@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +129 -3
- package/dist/adapter/index.d.ts +5 -0
- package/dist/adapter/index.js +15 -0
- package/dist/aggregate/index.d.ts +6 -2
- package/dist/aggregate/index.js +24 -16
- package/dist/aggregate/index.js.map +1 -1
- package/dist/api-RW3KP7WU.js +14 -0
- package/dist/as/index.d.ts +7 -0
- package/dist/as/index.js +24 -0
- package/dist/at/index.d.ts +5 -0
- package/dist/at/index.js +1 -0
- package/dist/attestation/index.d.ts +15 -47
- package/dist/attestation/index.js +54 -10
- package/dist/attestation/index.js.map +1 -1
- package/dist/backup-KMJQ66MF.js +219 -0
- package/dist/backup-KMJQ66MF.js.map +1 -0
- package/dist/blobs/index.d.ts +6 -8
- package/dist/blobs/index.js +19 -12
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +16 -70
- package/dist/bundle/index.js +39 -476
- package/dist/bundle/index.js.map +1 -1
- package/dist/{ulid-CJ8RzRrm.d.ts → bundle-PwBGkhpe.d.ts} +31 -86
- package/dist/by/index.d.ts +1 -0
- package/dist/by/index.js +11 -0
- package/dist/cargo/index.d.ts +9 -0
- package/dist/cargo/index.js +89 -0
- package/dist/chunk-26LGBE4T.js +42 -0
- package/dist/chunk-26LGBE4T.js.map +1 -0
- package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
- package/dist/chunk-3YFXJ3ZP.js.map +1 -0
- package/dist/chunk-4Q6HSHHL.js +90 -0
- package/dist/chunk-4Q6HSHHL.js.map +1 -0
- package/dist/chunk-5LUY7UTV.js +380 -0
- package/dist/chunk-5LUY7UTV.js.map +1 -0
- package/dist/chunk-5N6CZTCY.js +367 -0
- package/dist/chunk-5N6CZTCY.js.map +1 -0
- package/dist/chunk-5O3AOPDT.js +992 -0
- package/dist/chunk-5O3AOPDT.js.map +1 -0
- package/dist/chunk-5R3ERCDH.js +239 -0
- package/dist/chunk-5R3ERCDH.js.map +1 -0
- package/dist/chunk-5TDJ56JE.js +32 -0
- package/dist/chunk-5TDJ56JE.js.map +1 -0
- package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
- package/dist/chunk-62QYRORB.js.map +1 -0
- package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
- package/dist/chunk-6S7T6WC4.js.map +1 -0
- package/dist/chunk-76722EBH.js +451 -0
- package/dist/chunk-76722EBH.js.map +1 -0
- package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
- package/dist/chunk-AIWULCUO.js.map +1 -0
- package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
- package/dist/chunk-AQTBSL7R.js.map +1 -0
- package/dist/chunk-AURFOK3D.js +35 -0
- package/dist/chunk-AURFOK3D.js.map +1 -0
- package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
- package/dist/chunk-AXRXJTE2.js.map +1 -0
- package/dist/chunk-AZAOEIKW.js +155 -0
- package/dist/chunk-AZAOEIKW.js.map +1 -0
- package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
- package/dist/chunk-BG3SPSR4.js.map +1 -0
- package/dist/chunk-BGIZAFY7.js +1 -0
- package/dist/chunk-CHFZDSE4.js +1 -0
- package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
- package/dist/chunk-CMGR4ZEW.js.map +1 -0
- package/dist/chunk-CWPPNPOH.js +23 -0
- package/dist/chunk-CWPPNPOH.js.map +1 -0
- package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
- package/dist/chunk-DFEMTNPJ.js.map +1 -0
- package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
- package/dist/chunk-DGDI2D4M.js.map +1 -0
- package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
- package/dist/chunk-EIZUR2XW.js.map +1 -0
- package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
- package/dist/chunk-FISN7WE4.js.map +1 -0
- package/dist/chunk-GHVIKOHT.js +1 -0
- package/dist/chunk-GYGWYIOZ.js +200 -0
- package/dist/chunk-GYGWYIOZ.js.map +1 -0
- package/dist/chunk-HCIPRAGS.js +45 -0
- package/dist/chunk-HCIPRAGS.js.map +1 -0
- package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
- package/dist/chunk-I2NOIW44.js.map +1 -0
- package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
- package/dist/chunk-I3TIKTJO.js.map +1 -0
- package/dist/chunk-I7FD46FF.js +9 -0
- package/dist/chunk-I7FD46FF.js.map +1 -0
- package/dist/chunk-IAGBDSCS.js +40 -0
- package/dist/chunk-IAGBDSCS.js.map +1 -0
- package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
- package/dist/chunk-IELYAOGG.js.map +1 -0
- package/dist/chunk-IGUYVGGI.js +205 -0
- package/dist/chunk-IGUYVGGI.js.map +1 -0
- package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
- package/dist/chunk-IO6GRPT6.js.map +1 -0
- package/dist/chunk-IPB7FTQX.js +273 -0
- package/dist/chunk-IPB7FTQX.js.map +1 -0
- package/dist/chunk-ITNUCOXM.js +148 -0
- package/dist/chunk-ITNUCOXM.js.map +1 -0
- package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
- package/dist/chunk-IUEN57TV.js.map +1 -0
- package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
- package/dist/chunk-JNUWZ6D3.js.map +1 -0
- package/dist/chunk-K2WCO3NX.js +1 -0
- package/dist/chunk-KVOXU4T5.js +30 -0
- package/dist/chunk-KVOXU4T5.js.map +1 -0
- package/dist/chunk-KXGNJJXB.js +135 -0
- package/dist/chunk-KXGNJJXB.js.map +1 -0
- package/dist/chunk-LB7FD65R.js +163 -0
- package/dist/chunk-LB7FD65R.js.map +1 -0
- package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
- package/dist/chunk-LFLXAY2W.js.map +1 -0
- package/dist/chunk-LMTH2RM6.js +129 -0
- package/dist/chunk-LMTH2RM6.js.map +1 -0
- package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
- package/dist/chunk-LV7M27WM.js.map +1 -0
- package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
- package/dist/chunk-LXQT4WMP.js.map +1 -0
- package/dist/chunk-M2YKN37S.js +524 -0
- package/dist/chunk-M2YKN37S.js.map +1 -0
- package/dist/chunk-M6OST55S.js +14 -0
- package/dist/chunk-M6OST55S.js.map +1 -0
- package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
- package/dist/chunk-MD3Y6J3L.js.map +1 -0
- package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
- package/dist/chunk-MTMJVJ5W.js.map +1 -0
- package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
- package/dist/chunk-NF5JWERG.js.map +1 -0
- package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
- package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
- package/dist/{chunk-6CME4UEK.js → chunk-PSHOXR6C.js} +7008 -4827
- package/dist/chunk-PSHOXR6C.js.map +1 -0
- package/dist/chunk-PSMV73A5.js +117 -0
- package/dist/chunk-PSMV73A5.js.map +1 -0
- package/dist/chunk-PY4KJPYU.js +9 -0
- package/dist/chunk-PY4KJPYU.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
- package/dist/chunk-Q7SS3IME.js.map +1 -0
- package/dist/chunk-QHJW5EXU.js +54 -0
- package/dist/chunk-QHJW5EXU.js.map +1 -0
- package/dist/chunk-QZISFCVG.js +233 -0
- package/dist/chunk-QZISFCVG.js.map +1 -0
- package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
- package/dist/chunk-RUEKROOS.js.map +1 -0
- package/dist/chunk-RUIMKQTA.js +23 -0
- package/dist/chunk-RUIMKQTA.js.map +1 -0
- package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
- package/dist/chunk-SKF73JOP.js.map +1 -0
- package/dist/chunk-SM3AVUHC.js +42 -0
- package/dist/chunk-SM3AVUHC.js.map +1 -0
- package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
- package/dist/chunk-SMXWYP24.js.map +1 -0
- package/dist/chunk-SRB2XEWB.js +148 -0
- package/dist/chunk-SRB2XEWB.js.map +1 -0
- package/dist/chunk-SVLR4POP.js +64 -0
- package/dist/chunk-SVLR4POP.js.map +1 -0
- package/dist/chunk-TA66UMI4.js +123 -0
- package/dist/chunk-TA66UMI4.js.map +1 -0
- package/dist/chunk-TEILUWOI.js +664 -0
- package/dist/chunk-TEILUWOI.js.map +1 -0
- package/dist/chunk-TJYQIGAP.js +82 -0
- package/dist/chunk-TJYQIGAP.js.map +1 -0
- package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
- package/dist/chunk-UAG5KWVA.js.map +1 -0
- package/dist/chunk-UDRIWL7A.js +382 -0
- package/dist/chunk-UDRIWL7A.js.map +1 -0
- package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
- package/dist/chunk-UIU2THRG.js.map +1 -0
- package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
- package/dist/chunk-UPJNJGGA.js.map +1 -0
- package/dist/chunk-UV5MFVO3.js +21 -0
- package/dist/chunk-UV5MFVO3.js.map +1 -0
- package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
- package/dist/chunk-V7RWQRG7.js.map +1 -0
- package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
- package/dist/chunk-VCTFO5CO.js.map +1 -0
- package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
- package/dist/chunk-VFQGRQIH.js.map +1 -0
- package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
- package/dist/chunk-VQNJ7UZL.js.map +1 -0
- package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
- package/dist/chunk-WWGT2MDV.js.map +1 -0
- package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
- package/dist/chunk-WXSYDNBT.js.map +1 -0
- package/dist/chunk-WYSO2NIH.js +30 -0
- package/dist/chunk-WYSO2NIH.js.map +1 -0
- package/dist/chunk-XXYIOFUB.js +164 -0
- package/dist/chunk-XXYIOFUB.js.map +1 -0
- package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
- package/dist/chunk-Y22T3KQE.js.map +1 -0
- package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
- package/dist/chunk-YMUGBZN2.js.map +1 -0
- package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
- package/dist/chunk-ZCGAHGUS.js.map +1 -0
- package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
- package/dist/chunk-ZJADGNYF.js.map +1 -0
- package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
- package/dist/chunk-ZYUC53LT.js.map +1 -0
- package/dist/collection-facade-GQAOGJP2.js +33 -0
- package/dist/consent/index.d.ts +5 -7
- package/dist/consent/index.js +7 -5
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +6 -2
- package/dist/crdt/index.js +3 -2
- package/dist/crdt/index.js.map +1 -1
- package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
- package/dist/delegation-UL5HKLER.js +19 -0
- package/dist/derivations/index.d.ts +7 -9
- package/dist/derivations/index.js +11 -6
- package/dist/describe/index.d.ts +1 -0
- package/dist/describe/index.js +1 -0
- package/dist/describe-Ccd1hS7a.d.ts +143 -0
- package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-h0K-UZTk.d.ts} +1 -1
- package/dist/discriminant-BN9REW3o.d.ts +60 -0
- package/dist/enclave-UL5LW66V.js +88 -0
- package/dist/executor-2FWQRLMG.js +15 -0
- package/dist/executor-QZ7BXICW.js +9 -0
- package/dist/executor-Z5ZLJVTV.js +9 -0
- package/dist/export-accessible-KRV5W4GH.js +17 -0
- package/dist/extract-partition-GLKBOXFQ.js +30 -0
- package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
- package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
- package/dist/forget/index.d.ts +36 -0
- package/dist/forget/index.js +19 -0
- package/dist/forget/index.js.map +1 -0
- package/dist/guards/index.d.ts +13 -9
- package/dist/guards/index.js +12 -5
- package/dist/{hash-DdpVypUp.d.cts → hash-CdSr06sm.d.ts} +5 -1
- package/dist/history/index.d.ts +6 -8
- package/dist/history/index.js +19 -12
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +5 -7
- package/dist/i18n/index.js +104 -15
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +5 -0
- package/dist/in/index.js +1 -0
- package/dist/in/index.js.map +1 -0
- package/dist/index-B9QdHytu.d.ts +123 -0
- package/dist/index-CGLLRtFc.d.ts +123 -0
- package/dist/{types-Df28QFKb.d.ts → index-_6At2_9_.d.ts} +16270 -8358
- package/dist/index.d.ts +1088 -450
- package/dist/index.js +1165 -293
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +6 -3
- package/dist/indexing/index.js +6 -5
- package/dist/indexing/index.js.map +1 -1
- package/dist/issue-Y6UVIR43.js +13 -0
- package/dist/issue-Y6UVIR43.js.map +1 -0
- package/dist/kernel/index.d.ts +32 -0
- package/dist/kernel/index.js +53 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
- package/dist/ledger-RYI35CDS.js.map +1 -0
- package/dist/liberate-CRPZEV7O.js +18 -0
- package/dist/liberate-CRPZEV7O.js.map +1 -0
- package/dist/materialized-views/index.d.ts +6 -19
- package/dist/materialized-views/index.js +16 -12
- package/dist/mime-magic-B4RoFj3B.d.ts +103 -0
- package/dist/noydb-LDEBLNHY.js +50 -0
- package/dist/noydb-LDEBLNHY.js.map +1 -0
- package/dist/on/index.d.ts +5 -0
- package/dist/on/index.js +11 -0
- package/dist/on/index.js.map +1 -0
- package/dist/overlay-views/index.d.ts +27 -11
- package/dist/overlay-views/index.js +7 -6
- package/dist/periods/index.d.ts +5 -7
- package/dist/periods/index.js +13 -9
- package/dist/pod/index.d.ts +63 -0
- package/dist/pod/index.js +61 -0
- package/dist/pod/index.js.map +1 -0
- package/dist/policy-IXK4FVXP.js +41 -0
- package/dist/policy-IXK4FVXP.js.map +1 -0
- package/dist/portability/index.d.ts +20 -0
- package/dist/portability/index.js +43 -0
- package/dist/portability/index.js.map +1 -0
- package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
- package/dist/public-envelope-JHDQCPSX.js.map +1 -0
- package/dist/query/index.d.ts +5 -3
- package/dist/query/index.js +21 -13
- package/dist/read-only-facade-5ADRJVTM.js +8 -0
- package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
- package/dist/registry-45RJNWGU.js +9 -0
- package/dist/registry-45RJNWGU.js.map +1 -0
- package/dist/registry-5GRV5VXI.js +13 -0
- package/dist/registry-5GRV5VXI.js.map +1 -0
- package/dist/registry-VW6P6A3J.js +8 -0
- package/dist/registry-VW6P6A3J.js.map +1 -0
- package/dist/registry-WEUCHBO4.js +11 -0
- package/dist/registry-WEUCHBO4.js.map +1 -0
- package/dist/request-withdrawal-GBPH2FDY.js +25 -0
- package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
- package/dist/revoke-TUFRGI6S.js +18 -0
- package/dist/revoke-TUFRGI6S.js.map +1 -0
- package/dist/sealed-record/index.d.ts +69 -0
- package/dist/sealed-record/index.js +65 -0
- package/dist/sealed-record/index.js.map +1 -0
- package/dist/session/index.d.ts +6 -8
- package/dist/session/index.js +7 -5
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +5 -7
- package/dist/shadow/index.js +4 -3
- package/dist/shadow/index.js.map +1 -1
- package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
- package/dist/signer-PNKTBVF7.js.map +1 -0
- package/dist/snapshots/index.d.ts +6 -8
- package/dist/snapshots/index.js +13 -11
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
- package/dist/stale-3JWHNDIY.js.map +1 -0
- package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
- package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
- package/dist/subject-index-O75wKshW.d.ts +362 -0
- package/dist/sync/index.d.ts +4 -6
- package/dist/sync/index.js +7 -6
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +5 -7
- package/dist/team/index.js +20 -16
- package/dist/tiers/index.d.ts +5 -0
- package/dist/tiers/index.js +33 -0
- package/dist/tiers/index.js.map +1 -0
- package/dist/to/index.d.ts +5 -0
- package/dist/to/index.js +17 -0
- package/dist/to/index.js.map +1 -0
- package/dist/transition-guard-DqodPNKw.d.ts +165 -0
- package/dist/tx/index.d.ts +23 -9
- package/dist/tx/index.js +13 -8
- package/dist/tx/index.js.map +1 -1
- package/dist/ui/index.d.ts +1 -0
- package/dist/ui/index.js +1 -0
- package/dist/ui/index.js.map +1 -0
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/ulid-PTAIMDG4.js +10 -0
- package/dist/ulid-PTAIMDG4.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +7 -2
- package/dist/util/index.js.map +1 -1
- package/dist/vault-diff-BtpiBvic.d.ts +147 -0
- package/dist/with/index.d.ts +38 -0
- package/dist/with/index.js +25 -0
- package/dist/with/index.js.map +1 -0
- package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-DMmWtYfJ.d.ts} +1 -1
- package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-D_IB2nkM.d.ts} +2 -3
- package/dist/with-rollup-em2wxoHP.d.ts +47 -0
- package/dist/withdraw-accessible-FFS46EOD.js +22 -0
- package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
- package/dist/zod-HAJM7LMS.js +14763 -0
- package/dist/zod-HAJM7LMS.js.map +1 -0
- package/package.json +121 -201
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -38
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -52
- package/dist/blobs/index.cjs +0 -1480
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -46
- package/dist/bundle/index.cjs +0 -19264
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -176
- package/dist/chunk-22DWZL57.js.map +0 -1
- package/dist/chunk-2GLDA55J.js.map +0 -1
- package/dist/chunk-2QR2PQTT.js.map +0 -1
- package/dist/chunk-2WUSG3IT.js.map +0 -1
- package/dist/chunk-3BFJOWSU.js.map +0 -1
- package/dist/chunk-3YPCK6JX.js.map +0 -1
- package/dist/chunk-53XBRIRT.js.map +0 -1
- package/dist/chunk-5T22KDPN.js.map +0 -1
- package/dist/chunk-5XHKQ56N.js +0 -340
- package/dist/chunk-5XHKQ56N.js.map +0 -1
- package/dist/chunk-6CME4UEK.js.map +0 -1
- package/dist/chunk-6STK5TQP.js +0 -139
- package/dist/chunk-6STK5TQP.js.map +0 -1
- package/dist/chunk-A3JMGXPG.js.map +0 -1
- package/dist/chunk-B6PB7JLN.js.map +0 -1
- package/dist/chunk-BVRYKATC.js.map +0 -1
- package/dist/chunk-DE6GKS6G.js.map +0 -1
- package/dist/chunk-DFMLEQZB.js.map +0 -1
- package/dist/chunk-DJHHA6XH.js.map +0 -1
- package/dist/chunk-DL3HWOQ5.js.map +0 -1
- package/dist/chunk-DONMZAD2.js.map +0 -1
- package/dist/chunk-EMIGCR7X.js.map +0 -1
- package/dist/chunk-F3GDRNUT.js.map +0 -1
- package/dist/chunk-FZU343FL.js.map +0 -1
- package/dist/chunk-H2X3ISXG.js.map +0 -1
- package/dist/chunk-HNRHLRDC.js.map +0 -1
- package/dist/chunk-I5FOWO4J.js.map +0 -1
- package/dist/chunk-J66GRPNH.js.map +0 -1
- package/dist/chunk-JWRVQKRZ.js.map +0 -1
- package/dist/chunk-K3DK3NU5.js.map +0 -1
- package/dist/chunk-ML236QKC.js.map +0 -1
- package/dist/chunk-NONAAENK.js.map +0 -1
- package/dist/chunk-O3VZPBZG.js.map +0 -1
- package/dist/chunk-OIF6LZUR.js.map +0 -1
- package/dist/chunk-OQ6PIGHA.js +0 -19
- package/dist/chunk-OQ6PIGHA.js.map +0 -1
- package/dist/chunk-PE2FR4J3.js.map +0 -1
- package/dist/chunk-PP6W64Y3.js +0 -275
- package/dist/chunk-PP6W64Y3.js.map +0 -1
- package/dist/chunk-PX35GA7L.js.map +0 -1
- package/dist/chunk-QEILDE6R.js +0 -793
- package/dist/chunk-QEILDE6R.js.map +0 -1
- package/dist/chunk-QODLLGQ7.js.map +0 -1
- package/dist/chunk-RAZ4OVLL.js +0 -51
- package/dist/chunk-RAZ4OVLL.js.map +0 -1
- package/dist/chunk-SYMWGEET.js.map +0 -1
- package/dist/chunk-T7JEBOGN.js.map +0 -1
- package/dist/chunk-TFBP23BX.js.map +0 -1
- package/dist/chunk-TV3YZ35S.js +0 -90
- package/dist/chunk-TV3YZ35S.js.map +0 -1
- package/dist/chunk-U26HQ6KJ.js.map +0 -1
- package/dist/chunk-UF3BUNQZ.js +0 -1
- package/dist/chunk-UMLVJTYV.js +0 -20
- package/dist/chunk-UMLVJTYV.js.map +0 -1
- package/dist/chunk-VTKGMEPP.js.map +0 -1
- package/dist/chunk-W6EQLGMB.js +0 -100
- package/dist/chunk-W6EQLGMB.js.map +0 -1
- package/dist/chunk-WIRRPTFH.js +0 -17
- package/dist/chunk-WIRRPTFH.js.map +0 -1
- package/dist/chunk-WPLVTJ5D.js.map +0 -1
- package/dist/chunk-XJFLDA7A.js.map +0 -1
- package/dist/chunk-Z6FNBOTC.js.map +0 -1
- package/dist/chunk-ZYWZWG6G.js.map +0 -1
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -25
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/crypto-HTZ4FJOP.js +0 -44
- package/dist/delegation-RI54P6I5.js +0 -17
- package/dist/derivations/index.cjs +0 -351
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -72
- package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
- package/dist/executor-5PNY7LGW.js +0 -8
- package/dist/executor-B4QIYGZX.js +0 -8
- package/dist/executor-BWXXDQ7K.js +0 -11
- package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
- package/dist/guards/index.cjs +0 -322
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -31
- package/dist/hash-HJqD14vS.d.ts +0 -63
- package/dist/history/index.cjs +0 -1222
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -63
- package/dist/i18n/index.cjs +0 -1100
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -39
- package/dist/index-4fBVt8j9.d.cts +0 -2387
- package/dist/index-D8I_pyJD.d.ts +0 -2387
- package/dist/index.cjs +0 -24487
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -776
- package/dist/indexing/index.cjs +0 -742
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/issue-VGDPP4B5.js +0 -12
- package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
- package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -854
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -186
- package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
- package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
- package/dist/noydb-G725ZSZG.js +0 -34
- package/dist/overlay-views/index.cjs +0 -359
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -82
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -22
- package/dist/predicate-BSAGEyu5.d.cts +0 -209
- package/dist/predicate-BSAGEyu5.d.ts +0 -209
- package/dist/query/index.cjs +0 -2375
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -3
- package/dist/read-only-facade-ITU6L7BL.js +0 -7
- package/dist/registry-3QP3YKQS.js +0 -8
- package/dist/registry-DKEXOJVO.js +0 -7
- package/dist/registry-OJIOSBV6.js +0 -10
- package/dist/registry-USRVT6YF.js +0 -8
- package/dist/revoke-JCC7N56X.js +0 -17
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -46
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -17
- package/dist/snapshots/index.cjs +0 -937
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -28
- package/dist/store/index.cjs +0 -1083
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -492
- package/dist/store/index.d.ts +0 -492
- package/dist/store/index.js +0 -37
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-BSxFXGzb.d.ts +0 -110
- package/dist/strategy-DSTrsZ8t.d.cts +0 -601
- package/dist/strategy-DSTrsZ8t.d.ts +0 -601
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -43
- package/dist/team/index.cjs +0 -2798
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -118
- package/dist/tx/index.cjs +0 -544
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -21
- package/dist/types-DyXYr8rE.d.cts +0 -12818
- package/dist/ulid-COREQ2RQ.js +0 -9
- package/dist/ulid-Drr7ykr6.d.cts +0 -603
- package/dist/util/index.cjs +0 -230
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -77
- package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
- package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
- package/dist/with-guard-ByyxmEe7.d.cts +0 -18
- package/dist/with-guard-qube6BMI.d.ts +0 -18
- package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
- package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
- /package/dist/{store → adapter}/index.js.map +0 -0
- /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
- /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
- /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
- /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
- /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
- /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
- /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
- /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
- /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
- /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
- /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
- /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
- /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
- /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
- /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
- /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
- /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
- /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
- /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
|
@@ -1,365 +1,135 @@
|
|
|
1
|
+
import {
|
|
2
|
+
burnPaperRecoveryEntry,
|
|
3
|
+
loadPaperRecoveryEntries,
|
|
4
|
+
loadShamirRecoveryEntries,
|
|
5
|
+
unwrapDeksFromPaperEntry,
|
|
6
|
+
unwrapDeksFromShamirEntry
|
|
7
|
+
} from "./chunk-IGUYVGGI.js";
|
|
1
8
|
import {
|
|
2
9
|
dekKey
|
|
3
|
-
} from "./chunk-
|
|
10
|
+
} from "./chunk-IO6GRPT6.js";
|
|
4
11
|
import {
|
|
5
12
|
assertStrongPassphrase,
|
|
6
13
|
mintKeyringCanary,
|
|
7
14
|
persistKeyring
|
|
8
|
-
} from "./chunk-
|
|
9
|
-
import {
|
|
10
|
-
NOYDB_FORMAT_VERSION,
|
|
11
|
-
NOYDB_KEYRING_VERSION
|
|
12
|
-
} from "./chunk-WIRRPTFH.js";
|
|
15
|
+
} from "./chunk-WWGT2MDV.js";
|
|
13
16
|
import {
|
|
14
17
|
base64ToBuffer,
|
|
15
18
|
bufferToBase64,
|
|
16
|
-
decrypt,
|
|
17
19
|
deriveKey,
|
|
18
20
|
encrypt,
|
|
19
21
|
generateSalt,
|
|
22
|
+
openEnvelopeJson,
|
|
20
23
|
unwrapKey,
|
|
21
24
|
wrapKey
|
|
22
|
-
} from "./chunk-
|
|
25
|
+
} from "./chunk-5O3AOPDT.js";
|
|
26
|
+
import {
|
|
27
|
+
NOYDB_KEYRING_VERSION
|
|
28
|
+
} from "./chunk-5TDJ56JE.js";
|
|
23
29
|
import {
|
|
24
30
|
DelegationTargetMissingError,
|
|
25
31
|
InvalidKeyError,
|
|
26
32
|
NoAccessError,
|
|
27
|
-
NoydbError,
|
|
28
33
|
PermissionDeniedError,
|
|
29
34
|
PrivilegeEscalationError,
|
|
35
|
+
RecoveryProfileNotImplementedError,
|
|
30
36
|
ValidationError
|
|
31
|
-
} from "./chunk-
|
|
32
|
-
|
|
33
|
-
// src/team/authenticators.ts
|
|
34
|
-
async function enrollAuthenticator(store, vault, keyring, options) {
|
|
35
|
-
const existing = keyring.authenticators.find((a) => a.id === options.id);
|
|
36
|
-
if (existing) {
|
|
37
|
-
throw new ValidationError(
|
|
38
|
-
`enrollAuthenticator: slot id "${options.id}" already exists in vault "${vault}". Remove the slot first or pick a unique id.`
|
|
39
|
-
);
|
|
40
|
-
}
|
|
41
|
-
const base = {
|
|
42
|
-
id: options.id,
|
|
43
|
-
method: options.method,
|
|
44
|
-
enrolled_at: (/* @__PURE__ */ new Date()).toISOString(),
|
|
45
|
-
enrolled_via_tier: options.enrolled_via_tier ?? 1,
|
|
46
|
-
meta: options.meta
|
|
47
|
-
};
|
|
48
|
-
const slot = options.wrapKind === "deks" ? {
|
|
49
|
-
...base,
|
|
50
|
-
wrapKind: "deks",
|
|
51
|
-
wrapped_deks: options.wrapped_deks,
|
|
52
|
-
iv: options.iv
|
|
53
|
-
} : {
|
|
54
|
-
...base,
|
|
55
|
-
wrapped_kek: options.wrapped_kek
|
|
56
|
-
};
|
|
57
|
-
const next = appendSlot(keyring, slot);
|
|
58
|
-
await persistKeyring(store, vault, next);
|
|
59
|
-
return next;
|
|
60
|
-
}
|
|
61
|
-
async function updateAuthenticator(store, vault, keyring, slotId, options) {
|
|
62
|
-
if (options.meta === void 0) {
|
|
63
|
-
throw new ValidationError(
|
|
64
|
-
`updateAuthenticator: at least one of meta must be provided (slotId: "${slotId}").`
|
|
65
|
-
);
|
|
66
|
-
}
|
|
67
|
-
const idx = keyring.authenticators.findIndex((a) => a.id === slotId);
|
|
68
|
-
if (idx === -1) {
|
|
69
|
-
throw new NoAccessError(
|
|
70
|
-
`updateAuthenticator: slot "${slotId}" not found in vault "${vault}".`
|
|
71
|
-
);
|
|
72
|
-
}
|
|
73
|
-
const existing = keyring.authenticators[idx];
|
|
74
|
-
const mergedMeta = { ...existing.meta };
|
|
75
|
-
for (const [k, v] of Object.entries(options.meta)) {
|
|
76
|
-
if (v === void 0) continue;
|
|
77
|
-
if (v === null) {
|
|
78
|
-
delete mergedMeta[k];
|
|
79
|
-
continue;
|
|
80
|
-
}
|
|
81
|
-
mergedMeta[k] = v;
|
|
82
|
-
}
|
|
83
|
-
const next = { ...existing, meta: mergedMeta };
|
|
84
|
-
const nextSlots = [...keyring.authenticators];
|
|
85
|
-
nextSlots[idx] = next;
|
|
86
|
-
const nextKeyring = {
|
|
87
|
-
...keyring,
|
|
88
|
-
authenticators: nextSlots
|
|
89
|
-
};
|
|
90
|
-
await persistKeyring(store, vault, nextKeyring);
|
|
91
|
-
return nextKeyring;
|
|
92
|
-
}
|
|
93
|
-
async function removeAuthenticator(store, vault, keyring, slotId) {
|
|
94
|
-
const filtered = keyring.authenticators.filter((a) => a.id !== slotId);
|
|
95
|
-
if (filtered.length === keyring.authenticators.length) {
|
|
96
|
-
return keyring;
|
|
97
|
-
}
|
|
98
|
-
const next = {
|
|
99
|
-
...keyring,
|
|
100
|
-
authenticators: filtered
|
|
101
|
-
};
|
|
102
|
-
await persistKeyring(store, vault, next);
|
|
103
|
-
return next;
|
|
104
|
-
}
|
|
105
|
-
function findAuthenticator(keyring, slotId) {
|
|
106
|
-
return keyring.authenticators.find((a) => a.id === slotId);
|
|
107
|
-
}
|
|
108
|
-
function appendSlot(keyring, slot) {
|
|
109
|
-
return {
|
|
110
|
-
...keyring,
|
|
111
|
-
authenticators: [...keyring.authenticators, slot]
|
|
112
|
-
};
|
|
113
|
-
}
|
|
37
|
+
} from "./chunk-ZYUC53LT.js";
|
|
114
38
|
|
|
115
|
-
// src/
|
|
116
|
-
var
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
this.gate = gate;
|
|
127
|
-
this.reason = reason;
|
|
128
|
-
this.required = required;
|
|
129
|
-
}
|
|
130
|
-
};
|
|
131
|
-
var RecoveryNotEnrolledError = class extends NoydbError {
|
|
132
|
-
constructor(message = 'Recovery profile not enrolled. Pass `recovery: [{ profile: "paper", codes: 10 }]` to `createNoydb()`, or set `policy.gates["recover-passphrase"].enabled = false` to opt out of recovery (passphrase loss = data loss). See docs/subsystems/session-tiers.md.') {
|
|
133
|
-
super("RECOVERY_NOT_ENROLLED", message);
|
|
134
|
-
this.name = "RecoveryNotEnrolledError";
|
|
135
|
-
}
|
|
136
|
-
};
|
|
137
|
-
var ManagedRecoveryNotEnrolledError = class extends NoydbError {
|
|
138
|
-
vault;
|
|
139
|
-
constructor(vault) {
|
|
140
|
-
super(
|
|
141
|
-
"MANAGED_RECOVERY_NOT_ENROLLED",
|
|
142
|
-
`Managed-mode vault "${vault}" requires at least one strong recovery profile (Shamir today; multi-channel / admin-mediated when they ship). Paper alone is NOT strong under managed mode \u2014 losing the paper sheet would mean losing every record permanently. Bootstrap with \`db.openVaultAndEnrollRecovery("${vault}", { recovery: [{ profile: "shamir", k: 2, n: 3 }] })\`, or call \`db.enrollRecovery(vault, { profile: "shamir", k, n })\` separately, then re-attempt \`openVault\`.`
|
|
143
|
-
);
|
|
144
|
-
this.name = "ManagedRecoveryNotEnrolledError";
|
|
145
|
-
this.vault = vault;
|
|
146
|
-
}
|
|
147
|
-
};
|
|
148
|
-
var RecoveryProfileNotImplementedError = class extends NoydbError {
|
|
149
|
-
profile;
|
|
150
|
-
tracking;
|
|
151
|
-
constructor(profile, tracking) {
|
|
152
|
-
super(
|
|
153
|
-
"RECOVERY_PROFILE_NOT_IMPLEMENTED",
|
|
154
|
-
`Recovery profile "${profile}" is not yet implemented in this hub release. Tracking: ${tracking}. Use the "paper" profile via @noy-db/on-recovery in the meantime.`
|
|
155
|
-
);
|
|
156
|
-
this.name = "RecoveryProfileNotImplementedError";
|
|
157
|
-
this.profile = profile;
|
|
158
|
-
this.tracking = tracking;
|
|
159
|
-
}
|
|
160
|
-
};
|
|
161
|
-
|
|
162
|
-
// src/team/wrapped-deks.ts
|
|
163
|
-
var PBKDF2_ITERATIONS = 6e5;
|
|
164
|
-
var SALT_BYTES = 32;
|
|
165
|
-
var IV_BYTES = 12;
|
|
166
|
-
var subtle = globalThis.crypto.subtle;
|
|
167
|
-
async function mintWrappedDeksBlob(deks, credential) {
|
|
168
|
-
const salt = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
|
|
169
|
-
const iv = crypto.getRandomValues(new Uint8Array(IV_BYTES));
|
|
170
|
-
const wrappingKey = await deriveWrappingKey(credential, salt);
|
|
171
|
-
const exported = {};
|
|
172
|
-
for (const [coll, dek] of deks) {
|
|
173
|
-
const raw = await subtle.exportKey("raw", dek);
|
|
174
|
-
exported[coll] = bytesToBase64(new Uint8Array(raw));
|
|
175
|
-
}
|
|
176
|
-
const plaintext = new TextEncoder().encode(JSON.stringify({ deks: exported }));
|
|
177
|
-
const ciphertext = await subtle.encrypt(
|
|
178
|
-
{ name: "AES-GCM", iv },
|
|
179
|
-
wrappingKey,
|
|
180
|
-
plaintext
|
|
181
|
-
);
|
|
182
|
-
return {
|
|
183
|
-
salt: bytesToBase64(salt),
|
|
184
|
-
iv: bytesToBase64(iv),
|
|
185
|
-
wrappedDeks: bytesToBase64(new Uint8Array(ciphertext))
|
|
186
|
-
};
|
|
187
|
-
}
|
|
188
|
-
async function unwrapDeksFromBlob(blob, credential) {
|
|
189
|
-
const wrappingKey = await deriveWrappingKey(credential, base64ToBytes(blob.salt));
|
|
190
|
-
const plaintext = await subtle.decrypt(
|
|
191
|
-
{ name: "AES-GCM", iv: base64ToBytes(blob.iv) },
|
|
192
|
-
wrappingKey,
|
|
193
|
-
base64ToBytes(blob.wrappedDeks)
|
|
194
|
-
);
|
|
195
|
-
const parsed = JSON.parse(new TextDecoder().decode(plaintext));
|
|
196
|
-
const deks = /* @__PURE__ */ new Map();
|
|
197
|
-
for (const [coll, b64] of Object.entries(parsed.deks)) {
|
|
198
|
-
const raw = base64ToBytes(b64);
|
|
199
|
-
const key = await subtle.importKey(
|
|
200
|
-
"raw",
|
|
201
|
-
raw,
|
|
202
|
-
{ name: "AES-GCM", length: 256 },
|
|
203
|
-
true,
|
|
204
|
-
["encrypt", "decrypt"]
|
|
205
|
-
);
|
|
206
|
-
deks.set(coll, key);
|
|
207
|
-
}
|
|
208
|
-
return deks;
|
|
209
|
-
}
|
|
210
|
-
async function deriveWrappingKey(credential, salt) {
|
|
211
|
-
const ikm = await subtle.importKey(
|
|
212
|
-
"raw",
|
|
213
|
-
new TextEncoder().encode(credential),
|
|
214
|
-
"PBKDF2",
|
|
215
|
-
false,
|
|
216
|
-
["deriveKey"]
|
|
217
|
-
);
|
|
39
|
+
// src/with-party/team/magic-link-grant.ts
|
|
40
|
+
var MAGIC_LINK_GRANTS_COLLECTION = "_magic_link_grants";
|
|
41
|
+
var MAGIC_LINK_CONTENT_INFO_PREFIX = "noydb-magic-link-content-v1:";
|
|
42
|
+
var MAGIC_LINK_KEK_INFO_PREFIX = "noydb-magic-link-v1:";
|
|
43
|
+
async function deriveMagicLinkContentKey(serverSecret, token, vault) {
|
|
44
|
+
const subtle = globalThis.crypto.subtle;
|
|
45
|
+
const ikmBytes = serverSecret instanceof Uint8Array ? serverSecret : new TextEncoder().encode(serverSecret);
|
|
46
|
+
const tokenBytes = new TextEncoder().encode(token);
|
|
47
|
+
const saltBuffer = await subtle.digest("SHA-256", tokenBytes);
|
|
48
|
+
const info = new TextEncoder().encode(MAGIC_LINK_CONTENT_INFO_PREFIX + vault);
|
|
49
|
+
const ikm = await subtle.importKey("raw", ikmBytes, "HKDF", false, ["deriveKey"]);
|
|
218
50
|
return subtle.deriveKey(
|
|
219
|
-
{
|
|
220
|
-
name: "PBKDF2",
|
|
221
|
-
salt,
|
|
222
|
-
iterations: PBKDF2_ITERATIONS,
|
|
223
|
-
hash: "SHA-256"
|
|
224
|
-
},
|
|
51
|
+
{ name: "HKDF", hash: "SHA-256", salt: saltBuffer, info },
|
|
225
52
|
ikm,
|
|
226
53
|
{ name: "AES-GCM", length: 256 },
|
|
227
54
|
false,
|
|
228
55
|
["encrypt", "decrypt"]
|
|
229
56
|
);
|
|
230
57
|
}
|
|
231
|
-
function
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
for (let i = 0; i < s.length; i++) out[i] = s.charCodeAt(i);
|
|
240
|
-
return out;
|
|
241
|
-
}
|
|
242
|
-
|
|
243
|
-
// src/team/recovery.ts
|
|
244
|
-
var PAPER_DOC_ID = "recovery-paper";
|
|
245
|
-
async function loadPaperRecoveryEntries(store, vault) {
|
|
246
|
-
const env = await store.get(vault, "_meta", PAPER_DOC_ID);
|
|
247
|
-
if (!env) return [];
|
|
248
|
-
try {
|
|
249
|
-
const doc = JSON.parse(env._data);
|
|
250
|
-
if (doc.profile !== "paper" || !Array.isArray(doc.entries)) return [];
|
|
251
|
-
return doc.entries;
|
|
252
|
-
} catch {
|
|
253
|
-
return [];
|
|
58
|
+
async function writeMagicLinkGrant(store, vault, grantor, contentKey, grantKek, recordId, opts) {
|
|
59
|
+
const collectionName = opts.collection ?? null;
|
|
60
|
+
const sourceKey = collectionName ? dekKey(collectionName, opts.tier) : `__any#${opts.tier}`;
|
|
61
|
+
const sourceDek = grantor.deks.get(sourceKey);
|
|
62
|
+
if (!sourceDek) {
|
|
63
|
+
throw new DelegationTargetMissingError(
|
|
64
|
+
`grantor cannot find tier ${opts.tier} DEK for ${collectionName ?? "(any)"}`
|
|
65
|
+
);
|
|
254
66
|
}
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
const
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
67
|
+
const wrappedDek = await wrapKey(sourceDek, grantKek);
|
|
68
|
+
const until = typeof opts.until === "string" ? opts.until : opts.until.toISOString();
|
|
69
|
+
const createdAt = (/* @__PURE__ */ new Date()).toISOString();
|
|
70
|
+
const payload = {
|
|
71
|
+
id: recordId,
|
|
72
|
+
toUser: opts.toUser,
|
|
73
|
+
fromUser: grantor.userId,
|
|
74
|
+
tier: opts.tier,
|
|
75
|
+
collection: collectionName,
|
|
76
|
+
...opts.record && { record: opts.record },
|
|
77
|
+
until,
|
|
78
|
+
wrappedDek,
|
|
79
|
+
createdAt,
|
|
80
|
+
...opts.note && { note: opts.note }
|
|
261
81
|
};
|
|
82
|
+
const { iv, data } = await encrypt(JSON.stringify(payload), contentKey);
|
|
262
83
|
const envelope = {
|
|
263
|
-
_noydb:
|
|
84
|
+
_noydb: 1,
|
|
264
85
|
_v: 1,
|
|
265
|
-
_ts:
|
|
266
|
-
_iv:
|
|
267
|
-
_data:
|
|
86
|
+
_ts: createdAt,
|
|
87
|
+
_iv: iv,
|
|
88
|
+
_data: data,
|
|
89
|
+
_by: grantor.userId
|
|
268
90
|
};
|
|
269
|
-
await store.put(vault,
|
|
270
|
-
}
|
|
271
|
-
async function burnPaperRecoveryEntry(store, vault, codeId) {
|
|
272
|
-
const entries = await loadPaperRecoveryEntries(store, vault);
|
|
273
|
-
const remaining = entries.filter((e) => e.codeId !== codeId);
|
|
274
|
-
await savePaperRecoveryEntries(store, vault, remaining);
|
|
275
|
-
}
|
|
276
|
-
async function hasRecoveryEnrolled(store, vault) {
|
|
277
|
-
const paper = await loadPaperRecoveryEntries(store, vault);
|
|
278
|
-
if (paper.length > 0) return true;
|
|
279
|
-
const shamir = await loadShamirRecoveryEntries(store, vault);
|
|
280
|
-
return shamir.length > 0;
|
|
281
|
-
}
|
|
282
|
-
async function hasStrongRecoveryEnrolled(store, vault) {
|
|
283
|
-
const shamir = await loadShamirRecoveryEntries(store, vault);
|
|
284
|
-
return shamir.length > 0;
|
|
91
|
+
await store.put(vault, MAGIC_LINK_GRANTS_COLLECTION, recordId, envelope);
|
|
92
|
+
return { recordId, payload };
|
|
285
93
|
}
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
if (!env) return [];
|
|
94
|
+
async function readMagicLinkGrantRecord(store, vault, contentKey, recordId) {
|
|
95
|
+
const env = await store.get(vault, MAGIC_LINK_GRANTS_COLLECTION, recordId);
|
|
96
|
+
if (!env) return null;
|
|
290
97
|
try {
|
|
291
|
-
const
|
|
292
|
-
|
|
293
|
-
return doc.entries;
|
|
98
|
+
const json = await openEnvelopeJson(env, contentKey);
|
|
99
|
+
return JSON.parse(json);
|
|
294
100
|
} catch {
|
|
295
|
-
return
|
|
101
|
+
return null;
|
|
296
102
|
}
|
|
297
103
|
}
|
|
298
|
-
async function
|
|
299
|
-
const
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
_noydb: NOYDB_FORMAT_VERSION,
|
|
306
|
-
_v: 1,
|
|
307
|
-
_ts: (/* @__PURE__ */ new Date()).toISOString(),
|
|
308
|
-
_iv: "",
|
|
309
|
-
_data: JSON.stringify(doc)
|
|
310
|
-
};
|
|
311
|
-
await store.put(vault, "_meta", SHAMIR_DOC_ID, envelope);
|
|
312
|
-
}
|
|
313
|
-
async function mintShamirRecoveryEntry(provider, deks, entryId, k, n, label) {
|
|
314
|
-
const recoverySecret = crypto.getRandomValues(new Uint8Array(32));
|
|
315
|
-
try {
|
|
316
|
-
const credential = bytesToBase642(recoverySecret);
|
|
317
|
-
const blob = await mintWrappedDeksBlob(deks, credential);
|
|
318
|
-
const shareStrings = provider.splitToShares(recoverySecret, k, n);
|
|
319
|
-
const entry = {
|
|
320
|
-
...blob,
|
|
321
|
-
entryId,
|
|
322
|
-
k,
|
|
323
|
-
n,
|
|
324
|
-
enrolledAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
325
|
-
...label !== void 0 && { label }
|
|
326
|
-
};
|
|
327
|
-
return { entry, shareStrings };
|
|
328
|
-
} finally {
|
|
329
|
-
recoverySecret.fill(0);
|
|
104
|
+
async function listMagicLinkGrants(store, vault, contentKey, token) {
|
|
105
|
+
const ids = await store.list(vault, MAGIC_LINK_GRANTS_COLLECTION);
|
|
106
|
+
const matching = ids.filter((id) => id === token || id.startsWith(`${token}:`));
|
|
107
|
+
const out = [];
|
|
108
|
+
for (const id of matching) {
|
|
109
|
+
const payload = await readMagicLinkGrantRecord(store, vault, contentKey, id);
|
|
110
|
+
if (payload) out.push(payload);
|
|
330
111
|
}
|
|
112
|
+
return out;
|
|
331
113
|
}
|
|
332
|
-
async function
|
|
333
|
-
|
|
334
|
-
throw new Error(
|
|
335
|
-
`Insufficient shares: this Shamir entry needs ${entry.k} of ${entry.n}, but ${shareStrings.length} were provided.`
|
|
336
|
-
);
|
|
337
|
-
}
|
|
338
|
-
const secret = provider.combineShares(shareStrings);
|
|
339
|
-
try {
|
|
340
|
-
return await unwrapDeksFromBlob(entry, bytesToBase642(secret));
|
|
341
|
-
} finally {
|
|
342
|
-
secret.fill(0);
|
|
343
|
-
}
|
|
114
|
+
async function unwrapMagicLinkGrant(payload, grantKek) {
|
|
115
|
+
return unwrapKey(payload.wrappedDek, grantKek);
|
|
344
116
|
}
|
|
345
|
-
function
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
117
|
+
async function revokeMagicLinkGrant(store, vault, token) {
|
|
118
|
+
const ids = await store.list(vault, MAGIC_LINK_GRANTS_COLLECTION);
|
|
119
|
+
const matching = ids.filter((id) => id === token || id.startsWith(`${token}:`));
|
|
120
|
+
for (const id of matching) {
|
|
121
|
+
await store.delete(vault, MAGIC_LINK_GRANTS_COLLECTION, id);
|
|
122
|
+
}
|
|
123
|
+
return matching.length;
|
|
349
124
|
}
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
return {
|
|
353
|
-
...blob,
|
|
354
|
-
codeId,
|
|
355
|
-
enrolledAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
356
|
-
};
|
|
125
|
+
function magicLinkGrantRecordId(token, index) {
|
|
126
|
+
return index === 0 ? token : `${token}:${index}`;
|
|
357
127
|
}
|
|
358
|
-
|
|
359
|
-
return
|
|
128
|
+
function isMagicLinkGrantExpired(payload, now = /* @__PURE__ */ new Date()) {
|
|
129
|
+
return payload.until <= now.toISOString();
|
|
360
130
|
}
|
|
361
131
|
|
|
362
|
-
// src/team/rotate-recover.ts
|
|
132
|
+
// src/with-party/team/rotate-recover.ts
|
|
363
133
|
async function rotatePassphrase(store, vault, userId, input) {
|
|
364
134
|
if (!input.allowWeakPassphrase) {
|
|
365
135
|
assertStrongPassphrase(input.newPassphrase, input.passphrasePolicy);
|
|
@@ -631,7 +401,7 @@ async function writeKeyringFile(store, vault, userId, file) {
|
|
|
631
401
|
await store.put(vault, "_keyring", userId, envelope);
|
|
632
402
|
}
|
|
633
403
|
|
|
634
|
-
// src/team/peer-recover.ts
|
|
404
|
+
// src/with-party/team/peer-recover.ts
|
|
635
405
|
var ADMIN_RECOVERABLE_TARGETS = ["operator", "viewer", "client", "admin"];
|
|
636
406
|
function canRecover(callerRole, targetRole) {
|
|
637
407
|
if (callerRole === "owner") return true;
|
|
@@ -697,124 +467,89 @@ async function recoverUser(store, vault, callerKeyring, options) {
|
|
|
697
467
|
await store.put(vault, "_keyring", options.userId, envelope);
|
|
698
468
|
}
|
|
699
469
|
|
|
700
|
-
// src/team/
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
705
|
-
|
|
706
|
-
const ikmBytes = serverSecret instanceof Uint8Array ? serverSecret : new TextEncoder().encode(serverSecret);
|
|
707
|
-
const tokenBytes = new TextEncoder().encode(token);
|
|
708
|
-
const saltBuffer = await subtle2.digest("SHA-256", tokenBytes);
|
|
709
|
-
const info = new TextEncoder().encode(MAGIC_LINK_CONTENT_INFO_PREFIX + vault);
|
|
710
|
-
const ikm = await subtle2.importKey("raw", ikmBytes, "HKDF", false, ["deriveKey"]);
|
|
711
|
-
return subtle2.deriveKey(
|
|
712
|
-
{ name: "HKDF", hash: "SHA-256", salt: saltBuffer, info },
|
|
713
|
-
ikm,
|
|
714
|
-
{ name: "AES-GCM", length: 256 },
|
|
715
|
-
false,
|
|
716
|
-
["encrypt", "decrypt"]
|
|
717
|
-
);
|
|
718
|
-
}
|
|
719
|
-
async function writeMagicLinkGrant(store, vault, grantor, contentKey, grantKek, recordId, opts) {
|
|
720
|
-
const collectionName = opts.collection ?? null;
|
|
721
|
-
const sourceKey = collectionName ? dekKey(collectionName, opts.tier) : `__any#${opts.tier}`;
|
|
722
|
-
const sourceDek = grantor.deks.get(sourceKey);
|
|
723
|
-
if (!sourceDek) {
|
|
724
|
-
throw new DelegationTargetMissingError(
|
|
725
|
-
`grantor cannot find tier ${opts.tier} DEK for ${collectionName ?? "(any)"}`
|
|
470
|
+
// src/with-party/team/authenticators.ts
|
|
471
|
+
async function enrollAuthenticator(store, vault, keyring, options) {
|
|
472
|
+
const existing = keyring.authenticators.find((a) => a.id === options.id);
|
|
473
|
+
if (existing) {
|
|
474
|
+
throw new ValidationError(
|
|
475
|
+
`enrollAuthenticator: slot id "${options.id}" already exists in vault "${vault}". Remove the slot first or pick a unique id.`
|
|
726
476
|
);
|
|
727
477
|
}
|
|
728
|
-
const
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
fromUser: grantor.userId,
|
|
735
|
-
tier: opts.tier,
|
|
736
|
-
collection: collectionName,
|
|
737
|
-
...opts.record && { record: opts.record },
|
|
738
|
-
until,
|
|
739
|
-
wrappedDek,
|
|
740
|
-
createdAt,
|
|
741
|
-
...opts.note && { note: opts.note }
|
|
478
|
+
const base = {
|
|
479
|
+
id: options.id,
|
|
480
|
+
method: options.method,
|
|
481
|
+
enrolled_at: (/* @__PURE__ */ new Date()).toISOString(),
|
|
482
|
+
enrolled_via_tier: options.enrolled_via_tier ?? 1,
|
|
483
|
+
meta: options.meta
|
|
742
484
|
};
|
|
743
|
-
const
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
485
|
+
const slot = options.wrapKind === "deks" ? {
|
|
486
|
+
...base,
|
|
487
|
+
wrapKind: "deks",
|
|
488
|
+
wrapped_deks: options.wrapped_deks,
|
|
489
|
+
iv: options.iv
|
|
490
|
+
} : {
|
|
491
|
+
...base,
|
|
492
|
+
wrapped_kek: options.wrapped_kek
|
|
751
493
|
};
|
|
752
|
-
|
|
753
|
-
|
|
494
|
+
const next = appendSlot(keyring, slot);
|
|
495
|
+
await persistKeyring(store, vault, next);
|
|
496
|
+
return next;
|
|
754
497
|
}
|
|
755
|
-
async function
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
return JSON.parse(json);
|
|
761
|
-
} catch {
|
|
762
|
-
return null;
|
|
498
|
+
async function updateAuthenticator(store, vault, keyring, slotId, options) {
|
|
499
|
+
if (options.meta === void 0) {
|
|
500
|
+
throw new ValidationError(
|
|
501
|
+
`updateAuthenticator: at least one of meta must be provided (slotId: "${slotId}").`
|
|
502
|
+
);
|
|
763
503
|
}
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
768
|
-
|
|
769
|
-
for (const id of matching) {
|
|
770
|
-
const payload = await readMagicLinkGrantRecord(store, vault, contentKey, id);
|
|
771
|
-
if (payload) out.push(payload);
|
|
504
|
+
const idx = keyring.authenticators.findIndex((a) => a.id === slotId);
|
|
505
|
+
if (idx === -1) {
|
|
506
|
+
throw new NoAccessError(
|
|
507
|
+
`updateAuthenticator: slot "${slotId}" not found in vault "${vault}".`
|
|
508
|
+
);
|
|
772
509
|
}
|
|
773
|
-
|
|
774
|
-
}
|
|
775
|
-
|
|
776
|
-
|
|
510
|
+
const existing = keyring.authenticators[idx];
|
|
511
|
+
const mergedMeta = { ...existing.meta };
|
|
512
|
+
for (const [k, v] of Object.entries(options.meta)) {
|
|
513
|
+
if (v === void 0) continue;
|
|
514
|
+
if (v === null) {
|
|
515
|
+
delete mergedMeta[k];
|
|
516
|
+
continue;
|
|
517
|
+
}
|
|
518
|
+
mergedMeta[k] = v;
|
|
519
|
+
}
|
|
520
|
+
const next = { ...existing, meta: mergedMeta };
|
|
521
|
+
const nextSlots = [...keyring.authenticators];
|
|
522
|
+
nextSlots[idx] = next;
|
|
523
|
+
const nextKeyring = {
|
|
524
|
+
...keyring,
|
|
525
|
+
authenticators: nextSlots
|
|
526
|
+
};
|
|
527
|
+
await persistKeyring(store, vault, nextKeyring);
|
|
528
|
+
return nextKeyring;
|
|
777
529
|
}
|
|
778
|
-
async function
|
|
779
|
-
const
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
await store.delete(vault, MAGIC_LINK_GRANTS_COLLECTION, id);
|
|
530
|
+
async function removeAuthenticator(store, vault, keyring, slotId) {
|
|
531
|
+
const filtered = keyring.authenticators.filter((a) => a.id !== slotId);
|
|
532
|
+
if (filtered.length === keyring.authenticators.length) {
|
|
533
|
+
return keyring;
|
|
783
534
|
}
|
|
784
|
-
|
|
535
|
+
const next = {
|
|
536
|
+
...keyring,
|
|
537
|
+
authenticators: filtered
|
|
538
|
+
};
|
|
539
|
+
await persistKeyring(store, vault, next);
|
|
540
|
+
return next;
|
|
785
541
|
}
|
|
786
|
-
function
|
|
787
|
-
return
|
|
542
|
+
function findAuthenticator(keyring, slotId) {
|
|
543
|
+
return keyring.authenticators.find((a) => a.id === slotId);
|
|
788
544
|
}
|
|
789
|
-
function
|
|
790
|
-
return
|
|
545
|
+
function appendSlot(keyring, slot) {
|
|
546
|
+
return {
|
|
547
|
+
...keyring,
|
|
548
|
+
authenticators: [...keyring.authenticators, slot]
|
|
549
|
+
};
|
|
791
550
|
}
|
|
792
551
|
|
|
793
552
|
export {
|
|
794
|
-
enrollAuthenticator,
|
|
795
|
-
updateAuthenticator,
|
|
796
|
-
removeAuthenticator,
|
|
797
|
-
findAuthenticator,
|
|
798
|
-
PolicyDeniedError,
|
|
799
|
-
RecoveryNotEnrolledError,
|
|
800
|
-
ManagedRecoveryNotEnrolledError,
|
|
801
|
-
RecoveryProfileNotImplementedError,
|
|
802
|
-
mintWrappedDeksBlob,
|
|
803
|
-
unwrapDeksFromBlob,
|
|
804
|
-
loadPaperRecoveryEntries,
|
|
805
|
-
savePaperRecoveryEntries,
|
|
806
|
-
burnPaperRecoveryEntry,
|
|
807
|
-
hasRecoveryEnrolled,
|
|
808
|
-
hasStrongRecoveryEnrolled,
|
|
809
|
-
loadShamirRecoveryEntries,
|
|
810
|
-
saveShamirRecoveryEntries,
|
|
811
|
-
mintShamirRecoveryEntry,
|
|
812
|
-
unwrapDeksFromShamirEntry,
|
|
813
|
-
mintPaperRecoveryEntry,
|
|
814
|
-
unwrapDeksFromPaperEntry,
|
|
815
|
-
rotatePassphrase,
|
|
816
|
-
recoverPassphrase,
|
|
817
|
-
recoverUser,
|
|
818
553
|
MAGIC_LINK_GRANTS_COLLECTION,
|
|
819
554
|
MAGIC_LINK_CONTENT_INFO_PREFIX,
|
|
820
555
|
MAGIC_LINK_KEK_INFO_PREFIX,
|
|
@@ -825,6 +560,13 @@ export {
|
|
|
825
560
|
unwrapMagicLinkGrant,
|
|
826
561
|
revokeMagicLinkGrant,
|
|
827
562
|
magicLinkGrantRecordId,
|
|
828
|
-
isMagicLinkGrantExpired
|
|
563
|
+
isMagicLinkGrantExpired,
|
|
564
|
+
rotatePassphrase,
|
|
565
|
+
recoverPassphrase,
|
|
566
|
+
recoverUser,
|
|
567
|
+
enrollAuthenticator,
|
|
568
|
+
updateAuthenticator,
|
|
569
|
+
removeAuthenticator,
|
|
570
|
+
findAuthenticator
|
|
829
571
|
};
|
|
830
|
-
//# sourceMappingURL=chunk-
|
|
572
|
+
//# sourceMappingURL=chunk-UPJNJGGA.js.map
|