@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +129 -3
- package/dist/adapter/index.d.ts +5 -0
- package/dist/adapter/index.js +15 -0
- package/dist/aggregate/index.d.ts +6 -2
- package/dist/aggregate/index.js +24 -16
- package/dist/aggregate/index.js.map +1 -1
- package/dist/api-RW3KP7WU.js +14 -0
- package/dist/as/index.d.ts +7 -0
- package/dist/as/index.js +24 -0
- package/dist/at/index.d.ts +5 -0
- package/dist/at/index.js +1 -0
- package/dist/attestation/index.d.ts +15 -47
- package/dist/attestation/index.js +54 -10
- package/dist/attestation/index.js.map +1 -1
- package/dist/backup-KMJQ66MF.js +219 -0
- package/dist/backup-KMJQ66MF.js.map +1 -0
- package/dist/blobs/index.d.ts +6 -8
- package/dist/blobs/index.js +19 -12
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +16 -70
- package/dist/bundle/index.js +39 -476
- package/dist/bundle/index.js.map +1 -1
- package/dist/{ulid-CJ8RzRrm.d.ts → bundle-PwBGkhpe.d.ts} +31 -86
- package/dist/by/index.d.ts +1 -0
- package/dist/by/index.js +11 -0
- package/dist/cargo/index.d.ts +9 -0
- package/dist/cargo/index.js +89 -0
- package/dist/chunk-26LGBE4T.js +42 -0
- package/dist/chunk-26LGBE4T.js.map +1 -0
- package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
- package/dist/chunk-3YFXJ3ZP.js.map +1 -0
- package/dist/chunk-4Q6HSHHL.js +90 -0
- package/dist/chunk-4Q6HSHHL.js.map +1 -0
- package/dist/chunk-5LUY7UTV.js +380 -0
- package/dist/chunk-5LUY7UTV.js.map +1 -0
- package/dist/chunk-5N6CZTCY.js +367 -0
- package/dist/chunk-5N6CZTCY.js.map +1 -0
- package/dist/chunk-5O3AOPDT.js +992 -0
- package/dist/chunk-5O3AOPDT.js.map +1 -0
- package/dist/chunk-5R3ERCDH.js +239 -0
- package/dist/chunk-5R3ERCDH.js.map +1 -0
- package/dist/chunk-5TDJ56JE.js +32 -0
- package/dist/chunk-5TDJ56JE.js.map +1 -0
- package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
- package/dist/chunk-62QYRORB.js.map +1 -0
- package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
- package/dist/chunk-6S7T6WC4.js.map +1 -0
- package/dist/chunk-76722EBH.js +451 -0
- package/dist/chunk-76722EBH.js.map +1 -0
- package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
- package/dist/chunk-AIWULCUO.js.map +1 -0
- package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
- package/dist/chunk-AQTBSL7R.js.map +1 -0
- package/dist/chunk-AURFOK3D.js +35 -0
- package/dist/chunk-AURFOK3D.js.map +1 -0
- package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
- package/dist/chunk-AXRXJTE2.js.map +1 -0
- package/dist/chunk-AZAOEIKW.js +155 -0
- package/dist/chunk-AZAOEIKW.js.map +1 -0
- package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
- package/dist/chunk-BG3SPSR4.js.map +1 -0
- package/dist/chunk-BGIZAFY7.js +1 -0
- package/dist/chunk-CHFZDSE4.js +1 -0
- package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
- package/dist/chunk-CMGR4ZEW.js.map +1 -0
- package/dist/chunk-CWPPNPOH.js +23 -0
- package/dist/chunk-CWPPNPOH.js.map +1 -0
- package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
- package/dist/chunk-DFEMTNPJ.js.map +1 -0
- package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
- package/dist/chunk-DGDI2D4M.js.map +1 -0
- package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
- package/dist/chunk-EIZUR2XW.js.map +1 -0
- package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
- package/dist/chunk-FISN7WE4.js.map +1 -0
- package/dist/chunk-GHVIKOHT.js +1 -0
- package/dist/chunk-GYGWYIOZ.js +200 -0
- package/dist/chunk-GYGWYIOZ.js.map +1 -0
- package/dist/chunk-HCIPRAGS.js +45 -0
- package/dist/chunk-HCIPRAGS.js.map +1 -0
- package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
- package/dist/chunk-I2NOIW44.js.map +1 -0
- package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
- package/dist/chunk-I3TIKTJO.js.map +1 -0
- package/dist/chunk-I7FD46FF.js +9 -0
- package/dist/chunk-I7FD46FF.js.map +1 -0
- package/dist/chunk-IAGBDSCS.js +40 -0
- package/dist/chunk-IAGBDSCS.js.map +1 -0
- package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
- package/dist/chunk-IELYAOGG.js.map +1 -0
- package/dist/chunk-IGUYVGGI.js +205 -0
- package/dist/chunk-IGUYVGGI.js.map +1 -0
- package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
- package/dist/chunk-IO6GRPT6.js.map +1 -0
- package/dist/chunk-IPB7FTQX.js +273 -0
- package/dist/chunk-IPB7FTQX.js.map +1 -0
- package/dist/chunk-ITNUCOXM.js +148 -0
- package/dist/chunk-ITNUCOXM.js.map +1 -0
- package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
- package/dist/chunk-IUEN57TV.js.map +1 -0
- package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
- package/dist/chunk-JNUWZ6D3.js.map +1 -0
- package/dist/chunk-K2WCO3NX.js +1 -0
- package/dist/chunk-KVOXU4T5.js +30 -0
- package/dist/chunk-KVOXU4T5.js.map +1 -0
- package/dist/chunk-KXGNJJXB.js +135 -0
- package/dist/chunk-KXGNJJXB.js.map +1 -0
- package/dist/chunk-LB7FD65R.js +163 -0
- package/dist/chunk-LB7FD65R.js.map +1 -0
- package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
- package/dist/chunk-LFLXAY2W.js.map +1 -0
- package/dist/chunk-LMTH2RM6.js +129 -0
- package/dist/chunk-LMTH2RM6.js.map +1 -0
- package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
- package/dist/chunk-LV7M27WM.js.map +1 -0
- package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
- package/dist/chunk-LXQT4WMP.js.map +1 -0
- package/dist/chunk-M2YKN37S.js +524 -0
- package/dist/chunk-M2YKN37S.js.map +1 -0
- package/dist/chunk-M6OST55S.js +14 -0
- package/dist/chunk-M6OST55S.js.map +1 -0
- package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
- package/dist/chunk-MD3Y6J3L.js.map +1 -0
- package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
- package/dist/chunk-MTMJVJ5W.js.map +1 -0
- package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
- package/dist/chunk-NF5JWERG.js.map +1 -0
- package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
- package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
- package/dist/{chunk-6CME4UEK.js → chunk-PSHOXR6C.js} +7008 -4827
- package/dist/chunk-PSHOXR6C.js.map +1 -0
- package/dist/chunk-PSMV73A5.js +117 -0
- package/dist/chunk-PSMV73A5.js.map +1 -0
- package/dist/chunk-PY4KJPYU.js +9 -0
- package/dist/chunk-PY4KJPYU.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
- package/dist/chunk-Q7SS3IME.js.map +1 -0
- package/dist/chunk-QHJW5EXU.js +54 -0
- package/dist/chunk-QHJW5EXU.js.map +1 -0
- package/dist/chunk-QZISFCVG.js +233 -0
- package/dist/chunk-QZISFCVG.js.map +1 -0
- package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
- package/dist/chunk-RUEKROOS.js.map +1 -0
- package/dist/chunk-RUIMKQTA.js +23 -0
- package/dist/chunk-RUIMKQTA.js.map +1 -0
- package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
- package/dist/chunk-SKF73JOP.js.map +1 -0
- package/dist/chunk-SM3AVUHC.js +42 -0
- package/dist/chunk-SM3AVUHC.js.map +1 -0
- package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
- package/dist/chunk-SMXWYP24.js.map +1 -0
- package/dist/chunk-SRB2XEWB.js +148 -0
- package/dist/chunk-SRB2XEWB.js.map +1 -0
- package/dist/chunk-SVLR4POP.js +64 -0
- package/dist/chunk-SVLR4POP.js.map +1 -0
- package/dist/chunk-TA66UMI4.js +123 -0
- package/dist/chunk-TA66UMI4.js.map +1 -0
- package/dist/chunk-TEILUWOI.js +664 -0
- package/dist/chunk-TEILUWOI.js.map +1 -0
- package/dist/chunk-TJYQIGAP.js +82 -0
- package/dist/chunk-TJYQIGAP.js.map +1 -0
- package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
- package/dist/chunk-UAG5KWVA.js.map +1 -0
- package/dist/chunk-UDRIWL7A.js +382 -0
- package/dist/chunk-UDRIWL7A.js.map +1 -0
- package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
- package/dist/chunk-UIU2THRG.js.map +1 -0
- package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
- package/dist/chunk-UPJNJGGA.js.map +1 -0
- package/dist/chunk-UV5MFVO3.js +21 -0
- package/dist/chunk-UV5MFVO3.js.map +1 -0
- package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
- package/dist/chunk-V7RWQRG7.js.map +1 -0
- package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
- package/dist/chunk-VCTFO5CO.js.map +1 -0
- package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
- package/dist/chunk-VFQGRQIH.js.map +1 -0
- package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
- package/dist/chunk-VQNJ7UZL.js.map +1 -0
- package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
- package/dist/chunk-WWGT2MDV.js.map +1 -0
- package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
- package/dist/chunk-WXSYDNBT.js.map +1 -0
- package/dist/chunk-WYSO2NIH.js +30 -0
- package/dist/chunk-WYSO2NIH.js.map +1 -0
- package/dist/chunk-XXYIOFUB.js +164 -0
- package/dist/chunk-XXYIOFUB.js.map +1 -0
- package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
- package/dist/chunk-Y22T3KQE.js.map +1 -0
- package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
- package/dist/chunk-YMUGBZN2.js.map +1 -0
- package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
- package/dist/chunk-ZCGAHGUS.js.map +1 -0
- package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
- package/dist/chunk-ZJADGNYF.js.map +1 -0
- package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
- package/dist/chunk-ZYUC53LT.js.map +1 -0
- package/dist/collection-facade-GQAOGJP2.js +33 -0
- package/dist/consent/index.d.ts +5 -7
- package/dist/consent/index.js +7 -5
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +6 -2
- package/dist/crdt/index.js +3 -2
- package/dist/crdt/index.js.map +1 -1
- package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
- package/dist/delegation-UL5HKLER.js +19 -0
- package/dist/derivations/index.d.ts +7 -9
- package/dist/derivations/index.js +11 -6
- package/dist/describe/index.d.ts +1 -0
- package/dist/describe/index.js +1 -0
- package/dist/describe-Ccd1hS7a.d.ts +143 -0
- package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-h0K-UZTk.d.ts} +1 -1
- package/dist/discriminant-BN9REW3o.d.ts +60 -0
- package/dist/enclave-UL5LW66V.js +88 -0
- package/dist/executor-2FWQRLMG.js +15 -0
- package/dist/executor-QZ7BXICW.js +9 -0
- package/dist/executor-Z5ZLJVTV.js +9 -0
- package/dist/export-accessible-KRV5W4GH.js +17 -0
- package/dist/extract-partition-GLKBOXFQ.js +30 -0
- package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
- package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
- package/dist/forget/index.d.ts +36 -0
- package/dist/forget/index.js +19 -0
- package/dist/forget/index.js.map +1 -0
- package/dist/guards/index.d.ts +13 -9
- package/dist/guards/index.js +12 -5
- package/dist/{hash-DdpVypUp.d.cts → hash-CdSr06sm.d.ts} +5 -1
- package/dist/history/index.d.ts +6 -8
- package/dist/history/index.js +19 -12
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +5 -7
- package/dist/i18n/index.js +104 -15
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +5 -0
- package/dist/in/index.js +1 -0
- package/dist/in/index.js.map +1 -0
- package/dist/index-B9QdHytu.d.ts +123 -0
- package/dist/index-CGLLRtFc.d.ts +123 -0
- package/dist/{types-Df28QFKb.d.ts → index-_6At2_9_.d.ts} +16270 -8358
- package/dist/index.d.ts +1088 -450
- package/dist/index.js +1165 -293
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +6 -3
- package/dist/indexing/index.js +6 -5
- package/dist/indexing/index.js.map +1 -1
- package/dist/issue-Y6UVIR43.js +13 -0
- package/dist/issue-Y6UVIR43.js.map +1 -0
- package/dist/kernel/index.d.ts +32 -0
- package/dist/kernel/index.js +53 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
- package/dist/ledger-RYI35CDS.js.map +1 -0
- package/dist/liberate-CRPZEV7O.js +18 -0
- package/dist/liberate-CRPZEV7O.js.map +1 -0
- package/dist/materialized-views/index.d.ts +6 -19
- package/dist/materialized-views/index.js +16 -12
- package/dist/mime-magic-B4RoFj3B.d.ts +103 -0
- package/dist/noydb-LDEBLNHY.js +50 -0
- package/dist/noydb-LDEBLNHY.js.map +1 -0
- package/dist/on/index.d.ts +5 -0
- package/dist/on/index.js +11 -0
- package/dist/on/index.js.map +1 -0
- package/dist/overlay-views/index.d.ts +27 -11
- package/dist/overlay-views/index.js +7 -6
- package/dist/periods/index.d.ts +5 -7
- package/dist/periods/index.js +13 -9
- package/dist/pod/index.d.ts +63 -0
- package/dist/pod/index.js +61 -0
- package/dist/pod/index.js.map +1 -0
- package/dist/policy-IXK4FVXP.js +41 -0
- package/dist/policy-IXK4FVXP.js.map +1 -0
- package/dist/portability/index.d.ts +20 -0
- package/dist/portability/index.js +43 -0
- package/dist/portability/index.js.map +1 -0
- package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
- package/dist/public-envelope-JHDQCPSX.js.map +1 -0
- package/dist/query/index.d.ts +5 -3
- package/dist/query/index.js +21 -13
- package/dist/read-only-facade-5ADRJVTM.js +8 -0
- package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
- package/dist/registry-45RJNWGU.js +9 -0
- package/dist/registry-45RJNWGU.js.map +1 -0
- package/dist/registry-5GRV5VXI.js +13 -0
- package/dist/registry-5GRV5VXI.js.map +1 -0
- package/dist/registry-VW6P6A3J.js +8 -0
- package/dist/registry-VW6P6A3J.js.map +1 -0
- package/dist/registry-WEUCHBO4.js +11 -0
- package/dist/registry-WEUCHBO4.js.map +1 -0
- package/dist/request-withdrawal-GBPH2FDY.js +25 -0
- package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
- package/dist/revoke-TUFRGI6S.js +18 -0
- package/dist/revoke-TUFRGI6S.js.map +1 -0
- package/dist/sealed-record/index.d.ts +69 -0
- package/dist/sealed-record/index.js +65 -0
- package/dist/sealed-record/index.js.map +1 -0
- package/dist/session/index.d.ts +6 -8
- package/dist/session/index.js +7 -5
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +5 -7
- package/dist/shadow/index.js +4 -3
- package/dist/shadow/index.js.map +1 -1
- package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
- package/dist/signer-PNKTBVF7.js.map +1 -0
- package/dist/snapshots/index.d.ts +6 -8
- package/dist/snapshots/index.js +13 -11
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
- package/dist/stale-3JWHNDIY.js.map +1 -0
- package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
- package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
- package/dist/subject-index-O75wKshW.d.ts +362 -0
- package/dist/sync/index.d.ts +4 -6
- package/dist/sync/index.js +7 -6
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +5 -7
- package/dist/team/index.js +20 -16
- package/dist/tiers/index.d.ts +5 -0
- package/dist/tiers/index.js +33 -0
- package/dist/tiers/index.js.map +1 -0
- package/dist/to/index.d.ts +5 -0
- package/dist/to/index.js +17 -0
- package/dist/to/index.js.map +1 -0
- package/dist/transition-guard-DqodPNKw.d.ts +165 -0
- package/dist/tx/index.d.ts +23 -9
- package/dist/tx/index.js +13 -8
- package/dist/tx/index.js.map +1 -1
- package/dist/ui/index.d.ts +1 -0
- package/dist/ui/index.js +1 -0
- package/dist/ui/index.js.map +1 -0
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/ulid-PTAIMDG4.js +10 -0
- package/dist/ulid-PTAIMDG4.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +7 -2
- package/dist/util/index.js.map +1 -1
- package/dist/vault-diff-BtpiBvic.d.ts +147 -0
- package/dist/with/index.d.ts +38 -0
- package/dist/with/index.js +25 -0
- package/dist/with/index.js.map +1 -0
- package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-DMmWtYfJ.d.ts} +1 -1
- package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-D_IB2nkM.d.ts} +2 -3
- package/dist/with-rollup-em2wxoHP.d.ts +47 -0
- package/dist/withdraw-accessible-FFS46EOD.js +22 -0
- package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
- package/dist/zod-HAJM7LMS.js +14763 -0
- package/dist/zod-HAJM7LMS.js.map +1 -0
- package/package.json +121 -201
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -38
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -52
- package/dist/blobs/index.cjs +0 -1480
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -46
- package/dist/bundle/index.cjs +0 -19264
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -176
- package/dist/chunk-22DWZL57.js.map +0 -1
- package/dist/chunk-2GLDA55J.js.map +0 -1
- package/dist/chunk-2QR2PQTT.js.map +0 -1
- package/dist/chunk-2WUSG3IT.js.map +0 -1
- package/dist/chunk-3BFJOWSU.js.map +0 -1
- package/dist/chunk-3YPCK6JX.js.map +0 -1
- package/dist/chunk-53XBRIRT.js.map +0 -1
- package/dist/chunk-5T22KDPN.js.map +0 -1
- package/dist/chunk-5XHKQ56N.js +0 -340
- package/dist/chunk-5XHKQ56N.js.map +0 -1
- package/dist/chunk-6CME4UEK.js.map +0 -1
- package/dist/chunk-6STK5TQP.js +0 -139
- package/dist/chunk-6STK5TQP.js.map +0 -1
- package/dist/chunk-A3JMGXPG.js.map +0 -1
- package/dist/chunk-B6PB7JLN.js.map +0 -1
- package/dist/chunk-BVRYKATC.js.map +0 -1
- package/dist/chunk-DE6GKS6G.js.map +0 -1
- package/dist/chunk-DFMLEQZB.js.map +0 -1
- package/dist/chunk-DJHHA6XH.js.map +0 -1
- package/dist/chunk-DL3HWOQ5.js.map +0 -1
- package/dist/chunk-DONMZAD2.js.map +0 -1
- package/dist/chunk-EMIGCR7X.js.map +0 -1
- package/dist/chunk-F3GDRNUT.js.map +0 -1
- package/dist/chunk-FZU343FL.js.map +0 -1
- package/dist/chunk-H2X3ISXG.js.map +0 -1
- package/dist/chunk-HNRHLRDC.js.map +0 -1
- package/dist/chunk-I5FOWO4J.js.map +0 -1
- package/dist/chunk-J66GRPNH.js.map +0 -1
- package/dist/chunk-JWRVQKRZ.js.map +0 -1
- package/dist/chunk-K3DK3NU5.js.map +0 -1
- package/dist/chunk-ML236QKC.js.map +0 -1
- package/dist/chunk-NONAAENK.js.map +0 -1
- package/dist/chunk-O3VZPBZG.js.map +0 -1
- package/dist/chunk-OIF6LZUR.js.map +0 -1
- package/dist/chunk-OQ6PIGHA.js +0 -19
- package/dist/chunk-OQ6PIGHA.js.map +0 -1
- package/dist/chunk-PE2FR4J3.js.map +0 -1
- package/dist/chunk-PP6W64Y3.js +0 -275
- package/dist/chunk-PP6W64Y3.js.map +0 -1
- package/dist/chunk-PX35GA7L.js.map +0 -1
- package/dist/chunk-QEILDE6R.js +0 -793
- package/dist/chunk-QEILDE6R.js.map +0 -1
- package/dist/chunk-QODLLGQ7.js.map +0 -1
- package/dist/chunk-RAZ4OVLL.js +0 -51
- package/dist/chunk-RAZ4OVLL.js.map +0 -1
- package/dist/chunk-SYMWGEET.js.map +0 -1
- package/dist/chunk-T7JEBOGN.js.map +0 -1
- package/dist/chunk-TFBP23BX.js.map +0 -1
- package/dist/chunk-TV3YZ35S.js +0 -90
- package/dist/chunk-TV3YZ35S.js.map +0 -1
- package/dist/chunk-U26HQ6KJ.js.map +0 -1
- package/dist/chunk-UF3BUNQZ.js +0 -1
- package/dist/chunk-UMLVJTYV.js +0 -20
- package/dist/chunk-UMLVJTYV.js.map +0 -1
- package/dist/chunk-VTKGMEPP.js.map +0 -1
- package/dist/chunk-W6EQLGMB.js +0 -100
- package/dist/chunk-W6EQLGMB.js.map +0 -1
- package/dist/chunk-WIRRPTFH.js +0 -17
- package/dist/chunk-WIRRPTFH.js.map +0 -1
- package/dist/chunk-WPLVTJ5D.js.map +0 -1
- package/dist/chunk-XJFLDA7A.js.map +0 -1
- package/dist/chunk-Z6FNBOTC.js.map +0 -1
- package/dist/chunk-ZYWZWG6G.js.map +0 -1
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -25
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/crypto-HTZ4FJOP.js +0 -44
- package/dist/delegation-RI54P6I5.js +0 -17
- package/dist/derivations/index.cjs +0 -351
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -72
- package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
- package/dist/executor-5PNY7LGW.js +0 -8
- package/dist/executor-B4QIYGZX.js +0 -8
- package/dist/executor-BWXXDQ7K.js +0 -11
- package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
- package/dist/guards/index.cjs +0 -322
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -31
- package/dist/hash-HJqD14vS.d.ts +0 -63
- package/dist/history/index.cjs +0 -1222
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -63
- package/dist/i18n/index.cjs +0 -1100
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -39
- package/dist/index-4fBVt8j9.d.cts +0 -2387
- package/dist/index-D8I_pyJD.d.ts +0 -2387
- package/dist/index.cjs +0 -24487
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -776
- package/dist/indexing/index.cjs +0 -742
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/issue-VGDPP4B5.js +0 -12
- package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
- package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -854
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -186
- package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
- package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
- package/dist/noydb-G725ZSZG.js +0 -34
- package/dist/overlay-views/index.cjs +0 -359
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -82
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -22
- package/dist/predicate-BSAGEyu5.d.cts +0 -209
- package/dist/predicate-BSAGEyu5.d.ts +0 -209
- package/dist/query/index.cjs +0 -2375
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -3
- package/dist/read-only-facade-ITU6L7BL.js +0 -7
- package/dist/registry-3QP3YKQS.js +0 -8
- package/dist/registry-DKEXOJVO.js +0 -7
- package/dist/registry-OJIOSBV6.js +0 -10
- package/dist/registry-USRVT6YF.js +0 -8
- package/dist/revoke-JCC7N56X.js +0 -17
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -46
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -17
- package/dist/snapshots/index.cjs +0 -937
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -28
- package/dist/store/index.cjs +0 -1083
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -492
- package/dist/store/index.d.ts +0 -492
- package/dist/store/index.js +0 -37
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-BSxFXGzb.d.ts +0 -110
- package/dist/strategy-DSTrsZ8t.d.cts +0 -601
- package/dist/strategy-DSTrsZ8t.d.ts +0 -601
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -43
- package/dist/team/index.cjs +0 -2798
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -118
- package/dist/tx/index.cjs +0 -544
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -21
- package/dist/types-DyXYr8rE.d.cts +0 -12818
- package/dist/ulid-COREQ2RQ.js +0 -9
- package/dist/ulid-Drr7ykr6.d.cts +0 -603
- package/dist/util/index.cjs +0 -230
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -77
- package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
- package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
- package/dist/with-guard-ByyxmEe7.d.cts +0 -18
- package/dist/with-guard-qube6BMI.d.ts +0 -18
- package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
- package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
- /package/dist/{store → adapter}/index.js.map +0 -0
- /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
- /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
- /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
- /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
- /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
- /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
- /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
- /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
- /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
- /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
- /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
- /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
- /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
- /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
- /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
- /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
- /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
- /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
- /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
import {
|
|
2
|
+
buildAccessibleBundle,
|
|
3
|
+
resolveAccessibleCollections
|
|
4
|
+
} from "./chunk-HCIPRAGS.js";
|
|
5
|
+
import {
|
|
6
|
+
sha256Hex
|
|
7
|
+
} from "./chunk-5O3AOPDT.js";
|
|
8
|
+
import {
|
|
9
|
+
NOYDB_FORMAT_VERSION
|
|
10
|
+
} from "./chunk-5TDJ56JE.js";
|
|
11
|
+
import {
|
|
12
|
+
ReadOnlyError
|
|
13
|
+
} from "./chunk-ZYUC53LT.js";
|
|
14
|
+
|
|
15
|
+
// src/with-audit/portability/withdraw-accessible.ts
|
|
16
|
+
var FROZEN_SNAPSHOTS_COLLECTION = "_frozen_snapshots";
|
|
17
|
+
var ENC = new TextEncoder();
|
|
18
|
+
function randomId() {
|
|
19
|
+
const b = globalThis.crypto.getRandomValues(new Uint8Array(12));
|
|
20
|
+
return Array.from(b, (x) => x.toString(16).padStart(2, "0")).join("");
|
|
21
|
+
}
|
|
22
|
+
async function freezeSnapshotOnly(vault, collections, opts) {
|
|
23
|
+
const { name: vaultName, adapter } = vault._introspectState();
|
|
24
|
+
const closure = [];
|
|
25
|
+
for (const c of collections) {
|
|
26
|
+
for (const id of await adapter.list(vaultName, c)) closure.push({ collection: c, id });
|
|
27
|
+
}
|
|
28
|
+
const withdrawalId = opts.withdrawalId ?? `wd-${randomId()}`;
|
|
29
|
+
const snap = {};
|
|
30
|
+
for (const { collection, id } of closure) {
|
|
31
|
+
const env = await adapter.get(vaultName, collection, id);
|
|
32
|
+
if (env) (snap[collection] ??= {})[id] = env;
|
|
33
|
+
}
|
|
34
|
+
const frozenAt = (/* @__PURE__ */ new Date()).toISOString();
|
|
35
|
+
const body = JSON.stringify({ withdrawalId, frozenAt, by: opts.actorUserId, collections: snap });
|
|
36
|
+
const sha = await sha256Hex(ENC.encode(body));
|
|
37
|
+
await adapter.put(
|
|
38
|
+
vaultName,
|
|
39
|
+
FROZEN_SNAPSHOTS_COLLECTION,
|
|
40
|
+
withdrawalId,
|
|
41
|
+
{ _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: frozenAt, _iv: "", _data: body, _by: opts.actorUserId },
|
|
42
|
+
0
|
|
43
|
+
);
|
|
44
|
+
await vault._getLedgerOrNull()?.append({
|
|
45
|
+
op: "lifecycle",
|
|
46
|
+
collection: "",
|
|
47
|
+
id: "",
|
|
48
|
+
version: 0,
|
|
49
|
+
actor: opts.actorUserId,
|
|
50
|
+
payloadHash: "",
|
|
51
|
+
reason: `withdrawal-frozen-snapshot:${withdrawalId}:${sha}`
|
|
52
|
+
});
|
|
53
|
+
return { withdrawalId, sha256: sha, recordCount: closure.length, frozenAt };
|
|
54
|
+
}
|
|
55
|
+
async function freezeAndDeleteClosure(vault, collections, opts) {
|
|
56
|
+
const snapshot = opts.disposition === "freeze" ? await freezeSnapshotOnly(vault, collections, {
|
|
57
|
+
actorUserId: opts.actorUserId,
|
|
58
|
+
...opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}
|
|
59
|
+
}) : void 0;
|
|
60
|
+
const { name: vaultName, adapter } = vault._introspectState();
|
|
61
|
+
for (const c of collections) {
|
|
62
|
+
for (const id of await adapter.list(vaultName, c)) {
|
|
63
|
+
await vault.collection(c).delete(id);
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
return snapshot;
|
|
67
|
+
}
|
|
68
|
+
async function withdrawAccessibleData(vault, opts) {
|
|
69
|
+
const { keyring } = vault._introspectState();
|
|
70
|
+
const disposition = opts.disposition ?? "delete";
|
|
71
|
+
if (keyring.role === "owner" || keyring.role === "admin") {
|
|
72
|
+
throw new ReadOnlyError(
|
|
73
|
+
"unilateralWithdrawal is the scoped self-service path; an owner/admin should use extractPartition"
|
|
74
|
+
);
|
|
75
|
+
}
|
|
76
|
+
if (keyring.role === "custodian") {
|
|
77
|
+
throw new ReadOnlyError(
|
|
78
|
+
"a custodian cannot destructively withdraw/sever; use vault.custody.liberate for an audited ownership claim"
|
|
79
|
+
);
|
|
80
|
+
}
|
|
81
|
+
if (keyring.role === "client" || keyring.role === "viewer") {
|
|
82
|
+
throw new ReadOnlyError(
|
|
83
|
+
"read-only role cannot self-serve a destructive withdrawal \u2014 use requestWithdrawal (two-party)"
|
|
84
|
+
);
|
|
85
|
+
}
|
|
86
|
+
const collections = resolveAccessibleCollections(keyring, opts.scope, true);
|
|
87
|
+
if (!collections || collections.length === 0) {
|
|
88
|
+
throw new ReadOnlyError(
|
|
89
|
+
"unilateralWithdrawal requires rw access on the withdrawn collections \u2014 use requestWithdrawal for read-only scope"
|
|
90
|
+
);
|
|
91
|
+
}
|
|
92
|
+
const bundle = await buildAccessibleBundle(vault, collections, opts.reKey);
|
|
93
|
+
const snapshot = await freezeAndDeleteClosure(vault, collections, {
|
|
94
|
+
disposition,
|
|
95
|
+
actorUserId: keyring.userId,
|
|
96
|
+
...opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}
|
|
97
|
+
});
|
|
98
|
+
await vault._getLedgerOrNull()?.append({
|
|
99
|
+
op: "lifecycle",
|
|
100
|
+
collection: "",
|
|
101
|
+
id: "",
|
|
102
|
+
version: 0,
|
|
103
|
+
actor: keyring.userId,
|
|
104
|
+
payloadHash: "",
|
|
105
|
+
reason: `user-unilateral-withdrawal:${keyring.userId}:${disposition}:${opts.legalBasis}`
|
|
106
|
+
});
|
|
107
|
+
return snapshot ? { bundle, snapshot } : { bundle };
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
export {
|
|
111
|
+
FROZEN_SNAPSHOTS_COLLECTION,
|
|
112
|
+
randomId,
|
|
113
|
+
freezeSnapshotOnly,
|
|
114
|
+
freezeAndDeleteClosure,
|
|
115
|
+
withdrawAccessibleData
|
|
116
|
+
};
|
|
117
|
+
//# sourceMappingURL=chunk-PSMV73A5.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/with-audit/portability/withdraw-accessible.ts"],"sourcesContent":["/**\n * `unilateralWithdrawal`: a non-owner extracts their accessible scope\n * AND disposes of the source copy. Destructive; gated by the default-off\n * fail-closed built-in `client-unilateral-withdraw` policy (checked in the\n * UserApi wrapper).\n *\n * Two source dispositions:\n * - 'delete' — delete-closure: the records leave the source vault entirely.\n * - 'freeze' — the firm retains a cryptographically-frozen, read-only, write-once\n * snapshot (hash-pinned in the tamper-evident ledger) while the live\n * records are removed.\n *\n * Ordering guarantees no data loss: the client's re-keyed export bundle (and the\n * freeze snapshot) are produced BEFORE anything is deleted.\n *\n * The `freezeAndDeleteClosure` core is shared with the two-party approval path\n * (`request-withdrawal.ts`).\n */\nimport type { Vault } from '../../kernel/vault.js'\nimport { sha256Hex } from '../../kernel/enclave/index.js'\nimport { ReadOnlyError } from '../../kernel/errors.js'\nimport { NOYDB_FORMAT_VERSION } from '../../kernel/types.js'\nimport { resolveAccessibleCollections, buildAccessibleBundle } from './export-accessible.js'\n\nexport const FROZEN_SNAPSHOTS_COLLECTION = '_frozen_snapshots'\nconst ENC = new TextEncoder()\n\n/** 24-hex-char random id (used for withdrawal ids + request ids). */\nexport function randomId(): string {\n const b = globalThis.crypto.getRandomValues(new Uint8Array(12))\n return Array.from(b, (x) => x.toString(16).padStart(2, '0')).join('')\n}\n\nexport interface FrozenSnapshotRef {\n readonly withdrawalId: string\n readonly sha256: string\n readonly recordCount: number\n readonly frozenAt: string\n}\n\nexport interface WithdrawAccessibleOptions {\n /** Legal/contractual basis recorded in the audit (e.g. 'gdpr-art-17'). */\n readonly legalBasis: string\n /** Re-key the exported bundle to a new owner passphrase. */\n readonly reKey?: { readonly passphrase: string }\n /** Source disposition. Default 'delete'. */\n readonly disposition?: 'delete' | 'freeze'\n readonly scope?: { readonly collections?: readonly string[] }\n /** Stable id for idempotent resume (default random). */\n readonly withdrawalId?: string\n}\n\nexport interface WithdrawResult {\n readonly bundle: Uint8Array\n readonly snapshot?: FrozenSnapshotRef\n}\n\n/**\n * Freeze a write-once, hash-pinned snapshot of the current ciphertext for\n * `collections` WITHOUT touching the live records. Returns the snapshot ref.\n *\n * This is the non-destructive core shared by two callers:\n * - `freezeAndDeleteClosure` (withdrawal, disposition `'freeze'`) — which\n * pins the snapshot and THEN delete-closures the live records.\n * - FR-6 `liberateVault` (custody) — which pins a PRE-liberation evidence\n * snapshot but PRESERVES the live data for the new owner (operational\n * continuity; liberation transfers, it does not erase).\n *\n * The snapshot put is write-once (CAS expectedVersion 0) and the ledger pin is\n * appended on success, so a crashed run re-run with the same `withdrawalId` is\n * safe. The snapshot is taken under the vault's own firm-owned DEKs — no re-key.\n */\nexport async function freezeSnapshotOnly(\n vault: Vault,\n collections: readonly string[],\n opts: { actorUserId: string; withdrawalId?: string },\n): Promise<FrozenSnapshotRef> {\n const { name: vaultName, adapter } = vault._introspectState()\n\n // Enumerate the closure (record ids per collection).\n const closure: Array<{ collection: string; id: string }> = []\n for (const c of collections) {\n for (const id of await adapter.list(vaultName, c)) closure.push({ collection: c, id })\n }\n\n const withdrawalId = opts.withdrawalId ?? `wd-${randomId()}`\n const snap: Record<string, Record<string, unknown>> = {}\n for (const { collection, id } of closure) {\n const env = await adapter.get(vaultName, collection, id)\n if (env) (snap[collection] ??= {})[id] = env\n }\n const frozenAt = new Date().toISOString()\n const body = JSON.stringify({ withdrawalId, frozenAt, by: opts.actorUserId, collections: snap })\n const sha = await sha256Hex(ENC.encode(body))\n // Write-once: expectedVersion 0 rejects an overwrite (idempotent resume).\n await adapter.put(\n vaultName,\n FROZEN_SNAPSHOTS_COLLECTION,\n withdrawalId,\n { _noydb: NOYDB_FORMAT_VERSION, _v: 1, _ts: frozenAt, _iv: '', _data: body, _by: opts.actorUserId },\n 0,\n )\n // Hash-pin into the tamper-evident ledger — makes the snapshot provably unaltered.\n await vault._getLedgerOrNull()?.append({\n op: 'lifecycle', collection: '', id: '', version: 0, actor: opts.actorUserId, payloadHash: '',\n reason: `withdrawal-frozen-snapshot:${withdrawalId}:${sha}`,\n })\n return { withdrawalId, sha256: sha, recordCount: closure.length, frozenAt }\n}\n\n/**\n * Dispose of the source records for `collections`: optionally freeze a\n * write-once hash-pinned snapshot of the original ciphertext, then\n * delete-closure the live records. Returns the snapshot ref on freeze.\n *\n * Caller MUST have produced the portable bundle FIRST — this is destructive.\n * The delete is best-effort + idempotent (re-deleting an absent record is a\n * no-op) and the snapshot put is write-once (CAS expectedVersion 0), so a\n * crashed run re-run with the same `withdrawalId` is safe.\n */\nexport async function freezeAndDeleteClosure(\n vault: Vault,\n collections: readonly string[],\n opts: { disposition: 'delete' | 'freeze'; actorUserId: string; withdrawalId?: string },\n): Promise<FrozenSnapshotRef | undefined> {\n // freeze: pin a write-once, hash-pinned snapshot BEFORE any delete. The\n // snapshot-only core is shared with FR-6 liberation (which never deletes).\n const snapshot = opts.disposition === 'freeze'\n ? await freezeSnapshotOnly(vault, collections, {\n actorUserId: opts.actorUserId,\n ...(opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}),\n })\n : undefined\n\n // delete-closure — only after the snapshot is durable.\n const { name: vaultName, adapter } = vault._introspectState()\n for (const c of collections) {\n for (const id of await adapter.list(vaultName, c)) {\n await vault.collection(c).delete(id)\n }\n }\n\n return snapshot\n}\n\nexport async function withdrawAccessibleData(\n vault: Vault,\n opts: WithdrawAccessibleOptions,\n): Promise<WithdrawResult> {\n const { keyring } = vault._introspectState()\n const disposition = opts.disposition ?? 'delete'\n\n // Owner-class roles hold blanket authority — they use extractPartition.\n if (keyring.role === 'owner' || keyring.role === 'admin') {\n throw new ReadOnlyError(\n 'unilateralWithdrawal is the scoped self-service path; an owner/admin should use extractPartition',\n )\n }\n // FR-6: a custodian must NOT destructively SEVER the vault. It holds the DEKs\n // and operates fully, but ownership is claimed only through the audited\n // Liberate ceremony — never by a one-sided delete/freeze withdrawal. Fires\n // BEFORE the operator rw-scope path below (where a custodian would otherwise\n // be rejected with the wrong \"requires rw access\" message).\n if (keyring.role === 'custodian') {\n throw new ReadOnlyError(\n 'a custodian cannot destructively withdraw/sever; use vault.custody.liberate for an audited ownership claim',\n )\n }\n // client/viewer are read-only by construction (see hasWritePermission): a\n // destructive withdrawal they cannot self-serve — they use the two-party\n // requestWithdrawal flow where firm authority executes the delete-closure.\n if (keyring.role === 'client' || keyring.role === 'viewer') {\n throw new ReadOnlyError(\n 'read-only role cannot self-serve a destructive withdrawal — use requestWithdrawal (two-party)',\n )\n }\n // Operator path: destructive ops need rw on the whole scope.\n const collections = resolveAccessibleCollections(keyring, opts.scope, true)\n if (!collections || collections.length === 0) {\n throw new ReadOnlyError(\n 'unilateralWithdrawal requires rw access on the withdrawn collections — use requestWithdrawal for read-only scope',\n )\n }\n\n // 1. Produce the client's re-keyed portable copy FIRST (nothing destroyed yet).\n const bundle = await buildAccessibleBundle(vault, collections, opts.reKey)\n\n // 2. + 3. freeze (optional) then delete-closure.\n const snapshot = await freezeAndDeleteClosure(vault, collections, {\n disposition, actorUserId: keyring.userId, ...(opts.withdrawalId ? { withdrawalId: opts.withdrawalId } : {}),\n })\n\n // 4. audit\n await vault._getLedgerOrNull()?.append({\n op: 'lifecycle', collection: '', id: '', version: 0, actor: keyring.userId, payloadHash: '',\n reason: `user-unilateral-withdrawal:${keyring.userId}:${disposition}:${opts.legalBasis}`,\n })\n\n return snapshot ? { bundle, snapshot } : { bundle }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAwBO,IAAM,8BAA8B;AAC3C,IAAM,MAAM,IAAI,YAAY;AAGrB,SAAS,WAAmB;AACjC,QAAM,IAAI,WAAW,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAC9D,SAAO,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AACtE;AAyCA,eAAsB,mBACpB,OACA,aACA,MAC4B;AAC5B,QAAM,EAAE,MAAM,WAAW,QAAQ,IAAI,MAAM,iBAAiB;AAG5D,QAAM,UAAqD,CAAC;AAC5D,aAAW,KAAK,aAAa;AAC3B,eAAW,MAAM,MAAM,QAAQ,KAAK,WAAW,CAAC,EAAG,SAAQ,KAAK,EAAE,YAAY,GAAG,GAAG,CAAC;AAAA,EACvF;AAEA,QAAM,eAAe,KAAK,gBAAgB,MAAM,SAAS,CAAC;AAC1D,QAAM,OAAgD,CAAC;AACvD,aAAW,EAAE,YAAY,GAAG,KAAK,SAAS;AACxC,UAAM,MAAM,MAAM,QAAQ,IAAI,WAAW,YAAY,EAAE;AACvD,QAAI,IAAK,EAAC,KAAK,UAAU,MAAM,CAAC,GAAG,EAAE,IAAI;AAAA,EAC3C;AACA,QAAM,YAAW,oBAAI,KAAK,GAAE,YAAY;AACxC,QAAM,OAAO,KAAK,UAAU,EAAE,cAAc,UAAU,IAAI,KAAK,aAAa,aAAa,KAAK,CAAC;AAC/F,QAAM,MAAM,MAAM,UAAU,IAAI,OAAO,IAAI,CAAC;AAE5C,QAAM,QAAQ;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA,EAAE,QAAQ,sBAAsB,IAAI,GAAG,KAAK,UAAU,KAAK,IAAI,OAAO,MAAM,KAAK,KAAK,YAAY;AAAA,IAClG;AAAA,EACF;AAEA,QAAM,MAAM,iBAAiB,GAAG,OAAO;AAAA,IACrC,IAAI;AAAA,IAAa,YAAY;AAAA,IAAI,IAAI;AAAA,IAAI,SAAS;AAAA,IAAG,OAAO,KAAK;AAAA,IAAa,aAAa;AAAA,IAC3F,QAAQ,8BAA8B,YAAY,IAAI,GAAG;AAAA,EAC3D,CAAC;AACD,SAAO,EAAE,cAAc,QAAQ,KAAK,aAAa,QAAQ,QAAQ,SAAS;AAC5E;AAYA,eAAsB,uBACpB,OACA,aACA,MACwC;AAGxC,QAAM,WAAW,KAAK,gBAAgB,WAClC,MAAM,mBAAmB,OAAO,aAAa;AAAA,IAC3C,aAAa,KAAK;AAAA,IAClB,GAAI,KAAK,eAAe,EAAE,cAAc,KAAK,aAAa,IAAI,CAAC;AAAA,EACjE,CAAC,IACD;AAGJ,QAAM,EAAE,MAAM,WAAW,QAAQ,IAAI,MAAM,iBAAiB;AAC5D,aAAW,KAAK,aAAa;AAC3B,eAAW,MAAM,MAAM,QAAQ,KAAK,WAAW,CAAC,GAAG;AACjD,YAAM,MAAM,WAAW,CAAC,EAAE,OAAO,EAAE;AAAA,IACrC;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,uBACpB,OACA,MACyB;AACzB,QAAM,EAAE,QAAQ,IAAI,MAAM,iBAAiB;AAC3C,QAAM,cAAc,KAAK,eAAe;AAGxC,MAAI,QAAQ,SAAS,WAAW,QAAQ,SAAS,SAAS;AACxD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAMA,MAAI,QAAQ,SAAS,aAAa;AAChC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAIA,MAAI,QAAQ,SAAS,YAAY,QAAQ,SAAS,UAAU;AAC1D,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,6BAA6B,SAAS,KAAK,OAAO,IAAI;AAC1E,MAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAGA,QAAM,SAAS,MAAM,sBAAsB,OAAO,aAAa,KAAK,KAAK;AAGzE,QAAM,WAAW,MAAM,uBAAuB,OAAO,aAAa;AAAA,IAChE;AAAA,IAAa,aAAa,QAAQ;AAAA,IAAQ,GAAI,KAAK,eAAe,EAAE,cAAc,KAAK,aAAa,IAAI,CAAC;AAAA,EAC3G,CAAC;AAGD,QAAM,MAAM,iBAAiB,GAAG,OAAO;AAAA,IACrC,IAAI;AAAA,IAAa,YAAY;AAAA,IAAI,IAAI;AAAA,IAAI,SAAS;AAAA,IAAG,OAAO,QAAQ;AAAA,IAAQ,aAAa;AAAA,IACzF,QAAQ,8BAA8B,QAAQ,MAAM,IAAI,WAAW,IAAI,KAAK,UAAU;AAAA,EACxF,CAAC;AAED,SAAO,WAAW,EAAE,QAAQ,SAAS,IAAI,EAAE,OAAO;AACpD;","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/kernel/util/discriminant.ts"],"sourcesContent":["/**\n * Type-guard helper for narrowing discriminated-union records.\n *\n * `Collection<T>` correctly threads `T` through `get` / `query` / `scan`, but\n * accessing member-specific fields after reading from a `Collection<Union>`\n * still requires a narrowing step in application code. In regular `.ts` files\n * a simple `if (r.kind === 'IV')` block narrows correctly; in vue-tsc /\n * template contexts the inline comparison is sometimes not enough, and the\n * helper below makes the guard portable and avoids `as unknown as …` casts.\n *\n * **Usage with Collection<T>**\n *\n * ```ts\n * import { isDiscriminant } from '@noy-db/hub'\n *\n * type IV = { kind: 'IV'; invoiceNo: string; amount: number }\n * type RE = { kind: 'RE'; receiptNo: string; paidAt: string }\n * type Receipt = IV | RE | ...\n *\n * const receipts = await vault.collection<Receipt>('receipts').query().toArray()\n *\n * // Filter approach — result is IV[], invoiceNo accessible without cast:\n * const ivs = receipts.filter(r => isDiscriminant(r, 'kind', 'IV'))\n * console.log(ivs[0].invoiceNo)\n *\n * // Branch approach:\n * for (const r of receipts) {\n * if (isDiscriminant(r, 'kind', 'IV')) {\n * console.log(r.invoiceNo) // r: IV here\n * }\n * }\n * ```\n *\n * @module\n */\n\n/**\n * Type-guard for narrowing a discriminated-union record by its discriminant.\n *\n * Returns `true` when `record[key] === value`, and narrows `record` to\n * `Extract<T, Record<K, V>>` — the exact union member(s) that carry that\n * discriminant value.\n *\n * The discriminant key is a parameter (not hardcoded to `'kind'`), so this\n * works with any field name: `'kind'`, `'type'`, `'tag'`, etc.\n *\n * @example\n * const ivs = receipts.filter(r => isDiscriminant(r, 'kind', 'IV'))\n * // ivs: IV[] — invoiceNo accessible, no cast needed\n *\n * @typeParam T - The union type of the record (e.g. `Receipt`). Both type-alias\n * unions and interface-extended unions work; use a `type` alias (`type Receipt = IV | RE`) for best\n * results.\n * @typeParam K - The discriminant key (must be a key of `T`).\n * @typeParam V - The discriminant value to match. The `const` modifier ensures\n * TypeScript infers the string literal (e.g. `'IV'`), not the full union\n * `T[K]`, so the predicate resolves to the exact member type.\n */\nexport function isDiscriminant<\n T,\n K extends keyof T,\n const V extends T[K],\n>(record: T, key: K, value: V): record is Extract<T, Record<K, V>> {\n return (record as Record<PropertyKey, unknown>)[key as PropertyKey] === value\n}\n"],"mappings":";AA0DO,SAAS,eAId,QAAW,KAAQ,OAA8C;AACjE,SAAQ,OAAwC,GAAkB,MAAM;AAC1E;","names":[]}
|
|
@@ -1,31 +1,52 @@
|
|
|
1
|
+
import {
|
|
2
|
+
sha256Hex
|
|
3
|
+
} from "./chunk-5O3AOPDT.js";
|
|
1
4
|
import {
|
|
2
5
|
DerivationCycleError
|
|
3
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-ZYUC53LT.js";
|
|
4
7
|
|
|
5
|
-
// src/derivations/strategy-hash.ts
|
|
6
|
-
async function computeStrategyHash(source, outputKeys, derive) {
|
|
8
|
+
// src/with-formula/derivations/strategy-hash.ts
|
|
9
|
+
async function computeStrategyHash(source, outputKeys, derive, sources) {
|
|
7
10
|
const canonical = JSON.stringify({
|
|
8
11
|
source,
|
|
9
12
|
outputs: [...outputKeys].sort(),
|
|
10
|
-
derive: derive.toString()
|
|
13
|
+
derive: derive.toString(),
|
|
14
|
+
// Declared sibling sources — adding/removing a trigger
|
|
15
|
+
// collection invalidates cached derived records. Omitted when empty
|
|
16
|
+
// so strategies without siblings keep their existing hash.
|
|
17
|
+
...sources?.length ? { sources: [...sources].sort() } : {}
|
|
11
18
|
});
|
|
12
19
|
const bytes = new TextEncoder().encode(canonical);
|
|
13
|
-
|
|
14
|
-
return Array.from(new Uint8Array(digest)).map((b) => b.toString(16).padStart(2, "0")).join("");
|
|
20
|
+
return sha256Hex(bytes);
|
|
15
21
|
}
|
|
16
22
|
|
|
17
|
-
// src/derivations/registry.ts
|
|
23
|
+
// src/with-formula/derivations/registry.ts
|
|
18
24
|
var DerivationRegistry = class {
|
|
19
25
|
_bySource = /* @__PURE__ */ new Map();
|
|
20
26
|
_byOutput = /* @__PURE__ */ new Map();
|
|
21
27
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
22
28
|
async register(spec) {
|
|
23
29
|
const outputKeys = Object.keys(spec.outputs);
|
|
24
|
-
const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive);
|
|
30
|
+
const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive, spec.sources);
|
|
25
31
|
const reg = { spec, strategyHash };
|
|
26
32
|
const fromSource = this._bySource.get(spec.source);
|
|
27
33
|
if (fromSource) fromSource.push(reg);
|
|
28
34
|
else this._bySource.set(spec.source, [reg]);
|
|
35
|
+
for (const extra of spec.sources ?? []) {
|
|
36
|
+
const fromExtra = this._bySource.get(extra);
|
|
37
|
+
if (fromExtra) fromExtra.push(reg);
|
|
38
|
+
else this._bySource.set(extra, [reg]);
|
|
39
|
+
}
|
|
40
|
+
for (const t of spec.triggerBy ?? []) {
|
|
41
|
+
const fromTrigger = this._bySource.get(t.collection);
|
|
42
|
+
if (fromTrigger) fromTrigger.push(reg);
|
|
43
|
+
else this._bySource.set(t.collection, [reg]);
|
|
44
|
+
}
|
|
45
|
+
if (spec.rollup) {
|
|
46
|
+
const fromRollup = this._bySource.get(spec.rollup.from);
|
|
47
|
+
if (fromRollup) fromRollup.push(reg);
|
|
48
|
+
else this._bySource.set(spec.rollup.from, [reg]);
|
|
49
|
+
}
|
|
29
50
|
for (const key of outputKeys) {
|
|
30
51
|
const output = spec.outputs[key];
|
|
31
52
|
if (!output) continue;
|
|
@@ -41,6 +62,23 @@ var DerivationRegistry = class {
|
|
|
41
62
|
strategiesProducingOutput(collection) {
|
|
42
63
|
return this._byOutput.get(collection) ?? [];
|
|
43
64
|
}
|
|
65
|
+
/**
|
|
66
|
+
* All registered strategies as a flat, deduplicated array.
|
|
67
|
+
* Each strategy is indexed once per source (not once per output key),
|
|
68
|
+
* so iterating `_bySource.values()` naturally yields each strategy
|
|
69
|
+
* exactly once per source — deduplication is handled by flattening
|
|
70
|
+
* the per-source arrays and collecting into a Set by identity.
|
|
71
|
+
*
|
|
72
|
+
* Used by `dumpSchema()` / `describeDerivations()` in the introspection
|
|
73
|
+
* walker to populate the derivations map.
|
|
74
|
+
*/
|
|
75
|
+
all() {
|
|
76
|
+
const seen = /* @__PURE__ */ new Set();
|
|
77
|
+
for (const strategies of this._bySource.values()) {
|
|
78
|
+
for (const s of strategies) seen.add(s);
|
|
79
|
+
}
|
|
80
|
+
return [...seen];
|
|
81
|
+
}
|
|
44
82
|
/**
|
|
45
83
|
* Cycle detection over the source → output → … graph. Call after all
|
|
46
84
|
* `register()` calls complete (i.e. at vault open). Throws
|
|
@@ -62,6 +100,9 @@ var DerivationRegistry = class {
|
|
|
62
100
|
for (const key of Object.keys(s.spec.outputs)) {
|
|
63
101
|
const output = s.spec.outputs[key];
|
|
64
102
|
if (!output) continue;
|
|
103
|
+
if (output.shape === "record" && output.collection === s.spec.source && output.denorm !== void 0) {
|
|
104
|
+
continue;
|
|
105
|
+
}
|
|
65
106
|
visit(output.collection);
|
|
66
107
|
}
|
|
67
108
|
}
|
|
@@ -76,4 +117,4 @@ var DerivationRegistry = class {
|
|
|
76
117
|
export {
|
|
77
118
|
DerivationRegistry
|
|
78
119
|
};
|
|
79
|
-
//# sourceMappingURL=chunk-
|
|
120
|
+
//# sourceMappingURL=chunk-Q7SS3IME.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/with-formula/derivations/strategy-hash.ts","../src/with-formula/derivations/registry.ts"],"sourcesContent":["/**\n * Deterministic hash of a derivation strategy's \"shape\": source\n * collection, declared sibling sources, output keys, derive function\n * source. Used to detect\n * strategy drift: a record whose `_derivedFrom.strategyHash` doesn't\n * match the current strategy is considered stale.\n *\n * Web Crypto SHA-256 — no extra deps.\n */\nimport { sha256Hex } from '../../kernel/enclave/index.js'\n\nexport async function computeStrategyHash(\n source: string,\n outputKeys: readonly string[],\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n derive: (...args: any[]) => any,\n sources?: ReadonlyArray<string>,\n): Promise<string> {\n const canonical = JSON.stringify({\n source,\n outputs: [...outputKeys].sort(),\n derive: derive.toString(),\n // Declared sibling sources — adding/removing a trigger\n // collection invalidates cached derived records. Omitted when empty\n // so strategies without siblings keep their existing hash.\n ...(sources?.length ? { sources: [...sources].sort() } : {}),\n })\n const bytes = new TextEncoder().encode(canonical)\n return sha256Hex(bytes)\n}\n","import { DerivationCycleError } from '../../kernel/errors.js'\nimport { computeStrategyHash } from './strategy-hash.js'\nimport type { DerivationStrategy } from './types.js'\n\ninterface RegisteredStrategy {\n // Type-erased to allow the registry to hold heterogeneous strategies.\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n spec: DerivationStrategy<any, any>\n strategyHash: string\n}\n\n/**\n * Vault-internal registry of derivation strategies. Owned by `Vault`;\n * not exported.\n *\n * @internal\n */\nexport class DerivationRegistry {\n private readonly _bySource = new Map<string, RegisteredStrategy[]>()\n private readonly _byOutput = new Map<string, RegisteredStrategy[]>()\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async register(spec: DerivationStrategy<any, any>): Promise<void> {\n const outputKeys = Object.keys(spec.outputs)\n const strategyHash = await computeStrategyHash(spec.source, outputKeys, spec.derive, spec.sources)\n const reg: RegisteredStrategy = { spec, strategyHash }\n\n const fromSource = this._bySource.get(spec.source)\n if (fromSource) fromSource.push(reg)\n else this._bySource.set(spec.source, [reg])\n\n // Declared sibling sources index the SAME `reg` under each\n // extra collection so `strategiesForSource(extra)` returns it and a\n // sibling write re-fires the derivation. Sibling keys also enter\n // `_bySource`, so `validate()`'s cycle DFS walks them automatically.\n for (const extra of spec.sources ?? []) {\n const fromExtra = this._bySource.get(extra)\n if (fromExtra) fromExtra.push(reg)\n else this._bySource.set(extra, [reg])\n }\n\n // FK triggers index the SAME `reg` under each parent collection so\n // a parent write re-fires the derivation (fanned out to matching source\n // records in `dispatchDerivations`). Like sources[], these keys enter\n // `_bySource` so the cycle DFS walks the trigger→output edge.\n for (const t of spec.triggerBy ?? []) {\n const fromTrigger = this._bySource.get(t.collection)\n if (fromTrigger) fromTrigger.push(reg)\n else this._bySource.set(t.collection, [reg])\n }\n\n // Rollup: a write to the child `from` collection recomputes\n // the parent (= spec.source = into) at id child[key]. Index under `from`\n // so a child write fires it; spec.source (into) is already indexed above,\n // so a parent write also recomputes its own aggregate (covers the\n // parent-created-after-children case). The from→into edge enters the cycle\n // DFS automatically.\n if (spec.rollup) {\n const fromRollup = this._bySource.get(spec.rollup.from)\n if (fromRollup) fromRollup.push(reg)\n else this._bySource.set(spec.rollup.from, [reg])\n }\n\n for (const key of outputKeys) {\n const output = spec.outputs[key]\n if (!output) continue\n const outputCollection = output.collection\n const arr = this._byOutput.get(outputCollection)\n if (arr) arr.push(reg)\n else this._byOutput.set(outputCollection, [reg])\n }\n }\n\n strategiesForSource(source: string): ReadonlyArray<RegisteredStrategy> {\n return this._bySource.get(source) ?? []\n }\n\n strategiesProducingOutput(collection: string): ReadonlyArray<RegisteredStrategy> {\n return this._byOutput.get(collection) ?? []\n }\n\n /**\n * All registered strategies as a flat, deduplicated array.\n * Each strategy is indexed once per source (not once per output key),\n * so iterating `_bySource.values()` naturally yields each strategy\n * exactly once per source — deduplication is handled by flattening\n * the per-source arrays and collecting into a Set by identity.\n *\n * Used by `dumpSchema()` / `describeDerivations()` in the introspection\n * walker to populate the derivations map.\n */\n all(): ReadonlyArray<RegisteredStrategy> {\n const seen = new Set<RegisteredStrategy>()\n for (const strategies of this._bySource.values()) {\n for (const s of strategies) seen.add(s)\n }\n return [...seen]\n }\n\n /**\n * Cycle detection over the source → output → … graph. Call after all\n * `register()` calls complete (i.e. at vault open). Throws\n * `DerivationCycleError` on the first cycle found.\n */\n validate(): void {\n const visited = new Set<string>()\n const stack: string[] = []\n\n const visit = (node: string): void => {\n if (stack.includes(node)) {\n const cycle = stack.slice(stack.indexOf(node)).concat(node)\n throw new DerivationCycleError(cycle)\n }\n if (visited.has(node)) return\n stack.push(node)\n const strategies = this._bySource.get(node)\n if (strategies) {\n for (const s of strategies) {\n for (const key of Object.keys(s.spec.outputs)) {\n const output = s.spec.outputs[key]\n if (!output) continue\n // Self-write reverse-denorm: an output back to its own\n // source is intentional, not an infinite cycle — the value-equality\n // guard in dispatch terminates it. Skip this edge so it isn't\n // flagged. (Self-write outputs are required to declare `denorm`.)\n if (\n output.shape === 'record' &&\n output.collection === s.spec.source &&\n output.denorm !== undefined\n ) {\n continue\n }\n visit(output.collection)\n }\n }\n }\n stack.pop()\n visited.add(node)\n }\n\n for (const src of this._bySource.keys()) visit(src)\n }\n}\n"],"mappings":";;;;;;;;AAWA,eAAsB,oBACpB,QACA,YAEA,QACA,SACiB;AACjB,QAAM,YAAY,KAAK,UAAU;AAAA,IAC/B;AAAA,IACA,SAAS,CAAC,GAAG,UAAU,EAAE,KAAK;AAAA,IAC9B,QAAQ,OAAO,SAAS;AAAA;AAAA;AAAA;AAAA,IAIxB,GAAI,SAAS,SAAS,EAAE,SAAS,CAAC,GAAG,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC;AAAA,EAC5D,CAAC;AACD,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,SAAS;AAChD,SAAO,UAAU,KAAK;AACxB;;;ACZO,IAAM,qBAAN,MAAyB;AAAA,EACb,YAAY,oBAAI,IAAkC;AAAA,EAClD,YAAY,oBAAI,IAAkC;AAAA;AAAA,EAGnE,MAAM,SAAS,MAAmD;AAChE,UAAM,aAAa,OAAO,KAAK,KAAK,OAAO;AAC3C,UAAM,eAAe,MAAM,oBAAoB,KAAK,QAAQ,YAAY,KAAK,QAAQ,KAAK,OAAO;AACjG,UAAM,MAA0B,EAAE,MAAM,aAAa;AAErD,UAAM,aAAa,KAAK,UAAU,IAAI,KAAK,MAAM;AACjD,QAAI,WAAY,YAAW,KAAK,GAAG;AAAA,QAC9B,MAAK,UAAU,IAAI,KAAK,QAAQ,CAAC,GAAG,CAAC;AAM1C,eAAW,SAAS,KAAK,WAAW,CAAC,GAAG;AACtC,YAAM,YAAY,KAAK,UAAU,IAAI,KAAK;AAC1C,UAAI,UAAW,WAAU,KAAK,GAAG;AAAA,UAC5B,MAAK,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC;AAAA,IACtC;AAMA,eAAW,KAAK,KAAK,aAAa,CAAC,GAAG;AACpC,YAAM,cAAc,KAAK,UAAU,IAAI,EAAE,UAAU;AACnD,UAAI,YAAa,aAAY,KAAK,GAAG;AAAA,UAChC,MAAK,UAAU,IAAI,EAAE,YAAY,CAAC,GAAG,CAAC;AAAA,IAC7C;AAQA,QAAI,KAAK,QAAQ;AACf,YAAM,aAAa,KAAK,UAAU,IAAI,KAAK,OAAO,IAAI;AACtD,UAAI,WAAY,YAAW,KAAK,GAAG;AAAA,UAC9B,MAAK,UAAU,IAAI,KAAK,OAAO,MAAM,CAAC,GAAG,CAAC;AAAA,IACjD;AAEA,eAAW,OAAO,YAAY;AAC5B,YAAM,SAAS,KAAK,QAAQ,GAAG;AAC/B,UAAI,CAAC,OAAQ;AACb,YAAM,mBAAmB,OAAO;AAChC,YAAM,MAAM,KAAK,UAAU,IAAI,gBAAgB;AAC/C,UAAI,IAAK,KAAI,KAAK,GAAG;AAAA,UAChB,MAAK,UAAU,IAAI,kBAAkB,CAAC,GAAG,CAAC;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,oBAAoB,QAAmD;AACrE,WAAO,KAAK,UAAU,IAAI,MAAM,KAAK,CAAC;AAAA,EACxC;AAAA,EAEA,0BAA0B,YAAuD;AAC/E,WAAO,KAAK,UAAU,IAAI,UAAU,KAAK,CAAC;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAyC;AACvC,UAAM,OAAO,oBAAI,IAAwB;AACzC,eAAW,cAAc,KAAK,UAAU,OAAO,GAAG;AAChD,iBAAW,KAAK,WAAY,MAAK,IAAI,CAAC;AAAA,IACxC;AACA,WAAO,CAAC,GAAG,IAAI;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAiB;AACf,UAAM,UAAU,oBAAI,IAAY;AAChC,UAAM,QAAkB,CAAC;AAEzB,UAAM,QAAQ,CAAC,SAAuB;AACpC,UAAI,MAAM,SAAS,IAAI,GAAG;AACxB,cAAM,QAAQ,MAAM,MAAM,MAAM,QAAQ,IAAI,CAAC,EAAE,OAAO,IAAI;AAC1D,cAAM,IAAI,qBAAqB,KAAK;AAAA,MACtC;AACA,UAAI,QAAQ,IAAI,IAAI,EAAG;AACvB,YAAM,KAAK,IAAI;AACf,YAAM,aAAa,KAAK,UAAU,IAAI,IAAI;AAC1C,UAAI,YAAY;AACd,mBAAW,KAAK,YAAY;AAC1B,qBAAW,OAAO,OAAO,KAAK,EAAE,KAAK,OAAO,GAAG;AAC7C,kBAAM,SAAS,EAAE,KAAK,QAAQ,GAAG;AACjC,gBAAI,CAAC,OAAQ;AAKb,gBACE,OAAO,UAAU,YACjB,OAAO,eAAe,EAAE,KAAK,UAC7B,OAAO,WAAW,QAClB;AACA;AAAA,YACF;AACA,kBAAM,OAAO,UAAU;AAAA,UACzB;AAAA,QACF;AAAA,MACF;AACA,YAAM,IAAI;AACV,cAAQ,IAAI,IAAI;AAAA,IAClB;AAEA,eAAW,OAAO,KAAK,UAAU,KAAK,EAAG,OAAM,GAAG;AAAA,EACpD;AACF;","names":[]}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import {
|
|
2
|
+
QuiesceTimeoutError
|
|
3
|
+
} from "./chunk-ZYUC53LT.js";
|
|
4
|
+
|
|
5
|
+
// src/port/by/types.ts
|
|
6
|
+
function isQuorum(writers, generation, excludeWriterId) {
|
|
7
|
+
return writers.filter((w) => w.writerId !== excludeWriterId).every((w) => w.quiescedAtVersion === generation);
|
|
8
|
+
}
|
|
9
|
+
async function runDrainBarrier(provider, o, run) {
|
|
10
|
+
await provider.setFence(o.vault, { currentSchemaVersion: o.generation, fenceState: "draining" });
|
|
11
|
+
await o.onFlush();
|
|
12
|
+
const deadline = o.now() + o.quiesceTimeoutMs;
|
|
13
|
+
const seeded = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() });
|
|
14
|
+
if (!isQuorum(seeded, o.generation, o.writerId)) {
|
|
15
|
+
await new Promise((resolve, reject) => {
|
|
16
|
+
let settled = false;
|
|
17
|
+
const finish = (fn) => {
|
|
18
|
+
if (!settled) {
|
|
19
|
+
settled = true;
|
|
20
|
+
unsub();
|
|
21
|
+
fn();
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
const unsub = provider.observePresence(o.vault, (writers) => {
|
|
25
|
+
if (isQuorum(writers, o.generation, o.writerId)) finish(resolve);
|
|
26
|
+
});
|
|
27
|
+
const tick = async () => {
|
|
28
|
+
if (settled) return;
|
|
29
|
+
if (o.now() >= deadline) {
|
|
30
|
+
finish(
|
|
31
|
+
() => reject(
|
|
32
|
+
new QuiesceTimeoutError(
|
|
33
|
+
`Cutover of vault "${o.vault}" to generation ${o.generation} timed out after ${o.quiesceTimeoutMs}ms waiting for active writers to quiesce.`
|
|
34
|
+
)
|
|
35
|
+
)
|
|
36
|
+
);
|
|
37
|
+
return;
|
|
38
|
+
}
|
|
39
|
+
if (o.onPoll) await o.onPoll();
|
|
40
|
+
const w = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() });
|
|
41
|
+
if (isQuorum(w, o.generation, o.writerId)) finish(resolve);
|
|
42
|
+
else setTimeout(() => void tick(), 25);
|
|
43
|
+
};
|
|
44
|
+
void tick();
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
await run();
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
export {
|
|
51
|
+
isQuorum,
|
|
52
|
+
runDrainBarrier
|
|
53
|
+
};
|
|
54
|
+
//# sourceMappingURL=chunk-QHJW5EXU.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/port/by/types.ts"],"sourcesContent":["/**\n * Kernel coordination port — the injected `CoordinationProvider` seam for the\n * schema-fence drain-barrier.\n *\n * The kernel defines this port; `@noy-db/by-tabs` / `@noy-db/by-peer` implement\n * it for real-time quorum, and an external orchestrator (`@klum-db/lobby`)\n * drives it through the `Noydb` handle without ever naming a `by-*` package.\n * The dependency arrow is `by-* → kernel ← klum`, the app at the apex.\n *\n * This module carries only the port TYPES plus two pure-ish helpers:\n * {@link isQuorum} (a pure quorum predicate extracted from the legacy\n * `activeQuiesced`) and {@link runDrainBarrier} (the reusable barrier protocol\n * the migration cutover and klum both call).\n *\n * @module\n */\n\nimport { QuiesceTimeoutError } from '../../kernel/errors.js'\nimport type { Unsubscribe } from '../with/write-hooks.js'\n\n/** Vault fence state (the existing FenceDoc shape). */\nexport interface FenceState {\n readonly currentSchemaVersion: number\n readonly fenceState: 'normal' | 'draining' | 'migrating' | 'complete'\n}\n\n/** A writer's presence + ack, tagged with the session that owns it. */\nexport interface WriterPresence {\n /** = today's clientId (one per tab/peer). */\n readonly writerId: string\n /** Groups one user's writers across vaults (consolidation is klum's job). */\n readonly sessionId: string\n readonly lastSeen: number\n readonly quiescedAtVersion: number | null\n}\n\n/** Session-addressable drain-barrier coordination transport. Per-vault ops. */\nexport interface CoordinationProvider {\n /** orchestrator → all writers */\n setFence(vault: string, fence: FenceState): Promise<void>\n /**\n * Fresh one-shot fence read for the write-path gate (`assertWritable`).\n * A direct read (not a cached `observeFence` snapshot) avoids a staleness\n * window and keeps the timing-sensitive cutover gate exact. The store\n * default reads `_meta/schema-fence`; `by-*` return their last-pushed fence.\n */\n readFence(vault: string): Promise<FenceState>\n /** writer observes fence changes (default: poll-emit; by-*: push) */\n observeFence(vault: string, onChange: (f: FenceState) => void): Unsubscribe\n /** writer → orchestrator: presence + ack (heartbeat + quiescedAtVersion) */\n reportPresence(vault: string, p: WriterPresence): Promise<void>\n /** orchestrator observes presence changes (default: poll-emit; by-*: push) */\n observePresence(vault: string, onChange: (writers: readonly WriterPresence[]) => void): Unsubscribe\n /** orchestrator one-shot snapshot of reachable writers (quorum input) */\n reachableWriters(vault: string, o: { staleMs: number; now: number }): Promise<readonly WriterPresence[]>\n}\n\n/**\n * Pure quorum predicate: true when every writer (other than `excludeWriterId`)\n * has acked at exactly `generation`. An empty set is trivially a quorum.\n *\n * Extracted from the legacy `activeQuiesced` store-polling check so the\n * migration cutover, the store default provider, and `by-*` real-time\n * providers all share one definition of \"everyone has drained\".\n */\nexport function isQuorum(\n writers: readonly WriterPresence[],\n generation: number,\n excludeWriterId?: string,\n): boolean {\n return writers.filter((w) => w.writerId !== excludeWriterId).every((w) => w.quiescedAtVersion === generation)\n}\n\n/** Inputs for {@link runDrainBarrier}. */\nexport interface DrainBarrierOptions {\n readonly vault: string\n readonly generation: number\n readonly writerId: string\n readonly onFlush: () => Promise<void>\n readonly staleMs: number\n readonly quiesceTimeoutMs: number\n readonly now: () => number\n /** Optional seam (mainly for deterministic tests) run before each poll tick. */\n readonly onPoll?: () => Promise<void>\n}\n\n/**\n * The reusable drain-barrier protocol shared by the migration cutover and klum:\n *\n * drain self → setFence(draining) → await quorum (presence push + isQuorum,\n * polling as a fallback, or timeout) → run() → release-by-caller.\n *\n * Resolves once every reachable writer (excluding `writerId`) has quiesced at\n * `generation`, at which point `run` is invoked exactly once. Rejects with\n * {@link QuiesceTimeoutError} if `quiesceTimeoutMs` elapses first.\n */\nexport async function runDrainBarrier(\n provider: CoordinationProvider,\n o: DrainBarrierOptions,\n run: () => Promise<void>,\n): Promise<void> {\n await provider.setFence(o.vault, { currentSchemaVersion: o.generation, fenceState: 'draining' })\n await o.onFlush()\n\n const deadline = o.now() + o.quiesceTimeoutMs\n const seeded = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() })\n if (!isQuorum(seeded, o.generation, o.writerId)) {\n await new Promise<void>((resolve, reject) => {\n let settled = false\n const finish = (fn: () => void) => {\n if (!settled) {\n settled = true\n unsub()\n fn()\n }\n }\n const unsub = provider.observePresence(o.vault, (writers) => {\n if (isQuorum(writers, o.generation, o.writerId)) finish(resolve)\n })\n const tick = async () => {\n if (settled) return\n if (o.now() >= deadline) {\n finish(() =>\n reject(\n new QuiesceTimeoutError(\n `Cutover of vault \"${o.vault}\" to generation ${o.generation} timed out ` +\n `after ${o.quiesceTimeoutMs}ms waiting for active writers to quiesce.`,\n ),\n ),\n )\n return\n }\n if (o.onPoll) await o.onPoll()\n const w = await provider.reachableWriters(o.vault, { staleMs: o.staleMs, now: o.now() })\n if (isQuorum(w, o.generation, o.writerId)) finish(resolve)\n else setTimeout(() => void tick(), 25)\n }\n void tick()\n })\n }\n await run()\n}\n"],"mappings":";;;;;AAiEO,SAAS,SACd,SACA,YACA,iBACS;AACT,SAAO,QAAQ,OAAO,CAAC,MAAM,EAAE,aAAa,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,UAAU;AAC9G;AAyBA,eAAsB,gBACpB,UACA,GACA,KACe;AACf,QAAM,SAAS,SAAS,EAAE,OAAO,EAAE,sBAAsB,EAAE,YAAY,YAAY,WAAW,CAAC;AAC/F,QAAM,EAAE,QAAQ;AAEhB,QAAM,WAAW,EAAE,IAAI,IAAI,EAAE;AAC7B,QAAM,SAAS,MAAM,SAAS,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,KAAK,EAAE,IAAI,EAAE,CAAC;AAC5F,MAAI,CAAC,SAAS,QAAQ,EAAE,YAAY,EAAE,QAAQ,GAAG;AAC/C,UAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,UAAI,UAAU;AACd,YAAM,SAAS,CAAC,OAAmB;AACjC,YAAI,CAAC,SAAS;AACZ,oBAAU;AACV,gBAAM;AACN,aAAG;AAAA,QACL;AAAA,MACF;AACA,YAAM,QAAQ,SAAS,gBAAgB,EAAE,OAAO,CAAC,YAAY;AAC3D,YAAI,SAAS,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAG,QAAO,OAAO;AAAA,MACjE,CAAC;AACD,YAAM,OAAO,YAAY;AACvB,YAAI,QAAS;AACb,YAAI,EAAE,IAAI,KAAK,UAAU;AACvB;AAAA,YAAO,MACL;AAAA,cACE,IAAI;AAAA,gBACF,qBAAqB,EAAE,KAAK,mBAAmB,EAAE,UAAU,oBAChD,EAAE,gBAAgB;AAAA,cAC/B;AAAA,YACF;AAAA,UACF;AACA;AAAA,QACF;AACA,YAAI,EAAE,OAAQ,OAAM,EAAE,OAAO;AAC7B,cAAM,IAAI,MAAM,SAAS,iBAAiB,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,KAAK,EAAE,IAAI,EAAE,CAAC;AACvF,YAAI,SAAS,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAG,QAAO,OAAO;AAAA,YACpD,YAAW,MAAM,KAAK,KAAK,GAAG,EAAE;AAAA,MACvC;AACA,WAAK,KAAK;AAAA,IACZ,CAAC;AAAA,EACH;AACA,QAAM,IAAI;AACZ;","names":[]}
|
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
import {
|
|
2
|
+
resolveManagedSecret
|
|
3
|
+
} from "./chunk-ZCGAHGUS.js";
|
|
4
|
+
import {
|
|
5
|
+
parseExtractedPartitionBody,
|
|
6
|
+
readPod,
|
|
7
|
+
readPodHeader
|
|
8
|
+
} from "./chunk-FISN7WE4.js";
|
|
9
|
+
import {
|
|
10
|
+
createOwnerKeyring
|
|
11
|
+
} from "./chunk-WWGT2MDV.js";
|
|
12
|
+
import {
|
|
13
|
+
LedgerStore
|
|
14
|
+
} from "./chunk-LXQT4WMP.js";
|
|
15
|
+
import {
|
|
16
|
+
LEDGER_COLLECTION
|
|
17
|
+
} from "./chunk-I7FD46FF.js";
|
|
18
|
+
import {
|
|
19
|
+
base64ToBuffer,
|
|
20
|
+
openEnvelopeJson,
|
|
21
|
+
wrapKey
|
|
22
|
+
} from "./chunk-5O3AOPDT.js";
|
|
23
|
+
import {
|
|
24
|
+
AdoptionStateError,
|
|
25
|
+
TransferSealError,
|
|
26
|
+
ValidationError
|
|
27
|
+
} from "./chunk-ZYUC53LT.js";
|
|
28
|
+
|
|
29
|
+
// src/with-cargo/adopt-partition.ts
|
|
30
|
+
async function unsealDeks(seal, transferKey) {
|
|
31
|
+
if (transferKey.byteLength !== 32) {
|
|
32
|
+
throw new TransferSealError(
|
|
33
|
+
`transfer key must be 32 bytes, got ${transferKey.byteLength}.`
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
const key = await crypto.subtle.importKey("raw", transferKey, "AES-GCM", false, ["decrypt"]);
|
|
37
|
+
const raw = base64ToBuffer(seal.payload);
|
|
38
|
+
let plaintext;
|
|
39
|
+
try {
|
|
40
|
+
plaintext = await crypto.subtle.decrypt(
|
|
41
|
+
{ name: "AES-GCM", iv: raw.slice(0, 12) },
|
|
42
|
+
key,
|
|
43
|
+
raw.slice(12)
|
|
44
|
+
);
|
|
45
|
+
} catch {
|
|
46
|
+
throw new TransferSealError(
|
|
47
|
+
"transfer seal could not be opened \u2014 wrong transfer key (AES-GCM authentication failed)."
|
|
48
|
+
);
|
|
49
|
+
}
|
|
50
|
+
let dekMap;
|
|
51
|
+
try {
|
|
52
|
+
dekMap = JSON.parse(new TextDecoder().decode(plaintext));
|
|
53
|
+
} catch {
|
|
54
|
+
throw new TransferSealError("transfer seal payload is not valid JSON after decryption.");
|
|
55
|
+
}
|
|
56
|
+
const deks = /* @__PURE__ */ new Map();
|
|
57
|
+
for (const [collection, b64] of Object.entries(dekMap)) {
|
|
58
|
+
const dek = await crypto.subtle.importKey("raw", base64ToBuffer(b64), "AES-GCM", true, ["encrypt", "decrypt"]);
|
|
59
|
+
deks.set(collection, dek);
|
|
60
|
+
}
|
|
61
|
+
return deks;
|
|
62
|
+
}
|
|
63
|
+
async function adoptPartition(bundleBytes, opts) {
|
|
64
|
+
const { transferKey, destinationStore, vaultName } = opts;
|
|
65
|
+
const header = readPodHeader(bundleBytes);
|
|
66
|
+
if (header.bundleKind !== "extracted-partition" || header.transferSeal === void 0) {
|
|
67
|
+
throw new ValidationError(
|
|
68
|
+
"adoptPartition requires an extracted-partition bundle with a transfer seal. For ordinary backups use readPod + vault.load."
|
|
69
|
+
);
|
|
70
|
+
}
|
|
71
|
+
const { dumpJson } = await readPod(bundleBytes);
|
|
72
|
+
const { dump, seal } = parseExtractedPartitionBody(dumpJson);
|
|
73
|
+
await unsealDeks(seal, transferKey);
|
|
74
|
+
const existing = await destinationStore.get(vaultName, "_meta", "adoption");
|
|
75
|
+
if (existing) {
|
|
76
|
+
const prior = JSON.parse(existing._data);
|
|
77
|
+
if (prior.sealId === seal.sealId) {
|
|
78
|
+
throw new AdoptionStateError(
|
|
79
|
+
`partition (sealId ${seal.sealId}) is already adopted into vault "${vaultName}".`
|
|
80
|
+
);
|
|
81
|
+
}
|
|
82
|
+
throw new AdoptionStateError(
|
|
83
|
+
`vault "${vaultName}" already holds an adopted partition (sealId ${prior.sealId}); adopting a different partition (sealId ${seal.sealId}) here would overwrite it. Adopt into a fresh vaultName instead.`
|
|
84
|
+
);
|
|
85
|
+
}
|
|
86
|
+
const existingKeyring = await destinationStore.list(vaultName, "_keyring");
|
|
87
|
+
if (existingKeyring.length > 0) {
|
|
88
|
+
throw new AdoptionStateError(
|
|
89
|
+
`vault "${vaultName}" already holds a keyring (an unrelated owner exists at this slot); adoptPartition requires a fresh vaultName to avoid destructive saveAll on SQL adapters.`
|
|
90
|
+
);
|
|
91
|
+
}
|
|
92
|
+
const backup = JSON.parse(dump);
|
|
93
|
+
await destinationStore.saveAll(vaultName, backup.collections);
|
|
94
|
+
if (backup._internal) {
|
|
95
|
+
for (const [collection, records] of Object.entries(backup._internal)) {
|
|
96
|
+
for (const [id, envelope] of Object.entries(records)) {
|
|
97
|
+
await destinationStore.put(vaultName, collection, id, envelope);
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
const adoptedAt = (/* @__PURE__ */ new Date()).toISOString();
|
|
102
|
+
const adoption = { sealId: seal.sealId, adoptedAt, needsOwner: true, transferSeal: seal };
|
|
103
|
+
await destinationStore.put(vaultName, "_meta", "adoption", {
|
|
104
|
+
_noydb: 1,
|
|
105
|
+
_v: 1,
|
|
106
|
+
_ts: adoptedAt,
|
|
107
|
+
_iv: "",
|
|
108
|
+
_data: JSON.stringify(adoption)
|
|
109
|
+
});
|
|
110
|
+
return { vaultName, needsOwner: true, sealId: seal.sealId };
|
|
111
|
+
}
|
|
112
|
+
function isManaged(o) {
|
|
113
|
+
return "passphraseMode" in o && o.passphraseMode === "managed";
|
|
114
|
+
}
|
|
115
|
+
async function createOwnerOnAdoptedPartition(store, vaultName, opts) {
|
|
116
|
+
const { userId, transferKey } = opts;
|
|
117
|
+
if (isManaged(opts) && !opts.recovery.some((r) => r.profile === "shamir")) {
|
|
118
|
+
throw new AdoptionStateError(
|
|
119
|
+
"managed-mode adoption requires at least one strong (shamir) recovery profile in `recovery` \u2014 paper alone is not strong when there is no user passphrase to fall back on."
|
|
120
|
+
);
|
|
121
|
+
}
|
|
122
|
+
const adoptionEnv = await store.get(vaultName, "_meta", "adoption");
|
|
123
|
+
if (!adoptionEnv) {
|
|
124
|
+
throw new AdoptionStateError(
|
|
125
|
+
`vault "${vaultName}" is not an adopted partition (no _meta/adoption). createOwnerOnAdoptedPartition only applies to vaults created via adoptPartition.`
|
|
126
|
+
);
|
|
127
|
+
}
|
|
128
|
+
const adoption = JSON.parse(adoptionEnv._data);
|
|
129
|
+
if (adoption.consumedAt !== void 0 || adoption.transferSeal === void 0) {
|
|
130
|
+
throw new AdoptionStateError(
|
|
131
|
+
`vault "${vaultName}" already has an owner (transfer seal consumed at ${adoption.consumedAt}).`
|
|
132
|
+
);
|
|
133
|
+
}
|
|
134
|
+
const partitionDeks = await unsealDeks(adoption.transferSeal, transferKey);
|
|
135
|
+
const existingKeyring = await store.get(vaultName, "_keyring", userId);
|
|
136
|
+
const otherOwners = (await store.list(vaultName, "_keyring")).filter((u) => u !== userId);
|
|
137
|
+
if (otherOwners.length > 0) {
|
|
138
|
+
throw new AdoptionStateError(
|
|
139
|
+
`vault "${vaultName}" already has a keyring for a different owner; cannot create owner "${userId}".`
|
|
140
|
+
);
|
|
141
|
+
}
|
|
142
|
+
const partitionCollections = [...partitionDeks.keys()];
|
|
143
|
+
const priorDeks = existingKeyring ? JSON.parse(existingKeyring._data).deks : {};
|
|
144
|
+
const ownerMinted = existingKeyring !== null && partitionCollections.every((c) => c in priorDeks);
|
|
145
|
+
if (!ownerMinted) {
|
|
146
|
+
const passphrase = isManaged(opts) ? await resolveManagedSecret(store, vaultName, opts.sealingKey) : opts.passphrase;
|
|
147
|
+
const unlocked = await createOwnerKeyring(store, vaultName, userId, passphrase);
|
|
148
|
+
const env = await store.get(vaultName, "_keyring", userId);
|
|
149
|
+
if (!env) throw new AdoptionStateError(`keyring write for "${userId}" did not persist`);
|
|
150
|
+
const keyringFile = JSON.parse(env._data);
|
|
151
|
+
const kek = unlocked.kek;
|
|
152
|
+
if (!kek) throw new AdoptionStateError(`owner keyring for "${userId}" has no KEK to wrap partition DEKs under`);
|
|
153
|
+
const mergedDeks = { ...keyringFile.deks };
|
|
154
|
+
for (const [collection, dek] of partitionDeks) {
|
|
155
|
+
mergedDeks[collection] = await wrapKey(dek, kek);
|
|
156
|
+
}
|
|
157
|
+
const mergedFile = { ...keyringFile, deks: mergedDeks };
|
|
158
|
+
await store.put(vaultName, "_keyring", userId, { ...env, _data: JSON.stringify(mergedFile) });
|
|
159
|
+
}
|
|
160
|
+
const ledgerDek = partitionDeks.get(LEDGER_COLLECTION);
|
|
161
|
+
if (ledgerDek) {
|
|
162
|
+
const ledger = new LedgerStore({
|
|
163
|
+
adapter: store,
|
|
164
|
+
vault: vaultName,
|
|
165
|
+
encrypted: true,
|
|
166
|
+
getDEK: async () => ledgerDek,
|
|
167
|
+
actor: userId
|
|
168
|
+
});
|
|
169
|
+
const creationReason = `creation-of-new-owner:${userId}`;
|
|
170
|
+
const consumedReason = `transfer-seal-consumed:${adoption.sealId}`;
|
|
171
|
+
const recordedReasons = new Set((await ledger.loadAllEntries()).map((e) => e.reason));
|
|
172
|
+
if (!recordedReasons.has(creationReason)) {
|
|
173
|
+
await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: creationReason });
|
|
174
|
+
}
|
|
175
|
+
if (!recordedReasons.has(consumedReason)) {
|
|
176
|
+
await ledger.append({ op: "lifecycle", collection: "", id: "", version: 0, actor: "", payloadHash: "", reason: consumedReason });
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
if (isManaged(opts)) {
|
|
180
|
+
const { createNoydb } = await import("./noydb-LDEBLNHY.js");
|
|
181
|
+
const db = await createNoydb({
|
|
182
|
+
store,
|
|
183
|
+
user: userId,
|
|
184
|
+
passphraseMode: "managed",
|
|
185
|
+
sealingKey: opts.sealingKey,
|
|
186
|
+
shamirRecovery: opts.shamirRecovery
|
|
187
|
+
});
|
|
188
|
+
await db.openVaultAndEnrollRecovery(vaultName, { recovery: opts.recovery });
|
|
189
|
+
}
|
|
190
|
+
const consumed = { sealId: adoption.sealId, adoptedAt: adoption.adoptedAt, consumedAt: (/* @__PURE__ */ new Date()).toISOString() };
|
|
191
|
+
await store.put(vaultName, "_meta", "adoption", { ...adoptionEnv, _data: JSON.stringify(consumed) });
|
|
192
|
+
return { vaultName, userId };
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
// src/with-cargo/decrypt-partition.ts
|
|
196
|
+
async function decryptExtractedPartition(bundleBytes, transferKey) {
|
|
197
|
+
const header = readPodHeader(bundleBytes);
|
|
198
|
+
if (header.bundleKind !== "extracted-partition" || header.transferSeal === void 0) {
|
|
199
|
+
throw new Error("decryptExtractedPartition: bundle is not an extracted-partition.");
|
|
200
|
+
}
|
|
201
|
+
const { dumpJson } = await readPod(bundleBytes);
|
|
202
|
+
const { dump, seal } = parseExtractedPartitionBody(dumpJson);
|
|
203
|
+
const deks = await unsealDeks(seal, transferKey);
|
|
204
|
+
const backup = JSON.parse(dump);
|
|
205
|
+
const out = {};
|
|
206
|
+
for (const [collection, byId] of Object.entries(backup.collections)) {
|
|
207
|
+
const dek = deks.get(collection);
|
|
208
|
+
if (dek === void 0) continue;
|
|
209
|
+
const recs = [];
|
|
210
|
+
for (const [id, env] of Object.entries(byId)) {
|
|
211
|
+
const plaintext = await openEnvelopeJson(env, dek);
|
|
212
|
+
const body = JSON.parse(plaintext);
|
|
213
|
+
recs.push({
|
|
214
|
+
id,
|
|
215
|
+
record: { ...body, id },
|
|
216
|
+
ts: env._ts,
|
|
217
|
+
version: env._v,
|
|
218
|
+
...env._source !== void 0 ? { source: env._source } : {},
|
|
219
|
+
...env._sourceTs !== void 0 ? { sourceTs: env._sourceTs } : {}
|
|
220
|
+
});
|
|
221
|
+
}
|
|
222
|
+
out[collection] = recs;
|
|
223
|
+
}
|
|
224
|
+
return out;
|
|
225
|
+
}
|
|
226
|
+
|
|
227
|
+
export {
|
|
228
|
+
unsealDeks,
|
|
229
|
+
adoptPartition,
|
|
230
|
+
createOwnerOnAdoptedPartition,
|
|
231
|
+
decryptExtractedPartition
|
|
232
|
+
};
|
|
233
|
+
//# sourceMappingURL=chunk-QZISFCVG.js.map
|