@powerhousedao/reactor-api 6.2.0-dev.3 → 6.2.0-dev.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -3,9 +3,9 @@ import { IAnalyticsStore } from "@powerhousedao/analytics-engine-core";
3
3
  import { AnalyticsModel } from "@powerhousedao/analytics-engine-graphql";
4
4
  import * as graphql from "graphql";
5
5
  import { DocumentNode, GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig, GraphQLSchema } from "graphql";
6
+ import { IDocumentModelLoader, IDocumentModelRegistry, IDriveClient, IReactorClient, IRelationalDb, ISyncManager, ParsedDriveUrl, ReactorClientModule, driveIdFromUrl, parseDriveUrl } from "@powerhousedao/reactor";
6
7
  import { ILogger } from "document-model";
7
8
  import { DocumentModelGlobalState as DocumentModelGlobalState$1, DocumentModelModule, Operation, PHDocument, PHDocumentHeader } from "@powerhousedao/shared/document-model";
8
- import { IDocumentModelLoader, IDocumentModelRegistry, IDriveClient, IReactorClient, IRelationalDb, ISyncManager, ParsedDriveUrl, ReactorClientModule, driveIdFromUrl, parseDriveUrl } from "@powerhousedao/reactor";
9
9
  import * as z$1 from "zod";
10
10
  import { DocumentDriveDocument, DocumentDriveGlobalState } from "@powerhousedao/shared/document-drive";
11
11
  import { AttachmentBuildResult } from "@powerhousedao/reactor-attachments";
@@ -42,11 +42,7 @@ interface DocumentProtectionTable {
42
42
  }
43
43
  interface DocumentPermissionDatabase {
44
44
  DocumentPermission: DocumentPermissionTable;
45
- Group: GroupTable;
46
- UserGroup: UserGroupTable;
47
- DocumentGroupPermission: DocumentGroupPermissionTable;
48
45
  OperationUserPermission: OperationUserPermissionTable;
49
- OperationGroupPermission: OperationGroupPermissionTable;
50
46
  DocumentProtection: DocumentProtectionTable;
51
47
  }
52
48
  interface DocumentPermissionTable {
@@ -58,27 +54,6 @@ interface DocumentPermissionTable {
58
54
  createdAt: Date;
59
55
  updatedAt: Date;
60
56
  }
61
- interface GroupTable {
62
- id: Generated<number>;
63
- name: string;
64
- description: string | null;
65
- createdAt: Date;
66
- updatedAt: Date;
67
- }
68
- interface UserGroupTable {
69
- userAddress: string;
70
- groupId: number;
71
- createdAt: Date;
72
- }
73
- interface DocumentGroupPermissionTable {
74
- id: Generated<number>;
75
- documentId: string;
76
- groupId: number;
77
- permission: DocumentPermissionLevel;
78
- grantedBy: string;
79
- createdAt: Date;
80
- updatedAt: Date;
81
- }
82
57
  interface OperationUserPermissionTable {
83
58
  id: Generated<number>;
84
59
  documentId: string;
@@ -87,14 +62,6 @@ interface OperationUserPermissionTable {
87
62
  grantedBy: string;
88
63
  createdAt: Date;
89
64
  }
90
- interface OperationGroupPermissionTable {
91
- id: Generated<number>;
92
- documentId: string;
93
- operationType: string;
94
- groupId: number;
95
- grantedBy: string;
96
- createdAt: Date;
97
- }
98
65
  type Db = Kysely<any>;
99
66
  /**
100
67
  * Optional factory used by callers (e.g. Switchboard) to inject a
@@ -120,21 +87,6 @@ interface DocumentPermissionEntry {
120
87
  createdAt: Date;
121
88
  updatedAt: Date;
122
89
  }
123
- interface Group {
124
- id: number;
125
- name: string;
126
- description: string | null;
127
- createdAt: Date;
128
- updatedAt: Date;
129
- }
130
- interface DocumentGroupPermissionEntry {
131
- documentId: string;
132
- groupId: number;
133
- permission: DocumentPermissionLevel;
134
- grantedBy: string;
135
- createdAt: Date;
136
- updatedAt: Date;
137
- }
138
90
  interface OperationUserPermissionEntry {
139
91
  documentId: string;
140
92
  operationType: string;
@@ -142,13 +94,6 @@ interface OperationUserPermissionEntry {
142
94
  grantedBy: string;
143
95
  createdAt: Date;
144
96
  }
145
- interface OperationGroupPermissionEntry {
146
- documentId: string;
147
- operationType: string;
148
- groupId: number;
149
- grantedBy: string;
150
- createdAt: Date;
151
- }
152
97
  /**
153
98
  * Function type for getting parent document IDs
154
99
  * This is injected to avoid circular dependencies with the reactor client
@@ -169,7 +114,7 @@ interface DocumentPermissionConfig {
169
114
  * - ADMIN: Can manage document permissions and settings
170
115
  *
171
116
  * Operation permissions:
172
- * - Users and groups can be granted permission to execute specific operations
117
+ * - Users can be granted permission to execute specific operations
173
118
  */
174
119
  declare class DocumentPermissionService {
175
120
  private readonly db;
@@ -200,83 +145,6 @@ declare class DocumentPermissionService {
200
145
  * Delete all permissions for a document (used when deleting a document)
201
146
  */
202
147
  deleteAllDocumentPermissions(documentId: string): Promise<void>;
203
- /**
204
- * Check if a user can read a document.
205
- * Returns true if user has READ, WRITE, or ADMIN permission (direct or via group)
206
- */
207
- canReadDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
208
- /**
209
- * Check if a user can write to a document.
210
- * Returns true if user has WRITE or ADMIN permission (direct or via group)
211
- */
212
- canWriteDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
213
- /**
214
- * Check if a user can manage a document (change permissions, settings).
215
- * Returns true if user has ADMIN permission (direct or via group)
216
- */
217
- canManageDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
218
- /**
219
- * Check if a user can read a document, including parent permission inheritance.
220
- * Returns true if user has permission on the document OR any parent in the hierarchy.
221
- */
222
- canRead(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
223
- /**
224
- * Check if a user can write to a document, including parent permission inheritance.
225
- * Returns true if user has write permission on the document OR any parent in the hierarchy.
226
- */
227
- canWrite(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
228
- /**
229
- * Filter a list of document IDs to only include those the user can read.
230
- */
231
- filterReadableDocuments(documentIds: string[], userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<string[]>;
232
- /**
233
- * Create a new group
234
- */
235
- createGroup(name: string, description?: string): Promise<Group>;
236
- /**
237
- * Delete a group and all its associations
238
- */
239
- deleteGroup(groupId: number): Promise<void>;
240
- /**
241
- * Get a group by ID
242
- */
243
- getGroup(groupId: number): Promise<Group | null>;
244
- /**
245
- * List all groups
246
- */
247
- listGroups(): Promise<Group[]>;
248
- /**
249
- * Add a user to a group
250
- */
251
- addUserToGroup(userAddress: string, groupId: number): Promise<void>;
252
- /**
253
- * Remove a user from a group
254
- */
255
- removeUserFromGroup(userAddress: string, groupId: number): Promise<void>;
256
- /**
257
- * Get all groups a user belongs to
258
- */
259
- getUserGroups(userAddress: string): Promise<Group[]>;
260
- /**
261
- * Get all members of a group
262
- */
263
- getGroupMembers(groupId: number): Promise<string[]>;
264
- /**
265
- * Grant a group permission on a document
266
- */
267
- grantGroupPermission(documentId: string, groupId: number, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentGroupPermissionEntry>;
268
- /**
269
- * Revoke a group's permission on a document
270
- */
271
- revokeGroupPermission(documentId: string, groupId: number): Promise<void>;
272
- /**
273
- * Get all group permissions for a document
274
- */
275
- getDocumentGroupPermissions(documentId: string): Promise<DocumentGroupPermissionEntry[]>;
276
- /**
277
- * Get best permission level a user has on a document via groups
278
- */
279
- getUserGroupPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
280
148
  /**
281
149
  * Grant a user permission to execute an operation on a document
282
150
  */
@@ -285,27 +153,14 @@ declare class DocumentPermissionService {
285
153
  * Revoke a user's permission to execute an operation
286
154
  */
287
155
  revokeOperationPermission(documentId: string, operationType: string, userAddress: string): Promise<void>;
288
- /**
289
- * Grant a group permission to execute an operation on a document
290
- */
291
- grantGroupOperationPermission(documentId: string, operationType: string, groupId: number, grantedBy: string): Promise<OperationGroupPermissionEntry>;
292
- /**
293
- * Revoke a group's permission to execute an operation
294
- */
295
- revokeGroupOperationPermission(documentId: string, operationType: string, groupId: number): Promise<void>;
296
156
  /**
297
157
  * Get all users with permission to execute an operation
298
158
  */
299
159
  getOperationUserPermissions(documentId: string, operationType: string): Promise<OperationUserPermissionEntry[]>;
300
160
  /**
301
- * Get all groups with permission to execute an operation
302
- */
303
- getOperationGroupPermissions(documentId: string, operationType: string): Promise<OperationGroupPermissionEntry[]>;
304
- /**
305
- * Check if a user can execute a specific operation on a document.
306
- * Returns true if user has direct permission or is in a group with permission.
161
+ * Whether an operation-permission row exists for the user on this operation.
307
162
  */
308
- canExecuteOperation(documentId: string, operationType: string, userAddress: string | undefined): Promise<boolean>;
163
+ hasOperationGrant(documentId: string, operationType: string, userAddress: string): Promise<boolean>;
309
164
  /**
310
165
  * Check if an operation has any permissions set (is restricted)
311
166
  */
@@ -352,73 +207,80 @@ declare class DocumentPermissionService {
352
207
  }
353
208
  //#endregion
354
209
  //#region src/services/authorization.service.d.ts
210
+ /**
211
+ * A document id that has been resolved to its canonical form, never a slug.
212
+ *
213
+ * Protection and grant rows are written under the canonical id, while the
214
+ * read/operation data paths accept an id-or-slug identifier. The decision layer
215
+ * must key on the canonical id, so branding it forces every caller to resolve a
216
+ * slug to its id before consulting this service, closing the slug-aliasing
217
+ * bypass (S-C1). The only sanctioned cast from string to CanonicalDocumentId
218
+ * lives in the BaseSubgraph resolution helpers, immediately after the shared
219
+ * resolveIdOrSlug lookup returns.
220
+ */
221
+ type CanonicalDocumentId = string & {
222
+ readonly __canonicalDocumentId: unique symbol;
223
+ };
224
+ /**
225
+ * Result of a passed per-document authorization check. `fetchIdentifier` is
226
+ * always safe for the data fetch: the canonical id when resolved, or the raw
227
+ * identifier when the check was skipped for a policy-wide caller.
228
+ */
229
+ declare class AuthorizedDocumentHandle {
230
+ readonly fetchIdentifier: string;
231
+ readonly isResolved: boolean;
232
+ private constructor();
233
+ static resolved(documentId: CanonicalDocumentId): AuthorizedDocumentHandle;
234
+ static skipped(identifier: string): AuthorizedDocumentHandle;
235
+ /** The verified canonical id; throws when resolution was skipped. */
236
+ canonicalId(): CanonicalDocumentId;
237
+ }
238
+ declare const AuthorizationPolicy: {
239
+ readonly OPEN: "OPEN";
240
+ readonly ADMIN_ONLY: "ADMIN_ONLY";
241
+ readonly DOCUMENT_PERMISSIONS: "DOCUMENT_PERMISSIONS";
242
+ };
243
+ type AuthorizationPolicy = (typeof AuthorizationPolicy)[keyof typeof AuthorizationPolicy];
355
244
  interface AuthorizationConfig {
356
245
  admins: string[];
357
246
  defaultProtection: boolean;
247
+ policy: AuthorizationPolicy;
358
248
  }
359
249
  /**
360
- * Central authorization service — single source of truth for all permission checks.
250
+ * Single source of truth for every permission decision. Always present (never
251
+ * null) so callers branch on data, not on the existence of a service.
252
+ *
253
+ * The policy selects an implementation once at boot:
254
+ * - OPEN: authentication disabled — everyone (incl. anonymous) is allowed.
255
+ * - ADMIN_ONLY: authentication on, document permissions off — only ADMINS.
256
+ * - DOCUMENT_PERMISSIONS: the full per-document protection + grant model.
361
257
  *
362
- * Authorization model:
363
- * 1. Supreme admin (ADMINS env) ALLOW ALL
364
- * 2. Is document protected?
365
- * a. NOT protected:
366
- * - READ: anyone (even anonymous) → ALLOW
367
- * - WRITE: authenticated user → ALLOW
368
- * b. PROTECTED:
369
- * - READ: requires explicit READ/WRITE/ADMIN grant (direct or via group/parent)
370
- * - WRITE: requires explicit WRITE/ADMIN grant (direct or via group/parent)
371
- * 3. Operation restricted? → Check OperationUserPermission
372
- * 4. Document owner = implicit ADMIN
373
- * 5. Drive protected = all children effectively protected
258
+ * Permission inheritance walks the parent-document hierarchy through a
259
+ * parent resolver injected at construction; callers never supply one.
374
260
  */
375
- declare class AuthorizationService {
376
- private readonly documentPermissionService;
261
+ interface IAuthorizationService {
377
262
  readonly config: AuthorizationConfig;
378
- constructor(documentPermissionService: DocumentPermissionService, config: AuthorizationConfig);
379
263
  /**
380
- * Check if a user is a supreme admin (from ADMINS env var).
264
+ * Whether the user has unrestricted, policy-wide access. Under OPEN this is
265
+ * true for everyone (including anonymous callers) by design: OPEN means "no
266
+ * restrictions", and consumers use this check to skip per-document
267
+ * filtering. It does NOT mean the caller is in the ADMINS list.
381
268
  */
382
269
  isSupremeAdmin(userAddress?: string): boolean;
383
270
  /**
384
- * Check if a user can read a document.
385
- *
386
- * - Supreme admin → yes
387
- * - Not protected → anyone can read (even anonymous)
388
- * - Protected → requires READ/WRITE/ADMIN grant (direct, group, or parent inheritance)
389
- * - Owner → yes (implicit ADMIN)
390
- */
391
- canRead(documentId: string, userAddress?: string, getParentIds?: GetParentIdsFn): Promise<boolean>;
392
- /**
393
- * Check if a user can write to a document.
394
- *
395
- * - Supreme admin → yes
396
- * - Not protected → anyone can write (even anonymous)
397
- * - Protected → requires authentication + WRITE/ADMIN grant
398
- * - Owner → yes (implicit ADMIN)
399
- */
400
- canWrite(documentId: string, userAddress?: string, getParentIds?: GetParentIdsFn): Promise<boolean>;
401
- /**
402
- * Check if a user can manage a document (change permissions, protection, transfer ownership).
403
- *
404
- * - Supreme admin → yes
405
- * - Owner → yes
406
- * - Has ADMIN grant → yes
407
- */
408
- canManage(documentId: string, userAddress?: string, _getParentIds?: GetParentIdsFn): Promise<boolean>;
409
- /**
410
- * Check if a user can execute a specific operation.
411
- * If the operation is not restricted, falls through to the standard write check.
412
- * If the operation is restricted, requires an explicit OperationUserPermission grant.
271
+ * Whether the user may create new documents under the current policy:
272
+ * everyone in OPEN, only admins in ADMIN_ONLY, any authenticated user in
273
+ * DOCUMENT_PERMISSIONS.
413
274
  */
414
- canExecuteOperation(documentId: string, operationType: string, userAddress?: string, getParentIds?: GetParentIdsFn): Promise<boolean>;
275
+ canCreate(userAddress?: string): boolean;
276
+ canRead(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
277
+ canWrite(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
415
278
  /**
416
- * Combined check for mutations: can the user write + execute the operation?
417
- * This enables READ-only users with operation grants to execute specific operations.
418
- * For restricted operations, only the operation grant is checked (bypasses write check),
419
- * allowing READ-only users with an explicit operation grant to execute that operation.
279
+ * Whether the user administers the document: supreme admin, document
280
+ * owner, or holder of an ADMIN grant.
420
281
  */
421
- canMutate(documentId: string, operationType: string, userAddress?: string, getParentIds?: GetParentIdsFn): Promise<boolean>;
282
+ canManage(documentId: CanonicalDocumentId, userAddress?: string): Promise<boolean>;
283
+ canMutate(documentId: CanonicalDocumentId, operationType: string, userAddress?: string): Promise<boolean>;
422
284
  }
423
285
  //#endregion
424
286
  //#region src/graphql/types.d.ts
@@ -428,14 +290,11 @@ type Context = {
428
290
  document?: PHDocument;
429
291
  headers: IncomingHttpHeaders;
430
292
  db: unknown;
431
- isAdmin?: (address: string) => boolean;
432
293
  user?: {
433
294
  address: string;
434
295
  chainId: number;
435
296
  networkId: string;
436
297
  };
437
- documentPermissionService?: DocumentPermissionService;
438
- authorizationService?: AuthorizationService;
439
298
  };
440
299
  type ISubgraph = {
441
300
  name: string;
@@ -454,7 +313,7 @@ type SubgraphArgs = {
454
313
  graphqlManager: GraphQLManager$1;
455
314
  syncManager: ISyncManager;
456
315
  documentPermissionService?: DocumentPermissionService;
457
- authorizationService?: AuthorizationService;
316
+ authorizationService: IAuthorizationService;
458
317
  path?: string;
459
318
  };
460
319
  type GqlSigner = {
@@ -516,6 +375,7 @@ type GqlDriveDocument = GqlDocument & {
516
375
  //#endregion
517
376
  //#region src/graphql/base-subgraph.d.ts
518
377
  declare class BaseSubgraph implements ISubgraph$1 {
378
+ #private;
519
379
  name: string;
520
380
  path: string;
521
381
  resolvers: Record<string, any>;
@@ -525,15 +385,47 @@ declare class BaseSubgraph implements ISubgraph$1 {
525
385
  relationalDb: IRelationalDb;
526
386
  syncManager: ISyncManager;
527
387
  documentPermissionService?: DocumentPermissionService;
528
- authorizationService?: AuthorizationService;
388
+ authorizationService: IAuthorizationService;
529
389
  constructor(args: SubgraphArgs$1);
530
390
  onSetup(): Promise<void>;
531
- protected getParentIdsFn(): GetParentIdsFn;
532
- protected hasGlobalAdminAccess(ctx: Context): boolean;
533
- protected canReadDocument(documentId: string, ctx: Context): Promise<boolean>;
534
- protected assertCanRead(documentId: string, ctx: Context): Promise<void>;
535
- protected assertCanWrite(documentId: string, ctx: Context): Promise<void>;
536
- protected assertCanExecuteOperation(documentId: string, operationType: string, ctx: Context): Promise<void>;
391
+ /**
392
+ * Resolves a caller-supplied identifier (id or slug) to its canonical
393
+ * document id, memoized per request. Both the decision layer and the data
394
+ * layer must agree on the subject, so this runs the same resolveIdOrSlug
395
+ * lookup the data path uses. A resolution failure (not found, ambiguous, or
396
+ * transient) surfaces as a generic Forbidden, fail-closed, so a bad
397
+ * identifier cannot be used as a document-existence oracle.
398
+ */
399
+ resolveCanonicalDocumentId(identifier: string, requestKey: object): Promise<CanonicalDocumentId>;
400
+ /**
401
+ * Resolves the args' `documentId` to canonical form. Unconditional (unlike the
402
+ * assertCan* helpers, no admin skip): ACL rows are keyed on the canonical id.
403
+ */
404
+ withCanonicalDocumentId<T extends {
405
+ documentId: string;
406
+ }>(args: T, requestKey: object): Promise<T & {
407
+ documentId: CanonicalDocumentId;
408
+ }>;
409
+ /**
410
+ * Read filter for an already-canonical document id (one sourced from the data
411
+ * layer, such as a fetched document's id). Performs no slug resolution.
412
+ */
413
+ canReadDocument(documentId: CanonicalDocumentId, ctx: Context): Promise<boolean>;
414
+ /**
415
+ * Asserts read access, resolving a slug first. Returns a handle whose
416
+ * `fetchIdentifier` the caller reuses for the data fetch; a denial throws.
417
+ */
418
+ assertCanRead(identifier: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
419
+ assertCanWrite(identifier: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
420
+ assertCanExecuteOperation(identifier: string, operationType: string, ctx: Context): Promise<AuthorizedDocumentHandle>;
421
+ /**
422
+ * Read assertion for an already-canonical document id. No slug resolution;
423
+ * use only with ids sourced from the data layer or already resolved.
424
+ */
425
+ assertCanReadCanonical(documentId: CanonicalDocumentId, ctx: Context): Promise<void>;
426
+ assertCanWriteCanonical(documentId: CanonicalDocumentId, ctx: Context): Promise<void>;
427
+ assertCanExecuteOperationCanonical(documentId: CanonicalDocumentId, operationType: string, ctx: Context): Promise<void>;
428
+ assertCanCreate(ctx: Context): void;
537
429
  }
538
430
  //#endregion
539
431
  //#region src/graphql/analytics-subgraph.d.ts
@@ -557,29 +449,6 @@ type DocumentAccessInfo = {
557
449
  createdAt: Date;
558
450
  updatedAt: Date;
559
451
  }>;
560
- groupPermissions: Array<{
561
- documentId: string;
562
- groupId: number;
563
- permission: DocumentPermissionLevel;
564
- grantedBy: string;
565
- createdAt: Date;
566
- updatedAt: Date;
567
- }>;
568
- };
569
- type Group$1 = {
570
- id: number;
571
- name: string;
572
- description: string | null;
573
- createdAt: Date;
574
- updatedAt: Date;
575
- };
576
- type DocumentGroupPermission = {
577
- documentId: string;
578
- groupId: number;
579
- permission: DocumentPermissionLevel;
580
- grantedBy: string;
581
- createdAt: Date;
582
- updatedAt: Date;
583
452
  };
584
453
  type OperationUserPermission = {
585
454
  documentId: string;
@@ -588,18 +457,10 @@ type OperationUserPermission = {
588
457
  grantedBy: string;
589
458
  createdAt: Date;
590
459
  };
591
- type OperationGroupPermission = {
592
- documentId: string;
593
- operationType: string;
594
- groupId: number;
595
- grantedBy: string;
596
- createdAt: Date;
597
- };
598
460
  type OperationPermissionsInfo = {
599
461
  documentId: string;
600
462
  operationType: string;
601
463
  userPermissions: OperationUserPermission[];
602
- groupPermissions: OperationGroupPermission[];
603
464
  };
604
465
  type DocumentProtectionInfo = {
605
466
  documentId: string;
@@ -614,8 +475,7 @@ type DocumentProtectionInfo = {
614
475
  * This subgraph is conditionally registered based on the DOCUMENT_PERMISSIONS_ENABLED
615
476
  * feature flag. When enabled, it provides GraphQL operations for:
616
477
  * - Document permissions (grant/revoke user access)
617
- * - Group management (create/delete groups, manage membership)
618
- * - Group document permissions (grant/revoke group access)
478
+ * - Document protection and ownership
619
479
  * - Operation-level permissions (fine-grained operation control)
620
480
  */
621
481
  declare class AuthSubgraph extends BaseSubgraph {
@@ -628,6 +488,10 @@ declare class AuthSubgraph extends BaseSubgraph {
628
488
  Query: {
629
489
  documentAccess: (_parent: unknown, args: {
630
490
  documentId: string;
491
+ }, ctx: {
492
+ user?: {
493
+ address: string;
494
+ };
631
495
  }) => Promise<DocumentAccessInfo>;
632
496
  userDocumentPermissions: (_parent: unknown, _args: unknown, ctx: {
633
497
  user?: {
@@ -641,16 +505,13 @@ declare class AuthSubgraph extends BaseSubgraph {
641
505
  createdAt: Date;
642
506
  updatedAt: Date;
643
507
  }[]>;
644
- groups: () => Promise<Group$1[]>;
645
- group: (_parent: unknown, args: {
646
- id: number;
647
- }) => Promise<Group$1 | null>;
648
- userGroups: (_parent: unknown, args: {
649
- userAddress: string;
650
- }) => Promise<Group$1[]>;
651
508
  operationPermissions: (_parent: unknown, args: {
652
509
  documentId: string;
653
510
  operationType: string;
511
+ }, ctx: {
512
+ user?: {
513
+ address: string;
514
+ };
654
515
  }) => Promise<OperationPermissionsInfo>;
655
516
  canExecuteOperation: (_parent: unknown, args: {
656
517
  documentId: string;
@@ -676,7 +537,6 @@ declare class AuthSubgraph extends BaseSubgraph {
676
537
  user?: {
677
538
  address: string;
678
539
  };
679
- isAdmin?: (address: string) => boolean;
680
540
  }) => Promise<DocumentProtectionInfo>;
681
541
  transferDocumentOwnership: (_parent: unknown, args: {
682
542
  documentId: string;
@@ -685,7 +545,6 @@ declare class AuthSubgraph extends BaseSubgraph {
685
545
  user?: {
686
546
  address: string;
687
547
  };
688
- isAdmin?: (address: string) => boolean;
689
548
  }) => Promise<DocumentProtectionInfo>;
690
549
  grantDocumentPermission: (_parent: unknown, args: {
691
550
  documentId: string;
@@ -695,7 +554,6 @@ declare class AuthSubgraph extends BaseSubgraph {
695
554
  user?: {
696
555
  address: string;
697
556
  };
698
- isAdmin?: (address: string) => boolean;
699
557
  }) => Promise<{
700
558
  documentId: string;
701
559
  userAddress: string;
@@ -711,41 +569,6 @@ declare class AuthSubgraph extends BaseSubgraph {
711
569
  user?: {
712
570
  address: string;
713
571
  };
714
- isAdmin?: (address: string) => boolean;
715
- }) => Promise<boolean>;
716
- createGroup: (_parent: unknown, args: {
717
- name: string;
718
- description?: string | null;
719
- }) => Promise<Group$1>;
720
- deleteGroup: (_parent: unknown, args: {
721
- id: number;
722
- }) => Promise<boolean>;
723
- addUserToGroup: (_parent: unknown, args: {
724
- userAddress: string;
725
- groupId: number;
726
- }) => Promise<boolean>;
727
- removeUserFromGroup: (_parent: unknown, args: {
728
- userAddress: string;
729
- groupId: number;
730
- }) => Promise<boolean>;
731
- grantGroupPermission: (_parent: unknown, args: {
732
- documentId: string;
733
- groupId: number;
734
- permission: string;
735
- }, ctx: {
736
- user?: {
737
- address: string;
738
- };
739
- isAdmin?: (address: string) => boolean;
740
- }) => Promise<DocumentGroupPermission>;
741
- revokeGroupPermission: (_parent: unknown, args: {
742
- documentId: string;
743
- groupId: number;
744
- }, ctx: {
745
- user?: {
746
- address: string;
747
- };
748
- isAdmin?: (address: string) => boolean;
749
572
  }) => Promise<boolean>;
750
573
  grantOperationPermission: (_parent: unknown, args: {
751
574
  documentId: string;
@@ -755,7 +578,6 @@ declare class AuthSubgraph extends BaseSubgraph {
755
578
  user?: {
756
579
  address: string;
757
580
  };
758
- isAdmin?: (address: string) => boolean;
759
581
  }) => Promise<OperationUserPermission>;
760
582
  revokeOperationPermission: (_parent: unknown, args: {
761
583
  documentId: string;
@@ -765,43 +587,7 @@ declare class AuthSubgraph extends BaseSubgraph {
765
587
  user?: {
766
588
  address: string;
767
589
  };
768
- isAdmin?: (address: string) => boolean;
769
590
  }) => Promise<boolean>;
770
- grantGroupOperationPermission: (_parent: unknown, args: {
771
- documentId: string;
772
- operationType: string;
773
- groupId: number;
774
- }, ctx: {
775
- user?: {
776
- address: string;
777
- };
778
- isAdmin?: (address: string) => boolean;
779
- }) => Promise<OperationGroupPermission>;
780
- revokeGroupOperationPermission: (_parent: unknown, args: {
781
- documentId: string;
782
- operationType: string;
783
- groupId: number;
784
- }, ctx: {
785
- user?: {
786
- address: string;
787
- };
788
- isAdmin?: (address: string) => boolean;
789
- }) => Promise<boolean>;
790
- };
791
- Group: {
792
- members: (parent: {
793
- id: number;
794
- }) => Promise<string[]>;
795
- };
796
- DocumentGroupPermission: {
797
- group: (parent: {
798
- groupId: number;
799
- }) => Promise<Group$1>;
800
- };
801
- OperationGroupPermission: {
802
- group: (parent: {
803
- groupId: number;
804
- }) => Promise<Group$1>;
805
591
  };
806
592
  };
807
593
  onSetup(): Promise<void>;
@@ -811,8 +597,8 @@ declare class AuthSubgraph extends BaseSubgraph {
811
597
  interface AuthConfig {
812
598
  enabled: boolean;
813
599
  admins: string[];
814
- cacheTtl?: number;
815
600
  skipCredentialVerification?: boolean;
601
+ credentialVerificationCacheTtlMs?: number;
816
602
  }
817
603
  interface User {
818
604
  address: string;
@@ -826,6 +612,7 @@ interface AuthContext {
826
612
  }
827
613
  declare class AuthService {
828
614
  private readonly config;
615
+ private readonly credentialCache;
829
616
  constructor(config: AuthConfig);
830
617
  authenticateRequest(request: globalThis.Request): Promise<AuthContext | globalThis.Response>;
831
618
  /**
@@ -843,27 +630,28 @@ declare class AuthService {
843
630
  */
844
631
  private extractUserFromVerification;
845
632
  /**
846
- * Get additional context fields for GraphQL
633
+ * Verify that the credential still exists on the Renown API.
634
+ *
635
+ * Results are cached per (address, chainId, issuer) for a short TTL so the
636
+ * blocking external round-trip is not paid on every request. Concurrent
637
+ * checks for the same key share a single in-flight request, and entries
638
+ * that resolve to false are evicted immediately so failed or revoked
639
+ * credentials are re-checked on the next request.
847
640
  */
848
- getAdditionalContextFields(): {
849
- isAdmin: (address: string) => boolean;
850
- };
641
+ private verifyCredentialExists;
851
642
  /**
852
- * Get user context for GraphQL
643
+ * Enforce the cache size cap before inserting a new entry: drop expired
644
+ * entries first, then evict oldest-inserted entries (insertion order
645
+ * matches expiry order since the TTL is constant) until under the cap, so
646
+ * a flood of distinct keys cannot grow the map without bound.
853
647
  */
854
- getUserContext(user?: User): {
855
- user?: undefined;
856
- } | {
857
- user: {
858
- address: string;
859
- chainId: number;
860
- networkId: string;
861
- };
862
- };
648
+ private pruneCredentialCache;
863
649
  /**
864
- * Verify that the credential still exists on the Renown API
650
+ * Fetch the credential from the Renown API and validate it against the
651
+ * expected address, chainId and issuer. Never throws; returns false on any
652
+ * network or validation failure.
865
653
  */
866
- private verifyCredentialExists;
654
+ private fetchCredentialExists;
867
655
  }
868
656
  //#endregion
869
657
  //#region src/graphql/gateway/types.d.ts
@@ -1016,16 +804,14 @@ declare class GraphQLManager {
1016
804
  private readonly logger;
1017
805
  private readonly httpAdapter;
1018
806
  private readonly gatewayAdapter;
1019
- private readonly authConfig?;
807
+ private readonly authService?;
1020
808
  private readonly documentPermissionService?;
1021
809
  private readonly featureFlags;
1022
810
  private readonly port;
1023
- private readonly authorizationService?;
1024
811
  private initialized;
1025
812
  private coreSubgraphsMap;
1026
813
  private contextFields;
1027
814
  private readonly subgraphs;
1028
- private authService;
1029
815
  private readonly subgraphWsDisposers;
1030
816
  readonly driveOwnershipCache: DriveOwnershipCache;
1031
817
  /** Cached document models for schema generation - updated on init and regenerate */
@@ -1037,7 +823,8 @@ declare class GraphQLManager {
1037
823
  * it for reactor-drive parents.
1038
824
  */
1039
825
  readonly reactorDriveClient?: IDriveClient;
1040
- constructor(path: string, httpServer: http.Server, wsServer: WebSocketServer, reactorClient: IReactorClient, relationalDb: IRelationalDb, analyticsStore: IAnalyticsStore, syncManager: ISyncManager, logger: ILogger, httpAdapter: IHttpAdapter, gatewayAdapter: IGatewayAdapter<Context$1>, authConfig?: AuthConfig | undefined, documentPermissionService?: DocumentPermissionService | undefined, featureFlags?: GraphqlManagerFeatureFlags, port?: number, authorizationService?: AuthorizationService | undefined, reactorDriveClient?: IDriveClient);
826
+ private readonly authorizationService;
827
+ constructor(path: string, httpServer: http.Server, wsServer: WebSocketServer, reactorClient: IReactorClient, relationalDb: IRelationalDb, analyticsStore: IAnalyticsStore, syncManager: ISyncManager, logger: ILogger, httpAdapter: IHttpAdapter, gatewayAdapter: IGatewayAdapter<Context$1>, authService?: AuthService | undefined, documentPermissionService?: DocumentPermissionService | undefined, featureFlags?: GraphqlManagerFeatureFlags, port?: number, authorizationService?: IAuthorizationService, reactorDriveClient?: IDriveClient);
1041
828
  init(coreSubgraphs: SubgraphClass$1[], authMiddleware?: AuthFetchMiddleware): Promise<void>;
1042
829
  /**
1043
830
  * Regenerate document model subgraphs when models are dynamically loaded.
@@ -1053,6 +840,12 @@ declare class GraphQLManager {
1053
840
  * Get the base path used for subgraph registration.
1054
841
  */
1055
842
  getBasePath(): string;
843
+ /**
844
+ * Get the authorization service shared with subgraphs. Use this when
845
+ * constructing a subgraph instance externally for
846
+ * {@link registerSubgraphInstance}.
847
+ */
848
+ getAuthorizationService(): IAuthorizationService;
1056
849
  registerSubgraph(subgraph: SubgraphClass$1, supergraph?: string, core?: boolean): Promise<ISubgraph$1>;
1057
850
  updateRouter: (immediate?: boolean) => Promise<void>;
1058
851
  private _updateRouter;
@@ -1091,6 +884,10 @@ interface IReactorProcessorHostModule extends IProcessorHostModule {
1091
884
  client: IReactorClient;
1092
885
  attachments: IAttachmentClient;
1093
886
  }
887
+ type ReadinessGate = {
888
+ isReady: () => boolean;
889
+ markReady: () => void;
890
+ };
1094
891
  type API = {
1095
892
  httpAdapter: IHttpAdapter;
1096
893
  graphqlManager: GraphQLManager$1;
@@ -1323,7 +1120,6 @@ type Scalars = {
1323
1120
  };
1324
1121
  };
1325
1122
  type Action = {
1326
- readonly attachments?: Maybe<ReadonlyArray<Attachment>>;
1327
1123
  readonly context?: Maybe<ActionContext>;
1328
1124
  readonly id: Scalars["String"]["output"];
1329
1125
  readonly input: Scalars["JSONObject"]["output"];
@@ -1338,7 +1134,6 @@ type ActionContextInput = {
1338
1134
  readonly signer?: InputMaybe<ReactorSignerInput>;
1339
1135
  };
1340
1136
  type ActionInput = {
1341
- readonly attachments?: InputMaybe<ReadonlyArray<AttachmentInput>>;
1342
1137
  readonly context?: InputMaybe<ActionContextInput>;
1343
1138
  readonly id: Scalars["String"]["input"];
1344
1139
  readonly input: Scalars["JSONObject"]["input"];
@@ -1346,20 +1141,6 @@ type ActionInput = {
1346
1141
  readonly timestampUtcMs: Scalars["String"]["input"];
1347
1142
  readonly type: Scalars["String"]["input"];
1348
1143
  };
1349
- type Attachment = {
1350
- readonly data: Scalars["String"]["output"];
1351
- readonly extension?: Maybe<Scalars["String"]["output"]>;
1352
- readonly fileName?: Maybe<Scalars["String"]["output"]>;
1353
- readonly hash: Scalars["String"]["output"];
1354
- readonly mimeType: Scalars["String"]["output"];
1355
- };
1356
- type AttachmentInput = {
1357
- readonly data: Scalars["String"]["input"];
1358
- readonly extension?: InputMaybe<Scalars["String"]["input"]>;
1359
- readonly fileName?: InputMaybe<Scalars["String"]["input"]>;
1360
- readonly hash: Scalars["String"]["input"];
1361
- readonly mimeType: Scalars["String"]["input"];
1362
- };
1363
1144
  type ChannelMeta = {
1364
1145
  readonly id: Scalars["String"]["output"];
1365
1146
  };
@@ -1840,13 +1621,6 @@ type GetDocumentWithOperationsQuery = {
1840
1621
  readonly timestampUtcMs: string;
1841
1622
  readonly input: NonNullable<unknown>;
1842
1623
  readonly scope: string;
1843
- readonly attachments?: ReadonlyArray<{
1844
- readonly data: string;
1845
- readonly mimeType: string;
1846
- readonly hash: string;
1847
- readonly extension?: string | null | undefined;
1848
- readonly fileName?: string | null | undefined;
1849
- }> | null | undefined;
1850
1624
  readonly context?: {
1851
1625
  readonly signer?: {
1852
1626
  readonly signatures: ReadonlyArray<string>;
@@ -1974,13 +1748,6 @@ type GetDocumentOperationsQuery = {
1974
1748
  readonly timestampUtcMs: string;
1975
1749
  readonly input: NonNullable<unknown>;
1976
1750
  readonly scope: string;
1977
- readonly attachments?: ReadonlyArray<{
1978
- readonly data: string;
1979
- readonly mimeType: string;
1980
- readonly hash: string;
1981
- readonly extension?: string | null | undefined;
1982
- readonly fileName?: string | null | undefined;
1983
- }> | null | undefined;
1984
1751
  readonly context?: {
1985
1752
  readonly signer?: {
1986
1753
  readonly signatures: ReadonlyArray<string>;
@@ -2278,13 +2045,6 @@ type PollSyncEnvelopesQuery = {
2278
2045
  readonly timestampUtcMs: string;
2279
2046
  readonly input: NonNullable<unknown>;
2280
2047
  readonly scope: string;
2281
- readonly attachments?: ReadonlyArray<{
2282
- readonly data: string;
2283
- readonly mimeType: string;
2284
- readonly hash: string;
2285
- readonly extension?: string | null | undefined;
2286
- readonly fileName?: string | null | undefined;
2287
- }> | null | undefined;
2288
2048
  readonly context?: {
2289
2049
  readonly signer?: {
2290
2050
  readonly signatures: ReadonlyArray<string>;
@@ -2365,8 +2125,6 @@ type ResolversTypes = ResolversObject<{
2365
2125
  ActionContext: ResolverTypeWrapper<ActionContext>;
2366
2126
  ActionContextInput: ActionContextInput;
2367
2127
  ActionInput: ActionInput;
2368
- Attachment: ResolverTypeWrapper<Attachment>;
2369
- AttachmentInput: AttachmentInput;
2370
2128
  Boolean: ResolverTypeWrapper<Scalars["Boolean"]["output"]>;
2371
2129
  ChannelMeta: ResolverTypeWrapper<ChannelMeta>;
2372
2130
  ChannelMetaInput: ChannelMetaInput;
@@ -2425,8 +2183,6 @@ type ResolversParentTypes = ResolversObject<{
2425
2183
  ActionContext: ActionContext;
2426
2184
  ActionContextInput: ActionContextInput;
2427
2185
  ActionInput: ActionInput;
2428
- Attachment: Attachment;
2429
- AttachmentInput: AttachmentInput;
2430
2186
  Boolean: Scalars["Boolean"]["output"];
2431
2187
  ChannelMeta: ChannelMeta;
2432
2188
  ChannelMetaInput: ChannelMetaInput;
@@ -2477,7 +2233,6 @@ type ResolversParentTypes = ResolversObject<{
2477
2233
  ViewFilterInput: ViewFilterInput;
2478
2234
  }>;
2479
2235
  type ActionResolvers<ContextType = Context, ParentType extends ResolversParentTypes["Action"] = ResolversParentTypes["Action"]> = ResolversObject<{
2480
- attachments?: Resolver<Maybe<ReadonlyArray<ResolversTypes["Attachment"]>>, ParentType, ContextType>;
2481
2236
  context?: Resolver<Maybe<ResolversTypes["ActionContext"]>, ParentType, ContextType>;
2482
2237
  id?: Resolver<ResolversTypes["String"], ParentType, ContextType>;
2483
2238
  input?: Resolver<ResolversTypes["JSONObject"], ParentType, ContextType>;
@@ -2488,13 +2243,6 @@ type ActionResolvers<ContextType = Context, ParentType extends ResolversParentTy
2488
2243
  type ActionContextResolvers<ContextType = Context, ParentType extends ResolversParentTypes["ActionContext"] = ResolversParentTypes["ActionContext"]> = ResolversObject<{
2489
2244
  signer?: Resolver<Maybe<ResolversTypes["ReactorSigner"]>, ParentType, ContextType>;
2490
2245
  }>;
2491
- type AttachmentResolvers<ContextType = Context, ParentType extends ResolversParentTypes["Attachment"] = ResolversParentTypes["Attachment"]> = ResolversObject<{
2492
- data?: Resolver<ResolversTypes["String"], ParentType, ContextType>;
2493
- extension?: Resolver<Maybe<ResolversTypes["String"]>, ParentType, ContextType>;
2494
- fileName?: Resolver<Maybe<ResolversTypes["String"]>, ParentType, ContextType>;
2495
- hash?: Resolver<ResolversTypes["String"], ParentType, ContextType>;
2496
- mimeType?: Resolver<ResolversTypes["String"], ParentType, ContextType>;
2497
- }>;
2498
2246
  type ChannelMetaResolvers<ContextType = Context, ParentType extends ResolversParentTypes["ChannelMeta"] = ResolversParentTypes["ChannelMeta"]> = ResolversObject<{
2499
2247
  id?: Resolver<ResolversTypes["String"], ParentType, ContextType>;
2500
2248
  }>;
@@ -2676,7 +2424,6 @@ type TouchChannelResultResolvers<ContextType = Context, ParentType extends Resol
2676
2424
  type Resolvers<ContextType = Context> = ResolversObject<{
2677
2425
  Action?: ActionResolvers<ContextType>;
2678
2426
  ActionContext?: ActionContextResolvers<ContextType>;
2679
- Attachment?: AttachmentResolvers<ContextType>;
2680
2427
  ChannelMeta?: ChannelMetaResolvers<ContextType>;
2681
2428
  DateTime?: GraphQLScalarType;
2682
2429
  DeadLetterInfo?: DeadLetterInfoResolvers<ContextType>;
@@ -2716,7 +2463,6 @@ declare const PropagationModeSchema: z$1.ZodEnum<typeof PropagationMode>;
2716
2463
  declare const SyncEnvelopeTypeSchema: z$1.ZodEnum<typeof SyncEnvelopeType>;
2717
2464
  declare function ActionContextInputSchema(): z$1.ZodObject<Properties<ActionContextInput>>;
2718
2465
  declare function ActionInputSchema(): z$1.ZodObject<Properties<ActionInput>>;
2719
- declare function AttachmentInputSchema(): z$1.ZodObject<Properties<AttachmentInput>>;
2720
2466
  declare function ChannelMetaInputSchema(): z$1.ZodObject<Properties<ChannelMetaInput>>;
2721
2467
  declare function DocumentOperationsFilterInputSchema(): z$1.ZodObject<Properties<DocumentOperationsFilterInput>>;
2722
2468
  declare function OperationContextInputSchema(): z$1.ZodObject<Properties<OperationContextInput>>;
@@ -3054,6 +2800,17 @@ type Options = {
3054
2800
  attachmentStoragePath?: string;
3055
2801
  };
3056
2802
  type ProcessorInitializer = ProcessorFactoryBuilder;
2803
+ /**
2804
+ * Doc-perms require auth: with auth off no `user` is ever resolved, so every
2805
+ * authorization check fails closed. Refuse to boot rather than run broken.
2806
+ */
2807
+ declare function assertAuthRequiredForDocumentPermissions(authEnabled: boolean, documentPermissionsRequested: boolean): void;
2808
+ /**
2809
+ * Refuses SKIP_CREDENTIAL_VERIFICATION at boot outside tests or an explicit
2810
+ * opt-in: it removes the only binding between a token's claimed address and its
2811
+ * signing key. Fail-closed — unset NODE_ENV counts as production.
2812
+ */
2813
+ declare function assertSkipCredentialVerificationAllowed(authEnabled: boolean, skipCredentialVerification: boolean, env: NodeJS.ProcessEnv): void;
3057
2814
  /**
3058
2815
  * Initializes and starts the API server using an initializer function.
3059
2816
  * This function first loads packages to get document models, then calls the initializer function
@@ -3077,6 +2834,7 @@ declare function initializeAndStartAPI(clientInitializer: (documentModels: Docum
3077
2834
  client: IReactorClient;
3078
2835
  syncManager: ISyncManager;
3079
2836
  documentModelRegistry: IDocumentModelRegistry;
2837
+ readiness: ReadinessGate;
3080
2838
  }>;
3081
2839
  //#endregion
3082
2840
  //#region src/utils/create-schema.d.ts
@@ -3112,5 +2870,5 @@ interface DocumentModelSchemaOptions {
3112
2870
  */
3113
2871
  declare function generateDocumentModelSchema(documentModel: DocumentModelGlobalState$1, options?: DocumentModelSchemaOptions): DocumentNode;
3114
2872
  //#endregion
3115
- export { ADMIN_USERS, API, Action, ActionContext, ActionContextInput, ActionContextInputSchema, ActionContextResolvers, ActionInput, ActionInputSchema, ActionResolvers, AddRelationshipDocument, AddRelationshipMutation, AddRelationshipMutationVariables, AnalyticsSubgraph, Attachment, AttachmentInput, AttachmentInputSchema, AttachmentResolvers, AuthConfig, AuthContext, AuthFetchMiddleware, AuthService, AuthSubgraph, BaseSubgraph, ChannelMeta, ChannelMetaInput, ChannelMetaInputSchema, ChannelMetaResolvers, ClientInitializerResult, Context, CreateDocumentDocument, CreateDocumentMutation, CreateDocumentMutationVariables, CreateEmptyDocumentDocument, CreateEmptyDocumentMutation, CreateEmptyDocumentMutationVariables, DateTimeScalarConfig, DbClient, DeadLetterInfo, DeadLetterInfoResolvers, DeleteDocumentDocument, DeleteDocumentMutation, DeleteDocumentMutationVariables, DeleteDocumentsDocument, DeleteDocumentsMutation, DeleteDocumentsMutationVariables, DirectiveResolverFn, DocumentChangeContext, DocumentChangeContextResolvers, DocumentChangeEvent, DocumentChangeEventResolvers, DocumentChangeType, DocumentChangeTypeSchema, DocumentChangesDocument, DocumentChangesSubscription, DocumentChangesSubscriptionVariables, DocumentGroupPermissionEntry, DocumentGroupPermissionTable, DocumentModelGlobalState, DocumentModelGlobalStateResolvers, DocumentModelResultPage, DocumentModelResultPageResolvers, DocumentModelSchemaOptions, DocumentOperationsFilterInput, DocumentOperationsFilterInputSchema, DocumentPermissionConfig, DocumentPermissionDatabase, DocumentPermissionEntry, DocumentPermissionLevel, DocumentPermissionService, DocumentPermissionTable, DocumentProtectionTable, DocumentWithChildren, DocumentWithChildrenResolvers, Exact, FetchHandler, FindDocumentsDocument, FindDocumentsQuery, FindDocumentsQueryVariables, GatewayAdapterType, GatewayContextFactory, GetDocumentDocument, GetDocumentIncomingRelationshipsDocument, GetDocumentIncomingRelationshipsQuery, GetDocumentIncomingRelationshipsQueryVariables, GetDocumentModelsDocument, GetDocumentModelsQuery, GetDocumentModelsQueryVariables, GetDocumentOperationsDocument, GetDocumentOperationsQuery, GetDocumentOperationsQueryVariables, GetDocumentOutgoingRelationshipsDocument, GetDocumentOutgoingRelationshipsQuery, GetDocumentOutgoingRelationshipsQueryVariables, GetDocumentQuery, GetDocumentQueryVariables, GetDocumentWithOperationsDocument, GetDocumentWithOperationsQuery, GetDocumentWithOperationsQueryVariables, GetJobStatusDocument, GetJobStatusQuery, GetJobStatusQueryVariables, GetParentIdsFn, GqlDocument, GqlDriveDocument, GqlOperation, GqlOperationContext, GqlSigner, GqlSignerApp, GqlSignerUser, GraphQLManager, GraphqlManagerFeatureFlags, Group, GroupTable, HttpAdapterSetup, HttpAdapterType, HttpDocumentModelLoader, HttpPackageLoader, HttpPackageLoaderLogger, HttpPackageLoaderOptions, IGatewayAdapter, IHttpAdapter, type IPackageLoader, type IPackageLoaderOptions, IPackageStorage, IReactorProcessorHostModule, ISubgraph, ImportPackageLoader, InMemoryPackageStorage, Incremental, InputMaybe, InstallPackageResult, InstalledPackageInfo, IsTypeOfResolverFn, JobChangeEvent, JobChangeEventResolvers, JobChangesDocument, JobChangesSubscription, JobChangesSubscriptionVariables, JobInfo, JobInfoResolvers, JsonObjectScalarConfig, MakeEmpty, MakeMaybe, MakeOptional, Maybe, MoveRelationshipDocument, MoveRelationshipMutation, MoveRelationshipMutationVariables, MoveRelationshipResult, MoveRelationshipResultResolvers, MutateDocumentAsyncDocument, MutateDocumentAsyncMutation, MutateDocumentAsyncMutationVariables, MutateDocumentDocument, MutateDocumentMutation, MutateDocumentMutationVariables, Mutation, MutationAddRelationshipArgs, MutationCreateDocumentArgs, MutationCreateEmptyDocumentArgs, MutationDeleteDocumentArgs, MutationDeleteDocumentsArgs, MutationMoveRelationshipArgs, MutationMutateDocumentArgs, MutationMutateDocumentAsyncArgs, MutationPushSyncEnvelopesArgs, MutationRemoveRelationshipArgs, MutationRenameDocumentArgs, MutationResolvers, MutationSetPreferredEditorArgs, MutationTouchChannelArgs, NextResolverFn, OperationContext, OperationContextInput, OperationContextInputSchema, OperationContextResolvers, OperationGroupPermissionEntry, OperationGroupPermissionTable, OperationInput, OperationInputSchema, OperationUserPermissionEntry, OperationUserPermissionTable, OperationWithContext, OperationWithContextInput, OperationWithContextInputSchema, OperationWithContextResolvers, OperationsFilterInput, OperationsFilterInputSchema, PackageManagementService, PackageManagementServiceOptions, PackageManager, PackagesSubgraph, type PackagesSubgraphArgs, PagingInput, PagingInputSchema, type ParsedDriveUrl, PgliteFactory, PhDocument, PhDocumentFieldsFragment, PhDocumentFieldsFragmentDoc, PhDocumentOperationsArgs, PhDocumentResolvers, PhDocumentResultPage, PhDocumentResultPageResolvers, PollSyncEnvelopesDocument, PollSyncEnvelopesQuery, PollSyncEnvelopesQueryVariables, PollSyncEnvelopesResult, PollSyncEnvelopesResultResolvers, Processor, ProcessorDriveFactory, ProcessorFactoryBuilder, PropagationMode, PropagationModeSchema, PushSyncEnvelopesDocument, PushSyncEnvelopesMutation, PushSyncEnvelopesMutationVariables, Query, QueryDocumentArgs, QueryDocumentIncomingRelationshipsArgs, QueryDocumentModelsArgs, QueryDocumentOperationsArgs, QueryDocumentOutgoingRelationshipsArgs, QueryFindDocumentsArgs, QueryJobStatusArgs, QueryPollSyncEnvelopesArgs, QueryResolvers, ReactorModule, ReactorOperation, ReactorOperationResolvers, ReactorOperationResultPage, ReactorOperationResultPageResolvers, ReactorSigner, ReactorSignerApp, ReactorSignerAppInput, ReactorSignerAppInputSchema, ReactorSignerAppResolvers, ReactorSignerInput, ReactorSignerInputSchema, ReactorSignerResolvers, ReactorSignerUser, ReactorSignerUserInput, ReactorSignerUserInputSchema, ReactorSignerUserResolvers, ReactorSubgraph, RemoteCursor, RemoteCursorInput, RemoteCursorInputSchema, RemoteCursorResolvers, RemoteFilterInput, RemoteFilterInputSchema, RemoveRelationshipDocument, RemoveRelationshipMutation, RemoveRelationshipMutationVariables, RenameDocumentDocument, RenameDocumentMutation, RenameDocumentMutationVariables, Requester, RequireFields, Resolver, ResolverFn, ResolverTypeWrapper, ResolverWithResolve, Resolvers, ResolversObject, ResolversParentTypes, ResolversTypes, Revision, RevisionResolvers, Scalars, Sdk, SearchFilterInput, SearchFilterInputSchema, SetPreferredEditorDocument, SetPreferredEditorMutation, SetPreferredEditorMutationVariables, SubgraphArgs, SubgraphClass, SubgraphDefinition, Subscription, SubscriptionDocumentChangesArgs, SubscriptionJobChangesArgs, SubscriptionObject, SubscriptionResolveFn, SubscriptionResolver, SubscriptionResolverObject, SubscriptionResolvers, SubscriptionSubscribeFn, SubscriptionSubscriberObject, SyncEnvelope, SyncEnvelopeInput, SyncEnvelopeInputSchema, SyncEnvelopeResolvers, SyncEnvelopeType, SyncEnvelopeTypeSchema, SystemSubgraph, TlsOptions, TouchChannelDocument, TouchChannelInput, TouchChannelInputSchema, TouchChannelMutation, TouchChannelMutationVariables, TouchChannelResult, TouchChannelResultResolvers, TypeResolveFn, User, UserGroupTable, ViewFilterInput, ViewFilterInputSchema, WithIndex, WsContextFactory, WsDisposer, buildGraphQlDocument, buildGraphQlDriveDocument, buildGraphqlOperation, buildGraphqlOperations, buildSubgraphSchemaModule, createAuthFetchMiddleware, createGatewayAdapter, createHttpAdapter, createMergedSchema, createReactorGraphQLClient, createSchema, definedNonNullAnySchema, driveIdFromUrl, extractSubgraphsFromModule, generateDocumentModelSchema, getAuthContext, getDbClient, getDocumentModelSchemaName, getDocumentModelTypeDefs, getGitHash, getGitUrl, getSdk, getUniqueDocumentModels, getVersion, initAnalyticsStoreSql, initializeAndStartAPI, isDefinedNonNullAny, isExpectedLoaderMiss, isSubgraphClass, parseDriveUrl, renderGraphqlPlayground };
2873
+ export { ADMIN_USERS, API, Action, ActionContext, ActionContextInput, ActionContextInputSchema, ActionContextResolvers, ActionInput, ActionInputSchema, ActionResolvers, AddRelationshipDocument, AddRelationshipMutation, AddRelationshipMutationVariables, AnalyticsSubgraph, AuthConfig, AuthContext, AuthFetchMiddleware, AuthService, AuthSubgraph, type AuthorizationConfig, AuthorizationPolicy, AuthorizedDocumentHandle, BaseSubgraph, type CanonicalDocumentId, ChannelMeta, ChannelMetaInput, ChannelMetaInputSchema, ChannelMetaResolvers, ClientInitializerResult, Context, CreateDocumentDocument, CreateDocumentMutation, CreateDocumentMutationVariables, CreateEmptyDocumentDocument, CreateEmptyDocumentMutation, CreateEmptyDocumentMutationVariables, DateTimeScalarConfig, DbClient, DeadLetterInfo, DeadLetterInfoResolvers, DeleteDocumentDocument, DeleteDocumentMutation, DeleteDocumentMutationVariables, DeleteDocumentsDocument, DeleteDocumentsMutation, DeleteDocumentsMutationVariables, DirectiveResolverFn, DocumentChangeContext, DocumentChangeContextResolvers, DocumentChangeEvent, DocumentChangeEventResolvers, DocumentChangeType, DocumentChangeTypeSchema, DocumentChangesDocument, DocumentChangesSubscription, DocumentChangesSubscriptionVariables, DocumentModelGlobalState, DocumentModelGlobalStateResolvers, DocumentModelResultPage, DocumentModelResultPageResolvers, DocumentModelSchemaOptions, DocumentOperationsFilterInput, DocumentOperationsFilterInputSchema, DocumentPermissionConfig, DocumentPermissionDatabase, DocumentPermissionEntry, DocumentPermissionLevel, DocumentPermissionService, DocumentPermissionTable, DocumentProtectionTable, DocumentWithChildren, DocumentWithChildrenResolvers, Exact, FetchHandler, FindDocumentsDocument, FindDocumentsQuery, FindDocumentsQueryVariables, GatewayAdapterType, GatewayContextFactory, GetDocumentDocument, GetDocumentIncomingRelationshipsDocument, GetDocumentIncomingRelationshipsQuery, GetDocumentIncomingRelationshipsQueryVariables, GetDocumentModelsDocument, GetDocumentModelsQuery, GetDocumentModelsQueryVariables, GetDocumentOperationsDocument, GetDocumentOperationsQuery, GetDocumentOperationsQueryVariables, GetDocumentOutgoingRelationshipsDocument, GetDocumentOutgoingRelationshipsQuery, GetDocumentOutgoingRelationshipsQueryVariables, GetDocumentQuery, GetDocumentQueryVariables, GetDocumentWithOperationsDocument, GetDocumentWithOperationsQuery, GetDocumentWithOperationsQueryVariables, GetJobStatusDocument, GetJobStatusQuery, GetJobStatusQueryVariables, GetParentIdsFn, GqlDocument, GqlDriveDocument, GqlOperation, GqlOperationContext, GqlSigner, GqlSignerApp, GqlSignerUser, GraphQLManager, GraphqlManagerFeatureFlags, HttpAdapterSetup, HttpAdapterType, HttpDocumentModelLoader, HttpPackageLoader, HttpPackageLoaderLogger, HttpPackageLoaderOptions, type IAuthorizationService, IGatewayAdapter, IHttpAdapter, type IPackageLoader, type IPackageLoaderOptions, IPackageStorage, IReactorProcessorHostModule, ISubgraph, ImportPackageLoader, InMemoryPackageStorage, Incremental, InputMaybe, InstallPackageResult, InstalledPackageInfo, IsTypeOfResolverFn, JobChangeEvent, JobChangeEventResolvers, JobChangesDocument, JobChangesSubscription, JobChangesSubscriptionVariables, JobInfo, JobInfoResolvers, JsonObjectScalarConfig, MakeEmpty, MakeMaybe, MakeOptional, Maybe, MoveRelationshipDocument, MoveRelationshipMutation, MoveRelationshipMutationVariables, MoveRelationshipResult, MoveRelationshipResultResolvers, MutateDocumentAsyncDocument, MutateDocumentAsyncMutation, MutateDocumentAsyncMutationVariables, MutateDocumentDocument, MutateDocumentMutation, MutateDocumentMutationVariables, Mutation, MutationAddRelationshipArgs, MutationCreateDocumentArgs, MutationCreateEmptyDocumentArgs, MutationDeleteDocumentArgs, MutationDeleteDocumentsArgs, MutationMoveRelationshipArgs, MutationMutateDocumentArgs, MutationMutateDocumentAsyncArgs, MutationPushSyncEnvelopesArgs, MutationRemoveRelationshipArgs, MutationRenameDocumentArgs, MutationResolvers, MutationSetPreferredEditorArgs, MutationTouchChannelArgs, NextResolverFn, OperationContext, OperationContextInput, OperationContextInputSchema, OperationContextResolvers, OperationInput, OperationInputSchema, OperationUserPermissionEntry, OperationUserPermissionTable, OperationWithContext, OperationWithContextInput, OperationWithContextInputSchema, OperationWithContextResolvers, OperationsFilterInput, OperationsFilterInputSchema, PackageManagementService, PackageManagementServiceOptions, PackageManager, PackagesSubgraph, type PackagesSubgraphArgs, PagingInput, PagingInputSchema, type ParsedDriveUrl, PgliteFactory, PhDocument, PhDocumentFieldsFragment, PhDocumentFieldsFragmentDoc, PhDocumentOperationsArgs, PhDocumentResolvers, PhDocumentResultPage, PhDocumentResultPageResolvers, PollSyncEnvelopesDocument, PollSyncEnvelopesQuery, PollSyncEnvelopesQueryVariables, PollSyncEnvelopesResult, PollSyncEnvelopesResultResolvers, Processor, ProcessorDriveFactory, ProcessorFactoryBuilder, PropagationMode, PropagationModeSchema, PushSyncEnvelopesDocument, PushSyncEnvelopesMutation, PushSyncEnvelopesMutationVariables, Query, QueryDocumentArgs, QueryDocumentIncomingRelationshipsArgs, QueryDocumentModelsArgs, QueryDocumentOperationsArgs, QueryDocumentOutgoingRelationshipsArgs, QueryFindDocumentsArgs, QueryJobStatusArgs, QueryPollSyncEnvelopesArgs, QueryResolvers, ReactorModule, ReactorOperation, ReactorOperationResolvers, ReactorOperationResultPage, ReactorOperationResultPageResolvers, ReactorSigner, ReactorSignerApp, ReactorSignerAppInput, ReactorSignerAppInputSchema, ReactorSignerAppResolvers, ReactorSignerInput, ReactorSignerInputSchema, ReactorSignerResolvers, ReactorSignerUser, ReactorSignerUserInput, ReactorSignerUserInputSchema, ReactorSignerUserResolvers, ReactorSubgraph, ReadinessGate, RemoteCursor, RemoteCursorInput, RemoteCursorInputSchema, RemoteCursorResolvers, RemoteFilterInput, RemoteFilterInputSchema, RemoveRelationshipDocument, RemoveRelationshipMutation, RemoveRelationshipMutationVariables, RenameDocumentDocument, RenameDocumentMutation, RenameDocumentMutationVariables, Requester, RequireFields, Resolver, ResolverFn, ResolverTypeWrapper, ResolverWithResolve, Resolvers, ResolversObject, ResolversParentTypes, ResolversTypes, Revision, RevisionResolvers, Scalars, Sdk, SearchFilterInput, SearchFilterInputSchema, SetPreferredEditorDocument, SetPreferredEditorMutation, SetPreferredEditorMutationVariables, SubgraphArgs, SubgraphClass, SubgraphDefinition, Subscription, SubscriptionDocumentChangesArgs, SubscriptionJobChangesArgs, SubscriptionObject, SubscriptionResolveFn, SubscriptionResolver, SubscriptionResolverObject, SubscriptionResolvers, SubscriptionSubscribeFn, SubscriptionSubscriberObject, SyncEnvelope, SyncEnvelopeInput, SyncEnvelopeInputSchema, SyncEnvelopeResolvers, SyncEnvelopeType, SyncEnvelopeTypeSchema, SystemSubgraph, TlsOptions, TouchChannelDocument, TouchChannelInput, TouchChannelInputSchema, TouchChannelMutation, TouchChannelMutationVariables, TouchChannelResult, TouchChannelResultResolvers, TypeResolveFn, User, ViewFilterInput, ViewFilterInputSchema, WithIndex, WsContextFactory, WsDisposer, assertAuthRequiredForDocumentPermissions, assertSkipCredentialVerificationAllowed, buildGraphQlDocument, buildGraphQlDriveDocument, buildGraphqlOperation, buildGraphqlOperations, buildSubgraphSchemaModule, createAuthFetchMiddleware, createGatewayAdapter, createHttpAdapter, createMergedSchema, createReactorGraphQLClient, createSchema, definedNonNullAnySchema, driveIdFromUrl, extractSubgraphsFromModule, generateDocumentModelSchema, getAuthContext, getDbClient, getDocumentModelSchemaName, getDocumentModelTypeDefs, getGitHash, getGitUrl, getSdk, getUniqueDocumentModels, getVersion, initAnalyticsStoreSql, initializeAndStartAPI, isDefinedNonNullAny, isExpectedLoaderMiss, isSubgraphClass, parseDriveUrl, renderGraphqlPlayground };
3116
2874
  //# sourceMappingURL=index.d.mts.map