npm - @selvajs/local-provider - Versions diffs - 0.11.0 - Mend

@selvajs/local-provider 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (295) hide show

package/LICENSE +21 -0
package/README.md +123 -0
package/dist/auth/LocalAuthProvider.d.ts +28 -0
package/dist/auth/LocalAuthProvider.d.ts.map +1 -0
package/dist/auth/LocalAuthProvider.js +142 -0
package/dist/auth/LocalAuthProvider.js.map +1 -0
package/dist/auth/__tests__/conformance.test.d.ts +2 -0
package/dist/auth/__tests__/conformance.test.d.ts.map +1 -0
package/dist/auth/__tests__/conformance.test.js +36 -0
package/dist/auth/__tests__/conformance.test.js.map +1 -0
package/dist/auth/hmac.d.ts +18 -0
package/dist/auth/hmac.d.ts.map +1 -0
package/dist/auth/hmac.js +41 -0
package/dist/auth/hmac.js.map +1 -0
package/dist/auth/index.d.ts +6 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +4 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/users.d.ts +38 -0
package/dist/auth/users.d.ts.map +1 -0
package/dist/auth/users.js +100 -0
package/dist/auth/users.js.map +1 -0
package/dist/compute/FilesystemComputeProvider.d.ts +16 -0
package/dist/compute/FilesystemComputeProvider.d.ts.map +1 -0
package/dist/compute/FilesystemComputeProvider.js +51 -0
package/dist/compute/FilesystemComputeProvider.js.map +1 -0
package/dist/compute/SingleComputeServerProvider.d.ts +15 -0
package/dist/compute/SingleComputeServerProvider.d.ts.map +1 -0
package/dist/compute/SingleComputeServerProvider.js +26 -0
package/dist/compute/SingleComputeServerProvider.js.map +1 -0
package/dist/compute/types.d.ts +30 -0
package/dist/compute/types.d.ts.map +1 -0
package/dist/compute/types.js +2 -0
package/dist/compute/types.js.map +1 -0
package/dist/computeServer/FilesystemComputeServerStore.d.ts +14 -0
package/dist/computeServer/FilesystemComputeServerStore.d.ts.map +1 -0
package/dist/computeServer/FilesystemComputeServerStore.js +35 -0
package/dist/computeServer/FilesystemComputeServerStore.js.map +1 -0
package/dist/computeServer/LocalComputeServerProvider.d.ts +18 -0
package/dist/computeServer/LocalComputeServerProvider.d.ts.map +1 -0
package/dist/computeServer/LocalComputeServerProvider.js +29 -0
package/dist/computeServer/LocalComputeServerProvider.js.map +1 -0
package/dist/computeServer/__tests__/conformance.test.d.ts +2 -0
package/dist/computeServer/__tests__/conformance.test.d.ts.map +1 -0
package/dist/computeServer/__tests__/conformance.test.js +20 -0
package/dist/computeServer/__tests__/conformance.test.js.map +1 -0
package/dist/computeServer/index.d.ts +2 -0
package/dist/computeServer/index.d.ts.map +1 -0
package/dist/computeServer/index.js +2 -0
package/dist/computeServer/index.js.map +1 -0
package/dist/data/LocalComputeServerStore.d.ts +72 -0
package/dist/data/LocalComputeServerStore.d.ts.map +1 -0
package/dist/data/LocalComputeServerStore.js +207 -0
package/dist/data/LocalComputeServerStore.js.map +1 -0
package/dist/data/LocalDataProvider.d.ts +47 -0
package/dist/data/LocalDataProvider.d.ts.map +1 -0
package/dist/data/LocalDataProvider.js +118 -0
package/dist/data/LocalDataProvider.js.map +1 -0
package/dist/data/LocalDefinitionMetaProvider.d.ts +22 -0
package/dist/data/LocalDefinitionMetaProvider.d.ts.map +1 -0
package/dist/data/LocalDefinitionMetaProvider.js +131 -0
package/dist/data/LocalDefinitionMetaProvider.js.map +1 -0
package/dist/data/LocalDefinitionStore.d.ts +33 -0
package/dist/data/LocalDefinitionStore.d.ts.map +1 -0
package/dist/data/LocalDefinitionStore.js +274 -0
package/dist/data/LocalDefinitionStore.js.map +1 -0
package/dist/data/LocalInviteStore.d.ts +23 -0
package/dist/data/LocalInviteStore.d.ts.map +1 -0
package/dist/data/LocalInviteStore.js +98 -0
package/dist/data/LocalInviteStore.js.map +1 -0
package/dist/data/LocalOrgStore.d.ts +67 -0
package/dist/data/LocalOrgStore.d.ts.map +1 -0
package/dist/data/LocalOrgStore.js +255 -0
package/dist/data/LocalOrgStore.js.map +1 -0
package/dist/data/LocalPlatformProjectGrantStore.d.ts +14 -0
package/dist/data/LocalPlatformProjectGrantStore.d.ts.map +1 -0
package/dist/data/LocalPlatformProjectGrantStore.js +62 -0
package/dist/data/LocalPlatformProjectGrantStore.js.map +1 -0
package/dist/data/LocalProjectStore.d.ts +30 -0
package/dist/data/LocalProjectStore.d.ts.map +1 -0
package/dist/data/LocalProjectStore.js +171 -0
package/dist/data/LocalProjectStore.js.map +1 -0
package/dist/data/LocalShareLinkStore.d.ts +39 -0
package/dist/data/LocalShareLinkStore.d.ts.map +1 -0
package/dist/data/LocalShareLinkStore.js +108 -0
package/dist/data/LocalShareLinkStore.js.map +1 -0
package/dist/data/__tests__/LocalDefinitionMetaProvider.test.d.ts +2 -0
package/dist/data/__tests__/LocalDefinitionMetaProvider.test.d.ts.map +1 -0
package/dist/data/__tests__/LocalDefinitionMetaProvider.test.js +21 -0
package/dist/data/__tests__/LocalDefinitionMetaProvider.test.js.map +1 -0
package/dist/data/__tests__/cascade.test.d.ts +2 -0
package/dist/data/__tests__/cascade.test.d.ts.map +1 -0
package/dist/data/__tests__/cascade.test.js +265 -0
package/dist/data/__tests__/cascade.test.js.map +1 -0
package/dist/data/__tests__/compute-server-conformance.test.d.ts +2 -0
package/dist/data/__tests__/compute-server-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/compute-server-conformance.test.js +21 -0
package/dist/data/__tests__/compute-server-conformance.test.js.map +1 -0
package/dist/data/__tests__/compute-server-encryption.test.d.ts +2 -0
package/dist/data/__tests__/compute-server-encryption.test.d.ts.map +1 -0
package/dist/data/__tests__/compute-server-encryption.test.js +131 -0
package/dist/data/__tests__/compute-server-encryption.test.js.map +1 -0
package/dist/data/__tests__/definition-conformance.test.d.ts +2 -0
package/dist/data/__tests__/definition-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/definition-conformance.test.js +20 -0
package/dist/data/__tests__/definition-conformance.test.js.map +1 -0
package/dist/data/__tests__/event-sink-conformance.test.d.ts +2 -0
package/dist/data/__tests__/event-sink-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/event-sink-conformance.test.js +24 -0
package/dist/data/__tests__/event-sink-conformance.test.js.map +1 -0
package/dist/data/__tests__/invite-conformance.test.d.ts +2 -0
package/dist/data/__tests__/invite-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/invite-conformance.test.js +21 -0
package/dist/data/__tests__/invite-conformance.test.js.map +1 -0
package/dist/data/__tests__/org-conformance.test.d.ts +2 -0
package/dist/data/__tests__/org-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/org-conformance.test.js +36 -0
package/dist/data/__tests__/org-conformance.test.js.map +1 -0
package/dist/data/__tests__/platform-project-grant-conformance.test.d.ts +2 -0
package/dist/data/__tests__/platform-project-grant-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/platform-project-grant-conformance.test.js +20 -0
package/dist/data/__tests__/platform-project-grant-conformance.test.js.map +1 -0
package/dist/data/__tests__/project-conformance.test.d.ts +2 -0
package/dist/data/__tests__/project-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/project-conformance.test.js +53 -0
package/dist/data/__tests__/project-conformance.test.js.map +1 -0
package/dist/data/__tests__/rules.test.d.ts +2 -0
package/dist/data/__tests__/rules.test.d.ts.map +1 -0
package/dist/data/__tests__/rules.test.js +484 -0
package/dist/data/__tests__/rules.test.js.map +1 -0
package/dist/data/__tests__/share-link-conformance.test.d.ts +2 -0
package/dist/data/__tests__/share-link-conformance.test.d.ts.map +1 -0
package/dist/data/__tests__/share-link-conformance.test.js +20 -0
package/dist/data/__tests__/share-link-conformance.test.js.map +1 -0
package/dist/data/fsJson.d.ts +12 -0
package/dist/data/fsJson.d.ts.map +1 -0
package/dist/data/fsJson.js +29 -0
package/dist/data/fsJson.js.map +1 -0
package/dist/data/index.d.ts +13 -0
package/dist/data/index.d.ts.map +1 -0
package/dist/data/index.js +9 -0
package/dist/data/index.js.map +1 -0
package/dist/data/pagination.d.ts +15 -0
package/dist/data/pagination.d.ts.map +1 -0
package/dist/data/pagination.js +36 -0
package/dist/data/pagination.js.map +1 -0
package/dist/data/secretCrypto.d.ts +23 -0
package/dist/data/secretCrypto.d.ts.map +1 -0
package/dist/data/secretCrypto.js +64 -0
package/dist/data/secretCrypto.js.map +1 -0
package/dist/data/userData.d.ts +40 -0
package/dist/data/userData.d.ts.map +1 -0
package/dist/data/userData.js +84 -0
package/dist/data/userData.js.map +1 -0
package/dist/definitions/LocalDefinitionMetaProvider.d.ts +27 -0
package/dist/definitions/LocalDefinitionMetaProvider.d.ts.map +1 -0
package/dist/definitions/LocalDefinitionMetaProvider.js +188 -0
package/dist/definitions/LocalDefinitionMetaProvider.js.map +1 -0
package/dist/definitions/__tests__/conformance.test.d.ts +2 -0
package/dist/definitions/__tests__/conformance.test.d.ts.map +1 -0
package/dist/definitions/__tests__/conformance.test.js +20 -0
package/dist/definitions/__tests__/conformance.test.js.map +1 -0
package/dist/definitions/index.d.ts +2 -0
package/dist/definitions/index.d.ts.map +1 -0
package/dist/definitions/index.js +2 -0
package/dist/definitions/index.js.map +1 -0
package/dist/definitions/providers/filesystem-files.d.ts +24 -0
package/dist/definitions/providers/filesystem-files.d.ts.map +1 -0
package/dist/definitions/providers/filesystem-files.js +170 -0
package/dist/definitions/providers/filesystem-files.js.map +1 -0
package/dist/definitions/providers/filesystem-meta.d.ts +17 -0
package/dist/definitions/providers/filesystem-meta.d.ts.map +1 -0
package/dist/definitions/providers/filesystem-meta.js +216 -0
package/dist/definitions/providers/filesystem-meta.js.map +1 -0
package/dist/fsJson.d.ts +12 -0
package/dist/fsJson.d.ts.map +1 -0
package/dist/fsJson.js +29 -0
package/dist/fsJson.js.map +1 -0
package/dist/index.d.ts +13 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +16 -0
package/dist/index.js.map +1 -0
package/dist/invites/LocalInviteProvider.d.ts +24 -0
package/dist/invites/LocalInviteProvider.d.ts.map +1 -0
package/dist/invites/LocalInviteProvider.js +89 -0
package/dist/invites/LocalInviteProvider.js.map +1 -0
package/dist/invites/__tests__/conformance.test.d.ts +2 -0
package/dist/invites/__tests__/conformance.test.d.ts.map +1 -0
package/dist/invites/__tests__/conformance.test.js +21 -0
package/dist/invites/__tests__/conformance.test.js.map +1 -0
package/dist/organizations/LocalOrganizationProvider.d.ts +41 -0
package/dist/organizations/LocalOrganizationProvider.d.ts.map +1 -0
package/dist/organizations/LocalOrganizationProvider.js +198 -0
package/dist/organizations/LocalOrganizationProvider.js.map +1 -0
package/dist/organizations/__tests__/conformance.test.d.ts +2 -0
package/dist/organizations/__tests__/conformance.test.d.ts.map +1 -0
package/dist/organizations/__tests__/conformance.test.js +20 -0
package/dist/organizations/__tests__/conformance.test.js.map +1 -0
package/dist/organizations/index.d.ts +2 -0
package/dist/organizations/index.d.ts.map +1 -0
package/dist/organizations/index.js +2 -0
package/dist/organizations/index.js.map +1 -0
package/dist/pagination.d.ts +15 -0
package/dist/pagination.d.ts.map +1 -0
package/dist/pagination.js +36 -0
package/dist/pagination.js.map +1 -0
package/dist/permissions/LocalPlatformPermissionStore.d.ts +39 -0
package/dist/permissions/LocalPlatformPermissionStore.d.ts.map +1 -0
package/dist/permissions/LocalPlatformPermissionStore.js +117 -0
package/dist/permissions/LocalPlatformPermissionStore.js.map +1 -0
package/dist/permissions/__tests__/conformance.test.d.ts +2 -0
package/dist/permissions/__tests__/conformance.test.d.ts.map +1 -0
package/dist/permissions/__tests__/conformance.test.js +37 -0
package/dist/permissions/__tests__/conformance.test.js.map +1 -0
package/dist/permissions/index.d.ts +2 -0
package/dist/permissions/index.d.ts.map +1 -0
package/dist/permissions/index.js +2 -0
package/dist/permissions/index.js.map +1 -0
package/dist/projects/LocalProjectProvider.d.ts +21 -0
package/dist/projects/LocalProjectProvider.d.ts.map +1 -0
package/dist/projects/LocalProjectProvider.js +125 -0
package/dist/projects/LocalProjectProvider.js.map +1 -0
package/dist/projects/__tests__/conformance.test.d.ts +2 -0
package/dist/projects/__tests__/conformance.test.d.ts.map +1 -0
package/dist/projects/__tests__/conformance.test.js +44 -0
package/dist/projects/__tests__/conformance.test.js.map +1 -0
package/dist/projects/index.d.ts +2 -0
package/dist/projects/index.d.ts.map +1 -0
package/dist/projects/index.js +2 -0
package/dist/projects/index.js.map +1 -0
package/dist/storage/LocalStorageProvider.d.ts +27 -0
package/dist/storage/LocalStorageProvider.d.ts.map +1 -0
package/dist/storage/LocalStorageProvider.js +74 -0
package/dist/storage/LocalStorageProvider.js.map +1 -0
package/dist/storage/__tests__/conformance.test.d.ts +2 -0
package/dist/storage/__tests__/conformance.test.d.ts.map +1 -0
package/dist/storage/__tests__/conformance.test.js +20 -0
package/dist/storage/__tests__/conformance.test.js.map +1 -0
package/dist/storage/index.d.ts +2 -0
package/dist/storage/index.d.ts.map +1 -0
package/dist/storage/index.js +2 -0
package/dist/storage/index.js.map +1 -0
package/dist/userProfile/LocalUserProfileProvider.d.ts +25 -0
package/dist/userProfile/LocalUserProfileProvider.d.ts.map +1 -0
package/dist/userProfile/LocalUserProfileProvider.js +110 -0
package/dist/userProfile/LocalUserProfileProvider.js.map +1 -0
package/dist/userProfile/__tests__/conformance.test.d.ts +2 -0
package/dist/userProfile/__tests__/conformance.test.d.ts.map +1 -0
package/dist/userProfile/__tests__/conformance.test.js +40 -0
package/dist/userProfile/__tests__/conformance.test.js.map +1 -0
package/dist/userProfile/index.d.ts +2 -0
package/dist/userProfile/index.d.ts.map +1 -0
package/dist/userProfile/index.js +2 -0
package/dist/userProfile/index.js.map +1 -0
package/package.json +70 -0
package/src/README.md +37 -0
package/src/auth/LocalAuthProvider.ts +165 -0
package/src/auth/__tests__/conformance.test.ts +40 -0
package/src/auth/hmac.ts +53 -0
package/src/auth/index.ts +5 -0
package/src/auth/users.ts +151 -0
package/src/data/LocalComputeServerStore.ts +290 -0
package/src/data/LocalDataProvider.ts +148 -0
package/src/data/LocalDefinitionStore.ts +369 -0
package/src/data/LocalInviteStore.ts +117 -0
package/src/data/LocalOrgStore.ts +356 -0
package/src/data/LocalPlatformProjectGrantStore.ts +85 -0
package/src/data/LocalProjectStore.ts +274 -0
package/src/data/LocalShareLinkStore.ts +138 -0
package/src/data/__tests__/cascade.test.ts +300 -0
package/src/data/__tests__/compute-server-conformance.test.ts +26 -0
package/src/data/__tests__/compute-server-encryption.test.ts +185 -0
package/src/data/__tests__/definition-conformance.test.ts +23 -0
package/src/data/__tests__/event-sink-conformance.test.ts +28 -0
package/src/data/__tests__/invite-conformance.test.ts +24 -0
package/src/data/__tests__/org-conformance.test.ts +43 -0
package/src/data/__tests__/platform-project-grant-conformance.test.ts +24 -0
package/src/data/__tests__/project-conformance.test.ts +64 -0
package/src/data/__tests__/rules.test.ts +682 -0
package/src/data/__tests__/share-link-conformance.test.ts +23 -0
package/src/data/fsJson.ts +28 -0
package/src/data/index.ts +16 -0
package/src/data/pagination.ts +48 -0
package/src/data/secretCrypto.ts +69 -0
package/src/data/userData.ts +134 -0
package/src/index.ts +42 -0
package/src/permissions/LocalPlatformPermissionStore.ts +129 -0
package/src/permissions/__tests__/conformance.test.ts +40 -0
package/src/permissions/index.ts +1 -0
package/src/storage/LocalStorageProvider.ts +78 -0
package/src/storage/__tests__/conformance.test.ts +23 -0
package/src/storage/index.ts +1 -0
package/src/userProfile/LocalUserProfileProvider.ts +135 -0
package/src/userProfile/__tests__/conformance.test.ts +43 -0
package/src/userProfile/index.ts +1 -0

package/src/data/fsJson.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+/**
+ * Read a JSON file, returning a fallback if the file does not exist.
+ * Any other error propagates.
+ */
+export async function readJsonFile<T>(filePath: string, fallback: T): Promise<T> {
+	try {
+		const raw = await fs.readFile(filePath, 'utf-8');
+		return JSON.parse(raw) as T;
+	} catch (err) {
+		if ((err as NodeJS.ErrnoException).code === 'ENOENT') return fallback;
+		throw err;
+	}
+}
+/**
+ * Atomically write JSON: ensure the parent directory exists, write to a
+ * sibling .tmp file, then rename into place. Prevents partial writes from
+ * corrupting the target on crash or interrupt.
+ */
+export async function writeJsonFile<T>(filePath: string, data: T): Promise<void> {
+	await fs.mkdir(path.dirname(filePath), { recursive: true });
+	const tmp = `${filePath}.tmp`;
+	await fs.writeFile(tmp, JSON.stringify(data, null, '\t'), 'utf-8');
+	await fs.rename(tmp, filePath);
+}

package/src/data/index.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export { LocalOrgStore, LocalOrgStoreLoader } from './LocalOrgStore.js';
+export type { LocalOrgStoreData, LocalOrgStoreOptions } from './LocalOrgStore.js';
+export { LocalProjectStore } from './LocalProjectStore.js';
+export type { LocalProjectStoreOptions } from './LocalProjectStore.js';
+export { LocalDefinitionStore } from './LocalDefinitionStore.js';
+export { LocalInviteStore } from './LocalInviteStore.js';
+export { LocalComputeServerStore } from './LocalComputeServerStore.js';
+export type {
+	SecretVerificationFailure,
+	SecretVerificationFailureReason,
+	SecretVerificationReport
+} from './LocalComputeServerStore.js';
+export { LocalShareLinkStore } from './LocalShareLinkStore.js';
+export type { LocalShareLinkStoreOptions } from './LocalShareLinkStore.js';
+export { LocalPlatformProjectGrantStore } from './LocalPlatformProjectGrantStore.js';
+export { LocalDataProvider } from './LocalDataProvider.js';

package/src/data/pagination.ts ADDED Viewed

@@ -0,0 +1,48 @@
+import {
+	DEFAULT_PAGE_LIMIT,
+	MAX_PAGE_LIMIT,
+	type ListOptions,
+	type DefinitionListOptions,
+	type Page
+} from '@selvajs/platform';
+type AnyListOptions = ListOptions | DefinitionListOptions;
+/**
+ * In-memory pagination for filesystem-backed adapters.
+ * Cursor is an offset encoded as a string. Good enough for single-node local use.
+ */
+export function paginate<T>(items: T[], opts?: AnyListOptions): Page<T> {
+	const limit = Math.min(Math.max(1, opts?.limit ?? DEFAULT_PAGE_LIMIT), MAX_PAGE_LIMIT);
+	const offset = opts?.cursor ? parseInt(opts.cursor, 10) || 0 : 0;
+	const slice = items.slice(offset, offset + limit);
+	const nextOffset = offset + slice.length;
+	return {
+		items: slice,
+		nextCursor: nextOffset < items.length ? String(nextOffset) : undefined
+	};
+}
+/**
+ * Sort a list in place per ListOptions. Mutates the input.
+ * Pass `keyFn` to customize how the comparison value is derived (e.g. nested
+ * fields, case-folded strings).
+ */
+export function applyOrder<T>(
+	items: T[],
+	opts?: AnyListOptions,
+	keyFn: (item: T, field: string) => unknown = (item, field) =>
+		(item as Record<string, unknown>)[field]
+): T[] {
+	const field = opts?.orderBy ?? 'createdAt';
+	const dir = opts?.orderDir ?? 'desc';
+	const mul = dir === 'asc' ? 1 : -1;
+	items.sort((a, b) => {
+		const av = (keyFn(a, field) ?? '') as string | number;
+		const bv = (keyFn(b, field) ?? '') as string | number;
+		if (av < bv) return -1 * mul;
+		if (av > bv) return 1 * mul;
+		return 0;
+	});
+	return items;
+}

package/src/data/secretCrypto.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { randomBytes, createCipheriv, createDecipheriv } from 'node:crypto';
+const ALGO = 'aes-256-gcm';
+const IV_BYTES = 12;
+const TAG_BYTES = 16;
+const PREFIX = 'enc:v1:';
+/**
+ * AES-256-GCM envelope for at-rest secrets (e.g. compute API keys).
+ *
+ * On-disk format: `enc:v1:<base64(iv|tag|ciphertext)>`. The version prefix
+ * lets us migrate to a new algorithm later without ambiguity. Plaintext
+ * never sits on disk.
+ *
+ * Security model: defends against backup leaks, accidental file sharing,
+ * and read-only disk access. An attacker with both the data file *and*
+ * the master key (env var, process memory) can still decrypt — this is
+ * encryption at rest, not a secret manager.
+ */
+export function isEncryptedSecret(value: string): boolean {
+	return value.startsWith(PREFIX);
+}
+export function encryptSecret(plaintext: string, key: Buffer): string {
+	if (key.length !== 32) {
+		throw new Error(`Secret key must be 32 bytes; got ${key.length}`);
+	}
+	if (isEncryptedSecret(plaintext)) {
+		throw new Error('Refusing to encrypt a value that is already encrypted');
+	}
+	const iv = randomBytes(IV_BYTES);
+	const cipher = createCipheriv(ALGO, key, iv);
+	const ciphertext = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+	const tag = cipher.getAuthTag();
+	return PREFIX + Buffer.concat([iv, tag, ciphertext]).toString('base64');
+}
+export function decryptSecret(envelope: string, key: Buffer): string {
+	if (key.length !== 32) {
+		throw new Error(`Secret key must be 32 bytes; got ${key.length}`);
+	}
+	if (!isEncryptedSecret(envelope)) {
+		throw new Error('Value is not an encrypted secret envelope');
+	}
+	const buf = Buffer.from(envelope.slice(PREFIX.length), 'base64');
+	const iv = buf.subarray(0, IV_BYTES);
+	const tag = buf.subarray(IV_BYTES, IV_BYTES + TAG_BYTES);
+	const ciphertext = buf.subarray(IV_BYTES + TAG_BYTES);
+	const decipher = createDecipheriv(ALGO, key, iv);
+	decipher.setAuthTag(tag);
+	return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString('utf8');
+}
+/**
+ * Decode a `SELVA_AT_REST_KEY` env var into a 32-byte buffer. Accepts either
+ * 64-char hex or base64 (with or without padding). Throws on anything else
+ * so misconfiguration fails loudly at boot rather than silently producing
+ * an undecryptable file.
+ */
+export function decodeSecretKey(raw: string): Buffer {
+	if (/^[0-9a-fA-F]{64}$/.test(raw)) return Buffer.from(raw, 'hex');
+	const buf = Buffer.from(raw, 'base64');
+	if (buf.length === 32) return buf;
+	throw new Error(
+		'SELVA_AT_REST_KEY must be 32 bytes encoded as 64-char hex or base64. ' +
+			"Generate one with: node -e \"console.log(require('crypto').randomBytes(32).toString('hex'))\""
+	);
+}

package/src/data/userData.ts ADDED Viewed

@@ -0,0 +1,134 @@
+import { ProviderError } from '@selvajs/platform';
+import type { PlatformPermission, RecentRun } from '@selvajs/platform';
+import { readJsonFile, writeJsonFile } from './fsJson.js';
+/**
+ * Per-user state owned by the data layer, keyed by the auth provider's user
+ * ID. Mirrors `public.user_profiles` in the Supabase schema. **Never holds
+ * identity** (email, password hash, createdAt) — those live with the auth
+ * provider, which may be anything from `LocalAuthProvider` to an external
+ * IdP like Eterna ID.
+ *
+ * The local equivalent of Supabase's `handle_new_auth_user` trigger lives in
+ * `hooks.server.ts`, which calls `IDataProvider.ensureUser` once per
+ * authenticated request. After that call, every read here is guaranteed to
+ * find a row.
+ */
+export interface StoredUserData {
+	userId: string;
+	displayName?: string;
+	platformPermissions: PlatformPermission[];
+	starredDefinitions: string[];
+	recentRuns: RecentRun[];
+}
+export interface UserDataFile {
+	users: StoredUserData[];
+}
+const MAX_RECENT_RUNS = 20;
+const empty = (): UserDataFile => ({ users: [] });
+function emptyRow(userId: string): StoredUserData {
+	return {
+		userId,
+		platformPermissions: [],
+		starredDefinitions: [],
+		recentRuns: []
+	};
+}
+export interface LocalUserDataStore {
+	/**
+	 * Idempotent. Adds an empty row if missing; no-op if present. Safe to call
+	 * on every authed request.
+	 */
+	ensure(userId: string): Promise<void>;
+	findById(userId: string): Promise<StoredUserData | null>;
+	listAll(): Promise<StoredUserData[]>;
+	updatePermissions(userId: string, permissions: PlatformPermission[]): Promise<void>;
+	updateDisplayName(userId: string, displayName: string | undefined): Promise<void>;
+	starDefinition(userId: string, definitionId: string): Promise<void>;
+	unstarDefinition(userId: string, definitionId: string): Promise<void>;
+	recordRun(userId: string, run: RecentRun): Promise<void>;
+	deleteUser(userId: string): Promise<void>;
+}
+export function createLocalUserDataStore(filePath: string): LocalUserDataStore {
+	async function findOrThrow(userId: string): Promise<{ file: UserDataFile; row: StoredUserData }> {
+		const file = await readJsonFile<UserDataFile>(filePath, empty());
+		const row = file.users.find((u) => u.userId === userId);
+		if (!row) throw new ProviderError(`User-data row "${userId}" not found`, 404);
+		return { file, row };
+	}
+	return {
+		async ensure(userId) {
+			const file = await readJsonFile<UserDataFile>(filePath, empty());
+			if (file.users.some((u) => u.userId === userId)) return;
+			file.users.push(emptyRow(userId));
+			await writeJsonFile(filePath, file);
+		},
+		async findById(userId) {
+			const { users } = await readJsonFile<UserDataFile>(filePath, empty());
+			return users.find((u) => u.userId === userId) ?? null;
+		},
+		async listAll() {
+			const { users } = await readJsonFile<UserDataFile>(filePath, empty());
+			return users;
+		},
+		async updatePermissions(userId, permissions) {
+			const { file, row } = await findOrThrow(userId);
+			row.platformPermissions = permissions;
+			await writeJsonFile(filePath, file);
+		},
+		async updateDisplayName(userId, displayName) {
+			const { file, row } = await findOrThrow(userId);
+			if (displayName === undefined) {
+				delete row.displayName;
+			} else {
+				row.displayName = displayName;
+			}
+			await writeJsonFile(filePath, file);
+		},
+		async starDefinition(userId, definitionId) {
+			const { file, row } = await findOrThrow(userId);
+			if (!row.starredDefinitions.includes(definitionId)) {
+				row.starredDefinitions.push(definitionId);
+				await writeJsonFile(filePath, file);
+			}
+		},
+		async unstarDefinition(userId, definitionId) {
+			const { file, row } = await findOrThrow(userId);
+			row.starredDefinitions = row.starredDefinitions.filter((d) => d !== definitionId);
+			await writeJsonFile(filePath, file);
+		},
+		async recordRun(userId, run) {
+			const { file, row } = await findOrThrow(userId);
+			// Remove older entry for same definition, then prepend newest.
+			row.recentRuns = [
+				run,
+				...row.recentRuns.filter((r) => r.definitionId !== run.definitionId)
+			].slice(0, MAX_RECENT_RUNS);
+			await writeJsonFile(filePath, file);
+		},
+		async deleteUser(userId) {
+			const file = await readJsonFile<UserDataFile>(filePath, empty());
+			const before = file.users.length;
+			file.users = file.users.filter((u) => u.userId !== userId);
+			if (file.users.length === before) {
+				throw new ProviderError(`User-data row "${userId}" not found`, 404);
+			}
+			await writeJsonFile(filePath, file);
+		}
+	};
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,42 @@
+// Auth — identity-only (auth-users.json)
+export { LocalAuthProvider } from './auth/LocalAuthProvider.js';
+export type { LocalAuthProviderConfig } from './auth/LocalAuthProvider.js';
+export { signHmacToken, verifyHmacToken } from './auth/hmac.js';
+export { hashPassword, verifyPasswordHash, createLocalAuthUserStore } from './auth/users.js';
+export type { StoredAuthUser, AuthUsersFile, LocalAuthUserStore } from './auth/users.js';
+// Data — class names use the `*Store` suffix to match the Supabase provider.
+export {
+	LocalDataProvider,
+	LocalOrgStore,
+	LocalOrgStoreLoader,
+	LocalProjectStore,
+	LocalDefinitionStore,
+	LocalInviteStore,
+	LocalComputeServerStore,
+	LocalShareLinkStore,
+	LocalPlatformProjectGrantStore
+} from './data/index.js';
+export type {
+	LocalOrgStoreData,
+	LocalOrgStoreOptions,
+	LocalProjectStoreOptions,
+	LocalShareLinkStoreOptions,
+	SecretVerificationFailure,
+	SecretVerificationFailureReason,
+	SecretVerificationReport
+} from './data/index.js';
+// Per-user data layer (user-data.json) — keyed by user ID, paired with any
+// auth provider. The permission and profile stores both read/write here.
+export { createLocalUserDataStore } from './data/userData.js';
+export type { LocalUserDataStore, StoredUserData, UserDataFile } from './data/userData.js';
+// Storage
+export { LocalStorageProvider } from './storage/LocalStorageProvider.js';
+// User profile
+export { LocalUserProfileProvider } from './userProfile/LocalUserProfileProvider.js';
+// Platform permissions (data-layer authorization store)
+export { LocalPlatformPermissionStore } from './permissions/LocalPlatformPermissionStore.js';

package/src/permissions/LocalPlatformPermissionStore.ts ADDED Viewed

@@ -0,0 +1,129 @@
+import * as path from 'node:path';
+import type {
+	IPlatformPermissionStore,
+	PlatformPermission,
+	RequestContext,
+	UserManagementResult
+} from '@selvajs/platform';
+import { ProviderError, hasPermission } from '@selvajs/platform';
+import { createLocalUserDataStore, type LocalUserDataStore } from '../data/userData.js';
+/**
+ * Filesystem-backed platform-permission store. Reads and writes the
+ * `platformPermissions` field on `user-data.json` — a data-layer file owned
+ * by `LocalDataProvider`, distinct from `auth-users.json` which the
+ * `LocalAuthProvider` owns. This split lets the local data layer pair with
+ * any auth provider (local, Supabase, Entra, Eterna, …): the data layer only
+ * cares about the user ID, never about how identity is stored.
+ *
+ * The "user is known to the data layer" precondition is established by
+ * `IDataProvider.ensureUser`, called from `hooks.server.ts` on every authed
+ * request — the local equivalent of the Supabase `handle_new_auth_user`
+ * trigger. After that call, `set` finds a row and `getFor` reads it; before
+ * it, `set` returns `not_found` (matching the conformance contract).
+ *
+ * Enforces:
+ *   - The §2 sole-`instance_admin` invariant on `set` (refuses to drop the
+ *     last admin)
+ *   - Authorization on read/write (`assertCanRead` / `assertCanWrite`)
+ *
+ * "Disabled" state lives on the auth provider's user record. The local
+ * provider's permission store can't see across that boundary, so the
+ * invariant counters here treat every row in `user-data.json` as enabled.
+ * Code that disables a user is expected to also drop their `instance_admin`
+ * grant via `set` (the §2 invariant kicks in there) before the auth-side
+ * disable lands — see `LocalAuthProvider.disableUser`.
+ */
+export class LocalPlatformPermissionStore implements IPlatformPermissionStore {
+	private readonly data: LocalUserDataStore;
+	static fromEnv(env: Record<string, string | undefined>): LocalPlatformPermissionStore {
+		if (!env.DATA_PATH) throw new Error('Missing required env var: DATA_PATH');
+		return new LocalPlatformPermissionStore(path.join(env.DATA_PATH, 'user-data.json'));
+	}
+	constructor(userDataFilePath: string) {
+		this.data = createLocalUserDataStore(userDataFilePath);
+	}
+	async getFor(ctx: RequestContext, userId: string): Promise<PlatformPermission[]> {
+		assertCanRead(ctx, userId);
+		const row = await this.data.findById(userId);
+		return row?.platformPermissions ?? [];
+	}
+	async getForBatch(
+		ctx: RequestContext,
+		userIds: readonly string[]
+	): Promise<Map<string, PlatformPermission[]>> {
+		assertCanReadBatch(ctx);
+		const all = await this.data.listAll();
+		const wanted = new Set(userIds);
+		const out = new Map<string, PlatformPermission[]>();
+		for (const u of all) {
+			if (wanted.has(u.userId)) out.set(u.userId, u.platformPermissions ?? []);
+		}
+		return out;
+	}
+	async set(
+		ctx: RequestContext,
+		userId: string,
+		permissions: readonly PlatformPermission[]
+	): Promise<UserManagementResult> {
+		assertAdmin(ctx);
+		const target = await this.data.findById(userId);
+		if (!target) return 'not_found';
+		const wasAdmin = target.platformPermissions.includes('instance_admin');
+		const willBeAdmin = permissions.includes('instance_admin');
+		if (wasAdmin && !willBeAdmin) {
+			const others = await this.countOtherAdmins(userId);
+			if (others === 0) return 'last_admin';
+		}
+		try {
+			await this.data.updatePermissions(userId, [...permissions]);
+			return 'ok';
+		} catch (err) {
+			if (err instanceof ProviderError && err.statusCode === 404) return 'not_found';
+			throw err;
+		}
+	}
+	async hasInstanceAdmin(_ctx: RequestContext): Promise<boolean> {
+		// First-run + invariant check — always allowed (read-only existence
+		// probe). The route layer decides what to do with the answer.
+		const all = await this.data.listAll();
+		return all.some((u) => u.platformPermissions.includes('instance_admin'));
+	}
+	async countInstanceAdminsExcluding(_ctx: RequestContext, excludeUserId: string): Promise<number> {
+		return this.countOtherAdmins(excludeUserId);
+	}
+	private async countOtherAdmins(excludeUserId: string): Promise<number> {
+		const all = await this.data.listAll();
+		return all.filter(
+			(u) => u.userId !== excludeUserId && u.platformPermissions.includes('instance_admin')
+		).length;
+	}
+}
+function assertCanRead(ctx: RequestContext, userId: string): void {
+	if (ctx.system) return;
+	if (ctx.userId === userId) return;
+	if (hasPermission(ctx, 'instance_admin')) return;
+	throw new ProviderError('Forbidden: cannot read another user’s permissions', 403);
+}
+function assertAdmin(ctx: RequestContext): void {
+	if (ctx.system) return;
+	if (hasPermission(ctx, 'instance_admin')) return;
+	throw new ProviderError('Forbidden: instance admin required', 403);
+}
+function assertCanReadBatch(ctx: RequestContext): void {
+	if (ctx.system) return;
+	if (hasPermission(ctx, 'instance_admin')) return;
+	if (hasPermission(ctx, 'manage_instance_users')) return;
+	throw new ProviderError('Forbidden: instance admin or manage_instance_users required', 403);
+}

package/src/permissions/__tests__/conformance.test.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { describe, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { runPlatformPermissionStoreConformance } from '@selvajs/platform/testing';
+import { LocalPlatformPermissionStore } from '../LocalPlatformPermissionStore.js';
+import { createLocalUserDataStore } from '../../data/userData.js';
+import { randomUUID } from 'node:crypto';
+describe('LocalPlatformPermissionStore', () => {
+	let tempDir: string;
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-perm-test-'));
+	});
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+	runPlatformPermissionStoreConformance({
+		name: 'LocalPlatformPermissionStore',
+		createStore: async () => {
+			const userDataPath = path.join(tempDir, 'user-data.json');
+			const userData = createLocalUserDataStore(userDataPath);
+			const store = new LocalPlatformPermissionStore(userDataPath);
+			return {
+				store,
+				seedUser: async () => {
+					// Mirrors `IDataProvider.ensureUser` — produces a user the data
+					// layer knows about, regardless of which auth provider would
+					// hand out the ID in production.
+					const id = randomUUID();
+					await userData.ensure(id);
+					return id;
+				}
+			};
+		}
+	});
+});

package/src/permissions/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { LocalPlatformPermissionStore } from './LocalPlatformPermissionStore.js';

package/src/storage/LocalStorageProvider.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { transcodeImageIfNeeded } from '@selvajs/platform/storage';
+import type { IStorageProvider } from '@selvajs/platform/storage';
+/**
+ * Filesystem implementation of IStorageProvider.
+ * Files are stored under DATA_PATH/{path}.
+ * Images are auto-transcoded to WebP on put() via the shared platform helper
+ * (`transcodeImageIfNeeded`) — the same helper the Supabase adapter uses,
+ * so both providers produce identical bytes for the same upload.
+ */
+export class LocalStorageProvider implements IStorageProvider {
+	private readonly basePath: string;
+	private readonly publicUrlBase: string;
+	static fromEnv(env: Record<string, string | undefined>): LocalStorageProvider {
+		if (!env.DATA_PATH) throw new Error('Missing required env var: DATA_PATH');
+		return new LocalStorageProvider(env.DATA_PATH, '/api/files');
+	}
+	constructor(basePath: string, publicUrlBase = '/api/files') {
+		this.basePath = basePath;
+		this.publicUrlBase = publicUrlBase;
+	}
+	/**
+	 * Resolve a caller-provided path under basePath, rejecting anything that
+	 * would escape the root. Last line of defense against traversal — while
+	 * platform-side helpers (definitionPaths) also assert safe keys, this
+	 * adapter is reached by any IStorageProvider caller.
+	 */
+	private resolvePath(storagePath: string): string {
+		const base = path.resolve(this.basePath);
+		const full = path.resolve(base, storagePath);
+		if (full !== base && !full.startsWith(base + path.sep)) {
+			throw new Error(`Path escapes base: ${storagePath}`);
+		}
+		return full;
+	}
+	async get(storagePath: string): Promise<Uint8Array | null> {
+		try {
+			const buffer = await fs.readFile(this.resolvePath(storagePath));
+			return new Uint8Array(buffer);
+		} catch (err) {
+			if ((err as NodeJS.ErrnoException).code === 'ENOENT') return null;
+			throw err;
+		}
+	}
+	async put(storagePath: string, data: Uint8Array, contentType?: string): Promise<void> {
+		// Normalize images through the shared transcoder — rewrites `.png` → `.webp`,
+		// caps dimensions, and re-encodes at the platform's canonical quality.
+		// Non-images pass through untouched.
+		const transcoded = await transcodeImageIfNeeded(data, contentType, storagePath);
+		const fullPath = this.resolvePath(transcoded.path);
+		await fs.mkdir(path.dirname(fullPath), { recursive: true });
+		await fs.writeFile(fullPath, Buffer.from(transcoded.data));
+	}
+	async delete(storagePath: string): Promise<void> {
+		try {
+			await fs.unlink(this.resolvePath(storagePath));
+		} catch (err) {
+			if ((err as NodeJS.ErrnoException).code !== 'ENOENT') throw err;
+		}
+	}
+	async deletePrefix(prefix: string): Promise<void> {
+		const fullPath = this.resolvePath(prefix);
+		await fs.rm(fullPath, { recursive: true, force: true });
+	}
+	getPublicUrl(storagePath: string): string {
+		return `${this.publicUrlBase}/${storagePath}`;
+	}
+}

package/src/storage/__tests__/conformance.test.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { describe, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { runStorageProviderConformance } from '@selvajs/platform/testing';
+import { LocalStorageProvider } from '../LocalStorageProvider.js';
+describe('LocalStorageProvider', () => {
+	let tempDir: string;
+	beforeEach(async () => {
+		tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'selva-storage-test-'));
+	});
+	afterEach(async () => {
+		await fs.rm(tempDir, { recursive: true, force: true });
+	});
+	runStorageProviderConformance({
+		name: 'LocalStorageProvider',
+		createStorage: () => new LocalStorageProvider(tempDir)
+	});
+});

package/src/storage/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { LocalStorageProvider } from './LocalStorageProvider.js';