@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (541) hide show
  1. package/README.md +129 -3
  2. package/dist/adapter/index.d.ts +5 -0
  3. package/dist/adapter/index.js +15 -0
  4. package/dist/aggregate/index.d.ts +6 -2
  5. package/dist/aggregate/index.js +24 -16
  6. package/dist/aggregate/index.js.map +1 -1
  7. package/dist/api-RW3KP7WU.js +14 -0
  8. package/dist/as/index.d.ts +7 -0
  9. package/dist/as/index.js +24 -0
  10. package/dist/at/index.d.ts +5 -0
  11. package/dist/at/index.js +1 -0
  12. package/dist/attestation/index.d.ts +15 -47
  13. package/dist/attestation/index.js +54 -10
  14. package/dist/attestation/index.js.map +1 -1
  15. package/dist/backup-KMJQ66MF.js +219 -0
  16. package/dist/backup-KMJQ66MF.js.map +1 -0
  17. package/dist/blobs/index.d.ts +6 -8
  18. package/dist/blobs/index.js +19 -12
  19. package/dist/blobs/index.js.map +1 -1
  20. package/dist/bundle/index.d.ts +16 -70
  21. package/dist/bundle/index.js +39 -476
  22. package/dist/bundle/index.js.map +1 -1
  23. package/dist/{ulid-CJ8RzRrm.d.ts → bundle-PwBGkhpe.d.ts} +31 -86
  24. package/dist/by/index.d.ts +1 -0
  25. package/dist/by/index.js +11 -0
  26. package/dist/cargo/index.d.ts +9 -0
  27. package/dist/cargo/index.js +89 -0
  28. package/dist/chunk-26LGBE4T.js +42 -0
  29. package/dist/chunk-26LGBE4T.js.map +1 -0
  30. package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
  31. package/dist/chunk-3YFXJ3ZP.js.map +1 -0
  32. package/dist/chunk-4Q6HSHHL.js +90 -0
  33. package/dist/chunk-4Q6HSHHL.js.map +1 -0
  34. package/dist/chunk-5LUY7UTV.js +380 -0
  35. package/dist/chunk-5LUY7UTV.js.map +1 -0
  36. package/dist/chunk-5N6CZTCY.js +367 -0
  37. package/dist/chunk-5N6CZTCY.js.map +1 -0
  38. package/dist/chunk-5O3AOPDT.js +992 -0
  39. package/dist/chunk-5O3AOPDT.js.map +1 -0
  40. package/dist/chunk-5R3ERCDH.js +239 -0
  41. package/dist/chunk-5R3ERCDH.js.map +1 -0
  42. package/dist/chunk-5TDJ56JE.js +32 -0
  43. package/dist/chunk-5TDJ56JE.js.map +1 -0
  44. package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
  45. package/dist/chunk-62QYRORB.js.map +1 -0
  46. package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
  47. package/dist/chunk-6S7T6WC4.js.map +1 -0
  48. package/dist/chunk-76722EBH.js +451 -0
  49. package/dist/chunk-76722EBH.js.map +1 -0
  50. package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
  51. package/dist/chunk-AIWULCUO.js.map +1 -0
  52. package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
  53. package/dist/chunk-AQTBSL7R.js.map +1 -0
  54. package/dist/chunk-AURFOK3D.js +35 -0
  55. package/dist/chunk-AURFOK3D.js.map +1 -0
  56. package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
  57. package/dist/chunk-AXRXJTE2.js.map +1 -0
  58. package/dist/chunk-AZAOEIKW.js +155 -0
  59. package/dist/chunk-AZAOEIKW.js.map +1 -0
  60. package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
  61. package/dist/chunk-BG3SPSR4.js.map +1 -0
  62. package/dist/chunk-BGIZAFY7.js +1 -0
  63. package/dist/chunk-CHFZDSE4.js +1 -0
  64. package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
  65. package/dist/chunk-CMGR4ZEW.js.map +1 -0
  66. package/dist/chunk-CWPPNPOH.js +23 -0
  67. package/dist/chunk-CWPPNPOH.js.map +1 -0
  68. package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
  69. package/dist/chunk-DFEMTNPJ.js.map +1 -0
  70. package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
  71. package/dist/chunk-DGDI2D4M.js.map +1 -0
  72. package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
  73. package/dist/chunk-EIZUR2XW.js.map +1 -0
  74. package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
  75. package/dist/chunk-FISN7WE4.js.map +1 -0
  76. package/dist/chunk-GHVIKOHT.js +1 -0
  77. package/dist/chunk-GYGWYIOZ.js +200 -0
  78. package/dist/chunk-GYGWYIOZ.js.map +1 -0
  79. package/dist/chunk-HCIPRAGS.js +45 -0
  80. package/dist/chunk-HCIPRAGS.js.map +1 -0
  81. package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
  82. package/dist/chunk-I2NOIW44.js.map +1 -0
  83. package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
  84. package/dist/chunk-I3TIKTJO.js.map +1 -0
  85. package/dist/chunk-I7FD46FF.js +9 -0
  86. package/dist/chunk-I7FD46FF.js.map +1 -0
  87. package/dist/chunk-IAGBDSCS.js +40 -0
  88. package/dist/chunk-IAGBDSCS.js.map +1 -0
  89. package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
  90. package/dist/chunk-IELYAOGG.js.map +1 -0
  91. package/dist/chunk-IGUYVGGI.js +205 -0
  92. package/dist/chunk-IGUYVGGI.js.map +1 -0
  93. package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
  94. package/dist/chunk-IO6GRPT6.js.map +1 -0
  95. package/dist/chunk-IPB7FTQX.js +273 -0
  96. package/dist/chunk-IPB7FTQX.js.map +1 -0
  97. package/dist/chunk-ITNUCOXM.js +148 -0
  98. package/dist/chunk-ITNUCOXM.js.map +1 -0
  99. package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
  100. package/dist/chunk-IUEN57TV.js.map +1 -0
  101. package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
  102. package/dist/chunk-JNUWZ6D3.js.map +1 -0
  103. package/dist/chunk-K2WCO3NX.js +1 -0
  104. package/dist/chunk-KVOXU4T5.js +30 -0
  105. package/dist/chunk-KVOXU4T5.js.map +1 -0
  106. package/dist/chunk-KXGNJJXB.js +135 -0
  107. package/dist/chunk-KXGNJJXB.js.map +1 -0
  108. package/dist/chunk-LB7FD65R.js +163 -0
  109. package/dist/chunk-LB7FD65R.js.map +1 -0
  110. package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
  111. package/dist/chunk-LFLXAY2W.js.map +1 -0
  112. package/dist/chunk-LMTH2RM6.js +129 -0
  113. package/dist/chunk-LMTH2RM6.js.map +1 -0
  114. package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
  115. package/dist/chunk-LV7M27WM.js.map +1 -0
  116. package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
  117. package/dist/chunk-LXQT4WMP.js.map +1 -0
  118. package/dist/chunk-M2YKN37S.js +524 -0
  119. package/dist/chunk-M2YKN37S.js.map +1 -0
  120. package/dist/chunk-M6OST55S.js +14 -0
  121. package/dist/chunk-M6OST55S.js.map +1 -0
  122. package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
  123. package/dist/chunk-MD3Y6J3L.js.map +1 -0
  124. package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
  125. package/dist/chunk-MTMJVJ5W.js.map +1 -0
  126. package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
  127. package/dist/chunk-NF5JWERG.js.map +1 -0
  128. package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
  129. package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
  130. package/dist/{chunk-6CME4UEK.js → chunk-PSHOXR6C.js} +7008 -4827
  131. package/dist/chunk-PSHOXR6C.js.map +1 -0
  132. package/dist/chunk-PSMV73A5.js +117 -0
  133. package/dist/chunk-PSMV73A5.js.map +1 -0
  134. package/dist/chunk-PY4KJPYU.js +9 -0
  135. package/dist/chunk-PY4KJPYU.js.map +1 -0
  136. package/dist/chunk-PZ5AY32C.js +10 -0
  137. package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
  138. package/dist/chunk-Q7SS3IME.js.map +1 -0
  139. package/dist/chunk-QHJW5EXU.js +54 -0
  140. package/dist/chunk-QHJW5EXU.js.map +1 -0
  141. package/dist/chunk-QZISFCVG.js +233 -0
  142. package/dist/chunk-QZISFCVG.js.map +1 -0
  143. package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
  144. package/dist/chunk-RUEKROOS.js.map +1 -0
  145. package/dist/chunk-RUIMKQTA.js +23 -0
  146. package/dist/chunk-RUIMKQTA.js.map +1 -0
  147. package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
  148. package/dist/chunk-SKF73JOP.js.map +1 -0
  149. package/dist/chunk-SM3AVUHC.js +42 -0
  150. package/dist/chunk-SM3AVUHC.js.map +1 -0
  151. package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
  152. package/dist/chunk-SMXWYP24.js.map +1 -0
  153. package/dist/chunk-SRB2XEWB.js +148 -0
  154. package/dist/chunk-SRB2XEWB.js.map +1 -0
  155. package/dist/chunk-SVLR4POP.js +64 -0
  156. package/dist/chunk-SVLR4POP.js.map +1 -0
  157. package/dist/chunk-TA66UMI4.js +123 -0
  158. package/dist/chunk-TA66UMI4.js.map +1 -0
  159. package/dist/chunk-TEILUWOI.js +664 -0
  160. package/dist/chunk-TEILUWOI.js.map +1 -0
  161. package/dist/chunk-TJYQIGAP.js +82 -0
  162. package/dist/chunk-TJYQIGAP.js.map +1 -0
  163. package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
  164. package/dist/chunk-UAG5KWVA.js.map +1 -0
  165. package/dist/chunk-UDRIWL7A.js +382 -0
  166. package/dist/chunk-UDRIWL7A.js.map +1 -0
  167. package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
  168. package/dist/chunk-UIU2THRG.js.map +1 -0
  169. package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
  170. package/dist/chunk-UPJNJGGA.js.map +1 -0
  171. package/dist/chunk-UV5MFVO3.js +21 -0
  172. package/dist/chunk-UV5MFVO3.js.map +1 -0
  173. package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
  174. package/dist/chunk-V7RWQRG7.js.map +1 -0
  175. package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
  176. package/dist/chunk-VCTFO5CO.js.map +1 -0
  177. package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
  178. package/dist/chunk-VFQGRQIH.js.map +1 -0
  179. package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
  180. package/dist/chunk-VQNJ7UZL.js.map +1 -0
  181. package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
  182. package/dist/chunk-WWGT2MDV.js.map +1 -0
  183. package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
  184. package/dist/chunk-WXSYDNBT.js.map +1 -0
  185. package/dist/chunk-WYSO2NIH.js +30 -0
  186. package/dist/chunk-WYSO2NIH.js.map +1 -0
  187. package/dist/chunk-XXYIOFUB.js +164 -0
  188. package/dist/chunk-XXYIOFUB.js.map +1 -0
  189. package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
  190. package/dist/chunk-Y22T3KQE.js.map +1 -0
  191. package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
  192. package/dist/chunk-YMUGBZN2.js.map +1 -0
  193. package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
  194. package/dist/chunk-ZCGAHGUS.js.map +1 -0
  195. package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
  196. package/dist/chunk-ZJADGNYF.js.map +1 -0
  197. package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
  198. package/dist/chunk-ZYUC53LT.js.map +1 -0
  199. package/dist/collection-facade-GQAOGJP2.js +33 -0
  200. package/dist/consent/index.d.ts +5 -7
  201. package/dist/consent/index.js +7 -5
  202. package/dist/consent/index.js.map +1 -1
  203. package/dist/crdt/index.d.ts +6 -2
  204. package/dist/crdt/index.js +3 -2
  205. package/dist/crdt/index.js.map +1 -1
  206. package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
  207. package/dist/delegation-UL5HKLER.js +19 -0
  208. package/dist/derivations/index.d.ts +7 -9
  209. package/dist/derivations/index.js +11 -6
  210. package/dist/describe/index.d.ts +1 -0
  211. package/dist/describe/index.js +1 -0
  212. package/dist/describe-Ccd1hS7a.d.ts +143 -0
  213. package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-h0K-UZTk.d.ts} +1 -1
  214. package/dist/discriminant-BN9REW3o.d.ts +60 -0
  215. package/dist/enclave-UL5LW66V.js +88 -0
  216. package/dist/executor-2FWQRLMG.js +15 -0
  217. package/dist/executor-QZ7BXICW.js +9 -0
  218. package/dist/executor-Z5ZLJVTV.js +9 -0
  219. package/dist/export-accessible-KRV5W4GH.js +17 -0
  220. package/dist/extract-partition-GLKBOXFQ.js +30 -0
  221. package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
  222. package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
  223. package/dist/forget/index.d.ts +36 -0
  224. package/dist/forget/index.js +19 -0
  225. package/dist/forget/index.js.map +1 -0
  226. package/dist/guards/index.d.ts +13 -9
  227. package/dist/guards/index.js +12 -5
  228. package/dist/{hash-DdpVypUp.d.cts → hash-CdSr06sm.d.ts} +5 -1
  229. package/dist/history/index.d.ts +6 -8
  230. package/dist/history/index.js +19 -12
  231. package/dist/history/index.js.map +1 -1
  232. package/dist/i18n/index.d.ts +5 -7
  233. package/dist/i18n/index.js +104 -15
  234. package/dist/i18n/index.js.map +1 -1
  235. package/dist/in/index.d.ts +5 -0
  236. package/dist/in/index.js +1 -0
  237. package/dist/in/index.js.map +1 -0
  238. package/dist/index-B9QdHytu.d.ts +123 -0
  239. package/dist/index-CGLLRtFc.d.ts +123 -0
  240. package/dist/{types-Df28QFKb.d.ts → index-_6At2_9_.d.ts} +16270 -8358
  241. package/dist/index.d.ts +1088 -450
  242. package/dist/index.js +1165 -293
  243. package/dist/index.js.map +1 -1
  244. package/dist/indexing/index.d.ts +6 -3
  245. package/dist/indexing/index.js +6 -5
  246. package/dist/indexing/index.js.map +1 -1
  247. package/dist/issue-Y6UVIR43.js +13 -0
  248. package/dist/issue-Y6UVIR43.js.map +1 -0
  249. package/dist/kernel/index.d.ts +32 -0
  250. package/dist/kernel/index.js +53 -0
  251. package/dist/kernel/index.js.map +1 -0
  252. package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
  253. package/dist/ledger-RYI35CDS.js.map +1 -0
  254. package/dist/liberate-CRPZEV7O.js +18 -0
  255. package/dist/liberate-CRPZEV7O.js.map +1 -0
  256. package/dist/materialized-views/index.d.ts +6 -19
  257. package/dist/materialized-views/index.js +16 -12
  258. package/dist/mime-magic-B4RoFj3B.d.ts +103 -0
  259. package/dist/noydb-LDEBLNHY.js +50 -0
  260. package/dist/noydb-LDEBLNHY.js.map +1 -0
  261. package/dist/on/index.d.ts +5 -0
  262. package/dist/on/index.js +11 -0
  263. package/dist/on/index.js.map +1 -0
  264. package/dist/overlay-views/index.d.ts +27 -11
  265. package/dist/overlay-views/index.js +7 -6
  266. package/dist/periods/index.d.ts +5 -7
  267. package/dist/periods/index.js +13 -9
  268. package/dist/pod/index.d.ts +63 -0
  269. package/dist/pod/index.js +61 -0
  270. package/dist/pod/index.js.map +1 -0
  271. package/dist/policy-IXK4FVXP.js +41 -0
  272. package/dist/policy-IXK4FVXP.js.map +1 -0
  273. package/dist/portability/index.d.ts +20 -0
  274. package/dist/portability/index.js +43 -0
  275. package/dist/portability/index.js.map +1 -0
  276. package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
  277. package/dist/public-envelope-JHDQCPSX.js.map +1 -0
  278. package/dist/query/index.d.ts +5 -3
  279. package/dist/query/index.js +21 -13
  280. package/dist/read-only-facade-5ADRJVTM.js +8 -0
  281. package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
  282. package/dist/registry-45RJNWGU.js +9 -0
  283. package/dist/registry-45RJNWGU.js.map +1 -0
  284. package/dist/registry-5GRV5VXI.js +13 -0
  285. package/dist/registry-5GRV5VXI.js.map +1 -0
  286. package/dist/registry-VW6P6A3J.js +8 -0
  287. package/dist/registry-VW6P6A3J.js.map +1 -0
  288. package/dist/registry-WEUCHBO4.js +11 -0
  289. package/dist/registry-WEUCHBO4.js.map +1 -0
  290. package/dist/request-withdrawal-GBPH2FDY.js +25 -0
  291. package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
  292. package/dist/revoke-TUFRGI6S.js +18 -0
  293. package/dist/revoke-TUFRGI6S.js.map +1 -0
  294. package/dist/sealed-record/index.d.ts +69 -0
  295. package/dist/sealed-record/index.js +65 -0
  296. package/dist/sealed-record/index.js.map +1 -0
  297. package/dist/session/index.d.ts +6 -8
  298. package/dist/session/index.js +7 -5
  299. package/dist/session/index.js.map +1 -1
  300. package/dist/shadow/index.d.ts +5 -7
  301. package/dist/shadow/index.js +4 -3
  302. package/dist/shadow/index.js.map +1 -1
  303. package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
  304. package/dist/signer-PNKTBVF7.js.map +1 -0
  305. package/dist/snapshots/index.d.ts +6 -8
  306. package/dist/snapshots/index.js +13 -11
  307. package/dist/snapshots/index.js.map +1 -1
  308. package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
  309. package/dist/stale-3JWHNDIY.js.map +1 -0
  310. package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
  311. package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
  312. package/dist/subject-index-O75wKshW.d.ts +362 -0
  313. package/dist/sync/index.d.ts +4 -6
  314. package/dist/sync/index.js +7 -6
  315. package/dist/sync/index.js.map +1 -1
  316. package/dist/team/index.d.ts +5 -7
  317. package/dist/team/index.js +20 -16
  318. package/dist/tiers/index.d.ts +5 -0
  319. package/dist/tiers/index.js +33 -0
  320. package/dist/tiers/index.js.map +1 -0
  321. package/dist/to/index.d.ts +5 -0
  322. package/dist/to/index.js +17 -0
  323. package/dist/to/index.js.map +1 -0
  324. package/dist/transition-guard-DqodPNKw.d.ts +165 -0
  325. package/dist/tx/index.d.ts +23 -9
  326. package/dist/tx/index.js +13 -8
  327. package/dist/tx/index.js.map +1 -1
  328. package/dist/ui/index.d.ts +1 -0
  329. package/dist/ui/index.js +1 -0
  330. package/dist/ui/index.js.map +1 -0
  331. package/dist/ulid-DRH25k3y.d.ts +66 -0
  332. package/dist/ulid-PTAIMDG4.js +10 -0
  333. package/dist/ulid-PTAIMDG4.js.map +1 -0
  334. package/dist/util/index.d.ts +2 -0
  335. package/dist/util/index.js +7 -2
  336. package/dist/util/index.js.map +1 -1
  337. package/dist/vault-diff-BtpiBvic.d.ts +147 -0
  338. package/dist/with/index.d.ts +38 -0
  339. package/dist/with/index.js +25 -0
  340. package/dist/with/index.js.map +1 -0
  341. package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-DMmWtYfJ.d.ts} +1 -1
  342. package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-D_IB2nkM.d.ts} +2 -3
  343. package/dist/with-rollup-em2wxoHP.d.ts +47 -0
  344. package/dist/withdraw-accessible-FFS46EOD.js +22 -0
  345. package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
  346. package/dist/zod-HAJM7LMS.js +14763 -0
  347. package/dist/zod-HAJM7LMS.js.map +1 -0
  348. package/package.json +121 -201
  349. package/dist/aggregate/index.cjs.map +0 -1
  350. package/dist/aggregate/index.d.cts +0 -38
  351. package/dist/attestation/index.cjs +0 -305
  352. package/dist/attestation/index.cjs.map +0 -1
  353. package/dist/attestation/index.d.cts +0 -52
  354. package/dist/blobs/index.cjs +0 -1480
  355. package/dist/blobs/index.cjs.map +0 -1
  356. package/dist/blobs/index.d.cts +0 -46
  357. package/dist/bundle/index.cjs +0 -19264
  358. package/dist/bundle/index.cjs.map +0 -1
  359. package/dist/bundle/index.d.cts +0 -176
  360. package/dist/chunk-22DWZL57.js.map +0 -1
  361. package/dist/chunk-2GLDA55J.js.map +0 -1
  362. package/dist/chunk-2QR2PQTT.js.map +0 -1
  363. package/dist/chunk-2WUSG3IT.js.map +0 -1
  364. package/dist/chunk-3BFJOWSU.js.map +0 -1
  365. package/dist/chunk-3YPCK6JX.js.map +0 -1
  366. package/dist/chunk-53XBRIRT.js.map +0 -1
  367. package/dist/chunk-5T22KDPN.js.map +0 -1
  368. package/dist/chunk-5XHKQ56N.js +0 -340
  369. package/dist/chunk-5XHKQ56N.js.map +0 -1
  370. package/dist/chunk-6CME4UEK.js.map +0 -1
  371. package/dist/chunk-6STK5TQP.js +0 -139
  372. package/dist/chunk-6STK5TQP.js.map +0 -1
  373. package/dist/chunk-A3JMGXPG.js.map +0 -1
  374. package/dist/chunk-B6PB7JLN.js.map +0 -1
  375. package/dist/chunk-BVRYKATC.js.map +0 -1
  376. package/dist/chunk-DE6GKS6G.js.map +0 -1
  377. package/dist/chunk-DFMLEQZB.js.map +0 -1
  378. package/dist/chunk-DJHHA6XH.js.map +0 -1
  379. package/dist/chunk-DL3HWOQ5.js.map +0 -1
  380. package/dist/chunk-DONMZAD2.js.map +0 -1
  381. package/dist/chunk-EMIGCR7X.js.map +0 -1
  382. package/dist/chunk-F3GDRNUT.js.map +0 -1
  383. package/dist/chunk-FZU343FL.js.map +0 -1
  384. package/dist/chunk-H2X3ISXG.js.map +0 -1
  385. package/dist/chunk-HNRHLRDC.js.map +0 -1
  386. package/dist/chunk-I5FOWO4J.js.map +0 -1
  387. package/dist/chunk-J66GRPNH.js.map +0 -1
  388. package/dist/chunk-JWRVQKRZ.js.map +0 -1
  389. package/dist/chunk-K3DK3NU5.js.map +0 -1
  390. package/dist/chunk-ML236QKC.js.map +0 -1
  391. package/dist/chunk-NONAAENK.js.map +0 -1
  392. package/dist/chunk-O3VZPBZG.js.map +0 -1
  393. package/dist/chunk-OIF6LZUR.js.map +0 -1
  394. package/dist/chunk-OQ6PIGHA.js +0 -19
  395. package/dist/chunk-OQ6PIGHA.js.map +0 -1
  396. package/dist/chunk-PE2FR4J3.js.map +0 -1
  397. package/dist/chunk-PP6W64Y3.js +0 -275
  398. package/dist/chunk-PP6W64Y3.js.map +0 -1
  399. package/dist/chunk-PX35GA7L.js.map +0 -1
  400. package/dist/chunk-QEILDE6R.js +0 -793
  401. package/dist/chunk-QEILDE6R.js.map +0 -1
  402. package/dist/chunk-QODLLGQ7.js.map +0 -1
  403. package/dist/chunk-RAZ4OVLL.js +0 -51
  404. package/dist/chunk-RAZ4OVLL.js.map +0 -1
  405. package/dist/chunk-SYMWGEET.js.map +0 -1
  406. package/dist/chunk-T7JEBOGN.js.map +0 -1
  407. package/dist/chunk-TFBP23BX.js.map +0 -1
  408. package/dist/chunk-TV3YZ35S.js +0 -90
  409. package/dist/chunk-TV3YZ35S.js.map +0 -1
  410. package/dist/chunk-U26HQ6KJ.js.map +0 -1
  411. package/dist/chunk-UF3BUNQZ.js +0 -1
  412. package/dist/chunk-UMLVJTYV.js +0 -20
  413. package/dist/chunk-UMLVJTYV.js.map +0 -1
  414. package/dist/chunk-VTKGMEPP.js.map +0 -1
  415. package/dist/chunk-W6EQLGMB.js +0 -100
  416. package/dist/chunk-W6EQLGMB.js.map +0 -1
  417. package/dist/chunk-WIRRPTFH.js +0 -17
  418. package/dist/chunk-WIRRPTFH.js.map +0 -1
  419. package/dist/chunk-WPLVTJ5D.js.map +0 -1
  420. package/dist/chunk-XJFLDA7A.js.map +0 -1
  421. package/dist/chunk-Z6FNBOTC.js.map +0 -1
  422. package/dist/chunk-ZYWZWG6G.js.map +0 -1
  423. package/dist/consent/index.cjs +0 -204
  424. package/dist/consent/index.cjs.map +0 -1
  425. package/dist/consent/index.d.cts +0 -25
  426. package/dist/crdt/index.cjs +0 -152
  427. package/dist/crdt/index.cjs.map +0 -1
  428. package/dist/crdt/index.d.cts +0 -30
  429. package/dist/crypto-HTZ4FJOP.js +0 -44
  430. package/dist/delegation-RI54P6I5.js +0 -17
  431. package/dist/derivations/index.cjs +0 -351
  432. package/dist/derivations/index.cjs.map +0 -1
  433. package/dist/derivations/index.d.cts +0 -72
  434. package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
  435. package/dist/executor-5PNY7LGW.js +0 -8
  436. package/dist/executor-B4QIYGZX.js +0 -8
  437. package/dist/executor-BWXXDQ7K.js +0 -11
  438. package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
  439. package/dist/guards/index.cjs +0 -322
  440. package/dist/guards/index.cjs.map +0 -1
  441. package/dist/guards/index.d.cts +0 -31
  442. package/dist/hash-HJqD14vS.d.ts +0 -63
  443. package/dist/history/index.cjs +0 -1222
  444. package/dist/history/index.cjs.map +0 -1
  445. package/dist/history/index.d.cts +0 -63
  446. package/dist/i18n/index.cjs +0 -1100
  447. package/dist/i18n/index.cjs.map +0 -1
  448. package/dist/i18n/index.d.cts +0 -39
  449. package/dist/index-4fBVt8j9.d.cts +0 -2387
  450. package/dist/index-D8I_pyJD.d.ts +0 -2387
  451. package/dist/index.cjs +0 -24487
  452. package/dist/index.cjs.map +0 -1
  453. package/dist/index.d.cts +0 -776
  454. package/dist/indexing/index.cjs +0 -742
  455. package/dist/indexing/index.cjs.map +0 -1
  456. package/dist/indexing/index.d.cts +0 -36
  457. package/dist/issue-VGDPP4B5.js +0 -12
  458. package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
  459. package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
  460. package/dist/materialized-views/index.cjs +0 -854
  461. package/dist/materialized-views/index.cjs.map +0 -1
  462. package/dist/materialized-views/index.d.cts +0 -186
  463. package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
  464. package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
  465. package/dist/noydb-G725ZSZG.js +0 -34
  466. package/dist/overlay-views/index.cjs +0 -359
  467. package/dist/overlay-views/index.cjs.map +0 -1
  468. package/dist/overlay-views/index.d.cts +0 -82
  469. package/dist/periods/index.cjs +0 -1041
  470. package/dist/periods/index.cjs.map +0 -1
  471. package/dist/periods/index.d.cts +0 -22
  472. package/dist/predicate-BSAGEyu5.d.cts +0 -209
  473. package/dist/predicate-BSAGEyu5.d.ts +0 -209
  474. package/dist/query/index.cjs +0 -2375
  475. package/dist/query/index.cjs.map +0 -1
  476. package/dist/query/index.d.cts +0 -3
  477. package/dist/read-only-facade-ITU6L7BL.js +0 -7
  478. package/dist/registry-3QP3YKQS.js +0 -8
  479. package/dist/registry-DKEXOJVO.js +0 -7
  480. package/dist/registry-OJIOSBV6.js +0 -10
  481. package/dist/registry-USRVT6YF.js +0 -8
  482. package/dist/revoke-JCC7N56X.js +0 -17
  483. package/dist/session/index.cjs +0 -495
  484. package/dist/session/index.cjs.map +0 -1
  485. package/dist/session/index.d.cts +0 -46
  486. package/dist/shadow/index.cjs +0 -133
  487. package/dist/shadow/index.cjs.map +0 -1
  488. package/dist/shadow/index.d.cts +0 -17
  489. package/dist/snapshots/index.cjs +0 -937
  490. package/dist/snapshots/index.cjs.map +0 -1
  491. package/dist/snapshots/index.d.cts +0 -28
  492. package/dist/store/index.cjs +0 -1083
  493. package/dist/store/index.cjs.map +0 -1
  494. package/dist/store/index.d.cts +0 -492
  495. package/dist/store/index.d.ts +0 -492
  496. package/dist/store/index.js +0 -37
  497. package/dist/strategy-BSxFXGzb.d.cts +0 -110
  498. package/dist/strategy-BSxFXGzb.d.ts +0 -110
  499. package/dist/strategy-DSTrsZ8t.d.cts +0 -601
  500. package/dist/strategy-DSTrsZ8t.d.ts +0 -601
  501. package/dist/sync/index.cjs +0 -1062
  502. package/dist/sync/index.cjs.map +0 -1
  503. package/dist/sync/index.d.cts +0 -43
  504. package/dist/team/index.cjs +0 -2798
  505. package/dist/team/index.cjs.map +0 -1
  506. package/dist/team/index.d.cts +0 -118
  507. package/dist/tx/index.cjs +0 -544
  508. package/dist/tx/index.cjs.map +0 -1
  509. package/dist/tx/index.d.cts +0 -21
  510. package/dist/types-DyXYr8rE.d.cts +0 -12818
  511. package/dist/ulid-COREQ2RQ.js +0 -9
  512. package/dist/ulid-Drr7ykr6.d.cts +0 -603
  513. package/dist/util/index.cjs +0 -230
  514. package/dist/util/index.cjs.map +0 -1
  515. package/dist/util/index.d.cts +0 -77
  516. package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
  517. package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
  518. package/dist/with-guard-ByyxmEe7.d.cts +0 -18
  519. package/dist/with-guard-qube6BMI.d.ts +0 -18
  520. package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
  521. package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
  522. /package/dist/{store → adapter}/index.js.map +0 -0
  523. /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
  524. /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
  525. /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
  526. /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
  527. /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
  528. /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
  529. /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
  530. /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
  531. /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
  532. /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
  533. /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
  534. /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
  535. /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
  536. /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
  537. /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
  538. /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
  539. /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
  540. /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
  541. /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
@@ -0,0 +1,117 @@
1
+ import {
2
+ buildAccessibleBundle,
3
+ resolveAccessibleCollections
4
+ } from "./chunk-HCIPRAGS.js";
5
+ import {
6
+ sha256Hex
7
+ } from "./chunk-5O3AOPDT.js";
8
+ import {
9
+ NOYDB_FORMAT_VERSION
10
+ } from "./chunk-5TDJ56JE.js";
11
+ import {
12
+ ReadOnlyError
13
+ } from "./chunk-ZYUC53LT.js";
14
+
15
+ // src/with-audit/portability/withdraw-accessible.ts
16
+ var FROZEN_SNAPSHOTS_COLLECTION = "_frozen_snapshots";
17
+ var ENC = new TextEncoder();
18
+ function randomId() {
19
+ const b = globalThis.crypto.getRandomValues(new Uint8Array(12));
20
+ return Array.from(b, (x) => x.toString(16).padStart(2, "0")).join("");
21
+ }
22
+ async function freezeSnapshotOnly(vault, collections, opts) {
23
+ const { name: vaultName, adapter } = vault._introspectState();
24
+ const closure = [];
25
+ for (const c of collections) {
26
+ for (const id of await adapter.list(vaultName, c)) closure.push({ collection: c, id });
27
+ }
28
+ const withdrawalId = opts.withdrawalId ?? `wd-${randomId()}`;
29
+ const snap = {};
30
+ for (const { collection, id } of closure) {
31
+ const env = await adapter.get(vaultName, collection, id);
32
+ if (env) (snap[collection] ??= {})[id] = env;
33
+ }
34
+ const frozenAt = (/* @__PURE__ */ new Date()).toISOString();
35
+ const body = JSON.stringify({ withdrawalId, frozenAt, by: opts.actorUserId, collections: snap });
36
+ const sha = await sha256Hex(ENC.encode(body));
37
+ await adapter.put(
38
+ vaultName,
39
+ FROZEN_SNAPSHOTS_COLLECTION,
40
+ withdrawalId,
41
+ { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: frozenAt, _iv: "", _data: body, _by: opts.actorUserId },
42
+ 0
43
+ );
44
+ await vault._getLedgerOrNull()?.append({
45
+ op: "lifecycle",
46
+ collection: "",
47
+ id: "",
48
+ version: 0,
49
+ actor: opts.actorUserId,
50
+ payloadHash: "",
51
+ reason: `withdrawal-frozen-snapshot:${withdrawalId}:${sha}`
52
+ });
53
+ return { withdrawalId, sha256: sha, recordCount: closure.length, frozenAt };
54
+ }
55
+ async function freezeAndDeleteClosure(vault, collections, opts) {
56
+ const snapshot = opts.disposition === "freeze" ? await freezeSnapshotOnly(vault, collections, {
57
+ actorUserId: opts.actorUserId,
58
+ ...opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}
59
+ }) : void 0;
60
+ const { name: vaultName, adapter } = vault._introspectState();
61
+ for (const c of collections) {
62
+ for (const id of await adapter.list(vaultName, c)) {
63
+ await vault.collection(c).delete(id);
64
+ }
65
+ }
66
+ return snapshot;
67
+ }
68
+ async function withdrawAccessibleData(vault, opts) {
69
+ const { keyring } = vault._introspectState();
70
+ const disposition = opts.disposition ?? "delete";
71
+ if (keyring.role === "owner" || keyring.role === "admin") {
72
+ throw new ReadOnlyError(
73
+ "unilateralWithdrawal is the scoped self-service path; an owner/admin should use extractPartition"
74
+ );
75
+ }
76
+ if (keyring.role === "custodian") {
77
+ throw new ReadOnlyError(
78
+ "a custodian cannot destructively withdraw/sever; use vault.custody.liberate for an audited ownership claim"
79
+ );
80
+ }
81
+ if (keyring.role === "client" || keyring.role === "viewer") {
82
+ throw new ReadOnlyError(
83
+ "read-only role cannot self-serve a destructive withdrawal \u2014 use requestWithdrawal (two-party)"
84
+ );
85
+ }
86
+ const collections = resolveAccessibleCollections(keyring, opts.scope, true);
87
+ if (!collections || collections.length === 0) {
88
+ throw new ReadOnlyError(
89
+ "unilateralWithdrawal requires rw access on the withdrawn collections \u2014 use requestWithdrawal for read-only scope"
90
+ );
91
+ }
92
+ const bundle = await buildAccessibleBundle(vault, collections, opts.reKey);
93
+ const snapshot = await freezeAndDeleteClosure(vault, collections, {
94
+ disposition,
95
+ actorUserId: keyring.userId,
96
+ ...opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}
97
+ });
98
+ await vault._getLedgerOrNull()?.append({
99
+ op: "lifecycle",
100
+ collection: "",
101
+ id: "",
102
+ version: 0,
103
+ actor: keyring.userId,
104
+ payloadHash: "",
105
+ reason: `user-unilateral-withdrawal:${keyring.userId}:${disposition}:${opts.legalBasis}`
106
+ });
107
+ return snapshot ? { bundle, snapshot } : { bundle };
108
+ }
109
+
110
+ export {
111
+ FROZEN_SNAPSHOTS_COLLECTION,
112
+ randomId,
113
+ freezeSnapshotOnly,
114
+ freezeAndDeleteClosure,
115
+ withdrawAccessibleData
116
+ };
117
+ //# sourceMappingURL=chunk-PSMV73A5.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/with-audit/portability/withdraw-accessible.ts"],"sourcesContent":["/**\n * `unilateralWithdrawal`: a non-owner extracts their accessible scope\n * AND disposes of the source copy. Destructive; gated by the default-off\n * fail-closed built-in `client-unilateral-withdraw` policy (checked in the\n * UserApi wrapper).\n *\n * Two source dispositions:\n * - 'delete' — delete-closure: the records leave the source vault entirely.\n * - 'freeze' — the firm retains a cryptographically-frozen, read-only, write-once\n * snapshot (hash-pinned in the tamper-evident ledger) while the live\n * records are removed.\n *\n * Ordering guarantees no data loss: the client's re-keyed export bundle (and the\n * freeze snapshot) are produced BEFORE anything is deleted.\n *\n * The `freezeAndDeleteClosure` core is shared with the two-party approval path\n * (`request-withdrawal.ts`).\n */\nimport type { Vault } from '../../kernel/vault.js'\nimport { sha256Hex } from '../../kernel/enclave/index.js'\nimport { ReadOnlyError } from '../../kernel/errors.js'\nimport { NOYDB_FORMAT_VERSION } from '../../kernel/types.js'\nimport { resolveAccessibleCollections, buildAccessibleBundle } from './export-accessible.js'\n\nexport const FROZEN_SNAPSHOTS_COLLECTION = '_frozen_snapshots'\nconst ENC = new TextEncoder()\n\n/** 24-hex-char random id (used for withdrawal ids + request ids). */\nexport function randomId(): string {\n const b = globalThis.crypto.getRandomValues(new Uint8Array(12))\n return Array.from(b, (x) => x.toString(16).padStart(2, '0')).join('')\n}\n\nexport interface FrozenSnapshotRef {\n readonly withdrawalId: string\n readonly sha256: string\n readonly recordCount: number\n readonly frozenAt: string\n}\n\nexport interface WithdrawAccessibleOptions {\n /** Legal/contractual basis recorded in the audit (e.g. 'gdpr-art-17'). */\n readonly legalBasis: string\n /** Re-key the exported bundle to a new owner passphrase. */\n readonly reKey?: { readonly passphrase: string }\n /** Source disposition. Default 'delete'. */\n readonly disposition?: 'delete' | 'freeze'\n readonly scope?: { readonly collections?: readonly string[] }\n /** Stable id for idempotent resume (default random). */\n readonly withdrawalId?: string\n}\n\nexport interface WithdrawResult {\n readonly bundle: Uint8Array\n readonly snapshot?: FrozenSnapshotRef\n}\n\n/**\n * Freeze a write-once, hash-pinned snapshot of the current ciphertext for\n * `collections` WITHOUT touching the live records. Returns the snapshot ref.\n *\n * This is the non-destructive core shared by two callers:\n * - `freezeAndDeleteClosure` (withdrawal, disposition `'freeze'`) — which\n * pins the snapshot and THEN delete-closures the live records.\n * - FR-6 `liberateVault` (custody) — which pins a PRE-liberation evidence\n * snapshot but PRESERVES the live data for the new owner (operational\n * continuity; liberation transfers, it does not erase).\n *\n * The snapshot put is write-once (CAS expectedVersion 0) and the ledger pin is\n * appended on success, so a crashed run re-run with the same `withdrawalId` is\n * safe. The snapshot is taken under the vault's own firm-owned DEKs — no re-key.\n */\nexport async function freezeSnapshotOnly(\n vault: Vault,\n collections: readonly string[],\n opts: { actorUserId: string; withdrawalId?: string },\n): Promise<FrozenSnapshotRef> {\n const { name: vaultName, adapter } = vault._introspectState()\n\n // Enumerate the closure (record ids per collection).\n const closure: Array<{ collection: string; id: string }> = []\n for (const c of collections) {\n for (const id of await adapter.list(vaultName, c)) closure.push({ collection: c, id })\n }\n\n const withdrawalId = opts.withdrawalId ?? `wd-${randomId()}`\n const snap: Record<string, Record<string, unknown>> = {}\n for (const { collection, id } of closure) {\n const env = await adapter.get(vaultName, collection, id)\n if (env) (snap[collection] ??= {})[id] = env\n }\n const frozenAt = new Date().toISOString()\n const body = JSON.stringify({ withdrawalId, frozenAt, by: opts.actorUserId, collections: snap })\n const sha = await sha256Hex(ENC.encode(body))\n // Write-once: expectedVersion 0 rejects an overwrite (idempotent resume).\n await adapter.put(\n vaultName,\n FROZEN_SNAPSHOTS_COLLECTION,\n withdrawalId,\n { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: frozenAt, _iv: '', _data: body, _by: opts.actorUserId },\n 0,\n )\n // Hash-pin into the tamper-evident ledger — makes the snapshot provably unaltered.\n await vault._getLedgerOrNull()?.append({\n op: 'lifecycle', collection: '', id: '', version: 0, actor: opts.actorUserId, payloadHash: '',\n reason: `withdrawal-frozen-snapshot:${withdrawalId}:${sha}`,\n })\n return { withdrawalId, sha256: sha, recordCount: closure.length, frozenAt }\n}\n\n/**\n * Dispose of the source records for `collections`: optionally freeze a\n * write-once hash-pinned snapshot of the original ciphertext, then\n * delete-closure the live records. Returns the snapshot ref on freeze.\n *\n * Caller MUST have produced the portable bundle FIRST — this is destructive.\n * The delete is best-effort + idempotent (re-deleting an absent record is a\n * no-op) and the snapshot put is write-once (CAS expectedVersion 0), so a\n * crashed run re-run with the same `withdrawalId` is safe.\n */\nexport async function freezeAndDeleteClosure(\n vault: Vault,\n collections: readonly string[],\n opts: { disposition: 'delete' | 'freeze'; actorUserId: string; withdrawalId?: string },\n): Promise<FrozenSnapshotRef | undefined> {\n // freeze: pin a write-once, hash-pinned snapshot BEFORE any delete. The\n // snapshot-only core is shared with FR-6 liberation (which never deletes).\n const snapshot = opts.disposition === 'freeze'\n ? await freezeSnapshotOnly(vault, collections, {\n actorUserId: opts.actorUserId,\n ...(opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}),\n })\n : undefined\n\n // delete-closure — only after the snapshot is durable.\n const { name: vaultName, adapter } = vault._introspectState()\n for (const c of collections) {\n for (const id of await adapter.list(vaultName, c)) {\n await vault.collection(c).delete(id)\n }\n }\n\n return snapshot\n}\n\nexport async function withdrawAccessibleData(\n vault: Vault,\n opts: WithdrawAccessibleOptions,\n): Promise<WithdrawResult> {\n const { keyring } = vault._introspectState()\n const disposition = opts.disposition ?? 'delete'\n\n // Owner-class roles hold blanket authority — they use extractPartition.\n if (keyring.role === 'owner' || keyring.role === 'admin') {\n throw new ReadOnlyError(\n 'unilateralWithdrawal is the scoped self-service path; an owner/admin should use extractPartition',\n )\n }\n // FR-6: a custodian must NOT destructively SEVER the vault. It holds the DEKs\n // and operates fully, but ownership is claimed only through the audited\n // Liberate ceremony — never by a one-sided delete/freeze withdrawal. Fires\n // BEFORE the operator rw-scope path below (where a custodian would otherwise\n // be rejected with the wrong \"requires rw access\" message).\n if (keyring.role === 'custodian') {\n throw new ReadOnlyError(\n 'a custodian cannot destructively withdraw/sever; use vault.custody.liberate for an audited ownership claim',\n )\n }\n // client/viewer are read-only by construction (see hasWritePermission): a\n // destructive withdrawal they cannot self-serve — they use the two-party\n // requestWithdrawal flow where firm authority executes the delete-closure.\n if (keyring.role === 'client' || keyring.role === 'viewer') {\n throw new ReadOnlyError(\n 'read-only role cannot self-serve a destructive withdrawal — use requestWithdrawal (two-party)',\n )\n }\n // Operator path: destructive ops need rw on the whole scope.\n const collections = resolveAccessibleCollections(keyring, opts.scope, true)\n if (!collections || collections.length === 0) {\n throw new ReadOnlyError(\n 'unilateralWithdrawal requires rw access on the withdrawn collections — use requestWithdrawal for read-only scope',\n )\n }\n\n // 1. Produce the client's re-keyed portable copy FIRST (nothing destroyed yet).\n const bundle = await buildAccessibleBundle(vault, collections, opts.reKey)\n\n // 2. + 3. freeze (optional) then delete-closure.\n const snapshot = await freezeAndDeleteClosure(vault, collections, {\n disposition, actorUserId: keyring.userId, ...(opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}),\n })\n\n // 4. audit\n await vault._getLedgerOrNull()?.append({\n op: 'lifecycle', collection: '', id: '', version: 0, actor: keyring.userId, payloadHash: '',\n reason: `user-unilateral-withdrawal:${keyring.userId}:${disposition}:${opts.legalBasis}`,\n })\n\n return snapshot ? { bundle, snapshot } : { bundle }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAwBO,IAAM,8BAA8B;AAC3C,IAAM,MAAM,IAAI,YAAY;AAGrB,SAAS,WAAmB;AACjC,QAAM,IAAI,WAAW,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAC9D,SAAO,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AACtE;AAyCA,eAAsB,mBACpB,OACA,aACA,MAC4B;AAC5B,QAAM,EAAE,MAAM,WAAW,QAAQ,IAAI,MAAM,iBAAiB;AAG5D,QAAM,UAAqD,CAAC;AAC5D,aAAW,KAAK,aAAa;AAC3B,eAAW,MAAM,MAAM,QAAQ,KAAK,WAAW,CAAC,EAAG,SAAQ,KAAK,EAAE,YAAY,GAAG,GAAG,CAAC;AAAA,EACvF;AAEA,QAAM,eAAe,KAAK,gBAAgB,MAAM,SAAS,CAAC;AAC1D,QAAM,OAAgD,CAAC;AACvD,aAAW,EAAE,YAAY,GAAG,KAAK,SAAS;AACxC,UAAM,MAAM,MAAM,QAAQ,IAAI,WAAW,YAAY,EAAE;AACvD,QAAI,IAAK,EAAC,KAAK,UAAU,MAAM,CAAC,GAAG,EAAE,IAAI;AAAA,EAC3C;AACA,QAAM,YAAW,oBAAI,KAAK,GAAE,YAAY;AACxC,QAAM,OAAO,KAAK,UAAU,EAAE,cAAc,UAAU,IAAI,KAAK,aAAa,aAAa,KAAK,CAAC;AAC/F,QAAM,MAAM,MAAM,UAAU,IAAI,OAAO,IAAI,CAAC;AAE5C,QAAM,QAAQ;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA,EAAE,QAAQ,sBAAsB,IAAI,GAAG,KAAK,UAAU,KAAK,IAAI,OAAO,MAAM,KAAK,KAAK,YAAY;AAAA,IAClG;AAAA,EACF;AAEA,QAAM,MAAM,iBAAiB,GAAG,OAAO;AAAA,IACrC,IAAI;AAAA,IAAa,YAAY;AAAA,IAAI,IAAI;AAAA,IAAI,SAAS;AAAA,IAAG,OAAO,KAAK;AAAA,IAAa,aAAa;AAAA,IAC3F,QAAQ,8BAA8B,YAAY,IAAI,GAAG;AAAA,EAC3D,CAAC;AACD,SAAO,EAAE,cAAc,QAAQ,KAAK,aAAa,QAAQ,QAAQ,SAAS;AAC5E;AAYA,eAAsB,uBACpB,OACA,aACA,MACwC;AAGxC,QAAM,WAAW,KAAK,gBAAgB,WAClC,MAAM,mBAAmB,OAAO,aAAa;AAAA,IAC3C,aAAa,KAAK;AAAA,IAClB,GAAI,KAAK,eAAe,EAAE,cAAc,KAAK,aAAa,IAAI,CAAC;AAAA,EACjE,CAAC,IACD;AAGJ,QAAM,EAAE,MAAM,WAAW,QAAQ,IAAI,MAAM,iBAAiB;AAC5D,aAAW,KAAK,aAAa;AAC3B,eAAW,MAAM,MAAM,QAAQ,KAAK,WAAW,CAAC,GAAG;AACjD,YAAM,MAAM,WAAW,CAAC,EAAE,OAAO,EAAE;AAAA,IACrC;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,uBACpB,OACA,MACyB;AACzB,QAAM,EAAE,QAAQ,IAAI,MAAM,iBAAiB;AAC3C,QAAM,cAAc,KAAK,eAAe;AAGxC,MAAI,QAAQ,SAAS,WAAW,QAAQ,SAAS,SAAS;AACxD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAMA,MAAI,QAAQ,SAAS,aAAa;AAChC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAIA,MAAI,QAAQ,SAAS,YAAY,QAAQ,SAAS,UAAU;AAC1D,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,6BAA6B,SAAS,KAAK,OAAO,IAAI;AAC1E,MAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAGA,QAAM,SAAS,MAAM,sBAAsB,OAAO,aAAa,KAAK,KAAK;AAGzE,QAAM,WAAW,MAAM,uBAAuB,OAAO,aAAa;AAAA,IAChE;AAAA,IAAa,aAAa,QAAQ;AAAA,IAAQ,GAAI,KAAK,eAAe,EAAE,cAAc,KAAK,aAAa,IAAI,CAAC;AAAA,EAC3G,CAAC;AAGD,QAAM,MAAM,iBAAiB,GAAG,OAAO;AAAA,IACrC,IAAI;AAAA,IAAa,YAAY;AAAA,IAAI,IAAI;AAAA,IAAI,SAAS;AAAA,IAAG,OAAO,QAAQ;AAAA,IAAQ,aAAa;AAAA,IACzF,QAAQ,8BAA8B,QAAQ,MAAM,IAAI,WAAW,IAAI,KAAK,UAAU;AAAA,EACxF,CAAC;AAED,SAAO,WAAW,EAAE,QAAQ,SAAS,IAAI,EAAE,OAAO;AACpD;","names":[]}
@@ -0,0 +1,9 @@
1
+ // src/kernel/util/discriminant.ts
2
+ function isDiscriminant(record, key, value) {
3
+ return record[key] === value;
4
+ }
5
+
6
+ export {
7
+ isDiscriminant
8
+ };
9
+ //# sourceMappingURL=chunk-PY4KJPYU.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/kernel/util/discriminant.ts"],"sourcesContent":["/**\n * Type-guard helper for narrowing discriminated-union records.\n *\n * `Collection<T>` correctly threads `T` through `get` / `query` / `scan`, but\n * accessing member-specific fields after reading from a `Collection<Union>`\n * still requires a narrowing step in application code. In regular `.ts` files\n * a simple `if (r.kind === 'IV')` block narrows correctly; in vue-tsc /\n * template contexts the inline comparison is sometimes not enough, and the\n * helper below makes the guard portable and avoids `as unknown as …` casts.\n *\n * **Usage with Collection<T>**\n *\n * ```ts\n * import { isDiscriminant } from '@noy-db/hub'\n *\n * type IV = { kind: 'IV'; invoiceNo: string; amount: number }\n * type RE = { kind: 'RE'; receiptNo: string; paidAt: string }\n * type Receipt = IV | RE | ...\n *\n * const receipts = await vault.collection<Receipt>('receipts').query().toArray()\n *\n * // Filter approach — result is IV[], invoiceNo accessible without cast:\n * const ivs = receipts.filter(r => isDiscriminant(r, 'kind', 'IV'))\n * console.log(ivs[0].invoiceNo)\n *\n * // Branch approach:\n * for (const r of receipts) {\n * if (isDiscriminant(r, 'kind', 'IV')) {\n * console.log(r.invoiceNo) // r: IV here\n * }\n * }\n * ```\n *\n * @module\n */\n\n/**\n * Type-guard for narrowing a discriminated-union record by its discriminant.\n *\n * Returns `true` when `record[key] === value`, and narrows `record` to\n * `Extract<T, Record<K, V>>` — the exact union member(s) that carry that\n * discriminant value.\n *\n * The discriminant key is a parameter (not hardcoded to `'kind'`), so this\n * works with any field name: `'kind'`, `'type'`, `'tag'`, etc.\n *\n * @example\n * const ivs = receipts.filter(r => isDiscriminant(r, 'kind', 'IV'))\n * // ivs: IV[] — invoiceNo accessible, no cast needed\n *\n * @typeParam T - The union type of the record (e.g. `Receipt`). Both type-alias\n * unions and interface-extended unions work; use a `type` alias (`type Receipt = IV | RE`) for best\n * results.\n * @typeParam K - The discriminant key (must be a key of `T`).\n * @typeParam V - The discriminant value to match. The `const` modifier ensures\n * TypeScript infers the string literal (e.g. `'IV'`), not the full union\n * `T[K]`, so the predicate resolves to the exact member type.\n */\nexport function isDiscriminant<\n T,\n K extends keyof T,\n const V extends T[K],\n>(record: T, key: K, value: V): record is Extract<T, Record<K, V>> {\n return (record as Record<PropertyKey, unknown>)[key as PropertyKey] === value\n}\n"],"mappings":";AA0DO,SAAS,eAId,QAAW,KAAQ,OAA8C;AACjE,SAAQ,OAAwC,GAAkB,MAAM;AAC1E;","names":[]}
@@ -0,0 +1,10 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __export = (target, all) => {
3
+ for (var name in all)
4
+ __defProp(target, name, { get: all[name], enumerable: true });
5
+ };
6
+
7
+ export {
8
+ __export
9
+ };
10
+ //# sourceMappingURL=chunk-PZ5AY32C.js.map
@@ -1,31 +1,52 @@
1
+ import {
2
+ sha256Hex
3
+ } from "./chunk-5O3AOPDT.js";
1
4
  import {
2
5
  DerivationCycleError
3
- } from "./chunk-B6PB7JLN.js";
6
+ } from "./chunk-ZYUC53LT.js";
4
7
 
5
- // src/derivations/strategy-hash.ts
6
- async function computeStrategyHash(source, outputKeys, derive) {
8
+ // src/with-formula/derivations/strategy-hash.ts
9
+ async function computeStrategyHash(source, outputKeys, derive, sources) {
7
10
  const canonical = JSON.stringify({
8
11
  source,
9
12
  outputs: [...outputKeys].sort(),
10
- derive: derive.toString()
13
+ derive: derive.toString(),
14
+ // Declared sibling sources — adding/removing a trigger
15
+ // collection invalidates cached derived records. Omitted when empty
16
+ // so strategies without siblings keep their existing hash.
17
+ ...sources?.length ? { sources: [...sources].sort() } : {}
11
18
  });
12
19
  const bytes = new TextEncoder().encode(canonical);
13
- const digest = await crypto.subtle.digest("SHA-256", bytes);
14
- return Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
20
+ return sha256Hex(bytes);
15
21
  }
16
22
 
17
- // src/derivations/registry.ts
23
+ // src/with-formula/derivations/registry.ts
18
24
  var DerivationRegistry = class {
19
25
  _bySource = /* @__PURE__ */ new Map();
20
26
  _byOutput = /* @__PURE__ */ new Map();
21
27
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
22
28
  async register(spec) {
23
29
  const outputKeys = Object.keys(spec.outputs);
24
- const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive);
30
+ const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive, spec.sources);
25
31
  const reg = { spec, strategyHash };
26
32
  const fromSource = this._bySource.get(spec.source);
27
33
  if (fromSource) fromSource.push(reg);
28
34
  else this._bySource.set(spec.source, [reg]);
35
+ for (const extra of spec.sources ?? []) {
36
+ const fromExtra = this._bySource.get(extra);
37
+ if (fromExtra) fromExtra.push(reg);
38
+ else this._bySource.set(extra, [reg]);
39
+ }
40
+ for (const t of spec.triggerBy ?? []) {
41
+ const fromTrigger = this._bySource.get(t.collection);
42
+ if (fromTrigger) fromTrigger.push(reg);
43
+ else this._bySource.set(t.collection, [reg]);
44
+ }
45
+ if (spec.rollup) {
46
+ const fromRollup = this._bySource.get(spec.rollup.from);
47
+ if (fromRollup) fromRollup.push(reg);
48
+ else this._bySource.set(spec.rollup.from, [reg]);
49
+ }
29
50
  for (const key of outputKeys) {
30
51
  const output = spec.outputs[key];
31
52
  if (!output) continue;
@@ -41,6 +62,23 @@ var DerivationRegistry = class {
41
62
  strategiesProducingOutput(collection) {
42
63
  return this._byOutput.get(collection) ?? [];
43
64
  }
65
+ /**
66
+ * All registered strategies as a flat, deduplicated array.
67
+ * Each strategy is indexed once per source (not once per output key),
68
+ * so iterating `_bySource.values()` naturally yields each strategy
69
+ * exactly once per source — deduplication is handled by flattening
70
+ * the per-source arrays and collecting into a Set by identity.
71
+ *
72
+ * Used by `dumpSchema()` / `describeDerivations()` in the introspection
73
+ * walker to populate the derivations map.
74
+ */
75
+ all() {
76
+ const seen = /* @__PURE__ */ new Set();
77
+ for (const strategies of this._bySource.values()) {
78
+ for (const s of strategies) seen.add(s);
79
+ }
80
+ return [...seen];
81
+ }
44
82
  /**
45
83
  * Cycle detection over the source → output → … graph. Call after all
46
84
  * `register()` calls complete (i.e. at vault open). Throws
@@ -62,6 +100,9 @@ var DerivationRegistry = class {
62
100
  for (const key of Object.keys(s.spec.outputs)) {
63
101
  const output = s.spec.outputs[key];
64
102
  if (!output) continue;
103
+ if (output.shape === "record" && output.collection === s.spec.source && output.denorm !== void 0) {
104
+ continue;
105
+ }
65
106
  visit(output.collection);
66
107
  }
67
108
  }
@@ -76,4 +117,4 @@ var DerivationRegistry = class {
76
117
  export {
77
118
  DerivationRegistry
78
119
  };
79
- //# sourceMappingURL=chunk-DE6GKS6G.js.map
120
+ //# sourceMappingURL=chunk-Q7SS3IME.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/with-formula/derivations/strategy-hash.ts","../src/with-formula/derivations/registry.ts"],"sourcesContent":["/**\n * Deterministic hash of a derivation strategy's \"shape\": source\n * collection, declared sibling sources, output keys, derive function\n * source. Used to detect\n * strategy drift: a record whose `_derivedFrom.strategyHash` doesn't\n * match the current strategy is considered stale.\n *\n * Web Crypto SHA-256 — no extra deps.\n */\nimport { sha256Hex } from '../../kernel/enclave/index.js'\n\nexport async function computeStrategyHash(\n source: string,\n outputKeys: readonly string[],\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n derive: (...args: any[]) => any,\n sources?: ReadonlyArray<string>,\n): Promise<string> {\n const canonical = JSON.stringify({\n source,\n outputs: [...outputKeys].sort(),\n derive: derive.toString(),\n // Declared sibling sources — adding/removing a trigger\n // collection invalidates cached derived records. Omitted when empty\n // so strategies without siblings keep their existing hash.\n ...(sources?.length ? { sources: [...sources].sort() } : {}),\n })\n const bytes = new TextEncoder().encode(canonical)\n return sha256Hex(bytes)\n}\n","import { DerivationCycleError } from '../../kernel/errors.js'\nimport { computeStrategyHash } from './strategy-hash.js'\nimport type { DerivationStrategy } from './types.js'\n\ninterface RegisteredStrategy {\n // Type-erased to allow the registry to hold heterogeneous strategies.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n spec: DerivationStrategy<any, any>\n strategyHash: string\n}\n\n/**\n * Vault-internal registry of derivation strategies. Owned by `Vault`;\n * not exported.\n *\n * @internal\n */\nexport class DerivationRegistry {\n private readonly _bySource = new Map<string, RegisteredStrategy[]>()\n private readonly _byOutput = new Map<string, RegisteredStrategy[]>()\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async register(spec: DerivationStrategy<any, any>): Promise<void> {\n const outputKeys = Object.keys(spec.outputs)\n const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive, spec.sources)\n const reg: RegisteredStrategy = { spec, strategyHash }\n\n const fromSource = this._bySource.get(spec.source)\n if (fromSource) fromSource.push(reg)\n else this._bySource.set(spec.source, [reg])\n\n // Declared sibling sources index the SAME `reg` under each\n // extra collection so `strategiesForSource(extra)` returns it and a\n // sibling write re-fires the derivation. Sibling keys also enter\n // `_bySource`, so `validate()`'s cycle DFS walks them automatically.\n for (const extra of spec.sources ?? []) {\n const fromExtra = this._bySource.get(extra)\n if (fromExtra) fromExtra.push(reg)\n else this._bySource.set(extra, [reg])\n }\n\n // FK triggers index the SAME `reg` under each parent collection so\n // a parent write re-fires the derivation (fanned out to matching source\n // records in `dispatchDerivations`). Like sources[], these keys enter\n // `_bySource` so the cycle DFS walks the trigger→output edge.\n for (const t of spec.triggerBy ?? []) {\n const fromTrigger = this._bySource.get(t.collection)\n if (fromTrigger) fromTrigger.push(reg)\n else this._bySource.set(t.collection, [reg])\n }\n\n // Rollup: a write to the child `from` collection recomputes\n // the parent (= spec.source = into) at id child[key]. Index under `from`\n // so a child write fires it; spec.source (into) is already indexed above,\n // so a parent write also recomputes its own aggregate (covers the\n // parent-created-after-children case). The from→into edge enters the cycle\n // DFS automatically.\n if (spec.rollup) {\n const fromRollup = this._bySource.get(spec.rollup.from)\n if (fromRollup) fromRollup.push(reg)\n else this._bySource.set(spec.rollup.from, [reg])\n }\n\n for (const key of outputKeys) {\n const output = spec.outputs[key]\n if (!output) continue\n const outputCollection = output.collection\n const arr = this._byOutput.get(outputCollection)\n if (arr) arr.push(reg)\n else this._byOutput.set(outputCollection, [reg])\n }\n }\n\n strategiesForSource(source: string): ReadonlyArray<RegisteredStrategy> {\n return this._bySource.get(source) ?? []\n }\n\n strategiesProducingOutput(collection: string): ReadonlyArray<RegisteredStrategy> {\n return this._byOutput.get(collection) ?? []\n }\n\n /**\n * All registered strategies as a flat, deduplicated array.\n * Each strategy is indexed once per source (not once per output key),\n * so iterating `_bySource.values()` naturally yields each strategy\n * exactly once per source — deduplication is handled by flattening\n * the per-source arrays and collecting into a Set by identity.\n *\n * Used by `dumpSchema()` / `describeDerivations()` in the introspection\n * walker to populate the derivations map.\n */\n all(): ReadonlyArray<RegisteredStrategy> {\n const seen = new Set<RegisteredStrategy>()\n for (const strategies of this._bySource.values()) {\n for (const s of strategies) seen.add(s)\n }\n return [...seen]\n }\n\n /**\n * Cycle detection over the source → output → … graph. Call after all\n * `register()` calls complete (i.e. at vault open). Throws\n * `DerivationCycleError` on the first cycle found.\n */\n validate(): void {\n const visited = new Set<string>()\n const stack: string[] = []\n\n const visit = (node: string): void => {\n if (stack.includes(node)) {\n const cycle = stack.slice(stack.indexOf(node)).concat(node)\n throw new DerivationCycleError(cycle)\n }\n if (visited.has(node)) return\n stack.push(node)\n const strategies = this._bySource.get(node)\n if (strategies) {\n for (const s of strategies) {\n for (const key of Object.keys(s.spec.outputs)) {\n const output = s.spec.outputs[key]\n if (!output) continue\n // Self-write reverse-denorm: an output back to its own\n // source is intentional, not an infinite cycle — the value-equality\n // guard in dispatch terminates it. Skip this edge so it isn't\n // flagged. (Self-write outputs are required to declare `denorm`.)\n if (\n output.shape === 'record' &&\n output.collection === s.spec.source &&\n output.denorm !== undefined\n ) {\n continue\n }\n visit(output.collection)\n }\n }\n }\n stack.pop()\n visited.add(node)\n }\n\n for (const src of this._bySource.keys()) visit(src)\n }\n}\n"],"mappings":";;;;;;;;AAWA,eAAsB,oBACpB,QACA,YAEA,QACA,SACiB;AACjB,QAAM,YAAY,KAAK,UAAU;AAAA,IAC/B;AAAA,IACA,SAAS,CAAC,GAAG,UAAU,EAAE,KAAK;AAAA,IAC9B,QAAQ,OAAO,SAAS;AAAA;AAAA;AAAA;AAAA,IAIxB,GAAI,SAAS,SAAS,EAAE,SAAS,CAAC,GAAG,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC;AAAA,EAC5D,CAAC;AACD,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,SAAS;AAChD,SAAO,UAAU,KAAK;AACxB;;;ACZO,IAAM,qBAAN,MAAyB;AAAA,EACb,YAAY,oBAAI,IAAkC;AAAA,EAClD,YAAY,oBAAI,IAAkC;AAAA;AAAA,EAGnE,MAAM,SAAS,MAAmD;AAChE,UAAM,aAAa,OAAO,KAAK,KAAK,OAAO;AAC3C,UAAM,eAAe,MAAM,oBAAoB,KAAK,QAAQ,YAAY,KAAK,QAAQ,KAAK,OAAO;AACjG,UAAM,MAA0B,EAAE,MAAM,aAAa;AAErD,UAAM,aAAa,KAAK,UAAU,IAAI,KAAK,MAAM;AACjD,QAAI,WAAY,YAAW,KAAK,GAAG;AAAA,QAC9B,MAAK,UAAU,IAAI,KAAK,QAAQ,CAAC,GAAG,CAAC;AAM1C,eAAW,SAAS,KAAK,WAAW,CAAC,GAAG;AACtC,YAAM,YAAY,KAAK,UAAU,IAAI,KAAK;AAC1C,UAAI,UAAW,WAAU,KAAK,GAAG;AAAA,UAC5B,MAAK,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC;AAAA,IACtC;AAMA,eAAW,KAAK,KAAK,aAAa,CAAC,GAAG;AACpC,YAAM,cAAc,KAAK,UAAU,IAAI,EAAE,UAAU;AACnD,UAAI,YAAa,aAAY,KAAK,GAAG;AAAA,UAChC,MAAK,UAAU,IAAI,EAAE,YAAY,CAAC,GAAG,CAAC;AAAA,IAC7C;AAQA,QAAI,KAAK,QAAQ;AACf,YAAM,aAAa,KAAK,UAAU,IAAI,KAAK,OAAO,IAAI;AACtD,UAAI,WAAY,YAAW,KAAK,GAAG;AAAA,UAC9B,MAAK,UAAU,IAAI,KAAK,OAAO,MAAM,CAAC,GAAG,CAAC;AAAA,IACjD;AAEA,eAAW,OAAO,YAAY;AAC5B,YAAM,SAAS,KAAK,QAAQ,GAAG;AAC/B,UAAI,CAAC,OAAQ;AACb,YAAM,mBAAmB,OAAO;AAChC,YAAM,MAAM,KAAK,UAAU,IAAI,gBAAgB;AAC/C,UAAI,IAAK,KAAI,KAAK,GAAG;AAAA,UAChB,MAAK,UAAU,IAAI,kBAAkB,CAAC,GAAG,CAAC;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,oBAAoB,QAAmD;AACrE,WAAO,KAAK,UAAU,IAAI,MAAM,KAAK,CAAC;AAAA,EACxC;AAAA,EAEA,0BAA0B,YAAuD;AAC/E,WAAO,KAAK,UAAU,IAAI,UAAU,KAAK,CAAC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAyC;AACvC,UAAM,OAAO,oBAAI,IAAwB;AACzC,eAAW,cAAc,KAAK,UAAU,OAAO,GAAG;AAChD,iBAAW,KAAK,WAAY,MAAK,IAAI,CAAC;AAAA,IACxC;AACA,WAAO,CAAC,GAAG,IAAI;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAiB;AACf,UAAM,UAAU,oBAAI,IAAY;AAChC,UAAM,QAAkB,CAAC;AAEzB,UAAM,QAAQ,CAAC,SAAuB;AACpC,UAAI,MAAM,SAAS,IAAI,GAAG;AACxB,cAAM,QAAQ,MAAM,MAAM,MAAM,QAAQ,IAAI,CAAC,EAAE,OAAO,IAAI;AAC1D,cAAM,IAAI,qBAAqB,KAAK;AAAA,MACtC;AACA,UAAI,QAAQ,IAAI,IAAI,EAAG;AACvB,YAAM,KAAK,IAAI;AACf,YAAM,aAAa,KAAK,UAAU,IAAI,IAAI;AAC1C,UAAI,YAAY;AACd,mBAAW,KAAK,YAAY;AAC1B,qBAAW,OAAO,OAAO,KAAK,EAAE,KAAK,OAAO,GAAG;AAC7C,kBAAM,SAAS,EAAE,KAAK,QAAQ,GAAG;AACjC,gBAAI,CAAC,OAAQ;AAKb,gBACE,OAAO,UAAU,YACjB,OAAO,eAAe,EAAE,KAAK,UAC7B,OAAO,WAAW,QAClB;AACA;AAAA,YACF;AACA,kBAAM,OAAO,UAAU;AAAA,UACzB;AAAA,QACF;AAAA,MACF;AACA,YAAM,IAAI;AACV,cAAQ,IAAI,IAAI;AAAA,IAClB;AAEA,eAAW,OAAO,KAAK,UAAU,KAAK,EAAG,OAAM,GAAG;AAAA,EACpD;AACF;","names":[]}
@@ -0,0 +1,54 @@
1
+ import {
2
+ QuiesceTimeoutError
3
+ } from "./chunk-ZYUC53LT.js";
4
+
5
+ // src/port/by/types.ts
6
+ function isQuorum(writers, generation, excludeWriterId) {
7
+ return writers.filter((w) => w.writerId !== excludeWriterId).every((w) => w.quiescedAtVersion === generation);
8
+ }
9
+ async function runDrainBarrier(provider, o, run) {
10
+ await provider.setFence(o.vault, { currentSchemaVersion: o.generation, fenceState: "draining" });
11
+ await o.onFlush();
12
+ const deadline = o.now() + o.quiesceTimeoutMs;
13
+ const seeded = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() });
14
+ if (!isQuorum(seeded, o.generation, o.writerId)) {
15
+ await new Promise((resolve, reject) => {
16
+ let settled = false;
17
+ const finish = (fn) => {
18
+ if (!settled) {
19
+ settled = true;
20
+ unsub();
21
+ fn();
22
+ }
23
+ };
24
+ const unsub = provider.observePresence(o.vault, (writers) => {
25
+ if (isQuorum(writers, o.generation, o.writerId)) finish(resolve);
26
+ });
27
+ const tick = async () => {
28
+ if (settled) return;
29
+ if (o.now() >= deadline) {
30
+ finish(
31
+ () => reject(
32
+ new QuiesceTimeoutError(
33
+ `Cutover of vault "${o.vault}" to generation ${o.generation} timed out after ${o.quiesceTimeoutMs}ms waiting for active writers to quiesce.`
34
+ )
35
+ )
36
+ );
37
+ return;
38
+ }
39
+ if (o.onPoll) await o.onPoll();
40
+ const w = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() });
41
+ if (isQuorum(w, o.generation, o.writerId)) finish(resolve);
42
+ else setTimeout(() => void tick(), 25);
43
+ };
44
+ void tick();
45
+ });
46
+ }
47
+ await run();
48
+ }
49
+
50
+ export {
51
+ isQuorum,
52
+ runDrainBarrier
53
+ };
54
+ //# sourceMappingURL=chunk-QHJW5EXU.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/port/by/types.ts"],"sourcesContent":["/**\n * Kernel coordination port — the injected `CoordinationProvider` seam for the\n * schema-fence drain-barrier.\n *\n * The kernel defines this port; `@noy-db/by-tabs` / `@noy-db/by-peer` implement\n * it for real-time quorum, and an external orchestrator (`@klum-db/lobby`)\n * drives it through the `Noydb` handle without ever naming a `by-*` package.\n * The dependency arrow is `by-* → kernel ← klum`, the app at the apex.\n *\n * This module carries only the port TYPES plus two pure-ish helpers:\n * {@link isQuorum} (a pure quorum predicate extracted from the legacy\n * `activeQuiesced`) and {@link runDrainBarrier} (the reusable barrier protocol\n * the migration cutover and klum both call).\n *\n * @module\n */\n\nimport { QuiesceTimeoutError } from '../../kernel/errors.js'\nimport type { Unsubscribe } from '../with/write-hooks.js'\n\n/** Vault fence state (the existing FenceDoc shape). */\nexport interface FenceState {\n readonly currentSchemaVersion: number\n readonly fenceState: 'normal' | 'draining' | 'migrating' | 'complete'\n}\n\n/** A writer's presence + ack, tagged with the session that owns it. */\nexport interface WriterPresence {\n /** = today's clientId (one per tab/peer). */\n readonly writerId: string\n /** Groups one user's writers across vaults (consolidation is klum's job). */\n readonly sessionId: string\n readonly lastSeen: number\n readonly quiescedAtVersion: number | null\n}\n\n/** Session-addressable drain-barrier coordination transport. Per-vault ops. */\nexport interface CoordinationProvider {\n /** orchestrator → all writers */\n setFence(vault: string, fence: FenceState): Promise<void>\n /**\n * Fresh one-shot fence read for the write-path gate (`assertWritable`).\n * A direct read (not a cached `observeFence` snapshot) avoids a staleness\n * window and keeps the timing-sensitive cutover gate exact. The store\n * default reads `_meta/schema-fence`; `by-*` return their last-pushed fence.\n */\n readFence(vault: string): Promise<FenceState>\n /** writer observes fence changes (default: poll-emit; by-*: push) */\n observeFence(vault: string, onChange: (f: FenceState) => void): Unsubscribe\n /** writer → orchestrator: presence + ack (heartbeat + quiescedAtVersion) */\n reportPresence(vault: string, p: WriterPresence): Promise<void>\n /** orchestrator observes presence changes (default: poll-emit; by-*: push) */\n observePresence(vault: string, onChange: (writers: readonly WriterPresence[]) => void): Unsubscribe\n /** orchestrator one-shot snapshot of reachable writers (quorum input) */\n reachableWriters(vault: string, o: { staleMs: number; now: number }): Promise<readonly WriterPresence[]>\n}\n\n/**\n * Pure quorum predicate: true when every writer (other than `excludeWriterId`)\n * has acked at exactly `generation`. An empty set is trivially a quorum.\n *\n * Extracted from the legacy `activeQuiesced` store-polling check so the\n * migration cutover, the store default provider, and `by-*` real-time\n * providers all share one definition of \"everyone has drained\".\n */\nexport function isQuorum(\n writers: readonly WriterPresence[],\n generation: number,\n excludeWriterId?: string,\n): boolean {\n return writers.filter((w) => w.writerId !== excludeWriterId).every((w) => w.quiescedAtVersion === generation)\n}\n\n/** Inputs for {@link runDrainBarrier}. */\nexport interface DrainBarrierOptions {\n readonly vault: string\n readonly generation: number\n readonly writerId: string\n readonly onFlush: () => Promise<void>\n readonly staleMs: number\n readonly quiesceTimeoutMs: number\n readonly now: () => number\n /** Optional seam (mainly for deterministic tests) run before each poll tick. */\n readonly onPoll?: () => Promise<void>\n}\n\n/**\n * The reusable drain-barrier protocol shared by the migration cutover and klum:\n *\n * drain self → setFence(draining) → await quorum (presence push + isQuorum,\n * polling as a fallback, or timeout) → run() → release-by-caller.\n *\n * Resolves once every reachable writer (excluding `writerId`) has quiesced at\n * `generation`, at which point `run` is invoked exactly once. Rejects with\n * {@link QuiesceTimeoutError} if `quiesceTimeoutMs` elapses first.\n */\nexport async function runDrainBarrier(\n provider: CoordinationProvider,\n o: DrainBarrierOptions,\n run: () => Promise<void>,\n): Promise<void> {\n await provider.setFence(o.vault, { currentSchemaVersion: o.generation, fenceState: 'draining' })\n await o.onFlush()\n\n const deadline = o.now() + o.quiesceTimeoutMs\n const seeded = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() })\n if (!isQuorum(seeded, o.generation, o.writerId)) {\n await new Promise<void>((resolve, reject) => {\n let settled = false\n const finish = (fn: () => void) => {\n if (!settled) {\n settled = true\n unsub()\n fn()\n }\n }\n const unsub = provider.observePresence(o.vault, (writers) => {\n if (isQuorum(writers, o.generation, o.writerId)) finish(resolve)\n })\n const tick = async () => {\n if (settled) return\n if (o.now() >= deadline) {\n finish(() =>\n reject(\n new QuiesceTimeoutError(\n `Cutover of vault \"${o.vault}\" to generation ${o.generation} timed out ` +\n `after ${o.quiesceTimeoutMs}ms waiting for active writers to quiesce.`,\n ),\n ),\n )\n return\n }\n if (o.onPoll) await o.onPoll()\n const w = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() })\n if (isQuorum(w, o.generation, o.writerId)) finish(resolve)\n else setTimeout(() => void tick(), 25)\n }\n void tick()\n })\n }\n await run()\n}\n"],"mappings":";;;;;AAiEO,SAAS,SACd,SACA,YACA,iBACS;AACT,SAAO,QAAQ,OAAO,CAAC,MAAM,EAAE,aAAa,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,UAAU;AAC9G;AAyBA,eAAsB,gBACpB,UACA,GACA,KACe;AACf,QAAM,SAAS,SAAS,EAAE,OAAO,EAAE,sBAAsB,EAAE,YAAY,YAAY,WAAW,CAAC;AAC/F,QAAM,EAAE,QAAQ;AAEhB,QAAM,WAAW,EAAE,IAAI,IAAI,EAAE;AAC7B,QAAM,SAAS,MAAM,SAAS,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,KAAK,EAAE,IAAI,EAAE,CAAC;AAC5F,MAAI,CAAC,SAAS,QAAQ,EAAE,YAAY,EAAE,QAAQ,GAAG;AAC/C,UAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,UAAI,UAAU;AACd,YAAM,SAAS,CAAC,OAAmB;AACjC,YAAI,CAAC,SAAS;AACZ,oBAAU;AACV,gBAAM;AACN,aAAG;AAAA,QACL;AAAA,MACF;AACA,YAAM,QAAQ,SAAS,gBAAgB,EAAE,OAAO,CAAC,YAAY;AAC3D,YAAI,SAAS,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAG,QAAO,OAAO;AAAA,MACjE,CAAC;AACD,YAAM,OAAO,YAAY;AACvB,YAAI,QAAS;AACb,YAAI,EAAE,IAAI,KAAK,UAAU;AACvB;AAAA,YAAO,MACL;AAAA,cACE,IAAI;AAAA,gBACF,qBAAqB,EAAE,KAAK,mBAAmB,EAAE,UAAU,oBAChD,EAAE,gBAAgB;AAAA,cAC/B;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AACA,YAAI,EAAE,OAAQ,OAAM,EAAE,OAAO;AAC7B,cAAM,IAAI,MAAM,SAAS,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,KAAK,EAAE,IAAI,EAAE,CAAC;AACvF,YAAI,SAAS,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAG,QAAO,OAAO;AAAA,YACpD,YAAW,MAAM,KAAK,KAAK,GAAG,EAAE;AAAA,MACvC;AACA,WAAK,KAAK;AAAA,IACZ,CAAC;AAAA,EACH;AACA,QAAM,IAAI;AACZ;","names":[]}
@@ -0,0 +1,233 @@
1
+ import {
2
+ resolveManagedSecret
3
+ } from "./chunk-ZCGAHGUS.js";
4
+ import {
5
+ parseExtractedPartitionBody,
6
+ readPod,
7
+ readPodHeader
8
+ } from "./chunk-FISN7WE4.js";
9
+ import {
10
+ createOwnerKeyring
11
+ } from "./chunk-WWGT2MDV.js";
12
+ import {
13
+ LedgerStore
14
+ } from "./chunk-LXQT4WMP.js";
15
+ import {
16
+ LEDGER_COLLECTION
17
+ } from "./chunk-I7FD46FF.js";
18
+ import {
19
+ base64ToBuffer,
20
+ openEnvelopeJson,
21
+ wrapKey
22
+ } from "./chunk-5O3AOPDT.js";
23
+ import {
24
+ AdoptionStateError,
25
+ TransferSealError,
26
+ ValidationError
27
+ } from "./chunk-ZYUC53LT.js";
28
+
29
+ // src/with-cargo/adopt-partition.ts
30
+ async function unsealDeks(seal, transferKey) {
31
+ if (transferKey.byteLength !== 32) {
32
+ throw new TransferSealError(
33
+ `transfer key must be 32 bytes, got ${transferKey.byteLength}.`
34
+ );
35
+ }
36
+ const key = await crypto.subtle.importKey("raw", transferKey, "AES-GCM", false, ["decrypt"]);
37
+ const raw = base64ToBuffer(seal.payload);
38
+ let plaintext;
39
+ try {
40
+ plaintext = await crypto.subtle.decrypt(
41
+ { name: "AES-GCM", iv: raw.slice(0, 12) },
42
+ key,
43
+ raw.slice(12)
44
+ );
45
+ } catch {
46
+ throw new TransferSealError(
47
+ "transfer seal could not be opened \u2014 wrong transfer key (AES-GCM authentication failed)."
48
+ );
49
+ }
50
+ let dekMap;
51
+ try {
52
+ dekMap = JSON.parse(new TextDecoder().decode(plaintext));
53
+ } catch {
54
+ throw new TransferSealError("transfer seal payload is not valid JSON after decryption.");
55
+ }
56
+ const deks = /* @__PURE__ */ new Map();
57
+ for (const [collection, b64] of Object.entries(dekMap)) {
58
+ const dek = await crypto.subtle.importKey("raw", base64ToBuffer(b64), "AES-GCM", true, ["encrypt", "decrypt"]);
59
+ deks.set(collection, dek);
60
+ }
61
+ return deks;
62
+ }
63
+ async function adoptPartition(bundleBytes, opts) {
64
+ const { transferKey, destinationStore, vaultName } = opts;
65
+ const header = readPodHeader(bundleBytes);
66
+ if (header.bundleKind !== "extracted-partition" || header.transferSeal === void 0) {
67
+ throw new ValidationError(
68
+ "adoptPartition requires an extracted-partition bundle with a transfer seal. For ordinary backups use readPod + vault.load."
69
+ );
70
+ }
71
+ const { dumpJson } = await readPod(bundleBytes);
72
+ const { dump, seal } = parseExtractedPartitionBody(dumpJson);
73
+ await unsealDeks(seal, transferKey);
74
+ const existing = await destinationStore.get(vaultName, "_meta", "adoption");
75
+ if (existing) {
76
+ const prior = JSON.parse(existing._data);
77
+ if (prior.sealId === seal.sealId) {
78
+ throw new AdoptionStateError(
79
+ `partition (sealId ${seal.sealId}) is already adopted into vault "${vaultName}".`
80
+ );
81
+ }
82
+ throw new AdoptionStateError(
83
+ `vault "${vaultName}" already holds an adopted partition (sealId ${prior.sealId}); adopting a different partition (sealId ${seal.sealId}) here would overwrite it. Adopt into a fresh vaultName instead.`
84
+ );
85
+ }
86
+ const existingKeyring = await destinationStore.list(vaultName, "_keyring");
87
+ if (existingKeyring.length > 0) {
88
+ throw new AdoptionStateError(
89
+ `vault "${vaultName}" already holds a keyring (an unrelated owner exists at this slot); adoptPartition requires a fresh vaultName to avoid destructive saveAll on SQL adapters.`
90
+ );
91
+ }
92
+ const backup = JSON.parse(dump);
93
+ await destinationStore.saveAll(vaultName, backup.collections);
94
+ if (backup._internal) {
95
+ for (const [collection, records] of Object.entries(backup._internal)) {
96
+ for (const [id, envelope] of Object.entries(records)) {
97
+ await destinationStore.put(vaultName, collection, id, envelope);
98
+ }
99
+ }
100
+ }
101
+ const adoptedAt = (/* @__PURE__ */ new Date()).toISOString();
102
+ const adoption = { sealId: seal.sealId, adoptedAt, needsOwner: true, transferSeal: seal };
103
+ await destinationStore.put(vaultName, "_meta", "adoption", {
104
+ _noydb: 1,
105
+ _v: 1,
106
+ _ts: adoptedAt,
107
+ _iv: "",
108
+ _data: JSON.stringify(adoption)
109
+ });
110
+ return { vaultName, needsOwner: true, sealId: seal.sealId };
111
+ }
112
+ function isManaged(o) {
113
+ return "passphraseMode" in o && o.passphraseMode === "managed";
114
+ }
115
+ async function createOwnerOnAdoptedPartition(store, vaultName, opts) {
116
+ const { userId, transferKey } = opts;
117
+ if (isManaged(opts) && !opts.recovery.some((r) => r.profile === "shamir")) {
118
+ throw new AdoptionStateError(
119
+ "managed-mode adoption requires at least one strong (shamir) recovery profile in `recovery` \u2014 paper alone is not strong when there is no user passphrase to fall back on."
120
+ );
121
+ }
122
+ const adoptionEnv = await store.get(vaultName, "_meta", "adoption");
123
+ if (!adoptionEnv) {
124
+ throw new AdoptionStateError(
125
+ `vault "${vaultName}" is not an adopted partition (no _meta/adoption). createOwnerOnAdoptedPartition only applies to vaults created via adoptPartition.`
126
+ );
127
+ }
128
+ const adoption = JSON.parse(adoptionEnv._data);
129
+ if (adoption.consumedAt !== void 0 || adoption.transferSeal === void 0) {
130
+ throw new AdoptionStateError(
131
+ `vault "${vaultName}" already has an owner (transfer seal consumed at ${adoption.consumedAt}).`
132
+ );
133
+ }
134
+ const partitionDeks = await unsealDeks(adoption.transferSeal, transferKey);
135
+ const existingKeyring = await store.get(vaultName, "_keyring", userId);
136
+ const otherOwners = (await store.list(vaultName, "_keyring")).filter((u) => u !== userId);
137
+ if (otherOwners.length > 0) {
138
+ throw new AdoptionStateError(
139
+ `vault "${vaultName}" already has a keyring for a different owner; cannot create owner "${userId}".`
140
+ );
141
+ }
142
+ const partitionCollections = [...partitionDeks.keys()];
143
+ const priorDeks = existingKeyring ? JSON.parse(existingKeyring._data).deks : {};
144
+ const ownerMinted = existingKeyring !== null && partitionCollections.every((c) => c in priorDeks);
145
+ if (!ownerMinted) {
146
+ const passphrase = isManaged(opts) ? await resolveManagedSecret(store, vaultName, opts.sealingKey) : opts.passphrase;
147
+ const unlocked = await createOwnerKeyring(store, vaultName, userId, passphrase);
148
+ const env = await store.get(vaultName, "_keyring", userId);
149
+ if (!env) throw new AdoptionStateError(`keyring write for "${userId}" did not persist`);
150
+ const keyringFile = JSON.parse(env._data);
151
+ const kek = unlocked.kek;
152
+ if (!kek) throw new AdoptionStateError(`owner keyring for "${userId}" has no KEK to wrap partition DEKs under`);
153
+ const mergedDeks = { ...keyringFile.deks };
154
+ for (const [collection, dek] of partitionDeks) {
155
+ mergedDeks[collection] = await wrapKey(dek, kek);
156
+ }
157
+ const mergedFile = { ...keyringFile, deks: mergedDeks };
158
+ await store.put(vaultName, "_keyring", userId, { ...env, _data: JSON.stringify(mergedFile) });
159
+ }
160
+ const ledgerDek = partitionDeks.get(LEDGER_COLLECTION);
161
+ if (ledgerDek) {
162
+ const ledger = new LedgerStore({
163
+ adapter: store,
164
+ vault: vaultName,
165
+ encrypted: true,
166
+ getDEK: async () => ledgerDek,
167
+ actor: userId
168
+ });
169
+ const creationReason = `creation-of-new-owner:${userId}`;
170
+ const consumedReason = `transfer-seal-consumed:${adoption.sealId}`;
171
+ const recordedReasons = new Set((await ledger.loadAllEntries()).map((e) => e.reason));
172
+ if (!recordedReasons.has(creationReason)) {
173
+ await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: creationReason });
174
+ }
175
+ if (!recordedReasons.has(consumedReason)) {
176
+ await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: consumedReason });
177
+ }
178
+ }
179
+ if (isManaged(opts)) {
180
+ const { createNoydb } = await import("./noydb-LDEBLNHY.js");
181
+ const db = await createNoydb({
182
+ store,
183
+ user: userId,
184
+ passphraseMode: "managed",
185
+ sealingKey: opts.sealingKey,
186
+ shamirRecovery: opts.shamirRecovery
187
+ });
188
+ await db.openVaultAndEnrollRecovery(vaultName, { recovery: opts.recovery });
189
+ }
190
+ const consumed = { sealId: adoption.sealId, adoptedAt: adoption.adoptedAt, consumedAt: (/* @__PURE__ */ new Date()).toISOString() };
191
+ await store.put(vaultName, "_meta", "adoption", { ...adoptionEnv, _data: JSON.stringify(consumed) });
192
+ return { vaultName, userId };
193
+ }
194
+
195
+ // src/with-cargo/decrypt-partition.ts
196
+ async function decryptExtractedPartition(bundleBytes, transferKey) {
197
+ const header = readPodHeader(bundleBytes);
198
+ if (header.bundleKind !== "extracted-partition" || header.transferSeal === void 0) {
199
+ throw new Error("decryptExtractedPartition: bundle is not an extracted-partition.");
200
+ }
201
+ const { dumpJson } = await readPod(bundleBytes);
202
+ const { dump, seal } = parseExtractedPartitionBody(dumpJson);
203
+ const deks = await unsealDeks(seal, transferKey);
204
+ const backup = JSON.parse(dump);
205
+ const out = {};
206
+ for (const [collection, byId] of Object.entries(backup.collections)) {
207
+ const dek = deks.get(collection);
208
+ if (dek === void 0) continue;
209
+ const recs = [];
210
+ for (const [id, env] of Object.entries(byId)) {
211
+ const plaintext = await openEnvelopeJson(env, dek);
212
+ const body = JSON.parse(plaintext);
213
+ recs.push({
214
+ id,
215
+ record: { ...body, id },
216
+ ts: env._ts,
217
+ version: env._v,
218
+ ...env._source !== void 0 ? { source: env._source } : {},
219
+ ...env._sourceTs !== void 0 ? { sourceTs: env._sourceTs } : {}
220
+ });
221
+ }
222
+ out[collection] = recs;
223
+ }
224
+ return out;
225
+ }
226
+
227
+ export {
228
+ unsealDeks,
229
+ adoptPartition,
230
+ createOwnerOnAdoptedPartition,
231
+ decryptExtractedPartition
232
+ };
233
+ //# sourceMappingURL=chunk-QZISFCVG.js.map