@noy-db/hub 0.2.0-pre.9 → 0.3.0-pre.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +129 -3
- package/dist/adapter/index.d.ts +5 -0
- package/dist/adapter/index.js +15 -0
- package/dist/aggregate/index.d.ts +6 -2
- package/dist/aggregate/index.js +24 -16
- package/dist/aggregate/index.js.map +1 -1
- package/dist/api-RW3KP7WU.js +14 -0
- package/dist/as/index.d.ts +7 -0
- package/dist/as/index.js +24 -0
- package/dist/at/index.d.ts +5 -0
- package/dist/at/index.js +1 -0
- package/dist/attestation/index.d.ts +15 -47
- package/dist/attestation/index.js +54 -10
- package/dist/attestation/index.js.map +1 -1
- package/dist/backup-KMJQ66MF.js +219 -0
- package/dist/backup-KMJQ66MF.js.map +1 -0
- package/dist/blobs/index.d.ts +6 -8
- package/dist/blobs/index.js +19 -12
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +16 -70
- package/dist/bundle/index.js +39 -476
- package/dist/bundle/index.js.map +1 -1
- package/dist/{ulid-CJ8RzRrm.d.ts → bundle-PwBGkhpe.d.ts} +31 -86
- package/dist/by/index.d.ts +1 -0
- package/dist/by/index.js +11 -0
- package/dist/cargo/index.d.ts +9 -0
- package/dist/cargo/index.js +89 -0
- package/dist/chunk-26LGBE4T.js +42 -0
- package/dist/chunk-26LGBE4T.js.map +1 -0
- package/dist/{chunk-K3DK3NU5.js → chunk-3YFXJ3ZP.js} +20 -5
- package/dist/chunk-3YFXJ3ZP.js.map +1 -0
- package/dist/chunk-4Q6HSHHL.js +90 -0
- package/dist/chunk-4Q6HSHHL.js.map +1 -0
- package/dist/chunk-5LUY7UTV.js +380 -0
- package/dist/chunk-5LUY7UTV.js.map +1 -0
- package/dist/chunk-5N6CZTCY.js +367 -0
- package/dist/chunk-5N6CZTCY.js.map +1 -0
- package/dist/chunk-5O3AOPDT.js +992 -0
- package/dist/chunk-5O3AOPDT.js.map +1 -0
- package/dist/chunk-5R3ERCDH.js +239 -0
- package/dist/chunk-5R3ERCDH.js.map +1 -0
- package/dist/chunk-5TDJ56JE.js +32 -0
- package/dist/chunk-5TDJ56JE.js.map +1 -0
- package/dist/{chunk-T7JEBOGN.js → chunk-62QYRORB.js} +18 -11
- package/dist/chunk-62QYRORB.js.map +1 -0
- package/dist/{chunk-J66GRPNH.js → chunk-6S7T6WC4.js} +2 -2
- package/dist/chunk-6S7T6WC4.js.map +1 -0
- package/dist/chunk-76722EBH.js +451 -0
- package/dist/chunk-76722EBH.js.map +1 -0
- package/dist/{chunk-Z6FNBOTC.js → chunk-AIWULCUO.js} +13 -17
- package/dist/chunk-AIWULCUO.js.map +1 -0
- package/dist/{chunk-O3VZPBZG.js → chunk-AQTBSL7R.js} +47 -11
- package/dist/chunk-AQTBSL7R.js.map +1 -0
- package/dist/chunk-AURFOK3D.js +35 -0
- package/dist/chunk-AURFOK3D.js.map +1 -0
- package/dist/{chunk-53XBRIRT.js → chunk-AXRXJTE2.js} +9 -9
- package/dist/chunk-AXRXJTE2.js.map +1 -0
- package/dist/chunk-AZAOEIKW.js +155 -0
- package/dist/chunk-AZAOEIKW.js.map +1 -0
- package/dist/{chunk-HNRHLRDC.js → chunk-BG3SPSR4.js} +3 -3
- package/dist/chunk-BG3SPSR4.js.map +1 -0
- package/dist/chunk-BGIZAFY7.js +1 -0
- package/dist/chunk-CHFZDSE4.js +1 -0
- package/dist/{chunk-DJHHA6XH.js → chunk-CMGR4ZEW.js} +50 -20
- package/dist/chunk-CMGR4ZEW.js.map +1 -0
- package/dist/chunk-CWPPNPOH.js +23 -0
- package/dist/chunk-CWPPNPOH.js.map +1 -0
- package/dist/{chunk-QODLLGQ7.js → chunk-DFEMTNPJ.js} +371 -38
- package/dist/chunk-DFEMTNPJ.js.map +1 -0
- package/dist/{chunk-ZYWZWG6G.js → chunk-DGDI2D4M.js} +10 -10
- package/dist/chunk-DGDI2D4M.js.map +1 -0
- package/dist/{chunk-SYMWGEET.js → chunk-EIZUR2XW.js} +3 -3
- package/dist/chunk-EIZUR2XW.js.map +1 -0
- package/dist/{chunk-BVRYKATC.js → chunk-FISN7WE4.js} +36 -33
- package/dist/chunk-FISN7WE4.js.map +1 -0
- package/dist/chunk-GHVIKOHT.js +1 -0
- package/dist/chunk-GYGWYIOZ.js +200 -0
- package/dist/chunk-GYGWYIOZ.js.map +1 -0
- package/dist/chunk-HCIPRAGS.js +45 -0
- package/dist/chunk-HCIPRAGS.js.map +1 -0
- package/dist/{chunk-PX35GA7L.js → chunk-I2NOIW44.js} +10 -10
- package/dist/chunk-I2NOIW44.js.map +1 -0
- package/dist/{chunk-OIF6LZUR.js → chunk-I3TIKTJO.js} +3 -3
- package/dist/chunk-I3TIKTJO.js.map +1 -0
- package/dist/chunk-I7FD46FF.js +9 -0
- package/dist/chunk-I7FD46FF.js.map +1 -0
- package/dist/chunk-IAGBDSCS.js +40 -0
- package/dist/chunk-IAGBDSCS.js.map +1 -0
- package/dist/{chunk-JWRVQKRZ.js → chunk-IELYAOGG.js} +6 -18
- package/dist/chunk-IELYAOGG.js.map +1 -0
- package/dist/chunk-IGUYVGGI.js +205 -0
- package/dist/chunk-IGUYVGGI.js.map +1 -0
- package/dist/{chunk-U26HQ6KJ.js → chunk-IO6GRPT6.js} +4 -4
- package/dist/chunk-IO6GRPT6.js.map +1 -0
- package/dist/chunk-IPB7FTQX.js +273 -0
- package/dist/chunk-IPB7FTQX.js.map +1 -0
- package/dist/chunk-ITNUCOXM.js +148 -0
- package/dist/chunk-ITNUCOXM.js.map +1 -0
- package/dist/{chunk-WPLVTJ5D.js → chunk-IUEN57TV.js} +10 -10
- package/dist/chunk-IUEN57TV.js.map +1 -0
- package/dist/{chunk-DL3HWOQ5.js → chunk-JNUWZ6D3.js} +9 -9
- package/dist/chunk-JNUWZ6D3.js.map +1 -0
- package/dist/chunk-K2WCO3NX.js +1 -0
- package/dist/chunk-KVOXU4T5.js +30 -0
- package/dist/chunk-KVOXU4T5.js.map +1 -0
- package/dist/chunk-KXGNJJXB.js +135 -0
- package/dist/chunk-KXGNJJXB.js.map +1 -0
- package/dist/chunk-LB7FD65R.js +163 -0
- package/dist/chunk-LB7FD65R.js.map +1 -0
- package/dist/{chunk-22DWZL57.js → chunk-LFLXAY2W.js} +43 -218
- package/dist/chunk-LFLXAY2W.js.map +1 -0
- package/dist/chunk-LMTH2RM6.js +129 -0
- package/dist/chunk-LMTH2RM6.js.map +1 -0
- package/dist/{aggregate/index.cjs → chunk-LV7M27WM.js} +390 -219
- package/dist/chunk-LV7M27WM.js.map +1 -0
- package/dist/{chunk-PE2FR4J3.js → chunk-LXQT4WMP.js} +16 -18
- package/dist/chunk-LXQT4WMP.js.map +1 -0
- package/dist/chunk-M2YKN37S.js +524 -0
- package/dist/chunk-M2YKN37S.js.map +1 -0
- package/dist/chunk-M6OST55S.js +14 -0
- package/dist/chunk-M6OST55S.js.map +1 -0
- package/dist/{chunk-F3GDRNUT.js → chunk-MD3Y6J3L.js} +35 -69
- package/dist/chunk-MD3Y6J3L.js.map +1 -0
- package/dist/{chunk-XJFLDA7A.js → chunk-MTMJVJ5W.js} +8 -7
- package/dist/chunk-MTMJVJ5W.js.map +1 -0
- package/dist/{chunk-DFMLEQZB.js → chunk-NF5JWERG.js} +5 -10
- package/dist/chunk-NF5JWERG.js.map +1 -0
- package/dist/{chunk-DO7C2TOG.js → chunk-PKHL44ER.js} +3 -3
- package/dist/{chunk-DO7C2TOG.js.map → chunk-PKHL44ER.js.map} +1 -1
- package/dist/{chunk-6CME4UEK.js → chunk-PSHOXR6C.js} +7008 -4827
- package/dist/chunk-PSHOXR6C.js.map +1 -0
- package/dist/chunk-PSMV73A5.js +117 -0
- package/dist/chunk-PSMV73A5.js.map +1 -0
- package/dist/chunk-PY4KJPYU.js +9 -0
- package/dist/chunk-PY4KJPYU.js.map +1 -0
- package/dist/chunk-PZ5AY32C.js +10 -0
- package/dist/{chunk-DE6GKS6G.js → chunk-Q7SS3IME.js} +50 -9
- package/dist/chunk-Q7SS3IME.js.map +1 -0
- package/dist/chunk-QHJW5EXU.js +54 -0
- package/dist/chunk-QHJW5EXU.js.map +1 -0
- package/dist/chunk-QZISFCVG.js +233 -0
- package/dist/chunk-QZISFCVG.js.map +1 -0
- package/dist/{chunk-NONAAENK.js → chunk-RUEKROOS.js} +11 -4
- package/dist/chunk-RUEKROOS.js.map +1 -0
- package/dist/chunk-RUIMKQTA.js +23 -0
- package/dist/chunk-RUIMKQTA.js.map +1 -0
- package/dist/{chunk-TFBP23BX.js → chunk-SKF73JOP.js} +66 -7
- package/dist/chunk-SKF73JOP.js.map +1 -0
- package/dist/chunk-SM3AVUHC.js +42 -0
- package/dist/chunk-SM3AVUHC.js.map +1 -0
- package/dist/{chunk-ML236QKC.js → chunk-SMXWYP24.js} +5 -5
- package/dist/chunk-SMXWYP24.js.map +1 -0
- package/dist/chunk-SRB2XEWB.js +148 -0
- package/dist/chunk-SRB2XEWB.js.map +1 -0
- package/dist/chunk-SVLR4POP.js +64 -0
- package/dist/chunk-SVLR4POP.js.map +1 -0
- package/dist/chunk-TA66UMI4.js +123 -0
- package/dist/chunk-TA66UMI4.js.map +1 -0
- package/dist/chunk-TEILUWOI.js +664 -0
- package/dist/chunk-TEILUWOI.js.map +1 -0
- package/dist/chunk-TJYQIGAP.js +82 -0
- package/dist/chunk-TJYQIGAP.js.map +1 -0
- package/dist/{chunk-H2X3ISXG.js → chunk-UAG5KWVA.js} +7 -7
- package/dist/chunk-UAG5KWVA.js.map +1 -0
- package/dist/chunk-UDRIWL7A.js +382 -0
- package/dist/chunk-UDRIWL7A.js.map +1 -0
- package/dist/{chunk-2GLDA55J.js → chunk-UIU2THRG.js} +498 -133
- package/dist/chunk-UIU2THRG.js.map +1 -0
- package/dist/{chunk-3YPCK6JX.js → chunk-UPJNJGGA.js} +165 -423
- package/dist/chunk-UPJNJGGA.js.map +1 -0
- package/dist/chunk-UV5MFVO3.js +21 -0
- package/dist/chunk-UV5MFVO3.js.map +1 -0
- package/dist/{chunk-2WUSG3IT.js → chunk-V7RWQRG7.js} +5 -5
- package/dist/chunk-V7RWQRG7.js.map +1 -0
- package/dist/{chunk-VTKGMEPP.js → chunk-VCTFO5CO.js} +13 -3
- package/dist/chunk-VCTFO5CO.js.map +1 -0
- package/dist/{chunk-5T22KDPN.js → chunk-VFQGRQIH.js} +8 -8
- package/dist/chunk-VFQGRQIH.js.map +1 -0
- package/dist/{chunk-2QR2PQTT.js → chunk-VQNJ7UZL.js} +5 -3
- package/dist/chunk-VQNJ7UZL.js.map +1 -0
- package/dist/{chunk-DONMZAD2.js → chunk-WWGT2MDV.js} +43 -165
- package/dist/chunk-WWGT2MDV.js.map +1 -0
- package/dist/{chunk-EMIGCR7X.js → chunk-WXSYDNBT.js} +2 -2
- package/dist/chunk-WXSYDNBT.js.map +1 -0
- package/dist/chunk-WYSO2NIH.js +30 -0
- package/dist/chunk-WYSO2NIH.js.map +1 -0
- package/dist/chunk-XXYIOFUB.js +164 -0
- package/dist/chunk-XXYIOFUB.js.map +1 -0
- package/dist/{chunk-3BFJOWSU.js → chunk-Y22T3KQE.js} +35 -7
- package/dist/chunk-Y22T3KQE.js.map +1 -0
- package/dist/{chunk-A3JMGXPG.js → chunk-YMUGBZN2.js} +2 -2
- package/dist/chunk-YMUGBZN2.js.map +1 -0
- package/dist/{chunk-I5FOWO4J.js → chunk-ZCGAHGUS.js} +52 -73
- package/dist/chunk-ZCGAHGUS.js.map +1 -0
- package/dist/{chunk-FZU343FL.js → chunk-ZJADGNYF.js} +2 -2
- package/dist/chunk-ZJADGNYF.js.map +1 -0
- package/dist/{chunk-B6PB7JLN.js → chunk-ZYUC53LT.js} +427 -6
- package/dist/chunk-ZYUC53LT.js.map +1 -0
- package/dist/collection-facade-GQAOGJP2.js +33 -0
- package/dist/consent/index.d.ts +5 -7
- package/dist/consent/index.js +7 -5
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +6 -2
- package/dist/crdt/index.js +3 -2
- package/dist/crdt/index.js.map +1 -1
- package/dist/decrypt-partition-IHtxEnTi.d.ts +21 -0
- package/dist/delegation-UL5HKLER.js +19 -0
- package/dist/derivations/index.d.ts +7 -9
- package/dist/derivations/index.js +11 -6
- package/dist/describe/index.d.ts +1 -0
- package/dist/describe/index.js +1 -0
- package/dist/describe-Ccd1hS7a.d.ts +143 -0
- package/dist/{dev-unlock-B4kDxep_.d.ts → dev-unlock-h0K-UZTk.d.ts} +1 -1
- package/dist/discriminant-BN9REW3o.d.ts +60 -0
- package/dist/enclave-UL5LW66V.js +88 -0
- package/dist/executor-2FWQRLMG.js +15 -0
- package/dist/executor-QZ7BXICW.js +9 -0
- package/dist/executor-Z5ZLJVTV.js +9 -0
- package/dist/export-accessible-KRV5W4GH.js +17 -0
- package/dist/extract-partition-GLKBOXFQ.js +30 -0
- package/dist/{fanout-sidecar-OKPMMPLG.js → fanout-sidecar-GF3DJ6KR.js} +34 -14
- package/dist/fanout-sidecar-GF3DJ6KR.js.map +1 -0
- package/dist/forget/index.d.ts +36 -0
- package/dist/forget/index.js +19 -0
- package/dist/forget/index.js.map +1 -0
- package/dist/guards/index.d.ts +13 -9
- package/dist/guards/index.js +12 -5
- package/dist/{hash-DdpVypUp.d.cts → hash-CdSr06sm.d.ts} +5 -1
- package/dist/history/index.d.ts +6 -8
- package/dist/history/index.js +19 -12
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +5 -7
- package/dist/i18n/index.js +104 -15
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +5 -0
- package/dist/in/index.js +1 -0
- package/dist/in/index.js.map +1 -0
- package/dist/index-B9QdHytu.d.ts +123 -0
- package/dist/index-CGLLRtFc.d.ts +123 -0
- package/dist/{types-Df28QFKb.d.ts → index-_6At2_9_.d.ts} +16270 -8358
- package/dist/index.d.ts +1088 -450
- package/dist/index.js +1165 -293
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +6 -3
- package/dist/indexing/index.js +6 -5
- package/dist/indexing/index.js.map +1 -1
- package/dist/issue-Y6UVIR43.js +13 -0
- package/dist/issue-Y6UVIR43.js.map +1 -0
- package/dist/kernel/index.d.ts +32 -0
- package/dist/kernel/index.js +53 -0
- package/dist/kernel/index.js.map +1 -0
- package/dist/{ledger-TMRZYNVJ.js → ledger-RYI35CDS.js} +12 -9
- package/dist/ledger-RYI35CDS.js.map +1 -0
- package/dist/liberate-CRPZEV7O.js +18 -0
- package/dist/liberate-CRPZEV7O.js.map +1 -0
- package/dist/materialized-views/index.d.ts +6 -19
- package/dist/materialized-views/index.js +16 -12
- package/dist/mime-magic-B4RoFj3B.d.ts +103 -0
- package/dist/noydb-LDEBLNHY.js +50 -0
- package/dist/noydb-LDEBLNHY.js.map +1 -0
- package/dist/on/index.d.ts +5 -0
- package/dist/on/index.js +11 -0
- package/dist/on/index.js.map +1 -0
- package/dist/overlay-views/index.d.ts +27 -11
- package/dist/overlay-views/index.js +7 -6
- package/dist/periods/index.d.ts +5 -7
- package/dist/periods/index.js +13 -9
- package/dist/pod/index.d.ts +63 -0
- package/dist/pod/index.js +61 -0
- package/dist/pod/index.js.map +1 -0
- package/dist/policy-IXK4FVXP.js +41 -0
- package/dist/policy-IXK4FVXP.js.map +1 -0
- package/dist/portability/index.d.ts +20 -0
- package/dist/portability/index.js +43 -0
- package/dist/portability/index.js.map +1 -0
- package/dist/{public-envelope-BW6OXORV.js → public-envelope-JHDQCPSX.js} +6 -5
- package/dist/public-envelope-JHDQCPSX.js.map +1 -0
- package/dist/query/index.d.ts +5 -3
- package/dist/query/index.js +21 -13
- package/dist/read-only-facade-5ADRJVTM.js +8 -0
- package/dist/read-only-facade-5ADRJVTM.js.map +1 -0
- package/dist/registry-45RJNWGU.js +9 -0
- package/dist/registry-45RJNWGU.js.map +1 -0
- package/dist/registry-5GRV5VXI.js +13 -0
- package/dist/registry-5GRV5VXI.js.map +1 -0
- package/dist/registry-VW6P6A3J.js +8 -0
- package/dist/registry-VW6P6A3J.js.map +1 -0
- package/dist/registry-WEUCHBO4.js +11 -0
- package/dist/registry-WEUCHBO4.js.map +1 -0
- package/dist/request-withdrawal-GBPH2FDY.js +25 -0
- package/dist/request-withdrawal-GBPH2FDY.js.map +1 -0
- package/dist/revoke-TUFRGI6S.js +18 -0
- package/dist/revoke-TUFRGI6S.js.map +1 -0
- package/dist/sealed-record/index.d.ts +69 -0
- package/dist/sealed-record/index.js +65 -0
- package/dist/sealed-record/index.js.map +1 -0
- package/dist/session/index.d.ts +6 -8
- package/dist/session/index.js +7 -5
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +5 -7
- package/dist/shadow/index.js +4 -3
- package/dist/shadow/index.js.map +1 -1
- package/dist/{signer-72QAUSVW.js → signer-PNKTBVF7.js} +6 -5
- package/dist/signer-PNKTBVF7.js.map +1 -0
- package/dist/snapshots/index.d.ts +6 -8
- package/dist/snapshots/index.js +13 -11
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-6ZDBTQT7.js → stale-3JWHNDIY.js} +3 -2
- package/dist/stale-3JWHNDIY.js.map +1 -0
- package/dist/store-coordination-provider-3I7XWZZK.js +142 -0
- package/dist/store-coordination-provider-3I7XWZZK.js.map +1 -0
- package/dist/subject-index-O75wKshW.d.ts +362 -0
- package/dist/sync/index.d.ts +4 -6
- package/dist/sync/index.js +7 -6
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +5 -7
- package/dist/team/index.js +20 -16
- package/dist/tiers/index.d.ts +5 -0
- package/dist/tiers/index.js +33 -0
- package/dist/tiers/index.js.map +1 -0
- package/dist/to/index.d.ts +5 -0
- package/dist/to/index.js +17 -0
- package/dist/to/index.js.map +1 -0
- package/dist/transition-guard-DqodPNKw.d.ts +165 -0
- package/dist/tx/index.d.ts +23 -9
- package/dist/tx/index.js +13 -8
- package/dist/tx/index.js.map +1 -1
- package/dist/ui/index.d.ts +1 -0
- package/dist/ui/index.js +1 -0
- package/dist/ui/index.js.map +1 -0
- package/dist/ulid-DRH25k3y.d.ts +66 -0
- package/dist/ulid-PTAIMDG4.js +10 -0
- package/dist/ulid-PTAIMDG4.js.map +1 -0
- package/dist/util/index.d.ts +2 -0
- package/dist/util/index.js +7 -2
- package/dist/util/index.js.map +1 -1
- package/dist/vault-diff-BtpiBvic.d.ts +147 -0
- package/dist/with/index.d.ts +38 -0
- package/dist/with/index.js +25 -0
- package/dist/with/index.js.map +1 -0
- package/dist/{with-materialized-view-BLkQxoQN.d.ts → with-materialized-view-DMmWtYfJ.d.ts} +1 -1
- package/dist/{with-overlayed-view-CRsSEwHR.d.ts → with-overlayed-view-D_IB2nkM.d.ts} +2 -3
- package/dist/with-rollup-em2wxoHP.d.ts +47 -0
- package/dist/withdraw-accessible-FFS46EOD.js +22 -0
- package/dist/withdraw-accessible-FFS46EOD.js.map +1 -0
- package/dist/zod-HAJM7LMS.js +14763 -0
- package/dist/zod-HAJM7LMS.js.map +1 -0
- package/package.json +121 -201
- package/dist/aggregate/index.cjs.map +0 -1
- package/dist/aggregate/index.d.cts +0 -38
- package/dist/attestation/index.cjs +0 -305
- package/dist/attestation/index.cjs.map +0 -1
- package/dist/attestation/index.d.cts +0 -52
- package/dist/blobs/index.cjs +0 -1480
- package/dist/blobs/index.cjs.map +0 -1
- package/dist/blobs/index.d.cts +0 -46
- package/dist/bundle/index.cjs +0 -19264
- package/dist/bundle/index.cjs.map +0 -1
- package/dist/bundle/index.d.cts +0 -176
- package/dist/chunk-22DWZL57.js.map +0 -1
- package/dist/chunk-2GLDA55J.js.map +0 -1
- package/dist/chunk-2QR2PQTT.js.map +0 -1
- package/dist/chunk-2WUSG3IT.js.map +0 -1
- package/dist/chunk-3BFJOWSU.js.map +0 -1
- package/dist/chunk-3YPCK6JX.js.map +0 -1
- package/dist/chunk-53XBRIRT.js.map +0 -1
- package/dist/chunk-5T22KDPN.js.map +0 -1
- package/dist/chunk-5XHKQ56N.js +0 -340
- package/dist/chunk-5XHKQ56N.js.map +0 -1
- package/dist/chunk-6CME4UEK.js.map +0 -1
- package/dist/chunk-6STK5TQP.js +0 -139
- package/dist/chunk-6STK5TQP.js.map +0 -1
- package/dist/chunk-A3JMGXPG.js.map +0 -1
- package/dist/chunk-B6PB7JLN.js.map +0 -1
- package/dist/chunk-BVRYKATC.js.map +0 -1
- package/dist/chunk-DE6GKS6G.js.map +0 -1
- package/dist/chunk-DFMLEQZB.js.map +0 -1
- package/dist/chunk-DJHHA6XH.js.map +0 -1
- package/dist/chunk-DL3HWOQ5.js.map +0 -1
- package/dist/chunk-DONMZAD2.js.map +0 -1
- package/dist/chunk-EMIGCR7X.js.map +0 -1
- package/dist/chunk-F3GDRNUT.js.map +0 -1
- package/dist/chunk-FZU343FL.js.map +0 -1
- package/dist/chunk-H2X3ISXG.js.map +0 -1
- package/dist/chunk-HNRHLRDC.js.map +0 -1
- package/dist/chunk-I5FOWO4J.js.map +0 -1
- package/dist/chunk-J66GRPNH.js.map +0 -1
- package/dist/chunk-JWRVQKRZ.js.map +0 -1
- package/dist/chunk-K3DK3NU5.js.map +0 -1
- package/dist/chunk-ML236QKC.js.map +0 -1
- package/dist/chunk-NONAAENK.js.map +0 -1
- package/dist/chunk-O3VZPBZG.js.map +0 -1
- package/dist/chunk-OIF6LZUR.js.map +0 -1
- package/dist/chunk-OQ6PIGHA.js +0 -19
- package/dist/chunk-OQ6PIGHA.js.map +0 -1
- package/dist/chunk-PE2FR4J3.js.map +0 -1
- package/dist/chunk-PP6W64Y3.js +0 -275
- package/dist/chunk-PP6W64Y3.js.map +0 -1
- package/dist/chunk-PX35GA7L.js.map +0 -1
- package/dist/chunk-QEILDE6R.js +0 -793
- package/dist/chunk-QEILDE6R.js.map +0 -1
- package/dist/chunk-QODLLGQ7.js.map +0 -1
- package/dist/chunk-RAZ4OVLL.js +0 -51
- package/dist/chunk-RAZ4OVLL.js.map +0 -1
- package/dist/chunk-SYMWGEET.js.map +0 -1
- package/dist/chunk-T7JEBOGN.js.map +0 -1
- package/dist/chunk-TFBP23BX.js.map +0 -1
- package/dist/chunk-TV3YZ35S.js +0 -90
- package/dist/chunk-TV3YZ35S.js.map +0 -1
- package/dist/chunk-U26HQ6KJ.js.map +0 -1
- package/dist/chunk-UF3BUNQZ.js +0 -1
- package/dist/chunk-UMLVJTYV.js +0 -20
- package/dist/chunk-UMLVJTYV.js.map +0 -1
- package/dist/chunk-VTKGMEPP.js.map +0 -1
- package/dist/chunk-W6EQLGMB.js +0 -100
- package/dist/chunk-W6EQLGMB.js.map +0 -1
- package/dist/chunk-WIRRPTFH.js +0 -17
- package/dist/chunk-WIRRPTFH.js.map +0 -1
- package/dist/chunk-WPLVTJ5D.js.map +0 -1
- package/dist/chunk-XJFLDA7A.js.map +0 -1
- package/dist/chunk-Z6FNBOTC.js.map +0 -1
- package/dist/chunk-ZYWZWG6G.js.map +0 -1
- package/dist/consent/index.cjs +0 -204
- package/dist/consent/index.cjs.map +0 -1
- package/dist/consent/index.d.cts +0 -25
- package/dist/crdt/index.cjs +0 -152
- package/dist/crdt/index.cjs.map +0 -1
- package/dist/crdt/index.d.cts +0 -30
- package/dist/crypto-HTZ4FJOP.js +0 -44
- package/dist/delegation-RI54P6I5.js +0 -17
- package/dist/derivations/index.cjs +0 -351
- package/dist/derivations/index.cjs.map +0 -1
- package/dist/derivations/index.d.cts +0 -72
- package/dist/dev-unlock-BIoEFbwm.d.cts +0 -263
- package/dist/executor-5PNY7LGW.js +0 -8
- package/dist/executor-B4QIYGZX.js +0 -8
- package/dist/executor-BWXXDQ7K.js +0 -11
- package/dist/fanout-sidecar-OKPMMPLG.js.map +0 -1
- package/dist/guards/index.cjs +0 -322
- package/dist/guards/index.cjs.map +0 -1
- package/dist/guards/index.d.cts +0 -31
- package/dist/hash-HJqD14vS.d.ts +0 -63
- package/dist/history/index.cjs +0 -1222
- package/dist/history/index.cjs.map +0 -1
- package/dist/history/index.d.cts +0 -63
- package/dist/i18n/index.cjs +0 -1100
- package/dist/i18n/index.cjs.map +0 -1
- package/dist/i18n/index.d.cts +0 -39
- package/dist/index-4fBVt8j9.d.cts +0 -2387
- package/dist/index-D8I_pyJD.d.ts +0 -2387
- package/dist/index.cjs +0 -24487
- package/dist/index.cjs.map +0 -1
- package/dist/index.d.cts +0 -776
- package/dist/indexing/index.cjs +0 -742
- package/dist/indexing/index.cjs.map +0 -1
- package/dist/indexing/index.d.cts +0 -36
- package/dist/issue-VGDPP4B5.js +0 -12
- package/dist/lazy-builder-7tIpFyWN.d.ts +0 -304
- package/dist/lazy-builder-wY4pMCEe.d.cts +0 -304
- package/dist/materialized-views/index.cjs +0 -854
- package/dist/materialized-views/index.cjs.map +0 -1
- package/dist/materialized-views/index.d.cts +0 -186
- package/dist/mime-magic-CBBSOkjm.d.cts +0 -50
- package/dist/mime-magic-CBBSOkjm.d.ts +0 -50
- package/dist/noydb-G725ZSZG.js +0 -34
- package/dist/overlay-views/index.cjs +0 -359
- package/dist/overlay-views/index.cjs.map +0 -1
- package/dist/overlay-views/index.d.cts +0 -82
- package/dist/periods/index.cjs +0 -1041
- package/dist/periods/index.cjs.map +0 -1
- package/dist/periods/index.d.cts +0 -22
- package/dist/predicate-BSAGEyu5.d.cts +0 -209
- package/dist/predicate-BSAGEyu5.d.ts +0 -209
- package/dist/query/index.cjs +0 -2375
- package/dist/query/index.cjs.map +0 -1
- package/dist/query/index.d.cts +0 -3
- package/dist/read-only-facade-ITU6L7BL.js +0 -7
- package/dist/registry-3QP3YKQS.js +0 -8
- package/dist/registry-DKEXOJVO.js +0 -7
- package/dist/registry-OJIOSBV6.js +0 -10
- package/dist/registry-USRVT6YF.js +0 -8
- package/dist/revoke-JCC7N56X.js +0 -17
- package/dist/session/index.cjs +0 -495
- package/dist/session/index.cjs.map +0 -1
- package/dist/session/index.d.cts +0 -46
- package/dist/shadow/index.cjs +0 -133
- package/dist/shadow/index.cjs.map +0 -1
- package/dist/shadow/index.d.cts +0 -17
- package/dist/snapshots/index.cjs +0 -937
- package/dist/snapshots/index.cjs.map +0 -1
- package/dist/snapshots/index.d.cts +0 -28
- package/dist/store/index.cjs +0 -1083
- package/dist/store/index.cjs.map +0 -1
- package/dist/store/index.d.cts +0 -492
- package/dist/store/index.d.ts +0 -492
- package/dist/store/index.js +0 -37
- package/dist/strategy-BSxFXGzb.d.cts +0 -110
- package/dist/strategy-BSxFXGzb.d.ts +0 -110
- package/dist/strategy-DSTrsZ8t.d.cts +0 -601
- package/dist/strategy-DSTrsZ8t.d.ts +0 -601
- package/dist/sync/index.cjs +0 -1062
- package/dist/sync/index.cjs.map +0 -1
- package/dist/sync/index.d.cts +0 -43
- package/dist/team/index.cjs +0 -2798
- package/dist/team/index.cjs.map +0 -1
- package/dist/team/index.d.cts +0 -118
- package/dist/tx/index.cjs +0 -544
- package/dist/tx/index.cjs.map +0 -1
- package/dist/tx/index.d.cts +0 -21
- package/dist/types-DyXYr8rE.d.cts +0 -12818
- package/dist/ulid-COREQ2RQ.js +0 -9
- package/dist/ulid-Drr7ykr6.d.cts +0 -603
- package/dist/util/index.cjs +0 -230
- package/dist/util/index.cjs.map +0 -1
- package/dist/util/index.d.cts +0 -77
- package/dist/with-derivation-DFnFByiQ.d.ts +0 -13
- package/dist/with-derivation-DU3Sjazm.d.cts +0 -13
- package/dist/with-guard-ByyxmEe7.d.cts +0 -18
- package/dist/with-guard-qube6BMI.d.ts +0 -18
- package/dist/with-materialized-view-BmEToIR1.d.cts +0 -27
- package/dist/with-overlayed-view-BMsQQbWm.d.cts +0 -13
- /package/dist/{store → adapter}/index.js.map +0 -0
- /package/dist/{chunk-UF3BUNQZ.js.map → api-RW3KP7WU.js.map} +0 -0
- /package/dist/{crypto-HTZ4FJOP.js.map → as/index.js.map} +0 -0
- /package/dist/{delegation-RI54P6I5.js.map → at/index.js.map} +0 -0
- /package/dist/{executor-5PNY7LGW.js.map → by/index.js.map} +0 -0
- /package/dist/{executor-B4QIYGZX.js.map → cargo/index.js.map} +0 -0
- /package/dist/{executor-BWXXDQ7K.js.map → chunk-BGIZAFY7.js.map} +0 -0
- /package/dist/{issue-VGDPP4B5.js.map → chunk-CHFZDSE4.js.map} +0 -0
- /package/dist/{ledger-TMRZYNVJ.js.map → chunk-GHVIKOHT.js.map} +0 -0
- /package/dist/{noydb-G725ZSZG.js.map → chunk-K2WCO3NX.js.map} +0 -0
- /package/dist/{public-envelope-BW6OXORV.js.map → chunk-PZ5AY32C.js.map} +0 -0
- /package/dist/{read-only-facade-ITU6L7BL.js.map → collection-facade-GQAOGJP2.js.map} +0 -0
- /package/dist/{registry-3QP3YKQS.js.map → delegation-UL5HKLER.js.map} +0 -0
- /package/dist/{registry-DKEXOJVO.js.map → describe/index.js.map} +0 -0
- /package/dist/{registry-OJIOSBV6.js.map → enclave-UL5LW66V.js.map} +0 -0
- /package/dist/{registry-USRVT6YF.js.map → executor-2FWQRLMG.js.map} +0 -0
- /package/dist/{revoke-JCC7N56X.js.map → executor-QZ7BXICW.js.map} +0 -0
- /package/dist/{signer-72QAUSVW.js.map → executor-Z5ZLJVTV.js.map} +0 -0
- /package/dist/{stale-6ZDBTQT7.js.map → export-accessible-KRV5W4GH.js.map} +0 -0
- /package/dist/{ulid-COREQ2RQ.js.map → extract-partition-GLKBOXFQ.js.map} +0 -0
|
@@ -1,263 +0,0 @@
|
|
|
1
|
-
import { b0 as Role, b1 as UnlockedKeyring } from './types-DyXYr8rE.cjs';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Session tokens —
|
|
5
|
-
*
|
|
6
|
-
* After a vault is unlocked (via passphrase, WebAuthn, OIDC, or magic-
|
|
7
|
-
* link), the caller can call `createSession()` to get a session token that
|
|
8
|
-
* allows re-establishing the KEK for the session lifetime without re-running
|
|
9
|
-
* PBKDF2 or any interactive auth challenge.
|
|
10
|
-
*
|
|
11
|
-
* Security model
|
|
12
|
-
* ──────────────
|
|
13
|
-
* A session consists of two pieces that must both be present to recover the
|
|
14
|
-
* KEK:
|
|
15
|
-
*
|
|
16
|
-
* 1. The **session key** — a non-extractable AES-256-GCM CryptoKey that
|
|
17
|
-
* exists only in memory. "Non-extractable" is enforced by the WebCrypto
|
|
18
|
-
* API: the key object cannot be serialized, exported, or sent over
|
|
19
|
-
* postMessage. When the JS context is GC'd (tab close, navigation away,
|
|
20
|
-
* worker termination) the key becomes unrecoverable.
|
|
21
|
-
*
|
|
22
|
-
* 2. The **session token** — a JSON object that carries the KEK wrapped
|
|
23
|
-
* with the session key (AES-256-GCM, fresh IV per session), plus
|
|
24
|
-
* unencrypted session metadata (sessionId, userId, vault, role,
|
|
25
|
-
* expiresAt). The token can be serialized to JSON and stored in
|
|
26
|
-
* sessionStorage or passed across callsites within the same tab, but
|
|
27
|
-
* it is useless without the session key.
|
|
28
|
-
*
|
|
29
|
-
* The session key is kept in a module-level Map indexed by sessionId. Callers
|
|
30
|
-
* that need to re-use a session must hold on to the sessionId returned from
|
|
31
|
-
* `createSession()`; the key is looked up automatically by `resolveSession()`.
|
|
32
|
-
*
|
|
33
|
-
* Revocation: `revokeSession()` removes the entry from the Map. Because the
|
|
34
|
-
* key is non-extractable, removal is sufficient — no one holds a serializable
|
|
35
|
-
* copy of the key.
|
|
36
|
-
*
|
|
37
|
-
* Tab-scoped lifetime: the module-level Map lives only as long as the JS
|
|
38
|
-
* module. Tab close → module unloaded → Map GC'd → all session keys gone.
|
|
39
|
-
* This is the zero-effort logout: closing the tab is always a secure logout.
|
|
40
|
-
*
|
|
41
|
-
* Expiry: `createSession()` accepts a `ttlMs` option. `resolveSession()`
|
|
42
|
-
* checks `expiresAt` and throws `SessionExpiredError` if the token is stale,
|
|
43
|
-
* even if the session key is still in the Map.
|
|
44
|
-
*/
|
|
45
|
-
|
|
46
|
-
/** The serializable part of a session token. Safe to store in sessionStorage. */
|
|
47
|
-
interface SessionToken {
|
|
48
|
-
readonly _noydb_session: 1;
|
|
49
|
-
/** Unique session identifier (ULID). Use this as the handle for resolve/revoke. */
|
|
50
|
-
readonly sessionId: string;
|
|
51
|
-
readonly userId: string;
|
|
52
|
-
readonly vault: string;
|
|
53
|
-
readonly role: Role;
|
|
54
|
-
/** ISO timestamp — resolveSession() rejects this token after this time. */
|
|
55
|
-
readonly expiresAt: string;
|
|
56
|
-
/** KEK wrapped with the session key (AES-256-GCM). Base64. */
|
|
57
|
-
readonly wrappedKek: string;
|
|
58
|
-
/** IV used for the wrapping operation. Base64. */
|
|
59
|
-
readonly kekIv: string;
|
|
60
|
-
}
|
|
61
|
-
/** Result returned from `createSession()`. */
|
|
62
|
-
interface CreateSessionResult {
|
|
63
|
-
/** Serializable token — store in sessionStorage or pass to `resolveSession()`. */
|
|
64
|
-
token: SessionToken;
|
|
65
|
-
/** The sessionId — use this handle for `resolveSession()` and `revokeSession()`. */
|
|
66
|
-
sessionId: string;
|
|
67
|
-
}
|
|
68
|
-
/** Options for `createSession()`. */
|
|
69
|
-
interface CreateSessionOptions {
|
|
70
|
-
/**
|
|
71
|
-
* Session lifetime in milliseconds. Defaults to 60 minutes.
|
|
72
|
-
* After this duration, `resolveSession()` throws `SessionExpiredError`.
|
|
73
|
-
*/
|
|
74
|
-
ttlMs?: number;
|
|
75
|
-
}
|
|
76
|
-
/**
|
|
77
|
-
* Create a session for an already-unlocked keyring.
|
|
78
|
-
*
|
|
79
|
-
* Call this after any successful unlock (passphrase, WebAuthn, OIDC,
|
|
80
|
-
* magic-link). The returned `sessionId` is the handle for later
|
|
81
|
-
* `resolveSession()` and `revokeSession()` calls.
|
|
82
|
-
*
|
|
83
|
-
* The session key is generated fresh (non-extractable) and stored in the
|
|
84
|
-
* module-level Map. The KEK from `keyring.kek` is exported (it must be
|
|
85
|
-
* extractable — it was derived by `deriveKey()` which sets extractable: false,
|
|
86
|
-
* but it's unwrapped from the keyring which sets extractable: true) and then
|
|
87
|
-
* re-wrapped with the session key.
|
|
88
|
-
*
|
|
89
|
-
* @param keyring - An already-unlocked keyring whose `kek` is available.
|
|
90
|
-
* @param vault - The vault name this session is scoped to.
|
|
91
|
-
* @param options - Optional session configuration.
|
|
92
|
-
*/
|
|
93
|
-
declare function createSession(keyring: UnlockedKeyring, vault: string, options?: CreateSessionOptions): Promise<CreateSessionResult>;
|
|
94
|
-
/**
|
|
95
|
-
* Resolve a session token back into an UnlockedKeyring.
|
|
96
|
-
*
|
|
97
|
-
* Looks up the session key by `sessionId`, checks the token is not expired,
|
|
98
|
-
* then decrypts the payload to reconstruct the keyring's DEK set.
|
|
99
|
-
*
|
|
100
|
-
* Throws `SessionExpiredError` if the token's `expiresAt` is in the past.
|
|
101
|
-
* Throws `SessionNotFoundError` if the session key is not in the store
|
|
102
|
-
* (tab was reloaded, session was revoked, or the sessionId is wrong).
|
|
103
|
-
*
|
|
104
|
-
* @param token - The SessionToken from `createSession()`.
|
|
105
|
-
*/
|
|
106
|
-
declare function resolveSession(token: SessionToken): Promise<UnlockedKeyring>;
|
|
107
|
-
/**
|
|
108
|
-
* Revoke a session by removing its key from the store.
|
|
109
|
-
*
|
|
110
|
-
* After revocation, `resolveSession()` will throw `SessionNotFoundError`
|
|
111
|
-
* for this sessionId. The session token (if held by the caller) becomes
|
|
112
|
-
* permanently useless. This is the explicit logout path.
|
|
113
|
-
*
|
|
114
|
-
* No-op if the session was already expired or does not exist.
|
|
115
|
-
*/
|
|
116
|
-
declare function revokeSession(sessionId: string): void;
|
|
117
|
-
/**
|
|
118
|
-
* Check if a session is still alive (key in store + not expired).
|
|
119
|
-
* Does not decrypt anything — purely a metadata check.
|
|
120
|
-
*/
|
|
121
|
-
declare function isSessionAlive(token: SessionToken): boolean;
|
|
122
|
-
/**
|
|
123
|
-
* Revoke all active sessions. Used by `Noydb.close()` to ensure that
|
|
124
|
-
* closing the instance destroys all session state, not just the keyring
|
|
125
|
-
* cache.
|
|
126
|
-
*/
|
|
127
|
-
declare function revokeAllSessions(): void;
|
|
128
|
-
/**
|
|
129
|
-
* Return the number of active sessions currently in the store.
|
|
130
|
-
* Useful for diagnostics and tests.
|
|
131
|
-
*/
|
|
132
|
-
declare function activeSessionCount(): number;
|
|
133
|
-
|
|
134
|
-
/**
|
|
135
|
-
* Dev-mode persistent unlock —
|
|
136
|
-
*
|
|
137
|
-
* Solves the developer inner-loop friction: hot-reload destroys the session
|
|
138
|
-
* (page navigation semantics), forcing a passphrase re-entry every refresh.
|
|
139
|
-
*
|
|
140
|
-
* This module provides an opt-in, deliberately-named escape hatch that lets
|
|
141
|
-
* developers store the keyring payload in sessionStorage or localStorage so
|
|
142
|
-
* the vault auto-unlocks on every page load — without a passphrase,
|
|
143
|
-
* without a biometric prompt, without any OIDC flow.
|
|
144
|
-
*
|
|
145
|
-
* ⚠️ WARNING — this is a loaded footgun ⚠️
|
|
146
|
-
* ─────────────────────────────────────────
|
|
147
|
-
* The keyring payload stored by this module contains the DEKs. Whoever has
|
|
148
|
-
* access to sessionStorage/localStorage has access to the DEKs. On a shared
|
|
149
|
-
* development machine, a compromised browser extension, or a mis-configured
|
|
150
|
-
* origin, this is a complete key exposure.
|
|
151
|
-
*
|
|
152
|
-
* This module is ONLY safe for local development. It must NEVER be active
|
|
153
|
-
* in production builds.
|
|
154
|
-
*
|
|
155
|
-
* Guardrails (all enforced by the module, not by the caller)
|
|
156
|
-
* ──────────────────────────────────────────────────────────
|
|
157
|
-
* 1. **Production guard:** `enableDevUnlock()` throws immediately if
|
|
158
|
-
* `process.env.NODE_ENV === 'production'` or if `import.meta.env?.PROD === true`
|
|
159
|
-
* (Vite convention). Also throws if the hostname is NOT localhost or 127.0.0.1.
|
|
160
|
-
*
|
|
161
|
-
* 2. **Explicit acknowledgement string:** the caller must pass
|
|
162
|
-
* `acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'` or the call
|
|
163
|
-
* throws. This string appears in every grep for `devUnlock` in the codebase,
|
|
164
|
-
* making it impossible to enable this feature accidentally.
|
|
165
|
-
*
|
|
166
|
-
* 3. **Scope is vault + userId:** the storage key includes both the
|
|
167
|
-
* vault name and the userId, so dev-unlock for vault-A does
|
|
168
|
-
* NOT auto-unlock vault-B.
|
|
169
|
-
*
|
|
170
|
-
* 4. **Storage scope:** default is `sessionStorage` (cleared on tab close).
|
|
171
|
-
* `localStorage` is opt-in and requires an additional
|
|
172
|
-
* `persistAcrossTabs: true` flag in the options.
|
|
173
|
-
*
|
|
174
|
-
* 5. **Clear method:** `clearDevUnlock()` removes the stored payload. Wire
|
|
175
|
-
* this to a dev toolbar button or `Ctrl+Shift+L` so clearing is one action.
|
|
176
|
-
*
|
|
177
|
-
* 6. **Console banner:** on first enable, a highly visible console warning
|
|
178
|
-
* fires. Cannot be suppressed.
|
|
179
|
-
*
|
|
180
|
-
* Usage
|
|
181
|
-
* ─────
|
|
182
|
-
* ```ts
|
|
183
|
-
* // In your dev entry point only (guarded by import.meta.env.DEV):
|
|
184
|
-
* if (import.meta.env.DEV) {
|
|
185
|
-
* const { enableDevUnlock, loadDevUnlock } = await import('@noy-db/hub')
|
|
186
|
-
* enableDevUnlock('my-compartment', 'alice', keyring, {
|
|
187
|
-
* acknowledge: 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY',
|
|
188
|
-
* })
|
|
189
|
-
* }
|
|
190
|
-
*
|
|
191
|
-
* // On page load:
|
|
192
|
-
* if (import.meta.env.DEV) {
|
|
193
|
-
* const keyring = await loadDevUnlock('my-compartment', 'alice')
|
|
194
|
-
* if (keyring) {
|
|
195
|
-
* // Skip unlock prompt, use keyring directly
|
|
196
|
-
* }
|
|
197
|
-
* }
|
|
198
|
-
* ```
|
|
199
|
-
*/
|
|
200
|
-
|
|
201
|
-
interface DevUnlockOptions {
|
|
202
|
-
/**
|
|
203
|
-
* Required: the exact string 'I-UNDERSTAND-THIS-DISABLES-UNLOCK-SECURITY'.
|
|
204
|
-
* Any other value causes `enableDevUnlock()` to throw.
|
|
205
|
-
*/
|
|
206
|
-
acknowledge: string;
|
|
207
|
-
/**
|
|
208
|
-
* If `true`, stores in localStorage (persists across tabs and browser restarts).
|
|
209
|
-
* If `false` (default), stores in sessionStorage (cleared on tab close).
|
|
210
|
-
*/
|
|
211
|
-
persistAcrossTabs?: boolean;
|
|
212
|
-
}
|
|
213
|
-
/**
|
|
214
|
-
* Serialize and store a keyring to browser storage for dev-mode auto-unlock.
|
|
215
|
-
*
|
|
216
|
-
* Throws immediately if:
|
|
217
|
-
* - The acknowledge string is wrong.
|
|
218
|
-
* - Running in a production environment (NODE_ENV=production).
|
|
219
|
-
* - Running on a non-localhost hostname.
|
|
220
|
-
*
|
|
221
|
-
* Emits a highly visible console warning that cannot be suppressed.
|
|
222
|
-
*
|
|
223
|
-
* @param vault - The vault name.
|
|
224
|
-
* @param userId - The user ID.
|
|
225
|
-
* @param keyring - The unlocked keyring to persist.
|
|
226
|
-
* @param options - Options including the required acknowledge string.
|
|
227
|
-
*/
|
|
228
|
-
declare function enableDevUnlock(vault: string, userId: string, keyring: UnlockedKeyring, options: DevUnlockOptions): Promise<void>;
|
|
229
|
-
/**
|
|
230
|
-
* Load a dev-mode keyring from browser storage.
|
|
231
|
-
*
|
|
232
|
-
* Returns `null` if no dev-unlock state is stored for this vault + user,
|
|
233
|
-
* or if the stored payload is malformed.
|
|
234
|
-
*
|
|
235
|
-
* Does NOT perform the production environment check — it's safe to CALL
|
|
236
|
-
* `loadDevUnlock` in production (it will simply return `null` because no
|
|
237
|
-
* dev-unlock state was ever written). The guard only fires on `enableDevUnlock`.
|
|
238
|
-
*
|
|
239
|
-
* @param vault - The vault name.
|
|
240
|
-
* @param userId - The user ID.
|
|
241
|
-
* @param options - Optional storage override.
|
|
242
|
-
*/
|
|
243
|
-
declare function loadDevUnlock(vault: string, userId: string, options?: {
|
|
244
|
-
persistAcrossTabs?: boolean;
|
|
245
|
-
}): Promise<UnlockedKeyring | null>;
|
|
246
|
-
/**
|
|
247
|
-
* Remove dev-unlock state from browser storage.
|
|
248
|
-
*
|
|
249
|
-
* Safe to call in production (no-op if no dev state exists).
|
|
250
|
-
*/
|
|
251
|
-
declare function clearDevUnlock(vault: string, userId: string, options?: {
|
|
252
|
-
persistAcrossTabs?: boolean;
|
|
253
|
-
}): void;
|
|
254
|
-
/**
|
|
255
|
-
* Check if dev-unlock state exists for this vault + user.
|
|
256
|
-
*
|
|
257
|
-
* Safe to call in production (returns false if nothing is stored).
|
|
258
|
-
*/
|
|
259
|
-
declare function isDevUnlockActive(vault: string, userId: string, options?: {
|
|
260
|
-
persistAcrossTabs?: boolean;
|
|
261
|
-
}): boolean;
|
|
262
|
-
|
|
263
|
-
export { type CreateSessionOptions as C, type DevUnlockOptions as D, type SessionToken as S, type CreateSessionResult as a, activeSessionCount as b, clearDevUnlock as c, createSession as d, enableDevUnlock as e, isSessionAlive as f, revokeAllSessions as g, revokeSession as h, isDevUnlockActive as i, loadDevUnlock as l, resolveSession as r };
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import {
|
|
2
|
-
MaterializedViewExecutor
|
|
3
|
-
} from "./chunk-O3VZPBZG.js";
|
|
4
|
-
import "./chunk-T7JEBOGN.js";
|
|
5
|
-
import "./chunk-5XHKQ56N.js";
|
|
6
|
-
import "./chunk-TV3YZ35S.js";
|
|
7
|
-
import "./chunk-B6PB7JLN.js";
|
|
8
|
-
export {
|
|
9
|
-
MaterializedViewExecutor
|
|
10
|
-
};
|
|
11
|
-
//# sourceMappingURL=executor-BWXXDQ7K.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/derivations/fanout-sidecar.ts"],"sourcesContent":["/**\n * Per-source-row fanout sidecar for `shape: 'array'` derivations.\n *\n * Each `(sourceCollection, sourceId, outputKey)` triple gets its own\n * envelope at:\n *\n * _meta/derivations-fanout/<sourceCollection>/<sourceId>/<outputKey>\n *\n * The envelope records the last-emitted derived row ids so the\n * dispatcher can compute the diff on every source-row update in O(1):\n * read prior keys, compute `toDelete = prev \\ new`, write new, persist\n * back.\n *\n * Stored as plain JSON with AES-GCM bypassed (same pattern as\n * `_meta/policy`, `_meta/recovery-paper`, `_meta/sealed-passphrase`,\n * etc.): the sidecar is system metadata, not user data, and the\n * derived outputs themselves carry their own encryption envelopes.\n *\n * @module\n */\nimport type { NoydbStore, EncryptedEnvelope } from '../types.js'\nimport { NOYDB_FORMAT_VERSION } from '../types.js'\n\n/** Magic-prefixed JSON payload at `_meta/<recordId>`. */\nexport interface FanoutSidecar {\n readonly _noydb_fanout: 1\n /** Source collection name. */\n readonly source: string\n /** Source record id. */\n readonly sourceId: string\n /** Strategy output key (the key in `strategy.outputs`). */\n readonly outputKey: string\n /** Output collection name (audit / forensics). */\n readonly outputCollection: string\n /** Derived-row ids last emitted for this (source, output) pair. */\n readonly keys: ReadonlyArray<string>\n /** ISO timestamp of last dispatch. */\n readonly emittedAt: string\n}\n\n/**\n * Build the canonical `_meta` record id for a fanout sidecar.\n *\n * The full path inside the store is `_meta/<this-string>`. We pack the\n * full triple into the id so a single `_meta` collection holds all\n * sidecars (collection-per-source would proliferate names; the\n * existing `_meta` flat namespace is cheaper).\n */\nfunction recordId(source: string, sourceId: string, outputKey: string): string {\n // Use `/` as a separator. None of the components is supposed to\n // contain it (collection names + output keys are bare identifiers;\n // source ids are typically ULIDs / UUIDs / app-chosen strings\n // without slashes). If a future source carries `/` in its id, we'd\n // need an escape; deferred until that's a real case.\n return `derivations-fanout/${source}/${sourceId}/${outputKey}`\n}\n\n/** Read the sidecar; returns empty if absent. */\nexport async function loadFanoutSidecar(\n store: NoydbStore,\n vault: string,\n source: string,\n sourceId: string,\n outputKey: string,\n): Promise<FanoutSidecar | undefined> {\n const envelope = await store.get(vault, '_meta', recordId(source, sourceId, outputKey))\n if (!envelope) return undefined\n try {\n const parsed = JSON.parse(envelope._data) as FanoutSidecar\n if (parsed._noydb_fanout !== 1) return undefined\n if (!Array.isArray(parsed.keys)) return undefined\n return parsed\n } catch {\n return undefined\n }\n}\n\n/** Persist (insert/replace) the sidecar with a fresh key set. */\nexport async function saveFanoutSidecar(\n store: NoydbStore,\n vault: string,\n payload: {\n readonly source: string\n readonly sourceId: string\n readonly outputKey: string\n readonly outputCollection: string\n readonly keys: ReadonlyArray<string>\n },\n): Promise<void> {\n const doc: FanoutSidecar = {\n _noydb_fanout: 1,\n source: payload.source,\n sourceId: payload.sourceId,\n outputKey: payload.outputKey,\n outputCollection: payload.outputCollection,\n keys: payload.keys,\n emittedAt: new Date().toISOString(),\n }\n const id = recordId(payload.source, payload.sourceId, payload.outputKey)\n const prior = await store.get(vault, '_meta', id)\n const envelope: EncryptedEnvelope = {\n _noydb: NOYDB_FORMAT_VERSION,\n _v: (prior?._v ?? 0) + 1,\n _ts: new Date().toISOString(),\n // AES-GCM bypassed — sidecar is system metadata, no user data inside.\n _iv: '',\n _data: JSON.stringify(doc),\n }\n await store.put(vault, '_meta', id, envelope)\n}\n\n/** Delete the sidecar (used on source-row delete cascade). */\nexport async function deleteFanoutSidecar(\n store: NoydbStore,\n vault: string,\n source: string,\n sourceId: string,\n outputKey: string,\n): Promise<void> {\n await store.delete(vault, '_meta', recordId(source, sourceId, outputKey))\n}\n"],"mappings":";;;;;AAgDA,SAAS,SAAS,QAAgB,UAAkB,WAA2B;AAM7E,SAAO,sBAAsB,MAAM,IAAI,QAAQ,IAAI,SAAS;AAC9D;AAGA,eAAsB,kBACpB,OACA,OACA,QACA,UACA,WACoC;AACpC,QAAM,WAAW,MAAM,MAAM,IAAI,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AACtF,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,SAAS,KAAK;AACxC,QAAI,OAAO,kBAAkB,EAAG,QAAO;AACvC,QAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,EAAG,QAAO;AACxC,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,eAAsB,kBACpB,OACA,OACA,SAOe;AACf,QAAM,MAAqB;AAAA,IACzB,eAAe;AAAA,IACf,QAAQ,QAAQ;AAAA,IAChB,UAAU,QAAQ;AAAA,IAClB,WAAW,QAAQ;AAAA,IACnB,kBAAkB,QAAQ;AAAA,IAC1B,MAAM,QAAQ;AAAA,IACd,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACA,QAAM,KAAK,SAAS,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS;AACvE,QAAM,QAAQ,MAAM,MAAM,IAAI,OAAO,SAAS,EAAE;AAChD,QAAM,WAA8B;AAAA,IAClC,QAAQ;AAAA,IACR,KAAK,OAAO,MAAM,KAAK;AAAA,IACvB,MAAK,oBAAI,KAAK,GAAE,YAAY;AAAA;AAAA,IAE5B,KAAK;AAAA,IACL,OAAO,KAAK,UAAU,GAAG;AAAA,EAC3B;AACA,QAAM,MAAM,IAAI,OAAO,SAAS,IAAI,QAAQ;AAC9C;AAGA,eAAsB,oBACpB,OACA,OACA,QACA,UACA,WACe;AACf,QAAM,MAAM,OAAO,OAAO,SAAS,SAAS,QAAQ,UAAU,SAAS,CAAC;AAC1E;","names":[]}
|
package/dist/guards/index.cjs
DELETED
|
@@ -1,322 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __defProp = Object.defineProperty;
|
|
3
|
-
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
-
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
-
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
-
var __export = (target, all) => {
|
|
7
|
-
for (var name in all)
|
|
8
|
-
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
-
};
|
|
10
|
-
var __copyProps = (to, from, except, desc) => {
|
|
11
|
-
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
-
for (let key of __getOwnPropNames(from))
|
|
13
|
-
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
-
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
-
}
|
|
16
|
-
return to;
|
|
17
|
-
};
|
|
18
|
-
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
-
|
|
20
|
-
// src/guards/index.ts
|
|
21
|
-
var guards_exports = {};
|
|
22
|
-
__export(guards_exports, {
|
|
23
|
-
AmendmentForbiddenError: () => AmendmentForbiddenError,
|
|
24
|
-
FieldFrozenError: () => FieldFrozenError,
|
|
25
|
-
GuardExecutor: () => GuardExecutor,
|
|
26
|
-
GuardRegistry: () => GuardRegistry,
|
|
27
|
-
InvariantError: () => InvariantError,
|
|
28
|
-
ReadOnlyVaultFacade: () => ReadOnlyVaultFacade,
|
|
29
|
-
RecordLockedError: () => RecordLockedError,
|
|
30
|
-
withGuard: () => withGuard
|
|
31
|
-
});
|
|
32
|
-
module.exports = __toCommonJS(guards_exports);
|
|
33
|
-
|
|
34
|
-
// src/errors.ts
|
|
35
|
-
var NoydbError = class extends Error {
|
|
36
|
-
/** Machine-readable error code. Stable across library versions. */
|
|
37
|
-
code;
|
|
38
|
-
constructor(code, message) {
|
|
39
|
-
super(message);
|
|
40
|
-
this.name = "NoydbError";
|
|
41
|
-
this.code = code;
|
|
42
|
-
}
|
|
43
|
-
};
|
|
44
|
-
var RecordLockedError = class extends NoydbError {
|
|
45
|
-
collection;
|
|
46
|
-
id;
|
|
47
|
-
reason;
|
|
48
|
-
constructor(collection, id, reason) {
|
|
49
|
-
super(
|
|
50
|
-
"RECORD_LOCKED",
|
|
51
|
-
`Cannot modify ${collection}/${id} \u2014 locked by guard: ${reason}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
|
|
52
|
-
);
|
|
53
|
-
this.name = "RecordLockedError";
|
|
54
|
-
this.collection = collection;
|
|
55
|
-
this.id = id;
|
|
56
|
-
this.reason = reason;
|
|
57
|
-
}
|
|
58
|
-
};
|
|
59
|
-
var FieldFrozenError = class extends NoydbError {
|
|
60
|
-
collection;
|
|
61
|
-
id;
|
|
62
|
-
fields;
|
|
63
|
-
constructor(collection, id, fields) {
|
|
64
|
-
super(
|
|
65
|
-
"FIELD_FROZEN",
|
|
66
|
-
`Cannot change frozen field(s) on ${collection}/${id}: ${fields.join(", ")}. Use withTransactions({ amendment: true, reason }) with admin/owner role to override.`
|
|
67
|
-
);
|
|
68
|
-
this.name = "FieldFrozenError";
|
|
69
|
-
this.collection = collection;
|
|
70
|
-
this.id = id;
|
|
71
|
-
this.fields = fields;
|
|
72
|
-
}
|
|
73
|
-
};
|
|
74
|
-
var InvariantError = class extends NoydbError {
|
|
75
|
-
constructor(message) {
|
|
76
|
-
super("INVARIANT_VIOLATED", message);
|
|
77
|
-
this.name = "InvariantError";
|
|
78
|
-
}
|
|
79
|
-
};
|
|
80
|
-
var AmendmentForbiddenError = class extends NoydbError {
|
|
81
|
-
userId;
|
|
82
|
-
role;
|
|
83
|
-
constructor(userId, role) {
|
|
84
|
-
super(
|
|
85
|
-
"AMENDMENT_FORBIDDEN",
|
|
86
|
-
`User "${userId}" with role "${role}" cannot open an amendment transaction. Amendments require admin or owner role.`
|
|
87
|
-
);
|
|
88
|
-
this.name = "AmendmentForbiddenError";
|
|
89
|
-
this.userId = userId;
|
|
90
|
-
this.role = role;
|
|
91
|
-
}
|
|
92
|
-
};
|
|
93
|
-
var ValidationError = class extends NoydbError {
|
|
94
|
-
constructor(message = "Validation error") {
|
|
95
|
-
super("VALIDATION_ERROR", message);
|
|
96
|
-
this.name = "ValidationError";
|
|
97
|
-
}
|
|
98
|
-
};
|
|
99
|
-
|
|
100
|
-
// src/guards/with-guard.ts
|
|
101
|
-
function withGuard(strategy) {
|
|
102
|
-
if (!strategy.collection || strategy.collection.length === 0) {
|
|
103
|
-
throw new ValidationError("withGuard: collection name is required");
|
|
104
|
-
}
|
|
105
|
-
return {
|
|
106
|
-
__noydb_strategy: "guard",
|
|
107
|
-
spec: strategy
|
|
108
|
-
};
|
|
109
|
-
}
|
|
110
|
-
|
|
111
|
-
// src/guards/registry.ts
|
|
112
|
-
var GuardRegistry = class {
|
|
113
|
-
_byCollection = /* @__PURE__ */ new Map();
|
|
114
|
-
_amendmentChanges = null;
|
|
115
|
-
_amendmentMeta = null;
|
|
116
|
-
/** Register a guard. Multiple guards per collection are allowed. */
|
|
117
|
-
register(spec) {
|
|
118
|
-
const existing = this._byCollection.get(spec.collection);
|
|
119
|
-
if (existing) existing.push(spec);
|
|
120
|
-
else this._byCollection.set(spec.collection, [spec]);
|
|
121
|
-
}
|
|
122
|
-
/** All guards registered against `collection` in registration order. */
|
|
123
|
-
guardsFor(collection) {
|
|
124
|
-
return this._byCollection.get(collection) ?? [];
|
|
125
|
-
}
|
|
126
|
-
/** Per-collection guard counts, for introspection. */
|
|
127
|
-
summary() {
|
|
128
|
-
return [...this._byCollection.entries()].map(([collection, guards]) => ({
|
|
129
|
-
collection,
|
|
130
|
-
count: guards.length
|
|
131
|
-
}));
|
|
132
|
-
}
|
|
133
|
-
/**
|
|
134
|
-
* Run every guard's `check` for this collection. First throw wins —
|
|
135
|
-
* remaining guards are not invoked. Guards without a `check` skip.
|
|
136
|
-
*/
|
|
137
|
-
async runChecks(collection, incoming, ctx) {
|
|
138
|
-
const guards = this._byCollection.get(collection);
|
|
139
|
-
if (!guards) return;
|
|
140
|
-
for (const g of guards) {
|
|
141
|
-
if (g.check) {
|
|
142
|
-
await g.check(
|
|
143
|
-
incoming,
|
|
144
|
-
ctx
|
|
145
|
-
);
|
|
146
|
-
}
|
|
147
|
-
}
|
|
148
|
-
}
|
|
149
|
-
/**
|
|
150
|
-
* Run every guard's `onDelete` for this collection. First throw wins —
|
|
151
|
-
* remaining guards are not invoked. Guards without an `onDelete` skip.
|
|
152
|
-
* Mirrors {@link runChecks} but for the delete path.
|
|
153
|
-
*/
|
|
154
|
-
async runOnDelete(collection, existing, ctx) {
|
|
155
|
-
const guards = this._byCollection.get(collection);
|
|
156
|
-
if (!guards) return;
|
|
157
|
-
for (const g of guards) {
|
|
158
|
-
if (g.onDelete) {
|
|
159
|
-
await g.onDelete(
|
|
160
|
-
existing,
|
|
161
|
-
ctx
|
|
162
|
-
);
|
|
163
|
-
}
|
|
164
|
-
}
|
|
165
|
-
}
|
|
166
|
-
/** True if any guard for `collection` declares an `amendment` block. */
|
|
167
|
-
hasAmendment(collection) {
|
|
168
|
-
const guards = this._byCollection.get(collection);
|
|
169
|
-
if (!guards) return false;
|
|
170
|
-
return guards.some((g) => g.amendment !== void 0);
|
|
171
|
-
}
|
|
172
|
-
/** Open a new amendment change-collection window. */
|
|
173
|
-
beginAmendment() {
|
|
174
|
-
this._amendmentChanges = /* @__PURE__ */ new Map();
|
|
175
|
-
this._amendmentMeta = /* @__PURE__ */ new Map();
|
|
176
|
-
}
|
|
177
|
-
/** True iff we're currently inside an amendment transaction. */
|
|
178
|
-
isAmendmentActive() {
|
|
179
|
-
return this._amendmentChanges !== null;
|
|
180
|
-
}
|
|
181
|
-
/**
|
|
182
|
-
* Record a {before, after} pair for the active amendment. `vBefore`
|
|
183
|
-
* and `vAfter` are stored in a parallel meta structure so the public
|
|
184
|
-
* {@link GuardChange} shape handed to invariant callbacks stays
|
|
185
|
-
* `{ before, after }` only — the audit ledger reads version metadata
|
|
186
|
-
* via {@link consumeMeta}.
|
|
187
|
-
*/
|
|
188
|
-
collectChange(collection, id, before, after, vBefore = 0, vAfter = 0) {
|
|
189
|
-
if (this._amendmentChanges === null || this._amendmentMeta === null) {
|
|
190
|
-
throw new Error("GuardRegistry.collectChange called outside an amendment");
|
|
191
|
-
}
|
|
192
|
-
const list = this._amendmentChanges.get(collection);
|
|
193
|
-
const entry = { before, after };
|
|
194
|
-
if (list) list.push(entry);
|
|
195
|
-
else this._amendmentChanges.set(collection, [entry]);
|
|
196
|
-
const metaList = this._amendmentMeta.get(collection);
|
|
197
|
-
const metaEntry = { id, vBefore, vAfter };
|
|
198
|
-
if (metaList) metaList.push(metaEntry);
|
|
199
|
-
else this._amendmentMeta.set(collection, [metaEntry]);
|
|
200
|
-
}
|
|
201
|
-
/**
|
|
202
|
-
* Drain the change-set and close the amendment window. The caller
|
|
203
|
-
* (transaction commit) feeds these to each affected guard's invariant.
|
|
204
|
-
*/
|
|
205
|
-
consumeChanges() {
|
|
206
|
-
const out = this._amendmentChanges ?? /* @__PURE__ */ new Map();
|
|
207
|
-
this._amendmentChanges = null;
|
|
208
|
-
return out;
|
|
209
|
-
}
|
|
210
|
-
/**
|
|
211
|
-
* Drain the parallel id/version metadata captured during the
|
|
212
|
-
* amendment. Returned as a flat list with `collection` denormalised
|
|
213
|
-
* so the audit ledger can emit one `{ collection, id, vBefore,
|
|
214
|
-
* vAfter }` tuple per record. Must be called AFTER
|
|
215
|
-
* {@link consumeChanges} (or independently) — calling it closes the
|
|
216
|
-
* meta window in the same way.
|
|
217
|
-
*/
|
|
218
|
-
consumeMeta() {
|
|
219
|
-
const out = [];
|
|
220
|
-
if (this._amendmentMeta) {
|
|
221
|
-
for (const [collection, list] of this._amendmentMeta) {
|
|
222
|
-
for (const m of list) {
|
|
223
|
-
out.push({ collection, id: m.id, vBefore: m.vBefore, vAfter: m.vAfter });
|
|
224
|
-
}
|
|
225
|
-
}
|
|
226
|
-
}
|
|
227
|
-
this._amendmentMeta = null;
|
|
228
|
-
return out;
|
|
229
|
-
}
|
|
230
|
-
};
|
|
231
|
-
|
|
232
|
-
// src/guards/executor.ts
|
|
233
|
-
var GuardExecutor = {
|
|
234
|
-
/**
|
|
235
|
-
* Compare existing vs incoming for each `frozenFields.fields` entry
|
|
236
|
-
* when `frozenFields.when(existing)` is true. Throws
|
|
237
|
-
* `FieldFrozenError` listing every changed frozen field.
|
|
238
|
-
*/
|
|
239
|
-
async checkFrozenFields(guard, id, existing, incoming) {
|
|
240
|
-
const ff = guard.frozenFields;
|
|
241
|
-
if (!ff) return;
|
|
242
|
-
if (existing === null) return;
|
|
243
|
-
if (!ff.when(existing)) return;
|
|
244
|
-
const changed = [];
|
|
245
|
-
for (const f of ff.fields) {
|
|
246
|
-
if (existing[f] !== incoming[f]) {
|
|
247
|
-
if (!deepEqual(existing[f], incoming[f])) changed.push(String(f));
|
|
248
|
-
}
|
|
249
|
-
}
|
|
250
|
-
if (changed.length > 0) {
|
|
251
|
-
throw new FieldFrozenError(guard.collection, id, changed);
|
|
252
|
-
}
|
|
253
|
-
},
|
|
254
|
-
/**
|
|
255
|
-
* Run a single guard's invariant over its slice of the change-set.
|
|
256
|
-
* Any throw is converted to `InvariantError` unless it already is one.
|
|
257
|
-
*/
|
|
258
|
-
async runInvariant(guard, changes, ctx) {
|
|
259
|
-
const amendment = guard.amendment;
|
|
260
|
-
if (!amendment) return;
|
|
261
|
-
try {
|
|
262
|
-
await amendment.invariant(changes, ctx);
|
|
263
|
-
} catch (err) {
|
|
264
|
-
if (err instanceof InvariantError) throw err;
|
|
265
|
-
throw new InvariantError(
|
|
266
|
-
err instanceof Error ? err.message : `invariant violated: ${String(err)}`
|
|
267
|
-
);
|
|
268
|
-
}
|
|
269
|
-
}
|
|
270
|
-
};
|
|
271
|
-
function deepEqual(a, b) {
|
|
272
|
-
if (a === b) return true;
|
|
273
|
-
if (a === null || b === null) return a === b;
|
|
274
|
-
if (typeof a !== typeof b) return false;
|
|
275
|
-
if (typeof a !== "object") return a === b;
|
|
276
|
-
if (Array.isArray(a) !== Array.isArray(b)) return false;
|
|
277
|
-
if (Array.isArray(a)) {
|
|
278
|
-
const aa = a;
|
|
279
|
-
const bb = b;
|
|
280
|
-
if (aa.length !== bb.length) return false;
|
|
281
|
-
for (let i = 0; i < aa.length; i++) if (!deepEqual(aa[i], bb[i])) return false;
|
|
282
|
-
return true;
|
|
283
|
-
}
|
|
284
|
-
const ao = a;
|
|
285
|
-
const bo = b;
|
|
286
|
-
const ak = Object.keys(ao);
|
|
287
|
-
const bk = Object.keys(bo);
|
|
288
|
-
if (ak.length !== bk.length) return false;
|
|
289
|
-
for (const k of ak) {
|
|
290
|
-
if (!Object.prototype.hasOwnProperty.call(bo, k)) return false;
|
|
291
|
-
if (!deepEqual(ao[k], bo[k])) return false;
|
|
292
|
-
}
|
|
293
|
-
return true;
|
|
294
|
-
}
|
|
295
|
-
|
|
296
|
-
// src/guards/read-only-facade.ts
|
|
297
|
-
var ReadOnlyVaultFacade = class {
|
|
298
|
-
_vault;
|
|
299
|
-
constructor(vault) {
|
|
300
|
-
this._vault = vault;
|
|
301
|
-
}
|
|
302
|
-
collection(name) {
|
|
303
|
-
const c = this._vault.collection(name);
|
|
304
|
-
return {
|
|
305
|
-
get: (id) => c.get(id),
|
|
306
|
-
list: () => c.list(),
|
|
307
|
-
query: () => c.query()
|
|
308
|
-
};
|
|
309
|
-
}
|
|
310
|
-
};
|
|
311
|
-
// Annotate the CommonJS export names for ESM import in node:
|
|
312
|
-
0 && (module.exports = {
|
|
313
|
-
AmendmentForbiddenError,
|
|
314
|
-
FieldFrozenError,
|
|
315
|
-
GuardExecutor,
|
|
316
|
-
GuardRegistry,
|
|
317
|
-
InvariantError,
|
|
318
|
-
ReadOnlyVaultFacade,
|
|
319
|
-
RecordLockedError,
|
|
320
|
-
withGuard
|
|
321
|
-
});
|
|
322
|
-
//# sourceMappingURL=index.cjs.map
|