@undefineds.co/xpod 0.3.14 → 0.3.16

package/dist/cli/commands/obj.js

@@ -0,0 +1,1059 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.objCommand = void 0;
+exports.redactDescriptorObject = redactDescriptorObject;
+exports.buildDescriptorUpsertSparql = buildDescriptorUpsertSparql;
+exports.buildDescriptorPatchSparql = buildDescriptorPatchSparql;
+exports.buildDescriptorLinkSparql = buildDescriptorLinkSparql;
+exports.buildDescriptorDeleteSparql = buildDescriptorDeleteSparql;
+exports.extractReservedWhereSelectors = extractReservedWhereSelectors;
+exports.buildDescriptorObjectQuery = buildDescriptorObjectQuery;
+const fs_1 = require("fs");
+const models_1 = require("@undefineds.co/models");
+const auth_context_1 = require("../lib/auth-context");
+const output_1 = require("../lib/output");
+const resource_1 = require("../lib/resource");
+const rdf_1 = require("./rdf");
+function objOptions(yargs) {
+    return yargs
+        .option('url', {
+        alias: 'u',
+        type: 'string',
+        description: 'Server base URL override',
+    })
+        .option('json', {
+        type: 'boolean',
+        default: false,
+        description: 'Output JSON envelope',
+    });
+}
+function selectorOptions(yargs) {
+    return objOptions(yargs)
+        .option('schema', { type: 'string', description: 'Schema URI or descriptor alias' })
+        .option('subject', { type: 'string', description: 'Exact object subject URI or Pod-relative subject' })
+        .option('resource', { type: 'string', description: 'Exact RDF document/resource URI or Pod-relative path' })
+        .option('path', { type: 'string', description: 'Pod-relative resource path' })
+        .option('where', { type: 'string', description: 'JSON object of descriptor field filters' })
+        .option('status', { type: 'string', description: 'Shortcut for --where {"status": "..."} when the descriptor has a status field' })
+        .option('relation', { type: 'array', string: true, description: 'Descriptor URI relation filter, field=uri. Repeatable.' })
+        .option('limit', { type: 'number', default: 100, description: 'Maximum number of rows' })
+        .option('include-metadata', { type: 'boolean', default: true, description: 'Include etag/revision metadata when available' });
+}
+function mutationModeCheck(argv) {
+    if (argv['dry-run'] === argv.commit) {
+        throw new Error('Specify exactly one of --dry-run or --commit.');
+    }
+    return true;
+}
+function isRecord(value) {
+    return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
+}
+function parseJsonObject(value, code) {
+    try {
+        const parsed = JSON.parse(value);
+        if (!isRecord(parsed)) {
+            throw new Error('Expected a JSON object.');
+        }
+        return parsed;
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new output_1.CliCommandError(code, message, 2);
+    }
+}
+async function readStdinText() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
+    }
+    return Buffer.concat(chunks).toString('utf-8');
+}
+async function readTextInput(input) {
+    return input === '-' ? readStdinText() : (0, fs_1.readFileSync)(input, 'utf-8');
+}
+async function readJsonl(input) {
+    return (await readTextInput(input))
+        .split(/\r?\n/u)
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .map((line, index) => {
+        try {
+            const parsed = JSON.parse(line);
+            if (!isRecord(parsed)) {
+                throw new Error('Expected a JSON object.');
+            }
+            return parsed;
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            throw new output_1.CliCommandError('invalid_jsonl', `Invalid JSONL at line ${index + 1}: ${message}`, 2);
+        }
+    });
+}
+function descriptorLocalName(value) {
+    return value.split(/[\/#]/u).filter(Boolean).pop() ?? value;
+}
+function resolveDescriptorOrNull(schema) {
+    const exact = models_1.podSchema.describe({ schemaUri: schema });
+    if (exact)
+        return exact;
+    const normalized = schema.trim().toLowerCase();
+    return models_1.podSchema.list().find((descriptor) => descriptor.resourceKind.toLowerCase() === normalized ||
+        descriptorLocalName(descriptor.uri).toLowerCase() === normalized ||
+        descriptorLocalName(descriptor.class).toLowerCase() === normalized) ?? null;
+}
+function resolveDescriptor(schema) {
+    const descriptor = resolveDescriptorOrNull(schema);
+    if (!descriptor) {
+        throw new output_1.CliCommandError('schema_unknown', `Schema is not known by @undefineds.co/models: ${schema}`, 2);
+    }
+    return descriptor;
+}
+function resourceUrlFromPlan(podRoot, plan) {
+    return new URL(plan.resourceUri.replace(/^\/+/, ''), podRoot).toString();
+}
+function varName(field) {
+    return `v_${field.replace(/[^A-Za-z0-9_]/gu, '_')}`;
+}
+function fieldVar(field) {
+    return `?${varName(field)}`;
+}
+function sparqlIri(value) {
+    if (!/^https?:\/\//iu.test(value)) {
+        throw new output_1.CliCommandError('invalid_uri', `Expected an absolute URI: ${value}`, 2);
+    }
+    return `<${value.replace(/[<>]/gu, '')}>`;
+}
+function sparqlValue(value, field) {
+    if (field?.type === 'uri') {
+        if (typeof value !== 'string') {
+            throw new output_1.CliCommandError('invalid_uri', `Field expects a URI value: ${String(value)}`, 2);
+        }
+        return sparqlIri(value);
+    }
+    if (typeof value === 'number' || typeof value === 'boolean') {
+        return JSON.stringify(value);
+    }
+    if (field?.type === 'json') {
+        return JSON.stringify(JSON.stringify(value));
+    }
+    return JSON.stringify(String(value));
+}
+function assertKnownFields(descriptor, values, code = 'field_unknown') {
+    const unknown = Object.keys(values).filter((field) => !descriptor.fields[field]);
+    if (unknown.length > 0) {
+        throw new output_1.CliCommandError(code, `Fields are not known by descriptor ${descriptor.uri}: ${unknown.join(', ')}`, 2);
+    }
+}
+function assertWritableFields(descriptor, values) {
+    assertKnownFields(descriptor, values);
+    const invalid = Object.keys(values).filter((field) => !descriptor.writableFields.includes(field));
+    if (invalid.length > 0) {
+        throw new output_1.CliCommandError('invalid_set_fields', `Fields are not writable: ${invalid.join(', ')}`, 2);
+    }
+}
+function redactDescriptorObject(descriptor, value) {
+    const redacted = {};
+    for (const [key, item] of Object.entries(value)) {
+        redacted[key] = descriptor.fields[key]?.secret ? '[redacted]' : item;
+    }
+    return redacted;
+}
+function buildDescriptorUpsertSparql(descriptor, subject, row) {
+    const fields = descriptor.fields;
+    const match = row.match ?? {};
+    const set = row.set ?? {};
+    assertKnownFields(descriptor, match);
+    assertWritableFields(descriptor, set);
+    const merged = { ...match, ...set };
+    const deleteFields = Object.keys(set).filter((field) => fields[field]);
+    const deletes = deleteFields.map((field) => `<${subject}> <${fields[field].predicate}> ?old_${field.replace(/[^A-Za-z0-9_]/gu, '_')} .`);
+    const optionals = deleteFields.map((field) => `OPTIONAL { <${subject}> <${fields[field].predicate}> ?old_${field.replace(/[^A-Za-z0-9_]/gu, '_')} }`);
+    const inserts = [
+        `<${subject}> a <${descriptor.class}>`,
+        ...Object.entries(merged)
+            .filter(([field, value]) => fields[field] && value !== undefined && value !== null)
+            .map(([field, value]) => `<${subject}> <${fields[field].predicate}> ${sparqlValue(value, fields[field])}`),
+    ];
+    return `DELETE {\n  ${deletes.join('\n  ')}\n}\nINSERT {\n  ${inserts.join(' .\n  ')} .\n}\nWHERE {\n  ${optionals.join('\n  ')}\n}`;
+}
+function buildDescriptorPatchSparql(descriptor, subject, set) {
+    return buildDescriptorUpsertSparql(descriptor, subject, { set });
+}
+function buildDescriptorLinkSparql(subject, predicate, object) {
+    return `INSERT DATA {\n  <${subject}> <${predicate}> ${sparqlIri(object)} .\n}`;
+}
+function buildDescriptorDeleteSparql(subject) {
+    return `DELETE {\n  <${subject}> ?p ?o .\n}\nWHERE {\n  <${subject}> ?p ?o .\n}`;
+}
+function parseWhere(where) {
+    return where ? parseJsonObject(where, 'invalid_where') : {};
+}
+function extractReservedWhereSelectors(where) {
+    const filters = { ...where };
+    const selectors = {};
+    for (const key of ['subject', 'resource', 'path']) {
+        const value = filters[key];
+        if (value === undefined)
+            continue;
+        if (typeof value !== 'string') {
+            throw new output_1.CliCommandError('invalid_where', `Reserved selector field "${key}" must be a string.`, 2);
+        }
+        selectors[key] = value;
+        delete filters[key];
+    }
+    return { where: filters, ...selectors };
+}
+function applyReservedSelector(current, reserved, key) {
+    if (!reserved)
+        return current;
+    if (current && current !== reserved) {
+        throw new output_1.CliCommandError('selector_conflict', `Conflicting ${key} selectors were provided.`, 2);
+    }
+    return reserved;
+}
+function parseRelations(input) {
+    const relations = {};
+    for (const item of input ?? []) {
+        const trimmed = item.trim();
+        if (!trimmed)
+            continue;
+        if (trimmed.startsWith('{')) {
+            const parsed = parseJsonObject(trimmed, 'invalid_relation');
+            for (const [key, value] of Object.entries(parsed)) {
+                if (typeof value !== 'string') {
+                    throw new output_1.CliCommandError('invalid_relation', `Relation filter ${key} must be a URI string.`, 2);
+                }
+                relations[key] = value;
+            }
+            continue;
+        }
+        const eq = trimmed.indexOf('=');
+        if (eq <= 0) {
+            throw new output_1.CliCommandError('invalid_relation', `Relation filter must be field=uri: ${trimmed}`, 2);
+        }
+        relations[trimmed.slice(0, eq)] = trimmed.slice(eq + 1);
+    }
+    return relations;
+}
+function classifySelector(selector) {
+    if (resolveDescriptorOrNull(selector))
+        return 'schema';
+    if (selector.includes('#'))
+        return 'subject';
+    if (/^https?:\/\//iu.test(selector))
+        return 'resource';
+    if (selector.includes('/'))
+        return 'path';
+    return 'schema';
+}
+async function inferDescriptorForSubject(context, subject) {
+    const target = (0, resource_1.resolveResourceTarget)(context, (0, rdf_1.documentResourceInput)(subject));
+    const response = await (0, resource_1.fetchResource)(context, target, {
+        method: 'GET',
+        headers: { Accept: 'text/turtle' },
+    });
+    (0, resource_1.ensureOk)(response, response.status === 404 ? 'resource_not_found' : 'schema_infer_failed', `Failed to infer schema from ${subject}`);
+    const body = await response.text();
+    const matches = models_1.podSchema.list().filter((descriptor) => body.includes(`<${descriptor.class}>`));
+    if (matches.length === 1) {
+        return matches[0];
+    }
+    if (matches.length > 1) {
+        throw new output_1.CliCommandError('schema_ambiguous', 'Multiple known descriptor classes were found. Re-run with --schema.', 2, {
+            schemas: matches.map((descriptor) => descriptor.uri),
+        });
+    }
+    throw new output_1.CliCommandError('schema_required', 'Could not infer a known schema from the subject document. Re-run with --schema.', 2);
+}
+async function resolveObjectSelector(context, argv) {
+    let schema = argv.schema;
+    let subject = argv.subject;
+    let resource = argv.resource;
+    let path = argv.path;
+    if (argv.selector) {
+        const kind = classifySelector(argv.selector);
+        if (kind === 'schema' && !schema)
+            schema = argv.selector;
+        if (kind === 'subject' && !subject)
+            subject = argv.selector;
+        if (kind === 'resource' && !resource)
+            resource = argv.selector;
+        if (kind === 'path' && !path)
+            path = argv.selector;
+    }
+    const parsedWhere = parseWhere(argv.where);
+    if (argv.status !== undefined) {
+        parsedWhere.status = argv.status;
+    }
+    const { where, subject: whereSubject, resource: whereResource, path: wherePath, } = extractReservedWhereSelectors(parsedWhere);
+    subject = applyReservedSelector(subject, whereSubject, 'subject');
+    resource = applyReservedSelector(resource, whereResource, 'resource');
+    path = applyReservedSelector(path, wherePath, 'path');
+    const subjectUrl = subject ? (0, resource_1.resolveResourceTarget)(context, subject).resourceUrl : undefined;
+    const resourceUrl = resource
+        ? (0, resource_1.resolveResourceTarget)(context, (0, rdf_1.documentResourceInput)(resource)).resourceUrl
+        : path
+            ? (0, resource_1.resolveResourceTarget)(context, (0, rdf_1.documentResourceInput)(path)).resourceUrl
+            : subjectUrl
+                ? (0, rdf_1.documentResourceInput)(subjectUrl)
+                : undefined;
+    const descriptor = schema
+        ? resolveDescriptor(schema)
+        : subjectUrl
+            ? await inferDescriptorForSubject(context, subjectUrl)
+            : undefined;
+    if (!descriptor) {
+        throw new output_1.CliCommandError('schema_required', 'Object selectors require --schema, a schema selector, or an exact subject with an inferable RDF type.', 2);
+    }
+    return {
+        descriptor,
+        subject: subjectUrl,
+        resourceUrl,
+        where,
+        relations: parseRelations(argv.relation),
+        limit: Math.max(1, Math.min(argv.limit || 100, 10000)),
+        includeMetadata: argv['include-metadata'] !== false,
+    };
+}
+function queryFilterTerm(field, value) {
+    if (Array.isArray(value)) {
+        return value.map((item) => sparqlValue(item, field)).join(' ');
+    }
+    return sparqlValue(value, field);
+}
+function buildDescriptorObjectQuery(selector) {
+    const descriptor = selector.descriptor;
+    assertKnownFields(descriptor, selector.where);
+    const triples = [`?subject a <${descriptor.class}> .`];
+    if (selector.subject) {
+        triples.push(`VALUES ?subject { <${selector.subject}> }`);
+    }
+    if (selector.resourceUrl) {
+        triples.push(`FILTER(STR(?subject) = ${JSON.stringify(selector.resourceUrl)} || STRSTARTS(STR(?subject), ${JSON.stringify(`${selector.resourceUrl}#`)}))`);
+    }
+    for (const [field, fieldDescriptor] of Object.entries(descriptor.fields)) {
+        triples.push(`OPTIONAL { ?subject <${fieldDescriptor.predicate}> ${fieldVar(field)} . }`);
+    }
+    for (const [field, value] of Object.entries(selector.where)) {
+        const descriptorField = descriptor.fields[field];
+        if (!descriptorField)
+            continue;
+        if (Array.isArray(value)) {
+            triples.push(`VALUES ${fieldVar(`filter_${field}`)} { ${queryFilterTerm(descriptorField, value)} }`);
+            triples.push(`?subject <${descriptorField.predicate}> ${fieldVar(`filter_${field}`)} .`);
+        }
+        else {
+            triples.push(`?subject <${descriptorField.predicate}> ${queryFilterTerm(descriptorField, value)} .`);
+        }
+    }
+    for (const [field, objectUri] of Object.entries(selector.relations)) {
+        const descriptorField = descriptor.fields[field];
+        if (!descriptorField) {
+            throw new output_1.CliCommandError('predicate_unknown', `Relation field is not known by descriptor ${descriptor.uri}: ${field}`, 2);
+        }
+        if (descriptorField.type !== 'uri') {
+            throw new output_1.CliCommandError('relation_field_not_uri', `Relation field is not URI-valued: ${field}`, 2);
+        }
+        triples.push(`?subject <${descriptorField.predicate}> ${sparqlIri(objectUri)} .`);
+    }
+    const fieldVars = Object.keys(descriptor.fields).map(fieldVar).join(' ');
+    return `SELECT ?subject ${fieldVars} WHERE {\n  ${triples.join('\n  ')}\n}\nLIMIT ${selector.limit}`;
+}
+function bindingToValue(binding, field) {
+    if (!binding?.value)
+        return undefined;
+    if (binding.type === 'uri')
+        return binding.value;
+    if (field.type === 'number') {
+        const number = Number(binding.value);
+        return Number.isNaN(number) ? binding.value : number;
+    }
+    if (field.type === 'boolean') {
+        return binding.value === 'true' || binding.value === '1';
+    }
+    if (field.type === 'json') {
+        try {
+            return JSON.parse(binding.value);
+        }
+        catch {
+            return binding.value;
+        }
+    }
+    return binding.value;
+}
+async function applyEtags(context, objects) {
+    const cache = new Map();
+    for (const object of objects) {
+        if (!cache.has(object.resourceUrl)) {
+            try {
+                const target = (0, resource_1.resolveResourceTarget)(context, object.resourceUrl);
+                const response = await (0, resource_1.fetchResource)(context, target, { method: 'HEAD' });
+                cache.set(object.resourceUrl, response.ok ? response.headers.get('etag') : null);
+            }
+            catch {
+                cache.set(object.resourceUrl, null);
+            }
+        }
+        const etag = cache.get(object.resourceUrl) ?? null;
+        object.etag = etag;
+        object.revision = etag;
+    }
+}
+async function queryDescriptorObjects(context, selector) {
+    const endpoint = (0, rdf_1.resolveSparqlEndpoint)(context.podRoot);
+    const query = buildDescriptorObjectQuery(selector);
+    const response = await (0, resource_1.fetchResource)(context, {
+        input: endpoint,
+        resourceUrl: endpoint,
+        webId: context.webId,
+        podRoot: context.podRoot,
+        baseIri: context.baseIri,
+    }, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/sparql-results+json',
+            'Content-Type': 'application/sparql-query',
+        },
+        body: query,
+    });
+    (0, resource_1.ensureOk)(response, 'obj_query_failed', `Failed to list objects for ${selector.descriptor.uri}`);
+    const result = (await response.json());
+    const objects = (result.results?.bindings ?? []).flatMap((binding) => {
+        const subject = binding.subject?.value;
+        if (!subject)
+            return [];
+        const object = {};
+        for (const [field, descriptorField] of Object.entries(selector.descriptor.fields)) {
+            const value = bindingToValue(binding[varName(field)], descriptorField);
+            if (value !== undefined) {
+                object[field] = descriptorField.secret ? '[redacted]' : value;
+            }
+        }
+        return [{
+                schema: selector.descriptor.uri,
+                subject,
+                resourceUrl: (0, rdf_1.documentResourceInput)(subject),
+                object,
+            }];
+    });
+    if (selector.includeMetadata) {
+        await applyEtags(context, objects);
+    }
+    return objects;
+}
+function jsonlForObjects(objects) {
+    return `${objects.map((object, index) => JSON.stringify({
+        index,
+        ok: true,
+        code: 'ok',
+        ...object,
+    })).join('\n')}${objects.length > 0 ? '\n' : ''}`;
+}
+async function patchSubject(input) {
+    const target = (0, resource_1.resolveResourceTarget)(input.context, (0, rdf_1.documentResourceInput)(input.subject));
+    const headers = { 'Content-Type': 'application/sparql-update' };
+    if (input.ifMatch)
+        headers['If-Match'] = input.ifMatch;
+    const response = await (0, resource_1.fetchResource)(input.context, target, {
+        method: 'PATCH',
+        headers,
+        body: input.sparql,
+    });
+    (0, resource_1.ensureOk)(response, input.errorCode, `Failed to patch object ${input.subject}`);
+    return (0, resource_1.responseData)(target, response);
+}
+function mutationPlan(input) {
+    return {
+        operationId: input.operationId,
+        webId: input.context.webId,
+        podRoot: input.context.podRoot,
+        summary: input.summary,
+        risk: 'normal',
+        resources: [
+            {
+                subject: input.subject,
+                schema: input.schema,
+                etag: input.etag,
+                change: input.change,
+            },
+        ],
+        diff: input.diff ?? [],
+    };
+}
+async function resolveDescriptorForMutation(context, schema, subject) {
+    return schema ? resolveDescriptor(schema) : inferDescriptorForSubject(context, subject);
+}
+async function executePatchCommand(argv) {
+    const context = await (0, auth_context_1.requireAuthContext)(argv);
+    const subject = (0, resource_1.resolveResourceTarget)(context, argv.subject).resourceUrl;
+    const descriptor = await resolveDescriptorForMutation(context, argv.schema, subject);
+    const set = parseJsonObject(argv.set, 'invalid_set');
+    const sparql = buildDescriptorPatchSparql(descriptor, subject, set);
+    const plan = mutationPlan({
+        operationId: `op_patch_${Date.now()}`,
+        context,
+        summary: `Patch one descriptor-backed ${descriptor.resourceKind}`,
+        subject,
+        schema: descriptor.uri,
+        etag: argv['if-match'],
+        change: 'patch',
+        diff: [redactDescriptorObject(descriptor, set)],
+    });
+    if (argv['dry-run']) {
+        return { plan };
+    }
+    const response = await patchSubject({
+        context,
+        subject,
+        sparql,
+        ifMatch: argv['if-match'],
+        errorCode: 'obj_patch_failed',
+    });
+    return { ...response, plan };
+}
+async function executeLinkCommand(argv) {
+    const context = await (0, auth_context_1.requireAuthContext)(argv);
+    const subject = (0, resource_1.resolveResourceTarget)(context, argv.subject).resourceUrl;
+    const descriptor = argv.schema || !/^https?:\/\//iu.test(argv.predicate)
+        ? await resolveDescriptorForMutation(context, argv.schema, subject)
+        : undefined;
+    let predicate = argv.predicate;
+    if (!/^https?:\/\//iu.test(predicate)) {
+        if (!descriptor?.fields[predicate]) {
+            throw new output_1.CliCommandError('predicate_unknown', `Predicate field is not known by descriptor: ${predicate}`, 2);
+        }
+        const field = descriptor.fields[predicate];
+        if (field.type !== 'uri') {
+            throw new output_1.CliCommandError('relation_field_not_uri', `Relation field is not URI-valued: ${predicate}`, 2);
+        }
+        predicate = field.predicate;
+    }
+    const sparql = buildDescriptorLinkSparql(subject, predicate, argv.object);
+    const plan = mutationPlan({
+        operationId: `op_link_${Date.now()}`,
+        context,
+        summary: 'Link one descriptor-backed object relation',
+        subject,
+        schema: descriptor?.uri,
+        etag: argv['if-match'],
+        change: 'link',
+        diff: [{ predicate, object: argv.object }],
+    });
+    if (argv['dry-run']) {
+        return { plan };
+    }
+    const response = await patchSubject({
+        context,
+        subject,
+        sparql,
+        ifMatch: argv['if-match'],
+        errorCode: 'obj_link_failed',
+    });
+    return { ...response, plan };
+}
+async function executeDeleteCommand(argv) {
+    const context = await (0, auth_context_1.requireAuthContext)(argv);
+    const subject = (0, resource_1.resolveResourceTarget)(context, argv.subject).resourceUrl;
+    const descriptor = await resolveDescriptorForMutation(context, argv.schema, subject);
+    const sparql = buildDescriptorDeleteSparql(subject);
+    const plan = mutationPlan({
+        operationId: `op_delete_${Date.now()}`,
+        context,
+        summary: `Delete one descriptor-backed ${descriptor.resourceKind}`,
+        subject,
+        schema: descriptor.uri,
+        etag: argv['if-match'],
+        change: 'delete',
+    });
+    if (argv['dry-run']) {
+        return { plan };
+    }
+    const response = await patchSubject({
+        context,
+        subject,
+        sparql,
+        ifMatch: argv['if-match'],
+        errorCode: 'obj_delete_failed',
+    });
+    return { ...response, plan };
+}
+async function executeRawRow(context, row, index, commit) {
+    const op = row.op;
+    if (!op) {
+        throw new output_1.CliCommandError('schema_required', 'JSONL row without schema must declare an explicit raw resource op.', 2);
+    }
+    const targetInput = row.path ?? row.resource ?? row.subject;
+    if (!targetInput) {
+        throw new output_1.CliCommandError('explicit_target_required', 'Raw JSONL rows must declare path, resource, or subject.', 2);
+    }
+    const target = (0, resource_1.resolveResourceTarget)(context, row.subject ? (0, rdf_1.documentResourceInput)(targetInput) : targetInput);
+    if (!commit) {
+        return {
+            index,
+            ok: true,
+            code: 'plan_ready',
+            operation: op,
+            resourceUrl: target.resourceUrl,
+            webId: context.webId,
+            podRoot: context.podRoot,
+        };
+    }
+    if (!['put', 'patch', 'delete'].includes(op)) {
+        throw new output_1.CliCommandError('unsupported_operation', `Unsupported raw JSONL operation: ${op}`, 2);
+    }
+    const headers = {};
+    let body;
+    if (op !== 'delete') {
+        if (row.from) {
+            const file = (0, resource_1.readBodyFile)(row.from);
+            body = file.body;
+            headers['Content-Type'] = row.contentType ?? file.contentType;
+        }
+        else if (row.body !== undefined) {
+            body = row.body;
+            headers['Content-Type'] = row.contentType ?? 'text/plain';
+        }
+        else {
+            throw new output_1.CliCommandError('body_required', `Raw ${op} rows require body or from.`, 2);
+        }
+    }
+    if (row.ifMatch)
+        headers['If-Match'] = row.ifMatch;
+    const response = await (0, resource_1.fetchResource)(context, target, {
+        method: op.toUpperCase(),
+        headers,
+        body,
+    });
+    (0, resource_1.ensureOk)(response, 'raw_commit_failed', `Failed to commit raw row ${index}`);
+    return {
+        index,
+        ok: true,
+        code: 'committed',
+        operation: op,
+        ...(0, resource_1.responseData)(target, response),
+    };
+}
+async function executeDescriptorRow(context, row, index, commit) {
+    const descriptor = resolveDescriptor(row.schema);
+    const op = row.op ?? 'upsert';
+    if (op !== 'upsert') {
+        if (!row.subject) {
+            throw new output_1.CliCommandError('subject_required', `Object operation ${op} requires subject.`, 2);
+        }
+        const subject = (0, resource_1.resolveResourceTarget)(context, row.subject).resourceUrl;
+        if (op === 'patch') {
+            const set = row.set ?? {};
+            const sparql = buildDescriptorPatchSparql(descriptor, subject, set);
+            if (commit) {
+                await patchSubject({ context, subject, sparql, ifMatch: row.ifMatch, errorCode: 'obj_patch_failed' });
+            }
+            return {
+                index,
+                ok: true,
+                code: commit ? 'committed' : 'plan_ready',
+                operation: op,
+                schema: descriptor.uri,
+                subject,
+                set: redactDescriptorObject(descriptor, set),
+            };
+        }
+        if (op === 'link') {
+            if (!row.predicate || !row.object) {
+                throw new output_1.CliCommandError('link_target_required', 'Link rows require predicate and object.', 2);
+            }
+            const field = descriptor.fields[row.predicate];
+            const predicate = field ? field.predicate : row.predicate;
+            if (field && field.type !== 'uri') {
+                throw new output_1.CliCommandError('relation_field_not_uri', `Relation field is not URI-valued: ${row.predicate}`, 2);
+            }
+            if (!field && !/^https?:\/\//iu.test(predicate)) {
+                throw new output_1.CliCommandError('predicate_unknown', `Predicate field is not known by descriptor: ${row.predicate}`, 2);
+            }
+            const sparql = buildDescriptorLinkSparql(subject, predicate, row.object);
+            if (commit) {
+                await patchSubject({ context, subject, sparql, ifMatch: row.ifMatch, errorCode: 'obj_link_failed' });
+            }
+            return {
+                index,
+                ok: true,
+                code: commit ? 'committed' : 'plan_ready',
+                operation: op,
+                schema: descriptor.uri,
+                subject,
+                predicate,
+                object: row.object,
+            };
+        }
+        if (op === 'delete') {
+            const sparql = buildDescriptorDeleteSparql(subject);
+            if (commit) {
+                await patchSubject({ context, subject, sparql, ifMatch: row.ifMatch, errorCode: 'obj_delete_failed' });
+            }
+            return {
+                index,
+                ok: true,
+                code: commit ? 'committed' : 'plan_ready',
+                operation: op,
+                schema: descriptor.uri,
+                subject,
+            };
+        }
+        throw new output_1.CliCommandError('unsupported_operation', `Unsupported object operation: ${op}`, 2);
+    }
+    const storage = (0, models_1.createPodStorage)();
+    const validation = storage.validate({
+        schemaUri: descriptor.uri,
+        operation: 'upsert',
+        match: row.match ?? {},
+        set: row.set ?? {},
+    });
+    if (!validation.ok) {
+        throw new output_1.CliCommandError(validation.error.code, validation.error.message, 2);
+    }
+    const subject = resourceUrlFromPlan(context.podRoot, validation.plan);
+    if (commit) {
+        const sparql = buildDescriptorUpsertSparql(descriptor, subject, row);
+        await patchSubject({ context, subject, sparql, ifMatch: row.ifMatch, errorCode: 'obj_commit_failed' });
+    }
+    return {
+        index,
+        ok: true,
+        code: commit ? 'committed' : 'plan_ready',
+        operation: op,
+        schema: descriptor.uri,
+        subject,
+        resourceUrl: (0, rdf_1.documentResourceInput)(subject),
+        planId: validation.plan.id,
+        match: redactDescriptorObject(descriptor, row.match ?? {}),
+        set: redactDescriptorObject(descriptor, row.set ?? {}),
+    };
+}
+async function executeRows(input) {
+    const context = await (0, auth_context_1.requireAuthContext)(input.argv);
+    const items = [];
+    for (const [index, originalRow] of input.rows.entries()) {
+        const row = {
+            ...originalRow,
+            schema: originalRow.schema ?? input.defaultSchema,
+        };
+        try {
+            const item = row.schema
+                ? await executeDescriptorRow(context, row, index, input.commit)
+                : await executeRawRow(context, row, index, input.commit);
+            items.push(item);
+        }
+        catch (error) {
+            const err = error instanceof output_1.CliCommandError
+                ? error
+                : new output_1.CliCommandError('error', error instanceof Error ? error.message : String(error));
+            items.push({ index, ok: false, code: err.code, message: err.message });
+        }
+    }
+    return items;
+}
+function printItems(items) {
+    for (const item of items) {
+        console.log(`${item.index}\t${item.ok ? item.code : `ERROR ${item.code}`}\t${String(item.subject ?? item.resourceUrl ?? item.message ?? '')}`);
+    }
+}
+const importCommand = {
+    command: 'import <file>',
+    describe: 'Import descriptor-backed or explicit raw JSONL rows',
+    builder: (yargs) => objOptions(yargs)
+        .positional('file', { type: 'string', demandOption: true, description: 'JSONL file to import, or - for stdin' })
+        .option('dry-run', { type: 'boolean', description: 'Validate and print a plan without writing' })
+        .option('commit', { type: 'boolean', description: 'Commit the validated mutations' })
+        .check(mutationModeCheck),
+    handler: async (argv) => {
+        try {
+            const items = await executeRows({
+                argv,
+                rows: await readJsonl(argv.file),
+                commit: argv.commit === true,
+            });
+            const code = items.every((item) => item.ok)
+                ? (argv.commit ? 'committed' : 'plan_ready')
+                : 'partial_failure';
+            if (argv.json) {
+                (0, output_1.writeJsonItems)(items, code);
+                return;
+            }
+            printItems(items);
+            if (!items.every((item) => item.ok))
+                process.exit(1);
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const upsertCommand = {
+    command: 'upsert',
+    describe: 'Upsert descriptor-backed JSONL rows',
+    builder: (yargs) => objOptions(yargs)
+        .option('schema', { type: 'string', demandOption: true, description: 'Schema URI or descriptor alias' })
+        .option('from', { type: 'string', demandOption: true, description: 'JSONL file to read, or - for stdin' })
+        .option('dry-run', { type: 'boolean', description: 'Validate and print a plan without writing' })
+        .option('commit', { type: 'boolean', description: 'Commit the validated mutations' })
+        .check(mutationModeCheck),
+    handler: async (argv) => {
+        try {
+            const items = await executeRows({
+                argv,
+                rows: await readJsonl(argv.from),
+                defaultSchema: resolveDescriptor(argv.schema).uri,
+                commit: argv.commit === true,
+            });
+            const code = items.every((item) => item.ok)
+                ? (argv.commit ? 'committed' : 'plan_ready')
+                : 'partial_failure';
+            if (argv.json) {
+                (0, output_1.writeJsonItems)(items, code);
+                return;
+            }
+            printItems(items);
+            if (!items.every((item) => item.ok))
+                process.exit(1);
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const listCommand = {
+    command: 'list',
+    describe: 'List descriptor-backed objects',
+    builder: (yargs) => selectorOptions(yargs)
+        .option('schema', { type: 'string', demandOption: true, description: 'Schema URI or descriptor alias' }),
+    handler: async (argv) => {
+        try {
+            const context = await (0, auth_context_1.requireAuthContext)(argv);
+            const selector = await resolveObjectSelector(context, argv);
+            const objects = await queryDescriptorObjects(context, selector);
+            if (argv.json) {
+                (0, output_1.writeJsonResult)({
+                    webId: context.webId,
+                    podRoot: context.podRoot,
+                    schema: selector.descriptor.uri,
+                    objects,
+                });
+                return;
+            }
+            for (const object of objects) {
+                console.log(object.subject);
+            }
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const exportCommand = {
+    command: 'export <selector>',
+    describe: 'Export descriptor-backed objects as JSONL',
+    builder: (yargs) => selectorOptions(yargs)
+        .positional('selector', { type: 'string', demandOption: true, description: 'Schema URI/alias, subject, resource URL, or Pod-relative path selector' })
+        .option('format', { type: 'string', choices: ['jsonl'], default: 'jsonl', description: 'Export format' })
+        .option('out', { type: 'string', description: 'Output file path' }),
+    handler: async (argv) => {
+        try {
+            const context = await (0, auth_context_1.requireAuthContext)(argv);
+            const selector = await resolveObjectSelector(context, argv);
+            const objects = await queryDescriptorObjects(context, selector);
+            const jsonl = jsonlForObjects(objects);
+            if (argv.out) {
+                (0, fs_1.writeFileSync)(argv.out, jsonl, 'utf-8');
+            }
+            if (argv.json) {
+                (0, output_1.writeJsonResult)({
+                    webId: context.webId,
+                    podRoot: context.podRoot,
+                    schema: selector.descriptor.uri,
+                    count: objects.length,
+                    out: argv.out ?? null,
+                    ...(argv.out ? {} : { objects }),
+                });
+                return;
+            }
+            if (!argv.out) {
+                process.stdout.write(jsonl);
+            }
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const getCommand = {
+    command: 'get',
+    describe: 'Read one descriptor-backed object as JSON',
+    builder: (yargs) => objOptions(yargs)
+        .option('schema', { type: 'string', description: 'Schema URI or descriptor alias' })
+        .option('subject', { type: 'string', demandOption: true, description: 'Object subject URI or Pod-relative subject' })
+        .option('out', { type: 'string', description: 'Write JSON object to file' })
+        .option('include-metadata', { type: 'boolean', default: true, description: 'Include etag/revision metadata when available' }),
+    handler: async (argv) => {
+        try {
+            const context = await (0, auth_context_1.requireAuthContext)(argv);
+            const selector = await resolveObjectSelector(context, {
+                ...argv,
+                selector: undefined,
+                limit: 1,
+                format: 'jsonl',
+                where: undefined,
+                relation: undefined,
+                status: undefined,
+            });
+            const objects = await queryDescriptorObjects(context, selector);
+            const object = objects[0];
+            if (!object) {
+                throw new output_1.CliCommandError('object_not_found', `Object not found: ${argv.subject}`, 1);
+            }
+            const body = `${JSON.stringify(object, null, 2)}\n`;
+            if (argv.out) {
+                (0, fs_1.writeFileSync)(argv.out, body, 'utf-8');
+            }
+            if (argv.json) {
+                (0, output_1.writeJsonResult)({ webId: context.webId, podRoot: context.podRoot, object, out: argv.out ?? null });
+                return;
+            }
+            if (!argv.out) {
+                process.stdout.write(body);
+            }
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const patchCommand = {
+    command: 'patch',
+    describe: 'Patch one descriptor-backed object field set',
+    builder: (yargs) => objOptions(yargs)
+        .option('schema', { type: 'string', description: 'Schema URI or descriptor alias. Required if the subject document cannot be inferred.' })
+        .option('subject', { type: 'string', demandOption: true, description: 'Object subject URI or Pod-relative subject' })
+        .option('set', { type: 'string', demandOption: true, description: 'JSON object of descriptor field values to set' })
+        .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' })
+        .option('dry-run', { type: 'boolean', description: 'Print the mutation plan without writing' })
+        .option('commit', { type: 'boolean', description: 'Commit the mutation' })
+        .check(mutationModeCheck),
+    handler: async (argv) => {
+        try {
+            const data = await executePatchCommand(argv);
+            if (argv.json) {
+                (0, output_1.writeJsonResult)(data, argv['dry-run'] ? 'plan_ready' : 'committed');
+                return;
+            }
+            console.log(argv['dry-run'] ? JSON.stringify(data.plan, null, 2) : `PATCH ${String(data.resourceUrl)} -> HTTP ${String(data.status)}`);
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const linkCommand = {
+    command: 'link',
+    describe: 'Link one descriptor-backed object to another URI',
+    builder: (yargs) => objOptions(yargs)
+        .option('schema', { type: 'string', description: 'Schema URI or descriptor alias when --predicate is a descriptor field' })
+        .option('subject', { type: 'string', demandOption: true, description: 'Object subject URI or Pod-relative subject' })
+        .option('predicate', { type: 'string', demandOption: true, description: 'Predicate URI or descriptor field' })
+        .option('object', { type: 'string', demandOption: true, description: 'Object URI to link' })
+        .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' })
+        .option('dry-run', { type: 'boolean', description: 'Print the mutation plan without writing' })
+        .option('commit', { type: 'boolean', description: 'Commit the mutation' })
+        .check(mutationModeCheck),
+    handler: async (argv) => {
+        try {
+            const data = await executeLinkCommand(argv);
+            if (argv.json) {
+                (0, output_1.writeJsonResult)(data, argv['dry-run'] ? 'plan_ready' : 'committed');
+                return;
+            }
+            console.log(argv['dry-run'] ? JSON.stringify(data.plan, null, 2) : `LINK ${String(data.resourceUrl)} -> HTTP ${String(data.status)}`);
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const deleteCommand = {
+    command: 'delete',
+    describe: 'Delete triples for one descriptor-backed object subject',
+    builder: (yargs) => objOptions(yargs)
+        .option('schema', { type: 'string', description: 'Schema URI or descriptor alias. Required if the subject document cannot be inferred.' })
+        .option('subject', { type: 'string', demandOption: true, description: 'Object subject URI or Pod-relative subject' })
+        .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' })
+        .option('dry-run', { type: 'boolean', description: 'Print the mutation plan without writing' })
+        .option('commit', { type: 'boolean', description: 'Commit the mutation' })
+        .check(mutationModeCheck),
+    handler: async (argv) => {
+        try {
+            const data = await executeDeleteCommand(argv);
+            if (argv.json) {
+                (0, output_1.writeJsonResult)(data, argv['dry-run'] ? 'plan_ready' : 'committed');
+                return;
+            }
+            console.log(argv['dry-run'] ? JSON.stringify(data.plan, null, 2) : `DELETE ${String(data.resourceUrl)} -> HTTP ${String(data.status)}`);
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+const watchCommand = {
+    command: 'watch <selector>',
+    describe: 'Stream descriptor-backed object changes as JSONL snapshots',
+    builder: (yargs) => selectorOptions(yargs)
+        .positional('selector', { type: 'string', demandOption: true, description: 'Schema URI/alias, subject, resource URL, or Pod-relative path selector' })
+        .option('format', { type: 'string', choices: ['jsonl'], default: 'jsonl', description: 'Watch stream format' })
+        .option('since', { type: 'string', description: 'Opaque cursor from a previous watch stream' }),
+    handler: async (argv) => {
+        try {
+            const context = await (0, auth_context_1.requireAuthContext)(argv);
+            const selector = await resolveObjectSelector(context, argv);
+            const objects = await queryDescriptorObjects(context, selector);
+            const metadata = {
+                cursorDurable: false,
+                since: argv.since ?? null,
+                cursor: null,
+                message: 'Durable object cursors are not available; reconcile with a fresh obj list/export snapshot.',
+            };
+            if (argv.json) {
+                (0, output_1.writeJsonResult)({ metadata, objects }, 'watch_snapshot');
+                return;
+            }
+            console.log(JSON.stringify({ ok: true, code: 'cursor_unavailable', metadata }));
+            for (const [index, object] of objects.entries()) {
+                console.log(JSON.stringify({
+                    index,
+                    ok: true,
+                    code: 'snapshot',
+                    change: 'snapshot',
+                    ...object,
+                }));
+            }
+        }
+        catch (error) {
+            (0, output_1.handleCliError)(error, argv.json);
+        }
+    },
+};
+exports.objCommand = {
+    command: 'obj',
+    describe: 'Descriptor-backed object transport',
+    builder: (yargs) => yargs
+        .command(exportCommand)
+        .command(importCommand)
+        .command(getCommand)
+        .command(listCommand)
+        .command(upsertCommand)
+        .command(patchCommand)
+        .command(linkCommand)
+        .command(deleteCommand)
+        .command(watchCommand)
+        .demandCommand(1, 'Please specify an object subcommand'),
+    handler: () => { },
+};
+//# sourceMappingURL=obj.js.map