@noy-db/hub 0.3.0-pre.2 → 0.3.0-pre.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter/index.d.ts +2 -2
- package/dist/adapter/index.js +1 -1
- package/dist/aggregate/index.d.ts +3 -3
- package/dist/aggregate/index.js +4 -4
- package/dist/api-JOXUNSKP.js +20 -0
- package/dist/as/index.d.ts +4 -4
- package/dist/as/index.js +12 -6
- package/dist/at/index.d.ts +2 -2
- package/dist/attestation/index.d.ts +3 -3
- package/dist/attestation/index.js +19 -13
- package/dist/attestation/index.js.map +1 -1
- package/dist/{backup-KMJQ66MF.js → backup-MOB27UUN.js} +12 -6
- package/dist/{backup-KMJQ66MF.js.map → backup-MOB27UUN.js.map} +1 -1
- package/dist/blobs/index.d.ts +4 -4
- package/dist/blobs/index.js +11 -5
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +5 -5
- package/dist/bundle/index.js +21 -15
- package/dist/bundle/index.js.map +1 -1
- package/dist/{bundle-PwBGkhpe.d.ts → bundle-Bs13EZtX.d.ts} +1 -1
- package/dist/by/index.js +2 -2
- package/dist/cargo/index.d.ts +4 -4
- package/dist/cargo/index.js +23 -17
- package/dist/{chunk-SMXWYP24.js → chunk-3QRQOBS7.js} +3 -3
- package/dist/{chunk-QHJW5EXU.js → chunk-3Y4QLJ6K.js} +2 -2
- package/dist/{chunk-NF5JWERG.js → chunk-43ISXURO.js} +2 -2
- package/dist/{chunk-5LUY7UTV.js → chunk-4K3MQ5S3.js} +2 -2
- package/dist/{chunk-QZISFCVG.js → chunk-5CY35H55.js} +11 -9
- package/dist/{chunk-QZISFCVG.js.map → chunk-5CY35H55.js.map} +1 -1
- package/dist/chunk-5EWYUR5P.js +37 -0
- package/dist/chunk-5EWYUR5P.js.map +1 -0
- package/dist/{chunk-Y22T3KQE.js → chunk-5MRE3C4Q.js} +5 -5
- package/dist/{chunk-M6OST55S.js → chunk-5W7AOFWA.js} +2 -2
- package/dist/{chunk-AXRXJTE2.js → chunk-6HNKCKFZ.js} +7 -7
- package/dist/{chunk-UAG5KWVA.js → chunk-6RXPSMKR.js} +3 -3
- package/dist/{chunk-TJYQIGAP.js → chunk-7J7JRYXW.js} +9 -5
- package/dist/chunk-7J7JRYXW.js.map +1 -0
- package/dist/{chunk-UDRIWL7A.js → chunk-A5DYVMDR.js} +3 -3
- package/dist/chunk-AF5ZRTZ4.js +108 -0
- package/dist/chunk-AF5ZRTZ4.js.map +1 -0
- package/dist/{chunk-I3TIKTJO.js → chunk-BKGIWGCX.js} +2 -2
- package/dist/{chunk-IO6GRPT6.js → chunk-BMQOH7MM.js} +2 -2
- package/dist/{chunk-26LGBE4T.js → chunk-CPXPHQGX.js} +6 -4
- package/dist/{chunk-26LGBE4T.js.map → chunk-CPXPHQGX.js.map} +1 -1
- package/dist/{chunk-FISN7WE4.js → chunk-EWR7HL3K.js} +4 -4
- package/dist/{chunk-AQTBSL7R.js → chunk-FH52CDEW.js} +5 -5
- package/dist/chunk-G4MGYGSS.js +130 -0
- package/dist/chunk-G4MGYGSS.js.map +1 -0
- package/dist/{chunk-UV5MFVO3.js → chunk-G7RDYYTE.js} +2 -2
- package/dist/{chunk-UIU2THRG.js → chunk-GBTUANXF.js} +16 -297
- package/dist/chunk-GBTUANXF.js.map +1 -0
- package/dist/{chunk-TEILUWOI.js → chunk-GOUNIHFA.js} +10 -10
- package/dist/{chunk-LXQT4WMP.js → chunk-GQOT6QJR.js} +8 -6
- package/dist/{chunk-LXQT4WMP.js.map → chunk-GQOT6QJR.js.map} +1 -1
- package/dist/{chunk-RUEKROOS.js → chunk-GXGK22QU.js} +2 -2
- package/dist/{chunk-IELYAOGG.js → chunk-GZZL5R73.js} +4 -4
- package/dist/{chunk-JNUWZ6D3.js → chunk-H5XRIJX3.js} +7 -5
- package/dist/{chunk-JNUWZ6D3.js.map → chunk-H5XRIJX3.js.map} +1 -1
- package/dist/{chunk-CWPPNPOH.js → chunk-H7RYPVMJ.js} +2 -2
- package/dist/{chunk-5N6CZTCY.js → chunk-HBKDR7R3.js} +3 -3
- package/dist/{chunk-KXGNJJXB.js → chunk-HLUKZ36Q.js} +9 -9
- package/dist/{chunk-LMTH2RM6.js → chunk-HMXLN43G.js} +2 -2
- package/dist/{chunk-BG3SPSR4.js → chunk-HY6ZGGEC.js} +2 -2
- package/dist/{chunk-UPJNJGGA.js → chunk-K5P46KB3.js} +27 -10
- package/dist/chunk-K5P46KB3.js.map +1 -0
- package/dist/chunk-KYY7L72M.js +106 -0
- package/dist/chunk-KYY7L72M.js.map +1 -0
- package/dist/{chunk-62QYRORB.js → chunk-LIP6JWYK.js} +3 -3
- package/dist/{chunk-5TDJ56JE.js → chunk-LN22XH4B.js} +1 -1
- package/dist/chunk-LN22XH4B.js.map +1 -0
- package/dist/chunk-LP7BEXCT.js +32 -0
- package/dist/chunk-LP7BEXCT.js.map +1 -0
- package/dist/{chunk-IGUYVGGI.js → chunk-LPRPVCNY.js} +5 -5
- package/dist/{chunk-AIWULCUO.js → chunk-M66NAZA4.js} +5 -3
- package/dist/{chunk-AIWULCUO.js.map → chunk-M66NAZA4.js.map} +1 -1
- package/dist/{chunk-KVOXU4T5.js → chunk-N5YVZHCB.js} +2 -2
- package/dist/{chunk-76722EBH.js → chunk-NB47TXGP.js} +14 -12
- package/dist/{chunk-76722EBH.js.map → chunk-NB47TXGP.js.map} +1 -1
- package/dist/chunk-NO272T7Q.js +194 -0
- package/dist/chunk-NO272T7Q.js.map +1 -0
- package/dist/{chunk-SRB2XEWB.js → chunk-O2DB4C3M.js} +8 -6
- package/dist/{chunk-SRB2XEWB.js.map → chunk-O2DB4C3M.js.map} +1 -1
- package/dist/{chunk-IUEN57TV.js → chunk-OFBFAVLI.js} +6 -6
- package/dist/{chunk-MTMJVJ5W.js → chunk-OPTFANOX.js} +5 -3
- package/dist/chunk-OPTFANOX.js.map +1 -0
- package/dist/{chunk-5O3AOPDT.js → chunk-OVO2RZAE.js} +212 -439
- package/dist/chunk-OVO2RZAE.js.map +1 -0
- package/dist/{chunk-GYGWYIOZ.js → chunk-P27Z66EB.js} +7 -5
- package/dist/{chunk-GYGWYIOZ.js.map → chunk-P27Z66EB.js.map} +1 -1
- package/dist/{chunk-HCIPRAGS.js → chunk-P2LDXRGP.js} +2 -2
- package/dist/chunk-P3NGV5RV.js +41 -0
- package/dist/chunk-P3NGV5RV.js.map +1 -0
- package/dist/{chunk-5R3ERCDH.js → chunk-P3V7JTB6.js} +25 -9
- package/dist/{chunk-5R3ERCDH.js.map → chunk-P3V7JTB6.js.map} +1 -1
- package/dist/{chunk-LV7M27WM.js → chunk-P5WXDYMD.js} +8 -197
- package/dist/chunk-P5WXDYMD.js.map +1 -0
- package/dist/chunk-PGFY7IRW.js +95 -0
- package/dist/chunk-PGFY7IRW.js.map +1 -0
- package/dist/chunk-QKVILR7N.js +25 -0
- package/dist/chunk-QKVILR7N.js.map +1 -0
- package/dist/{chunk-V7RWQRG7.js → chunk-QNTEDPWP.js} +3 -3
- package/dist/{chunk-Q7SS3IME.js → chunk-RDHAGBEB.js} +3 -3
- package/dist/{chunk-EIZUR2XW.js → chunk-RTS23VIJ.js} +2 -2
- package/dist/{chunk-LFLXAY2W.js → chunk-SEQ2JI3Y.js} +9 -7
- package/dist/{chunk-LFLXAY2W.js.map → chunk-SEQ2JI3Y.js.map} +1 -1
- package/dist/{chunk-AZAOEIKW.js → chunk-SW56GSYC.js} +2 -2
- package/dist/{chunk-TA66UMI4.js → chunk-T2EGAXPM.js} +2 -2
- package/dist/{chunk-SM3AVUHC.js → chunk-T45LAT2Y.js} +2 -2
- package/dist/{chunk-SKF73JOP.js → chunk-T65UZXR6.js} +3 -3
- package/dist/{chunk-ITNUCOXM.js → chunk-TB5RNNJ4.js} +7 -5
- package/dist/{chunk-ITNUCOXM.js.map → chunk-TB5RNNJ4.js.map} +1 -1
- package/dist/chunk-TCIUO62Z.js +29 -0
- package/dist/chunk-TCIUO62Z.js.map +1 -0
- package/dist/chunk-THNJ3IKU.js +17 -0
- package/dist/chunk-THNJ3IKU.js.map +1 -0
- package/dist/chunk-TLJOJBZD.js +404 -0
- package/dist/chunk-TLJOJBZD.js.map +1 -0
- package/dist/chunk-TQ3REHVF.js +95 -0
- package/dist/chunk-TQ3REHVF.js.map +1 -0
- package/dist/{chunk-DGDI2D4M.js → chunk-TVRQ3RYH.js} +28 -7
- package/dist/chunk-TVRQ3RYH.js.map +1 -0
- package/dist/{chunk-PSMV73A5.js → chunk-TYGW5TOR.js} +7 -7
- package/dist/{chunk-ZYUC53LT.js → chunk-U23JUUPX.js} +58 -2
- package/dist/{chunk-ZYUC53LT.js.map → chunk-U23JUUPX.js.map} +1 -1
- package/dist/{chunk-3YFXJ3ZP.js → chunk-U24XHXNK.js} +2 -2
- package/dist/chunk-ULIHDPKL.js +94 -0
- package/dist/chunk-ULIHDPKL.js.map +1 -0
- package/dist/chunk-UOEWDCUX.js +69 -0
- package/dist/chunk-UOEWDCUX.js.map +1 -0
- package/dist/{chunk-WWGT2MDV.js → chunk-VAWY44JW.js} +8 -8
- package/dist/{chunk-WWGT2MDV.js.map → chunk-VAWY44JW.js.map} +1 -1
- package/dist/chunk-VFRNWE5P.js +239 -0
- package/dist/chunk-VFRNWE5P.js.map +1 -0
- package/dist/{chunk-IPB7FTQX.js → chunk-VMJ5URU7.js} +10 -8
- package/dist/chunk-VMJ5URU7.js.map +1 -0
- package/dist/{chunk-VFQGRQIH.js → chunk-VPCMJ5Z4.js} +7 -5
- package/dist/{chunk-VFQGRQIH.js.map → chunk-VPCMJ5Z4.js.map} +1 -1
- package/dist/{chunk-VCTFO5CO.js → chunk-VRPBEOWU.js} +2 -2
- package/dist/{chunk-ZCGAHGUS.js → chunk-VWGCJUTV.js} +2 -2
- package/dist/{chunk-XXYIOFUB.js → chunk-XJR3COJO.js} +5 -5
- package/dist/{chunk-PKHL44ER.js → chunk-XYYW64LB.js} +2 -2
- package/dist/{chunk-IAGBDSCS.js → chunk-YFF2RP3X.js} +2 -2
- package/dist/{chunk-MD3Y6J3L.js → chunk-Z3FZC5GV.js} +7 -5
- package/dist/{chunk-MD3Y6J3L.js.map → chunk-Z3FZC5GV.js.map} +1 -1
- package/dist/{chunk-DFEMTNPJ.js → chunk-Z5PIUYNB.js} +10 -8
- package/dist/{chunk-DFEMTNPJ.js.map → chunk-Z5PIUYNB.js.map} +1 -1
- package/dist/{chunk-WYSO2NIH.js → chunk-Z7KI4WHR.js} +2 -2
- package/dist/chunk-ZKF6HH7V.js +120 -0
- package/dist/chunk-ZKF6HH7V.js.map +1 -0
- package/dist/{chunk-I2NOIW44.js → chunk-ZKYMKF2S.js} +8 -6
- package/dist/{chunk-I2NOIW44.js.map → chunk-ZKYMKF2S.js.map} +1 -1
- package/dist/{chunk-PSHOXR6C.js → chunk-ZPHDGUZZ.js} +737 -1082
- package/dist/chunk-ZPHDGUZZ.js.map +1 -0
- package/dist/{chunk-CMGR4ZEW.js → chunk-ZROMNP7Q.js} +2 -2
- package/dist/classified/index.d.ts +17 -0
- package/dist/classified/index.js +38 -0
- package/dist/collection-facade-MKEBZDWW.js +39 -0
- package/dist/computed-BMMEFRFJ.js +11 -0
- package/dist/config-drift-KGM7ZRW4.js +24 -0
- package/dist/config-drift-KGM7ZRW4.js.map +1 -0
- package/dist/consent/index.d.ts +3 -3
- package/dist/consent/index.js +10 -4
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +3 -3
- package/dist/delegation-BQNIEHZE.js +25 -0
- package/dist/derivations/index.d.ts +4 -4
- package/dist/derivations/index.js +12 -6
- package/dist/describe/index.d.ts +1 -1
- package/dist/{describe-Ccd1hS7a.d.ts → describe-C6iHNlqJ.d.ts} +19 -0
- package/dist/{dev-unlock-h0K-UZTk.d.ts → dev-unlock-Cqd5Xv5J.d.ts} +1 -1
- package/dist/{enclave-UL5LW66V.js → enclave-YN6223OG.js} +47 -18
- package/dist/executor-CBTNU5VZ.js +9 -0
- package/dist/executor-DJHNSTIR.js +9 -0
- package/dist/executor-FGISLQIN.js +21 -0
- package/dist/export-accessible-P7SLRLK3.js +23 -0
- package/dist/extract-partition-RNVSFHAB.js +36 -0
- package/dist/{fanout-sidecar-GF3DJ6KR.js → fanout-sidecar-WS22Q5WH.js} +17 -14
- package/dist/fanout-sidecar-WS22Q5WH.js.map +1 -0
- package/dist/fence-watcher-DHQ775JB.js +69 -0
- package/dist/fence-watcher-DHQ775JB.js.map +1 -0
- package/dist/find-RNBG7LBY.js +11 -0
- package/dist/forget/index.js +10 -4
- package/dist/forget/index.js.map +1 -1
- package/dist/guards/index.d.ts +4 -4
- package/dist/guards/index.js +3 -3
- package/dist/{hash-CdSr06sm.d.ts → hash-D8Q5MJLA.d.ts} +7 -2
- package/dist/history/index.d.ts +4 -4
- package/dist/history/index.js +12 -6
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +3 -3
- package/dist/i18n/index.js +14 -8
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +2 -2
- package/dist/{index-_6At2_9_.d.ts → index-D4GQe1Rx.d.ts} +1058 -49
- package/dist/{index-CGLLRtFc.d.ts → index-DRxk8q_7.d.ts} +3 -3
- package/dist/index.d.ts +60 -15
- package/dist/index.js +1081 -121
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +3 -3
- package/dist/indexing/index.js +4 -4
- package/dist/issue-W5QG53B5.js +19 -0
- package/dist/json-schema-I22JCYCG.js +44 -0
- package/dist/json-schema-I22JCYCG.js.map +1 -0
- package/dist/kernel/index.d.ts +3 -3
- package/dist/kernel/index.js +13 -7
- package/dist/lazy/index.d.ts +21 -0
- package/dist/lazy/index.js +12 -0
- package/dist/{ledger-RYI35CDS.js → ledger-KZWBKAG5.js} +12 -6
- package/dist/liberate-GMGCHIND.js +24 -0
- package/dist/link-set-UQEIYQAM.js +31 -0
- package/dist/materialized-views/index.d.ts +4 -4
- package/dist/materialized-views/index.js +16 -10
- package/dist/{mime-magic-B4RoFj3B.d.ts → mime-magic-DmwT7OzZ.d.ts} +1 -1
- package/dist/noydb-KS2O2MRI.js +60 -0
- package/dist/on/index.d.ts +2 -2
- package/dist/on/index.js +10 -4
- package/dist/overlay-views/index.d.ts +4 -4
- package/dist/overlay-views/index.js +4 -4
- package/dist/periods/index.d.ts +3 -3
- package/dist/periods/index.js +13 -7
- package/dist/pod/index.d.ts +3 -3
- package/dist/pod/index.js +12 -6
- package/dist/{policy-IXK4FVXP.js → policy-YIKUH4AD.js} +5 -5
- package/dist/portability/index.d.ts +3 -3
- package/dist/portability/index.js +8 -8
- package/dist/{public-envelope-JHDQCPSX.js → public-envelope-MRN5YYZZ.js} +4 -4
- package/dist/query/index.d.ts +2 -2
- package/dist/query/index.js +6 -6
- package/dist/register-K6DDSIXN.js +21 -0
- package/dist/registry-IMNMHWTM.js +17 -0
- package/dist/registry-K6VUQXKV.js +19 -0
- package/dist/registry-ZVO3T4M5.js +9 -0
- package/dist/registry-ZVO3T4M5.js.map +1 -0
- package/dist/request-withdrawal-EHALV66Y.js +31 -0
- package/dist/request-withdrawal-EHALV66Y.js.map +1 -0
- package/dist/reveal-TBLTFWQ2.js +38 -0
- package/dist/reveal-TBLTFWQ2.js.map +1 -0
- package/dist/revoke-MHAUAESM.js +24 -0
- package/dist/revoke-MHAUAESM.js.map +1 -0
- package/dist/sealed-record/index.d.ts +3 -3
- package/dist/sealed-record/index.js +13 -7
- package/dist/sealed-record/index.js.map +1 -1
- package/dist/session/index.d.ts +4 -4
- package/dist/session/index.js +10 -4
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +3 -3
- package/dist/shadow/index.js +2 -2
- package/dist/signer-PQ74YXRY.js +25 -0
- package/dist/signer-PQ74YXRY.js.map +1 -0
- package/dist/snapshots/index.d.ts +3 -3
- package/dist/snapshots/index.js +11 -5
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-3JWHNDIY.js → stale-7Q62KVI3.js} +2 -2
- package/dist/stale-7Q62KVI3.js.map +1 -0
- package/dist/storage-5E6YB2JY.js +21 -0
- package/dist/storage-5E6YB2JY.js.map +1 -0
- package/dist/{store-coordination-provider-3I7XWZZK.js → store-coordination-provider-JJCEMTAE.js} +3 -3
- package/dist/sync/index.d.ts +2 -2
- package/dist/sync/index.js +10 -4
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +18 -4
- package/dist/team/index.js +24 -11
- package/dist/tiers/index.d.ts +2 -2
- package/dist/tiers/index.js +11 -5
- package/dist/to/index.d.ts +2 -2
- package/dist/to/index.js +1 -1
- package/dist/{transition-guard-DqodPNKw.d.ts → transition-guard-C4hvR-Ac.d.ts} +1 -1
- package/dist/tx/index.d.ts +3 -3
- package/dist/tx/index.js +3 -3
- package/dist/ui/index.d.ts +1 -1
- package/dist/util/index.js +1 -1
- package/dist/validators-Ctgkj5qd.d.ts +101 -0
- package/dist/{vault-diff-BtpiBvic.d.ts → vault-diff-B1Ir6EGs.d.ts} +1 -1
- package/dist/verify-YB5LQHNA.js +139 -0
- package/dist/verify-YB5LQHNA.js.map +1 -0
- package/dist/walk-5C3GPKT2.js +241 -0
- package/dist/walk-5C3GPKT2.js.map +1 -0
- package/dist/with/index.d.ts +3 -3
- package/dist/with/index.js +12 -6
- package/dist/{with-materialized-view-DMmWtYfJ.d.ts → with-materialized-view-Bp65kKdQ.d.ts} +1 -1
- package/dist/{with-overlayed-view-D_IB2nkM.d.ts → with-overlayed-view-BRhdQNrK.d.ts} +1 -1
- package/dist/{with-rollup-em2wxoHP.d.ts → with-rollup-bQRPc3y1.d.ts} +1 -1
- package/dist/withdraw-accessible-JMX2TCPX.js +28 -0
- package/dist/withdraw-accessible-JMX2TCPX.js.map +1 -0
- package/package.json +11 -3
- package/dist/api-RW3KP7WU.js +0 -14
- package/dist/chunk-5O3AOPDT.js.map +0 -1
- package/dist/chunk-5TDJ56JE.js.map +0 -1
- package/dist/chunk-DGDI2D4M.js.map +0 -1
- package/dist/chunk-IPB7FTQX.js.map +0 -1
- package/dist/chunk-LV7M27WM.js.map +0 -1
- package/dist/chunk-M2YKN37S.js +0 -524
- package/dist/chunk-M2YKN37S.js.map +0 -1
- package/dist/chunk-MTMJVJ5W.js.map +0 -1
- package/dist/chunk-PSHOXR6C.js.map +0 -1
- package/dist/chunk-TJYQIGAP.js.map +0 -1
- package/dist/chunk-UIU2THRG.js.map +0 -1
- package/dist/chunk-UPJNJGGA.js.map +0 -1
- package/dist/collection-facade-GQAOGJP2.js +0 -33
- package/dist/delegation-UL5HKLER.js +0 -19
- package/dist/executor-2FWQRLMG.js +0 -15
- package/dist/executor-QZ7BXICW.js +0 -9
- package/dist/executor-Z5ZLJVTV.js +0 -9
- package/dist/export-accessible-KRV5W4GH.js +0 -17
- package/dist/extract-partition-GLKBOXFQ.js +0 -30
- package/dist/fanout-sidecar-GF3DJ6KR.js.map +0 -1
- package/dist/issue-Y6UVIR43.js +0 -13
- package/dist/liberate-CRPZEV7O.js +0 -18
- package/dist/noydb-LDEBLNHY.js +0 -50
- package/dist/registry-45RJNWGU.js +0 -9
- package/dist/registry-5GRV5VXI.js +0 -13
- package/dist/registry-WEUCHBO4.js +0 -11
- package/dist/request-withdrawal-GBPH2FDY.js +0 -25
- package/dist/revoke-TUFRGI6S.js +0 -18
- package/dist/signer-PNKTBVF7.js +0 -19
- package/dist/withdraw-accessible-FFS46EOD.js +0 -22
- /package/dist/{api-RW3KP7WU.js.map → api-JOXUNSKP.js.map} +0 -0
- /package/dist/{chunk-SMXWYP24.js.map → chunk-3QRQOBS7.js.map} +0 -0
- /package/dist/{chunk-QHJW5EXU.js.map → chunk-3Y4QLJ6K.js.map} +0 -0
- /package/dist/{chunk-NF5JWERG.js.map → chunk-43ISXURO.js.map} +0 -0
- /package/dist/{chunk-5LUY7UTV.js.map → chunk-4K3MQ5S3.js.map} +0 -0
- /package/dist/{chunk-Y22T3KQE.js.map → chunk-5MRE3C4Q.js.map} +0 -0
- /package/dist/{chunk-M6OST55S.js.map → chunk-5W7AOFWA.js.map} +0 -0
- /package/dist/{chunk-AXRXJTE2.js.map → chunk-6HNKCKFZ.js.map} +0 -0
- /package/dist/{chunk-UAG5KWVA.js.map → chunk-6RXPSMKR.js.map} +0 -0
- /package/dist/{chunk-UDRIWL7A.js.map → chunk-A5DYVMDR.js.map} +0 -0
- /package/dist/{chunk-I3TIKTJO.js.map → chunk-BKGIWGCX.js.map} +0 -0
- /package/dist/{chunk-IO6GRPT6.js.map → chunk-BMQOH7MM.js.map} +0 -0
- /package/dist/{chunk-FISN7WE4.js.map → chunk-EWR7HL3K.js.map} +0 -0
- /package/dist/{chunk-AQTBSL7R.js.map → chunk-FH52CDEW.js.map} +0 -0
- /package/dist/{chunk-UV5MFVO3.js.map → chunk-G7RDYYTE.js.map} +0 -0
- /package/dist/{chunk-TEILUWOI.js.map → chunk-GOUNIHFA.js.map} +0 -0
- /package/dist/{chunk-RUEKROOS.js.map → chunk-GXGK22QU.js.map} +0 -0
- /package/dist/{chunk-IELYAOGG.js.map → chunk-GZZL5R73.js.map} +0 -0
- /package/dist/{chunk-CWPPNPOH.js.map → chunk-H7RYPVMJ.js.map} +0 -0
- /package/dist/{chunk-5N6CZTCY.js.map → chunk-HBKDR7R3.js.map} +0 -0
- /package/dist/{chunk-KXGNJJXB.js.map → chunk-HLUKZ36Q.js.map} +0 -0
- /package/dist/{chunk-LMTH2RM6.js.map → chunk-HMXLN43G.js.map} +0 -0
- /package/dist/{chunk-BG3SPSR4.js.map → chunk-HY6ZGGEC.js.map} +0 -0
- /package/dist/{chunk-62QYRORB.js.map → chunk-LIP6JWYK.js.map} +0 -0
- /package/dist/{chunk-IGUYVGGI.js.map → chunk-LPRPVCNY.js.map} +0 -0
- /package/dist/{chunk-KVOXU4T5.js.map → chunk-N5YVZHCB.js.map} +0 -0
- /package/dist/{chunk-IUEN57TV.js.map → chunk-OFBFAVLI.js.map} +0 -0
- /package/dist/{chunk-HCIPRAGS.js.map → chunk-P2LDXRGP.js.map} +0 -0
- /package/dist/{chunk-V7RWQRG7.js.map → chunk-QNTEDPWP.js.map} +0 -0
- /package/dist/{chunk-Q7SS3IME.js.map → chunk-RDHAGBEB.js.map} +0 -0
- /package/dist/{chunk-EIZUR2XW.js.map → chunk-RTS23VIJ.js.map} +0 -0
- /package/dist/{chunk-AZAOEIKW.js.map → chunk-SW56GSYC.js.map} +0 -0
- /package/dist/{chunk-TA66UMI4.js.map → chunk-T2EGAXPM.js.map} +0 -0
- /package/dist/{chunk-SM3AVUHC.js.map → chunk-T45LAT2Y.js.map} +0 -0
- /package/dist/{chunk-SKF73JOP.js.map → chunk-T65UZXR6.js.map} +0 -0
- /package/dist/{chunk-PSMV73A5.js.map → chunk-TYGW5TOR.js.map} +0 -0
- /package/dist/{chunk-3YFXJ3ZP.js.map → chunk-U24XHXNK.js.map} +0 -0
- /package/dist/{chunk-VCTFO5CO.js.map → chunk-VRPBEOWU.js.map} +0 -0
- /package/dist/{chunk-ZCGAHGUS.js.map → chunk-VWGCJUTV.js.map} +0 -0
- /package/dist/{chunk-XXYIOFUB.js.map → chunk-XJR3COJO.js.map} +0 -0
- /package/dist/{chunk-PKHL44ER.js.map → chunk-XYYW64LB.js.map} +0 -0
- /package/dist/{chunk-IAGBDSCS.js.map → chunk-YFF2RP3X.js.map} +0 -0
- /package/dist/{chunk-WYSO2NIH.js.map → chunk-Z7KI4WHR.js.map} +0 -0
- /package/dist/{chunk-CMGR4ZEW.js.map → chunk-ZROMNP7Q.js.map} +0 -0
- /package/dist/{collection-facade-GQAOGJP2.js.map → classified/index.js.map} +0 -0
- /package/dist/{delegation-UL5HKLER.js.map → collection-facade-MKEBZDWW.js.map} +0 -0
- /package/dist/{enclave-UL5LW66V.js.map → computed-BMMEFRFJ.js.map} +0 -0
- /package/dist/{executor-2FWQRLMG.js.map → delegation-BQNIEHZE.js.map} +0 -0
- /package/dist/{executor-QZ7BXICW.js.map → enclave-YN6223OG.js.map} +0 -0
- /package/dist/{executor-Z5ZLJVTV.js.map → executor-CBTNU5VZ.js.map} +0 -0
- /package/dist/{export-accessible-KRV5W4GH.js.map → executor-DJHNSTIR.js.map} +0 -0
- /package/dist/{extract-partition-GLKBOXFQ.js.map → executor-FGISLQIN.js.map} +0 -0
- /package/dist/{issue-Y6UVIR43.js.map → export-accessible-P7SLRLK3.js.map} +0 -0
- /package/dist/{ledger-RYI35CDS.js.map → extract-partition-RNVSFHAB.js.map} +0 -0
- /package/dist/{liberate-CRPZEV7O.js.map → find-RNBG7LBY.js.map} +0 -0
- /package/dist/{noydb-LDEBLNHY.js.map → issue-W5QG53B5.js.map} +0 -0
- /package/dist/{policy-IXK4FVXP.js.map → lazy/index.js.map} +0 -0
- /package/dist/{public-envelope-JHDQCPSX.js.map → ledger-KZWBKAG5.js.map} +0 -0
- /package/dist/{registry-45RJNWGU.js.map → liberate-GMGCHIND.js.map} +0 -0
- /package/dist/{registry-5GRV5VXI.js.map → link-set-UQEIYQAM.js.map} +0 -0
- /package/dist/{registry-WEUCHBO4.js.map → noydb-KS2O2MRI.js.map} +0 -0
- /package/dist/{request-withdrawal-GBPH2FDY.js.map → policy-YIKUH4AD.js.map} +0 -0
- /package/dist/{revoke-TUFRGI6S.js.map → public-envelope-MRN5YYZZ.js.map} +0 -0
- /package/dist/{signer-PNKTBVF7.js.map → register-K6DDSIXN.js.map} +0 -0
- /package/dist/{stale-3JWHNDIY.js.map → registry-IMNMHWTM.js.map} +0 -0
- /package/dist/{withdraw-accessible-FFS46EOD.js.map → registry-K6VUQXKV.js.map} +0 -0
- /package/dist/{store-coordination-provider-3I7XWZZK.js.map → store-coordination-provider-JJCEMTAE.js.map} +0 -0
|
@@ -1,36 +1,36 @@
|
|
|
1
1
|
import {
|
|
2
2
|
NO_PORTABILITY
|
|
3
|
-
} from "../chunk-
|
|
3
|
+
} from "../chunk-N5YVZHCB.js";
|
|
4
4
|
import {
|
|
5
5
|
PortabilityNotEnabledError
|
|
6
|
-
} from "../chunk-
|
|
6
|
+
} from "../chunk-U23JUUPX.js";
|
|
7
7
|
import "../chunk-PZ5AY32C.js";
|
|
8
8
|
|
|
9
9
|
// src/with-audit/portability/active.ts
|
|
10
10
|
function withPortability() {
|
|
11
11
|
return {
|
|
12
12
|
async exportAccessibleData(vault, opts) {
|
|
13
|
-
const { exportAccessibleData } = await import("../export-accessible-
|
|
13
|
+
const { exportAccessibleData } = await import("../export-accessible-P7SLRLK3.js");
|
|
14
14
|
return exportAccessibleData(vault, opts);
|
|
15
15
|
},
|
|
16
16
|
async withdrawAccessibleData(vault, opts) {
|
|
17
|
-
const { withdrawAccessibleData } = await import("../withdraw-accessible-
|
|
17
|
+
const { withdrawAccessibleData } = await import("../withdraw-accessible-JMX2TCPX.js");
|
|
18
18
|
return withdrawAccessibleData(vault, opts);
|
|
19
19
|
},
|
|
20
20
|
async requestWithdrawal(vault, opts) {
|
|
21
|
-
const { requestWithdrawal } = await import("../request-withdrawal-
|
|
21
|
+
const { requestWithdrawal } = await import("../request-withdrawal-EHALV66Y.js");
|
|
22
22
|
return requestWithdrawal(vault, opts);
|
|
23
23
|
},
|
|
24
24
|
async listWithdrawalRequests(vault, opts) {
|
|
25
|
-
const { listWithdrawalRequests } = await import("../request-withdrawal-
|
|
25
|
+
const { listWithdrawalRequests } = await import("../request-withdrawal-EHALV66Y.js");
|
|
26
26
|
return listWithdrawalRequests(vault, opts);
|
|
27
27
|
},
|
|
28
28
|
async approveWithdrawal(vault, requestId, opts) {
|
|
29
|
-
const { approveWithdrawal } = await import("../request-withdrawal-
|
|
29
|
+
const { approveWithdrawal } = await import("../request-withdrawal-EHALV66Y.js");
|
|
30
30
|
return approveWithdrawal(vault, requestId, opts);
|
|
31
31
|
},
|
|
32
32
|
async rejectWithdrawal(vault, requestId, opts) {
|
|
33
|
-
const { rejectWithdrawal } = await import("../request-withdrawal-
|
|
33
|
+
const { rejectWithdrawal } = await import("../request-withdrawal-EHALV66Y.js");
|
|
34
34
|
return rejectWithdrawal(vault, requestId, opts);
|
|
35
35
|
}
|
|
36
36
|
};
|
|
@@ -12,9 +12,9 @@ import {
|
|
|
12
12
|
resolveLocale,
|
|
13
13
|
savePublicEnvelope,
|
|
14
14
|
validatePublicEnvelopeInput
|
|
15
|
-
} from "./chunk-
|
|
16
|
-
import "./chunk-
|
|
17
|
-
import "./chunk-
|
|
15
|
+
} from "./chunk-3QRQOBS7.js";
|
|
16
|
+
import "./chunk-LN22XH4B.js";
|
|
17
|
+
import "./chunk-U23JUUPX.js";
|
|
18
18
|
import "./chunk-PZ5AY32C.js";
|
|
19
19
|
export {
|
|
20
20
|
DEFAULT_PUBLIC_ENVELOPE_SCHEMA,
|
|
@@ -29,4 +29,4 @@ export {
|
|
|
29
29
|
savePublicEnvelope,
|
|
30
30
|
validatePublicEnvelopeInput
|
|
31
31
|
};
|
|
32
|
-
//# sourceMappingURL=public-envelope-
|
|
32
|
+
//# sourceMappingURL=public-envelope-MRN5YYZZ.js.map
|
package/dist/query/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { aP as AggregateResult, aQ as AggregateSpec, aR as Aggregation, aS as AggregationUpstream,
|
|
1
|
+
export { aP as AggregateResult, aQ as AggregateSpec, aR as Aggregation, aS as AggregationUpstream, eS as Clause, ay as CollectionIndexes, ll as CrossJoinClause, f3 as CrossJoinSourceUnknownError, f4 as CrossJoinTooLargeError, f9 as DEFAULT_CROSS_JOIN_MAX_ROWS, fa as DEFAULT_JOIN_MAX_ROWS, fd as DanglingReferenceError, fN as FieldClause, fR as FilterClause, aT as GROUPBY_MAX_CARDINALITY, aU as GROUPBY_WARN_CARDINALITY, fY as GroupCardinalityError, fZ as GroupClause, aV as GroupedAggregation, aW as GroupedQuery, aX as GroupedQueryN, aY as GroupedRow, aZ as GroupedRowN, az as HashIndex, aB as IndexDef, g5 as IndexRequiredError, g6 as IndexWriteFailureError, gc as JoinContext, gd as JoinLeg, ge as JoinStrategy, gf as JoinTooLargeError, gg as JoinableSource, a_ as LiveAggregation, gz as LiveQuery, gA as LiveUpstream, hf as Operator, hg as OrderBy, e7 as Query, hR as QueryPlan, hS as QuerySource, a$ as Reducer, b0 as ReducerBuilder, b1 as ReducerOptions, il as ScanBuilder, im as ScanPageProvider, jM as applyJoins, b2 as avg, b3 as buildLiveAggregation, jS as buildLiveQuery, b4 as count, k5 as evaluateClause, k7 as evaluateFieldClause, k9 as executePlan, b5 as groupAndReduce, b6 as max, b7 as min, b8 as moneyMax, b9 as moneyMin, ba as moneySum, kG as readPath, bb as reduceRecords, bc as reducerBuilder, bd as resetGroupByWarnings, kN as resetJoinWarnings, be as sum } from '../index-D4GQe1Rx.js';
|
|
2
2
|
import '../subject-index-O75wKshW.js';
|
|
3
|
-
import '../describe-
|
|
3
|
+
import '../describe-C6iHNlqJ.js';
|
|
4
4
|
import '../index-B9QdHytu.js';
|
|
5
5
|
import '@noy-db/attestation';
|
package/dist/query/index.js
CHANGED
|
@@ -7,10 +7,10 @@ import {
|
|
|
7
7
|
buildLiveQuery,
|
|
8
8
|
executePlan,
|
|
9
9
|
resetJoinWarnings
|
|
10
|
-
} from "../chunk-
|
|
10
|
+
} from "../chunk-GBTUANXF.js";
|
|
11
11
|
import {
|
|
12
12
|
CollectionIndexes
|
|
13
|
-
} from "../chunk-
|
|
13
|
+
} from "../chunk-BKGIWGCX.js";
|
|
14
14
|
import {
|
|
15
15
|
Aggregation,
|
|
16
16
|
GROUPBY_MAX_CARDINALITY,
|
|
@@ -31,13 +31,13 @@ import {
|
|
|
31
31
|
reducerBuilder,
|
|
32
32
|
resetGroupByWarnings,
|
|
33
33
|
sum
|
|
34
|
-
} from "../chunk-
|
|
34
|
+
} from "../chunk-P5WXDYMD.js";
|
|
35
35
|
import {
|
|
36
36
|
evaluateClause,
|
|
37
37
|
evaluateFieldClause,
|
|
38
38
|
readPath
|
|
39
|
-
} from "../chunk-
|
|
40
|
-
import "../chunk-
|
|
39
|
+
} from "../chunk-ZKF6HH7V.js";
|
|
40
|
+
import "../chunk-4K3MQ5S3.js";
|
|
41
41
|
import {
|
|
42
42
|
CrossJoinSourceUnknownError,
|
|
43
43
|
CrossJoinTooLargeError,
|
|
@@ -46,7 +46,7 @@ import {
|
|
|
46
46
|
IndexRequiredError,
|
|
47
47
|
IndexWriteFailureError,
|
|
48
48
|
JoinTooLargeError
|
|
49
|
-
} from "../chunk-
|
|
49
|
+
} from "../chunk-U23JUUPX.js";
|
|
50
50
|
import "../chunk-PZ5AY32C.js";
|
|
51
51
|
export {
|
|
52
52
|
Aggregation,
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import {
|
|
2
|
+
persistClassifiedMarker,
|
|
3
|
+
persistSchemaIfNeeded
|
|
4
|
+
} from "./chunk-KYY7L72M.js";
|
|
5
|
+
import "./chunk-ULIHDPKL.js";
|
|
6
|
+
import "./chunk-CPXPHQGX.js";
|
|
7
|
+
import "./chunk-OVO2RZAE.js";
|
|
8
|
+
import "./chunk-QKVILR7N.js";
|
|
9
|
+
import "./chunk-LN22XH4B.js";
|
|
10
|
+
import "./chunk-PGFY7IRW.js";
|
|
11
|
+
import "./chunk-TCIUO62Z.js";
|
|
12
|
+
import "./chunk-UOEWDCUX.js";
|
|
13
|
+
import "./chunk-LP7BEXCT.js";
|
|
14
|
+
import "./chunk-TLJOJBZD.js";
|
|
15
|
+
import "./chunk-U23JUUPX.js";
|
|
16
|
+
import "./chunk-PZ5AY32C.js";
|
|
17
|
+
export {
|
|
18
|
+
persistClassifiedMarker,
|
|
19
|
+
persistSchemaIfNeeded
|
|
20
|
+
};
|
|
21
|
+
//# sourceMappingURL=register-K6DDSIXN.js.map
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import {
|
|
2
|
+
DerivationRegistry
|
|
3
|
+
} from "./chunk-RDHAGBEB.js";
|
|
4
|
+
import "./chunk-OVO2RZAE.js";
|
|
5
|
+
import "./chunk-QKVILR7N.js";
|
|
6
|
+
import "./chunk-LN22XH4B.js";
|
|
7
|
+
import "./chunk-PGFY7IRW.js";
|
|
8
|
+
import "./chunk-TCIUO62Z.js";
|
|
9
|
+
import "./chunk-UOEWDCUX.js";
|
|
10
|
+
import "./chunk-LP7BEXCT.js";
|
|
11
|
+
import "./chunk-TLJOJBZD.js";
|
|
12
|
+
import "./chunk-U23JUUPX.js";
|
|
13
|
+
import "./chunk-PZ5AY32C.js";
|
|
14
|
+
export {
|
|
15
|
+
DerivationRegistry
|
|
16
|
+
};
|
|
17
|
+
//# sourceMappingURL=registry-IMNMHWTM.js.map
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import {
|
|
2
|
+
MaterializedViewRegistry,
|
|
3
|
+
wrapDbWithPredicates
|
|
4
|
+
} from "./chunk-LIP6JWYK.js";
|
|
5
|
+
import "./chunk-OVO2RZAE.js";
|
|
6
|
+
import "./chunk-QKVILR7N.js";
|
|
7
|
+
import "./chunk-LN22XH4B.js";
|
|
8
|
+
import "./chunk-PGFY7IRW.js";
|
|
9
|
+
import "./chunk-TCIUO62Z.js";
|
|
10
|
+
import "./chunk-UOEWDCUX.js";
|
|
11
|
+
import "./chunk-LP7BEXCT.js";
|
|
12
|
+
import "./chunk-TLJOJBZD.js";
|
|
13
|
+
import "./chunk-U23JUUPX.js";
|
|
14
|
+
import "./chunk-PZ5AY32C.js";
|
|
15
|
+
export {
|
|
16
|
+
MaterializedViewRegistry,
|
|
17
|
+
wrapDbWithPredicates
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=registry-K6VUQXKV.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import {
|
|
2
|
+
WITHDRAWAL_REQUESTS_COLLECTION,
|
|
3
|
+
WithdrawalRequestError,
|
|
4
|
+
approveWithdrawal,
|
|
5
|
+
listWithdrawalRequests,
|
|
6
|
+
rejectWithdrawal,
|
|
7
|
+
requestWithdrawal
|
|
8
|
+
} from "./chunk-XJR3COJO.js";
|
|
9
|
+
import "./chunk-TYGW5TOR.js";
|
|
10
|
+
import "./chunk-P2LDXRGP.js";
|
|
11
|
+
import "./chunk-EWR7HL3K.js";
|
|
12
|
+
import "./chunk-3QRQOBS7.js";
|
|
13
|
+
import "./chunk-OVO2RZAE.js";
|
|
14
|
+
import "./chunk-QKVILR7N.js";
|
|
15
|
+
import "./chunk-LN22XH4B.js";
|
|
16
|
+
import "./chunk-PGFY7IRW.js";
|
|
17
|
+
import "./chunk-TCIUO62Z.js";
|
|
18
|
+
import "./chunk-UOEWDCUX.js";
|
|
19
|
+
import "./chunk-LP7BEXCT.js";
|
|
20
|
+
import "./chunk-TLJOJBZD.js";
|
|
21
|
+
import "./chunk-U23JUUPX.js";
|
|
22
|
+
import "./chunk-PZ5AY32C.js";
|
|
23
|
+
export {
|
|
24
|
+
WITHDRAWAL_REQUESTS_COLLECTION,
|
|
25
|
+
WithdrawalRequestError,
|
|
26
|
+
approveWithdrawal,
|
|
27
|
+
listWithdrawalRequests,
|
|
28
|
+
rejectWithdrawal,
|
|
29
|
+
requestWithdrawal
|
|
30
|
+
};
|
|
31
|
+
//# sourceMappingURL=request-withdrawal-EHALV66Y.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import {
|
|
2
|
+
isTombstone
|
|
3
|
+
} from "./chunk-QKVILR7N.js";
|
|
4
|
+
import "./chunk-LN22XH4B.js";
|
|
5
|
+
import {
|
|
6
|
+
dualReadSealedSlot
|
|
7
|
+
} from "./chunk-TCIUO62Z.js";
|
|
8
|
+
import "./chunk-TLJOJBZD.js";
|
|
9
|
+
import {
|
|
10
|
+
ClassifiedRevealError
|
|
11
|
+
} from "./chunk-U23JUUPX.js";
|
|
12
|
+
import "./chunk-PZ5AY32C.js";
|
|
13
|
+
|
|
14
|
+
// src/kernel/enclave/classify/reveal.ts
|
|
15
|
+
async function revealSealedField(ctx, id, field) {
|
|
16
|
+
const env = await ctx.getEnvelope(id);
|
|
17
|
+
if (env === null || isTombstone(env, ctx.encrypted)) {
|
|
18
|
+
throw new ClassifiedRevealError(ctx.collection, field, `record "${id}" not found in "${ctx.collection}"`);
|
|
19
|
+
}
|
|
20
|
+
if (!ctx.encrypted) {
|
|
21
|
+
const record = JSON.parse(env._data || "{}");
|
|
22
|
+
if (!(field in record)) {
|
|
23
|
+
throw new ClassifiedRevealError(ctx.collection, field, `no stored value for "${field}"`);
|
|
24
|
+
}
|
|
25
|
+
return record[field];
|
|
26
|
+
}
|
|
27
|
+
const blob = env._sealed?.[field];
|
|
28
|
+
if (blob === void 0) {
|
|
29
|
+
throw new ClassifiedRevealError(ctx.collection, field, `no sealed value stored for "${field}"`);
|
|
30
|
+
}
|
|
31
|
+
const cek = await ctx.resolveCek(env);
|
|
32
|
+
const dek = await ctx.getDEK();
|
|
33
|
+
return JSON.parse(await dualReadSealedSlot(blob, field, ctx.collection, cek, dek));
|
|
34
|
+
}
|
|
35
|
+
export {
|
|
36
|
+
revealSealedField
|
|
37
|
+
};
|
|
38
|
+
//# sourceMappingURL=reveal-TBLTFWQ2.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/kernel/enclave/classify/reveal.ts"],"sourcesContent":["/**\n * Single-point audited reveal, stage-2 rework (I6): decrypt ONE sealed slot\n * from the raw envelope — no full record view, no collection.get(), so no\n * spurious 'get' consent entry. Fail-closed gates (b)/(c) live here; gate\n * (a) (storage:'never') fires in collection.reveal before any strategy call.\n * @module\n */\nimport { dualReadSealedSlot } from '../record-keys/sealed-slot.js'\nimport { isTombstone } from '../record-keys/tombstone.js'\nimport { ClassifiedRevealError } from '../../errors.js'\nimport type { EncryptedEnvelope } from '../../types.js'\nimport type { EnclaveKey } from '../crypto.js'\n\nexport interface RevealEngineCtx {\n readonly collection: string\n readonly encrypted: boolean\n getEnvelope(id: string): Promise<EncryptedEnvelope | null>\n resolveCek(env: EncryptedEnvelope): Promise<EnclaveKey | undefined>\n getDEK(): Promise<EnclaveKey>\n}\n\nexport async function revealSealedField(ctx: RevealEngineCtx, id: string, field: string): Promise<unknown> {\n const env = await ctx.getEnvelope(id)\n if (env === null || isTombstone(env, ctx.encrypted)) {\n throw new ClassifiedRevealError(ctx.collection, field, `record \"${id}\" not found in \"${ctx.collection}\"`)\n }\n if (!ctx.encrypted) {\n // Plaintext collection: nothing is sealed; the value sits in the open body.\n const record = JSON.parse(env._data || '{}') as Record<string, unknown>\n if (!(field in record)) {\n throw new ClassifiedRevealError(ctx.collection, field, `no stored value for \"${field}\"`)\n }\n return record[field]\n }\n const blob = env._sealed?.[field]\n if (blob === undefined) {\n // Gate (c): fail-closed error, never parseSealedSlot(undefined)'s TypeError.\n throw new ClassifiedRevealError(ctx.collection, field, `no sealed value stored for \"${field}\"`)\n }\n const cek = await ctx.resolveCek(env)\n const dek = await ctx.getDEK()\n return JSON.parse(await dualReadSealedSlot(blob, field, ctx.collection, cek, dek))\n}\n"],"mappings":";;;;;;;;;;;;;;AAqBA,eAAsB,kBAAkB,KAAsB,IAAY,OAAiC;AACzG,QAAM,MAAM,MAAM,IAAI,YAAY,EAAE;AACpC,MAAI,QAAQ,QAAQ,YAAY,KAAK,IAAI,SAAS,GAAG;AACnD,UAAM,IAAI,sBAAsB,IAAI,YAAY,OAAO,WAAW,EAAE,mBAAmB,IAAI,UAAU,GAAG;AAAA,EAC1G;AACA,MAAI,CAAC,IAAI,WAAW;AAElB,UAAM,SAAS,KAAK,MAAM,IAAI,SAAS,IAAI;AAC3C,QAAI,EAAE,SAAS,SAAS;AACtB,YAAM,IAAI,sBAAsB,IAAI,YAAY,OAAO,wBAAwB,KAAK,GAAG;AAAA,IACzF;AACA,WAAO,OAAO,KAAK;AAAA,EACrB;AACA,QAAM,OAAO,IAAI,UAAU,KAAK;AAChC,MAAI,SAAS,QAAW;AAEtB,UAAM,IAAI,sBAAsB,IAAI,YAAY,OAAO,+BAA+B,KAAK,GAAG;AAAA,EAChG;AACA,QAAM,MAAM,MAAM,IAAI,WAAW,GAAG;AACpC,QAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,SAAO,KAAK,MAAM,MAAM,mBAAmB,MAAM,OAAO,IAAI,YAAY,KAAK,GAAG,CAAC;AACnF;","names":[]}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import {
|
|
2
|
+
getRevokedDocIdsCore,
|
|
3
|
+
publishRevocationListCore,
|
|
4
|
+
revokeDocCore,
|
|
5
|
+
unrevokeDocCore
|
|
6
|
+
} from "./chunk-ZKYMKF2S.js";
|
|
7
|
+
import "./chunk-H5XRIJX3.js";
|
|
8
|
+
import "./chunk-OVO2RZAE.js";
|
|
9
|
+
import "./chunk-QKVILR7N.js";
|
|
10
|
+
import "./chunk-LN22XH4B.js";
|
|
11
|
+
import "./chunk-PGFY7IRW.js";
|
|
12
|
+
import "./chunk-TCIUO62Z.js";
|
|
13
|
+
import "./chunk-UOEWDCUX.js";
|
|
14
|
+
import "./chunk-LP7BEXCT.js";
|
|
15
|
+
import "./chunk-TLJOJBZD.js";
|
|
16
|
+
import "./chunk-U23JUUPX.js";
|
|
17
|
+
import "./chunk-PZ5AY32C.js";
|
|
18
|
+
export {
|
|
19
|
+
getRevokedDocIdsCore,
|
|
20
|
+
publishRevocationListCore,
|
|
21
|
+
revokeDocCore,
|
|
22
|
+
unrevokeDocCore
|
|
23
|
+
};
|
|
24
|
+
//# sourceMappingURL=revoke-MHAUAESM.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { d8 as SealedRecordStrategy, d9 as SealedCekDeliveryEnvelope } from '../index-
|
|
2
|
-
export { da as NO_SEALED_RECORD, db as SealedCekBinding, dc as SealedRecordExpiredError, dd as SealedRecordMismatchError, de as SealedRecordNotEnabledError } from '../index-
|
|
1
|
+
import { d8 as SealedRecordStrategy, d9 as SealedCekDeliveryEnvelope } from '../index-D4GQe1Rx.js';
|
|
2
|
+
export { da as NO_SEALED_RECORD, db as SealedCekBinding, dc as SealedRecordExpiredError, dd as SealedRecordMismatchError, de as SealedRecordNotEnabledError } from '../index-D4GQe1Rx.js';
|
|
3
3
|
import '../subject-index-O75wKshW.js';
|
|
4
|
-
import '../describe-
|
|
4
|
+
import '../describe-C6iHNlqJ.js';
|
|
5
5
|
import '../index-B9QdHytu.js';
|
|
6
6
|
import '@noy-db/attestation';
|
|
7
7
|
|
|
@@ -1,32 +1,38 @@
|
|
|
1
1
|
import {
|
|
2
2
|
NO_SEALED_RECORD
|
|
3
|
-
} from "../chunk-
|
|
3
|
+
} from "../chunk-G7RDYYTE.js";
|
|
4
|
+
import "../chunk-OVO2RZAE.js";
|
|
5
|
+
import "../chunk-QKVILR7N.js";
|
|
6
|
+
import "../chunk-LN22XH4B.js";
|
|
7
|
+
import "../chunk-PGFY7IRW.js";
|
|
8
|
+
import "../chunk-TCIUO62Z.js";
|
|
9
|
+
import "../chunk-UOEWDCUX.js";
|
|
10
|
+
import "../chunk-LP7BEXCT.js";
|
|
4
11
|
import {
|
|
5
12
|
base64ToBuffer,
|
|
6
13
|
decrypt,
|
|
7
14
|
importCek
|
|
8
|
-
} from "../chunk-
|
|
9
|
-
import "../chunk-5TDJ56JE.js";
|
|
15
|
+
} from "../chunk-TLJOJBZD.js";
|
|
10
16
|
import {
|
|
11
17
|
SealedRecordExpiredError,
|
|
12
18
|
SealedRecordMismatchError,
|
|
13
19
|
SealedRecordNotEnabledError
|
|
14
|
-
} from "../chunk-
|
|
20
|
+
} from "../chunk-U23JUUPX.js";
|
|
15
21
|
import "../chunk-PZ5AY32C.js";
|
|
16
22
|
|
|
17
23
|
// src/with-audit/sealed-record/active.ts
|
|
18
24
|
function withSealedRecord() {
|
|
19
25
|
return {
|
|
20
26
|
async sealRecordToHost(ctx, collection, id, hostSealer, opts) {
|
|
21
|
-
const { sealRecordToHost } = await import("../enclave-
|
|
27
|
+
const { sealRecordToHost } = await import("../enclave-YN6223OG.js");
|
|
22
28
|
return sealRecordToHost(ctx, collection, id, hostSealer, opts);
|
|
23
29
|
},
|
|
24
30
|
async revokeSealedRecord(ctx, collection, id, pid, opts) {
|
|
25
|
-
const { revokeSealedRecord } = await import("../enclave-
|
|
31
|
+
const { revokeSealedRecord } = await import("../enclave-YN6223OG.js");
|
|
26
32
|
return revokeSealedRecord(ctx, collection, id, pid, opts);
|
|
27
33
|
},
|
|
28
34
|
async rotateRecordCek(ctx, collection, id) {
|
|
29
|
-
const { rotateRecordCek } = await import("../enclave-
|
|
35
|
+
const { rotateRecordCek } = await import("../enclave-YN6223OG.js");
|
|
30
36
|
return rotateRecordCek(ctx, collection, id);
|
|
31
37
|
}
|
|
32
38
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/with-audit/sealed-record/active.ts","../../src/with-audit/sealed-record/index.ts"],"sourcesContent":["/**\n * Enable the sealed-record (grantor-side) capability.\n * Pass to `createNoydb({ sealedRecordStrategy: withSealedRecord() })` to make a\n * vault's `sealRecordToHost` / `revokeSealedRecord` / `rotateRecordCek` methods\n * live. The `record-keys` grantor engine is dynamically imported here, so it is\n * reached only via opt-in.\n */\nimport type { SealedRecordStrategy } from './strategy.js'\n\nexport function withSealedRecord(): SealedRecordStrategy {\n return {\n async sealRecordToHost(ctx, collection, id, hostSealer, opts) {\n const { sealRecordToHost } = await import('../../kernel/enclave/index.js')\n return sealRecordToHost(ctx, collection, id, hostSealer, opts)\n },\n async revokeSealedRecord(ctx, collection, id, pid, opts) {\n const { revokeSealedRecord } = await import('../../kernel/enclave/index.js')\n return revokeSealedRecord(ctx, collection, id, pid, opts)\n },\n async rotateRecordCek(ctx, collection, id) {\n const { rotateRecordCek } = await import('../../kernel/enclave/index.js')\n return rotateRecordCek(ctx, collection, id)\n },\n }\n}\n","/**\n * `@noy-db/hub/sealed-record` — host-side opener for record-scoped CEK\n * sealing.\n *\n * The **grantor** side (sealing a record's CEK to a host, revoking, and hard\n * rotation) lives on `Vault` (`vault.sealRecordToHost` /\n * `vault.revokeSealedRecord` / `vault.rotateRecordCek`) because it needs the\n * collection DEK. This subpath exposes the **recipient host** side:\n * {@link openSealedRecord} reconstructs a single record's plaintext from\n * (a) the sealed-CEK delivery envelope, (b) the record's encrypted envelope\n * body, and (c) the host's own unsealer — and **nothing else**. The host never\n * touches a vault DEK and can decrypt exactly the one bound record.\n *\n * @module\n */\n\nimport { decrypt, base64ToBuffer, importCek } from '../../kernel/enclave/index.js'\nimport {\n SealedRecordExpiredError,\n SealedRecordMismatchError,\n} from '../../kernel/errors.js'\nimport type {\n SealedCekDeliveryEnvelope,\n SealedCekBinding,\n} from './types.js'\n\nexport type { SealedCekDeliveryEnvelope, SealedCekBinding } from './types.js'\nexport { SealedRecordExpiredError, SealedRecordMismatchError } from '../../kernel/errors.js'\nexport { withSealedRecord } from './active.js'\nexport { NO_SEALED_RECORD, type SealedRecordStrategy } from './strategy.js'\nexport { SealedRecordNotEnabledError } from '../../kernel/errors.js'\n\n/**\n * Host-side: decrypt a single record whose CEK was sealed to this host by a\n * vault grantor via `vault.sealRecordToHost()`.\n *\n * Verification order (security-critical — do NOT reorder past the unseal):\n * 1. **Fast-path expiry** — reject on the delivery envelope's clear-text\n * `expiresAt` before doing any (potentially expensive) unseal work. This is\n * a hint only.\n * 2. **Unseal** the `payload` with the host's `recipientSealer.unseal` →\n * parse the {@link SealedCekBinding}.\n * 3. **Binding match** — the binding's `{collection, id}` MUST equal the\n * expected pair, else {@link SealedRecordMismatchError}. This is the\n * host-denial boundary (a CEK sealed for record A cannot open record B).\n * 4. **Authoritative expiry** — re-check `binding.expiresAt` (the copy that\n * cannot be forged by editing the delivery envelope), else\n * {@link SealedRecordExpiredError}.\n * 5. **Decrypt** the record body under the unsealed CEK. A CEK from a\n * PRE-rotation seal applied to a POST-rotation live envelope passes (1)-(4)\n * but fails the AES-GCM auth tag → `TamperedError` from `decrypt`.\n *\n * @param sealedCekEnvelope The `SealedCekDeliveryEnvelope` written by the grantor.\n * @param recordEnvelope The record's `{ _iv, _data }` (the encrypted body).\n * @param recipientSealer The host's unsealer (`{ unseal(bytes) }`) — e.g. a\n * KMS-backed sealer or `MemoryRecipientSealer`.\n * @param expectedCollection Collection the caller believes `recordEnvelope` is in.\n * @param expectedId Record id the caller believes `recordEnvelope` is.\n * @returns The decrypted record body as a JSON string.\n */\nexport async function openSealedRecord(\n sealedCekEnvelope: SealedCekDeliveryEnvelope,\n recordEnvelope: { readonly _iv: string; readonly _data: string },\n recipientSealer: { unseal(bytes: Uint8Array): Promise<Uint8Array> },\n expectedCollection: string,\n expectedId: string,\n): Promise<string> {\n // (1) Fast-path expiry on the (unauthenticated) delivery envelope. Fail\n // CLOSED (M-4): a malformed/empty `expiresAt` parses to NaN — treat it as\n // expired rather than letting `NaN <= now` (which is `false`) skip the check.\n const fastT = Date.parse(sealedCekEnvelope.expiresAt)\n if (!Number.isFinite(fastT) || fastT <= Date.now()) {\n throw new SealedRecordExpiredError(sealedCekEnvelope.expiresAt)\n }\n\n // (2) Unseal → parse binding.\n const payloadBytes = base64ToBuffer(sealedCekEnvelope.payload)\n const openedBytes = await recipientSealer.unseal(payloadBytes)\n const binding = JSON.parse(new TextDecoder().decode(openedBytes)) as SealedCekBinding\n\n // (3) Binding match — host-denial boundary.\n if (binding.collection !== expectedCollection || binding.id !== expectedId) {\n throw new SealedRecordMismatchError(\n { collection: expectedCollection, id: expectedId },\n { collection: binding.collection, id: binding.id },\n )\n }\n\n // (4) Authoritative expiry — the copy that cannot be forged on the envelope.\n // Fail CLOSED (M-4): a malformed/empty `expiresAt` → NaN → treat as expired.\n const t = Date.parse(binding.expiresAt)\n if (!Number.isFinite(t) || t <= Date.now()) {\n throw new SealedRecordExpiredError(binding.expiresAt)\n }\n\n // (5) Import the raw CEK + decrypt the body. Wrong-key (pre-rotation CEK vs\n // post-rotation body) surfaces as TamperedError from decrypt's GCM tag check.\n const cek = await importCek(base64ToBuffer(binding.cek))\n return decrypt(recordEnvelope._iv, recordEnvelope._data, cek)\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../src/with-audit/sealed-record/active.ts","../../src/with-audit/sealed-record/index.ts"],"sourcesContent":["/**\n * Enable the sealed-record (grantor-side) capability.\n * Pass to `createNoydb({ sealedRecordStrategy: withSealedRecord() })` to make a\n * vault's `sealRecordToHost` / `revokeSealedRecord` / `rotateRecordCek` methods\n * live. The `record-keys` grantor engine is dynamically imported here, so it is\n * reached only via opt-in.\n */\nimport type { SealedRecordStrategy } from './strategy.js'\n\nexport function withSealedRecord(): SealedRecordStrategy {\n return {\n async sealRecordToHost(ctx, collection, id, hostSealer, opts) {\n const { sealRecordToHost } = await import('../../kernel/enclave/index.js')\n return sealRecordToHost(ctx, collection, id, hostSealer, opts)\n },\n async revokeSealedRecord(ctx, collection, id, pid, opts) {\n const { revokeSealedRecord } = await import('../../kernel/enclave/index.js')\n return revokeSealedRecord(ctx, collection, id, pid, opts)\n },\n async rotateRecordCek(ctx, collection, id) {\n const { rotateRecordCek } = await import('../../kernel/enclave/index.js')\n return rotateRecordCek(ctx, collection, id)\n },\n }\n}\n","/**\n * `@noy-db/hub/sealed-record` — host-side opener for record-scoped CEK\n * sealing.\n *\n * The **grantor** side (sealing a record's CEK to a host, revoking, and hard\n * rotation) lives on `Vault` (`vault.sealRecordToHost` /\n * `vault.revokeSealedRecord` / `vault.rotateRecordCek`) because it needs the\n * collection DEK. This subpath exposes the **recipient host** side:\n * {@link openSealedRecord} reconstructs a single record's plaintext from\n * (a) the sealed-CEK delivery envelope, (b) the record's encrypted envelope\n * body, and (c) the host's own unsealer — and **nothing else**. The host never\n * touches a vault DEK and can decrypt exactly the one bound record.\n *\n * @module\n */\n\nimport { decrypt, base64ToBuffer, importCek } from '../../kernel/enclave/index.js'\nimport {\n SealedRecordExpiredError,\n SealedRecordMismatchError,\n} from '../../kernel/errors.js'\nimport type {\n SealedCekDeliveryEnvelope,\n SealedCekBinding,\n} from './types.js'\n\nexport type { SealedCekDeliveryEnvelope, SealedCekBinding } from './types.js'\nexport { SealedRecordExpiredError, SealedRecordMismatchError } from '../../kernel/errors.js'\nexport { withSealedRecord } from './active.js'\nexport { NO_SEALED_RECORD, type SealedRecordStrategy } from './strategy.js'\nexport { SealedRecordNotEnabledError } from '../../kernel/errors.js'\n\n/**\n * Host-side: decrypt a single record whose CEK was sealed to this host by a\n * vault grantor via `vault.sealRecordToHost()`.\n *\n * Verification order (security-critical — do NOT reorder past the unseal):\n * 1. **Fast-path expiry** — reject on the delivery envelope's clear-text\n * `expiresAt` before doing any (potentially expensive) unseal work. This is\n * a hint only.\n * 2. **Unseal** the `payload` with the host's `recipientSealer.unseal` →\n * parse the {@link SealedCekBinding}.\n * 3. **Binding match** — the binding's `{collection, id}` MUST equal the\n * expected pair, else {@link SealedRecordMismatchError}. This is the\n * host-denial boundary (a CEK sealed for record A cannot open record B).\n * 4. **Authoritative expiry** — re-check `binding.expiresAt` (the copy that\n * cannot be forged by editing the delivery envelope), else\n * {@link SealedRecordExpiredError}.\n * 5. **Decrypt** the record body under the unsealed CEK. A CEK from a\n * PRE-rotation seal applied to a POST-rotation live envelope passes (1)-(4)\n * but fails the AES-GCM auth tag → `TamperedError` from `decrypt`.\n *\n * @param sealedCekEnvelope The `SealedCekDeliveryEnvelope` written by the grantor.\n * @param recordEnvelope The record's `{ _iv, _data }` (the encrypted body).\n * @param recipientSealer The host's unsealer (`{ unseal(bytes) }`) — e.g. a\n * KMS-backed sealer or `MemoryRecipientSealer`.\n * @param expectedCollection Collection the caller believes `recordEnvelope` is in.\n * @param expectedId Record id the caller believes `recordEnvelope` is.\n * @returns The decrypted record body as a JSON string.\n */\nexport async function openSealedRecord(\n sealedCekEnvelope: SealedCekDeliveryEnvelope,\n recordEnvelope: { readonly _iv: string; readonly _data: string },\n recipientSealer: { unseal(bytes: Uint8Array): Promise<Uint8Array> },\n expectedCollection: string,\n expectedId: string,\n): Promise<string> {\n // (1) Fast-path expiry on the (unauthenticated) delivery envelope. Fail\n // CLOSED (M-4): a malformed/empty `expiresAt` parses to NaN — treat it as\n // expired rather than letting `NaN <= now` (which is `false`) skip the check.\n const fastT = Date.parse(sealedCekEnvelope.expiresAt)\n if (!Number.isFinite(fastT) || fastT <= Date.now()) {\n throw new SealedRecordExpiredError(sealedCekEnvelope.expiresAt)\n }\n\n // (2) Unseal → parse binding.\n const payloadBytes = base64ToBuffer(sealedCekEnvelope.payload)\n const openedBytes = await recipientSealer.unseal(payloadBytes)\n const binding = JSON.parse(new TextDecoder().decode(openedBytes)) as SealedCekBinding\n\n // (3) Binding match — host-denial boundary.\n if (binding.collection !== expectedCollection || binding.id !== expectedId) {\n throw new SealedRecordMismatchError(\n { collection: expectedCollection, id: expectedId },\n { collection: binding.collection, id: binding.id },\n )\n }\n\n // (4) Authoritative expiry — the copy that cannot be forged on the envelope.\n // Fail CLOSED (M-4): a malformed/empty `expiresAt` → NaN → treat as expired.\n const t = Date.parse(binding.expiresAt)\n if (!Number.isFinite(t) || t <= Date.now()) {\n throw new SealedRecordExpiredError(binding.expiresAt)\n }\n\n // (5) Import the raw CEK + decrypt the body. Wrong-key (pre-rotation CEK vs\n // post-rotation body) surfaces as TamperedError from decrypt's GCM tag check.\n const cek = await importCek(base64ToBuffer(binding.cek))\n return decrypt(recordEnvelope._iv, recordEnvelope._data, cek)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AASO,SAAS,mBAAyC;AACvD,SAAO;AAAA,IACL,MAAM,iBAAiB,KAAK,YAAY,IAAI,YAAY,MAAM;AAC5D,YAAM,EAAE,iBAAiB,IAAI,MAAM,OAAO,wBAA+B;AACzE,aAAO,iBAAiB,KAAK,YAAY,IAAI,YAAY,IAAI;AAAA,IAC/D;AAAA,IACA,MAAM,mBAAmB,KAAK,YAAY,IAAI,KAAK,MAAM;AACvD,YAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,wBAA+B;AAC3E,aAAO,mBAAmB,KAAK,YAAY,IAAI,KAAK,IAAI;AAAA,IAC1D;AAAA,IACA,MAAM,gBAAgB,KAAK,YAAY,IAAI;AACzC,YAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,wBAA+B;AACxE,aAAO,gBAAgB,KAAK,YAAY,EAAE;AAAA,IAC5C;AAAA,EACF;AACF;;;ACoCA,eAAsB,iBACpB,mBACA,gBACA,iBACA,oBACA,YACiB;AAIjB,QAAM,QAAQ,KAAK,MAAM,kBAAkB,SAAS;AACpD,MAAI,CAAC,OAAO,SAAS,KAAK,KAAK,SAAS,KAAK,IAAI,GAAG;AAClD,UAAM,IAAI,yBAAyB,kBAAkB,SAAS;AAAA,EAChE;AAGA,QAAM,eAAe,eAAe,kBAAkB,OAAO;AAC7D,QAAM,cAAc,MAAM,gBAAgB,OAAO,YAAY;AAC7D,QAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,WAAW,CAAC;AAGhE,MAAI,QAAQ,eAAe,sBAAsB,QAAQ,OAAO,YAAY;AAC1E,UAAM,IAAI;AAAA,MACR,EAAE,YAAY,oBAAoB,IAAI,WAAW;AAAA,MACjD,EAAE,YAAY,QAAQ,YAAY,IAAI,QAAQ,GAAG;AAAA,IACnD;AAAA,EACF;AAIA,QAAM,IAAI,KAAK,MAAM,QAAQ,SAAS;AACtC,MAAI,CAAC,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,IAAI,GAAG;AAC1C,UAAM,IAAI,yBAAyB,QAAQ,SAAS;AAAA,EACtD;AAIA,QAAM,MAAM,MAAM,UAAU,eAAe,QAAQ,GAAG,CAAC;AACvD,SAAO,QAAQ,eAAe,KAAK,eAAe,OAAO,GAAG;AAC9D;","names":[]}
|
package/dist/session/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from '../dev-unlock-
|
|
2
|
-
import { H as SessionStrategy } from '../index-
|
|
3
|
-
export { P as PolicyEnforcer, J as SessionExpiredError, K as SessionNotFoundError, N as SessionPolicyError, Q as createEnforcer, W as validateSessionPolicy } from '../index-
|
|
1
|
+
export { C as CreateSessionOptions, a as CreateSessionResult, D as DevUnlockOptions, S as SessionToken, b as activeSessionCount, c as clearDevUnlock, d as createSession, e as enableDevUnlock, i as isDevUnlockActive, f as isSessionAlive, l as loadDevUnlock, r as resolveSession, g as revokeAllSessions, h as revokeSession } from '../dev-unlock-Cqd5Xv5J.js';
|
|
2
|
+
import { H as SessionStrategy } from '../index-D4GQe1Rx.js';
|
|
3
|
+
export { P as PolicyEnforcer, J as SessionExpiredError, K as SessionNotFoundError, N as SessionPolicyError, Q as createEnforcer, W as validateSessionPolicy } from '../index-D4GQe1Rx.js';
|
|
4
4
|
import '../subject-index-O75wKshW.js';
|
|
5
|
-
import '../describe-
|
|
5
|
+
import '../describe-C6iHNlqJ.js';
|
|
6
6
|
import '../index-B9QdHytu.js';
|
|
7
7
|
import '@noy-db/attestation';
|
|
8
8
|
|
package/dist/session/index.js
CHANGED
|
@@ -12,15 +12,21 @@ import {
|
|
|
12
12
|
revokeAllSessions,
|
|
13
13
|
revokeSession,
|
|
14
14
|
validateSessionPolicy
|
|
15
|
-
} from "../chunk-
|
|
15
|
+
} from "../chunk-6RXPSMKR.js";
|
|
16
16
|
import "../chunk-ZJADGNYF.js";
|
|
17
|
-
import "../chunk-
|
|
18
|
-
import "../chunk-
|
|
17
|
+
import "../chunk-OVO2RZAE.js";
|
|
18
|
+
import "../chunk-QKVILR7N.js";
|
|
19
|
+
import "../chunk-LN22XH4B.js";
|
|
20
|
+
import "../chunk-PGFY7IRW.js";
|
|
21
|
+
import "../chunk-TCIUO62Z.js";
|
|
22
|
+
import "../chunk-UOEWDCUX.js";
|
|
23
|
+
import "../chunk-LP7BEXCT.js";
|
|
24
|
+
import "../chunk-TLJOJBZD.js";
|
|
19
25
|
import {
|
|
20
26
|
SessionExpiredError,
|
|
21
27
|
SessionNotFoundError,
|
|
22
28
|
SessionPolicyError
|
|
23
|
-
} from "../chunk-
|
|
29
|
+
} from "../chunk-U23JUUPX.js";
|
|
24
30
|
import "../chunk-PZ5AY32C.js";
|
|
25
31
|
|
|
26
32
|
// src/with-party/session/active.ts
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/with-party/session/active.ts"],"sourcesContent":["/**\n * Active session strategy — `withSession()` returns the real\n * implementation that wires `SessionPolicy` validation, the\n * `PolicyEnforcer`, and the global session-token registry into the\n * Noydb lifecycle.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withSession } from '@noy-db/hub/session'\n *\n * const db = await createNoydb({\n * store: ...,\n * user: ...,\n * sessionPolicy: { idleTimeoutMs: 15 * 60_000 },\n * sessionStrategy: withSession(),\n * })\n * ```\n *\n * The factory delegates to the existing `session-policy.ts` and\n * `session.ts` modules. Splitting the import chain through this file\n * is what lets tsup tree-shake the ~495 LOC of policy + token code\n * out of the default bundle when no `withSession()` import is\n * present.\n *\n * Note: dev-unlock (`devUnlock`, `cancelDevUnlock`) is a separate\n * named import from `@noy-db/hub` and tree-shakes independently —\n * apps that don't import it never include it.\n *\n * @public\n */\n\nimport type { SessionStrategy } from './strategy.js'\nimport { createEnforcer, validateSessionPolicy } from './session-policy.js'\nimport { revokeAllSessions } from './session.js'\n\nexport function withSession(): SessionStrategy {\n return {\n validateSessionPolicy,\n createEnforcer,\n revokeAllSessions,\n }\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../../src/with-party/session/active.ts"],"sourcesContent":["/**\n * Active session strategy — `withSession()` returns the real\n * implementation that wires `SessionPolicy` validation, the\n * `PolicyEnforcer`, and the global session-token registry into the\n * Noydb lifecycle.\n *\n * Consumers opt in by:\n *\n * ```ts\n * import { createNoydb } from '@noy-db/hub'\n * import { withSession } from '@noy-db/hub/session'\n *\n * const db = await createNoydb({\n * store: ...,\n * user: ...,\n * sessionPolicy: { idleTimeoutMs: 15 * 60_000 },\n * sessionStrategy: withSession(),\n * })\n * ```\n *\n * The factory delegates to the existing `session-policy.ts` and\n * `session.ts` modules. Splitting the import chain through this file\n * is what lets tsup tree-shake the ~495 LOC of policy + token code\n * out of the default bundle when no `withSession()` import is\n * present.\n *\n * Note: dev-unlock (`devUnlock`, `cancelDevUnlock`) is a separate\n * named import from `@noy-db/hub` and tree-shakes independently —\n * apps that don't import it never include it.\n *\n * @public\n */\n\nimport type { SessionStrategy } from './strategy.js'\nimport { createEnforcer, validateSessionPolicy } from './session-policy.js'\nimport { revokeAllSessions } from './session.js'\n\nexport function withSession(): SessionStrategy {\n return {\n validateSessionPolicy,\n createEnforcer,\n revokeAllSessions,\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCO,SAAS,cAA+B;AAC7C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
|
package/dist/shadow/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { bU as ShadowStrategy } from '../index-
|
|
2
|
-
export { bV as CollectionFrame, bW as VaultFrame } from '../index-
|
|
1
|
+
import { bU as ShadowStrategy } from '../index-D4GQe1Rx.js';
|
|
2
|
+
export { bV as CollectionFrame, bW as VaultFrame } from '../index-D4GQe1Rx.js';
|
|
3
3
|
import '../subject-index-O75wKshW.js';
|
|
4
|
-
import '../describe-
|
|
4
|
+
import '../describe-C6iHNlqJ.js';
|
|
5
5
|
import '../index-B9QdHytu.js';
|
|
6
6
|
import '@noy-db/attestation';
|
|
7
7
|
|
package/dist/shadow/index.js
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import {
|
|
2
|
+
ATTESTATIONS_COLLECTION,
|
|
3
|
+
REVOKED_RECORD_ID,
|
|
4
|
+
SIGNER_RECORD_ID,
|
|
5
|
+
loadOrCreateSigner,
|
|
6
|
+
loadSigner
|
|
7
|
+
} from "./chunk-H5XRIJX3.js";
|
|
8
|
+
import "./chunk-OVO2RZAE.js";
|
|
9
|
+
import "./chunk-QKVILR7N.js";
|
|
10
|
+
import "./chunk-LN22XH4B.js";
|
|
11
|
+
import "./chunk-PGFY7IRW.js";
|
|
12
|
+
import "./chunk-TCIUO62Z.js";
|
|
13
|
+
import "./chunk-UOEWDCUX.js";
|
|
14
|
+
import "./chunk-LP7BEXCT.js";
|
|
15
|
+
import "./chunk-TLJOJBZD.js";
|
|
16
|
+
import "./chunk-U23JUUPX.js";
|
|
17
|
+
import "./chunk-PZ5AY32C.js";
|
|
18
|
+
export {
|
|
19
|
+
ATTESTATIONS_COLLECTION,
|
|
20
|
+
REVOKED_RECORD_ID,
|
|
21
|
+
SIGNER_RECORD_ID,
|
|
22
|
+
loadOrCreateSigner,
|
|
23
|
+
loadSigner
|
|
24
|
+
};
|
|
25
|
+
//# sourceMappingURL=signer-PQ74YXRY.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { bX as NoydbPodStore, bY as RetentionPolicy, bZ as SnapshotPolicy, b_ as SnapshotStrategy } from '../index-
|
|
2
|
-
export { b$ as SnapshotMeta, c0 as SnapshotMode, c1 as SnapshotNotFoundError } from '../index-
|
|
1
|
+
import { bX as NoydbPodStore, bY as RetentionPolicy, bZ as SnapshotPolicy, b_ as SnapshotStrategy } from '../index-D4GQe1Rx.js';
|
|
2
|
+
export { b$ as SnapshotMeta, c0 as SnapshotMode, c1 as SnapshotNotFoundError } from '../index-D4GQe1Rx.js';
|
|
3
3
|
import '../subject-index-O75wKshW.js';
|
|
4
|
-
import '../describe-
|
|
4
|
+
import '../describe-C6iHNlqJ.js';
|
|
5
5
|
import '../index-B9QdHytu.js';
|
|
6
6
|
import '@noy-db/attestation';
|
|
7
7
|
|
package/dist/snapshots/index.js
CHANGED
|
@@ -1,13 +1,19 @@
|
|
|
1
1
|
import {
|
|
2
2
|
readPod,
|
|
3
3
|
writePod
|
|
4
|
-
} from "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
7
|
-
import "../chunk-
|
|
4
|
+
} from "../chunk-EWR7HL3K.js";
|
|
5
|
+
import "../chunk-3QRQOBS7.js";
|
|
6
|
+
import "../chunk-OVO2RZAE.js";
|
|
7
|
+
import "../chunk-QKVILR7N.js";
|
|
8
|
+
import "../chunk-LN22XH4B.js";
|
|
9
|
+
import "../chunk-PGFY7IRW.js";
|
|
10
|
+
import "../chunk-TCIUO62Z.js";
|
|
11
|
+
import "../chunk-UOEWDCUX.js";
|
|
12
|
+
import "../chunk-LP7BEXCT.js";
|
|
13
|
+
import "../chunk-TLJOJBZD.js";
|
|
8
14
|
import {
|
|
9
15
|
SnapshotNotFoundError
|
|
10
|
-
} from "../chunk-
|
|
16
|
+
} from "../chunk-U23JUUPX.js";
|
|
11
17
|
import "../chunk-PZ5AY32C.js";
|
|
12
18
|
|
|
13
19
|
// src/with-fork/snapshots/engine.ts
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/with-fork/snapshots/engine.ts","../../src/with-fork/snapshots/active.ts"],"sourcesContent":["import { writePod, readPod } from '../../with-pod/bundle.js'\nimport { SnapshotNotFoundError } from '../../kernel/errors.js'\nimport type { NoydbPodStore } from '../../kernel/types.js'\nimport type { Vault } from '../../kernel/vault.js'\nimport type { SnapshotMeta, RetentionPolicy, SnapshotIndex } from './strategy.js'\n\nexport class SnapshotEngine {\n constructor(\n private readonly store: NoydbPodStore,\n private readonly retention: RetentionPolicy,\n ) {}\n\n private indexKey(vaultName: string): string {\n return `${vaultName}__index`\n }\n\n private snapKey(vaultName: string, n: number): string {\n return `${vaultName}__snap_${n.toString().padStart(6, '0')}`\n }\n\n private autoKey(vaultName: string): string {\n return `${vaultName}__auto`\n }\n\n private async readIndex(\n vaultName: string,\n ): Promise<{ index: SnapshotIndex; indexVersion: string | null }> {\n const result = await this.store.readBundle(this.indexKey(vaultName))\n if (!result) return { index: { snapshots: [], nextCounter: 1 }, indexVersion: null }\n const text = new TextDecoder().decode(result.bytes)\n return { index: JSON.parse(text) as SnapshotIndex, indexVersion: result.version }\n }\n\n private async writeIndex(\n vaultName: string,\n index: SnapshotIndex,\n expectedVersion: string | null,\n ): Promise<void> {\n const bytes = new TextEncoder().encode(JSON.stringify(index))\n await this.store.writeBundle(this.indexKey(vaultName), bytes, expectedVersion)\n }\n\n async snapshot(\n vault: Vault,\n by: string,\n opts?: { label?: string; note?: string },\n ): Promise<SnapshotMeta> {\n const bytes = await writePod(vault, {})\n const { index, indexVersion } = await this.readIndex(vault.name)\n const key = this.snapKey(vault.name, index.nextCounter)\n\n // Write blob first. If the subsequent index write fails, the next snapshot()\n // call will re-derive the same key (counter not persisted) and overwrite this blob.\n // This is an accepted v1 trade-off: failure window is narrow and requires a store\n // error between the two writes. A retry produces a fresh snapshot at the same key.\n await this.store.writeBundle(key, bytes, null)\n\n const meta: SnapshotMeta = {\n version: key,\n ...(opts?.label !== undefined ? { label: opts.label } : {}),\n ...(opts?.note !== undefined ? { note: opts.note } : {}),\n exportedAt: new Date().toISOString(),\n exportedBy: by,\n size: bytes.length,\n integrity: 'verified',\n }\n\n const newIndex: SnapshotIndex = {\n snapshots: [...index.snapshots, meta],\n nextCounter: index.nextCounter + 1,\n // Preserve the rolling auto slot — on-demand snapshots never touch it.\n ...(index.auto ? { auto: index.auto } : {}),\n }\n const toDelete = this.applyRetention(newIndex)\n await this.writeIndex(vault.name, newIndex, indexVersion)\n\n for (const k of toDelete) {\n await this.store.deleteBundle(k)\n }\n\n return meta\n }\n\n /**\n * Rolling auto-snapshot. Overwrites the single fixed `<vault>__auto` key and\n * stores its meta in `index.auto`, separate from the immutable `snapshots`\n * pool — retention never prunes it. Used by the cadence scheduler.\n */\n async autoSnapshot(\n vault: Vault,\n by: string,\n opts?: { label?: string; note?: string },\n ): Promise<SnapshotMeta> {\n const bytes = await writePod(vault, {})\n const { index, indexVersion } = await this.readIndex(vault.name)\n const key = this.autoKey(vault.name)\n\n // Unconditional overwrite of the rolling slot.\n await this.store.writeBundle(key, bytes, null)\n\n const meta: SnapshotMeta = {\n version: key,\n label: opts?.label ?? 'auto',\n ...(opts?.note !== undefined ? { note: opts.note } : {}),\n exportedAt: new Date().toISOString(),\n exportedBy: by,\n size: bytes.length,\n integrity: 'verified',\n auto: true,\n }\n\n index.auto = meta\n await this.writeIndex(vault.name, index, indexVersion)\n return meta\n }\n\n async listSnapshots(vaultId: string): Promise<SnapshotMeta[]> {\n const { index } = await this.readIndex(vaultId)\n const immutable = [...index.snapshots].reverse()\n return index.auto ? [index.auto, ...immutable] : immutable\n }\n\n async restoreSnapshot(vault: Vault, version: string): Promise<void> {\n if (!version.startsWith(`${vault.name}__`)) throw new SnapshotNotFoundError(version)\n const result = await this.store.readBundle(version)\n if (!result) throw new SnapshotNotFoundError(version)\n const { dumpJson } = await readPod(result.bytes)\n await vault.load(dumpJson)\n }\n\n /**\n * Applies the configured retention policy to `index`, mutating `index.snapshots`\n * in place and returning the blob keys that should be deleted from the store.\n * Called by `snapshot()` before the index is written.\n *\n * @internal — public for direct testing only\n */\n applyRetention(index: SnapshotIndex): string[] {\n const prune = this.retention.prune ?? true\n if (!prune) return []\n\n const toDelete: string[] = []\n let remaining = index.snapshots.slice()\n\n if (this.retention.keepLast !== undefined && remaining.length > this.retention.keepLast) {\n const excess = remaining.splice(0, remaining.length - this.retention.keepLast)\n toDelete.push(...excess.map(m => m.version))\n }\n\n if (this.retention.maxAgeDays !== undefined) {\n const cutoffMs = this.retention.maxAgeDays * 86_400_000\n const now = Date.now()\n const fresh = remaining.filter(m => now - new Date(m.exportedAt).getTime() <= cutoffMs)\n toDelete.push(...remaining.filter(m => !fresh.includes(m)).map(m => m.version))\n remaining = fresh\n }\n\n index.snapshots = remaining\n return toDelete\n }\n}\n","import { SnapshotEngine } from './engine.js'\nimport type { SnapshotStrategy, RetentionPolicy } from './strategy.js'\nimport type { SnapshotPolicy } from './policy.js'\nimport type { NoydbPodStore } from '../../kernel/types.js'\nimport type { Vault } from '../../kernel/vault.js'\n\nexport interface WithSnapshotsOptions {\n /** Bundle store where snapshot blobs and the sidecar index are written. */\n store: NoydbPodStore\n /**\n * Declarative retention policy. Enforced eagerly after each on-demand `snapshot()`.\n * Defaults to no retention (all on-demand snapshots kept forever). Never affects\n * the rolling auto-snapshot.\n */\n retention?: RetentionPolicy\n /**\n * Automatic-snapshot cadence. Default `mode:'manual'` ⇒ no timers; snapshots\n * stay on-demand. Set `mode:'debounce'`/`'interval'` to enable auto-snapshots\n * to the rolling `<vault>__auto` key.\n */\n snapshotPolicy?: SnapshotPolicy\n}\n\nexport function withSnapshots(opts: WithSnapshotsOptions): SnapshotStrategy {\n const engine = new SnapshotEngine(opts.store, opts.retention ?? {})\n return {\n snapshot(vault, by, snapOpts) {\n return engine.snapshot(vault as Vault, by, snapOpts)\n },\n listSnapshots(vaultId) {\n return engine.listSnapshots(vaultId)\n },\n restoreSnapshot(vault, version) {\n return engine.restoreSnapshot(vault as Vault, version)\n },\n autoSnapshot(vault, by, snapOpts) {\n return engine.autoSnapshot(vault as Vault, by, snapOpts)\n },\n ...(opts.snapshotPolicy ? { policy: opts.snapshotPolicy } : {}),\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGX,SAAS,WAA2B;AAC1C,WAAO,GAAG,SAAS;AAAA,EACrB;AAAA,EAEQ,QAAQ,WAAmB,GAAmB;AACpD,WAAO,GAAG,SAAS,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAC5D;AAAA,EAEQ,QAAQ,WAA2B;AACzC,WAAO,GAAG,SAAS;AAAA,EACrB;AAAA,EAEA,MAAc,UACZ,WACgE;AAChE,UAAM,SAAS,MAAM,KAAK,MAAM,WAAW,KAAK,SAAS,SAAS,CAAC;AACnE,QAAI,CAAC,OAAQ,QAAO,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,KAAK;AACnF,UAAM,OAAO,IAAI,YAAY,EAAE,OAAO,OAAO,KAAK;AAClD,WAAO,EAAE,OAAO,KAAK,MAAM,IAAI,GAAoB,cAAc,OAAO,QAAQ;AAAA,EAClF;AAAA,EAEA,MAAc,WACZ,WACA,OACA,iBACe;AACf,UAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,KAAK,CAAC;AAC5D,UAAM,KAAK,MAAM,YAAY,KAAK,SAAS,SAAS,GAAG,OAAO,eAAe;AAAA,EAC/E;AAAA,EAEA,MAAM,SACJ,OACA,IACA,MACuB;AACvB,UAAM,QAAQ,MAAM,SAAS,OAAO,CAAC,CAAC;AACtC,UAAM,EAAE,OAAO,aAAa,IAAI,MAAM,KAAK,UAAU,MAAM,IAAI;AAC/D,UAAM,MAAM,KAAK,QAAQ,MAAM,MAAM,MAAM,WAAW;AAMtD,UAAM,KAAK,MAAM,YAAY,KAAK,OAAO,IAAI;AAE7C,UAAM,OAAqB;AAAA,MACzB,SAAS;AAAA,MACT,GAAI,MAAM,UAAU,SAAY,EAAE,OAAO,KAAK,MAAM,IAAI,CAAC;AAAA,MACzD,GAAI,MAAM,SAAS,SAAY,EAAE,MAAM,KAAK,KAAK,IAAI,CAAC;AAAA,MACtD,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,YAAY;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW;AAAA,IACb;AAEA,UAAM,WAA0B;AAAA,MAC9B,WAAW,CAAC,GAAG,MAAM,WAAW,IAAI;AAAA,MACpC,aAAa,MAAM,cAAc;AAAA;AAAA,MAEjC,GAAI,MAAM,OAAO,EAAE,MAAM,MAAM,KAAK,IAAI,CAAC;AAAA,IAC3C;AACA,UAAM,WAAW,KAAK,eAAe,QAAQ;AAC7C,UAAM,KAAK,WAAW,MAAM,MAAM,UAAU,YAAY;AAExD,eAAW,KAAK,UAAU;AACxB,YAAM,KAAK,MAAM,aAAa,CAAC;AAAA,IACjC;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aACJ,OACA,IACA,MACuB;AACvB,UAAM,QAAQ,MAAM,SAAS,OAAO,CAAC,CAAC;AACtC,UAAM,EAAE,OAAO,aAAa,IAAI,MAAM,KAAK,UAAU,MAAM,IAAI;AAC/D,UAAM,MAAM,KAAK,QAAQ,MAAM,IAAI;AAGnC,UAAM,KAAK,MAAM,YAAY,KAAK,OAAO,IAAI;AAE7C,UAAM,OAAqB;AAAA,MACzB,SAAS;AAAA,MACT,OAAO,MAAM,SAAS;AAAA,MACtB,GAAI,MAAM,SAAS,SAAY,EAAE,MAAM,KAAK,KAAK,IAAI,CAAC;AAAA,MACtD,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,YAAY;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW;AAAA,MACX,MAAM;AAAA,IACR;AAEA,UAAM,OAAO;AACb,UAAM,KAAK,WAAW,MAAM,MAAM,OAAO,YAAY;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAAc,SAA0C;AAC5D,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,UAAU,OAAO;AAC9C,UAAM,YAAY,CAAC,GAAG,MAAM,SAAS,EAAE,QAAQ;AAC/C,WAAO,MAAM,OAAO,CAAC,MAAM,MAAM,GAAG,SAAS,IAAI;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAgB,OAAc,SAAgC;AAClE,QAAI,CAAC,QAAQ,WAAW,GAAG,MAAM,IAAI,IAAI,EAAG,OAAM,IAAI,sBAAsB,OAAO;AACnF,UAAM,SAAS,MAAM,KAAK,MAAM,WAAW,OAAO;AAClD,QAAI,CAAC,OAAQ,OAAM,IAAI,sBAAsB,OAAO;AACpD,UAAM,EAAE,SAAS,IAAI,MAAM,QAAQ,OAAO,KAAK;AAC/C,UAAM,MAAM,KAAK,QAAQ;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,eAAe,OAAgC;AAC7C,UAAM,QAAQ,KAAK,UAAU,SAAS;AACtC,QAAI,CAAC,MAAO,QAAO,CAAC;AAEpB,UAAM,WAAqB,CAAC;AAC5B,QAAI,YAAY,MAAM,UAAU,MAAM;AAEtC,QAAI,KAAK,UAAU,aAAa,UAAa,UAAU,SAAS,KAAK,UAAU,UAAU;AACvF,YAAM,SAAS,UAAU,OAAO,GAAG,UAAU,SAAS,KAAK,UAAU,QAAQ;AAC7E,eAAS,KAAK,GAAG,OAAO,IAAI,OAAK,EAAE,OAAO,CAAC;AAAA,IAC7C;AAEA,QAAI,KAAK,UAAU,eAAe,QAAW;AAC3C,YAAM,WAAW,KAAK,UAAU,aAAa;AAC7C,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,UAAU,OAAO,OAAK,MAAM,IAAI,KAAK,EAAE,UAAU,EAAE,QAAQ,KAAK,QAAQ;AACtF,eAAS,KAAK,GAAG,UAAU,OAAO,OAAK,CAAC,MAAM,SAAS,CAAC,CAAC,EAAE,IAAI,OAAK,EAAE,OAAO,CAAC;AAC9E,kBAAY;AAAA,IACd;AAEA,UAAM,YAAY;AAClB,WAAO;AAAA,EACT;AACF;;;ACzIO,SAAS,cAAc,MAA8C;AAC1E,QAAM,SAAS,IAAI,eAAe,KAAK,OAAO,KAAK,aAAa,CAAC,CAAC;AAClE,SAAO;AAAA,IACL,SAAS,OAAO,IAAI,UAAU;AAC5B,aAAO,OAAO,SAAS,OAAgB,IAAI,QAAQ;AAAA,IACrD;AAAA,IACA,cAAc,SAAS;AACrB,aAAO,OAAO,cAAc,OAAO;AAAA,IACrC;AAAA,IACA,gBAAgB,OAAO,SAAS;AAC9B,aAAO,OAAO,gBAAgB,OAAgB,OAAO;AAAA,IACvD;AAAA,IACA,aAAa,OAAO,IAAI,UAAU;AAChC,aAAO,OAAO,aAAa,OAAgB,IAAI,QAAQ;AAAA,IACzD;AAAA,IACA,GAAI,KAAK,iBAAiB,EAAE,QAAQ,KAAK,eAAe,IAAI,CAAC;AAAA,EAC/D;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../src/with-fork/snapshots/engine.ts","../../src/with-fork/snapshots/active.ts"],"sourcesContent":["import { writePod, readPod } from '../../with-pod/bundle.js'\nimport { SnapshotNotFoundError } from '../../kernel/errors.js'\nimport type { NoydbPodStore } from '../../kernel/types.js'\nimport type { Vault } from '../../kernel/vault.js'\nimport type { SnapshotMeta, RetentionPolicy, SnapshotIndex } from './strategy.js'\n\nexport class SnapshotEngine {\n constructor(\n private readonly store: NoydbPodStore,\n private readonly retention: RetentionPolicy,\n ) {}\n\n private indexKey(vaultName: string): string {\n return `${vaultName}__index`\n }\n\n private snapKey(vaultName: string, n: number): string {\n return `${vaultName}__snap_${n.toString().padStart(6, '0')}`\n }\n\n private autoKey(vaultName: string): string {\n return `${vaultName}__auto`\n }\n\n private async readIndex(\n vaultName: string,\n ): Promise<{ index: SnapshotIndex; indexVersion: string | null }> {\n const result = await this.store.readBundle(this.indexKey(vaultName))\n if (!result) return { index: { snapshots: [], nextCounter: 1 }, indexVersion: null }\n const text = new TextDecoder().decode(result.bytes)\n return { index: JSON.parse(text) as SnapshotIndex, indexVersion: result.version }\n }\n\n private async writeIndex(\n vaultName: string,\n index: SnapshotIndex,\n expectedVersion: string | null,\n ): Promise<void> {\n const bytes = new TextEncoder().encode(JSON.stringify(index))\n await this.store.writeBundle(this.indexKey(vaultName), bytes, expectedVersion)\n }\n\n async snapshot(\n vault: Vault,\n by: string,\n opts?: { label?: string; note?: string },\n ): Promise<SnapshotMeta> {\n const bytes = await writePod(vault, {})\n const { index, indexVersion } = await this.readIndex(vault.name)\n const key = this.snapKey(vault.name, index.nextCounter)\n\n // Write blob first. If the subsequent index write fails, the next snapshot()\n // call will re-derive the same key (counter not persisted) and overwrite this blob.\n // This is an accepted v1 trade-off: failure window is narrow and requires a store\n // error between the two writes. A retry produces a fresh snapshot at the same key.\n await this.store.writeBundle(key, bytes, null)\n\n const meta: SnapshotMeta = {\n version: key,\n ...(opts?.label !== undefined ? { label: opts.label } : {}),\n ...(opts?.note !== undefined ? { note: opts.note } : {}),\n exportedAt: new Date().toISOString(),\n exportedBy: by,\n size: bytes.length,\n integrity: 'verified',\n }\n\n const newIndex: SnapshotIndex = {\n snapshots: [...index.snapshots, meta],\n nextCounter: index.nextCounter + 1,\n // Preserve the rolling auto slot — on-demand snapshots never touch it.\n ...(index.auto ? { auto: index.auto } : {}),\n }\n const toDelete = this.applyRetention(newIndex)\n await this.writeIndex(vault.name, newIndex, indexVersion)\n\n for (const k of toDelete) {\n await this.store.deleteBundle(k)\n }\n\n return meta\n }\n\n /**\n * Rolling auto-snapshot. Overwrites the single fixed `<vault>__auto` key and\n * stores its meta in `index.auto`, separate from the immutable `snapshots`\n * pool — retention never prunes it. Used by the cadence scheduler.\n */\n async autoSnapshot(\n vault: Vault,\n by: string,\n opts?: { label?: string; note?: string },\n ): Promise<SnapshotMeta> {\n const bytes = await writePod(vault, {})\n const { index, indexVersion } = await this.readIndex(vault.name)\n const key = this.autoKey(vault.name)\n\n // Unconditional overwrite of the rolling slot.\n await this.store.writeBundle(key, bytes, null)\n\n const meta: SnapshotMeta = {\n version: key,\n label: opts?.label ?? 'auto',\n ...(opts?.note !== undefined ? { note: opts.note } : {}),\n exportedAt: new Date().toISOString(),\n exportedBy: by,\n size: bytes.length,\n integrity: 'verified',\n auto: true,\n }\n\n index.auto = meta\n await this.writeIndex(vault.name, index, indexVersion)\n return meta\n }\n\n async listSnapshots(vaultId: string): Promise<SnapshotMeta[]> {\n const { index } = await this.readIndex(vaultId)\n const immutable = [...index.snapshots].reverse()\n return index.auto ? [index.auto, ...immutable] : immutable\n }\n\n async restoreSnapshot(vault: Vault, version: string): Promise<void> {\n if (!version.startsWith(`${vault.name}__`)) throw new SnapshotNotFoundError(version)\n const result = await this.store.readBundle(version)\n if (!result) throw new SnapshotNotFoundError(version)\n const { dumpJson } = await readPod(result.bytes)\n await vault.load(dumpJson)\n }\n\n /**\n * Applies the configured retention policy to `index`, mutating `index.snapshots`\n * in place and returning the blob keys that should be deleted from the store.\n * Called by `snapshot()` before the index is written.\n *\n * @internal — public for direct testing only\n */\n applyRetention(index: SnapshotIndex): string[] {\n const prune = this.retention.prune ?? true\n if (!prune) return []\n\n const toDelete: string[] = []\n let remaining = index.snapshots.slice()\n\n if (this.retention.keepLast !== undefined && remaining.length > this.retention.keepLast) {\n const excess = remaining.splice(0, remaining.length - this.retention.keepLast)\n toDelete.push(...excess.map(m => m.version))\n }\n\n if (this.retention.maxAgeDays !== undefined) {\n const cutoffMs = this.retention.maxAgeDays * 86_400_000\n const now = Date.now()\n const fresh = remaining.filter(m => now - new Date(m.exportedAt).getTime() <= cutoffMs)\n toDelete.push(...remaining.filter(m => !fresh.includes(m)).map(m => m.version))\n remaining = fresh\n }\n\n index.snapshots = remaining\n return toDelete\n }\n}\n","import { SnapshotEngine } from './engine.js'\nimport type { SnapshotStrategy, RetentionPolicy } from './strategy.js'\nimport type { SnapshotPolicy } from './policy.js'\nimport type { NoydbPodStore } from '../../kernel/types.js'\nimport type { Vault } from '../../kernel/vault.js'\n\nexport interface WithSnapshotsOptions {\n /** Bundle store where snapshot blobs and the sidecar index are written. */\n store: NoydbPodStore\n /**\n * Declarative retention policy. Enforced eagerly after each on-demand `snapshot()`.\n * Defaults to no retention (all on-demand snapshots kept forever). Never affects\n * the rolling auto-snapshot.\n */\n retention?: RetentionPolicy\n /**\n * Automatic-snapshot cadence. Default `mode:'manual'` ⇒ no timers; snapshots\n * stay on-demand. Set `mode:'debounce'`/`'interval'` to enable auto-snapshots\n * to the rolling `<vault>__auto` key.\n */\n snapshotPolicy?: SnapshotPolicy\n}\n\nexport function withSnapshots(opts: WithSnapshotsOptions): SnapshotStrategy {\n const engine = new SnapshotEngine(opts.store, opts.retention ?? {})\n return {\n snapshot(vault, by, snapOpts) {\n return engine.snapshot(vault as Vault, by, snapOpts)\n },\n listSnapshots(vaultId) {\n return engine.listSnapshots(vaultId)\n },\n restoreSnapshot(vault, version) {\n return engine.restoreSnapshot(vault as Vault, version)\n },\n autoSnapshot(vault, by, snapOpts) {\n return engine.autoSnapshot(vault as Vault, by, snapOpts)\n },\n ...(opts.snapshotPolicy ? { policy: opts.snapshotPolicy } : {}),\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YACmB,OACA,WACjB;AAFiB;AACA;AAAA,EAChB;AAAA,EAFgB;AAAA,EACA;AAAA,EAGX,SAAS,WAA2B;AAC1C,WAAO,GAAG,SAAS;AAAA,EACrB;AAAA,EAEQ,QAAQ,WAAmB,GAAmB;AACpD,WAAO,GAAG,SAAS,UAAU,EAAE,SAAS,EAAE,SAAS,GAAG,GAAG,CAAC;AAAA,EAC5D;AAAA,EAEQ,QAAQ,WAA2B;AACzC,WAAO,GAAG,SAAS;AAAA,EACrB;AAAA,EAEA,MAAc,UACZ,WACgE;AAChE,UAAM,SAAS,MAAM,KAAK,MAAM,WAAW,KAAK,SAAS,SAAS,CAAC;AACnE,QAAI,CAAC,OAAQ,QAAO,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,KAAK;AACnF,UAAM,OAAO,IAAI,YAAY,EAAE,OAAO,OAAO,KAAK;AAClD,WAAO,EAAE,OAAO,KAAK,MAAM,IAAI,GAAoB,cAAc,OAAO,QAAQ;AAAA,EAClF;AAAA,EAEA,MAAc,WACZ,WACA,OACA,iBACe;AACf,UAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,KAAK,CAAC;AAC5D,UAAM,KAAK,MAAM,YAAY,KAAK,SAAS,SAAS,GAAG,OAAO,eAAe;AAAA,EAC/E;AAAA,EAEA,MAAM,SACJ,OACA,IACA,MACuB;AACvB,UAAM,QAAQ,MAAM,SAAS,OAAO,CAAC,CAAC;AACtC,UAAM,EAAE,OAAO,aAAa,IAAI,MAAM,KAAK,UAAU,MAAM,IAAI;AAC/D,UAAM,MAAM,KAAK,QAAQ,MAAM,MAAM,MAAM,WAAW;AAMtD,UAAM,KAAK,MAAM,YAAY,KAAK,OAAO,IAAI;AAE7C,UAAM,OAAqB;AAAA,MACzB,SAAS;AAAA,MACT,GAAI,MAAM,UAAU,SAAY,EAAE,OAAO,KAAK,MAAM,IAAI,CAAC;AAAA,MACzD,GAAI,MAAM,SAAS,SAAY,EAAE,MAAM,KAAK,KAAK,IAAI,CAAC;AAAA,MACtD,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,YAAY;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW;AAAA,IACb;AAEA,UAAM,WAA0B;AAAA,MAC9B,WAAW,CAAC,GAAG,MAAM,WAAW,IAAI;AAAA,MACpC,aAAa,MAAM,cAAc;AAAA;AAAA,MAEjC,GAAI,MAAM,OAAO,EAAE,MAAM,MAAM,KAAK,IAAI,CAAC;AAAA,IAC3C;AACA,UAAM,WAAW,KAAK,eAAe,QAAQ;AAC7C,UAAM,KAAK,WAAW,MAAM,MAAM,UAAU,YAAY;AAExD,eAAW,KAAK,UAAU;AACxB,YAAM,KAAK,MAAM,aAAa,CAAC;AAAA,IACjC;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aACJ,OACA,IACA,MACuB;AACvB,UAAM,QAAQ,MAAM,SAAS,OAAO,CAAC,CAAC;AACtC,UAAM,EAAE,OAAO,aAAa,IAAI,MAAM,KAAK,UAAU,MAAM,IAAI;AAC/D,UAAM,MAAM,KAAK,QAAQ,MAAM,IAAI;AAGnC,UAAM,KAAK,MAAM,YAAY,KAAK,OAAO,IAAI;AAE7C,UAAM,OAAqB;AAAA,MACzB,SAAS;AAAA,MACT,OAAO,MAAM,SAAS;AAAA,MACtB,GAAI,MAAM,SAAS,SAAY,EAAE,MAAM,KAAK,KAAK,IAAI,CAAC;AAAA,MACtD,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,YAAY;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW;AAAA,MACX,MAAM;AAAA,IACR;AAEA,UAAM,OAAO;AACb,UAAM,KAAK,WAAW,MAAM,MAAM,OAAO,YAAY;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAAc,SAA0C;AAC5D,UAAM,EAAE,MAAM,IAAI,MAAM,KAAK,UAAU,OAAO;AAC9C,UAAM,YAAY,CAAC,GAAG,MAAM,SAAS,EAAE,QAAQ;AAC/C,WAAO,MAAM,OAAO,CAAC,MAAM,MAAM,GAAG,SAAS,IAAI;AAAA,EACnD;AAAA,EAEA,MAAM,gBAAgB,OAAc,SAAgC;AAClE,QAAI,CAAC,QAAQ,WAAW,GAAG,MAAM,IAAI,IAAI,EAAG,OAAM,IAAI,sBAAsB,OAAO;AACnF,UAAM,SAAS,MAAM,KAAK,MAAM,WAAW,OAAO;AAClD,QAAI,CAAC,OAAQ,OAAM,IAAI,sBAAsB,OAAO;AACpD,UAAM,EAAE,SAAS,IAAI,MAAM,QAAQ,OAAO,KAAK;AAC/C,UAAM,MAAM,KAAK,QAAQ;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,eAAe,OAAgC;AAC7C,UAAM,QAAQ,KAAK,UAAU,SAAS;AACtC,QAAI,CAAC,MAAO,QAAO,CAAC;AAEpB,UAAM,WAAqB,CAAC;AAC5B,QAAI,YAAY,MAAM,UAAU,MAAM;AAEtC,QAAI,KAAK,UAAU,aAAa,UAAa,UAAU,SAAS,KAAK,UAAU,UAAU;AACvF,YAAM,SAAS,UAAU,OAAO,GAAG,UAAU,SAAS,KAAK,UAAU,QAAQ;AAC7E,eAAS,KAAK,GAAG,OAAO,IAAI,OAAK,EAAE,OAAO,CAAC;AAAA,IAC7C;AAEA,QAAI,KAAK,UAAU,eAAe,QAAW;AAC3C,YAAM,WAAW,KAAK,UAAU,aAAa;AAC7C,YAAM,MAAM,KAAK,IAAI;AACrB,YAAM,QAAQ,UAAU,OAAO,OAAK,MAAM,IAAI,KAAK,EAAE,UAAU,EAAE,QAAQ,KAAK,QAAQ;AACtF,eAAS,KAAK,GAAG,UAAU,OAAO,OAAK,CAAC,MAAM,SAAS,CAAC,CAAC,EAAE,IAAI,OAAK,EAAE,OAAO,CAAC;AAC9E,kBAAY;AAAA,IACd;AAEA,UAAM,YAAY;AAClB,WAAO;AAAA,EACT;AACF;;;ACzIO,SAAS,cAAc,MAA8C;AAC1E,QAAM,SAAS,IAAI,eAAe,KAAK,OAAO,KAAK,aAAa,CAAC,CAAC;AAClE,SAAO;AAAA,IACL,SAAS,OAAO,IAAI,UAAU;AAC5B,aAAO,OAAO,SAAS,OAAgB,IAAI,QAAQ;AAAA,IACrD;AAAA,IACA,cAAc,SAAS;AACrB,aAAO,OAAO,cAAc,OAAO;AAAA,IACrC;AAAA,IACA,gBAAgB,OAAO,SAAS;AAC9B,aAAO,OAAO,gBAAgB,OAAgB,OAAO;AAAA,IACvD;AAAA,IACA,aAAa,OAAO,IAAI,UAAU;AAChC,aAAO,OAAO,aAAa,OAAgB,IAAI,QAAQ;AAAA,IACzD;AAAA,IACA,GAAI,KAAK,iBAAiB,EAAE,QAAQ,KAAK,eAAe,IAAI,CAAC;AAAA,EAC/D;AACF;","names":[]}
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
isMVStale,
|
|
4
4
|
markMVStale,
|
|
5
5
|
resolveStaleMVOnRead
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-HY6ZGGEC.js";
|
|
7
7
|
import "./chunk-PZ5AY32C.js";
|
|
8
8
|
export {
|
|
9
9
|
clearMVStale,
|
|
@@ -11,4 +11,4 @@ export {
|
|
|
11
11
|
markMVStale,
|
|
12
12
|
resolveStaleMVOnRead
|
|
13
13
|
};
|
|
14
|
-
//# sourceMappingURL=stale-
|
|
14
|
+
//# sourceMappingURL=stale-7Q62KVI3.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
|