@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (541) hide show
  1. package/README.md +129 -3
  2. package/dist/adapter/index.d.ts +5 -0
  3. package/dist/adapter/index.js +15 -0
  4. package/dist/aggregate/index.d.ts +6 -2
  5. package/dist/aggregate/index.js +24 -16
  6. package/dist/aggregate/index.js.map +1 -1
  7. package/dist/api-RW3KP7WU.js +14 -0
  8. package/dist/as/index.d.ts +7 -0
  9. package/dist/as/index.js +24 -0
  10. package/dist/at/index.d.ts +5 -0
  11. package/dist/at/index.js +1 -0
  12. package/dist/attestation/index.d.ts +15 -47
  13. package/dist/attestation/index.js +54 -10
  14. package/dist/attestation/index.js.map +1 -1
  15. package/dist/backup-KMJQ66MF.js +219 -0
  16. package/dist/backup-KMJQ66MF.js.map +1 -0
  17. package/dist/blobs/index.d.ts +6 -8
  18. package/dist/blobs/index.js +19 -12
  19. package/dist/blobs/index.js.map +1 -1
  20. package/dist/bundle/index.d.ts +16 -70
  21. package/dist/bundle/index.js +39 -476
  22. package/dist/bundle/index.js.map +1 -1
  23. package/dist/{ulid-CJ8RzRrm.d.ts → bundle-PwBGkhpe.d.ts} +31 -86
  24. package/dist/by/index.d.ts +1 -0
  25. package/dist/by/index.js +11 -0
  26. package/dist/cargo/index.d.ts +9 -0
  27. package/dist/cargo/index.js +89 -0
  28. package/dist/chunk-26LGBE4T.js +42 -0
  29. package/dist/chunk-26LGBE4T.js.map +1 -0
  30. package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
  31. package/dist/chunk-3YFXJ3ZP.js.map +1 -0
  32. package/dist/chunk-4Q6HSHHL.js +90 -0
  33. package/dist/chunk-4Q6HSHHL.js.map +1 -0
  34. package/dist/chunk-5LUY7UTV.js +380 -0
  35. package/dist/chunk-5LUY7UTV.js.map +1 -0
  36. package/dist/chunk-5N6CZTCY.js +367 -0
  37. package/dist/chunk-5N6CZTCY.js.map +1 -0
  38. package/dist/chunk-5O3AOPDT.js +992 -0
  39. package/dist/chunk-5O3AOPDT.js.map +1 -0
  40. package/dist/chunk-5R3ERCDH.js +239 -0
  41. package/dist/chunk-5R3ERCDH.js.map +1 -0
  42. package/dist/chunk-5TDJ56JE.js +32 -0
  43. package/dist/chunk-5TDJ56JE.js.map +1 -0
  44. package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
  45. package/dist/chunk-62QYRORB.js.map +1 -0
  46. package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
  47. package/dist/chunk-6S7T6WC4.js.map +1 -0
  48. package/dist/chunk-76722EBH.js +451 -0
  49. package/dist/chunk-76722EBH.js.map +1 -0
  50. package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
  51. package/dist/chunk-AIWULCUO.js.map +1 -0
  52. package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
  53. package/dist/chunk-AQTBSL7R.js.map +1 -0
  54. package/dist/chunk-AURFOK3D.js +35 -0
  55. package/dist/chunk-AURFOK3D.js.map +1 -0
  56. package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
  57. package/dist/chunk-AXRXJTE2.js.map +1 -0
  58. package/dist/chunk-AZAOEIKW.js +155 -0
  59. package/dist/chunk-AZAOEIKW.js.map +1 -0
  60. package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
  61. package/dist/chunk-BG3SPSR4.js.map +1 -0
  62. package/dist/chunk-BGIZAFY7.js +1 -0
  63. package/dist/chunk-CHFZDSE4.js +1 -0
  64. package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
  65. package/dist/chunk-CMGR4ZEW.js.map +1 -0
  66. package/dist/chunk-CWPPNPOH.js +23 -0
  67. package/dist/chunk-CWPPNPOH.js.map +1 -0
  68. package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
  69. package/dist/chunk-DFEMTNPJ.js.map +1 -0
  70. package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
  71. package/dist/chunk-DGDI2D4M.js.map +1 -0
  72. package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
  73. package/dist/chunk-EIZUR2XW.js.map +1 -0
  74. package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
  75. package/dist/chunk-FISN7WE4.js.map +1 -0
  76. package/dist/chunk-GHVIKOHT.js +1 -0
  77. package/dist/chunk-GYGWYIOZ.js +200 -0
  78. package/dist/chunk-GYGWYIOZ.js.map +1 -0
  79. package/dist/chunk-HCIPRAGS.js +45 -0
  80. package/dist/chunk-HCIPRAGS.js.map +1 -0
  81. package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
  82. package/dist/chunk-I2NOIW44.js.map +1 -0
  83. package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
  84. package/dist/chunk-I3TIKTJO.js.map +1 -0
  85. package/dist/chunk-I7FD46FF.js +9 -0
  86. package/dist/chunk-I7FD46FF.js.map +1 -0
  87. package/dist/chunk-IAGBDSCS.js +40 -0
  88. package/dist/chunk-IAGBDSCS.js.map +1 -0
  89. package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
  90. package/dist/chunk-IELYAOGG.js.map +1 -0
  91. package/dist/chunk-IGUYVGGI.js +205 -0
  92. package/dist/chunk-IGUYVGGI.js.map +1 -0
  93. package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
  94. package/dist/chunk-IO6GRPT6.js.map +1 -0
  95. package/dist/chunk-IPB7FTQX.js +273 -0
  96. package/dist/chunk-IPB7FTQX.js.map +1 -0
  97. package/dist/chunk-ITNUCOXM.js +148 -0
  98. package/dist/chunk-ITNUCOXM.js.map +1 -0
  99. package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
  100. package/dist/chunk-IUEN57TV.js.map +1 -0
  101. package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
  102. package/dist/chunk-JNUWZ6D3.js.map +1 -0
  103. package/dist/chunk-K2WCO3NX.js +1 -0
  104. package/dist/chunk-KVOXU4T5.js +30 -0
  105. package/dist/chunk-KVOXU4T5.js.map +1 -0
  106. package/dist/chunk-KXGNJJXB.js +135 -0
  107. package/dist/chunk-KXGNJJXB.js.map +1 -0
  108. package/dist/chunk-LB7FD65R.js +163 -0
  109. package/dist/chunk-LB7FD65R.js.map +1 -0
  110. package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
  111. package/dist/chunk-LFLXAY2W.js.map +1 -0
  112. package/dist/chunk-LMTH2RM6.js +129 -0
  113. package/dist/chunk-LMTH2RM6.js.map +1 -0
  114. package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
  115. package/dist/chunk-LV7M27WM.js.map +1 -0
  116. package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
  117. package/dist/chunk-LXQT4WMP.js.map +1 -0
  118. package/dist/chunk-M2YKN37S.js +524 -0
  119. package/dist/chunk-M2YKN37S.js.map +1 -0
  120. package/dist/chunk-M6OST55S.js +14 -0
  121. package/dist/chunk-M6OST55S.js.map +1 -0
  122. package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
  123. package/dist/chunk-MD3Y6J3L.js.map +1 -0
  124. package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
  125. package/dist/chunk-MTMJVJ5W.js.map +1 -0
  126. package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
  127. package/dist/chunk-NF5JWERG.js.map +1 -0
  128. package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
  129. package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
  130. package/dist/{chunk-6CME4UEK.js → chunk-PSHOXR6C.js} +7008 -4827
  131. package/dist/chunk-PSHOXR6C.js.map +1 -0
  132. package/dist/chunk-PSMV73A5.js +117 -0
  133. package/dist/chunk-PSMV73A5.js.map +1 -0
  134. package/dist/chunk-PY4KJPYU.js +9 -0
  135. package/dist/chunk-PY4KJPYU.js.map +1 -0
  136. package/dist/chunk-PZ5AY32C.js +10 -0
  137. package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
  138. package/dist/chunk-Q7SS3IME.js.map +1 -0
  139. package/dist/chunk-QHJW5EXU.js +54 -0
  140. package/dist/chunk-QHJW5EXU.js.map +1 -0
  141. package/dist/chunk-QZISFCVG.js +233 -0
  142. package/dist/chunk-QZISFCVG.js.map +1 -0
  143. package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
  144. package/dist/chunk-RUEKROOS.js.map +1 -0
  145. package/dist/chunk-RUIMKQTA.js +23 -0
  146. package/dist/chunk-RUIMKQTA.js.map +1 -0
  147. package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
  148. package/dist/chunk-SKF73JOP.js.map +1 -0
  149. package/dist/chunk-SM3AVUHC.js +42 -0
  150. package/dist/chunk-SM3AVUHC.js.map +1 -0
  151. package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
  152. package/dist/chunk-SMXWYP24.js.map +1 -0
  153. package/dist/chunk-SRB2XEWB.js +148 -0
  154. package/dist/chunk-SRB2XEWB.js.map +1 -0
  155. package/dist/chunk-SVLR4POP.js +64 -0
  156. package/dist/chunk-SVLR4POP.js.map +1 -0
  157. package/dist/chunk-TA66UMI4.js +123 -0
  158. package/dist/chunk-TA66UMI4.js.map +1 -0
  159. package/dist/chunk-TEILUWOI.js +664 -0
  160. package/dist/chunk-TEILUWOI.js.map +1 -0
  161. package/dist/chunk-TJYQIGAP.js +82 -0
  162. package/dist/chunk-TJYQIGAP.js.map +1 -0
  163. package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
  164. package/dist/chunk-UAG5KWVA.js.map +1 -0
  165. package/dist/chunk-UDRIWL7A.js +382 -0
  166. package/dist/chunk-UDRIWL7A.js.map +1 -0
  167. package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
  168. package/dist/chunk-UIU2THRG.js.map +1 -0
  169. package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
  170. package/dist/chunk-UPJNJGGA.js.map +1 -0
  171. package/dist/chunk-UV5MFVO3.js +21 -0
  172. package/dist/chunk-UV5MFVO3.js.map +1 -0
  173. package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
  174. package/dist/chunk-V7RWQRG7.js.map +1 -0
  175. package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
  176. package/dist/chunk-VCTFO5CO.js.map +1 -0
  177. package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
  178. package/dist/chunk-VFQGRQIH.js.map +1 -0
  179. package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
  180. package/dist/chunk-VQNJ7UZL.js.map +1 -0
  181. package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
  182. package/dist/chunk-WWGT2MDV.js.map +1 -0
  183. package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
  184. package/dist/chunk-WXSYDNBT.js.map +1 -0
  185. package/dist/chunk-WYSO2NIH.js +30 -0
  186. package/dist/chunk-WYSO2NIH.js.map +1 -0
  187. package/dist/chunk-XXYIOFUB.js +164 -0
  188. package/dist/chunk-XXYIOFUB.js.map +1 -0
  189. package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
  190. package/dist/chunk-Y22T3KQE.js.map +1 -0
  191. package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
  192. package/dist/chunk-YMUGBZN2.js.map +1 -0
  193. package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
  194. package/dist/chunk-ZCGAHGUS.js.map +1 -0
  195. package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
  196. package/dist/chunk-ZJADGNYF.js.map +1 -0
  197. package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
  198. package/dist/chunk-ZYUC53LT.js.map +1 -0
  199. package/dist/collection-facade-GQAOGJP2.js +33 -0
  200. package/dist/consent/index.d.ts +5 -7
  201. package/dist/consent/index.js +7 -5
  202. package/dist/consent/index.js.map +1 -1
  203. package/dist/crdt/index.d.ts +6 -2
  204. package/dist/crdt/index.js +3 -2
  205. package/dist/crdt/index.js.map +1 -1
  206. package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
  207. package/dist/delegation-UL5HKLER.js +19 -0
  208. package/dist/derivations/index.d.ts +7 -9
  209. package/dist/derivations/index.js +11 -6
  210. package/dist/describe/index.d.ts +1 -0
  211. package/dist/describe/index.js +1 -0
  212. package/dist/describe-Ccd1hS7a.d.ts +143 -0
  213. package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-h0K-UZTk.d.ts} +1 -1
  214. package/dist/discriminant-BN9REW3o.d.ts +60 -0
  215. package/dist/enclave-UL5LW66V.js +88 -0
  216. package/dist/executor-2FWQRLMG.js +15 -0
  217. package/dist/executor-QZ7BXICW.js +9 -0
  218. package/dist/executor-Z5ZLJVTV.js +9 -0
  219. package/dist/export-accessible-KRV5W4GH.js +17 -0
  220. package/dist/extract-partition-GLKBOXFQ.js +30 -0
  221. package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
  222. package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
  223. package/dist/forget/index.d.ts +36 -0
  224. package/dist/forget/index.js +19 -0
  225. package/dist/forget/index.js.map +1 -0
  226. package/dist/guards/index.d.ts +13 -9
  227. package/dist/guards/index.js +12 -5
  228. package/dist/{hash-DdpVypUp.d.cts → hash-CdSr06sm.d.ts} +5 -1
  229. package/dist/history/index.d.ts +6 -8
  230. package/dist/history/index.js +19 -12
  231. package/dist/history/index.js.map +1 -1
  232. package/dist/i18n/index.d.ts +5 -7
  233. package/dist/i18n/index.js +104 -15
  234. package/dist/i18n/index.js.map +1 -1
  235. package/dist/in/index.d.ts +5 -0
  236. package/dist/in/index.js +1 -0
  237. package/dist/in/index.js.map +1 -0
  238. package/dist/index-B9QdHytu.d.ts +123 -0
  239. package/dist/index-CGLLRtFc.d.ts +123 -0
  240. package/dist/{types-Df28QFKb.d.ts → index-_6At2_9_.d.ts} +16270 -8358
  241. package/dist/index.d.ts +1088 -450
  242. package/dist/index.js +1165 -293
  243. package/dist/index.js.map +1 -1
  244. package/dist/indexing/index.d.ts +6 -3
  245. package/dist/indexing/index.js +6 -5
  246. package/dist/indexing/index.js.map +1 -1
  247. package/dist/issue-Y6UVIR43.js +13 -0
  248. package/dist/issue-Y6UVIR43.js.map +1 -0
  249. package/dist/kernel/index.d.ts +32 -0
  250. package/dist/kernel/index.js +53 -0
  251. package/dist/kernel/index.js.map +1 -0
  252. package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
  253. package/dist/ledger-RYI35CDS.js.map +1 -0
  254. package/dist/liberate-CRPZEV7O.js +18 -0
  255. package/dist/liberate-CRPZEV7O.js.map +1 -0
  256. package/dist/materialized-views/index.d.ts +6 -19
  257. package/dist/materialized-views/index.js +16 -12
  258. package/dist/mime-magic-B4RoFj3B.d.ts +103 -0
  259. package/dist/noydb-LDEBLNHY.js +50 -0
  260. package/dist/noydb-LDEBLNHY.js.map +1 -0
  261. package/dist/on/index.d.ts +5 -0
  262. package/dist/on/index.js +11 -0
  263. package/dist/on/index.js.map +1 -0
  264. package/dist/overlay-views/index.d.ts +27 -11
  265. package/dist/overlay-views/index.js +7 -6
  266. package/dist/periods/index.d.ts +5 -7
  267. package/dist/periods/index.js +13 -9
  268. package/dist/pod/index.d.ts +63 -0
  269. package/dist/pod/index.js +61 -0
  270. package/dist/pod/index.js.map +1 -0
  271. package/dist/policy-IXK4FVXP.js +41 -0
  272. package/dist/policy-IXK4FVXP.js.map +1 -0
  273. package/dist/portability/index.d.ts +20 -0
  274. package/dist/portability/index.js +43 -0
  275. package/dist/portability/index.js.map +1 -0
  276. package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
  277. package/dist/public-envelope-JHDQCPSX.js.map +1 -0
  278. package/dist/query/index.d.ts +5 -3
  279. package/dist/query/index.js +21 -13
  280. package/dist/read-only-facade-5ADRJVTM.js +8 -0
  281. package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
  282. package/dist/registry-45RJNWGU.js +9 -0
  283. package/dist/registry-45RJNWGU.js.map +1 -0
  284. package/dist/registry-5GRV5VXI.js +13 -0
  285. package/dist/registry-5GRV5VXI.js.map +1 -0
  286. package/dist/registry-VW6P6A3J.js +8 -0
  287. package/dist/registry-VW6P6A3J.js.map +1 -0
  288. package/dist/registry-WEUCHBO4.js +11 -0
  289. package/dist/registry-WEUCHBO4.js.map +1 -0
  290. package/dist/request-withdrawal-GBPH2FDY.js +25 -0
  291. package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
  292. package/dist/revoke-TUFRGI6S.js +18 -0
  293. package/dist/revoke-TUFRGI6S.js.map +1 -0
  294. package/dist/sealed-record/index.d.ts +69 -0
  295. package/dist/sealed-record/index.js +65 -0
  296. package/dist/sealed-record/index.js.map +1 -0
  297. package/dist/session/index.d.ts +6 -8
  298. package/dist/session/index.js +7 -5
  299. package/dist/session/index.js.map +1 -1
  300. package/dist/shadow/index.d.ts +5 -7
  301. package/dist/shadow/index.js +4 -3
  302. package/dist/shadow/index.js.map +1 -1
  303. package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
  304. package/dist/signer-PNKTBVF7.js.map +1 -0
  305. package/dist/snapshots/index.d.ts +6 -8
  306. package/dist/snapshots/index.js +13 -11
  307. package/dist/snapshots/index.js.map +1 -1
  308. package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
  309. package/dist/stale-3JWHNDIY.js.map +1 -0
  310. package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
  311. package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
  312. package/dist/subject-index-O75wKshW.d.ts +362 -0
  313. package/dist/sync/index.d.ts +4 -6
  314. package/dist/sync/index.js +7 -6
  315. package/dist/sync/index.js.map +1 -1
  316. package/dist/team/index.d.ts +5 -7
  317. package/dist/team/index.js +20 -16
  318. package/dist/tiers/index.d.ts +5 -0
  319. package/dist/tiers/index.js +33 -0
  320. package/dist/tiers/index.js.map +1 -0
  321. package/dist/to/index.d.ts +5 -0
  322. package/dist/to/index.js +17 -0
  323. package/dist/to/index.js.map +1 -0
  324. package/dist/transition-guard-DqodPNKw.d.ts +165 -0
  325. package/dist/tx/index.d.ts +23 -9
  326. package/dist/tx/index.js +13 -8
  327. package/dist/tx/index.js.map +1 -1
  328. package/dist/ui/index.d.ts +1 -0
  329. package/dist/ui/index.js +1 -0
  330. package/dist/ui/index.js.map +1 -0
  331. package/dist/ulid-DRH25k3y.d.ts +66 -0
  332. package/dist/ulid-PTAIMDG4.js +10 -0
  333. package/dist/ulid-PTAIMDG4.js.map +1 -0
  334. package/dist/util/index.d.ts +2 -0
  335. package/dist/util/index.js +7 -2
  336. package/dist/util/index.js.map +1 -1
  337. package/dist/vault-diff-BtpiBvic.d.ts +147 -0
  338. package/dist/with/index.d.ts +38 -0
  339. package/dist/with/index.js +25 -0
  340. package/dist/with/index.js.map +1 -0
  341. package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-DMmWtYfJ.d.ts} +1 -1
  342. package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-D_IB2nkM.d.ts} +2 -3
  343. package/dist/with-rollup-em2wxoHP.d.ts +47 -0
  344. package/dist/withdraw-accessible-FFS46EOD.js +22 -0
  345. package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
  346. package/dist/zod-HAJM7LMS.js +14763 -0
  347. package/dist/zod-HAJM7LMS.js.map +1 -0
  348. package/package.json +121 -201
  349. package/dist/aggregate/index.cjs.map +0 -1
  350. package/dist/aggregate/index.d.cts +0 -38
  351. package/dist/attestation/index.cjs +0 -305
  352. package/dist/attestation/index.cjs.map +0 -1
  353. package/dist/attestation/index.d.cts +0 -52
  354. package/dist/blobs/index.cjs +0 -1480
  355. package/dist/blobs/index.cjs.map +0 -1
  356. package/dist/blobs/index.d.cts +0 -46
  357. package/dist/bundle/index.cjs +0 -19264
  358. package/dist/bundle/index.cjs.map +0 -1
  359. package/dist/bundle/index.d.cts +0 -176
  360. package/dist/chunk-22DWZL57.js.map +0 -1
  361. package/dist/chunk-2GLDA55J.js.map +0 -1
  362. package/dist/chunk-2QR2PQTT.js.map +0 -1
  363. package/dist/chunk-2WUSG3IT.js.map +0 -1
  364. package/dist/chunk-3BFJOWSU.js.map +0 -1
  365. package/dist/chunk-3YPCK6JX.js.map +0 -1
  366. package/dist/chunk-53XBRIRT.js.map +0 -1
  367. package/dist/chunk-5T22KDPN.js.map +0 -1
  368. package/dist/chunk-5XHKQ56N.js +0 -340
  369. package/dist/chunk-5XHKQ56N.js.map +0 -1
  370. package/dist/chunk-6CME4UEK.js.map +0 -1
  371. package/dist/chunk-6STK5TQP.js +0 -139
  372. package/dist/chunk-6STK5TQP.js.map +0 -1
  373. package/dist/chunk-A3JMGXPG.js.map +0 -1
  374. package/dist/chunk-B6PB7JLN.js.map +0 -1
  375. package/dist/chunk-BVRYKATC.js.map +0 -1
  376. package/dist/chunk-DE6GKS6G.js.map +0 -1
  377. package/dist/chunk-DFMLEQZB.js.map +0 -1
  378. package/dist/chunk-DJHHA6XH.js.map +0 -1
  379. package/dist/chunk-DL3HWOQ5.js.map +0 -1
  380. package/dist/chunk-DONMZAD2.js.map +0 -1
  381. package/dist/chunk-EMIGCR7X.js.map +0 -1
  382. package/dist/chunk-F3GDRNUT.js.map +0 -1
  383. package/dist/chunk-FZU343FL.js.map +0 -1
  384. package/dist/chunk-H2X3ISXG.js.map +0 -1
  385. package/dist/chunk-HNRHLRDC.js.map +0 -1
  386. package/dist/chunk-I5FOWO4J.js.map +0 -1
  387. package/dist/chunk-J66GRPNH.js.map +0 -1
  388. package/dist/chunk-JWRVQKRZ.js.map +0 -1
  389. package/dist/chunk-K3DK3NU5.js.map +0 -1
  390. package/dist/chunk-ML236QKC.js.map +0 -1
  391. package/dist/chunk-NONAAENK.js.map +0 -1
  392. package/dist/chunk-O3VZPBZG.js.map +0 -1
  393. package/dist/chunk-OIF6LZUR.js.map +0 -1
  394. package/dist/chunk-OQ6PIGHA.js +0 -19
  395. package/dist/chunk-OQ6PIGHA.js.map +0 -1
  396. package/dist/chunk-PE2FR4J3.js.map +0 -1
  397. package/dist/chunk-PP6W64Y3.js +0 -275
  398. package/dist/chunk-PP6W64Y3.js.map +0 -1
  399. package/dist/chunk-PX35GA7L.js.map +0 -1
  400. package/dist/chunk-QEILDE6R.js +0 -793
  401. package/dist/chunk-QEILDE6R.js.map +0 -1
  402. package/dist/chunk-QODLLGQ7.js.map +0 -1
  403. package/dist/chunk-RAZ4OVLL.js +0 -51
  404. package/dist/chunk-RAZ4OVLL.js.map +0 -1
  405. package/dist/chunk-SYMWGEET.js.map +0 -1
  406. package/dist/chunk-T7JEBOGN.js.map +0 -1
  407. package/dist/chunk-TFBP23BX.js.map +0 -1
  408. package/dist/chunk-TV3YZ35S.js +0 -90
  409. package/dist/chunk-TV3YZ35S.js.map +0 -1
  410. package/dist/chunk-U26HQ6KJ.js.map +0 -1
  411. package/dist/chunk-UF3BUNQZ.js +0 -1
  412. package/dist/chunk-UMLVJTYV.js +0 -20
  413. package/dist/chunk-UMLVJTYV.js.map +0 -1
  414. package/dist/chunk-VTKGMEPP.js.map +0 -1
  415. package/dist/chunk-W6EQLGMB.js +0 -100
  416. package/dist/chunk-W6EQLGMB.js.map +0 -1
  417. package/dist/chunk-WIRRPTFH.js +0 -17
  418. package/dist/chunk-WIRRPTFH.js.map +0 -1
  419. package/dist/chunk-WPLVTJ5D.js.map +0 -1
  420. package/dist/chunk-XJFLDA7A.js.map +0 -1
  421. package/dist/chunk-Z6FNBOTC.js.map +0 -1
  422. package/dist/chunk-ZYWZWG6G.js.map +0 -1
  423. package/dist/consent/index.cjs +0 -204
  424. package/dist/consent/index.cjs.map +0 -1
  425. package/dist/consent/index.d.cts +0 -25
  426. package/dist/crdt/index.cjs +0 -152
  427. package/dist/crdt/index.cjs.map +0 -1
  428. package/dist/crdt/index.d.cts +0 -30
  429. package/dist/crypto-HTZ4FJOP.js +0 -44
  430. package/dist/delegation-RI54P6I5.js +0 -17
  431. package/dist/derivations/index.cjs +0 -351
  432. package/dist/derivations/index.cjs.map +0 -1
  433. package/dist/derivations/index.d.cts +0 -72
  434. package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
  435. package/dist/executor-5PNY7LGW.js +0 -8
  436. package/dist/executor-B4QIYGZX.js +0 -8
  437. package/dist/executor-BWXXDQ7K.js +0 -11
  438. package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
  439. package/dist/guards/index.cjs +0 -322
  440. package/dist/guards/index.cjs.map +0 -1
  441. package/dist/guards/index.d.cts +0 -31
  442. package/dist/hash-HJqD14vS.d.ts +0 -63
  443. package/dist/history/index.cjs +0 -1222
  444. package/dist/history/index.cjs.map +0 -1
  445. package/dist/history/index.d.cts +0 -63
  446. package/dist/i18n/index.cjs +0 -1100
  447. package/dist/i18n/index.cjs.map +0 -1
  448. package/dist/i18n/index.d.cts +0 -39
  449. package/dist/index-4fBVt8j9.d.cts +0 -2387
  450. package/dist/index-D8I_pyJD.d.ts +0 -2387
  451. package/dist/index.cjs +0 -24487
  452. package/dist/index.cjs.map +0 -1
  453. package/dist/index.d.cts +0 -776
  454. package/dist/indexing/index.cjs +0 -742
  455. package/dist/indexing/index.cjs.map +0 -1
  456. package/dist/indexing/index.d.cts +0 -36
  457. package/dist/issue-VGDPP4B5.js +0 -12
  458. package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
  459. package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
  460. package/dist/materialized-views/index.cjs +0 -854
  461. package/dist/materialized-views/index.cjs.map +0 -1
  462. package/dist/materialized-views/index.d.cts +0 -186
  463. package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
  464. package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
  465. package/dist/noydb-G725ZSZG.js +0 -34
  466. package/dist/overlay-views/index.cjs +0 -359
  467. package/dist/overlay-views/index.cjs.map +0 -1
  468. package/dist/overlay-views/index.d.cts +0 -82
  469. package/dist/periods/index.cjs +0 -1041
  470. package/dist/periods/index.cjs.map +0 -1
  471. package/dist/periods/index.d.cts +0 -22
  472. package/dist/predicate-BSAGEyu5.d.cts +0 -209
  473. package/dist/predicate-BSAGEyu5.d.ts +0 -209
  474. package/dist/query/index.cjs +0 -2375
  475. package/dist/query/index.cjs.map +0 -1
  476. package/dist/query/index.d.cts +0 -3
  477. package/dist/read-only-facade-ITU6L7BL.js +0 -7
  478. package/dist/registry-3QP3YKQS.js +0 -8
  479. package/dist/registry-DKEXOJVO.js +0 -7
  480. package/dist/registry-OJIOSBV6.js +0 -10
  481. package/dist/registry-USRVT6YF.js +0 -8
  482. package/dist/revoke-JCC7N56X.js +0 -17
  483. package/dist/session/index.cjs +0 -495
  484. package/dist/session/index.cjs.map +0 -1
  485. package/dist/session/index.d.cts +0 -46
  486. package/dist/shadow/index.cjs +0 -133
  487. package/dist/shadow/index.cjs.map +0 -1
  488. package/dist/shadow/index.d.cts +0 -17
  489. package/dist/snapshots/index.cjs +0 -937
  490. package/dist/snapshots/index.cjs.map +0 -1
  491. package/dist/snapshots/index.d.cts +0 -28
  492. package/dist/store/index.cjs +0 -1083
  493. package/dist/store/index.cjs.map +0 -1
  494. package/dist/store/index.d.cts +0 -492
  495. package/dist/store/index.d.ts +0 -492
  496. package/dist/store/index.js +0 -37
  497. package/dist/strategy-BSxFXGzb.d.cts +0 -110
  498. package/dist/strategy-BSxFXGzb.d.ts +0 -110
  499. package/dist/strategy-DSTrsZ8t.d.cts +0 -601
  500. package/dist/strategy-DSTrsZ8t.d.ts +0 -601
  501. package/dist/sync/index.cjs +0 -1062
  502. package/dist/sync/index.cjs.map +0 -1
  503. package/dist/sync/index.d.cts +0 -43
  504. package/dist/team/index.cjs +0 -2798
  505. package/dist/team/index.cjs.map +0 -1
  506. package/dist/team/index.d.cts +0 -118
  507. package/dist/tx/index.cjs +0 -544
  508. package/dist/tx/index.cjs.map +0 -1
  509. package/dist/tx/index.d.cts +0 -21
  510. package/dist/types-DyXYr8rE.d.cts +0 -12818
  511. package/dist/ulid-COREQ2RQ.js +0 -9
  512. package/dist/ulid-Drr7ykr6.d.cts +0 -603
  513. package/dist/util/index.cjs +0 -230
  514. package/dist/util/index.cjs.map +0 -1
  515. package/dist/util/index.d.cts +0 -77
  516. package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
  517. package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
  518. package/dist/with-guard-ByyxmEe7.d.cts +0 -18
  519. package/dist/with-guard-qube6BMI.d.ts +0 -18
  520. package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
  521. package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
  522. /package/dist/{store → adapter}/index.js.map +0 -0
  523. /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
  524. /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
  525. /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
  526. /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
  527. /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
  528. /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
  529. /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
  530. /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
  531. /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
  532. /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
  533. /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
  534. /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
  535. /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
  536. /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
  537. /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
  538. /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
  539. /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
  540. /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
  541. /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
@@ -1,263 +0,0 @@
1
- import { b0 as Role, b1 as UnlockedKeyring } from './types-DyXYr8rE.cjs';
2
-
3
- /**
4
- * Session tokens —
5
- *
6
- * After a vault is unlocked (via passphrase, WebAuthn, OIDC, or magic-
7
- * link), the caller can call `createSession()` to get a session token that
8
- * allows re-establishing the KEK for the session lifetime without re-running
9
- * PBKDF2 or any interactive auth challenge.
10
- *
11
- * Security model
12
- * ──────────────
13
- * A session consists of two pieces that must both be present to recover the
14
- * KEK:
15
- *
16
- * 1. The **session key** — a non-extractable AES-256-GCM CryptoKey that
17
- * exists only in memory. "Non-extractable" is enforced by the WebCrypto
18
- * API: the key object cannot be serialized, exported, or sent over
19
- * postMessage. When the JS context is GC'd (tab close, navigation away,
20
- * worker termination) the key becomes unrecoverable.
21
- *
22
- * 2. The **session token** — a JSON object that carries the KEK wrapped
23
- * with the session key (AES-256-GCM, fresh IV per session), plus
24
- * unencrypted session metadata (sessionId, userId, vault, role,
25
- * expiresAt). The token can be serialized to JSON and stored in
26
- * sessionStorage or passed across callsites within the same tab, but
27
- * it is useless without the session key.
28
- *
29
- * The session key is kept in a module-level Map indexed by sessionId. Callers
30
- * that need to re-use a session must hold on to the sessionId returned from
31
- * `createSession()`; the key is looked up automatically by `resolveSession()`.
32
- *
33
- * Revocation: `revokeSession()` removes the entry from the Map. Because the
34
- * key is non-extractable, removal is sufficient — no one holds a serializable
35
- * copy of the key.
36
- *
37
- * Tab-scoped lifetime: the module-level Map lives only as long as the JS
38
- * module. Tab close → module unloaded → Map GC'd → all session keys gone.
39
- * This is the zero-effort logout: closing the tab is always a secure logout.
40
- *
41
- * Expiry: `createSession()` accepts a `ttlMs` option. `resolveSession()`
42
- * checks `expiresAt` and throws `SessionExpiredError` if the token is stale,
43
- * even if the session key is still in the Map.
44
- */
45
-
46
- /** The serializable part of a session token. Safe to store in sessionStorage. */
47
- interface SessionToken {
48
- readonly _noydb_session: 1;
49
- /** Unique session identifier (ULID). Use this as the handle for resolve/revoke. */
50
- readonly sessionId: string;
51
- readonly userId: string;
52
- readonly vault: string;
53
- readonly role: Role;
54
- /** ISO timestamp — resolveSession() rejects this token after this time. */
55
- readonly expiresAt: string;
56
- /** KEK wrapped with the session key (AES-256-GCM). Base64. */
57
- readonly wrappedKek: string;
58
- /** IV used for the wrapping operation. Base64. */
59
- readonly kekIv: string;
60
- }
61
- /** Result returned from `createSession()`. */
62
- interface CreateSessionResult {
63
- /** Serializable token — store in sessionStorage or pass to `resolveSession()`. */
64
- token: SessionToken;
65
- /** The sessionId — use this handle for `resolveSession()` and `revokeSession()`. */
66
- sessionId: string;
67
- }
68
- /** Options for `createSession()`. */
69
- interface CreateSessionOptions {
70
- /**
71
- * Session lifetime in milliseconds. Defaults to 60 minutes.
72
- * After this duration, `resolveSession()` throws `SessionExpiredError`.
73
- */
74
- ttlMs?: number;
75
- }
76
- /**
77
- * Create a session for an already-unlocked keyring.
78
- *
79
- * Call this after any successful unlock (passphrase, WebAuthn, OIDC,
80
- * magic-link). The returned `sessionId` is the handle for later
81
- * `resolveSession()` and `revokeSession()` calls.
82
- *
83
- * The session key is generated fresh (non-extractable) and stored in the
84
- * module-level Map. The KEK from `keyring.kek` is exported (it must be
85
- * extractable — it was derived by `deriveKey()` which sets extractable: false,
86
- * but it's unwrapped from the keyring which sets extractable: true) and then
87
- * re-wrapped with the session key.
88
- *
89
- * @param keyring - An already-unlocked keyring whose `kek` is available.
90
- * @param vault - The vault name this session is scoped to.
91
- * @param options - Optional session configuration.
92
- */
93
- declare function createSession(keyring: UnlockedKeyring, vault: string, options?: CreateSessionOptions): Promise<CreateSessionResult>;
94
- /**
95
- * Resolve a session token back into an UnlockedKeyring.
96
- *
97
- * Looks up the session key by `sessionId`, checks the token is not expired,
98
- * then decrypts the payload to reconstruct the keyring's DEK set.
99
- *
100
- * Throws `SessionExpiredError` if the token's `expiresAt` is in the past.
101
- * Throws `SessionNotFoundError` if the session key is not in the store
102
- * (tab was reloaded, session was revoked, or the sessionId is wrong).
103
- *
104
- * @param token - The SessionToken from `createSession()`.
105
- */
106
- declare function resolveSession(token: SessionToken): Promise<UnlockedKeyring>;
107
- /**
108
- * Revoke a session by removing its key from the store.
109
- *
110
- * After revocation, `resolveSession()` will throw `SessionNotFoundError`
111
- * for this sessionId. The session token (if held by the caller) becomes
112
- * permanently useless. This is the explicit logout path.
113
- *
114
- * No-op if the session was already expired or does not exist.
115
- */
116
- declare function revokeSession(sessionId: string): void;
117
- /**
118
- * Check if a session is still alive (key in store + not expired).
119
- * Does not decrypt anything — purely a metadata check.
120
- */
121
- declare function isSessionAlive(token: SessionToken): boolean;
122
- /**
123
- * Revoke all active sessions. Used by `Noydb.close()` to ensure that
124
- * closing the instance destroys all session state, not just the keyring
125
- * cache.
126
- */
127
- declare function revokeAllSessions(): void;
128
- /**
129
- * Return the number of active sessions currently in the store.
130
- * Useful for diagnostics and tests.
131
- */
132
- declare function activeSessionCount(): number;
133
-
134
- /**
135
- * Dev-mode persistent unlock —
136
- *
137
- * Solves the developer inner-loop friction: hot-reload destroys the session
138
- * (page navigation semantics), forcing a passphrase re-entry every refresh.
139
- *
140
- * This module provides an opt-in, deliberately-named escape hatch that lets
141
- * developers store the keyring payload in sessionStorage or localStorage so
142
- * the vault auto-unlocks on every page load — without a passphrase,
143
- * without a biometric prompt, without any OIDC flow.
144
- *
145
- * ⚠️ WARNING — this is a loaded footgun ⚠️
146
- * ─────────────────────────────────────────
147
- * The keyring payload stored by this module contains the DEKs. Whoever has
148
- * access to sessionStorage/localStorage has access to the DEKs. On a shared
149
- * development machine, a compromised browser extension, or a mis-configured
150
- * origin, this is a complete key exposure.
151
- *
152
- * This module is ONLY safe for local development. It must NEVER be active
153
- * in production builds.
154
- *
155
- * Guardrails (all enforced by the module, not by the caller)
156
- * ──────────────────────────────────────────────────────────
157
- * 1. **Production guard:** `enableDevUnlock()` throws immediately if
158
- * `process.env.NODE_ENV === 'production'` or if `import.meta.env?.PROD === true`
159
- * (Vite convention). Also throws if the hostname is NOT localhost or 127.0.0.1.
160
- *
161
- * 2. **Explicit acknowledgement string:** the caller must pass
162
- * `acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'` or the call
163
- * throws. This string appears in every grep for `devUnlock` in the codebase,
164
- * making it impossible to enable this feature accidentally.
165
- *
166
- * 3. **Scope is vault + userId:** the storage key includes both the
167
- * vault name and the userId, so dev-unlock for vault-A does
168
- * NOT auto-unlock vault-B.
169
- *
170
- * 4. **Storage scope:** default is `sessionStorage` (cleared on tab close).
171
- * `localStorage` is opt-in and requires an additional
172
- * `persistAcrossTabs: true` flag in the options.
173
- *
174
- * 5. **Clear method:** `clearDevUnlock()` removes the stored payload. Wire
175
- * this to a dev toolbar button or `Ctrl+Shift+L` so clearing is one action.
176
- *
177
- * 6. **Console banner:** on first enable, a highly visible console warning
178
- * fires. Cannot be suppressed.
179
- *
180
- * Usage
181
- * ─────
182
- * ```ts
183
- * // In your dev entry point only (guarded by import.meta.env.DEV):
184
- * if (import.meta.env.DEV) {
185
- * const { enableDevUnlock, loadDevUnlock } = await import('@noy-db/hub')
186
- * enableDevUnlock('my-compartment', 'alice', keyring, {
187
- * acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY',
188
- * })
189
- * }
190
- *
191
- * // On page load:
192
- * if (import.meta.env.DEV) {
193
- * const keyring = await loadDevUnlock('my-compartment', 'alice')
194
- * if (keyring) {
195
- * // Skip unlock prompt, use keyring directly
196
- * }
197
- * }
198
- * ```
199
- */
200
-
201
- interface DevUnlockOptions {
202
- /**
203
- * Required: the exact string 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'.
204
- * Any other value causes `enableDevUnlock()` to throw.
205
- */
206
- acknowledge: string;
207
- /**
208
- * If `true`, stores in localStorage (persists across tabs and browser restarts).
209
- * If `false` (default), stores in sessionStorage (cleared on tab close).
210
- */
211
- persistAcrossTabs?: boolean;
212
- }
213
- /**
214
- * Serialize and store a keyring to browser storage for dev-mode auto-unlock.
215
- *
216
- * Throws immediately if:
217
- * - The acknowledge string is wrong.
218
- * - Running in a production environment (NODE_ENV=production).
219
- * - Running on a non-localhost hostname.
220
- *
221
- * Emits a highly visible console warning that cannot be suppressed.
222
- *
223
- * @param vault - The vault name.
224
- * @param userId - The user ID.
225
- * @param keyring - The unlocked keyring to persist.
226
- * @param options - Options including the required acknowledge string.
227
- */
228
- declare function enableDevUnlock(vault: string, userId: string, keyring: UnlockedKeyring, options: DevUnlockOptions): Promise<void>;
229
- /**
230
- * Load a dev-mode keyring from browser storage.
231
- *
232
- * Returns `null` if no dev-unlock state is stored for this vault + user,
233
- * or if the stored payload is malformed.
234
- *
235
- * Does NOT perform the production environment check — it's safe to CALL
236
- * `loadDevUnlock` in production (it will simply return `null` because no
237
- * dev-unlock state was ever written). The guard only fires on `enableDevUnlock`.
238
- *
239
- * @param vault - The vault name.
240
- * @param userId - The user ID.
241
- * @param options - Optional storage override.
242
- */
243
- declare function loadDevUnlock(vault: string, userId: string, options?: {
244
- persistAcrossTabs?: boolean;
245
- }): Promise<UnlockedKeyring | null>;
246
- /**
247
- * Remove dev-unlock state from browser storage.
248
- *
249
- * Safe to call in production (no-op if no dev state exists).
250
- */
251
- declare function clearDevUnlock(vault: string, userId: string, options?: {
252
- persistAcrossTabs?: boolean;
253
- }): void;
254
- /**
255
- * Check if dev-unlock state exists for this vault + user.
256
- *
257
- * Safe to call in production (returns false if nothing is stored).
258
- */
259
- declare function isDevUnlockActive(vault: string, userId: string, options?: {
260
- persistAcrossTabs?: boolean;
261
- }): boolean;
262
-
263
- export { type CreateSessionOptions as C, type DevUnlockOptions as D, type SessionToken as S, type CreateSessionResult as a, activeSessionCount as b, clearDevUnlock as c, createSession as d, enableDevUnlock as e, isSessionAlive as f, revokeAllSessions as g, revokeSession as h, isDevUnlockActive as i, loadDevUnlock as l, resolveSession as r };
@@ -1,8 +0,0 @@
1
- import {
2
- GuardExecutor
3
- } from "./chunk-NONAAENK.js";
4
- import "./chunk-B6PB7JLN.js";
5
- export {
6
- GuardExecutor
7
- };
8
- //# sourceMappingURL=executor-5PNY7LGW.js.map
@@ -1,8 +0,0 @@
1
- import {
2
- DerivationExecutor
3
- } from "./chunk-DO7C2TOG.js";
4
- import "./chunk-B6PB7JLN.js";
5
- export {
6
- DerivationExecutor
7
- };
8
- //# sourceMappingURL=executor-B4QIYGZX.js.map
@@ -1,11 +0,0 @@
1
- import {
2
- MaterializedViewExecutor
3
- } from "./chunk-O3VZPBZG.js";
4
- import "./chunk-T7JEBOGN.js";
5
- import "./chunk-5XHKQ56N.js";
6
- import "./chunk-TV3YZ35S.js";
7
- import "./chunk-B6PB7JLN.js";
8
- export {
9
- MaterializedViewExecutor
10
- };
11
- //# sourceMappingURL=executor-BWXXDQ7K.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/derivations/fanout-sidecar.ts"],"sourcesContent":["/**\n * Per-source-row fanout sidecar for `shape: 'array'` derivations.\n *\n * Each `(sourceCollection, sourceId, outputKey)` triple gets its own\n * envelope at:\n *\n * _meta/derivations-fanout/<sourceCollection>/<sourceId>/<outputKey>\n *\n * The envelope records the last-emitted derived row ids so the\n * dispatcher can compute the diff on every source-row update in O(1):\n * read prior keys, compute `toDelete = prev \\ new`, write new, persist\n * back.\n *\n * Stored as plain JSON with AES-GCM bypassed (same pattern as\n * `_meta/policy`, `_meta/recovery-paper`, `_meta/sealed-passphrase`,\n * etc.): the sidecar is system metadata, not user data, and the\n * derived outputs themselves carry their own encryption envelopes.\n *\n * @module\n */\nimport type { NoydbStore, EncryptedEnvelope } from '../types.js'\nimport { NOYDB_FORMAT_VERSION } from '../types.js'\n\n/** Magic-prefixed JSON payload at `_meta/<recordId>`. */\nexport interface FanoutSidecar {\n readonly _noydb_fanout: 1\n /** Source collection name. */\n readonly source: string\n /** Source record id. */\n readonly sourceId: string\n /** Strategy output key (the key in `strategy.outputs`). */\n readonly outputKey: string\n /** Output collection name (audit / forensics). */\n readonly outputCollection: string\n /** Derived-row ids last emitted for this (source, output) pair. */\n readonly keys: ReadonlyArray<string>\n /** ISO timestamp of last dispatch. */\n readonly emittedAt: string\n}\n\n/**\n * Build the canonical `_meta` record id for a fanout sidecar.\n *\n * The full path inside the store is `_meta/<this-string>`. We pack the\n * full triple into the id so a single `_meta` collection holds all\n * sidecars (collection-per-source would proliferate names; the\n * existing `_meta` flat namespace is cheaper).\n */\nfunction recordId(source: string, sourceId: string, outputKey: string): string {\n // Use `/` as a separator. None of the components is supposed to\n // contain it (collection names + output keys are bare identifiers;\n // source ids are typically ULIDs / UUIDs / app-chosen strings\n // without slashes). If a future source carries `/` in its id, we'd\n // need an escape; deferred until that's a real case.\n return `derivations-fanout/${source}/${sourceId}/${outputKey}`\n}\n\n/** Read the sidecar; returns empty if absent. */\nexport async function loadFanoutSidecar(\n store: NoydbStore,\n vault: string,\n source: string,\n sourceId: string,\n outputKey: string,\n): Promise<FanoutSidecar | undefined> {\n const envelope = await store.get(vault, '_meta', recordId(source, sourceId, outputKey))\n if (!envelope) return undefined\n try {\n const parsed = JSON.parse(envelope._data) as FanoutSidecar\n if (parsed._noydb_fanout !== 1) return undefined\n if (!Array.isArray(parsed.keys)) return undefined\n return parsed\n } catch {\n return undefined\n }\n}\n\n/** Persist (insert/replace) the sidecar with a fresh key set. */\nexport async function saveFanoutSidecar(\n store: NoydbStore,\n vault: string,\n payload: {\n readonly source: string\n readonly sourceId: string\n readonly outputKey: string\n readonly outputCollection: string\n readonly keys: ReadonlyArray<string>\n },\n): Promise<void> {\n const doc: FanoutSidecar = {\n _noydb_fanout: 1,\n source: payload.source,\n sourceId: payload.sourceId,\n outputKey: payload.outputKey,\n outputCollection: payload.outputCollection,\n keys: payload.keys,\n emittedAt: new Date().toISOString(),\n }\n const id = recordId(payload.source, payload.sourceId, payload.outputKey)\n const prior = await store.get(vault, '_meta', id)\n const envelope: EncryptedEnvelope = {\n _noydb: NOYDB_FORMAT_VERSION,\n _v: (prior?._v ?? 0) + 1,\n _ts: new Date().toISOString(),\n // AES-GCM bypassed — sidecar is system metadata, no user data inside.\n _iv: '',\n _data: JSON.stringify(doc),\n }\n await store.put(vault, '_meta', id, envelope)\n}\n\n/** Delete the sidecar (used on source-row delete cascade). */\nexport async function deleteFanoutSidecar(\n store: NoydbStore,\n vault: string,\n source: string,\n sourceId: string,\n outputKey: string,\n): Promise<void> {\n await store.delete(vault, '_meta', recordId(source, sourceId, outputKey))\n}\n"],"mappings":";;;;;AAgDA,SAAS,SAAS,QAAgB,UAAkB,WAA2B;AAM7E,SAAO,sBAAsB,MAAM,IAAI,QAAQ,IAAI,SAAS;AAC9D;AAGA,eAAsB,kBACpB,OACA,OACA,QACA,UACA,WACoC;AACpC,QAAM,WAAW,MAAM,MAAM,IAAI,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AACtF,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,SAAS,KAAK;AACxC,QAAI,OAAO,kBAAkB,EAAG,QAAO;AACvC,QAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,EAAG,QAAO;AACxC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,kBACpB,OACA,OACA,SAOe;AACf,QAAM,MAAqB;AAAA,IACzB,eAAe;AAAA,IACf,QAAQ,QAAQ;AAAA,IAChB,UAAU,QAAQ;AAAA,IAClB,WAAW,QAAQ;AAAA,IACnB,kBAAkB,QAAQ;AAAA,IAC1B,MAAM,QAAQ;AAAA,IACd,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACA,QAAM,KAAK,SAAS,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS;AACvE,QAAM,QAAQ,MAAM,MAAM,IAAI,OAAO,SAAS,EAAE;AAChD,QAAM,WAA8B;AAAA,IAClC,QAAQ;AAAA,IACR,KAAK,OAAO,MAAM,KAAK;AAAA,IACvB,MAAK,oBAAI,KAAK,GAAE,YAAY;AAAA;AAAA,IAE5B,KAAK;AAAA,IACL,OAAO,KAAK,UAAU,GAAG;AAAA,EAC3B;AACA,QAAM,MAAM,IAAI,OAAO,SAAS,IAAI,QAAQ;AAC9C;AAGA,eAAsB,oBACpB,OACA,OACA,QACA,UACA,WACe;AACf,QAAM,MAAM,OAAO,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AAC1E;","names":[]}
@@ -1,322 +0,0 @@
1
- "use strict";
2
- var __defProp = Object.defineProperty;
3
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
- var __getOwnPropNames = Object.getOwnPropertyNames;
5
- var __hasOwnProp = Object.prototype.hasOwnProperty;
6
- var __export = (target, all) => {
7
- for (var name in all)
8
- __defProp(target, name, { get: all[name], enumerable: true });
9
- };
10
- var __copyProps = (to, from, except, desc) => {
11
- if (from && typeof from === "object" || typeof from === "function") {
12
- for (let key of __getOwnPropNames(from))
13
- if (!__hasOwnProp.call(to, key) && key !== except)
14
- __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
- }
16
- return to;
17
- };
18
- var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
-
20
- // src/guards/index.ts
21
- var guards_exports = {};
22
- __export(guards_exports, {
23
- AmendmentForbiddenError: () => AmendmentForbiddenError,
24
- FieldFrozenError: () => FieldFrozenError,
25
- GuardExecutor: () => GuardExecutor,
26
- GuardRegistry: () => GuardRegistry,
27
- InvariantError: () => InvariantError,
28
- ReadOnlyVaultFacade: () => ReadOnlyVaultFacade,
29
- RecordLockedError: () => RecordLockedError,
30
- withGuard: () => withGuard
31
- });
32
- module.exports = __toCommonJS(guards_exports);
33
-
34
- // src/errors.ts
35
- var NoydbError = class extends Error {
36
- /** Machine-readable error code. Stable across library versions. */
37
- code;
38
- constructor(code, message) {
39
- super(message);
40
- this.name = "NoydbError";
41
- this.code = code;
42
- }
43
- };
44
- var RecordLockedError = class extends NoydbError {
45
- collection;
46
- id;
47
- reason;
48
- constructor(collection, id, reason) {
49
- super(
50
- "RECORD_LOCKED",
51
- `Cannot modify ${collection}/${id} \u2014 locked by guard: ${reason}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
52
- );
53
- this.name = "RecordLockedError";
54
- this.collection = collection;
55
- this.id = id;
56
- this.reason = reason;
57
- }
58
- };
59
- var FieldFrozenError = class extends NoydbError {
60
- collection;
61
- id;
62
- fields;
63
- constructor(collection, id, fields) {
64
- super(
65
- "FIELD_FROZEN",
66
- `Cannot change frozen field(s) on ${collection}/${id}: ${fields.join(", ")}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
67
- );
68
- this.name = "FieldFrozenError";
69
- this.collection = collection;
70
- this.id = id;
71
- this.fields = fields;
72
- }
73
- };
74
- var InvariantError = class extends NoydbError {
75
- constructor(message) {
76
- super("INVARIANT_VIOLATED", message);
77
- this.name = "InvariantError";
78
- }
79
- };
80
- var AmendmentForbiddenError = class extends NoydbError {
81
- userId;
82
- role;
83
- constructor(userId, role) {
84
- super(
85
- "AMENDMENT_FORBIDDEN",
86
- `User "${userId}" with role "${role}" cannot open an amendment transaction. Amendments require admin or owner role.`
87
- );
88
- this.name = "AmendmentForbiddenError";
89
- this.userId = userId;
90
- this.role = role;
91
- }
92
- };
93
- var ValidationError = class extends NoydbError {
94
- constructor(message = "Validation error") {
95
- super("VALIDATION_ERROR", message);
96
- this.name = "ValidationError";
97
- }
98
- };
99
-
100
- // src/guards/with-guard.ts
101
- function withGuard(strategy) {
102
- if (!strategy.collection || strategy.collection.length === 0) {
103
- throw new ValidationError("withGuard: collection name is required");
104
- }
105
- return {
106
- __noydb_strategy: "guard",
107
- spec: strategy
108
- };
109
- }
110
-
111
- // src/guards/registry.ts
112
- var GuardRegistry = class {
113
- _byCollection = /* @__PURE__ */ new Map();
114
- _amendmentChanges = null;
115
- _amendmentMeta = null;
116
- /** Register a guard. Multiple guards per collection are allowed. */
117
- register(spec) {
118
- const existing = this._byCollection.get(spec.collection);
119
- if (existing) existing.push(spec);
120
- else this._byCollection.set(spec.collection, [spec]);
121
- }
122
- /** All guards registered against `collection` in registration order. */
123
- guardsFor(collection) {
124
- return this._byCollection.get(collection) ?? [];
125
- }
126
- /** Per-collection guard counts, for introspection. */
127
- summary() {
128
- return [...this._byCollection.entries()].map(([collection, guards]) => ({
129
- collection,
130
- count: guards.length
131
- }));
132
- }
133
- /**
134
- * Run every guard's `check` for this collection. First throw wins —
135
- * remaining guards are not invoked. Guards without a `check` skip.
136
- */
137
- async runChecks(collection, incoming, ctx) {
138
- const guards = this._byCollection.get(collection);
139
- if (!guards) return;
140
- for (const g of guards) {
141
- if (g.check) {
142
- await g.check(
143
- incoming,
144
- ctx
145
- );
146
- }
147
- }
148
- }
149
- /**
150
- * Run every guard's `onDelete` for this collection. First throw wins —
151
- * remaining guards are not invoked. Guards without an `onDelete` skip.
152
- * Mirrors {@link runChecks} but for the delete path.
153
- */
154
- async runOnDelete(collection, existing, ctx) {
155
- const guards = this._byCollection.get(collection);
156
- if (!guards) return;
157
- for (const g of guards) {
158
- if (g.onDelete) {
159
- await g.onDelete(
160
- existing,
161
- ctx
162
- );
163
- }
164
- }
165
- }
166
- /** True if any guard for `collection` declares an `amendment` block. */
167
- hasAmendment(collection) {
168
- const guards = this._byCollection.get(collection);
169
- if (!guards) return false;
170
- return guards.some((g) => g.amendment !== void 0);
171
- }
172
- /** Open a new amendment change-collection window. */
173
- beginAmendment() {
174
- this._amendmentChanges = /* @__PURE__ */ new Map();
175
- this._amendmentMeta = /* @__PURE__ */ new Map();
176
- }
177
- /** True iff we're currently inside an amendment transaction. */
178
- isAmendmentActive() {
179
- return this._amendmentChanges !== null;
180
- }
181
- /**
182
- * Record a {before, after} pair for the active amendment. `vBefore`
183
- * and `vAfter` are stored in a parallel meta structure so the public
184
- * {@link GuardChange} shape handed to invariant callbacks stays
185
- * `{ before, after }` only — the audit ledger reads version metadata
186
- * via {@link consumeMeta}.
187
- */
188
- collectChange(collection, id, before, after, vBefore = 0, vAfter = 0) {
189
- if (this._amendmentChanges === null || this._amendmentMeta === null) {
190
- throw new Error("GuardRegistry.collectChange called outside an amendment");
191
- }
192
- const list = this._amendmentChanges.get(collection);
193
- const entry = { before, after };
194
- if (list) list.push(entry);
195
- else this._amendmentChanges.set(collection, [entry]);
196
- const metaList = this._amendmentMeta.get(collection);
197
- const metaEntry = { id, vBefore, vAfter };
198
- if (metaList) metaList.push(metaEntry);
199
- else this._amendmentMeta.set(collection, [metaEntry]);
200
- }
201
- /**
202
- * Drain the change-set and close the amendment window. The caller
203
- * (transaction commit) feeds these to each affected guard's invariant.
204
- */
205
- consumeChanges() {
206
- const out = this._amendmentChanges ?? /* @__PURE__ */ new Map();
207
- this._amendmentChanges = null;
208
- return out;
209
- }
210
- /**
211
- * Drain the parallel id/version metadata captured during the
212
- * amendment. Returned as a flat list with `collection` denormalised
213
- * so the audit ledger can emit one `{ collection, id, vBefore,
214
- * vAfter }` tuple per record. Must be called AFTER
215
- * {@link consumeChanges} (or independently) — calling it closes the
216
- * meta window in the same way.
217
- */
218
- consumeMeta() {
219
- const out = [];
220
- if (this._amendmentMeta) {
221
- for (const [collection, list] of this._amendmentMeta) {
222
- for (const m of list) {
223
- out.push({ collection, id: m.id, vBefore: m.vBefore, vAfter: m.vAfter });
224
- }
225
- }
226
- }
227
- this._amendmentMeta = null;
228
- return out;
229
- }
230
- };
231
-
232
- // src/guards/executor.ts
233
- var GuardExecutor = {
234
- /**
235
- * Compare existing vs incoming for each `frozenFields.fields` entry
236
- * when `frozenFields.when(existing)` is true. Throws
237
- * `FieldFrozenError` listing every changed frozen field.
238
- */
239
- async checkFrozenFields(guard, id, existing, incoming) {
240
- const ff = guard.frozenFields;
241
- if (!ff) return;
242
- if (existing === null) return;
243
- if (!ff.when(existing)) return;
244
- const changed = [];
245
- for (const f of ff.fields) {
246
- if (existing[f] !== incoming[f]) {
247
- if (!deepEqual(existing[f], incoming[f])) changed.push(String(f));
248
- }
249
- }
250
- if (changed.length > 0) {
251
- throw new FieldFrozenError(guard.collection, id, changed);
252
- }
253
- },
254
- /**
255
- * Run a single guard's invariant over its slice of the change-set.
256
- * Any throw is converted to `InvariantError` unless it already is one.
257
- */
258
- async runInvariant(guard, changes, ctx) {
259
- const amendment = guard.amendment;
260
- if (!amendment) return;
261
- try {
262
- await amendment.invariant(changes, ctx);
263
- } catch (err) {
264
- if (err instanceof InvariantError) throw err;
265
- throw new InvariantError(
266
- err instanceof Error ? err.message : `invariant violated: ${String(err)}`
267
- );
268
- }
269
- }
270
- };
271
- function deepEqual(a, b) {
272
- if (a === b) return true;
273
- if (a === null || b === null) return a === b;
274
- if (typeof a !== typeof b) return false;
275
- if (typeof a !== "object") return a === b;
276
- if (Array.isArray(a) !== Array.isArray(b)) return false;
277
- if (Array.isArray(a)) {
278
- const aa = a;
279
- const bb = b;
280
- if (aa.length !== bb.length) return false;
281
- for (let i = 0; i < aa.length; i++) if (!deepEqual(aa[i], bb[i])) return false;
282
- return true;
283
- }
284
- const ao = a;
285
- const bo = b;
286
- const ak = Object.keys(ao);
287
- const bk = Object.keys(bo);
288
- if (ak.length !== bk.length) return false;
289
- for (const k of ak) {
290
- if (!Object.prototype.hasOwnProperty.call(bo, k)) return false;
291
- if (!deepEqual(ao[k], bo[k])) return false;
292
- }
293
- return true;
294
- }
295
-
296
- // src/guards/read-only-facade.ts
297
- var ReadOnlyVaultFacade = class {
298
- _vault;
299
- constructor(vault) {
300
- this._vault = vault;
301
- }
302
- collection(name) {
303
- const c = this._vault.collection(name);
304
- return {
305
- get: (id) => c.get(id),
306
- list: () => c.list(),
307
- query: () => c.query()
308
- };
309
- }
310
- };
311
- // Annotate the CommonJS export names for ESM import in node:
312
- 0 && (module.exports = {
313
- AmendmentForbiddenError,
314
- FieldFrozenError,
315
- GuardExecutor,
316
- GuardRegistry,
317
- InvariantError,
318
- ReadOnlyVaultFacade,
319
- RecordLockedError,
320
- withGuard
321
- });
322
- //# sourceMappingURL=index.cjs.map