index.js.map +1 -0
  226. package/dist/guards/index.d.ts +13 -9
  227. package/dist/guards/index.js +12 -5
  228. package/dist/{hash-DdpVypUp.d.cts → hash-Cp5uwiox.d.ts} +5 -1
  229. package/dist/history/index.d.ts +6 -8
  230. package/dist/history/index.js +19 -12
  231. package/dist/history/index.js.map +1 -1
  232. package/dist/i18n/index.d.ts +5 -7
  233. package/dist/i18n/index.js +104 -15
  234. package/dist/i18n/index.js.map +1 -1
  235. package/dist/in/index.d.ts +5 -0
  236. package/dist/in/index.js +1 -0
  237. package/dist/in/index.js.map +1 -0
  238. package/dist/index-B9QdHytu.d.ts +123 -0
  239. package/dist/index-BF9_96A5.d.ts +123 -0
  240. package/dist/{types-Df28QFKb.d.ts → index-BzUo1B6n.d.ts} +16270 -8358
  241. package/dist/index.d.ts +1088 -450
  242. package/dist/index.js +1165 -293
  243. package/dist/index.js.map +1 -1
  244. package/dist/indexing/index.d.ts +6 -3
  245. package/dist/indexing/index.js +6 -5
  246. package/dist/indexing/index.js.map +1 -1
  247. package/dist/issue-Y6UVIR43.js +13 -0
  248. package/dist/issue-Y6UVIR43.js.map +1 -0
  249. package/dist/kernel/index.d.ts +32 -0
  250. package/dist/kernel/index.js +53 -0
  251. package/dist/kernel/index.js.map +1 -0
  252. package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
  253. package/dist/ledger-RYI35CDS.js.map +1 -0
  254. package/dist/liberate-CRPZEV7O.js +18 -0
  255. package/dist/liberate-CRPZEV7O.js.map +1 -0
  256. package/dist/materialized-views/index.d.ts +6 -19
  257. package/dist/materialized-views/index.js +16 -12
  258. package/dist/mime-magic-CGhw37_E.d.ts +103 -0
  259. package/dist/noydb-367AM4HT.js +50 -0
  260. package/dist/noydb-367AM4HT.js.map +1 -0
  261. package/dist/on/index.d.ts +5 -0
  262. package/dist/on/index.js +11 -0
  263. package/dist/on/index.js.map +1 -0
  264. package/dist/overlay-views/index.d.ts +27 -11
  265. package/dist/overlay-views/index.js +7 -6
  266. package/dist/periods/index.d.ts +5 -7
  267. package/dist/periods/index.js +13 -9
  268. package/dist/pod/index.d.ts +63 -0
  269. package/dist/pod/index.js +61 -0
  270. package/dist/pod/index.js.map +1 -0
  271. package/dist/policy-IXK4FVXP.js +41 -0
  272. package/dist/policy-IXK4FVXP.js.map +1 -0
  273. package/dist/portability/index.d.ts +20 -0
  274. package/dist/portability/index.js +43 -0
  275. package/dist/portability/index.js.map +1 -0
  276. package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
  277. package/dist/public-envelope-JHDQCPSX.js.map +1 -0
  278. package/dist/query/index.d.ts +5 -3
  279. package/dist/query/index.js +21 -13
  280. package/dist/read-only-facade-5ADRJVTM.js +8 -0
  281. package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
  282. package/dist/registry-45RJNWGU.js +9 -0
  283. package/dist/registry-45RJNWGU.js.map +1 -0
  284. package/dist/registry-5GRV5VXI.js +13 -0
  285. package/dist/registry-5GRV5VXI.js.map +1 -0
  286. package/dist/registry-VW6P6A3J.js +8 -0
  287. package/dist/registry-VW6P6A3J.js.map +1 -0
  288. package/dist/registry-WEUCHBO4.js +11 -0
  289. package/dist/registry-WEUCHBO4.js.map +1 -0
  290. package/dist/request-withdrawal-GBPH2FDY.js +25 -0
  291. package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
  292. package/dist/revoke-TUFRGI6S.js +18 -0
  293. package/dist/revoke-TUFRGI6S.js.map +1 -0
  294. package/dist/sealed-record/index.d.ts +69 -0
  295. package/dist/sealed-record/index.js +65 -0
  296. package/dist/sealed-record/index.js.map +1 -0
  297. package/dist/session/index.d.ts +6 -8
  298. package/dist/session/index.js +7 -5
  299. package/dist/session/index.js.map +1 -1
  300. package/dist/shadow/index.d.ts +5 -7
  301. package/dist/shadow/index.js +4 -3
  302. package/dist/shadow/index.js.map +1 -1
  303. package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
  304. package/dist/signer-PNKTBVF7.js.map +1 -0
  305. package/dist/snapshots/index.d.ts +6 -8
  306. package/dist/snapshots/index.js +13 -11
  307. package/dist/snapshots/index.js.map +1 -1
  308. package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
  309. package/dist/stale-3JWHNDIY.js.map +1 -0
  310. package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
  311. package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
  312. package/dist/subject-index-O75wKshW.d.ts +362 -0
  313. package/dist/sync/index.d.ts +4 -6
  314. package/dist/sync/index.js +7 -6
  315. package/dist/sync/index.js.map +1 -1
  316. package/dist/team/index.d.ts +5 -7
  317. package/dist/team/index.js +20 -16
  318. package/dist/tiers/index.d.ts +5 -0
  319. package/dist/tiers/index.js +33 -0
  320. package/dist/tiers/index.js.map +1 -0
  321. package/dist/to/index.d.ts +5 -0
  322. package/dist/to/index.js +17 -0
  323. package/dist/to/index.js.map +1 -0
  324. package/dist/transition-guard-C7ol6oPw.d.ts +165 -0
  325. package/dist/tx/index.d.ts +23 -9
  326. package/dist/tx/index.js +13 -8
  327. package/dist/tx/index.js.map +1 -1
  328. package/dist/ui/index.d.ts +1 -0
  329. package/dist/ui/index.js +1 -0
  330. package/dist/ui/index.js.map +1 -0
  331. package/dist/ulid-DRH25k3y.d.ts +66 -0
  332. package/dist/ulid-PTAIMDG4.js +10 -0
  333. package/dist/ulid-PTAIMDG4.js.map +1 -0
  334. package/dist/util/index.d.ts +2 -0
  335. package/dist/util/index.js +7 -2
  336. package/dist/util/index.js.map +1 -1
  337. package/dist/vault-diff-B5fYNBL7.d.ts +147 -0
  338. package/dist/with/index.d.ts +38 -0
  339. package/dist/with/index.js +25 -0
  340. package/dist/with/index.js.map +1 -0
  341. package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-6p0Fk8bL.d.ts} +1 -1
  342. package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-BJ6mXGMd.d.ts} +2 -3
  343. package/dist/with-rollup-BvQo3ROo.d.ts +47 -0
  344. package/dist/withdraw-accessible-FFS46EOD.js +22 -0
  345. package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
  346. package/dist/zod-HAJM7LMS.js +14763 -0
  347. package/dist/zod-HAJM7LMS.js.map +1 -0
  348. package/package.json +121 -201
  349. package/dist/aggregate/index.cjs.map +0 -1
  350. package/dist/aggregate/index.d.cts +0 -38
  351. package/dist/attestation/index.cjs +0 -305
  352. package/dist/attestation/index.cjs.map +0 -1
  353. package/dist/attestation/index.d.cts +0 -52
  354. package/dist/blobs/index.cjs +0 -1480
  355. package/dist/blobs/index.cjs.map +0 -1
  356. package/dist/blobs/index.d.cts +0 -46
  357. package/dist/bundle/index.cjs +0 -19264
  358. package/dist/bundle/index.cjs.map +0 -1
  359. package/dist/bundle/index.d.cts +0 -176
  360. package/dist/chunk-22DWZL57.js.map +0 -1
  361. package/dist/chunk-2GLDA55J.js.map +0 -1
  362. package/dist/chunk-2QR2PQTT.js.map +0 -1
  363. package/dist/chunk-2WUSG3IT.js.map +0 -1
  364. package/dist/chunk-3BFJOWSU.js.map +0 -1
  365. package/dist/chunk-3YPCK6JX.js.map +0 -1
  366. package/dist/chunk-53XBRIRT.js.map +0 -1
  367. package/dist/chunk-5T22KDPN.js.map +0 -1
  368. package/dist/chunk-5XHKQ56N.js +0 -340
  369. package/dist/chunk-5XHKQ56N.js.map +0 -1
  370. package/dist/chunk-6CME4UEK.js.map +0 -1
  371. package/dist/chunk-6STK5TQP.js +0 -139
  372. package/dist/chunk-6STK5TQP.js.map +0 -1
  373. package/dist/chunk-A3JMGXPG.js.map +0 -1
  374. package/dist/chunk-B6PB7JLN.js.map +0 -1
  375. package/dist/chunk-BVRYKATC.js.map +0 -1
  376. package/dist/chunk-DE6GKS6G.js.map +0 -1
  377. package/dist/chunk-DFMLEQZB.js.map +0 -1
  378. package/dist/chunk-DJHHA6XH.js.map +0 -1
  379. package/dist/chunk-DL3HWOQ5.js.map +0 -1
  380. package/dist/chunk-DONMZAD2.js.map +0 -1
  381. package/dist/chunk-EMIGCR7X.js.map +0 -1
  382. package/dist/chunk-F3GDRNUT.js.map +0 -1
  383. package/dist/chunk-FZU343FL.js.map +0 -1
  384. package/dist/chunk-H2X3ISXG.js.map +0 -1
  385. package/dist/chunk-HNRHLRDC.js.map +0 -1
  386. package/dist/chunk-I5FOWO4J.js.map +0 -1
  387. package/dist/chunk-J66GRPNH.js.map +0 -1
  388. package/dist/chunk-JWRVQKRZ.js.map +0 -1
  389. package/dist/chunk-K3DK3NU5.js.map +0 -1
  390. package/dist/chunk-ML236QKC.js.map +0 -1
  391. package/dist/chunk-NONAAENK.js.map +0 -1
  392. package/dist/chunk-O3VZPBZG.js.map +0 -1
  393. package/dist/chunk-OIF6LZUR.js.map +0 -1
  394. package/dist/chunk-OQ6PIGHA.js +0 -19
  395. package/dist/chunk-OQ6PIGHA.js.map +0 -1
  396. package/dist/chunk-PE2FR4J3.js.map +0 -1
  397. package/dist/chunk-PP6W64Y3.js +0 -275
  398. package/dist/chunk-PP6W64Y3.js.map +0 -1
  399. package/dist/chunk-PX35GA7L.js.map +0 -1
  400. package/dist/chunk-QEILDE6R.js +0 -793
  401. package/dist/chunk-QEILDE6R.js.map +0 -1
  402. package/dist/chunk-QODLLGQ7.js.map +0 -1
  403. package/dist/chunk-RAZ4OVLL.js +0 -51
  404. package/dist/chunk-RAZ4OVLL.js.map +0 -1
  405. package/dist/chunk-SYMWGEET.js.map +0 -1
  406. package/dist/chunk-T7JEBOGN.js.map +0 -1
  407. package/dist/chunk-TFBP23BX.js.map +0 -1
  408. package/dist/chunk-TV3YZ35S.js +0 -90
  409. package/dist/chunk-TV3YZ35S.js.map +0 -1
  410. package/dist/chunk-U26HQ6KJ.js.map +0 -1
  411. package/dist/chunk-UF3BUNQZ.js +0 -1
  412. package/dist/chunk-UMLVJTYV.js +0 -20
  413. package/dist/chunk-UMLVJTYV.js.map +0 -1
  414. package/dist/chunk-VTKGMEPP.js.map +0 -1
  415. package/dist/chunk-W6EQLGMB.js +0 -100
  416. package/dist/chunk-W6EQLGMB.js.map +0 -1
  417. package/dist/chunk-WIRRPTFH.js +0 -17
  418. package/dist/chunk-WIRRPTFH.js.map +0 -1
  419. package/dist/chunk-WPLVTJ5D.js.map +0 -1
  420. package/dist/chunk-XJFLDA7A.js.map +0 -1
  421. package/dist/chunk-Z6FNBOTC.js.map +0 -1
  422. package/dist/chunk-ZYWZWG6G.js.map +0 -1
  423. package/dist/consent/index.cjs +0 -204
  424. package/dist/consent/index.cjs.map +0 -1
  425. package/dist/consent/index.d.cts +0 -25
  426. package/dist/crdt/index.cjs +0 -152
  427. package/dist/crdt/index.cjs.map +0 -1
  428. package/dist/crdt/index.d.cts +0 -30
  429. package/dist/crypto-HTZ4FJOP.js +0 -44
  430. package/dist/delegation-RI54P6I5.js +0 -17
  431. package/dist/derivations/index.cjs +0 -351
  432. package/dist/derivations/index.cjs.map +0 -1
  433. package/dist/derivations/index.d.cts +0 -72
  434. package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
  435. package/dist/executor-5PNY7LGW.js +0 -8
  436. package/dist/executor-B4QIYGZX.js +0 -8
  437. package/dist/executor-BWXXDQ7K.js +0 -11
  438. package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
  439. package/dist/guards/index.cjs +0 -322
  440. package/dist/guards/index.cjs.map +0 -1
  441. package/dist/guards/index.d.cts +0 -31
  442. package/dist/hash-HJqD14vS.d.ts +0 -63
  443. package/dist/history/index.cjs +0 -1222
  444. package/dist/history/index.cjs.map +0 -1
  445. package/dist/history/index.d.cts +0 -63
  446. package/dist/i18n/index.cjs +0 -1100
  447. package/dist/i18n/index.cjs.map +0 -1
  448. package/dist/i18n/index.d.cts +0 -39
  449. package/dist/index-4fBVt8j9.d.cts +0 -2387
  450. package/dist/index-D8I_pyJD.d.ts +0 -2387
  451. package/dist/index.cjs +0 -24487
  452. package/dist/index.cjs.map +0 -1
  453. package/dist/index.d.cts +0 -776
  454. package/dist/indexing/index.cjs +0 -742
  455. package/dist/indexing/index.cjs.map +0 -1
  456. package/dist/indexing/index.d.cts +0 -36
  457. package/dist/issue-VGDPP4B5.js +0 -12
  458. package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
  459. package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
  460. package/dist/materialized-views/index.cjs +0 -854
  461. package/dist/materialized-views/index.cjs.map +0 -1
  462. package/dist/materialized-views/index.d.cts +0 -186
  463. package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
  464. package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
  465. package/dist/noydb-G725ZSZG.js +0 -34
  466. package/dist/overlay-views/index.cjs +0 -359
  467. package/dist/overlay-views/index.cjs.map +0 -1
  468. package/dist/overlay-views/index.d.cts +0 -82
  469. package/dist/periods/index.cjs +0 -1041
  470. package/dist/periods/index.cjs.map +0 -1
  471. package/dist/periods/index.d.cts +0 -22
  472. package/dist/predicate-BSAGEyu5.d.cts +0 -209
  473. package/dist/predicate-BSAGEyu5.d.ts +0 -209
  474. package/dist/query/index.cjs +0 -2375
  475. package/dist/query/index.cjs.map +0 -1
  476. package/dist/query/index.d.cts +0 -3
  477. package/dist/read-only-facade-ITU6L7BL.js +0 -7
  478. package/dist/registry-3QP3YKQS.js +0 -8
  479. package/dist/registry-DKEXOJVO.js +0 -7
  480. package/dist/registry-OJIOSBV6.js +0 -10
  481. package/dist/registry-USRVT6YF.js +0 -8
  482. package/dist/revoke-JCC7N56X.js +0 -17
  483. package/dist/session/index.cjs +0 -495
  484. package/dist/session/index.cjs.map +0 -1
  485. package/dist/session/index.d.cts +0 -46
  486. package/dist/shadow/index.cjs +0 -133
  487. package/dist/shadow/index.cjs.map +0 -1
  488. package/dist/shadow/index.d.cts +0 -17
  489. package/dist/snapshots/index.cjs +0 -937
  490. package/dist/snapshots/index.cjs.map +0 -1
  491. package/dist/snapshots/index.d.cts +0 -28
  492. package/dist/store/index.cjs +0 -1083
  493. package/dist/store/index.cjs.map +0 -1
  494. package/dist/store/index.d.cts +0 -492
  495. package/dist/store/index.d.ts +0 -492
  496. package/dist/store/index.js +0 -37
  497. package/dist/strategy-BSxFXGzb.d.cts +0 -110
  498. package/dist/strategy-BSxFXGzb.d.ts +0 -110
  499. package/dist/strategy-DSTrsZ8t.d.cts +0 -601
  500. package/dist/strategy-DSTrsZ8t.d.ts +0 -601
  501. package/dist/sync/index.cjs +0 -1062
  502. package/dist/sync/index.cjs.map +0 -1
  503. package/dist/sync/index.d.cts +0 -43
  504. package/dist/team/index.cjs +0 -2798
  505. package/dist/team/index.cjs.map +0 -1
  506. package/dist/team/index.d.cts +0 -118
  507. package/dist/tx/index.cjs +0 -544
  508. package/dist/tx/index.cjs.map +0 -1
  509. package/dist/tx/index.d.cts +0 -21
  510. package/dist/types-DyXYr8rE.d.cts +0 -12818
  511. package/dist/ulid-COREQ2RQ.js +0 -9
  512. package/dist/ulid-Drr7ykr6.d.cts +0 -603
  513. package/dist/util/index.cjs +0 -230
  514. package/dist/util/index.cjs.map +0 -1
  515. package/dist/util/index.d.cts +0 -77
  516. package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
  517. package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
  518. package/dist/with-guard-ByyxmEe7.d.cts +0 -18
  519. package/dist/with-guard-qube6BMI.d.ts +0 -18
  520. package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
  521. package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
  522. /package/dist/{store → adapter}/index.js.map +0 -0
  523. /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
  524. /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
  525. /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
  526. /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
  527. /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
  528. /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
  529. /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
  530. /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
  531. /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
  532. /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
  533. /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
  534. /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
  535. /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
  536. /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
  537. /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
  538. /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
  539. /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
  540. /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
  541. /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
@@ -1,9 +0,0 @@
1
- import {
2
- generateULID,
3
- isULID
4
- } from "./chunk-FZU343FL.js";
5
- export {
6
- generateULID,
7
- isULID
8
- };
9
- //# sourceMappingURL=ulid-COREQ2RQ.js.map
@@ -1,603 +0,0 @@
1
- import { br as PublicEnvelope, bs as SealingKeyProvider, bt as BundleRecipient, bu as RecipientSealer, bv as RecipientHint, bw as Vault } from './types-DyXYr8rE.cjs';
2
-
3
- /**
4
- * `.noydb` container format — byte layout, header schema, validators.
5
- *
6
- *. Wraps a `vault.dump()` JSON string in a thin
7
- * binary container with a magic-byte prefix, a minimum-disclosure
8
- * unencrypted header, and a compressed body.
9
- *
10
- * **Byte layout** (read in order from offset 0):
11
- *
12
- * ```
13
- * +--------+--------+--------+--------+
14
- * | N=78 | D=68 | B=66 | 1=49 | Magic 'NDB1' (4 bytes)
15
- * +--------+--------+--------+--------+
16
- * | flags | compr | header_length (uint32 BE) |
17
- * +--------+--------+--------+--------+--------+--------+--------+
18
- * | header_length bytes of UTF-8 JSON header ...
19
- * +--------+--------+
20
- * | compressed body bytes ...
21
- * ```
22
- *
23
- * Total fixed prefix before the header JSON is **10 bytes**:
24
- * - 4 bytes magic
25
- * - 1 byte flags
26
- * - 1 byte compression algorithm
27
- * - 4 bytes header length (uint32 big-endian)
28
- *
29
- * **Why a binary container** at all? `vault.dump()` already
30
- * produces a JSON string with encrypted records inside. Wrapping it
31
- * again seems redundant — but the wrap is what makes the file safe
32
- * to drop into cloud storage (Drive, Dropbox, iCloud) without
33
- * leaking the vault name and exporter identity through the
34
- * cloud's metadata API. The minimum-disclosure header is the only
35
- * thing visible without downloading and decompressing the body.
36
- * The dump JSON inside the body still contains the original
37
- * metadata, but that's only readable by someone who already has the
38
- * file bytes — the same person who could read the encrypted records
39
- * with the right passphrase.
40
- *
41
- * **Why minimum disclosure** in the header? Because consumers will
42
- * inevitably store these in services where the filename, file size,
43
- * and any unencrypted metadata are indexed for search. A field like
44
- * `vault: "Acme Corp"` would let an attacker (or a curious
45
- * cloud admin) enumerate which compartments exist and who exported
46
- * them, even with zero access to the encrypted body. The header
47
- * carries only what's needed to identify the file as a NOYDB
48
- * bundle and verify its integrity — nothing about the contents.
49
- */
50
-
51
- /** Magic bytes 'NDB1' (ASCII), identifying a NOYDB bundle. */
52
- declare const NOYDB_BUNDLE_MAGIC: Uint8Array<ArrayBuffer>;
53
- /** Total fixed prefix before the header JSON: 4+1+1+4 bytes. */
54
- declare const NOYDB_BUNDLE_PREFIX_BYTES = 10;
55
- /** Current bundle format version. Bumped on layout changes. */
56
- declare const NOYDB_BUNDLE_FORMAT_VERSION = 1;
57
- /**
58
- * Bitfield interpretation of the flags byte.
59
- *
60
- * Bit 0 — body is compressed (0 = raw, 1 = compressed)
61
- * Bit 1 — header carries an integrity hash over the body bytes
62
- * Bits 2-7 — reserved, must be 0 in
63
- */
64
- declare const FLAG_COMPRESSED = 1;
65
- declare const FLAG_HAS_INTEGRITY_HASH = 2;
66
- /**
67
- * Compression algorithm encoding for the byte at offset 5.
68
- *
69
- * `none` is admitted for round-trip testing and for callers that
70
- * want to bundle without compression (e.g. when piping into a
71
- * separately compressed transport). `gzip` is the universally
72
- * available baseline (Node 18+, all modern browsers). `brotli` is
73
- * preferred when the runtime supports it — typically 30-50% smaller
74
- * for JSON payloads — but Node 22+ / Chrome 124+ / Firefox 122+
75
- * are required, so the writer feature-detects at runtime and falls
76
- * back to gzip. The reader must handle all three.
77
- */
78
- declare const COMPRESSION_NONE = 0;
79
- declare const COMPRESSION_GZIP = 1;
80
- declare const COMPRESSION_BROTLI = 2;
81
- type CompressionAlgo = 0 | 1 | 2;
82
- /**
83
- * The unencrypted header carried in every `.noydb` bundle.
84
- *
85
- * **Minimum-disclosure rules:** these are the ONLY allowed keys.
86
- * Any other key in a parsed header causes
87
- * `validateBundleHeader` to throw. The set is kept short to
88
- * minimize attack surface from cloud-storage metadata indexing —
89
- * see the file-level doc comment for the rationale.
90
- *
91
- * Forbidden in particular:
92
- * - `vault` / `_compartment` — would leak the tenant name
93
- * - `exporter` / `_exported_by` — would leak user identity
94
- * - `timestamp` / `_exported_at` — would leak activity timing
95
- * - `kdfParams` / salt fields — would leak crypto config that
96
- * could narrow brute-force search space
97
- * - any field starting with `_` (reserved by the dump format)
98
- */
99
- interface NoydbBundleHeader {
100
- /** Bundle format version — bumped on layout changes. */
101
- readonly formatVersion: number;
102
- /**
103
- * Opaque ULID identifier — generated once per vault and
104
- * stable across re-exports of the same vault. Does not
105
- * leak any information about contents (the timestamp prefix is
106
- * just monotonicity for sortability, not exporter activity —
107
- * see `bundle/ulid.ts` for the design notes).
108
- */
109
- readonly handle: string;
110
- /** Compressed body length in bytes. Lets readers verify completeness without decompressing. */
111
- readonly bodyBytes: number;
112
- /** SHA-256 of the compressed body bytes (lowercase hex). Lets readers verify integrity without decompressing. */
113
- readonly bodySha256: string;
114
- /**
115
- * Owner-curated public envelope (`docs/subsystems/public-envelope.md`).
116
- * Optional — present only when the source vault has a
117
- * `_meta/public-envelope` document AND the writer's hub is opted
118
- * into the feature. Treat as **untrusted hint**; the body's
119
- * encrypted contents remain the source of truth.
120
- *
121
- * The envelope deliberately widens the minimum-disclosure rule
122
- * for explicit, owner-curated label fields (name, icon, …). Every
123
- * other unknown header key still rejects at parse time.
124
- */
125
- readonly publicEnvelope?: PublicEnvelope;
126
- /**
127
- * Auto-unlock material indicator. When present, the bundle
128
- * body wraps the dump JSON in a structure carrying per-user
129
- * passphrases — either plaintext (`'unsealed'`, public-by-design)
130
- * or sealed under a `SealingKeyProvider` (`'sealed'`, requires
131
- * matching provider on the recipient side).
132
- *
133
- * Visible pre-decompression so cloud listing UIs can warn before
134
- * download: "this bundle opens itself for anyone holding the file"
135
- * (unsealed) or "this bundle is sealed for a specific provider"
136
- * (sealed).
137
- *
138
- * Absent → the body is a raw `vault.dump()` JSON string (the
139
- * the legacy shape; back-compatible).
140
- */
141
- readonly autoUnlock?: 'unsealed' | 'sealed';
142
- /**
143
- * Bundle's role in the source → destination lifecycle.
144
- * - omitted / 'snapshot' (default): backup/copy of an existing vault.
145
- * - 'extracted-partition': re-keyed projection awaiting adoption.
146
- */
147
- readonly bundleKind?: 'snapshot' | 'extracted-partition';
148
- /**
149
- * Transfer-seal INDICATOR — metadata only, no payload (the
150
- * sealed DEKs live in the body). Present iff
151
- * bundleKind === 'extracted-partition'.
152
- */
153
- readonly transferSeal?: {
154
- readonly v: 1;
155
- readonly alg: 'aes-256-gcm-pre-shared';
156
- readonly sealId: string;
157
- };
158
- }
159
- /**
160
- * Validate a parsed bundle header. Throws on any deviation from
161
- * the minimum-disclosure schema:
162
- *
163
- * - Missing required field
164
- * - Wrong type for any field
165
- * - Any extra key not in `ALLOWED_HEADER_KEYS`
166
- * - Unsupported `formatVersion`
167
- * - Negative or non-integer `bodyBytes`
168
- * - Malformed `handle` (must be 26-char Crockford base32)
169
- * - Malformed `bodySha256` (must be 64-char lowercase hex)
170
- *
171
- * The error messages name the offending field so consumers can
172
- * fix the producer rather than the reader.
173
- */
174
- declare function validateBundleHeader(parsed: unknown): asserts parsed is NoydbBundleHeader;
175
- /**
176
- * Encode a header object to UTF-8 JSON bytes after validating
177
- * minimum disclosure. Used by the writer to serialize the header
178
- * region of the container.
179
- */
180
- declare function encodeBundleHeader(header: NoydbBundleHeader): Uint8Array;
181
- /**
182
- * Verify the magic prefix of a bundle. Returns true if the first
183
- * 4 bytes match `NDB1`. Used by readers as a fast file-type check
184
- * before any further parsing.
185
- */
186
- declare function hasNoydbBundleMagic(bytes: Uint8Array): boolean;
187
-
188
- /**
189
- * `.noydb` container primitives — write, read, header-only read.
190
- *
191
- *. Wraps a `vault.dump()` JSON string in the
192
- * binary container described in `format.ts`.
193
- *
194
- * **Three primitives:**
195
- *
196
- * - `writeNoydbBundle(vault, opts?)` — produces the
197
- * full container bytes ready to write to disk or upload
198
- * - `readNoydbBundleHeader(bytes)` — parses just the header
199
- * without decompressing the body, fast file-type and
200
- * metadata read for cloud listing UIs
201
- * - `readNoydbBundle(bytes)` — full read: validates magic,
202
- * header, integrity hash, and decompresses the body to
203
- * return the original `dump()` JSON string for use with
204
- * `vault.load()`
205
- *
206
- * **Compression strategy:** brotli when available (Node 22+,
207
- * Chrome 124+, Firefox 122+), gzip fallback elsewhere. The
208
- * algorithm choice is encoded in the format byte at offset 5,
209
- * so readers handle either transparently. Brotli wins ~30-50%
210
- * on JSON payloads with repeated keys (which vault dumps
211
- * are).
212
- *
213
- * **Why split read/load?** `readNoydbBundle` returns the
214
- * *unwrapped JSON string*, not a Vault object. The caller
215
- * is responsible for piping that JSON into
216
- * `vault.load(json, passphrase)`. Splitting the layers
217
- * keeps the bundle module free of any crypto/passphrase
218
- * concerns — it's purely a format layer. The same `readNoydbBundle`
219
- * call can also feed verification tools, format inspectors, or
220
- * archive utilities that don't care about decryption.
221
- */
222
-
223
- /**
224
- * The credential kinds that can be bundled for auto-unlock.
225
- * WebAuthn is intentionally excluded — it is hardware-bound and
226
- * cannot be embedded as a portable credential.
227
- */
228
- type AutoCredentialKind = 'passphrase' | 'password' | 'pin';
229
- /**
230
- * A typed credential for auto-unlock. Carries the credential `kind`
231
- * alongside the plaintext `value`, so consumers can dispatch the
232
- * correct login/prefill path rather than treating all credentials
233
- * as passphrases.
234
- *
235
- * `bundle.ts` is a pure format layer — it carries the credential
236
- * without interpreting it. The consumer is responsible for
237
- * dispatching on `kind`.
238
- */
239
- interface AutoCredential {
240
- readonly kind: AutoCredentialKind;
241
- readonly value: string;
242
- }
243
- /**
244
- * Options accepted by `writeNoydbBundle`.
245
- *
246
- * - `compression: 'auto'` (default) — try brotli, fall back to gzip
247
- * - `compression: 'brotli'` — force brotli, throw if unsupported
248
- * - `compression: 'gzip'` — force gzip
249
- * - `compression: 'none'` — no compression (round-trip testing only)
250
- *
251
- * **Slice filtering:**
252
- * - `collections` — allowlist of collection names to include. Internal
253
- * collections (keyrings, ledger) and excluded user collections are
254
- * dropped from the bundle. Records inside included collections are
255
- * carried through verbatim.
256
- * - `since` — only records whose envelope `_ts` is on/after the given
257
- * instant survive. Operates on the unencrypted envelope timestamp,
258
- * so plaintext access to records is not required.
259
- *
260
- * Both filters intersect (AND). When neither is provided the bundle is
261
- * a whole-vault snapshot, identical to today's behaviour.
262
- */
263
- interface WriteNoydbBundleOptions {
264
- readonly compression?: 'auto' | 'brotli' | 'gzip' | 'none';
265
- /** Allowlist of user-collection names to include. */
266
- readonly collections?: readonly string[];
267
- /**
268
- * Drop records whose envelope `_ts` is strictly older than this
269
- * instant. Accepts a `Date` or any ISO-8601 string parseable by
270
- * `new Date()`.
271
- */
272
- readonly since?: Date | string;
273
- /**
274
- * Plaintext-pipeline record predicate. Decrypts each record
275
- * with the vault's per-collection DEK, runs the predicate, and
276
- * keeps the original ciphertext for survivors (no re-encrypt —
277
- * preserves zero-knowledge cleanly). Records the predicate returns
278
- * `false` for are dropped from the bundle.
279
- *
280
- * Async predicates are supported. Mutating the record from inside
281
- * the predicate is undefined behaviour.
282
- */
283
- readonly where?: (record: unknown, ctx: {
284
- collection: string;
285
- id: string;
286
- }) => boolean | Promise<boolean>;
287
- /**
288
- * Hierarchical-tier ceiling. Records whose envelope `_tier`
289
- * is strictly greater than this number are dropped. Operates on the
290
- * envelope `_tier` (no decryption needed) — vault.exportStream is
291
- * referenced in the issue body for symmetry, but the tier value
292
- * lives on the unencrypted envelope. Vault without tiers is a no-op.
293
- */
294
- readonly tierAtMost?: number;
295
- /**
296
- * Single-recipient re-keying shorthand. When set, the
297
- * bundle's keyring is replaced with one freshly-derived entry sealed
298
- * with this passphrase. The recipient inherits the source keyring's
299
- * userId, role, and permissions. Mutually exclusive with `recipients`.
300
- */
301
- readonly exportPassphrase?: string;
302
- /**
303
- * Multi-recipient re-keying. Replaces the bundle's keyring
304
- * map with one slot per recipient, each sealed with its own
305
- * passphrase. DEKs are unwrapped from the source keyring once and
306
- * re-wrapped per recipient — record ciphertext is unchanged.
307
- *
308
- * Mutually exclusive with `exportPassphrase`. When neither is set,
309
- * the bundle inherits the source keyring as-is (today's behaviour,
310
- * suited to personal backup-and-restore).
311
- */
312
- readonly recipients?: readonly BundleRecipient[];
313
- /**
314
- * Auto-unlock — unsealed per-user credentials.
315
- *
316
- * Generalises `autoPassphrases` to support any bundleable credential
317
- * kind (`passphrase` | `password` | `pin`).
318
- *
319
- * Public-by-design: anyone holding the bundle bytes can read these
320
- * plaintext credentials. Use for demo data, sample vaults,
321
- * prospect onboarding.
322
- *
323
- * The `policy: 'public-by-design'` discriminant is mandatory. A
324
- * bare `{ perUser }` without it is rejected at write time — the
325
- * safety net against a careless call against a production vault.
326
- *
327
- * Mutually exclusive with `sealedCredentials`, `autoPassphrases`,
328
- * and `sealedPassphrases`.
329
- */
330
- readonly autoCredentials?: {
331
- readonly policy: 'public-by-design';
332
- readonly perUser: Record<string, AutoCredential>;
333
- };
334
- /**
335
- * Auto-unlock — per-user credentials sealed under a
336
- * {@link SealingKeyProvider}.
337
- *
338
- * Generalises `sealedPassphrases` to support any bundleable
339
- * credential kind (`passphrase` | `password` | `pin`).
340
- *
341
- * The hub seals each user's plaintext credential under `provider`
342
- * and embeds the resulting sealed envelopes in the bundle. The
343
- * recipient must hold a provider with a matching `pid` (i.e.,
344
- * `provider.id`) to auto-unseal on import.
345
- *
346
- * `mode: 'self-target'` — sender and recipient share the same
347
- * provider identity (same iCloud Keychain entry, same
348
- * MDM-provisioned bundle id, same KMS account, etc.).
349
- *
350
- * `mode: 'recipient-target'` — asymmetric sealing via a
351
- * {@link RecipientSealer}. Each user entry carries a
352
- * `credential` and a `hint` (the recipient's public material).
353
- * The bundle can only be unsealed by the holder of the matching
354
- * private key.
355
- *
356
- * Mutually exclusive with `autoCredentials`, `autoPassphrases`,
357
- * and `sealedPassphrases`.
358
- */
359
- readonly sealedCredentials?: {
360
- readonly mode: 'self-target';
361
- readonly provider: SealingKeyProvider;
362
- readonly perUser: Record<string, AutoCredential>;
363
- } | {
364
- readonly mode: 'recipient-target';
365
- readonly provider: RecipientSealer;
366
- readonly perUser: Record<string, {
367
- readonly credential: AutoCredential;
368
- readonly hint: RecipientHint;
369
- }>;
370
- };
371
- /**
372
- * @deprecated Use `autoCredentials` instead.
373
- *
374
- * Auto-unlock — unsealed per-user passphrases.
375
- *
376
- * Public-by-design: anyone holding the bundle bytes can read these
377
- * plaintext credentials. Use for demo data, sample vaults,
378
- * prospect onboarding.
379
- *
380
- * The `policy: 'public-by-design'` discriminant is mandatory. A
381
- * bare `{ perUser }` without it is rejected at write time — the
382
- * safety net against a careless call against a production vault.
383
- *
384
- * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
385
- * and `sealedPassphrases`.
386
- */
387
- readonly autoPassphrases?: {
388
- readonly policy: 'public-by-design';
389
- readonly perUser: Record<string, string>;
390
- };
391
- /**
392
- * @deprecated Use `sealedCredentials` instead.
393
- *
394
- * Auto-unlock — per-user passphrases sealed under a
395
- * {@link SealingKeyProvider} (self-target only).
396
- *
397
- * The hub seals each user's plaintext passphrase under `provider`
398
- * and embeds the resulting sealed envelopes in the bundle. The
399
- * recipient must hold a provider with a matching `pid` (i.e.,
400
- * `provider.id`) to auto-unseal on import.
401
- *
402
- * `mode: 'self-target'` is the only mode for `sealedPassphrases` — sender
403
- * and recipient share the same provider identity (same iCloud Keychain
404
- * entry, same MDM-provisioned bundle id, same KMS account, etc.).
405
- * For recipient-target sealing via the `RecipientSealer` interface,
406
- * use `sealedCredentials` with `mode: 'recipient-target'` (§11.4).
407
- *
408
- * Mutually exclusive with `autoCredentials`, `sealedCredentials`,
409
- * and `autoPassphrases`.
410
- */
411
- readonly sealedPassphrases?: {
412
- readonly mode: 'self-target';
413
- readonly provider: SealingKeyProvider;
414
- readonly perUser: Record<string, string>;
415
- };
416
- }
417
- /**
418
- * Result returned by `readNoydbBundle`. The caller is expected to
419
- * pass `dumpJson` into `vault.load(json, passphrase)` to
420
- * actually restore a vault. Splitting the layers keeps the
421
- * bundle module free of crypto concerns — see file-level docs.
422
- */
423
- interface NoydbBundleReadResult {
424
- readonly header: NoydbBundleHeader;
425
- readonly dumpJson: string;
426
- /**
427
- * Auto-unlock material. Present only when
428
- * the header's `autoUnlock` flag is set AND the body's wrapped
429
- * structure survived parsing. Values are typed credentials — either
430
- * delivered plain (`kind: 'unsealed'`) or unsealed at read time
431
- * using one of the supplied `sealingProviders` (`kind: 'sealed'`).
432
- *
433
- * Consumers dispatch on `cred.kind` to choose the correct login /
434
- * prefill path. Pre-0.2 bundles (bare string entries) are coerced
435
- * to `{ kind: 'passphrase', value }` on read for back-compat.
436
- *
437
- * For `kind: 'sealed'` bundles read without `sealingProviders`, the
438
- * `value` field is the raw base64 sealed bytes — opaque to the
439
- * consumer until unsealed elsewhere.
440
- */
441
- readonly autoUnlock?: {
442
- readonly kind: 'unsealed' | 'sealed';
443
- readonly perUser: Record<string, AutoCredential>;
444
- };
445
- }
446
- /**
447
- * Options accepted by {@link readNoydbBundle} for the
448
- * auto-unlock paths. Without these the reader behaves exactly as before
449
- * (header parsed; body returned as `dumpJson`).
450
- */
451
- interface ReadNoydbBundleOptions {
452
- /**
453
- * Recipient-side sealing providers used to unseal entries from
454
- * `sealedPassphrases`. The reader picks the one whose `.id`
455
- * matches each entry's `pid`. Multiple providers may be supplied
456
- * (different users may seal under different identities).
457
- *
458
- * When unset and the bundle carries sealed envelopes, the
459
- * `autoUnlock.perUser` map remains the SEALED entries unmodified
460
- * — callers can inspect them or unseal elsewhere.
461
- */
462
- readonly sealingProviders?: readonly SealingKeyProvider[];
463
- /**
464
- * Opt-in trial mode for unsealing — when an entry's `pid` doesn't
465
- * match a registered provider, try each provider whose alg
466
- * matches. Default `false` (strict-pid dispatch per foundation
467
- * §11.9.2). Surfaces extra credential prompts; use deliberately.
468
- */
469
- readonly attemptUnsealAcrossProviders?: boolean;
470
- }
471
- /**
472
- * Transfer-seal payload. The destination DEKs, exported to raw
473
- * bytes and AES-256-GCM-sealed *as a set* under the one-time transfer
474
- * key. `adoptPartition` unseals this; `createOwnerOnAdoptedPartition`
475
- * re-wraps the raw DEKs under the recipient's KEK.
476
- */
477
- interface TransferSealPayload {
478
- readonly v: 1;
479
- readonly alg: 'aes-256-gcm-pre-shared';
480
- readonly sealId: string;
481
- /** base64(AES-256-GCM(transferKey, JSON of { collection: base64(rawDEK) })) — iv ‖ ct ‖ tag. */
482
- readonly payload: string;
483
- }
484
- /** Test-only: reset the brotli detection cache between tests. */
485
- declare function resetBrotliSupportCache(): void;
486
- declare function writeNoydbBundle(vault: Vault, opts?: WriteNoydbBundleOptions): Promise<Uint8Array>;
487
- /**
488
- * Read just the bundle header — no body decompression, no
489
- * integrity verification. Intended for cloud-listing UIs that want
490
- * to show the handle and size before downloading the full body.
491
- *
492
- * Returns the same `NoydbBundleHeader` shape as the writer, with
493
- * minimum-disclosure validation already applied.
494
- *
495
- * **Cost** — O(prefix + header bytes). The header is normally well
496
- * under 1 KB, but may grow to roughly 256 KB when a `publicEnvelope`
497
- * with an inline icon is present. Cloud-listing UIs that previously
498
- * assumed sub-KB header reads should account for this when sizing
499
- * range requests against bundles that may carry icons.
500
- */
501
- declare function readNoydbBundleHeader(bytes: Uint8Array): NoydbBundleHeader;
502
- /**
503
- * Read just the bundle's public envelope (`docs/subsystems/public-envelope.md`)
504
- * — without verifying the body or even parsing the dump JSON. Pass
505
- * the raw bundle bytes; receive the owner-curated metadata or
506
- * `undefined` if the bundle was written without one.
507
- *
508
- * Locale-resolves any `name` / `description` map fields when `locale`
509
- * is supplied. Omitting `locale` returns the raw envelope.
510
- *
511
- * Same security caveat as the on-vault read path — the public
512
- * envelope is **untrusted hint** in v1; the encrypted body remains
513
- * the source of truth for vault contents.
514
- */
515
- declare function readNoydbBundlePublicEnvelope(bytes: Uint8Array, opts?: {
516
- readonly locale?: string;
517
- }): PublicEnvelope | undefined;
518
- /**
519
- * Read a full `.noydb` bundle: validate magic + header, verify
520
- * integrity hash over the body bytes, decompress, and return the
521
- * original `vault.dump()` JSON string ready to pass to
522
- * `vault.load()`.
523
- *
524
- * Throws `BundleIntegrityError` if the body's actual SHA-256 does
525
- * not match the value declared in the header. Distinct from a
526
- * format error so consumers can pattern-match in catch blocks
527
- * (corrupted-in-transit vs malformed-by-producer).
528
- *
529
- * Note: this function does NOT take a passphrase. The dump JSON
530
- * inside the body still contains encrypted records — restoring
531
- * the vault requires `vault.load(dumpJson, passphrase)`
532
- * after this call. Splitting the layers keeps the bundle module
533
- * free of crypto concerns and lets the same code feed format
534
- * inspectors that never decrypt anything.
535
- */
536
- declare function readNoydbBundle(bytes: Uint8Array, opts?: ReadNoydbBundleOptions): Promise<NoydbBundleReadResult>;
537
-
538
- /**
539
- * Minimal ULID generator — zero dependencies, Web Crypto API only.
540
- *
541
- *. Used by the bundle writer to generate stable opaque
542
- * handles for `.noydb` containers.
543
- *
544
- * **What's a ULID?** A 128-bit identifier encoded as 26 Crockford
545
- * base32 characters. Layout:
546
- *
547
- * ```
548
- * 01HYABCDEFGHJKMNPQRSTVWXYZ
549
- * |--------||---------------|
550
- * 48-bit 80-bit
551
- * timestamp randomness
552
- * ```
553
- *
554
- * The first 10 chars encode a millisecond Unix timestamp (so ULIDs
555
- * sort lexicographically by creation time), and the remaining 16
556
- * chars are random. Crockford base32 omits I/L/O/U to avoid
557
- * ambiguity in handwriting and URLs.
558
- *
559
- * **Why hand-roll instead of pulling in `ulid`?** The package adds
560
- * a dep, the implementation is ~30 lines, and the bundle module
561
- * is the only consumer. Adding `ulid` would also drag in its own
562
- * crypto polyfill that we don't need on Node 18+ or modern
563
- * browsers.
564
- *
565
- * **Privacy consideration:** the timestamp prefix is observable in
566
- * the bundle header. This is a deliberate trade-off:
567
- * - Pro: lexicographic sortability lets bundle adapters list
568
- * newest-first without an extra index.
569
- * - Con: a casual observer can read the bundle's creation time
570
- * from the handle. They cannot read it from any OTHER field
571
- * (the header explicitly forbids `_exported_at`), and a
572
- * creation timestamp is the same kind of metadata that
573
- * filesystem mtime would already expose for a downloaded
574
- * bundle. The leak is therefore equivalent to what's already
575
- * visible from the file's mtime — not a new exposure.
576
- *
577
- * If a future use case needs timestamp-free handles, a v2 of the
578
- * format could specify "use the random portion only" without a
579
- * format break — `validateBundleHeader` only checks the regex
580
- * shape, not the encoded timestamp.
581
- */
582
- /**
583
- * Generate a fresh ULID. Uses `crypto.getRandomValues` for the
584
- * randomness portion — same Web Crypto API the rest of the
585
- * codebase uses for IVs and salt.
586
- *
587
- * Returns a 26-character string. Calling twice in the same
588
- * millisecond produces two distinct ULIDs (the random portion
589
- * differs); ULIDs from the same millisecond are NOT guaranteed
590
- * to be monotonically ordered relative to each other, only
591
- * relative to ULIDs from a different millisecond. The bundle
592
- * format never relies on intra-millisecond ordering.
593
- */
594
- declare function generateULID(): string;
595
- /**
596
- * Validate that a string is a syntactically well-formed ULID. Used
597
- * by the bundle header validator. Does NOT verify that the
598
- * timestamp portion decodes to a sensible date — the format only
599
- * cares about the encoding shape.
600
- */
601
- declare function isULID(value: string): boolean;
602
-
603
- export { type AutoCredential as A, COMPRESSION_BROTLI as C, FLAG_COMPRESSED as F, NOYDB_BUNDLE_FORMAT_VERSION as N, type ReadNoydbBundleOptions as R, type TransferSealPayload as T, type WriteNoydbBundleOptions as W, COMPRESSION_GZIP as a, COMPRESSION_NONE as b, type CompressionAlgo as c, FLAG_HAS_INTEGRITY_HASH as d, NOYDB_BUNDLE_MAGIC as e, NOYDB_BUNDLE_PREFIX_BYTES as f, type NoydbBundleHeader as g, type NoydbBundleReadResult as h, encodeBundleHeader as i, generateULID as j, isULID as k, readNoydbBundleHeader as l, resetBrotliSupportCache as m, type AutoCredentialKind as n, hasNoydbBundleMagic as o, readNoydbBundlePublicEnvelope as p, readNoydbBundle as r, validateBundleHeader as v, writeNoydbBundle as w };