@spooky-sync/core 0.0.1-canary.9 → 0.0.1-canary.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (65) hide show
  1. package/AGENTS.md +56 -0
  2. package/dist/index.d.ts +907 -339
  3. package/dist/index.js +2837 -402
  4. package/dist/otel/index.d.ts +21 -0
  5. package/dist/otel/index.js +86 -0
  6. package/dist/types.d.ts +543 -0
  7. package/package.json +39 -9
  8. package/skills/sp00ky-core/SKILL.md +258 -0
  9. package/skills/sp00ky-core/references/auth.md +98 -0
  10. package/skills/sp00ky-core/references/config.md +76 -0
  11. package/src/build-globals.d.ts +12 -0
  12. package/src/events/events.test.ts +2 -1
  13. package/src/events/index.ts +3 -0
  14. package/src/index.ts +9 -2
  15. package/src/modules/auth/events/index.ts +2 -1
  16. package/src/modules/auth/index.ts +59 -20
  17. package/src/modules/cache/index.ts +41 -29
  18. package/src/modules/cache/types.ts +2 -2
  19. package/src/modules/crdt/crdt-field.ts +281 -0
  20. package/src/modules/crdt/crdt-hydration.test.ts +206 -0
  21. package/src/modules/crdt/index.ts +352 -0
  22. package/src/modules/data/data.status.test.ts +108 -0
  23. package/src/modules/data/index.ts +732 -109
  24. package/src/modules/data/window-query.test.ts +52 -0
  25. package/src/modules/data/window-query.ts +130 -0
  26. package/src/modules/devtools/index.ts +115 -21
  27. package/src/modules/devtools/versions.test.ts +74 -0
  28. package/src/modules/devtools/versions.ts +81 -0
  29. package/src/modules/feature-flag/index.ts +166 -0
  30. package/src/modules/ref-tables.test.ts +66 -0
  31. package/src/modules/ref-tables.ts +69 -0
  32. package/src/modules/sync/engine.ts +101 -37
  33. package/src/modules/sync/events/index.ts +9 -2
  34. package/src/modules/sync/queue/queue-down.ts +5 -4
  35. package/src/modules/sync/queue/queue-up.ts +14 -13
  36. package/src/modules/sync/scheduler.ts +40 -3
  37. package/src/modules/sync/sync.ts +893 -59
  38. package/src/modules/sync/utils.test.ts +269 -2
  39. package/src/modules/sync/utils.ts +182 -17
  40. package/src/otel/index.ts +127 -0
  41. package/src/services/database/database.ts +11 -11
  42. package/src/services/database/events/index.ts +2 -1
  43. package/src/services/database/local-migrator.ts +21 -21
  44. package/src/services/database/local.test.ts +33 -0
  45. package/src/services/database/local.ts +192 -32
  46. package/src/services/database/remote.ts +13 -13
  47. package/src/services/logger/index.ts +6 -101
  48. package/src/services/persistence/localstorage.ts +2 -2
  49. package/src/services/persistence/resilient.ts +41 -0
  50. package/src/services/persistence/surrealdb.ts +9 -9
  51. package/src/services/stream-processor/index.ts +248 -37
  52. package/src/services/stream-processor/permissions.test.ts +47 -0
  53. package/src/services/stream-processor/permissions.ts +53 -0
  54. package/src/services/stream-processor/stream-processor.batch.test.ts +136 -0
  55. package/src/services/stream-processor/stream-processor.test.ts +1 -1
  56. package/src/services/stream-processor/wasm-types.ts +18 -2
  57. package/src/sp00ky.auth-order.test.ts +65 -0
  58. package/src/sp00ky.ts +648 -0
  59. package/src/types.ts +192 -15
  60. package/src/utils/index.ts +35 -13
  61. package/src/utils/parser.ts +3 -2
  62. package/src/utils/surql.ts +24 -15
  63. package/src/utils/withRetry.test.ts +1 -1
  64. package/tsdown.config.ts +55 -1
  65. package/src/spooky.ts +0 -392
package/dist/index.d.ts CHANGED
@@ -1,132 +1,10 @@
1
+ import { A as SyncHealthStatus, C as RunOptions, D as StoreType, E as Sp00kyQueryResultPromise, F as SyncEventSystem, I as EventDefinition, L as EventSystem, M as UpdateOptions, N as UpEvent, O as SyncHealth, P as Logger$1, S as RegistrationTimings, T as Sp00kyQueryResult, _ as QueryTimeToLive, a as MutationCallback, b as RecordVersionArray, c as PersistenceClient, d as QueryConfig, f as QueryConfigRecord, g as QueryStatusCallback, h as QueryStatus, i as MATERIALIZATION_SAMPLE_WINDOW, j as TimingPhase, k as SyncHealthConfig, l as PhaseStat, m as QueryState, n as EventSubscriptionOptions, o as MutationEvent, p as QueryHash, r as Level, s as MutationEventType, t as DebounceOptions, u as PinoTransmit, v as QueryTimings, w as Sp00kyConfig, x as RecordVersionDiff, y as QueryUpdateCallback } from "./types.js";
1
2
  import * as surrealdb0 from "surrealdb";
2
- import { Duration, RecordId, Surreal, SurrealTransaction } from "surrealdb";
3
- import { AccessDefinition, BackendNames, BackendRoutes, BucketNames, ColumnSchema, GetTable, QueryBuilder, QueryOptions, RecordId as RecordId$1, RoutePayload, SchemaStructure, TableModel, TableNames, TypeNameToTypeMap } from "@spooky-sync/query-builder";
4
- import { Level, Level as Level$1, Logger } from "pino";
3
+ import { Duration, RecordId, Surreal as Surreal$1, SurrealTransaction } from "surrealdb";
4
+ import { AccessDefinition, BackendNames, BackendRoutes, BucketNames, ColumnSchema, GetTable, QueryBuilder, QueryOptions, RoutePayload, SchemaStructure, TableModel, TableNames, TypeNameToTypeMap } from "@spooky-sync/query-builder";
5
+ import { Logger } from "pino";
6
+ import { LoroDoc } from "loro-crdt";
5
7
 
6
- //#region src/events/index.d.ts
7
- /**
8
- * Utility type to define the payload structure of an event.
9
- * If the payload type P is never, it defines payload as undefined.
10
- */
11
- type EventPayloadDefinition<P> = [P] extends [never] ? {
12
- payload: undefined;
13
- } : {
14
- payload: P;
15
- };
16
- /**
17
- * Defines the structure of an event with a specific type and payload.
18
- * @template T The string literal type of the event.
19
- * @template P The type of the event payload.
20
- */
21
- type EventDefinition<T extends string, P> = {
22
- type: T;
23
- } & EventPayloadDefinition<P>;
24
- /**
25
- * A map of event types to their definitions.
26
- * Keys are event names, values are EventDefinitions.
27
- */
28
- type EventTypeMap = Record<string, EventDefinition<any, unknown> | EventDefinition<any, never>>;
29
- /**
30
- * Options for pushing/emitting events.
31
- */
32
- interface PushEventOptions {
33
- /** Configuration for debouncing the event. */
34
- debounced?: {
35
- key: string;
36
- delay: number;
37
- };
38
- }
39
- /**
40
- * Extracts the full Event object type from the map for a given key.
41
- */
42
- type Event<E extends EventTypeMap, T extends EventType<E>> = E[T];
43
- /**
44
- * Extracts the payload type from the map for a given key.
45
- */
46
- type EventPayload<E extends EventTypeMap, T extends EventType<E>> = E[T]['payload'];
47
- /**
48
- * Array of available event type keys.
49
- */
50
- type EventTypes<E extends EventTypeMap> = (keyof E)[];
51
- /**
52
- * Represents a valid key (event name) from the EventTypeMap.
53
- */
54
- type EventType<E extends EventTypeMap> = keyof E;
55
- /**
56
- * Function signature for an event handler.
57
- */
58
- type EventHandler<E extends EventTypeMap, T extends EventType<E>> = (event: Event<E, T>) => void;
59
- /**
60
- * Options when subscribing to an event.
61
- */
62
- type EventSubscriptionOptions$1 = {
63
- /** If true, the handler will be called immediately with the last emitted event of this type (if any). */
64
- immediately?: boolean;
65
- /** If true, the subscription will be automatically removed after the first event is handled. */
66
- once?: boolean;
67
- };
68
- /**
69
- * A type-safe event system that handles subscription, emission (including debouncing), and buffering of events.
70
- * @template E The EventTypeMap defining all supported events.
71
- */
72
- declare class EventSystem<E extends EventTypeMap> {
73
- private _eventTypes;
74
- private subscriberId;
75
- private isProcessing;
76
- private buffer;
77
- private subscribers;
78
- private subscribersTypeMap;
79
- private lastEvents;
80
- private debouncedEvents;
81
- constructor(_eventTypes: EventTypes<E>);
82
- get eventTypes(): EventTypes<E>;
83
- /**
84
- * Subscribes a handler to a specific event type.
85
- * @param type The event type to subscribe to.
86
- * @param handler The function to call when the event occurs.
87
- * @param options Subscription options (once, immediately).
88
- * @returns A subscription ID that can be used to unsubscribe.
89
- */
90
- subscribe<T extends EventType<E>>(type: T, handler: EventHandler<E, T>, options?: EventSubscriptionOptions$1): number;
91
- /**
92
- * Subscribes a handler to multiple event types.
93
- * @param types An array of event types to subscribe to.
94
- * @param handler The function to call when any of the events occur.
95
- * @param options Subscription options.
96
- * @returns An array of subscription IDs.
97
- */
98
- subscribeMany<T extends EventType<E>>(types: T[], handler: EventHandler<E, T>, options?: EventSubscriptionOptions$1): number[];
99
- /**
100
- * Unsubscribes a specific subscription by ID.
101
- * @param id The subscription ID returned by subscribe().
102
- * @returns True if the subscription was found and removed, false otherwise.
103
- */
104
- unsubscribe(id: number): boolean;
105
- /**
106
- * Emits an event with the given type and payload.
107
- * @param type The type of event to emit.
108
- * @param payload The data associated with the event.
109
- */
110
- emit<T extends EventType<E>, P extends EventPayload<E, T>>(type: T, payload: P): void;
111
- /**
112
- * Adds a fully constructed event object to the system.
113
- * Similar to emit, but takes the full event object directly.
114
- * Supports debouncing if options are provided.
115
- * @param event The event object.
116
- * @param options Options for the event push (e.g., debouncing).
117
- */
118
- addEvent<T extends EventType<E>>(event: Event<E, T>, options?: PushEventOptions): void;
119
- private handleDebouncedEvent;
120
- private scheduleProcessing;
121
- private processEvents;
122
- private dequeue;
123
- private setLastEvent;
124
- private broadcastEvent;
125
- }
126
- //#endregion
127
- //#region src/services/logger/index.d.ts
128
- type Logger$1 = Logger;
129
- //#endregion
130
8
  //#region src/services/database/events/index.d.ts
131
9
  declare const DatabaseEventTypes: {
132
10
  readonly LocalQuery: "DATABASE_LOCAL_QUERY";
@@ -154,13 +32,13 @@ interface SealedQuery<T = void> {
154
32
  //#endregion
155
33
  //#region src/services/database/database.d.ts
156
34
  declare abstract class AbstractDatabaseService {
157
- protected client: Surreal;
35
+ protected client: Surreal$1;
158
36
  protected logger: Logger$1;
159
37
  protected events: DatabaseEventSystem;
160
38
  protected abstract eventType: typeof DatabaseEventTypes.LocalQuery | typeof DatabaseEventTypes.RemoteQuery;
161
- constructor(client: Surreal, logger: Logger$1, events: DatabaseEventSystem);
39
+ constructor(client: Surreal$1, logger: Logger$1, events: DatabaseEventSystem);
162
40
  abstract connect(): Promise<void>;
163
- getClient(): Surreal;
41
+ getClient(): Surreal$1;
164
42
  getEvents(): DatabaseEventSystem;
165
43
  tx(): Promise<SurrealTransaction>;
166
44
  private queryQueue;
@@ -176,17 +54,33 @@ declare abstract class AbstractDatabaseService {
176
54
  declare class LocalDatabaseService extends AbstractDatabaseService {
177
55
  private config;
178
56
  protected eventType: "DATABASE_LOCAL_QUERY";
179
- constructor(config: SpookyConfig<any>['database'], logger: Logger$1);
180
- getConfig(): SpookyConfig<any>['database'];
57
+ constructor(config: Sp00kyConfig<any>['database'], logger: Logger$1);
58
+ getConfig(): Sp00kyConfig<any>['database'];
181
59
  connect(): Promise<void>;
60
+ private unloadCloseRegistered;
61
+ /**
62
+ * Close the local DB on page unload so the SurrealDB-WASM worker releases its
63
+ * IndexedDB connection cleanly. Without this, the previous page's connection
64
+ * lingers; the next load's `client.connect` opens the store but the first
65
+ * write transaction in `client.use` hits an "IndexedDB error" — which then
66
+ * (mis)triggered the corrupt-store recovery and WIPED the cache on every
67
+ * reload, making warm loads as slow as cold ones. `pagehide` is the reliable
68
+ * unload signal (fires on bfcache + normal navigation); `close()` is async but
69
+ * the WASM worker initiates the IndexedDB connection teardown synchronously.
70
+ */
71
+ private registerUnloadClose;
72
+ private openStore;
182
73
  }
74
+ /** True for the SurrealDB-WASM error raised when its IndexedDB-backed key-value
75
+ * store can't be opened (corrupt / version-incompatible / blocked). Exported
76
+ * for unit testing the error-message match. */
183
77
  //#endregion
184
78
  //#region src/services/database/remote.d.ts
185
79
  declare class RemoteDatabaseService extends AbstractDatabaseService {
186
80
  private config;
187
81
  protected eventType: "DATABASE_REMOTE_QUERY";
188
- constructor(config: SpookyConfig<any>['database'], logger: Logger$1);
189
- getConfig(): SpookyConfig<any>['database'];
82
+ constructor(config: Sp00kyConfig<any>['database'], logger: Logger$1);
83
+ getConfig(): Sp00kyConfig<any>['database'];
190
84
  connect(): Promise<void>;
191
85
  signin(params: any): Promise<any>;
192
86
  signup(params: any): Promise<any>;
@@ -194,38 +88,44 @@ declare class RemoteDatabaseService extends AbstractDatabaseService {
194
88
  invalidate(): Promise<void>;
195
89
  }
196
90
  //#endregion
197
- //#region src/modules/sync/queue/queue-up.d.ts
198
- type CreateEvent = {
199
- type: 'create';
200
- mutation_id: RecordId;
201
- record_id: RecordId;
202
- data: Record<string, unknown>;
203
- record?: Record<string, unknown>;
204
- tableName?: string;
205
- options?: PushEventOptions;
91
+ //#region src/modules/sync/queue/queue-down.d.ts
92
+ type RegisterEvent = {
93
+ type: 'register';
94
+ payload: {
95
+ hash: string;
96
+ };
206
97
  };
207
- type UpdateEvent = {
208
- type: 'update';
209
- mutation_id: RecordId;
210
- record_id: RecordId;
211
- data: Record<string, unknown>;
212
- record?: Record<string, unknown>;
213
- beforeRecord?: Record<string, unknown>;
214
- options?: PushEventOptions;
98
+ type SyncEvent = {
99
+ type: 'sync';
100
+ payload: {
101
+ hash: string;
102
+ };
103
+ };
104
+ type HeartbeatEvent = {
105
+ type: 'heartbeat';
106
+ payload: {
107
+ hash: string;
108
+ };
215
109
  };
216
- type DeleteEvent = {
217
- type: 'delete';
218
- mutation_id: RecordId;
219
- record_id: RecordId;
220
- options?: PushEventOptions;
110
+ type CleanupEvent = {
111
+ type: 'cleanup';
112
+ payload: {
113
+ hash: string;
114
+ };
221
115
  };
222
- type UpEvent = CreateEvent | UpdateEvent | DeleteEvent;
116
+ type DownEvent = RegisterEvent | SyncEvent | HeartbeatEvent | CleanupEvent;
223
117
  //#endregion
224
118
  //#region src/services/stream-processor/wasm-types.d.ts
225
119
  interface WasmStreamUpdate {
226
120
  query_id: string;
227
121
  result_hash: string;
228
122
  result_data: RecordVersionArray;
123
+ timing_store_apply_ms?: number;
124
+ timing_circuit_step_ms?: number;
125
+ timing_transform_ms?: number;
126
+ timing_parse_ms?: number;
127
+ timing_plan_ms?: number;
128
+ timing_snapshot_ms?: number;
229
129
  }
230
130
  //#endregion
231
131
  //#region src/services/stream-processor/index.d.ts
@@ -246,6 +146,25 @@ interface StreamUpdate {
246
146
  queryHash: string;
247
147
  localArray: RecordVersionArray;
248
148
  op?: 'CREATE' | 'UPDATE' | 'DELETE';
149
+ /**
150
+ * End-to-end ingest latency for the WASM call that produced this update,
151
+ * in milliseconds. Populated by StreamProcessorService.ingest. Undefined
152
+ * for the initial register_view snapshot.
153
+ */
154
+ materializationTimeMs?: number;
155
+ /** SSP internal sub-phase timings (ms) for this ingest, from the WASM binding. */
156
+ storeApplyMs?: number;
157
+ circuitStepMs?: number;
158
+ transformMs?: number;
159
+ /**
160
+ * One-shot registration timings (ms). Only set on the StreamUpdate returned
161
+ * by `registerQueryPlan` (the register_view snapshot), not on ingest updates.
162
+ */
163
+ registration?: {
164
+ parseMs: number;
165
+ planMs: number;
166
+ snapshotMs: number;
167
+ };
249
168
  }
250
169
  type StreamProcessorEvents = {
251
170
  stream_update: EventDefinition<'stream_update', StreamUpdate[]>;
@@ -265,6 +184,9 @@ declare class StreamProcessorService {
265
184
  private processor;
266
185
  private isInitialized;
267
186
  private receivers;
187
+ private batching;
188
+ private batchBuffer;
189
+ private sessionAuth;
268
190
  constructor(events: EventSystem<StreamProcessorEvents>, db: LocalDatabaseService, persistenceClient: PersistenceClient, logger: Logger);
269
191
  /**
270
192
  * Add a receiver for stream updates.
@@ -272,12 +194,64 @@ declare class StreamProcessorService {
272
194
  */
273
195
  addReceiver(receiver: StreamUpdateReceiver): void;
274
196
  private notifyUpdates;
197
+ private dispatchUpdates;
198
+ /**
199
+ * Ingest a batch of record changes as a single bulk operation, firing only
200
+ * one coalesced `StreamUpdate` per affected query once every record has been
201
+ * ingested (instead of one update per record). Use this whenever multiple
202
+ * records land at once — e.g. sync fetching N missing rows — so a list query
203
+ * re-runs and the UI re-renders once for the whole batch rather than
204
+ * row-by-row.
205
+ *
206
+ * Internally opens a coalescing window, ingests each record, then flushes;
207
+ * processor state is persisted once for the whole batch. No-op for an empty
208
+ * batch.
209
+ */
210
+ ingestMany(records: Array<{
211
+ table: string;
212
+ op: 'CREATE' | 'UPDATE' | 'DELETE';
213
+ id: string;
214
+ record: any;
215
+ }>): void;
216
+ /**
217
+ * Open a coalescing window. While open, the per-record stream updates
218
+ * emitted by `ingest` are buffered (one entry per queryHash) instead of
219
+ * dispatched. Always paired with `flushCoalescing()` in a try/finally by
220
+ * `ingestMany` so the window always closes — otherwise the processor stays
221
+ * stuck buffering forever.
222
+ *
223
+ * No-op if a window is already open (nested batches aren't expected here).
224
+ */
225
+ private beginCoalescing;
226
+ /**
227
+ * Close the coalescing window and flush: dispatch one coalesced
228
+ * `StreamUpdate` per buffered queryHash, then persist processor state once
229
+ * for the whole batch (instead of once per ingest).
230
+ */
231
+ private flushCoalescing;
275
232
  /**
276
233
  * Initialize the WASM module and processor.
277
234
  * This must be called before using other methods.
278
235
  */
279
236
  init(): Promise<void>;
280
237
  loadState(): Promise<void>;
238
+ /**
239
+ * Seed per-table `select` permission predicates ({ [table]: whereText }).
240
+ * Must run after the processor exists and before any `register_view`, else
241
+ * non-`_00_` tables are default-denied and registration fails.
242
+ */
243
+ setPermissions(permissions: Record<string, string>): void;
244
+ /**
245
+ * Set the current session's auth identity for permission injection,
246
+ * mirroring the server's `fn::query::register`
247
+ * (`object::extend(params, { auth: { id: $auth.id }, access: $access })`).
248
+ * Stored as strings (empty when logged out) and applied to every
249
+ * `register_view` in {@link registerQueryPlan}. Must be set before a
250
+ * `$auth`-gated query registers (and re-set on auth state changes), or the
251
+ * in-browser SSP's `permission_inject` rejects it with
252
+ * "requires $auth but registration params lack it".
253
+ */
254
+ setSessionAuth(authId: string | null, access: string | null): void;
281
255
  saveState(): Promise<void>;
282
256
  /**
283
257
  * Ingest a record change into the processor.
@@ -297,203 +271,527 @@ declare class StreamProcessorService {
297
271
  private normalizeValue;
298
272
  }
299
273
  //#endregion
300
- //#region src/types.d.ts
301
- /**
302
- * The type of storage backend to use for the local database.
303
- * - 'memory': In-memory storage (transient).
304
- * - 'indexeddb': IndexedDB storage (persistent).
305
- */
306
- type StoreType = 'memory' | 'indexeddb';
274
+ //#region src/modules/cache/types.d.ts
275
+ type RecordWithId = Record<string, any> & {
276
+ id: RecordId<string>;
277
+ };
278
+ interface QueryConfig$1 {
279
+ queryHash: string;
280
+ surql: string;
281
+ params: Record<string, any>;
282
+ ttl: QueryTimeToLive | Duration;
283
+ lastActiveAt: Date;
284
+ }
285
+ interface CacheRecord {
286
+ table: string;
287
+ op: 'CREATE' | 'UPDATE' | 'DELETE';
288
+ record: RecordWithId;
289
+ version: number;
290
+ }
291
+ //#endregion
292
+ //#region src/modules/cache/index.d.ts
307
293
  /**
308
- * Interface for a custom persistence client.
309
- * Allows providing a custom storage mechanism for the local database.
294
+ * CacheModule - Centralized storage and DBSP ingestion
295
+ *
296
+ * Single responsibility: Handle all local storage operations and DBSP ingestion.
297
+ * This module acts as the bridge between data operations and persistence.
310
298
  */
311
- interface PersistenceClient {
299
+ declare class CacheModule implements StreamUpdateReceiver {
300
+ private local;
301
+ private streamProcessor;
302
+ private logger;
303
+ private streamUpdateCallback;
304
+ private versionLookups;
305
+ constructor(local: LocalDatabaseService, streamProcessor: StreamProcessorService, streamUpdateCallback: (update: StreamUpdate) => void, logger: Logger$1);
312
306
  /**
313
- * Sets a value in the storage.
314
- * @param key The key to set.
315
- * @param value The value to store.
307
+ * Implements StreamUpdateReceiver interface
308
+ * Called directly by StreamProcessor when views change
316
309
  */
317
- set<T>(key: string, value: T): Promise<void>;
310
+ onStreamUpdate(update: StreamUpdate): void;
311
+ lookup(recordId: string): number;
318
312
  /**
319
- * Gets a value from the storage.
320
- * @param key The key to retrieve.
321
- * @returns The stored value or null if not found.
313
+ * Save a single record to local DB and ingest into DBSP
314
+ * Used by mutations (create/update)
322
315
  */
323
- get<T>(key: string): Promise<T | null>;
316
+ save(cacheRecord: CacheRecord, skipDbInsert?: boolean): Promise<void>;
324
317
  /**
325
- * Removes a value from the storage.
326
- * @param key The key to remove.
318
+ * Save multiple records in a batch
319
+ * More efficient than calling save() multiple times
320
+ * Used by sync operations
327
321
  */
328
- remove(key: string): Promise<void>;
329
- }
330
- /**
331
- * Supported Time-To-Live (TTL) values for cached queries.
332
- * Format: number + unit (m=minutes, h=hours, d=days).
333
- */
334
- type QueryTimeToLive = '1m' | '5m' | '10m' | '15m' | '20m' | '25m' | '30m' | '1h' | '2h' | '3h' | '4h' | '5h' | '6h' | '7h' | '8h' | '9h' | '10h' | '11h' | '12h' | '1d';
335
- /**
336
- * Result object returned when a query is registered or executed.
337
- */
338
- interface SpookyQueryResult {
339
- /** The unique hash identifier for the query. */
340
- hash: string;
341
- }
342
- type SpookyQueryResultPromise = Promise<SpookyQueryResult>;
343
- interface EventSubscriptionOptions {
344
- priority?: number;
345
- }
346
- /**
347
- * Configuration options for the Spooky client.
348
- * @template S The schema structure type.
349
- */
350
- interface SpookyConfig<S extends SchemaStructure> {
351
- /** Database connection configuration. */
352
- database: {
353
- /** The SurrealDB endpoint URL. */
354
- endpoint?: string;
355
- /** The namespace to use. */
356
- namespace: string;
357
- /** The database name. */
358
- database: string;
359
- /** The local store type implementation. */
360
- store?: StoreType;
361
- /** Authentication token. */
362
- token?: string;
322
+ saveBatch(records: CacheRecord[], skipDbInsert?: boolean): Promise<void>;
323
+ /**
324
+ * Delete a record from local DB and ingest deletion into DBSP
325
+ */
326
+ delete(table: string, id: string, skipDbDelete?: boolean, recordData?: Record<string, any>): Promise<void>;
327
+ /**
328
+ * Register a query with DBSP to create a materialized view
329
+ * Returns the initial result array
330
+ */
331
+ registerQuery(config: QueryConfig$1): {
332
+ localArray: RecordVersionArray;
333
+ registrationTimings?: {
334
+ parseMs: number;
335
+ planMs: number;
336
+ snapshotMs: number;
337
+ };
363
338
  };
364
- /** Unique client identifier. If not provided, one will be generated. */
365
- clientId?: string;
366
- /** The schema definition. */
367
- schema: S;
368
- /** The compiled SURQL schema string. */
369
- schemaSurql: string;
370
- /** Logging level. */
371
- logLevel: Level$1;
372
- /**
373
- * Persistence client to use.
374
- * Can be a custom implementation, 'surrealdb' (default), or 'localstorage'.
375
- */
376
- persistenceClient?: PersistenceClient | 'surrealdb' | 'localstorage';
377
- /** OpenTelemetry collector endpoint for telemetry data. */
378
- otelEndpoint?: string;
379
- /**
380
- * Debounce time in milliseconds for stream updates.
381
- * Defaults to 100ms.
382
- */
383
- streamDebounceTime?: number;
384
- }
385
- type QueryHash = string;
386
- type RecordVersionArray = Array<[string, number]>;
387
- /**
388
- * Represents the difference between two record version sets.
389
- * Used for synchronizing local and remote states.
390
- */
391
- interface RecordVersionDiff {
392
- /** List of records added. */
393
- added: Array<{
394
- id: RecordId$1<string>;
395
- version: number;
396
- }>;
397
- /** List of records updated. */
398
- updated: Array<{
399
- id: RecordId$1<string>;
400
- version: number;
401
- }>;
402
- /** List of record IDs removed. */
403
- removed: RecordId$1<string>[];
404
- }
405
- /**
406
- * Configuration for a specific query instance.
407
- * Stores metadata about the query's state, parameters, and versioning.
408
- */
409
- interface QueryConfig {
410
- /** The unique ID of the query config record. */
411
- id: RecordId$1<string>;
412
- /** The SURQL query string. */
413
- surql: string;
414
- /** Parameters used in the query. */
415
- params: Record<string, any>;
416
- /** The version array representing the local state of results. */
417
- localArray: RecordVersionArray;
418
- /** The version array representing the remote (server) state of results. */
419
- remoteArray: RecordVersionArray;
420
- /** Time-To-Live for this query. */
421
- ttl: QueryTimeToLive;
422
- /** Timestamp when the query was last accessed/active. */
423
- lastActiveAt: Date;
424
- /** The name of the table this query targets (if applicable). */
425
- tableName: string;
426
- }
427
- type QueryConfigRecord = QueryConfig & {
428
- id: string;
429
- };
430
- /**
431
- * Internal state of a live query.
432
- */
433
- interface QueryState {
434
- /** The configuration for this query. */
435
- config: QueryConfig;
436
- /** The current cached records for this query. */
437
- records: Record<string, any>[];
438
- /** Timer for TTL expiration. */
439
- ttlTimer: NodeJS.Timeout | null;
440
- /** TTL duration in milliseconds. */
441
- ttlDurationMs: number;
442
- /** Number of times the query has been updated. */
443
- updateCount: number;
339
+ /**
340
+ * Unregister a query from DBSP
341
+ */
342
+ unregisterQuery(queryHash: string): void;
444
343
  }
445
- type QueryUpdateCallback = (records: Record<string, any>[]) => void;
446
- type MutationCallback = (mutations: UpEvent[]) => void;
447
- type MutationEventType = 'create' | 'update' | 'delete';
344
+ //#endregion
345
+ //#region src/modules/data/index.d.ts
448
346
  /**
449
- * Represents a mutation event (create, update, delete) to be synchronized.
347
+ * DataModule - Unified query and mutation management
348
+ *
349
+ * Merges the functionality of QueryManager and MutationManager.
350
+ * Uses CacheModule for all storage operations.
450
351
  */
451
- interface MutationEvent {
452
- /** Example: 'create', 'update', or 'delete'. */
453
- type: MutationEventType;
454
- /** unique id of the mutation */
455
- mutation_id: RecordId$1<string>;
456
- /** The ID of the record being mutated. */
457
- record_id: RecordId$1<string>;
458
- /** The data payload for create/update operations. */
459
- data?: any;
460
- /** The full record data (optional context). */
461
- record?: any;
462
- /** Options for the mutation event (e.g., debounce settings). */
463
- options?: PushEventOptions;
464
- /** Timestamp when the event was created. */
465
- createdAt: Date;
352
+ declare class DataModule<S extends SchemaStructure> {
353
+ private cache;
354
+ private local;
355
+ private schema;
356
+ private streamDebounceTime;
357
+ private activeQueries;
358
+ private pendingQueries;
359
+ private subscriptions;
360
+ private statusSubscriptions;
361
+ private mutationCallbacks;
362
+ private debounceTimers;
363
+ private logger;
364
+ /**
365
+ * Optional observer notified whenever a query's fetch status changes.
366
+ * Wired by Sp00kyClient to push status changes into DevTools. Kept as a
367
+ * settable field (rather than a constructor arg) because DevTools is
368
+ * constructed after DataModule.
369
+ */
370
+ onQueryStatusChange?: (hash: QueryHash, status: QueryStatus) => void;
371
+ /**
372
+ * Optional observer invoked when a still-subscribed query's TTL heartbeat
373
+ * fires (~90% of the TTL). Wired by Sp00kyClient to
374
+ * `Sp00kySync.heartbeatQuery`, which refreshes the remote `_00_query`
375
+ * row's `lastActiveAt` so an actively-watched query never expires. Settable
376
+ * field (not a constructor arg) because the sync engine is wired after
377
+ * DataModule is constructed — mirrors `onQueryStatusChange`.
378
+ */
379
+ onHeartbeat?: (hash: QueryHash) => void;
380
+ /**
381
+ * Optional hook fired by {@link deregisterQuery} when an opt-in query (e.g. a
382
+ * viewport-windowed list cancelling an off-screen window) loses its last
383
+ * subscriber. Wired by Sp00kyClient to enqueue a `cleanup` down-event, which
384
+ * tears the remote `_00_query` view down (releasing its `_00_list_ref` edges)
385
+ * instead of leaving it for the TTL sweep. The local view + state are freed in
386
+ * {@link finalizeDeregister} only after that remote delete, so a fast
387
+ * re-subscribe (scroll back) can abort/heal the teardown — see `cleanupQuery`.
388
+ */
389
+ onDeregister?: (hash: QueryHash) => void;
390
+ private sessionId;
391
+ private currentUserId;
392
+ constructor(cache: CacheModule, local: LocalDatabaseService, schema: S, logger: Logger$1, streamDebounceTime?: number);
393
+ init(sessionId: string): Promise<void>;
394
+ /**
395
+ * Update the session salt used in query-id hashing. Call this when the
396
+ * SurrealDB session changes (sign-in, sign-out, reconnect). Subsequently
397
+ * registered queries will get fresh, session-scoped IDs.
398
+ */
399
+ setSessionId(sessionId: string): void;
400
+ /**
401
+ * Update the authenticated user record id. Pass `null` on sign-out.
402
+ * Read by `Sp00kySync.listRefTable()` so the LIVE subscription and
403
+ * the poll route to the same per-user `_00_list_ref_user_<id>` the
404
+ * SSP writes to.
405
+ */
406
+ setCurrentUserId(userId: string | null): void;
407
+ /** Read-only view of the authenticated user id used for per-user
408
+ * `_00_list_ref` routing. Other modules consult this so they pick the
409
+ * same table name DataModule does. */
410
+ getCurrentUserId(): string | null;
411
+ /**
412
+ * Register a query and return its hash for subscriptions
413
+ */
414
+ query<T extends TableNames<S>>(tableName: T, surqlString: string, params: Record<string, any>, ttl: QueryTimeToLive): Promise<QueryHash>;
415
+ /**
416
+ * Subscribe to query updates
417
+ */
418
+ subscribe(queryHash: string, callback: QueryUpdateCallback, options?: {
419
+ immediate?: boolean;
420
+ }): () => void;
421
+ /**
422
+ * Subscribe to a query's fetch-status changes (idle/fetching).
423
+ * With `{ immediate: true }` the callback fires synchronously with the
424
+ * current status (defaults to `idle` if the query isn't registered yet).
425
+ */
426
+ subscribeStatus(queryHash: string, callback: QueryStatusCallback, options?: {
427
+ immediate?: boolean;
428
+ }): () => void;
429
+ /**
430
+ * Set a query's fetch status and notify status observers (DevTools +
431
+ * `subscribeStatus` listeners). No-op when the status is unchanged or the
432
+ * query is unknown.
433
+ */
434
+ setQueryStatus(queryHash: string, status: QueryStatus): void;
435
+ /**
436
+ * Subscribe to mutations (for sync)
437
+ */
438
+ onMutation(callback: MutationCallback): () => void;
439
+ /**
440
+ * Handle stream updates from DBSP (via CacheModule)
441
+ */
442
+ onStreamUpdate(update: StreamUpdate): Promise<void>;
443
+ private materializeRecords;
444
+ private processStreamUpdate;
445
+ /**
446
+ * Compute p55/p90/p99 from a rolling window of materialization samples.
447
+ * Returns nulls for any percentile that has no samples yet so SurrealDB
448
+ * `option<float>` columns stay NONE rather than 0 before the first ingest.
449
+ */
450
+ private computeMaterializationPercentiles;
451
+ /** Record a per-phase timing sample (ms) on a query's rolling window. */
452
+ private recordPhase;
453
+ /** Record the remote record-fetch time (ms) for a query. Called by the sync engine. */
454
+ recordRemoteFetch(hash: string, ms: number): void;
455
+ /**
456
+ * Record the frontend reconcile time (ms) for a query. Called from `useQuery`
457
+ * via `Sp00kyClient.reportFrontendTiming` after it applies an update to its store.
458
+ */
459
+ recordFrontendTiming(hash: string, ms: number): void;
460
+ /**
461
+ * Build the per-query processing-time breakdown surfaced to the DevTools panel
462
+ * and the MCP. `ssp` is the WASM-ingest wall time (from `materializationSamples`);
463
+ * the rest come from the per-phase rolling windows + one-shot registration timings.
464
+ */
465
+ phaseTimings(q: QueryState): QueryTimings;
466
+ /**
467
+ * Get query state (for sync and devtools)
468
+ */
469
+ getQueryByHash(hash: string): QueryState | undefined;
470
+ /**
471
+ * Cold-query guard for instant-hydrate: true when the query exists, hasn't been
472
+ * hydrated, and has NOT yet fetched its server result (`remoteArray` empty).
473
+ * We gate on `remoteArray`, not local `records`: a windowed query is often
474
+ * partially pre-seeded from the circuit (e.g. the dashboard's 5-row preview),
475
+ * but it still hasn't loaded its own full window from the server — so it should
476
+ * still hydrate. A warm re-subscribe (remoteArray already populated) is skipped.
477
+ */
478
+ isCold(hash: string): boolean;
479
+ /**
480
+ * Walk a hydrated record's fields and append any EMBEDDED child records to
481
+ * `batch` (recursing for nested related fields). An embedded child is a
482
+ * value that is itself a record — a non-null object whose `id` is a
483
+ * `RecordId` — or an array of such records (one-to-many vs one-to-one). A
484
+ * bare `RecordId` (a foreign-key reference) or any other value is skipped,
485
+ * so this never mistakes a FK column for an embedded body. Children are
486
+ * keyed by their own `record.id.table`, versioned by `_00_rv`, and cleaned
487
+ * to their table's real columns (which strips the alias/related fields).
488
+ * `seen` dedupes within the batch.
489
+ */
490
+ private collectEmbeddedChildren;
491
+ /**
492
+ * Instant-hydrate: ingest rows fetched one-shot from the remote (the query's own
493
+ * surql run directly) so the query DISPLAYS immediately, while the full realtime
494
+ * registration proceeds in the background. Ingests with versions (`_00_rv`) so the
495
+ * later `syncRecords` dedup skips re-pulling unchanged bodies, and seeds
496
+ * `remoteArray` so windowed queries materialize the correct window (no sparse
497
+ * local-circuit issue). Runs at most once per query (the `hydrated` flag).
498
+ */
499
+ applyHydration(hash: string, rows: RecordWithId[]): Promise<void>;
500
+ /** True while ≥1 live subscriber is watching this query (refcount guard). */
501
+ hasSubscribers(hash: string): boolean;
502
+ /**
503
+ * Opt-in eager teardown for a query whose LAST subscriber just left — used by
504
+ * viewport-windowed lists to cancel off-screen windows instead of leaving
505
+ * their remote views to expire on the TTL sweep. No-op while any subscriber
506
+ * remains (refcount). Only enqueues the remote cleanup here; the local WASM
507
+ * view + in-memory state are freed in {@link finalizeDeregister} after the
508
+ * remote delete completes, so a re-subscribe in between aborts/heals it.
509
+ *
510
+ * NOTE: most queries should NOT use this — the default keep-alive on
511
+ * unsubscribe avoids re-registration churn on navigation.
512
+ */
513
+ deregisterQuery(hash: string): void;
514
+ /**
515
+ * Final local teardown after the remote `_00_query` row was deleted: free the
516
+ * WASM view, heartbeat timer, debounce timer, and in-memory state. Caller
517
+ * (`cleanupQuery`) guarantees no subscriber remains.
518
+ */
519
+ finalizeDeregister(hash: string): void;
520
+ /**
521
+ * Get query state by id (for sync and devtools)
522
+ */
523
+ getQueryById(id: RecordId<string>): QueryState | undefined;
524
+ /**
525
+ * Get all active queries (for devtools)
526
+ */
527
+ getActiveQueries(): QueryState[];
528
+ getActiveQueryHashes(): QueryHash[];
529
+ updateQueryLocalArray(id: string, localArray: RecordVersionArray): Promise<void>;
530
+ updateQueryRemoteArray(hash: string, remoteArray: RecordVersionArray): Promise<void>;
531
+ /**
532
+ * Called after a query's initial sync completes.
533
+ * Ensures subscribers are notified even if no stream updates fired (e.g. empty result set).
534
+ */
535
+ notifyQuerySynced(queryHash: string): Promise<void>;
536
+ run<B extends BackendNames<S>, R extends BackendRoutes<S, B>>(backend: B, path: R, data: RoutePayload<S, B, R>, options?: RunOptions): Promise<void>;
537
+ /**
538
+ * Create a new record
539
+ */
540
+ create<T extends Record<string, unknown>>(id: string, data: T): Promise<T>;
541
+ /**
542
+ * Update an existing record
543
+ */
544
+ update<T extends Record<string, unknown>>(table: string, id: string, data: Partial<T>, options?: UpdateOptions): Promise<T>;
545
+ /**
546
+ * Delete a record
547
+ */
548
+ delete(table: string, id: string): Promise<void>;
549
+ /**
550
+ * Rollback a failed optimistic create by deleting the record locally
551
+ */
552
+ rollbackCreate(recordId: RecordId, tableName: string): Promise<void>;
553
+ /**
554
+ * Rollback a failed optimistic update by restoring the previous record state
555
+ */
556
+ rollbackUpdate(recordId: RecordId, tableName: string, beforeRecord: Record<string, unknown>): Promise<void>;
557
+ /**
558
+ * Remove a record from all active query states and notify subscribers
559
+ */
560
+ private removeRecordFromQueries;
561
+ private createAndRegisterQuery;
562
+ private createNewQuery;
563
+ private calculateHash;
564
+ private startTTLHeartbeat;
565
+ private replaceRecordInQueries;
466
566
  }
467
567
  /**
468
- * Options for run operations.
568
+ * Parse update options to generate push event options
469
569
  */
470
- interface RunOptions {
471
- assignedTo?: string;
472
- max_retries?: number;
473
- retry_strategy?: 'linear' | 'exponential';
474
- }
570
+ //#endregion
571
+ //#region src/modules/sync/sync.d.ts
475
572
  /**
476
- * Options for update operations.
573
+ * Tunables for `Sp00kySync` construction.
477
574
  */
478
- interface UpdateOptions {
575
+ interface Sp00kySyncOptions {
576
+ /**
577
+ * Cadence (ms) for the `_00_list_ref` poll fallback that catches
578
+ * cross-session UPDATEs the LIVE-permission gap drops. Non-positive
579
+ * values fall back to the default; see
580
+ * {@link resolveListRefPollInterval}.
581
+ */
582
+ refSyncIntervalMs?: number;
583
+ /**
584
+ * Enable realtime sync for unauthenticated clients against the shared
585
+ * `_00_list_ref_anon` table. See {@link Sp00kyConfig.enableAnonymousLiveQueries}.
586
+ * Defaults to `false`.
587
+ */
588
+ anonymousLiveQueries?: boolean;
479
589
  /**
480
- * Debounce configuration for the update.
481
- * If boolean, enables default debounce behavior.
590
+ * Consecutive failed sync rounds before sync health flips to `degraded`.
591
+ * `0` disables degraded reporting. See {@link Sp00kyConfig.syncHealth}.
592
+ * Defaults to `3`.
482
593
  */
483
- debounced?: boolean | DebounceOptions;
594
+ degradeAfterConsecutiveFailures?: number;
484
595
  }
485
596
  /**
486
- * Configuration options for debouncing updates.
597
+ * The main synchronization engine for Sp00ky.
598
+ * Handles the bidirectional synchronization between the local database and the remote backend.
599
+ * Uses a queue-based architecture with 'up' (local to remote) and 'down' (remote to local) queues.
600
+ * @template S The schema structure type.
487
601
  */
488
- interface DebounceOptions {
602
+ declare class Sp00kySync<S extends SchemaStructure> {
603
+ private local;
604
+ private remote;
605
+ private cache;
606
+ private dataModule;
607
+ private schema;
608
+ private upQueue;
609
+ private downQueue;
610
+ private isInit;
611
+ private logger;
612
+ private syncEngine;
613
+ /** Engine-level events (e.g. `SYNC_REMOTE_DATA_INGESTED`). Distinct
614
+ * from `this.events`, which carries Sp00kySync-level events like
615
+ * `SYNC_QUERY_UPDATED` and `SYNC_MUTATION_ROLLED_BACK`. */
616
+ get engineEvents(): SyncEventSystem;
617
+ private scheduler;
618
+ private wasDisconnected;
619
+ events: SyncEventSystem;
620
+ private currentUserId;
621
+ private refMode;
622
+ private readonly anonLiveEnabled;
623
+ private currentLiveQueryUuid;
624
+ private liveQueryUnsubscribe;
625
+ private listRefPollTimer;
626
+ private listRefPollRunning;
627
+ readonly refSyncIntervalMs: number;
628
+ private listRefIdleStreak;
629
+ private stillRemoteStreaks;
630
+ private lastLiveEventAt;
631
+ private _liveRetryCount;
632
+ get liveRetryCount(): number;
633
+ get isSyncing(): boolean;
634
+ get pendingMutationCount(): number;
635
+ subscribeToPendingMutations(cb: (count: number) => void): () => void;
636
+ private readonly degradeAfterFailures;
637
+ private consecutiveSyncFailures;
638
+ private syncHealthStatus;
639
+ private lastSyncErrorKind;
640
+ private lastSyncErrorMessage;
641
+ private selfHealTimer;
642
+ private selfHealAttempts;
643
+ private static readonly SELF_HEAL_BASE_MS;
644
+ private static readonly SELF_HEAL_MAX_MS;
645
+ /** Current sync-health snapshot. */
646
+ get syncHealth(): SyncHealth;
647
+ /**
648
+ * Observe sync health. The callback fires immediately with the current
649
+ * status and again on every healthy↔degraded transition. Returns an
650
+ * unsubscribe. Mirrors {@link subscribeToPendingMutations}.
651
+ */
652
+ subscribeToSyncHealth(cb: (health: SyncHealth) => void): () => void;
653
+ private emitSyncHealth;
654
+ /**
655
+ * Fed by the scheduler once per drained sync round. Individual failures are
656
+ * absorbed by the queue's retry; only a run of `degradeAfterFailures`
657
+ * consecutive failures flips the status to `degraded`, and the next clean
658
+ * round flips it back. No-op when reporting is disabled (`degradeAfterFailures`
659
+ * is 0).
660
+ */
661
+ private recordSyncOutcome;
489
662
  /**
490
- * The key to use for debouncing.
491
- * - 'recordId': Debounce based on the specific record ID. WARNING: IT WILL ONLY ACCEPT THE LATEST CHANGE AND DOES *NOT* MERGE THE PREVIOUS ONCES. IF YOU ARE UNSURE JUST USE 'recordId_x_fields'.
492
- * - 'recordId_x_fields': Debounce based on record ID and specific fields.
663
+ * Begin self-heal retries (no-op if already running). Started on the
664
+ * healthy→degraded transition; {@link recordSyncOutcome} stops it on recovery.
493
665
  */
494
- key?: 'recordId' | 'recordId_x_fields';
495
- /** The debounce delay in milliseconds. */
496
- delay?: number;
666
+ private startSelfHeal;
667
+ private scheduleSelfHeal;
668
+ private stopSelfHeal;
669
+ constructor(local: LocalDatabaseService, remote: RemoteDatabaseService, cache: CacheModule, dataModule: DataModule<S>, schema: S, logger: Logger$1, options?: Sp00kySyncOptions);
670
+ /**
671
+ * Initializes the synchronization system.
672
+ * Starts the scheduler and initiates the initial sync cycles.
673
+ * @throws Error if already initialized.
674
+ */
675
+ init(): Promise<void>;
676
+ /**
677
+ * Push the authenticated user's record id from the parent client's
678
+ * auth subscription. Tears down the existing `_00_list_ref` LIVE (if
679
+ * any) and re-registers it under the new user's dedicated table so
680
+ * SurrealDB binds the permission rule under the post-flip auth
681
+ * context. Pass `null` on sign-out.
682
+ *
683
+ * The dedicated `_00_list_ref_user_<id>` table is created lazily by
684
+ * the SSP when the first query registration arrives, which may be
685
+ * concurrent with this call. We retry the LIVE registration with a
686
+ * short backoff so a "table not found" race resolves without
687
+ * surfacing as a permanent auth-loading hang.
688
+ */
689
+ setCurrentUserId(userId: string | null): Promise<void>;
690
+ private startListRefPoll;
691
+ private stopListRefPoll;
692
+ /**
693
+ * One poll cycle: refetch `_00_list_ref` for every active query. Returns
694
+ * whether ANY query's remoteArray actually changed — the scheduler uses this
695
+ * to drive the adaptive idle backoff.
696
+ */
697
+ private pollListRefForActiveQueries;
698
+ /**
699
+ * Pull the upstream list_ref entries for `queryHash`, diff them
700
+ * against the local `remoteArray` cache, sync any added/updated rows
701
+ * through the SyncEngine, then persist the new remoteArray. This is
702
+ * the same shape `createRemoteQuery` does for its initial fetch and
703
+ * what `handleRemoteListRefChange` does per-LIVE-event — we reuse
704
+ * it on a timer as a fallback for missed LIVE notifications.
705
+ */
706
+ private refetchListRefForQuery;
707
+ /**
708
+ * Resolve the current `_00_list_ref` table name for the active auth
709
+ * context. Public so the `createRemoteQuery` initial-fetch path can
710
+ * read from the right per-user table.
711
+ *
712
+ * Reads the user id from `DataModule` rather than the local mirror,
713
+ * because `DataModule.setCurrentUserId` runs synchronously from the
714
+ * auth callback (before any `await`), whereas `sync.setCurrentUserId`
715
+ * is async — the userQuery's initial fetch can fire between those
716
+ * two points and we need the correct table name immediately.
717
+ */
718
+ listRefTable(): string;
719
+ private killRefLiveQuery;
720
+ private restartRefLiveQuery;
721
+ private subscribeToReconnect;
722
+ private startRefLiveQueries;
723
+ private handleRemoteListRefChange;
724
+ /**
725
+ * Handle a LIVE change to a SUBQUERY child edge (a `_00_list_ref` row with
726
+ * `parent` set) for a `.related()` query. Unlike primary rows, child rows
727
+ * must NOT touch the query's `localArray`/`remoteArray`/`rowCount`; we only
728
+ * keep the child BODY fresh in the local cache so the in-browser SSP's
729
+ * subquery-table dependency re-materializes the parent view.
730
+ *
731
+ * CREATE/UPDATE fetch+upsert the child body. DELETE is intentionally a
732
+ * no-op: a child leaving this query's set must not delete a body another
733
+ * query may still show (see `syncSubqueryChildren` deletion-safety note);
734
+ * a genuine record delete propagates via the normal delete path.
735
+ */
736
+ private handleRemoteSubqueryChange;
737
+ /**
738
+ * Enqueues a 'down' event (from remote to local) for processing.
739
+ * @param event The DownEvent to enqueue.
740
+ */
741
+ enqueueDownEvent(event: DownEvent): void;
742
+ private processUpEvent;
743
+ private handleRollback;
744
+ private processDownEvent;
745
+ /**
746
+ * Synchronizes a specific query by hash.
747
+ * Compares local and remote version arrays and fetches differences.
748
+ * @param hash The hash of the query to sync.
749
+ */
750
+ syncQuery(hash: string): Promise<void>;
751
+ /**
752
+ * Run a sync for a single query while reflecting its fetch status. Marks the
753
+ * query `fetching` for the duration when the diff actually pulls records
754
+ * (added/updated), then resets to `idle` in a `finally` so a failed sync
755
+ * never leaves a query stuck `fetching`. Part A's notification coalescing
756
+ * means the single resulting UI update lands after this completes.
757
+ */
758
+ private runSyncForQuery;
759
+ /**
760
+ * Record ids with a pending local DELETE in the outbox (`_00_pending_mutations`).
761
+ * Sync must not re-fetch/re-insert these — the remote delete is async, so the
762
+ * server's `_00_list_ref` still lists them until it's processed, and the diff
763
+ * would otherwise resurrect a just-deleted record.
764
+ */
765
+ private getPendingDeleteIds;
766
+ /**
767
+ * Enqueues a list of mutations (up events) to be sent to the remote.
768
+ * @param mutations Array of UpEvents (create/update/delete) to enqueue.
769
+ */
770
+ enqueueMutation(mutations: UpEvent[]): Promise<void>;
771
+ private registerQuery;
772
+ private createRemoteQuery;
773
+ /**
774
+ * Sync the BODIES of a `.related()` query's subquery child rows into the
775
+ * local cache, separately from the primary window array. The SSP writes
776
+ * each matched child as a `_00_list_ref` edge tagged `parent`/`parent_rel`;
777
+ * `buildSubqueryListRefSelect` pulls those `out`+`version` pairs (any
778
+ * nesting depth). We diff against the in-memory `subqueryRemoteArray` and
779
+ * fetch added/updated bodies through the SyncEngine — which `saveBatch`s
780
+ * them into the local DB AND the in-browser SSP, whose subquery-table
781
+ * dependency then re-materializes the parent view (no explicit notify).
782
+ *
783
+ * Deletion safety: we pass `removed: []` deliberately. A child body can be
784
+ * shared by other queries; letting `handleRemovedRecords` delete one that
785
+ * merely left THIS query's child set would clobber data another query still
786
+ * shows. Genuine record deletes flow through the normal delete path; a
787
+ * lingering orphan body is invisible (the correlated WHERE stops matching).
788
+ *
789
+ * Kept off `runSyncForQuery` on purpose so child fetches never flip the
790
+ * query to `fetching` or skew its DevTools timings.
791
+ */
792
+ private syncSubqueryChildren;
793
+ heartbeatQuery(queryHash: string): Promise<void>;
794
+ private cleanupQuery;
497
795
  }
498
796
  //#endregion
499
797
  //#region src/modules/auth/events/index.d.ts
@@ -518,6 +816,13 @@ declare class AuthService<S extends SchemaStructure> {
518
816
  token: string | null;
519
817
  currentUser: any | null;
520
818
  isAuthenticated: boolean;
819
+ /**
820
+ * The record-access method name for the current session (e.g. `"account"`),
821
+ * derived from the token's `AC` claim. Consumed by the in-browser SSP's
822
+ * permission injection so `$access`-gated table predicates resolve locally,
823
+ * mirroring the server's `$access`. Null when logged out.
824
+ */
825
+ access: string | null;
521
826
  isLoading: boolean;
522
827
  private events;
523
828
  get eventSystem(): AuthEventSystem;
@@ -539,11 +844,206 @@ declare class AuthService<S extends SchemaStructure> {
539
844
  */
540
845
  signOut(): Promise<void>;
541
846
  private setSession;
847
+ /** Fallback when the token carries no `AC` claim: if the schema defines
848
+ * exactly one record-access method, assume the session used it. */
849
+ private defaultAccessName;
542
850
  signUp<Name extends keyof S['access'] & string>(accessName: Name, params: ExtractAccessParams<S, Name, 'signup'>): Promise<void>;
543
851
  signIn<Name extends keyof S['access'] & string>(accessName: Name, params: ExtractAccessParams<S, Name, 'signIn'>): Promise<void>;
544
852
  }
545
853
  //#endregion
546
- //#region src/spooky.d.ts
854
+ //#region src/modules/crdt/crdt-field.d.ts
855
+ declare const CURSOR_COLORS: string[];
856
+ declare function cursorColorFromName(name: string): string;
857
+ declare class CrdtField {
858
+ private fieldName;
859
+ private doc;
860
+ private pushTimer;
861
+ private local;
862
+ private remote;
863
+ private recordId;
864
+ private sessionId;
865
+ private unsubscribe;
866
+ private lastPushTime;
867
+ private lastCursorPushTime;
868
+ private loadedFromCrdt;
869
+ private pushRetryCount;
870
+ private logger;
871
+ private cursorsEnabled;
872
+ /** Remote-push debounce. Local writes happen immediately on every Loro
873
+ * update; the remote UPSERT is coalesced over this window. Configured
874
+ * via `Sp00kyConfig.crdtDebounceMs`, default 500. */
875
+ private remoteDebounceMs;
876
+ private _onCursorUpdate;
877
+ private pendingCursorUpdate;
878
+ /** Callback set by the editor to receive remote cursor updates.
879
+ * Any cursor data that arrived before this callback was set will be replayed. */
880
+ set onCursorUpdate(cb: ((data: Uint8Array) => void) | null);
881
+ get onCursorUpdate(): ((data: Uint8Array) => void) | null;
882
+ constructor(fieldName: string, cursorsEnabled: boolean, initialState?: Uint8Array, logger?: Logger$1 | null);
883
+ getDoc(): LoroDoc;
884
+ /** Whether the LoroDoc was loaded from saved CRDT state */
885
+ hasContent(): boolean;
886
+ startSync(local: LocalDatabaseService, remote: RemoteDatabaseService, recordId: string, sessionId: string, debounceMs: number): void;
887
+ stopSync(): void;
888
+ importRemote(state: Uint8Array): void;
889
+ exportSnapshot(): Uint8Array;
890
+ /** Push this session's cursor blob into the parent row at
891
+ * `<field>.cursors[$sid]`. No-op when cursors aren't enabled on this
892
+ * field — the editor still calls this method optimistically, but
893
+ * without `@cursor` on the schema there's nowhere to store the blob.
894
+ * The UPDATE itself fires the parent table's LIVE feed, so other
895
+ * browsers receive the cursor change without a separate `_00_rv` bump. */
896
+ pushCursorState(encoded: Uint8Array): Promise<void>;
897
+ /** Import remote cursor state (called by CrdtManager from LIVE SELECT) */
898
+ importRemoteCursor(base64State: string): void;
899
+ private scheduleRemotePush;
900
+ /** SET path inside a parent row for the current snapshot. `@crdt`-only
901
+ * fields hold the snapshot directly (`<field>`); `@crdt @cursor`
902
+ * fields hold a `{ state, cursors }` object so the snapshot lives at
903
+ * `<field>.state` next to per-session cursor blobs. */
904
+ private statePath;
905
+ /** Mirror the LoroDoc snapshot into the parent row locally. Runs on
906
+ * every local update and every remote import so reloads (online or
907
+ * offline) see the freshest content immediately. Failures are
908
+ * swallowed — a stale local write must never block user input. */
909
+ private persistLocal;
910
+ private pushToRemote;
911
+ }
912
+ //#endregion
913
+ //#region src/modules/crdt/index.d.ts
914
+ /**
915
+ * CrdtManager manages active CrdtField instances and their sync channels.
916
+ *
917
+ * Collaborative state lives in two dedicated tables (defined in
918
+ * `apps/cli/src/meta_tables_remote.surql`):
919
+ * - `_00_crdt` { record_id, field, state } — one row per (record, field)
920
+ * - `_00_cursor` { record_id, session_id, field, state } — one row per
921
+ * (record, session, field)
922
+ *
923
+ * Splitting them off the parent row is what makes offline edits mergeable:
924
+ * each (record, field) gets its own row, so concurrent offline writes don't
925
+ * collide on the parent's last-write-wins semantics.
926
+ *
927
+ * Cross-browser delivery still rides the parent table's existing LIVE feed
928
+ * to avoid SurrealDB v3 LIVE bugs around dereference-based permission rules
929
+ * (issues 3602, 4026). On every meta UPSERT the writer also bumps the
930
+ * parent's `_00_rv` (a no-op assignment); that fires the parent's LIVE
931
+ * feed, and the receiver pulls the matching `_00_crdt` / `_00_cursor` rows
932
+ * via subquery. Permission inheritance happens server-side via
933
+ * `record_id.id != NONE` (SELECT) and `fn::can_update_record` (UPDATE).
934
+ */
935
+ declare class CrdtManager {
936
+ private schema;
937
+ private local;
938
+ private remote;
939
+ private debounceMs;
940
+ private fields;
941
+ private liveByTable;
942
+ private pendingLive;
943
+ private logger;
944
+ private sessionId;
945
+ constructor(schema: SchemaStructure, local: LocalDatabaseService, remote: RemoteDatabaseService, logger: Logger$1, debounceMs?: number);
946
+ /** Set the session id that scopes this client's cursor entries. Must be
947
+ * called before `open()` for cursors to be pushed under a stable key.
948
+ * Passed in from `sp00ky.ts` at boot (it already fetches `session::id()`
949
+ * for the data-module salt). */
950
+ setSessionId(sessionId: string): void;
951
+ /**
952
+ * Open a CRDT field for collaborative editing.
953
+ *
954
+ * @param table - Table name
955
+ * @param recordId - Full record ID (e.g., "thread:abc")
956
+ * @param field - Field name (e.g., "title", "content")
957
+ * @param fallbackText - Current plain text from the record, used to seed the
958
+ * LoroDoc if no CRDT state exists yet (migration path)
959
+ */
960
+ open(table: string, recordId: string, field: string, fallbackText?: string): Promise<CrdtField>;
961
+ close(table: string, recordId: string, field: string): void;
962
+ closeAll(): void;
963
+ /** Ensure a single `LIVE SELECT * FROM <table>` is running, shared across
964
+ * every open CrdtField on `table`. */
965
+ private ensureTableSubscription;
966
+ /** Apply a parent-row payload from a non-LIVE source (e.g. the
967
+ * list_ref-driven sync engine, when the cross-user LIVE on the
968
+ * parent table is filtered out by the SurrealDB cross-session
969
+ * permission gap). Same semantics as the internal `dispatchRow`. */
970
+ applyRow(table: string, row: Record<string, unknown>): void;
971
+ /** Dispatch a parent-row LIVE event to every open CrdtField on that
972
+ * record. Each open field reads its slice of the row directly — the
973
+ * CRDT snapshot is a column on the parent now, so there is no
974
+ * follow-up subquery. */
975
+ private dispatchRow;
976
+ /** One-shot remote fetch for a row whose CRDT field hasn't synced
977
+ * locally yet (fresh device, memory-backed local DB after reload, …).
978
+ * Used by `open()` when the local read came up empty. Subsequent
979
+ * cross-browser updates ride `dispatchRow` via the parent LIVE feed. */
980
+ private fetchAndDispatchRow;
981
+ /** Schema lookup: does `<table>.<field>` carry a `@cursor` annotation?
982
+ * Determines the on-disk shape (plain snapshot vs. `{ state, cursors }`). */
983
+ private fieldHasCursor;
984
+ /** Pull the LoroDoc snapshot bytes out of a row slice. For `@crdt`-only
985
+ * the slice IS the snapshot (Uint8Array); for `@crdt @cursor` it's
986
+ * `{ state, cursors }` where `state` carries the snapshot bytes. */
987
+ private extractSnapshot;
988
+ private killTableSubscription;
989
+ private makeKey;
990
+ /**
991
+ * Throws if `<table>.<field>` is not annotated `@crdt` in the schema. Catches
992
+ * typos, removed annotations, and stale schema codegen at the call site instead
993
+ * of silently producing a non-CRDT writer.
994
+ */
995
+ private assertCrdtField;
996
+ }
997
+ //#endregion
998
+ //#region src/modules/feature-flag/index.d.ts
999
+ interface FeatureFlagSnapshot {
1000
+ variant: string | undefined;
1001
+ payload: unknown | undefined;
1002
+ }
1003
+ interface FeatureFlagOptions {
1004
+ fallback?: string;
1005
+ ttl?: QueryTimeToLive;
1006
+ }
1007
+ declare class FeatureFlagHandle {
1008
+ readonly key: string;
1009
+ readonly fallback: string | undefined;
1010
+ private latest;
1011
+ private listeners;
1012
+ private unsubscribeFn;
1013
+ private onCloseFn;
1014
+ private closed;
1015
+ constructor(key: string, fallback: string | undefined);
1016
+ attach(unsubscribe: () => void): void;
1017
+ detach(): void;
1018
+ set(snapshot: FeatureFlagSnapshot): void;
1019
+ variant(): string | undefined;
1020
+ payload<T = unknown>(): T | undefined;
1021
+ enabled(): boolean;
1022
+ subscribe(cb: (s: FeatureFlagSnapshot) => void): () => void;
1023
+ onClose(cb: () => void): void;
1024
+ close(): void;
1025
+ }
1026
+ interface FeatureFlagModuleDeps<S extends SchemaStructure> {
1027
+ dataModule: DataModule<S>;
1028
+ sync: Sp00kySync<S>;
1029
+ auth: AuthService<S>;
1030
+ logger: Logger$1;
1031
+ }
1032
+ declare class FeatureFlagModule<S extends SchemaStructure> {
1033
+ private deps;
1034
+ private logger;
1035
+ private active;
1036
+ private authUnsubscribe;
1037
+ private lastUserId;
1038
+ constructor(deps: FeatureFlagModuleDeps<S>);
1039
+ init(): void;
1040
+ feature(key: string, options?: FeatureFlagOptions): FeatureFlagHandle;
1041
+ closeAll(): Promise<void>;
1042
+ private refreshAll;
1043
+ private register;
1044
+ }
1045
+ //#endregion
1046
+ //#region src/sp00ky.d.ts
547
1047
  declare class BucketHandle {
548
1048
  private bucketName;
549
1049
  private remote;
@@ -557,7 +1057,7 @@ declare class BucketHandle {
557
1057
  rename(sourcePath: string, targetPath: string): Promise<void>;
558
1058
  list(prefix?: string): Promise<string[]>;
559
1059
  }
560
- declare class SpookyClient<S extends SchemaStructure> {
1060
+ declare class Sp00kyClient<S extends SchemaStructure> {
561
1061
  private config;
562
1062
  private local;
563
1063
  private remote;
@@ -567,28 +1067,86 @@ declare class SpookyClient<S extends SchemaStructure> {
567
1067
  private dataModule;
568
1068
  private sync;
569
1069
  private devTools;
1070
+ private crdtManager;
1071
+ private featureFlags;
570
1072
  private logger;
571
1073
  auth: AuthService<S>;
572
1074
  streamProcessor: StreamProcessorService;
573
- get remoteClient(): Surreal;
574
- get localClient(): Surreal;
1075
+ get remoteClient(): surrealdb0.Surreal;
1076
+ get localClient(): surrealdb0.Surreal;
575
1077
  get pendingMutationCount(): number;
1078
+ /** Number of times the initial list_ref LIVE subscription retried on
1079
+ * the most recent `setCurrentUserId` call. 0 when the SSP's
1080
+ * pre-emptive user-table creation got there first; >0 when LIVE
1081
+ * registration hit a "table not found" race. Exposed so the e2e
1082
+ * suite can guard the pre-emptive path against regression. */
1083
+ get liveRetryCount(): number;
576
1084
  subscribeToPendingMutations(cb: (count: number) => void): () => void;
577
- constructor(config: SpookyConfig<S>);
1085
+ /** Current sync-health snapshot. See {@link Sp00kyConfig.syncHealth}. */
1086
+ get syncHealth(): SyncHealth;
1087
+ /**
1088
+ * Observe sync health. Fires immediately with the current status and again
1089
+ * on every healthy↔degraded transition. Returns an unsubscribe.
1090
+ */
1091
+ subscribeToSyncHealth(cb: (health: SyncHealth) => void): () => void;
1092
+ constructor(config: Sp00kyConfig<S>);
578
1093
  /**
579
1094
  * Setup direct callbacks instead of event subscriptions
580
1095
  */
581
1096
  private setupCallbacks;
582
1097
  init(): Promise<void>;
583
1098
  close(): Promise<void>;
1099
+ /**
1100
+ * Subscribe to a feature flag for the current user. Returns a
1101
+ * `FeatureFlagHandle` whose `variant()`, `payload()` and `enabled()`
1102
+ * accessors reflect the latest assignment from `_00_user_feature`,
1103
+ * and whose `subscribe(cb)` fires whenever that assignment changes.
1104
+ *
1105
+ * Permissions are enforced by SurrealDB: a client can only ever see
1106
+ * its own row, and cannot create or modify assignments.
1107
+ */
1108
+ feature(key: string, options?: FeatureFlagOptions): FeatureFlagHandle;
584
1109
  authenticate(token: string): Promise<surrealdb0.Tokens>;
1110
+ /**
1111
+ * Open a CRDT field for collaborative editing.
1112
+ * Returns a CrdtField with a LoroDoc that can be bound to any editor.
1113
+ * Also starts a LIVE SELECT on the parent table for real-time sync;
1114
+ * incoming events trigger a subquery fetch of `_00_crdt` / `_00_cursor`.
1115
+ */
1116
+ openCrdtField(table: string, recordId: string, field: string, fallbackText?: string): Promise<CrdtField>;
1117
+ /**
1118
+ * Close a CRDT field when editing is done.
1119
+ */
1120
+ closeCrdtField(table: string, recordId: string, field: string): void;
585
1121
  deauthenticate(): Promise<void>;
586
- query<Table extends TableNames<S>>(table: Table, options: QueryOptions<TableModel<GetTable<S, Table>>, false>, ttl?: QueryTimeToLive): QueryBuilder<S, Table, SpookyQueryResultPromise>;
1122
+ query<Table extends TableNames<S>>(table: Table, options: QueryOptions<TableModel<GetTable<S, Table>>, false>, ttl?: QueryTimeToLive): QueryBuilder<S, Table, Sp00kyQueryResultPromise>;
587
1123
  private initQuery;
588
1124
  queryRaw(sql: string, params: Record<string, any>, ttl: QueryTimeToLive): Promise<string>;
589
1125
  subscribe(queryHash: string, callback: (records: Record<string, any>[]) => void, options?: {
590
1126
  immediate?: boolean;
591
1127
  }): Promise<() => void>;
1128
+ /**
1129
+ * Opt-in eager teardown for a query whose last subscriber has gone away
1130
+ * (e.g. a viewport-windowed list cancelling an off-screen window). No-op
1131
+ * while any subscriber remains. Tears down the remote `_00_query` view +
1132
+ * local WASM view instead of waiting for the TTL sweep. Default behavior
1133
+ * (no call here) keeps the view resident for cheap re-subscription.
1134
+ */
1135
+ deregisterQuery(queryHash: string): void;
1136
+ /**
1137
+ * Subscribe to a query's fetch-status changes (idle/fetching). With
1138
+ * `{ immediate: true }` the callback fires synchronously with the current
1139
+ * status. Powers the `useQuery` hook's `isFetching()` accessor.
1140
+ */
1141
+ subscribeQueryStatus(queryHash: string, callback: QueryStatusCallback, options?: {
1142
+ immediate?: boolean;
1143
+ }): () => void;
1144
+ /**
1145
+ * Report the frontend processing time (ms) a client framework spent applying
1146
+ * an update for a query (e.g. `useQuery`'s `reconcile()`), so DevTools/MCP can
1147
+ * surface the "frontend" phase of the per-query timing breakdown.
1148
+ */
1149
+ reportFrontendTiming(queryHash: string, ms: number): void;
592
1150
  run<B extends BackendNames<S>, R extends BackendRoutes<S, B>>(backend: B, path: R, payload: RoutePayload<S, B, R>, options?: RunOptions): Promise<void>;
593
1151
  bucket<B extends BucketNames<S>>(name: B): BucketHandle;
594
1152
  create(id: string, data: Record<string, unknown>): Promise<Record<string, unknown>>;
@@ -597,15 +1155,25 @@ declare class SpookyClient<S extends SchemaStructure> {
597
1155
  }>;
598
1156
  delete(table: string, id: string): Promise<void>;
599
1157
  useRemote<T>(fn: (client: Surreal) => Promise<T> | T): Promise<T>;
600
- private persistClientId;
601
- private loadOrGenerateClientId;
1158
+ /**
1159
+ * Fetch SurrealDB's `session::id()` as a string. Used as a salt for
1160
+ * query-id hashing so two sessions for the same user get distinct
1161
+ * `_00_query` rows. Returns empty string if the query fails (we still
1162
+ * boot, just without session scoping for IDs).
1163
+ */
1164
+ private fetchSessionId;
602
1165
  }
603
1166
  //#endregion
604
1167
  //#region src/utils/index.d.ts
605
1168
  declare function fileToUint8Array(file: File | Blob): Promise<Uint8Array>;
1169
+ /**
1170
+ * Convert plain text to simple HTML paragraphs.
1171
+ * Useful for seeding a rich-text editor (e.g. TipTap/ProseMirror) with fallback content.
1172
+ */
1173
+ declare function textToHtml(text: string): string;
606
1174
  /**
607
1175
  * Helper for retrying DB operations with exponential backoff
608
1176
  */
609
1177
 
610
1178
  //#endregion
611
- export { AuthEventSystem, AuthEventTypeMap, AuthEventTypes, AuthService, BucketHandle, DebounceOptions, EventSubscriptionOptions, type Level, MutationCallback, MutationEvent, MutationEventType, PersistenceClient, QueryConfig, QueryConfigRecord, QueryHash, QueryState, QueryTimeToLive, QueryUpdateCallback, RecordVersionArray, RecordVersionDiff, RunOptions, SpookyClient, SpookyConfig, SpookyQueryResult, SpookyQueryResultPromise, StoreType, UpdateOptions, createAuthEventSystem, fileToUint8Array };
1179
+ export { AuthEventSystem, AuthEventTypeMap, AuthEventTypes, AuthService, BucketHandle, CURSOR_COLORS, CrdtField, CrdtManager, DebounceOptions, EventSubscriptionOptions, FeatureFlagHandle, FeatureFlagModule, type FeatureFlagOptions, type FeatureFlagSnapshot, Level, MATERIALIZATION_SAMPLE_WINDOW, MutationCallback, MutationEvent, MutationEventType, PersistenceClient, PhaseStat, PinoTransmit, QueryConfig, QueryConfigRecord, QueryHash, QueryState, QueryStatus, QueryStatusCallback, QueryTimeToLive, QueryTimings, QueryUpdateCallback, RecordVersionArray, RecordVersionDiff, RegistrationTimings, RunOptions, Sp00kyClient, Sp00kyConfig, Sp00kyQueryResult, Sp00kyQueryResultPromise, StoreType, SyncHealth, SyncHealthConfig, SyncHealthStatus, TimingPhase, UpdateOptions, createAuthEventSystem, cursorColorFromName, fileToUint8Array, textToHtml };