@noy-db/hub 0.3.0-pre.3 → 0.3.0-pre.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter/index.d.ts +2 -2
- package/dist/adapter/index.js +1 -1
- package/dist/aggregate/index.d.ts +3 -3
- package/dist/aggregate/index.js +4 -4
- package/dist/api-JOXUNSKP.js +20 -0
- package/dist/as/index.d.ts +4 -4
- package/dist/as/index.js +12 -9
- package/dist/at/index.d.ts +2 -2
- package/dist/attestation/index.d.ts +3 -3
- package/dist/attestation/index.js +21 -18
- package/dist/attestation/index.js.map +1 -1
- package/dist/{backup-NGRJ46SH.js → backup-MOB27UUN.js} +12 -9
- package/dist/{backup-NGRJ46SH.js.map → backup-MOB27UUN.js.map} +1 -1
- package/dist/blobs/index.d.ts +4 -4
- package/dist/blobs/index.js +11 -8
- package/dist/blobs/index.js.map +1 -1
- package/dist/bundle/index.d.ts +5 -5
- package/dist/bundle/index.js +21 -18
- package/dist/bundle/index.js.map +1 -1
- package/dist/{bundle-B-P3_Jvb.d.ts → bundle-Bs13EZtX.d.ts} +1 -1
- package/dist/by/index.js +2 -2
- package/dist/cargo/index.d.ts +4 -4
- package/dist/cargo/index.js +23 -20
- package/dist/{chunk-VBYVKOMJ.js → chunk-3QRQOBS7.js} +3 -3
- package/dist/{chunk-JFYIHLU3.js → chunk-3Y4QLJ6K.js} +2 -2
- package/dist/{chunk-BZIWKN74.js → chunk-43ISXURO.js} +2 -2
- package/dist/{chunk-7IP75FP2.js → chunk-4K3MQ5S3.js} +2 -2
- package/dist/{chunk-6DP5HBQD.js → chunk-5CY35H55.js} +9 -9
- package/dist/chunk-5EWYUR5P.js +37 -0
- package/dist/chunk-5EWYUR5P.js.map +1 -0
- package/dist/{chunk-2KSPDSWI.js → chunk-5MRE3C4Q.js} +5 -5
- package/dist/{chunk-5ZPWVNL3.js → chunk-5W7AOFWA.js} +2 -2
- package/dist/{chunk-PUNJAEY6.js → chunk-6HNKCKFZ.js} +7 -7
- package/dist/{chunk-PJDK2PPQ.js → chunk-6RXPSMKR.js} +3 -3
- package/dist/{chunk-Z44OY24N.js → chunk-7J7JRYXW.js} +9 -5
- package/dist/chunk-7J7JRYXW.js.map +1 -0
- package/dist/{chunk-MCJAUQGE.js → chunk-A5DYVMDR.js} +3 -3
- package/dist/{chunk-MIOLJG2R.js → chunk-AF5ZRTZ4.js} +5 -2
- package/dist/chunk-AF5ZRTZ4.js.map +1 -0
- package/dist/{chunk-TICO2I2O.js → chunk-BKGIWGCX.js} +2 -2
- package/dist/{chunk-O5DNEXQC.js → chunk-BMQOH7MM.js} +2 -2
- package/dist/{chunk-U6OM4E67.js → chunk-CPXPHQGX.js} +6 -6
- package/dist/{chunk-3UDPDRUC.js → chunk-EWR7HL3K.js} +4 -4
- package/dist/{chunk-CVXLJIAV.js → chunk-FH52CDEW.js} +5 -5
- package/dist/chunk-G4MGYGSS.js +130 -0
- package/dist/chunk-G4MGYGSS.js.map +1 -0
- package/dist/{chunk-FELHYKIO.js → chunk-G7RDYYTE.js} +2 -2
- package/dist/{chunk-N2FP26NH.js → chunk-GBTUANXF.js} +16 -297
- package/dist/chunk-GBTUANXF.js.map +1 -0
- package/dist/{chunk-UP6EMMDI.js → chunk-GOUNIHFA.js} +10 -10
- package/dist/{chunk-DHIN36UC.js → chunk-GQOT6QJR.js} +8 -8
- package/dist/{chunk-DGUR3CC4.js → chunk-GXGK22QU.js} +2 -2
- package/dist/{chunk-YTIAXSUE.js → chunk-GZZL5R73.js} +4 -4
- package/dist/{chunk-E4YJUNPU.js → chunk-H5XRIJX3.js} +7 -7
- package/dist/{chunk-DA34OEZU.js → chunk-H7RYPVMJ.js} +2 -2
- package/dist/{chunk-2ZORB5RW.js → chunk-HBKDR7R3.js} +3 -3
- package/dist/{chunk-BV7KNFJY.js → chunk-HLUKZ36Q.js} +9 -9
- package/dist/{chunk-ZNI3RTFV.js → chunk-HMXLN43G.js} +2 -2
- package/dist/{chunk-BYW7EU5L.js → chunk-HY6ZGGEC.js} +2 -2
- package/dist/{chunk-OVIVYAQL.js → chunk-K5P46KB3.js} +25 -10
- package/dist/chunk-K5P46KB3.js.map +1 -0
- package/dist/chunk-KYY7L72M.js +106 -0
- package/dist/chunk-KYY7L72M.js.map +1 -0
- package/dist/{chunk-5Z3RNFJC.js → chunk-LIP6JWYK.js} +3 -3
- package/dist/{chunk-OCDUQUAP.js → chunk-LN22XH4B.js} +1 -1
- package/dist/chunk-LN22XH4B.js.map +1 -0
- package/dist/chunk-LP7BEXCT.js +32 -0
- package/dist/chunk-LP7BEXCT.js.map +1 -0
- package/dist/{chunk-IJW6K6UX.js → chunk-LPRPVCNY.js} +5 -5
- package/dist/{chunk-6EVZXETK.js → chunk-M66NAZA4.js} +3 -3
- package/dist/{chunk-HGQG3VIP.js → chunk-N5YVZHCB.js} +2 -2
- package/dist/{chunk-IWVWB7BZ.js → chunk-NB47TXGP.js} +12 -12
- package/dist/chunk-NO272T7Q.js +194 -0
- package/dist/chunk-NO272T7Q.js.map +1 -0
- package/dist/{chunk-6OQ7NKMZ.js → chunk-O2DB4C3M.js} +6 -6
- package/dist/{chunk-LHYQE3BP.js → chunk-OFBFAVLI.js} +6 -6
- package/dist/{chunk-ZFME46HJ.js → chunk-OPTFANOX.js} +3 -3
- package/dist/chunk-OPTFANOX.js.map +1 -0
- package/dist/{chunk-5EZAJEES.js → chunk-OVO2RZAE.js} +81 -27
- package/dist/chunk-OVO2RZAE.js.map +1 -0
- package/dist/{chunk-6I2YPLAG.js → chunk-P27Z66EB.js} +7 -7
- package/dist/{chunk-7MHVHGQZ.js → chunk-P2LDXRGP.js} +2 -2
- package/dist/chunk-P3NGV5RV.js +41 -0
- package/dist/chunk-P3NGV5RV.js.map +1 -0
- package/dist/{chunk-YN66UOXT.js → chunk-P3V7JTB6.js} +25 -9
- package/dist/{chunk-YN66UOXT.js.map → chunk-P3V7JTB6.js.map} +1 -1
- package/dist/{chunk-NPVICKZE.js → chunk-P5WXDYMD.js} +8 -197
- package/dist/chunk-P5WXDYMD.js.map +1 -0
- package/dist/{chunk-CPAROOKP.js → chunk-PGFY7IRW.js} +12 -41
- package/dist/chunk-PGFY7IRW.js.map +1 -0
- package/dist/{chunk-6RASM2J4.js → chunk-QKVILR7N.js} +2 -2
- package/dist/{chunk-LKBLAUOB.js → chunk-QNTEDPWP.js} +3 -3
- package/dist/{chunk-P6UXDALK.js → chunk-RDHAGBEB.js} +3 -3
- package/dist/{chunk-XRE4JOEO.js → chunk-RTS23VIJ.js} +2 -2
- package/dist/{chunk-PYWW4KLO.js → chunk-SEQ2JI3Y.js} +9 -9
- package/dist/{chunk-VHEEU4ZO.js → chunk-SW56GSYC.js} +2 -2
- package/dist/{chunk-46YGCU6Z.js → chunk-T2EGAXPM.js} +2 -2
- package/dist/{chunk-LES2Z7B4.js → chunk-T45LAT2Y.js} +2 -2
- package/dist/{chunk-4NMFWOS2.js → chunk-T65UZXR6.js} +3 -3
- package/dist/{chunk-2N4MUSF3.js → chunk-TB5RNNJ4.js} +7 -7
- package/dist/chunk-TCIUO62Z.js +29 -0
- package/dist/chunk-TCIUO62Z.js.map +1 -0
- package/dist/chunk-THNJ3IKU.js +17 -0
- package/dist/chunk-THNJ3IKU.js.map +1 -0
- package/dist/{chunk-L4IRFTIF.js → chunk-TLJOJBZD.js} +3 -23
- package/dist/chunk-TLJOJBZD.js.map +1 -0
- package/dist/chunk-TQ3REHVF.js +95 -0
- package/dist/chunk-TQ3REHVF.js.map +1 -0
- package/dist/{chunk-NIA5VQ7G.js → chunk-TVRQ3RYH.js} +28 -9
- package/dist/chunk-TVRQ3RYH.js.map +1 -0
- package/dist/{chunk-6CNLU4TO.js → chunk-TYGW5TOR.js} +7 -7
- package/dist/{chunk-BLZRNHMG.js → chunk-U23JUUPX.js} +8 -1
- package/dist/{chunk-BLZRNHMG.js.map → chunk-U23JUUPX.js.map} +1 -1
- package/dist/{chunk-U5DWHU3S.js → chunk-U24XHXNK.js} +2 -2
- package/dist/chunk-ULIHDPKL.js +94 -0
- package/dist/chunk-ULIHDPKL.js.map +1 -0
- package/dist/chunk-UOEWDCUX.js +69 -0
- package/dist/chunk-UOEWDCUX.js.map +1 -0
- package/dist/{chunk-5A6TC3RQ.js → chunk-VAWY44JW.js} +8 -8
- package/dist/{chunk-5A6TC3RQ.js.map → chunk-VAWY44JW.js.map} +1 -1
- package/dist/{chunk-NTHKOFVL.js → chunk-VFRNWE5P.js} +52 -8
- package/dist/chunk-VFRNWE5P.js.map +1 -0
- package/dist/{chunk-4DZGZ7II.js → chunk-VMJ5URU7.js} +8 -8
- package/dist/chunk-VMJ5URU7.js.map +1 -0
- package/dist/{chunk-YDP2SA5K.js → chunk-VPCMJ5Z4.js} +5 -5
- package/dist/{chunk-ZAWD6O46.js → chunk-VRPBEOWU.js} +2 -2
- package/dist/{chunk-AY4P6PHN.js → chunk-VWGCJUTV.js} +2 -2
- package/dist/{chunk-IIK7W3AN.js → chunk-XJR3COJO.js} +5 -5
- package/dist/{chunk-ZD4D7UM6.js → chunk-XYYW64LB.js} +2 -2
- package/dist/{chunk-4NZCZUGL.js → chunk-YFF2RP3X.js} +2 -2
- package/dist/{chunk-WVIIJPTJ.js → chunk-Z3FZC5GV.js} +7 -7
- package/dist/{chunk-55HDKLI3.js → chunk-Z5PIUYNB.js} +8 -8
- package/dist/{chunk-ZRDYQZYH.js → chunk-Z7KI4WHR.js} +2 -2
- package/dist/chunk-ZKF6HH7V.js +120 -0
- package/dist/chunk-ZKF6HH7V.js.map +1 -0
- package/dist/{chunk-P6DN5QU7.js → chunk-ZKYMKF2S.js} +8 -8
- package/dist/{chunk-ADBMJDBW.js → chunk-ZPHDGUZZ.js} +445 -1077
- package/dist/chunk-ZPHDGUZZ.js.map +1 -0
- package/dist/{chunk-NMRKAGHE.js → chunk-ZROMNP7Q.js} +2 -2
- package/dist/classified/index.d.ts +4 -4
- package/dist/classified/index.js +3 -3
- package/dist/collection-facade-MKEBZDWW.js +39 -0
- package/dist/computed-BMMEFRFJ.js +11 -0
- package/dist/config-drift-KGM7ZRW4.js +24 -0
- package/dist/config-drift-KGM7ZRW4.js.map +1 -0
- package/dist/consent/index.d.ts +3 -3
- package/dist/consent/index.js +10 -7
- package/dist/consent/index.js.map +1 -1
- package/dist/crdt/index.d.ts +3 -3
- package/dist/delegation-BQNIEHZE.js +25 -0
- package/dist/derivations/index.d.ts +4 -4
- package/dist/derivations/index.js +12 -9
- package/dist/describe/index.d.ts +1 -1
- package/dist/{describe-0tiXAjoO.d.ts → describe-C6iHNlqJ.d.ts} +9 -0
- package/dist/{dev-unlock-B_s9DUWa.d.ts → dev-unlock-Cqd5Xv5J.d.ts} +1 -1
- package/dist/{enclave-IS7HZSQ7.js → enclave-YN6223OG.js} +21 -8
- package/dist/executor-CBTNU5VZ.js +9 -0
- package/dist/executor-DJHNSTIR.js +9 -0
- package/dist/executor-FGISLQIN.js +21 -0
- package/dist/export-accessible-P7SLRLK3.js +23 -0
- package/dist/extract-partition-RNVSFHAB.js +36 -0
- package/dist/{fanout-sidecar-DDKRG2MX.js → fanout-sidecar-WS22Q5WH.js} +12 -9
- package/dist/{fanout-sidecar-DDKRG2MX.js.map → fanout-sidecar-WS22Q5WH.js.map} +1 -1
- package/dist/fence-watcher-DHQ775JB.js +69 -0
- package/dist/fence-watcher-DHQ775JB.js.map +1 -0
- package/dist/find-RNBG7LBY.js +11 -0
- package/dist/forget/index.js +10 -7
- package/dist/forget/index.js.map +1 -1
- package/dist/guards/index.d.ts +4 -4
- package/dist/guards/index.js +3 -3
- package/dist/{hash-CWxn7sf6.d.ts → hash-D8Q5MJLA.d.ts} +1 -1
- package/dist/history/index.d.ts +4 -4
- package/dist/history/index.js +12 -9
- package/dist/history/index.js.map +1 -1
- package/dist/i18n/index.d.ts +3 -3
- package/dist/i18n/index.js +14 -11
- package/dist/i18n/index.js.map +1 -1
- package/dist/in/index.d.ts +2 -2
- package/dist/{index-D05bV0_g.d.ts → index-D4GQe1Rx.d.ts} +818 -49
- package/dist/{index-DTMUUwwW.d.ts → index-DRxk8q_7.d.ts} +3 -3
- package/dist/index.d.ts +46 -17
- package/dist/index.js +1021 -122
- package/dist/index.js.map +1 -1
- package/dist/indexing/index.d.ts +3 -3
- package/dist/indexing/index.js +4 -4
- package/dist/issue-W5QG53B5.js +19 -0
- package/dist/json-schema-I22JCYCG.js +44 -0
- package/dist/json-schema-I22JCYCG.js.map +1 -0
- package/dist/kernel/index.d.ts +3 -3
- package/dist/kernel/index.js +13 -10
- package/dist/lazy/index.d.ts +21 -0
- package/dist/lazy/index.js +12 -0
- package/dist/{ledger-YUAJUNFP.js → ledger-KZWBKAG5.js} +12 -9
- package/dist/liberate-GMGCHIND.js +24 -0
- package/dist/link-set-UQEIYQAM.js +31 -0
- package/dist/materialized-views/index.d.ts +4 -4
- package/dist/materialized-views/index.js +16 -13
- package/dist/{mime-magic-Qr_4HjP6.d.ts → mime-magic-DmwT7OzZ.d.ts} +1 -1
- package/dist/noydb-KS2O2MRI.js +60 -0
- package/dist/on/index.d.ts +2 -2
- package/dist/on/index.js +10 -7
- package/dist/overlay-views/index.d.ts +4 -4
- package/dist/overlay-views/index.js +4 -4
- package/dist/periods/index.d.ts +3 -3
- package/dist/periods/index.js +13 -10
- package/dist/pod/index.d.ts +3 -3
- package/dist/pod/index.js +12 -9
- package/dist/{policy-LRE6HTO5.js → policy-YIKUH4AD.js} +5 -5
- package/dist/portability/index.d.ts +3 -3
- package/dist/portability/index.js +8 -8
- package/dist/{public-envelope-WVRRUVAJ.js → public-envelope-MRN5YYZZ.js} +4 -4
- package/dist/query/index.d.ts +2 -2
- package/dist/query/index.js +6 -6
- package/dist/register-K6DDSIXN.js +21 -0
- package/dist/registry-IMNMHWTM.js +17 -0
- package/dist/registry-K6VUQXKV.js +19 -0
- package/dist/registry-ZVO3T4M5.js +9 -0
- package/dist/request-withdrawal-EHALV66Y.js +31 -0
- package/dist/request-withdrawal-EHALV66Y.js.map +1 -0
- package/dist/{reveal-WSUHXCSS.js → reveal-TBLTFWQ2.js} +6 -5
- package/dist/{reveal-WSUHXCSS.js.map → reveal-TBLTFWQ2.js.map} +1 -1
- package/dist/revoke-MHAUAESM.js +24 -0
- package/dist/revoke-MHAUAESM.js.map +1 -0
- package/dist/sealed-record/index.d.ts +3 -3
- package/dist/sealed-record/index.js +13 -10
- package/dist/sealed-record/index.js.map +1 -1
- package/dist/session/index.d.ts +4 -4
- package/dist/session/index.js +10 -7
- package/dist/session/index.js.map +1 -1
- package/dist/shadow/index.d.ts +3 -3
- package/dist/shadow/index.js +2 -2
- package/dist/signer-PQ74YXRY.js +25 -0
- package/dist/signer-PQ74YXRY.js.map +1 -0
- package/dist/snapshots/index.d.ts +3 -3
- package/dist/snapshots/index.js +11 -8
- package/dist/snapshots/index.js.map +1 -1
- package/dist/{stale-LX4BR43V.js → stale-7Q62KVI3.js} +2 -2
- package/dist/stale-7Q62KVI3.js.map +1 -0
- package/dist/storage-5E6YB2JY.js +21 -0
- package/dist/storage-5E6YB2JY.js.map +1 -0
- package/dist/{store-coordination-provider-KTRIC6PR.js → store-coordination-provider-JJCEMTAE.js} +3 -3
- package/dist/sync/index.d.ts +2 -2
- package/dist/sync/index.js +10 -7
- package/dist/sync/index.js.map +1 -1
- package/dist/team/index.d.ts +18 -4
- package/dist/team/index.js +24 -14
- package/dist/tiers/index.d.ts +2 -2
- package/dist/tiers/index.js +11 -8
- package/dist/to/index.d.ts +2 -2
- package/dist/to/index.js +1 -1
- package/dist/{transition-guard-C1Pyz8nH.d.ts → transition-guard-C4hvR-Ac.d.ts} +1 -1
- package/dist/tx/index.d.ts +3 -3
- package/dist/tx/index.js +3 -3
- package/dist/ui/index.d.ts +1 -1
- package/dist/util/index.js +1 -1
- package/dist/validators-Ctgkj5qd.d.ts +101 -0
- package/dist/{vault-diff-Fn0WeY2w.d.ts → vault-diff-B1Ir6EGs.d.ts} +1 -1
- package/dist/{verify-SW6J63Q2.js → verify-YB5LQHNA.js} +11 -7
- package/dist/{verify-SW6J63Q2.js.map → verify-YB5LQHNA.js.map} +1 -1
- package/dist/walk-5C3GPKT2.js +241 -0
- package/dist/walk-5C3GPKT2.js.map +1 -0
- package/dist/with/index.d.ts +3 -3
- package/dist/with/index.js +12 -9
- package/dist/{with-materialized-view-NKxs6iK5.d.ts → with-materialized-view-Bp65kKdQ.d.ts} +1 -1
- package/dist/{with-overlayed-view-B4fPYHwV.d.ts → with-overlayed-view-BRhdQNrK.d.ts} +1 -1
- package/dist/{with-rollup-Bl0sRFEt.d.ts → with-rollup-bQRPc3y1.d.ts} +1 -1
- package/dist/withdraw-accessible-JMX2TCPX.js +28 -0
- package/dist/withdraw-accessible-JMX2TCPX.js.map +1 -0
- package/package.json +7 -3
- package/dist/api-LORZ2EZU.js +0 -17
- package/dist/chunk-4DZGZ7II.js.map +0 -1
- package/dist/chunk-5EZAJEES.js.map +0 -1
- package/dist/chunk-ADBMJDBW.js.map +0 -1
- package/dist/chunk-CPAROOKP.js.map +0 -1
- package/dist/chunk-L4IRFTIF.js.map +0 -1
- package/dist/chunk-MIOLJG2R.js.map +0 -1
- package/dist/chunk-N2FP26NH.js.map +0 -1
- package/dist/chunk-NIA5VQ7G.js.map +0 -1
- package/dist/chunk-NPVICKZE.js.map +0 -1
- package/dist/chunk-NTHKOFVL.js.map +0 -1
- package/dist/chunk-OCDUQUAP.js.map +0 -1
- package/dist/chunk-OVIVYAQL.js.map +0 -1
- package/dist/chunk-QLQS5A7X.js +0 -524
- package/dist/chunk-QLQS5A7X.js.map +0 -1
- package/dist/chunk-Z44OY24N.js.map +0 -1
- package/dist/chunk-ZFME46HJ.js.map +0 -1
- package/dist/collection-facade-XPVRHBGU.js +0 -36
- package/dist/delegation-4HUHUE6T.js +0 -22
- package/dist/executor-ANFBCOYA.js +0 -9
- package/dist/executor-IKT47SH2.js +0 -9
- package/dist/executor-OIECZXTV.js +0 -18
- package/dist/export-accessible-NZWCFZHL.js +0 -20
- package/dist/extract-partition-52LX6RQH.js +0 -33
- package/dist/issue-F4SYPJGJ.js +0 -16
- package/dist/liberate-6LDETRIW.js +0 -21
- package/dist/noydb-WQNBVJIG.js +0 -54
- package/dist/registry-6HZ2JSQ7.js +0 -14
- package/dist/registry-GPXZQ7DT.js +0 -9
- package/dist/registry-USYD2ECC.js +0 -16
- package/dist/request-withdrawal-54V4L6CR.js +0 -28
- package/dist/revoke-JV26NTQD.js +0 -21
- package/dist/signer-AE56T5HE.js +0 -22
- package/dist/validators-Dzn7T-3x.d.ts +0 -62
- package/dist/withdraw-accessible-DGA4V2TP.js +0 -25
- /package/dist/{api-LORZ2EZU.js.map → api-JOXUNSKP.js.map} +0 -0
- /package/dist/{chunk-VBYVKOMJ.js.map → chunk-3QRQOBS7.js.map} +0 -0
- /package/dist/{chunk-JFYIHLU3.js.map → chunk-3Y4QLJ6K.js.map} +0 -0
- /package/dist/{chunk-BZIWKN74.js.map → chunk-43ISXURO.js.map} +0 -0
- /package/dist/{chunk-7IP75FP2.js.map → chunk-4K3MQ5S3.js.map} +0 -0
- /package/dist/{chunk-6DP5HBQD.js.map → chunk-5CY35H55.js.map} +0 -0
- /package/dist/{chunk-2KSPDSWI.js.map → chunk-5MRE3C4Q.js.map} +0 -0
- /package/dist/{chunk-5ZPWVNL3.js.map → chunk-5W7AOFWA.js.map} +0 -0
- /package/dist/{chunk-PUNJAEY6.js.map → chunk-6HNKCKFZ.js.map} +0 -0
- /package/dist/{chunk-PJDK2PPQ.js.map → chunk-6RXPSMKR.js.map} +0 -0
- /package/dist/{chunk-MCJAUQGE.js.map → chunk-A5DYVMDR.js.map} +0 -0
- /package/dist/{chunk-TICO2I2O.js.map → chunk-BKGIWGCX.js.map} +0 -0
- /package/dist/{chunk-O5DNEXQC.js.map → chunk-BMQOH7MM.js.map} +0 -0
- /package/dist/{chunk-U6OM4E67.js.map → chunk-CPXPHQGX.js.map} +0 -0
- /package/dist/{chunk-3UDPDRUC.js.map → chunk-EWR7HL3K.js.map} +0 -0
- /package/dist/{chunk-CVXLJIAV.js.map → chunk-FH52CDEW.js.map} +0 -0
- /package/dist/{chunk-FELHYKIO.js.map → chunk-G7RDYYTE.js.map} +0 -0
- /package/dist/{chunk-UP6EMMDI.js.map → chunk-GOUNIHFA.js.map} +0 -0
- /package/dist/{chunk-DHIN36UC.js.map → chunk-GQOT6QJR.js.map} +0 -0
- /package/dist/{chunk-DGUR3CC4.js.map → chunk-GXGK22QU.js.map} +0 -0
- /package/dist/{chunk-YTIAXSUE.js.map → chunk-GZZL5R73.js.map} +0 -0
- /package/dist/{chunk-E4YJUNPU.js.map → chunk-H5XRIJX3.js.map} +0 -0
- /package/dist/{chunk-DA34OEZU.js.map → chunk-H7RYPVMJ.js.map} +0 -0
- /package/dist/{chunk-2ZORB5RW.js.map → chunk-HBKDR7R3.js.map} +0 -0
- /package/dist/{chunk-BV7KNFJY.js.map → chunk-HLUKZ36Q.js.map} +0 -0
- /package/dist/{chunk-ZNI3RTFV.js.map → chunk-HMXLN43G.js.map} +0 -0
- /package/dist/{chunk-BYW7EU5L.js.map → chunk-HY6ZGGEC.js.map} +0 -0
- /package/dist/{chunk-5Z3RNFJC.js.map → chunk-LIP6JWYK.js.map} +0 -0
- /package/dist/{chunk-IJW6K6UX.js.map → chunk-LPRPVCNY.js.map} +0 -0
- /package/dist/{chunk-6EVZXETK.js.map → chunk-M66NAZA4.js.map} +0 -0
- /package/dist/{chunk-HGQG3VIP.js.map → chunk-N5YVZHCB.js.map} +0 -0
- /package/dist/{chunk-IWVWB7BZ.js.map → chunk-NB47TXGP.js.map} +0 -0
- /package/dist/{chunk-6OQ7NKMZ.js.map → chunk-O2DB4C3M.js.map} +0 -0
- /package/dist/{chunk-LHYQE3BP.js.map → chunk-OFBFAVLI.js.map} +0 -0
- /package/dist/{chunk-6I2YPLAG.js.map → chunk-P27Z66EB.js.map} +0 -0
- /package/dist/{chunk-7MHVHGQZ.js.map → chunk-P2LDXRGP.js.map} +0 -0
- /package/dist/{chunk-6RASM2J4.js.map → chunk-QKVILR7N.js.map} +0 -0
- /package/dist/{chunk-LKBLAUOB.js.map → chunk-QNTEDPWP.js.map} +0 -0
- /package/dist/{chunk-P6UXDALK.js.map → chunk-RDHAGBEB.js.map} +0 -0
- /package/dist/{chunk-XRE4JOEO.js.map → chunk-RTS23VIJ.js.map} +0 -0
- /package/dist/{chunk-PYWW4KLO.js.map → chunk-SEQ2JI3Y.js.map} +0 -0
- /package/dist/{chunk-VHEEU4ZO.js.map → chunk-SW56GSYC.js.map} +0 -0
- /package/dist/{chunk-46YGCU6Z.js.map → chunk-T2EGAXPM.js.map} +0 -0
- /package/dist/{chunk-LES2Z7B4.js.map → chunk-T45LAT2Y.js.map} +0 -0
- /package/dist/{chunk-4NMFWOS2.js.map → chunk-T65UZXR6.js.map} +0 -0
- /package/dist/{chunk-2N4MUSF3.js.map → chunk-TB5RNNJ4.js.map} +0 -0
- /package/dist/{chunk-6CNLU4TO.js.map → chunk-TYGW5TOR.js.map} +0 -0
- /package/dist/{chunk-U5DWHU3S.js.map → chunk-U24XHXNK.js.map} +0 -0
- /package/dist/{chunk-YDP2SA5K.js.map → chunk-VPCMJ5Z4.js.map} +0 -0
- /package/dist/{chunk-ZAWD6O46.js.map → chunk-VRPBEOWU.js.map} +0 -0
- /package/dist/{chunk-AY4P6PHN.js.map → chunk-VWGCJUTV.js.map} +0 -0
- /package/dist/{chunk-IIK7W3AN.js.map → chunk-XJR3COJO.js.map} +0 -0
- /package/dist/{chunk-ZD4D7UM6.js.map → chunk-XYYW64LB.js.map} +0 -0
- /package/dist/{chunk-4NZCZUGL.js.map → chunk-YFF2RP3X.js.map} +0 -0
- /package/dist/{chunk-WVIIJPTJ.js.map → chunk-Z3FZC5GV.js.map} +0 -0
- /package/dist/{chunk-55HDKLI3.js.map → chunk-Z5PIUYNB.js.map} +0 -0
- /package/dist/{chunk-ZRDYQZYH.js.map → chunk-Z7KI4WHR.js.map} +0 -0
- /package/dist/{chunk-P6DN5QU7.js.map → chunk-ZKYMKF2S.js.map} +0 -0
- /package/dist/{chunk-NMRKAGHE.js.map → chunk-ZROMNP7Q.js.map} +0 -0
- /package/dist/{collection-facade-XPVRHBGU.js.map → collection-facade-MKEBZDWW.js.map} +0 -0
- /package/dist/{delegation-4HUHUE6T.js.map → computed-BMMEFRFJ.js.map} +0 -0
- /package/dist/{enclave-IS7HZSQ7.js.map → delegation-BQNIEHZE.js.map} +0 -0
- /package/dist/{executor-ANFBCOYA.js.map → enclave-YN6223OG.js.map} +0 -0
- /package/dist/{executor-IKT47SH2.js.map → executor-CBTNU5VZ.js.map} +0 -0
- /package/dist/{executor-OIECZXTV.js.map → executor-DJHNSTIR.js.map} +0 -0
- /package/dist/{export-accessible-NZWCFZHL.js.map → executor-FGISLQIN.js.map} +0 -0
- /package/dist/{extract-partition-52LX6RQH.js.map → export-accessible-P7SLRLK3.js.map} +0 -0
- /package/dist/{issue-F4SYPJGJ.js.map → extract-partition-RNVSFHAB.js.map} +0 -0
- /package/dist/{ledger-YUAJUNFP.js.map → find-RNBG7LBY.js.map} +0 -0
- /package/dist/{liberate-6LDETRIW.js.map → issue-W5QG53B5.js.map} +0 -0
- /package/dist/{noydb-WQNBVJIG.js.map → lazy/index.js.map} +0 -0
- /package/dist/{policy-LRE6HTO5.js.map → ledger-KZWBKAG5.js.map} +0 -0
- /package/dist/{public-envelope-WVRRUVAJ.js.map → liberate-GMGCHIND.js.map} +0 -0
- /package/dist/{registry-6HZ2JSQ7.js.map → link-set-UQEIYQAM.js.map} +0 -0
- /package/dist/{registry-GPXZQ7DT.js.map → noydb-KS2O2MRI.js.map} +0 -0
- /package/dist/{registry-USYD2ECC.js.map → policy-YIKUH4AD.js.map} +0 -0
- /package/dist/{request-withdrawal-54V4L6CR.js.map → public-envelope-MRN5YYZZ.js.map} +0 -0
- /package/dist/{revoke-JV26NTQD.js.map → register-K6DDSIXN.js.map} +0 -0
- /package/dist/{signer-AE56T5HE.js.map → registry-IMNMHWTM.js.map} +0 -0
- /package/dist/{stale-LX4BR43V.js.map → registry-K6VUQXKV.js.map} +0 -0
- /package/dist/{withdraw-accessible-DGA4V2TP.js.map → registry-ZVO3T4M5.js.map} +0 -0
- /package/dist/{store-coordination-provider-KTRIC6PR.js.map → store-coordination-provider-JJCEMTAE.js.map} +0 -0
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { L as LedgerEntry, F as ForgetStrategy, c as SubjectRef, a as ForgetResult } from './subject-index-O75wKshW.js';
|
|
2
|
-
import { V as VaultMeta, a as CollectionMeta, F as FieldMeta, C as CollectionDescription, D as DescribeOptions } from './describe-
|
|
2
|
+
import { V as VaultMeta, a as CollectionMeta, F as FieldMeta, C as CollectionDescription, D as DescribeOptions } from './describe-C6iHNlqJ.js';
|
|
3
3
|
import { C as CoordinationProvider, W as WriteEvent, a as WriteHook, U as Unsubscribe$3, b as WriteHookRegistry } from './index-B9QdHytu.js';
|
|
4
4
|
import { AttestationFieldSchema, QrPayload, RevocationList } from '@noy-db/attestation';
|
|
5
5
|
|
|
@@ -630,6 +630,17 @@ declare class Lru<K, V> {
|
|
|
630
630
|
* Internal service — not exported as a `@noy-db/hub/*` subpath.
|
|
631
631
|
*/
|
|
632
632
|
|
|
633
|
+
/**
|
|
634
|
+
* One classified per-slot verdict from {@link RecordCodec.classifySealedShred}.
|
|
635
|
+
* `shreddable` — CEK-only, tombstone makes it undecryptable. `dekResidue` —
|
|
636
|
+
* collection-DEK-keyed, survives in synced/backup copies. The third class is
|
|
637
|
+
* BOTH: a `_bidx` blind-index tag is live-dropped by the tombstone yet retained
|
|
638
|
+
* under the surviving DEK in any pre-forget backup (honest dual accounting).
|
|
639
|
+
*/
|
|
640
|
+
type SealedShredSlot = {
|
|
641
|
+
readonly field: string;
|
|
642
|
+
readonly class: 'shreddable' | 'dekResidue' | 'live-shreddable+dekResidue-in-backups';
|
|
643
|
+
};
|
|
633
644
|
/** Everything the moving crypto methods touched on `this.*`, as a flat context. */
|
|
634
645
|
interface RecordCodecContext<T> {
|
|
635
646
|
/** Collection name — the crypto AAD scope and schema-error context. */
|
|
@@ -648,6 +659,16 @@ interface RecordCodecContext<T> {
|
|
|
648
659
|
readonly deterministicFields: ReadonlySet<string> | null;
|
|
649
660
|
/** Digest-only classified fields → verify policy (stage 2). Null when none. */
|
|
650
661
|
readonly vdigFields: ReadonlyMap<string, VdigFieldPolicy> | null;
|
|
662
|
+
/**
|
|
663
|
+
* C-A / R10 config-drift signal: the persisted `x-classified` marker's
|
|
664
|
+
* declared digest-only field set (empty when the collection carries no
|
|
665
|
+
* marker). Lazy, memoized (O(1) per handle after the first call). The R10
|
|
666
|
+
* superset guard refuses whenever a field in this set is absent from
|
|
667
|
+
* `vdigFields`. Consulted once per handle on any encrypted write path — the
|
|
668
|
+
* cross-session, prev-free signal a fully-naive create has no `prev` for.
|
|
669
|
+
* Undefined on codecs with no store access (direct-construction tests).
|
|
670
|
+
*/
|
|
671
|
+
classifiedMarkerDigestOnly?(): Promise<readonly string[]>;
|
|
651
672
|
/** CRDT mode (decrypt resolves CrdtState→snapshot when set). */
|
|
652
673
|
readonly crdtMode: CrdtMode | undefined;
|
|
653
674
|
/** CRDT strategy seam (resolveCrdtSnapshot). */
|
|
@@ -760,8 +781,7 @@ declare class RecordCodec<T> {
|
|
|
760
781
|
* `_cek` (pure legacy collection-DEK sealing) ALL slots are residue.
|
|
761
782
|
*/
|
|
762
783
|
classifySealedShred(live: EncryptedEnvelope): Promise<{
|
|
763
|
-
|
|
764
|
-
dekResidue: string[];
|
|
784
|
+
readonly slots: readonly SealedShredSlot[];
|
|
765
785
|
}>;
|
|
766
786
|
/**
|
|
767
787
|
* Build a non-leaking {@link Sealed} handle over a sealed field's ciphertext.
|
|
@@ -3437,6 +3457,18 @@ declare class PortabilityNotEnabledError extends NoydbError {
|
|
|
3437
3457
|
declare class CustodyNotEnabledError extends NoydbError {
|
|
3438
3458
|
constructor(message?: string);
|
|
3439
3459
|
}
|
|
3460
|
+
/**
|
|
3461
|
+
* Thrown when a multi-user team operation — `db.grant`, `db.revoke`, or
|
|
3462
|
+
* `db.rotate` — is called without opting into the team capability (the
|
|
3463
|
+
* default `NO_TEAM` stub). The always-on floor is single-user by design
|
|
3464
|
+
* (#267 keyring-grant → team split): enable multi-user grant/revoke/rotate
|
|
3465
|
+
* with `teamStrategy: withTeam()` from "@noy-db/hub/team" in createNoydb().
|
|
3466
|
+
* Single-user primitives (owner keyring, unlock, `listUsers`, `updateUser`,
|
|
3467
|
+
* passphrase rotate/recover) stay ungated.
|
|
3468
|
+
*/
|
|
3469
|
+
declare class TeamNotEnabledError extends NoydbError {
|
|
3470
|
+
constructor(message?: string);
|
|
3471
|
+
}
|
|
3440
3472
|
/**
|
|
3441
3473
|
* Thrown when a search / retrieval capability method — `collection.search`,
|
|
3442
3474
|
* `collection.retrieve`, `collection.similarTo`, `collection.warmIndex`,
|
|
@@ -4909,8 +4941,17 @@ interface ConsentContext {
|
|
|
4909
4941
|
*/
|
|
4910
4942
|
readonly consentHash: string;
|
|
4911
4943
|
}
|
|
4912
|
-
/**
|
|
4913
|
-
|
|
4944
|
+
/**
|
|
4945
|
+
* Access operation recorded in an audit entry.
|
|
4946
|
+
*
|
|
4947
|
+
* Union-widening checklist (I-2) — these three sites widen together or a
|
|
4948
|
+
* downstream exhaustive switch breaks at its next in-range minor:
|
|
4949
|
+
* 1. `ConsentOp` here (public, re-exported at `index.ts`).
|
|
4950
|
+
* 2. `onAccess` op union on `kernel/collection-config.ts`.
|
|
4951
|
+
* 3. classified ctx `onAccess` op union on `with-shape/classified/strategy.ts`
|
|
4952
|
+
* (the `ClassifiedVerifyCtx` one — the `ClassifiedRevealCtx` one stays `'reveal'`-only).
|
|
4953
|
+
*/
|
|
4954
|
+
type ConsentOp = 'get' | 'put' | 'delete' | 'reveal' | 'verify' | 'find';
|
|
4914
4955
|
/** One consent-audit record, as decrypted for the caller. */
|
|
4915
4956
|
interface ConsentAuditEntry {
|
|
4916
4957
|
/** ULID — stable insertion-order key. */
|
|
@@ -5719,6 +5760,14 @@ interface ClassifiedFieldSpec {
|
|
|
5719
5760
|
readonly notLastN?: number;
|
|
5720
5761
|
/** Member of the collection's matchGroup (secretAnswer preset). */
|
|
5721
5762
|
readonly verifyGroupMember?: true;
|
|
5763
|
+
/**
|
|
5764
|
+
* Opt into a store-visible blind-index (`_bidx`) tag so equal values become
|
|
5765
|
+
* queryable/joinable while staying digest-only. Digest-only knob (R7); gated
|
|
5766
|
+
* behind the collection's `acknowledgeEquatableRisk` door (R8). Equal values
|
|
5767
|
+
* produce equal tags — a partition leak a DEK holder can offline-dictionary
|
|
5768
|
+
* at the PBKDF2 floor. Absent/false ⇒ refused-by-default.
|
|
5769
|
+
*/
|
|
5770
|
+
readonly equatable?: true;
|
|
5722
5771
|
}
|
|
5723
5772
|
interface ClassifiedGroup {
|
|
5724
5773
|
readonly _noydbClassifiedGroup: true;
|
|
@@ -8363,6 +8412,7 @@ declare const NO_SEARCH: SearchStrategy;
|
|
|
8363
8412
|
*
|
|
8364
8413
|
* @module
|
|
8365
8414
|
*/
|
|
8415
|
+
|
|
8366
8416
|
/** Family of Standard Schema v1 validator the persisted snapshot was derived from. */
|
|
8367
8417
|
type PersistedSchemaKind = 'Zod' | 'Valibot' | 'ArkType' | 'Effect' | 'Unknown';
|
|
8368
8418
|
/**
|
|
@@ -8387,6 +8437,15 @@ interface PersistedSchemaEnvelope {
|
|
|
8387
8437
|
readonly reason?: string;
|
|
8388
8438
|
/** ISO-8601 timestamp of the most recent derivation write. */
|
|
8389
8439
|
readonly derivedAt: string;
|
|
8440
|
+
/**
|
|
8441
|
+
* C-A / R10 config-drift marker. Present when the collection declares
|
|
8442
|
+
* classified digest-only fields. A handle opened WITHOUT `classifiedFields`
|
|
8443
|
+
* (a naive handle, whose codec has `vdigFields === null`) reads this back and
|
|
8444
|
+
* refuses to write — a silent plaintext/tag-drop write would corrupt the
|
|
8445
|
+
* classified record. Independent of `persistJsonSchema`: a classified
|
|
8446
|
+
* collection that never opts into schema persistence still writes this marker.
|
|
8447
|
+
*/
|
|
8448
|
+
readonly classified?: ClassifiedMarker;
|
|
8390
8449
|
}
|
|
8391
8450
|
|
|
8392
8451
|
/**
|
|
@@ -10921,6 +10980,48 @@ interface Assignment {
|
|
|
10921
10980
|
serial: number;
|
|
10922
10981
|
}
|
|
10923
10982
|
|
|
10983
|
+
/**
|
|
10984
|
+
* Lazy-mode capability contract (#267 Track A tail — lazy-mode promoted out
|
|
10985
|
+
* of `routing` into its own `lazy` service). Lives on the `/with` port (the
|
|
10986
|
+
* one seam the kernel spine may import statically) so `Collection` can hold
|
|
10987
|
+
* the back-compat default without a spine→service static import.
|
|
10988
|
+
*
|
|
10989
|
+
* Lazy mode (`prefetch: false`) skips bulk hydration: reads go per-id
|
|
10990
|
+
* against the store and land in a bounded LRU working set. The strategy owns
|
|
10991
|
+
* constructing that LRU:
|
|
10992
|
+
*
|
|
10993
|
+
* - `withLazy()` (`with-store/lazy/active.ts`, subpath `@noy-db/hub/lazy`)
|
|
10994
|
+
* is the explicit catalog opt-in — silent, forward-stable.
|
|
10995
|
+
* - {@link IMPLICIT_LAZY} is the floor default reached when a collection
|
|
10996
|
+
* declares `prefetch: false` WITHOUT `lazyStrategy: withLazy()`. It keeps
|
|
10997
|
+
* the pre-#267 behavior byte-for-byte (back-compat delegation, pre-1.0)
|
|
10998
|
+
* but emits a one-time deprecation warn outside test env. It will become
|
|
10999
|
+
* a throwing stub at 1.0, letting the LRU leave the floor bundle
|
|
11000
|
+
* entirely once the per-record-CEK cache stops pinning `Lru` there.
|
|
11001
|
+
*
|
|
11002
|
+
* The on-demand read/write branches themselves stay kernel-resident (they
|
|
11003
|
+
* are `if (this.lazy)` forks on the hot get/put/scan paths); the service
|
|
11004
|
+
* seam owns cache construction + budget validation, which is where the
|
|
11005
|
+
* opt-in and the future tree-shake win live.
|
|
11006
|
+
* @internal
|
|
11007
|
+
*/
|
|
11008
|
+
|
|
11009
|
+
interface LazyStrategy {
|
|
11010
|
+
/**
|
|
11011
|
+
* Build the bounded LRU working-set cache for a lazy collection.
|
|
11012
|
+
* MUST throw when `cache` declares neither `maxRecords` nor `maxBytes` —
|
|
11013
|
+
* an unbounded lazy cache defeats the purpose.
|
|
11014
|
+
*/
|
|
11015
|
+
createCache<V>(collection: string, cache: CacheOptions | undefined): Lru<string, V>;
|
|
11016
|
+
}
|
|
11017
|
+
/**
|
|
11018
|
+
* Back-compat default (deprecated): `prefetch: false` without
|
|
11019
|
+
* `lazyStrategy: withLazy()`. Identical behavior to the explicit opt-in,
|
|
11020
|
+
* plus a one-time deprecation warn (suppressed under NODE_ENV=test,
|
|
11021
|
+
* mirroring the listPage fallback warn). @internal
|
|
11022
|
+
*/
|
|
11023
|
+
declare const IMPLICIT_LAZY: LazyStrategy;
|
|
11024
|
+
|
|
10924
11025
|
/**
|
|
10925
11026
|
* Enable the hierarchical-tiers capability.
|
|
10926
11027
|
* Pass to `createNoydb({ tiersStrategy: withTiers() })` to make a collection's
|
|
@@ -11045,8 +11146,7 @@ declare function demote<T>(ctx: TiersContext<T>, id: string, toTier: number): Pr
|
|
|
11045
11146
|
* here because `vault.ts` forget() reaches in via `collection._classifySealedShred`.
|
|
11046
11147
|
*/
|
|
11047
11148
|
declare function classifySealedShred<T>(ctx: TiersContext<T>, live: EncryptedEnvelope): Promise<{
|
|
11048
|
-
|
|
11049
|
-
dekResidue: string[];
|
|
11149
|
+
readonly slots: readonly SealedShredSlot[];
|
|
11050
11150
|
}>;
|
|
11051
11151
|
|
|
11052
11152
|
/**
|
|
@@ -11746,23 +11846,15 @@ interface HistoryStrategy {
|
|
|
11746
11846
|
}
|
|
11747
11847
|
|
|
11748
11848
|
/**
|
|
11749
|
-
*
|
|
11750
|
-
*
|
|
11751
|
-
*
|
|
11752
|
-
* Where `refArray` (design A) stores an id-array on one owning record,
|
|
11753
|
-
* `vault.link()` creates a first-class junction: a dedicated encrypted
|
|
11754
|
-
* `_links_<name>` collection whose rows are `{ a, b, meta? }` link tuples.
|
|
11755
|
-
* It is queryable from BOTH sides (`of(id)`), carries optional per-link
|
|
11756
|
-
* metadata, and cascades on endpoint delete.
|
|
11757
|
-
*
|
|
11758
|
-
* Each link is slot-typed: `a` is an id in the `a` endpoint collection,
|
|
11759
|
-
* `b` an id in the `b` endpoint collection (they may be the same
|
|
11760
|
-
* collection for self-links). A link's identity is the ordered pair
|
|
11761
|
-
* `(a, b)`; `of(id)` matches either slot.
|
|
11849
|
+
* Link-set naming helpers, declaration types, and errors — the tiny,
|
|
11850
|
+
* always-loadable slice of the links feature (#553).
|
|
11762
11851
|
*
|
|
11763
|
-
*
|
|
11764
|
-
*
|
|
11765
|
-
*
|
|
11852
|
+
* Split out of `link-set.ts` so the kernel floor (reserved-name guard in
|
|
11853
|
+
* `vault.collection()`, the lazy `vault.links()` handle) and the ref/link
|
|
11854
|
+
* enforcement facade can bind these few lines WITHOUT statically pulling
|
|
11855
|
+
* the `LinkSet` storage engine; that class now loads via dynamic import
|
|
11856
|
+
* on first link I/O. `link-set.ts` re-exports everything here, so import
|
|
11857
|
+
* paths and class identities are unchanged for existing consumers.
|
|
11766
11858
|
*/
|
|
11767
11859
|
|
|
11768
11860
|
/** True for any reserved link-collection name. */
|
|
@@ -11801,13 +11893,6 @@ interface LinkSetHandle {
|
|
|
11801
11893
|
/** All links in the set. */
|
|
11802
11894
|
list(): Promise<LinkRow[]>;
|
|
11803
11895
|
}
|
|
11804
|
-
/** Thrown by `connect()` when an endpoint record does not exist. */
|
|
11805
|
-
declare class LinkEndpointError extends NoydbError {
|
|
11806
|
-
readonly link: string;
|
|
11807
|
-
readonly endpoint: string;
|
|
11808
|
-
readonly missingId: string;
|
|
11809
|
-
constructor(link: string, endpoint: string, missingId: string);
|
|
11810
|
-
}
|
|
11811
11896
|
/** Thrown when a `strict` link blocks deletion of an endpoint that still has links. */
|
|
11812
11897
|
declare class LinkIntegrityError extends NoydbError {
|
|
11813
11898
|
readonly link: string;
|
|
@@ -12558,11 +12643,13 @@ declare function liberateVault(vault: Vault, opts: LiberateOptions): Promise<Lib
|
|
|
12558
12643
|
* The grant/revoke engine the strategy runs when opted in — implemented by
|
|
12559
12644
|
* `Noydb` (`_grantCustodianImpl` / `_revokeCustodianImpl` hold the gate +
|
|
12560
12645
|
* keyring logic; the public `grantCustodian` / `revokeCustodian` route through
|
|
12561
|
-
* the strategy).
|
|
12646
|
+
* the strategy). Since the #267 team split the keyring grant/revoke engines
|
|
12647
|
+
* are passed IN by `withCustody()` (statically linked there, not in the
|
|
12648
|
+
* kernel) so the single-user floor never carries them.
|
|
12562
12649
|
*/
|
|
12563
12650
|
interface CustodyHost {
|
|
12564
|
-
_grantCustodianImpl(vault: string, options: GrantCustodianOptions, factors?: FactorProofBundle): Promise<void>;
|
|
12565
|
-
_revokeCustodianImpl(vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
12651
|
+
_grantCustodianImpl(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: GrantOptions) => Promise<void>, vault: string, options: GrantCustodianOptions, factors?: FactorProofBundle): Promise<void>;
|
|
12652
|
+
_revokeCustodianImpl(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: RevokeOptions) => Promise<void>, vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
12566
12653
|
}
|
|
12567
12654
|
interface CustodyStrategy {
|
|
12568
12655
|
grantCustodian(host: CustodyHost, vault: string, options: GrantCustodianOptions, factors?: FactorProofBundle): Promise<void>;
|
|
@@ -12950,7 +13037,7 @@ interface ClassifiedVerifyCtx {
|
|
|
12950
13037
|
readonly field: string;
|
|
12951
13038
|
readonly spec: ClassifiedFieldSpec;
|
|
12952
13039
|
}>;
|
|
12953
|
-
readonly onAccess?: ((op: 'verify', id: string) => Promise<void>) | undefined;
|
|
13040
|
+
readonly onAccess?: ((op: 'verify' | 'find', id: string) => Promise<void>) | undefined;
|
|
12954
13041
|
}
|
|
12955
13042
|
interface ClassifiedStrategy {
|
|
12956
13043
|
reveal(ctx: ClassifiedRevealCtx, id: string, field: string): Promise<unknown>;
|
|
@@ -12961,6 +13048,7 @@ interface ClassifiedStrategy {
|
|
|
12961
13048
|
}): Promise<{
|
|
12962
13049
|
readonly passed: boolean;
|
|
12963
13050
|
}>;
|
|
13051
|
+
computeTarget(ctx: ClassifiedVerifyCtx, field: string, candidate: string, costByte?: number): Promise<string | null>;
|
|
12964
13052
|
}
|
|
12965
13053
|
declare const NO_CLASSIFIED: ClassifiedStrategy;
|
|
12966
13054
|
|
|
@@ -13004,6 +13092,7 @@ declare class Vault {
|
|
|
13004
13092
|
/** Per-collection record archival policies. Indexed by collection name. */
|
|
13005
13093
|
private readonly archiveRegistry;
|
|
13006
13094
|
private readonly indexStrategy;
|
|
13095
|
+
private readonly lazyStrategy;
|
|
13007
13096
|
private readonly aggregateStrategy;
|
|
13008
13097
|
private readonly crdtStrategy;
|
|
13009
13098
|
private readonly tiersStrategy;
|
|
@@ -13218,7 +13307,7 @@ declare class Vault {
|
|
|
13218
13307
|
private readonly dictionaryCache;
|
|
13219
13308
|
/** Registered link specs, keyed by link name; set by `vault.link()`. */
|
|
13220
13309
|
private readonly linkRegistry;
|
|
13221
|
-
/** Cache of
|
|
13310
|
+
/** Cache of link-set handles, one per link name (lazy -- see links()). */
|
|
13222
13311
|
private readonly linkSetCache;
|
|
13223
13312
|
/** — subscribers for cross-tier access events. */
|
|
13224
13313
|
private readonly crossTierSubs;
|
|
@@ -13260,6 +13349,7 @@ declare class Vault {
|
|
|
13260
13349
|
objectStore?: ObjectProjection | undefined;
|
|
13261
13350
|
archiveStrategy?: ArchiveStrategy | undefined;
|
|
13262
13351
|
indexStrategy?: IndexStrategy | undefined;
|
|
13352
|
+
lazyStrategy?: LazyStrategy | undefined;
|
|
13263
13353
|
aggregateStrategy?: AggregateStrategy | undefined;
|
|
13264
13354
|
crdtStrategy?: CrdtStrategy | undefined;
|
|
13265
13355
|
tiersStrategy?: TiersStrategy | undefined;
|
|
@@ -13362,6 +13452,9 @@ declare class Vault {
|
|
|
13362
13452
|
deterministicFields?: readonly IndexFieldName<T, S>[];
|
|
13363
13453
|
/** — explicit ack that deterministic encryption leaks equality. */
|
|
13364
13454
|
acknowledgeDeterministicRisk?: boolean;
|
|
13455
|
+
/** — explicit ack for the classified `equatable` knob (R8 door). Required
|
|
13456
|
+
* when any classified field declares `equatable: true`. */
|
|
13457
|
+
acknowledgeEquatableRisk?: boolean;
|
|
13365
13458
|
/**
|
|
13366
13459
|
* — structural group-encryption. Fields sealed into their own
|
|
13367
13460
|
* `_sealed[field]` envelope slot (per-field key), kept out of the open
|
|
@@ -13472,8 +13565,8 @@ declare class Vault {
|
|
|
13472
13565
|
abortSchemaCutover(): Promise<void>;
|
|
13473
13566
|
/** Current schema-cutover fence state for this vault. Thin live read. */
|
|
13474
13567
|
schemaFenceState(): Promise<FenceDoc>;
|
|
13475
|
-
/** @internal Start
|
|
13476
|
-
_ensureFenceCoordination(): void
|
|
13568
|
+
/** @internal Start heartbeat + fence watcher once a cutover is registered. Async since #553: FenceWatcher dynamic-imports on demand. */
|
|
13569
|
+
_ensureFenceCoordination(): Promise<void>;
|
|
13477
13570
|
/** @internal Stop the heartbeat/watcher (vault lock/close). */
|
|
13478
13571
|
_stopFenceCoordination(): void;
|
|
13479
13572
|
/** @internal Best-effort flush of all open collections' persisted
|
|
@@ -14699,6 +14792,23 @@ interface GateEventMap {
|
|
|
14699
14792
|
}
|
|
14700
14793
|
type GatePoint = keyof GateEventMap;
|
|
14701
14794
|
type GateHandler<P extends GatePoint> = (event: GateEventMap[P]) => void | Promise<void>;
|
|
14795
|
+
/**
|
|
14796
|
+
* Registration options for a gate handler.
|
|
14797
|
+
*
|
|
14798
|
+
* `needsPrior` (default `true`) declares whether the handler reads the
|
|
14799
|
+
* prior-derived event fields — `existing`, `existingVersion`, `existingTs`,
|
|
14800
|
+
* and (on `beforePut`) `op`. When EVERY handler registered at a point set
|
|
14801
|
+
* `needsPrior: false`, the write path skips the prior-read (store get +
|
|
14802
|
+
* decrypt) entirely and dispatches the event with `existing: null`,
|
|
14803
|
+
* `existingVersion: 0`, `existingTs: undefined` (and `op: 'create'` on
|
|
14804
|
+
* `beforePut`; a `beforeDelete` gate then also fires for delete-of-absent).
|
|
14805
|
+
* A handler that opts out MUST NOT rely on those fields. (#267 prior-read
|
|
14806
|
+
* elision — pure perf; one prior-needing handler restores the old behavior
|
|
14807
|
+
* for the whole point.)
|
|
14808
|
+
*/
|
|
14809
|
+
interface GateRegisterOptions {
|
|
14810
|
+
readonly needsPrior?: boolean;
|
|
14811
|
+
}
|
|
14702
14812
|
declare class ServiceBus {
|
|
14703
14813
|
#private;
|
|
14704
14814
|
/** Register a handler for an observe point. Returns an unsubscribe fn. */
|
|
@@ -14724,10 +14834,21 @@ declare class ServiceBus {
|
|
|
14724
14834
|
* cannot loop (same rationale as WriteHookRegistry.#suppressed).
|
|
14725
14835
|
*/
|
|
14726
14836
|
dispatch<P extends LifecyclePoint>(point: P, event: LifecycleEventMap[P]): Promise<void>;
|
|
14727
|
-
/**
|
|
14728
|
-
|
|
14837
|
+
/**
|
|
14838
|
+
* Register a write-gating handler. A throw from the handler ABORTS the
|
|
14839
|
+
* write. Returns an unsubscribe fn. See {@link GateRegisterOptions} for
|
|
14840
|
+
* the `needsPrior` prior-read declaration (#267).
|
|
14841
|
+
*/
|
|
14842
|
+
registerGate<P extends GatePoint>(point: P, handler: GateHandler<P>, opts?: GateRegisterOptions): Unsubscribe$2;
|
|
14729
14843
|
/** Cheap gate for the write path — true when any gate handler is registered for the point. */
|
|
14730
14844
|
hasGateHandlers(point: GatePoint): boolean;
|
|
14845
|
+
/**
|
|
14846
|
+
* True when at least one gate handler at `point` needs the prior record
|
|
14847
|
+
* (the default). False when the point has no handlers or every handler
|
|
14848
|
+
* registered with `needsPrior: false` — the write path then skips the
|
|
14849
|
+
* prior-read before dispatching (#267 prior-read elision).
|
|
14850
|
+
*/
|
|
14851
|
+
gateNeedsPrior(point: GatePoint): boolean;
|
|
14731
14852
|
/**
|
|
14732
14853
|
* Run gate handlers in registration order, awaited. Unlike `dispatch`
|
|
14733
14854
|
* (observe), a handler throw is NOT swallowed — it PROPAGATES, aborting the
|
|
@@ -14944,7 +15065,7 @@ interface DryRunResult {
|
|
|
14944
15065
|
}
|
|
14945
15066
|
|
|
14946
15067
|
/** NoydbOptions with the store resolved to a non-optional value (internal use only). */
|
|
14947
|
-
type ResolvedNoydbOptions = NoydbOptions & {
|
|
15068
|
+
type ResolvedNoydbOptions$1 = NoydbOptions & {
|
|
14948
15069
|
readonly store: NoydbStore;
|
|
14949
15070
|
};
|
|
14950
15071
|
/** The top-level NOYDB instance. */
|
|
@@ -14963,6 +15084,15 @@ declare class Noydb {
|
|
|
14963
15084
|
/** Pre-resolved `vault.user` API factory (mirrors `coordinationProvider` above). Public so `Vault` can call it. */
|
|
14964
15085
|
readonly userApiFactory: UserApiFactory;
|
|
14965
15086
|
private readonly vaultCache;
|
|
15087
|
+
/**
|
|
15088
|
+
* In-flight `openVault` promise per name — concurrent opens of the same
|
|
15089
|
+
* vault must converge on ONE Vault instance. Without this, two callers
|
|
15090
|
+
* racing past the `vaultCache` miss each construct a Vault (and later two
|
|
15091
|
+
* Collections with independent DEKs for the same store slice), so a record
|
|
15092
|
+
* written through one fails decryption through the other with a spurious
|
|
15093
|
+
* `TamperedError` (#564).
|
|
15094
|
+
*/
|
|
15095
|
+
private readonly vaultOpening;
|
|
14966
15096
|
private readonly keyringCache;
|
|
14967
15097
|
private readonly syncEngines;
|
|
14968
15098
|
/**
|
|
@@ -15002,6 +15132,11 @@ declare class Noydb {
|
|
|
15002
15132
|
* through it; grant/revoke route through it from this class. @internal
|
|
15003
15133
|
*/
|
|
15004
15134
|
readonly custodyStrategy: CustodyStrategy;
|
|
15135
|
+
/**
|
|
15136
|
+
* Opt-in multi-user team strategy (#267 keyring-grant → team split) —
|
|
15137
|
+
* `NO_TEAM` (throwing) unless `withTeam()` was passed; the keyring
|
|
15138
|
+
* engines are linked only by the active strategy, not by this file. */
|
|
15139
|
+
private readonly teamStrategy;
|
|
15005
15140
|
private readonly sessionStrategy;
|
|
15006
15141
|
private readonly syncStrategy;
|
|
15007
15142
|
private readonly snapshots;
|
|
@@ -15027,7 +15162,7 @@ declare class Noydb {
|
|
|
15027
15162
|
private readonly translatorCache;
|
|
15028
15163
|
/** Audit log for all translator invocations in this session. Cleared on `close()`. */
|
|
15029
15164
|
private readonly _translatorAuditLog;
|
|
15030
|
-
constructor(options: ResolvedNoydbOptions);
|
|
15165
|
+
constructor(options: ResolvedNoydbOptions$1);
|
|
15031
15166
|
/** @internal — resolved forget strategy (NO_FORGET when not configured). */
|
|
15032
15167
|
get _forgetStrategy(): ForgetStrategy;
|
|
15033
15168
|
private resetSessionTimer;
|
|
@@ -15067,6 +15202,7 @@ declare class Noydb {
|
|
|
15067
15202
|
*
|
|
15068
15203
|
* The legacy `requireReAuthFor: ['grant']` session-policy check still
|
|
15069
15204
|
* fires on top — both are independent opt-ins.
|
|
15205
|
+
* Opt-in (#267): throws {@link TeamNotEnabledError} without `withTeam()`.
|
|
15070
15206
|
*/
|
|
15071
15207
|
grant(vault: string, options: GrantOptions, factors?: FactorProofBundle): Promise<void>;
|
|
15072
15208
|
/**
|
|
@@ -15077,6 +15213,7 @@ declare class Noydb {
|
|
|
15077
15213
|
*
|
|
15078
15214
|
* The legacy `requireReAuthFor: ['revoke']` session-policy check still
|
|
15079
15215
|
* fires on top — both are independent opt-ins.
|
|
15216
|
+
* Opt-in (#267): throws {@link TeamNotEnabledError} without `withTeam()`.
|
|
15080
15217
|
*/
|
|
15081
15218
|
revoke(vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
15082
15219
|
/**
|
|
@@ -15090,8 +15227,9 @@ declare class Noydb {
|
|
|
15090
15227
|
* owner-only invariant even if a host mis-configures the gate.
|
|
15091
15228
|
*/
|
|
15092
15229
|
grantCustodian(vault: string, options: Omit<GrantOptions, 'role'>, factors?: FactorProofBundle): Promise<void>;
|
|
15093
|
-
/** @internal —
|
|
15094
|
-
|
|
15230
|
+
/** @internal — grant-custodian engine, reached only via withCustody(); the
|
|
15231
|
+
* keyring engine arrives as an argument so the floor never carries it (#267). */
|
|
15232
|
+
_grantCustodianImpl(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: GrantOptions) => Promise<void>, vault: string, options: Omit<GrantOptions, 'role'>, factors?: FactorProofBundle): Promise<void>;
|
|
15095
15233
|
/**
|
|
15096
15234
|
* Revoke a custodian (owner-only custody API).
|
|
15097
15235
|
*
|
|
@@ -15100,8 +15238,9 @@ declare class Noydb {
|
|
|
15100
15238
|
* 'owner'` check, so an admin cannot unwind a custodianship.
|
|
15101
15239
|
*/
|
|
15102
15240
|
revokeCustodian(vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
15103
|
-
/** @internal —
|
|
15104
|
-
|
|
15241
|
+
/** @internal — revoke-custodian engine, reached only via withCustody().
|
|
15242
|
+
* Mirrors `_grantCustodianImpl` (#267: engine passed in). */
|
|
15243
|
+
_revokeCustodianImpl(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: RevokeOptions) => Promise<void>, vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
15105
15244
|
/**
|
|
15106
15245
|
* Mutate post-grant identity fields on an existing keyring — `role`,
|
|
15107
15246
|
* `displayName`, and/or `permissions`. Pure plaintext-header rewrite:
|
|
@@ -15160,6 +15299,7 @@ declare class Noydb {
|
|
|
15160
15299
|
* Exposed on Noydb (rather than only on the lower-level keyring
|
|
15161
15300
|
* module) so CLI and admin tooling can trigger rotation without
|
|
15162
15301
|
* reaching into internals. See `noy-db rotate` for the CLI wrapper.
|
|
15302
|
+
* Opt-in (#267): throws {@link TeamNotEnabledError} without `withTeam()`.
|
|
15163
15303
|
*/
|
|
15164
15304
|
rotate(vault: string, collections: string[]): Promise<void>;
|
|
15165
15305
|
/** List all users with access to a vault. */
|
|
@@ -16107,6 +16247,12 @@ interface CollectionOpts<T> {
|
|
|
16107
16247
|
* unbounded lazy cache defeats the purpose.
|
|
16108
16248
|
*/
|
|
16109
16249
|
cache?: CacheOptions | undefined;
|
|
16250
|
+
/**
|
|
16251
|
+
* Lazy service seam (#267) — supplies the bounded-LRU working-set cache
|
|
16252
|
+
* when `prefetch: false`. Omitted → the deprecated IMPLICIT_LAZY
|
|
16253
|
+
* back-compat default (identical behavior + one-time warn).
|
|
16254
|
+
*/
|
|
16255
|
+
lazyStrategy?: LazyStrategy | undefined;
|
|
16110
16256
|
/**
|
|
16111
16257
|
* Optional Standard Schema v1 validator (Zod, Valibot, ArkType,
|
|
16112
16258
|
* Effect Schema, etc.). When set, every `put()` is validated before
|
|
@@ -16234,7 +16380,7 @@ interface CollectionOpts<T> {
|
|
|
16234
16380
|
* outside a consent scope the callback is a no-op. Awaited so a
|
|
16235
16381
|
* thrown audit write surfaces to the caller.
|
|
16236
16382
|
*/
|
|
16237
|
-
onAccess?: (op: 'get' | 'put' | 'delete' | 'reveal' | 'verify', id: string) => Promise<void>;
|
|
16383
|
+
onAccess?: (op: 'get' | 'put' | 'delete' | 'reveal' | 'verify' | 'find', id: string) => Promise<void>;
|
|
16238
16384
|
/**
|
|
16239
16385
|
* invoked by `put`/`delete` before any adapter
|
|
16240
16386
|
* write. Receives the prior envelope timestamp + decrypted
|
|
@@ -16264,6 +16410,13 @@ interface CollectionOpts<T> {
|
|
|
16264
16410
|
* any deterministic field is declared. Any other value throws.
|
|
16265
16411
|
*/
|
|
16266
16412
|
acknowledgeDeterministicRisk?: boolean | undefined;
|
|
16413
|
+
/**
|
|
16414
|
+
* gate for the classified `equatable` knob (R8 double door). Must be `true`
|
|
16415
|
+
* when any classified field declares `equatable: true`; otherwise construction
|
|
16416
|
+
* throws. One-directional — setting it with zero equatable members is a
|
|
16417
|
+
* silent no-op (mirrors `acknowledgeDeterministicRisk`).
|
|
16418
|
+
*/
|
|
16419
|
+
acknowledgeEquatableRisk?: boolean | undefined;
|
|
16267
16420
|
/**
|
|
16268
16421
|
* Structural group-encryption. Fields listed here are
|
|
16269
16422
|
* encrypted into their own `_sealed[field]` envelope slot — each under
|
|
@@ -16636,6 +16789,9 @@ declare class Collection<T, S extends keyof T = never, Q extends keyof T & strin
|
|
|
16636
16789
|
* `_vdig` forward under (C6). `null` when the collection declares none.
|
|
16637
16790
|
*/
|
|
16638
16791
|
private readonly vdigFields;
|
|
16792
|
+
/** C-A/R10 memoization: marker declared-set lookup (undefined=unresolved) + classified-handle persist-once flag. */
|
|
16793
|
+
private _markerDigestOnlyCache;
|
|
16794
|
+
private _markerPersisted;
|
|
16639
16795
|
/**
|
|
16640
16796
|
* Tree-shake seam for `reveal()` — defaults to `NO_CLASSIFIED`, which
|
|
16641
16797
|
* throws `ClassifiedNotEnabledError`. Set via the `classifiedStrategy`
|
|
@@ -16858,6 +17014,59 @@ declare class Collection<T, S extends keyof T = never, Q extends keyof T & strin
|
|
|
16858
17014
|
readonly passed: boolean;
|
|
16859
17015
|
}>;
|
|
16860
17016
|
private _classifiedVerifyCtx;
|
|
17017
|
+
/**
|
|
17018
|
+
* Equatable blind-index lookup: the ids whose classified digest-only
|
|
17019
|
+
* `equatable` field carries a `_bidx` tag matching `candidate` AND whose
|
|
17020
|
+
* `_vdig` payload confirms it. Requires the field to be declared
|
|
17021
|
+
* `classified.password({ equatable: true })` (or `secretAnswer`) and the
|
|
17022
|
+
* collection to have opened its `acknowledgeEquatableRisk` door.
|
|
17023
|
+
*
|
|
17024
|
+
* The algorithm order is load-bearing (spec §3):
|
|
17025
|
+
* 1. Caller-bug refusals thrown at ~0 elapsed, BEFORE any PBKDF2 (R9 /
|
|
17026
|
+
* Oracle #6): the three field mis-declarations share ONE constant,
|
|
17027
|
+
* field-name-free message so the refusal text cannot enumerate which
|
|
17028
|
+
* fields are classified / digest-only / equatable.
|
|
17029
|
+
* 2. Derive the ONE blind-index target UNCONDITIONALLY (I-1 / F1): an empty
|
|
17030
|
+
* collection still pays exactly one 600K PBKDF2, so wall-time can never
|
|
17031
|
+
* distinguish "no records" from "no match". No early return may precede
|
|
17032
|
+
* this line.
|
|
17033
|
+
* 3. Scan `list + one get` per id, string-comparing the stored `_bidx` tag —
|
|
17034
|
+
* decrypting NOTHING — and retain each hit's already-fetched envelope.
|
|
17035
|
+
* 4. Emit the single sweep consent op (`onAccess('find', '*')`) now — after
|
|
17036
|
+
* the scan, before confirm (Oracle #5) — fixing its store-write timestamp
|
|
17037
|
+
* independent of hit count.
|
|
17038
|
+
* 5. Confirm-by-verify against the ALREADY-FETCHED envelope (C-B): run the
|
|
17039
|
+
* enclave `verifyDigestField` on an in-memory `getEnvelope` closure so the
|
|
17040
|
+
* confirm reads ZERO additional envelopes. A tag-hit whose `_vdig` fails
|
|
17041
|
+
* to confirm is dropped silently (a splice is indistinguishable from a
|
|
17042
|
+
* stale tag). Store-shape law: the only store calls are `list + N get`.
|
|
17043
|
+
*/
|
|
17044
|
+
findByDigest(field: string, candidate: string): Promise<readonly string[]>;
|
|
17045
|
+
/**
|
|
17046
|
+
* Retire a field's equatable blind-index (`_bidx`) coverage across every
|
|
17047
|
+
* live record — the SOLE lazy-write-independent drop-path for a still-live
|
|
17048
|
+
* record's tag (besides clear / `forget()` / DEK-rotation). For each envelope
|
|
17049
|
+
* carrying `_bidx[field]`, rewrite it WITHOUT that slot (dropping the whole
|
|
17050
|
+
* `_bidx` map when it becomes empty), leaving `_vdig[field]` and everything
|
|
17051
|
+
* else INTACT — the field stays `digest-only`, only the index coverage is
|
|
17052
|
+
* retired. NO crypto, NO re-mint, NO re-encrypt: a targeted envelope rewrite.
|
|
17053
|
+
* Returns the count of records scrubbed.
|
|
17054
|
+
*
|
|
17055
|
+
* This is a maintenance write, not a read-egress: it emits NO `'find'` op and
|
|
17056
|
+
* no consent. The field is validated to a declared equatable digest-only
|
|
17057
|
+
* classified field (only such a field ever carries `_bidx`).
|
|
17058
|
+
*
|
|
17059
|
+
* **Ledger consistency**: dropping `_bidx[field]` changes the envelope's
|
|
17060
|
+
* payload hash (`_bidx` is bound into `envelopeBodyForHash`), so a raw
|
|
17061
|
+
* `adapter.put` of the scrubbed envelope WITHOUT a matching ledger entry would
|
|
17062
|
+
* desync the chain and make a future integrity cross-check flag false
|
|
17063
|
+
* tampering. After each rewrite we therefore append an `op:'migration'` entry
|
|
17064
|
+
* recording the NEW payloadHash at the SAME version — this is index retirement,
|
|
17065
|
+
* not a new record version, so `_v` is NOT bumped; the migration op is
|
|
17066
|
+
* reverse-delta-inert (`ledger.reconstruct` skips non-put/delete ops) yet
|
|
17067
|
+
* keeps the hash chain and the record's latest recorded payloadHash correct.
|
|
17068
|
+
*/
|
|
17069
|
+
scrubEquatableTags(field: string): Promise<number>;
|
|
16861
17070
|
/**
|
|
16862
17071
|
* @internal — attach money descriptors post-construction. MV dependency
|
|
16863
17072
|
* analysis auto-creates a source collection (without options) during
|
|
@@ -17000,6 +17209,8 @@ declare class Collection<T, S extends keyof T = never, Q extends keyof T & strin
|
|
|
17000
17209
|
* cache directly (no extra I/O), matching the previous behaviour exactly.
|
|
17001
17210
|
*/
|
|
17002
17211
|
private resolvePriorValues;
|
|
17212
|
+
/** Resolves the prior envelope/record for a gate event; elides the read (#267) when no handler at `point` needs it (`elided: true`, `env`/`record` null). */
|
|
17213
|
+
private resolveGatePrior;
|
|
17003
17214
|
/**
|
|
17004
17215
|
* Wraps {@link RecordCodec.toCacheRecord} with an additional strip for
|
|
17005
17216
|
* digest-only classified fields: the codec already omits them from `_data`
|
|
@@ -17731,6 +17942,10 @@ declare class Collection<T, S extends keyof T = never, Q extends keyof T & strin
|
|
|
17731
17942
|
* CEK cache, live-envelope reader, and DEK resolver.
|
|
17732
17943
|
*/
|
|
17733
17944
|
private resolveRecordCek;
|
|
17945
|
+
/** C-A/R10: persist the classified marker once per classified handle (store I/O in config-drift.ts). */
|
|
17946
|
+
private _ensureClassifiedMarker;
|
|
17947
|
+
/** C-A/R10 drift signal — the marker's declared digest-only set, memoized to one store read per handle (see config-drift.ts). */
|
|
17948
|
+
private _classifiedMarkerDigestOnly;
|
|
17734
17949
|
/**
|
|
17735
17950
|
* find the first record whose deterministic field matches
|
|
17736
17951
|
* the given plaintext. Returns `null` when no match exists.
|
|
@@ -17785,8 +18000,7 @@ declare class Collection<T, S extends keyof T = never, Q extends keyof T & strin
|
|
|
17785
18000
|
* Collection because `vault.ts` forget() reaches in via this name.
|
|
17786
18001
|
*/
|
|
17787
18002
|
_classifySealedShred(live: EncryptedEnvelope): Promise<{
|
|
17788
|
-
|
|
17789
|
-
dekResidue: string[];
|
|
18003
|
+
readonly slots: readonly SealedShredSlot[];
|
|
17790
18004
|
}>;
|
|
17791
18005
|
/**
|
|
17792
18006
|
* Bind the {@link TiersContext} the tier ops need. The `cekCache` is passed
|
|
@@ -17935,6 +18149,517 @@ interface TxStrategy {
|
|
|
17935
18149
|
runDryRun(db: Noydb, fn: (tx: TxContext) => unknown): Promise<DryRunResult>;
|
|
17936
18150
|
}
|
|
17937
18151
|
|
|
18152
|
+
/**
|
|
18153
|
+
* Noydb-side auth / recovery / enrollment facade.
|
|
18154
|
+
*
|
|
18155
|
+
* Holds the tier-2 authenticator enrollment/unlock wrappers, WebAuthn
|
|
18156
|
+
* enrollment, auth-config introspection, the tier-1 passphrase
|
|
18157
|
+
* rotate/recover flows, the paper/Shamir recovery rotate/enroll flows,
|
|
18158
|
+
* managed-passphrase recovery, peer-recovery, tier-3 PIN unlock, and the
|
|
18159
|
+
* public `getKeyring` accessor.
|
|
18160
|
+
*
|
|
18161
|
+
* The near-parallel rotate/recover variants (managed vs user vs paper vs
|
|
18162
|
+
* Shamir) are deliberately NOT consolidated. The
|
|
18163
|
+
* keyring/active-tier/quick-unlock/policy caches stay `Noydb`-resident
|
|
18164
|
+
* (shared by the kernel's unlock path) and arrive **by reference** through
|
|
18165
|
+
* {@link TeamFacadeDeps}; the keyring-unlock path (`getKeyringInternal`),
|
|
18166
|
+
* the policy gate (`checkGate`), the managed-recovery enrolment check
|
|
18167
|
+
* (`assertRecoveryEnrolled`), `openVault`, and the one-shot
|
|
18168
|
+
* managed-recovery skip flag stay kernel-resident and arrive as callbacks.
|
|
18169
|
+
*
|
|
18170
|
+
* Internal service — reached through `noydb.rotatePassphrase(...)` etc.
|
|
18171
|
+
*/
|
|
18172
|
+
|
|
18173
|
+
/** NoydbOptions with the store resolved to a non-optional value (internal use only). */
|
|
18174
|
+
type ResolvedNoydbOptions = NoydbOptions & {
|
|
18175
|
+
readonly store: NoydbStore;
|
|
18176
|
+
};
|
|
18177
|
+
/** Everything the moving auth/recovery/enrollment methods touched on the Noydb instance's `this.*`. */
|
|
18178
|
+
interface TeamFacadeDeps {
|
|
18179
|
+
/** Resolved Noydb options (store, user, passphraseMode, sealingKey, shamirRecovery, …). */
|
|
18180
|
+
readonly options: ResolvedNoydbOptions;
|
|
18181
|
+
/** Live unlocked-keyring cache (Noydb-resident; read/written by reference). */
|
|
18182
|
+
readonly keyringCache: Map<string, UnlockedKeyring>;
|
|
18183
|
+
/** Per-vault active session tier (Noydb-resident; read/written by reference). */
|
|
18184
|
+
readonly activeTier: Map<string, ActiveTier>;
|
|
18185
|
+
/** Per-vault tier-3 quick-unlock state (Noydb-resident; read/written by reference). */
|
|
18186
|
+
readonly quickUnlock: QuickUnlockStore;
|
|
18187
|
+
/** Per-vault loaded policy cache (Noydb-resident; read/written by reference). */
|
|
18188
|
+
readonly policyCache: Map<string, VaultPolicy>;
|
|
18189
|
+
/** Evaluate the policy gate for an operation (kernel-resident). */
|
|
18190
|
+
checkGate(vault: string, gate: GateName, factors?: FactorProofBundle): Promise<void>;
|
|
18191
|
+
/** Legacy `requireReAuthFor` session-policy check (kernel-resident). */
|
|
18192
|
+
checkPolicyOperation(vault: string, op: ReAuthOperation): void;
|
|
18193
|
+
/** Live-reference keyring unlock path (kernel-resident). */
|
|
18194
|
+
getKeyringInternal(vault: string, opts?: {
|
|
18195
|
+
create: boolean;
|
|
18196
|
+
}): Promise<UnlockedKeyring>;
|
|
18197
|
+
/** Managed-recovery enrolment check (kernel-resident). */
|
|
18198
|
+
assertRecoveryEnrolled(vault: string, policy: VaultPolicy, opts?: {
|
|
18199
|
+
skipManagedCheck?: boolean;
|
|
18200
|
+
}): Promise<void>;
|
|
18201
|
+
/** Open (or create) a vault (kernel-resident). */
|
|
18202
|
+
openVault(vault: string, opts?: {
|
|
18203
|
+
locale?: string;
|
|
18204
|
+
}): Promise<Vault>;
|
|
18205
|
+
/** Toggle the one-shot managed-mode strong-recovery bypass flag (kernel-resident). */
|
|
18206
|
+
setSkipNextManagedRecoveryCheck(value: boolean): void;
|
|
18207
|
+
}
|
|
18208
|
+
declare class TeamFacade {
|
|
18209
|
+
private readonly deps;
|
|
18210
|
+
constructor(deps: TeamFacadeDeps);
|
|
18211
|
+
private requireShamirProvider;
|
|
18212
|
+
/** Gate + run a `grant` engine. See `Noydb.grant` for the public contract. */
|
|
18213
|
+
runGrant(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: GrantOptions) => Promise<void>, vault: string, options: GrantOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18214
|
+
/** Gate + run a `revoke` engine. See `Noydb.revoke` for the public contract. */
|
|
18215
|
+
runRevoke(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, options: RevokeOptions) => Promise<void>, vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18216
|
+
/** Gate + run a `rotateKeys` engine. See `Noydb.rotate` for the public contract. */
|
|
18217
|
+
runRotate(engine: (adapter: NoydbStore, vault: string, callerKeyring: UnlockedKeyring, collections: string[]) => Promise<void>, vault: string, collections: string[]): Promise<void>;
|
|
18218
|
+
/**
|
|
18219
|
+
* Add a tier-2 authenticator slot to the calling user's keyring.
|
|
18220
|
+
* Each slot independently wraps the SAME KEK under a method-specific
|
|
18221
|
+
* key — adding a slot is a constant-time keyring write.
|
|
18222
|
+
*
|
|
18223
|
+
* The wrapping ciphertext is produced by the corresponding
|
|
18224
|
+
* `@noy-db/on-*` package (e.g. `enrollPasswordAuthenticator` from
|
|
18225
|
+
* `@noy-db/on-password`); the hub persists the result.
|
|
18226
|
+
*
|
|
18227
|
+
* Gated by `enroll-authenticator`; `presented` carries any factor
|
|
18228
|
+
* proofs the active policy demands.
|
|
18229
|
+
*/
|
|
18230
|
+
enrollAuthenticator(vault: string, options: EnrollAuthenticatorOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18231
|
+
/**
|
|
18232
|
+
* Remove a tier-2 authenticator slot. Idempotent — removing a
|
|
18233
|
+
* non-existent slot is a successful no-op. Gated by
|
|
18234
|
+
* `remove-authenticator`.
|
|
18235
|
+
*/
|
|
18236
|
+
removeAuthenticator(vault: string, slotId: string, factors?: FactorProofBundle): Promise<void>;
|
|
18237
|
+
/** Read the slot list for a vault. Internal — `describeAuthConfig` consumes this. */
|
|
18238
|
+
listAuthenticators(vault: string): Promise<ReadonlyArray<KeyringAuthenticator>>;
|
|
18239
|
+
/**
|
|
18240
|
+
* Mutate the `meta` blob on an existing authenticator slot — slot
|
|
18241
|
+
* rename, label change, attachment of UI hints. The slot's `id`,
|
|
18242
|
+
* `method`, and wrap material (`wrapped_kek` / `wrapped_deks` + `iv`)
|
|
18243
|
+
* are immutable through this method. Anti-slot-swap is structural,
|
|
18244
|
+
* not gate-driven.
|
|
18245
|
+
*
|
|
18246
|
+
* `meta` patch semantics (top-level merge):
|
|
18247
|
+
* - Top-level merge — absent keys preserved
|
|
18248
|
+
* - `null` value — delete that meta key
|
|
18249
|
+
* - Other values — replace verbatim
|
|
18250
|
+
*
|
|
18251
|
+
* Use case: per-slot nickname for "iPhone Touch ID" vs "MacBook
|
|
18252
|
+
* Touch ID" disambiguation in admin UIs. The slot id (auto-derived
|
|
18253
|
+
* from credentialId prefix) is not human-friendly; `meta.nickname`
|
|
18254
|
+
* is.
|
|
18255
|
+
*
|
|
18256
|
+
* Gated by `update-authenticator`. PERSONAL_POLICY: tier-1 unlock
|
|
18257
|
+
* alone (matches enroll/remove). STRICT_POLICY: tier-1 +
|
|
18258
|
+
* TOTP/email-OTP factor proof — a malicious rename on a shared
|
|
18259
|
+
* workstation could mislead the user about which device a slot
|
|
18260
|
+
* corresponds to, so STRICT requires fresh factor binding.
|
|
18261
|
+
*
|
|
18262
|
+
* @throws `NoAccessError` when no slot with the given id exists.
|
|
18263
|
+
* @throws `ValidationError` when no patch field is provided.
|
|
18264
|
+
*/
|
|
18265
|
+
updateAuthenticator(vault: string, slotId: string, options: UpdateAuthenticatorOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18266
|
+
/**
|
|
18267
|
+
* Native WebAuthn enrollment using the **real** internal keyring.
|
|
18268
|
+
*
|
|
18269
|
+
* Why this exists: when a consumer is using `createNoydb({ secret })`,
|
|
18270
|
+
* they cannot reach the live `UnlockedKeyring` to feed it to
|
|
18271
|
+
* `enrollWebAuthn(keyring, vault, opts)` from `@noy-db/on-webauthn`.
|
|
18272
|
+
* Constructing a synthetic keyring (the previous workaround) produces
|
|
18273
|
+
* a slot whose `wrapped_kek` references the synthetic payload, not
|
|
18274
|
+
* the live session — so `unlockViaAuthenticator()` later replaces the
|
|
18275
|
+
* live DEK map with stale wrapped DEKs and every decrypt fails.
|
|
18276
|
+
*
|
|
18277
|
+
* This method runs `ceremony` with the REAL keyring (still in
|
|
18278
|
+
* `keyringCache`). The ceremony performs the WebAuthn enrollment and
|
|
18279
|
+
* returns the slot options that hub then persists via the standard
|
|
18280
|
+
* tier-2 enrollAuthenticator path.
|
|
18281
|
+
*
|
|
18282
|
+
* Layering note: hub does not import `@noy-db/on-webauthn` (that
|
|
18283
|
+
* would invert the dep graph). The consumer wires it in:
|
|
18284
|
+
*
|
|
18285
|
+
* ```ts
|
|
18286
|
+
* import { enrollWebAuthn } from '@noy-db/on-webauthn'
|
|
18287
|
+
*
|
|
18288
|
+
* await db.enrollWebAuthn('demo', async (keyring) => {
|
|
18289
|
+
* const e = await enrollWebAuthn(keyring, 'demo', { rp: {...} })
|
|
18290
|
+
* return {
|
|
18291
|
+
* id: `webauthn-${e.credentialId.slice(0, 8)}`,
|
|
18292
|
+
* method: 'webauthn',
|
|
18293
|
+
* wrapped_kek: e.wrappedPayload,
|
|
18294
|
+
* meta: {
|
|
18295
|
+
* credentialId: e.credentialId,
|
|
18296
|
+
* wrapIv: e.wrapIv,
|
|
18297
|
+
* prfUsed: e.prfUsed,
|
|
18298
|
+
* beFlag: e.beFlag,
|
|
18299
|
+
* requireSingleDevice: e.requireSingleDevice,
|
|
18300
|
+
* },
|
|
18301
|
+
* }
|
|
18302
|
+
* })
|
|
18303
|
+
* ```
|
|
18304
|
+
*
|
|
18305
|
+
* Returns the WebAuthn `credentialId` (extracted from `meta.credentialId`)
|
|
18306
|
+
* for the caller's lookup index (a bootstrap vault, a PublicEnvelope,
|
|
18307
|
+
* a server-side allowlist).
|
|
18308
|
+
*
|
|
18309
|
+
* Gated by `enroll-authenticator` like `enrollAuthenticator()` itself.
|
|
18310
|
+
*/
|
|
18311
|
+
enrollWebAuthn(vault: string, ceremony: (keyring: UnlockedKeyring) => Promise<EnrollAuthenticatorOptions>, factors?: FactorProofBundle): Promise<{
|
|
18312
|
+
credentialId: string;
|
|
18313
|
+
}>;
|
|
18314
|
+
/**
|
|
18315
|
+
* Filter the slot list to webauthn-method slots only. Useful for
|
|
18316
|
+
* "you have N WebAuthn credentials enrolled" UI surfaces and for
|
|
18317
|
+
* deciding when a new device prompt should appear. Identity is
|
|
18318
|
+
* `id` + `enrolled_at`; the `meta.credentialId` (base64) is used by
|
|
18319
|
+
* `allowCredentials` at unlock time.
|
|
18320
|
+
*/
|
|
18321
|
+
listWebAuthnSlots(vault: string): Promise<ReadonlyArray<{
|
|
18322
|
+
id: string;
|
|
18323
|
+
enrolledAt: string;
|
|
18324
|
+
credentialId: string;
|
|
18325
|
+
}>>;
|
|
18326
|
+
/**
|
|
18327
|
+
* Resolve a slot by id, then hand the wrapped-KEK ciphertext + meta
|
|
18328
|
+
* to the caller-supplied verifier. The verifier is the
|
|
18329
|
+
* `unlockWith*` function from the corresponding `@noy-db/on-*`
|
|
18330
|
+
* package, e.g. `unlockWithPassword(slot, password)`.
|
|
18331
|
+
*
|
|
18332
|
+
* On success, mark the active session tier as 2 — subsequent
|
|
18333
|
+
* `checkGate` calls see a tier-2 unlock.
|
|
18334
|
+
*/
|
|
18335
|
+
unlockViaAuthenticator(vault: string, slotId: string, verify: (slot: KeyringAuthenticator) => Promise<UnlockedKeyring>): Promise<UnlockedKeyring>;
|
|
18336
|
+
/** English summary of the configured auth model. */
|
|
18337
|
+
describeAuthConfig(vault: string): Promise<string>;
|
|
18338
|
+
/** Mermaid `flowchart TB` source for the auth graph. */
|
|
18339
|
+
diagramAuthConfig(vault: string): Promise<string>;
|
|
18340
|
+
/**
|
|
18341
|
+
* Per-user enrollment summary. Gated by `view-user-auth` (default:
|
|
18342
|
+
* disabled). Sanitization is allowlist-based — never renders cred
|
|
18343
|
+
* ids, password hashes, secrets, or any field outside the allowlist.
|
|
18344
|
+
*/
|
|
18345
|
+
describeUserAuth(vault: string, userId: string, factors?: FactorProofBundle): Promise<string>;
|
|
18346
|
+
/** Bulk variant for owner dashboards. Gated by `view-user-auth`. */
|
|
18347
|
+
describeAllUsersAuth(vault: string, factors?: FactorProofBundle): Promise<Array<{
|
|
18348
|
+
userId: string;
|
|
18349
|
+
description: string;
|
|
18350
|
+
}>>;
|
|
18351
|
+
/**
|
|
18352
|
+
* Rotate the user's passphrase (user remembers old). Validates the
|
|
18353
|
+
* new phrase against the configured `passphrase` policy, runs the
|
|
18354
|
+
* `rotate-passphrase` gate, then re-derives + re-wraps every DEK.
|
|
18355
|
+
*
|
|
18356
|
+
* Tier-2 authenticator slots are dropped — each slot wraps the old
|
|
18357
|
+
* KEK and would need its derivation key to be re-presented. Re-enrol
|
|
18358
|
+
* via `db.enrollAuthenticator` after rotation.
|
|
18359
|
+
*
|
|
18360
|
+
* @throws `WeakPassphraseError` on a weak new phrase.
|
|
18361
|
+
* @throws `PolicyDeniedError` when the gate denies (missing factor, …).
|
|
18362
|
+
* @throws `InvalidKeyError` when `oldPassphrase` is wrong.
|
|
18363
|
+
*/
|
|
18364
|
+
rotatePassphrase(vault: string, input: RotatePassphraseInput, factors?: FactorProofBundle): Promise<void>;
|
|
18365
|
+
/**
|
|
18366
|
+
* Reset the passphrase using a recovery proof (user forgot the old).
|
|
18367
|
+
* Currently supports the `'paper'` profile end-to-end; the
|
|
18368
|
+
* other profiles throw {@link RecoveryProfileNotImplementedError}.
|
|
18369
|
+
*
|
|
18370
|
+
* Burns the used recovery entry on success.
|
|
18371
|
+
*/
|
|
18372
|
+
recoverPassphrase(vault: string, input: RecoverPassphraseInput, factors?: FactorProofBundle): Promise<RecoverPassphraseResult>;
|
|
18373
|
+
/**
|
|
18374
|
+
* Deliberate paper-recovery-code regeneration. User knows their
|
|
18375
|
+
* passphrase but wants a fresh sheet — they lost the printout or
|
|
18376
|
+
* suspect compromise of the off-site copy.
|
|
18377
|
+
*
|
|
18378
|
+
* Symmetric to {@link rotatePassphrase} for the recovery profile:
|
|
18379
|
+
* gated, audit-trackable, ergonomic. Replaces (not appends) the
|
|
18380
|
+
* paper sheet under `_meta/recovery-paper` in a single envelope `put`.
|
|
18381
|
+
*
|
|
18382
|
+
* Gated by the `rotate-recovery` policy gate:
|
|
18383
|
+
* - PERSONAL_POLICY: `{ minTier: 1 }` — knowing the passphrase
|
|
18384
|
+
* suffices, matching the lower-level flow's bar.
|
|
18385
|
+
* - STRICT_POLICY: `{ minTier: 1, factors: [{ anyOf: ['totp',
|
|
18386
|
+
* 'email-otp', 'webauthn-roaming'] }] }` — rotation is an
|
|
18387
|
+
* off-site-trust event; require an off-device factor so a
|
|
18388
|
+
* stolen unlocked laptop cannot silently mint a sheet for the
|
|
18389
|
+
* attacker.
|
|
18390
|
+
*
|
|
18391
|
+
* Defaults `count` to the existing sheet size so consumers aren't
|
|
18392
|
+
* surprised by a different code count. Explicit `count` overrides.
|
|
18393
|
+
*
|
|
18394
|
+
* @throws {@link RecoveryProfileNotImplementedError} when `profile`
|
|
18395
|
+
* is anything other than `'paper'` (v1 dispatch limit).
|
|
18396
|
+
* @throws {@link PolicyDeniedError} when the gate denies (missing
|
|
18397
|
+
* factor, tier mismatch, ...).
|
|
18398
|
+
* @throws on missing paper sheet — "nothing to rotate" surfaces as
|
|
18399
|
+
* an error rather than silently minting an entire new sheet.
|
|
18400
|
+
*
|
|
18401
|
+
* @example Default count + show-once UI
|
|
18402
|
+
* ```ts
|
|
18403
|
+
* const { newCodes } = await db.rotateRecovery('acme', { profile: 'paper' })
|
|
18404
|
+
* showCodesToUser(newCodes)
|
|
18405
|
+
* ```
|
|
18406
|
+
*
|
|
18407
|
+
* @example STRICT-policy site with TOTP factor proof
|
|
18408
|
+
* ```ts
|
|
18409
|
+
* await db.rotateRecovery(
|
|
18410
|
+
* 'acme',
|
|
18411
|
+
* { profile: 'paper', count: 10 },
|
|
18412
|
+
* { factors: [{ kind: 'totp', proof: '123456' }] },
|
|
18413
|
+
* )
|
|
18414
|
+
* ```
|
|
18415
|
+
*/
|
|
18416
|
+
rotateRecovery(vault: string, options: RotateRecoveryOptions, factors?: FactorProofBundle): Promise<RotateRecoveryResult>;
|
|
18417
|
+
private rotateRecoveryPaper;
|
|
18418
|
+
private rotateRecoveryShamir;
|
|
18419
|
+
/**
|
|
18420
|
+
* **Atomic create-and-enroll for managed-mode vaults.**
|
|
18421
|
+
*
|
|
18422
|
+
* Bootstraps a managed-mode vault and enrolls strong recovery in
|
|
18423
|
+
* a single ceremony. Under `passphraseMode: 'managed'`, every
|
|
18424
|
+
* `openVault` call requires a strong recovery profile (Shamir
|
|
18425
|
+
* today) to be enrolled — otherwise it throws
|
|
18426
|
+
* {@link ManagedRecoveryNotEnrolledError}. This method bypasses
|
|
18427
|
+
* the check temporarily so the keyring can be created, enrolls
|
|
18428
|
+
* the supplied recovery profile(s), then returns the vault.
|
|
18429
|
+
*
|
|
18430
|
+
* For Shamir enrollments, the show-once share strings come back
|
|
18431
|
+
* in `recoveryEnrollments[i].shares`. The hub never retains them
|
|
18432
|
+
* — the caller MUST display them to the user (once) before any
|
|
18433
|
+
* subsequent operation.
|
|
18434
|
+
*
|
|
18435
|
+
* Paper alone is NOT a strong profile under managed mode; passing
|
|
18436
|
+
* `{ profile: 'paper', ... }` without an accompanying shamir entry
|
|
18437
|
+
* is rejected at validation time.
|
|
18438
|
+
*
|
|
18439
|
+
* ```ts
|
|
18440
|
+
* const db = await createNoydb({
|
|
18441
|
+
* store, user: 'alice',
|
|
18442
|
+
* passphraseMode: 'managed',
|
|
18443
|
+
* sealingKey: macosKeychainSealingProvider({ ... }),
|
|
18444
|
+
* })
|
|
18445
|
+
*
|
|
18446
|
+
* const { vault, recoveryEnrollments } = await db.openVaultAndEnrollRecovery('acme', {
|
|
18447
|
+
* recovery: [{ profile: 'shamir', k: 2, n: 3 }],
|
|
18448
|
+
* })
|
|
18449
|
+
* for (const r of recoveryEnrollments) {
|
|
18450
|
+
* if (r.shares) showSharesToUser(r.shares) // ONCE
|
|
18451
|
+
* }
|
|
18452
|
+
* ```
|
|
18453
|
+
*
|
|
18454
|
+
* @throws ValidationError if recovery is empty, or contains no
|
|
18455
|
+
* strong profile under managed mode.
|
|
18456
|
+
*/
|
|
18457
|
+
openVaultAndEnrollRecovery(vault: string, opts: {
|
|
18458
|
+
readonly recovery: ReadonlyArray<RecoveryEnrollmentInput>;
|
|
18459
|
+
readonly locale?: string;
|
|
18460
|
+
}): Promise<{
|
|
18461
|
+
readonly vault: Vault;
|
|
18462
|
+
readonly recoveryEnrollments: ReadonlyArray<EnrollRecoveryResult>;
|
|
18463
|
+
}>;
|
|
18464
|
+
/**
|
|
18465
|
+
* **Recovery flow under managed-passphrase mode.**
|
|
18466
|
+
*
|
|
18467
|
+
* Replaces the sealed passphrase of a managed-mode vault with a
|
|
18468
|
+
* fresh 256-bit random, sealed under the configured
|
|
18469
|
+
* `SealingKeyProvider`. The user never sees the new passphrase.
|
|
18470
|
+
*
|
|
18471
|
+
* Internally:
|
|
18472
|
+
* 1. Verify the recovery proof (Shamir today) and unwrap the
|
|
18473
|
+
* DEK set.
|
|
18474
|
+
* 2. Mint a fresh 256-bit random as the new effective passphrase.
|
|
18475
|
+
* 3. Rewrap the DEK set under a fresh KEK derived from the new
|
|
18476
|
+
* passphrase (via the existing `recoverPassphrase` path).
|
|
18477
|
+
* 4. Seal the random bytes under the provider and overwrite
|
|
18478
|
+
* `_meta/sealed-passphrase`.
|
|
18479
|
+
* 5. Drop the keyring cache so the next operation re-derives.
|
|
18480
|
+
*
|
|
18481
|
+
* The vault's strong-recovery enrollment is preserved across
|
|
18482
|
+
* recovery (Shamir entries are not burned on use).
|
|
18483
|
+
*
|
|
18484
|
+
* @throws ValidationError if the Noydb instance is not in managed mode.
|
|
18485
|
+
*/
|
|
18486
|
+
recoverManagedPassphrase(vault: string, options: {
|
|
18487
|
+
readonly recoveryProof: RecoveryProof;
|
|
18488
|
+
readonly passphrasePolicy?: PassphrasePolicy;
|
|
18489
|
+
}): Promise<void>;
|
|
18490
|
+
/**
|
|
18491
|
+
* Atomic peer-recovery — re-wraps an EXISTING user's keyring under
|
|
18492
|
+
* a fresh temp passphrase in a single store write. Closes the
|
|
18493
|
+
* partial-failure window (the previous compose-from-primitives
|
|
18494
|
+
* pattern was `db.revoke + db.grant`, two writes — if the issuer
|
|
18495
|
+
* cancelled between them the target was locked out entirely).
|
|
18496
|
+
*
|
|
18497
|
+
* Different from `db.revoke + db.grant`:
|
|
18498
|
+
*
|
|
18499
|
+
* - Same `userId`, role, permissions, capabilities preserved.
|
|
18500
|
+
* - DEKs unchanged → every other principal in the vault keeps
|
|
18501
|
+
* access. No key rotation.
|
|
18502
|
+
* - Allows owner→owner natively. The existing
|
|
18503
|
+
* `db.revoke` retains its block — peer-recovery is a separate,
|
|
18504
|
+
* intentionally-named operation.
|
|
18505
|
+
* - Tier-2 slots dropped (they wrap the old KEK).
|
|
18506
|
+
*
|
|
18507
|
+
* Gated by `peer-recover-user`; `STRICT_POLICY` requires a
|
|
18508
|
+
* recovery / TOTP / email-OTP factor proof at the moment of
|
|
18509
|
+
* recovery, so the issuer affirmatively re-asserts identity.
|
|
18510
|
+
*
|
|
18511
|
+
* The recipient should call `db.rotatePassphrase` on first session
|
|
18512
|
+
* to choose their own phrase — the temp acts as a single-use
|
|
18513
|
+
* bridge.
|
|
18514
|
+
*
|
|
18515
|
+
* ```ts
|
|
18516
|
+
* await db.recoverUser('acme', {
|
|
18517
|
+
* userId: 'bob',
|
|
18518
|
+
* passphrase: 'temporary-correct-horse-battery-staple-printer',
|
|
18519
|
+
* }, { factors: [{ kind: 'recovery' }] })
|
|
18520
|
+
* // Bob opens createNoydb({ user: 'bob', secret: tempPhrase })
|
|
18521
|
+
* // and immediately calls db.rotatePassphrase to set his own.
|
|
18522
|
+
* ```
|
|
18523
|
+
*
|
|
18524
|
+
* @throws `NoAccessError` when no keyring exists for the target.
|
|
18525
|
+
* @throws `PermissionDeniedError` when the caller's role can't
|
|
18526
|
+
* recover the target's role (admin→owner is blocked even
|
|
18527
|
+
* under recovery).
|
|
18528
|
+
* @throws `PrivilegeEscalationError` when the caller lacks a DEK
|
|
18529
|
+
* the target previously had access to.
|
|
18530
|
+
*
|
|
18531
|
+
*/
|
|
18532
|
+
recoverUser(vault: string, options: RecoverUserOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18533
|
+
/**
|
|
18534
|
+
* Persist a recovery enrollment. Accepts the `'paper'`
|
|
18535
|
+
* profile.
|
|
18536
|
+
*
|
|
18537
|
+
* The hub wraps the user's DEK set (not the KEK) under a code-derived
|
|
18538
|
+
* AES-GCM key — see `team/recovery.ts` for the rationale. The mint
|
|
18539
|
+
* helper {@link mintPaperRecoveryEntry} is the canonical primitive;
|
|
18540
|
+
* pair it with `db.getKeyring(vault)` to obtain the live DEK set:
|
|
18541
|
+
*
|
|
18542
|
+
* ```ts
|
|
18543
|
+
* import { mintPaperRecoveryEntry } from '@noy-db/hub'
|
|
18544
|
+
*
|
|
18545
|
+
* const keyring = await db.getKeyring('acme')
|
|
18546
|
+
* const codes: string[] = ['CORRECT-HORSE-1', 'BATTERY-STAPLE-2', ...]
|
|
18547
|
+
* const entries = await Promise.all(
|
|
18548
|
+
* codes.map((code, i) => mintPaperRecoveryEntry(keyring.deks, code, `code-${i}`)),
|
|
18549
|
+
* )
|
|
18550
|
+
* await db.enrollRecovery('acme', { profile: 'paper', entries })
|
|
18551
|
+
* showCodesToUser(codes)
|
|
18552
|
+
* ```
|
|
18553
|
+
*
|
|
18554
|
+
* `@noy-db/on-recovery`'s `generateRecoveryCodeSet`
|
|
18555
|
+
* delegates to `mintPaperRecoveryEntry` internally — its output is
|
|
18556
|
+
* fed directly to this API. Pick whichever fits your code-gen layer:
|
|
18557
|
+
*
|
|
18558
|
+
* ```ts
|
|
18559
|
+
* import { generateRecoveryCodeSet } from '@noy-db/on-recovery'
|
|
18560
|
+
* const { codes, entries } = await generateRecoveryCodeSet({ deks: keyring.deks, count: 8 })
|
|
18561
|
+
* await db.enrollRecovery('acme', { profile: 'paper', entries })
|
|
18562
|
+
* ```
|
|
18563
|
+
*/
|
|
18564
|
+
enrollRecovery(vault: string, enrollment: RecoveryEnrollmentInput): Promise<EnrollRecoveryResult>;
|
|
18565
|
+
/** Read the persisted recovery entries (paper + Shamir). Used by `describeAuthConfig`. */
|
|
18566
|
+
listRecoveryEntries(vault: string): Promise<{
|
|
18567
|
+
paper: ReadonlyArray<PaperRecoveryEntry>;
|
|
18568
|
+
shamir: ReadonlyArray<ShamirRecoveryEntry>;
|
|
18569
|
+
}>;
|
|
18570
|
+
/**
|
|
18571
|
+
* Register a tier-3 quick-unlock state for the vault. The state is
|
|
18572
|
+
* an opaque blob produced by `@noy-db/on-pin/enrollPin` (or any
|
|
18573
|
+
* compatible primitive). It is held in memory only — never persisted
|
|
18574
|
+
* — and auto-clears when its `expiresAt` elapses.
|
|
18575
|
+
*
|
|
18576
|
+
* Gated by `rotate-unlock` (the same gate covers "set" and "rotate"
|
|
18577
|
+
* because tier-3 is a single-slot rolling secret).
|
|
18578
|
+
*/
|
|
18579
|
+
enrollUnlock(vault: string, state: QuickUnlockState, factors?: FactorProofBundle): Promise<void>;
|
|
18580
|
+
/**
|
|
18581
|
+
* Resume a session via the registered tier-3 state. The verifier is
|
|
18582
|
+
* `@noy-db/on-pin/resumePin` (or compatible). On success, mark the
|
|
18583
|
+
* active session tier as 3 — every operation must re-authenticate at
|
|
18584
|
+
* tier 2 to elevate.
|
|
18585
|
+
*
|
|
18586
|
+
* Returns `undefined` (caller should fall back to tier 2) when no
|
|
18587
|
+
* tier-3 state is registered.
|
|
18588
|
+
*/
|
|
18589
|
+
unlockViaPin(vault: string, resume: (state: QuickUnlockState) => Promise<UnlockedKeyring>): Promise<UnlockedKeyring | undefined>;
|
|
18590
|
+
/** Drop the tier-3 state for a vault — explicit logout. */
|
|
18591
|
+
clearQuickUnlock(vault: string): void;
|
|
18592
|
+
/**
|
|
18593
|
+
* Public accessor for the unlocked keyring of a vault.
|
|
18594
|
+
*
|
|
18595
|
+
* Returns a **defensive shallow copy** so consumers can read the DEK
|
|
18596
|
+
* map and authenticator list without the risk of mutating the hub's
|
|
18597
|
+
* internal cache. Internal hub code paths use a live reference
|
|
18598
|
+
* via `getKeyringInternal`; ceremonies and external consumers always
|
|
18599
|
+
* get a snapshot.
|
|
18600
|
+
*
|
|
18601
|
+
* The CryptoKey values inside `deks` are not cloned — Web Crypto
|
|
18602
|
+
* keys are opaque handles, and a shared handle is intentional
|
|
18603
|
+
* (encrypt / decrypt go through the same key the cache holds).
|
|
18604
|
+
* Only the container Map / authenticator array is fresh.
|
|
18605
|
+
*
|
|
18606
|
+
* Used by `@noy-db/on-*` ceremonies that need the live DEK set
|
|
18607
|
+
* (paper recovery via {@link mintPaperRecoveryEntry}, tier-3 PIN
|
|
18608
|
+
* enrolment via on-pin's `enrollPin`, custom on-* ceremonies that
|
|
18609
|
+
* don't have a hub-side wrapper).
|
|
18610
|
+
*
|
|
18611
|
+
* No new permission gate — this is an accessor over already-unlocked
|
|
18612
|
+
* state. The keyring is materialized only after the calling session
|
|
18613
|
+
* has unlocked the vault at tier 1, 2, or 3, so exposing it does not
|
|
18614
|
+
* widen access. Throws `ValidationError` when encryption is enabled
|
|
18615
|
+
* and no `secret` / `getKeyring` is configured.
|
|
18616
|
+
*
|
|
18617
|
+
* ```ts
|
|
18618
|
+
* const keyring = await db.getKeyring('acme')
|
|
18619
|
+
* // keyring.deks: Map<collection, CryptoKey>
|
|
18620
|
+
* // keyring.kek: CryptoKey | null (null for tier-3 / wrap-DEKs sessions)
|
|
18621
|
+
* // keyring.role / .permissions / .authenticators
|
|
18622
|
+
* ```
|
|
18623
|
+
*/
|
|
18624
|
+
getKeyring(vault: string): Promise<UnlockedKeyring>;
|
|
18625
|
+
}
|
|
18626
|
+
|
|
18627
|
+
/**
|
|
18628
|
+
* Multi-user team capability contract (#267 Track A tail — the
|
|
18629
|
+
* keyring-grant → team split). Lives on the `/with` port (the one seam the
|
|
18630
|
+
* kernel spine may import statically) so `Noydb` can hold the `NO_TEAM`
|
|
18631
|
+
* floor default without a spine→service static import.
|
|
18632
|
+
*
|
|
18633
|
+
* The active engine (`withTeam()` in `with-party/team/active.ts`)
|
|
18634
|
+
* statically links the grant/revoke/rotate keyring engines from
|
|
18635
|
+
* `keyring.ts` — bundle-charged to consumers of the `@noy-db/hub/team`
|
|
18636
|
+
* subpath, never to the single-user floor. {@link NO_TEAM} (the floor
|
|
18637
|
+
* default) throws {@link TeamNotEnabledError}.
|
|
18638
|
+
*
|
|
18639
|
+
* `Noydb.grant` / `Noydb.revoke` / `Noydb.rotate` delegate here, passing
|
|
18640
|
+
* their `TeamFacade` — the facade owns the policy-gate + keyring plumbing
|
|
18641
|
+
* (`runGrant` / `runRevoke` / `runRotate`) and receives the engine as an
|
|
18642
|
+
* argument from the strategy.
|
|
18643
|
+
*
|
|
18644
|
+
* Deliberately NOT gated (single-user primitives): owner keyring creation,
|
|
18645
|
+
* unlock, `listUsers`, `updateUser`, passphrase rotate/recover, and the
|
|
18646
|
+
* `createDeedOwner` free function (no createNoydb instance to gate against —
|
|
18647
|
+
* the same carve-out as `liberateVault`).
|
|
18648
|
+
* @internal
|
|
18649
|
+
*/
|
|
18650
|
+
|
|
18651
|
+
interface TeamStrategy {
|
|
18652
|
+
grant(team: TeamFacade, vault: string, options: GrantOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18653
|
+
revoke(team: TeamFacade, vault: string, options: RevokeOptions, factors?: FactorProofBundle): Promise<void>;
|
|
18654
|
+
rotate(team: TeamFacade, vault: string, collections: string[]): Promise<void>;
|
|
18655
|
+
}
|
|
18656
|
+
/**
|
|
18657
|
+
* No-op stub — the floor default. Every multi-user team operation throws
|
|
18658
|
+
* {@link TeamNotEnabledError}; opt in with `teamStrategy: withTeam()` in
|
|
18659
|
+
* createNoydb. @internal
|
|
18660
|
+
*/
|
|
18661
|
+
declare const NO_TEAM: TeamStrategy;
|
|
18662
|
+
|
|
17938
18663
|
/**
|
|
17939
18664
|
* Session policies —
|
|
17940
18665
|
*
|
|
@@ -18197,6 +18922,16 @@ interface EncryptedEnvelope {
|
|
|
18197
18922
|
* one of `_sealed[field]` / `_vdig[field]` exists per field (I4).
|
|
18198
18923
|
*/
|
|
18199
18924
|
readonly _vdig?: Record<string, string>;
|
|
18925
|
+
/**
|
|
18926
|
+
* Equatable blind-index tags (classified slice 2b). Map of digest-only field
|
|
18927
|
+
* name → base64 33-byte tag (1-byte cost/version discriminator ‖ 32-byte keyed
|
|
18928
|
+
* MAC), CURRENT VALUE ONLY (the _vdig ring is never indexed). This is the ONLY
|
|
18929
|
+
* store-visible classified artifact: a keyed MAC, comparable without a key
|
|
18930
|
+
* ceremony, with NO inline cryptographic integrity by construction. Invariant:
|
|
18931
|
+
* _bidx[field] present ⇒ _vdig[field] present. Confirm-by-verify (findByDigest)
|
|
18932
|
+
* makes any read-side orphan/splice unreturnable.
|
|
18933
|
+
*/
|
|
18934
|
+
readonly _bidx?: Record<string, string>;
|
|
18200
18935
|
/**
|
|
18201
18936
|
* Per-record content-encryption key (CEK), base64 AES-KW-wrapped under
|
|
18202
18937
|
* the collection (or tier) DEK. Present only on records written by a
|
|
@@ -18236,6 +18971,19 @@ interface VdigFieldPolicy {
|
|
|
18236
18971
|
/** Ring size for reuse refusal; 0 = no ring. Cap 8 (spec Q4). */
|
|
18237
18972
|
readonly notLastN: number;
|
|
18238
18973
|
readonly rotateDays?: number;
|
|
18974
|
+
/** default false — refused unless the double door is open (R8) */
|
|
18975
|
+
readonly equatable: boolean;
|
|
18976
|
+
}
|
|
18977
|
+
/**
|
|
18978
|
+
* The persisted classified-fields config marker (C-A / R10). Reuses the
|
|
18979
|
+
* stage-2 persisted-schema record; this is the shape of the marker stored
|
|
18980
|
+
* there.
|
|
18981
|
+
*/
|
|
18982
|
+
interface ClassifiedMarker {
|
|
18983
|
+
/** field names declared digest-only (have _vdig); non-empty ⇒ writes need the classified codec */
|
|
18984
|
+
readonly digestOnly: readonly string[];
|
|
18985
|
+
/** field names additionally declared equatable (have _bidx when covered) */
|
|
18986
|
+
readonly equatable: readonly string[];
|
|
18239
18987
|
}
|
|
18240
18988
|
/** Verdict-only egress of the enclave oracle (spec §3). */
|
|
18241
18989
|
interface ClassifiedVerdict {
|
|
@@ -20092,6 +20840,27 @@ interface NoydbOptions {
|
|
|
20092
20840
|
* stays ungated (it has no createNoydb instance to gate against).
|
|
20093
20841
|
*/
|
|
20094
20842
|
readonly custodyStrategy?: CustodyStrategy;
|
|
20843
|
+
/**
|
|
20844
|
+
* Tree-shake seam — optional multi-user team capability (#267
|
|
20845
|
+
* keyring-grant → team split). Pass `withTeam()` from `@noy-db/hub/team`
|
|
20846
|
+
* to enable `db.grant` / `db.revoke` / `db.rotate`. When omitted, those
|
|
20847
|
+
* throw `TeamNotEnabledError` and the keyring grant/revoke/rotate engines
|
|
20848
|
+
* are reached only via opt-in — the always-on floor is single-user.
|
|
20849
|
+
* Single-user primitives (owner keyring, unlock, `listUsers`,
|
|
20850
|
+
* `updateUser`, passphrase rotate/recover) stay ungated, as does the
|
|
20851
|
+
* `createDeedOwner` free function (no createNoydb instance to gate
|
|
20852
|
+
* against).
|
|
20853
|
+
*/
|
|
20854
|
+
readonly teamStrategy?: TeamStrategy;
|
|
20855
|
+
/**
|
|
20856
|
+
* Opt-in seam — the `lazy` service (#267). Pass `withLazy()` from
|
|
20857
|
+
* `@noy-db/hub/lazy` to explicitly enable lazy mode's bounded-LRU
|
|
20858
|
+
* working set for collections declared with `prefetch: false`. When
|
|
20859
|
+
* omitted, `prefetch: false` still works via the deprecated implicit
|
|
20860
|
+
* back-compat path (identical behavior, one-time deprecation warn);
|
|
20861
|
+
* the implicit path will be removed at 1.0.
|
|
20862
|
+
*/
|
|
20863
|
+
readonly lazyStrategy?: LazyStrategy;
|
|
20095
20864
|
/**
|
|
20096
20865
|
* Tree-shake seam — optional search / retrieval capability. Pass
|
|
20097
20866
|
* `withSearch()` from `@noy-db/hub` to enable a collection's `search`
|
|
@@ -20967,4 +21736,4 @@ interface NoydbPolicyDeps {
|
|
|
20967
21736
|
*/
|
|
20968
21737
|
type NoydbPolicyFactory = (deps: NoydbPolicyDeps) => NoydbPolicyApi;
|
|
20969
21738
|
|
|
20970
|
-
export { BLOB_INDEX_COLLECTION as $, resolveI18nText as A, resolvePolicy as B, setAtPathInPlace as C, DICT_COLLECTION_PREFIX as D, staticDict as E, stripI18nFilled as F, validateI18nTextValue as G, type SessionStrategy as H, type I18nStrategy as I, SessionExpiredError as J, SessionNotFoundError as K, type Layer as L, MissingTranslationError as M, SessionPolicyError as N, type OnMissing as O, PolicyEnforcer as P, createEnforcer as Q, ReservedCollectionNameError as R, ScriptViolationError as S, TranslatorNotConfiguredError as T, UnknownDictCodeError as U, Vault as V, validateSessionPolicy as W, type BlobStrategy as X, BLOB_CHUNKS_COLLECTION as Y, BLOB_COLLECTION as Z, BLOB_EVICTION_AUDIT_COLLECTION as _, type DictEntry as a, type Reducer as a$, BLOB_SLOTS_PREFIX as a0, BLOB_VERSIONS_PREFIX as a1, type BlobEvictionEntry as a2, type BlobFieldPolicy as a3, type BlobFieldsConfig as a4, type BlobObject as a5, type BlobPutOptions as a6, type BlobResponseOptions as a7, BlobSet as a8, type BlobStrategyOpenArgs as a9, IDX_PREFIX as aA, type IndexDef as aB, type IndexState as aC, type IngestRow as aD, type LazyOrderBy as aE, LazyQuery as aF, type LazyQuerySource as aG, type OrderedEntry as aH, PersistedCollectionIndex as aI, type PersistedIndexDef as aJ, compositeKey as aK, decodeIdxId as aL, encodeIdxId as aM, isIdxId as aN, type AggregateStrategy as aO, type AggregateResult as aP, type AggregateSpec as aQ, Aggregation as aR, type AggregationUpstream as aS, GROUPBY_MAX_CARDINALITY as aT, GROUPBY_WARN_CARDINALITY as aU, GroupedAggregation as aV, GroupedQuery as aW, GroupedQueryN as aX, type GroupedRow as aY, type GroupedRowN as aZ, type LiveAggregation as a_, type CompactRunOptions as aa, type CompactionContext as ab, type CompactionResult as ac, DEFAULT_CHUNK_SIZE as ad, EXPORT_AUDIT_COLLECTION as ae, ExportBlobsAbortedError as af, type ExportBlobsAuditEntry as ag, type ExportBlobsHandle as ah, type ExportBlobsOptions as ai, type ExportedBlob as aj, type ObjectListEntry as ak, type ObjectMeta as al, type ObjectProjection as am, type ObjectUrlOptions as an, type PutObjectOptions as ao, type PutUrlOptions as ap, type SlotInfo as aq, type SlotRecord as ar, type VersionRecord as as, createExportBlobsHandle as at, memoryObjectProjection as au, runCompaction as av, type IndexStrategy as aw, COMPOSITE_DELIMITER as ax, CollectionIndexes as ay, type HashIndex as az, type DictKeyDescriptor as b, type SnapshotMeta as b$, type ReducerBuilder as b0, type ReducerOptions as b1, avg as b2, buildLiveAggregation as b3, count as b4, groupAndReduce as b5, max as b6, min as b7, moneyMax as b8, moneyMin as b9, type OpenPeriodOptions as bA, PERIODS_COLLECTION as bB, type PeriodRecord as bC, type ReadOnlyCollection as bD, appendPeriodLedgerEntry as bE, assertTsWritable as bF, chainAnchor as bG, loadPeriods as bH, validatePeriodName as bI, type GuardStrategy as bJ, type GuardChange as bK, type GuardContext as bL, AmendmentForbiddenError as bM, FieldFrozenError as bN, GuardRegistry as bO, type GuardStrategyHandle as bP, IllegalTransitionError as bQ, InvariantError as bR, ReadOnlyVaultFacade as bS, RecordLockedError as bT, type ShadowStrategy as bU, CollectionFrame as bV, VaultFrame as bW, type NoydbPodStore as bX, type RetentionPolicy as bY, type SnapshotPolicy as bZ, type SnapshotStrategy as b_, moneySum as ba, reduceRecords as bb, reducerBuilder as bc, resetGroupByWarnings as bd, sum as be, type CrdtStrategy as bf, type CrdtMode as bg, type CrdtState as bh, type LwwMapState as bi, type RgaState as bj, type YjsState as bk, buildLwwMapState as bl, buildRgaState as bm, mergeCrdtStates as bn, resolveCrdtSnapshot as bo, type ConsentStrategy as bp, CONSENT_AUDIT_COLLECTION as bq, type ConsentAuditEntry as br, type ConsentAuditFilter as bs, type ConsentContext as bt, type ConsentOp as bu, loadConsentEntries as bv, writeConsentEntry as bw, type PeriodsStrategy as bx, type CarryForwardContext as by, type ClosePeriodOptions as bz, DictKeyInUseError as c, type JsonPatchOp as c$, type SnapshotMode as c0, SnapshotNotFoundError as c1, type DerivationStrategy as c2, type DerivationContext as c3, type ArrayOutputSpec as c4, DerivationCapExceededError as c5, DerivationCycleError as c6, DerivationDepthError as c7, DerivationOutputShapeError as c8, DerivationOutputUnknownError as c9, type WithdrawAccessibleOptions as cA, type WithdrawResult as cB, type WithdrawalRequest as cC, type WithdrawalRequestStatus as cD, type DiffEntry as cE, type UnlockedKeyring as cF, type ExportFormat as cG, type BusHandler as cH, type GateDeleteEvent as cI, type GateEventMap as cJ, type GateHandler as cK, type GatePoint as cL, type GatePutEvent as cM, type LifecycleEventMap as cN, type LifecyclePoint as cO, ServiceBus as cP, SubsystemBus as cQ, type Role as cR, type HistoryStrategy as cS, type NoydbStore as cT, type HistoryOptions as cU, type EncryptedEnvelope as cV, type PruneOptions as cW, type AppendInput as cX, type ChangeType as cY, CollectionInstant as cZ, type JsonPatch as c_, DerivationRegistry as ca, type DerivationStrategyHandle as cb, type DerivedFromMeta as cc, type OutputSpec as cd, type RecordOutputSpec as ce, type MaterializedViewStrategy as cf, type MaterializedViewStrategyHandle as cg, type OverlayedViewStrategy as ch, Collection as ci, OverlayBaseIsVirtualError as cj, OverlayCollectionUnavailableError as ck, type OverlayFieldMergeMode as cl, type OverlayFieldMergeRule as cm, OverlayIdMismatchError as cn, OverlayNameCollisionError as co, OverlayedViewRegistry as cp, type OverlayedViewStrategyHandle as cq, type SyncStrategy as cr, type PortabilityStrategy as cs, type ApproveWithdrawalOptions as ct, type ExportAccessibleOptions as cu, NO_PORTABILITY as cv, PortabilityNotEnabledError as cw, type RejectWithdrawalOptions as cx, type RequestWithdrawalOptions as cy, type RequestWithdrawalResult as cz, DictKeyMissingError as d, isClassifiedGroup as d$, LedgerStore as d0, type VaultEngine as d1, VaultInstant as d2, type VerifyResult as d3, applyPatch as d4, computePatch as d5, diff as d6, formatDiff as d7, type SealedRecordStrategy as d8, type SealedCekDeliveryEnvelope as d9, AttestationNotEnabledError as dA, type IssueArgs as dB, type IssueContext as dC, type IssueResult as dD, NO_ATTESTATION as dE, type RevokeContext as dF, getRevokedDocIdsCore as dG, issueAttestationCore as dH, publishRevocationListCore as dI, revokeDocCore as dJ, unrevokeDocCore as dK, type ClassifiedFieldSpec as dL, type ClassifiedStrategy as dM, ClassifiedConfigError as dN, type ClassifiedEntry as dO, type ClassifiedGroup as dP, type ClassifiedList as dQ, type ClassifiedRevealCtx as dR, ClassifiedRevealError as dS, type ClassifiedRider as dT, ClassifiedRotationError as dU, type ClassifiedStorage as dV, type ClassifiedVerdict as dW, type ClassifiedVerifyCtx as dX, ClassifiedVerifyError as dY, NO_CLASSIFIED as dZ, isClassifiedFieldSpec as d_, NO_SEALED_RECORD as da, type SealedCekBinding as db, SealedRecordExpiredError as dc, SealedRecordMismatchError as dd, SealedRecordNotEnabledError as de, type WalkClosureOptions as df, type SealingKeyProvider as dg, type RecoveryEnrollmentInput as dh, type ShamirRecoveryProvider as di, type EnclaveKey as dj, AdoptionStateError as dk, BackupCorruptedError as dl, BackupLedgerError as dm, BundleIntegrityError as dn, BundleSealMismatchError as dp, BundleVersionConflictError as dq, type ClosureResult as dr, type ExtractPartitionResult as ds, PartitionExtractionError as dt, PodVersionConflictError as du, TransferSealError as dv, extractPartition as dw, walkClosure as dx, type AttestationStrategy as dy, AttestationError as dz, DictionaryHandle as e, ConflictError as e$, type PublicEnvelope as e0, type BundleRecipient as e1, type RecipientSealer as e2, type RecipientHint as e3, TxContext as e4, type MVQueryContext as e5, type RegisteredMV as e6, Query as e7, MaterializedViewRegistry as e8, type MaterializedFromMeta as e9, type PolicyDenyReason as eA, type GatePolicy as eB, type AccessibleVault as eC, type AffectedDocument as eD, AlreadyElevatedError as eE, type ArchivePolicy as eF, type ArchiveResult as eG, type ArchiveRunOptions as eH, type ArchiveStrategy as eI, BUNDLE_STORE_POLICY as eJ, type BuiltInGateName as eK, type CacheOptions as eL, type CacheStats as eM, CargoNotEnabledError as eN, type CargoStrategy as eO, type ChangeEvent as eP, ClassifiedNotEnabledError as eQ, type Clause as eR, type CollectionChangeEvent as eS, type CollectionConfig as eT, type CollectionConflictResolver as eU, type CollectionDescriptor as eV, type CollectionStats as eW, ComputedFieldError as eX, type ComputedFields as eY, type ComputedFn as eZ, type Conflict as e_, MaterializedViewConfigError as ea, MaterializedViewCycleError as eb, type MaterializedViewOutput as ec, MaterializedViewSourceUnknownError as ed, MaterializedViewTooLargeError as ee, type UnionArmJoin as ef, type UnionSource as eg, type SearchStrategy as eh, type SequenceStrategy as ei, type CustodyStrategy as ej, type SchemaUpdateStrategy as ek, type TransformFn as el, type PersistedSchemaEnvelope as em, type UpdateDecision as en, type UserEnvelope as eo, type VaultUserApi as ep, type UserApiDeps as eq, type DeepPartialOrNull as er, type UserEnvelopePresented as es, type Unsubscribe as et, type LiveUserEnvelope as eu, type RoundingMode as ev, type VaultPolicy as ew, type ActiveTier as ex, type FactorProof as ey, type GateName as ez, type DictionaryOptions as f, type HistoryEntry as f$, type ConflictPolicy as f0, type ConflictStrategy as f1, CrossJoinSourceUnknownError as f2, CrossJoinTooLargeError as f3, type CrossTierAccessEvent as f4, CustodyApi as f5, type CustodyHost as f6, CustodyNotEnabledError as f7, DEFAULT_CROSS_JOIN_MAX_ROWS as f8, DEFAULT_JOIN_MAX_ROWS as f9, type EnrollAuthenticatorWrappingKEKOptions as fA, type EnrollRecoveryResult as fB, type ExportCapability as fC, ExportCapabilityError as fD, type ExportChunk as fE, type ExportStreamOptions as fF, type FactorKind as fG, type FactorProofBundle as fH, type FactorRequirement as fI, type FenceDoc as fJ, type FenceState as fK, type FieldChange as fL, type FieldClause as fM, type FieldDescriptor as fN, type FieldSource as fO, FilenameSanitizationError as fP, type FilterClause as fQ, ForgetStrategyNotConfiguredError as fR, type FormattedSequenceHandle as fS, type FrozenSnapshotRef as fT, type GhostRecord as fU, type GrantCustodianOptions as fV, type GrantOptions as fW, GroupCardinalityError as fX, type GroupClause as fY, type GuardViolation as fZ, type HistoryConfig as f_, DEFAULT_PUBLIC_ENVELOPE_SCHEMA as fa, DELEGATIONS_COLLECTION as fb, DanglingReferenceError as fc, DataResidencyError as fd, DebugPlaintextError as fe, DebugReservedFieldError as ff, DecryptionError as fg, type DeepPartial as fh, type DeferredNumberingConfig as fi, DelegationTargetMissingError as fj, type DelegationToken as fk, type DeleteManyResult as fl, type DerivationDescriptor as fm, DirectoryDisabledError as fn, type DirtyEntry as fo, type DryRunResult as fp, type DumpSchemaOptions as fq, ELEVATION_AUDIT_COLLECTION as fr, ElevatedHandle as fs, ElevationExpiredError as ft, type EmbeddingDescriptor as fu, EmbeddingDimMismatchError as fv, EmbeddingModelMismatchError as fw, EnclaveNotSupportedError as fx, type EnrollAuthenticatorOptions as fy, type EnrollAuthenticatorWrappingDEKsOptions as fz, type I18nMap as g, NO_CUSTODY as g$, INDEXED_STORE_POLICY as g0, type ImportCapability as g1, ImportCapabilityError as g2, type IndexFieldName as g3, IndexRequiredError as g4, IndexWriteFailureError as g5, type InferOutput as g6, type InternalCollectionStats as g7, InvalidKeyError as g8, type IssueDelegationOptions as g9, type LocaleReadOptions as gA, Lru as gB, type LruOptions as gC, type LruStats as gD, MAGIC_LINK_CONTENT_INFO_PREFIX as gE, MAGIC_LINK_GRANTS_COLLECTION as gF, MAGIC_LINK_KEK_INFO_PREFIX as gG, type MagicLinkGrantPayload as gH, type MagicLinkGrantRecord as gI, ManagedRecoveryNotEnrolledError as gJ, type MaterializedViewDescriptor as gK, MemoryRecipientSealer as gL, MemorySealingKeyProvider as gM, MigrationRequiredError as gN, MoneyCurrencyError as gO, type MoneyDescriptor as gP, type MoneyOptions as gQ, type MoneyOptionsFixed as gR, type MoneyOptionsMulti as gS, MoneyPrecisionError as gT, type MoneyString as gU, MoneyUnsupportedError as gV, NOYDB_BACKUP_VERSION as gW, NOYDB_FORMAT_VERSION as gX, NOYDB_KEYRING_VERSION as gY, NOYDB_SYNC_VERSION as gZ, NO_CARGO as g_, type IssueMagicLinkGrantOptions as ga, type JoinContext as gb, type JoinLeg as gc, type JoinStrategy as gd, JoinTooLargeError as ge, type JoinableSource as gf, type KeyringAuthenticator as gg, type KeyringAuthenticatorWrappingDEKs as gh, type KeyringAuthenticatorWrappingKEK as gi, KeyringCorruptError as gj, KeyringExpiredError as gk, type KeyringFile as gl, LedgerContentionError as gm, type LiberateOptions as gn, type LiberateResult as go, LinkEndpointError as gp, LinkIntegrityError as gq, type LinkOnDelete as gr, type LinkRow as gs, type LinkSetHandle as gt, type LinkSpec as gu, type ListAccessibleVaultsOptions as gv, type ListPageResult as gw, type ListUsersOptions as gx, type LiveQuery as gy, type LiveUpstream as gz, type I18nTextDescriptor as h, type RecoverPassphraseResult as h$, NO_SEARCH as h0, NO_SEQUENCE as h1, NetworkError as h2, type NextOptions as h3, NoAccessError as h4, NonAdditiveSchemaChangeError as h5, NotFoundError as h6, Noydb as h7, type NoydbBundleStore as h8, NoydbError as h9, type PublicEnvelopeSchema as hA, type PublicEnvelopeText as hB, type PullMode as hC, type PullOptions as hD, type PullPolicy as hE, type PullResult as hF, type PushMode as hG, type PushOptions as hH, type PushPolicy as hI, type PushResult as hJ, type PutManyItemOptions as hK, type PutManyOptions as hL, type PutManyResult as hM, type QueryAcrossOptions as hN, type QueryAcrossResult as hO, type QueryField as hP, type QueryPlan as hQ, type QuerySource as hR, type QuickUnlockState as hS, QuickUnlockStore as hT, QuiesceTimeoutError as hU, type ReAuthOperation as hV, ReadOnlyAtInstantError as hW, ReadOnlyError as hX, ReadOnlyFrameError as hY, RecordCekNotFoundError as hZ, type RecoverPassphraseInput as h_, type NoydbEventMap as ha, type NoydbOptions as hb, type Assignment as hc, NumberingUncertaintyError as hd, type Operator as he, type OrderBy as hf, type OverlayViewDescriptor as hg, POD_STORE_POLICY as hh, PUBLIC_ENVELOPE_FIELDS as hi, type PaperRecoveryDoc as hj, type PaperRecoveryEntry as hk, type PassphrasePolicy as hl, type PassphraseValidationResult as hm, PathEscapeError as hn, PeriodClosedError as ho, type Permission as hp, PermissionDeniedError as hq, type Permissions as hr, type PersistedSchemaKind as hs, type PlaintextTranslatorContext as ht, type PlaintextTranslatorFn as hu, PolicyDeniedError as hv, PresenceHandle as hw, type PresencePeer as hx, PrivilegeEscalationError as hy, type PublicEnvelopeField as hz, type I18nTextOptions as i, SyncScheduler as i$, type RecoverUserOptions as i0, RecoveryNotEnrolledError as i1, RecoveryProfileNotImplementedError as i2, type RecoveryProof as i3, type RefDescriptor as i4, RefIntegrityError as i5, type RefMode as i6, RefRegistry as i7, RefScopeError as i8, type RefViolation as i9, type SearchOptions as iA, type SearchResult as iB, SequenceContentionError as iC, type SequenceHandle as iD, SequenceNotEnabledError as iE, SequenceOfflineError as iF, type SequenceOptions as iG, SequenceStore as iH, type SequenceStoreOptions as iI, type SessionPolicy as iJ, type SetPublicEnvelopeInput as iK, type ShamirRecoveryDoc as iL, type ShamirRecoveryEntry as iM, ShardProvisioningError as iN, type SlotRewrapCeremony as iO, type SlotRewrapContext as iP, type StandardSchemaV1 as iQ, type StandardSchemaV1Issue as iR, type StandardSchemaV1SyncResult as iS, type StoreAuth as iT, type StoreAuthKind as iU, type StoreCapabilities as iV, StoreCapabilityError as iW, type StoreTime as iX, SyncEngine as iY, type SyncMetadata as iZ, type SyncPolicy as i_, ReservedVaultNameError as ia, type ResolvedPublicEnvelopeSchema as ib, type RetrieveHit as ic, type RetrieveOptions as id, type RevokeOptions as ie, type RotatePassphraseInput as ig, type RotateRecoveryOptions as ih, type RotateRecoveryResult as ii, SEALED_PASSPHRASE_RECORD_ID as ij, ScanBuilder as ik, type ScanPageProvider as il, type SchemaDelta as im, SchemaFenceError as io, type SchemaIntrospection as ip, SchemaLockedError as iq, SchemaUpdateError as ir, SchemaValidationError as is, type Sealed as it, type SealedEnvelope as iu, SealedHandle as iv, type SealedPassphrase as iw, type SealedView as ix, type SearchEntry as iy, SearchNotEnabledError as iz, LocaleNotSpecifiedError as j, enrollAuthenticator as j$, type SyncSchedulerStatus as j0, type SyncStatus as j1, type SyncTarget as j2, type SyncTargetRole as j3, SyncTransaction as j4, type SyncTransactionResult as j5, type TabChannel as j6, type TabCoordinationOptions as j7, type TabLockManager as j8, type TabPresence as j9, type WarningRules as jA, WeakPassphraseError as jB, type WeakPassphraseReason as jC, type WithArchiveOptions as jD, WithdrawalRequestError as jE, type WrappedDeksBlob as jF, type WriteConflict as jG, type WriteQueue as jH, aesGcmOpen as jI, applyJoins as jJ, approveWithdrawal as jK, asMoney as jL, assertStrongPassphrase as jM, base64ToBuffer as jN, bufferToBase64 as jO, buildLiveQuery as jP, buildRecipientKeyringFile as jQ, burnPaperRecoveryEntry as jR, compileSequenceFormat as jS, createNoydb as jT, createStore as jU, decryptBytes as jV, decryptDeterministic as jW, deriveMagicLinkContentKey as jX, derivePresenceKey as jY, encryptBytes as jZ, encryptDeterministic as j_, type TabRole as ja, TamperedError as jb, TierDemoteDeniedError as jc, type TierMode as jd, TierNotGrantedError as je, TiersNotEnabledError as jf, type TransactionInvariant as jg, type TranslatorAuditEntry as jh, TxCollection as ji, type TxOp as jj, TxVault as jk, UniqueConstraintError as jl, UnknownShardError as jm, UnsupportedIndexOptionError as jn, type UpdateAuthenticatorOptions as jo, type UpdateContext as jp, type UpdateUserOptions as jq, type UserEnvelopeCheckGate as jr, UserEnvelopeOversizedError as js, type UserInfo as jt, ValidationError as ju, type VaultBackup as jv, type VaultPolicyOnDisk as jw, type VaultSchemaSnapshot as jx, type VaultSnapshot as jy, VaultTemplateNotFoundError as jz, type OnMissingPolicy as k, validateSchemaOutput as k$, estimateEntropy as k0, evalComputedFields as k1, evaluateClause as k2, evaluateExportCapability as k3, evaluateFieldClause as k4, evaluateImportCapability as k5, executePlan as k6, exportAccessibleData as k7, findAuthenticator as k8, hasExportCapability as k9, parseRsaOaepTlv as kA, parseSealedEnvelope as kB, readMagicLinkGrantRecord as kC, readPath as kD, recoverUser as kE, ref as kF, refArray as kG, rejectWithdrawal as kH, removeAuthenticator as kI, requestWithdrawal as kJ, resetJoinWarnings as kK, resolveSchema as kL, resolveSequenceKey as kM, revokeDelegation as kN, revokeMagicLinkGrant as kO, runTransaction as kP, savePaperRecoveryEntries as kQ, saveSealedPassphrase as kR, saveShamirRecoveryEntries as kS, sealRsaOaepTlv as kT, unwrapDeksFromBlob as kU, unwrapDeksFromPaperEntry as kV, unwrapDeksFromShamirEntry as kW, unwrapMagicLinkGrant as kX, validatePassphrase as kY, validatePublicEnvelopeInput as kZ, validateSchemaInput as k_, hasImportCapability as ka, hasRecoveryEnrolled as kb, isLinkCollectionName as kc, isMagicLinkGrantExpired as kd, isMoneyDescriptor as ke, isMoneyString as kf, isPublicEnvelope as kg, isRefArray as kh, issueDelegation as ki, recoverPassphrase as kj, rotatePassphrase as kk, liberateVault as kl, listMagicLinkGrants as km, listUsers as kn, listUsersWithEnvelopes as ko, listWithdrawalRequests as kp, loadActiveDelegations as kq, loadPaperRecoveryEntries as kr, loadSealedPassphrase as ks, loadShamirRecoveryEntries as kt, magicLinkGrantRecordId as ku, mintPaperRecoveryEntry as kv, mintShamirRecoveryEntry as kw, mintWrappedDeksBlob as kx, money as ky, moneyNumber as kz, type ResolveI18nOptions as l, withArchive as l0, withDeferredNumbering as l1, withdrawAccessibleData as l2, writeMagicLinkGrant as l3, changeSecret as l4, createOwnerKeyring as l5, ensureCollectionDEK as l6, grant as l7, loadKeyring as l8, persistKeyring as l9, revoke as la, updateAuthenticator as lb, updateKeyringIdentity as lc, type TxStrategy as ld, type AmendmentTxOptions as le, CrossShardJoinError as lf, sha256Hex as lg, type CrossJoinClause as lh, NO_TIERS as li, type TiersContext as lj, type TiersStrategy as lk, assertDeclaredTier as ll, assertTiersEnabled as lm, classifySealedShred as ln, demote as lo, elevate as lp, getAtTier as lq, listAtTier as lr, putAtTier as ls, withTiers as lt, type ScriptWarning as m, type StaticDictDescriptor as n, StaticDictReadonlyError as o, applyI18nLocale as p, dictCollectionName as q, dictKey as r, enforceScript as s, getAtPath as t, i18nText as u, inferScripts as v, isDictCollectionName as w, isDictKeyDescriptor as x, isI18nTextDescriptor as y, isStaticDictDescriptor as z };
|
|
21739
|
+
export { BLOB_INDEX_COLLECTION as $, resolveI18nText as A, resolvePolicy as B, setAtPathInPlace as C, DICT_COLLECTION_PREFIX as D, staticDict as E, stripI18nFilled as F, validateI18nTextValue as G, type SessionStrategy as H, type I18nStrategy as I, SessionExpiredError as J, SessionNotFoundError as K, type Layer as L, MissingTranslationError as M, SessionPolicyError as N, type OnMissing as O, PolicyEnforcer as P, createEnforcer as Q, ReservedCollectionNameError as R, ScriptViolationError as S, TranslatorNotConfiguredError as T, UnknownDictCodeError as U, Vault as V, validateSessionPolicy as W, type BlobStrategy as X, BLOB_CHUNKS_COLLECTION as Y, BLOB_COLLECTION as Z, BLOB_EVICTION_AUDIT_COLLECTION as _, type DictEntry as a, type Reducer as a$, BLOB_SLOTS_PREFIX as a0, BLOB_VERSIONS_PREFIX as a1, type BlobEvictionEntry as a2, type BlobFieldPolicy as a3, type BlobFieldsConfig as a4, type BlobObject as a5, type BlobPutOptions as a6, type BlobResponseOptions as a7, BlobSet as a8, type BlobStrategyOpenArgs as a9, IDX_PREFIX as aA, type IndexDef as aB, type IndexState as aC, type IngestRow as aD, type LazyOrderBy as aE, LazyQuery as aF, type LazyQuerySource as aG, type OrderedEntry as aH, PersistedCollectionIndex as aI, type PersistedIndexDef as aJ, compositeKey as aK, decodeIdxId as aL, encodeIdxId as aM, isIdxId as aN, type AggregateStrategy as aO, type AggregateResult as aP, type AggregateSpec as aQ, Aggregation as aR, type AggregationUpstream as aS, GROUPBY_MAX_CARDINALITY as aT, GROUPBY_WARN_CARDINALITY as aU, GroupedAggregation as aV, GroupedQuery as aW, GroupedQueryN as aX, type GroupedRow as aY, type GroupedRowN as aZ, type LiveAggregation as a_, type CompactRunOptions as aa, type CompactionContext as ab, type CompactionResult as ac, DEFAULT_CHUNK_SIZE as ad, EXPORT_AUDIT_COLLECTION as ae, ExportBlobsAbortedError as af, type ExportBlobsAuditEntry as ag, type ExportBlobsHandle as ah, type ExportBlobsOptions as ai, type ExportedBlob as aj, type ObjectListEntry as ak, type ObjectMeta as al, type ObjectProjection as am, type ObjectUrlOptions as an, type PutObjectOptions as ao, type PutUrlOptions as ap, type SlotInfo as aq, type SlotRecord as ar, type VersionRecord as as, createExportBlobsHandle as at, memoryObjectProjection as au, runCompaction as av, type IndexStrategy as aw, COMPOSITE_DELIMITER as ax, CollectionIndexes as ay, type HashIndex as az, type DictKeyDescriptor as b, type SnapshotMeta as b$, type ReducerBuilder as b0, type ReducerOptions as b1, avg as b2, buildLiveAggregation as b3, count as b4, groupAndReduce as b5, max as b6, min as b7, moneyMax as b8, moneyMin as b9, type OpenPeriodOptions as bA, PERIODS_COLLECTION as bB, type PeriodRecord as bC, type ReadOnlyCollection as bD, appendPeriodLedgerEntry as bE, assertTsWritable as bF, chainAnchor as bG, loadPeriods as bH, validatePeriodName as bI, type GuardStrategy as bJ, type GuardChange as bK, type GuardContext as bL, AmendmentForbiddenError as bM, FieldFrozenError as bN, GuardRegistry as bO, type GuardStrategyHandle as bP, IllegalTransitionError as bQ, InvariantError as bR, ReadOnlyVaultFacade as bS, RecordLockedError as bT, type ShadowStrategy as bU, CollectionFrame as bV, VaultFrame as bW, type NoydbPodStore as bX, type RetentionPolicy as bY, type SnapshotPolicy as bZ, type SnapshotStrategy as b_, moneySum as ba, reduceRecords as bb, reducerBuilder as bc, resetGroupByWarnings as bd, sum as be, type CrdtStrategy as bf, type CrdtMode as bg, type CrdtState as bh, type LwwMapState as bi, type RgaState as bj, type YjsState as bk, buildLwwMapState as bl, buildRgaState as bm, mergeCrdtStates as bn, resolveCrdtSnapshot as bo, type ConsentStrategy as bp, CONSENT_AUDIT_COLLECTION as bq, type ConsentAuditEntry as br, type ConsentAuditFilter as bs, type ConsentContext as bt, type ConsentOp as bu, loadConsentEntries as bv, writeConsentEntry as bw, type PeriodsStrategy as bx, type CarryForwardContext as by, type ClosePeriodOptions as bz, DictKeyInUseError as c, type JsonPatchOp as c$, type SnapshotMode as c0, SnapshotNotFoundError as c1, type DerivationStrategy as c2, type DerivationContext as c3, type ArrayOutputSpec as c4, DerivationCapExceededError as c5, DerivationCycleError as c6, DerivationDepthError as c7, DerivationOutputShapeError as c8, DerivationOutputUnknownError as c9, type WithdrawAccessibleOptions as cA, type WithdrawResult as cB, type WithdrawalRequest as cC, type WithdrawalRequestStatus as cD, type DiffEntry as cE, type UnlockedKeyring as cF, type ExportFormat as cG, type BusHandler as cH, type GateDeleteEvent as cI, type GateEventMap as cJ, type GateHandler as cK, type GatePoint as cL, type GatePutEvent as cM, type LifecycleEventMap as cN, type LifecyclePoint as cO, ServiceBus as cP, SubsystemBus as cQ, type Role as cR, type HistoryStrategy as cS, type NoydbStore as cT, type HistoryOptions as cU, type EncryptedEnvelope as cV, type PruneOptions as cW, type AppendInput as cX, type ChangeType as cY, CollectionInstant as cZ, type JsonPatch as c_, DerivationRegistry as ca, type DerivationStrategyHandle as cb, type DerivedFromMeta as cc, type OutputSpec as cd, type RecordOutputSpec as ce, type MaterializedViewStrategy as cf, type MaterializedViewStrategyHandle as cg, type OverlayedViewStrategy as ch, Collection as ci, OverlayBaseIsVirtualError as cj, OverlayCollectionUnavailableError as ck, type OverlayFieldMergeMode as cl, type OverlayFieldMergeRule as cm, OverlayIdMismatchError as cn, OverlayNameCollisionError as co, OverlayedViewRegistry as cp, type OverlayedViewStrategyHandle as cq, type SyncStrategy as cr, type PortabilityStrategy as cs, type ApproveWithdrawalOptions as ct, type ExportAccessibleOptions as cu, NO_PORTABILITY as cv, PortabilityNotEnabledError as cw, type RejectWithdrawalOptions as cx, type RequestWithdrawalOptions as cy, type RequestWithdrawalResult as cz, DictKeyMissingError as d, isClassifiedGroup as d$, LedgerStore as d0, type VaultEngine as d1, VaultInstant as d2, type VerifyResult as d3, applyPatch as d4, computePatch as d5, diff as d6, formatDiff as d7, type SealedRecordStrategy as d8, type SealedCekDeliveryEnvelope as d9, AttestationNotEnabledError as dA, type IssueArgs as dB, type IssueContext as dC, type IssueResult as dD, NO_ATTESTATION as dE, type RevokeContext as dF, getRevokedDocIdsCore as dG, issueAttestationCore as dH, publishRevocationListCore as dI, revokeDocCore as dJ, unrevokeDocCore as dK, type ClassifiedFieldSpec as dL, type ClassifiedStrategy as dM, ClassifiedConfigError as dN, type ClassifiedEntry as dO, type ClassifiedGroup as dP, type ClassifiedList as dQ, type ClassifiedRevealCtx as dR, ClassifiedRevealError as dS, type ClassifiedRider as dT, ClassifiedRotationError as dU, type ClassifiedStorage as dV, type ClassifiedVerdict as dW, type ClassifiedVerifyCtx as dX, ClassifiedVerifyError as dY, NO_CLASSIFIED as dZ, isClassifiedFieldSpec as d_, NO_SEALED_RECORD as da, type SealedCekBinding as db, SealedRecordExpiredError as dc, SealedRecordMismatchError as dd, SealedRecordNotEnabledError as de, type WalkClosureOptions as df, type SealingKeyProvider as dg, type RecoveryEnrollmentInput as dh, type ShamirRecoveryProvider as di, type EnclaveKey as dj, AdoptionStateError as dk, BackupCorruptedError as dl, BackupLedgerError as dm, BundleIntegrityError as dn, BundleSealMismatchError as dp, BundleVersionConflictError as dq, type ClosureResult as dr, type ExtractPartitionResult as ds, PartitionExtractionError as dt, PodVersionConflictError as du, TransferSealError as dv, extractPartition as dw, walkClosure as dx, type AttestationStrategy as dy, AttestationError as dz, DictionaryHandle as e, type Conflict as e$, type PublicEnvelope as e0, type BundleRecipient as e1, type RecipientSealer as e2, type RecipientHint as e3, TxContext as e4, type MVQueryContext as e5, type RegisteredMV as e6, Query as e7, MaterializedViewRegistry as e8, type MaterializedFromMeta as e9, type GateName as eA, type PolicyDenyReason as eB, type GatePolicy as eC, type AccessibleVault as eD, type AffectedDocument as eE, AlreadyElevatedError as eF, type ArchivePolicy as eG, type ArchiveResult as eH, type ArchiveRunOptions as eI, type ArchiveStrategy as eJ, BUNDLE_STORE_POLICY as eK, type BuiltInGateName as eL, type CacheOptions as eM, type CacheStats as eN, CargoNotEnabledError as eO, type CargoStrategy as eP, type ChangeEvent as eQ, ClassifiedNotEnabledError as eR, type Clause as eS, type CollectionChangeEvent as eT, type CollectionConfig as eU, type CollectionConflictResolver as eV, type CollectionDescriptor as eW, type CollectionStats as eX, ComputedFieldError as eY, type ComputedFields as eZ, type ComputedFn as e_, MaterializedViewConfigError as ea, MaterializedViewCycleError as eb, type MaterializedViewOutput as ec, MaterializedViewSourceUnknownError as ed, MaterializedViewTooLargeError as ee, type UnionArmJoin as ef, type UnionSource as eg, type SearchStrategy as eh, type SequenceStrategy as ei, type CustodyStrategy as ej, type SchemaUpdateStrategy as ek, type TransformFn as el, type PersistedSchemaEnvelope as em, type UpdateDecision as en, NoydbError as eo, type UserEnvelope as ep, type VaultUserApi as eq, type UserApiDeps as er, type DeepPartialOrNull as es, type UserEnvelopePresented as et, type Unsubscribe as eu, type LiveUserEnvelope as ev, type RoundingMode as ew, type VaultPolicy as ex, type ActiveTier as ey, type FactorProof as ez, type DictionaryOptions as f, type HistoryConfig as f$, ConflictError as f0, type ConflictPolicy as f1, type ConflictStrategy as f2, CrossJoinSourceUnknownError as f3, CrossJoinTooLargeError as f4, type CrossTierAccessEvent as f5, CustodyApi as f6, type CustodyHost as f7, CustodyNotEnabledError as f8, DEFAULT_CROSS_JOIN_MAX_ROWS as f9, type EnrollAuthenticatorWrappingDEKsOptions as fA, type EnrollAuthenticatorWrappingKEKOptions as fB, type EnrollRecoveryResult as fC, type ExportCapability as fD, ExportCapabilityError as fE, type ExportChunk as fF, type ExportStreamOptions as fG, type FactorKind as fH, type FactorProofBundle as fI, type FactorRequirement as fJ, type FenceDoc as fK, type FenceState as fL, type FieldChange as fM, type FieldClause as fN, type FieldDescriptor as fO, type FieldSource as fP, FilenameSanitizationError as fQ, type FilterClause as fR, ForgetStrategyNotConfiguredError as fS, type FormattedSequenceHandle as fT, type FrozenSnapshotRef as fU, type GhostRecord as fV, type GrantCustodianOptions as fW, type GrantOptions as fX, GroupCardinalityError as fY, type GroupClause as fZ, type GuardViolation as f_, DEFAULT_JOIN_MAX_ROWS as fa, DEFAULT_PUBLIC_ENVELOPE_SCHEMA as fb, DELEGATIONS_COLLECTION as fc, DanglingReferenceError as fd, DataResidencyError as fe, DebugPlaintextError as ff, DebugReservedFieldError as fg, DecryptionError as fh, type DeepPartial as fi, type DeferredNumberingConfig as fj, DelegationTargetMissingError as fk, type DelegationToken as fl, type DeleteManyResult as fm, type DerivationDescriptor as fn, DirectoryDisabledError as fo, type DirtyEntry as fp, type DryRunResult as fq, type DumpSchemaOptions as fr, ELEVATION_AUDIT_COLLECTION as fs, ElevatedHandle as ft, ElevationExpiredError as fu, type EmbeddingDescriptor as fv, EmbeddingDimMismatchError as fw, EmbeddingModelMismatchError as fx, EnclaveNotSupportedError as fy, type EnrollAuthenticatorOptions as fz, type I18nMap as g, NO_CARGO as g$, type HistoryEntry as g0, INDEXED_STORE_POLICY as g1, type ImportCapability as g2, ImportCapabilityError as g3, type IndexFieldName as g4, IndexRequiredError as g5, IndexWriteFailureError as g6, type InferOutput as g7, type InternalCollectionStats as g8, InvalidKeyError as g9, type LiveUpstream as gA, type LocaleReadOptions as gB, Lru as gC, type LruOptions as gD, type LruStats as gE, MAGIC_LINK_CONTENT_INFO_PREFIX as gF, MAGIC_LINK_GRANTS_COLLECTION as gG, MAGIC_LINK_KEK_INFO_PREFIX as gH, type MagicLinkGrantPayload as gI, type MagicLinkGrantRecord as gJ, ManagedRecoveryNotEnrolledError as gK, type MaterializedViewDescriptor as gL, MemoryRecipientSealer as gM, MemorySealingKeyProvider as gN, MigrationRequiredError as gO, MoneyCurrencyError as gP, type MoneyDescriptor as gQ, type MoneyOptions as gR, type MoneyOptionsFixed as gS, type MoneyOptionsMulti as gT, MoneyPrecisionError as gU, type MoneyString as gV, MoneyUnsupportedError as gW, NOYDB_BACKUP_VERSION as gX, NOYDB_FORMAT_VERSION as gY, NOYDB_KEYRING_VERSION as gZ, NOYDB_SYNC_VERSION as g_, type IssueDelegationOptions as ga, type IssueMagicLinkGrantOptions as gb, type JoinContext as gc, type JoinLeg as gd, type JoinStrategy as ge, JoinTooLargeError as gf, type JoinableSource as gg, type KeyringAuthenticator as gh, type KeyringAuthenticatorWrappingDEKs as gi, type KeyringAuthenticatorWrappingKEK as gj, KeyringCorruptError as gk, KeyringExpiredError as gl, type KeyringFile as gm, type LazyStrategy as gn, LedgerContentionError as go, type LiberateOptions as gp, type LiberateResult as gq, LinkIntegrityError as gr, type LinkOnDelete as gs, type LinkRow as gt, type LinkSetHandle as gu, type LinkSpec as gv, type ListAccessibleVaultsOptions as gw, type ListPageResult as gx, type ListUsersOptions as gy, type LiveQuery as gz, type I18nTextDescriptor as h, type RecoverPassphraseInput as h$, NO_CUSTODY as h0, NO_SEARCH as h1, NO_SEQUENCE as h2, NO_TEAM as h3, NetworkError as h4, type NextOptions as h5, NoAccessError as h6, NonAdditiveSchemaChangeError as h7, NotFoundError as h8, Noydb as h9, type PublicEnvelopeField as hA, type PublicEnvelopeSchema as hB, type PublicEnvelopeText as hC, type PullMode as hD, type PullOptions as hE, type PullPolicy as hF, type PullResult as hG, type PushMode as hH, type PushOptions as hI, type PushPolicy as hJ, type PushResult as hK, type PutManyItemOptions as hL, type PutManyOptions as hM, type PutManyResult as hN, type QueryAcrossOptions as hO, type QueryAcrossResult as hP, type QueryField as hQ, type QueryPlan as hR, type QuerySource as hS, type QuickUnlockState as hT, QuickUnlockStore as hU, QuiesceTimeoutError as hV, type ReAuthOperation as hW, ReadOnlyAtInstantError as hX, ReadOnlyError as hY, ReadOnlyFrameError as hZ, RecordCekNotFoundError as h_, type NoydbBundleStore as ha, type NoydbEventMap as hb, type NoydbOptions as hc, type Assignment as hd, NumberingUncertaintyError as he, type Operator as hf, type OrderBy as hg, type OverlayViewDescriptor as hh, POD_STORE_POLICY as hi, PUBLIC_ENVELOPE_FIELDS as hj, type PaperRecoveryDoc as hk, type PaperRecoveryEntry as hl, type PassphrasePolicy as hm, type PassphraseValidationResult as hn, PathEscapeError as ho, PeriodClosedError as hp, type Permission as hq, PermissionDeniedError as hr, type Permissions as hs, type PersistedSchemaKind as ht, type PlaintextTranslatorContext as hu, type PlaintextTranslatorFn as hv, PolicyDeniedError as hw, PresenceHandle as hx, type PresencePeer as hy, PrivilegeEscalationError as hz, type I18nTextOptions as i, type SyncPolicy as i$, type RecoverPassphraseResult as i0, type RecoverUserOptions as i1, RecoveryNotEnrolledError as i2, RecoveryProfileNotImplementedError as i3, type RecoveryProof as i4, type RefDescriptor as i5, RefIntegrityError as i6, type RefMode as i7, RefRegistry as i8, RefScopeError as i9, SearchNotEnabledError as iA, type SearchOptions as iB, type SearchResult as iC, SequenceContentionError as iD, type SequenceHandle as iE, SequenceNotEnabledError as iF, SequenceOfflineError as iG, type SequenceOptions as iH, SequenceStore as iI, type SequenceStoreOptions as iJ, type SessionPolicy as iK, type SetPublicEnvelopeInput as iL, type ShamirRecoveryDoc as iM, type ShamirRecoveryEntry as iN, ShardProvisioningError as iO, type SlotRewrapCeremony as iP, type SlotRewrapContext as iQ, type StandardSchemaV1 as iR, type StandardSchemaV1Issue as iS, type StandardSchemaV1SyncResult as iT, type StoreAuth as iU, type StoreAuthKind as iV, type StoreCapabilities as iW, StoreCapabilityError as iX, type StoreTime as iY, SyncEngine as iZ, type SyncMetadata as i_, type RefViolation as ia, ReservedVaultNameError as ib, type ResolvedPublicEnvelopeSchema as ic, type RetrieveHit as id, type RetrieveOptions as ie, type RevokeOptions as ig, type RotatePassphraseInput as ih, type RotateRecoveryOptions as ii, type RotateRecoveryResult as ij, SEALED_PASSPHRASE_RECORD_ID as ik, ScanBuilder as il, type ScanPageProvider as im, type SchemaDelta as io, SchemaFenceError as ip, type SchemaIntrospection as iq, SchemaLockedError as ir, SchemaUpdateError as is, SchemaValidationError as it, type Sealed as iu, type SealedEnvelope as iv, SealedHandle as iw, type SealedPassphrase as ix, type SealedView as iy, type SearchEntry as iz, LocaleNotSpecifiedError as j, derivePresenceKey as j$, SyncScheduler as j0, type SyncSchedulerStatus as j1, type SyncStatus as j2, type SyncTarget as j3, type SyncTargetRole as j4, SyncTransaction as j5, type SyncTransactionResult as j6, type TabChannel as j7, type TabCoordinationOptions as j8, type TabLockManager as j9, type VaultSchemaSnapshot as jA, type VaultSnapshot as jB, VaultTemplateNotFoundError as jC, type WarningRules as jD, WeakPassphraseError as jE, type WeakPassphraseReason as jF, type WithArchiveOptions as jG, WithdrawalRequestError as jH, type WrappedDeksBlob as jI, type WriteConflict as jJ, type WriteQueue as jK, aesGcmOpen as jL, applyJoins as jM, approveWithdrawal as jN, asMoney as jO, assertStrongPassphrase as jP, base64ToBuffer as jQ, bufferToBase64 as jR, buildLiveQuery as jS, buildRecipientKeyringFile as jT, burnPaperRecoveryEntry as jU, compileSequenceFormat as jV, createNoydb as jW, createStore as jX, decryptBytes as jY, decryptDeterministic as jZ, deriveMagicLinkContentKey as j_, type TabPresence as ja, type TabRole as jb, TamperedError as jc, TeamNotEnabledError as jd, type TeamStrategy as je, TierDemoteDeniedError as jf, type TierMode as jg, TierNotGrantedError as jh, TiersNotEnabledError as ji, type TransactionInvariant as jj, type TranslatorAuditEntry as jk, TxCollection as jl, type TxOp as jm, TxVault as jn, UniqueConstraintError as jo, UnknownShardError as jp, UnsupportedIndexOptionError as jq, type UpdateAuthenticatorOptions as jr, type UpdateContext as js, type UpdateUserOptions as jt, type UserEnvelopeCheckGate as ju, UserEnvelopeOversizedError as jv, type UserInfo as jw, ValidationError as jx, type VaultBackup as jy, type VaultPolicyOnDisk as jz, type OnMissingPolicy as k, validatePassphrase as k$, encryptBytes as k0, encryptDeterministic as k1, enrollAuthenticator as k2, estimateEntropy as k3, evalComputedFields as k4, evaluateClause as k5, evaluateExportCapability as k6, evaluateFieldClause as k7, evaluateImportCapability as k8, executePlan as k9, mintWrappedDeksBlob as kA, money as kB, moneyNumber as kC, parseRsaOaepTlv as kD, parseSealedEnvelope as kE, readMagicLinkGrantRecord as kF, readPath as kG, recoverUser as kH, ref as kI, refArray as kJ, rejectWithdrawal as kK, removeAuthenticator as kL, requestWithdrawal as kM, resetJoinWarnings as kN, resolveSchema as kO, resolveSequenceKey as kP, revokeDelegation as kQ, revokeMagicLinkGrant as kR, runTransaction as kS, savePaperRecoveryEntries as kT, saveSealedPassphrase as kU, saveShamirRecoveryEntries as kV, sealRsaOaepTlv as kW, unwrapDeksFromBlob as kX, unwrapDeksFromPaperEntry as kY, unwrapDeksFromShamirEntry as kZ, unwrapMagicLinkGrant as k_, exportAccessibleData as ka, findAuthenticator as kb, hasExportCapability as kc, hasImportCapability as kd, hasRecoveryEnrolled as ke, isLinkCollectionName as kf, isMagicLinkGrantExpired as kg, isMoneyDescriptor as kh, isMoneyString as ki, isPublicEnvelope as kj, isRefArray as kk, issueDelegation as kl, recoverPassphrase as km, rotatePassphrase as kn, liberateVault as ko, listMagicLinkGrants as kp, listUsers as kq, listUsersWithEnvelopes as kr, listWithdrawalRequests as ks, loadActiveDelegations as kt, loadPaperRecoveryEntries as ku, loadSealedPassphrase as kv, loadShamirRecoveryEntries as kw, magicLinkGrantRecordId as kx, mintPaperRecoveryEntry as ky, mintShamirRecoveryEntry as kz, type ResolveI18nOptions as l, validatePublicEnvelopeInput as l0, validateSchemaInput as l1, validateSchemaOutput as l2, withArchive as l3, withDeferredNumbering as l4, withdrawAccessibleData as l5, writeMagicLinkGrant as l6, changeSecret as l7, createOwnerKeyring as l8, ensureCollectionDEK as l9, grant as la, loadKeyring as lb, persistKeyring as lc, revoke as ld, updateAuthenticator as le, updateKeyringIdentity as lf, IMPLICIT_LAZY as lg, type TxStrategy as lh, type AmendmentTxOptions as li, CrossShardJoinError as lj, sha256Hex as lk, type CrossJoinClause as ll, NO_TIERS as lm, type TiersContext as ln, type TiersStrategy as lo, assertDeclaredTier as lp, assertTiersEnabled as lq, classifySealedShred as lr, demote as ls, elevate as lt, getAtTier as lu, listAtTier as lv, putAtTier as lw, withTiers as lx, type ScriptWarning as m, type StaticDictDescriptor as n, StaticDictReadonlyError as o, applyI18nLocale as p, dictCollectionName as q, dictKey as r, enforceScript as s, getAtPath as t, i18nText as u, inferScripts as v, isDictCollectionName as w, isDictKeyDescriptor as x, isI18nTextDescriptor as y, isStaticDictDescriptor as z };
|