@xcitedbs/client 0.1.0 → 0.2.0

package/llms.txt

@@ -0,0 +1,251 @@
+# XciteDB
+
+> XciteDB is a versioned XML and JSON document database delivered as a Backend-as-a-Service (BaaS). It provides Git-like branching, commits, time-travel, and hierarchical document identifiers over a high-performance embedded LMDB engine, exposed through a REST + WebSocket API.
+
+## Important: Non-Standard Conventions
+
+These are the most common sources of confusion for developers and AI assistants:
+
+1. **The default branch is the empty string `""`, not `"main"`.** When no `X-Branch` header is sent (or `context.branch` is omitted/empty in the SDK), the server operates on the root timeline. A branch named `"main"` may exist as a user-created branch, but it is not required or special.
+
+2. **Identifiers are hierarchical, path-like strings** — e.g. `/us/bills/hr1`, `/manual/v2/chapter3`. They are NOT auto-generated UUIDs. The leading `/` is part of the identifier. Parent/child relationships are derived from the path structure (like a filesystem). The server indexes this hierarchy natively.
+
+3. **Documents are XML or JSON, not arbitrary blobs.** XML documents are the primary document type, stored with structural shredding. JSON documents are a parallel store keyed by identifier string. Both are fully versioned.
+
+4. **Context (branch + date) travels as HTTP headers**, not URL path segments. Use `X-Branch` and `X-Date` headers (or the SDK `context` option) to select which branch and point-in-time you are reading/writing.
+
+5. **XML documents carry their identifier inside the XML** — specifically via a `db:identifier` attribute on the root element (e.g. `<chapter db:identifier="/book/ch1">...</chapter>`). When writing XML, the server extracts the identifier from the document body.
+
+6. **Authentication has two tiers.** Platform operators (site admins) log in via `/api/v1/platform/auth/*` and use `X-Project-Id` to select a tenant project. Application end-users log in via `/api/v1/app/auth/*` and are scoped to a single project. API keys bypass login for server-to-server use.
+
+7. **The query model is NOT SQL.** Listing/filtering documents uses query parameters on REST endpoints (`match`, `match_start`, `contains`, `regex`, `prefix`). Advanced analytics use **Unquery**, a JSON-defined declarative DSL posted to `POST /api/v1/unquery`.
+
+## JavaScript/TypeScript SDK (`@xcitedbs/client`)
+
+Install: `npm install @xcitedbs/client`
+
+### Quick Start
+
+```typescript
+import { XCiteDBClient } from '@xcitedbs/client';
+
+const client = new XCiteDBClient({
+  baseUrl: 'http://localhost:8080',
+  apiKey: 'your-api-key',
+  // branch: '' means root timeline (the default); omit or use '' for default
+  context: { branch: '', date: '' },
+});
+
+// Health check (no auth required)
+await client.health();
+
+// List all branches
+const branches = await client.listBranches();
+
+// Query documents by identifier prefix
+const docs = await client.queryDocuments({ match_start: '/manual/' });
+
+// Read a single document by exact identifier
+const xml = await client.queryByIdentifier('/manual/v1/intro', 'FirstMatch');
+
+// Write an XML document (identifier is inside the XML body)
+await client.writeDocumentJson(
+  '<chapter db:identifier="/manual/v1/intro"><title>Introduction</title></chapter>'
+);
+
+// Write a JSON document
+await client.writeJsonDocument('app.settings', { theme: 'dark', locale: 'en' });
+
+// Read a JSON document
+const settings = await client.readJsonDocument('app.settings');
+
+// Create a branch, make changes, commit, merge
+await client.createBranch('feature-x');
+client.setContext({ branch: 'feature-x' });
+await client.writeJsonDocument('app.settings', { theme: 'light' });
+const commit = await client.createCommit('Switch to light theme');
+await client.mergeBranch('', 'feature-x'); // merge into root (default) branch
+
+// Attach JSON metadata to a document
+await client.addMeta('/manual/v1/intro', { status: 'draft', owner: 'alice' });
+
+// Acquire a cooperative lock
+const lock = await client.acquireLock('/manual/v1/intro');
+// ... edit ...
+await client.releaseLock('/manual/v1/intro', lock.lock_id);
+
+// Full-text search (requires Meilisearch or Elasticsearch backend)
+const results = await client.search({ query: 'installation guide', limit: 20 });
+
+// Subscribe to real-time changes via WebSocket
+const sub = client.subscribe(
+  { pattern: '/manual/*', event_type: '*' },
+  (event) => console.log('Change:', event)
+);
+```
+
+### Constructor Options
+
+```typescript
+interface XCiteDBClientOptions {
+  baseUrl: string;              // Server URL, e.g. 'http://localhost:8080'
+  apiKey?: string;              // Project API key (secret or public)
+  accessToken?: string;         // Platform JWT (from platformLogin)
+  appUserAccessToken?: string;  // End-user JWT (from loginAppUser)
+  context?: {
+    branch?: string;   // Branch name; '' = default/root timeline
+    date?: string;     // Point-in-time (ISO-like or internal date key)
+    prefix?: string;   // Optional identifier prefix filter
+    tenant_id?: string; // Project/tenant ID for app-user auth
+  };
+  platformConsole?: boolean;    // true = use X-Project-Id header
+  projectId?: string;           // Active project for platform console mode
+}
+```
+
+### Key Methods Reference
+
+**Health & Auth:**
+- `health()` — Liveness check (no auth)
+- `version()` — Server version info
+- `platformLogin(email, password)` — Platform operator sign-in
+- `loginAppUser(email, password)` — App end-user sign-in
+- `setContext(ctx)` — Update branch/date context
+- `setProjectId(id)` — Switch active project (platform console)
+
+**XML Documents:**
+- `writeDocumentJson(xml, options?)` — Store XML (identifier inside XML body)
+- `writeXML(xml)` — Store raw XML with `Content-Type: application/xml`
+- `queryByIdentifier(id, flags?, filter?)` — Get document(s) by identifier
+- `queryDocuments(query, flags?)` — List/filter documents
+- `deleteDocument(identifier)` — Delete by identifier
+- `listIdentifiers(query)` — List known identifiers with pagination
+- `listIdentifierChildren(parentPath?)` — Navigate identifier hierarchy
+
+**JSON Documents:**
+- `writeJsonDocument(identifier, data)` — Store a JSON document
+- `readJsonDocument(identifier)` — Read a JSON document
+- `deleteJsonDocument(identifier)` — Delete a JSON document
+- `listJsonDocuments(match?, limit?, offset?)` — List JSON document keys
+
+**Metadata (JSON on XML):**
+- `addMeta(identifier, value, path?)` — Set metadata on a document
+- `appendMeta(identifier, value, path?)` — Append to metadata
+- `queryMeta(identifier, path?)` — Read metadata
+- `clearMeta(query)` — Remove metadata
+
+**Versioning:**
+- `createBranch(name, fromBranch?, fromDate?)` — Create branch
+- `listBranches()` — List all branches
+- `mergeBranch(target, source, options?)` — Merge branches
+- `deleteBranch(name)` — Delete branch
+- `createCommit(message, author?)` — Commit current state
+- `listCommits(options?)` — List commits
+- `rollbackToCommit(commitId)` — Rollback to prior commit
+- `cherryPick(commitId, message?)` — Cherry-pick a commit
+- `diff(from, to, includeContent?)` — Diff between revisions
+- `createTag(name, commitId, message?)` — Tag a commit
+- `listTags()` / `deleteTag(name)` — Manage tags
+
+**Locks:**
+- `acquireLock(identifier, expires?)` — Acquire cooperative lock
+- `releaseLock(identifier, lockId)` — Release lock
+- `findLocks(identifier)` — Query active locks
+
+**Search & Analytics:**
+- `search(query)` — Full-text search
+- `reindex()` — Rebuild search index
+- `unquery(query, unqueryDoc)` — Execute Unquery DSL
+
+**Security & Policies:**
+- `createPolicy(id, policy)` / `listPolicies()` / `updatePolicy()` / `deletePolicy()` — ABAC policies
+- `checkAccess(subject, identifier, action)` — Dry-run access check
+- `getSecurityConfig()` / `updateSecurityConfig()` — Security settings
+
+**Triggers:**
+- `upsertTrigger(id, trigger)` / `listTriggers()` / `deleteTrigger(name)` — Automation triggers
+
+**App Users (admin):**
+- `listAppUsers()` / `createAppUser()` / `deleteAppUser()` — Manage end-user accounts
+- `registerAppUser()` — Self-registration
+- `getAppAuthConfig()` — Auth configuration
+
+**WebSocket:**
+- `subscribe(options, callback, onError?)` — Real-time document change notifications
+
+### Query Flags
+
+When calling `queryByIdentifier` or `queryDocuments`, the `flags` parameter controls matching:
+- `'FirstMatch'` — Return only the first matching document
+- `'IncludeChildren'` — Include child identifiers in results
+- `'NoChildren'` — Exclude children
+- `'KeepIndexNodes'` — Include index/structural nodes
+
+### Errors
+
+All API errors throw `XCiteDBError` with `.status` (HTTP code) and `.body` (parsed response). Common codes: `401` unauthenticated, `403` forbidden by policy, `404` not found, `409` conflict (lock), `422` validation, `423` project encrypted and locked, `429` rate limited.
+
+## Python SDK (`xcitedb`)
+
+Install: `pip install xcitedb`
+
+```python
+import asyncio
+from xcitedb import XCiteDBClient, XCiteQuery, DatabaseContext
+
+async def main():
+    async with XCiteDBClient(
+        "http://localhost:8080",
+        api_key="your-key",
+        context=DatabaseContext(branch="", date=""),
+    ) as client:
+        print(await client.health())
+        ids = await client.query_documents(XCiteQuery(match_start="/manual/"))
+        print(ids)
+
+asyncio.run(main())
+```
+
+## C++ SDK (`xcitedb`)
+
+```cpp
+#include <xcitedb/xcitedb.hpp>
+
+xcitedb::XCiteDBClientOptions opt;
+opt.base_url = "http://127.0.0.1:8080";
+opt.api_key = "your-key";
+opt.context.branch = "";  // root timeline
+
+xcitedb::XCiteDBClient client(opt);
+auto health = client.health();
+xcitedb::XCiteQuery q;
+q.match_start = "/manual/";
+auto ids = client.query_documents(q);
+```
+
+## Architecture Notes
+
+- **Multi-tenant**: Each project is an isolated tenant with its own data, users, keys, and policies.
+- **LMDB engine**: Data is memory-mapped; reads are microsecond-class on warm data.
+- **Versioning**: Every write is versioned. Branches isolate work. Commits snapshot state. Time-travel reads any historical state via `X-Date`.
+- **Two user tiers**: Platform operators manage infrastructure; App users are end-users of applications built on XciteDB.
+- **Security policies (ABAC)**: Fine-grained allow/deny rules on actions, resources, roles, and branches.
+- **WebSocket**: Real-time notifications for document changes at `/api/v1/ws`.
+
+## Documentation
+
+Full API reference is available at your XciteDB server's `/docs` path. Key sections:
+- Getting started — Base URL, headers, errors, pagination
+- Documents — XML document CRUD, identifiers, hierarchy
+- JSON documents — JSON document CRUD
+- Metadata — JSON metadata on documents
+- Search — Full-text search
+- Unquery — Declarative query DSL
+- Branches — Branch management
+- Commits & tags — Version snapshots
+- Locks — Cooperative editing locks
+- Authentication — JWT, API keys, platform vs app users
+- Security policies — ABAC access control
+- Triggers — Automated webhooks on metadata changes
+- App authentication — End-user registration, login, OAuth
+- Project & API keys — Key management

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xcitedbs/client",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "XCiteDB BaaS client SDK",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -37,7 +37,9 @@
     "typescript": "^5.0.0"
   },
   "files": [
-    "dist"
+    "dist",
+    "llms.txt",
+    "llms-full.txt"
   ],
   "license": "MIT"
 }