npm - @xcitedbs/client - Versions diffs - 0.2.20 → 0.2.23 - Mend

@xcitedbs/client 0.2.20 → 0.2.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessCheckResult, AppAuthConfig, AppEmailConfig, AppEmailTemplates, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BranchInfo, BookmarkRecord, CheckpointRecord, CommitRecord, CompareRef, CompareResult, DatabaseContext, DiffRef, DiffResult, DocumentBatchResponse, Flags, JsonDocumentBatchItem, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, AcquireLockOptions, LogEntry, MergeResult, PublishResult, WorkspaceInfo, MetaValue, PlatformRegisterResult, PolicySubjectInput, UnqueryResult, UnqueryTemplate, PolicyUpdateResponse, RealtimeEvent, SecurityConfig, SecurityPolicy, StoredTriggerResponse, TriggerDefinition, StoredPolicyResponse, SubscriptionOptions, TagRecord, TextSearchQuery, TextSearchResult, ProjectSearchSettings, ProjectSearchSettingsUpdate, ProjectDocConfResponse, PlatformDefaultDocConfResponse, VectorIndexEstimate, RagQueryOptions, RagQueryResult, RagStreamEvent, OAuthProvidersResponse, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspacesResponse, TokenPair, UserInfo, ApiKeyInfo, WriteDocumentOptions, XmlDocumentBatchItem, CreateTestSessionOptions, XCiteDBClientOptions, XCiteDBJwtClaims, TestSessionBootstrapSummary, TestSessionInfo, XCiteQuery, UserIsolationConfig, UserIsolationCreateShareParams, UserIsolationShareResult } from './types';
+import { AccessCheckResult, AppAuthConfig, AppEmailConfig, AppEmailTemplates, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BranchInfo, BookmarkRecord, CheckpointRecord, CommitRecord, CompareRef, CompareResult, DatabaseContext, DiffRef, DiffResult, DocumentBatchResponse, DocumentExportFormat, ExportDocumentResult, Flags, JsonDocumentBatchItem, ImportDocumentOptions, ImportDocumentResult, IdentifierChildNode, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, AcquireLockOptions, LogEntry, MergeResult, PublishResult, RebaseUserWorkspaceResult, WorkspaceInfo, MetaValue, PlatformRegisterResult, PolicySubjectInput, UnqueryResult, UnqueryTemplate, PolicyUpdateResponse, RealtimeEvent, SecurityConfig, SecurityPolicy, StoredTriggerResponse, TriggerDefinition, StoredPolicyResponse, SubscriptionOptions, TagRecord, TextSearchQuery, TextSearchResult, ProjectSearchSettings, ProjectSearchSettingsUpdate, ProjectDocConfResponse, PlatformDefaultDocConfResponse, VectorIndexEstimate, RagQueryOptions, RagQueryResult, RagStreamEvent, OAuthProvidersResponse, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspacesResponse, TokenPair, UserInfo, ApiKeyInfo, WriteDocumentOptions, XmlDocumentBatchItem, CreateTestSessionOptions, XCiteDBClientOptions, XCiteDBJwtClaims, TestSessionBootstrapSummary, TestSessionInfo, XCiteQuery, UserIsolationConfig, UserIsolationCreateShareParams, UserIsolationShareResult } from './types';
 import { WebSocketSubscription } from './websocket';
 export declare class XCiteDBClient {
     private baseUrl;
@@ -93,6 +93,12 @@ export declare class XCiteDBClient {
     private testHeaders;
     private requestHeaders;
     private request;
+    /**
+     * POST `multipart/form-data` without forcing JSON `Content-Type` (boundary is set by the runtime).
+     */
+    private requestFormPost;
+    /** GET binary response (e.g. document export); errors are parsed as JSON when possible. */
+    private requestBinaryGet;
     /** Developer Bearer refresh first, then app-user refresh (no API key refresh). */
     private tryRefreshSessionAfter401;
     private refreshAppUserNoRetry;
@@ -399,8 +405,16 @@ export declare class XCiteDBClient {
     /** @deprecated Use {@link deleteBookmark}. */
     deleteTag(name: string): Promise<void>;
     compare(from: CompareRef, to: CompareRef, includeContent?: boolean): Promise<CompareResult>;
+    compare(from: CompareRef, to: CompareRef, options?: {
+        includeContent?: boolean;
+        matchStart?: string;
+    }): Promise<CompareResult>;
     /** @deprecated Use {@link compare}. */
     diff(from: DiffRef, to: DiffRef, includeContent?: boolean): Promise<DiffResult>;
+    diff(from: DiffRef, to: DiffRef, options?: {
+        includeContent?: boolean;
+        matchStart?: string;
+    }): Promise<DiffResult>;
     publishWorkspace(targetWorkspace: string, sourceWorkspace: string, options?: {
         message?: string;
         autoResolve?: 'none' | 'source' | 'target';
@@ -410,6 +424,43 @@ export declare class XCiteDBClient {
         message?: string;
         autoResolve?: 'none' | 'source' | 'target';
     }): Promise<MergeResult>;
+    /** List app-user draft workspaces visible to the caller (`GET /api/v1/user-workspaces`). */
+    listUserWorkspaces(): Promise<{
+        user_workspaces: Record<string, unknown>[];
+    }>;
+    /** Create a user workspace (`POST /api/v1/user-workspaces`). Returns the workspace record (top-level JSON). */
+    createUserWorkspace(name: string, options?: {
+        sourceBranch?: string;
+        sourceDate?: string;
+    }): Promise<Record<string, unknown>>;
+    getUserWorkspace(id: string): Promise<{
+        user_workspace: Record<string, unknown>;
+    }>;
+    deleteUserWorkspace(id: string): Promise<void>;
+    addUserWorkspaceGrant(id: string, body: {
+        user_id?: string;
+        group?: string;
+        mode: string;
+    }): Promise<{
+        user_workspace: Record<string, unknown>;
+    }>;
+    removeUserWorkspaceGrant(id: string, body: {
+        user_id?: string;
+        group?: string;
+    }): Promise<{
+        user_workspace: Record<string, unknown>;
+    }>;
+    publishUserWorkspace(id: string, options?: {
+        message?: string;
+        autoResolve?: string;
+    }): Promise<Record<string, unknown>>;
+    /**
+     * Advance the user workspace fork to the current parent tip (`POST /api/v1/user-workspaces/{id}/rebase`).
+     * On overlap with local edits, returns **409** with `conflicts` (same shape as publish) unless `autoResolve` resolves it.
+     */
+    rebaseUserWorkspace(id: string, options?: {
+        autoResolve?: 'none' | 'source' | 'target';
+    }): Promise<RebaseUserWorkspaceResult>;
     /**
      * Create `workspaceName` from {@link options.fromBranch} (or current context), run `fn` scoped to that workspace,
      * create a checkpoint, then publish back unless {@link options.autoMerge} is `false`.
@@ -451,11 +502,37 @@ export declare class XCiteDBClient {
      * Rows with `error === 'lock_conflict'` include `current_lock` (code **423** per row).
      */
     writeXmlDocumentsBatch(items: XmlDocumentBatchItem[]): Promise<DocumentBatchResponse>;
+    /**
+     * Import a document (`POST /api/v1/documents/import`). Server converts DOCX, ODF, RTF, PDF, Markdown, AsciiDoc, or plain text
+     * to shredded XML. Field name must be `file` (multipart).
+     */
+    importDocument(file: Blob | ArrayBuffer | Uint8Array, options?: ImportDocumentOptions): Promise<ImportDocumentResult>;
+    /**
+     * Export a document (`GET /api/v1/documents/export`). Returns binary bytes and response metadata.
+     */
+    exportDocument(identifier: string, format?: DocumentExportFormat, options?: {
+        strict?: boolean;
+    }): Promise<ExportDocumentResult>;
     /**
      * @deprecated Use {@link writeXmlDocument}. This name was misleading: it writes **XML** via a JSON wrapper, not a JSON document.
      */
     writeDocumentJson(xml: string, options?: WriteDocumentOptions): Promise<void>;
     queryByIdentifier(identifier: string, flags?: Flags, filter?: string, pathFilter?: string): Promise<string[]>;
+    /**
+     * Shallow read: root element with inline leaves plus `db:N*` placeholders for shredded child slots
+     * (`flags=NoChildren,KeepIndexNodes,FirstMatch` on `GET /api/v1/documents/by-id`). Use with {@link listChildIdentifiers}
+     * or {@link queryByIdentifierWithChildren} for sidebar / AST navigation without loading the full subtree.
+     */
+    queryByIdentifierShallow(identifier: string, filter?: string, pathFilter?: string): Promise<string[]>;
+    /** Alias of {@link listIdentifierChildren} — immediate child segments under `parentPath` (identifier hierarchy). */
+    listChildIdentifiers(parentPath?: string): Promise<ListIdentifierChildrenResult>;
+    /**
+     * Parallel shallow node + one level of identifier children (`GET /by-id` + `GET /identifier-children`).
+     */
+    queryByIdentifierWithChildren(identifier: string, filter?: string, pathFilter?: string): Promise<{
+        node: string[];
+        children: IdentifierChildNode[];
+    }>;
     queryDocuments(query: XCiteQuery, flags?: Flags, filter?: string, pathFilter?: string): Promise<string[]>;
     deleteDocument(identifier: string): Promise<void>;
     addIdentifier(identifier: string): Promise<boolean>;

package/dist/client.js CHANGED Viewed

@@ -56,6 +56,24 @@ function buildQuery(params) {
     const s = sp.toString();
     return s ? `?${s}` : '';
 }
+/** Best-effort filename from `Content-Disposition` (attachment; filename="…"). */
+function parseContentDispositionFilename(cd) {
+    if (!cd)
+        return undefined;
+    const mStar = cd.match(/filename\*=(?:UTF-8'')?([^;]+)/i);
+    if (mStar?.[1]) {
+        try {
+            return decodeURIComponent(mStar[1].trim().replace(/^"|"$/g, ''));
+        }
+        catch {
+            return mStar[1].trim().replace(/^"|"$/g, '');
+        }
+    }
+    const m = cd.match(/filename\s*=\s*("?)([^";]+)\1/i);
+    if (m?.[2])
+        return m[2].trim();
+    return undefined;
+}
 function warnIfHttpOnTlsPort(baseUrl) {
     try {
         const u = new URL(baseUrl);
@@ -590,6 +608,122 @@ class XCiteDBClient {
         this.notifySessionInvalidIfNeeded(path, 401);
         throw new types_1.XCiteDBError('Request failed after retry', 401, null);
     }
+    /**
+     * POST `multipart/form-data` without forcing JSON `Content-Type` (boundary is set by the runtime).
+     */
+    async requestFormPost(path, form, opts) {
+        const no401Retry = opts?.no401Retry === true;
+        const suppressTestSessionHeader = opts?.suppressTestSessionHeader === true;
+        for (let attempt = 0; attempt < 2; attempt++) {
+            const url = joinUrl(this.baseUrl, path);
+            const outgoingRequestId = newClientRequestId();
+            const headers = {
+                ...this.authHeaders(),
+                ...this.contextHeaders(),
+                ...(suppressTestSessionHeader ? {} : this.testHeaders()),
+                'X-Request-Id': outgoingRequestId,
+            };
+            const init = { method: 'POST', headers, body: form };
+            const sig = requestTimeoutSignal(this.requestTimeoutMs);
+            if (sig)
+                init.signal = sig;
+            let res;
+            try {
+                res = await fetch(url, init);
+            }
+            catch (e) {
+                const m = e instanceof Error ? e.message : 'Network error';
+                throw new types_1.XCiteDBError(m, 0, null, { clientRequestId: outgoingRequestId });
+            }
+            const text = await res.text();
+            let data;
+            try {
+                data = text ? JSON.parse(text) : null;
+            }
+            catch {
+                data = text;
+            }
+            if (res.ok) {
+                return data;
+            }
+            if (res.status === 401 &&
+                attempt === 0 &&
+                !no401Retry &&
+                (await this.tryRefreshSessionAfter401())) {
+                continue;
+            }
+            const msg = typeof data === 'object' && data !== null && 'message' in data
+                ? String(data.message)
+                : res.statusText;
+            this.notifySessionInvalidIfNeeded(path, res.status);
+            throwForFailedHttp(res.status, path, data, msg || `HTTP ${res.status}`, res.headers.get('X-Request-Id') ?? undefined, res.headers.get('X-Client-Request-Id') ?? undefined);
+        }
+        this.notifySessionInvalidIfNeeded(path, 401);
+        throw new types_1.XCiteDBError('Request failed after retry', 401, null);
+    }
+    /** GET binary response (e.g. document export); errors are parsed as JSON when possible. */
+    async requestBinaryGet(path, opts) {
+        const no401Retry = opts?.no401Retry === true;
+        const suppressTestSessionHeader = opts?.suppressTestSessionHeader === true;
+        for (let attempt = 0; attempt < 2; attempt++) {
+            const url = joinUrl(this.baseUrl, path);
+            const outgoingRequestId = newClientRequestId();
+            const headers = {
+                ...this.authHeaders(),
+                ...this.contextHeaders(),
+                ...(suppressTestSessionHeader ? {} : this.testHeaders()),
+                'X-Request-Id': outgoingRequestId,
+            };
+            const init = { method: 'GET', headers };
+            const sig = requestTimeoutSignal(this.requestTimeoutMs);
+            if (sig)
+                init.signal = sig;
+            let res;
+            try {
+                res = await fetch(url, init);
+            }
+            catch (e) {
+                const m = e instanceof Error ? e.message : 'Network error';
+                throw new types_1.XCiteDBError(m, 0, null, { clientRequestId: outgoingRequestId });
+            }
+            if (res.ok) {
+                const buf = new Uint8Array(await res.arrayBuffer());
+                const contentType = res.headers.get('Content-Type') ?? 'application/octet-stream';
+                const fn = parseContentDispositionFilename(res.headers.get('Content-Disposition')) ?? 'export.bin';
+                const rt = res.headers.get('X-XciteDB-Export-RoundTrip');
+                const roundTrip = rt === 'exact' || rt === 'lossy' ? rt : undefined;
+                const w = res.headers.get('X-XciteDB-Export-Warning');
+                return {
+                    bytes: buf,
+                    contentType,
+                    filename: fn,
+                    ...(roundTrip ? { roundTrip } : {}),
+                    ...(w ? { warning: w } : {}),
+                };
+            }
+            if (res.status === 401 &&
+                attempt === 0 &&
+                !no401Retry &&
+                (await this.tryRefreshSessionAfter401())) {
+                continue;
+            }
+            const text = await res.text();
+            let data;
+            try {
+                data = text ? JSON.parse(text) : null;
+            }
+            catch {
+                data = text;
+            }
+            const msg = typeof data === 'object' && data !== null && 'message' in data
+                ? String(data.message)
+                : res.statusText;
+            this.notifySessionInvalidIfNeeded(path, res.status);
+            throwForFailedHttp(res.status, path, data, msg || `HTTP ${res.status}`, res.headers.get('X-Request-Id') ?? undefined, res.headers.get('X-Client-Request-Id') ?? undefined);
+        }
+        this.notifySessionInvalidIfNeeded(path, 401);
+        throw new types_1.XCiteDBError('Request failed after retry', 401, null);
+    }
     /** Developer Bearer refresh first, then app-user refresh (no API key refresh). */
     async tryRefreshSessionAfter401() {
         if (this.accessToken && this.refreshToken) {
@@ -1221,16 +1355,35 @@ class XCiteDBClient {
     async deleteTag(name) {
         return this.deleteBookmark(name);
     }
-    async compare(from, to, includeContent) {
-        return this.request('POST', '/api/v1/compare', {
+    async compare(from, to, third) {
+        let include_content = false;
+        let match_start;
+        if (typeof third === 'boolean') {
+            include_content = third;
+        }
+        else if (third !== undefined && typeof third === 'object') {
+            include_content = third.includeContent ?? false;
+            match_start = third.matchStart;
+        }
+        const body = {
             from,
             to,
-            include_content: includeContent ?? false,
-        });
+            include_content,
+        };
+        if (match_start !== undefined && match_start !== '') {
+            body.match_start = this.isoPrefixId(match_start);
+        }
+        const r = await this.request('POST', '/api/v1/compare', body);
+        if (r && typeof r === 'object' && typeof r.match_start === 'string' && r.match_start.length > 0) {
+            r.match_start = this.isoUnprefixId(r.match_start);
+        }
+        return r;
     }
-    /** @deprecated Use {@link compare}. */
-    async diff(from, to, includeContent) {
-        return this.compare(from, to, includeContent);
+    async diff(from, to, third) {
+        if (third === undefined || typeof third === 'boolean') {
+            return this.compare(from, to, third);
+        }
+        return this.compare(from, to, third);
     }
     async publishWorkspace(targetWorkspace, sourceWorkspace, options) {
         const body = {
@@ -1246,6 +1399,45 @@ class XCiteDBClient {
     async mergeBranch(targetBranch, sourceBranch, options) {
         return this.publishWorkspace(targetBranch, sourceBranch, options);
     }
+    /** List app-user draft workspaces visible to the caller (`GET /api/v1/user-workspaces`). */
+    async listUserWorkspaces() {
+        return this.request('GET', '/api/v1/user-workspaces');
+    }
+    /** Create a user workspace (`POST /api/v1/user-workspaces`). Returns the workspace record (top-level JSON). */
+    async createUserWorkspace(name, options) {
+        const body = { name };
+        if (options?.sourceBranch)
+            body.source_branch = options.sourceBranch;
+        if (options?.sourceDate)
+            body.source_date = options.sourceDate;
+        return this.request('POST', '/api/v1/user-workspaces', body);
+    }
+    async getUserWorkspace(id) {
+        return this.request('GET', `/api/v1/user-workspaces/${encodeURIComponent(id)}`);
+    }
+    async deleteUserWorkspace(id) {
+        await this.request('DELETE', `/api/v1/user-workspaces/${encodeURIComponent(id)}`);
+    }
+    async addUserWorkspaceGrant(id, body) {
+        return this.request('POST', `/api/v1/user-workspaces/${encodeURIComponent(id)}/grants`, body);
+    }
+    async removeUserWorkspaceGrant(id, body) {
+        return this.request('DELETE', `/api/v1/user-workspaces/${encodeURIComponent(id)}/grants`, body);
+    }
+    async publishUserWorkspace(id, options) {
+        const body = { auto_resolve: options?.autoResolve ?? 'none' };
+        if (options?.message)
+            body.message = options.message;
+        return this.request('POST', `/api/v1/user-workspaces/${encodeURIComponent(id)}/publish`, body);
+    }
+    /**
+     * Advance the user workspace fork to the current parent tip (`POST /api/v1/user-workspaces/{id}/rebase`).
+     * On overlap with local edits, returns **409** with `conflicts` (same shape as publish) unless `autoResolve` resolves it.
+     */
+    async rebaseUserWorkspace(id, options) {
+        const body = { auto_resolve: options?.autoResolve ?? 'none' };
+        return this.request('POST', `/api/v1/user-workspaces/${encodeURIComponent(id)}/rebase`, body);
+    }
     /**
      * Create `workspaceName` from {@link options.fromBranch} (or current context), run `fn` scoped to that workspace,
      * create a checkpoint, then publish back unless {@link options.autoMerge} is `false`.
@@ -1323,6 +1515,49 @@ class XCiteDBClient {
         }
         return r;
     }
+    /**
+     * Import a document (`POST /api/v1/documents/import`). Server converts DOCX, ODF, RTF, PDF, Markdown, AsciiDoc, or plain text
+     * to shredded XML. Field name must be `file` (multipart).
+     */
+    async importDocument(file, options) {
+        const form = new FormData();
+        const blob = file instanceof Blob
+            ? file
+            : file instanceof ArrayBuffer
+                ? new Blob([file], { type: 'application/octet-stream' })
+                : new Blob([Uint8Array.from(file)], { type: 'application/octet-stream' });
+        const uploadName = options?.filename ??
+            (typeof File !== 'undefined' && file instanceof File ? file.name : 'upload.bin');
+        form.append('file', blob, uploadName);
+        const q = buildQuery({
+            ...(options?.identifier !== undefined && options.identifier !== ''
+                ? { identifier: this.isoPrefixId(options.identifier) }
+                : {}),
+        });
+        const r = await this.requestFormPost(`/api/v1/documents/import${q}`, form);
+        if (r && typeof r === 'object' && 'identifier' in r && typeof r.identifier === 'string') {
+            r.identifier = this.isoUnprefixId(r.identifier);
+        }
+        return r;
+    }
+    /**
+     * Export a document (`GET /api/v1/documents/export`). Returns binary bytes and response metadata.
+     */
+    async exportDocument(identifier, format = 'docx', options) {
+        const q = buildQuery({
+            identifier: this.isoPrefixId(identifier),
+            format,
+            strict: options?.strict ? '1' : undefined,
+        });
+        const r = await this.requestBinaryGet(`/api/v1/documents/export${q}`);
+        return {
+            bytes: r.bytes,
+            contentType: r.contentType,
+            filename: r.filename,
+            ...(r.roundTrip ? { roundTrip: r.roundTrip } : {}),
+            ...(r.warning ? { warning: r.warning } : {}),
+        };
+    }
     /**
      * @deprecated Use {@link writeXmlDocument}. This name was misleading: it writes **XML** via a JSON wrapper, not a JSON document.
      */
@@ -1339,6 +1574,28 @@ class XCiteDBClient {
         const rows = await this.request('GET', `/api/v1/documents/by-id${q}`);
         return Array.isArray(rows) ? rows.map((x) => this.isoUnprefixId(String(x))) : rows;
     }
+    /**
+     * Shallow read: root element with inline leaves plus `db:N*` placeholders for shredded child slots
+     * (`flags=NoChildren,KeepIndexNodes,FirstMatch` on `GET /api/v1/documents/by-id`). Use with {@link listChildIdentifiers}
+     * or {@link queryByIdentifierWithChildren} for sidebar / AST navigation without loading the full subtree.
+     */
+    async queryByIdentifierShallow(identifier, filter, pathFilter) {
+        return this.queryByIdentifier(identifier, 'NoChildren,KeepIndexNodes,FirstMatch', filter, pathFilter);
+    }
+    /** Alias of {@link listIdentifierChildren} — immediate child segments under `parentPath` (identifier hierarchy). */
+    async listChildIdentifiers(parentPath) {
+        return this.listIdentifierChildren(parentPath);
+    }
+    /**
+     * Parallel shallow node + one level of identifier children (`GET /by-id` + `GET /identifier-children`).
+     */
+    async queryByIdentifierWithChildren(identifier, filter, pathFilter) {
+        const [node, listed] = await Promise.all([
+            this.queryByIdentifierShallow(identifier, filter, pathFilter),
+            this.listIdentifierChildren(identifier),
+        ]);
+        return { node, children: listed.children };
+    }
     async queryDocuments(query, flags, filter, pathFilter) {
         const pq = this.isoPrefixQuery(query);
         const params = {

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 export { XCiteDBClient } from './client';
 export { WebSocketSubscription } from './websocket';
-export type { AccessCheckResult, ApiKeyInfo, AppAuthConfig, AppEmailConfig, AppEmailSmtpConfig, AppEmailTemplateEntry, AppEmailTemplates, AppEmailWebhookConfig, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BookmarkRecord, BranchInfo, BranchListItem, CheckpointRecord, CommitRecord, CompareEntry, CompareRef, CompareResult, DatabaseContext, DiffEntry, DiffRef, DiffResult, DocumentBatchResponse, DocumentBatchResultRow, Flags, JsonDocumentData, JsonDocumentBatchItem, IdentifierChildNode, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, AcquireLockOptions, LockConflictBody, LockExpiredBody, LockUnknownBody, MergeConflict, MergeResult, OAuthProviderInfo, OAuthProvidersResponse, OwnedTenantInfo, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspaceOrg, PlatformWorkspacesResponse, ProjectSearchSettings, ProjectSearchSettingsUpdate, ProjectDocConfResponse, PlatformDefaultDocConfResponse, LogEntry, MetaValue, PlatformRegisterResult, PolicyUpdateResponse, PublishConflict, PublishResult, PolicyConditions, PolicyIdentifierPattern, PolicyResources, PolicySubjectInput, PolicySubjects, RagQueryOptions, RagQueryResult, RagStreamEvent, RealtimeEvent, SearchIndexingProgress, SecurityConfig, SecurityPolicy, StoredPolicyResponse, StoredTriggerResponse, SubscriptionOptions, TagRecord, TextSearchHit, TextSearchQuery, TextSearchResult, TriggerDefinition, TokenPair, UserInfo, UserIsolationConfig, UserIsolationCreateShareParams, UserIsolationOptions, UserIsolationShareMode, UserIsolationShareResult, WorkspaceInfo, WriteDocumentOptions, XmlDocumentBatchItem, CreateTestSessionOptions, TestSessionBootstrap, TestSessionBootstrapSummary, TestSessionInfo, XCiteDBClientOptions, XCiteDBErrorExtras, XCiteDBJwtClaims, UnqueryResult, UnqueryTemplate, XCiteQuery, } from './types';
+export type { AccessCheckResult, ApiKeyInfo, AppAuthConfig, AppEmailConfig, AppEmailSmtpConfig, AppEmailTemplateEntry, AppEmailTemplates, AppEmailWebhookConfig, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BookmarkRecord, BranchInfo, BranchListItem, CheckpointRecord, CommitRecord, CompareEntry, CompareRef, CompareResult, DatabaseContext, DiffEntry, DiffRef, DiffResult, DocumentBatchResponse, DocumentBatchResultRow, DocumentExportFormat, DocumentImportFormat, ExportDocumentResult, Flags, ImportDocumentOptions, ImportDocumentResult, JsonDocumentData, JsonDocumentBatchItem, IdentifierChildNode, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, AcquireLockOptions, LockConflictBody, LockExpiredBody, LockUnknownBody, MergeConflict, MergeResult, OAuthProviderInfo, OAuthProvidersResponse, OwnedTenantInfo, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspaceOrg, PlatformWorkspacesResponse, ProjectSearchSettings, ProjectSearchSettingsUpdate, ProjectDocConfResponse, PlatformDefaultDocConfResponse, LogEntry, MetaValue, PlatformRegisterResult, PolicyUpdateResponse, PublishConflict, PublishResult, RebaseUserWorkspaceResult, PolicyConditions, PolicyIdentifierPattern, PolicyResources, PolicySubjectInput, PolicySubjects, RagQueryOptions, RagQueryResult, RagStreamEvent, RealtimeEvent, SearchIndexingProgress, SecurityConfig, SecurityPolicy, StoredPolicyResponse, StoredTriggerResponse, SubscriptionOptions, TagRecord, TextSearchHit, TextSearchQuery, TextSearchResult, TriggerDefinition, TokenPair, UserInfo, UserIsolationConfig, UserIsolationCreateShareParams, UserIsolationOptions, UserIsolationShareMode, UserIsolationShareResult, WorkspaceInfo, WriteDocumentOptions, XmlDocumentBatchItem, CreateTestSessionOptions, TestSessionBootstrap, TestSessionBootstrapSummary, TestSessionInfo, XCiteDBClientOptions, XCiteDBErrorExtras, XCiteDBJwtClaims, UnqueryResult, UnqueryTemplate, XCiteQuery, } from './types';
 export { XCiteDBError, XCiteDBForbiddenError, XCiteDBNotFoundError, XCiteDBAuthError, XCiteDBLockConflictError, } from './types';

package/dist/types.d.ts CHANGED Viewed

@@ -399,6 +399,31 @@ export interface WriteDocumentOptions {
     is_top?: boolean;
     compare_attributes?: boolean;
 }
+/** Supported source formats for `POST /api/v1/documents/import` (server detects from bytes / filename). */
+export type DocumentImportFormat = 'docx' | 'odt' | 'rtf' | 'pdf' | 'txt' | 'md' | 'adoc';
+/** JSON body on successful import (`201 Created`). */
+export interface ImportDocumentResult {
+    identifier: string;
+    section_count: number;
+    source_format: string;
+}
+export interface ImportDocumentOptions {
+    /** Override root `db:identifier`; default is `/imported/<sanitized-filename>`. */
+    identifier?: string;
+    /** Original filename (helps sniff format when `File` is not available, e.g. Node `Blob` only). */
+    filename?: string;
+}
+/** `GET /api/v1/documents/export?format=…` */
+export type DocumentExportFormat = 'xml' | 'docx' | 'odt' | 'pdf' | 'txt' | 'md' | 'adoc';
+export interface ExportDocumentResult {
+    bytes: Uint8Array;
+    contentType: string;
+    filename: string;
+    /** Present for txt/md/adoc when server sends `X-XciteDB-Export-RoundTrip`. */
+    roundTrip?: 'exact' | 'lossy';
+    /** From `X-XciteDB-Export-Warning` when present. */
+    warning?: string;
+}
 /** One row in `POST /api/v1/documents/batch` or `POST /api/v1/json-documents/batch` response `results`. */
 export interface DocumentBatchResultRow {
     index: number;
@@ -835,6 +860,8 @@ export interface CompareResult {
         date_key?: string;
     };
     total_changes: number;
+    /** Echo of request `match_start` when path-scoped compare was used. */
+    match_start?: string;
 }
 /** @deprecated Use {@link CompareResult}. */
 export type DiffResult = CompareResult;
@@ -857,6 +884,16 @@ export interface PublishResult {
 }
 /** @deprecated Use {@link PublishResult}. */
 export type MergeResult = PublishResult;
+/** `POST /api/v1/user-workspaces/{id}/rebase` */
+export interface RebaseUserWorkspaceResult {
+    status: 'completed' | 'conflicts';
+    message?: string;
+    old_from_date_key?: string;
+    new_from_date_key?: string;
+    conflicts?: PublishConflict[];
+    auto_mergeable?: string[];
+    would_expose?: string[];
+}
 export type XCiteDBErrorExtras = {
     reason?: string;
     policyId?: string;

package/llms-full.txt CHANGED Viewed

@@ -35,10 +35,11 @@ Before reading the full reference, note these critical differences from typical
 - **Write at a specific date:** Set `X-Date` / `context.date` and write — every dated write is a **temporal revision**; no workspace or checkpoint required.
 - **Read as-of a date:** Set `X-Date` and read; the engine returns the revision at or before that instant.
 - **Isolated editing (draft → publish):** Create a **workspace**, edit, then **publish** to the target timeline; optional **checkpoints** for named snapshots.
+- **App-user user workspaces (`_uw/<owner>/<slug>`):** **`GET/POST /api/v1/user-workspaces`**, grants, publish, **rebase** — see repository **`web/src/docs/content/user-workspaces.md`**.
 - **Audit trail:** Checkpoints carry messages and affected identifiers; **bookmarks** name a checkpoint.
 - **Undo a batch:** **Revert** to a prior checkpoint on that workspace.
-Legacy REST paths under `/api/v1/branches`, `/commits`, `/tags`, `/diff` remain **deprecated** aliases; prefer **`/api/v1/workspaces`**, **`/checkpoints`**, **`/bookmarks`**, **`/compare`**.
+Legacy REST paths under `/api/v1/branches`, `/commits`, `/tags`, `/diff` remain **deprecated** aliases; prefer **`/api/v1/workspaces`**, **`/api/v1/user-workspaces`**, **`/checkpoints`**, **`/bookmarks`**, **`/compare`**.
 ## Common Pitfalls
@@ -433,6 +434,16 @@ The identifier is extracted from the `db:identifier` attribute in the root XML e
 Query parameters: `identifier` (required), `flags` (optional: `FirstMatch`, `IncludeChildren`, `NoChildren`, `KeepIndexNodes`), `filter`, `path_filter`.
+### Shallow node + subtree navigation
+- **`flags=NoChildren,KeepIndexNodes,FirstMatch`**: returns the matching node with inline leaf content plus **`db:N1`**, **`db:N2`**, … placeholders for shredded child slots (avoids loading the full deep subtree in one response).
+- Combine with **`GET /api/v1/documents/identifier-children?parent_path=…`** for the next level of hierarchy (`segment`, `full_path`, `is_identifier`, `has_children`).
+- **JavaScript SDK:** `queryByIdentifierShallow(id)`, `listChildIdentifiers(parentPath?)`, `queryByIdentifierWithChildren(id)` (shallow XML + children in parallel).
+### Standalone subtree write (shredded model)
+You may `POST /api/v1/documents` with a root element whose `db:identifier` is a nested path (e.g. `/spaces/u/docs/doc1/sec-1`) without re-posting the parent document: the engine writes that subtree only and updates the identifier hierarchy index for the parent automatically. Keep `is_top: true` (default) on the write.
 ## Delete document
 **`DELETE /api/v1/documents/by-id?identifier=/book/ch1`**
@@ -525,7 +536,7 @@ Returns `{ identifiers: string[], total, offset, limit }`.
 ## Export document
-**`GET /api/v1/documents/export?id=/book/ch1&format=...`**
+**`GET /api/v1/documents/export?identifier=/book/ch1&format=...`**
 ## Export provision
@@ -846,6 +857,22 @@ Returns `{ status: "completed"|"conflicts", checkpoint?, commit?, merged_identif
 ---
+# App-user workspaces (`/api/v1/user-workspaces`)
+Per-user draft branches (`_uw/<owner>/<slug>`). See also **`web/src/docs/content/user-workspaces.md`**.
+## Rebase user workspace
+**`POST /api/v1/user-workspaces/{id}/rebase`**
+```json
+{ "auto_resolve": "none" }
+```
+Advances the workspace branch fork metadata to the **current tip** of its parent branch. Returns **`200`** with `{ status: "completed", message?, old_from_date_key, new_from_date_key, would_expose[], auto_mergeable[], conflicts: [] }`, or **`409`** with `{ status: "conflicts", conflicts: [...], auto_mergeable?, would_expose? }` when the same identifiers changed on both parent and workspace since the fork (same conflict shape as workspace publish).
+---
 # Checkpoints, bookmarks & compare
 ## Create checkpoint
@@ -895,13 +922,16 @@ Returns `{ checkpoints: [...], commits: [...], total, branch }` (mirrors).
 {
   "from": { "branch": "", "date": "2024-01-15T00:00:00" },
   "to": { "branch": "feature-x" },
-  "include_content": true
+  "include_content": true,
+  "match_start": "/spaces/u/docs/doc1"
 }
 ```
+Optional **`match_start`**: when set, only identifiers equal to that path or under it (prefix + `/`) are included in **`changes`** (tenant-wide noise is dropped).
 (Deprecated: **`POST /api/v1/diff`**; `date_key` still accepted internally but prefer **`date`**.)
-Returns `{ changes: [{ identifier, action: "added"|"modified"|"deleted", from_content?, to_content? }], total_changes }`.
+Returns `{ changes: [{ identifier, action: "added"|"modified"|"deleted", from_content?, to_content? }], total_changes, match_start? }` ( **`match_start`** echoed when the filter was used).
 ---
@@ -1505,7 +1535,12 @@ interface DatabaseContext {
 ### XML Documents
 - `writeXmlDocument(xml, options?)` → `void` — XML via JSON body (recommended). Deprecated: `writeDocumentJson`.
 - `writeXML(xml)` → `void` — Raw XML body
+- `importDocument(file, options?)` → `ImportDocumentResult` — multipart `POST /api/v1/documents/import`
+- `exportDocument(identifier, format?, options?)` → `ExportDocumentResult` — binary `GET /api/v1/documents/export`
 - `queryByIdentifier(identifier, flags?, filter?, pathFilter?)` → `string[]`
+- `queryByIdentifierShallow(identifier, filter?, pathFilter?)` → `string[]` — `NoChildren,KeepIndexNodes,FirstMatch`
+- `listChildIdentifiers(parentPath?)` → `ListIdentifierChildrenResult` — alias of `listIdentifierChildren`
+- `queryByIdentifierWithChildren(identifier, filter?, pathFilter?)` → `{ node, children }`
 - `queryDocuments(query: XCiteQuery, flags?, filter?, pathFilter?)` → `string[]`
 - `deleteDocument(identifier)` → `void`
 - `listIdentifiers(query: XCiteQuery)` → `ListIdentifiersResult`
@@ -1543,6 +1578,13 @@ interface DatabaseContext {
 - `publishWorkspace(targetWorkspace, sourceWorkspace, options?)` → `PublishResult`
 - **Deprecated:** `withBranch`, `createBranch`, `listBranches`, `getBranch`, `deleteBranch`, `mergeBranch` (same HTTP behavior)
+### App-user user workspaces (`_uw/…`)
+- `listUserWorkspaces()` → `{ user_workspaces: unknown[] }`
+- `createUserWorkspace(name, options?)` → `Record<string, unknown>`
+- `getUserWorkspace(id)` / `deleteUserWorkspace(id)` / `addUserWorkspaceGrant(id, body)` / `removeUserWorkspaceGrant(id, body)`
+- `publishUserWorkspace(id, options?)` → `PublishResult`-shaped JSON
+- `rebaseUserWorkspace(id, options?)` → `RebaseUserWorkspaceResult` — advances fork onto parent tip; **409** + `conflicts` on overlap (optional `autoResolve`: `none` | `source` | `target`)
 ### Checkpoints
 - `createCheckpoint(message, author?)` → `CheckpointRecord`
 - `listCheckpoints(options?)` → `{ checkpoints, total, branch }` (wire JSON may also include `commits` mirror)
@@ -1559,7 +1601,7 @@ interface DatabaseContext {
 - **Deprecated:** `createTag`, `listTags`, `getTag`, `deleteTag`
 ### Compare
-- `compare(from: CompareRef, to: CompareRef, includeContent?)` → `CompareResult`
+- `compare(from: CompareRef, to: CompareRef, includeContent?)` or `compare(from, to, { includeContent?, matchStart? })` → `CompareResult`
 - **Deprecated:** `diff(from: DiffRef, …)` — alias of `compare`
 ### Locks

package/llms.txt CHANGED Viewed

@@ -10,7 +10,7 @@ These are the most common sources of confusion for developers and AI assistants:
 2. **Identifiers are hierarchical, path-like strings** — e.g. `/us/bills/hr1`, `/manual/v2/chapter3`. They are NOT auto-generated UUIDs. The leading `/` is part of the identifier. Parent/child relationships are derived from the path structure (like a filesystem). The server indexes this hierarchy natively.
-3. **Documents are XML or JSON, not arbitrary blobs.** XML documents are the primary document type, stored with structural shredding. JSON documents are a parallel store keyed by identifier string. Both are fully versioned.
+3. **Shredding vs sharding (do not confuse them).** **Shredding** breaks **XML and JSON** hierarchically into small **fragments** (elements, attributes, objects, fields, array slots, and similar structural pieces) so each fragment can live under its **own LMDB key/value**. That is **not** “sharding” in the usual distributed-database sense. **Sharding** in XCiteDB means **per-tenant** isolation (each **project** is its own shard of data); **finer-grain sharding** is planned separately. Sharding and shredding are unrelated axes. **Documents are XML or JSON, not arbitrary blobs.** XML documents are the primary document type; JSON documents are a parallel store keyed by identifier string. Both are fully versioned.
 4. **`X-Date` and temporal revision (not “only now”).** Workspace and date context travel as HTTP headers (`X-Workspace` preferred, `X-Branch` alias, `X-Date`), or the SDK `context` option — not as URL path segments. **`X-Date` is not limited to the current server time.** Pass any instant you need as **ISO 8601** (e.g. `2024-01-15T00:00:00`) or **`mm/dd/yyyy`** (optional **`:HH:MM:SS`**) — for example an **official publication or approval date**, or any historical “as of” moment. When **`X-Date` is set**, that value applies to **both** **reads** (query as-of that instant) **and** **writes** (the new revision is stored under that revision instant). When **`X-Date` is omitted** and you do **not** send **`X-Unversioned: true`**, **writes** use **flat** keys (no date suffix on that write); **reads** still resolve **as of the current time**. **`X-Unversioned: true`** requests explicit flat keys and must **not** be combined with **`X-Date`** (the server returns 400).
@@ -32,11 +32,13 @@ These are the most common sources of confusion for developers and AI assistants:
 - **Isolated editing** (draft/review/publish): Create a **workspace**, make changes, then **publish** to the main timeline. Optionally create **checkpoints** for named snapshots within the workspace.
+- **App-user draft workspaces (`_uw/<owner>/<slug>`):** REST **`/api/v1/user-workspaces`**; SDK: `listUserWorkspaces`, `createUserWorkspace`, `getUserWorkspace`, `deleteUserWorkspace`, `addUserWorkspaceGrant`, `removeUserWorkspaceGrant`, `publishUserWorkspace`.
 - **Audit trail with named snapshots:** Create checkpoints with messages. List/inspect checkpoints for history.
 - **Undo a batch of changes:** **Revert** to a prior checkpoint (removes all changes after that point on the workspace).
-Legacy REST paths (`/api/v1/branches`, `/commits`, `/tags`, `/diff`) remain as **deprecated** aliases; prefer **`/api/v1/workspaces`**, **`/checkpoints`**, **`/bookmarks`**, **`/compare`**.
+Legacy REST paths (`/api/v1/branches`, `/commits`, `/tags`, `/diff`) remain as **deprecated** aliases; prefer **`/api/v1/workspaces`**, **`/api/v1/user-workspaces`**, **`/checkpoints`**, **`/bookmarks`**, **`/compare`**.
 ## Glossary: Project id, display name, and groups
@@ -154,7 +156,11 @@ When you build a backend that calls XCiteDB on behalf of users:
 - **JSON documents merge by default.** `POST /api/v1/json-documents` merges the posted `data` into the existing document (object fields combined per XCiteDB meta merge rules). Send **`overwrite: true`** to clear all stored JSON under that document root first, then write only the new payload. SDKs accept the same flag (e.g. `writeJsonDocument(id, data, { overwrite: true })` in JavaScript).
 - **Metadata `mode` and arrays.** **`POST /api/v1/meta`** uses **`mode`**: default **`set`** writes or replaces at `path` (arrays are replaced in range; excess old indices cleared); **`append`** appends array elements after existing ones at `path`. Optional **`overwrite: true`** clears metadata under `path` before writing. JavaScript: **`appendMeta`** or **`addMeta(..., { mode: 'append' })`**; Python/C++: **`append_meta`** or **`add_meta`** with **`mode`** / **`overwrite`** (see SDK sections below).
-- **Prefer dictionary-style objects.** Shredded JSON metadata is keyed by field names. **Object maps** get per-field storage; when an object accumulates enough distinct field names (server default threshold **32**), XCiteDB switches automatically to **dictionary storage** (`{*}` plus per-field keys) for efficient indexed access. For lookup-heavy or wide records, use **`{ "key": value, ... }`** shapes (or one document per logical row) rather than opaque arrays when you need keyed reads.
+- **Prefer dictionary-style objects.** **Shredded** JSON metadata is stored in **fragment-level** keys (e.g. per field name). **Object maps** get per-field storage; when an object accumulates enough distinct field names (server default threshold **32**), XCiteDB switches automatically to **dictionary storage** (`{*}` plus per-field keys) for efficient indexed access. For lookup-heavy or wide records, use **`{ "key": value, ... }`** shapes (or one document per logical row) rather than opaque arrays when you need keyed reads.
+## XML subtree writes (shredded model)
+- **Standalone subtree root.** Because XCiteDB shreds XML per identifier, you can `writeXmlDocument('<sec db:identifier="/spaces/u/docs/doc1/sec-1">…</sec>')` and the engine writes only that subtree — you do **not** need to re-send the parent document. The parent's children index (`id_hier`) is updated automatically. Keep `is_top: true` (default) on `POST /api/v1/documents` even when the `db:identifier` is nested under another path. Use `compare_attributes: true` only when you need attribute-level diffing for triggers.
 ## JavaScript/TypeScript SDK (`@xcitedbs/client`)
@@ -189,6 +195,11 @@ await client.writeXmlDocument(
   '<chapter db:identifier="/manual/v1/intro"><title>Introduction</title></chapter>'
 );
+// Import DOCX/PDF (etc.) server-side — shredded into XML (`POST /api/v1/documents/import`, multipart field `file`)
+// const fileBlob = …; // Blob from <input type="file"> or fetch
+// await client.importDocument(fileBlob, { identifier: '/manual/imported/spec', filename: 'spec.docx' });
+// const out = await client.exportDocument('/manual/imported/spec', 'docx'); // bytes in `out.bytes`
 // Write a JSON document
 await client.writeJsonDocument('app.settings', { theme: 'dark', locale: 'en' });
@@ -272,7 +283,12 @@ interface XCiteDBClientOptions {
 **XML Documents:**
 - `writeXmlDocument(xml, options?)` — Store XML via JSON body (identifier inside XML). Deprecated alias: `writeDocumentJson`.
 - `writeXML(xml)` — Store raw XML with `Content-Type: application/xml`
+- `importDocument(file, options?)` — `POST /api/v1/documents/import` (multipart `file`). Server converts DOCX, ODF, RTF, PDF, Markdown, AsciiDoc, or plain text into shredded XML. Optional `identifier` query override; optional `filename` for sniffing when not a `File`.
+- `exportDocument(id, format?, options?)` — `GET /api/v1/documents/export` binary (`xml` | `docx` | `odt` | `pdf` | `txt` | `md` | `adoc`). Optional `strict` for text exports.
 - `queryByIdentifier(id, flags?, filter?)` — Get document(s) by identifier
+- `queryByIdentifierShallow(id, filter?, pathFilter?)` — Same as `flags=NoChildren,KeepIndexNodes,FirstMatch` (skeleton: placeholders `db:N*` for shredded slots; avoids full subtree)
+- `listChildIdentifiers(parentPath?)` — Alias of `listIdentifierChildren`; next level of identifier hierarchy
+- `queryByIdentifierWithChildren(id, filter?, pathFilter?)` — `Promise.all` of shallow node + `identifier-children` for one expansion step
 - `queryDocuments(query, flags?)` — List/filter documents
 - `deleteDocument(identifier)` — Delete by identifier
 - `listIdentifiers(query)` — List known identifiers with pagination
@@ -297,11 +313,12 @@ interface XCiteDBClientOptions {
 - `listWorkspaces()` — List workspaces
 - `publishWorkspace(target, source, options?)` — Publish workspace changes to a target timeline
 - `deleteWorkspace(name)` — Delete workspace
+- `listUserWorkspaces()` / `createUserWorkspace(name, options?)` / `getUserWorkspace(id)` / `deleteUserWorkspace(id)` / `addUserWorkspaceGrant(id, body)` / `removeUserWorkspaceGrant(id, body)` / `publishUserWorkspace(id, options?)` / `rebaseUserWorkspace(id, options?)` — App-user **`_uw/…`** workspaces (`rebase` advances the fork onto the parent tip; **409** + `conflicts` on overlap, like publish)
 - `createCheckpoint(message, author?)` — Named snapshot of current state
 - `listCheckpoints(options?)` — List checkpoints
 - `revertToCheckpoint(checkpointId)` — Revert workspace to a prior checkpoint
 - `applyCheckpoint(checkpointId, message?)` — Apply another checkpoint’s changes here
-- `compare(from, to, includeContent?)` — Compare revisions
+- `compare(from, to, includeContent?)` or `compare(from, to, { includeContent?, matchStart? })` — Compare revisions; optional **`matchStart`** restricts results to that identifier and descendants (same as document `match_start` query semantics)
 - `createBookmark(name, checkpointId, message?)` — Bookmark a checkpoint
 - `listBookmarks()` / `deleteBookmark(name)` — Manage bookmarks
 - **Deprecated aliases:** `withBranch`, `createBranch`, `listBranches`, `mergeBranch`, `deleteBranch`, `createCommit`, `listCommits`, `rollbackToCommit`, `cherryPick`, `diff`, `createTag`, `listTags`, `deleteTag` (same HTTP behavior)
@@ -366,6 +383,8 @@ When calling `queryByIdentifier` or `queryDocuments`, the `flags` parameter cont
 - `'NoChildren'` — Exclude children
 - `'KeepIndexNodes'` — Include index/structural nodes
+**Sidebar / AST navigation:** combine **`'NoChildren,KeepIndexNodes,FirstMatch'`** (or `queryByIdentifierShallow`) with **`listChildIdentifiers`** / **`listIdentifierChildren`** so each expansion is one shallow XML read plus one child list, instead of `IncludeChildren` loading the entire subtree.
 ### Errors
 All API errors throw `XCiteDBError` with `.status` (HTTP code) and `.body` (parsed response). Common codes: `401` unauthenticated, `403` forbidden by policy or RBAC, `404` not found, `409` conflict (lock), `422` validation, `423` project encrypted and locked, `429` rate limited. Many **ABAC** denials return `403` with `"message":"Forbidden"` plus optional **`policy_id`** and **`hint`** (check JWT `tenant_id` vs `project:` group middle segment).
@@ -417,6 +436,7 @@ auto ids = client.query_documents(q);
 ## Architecture Notes
 - **Multi-tenant**: Each project is an isolated tenant with its own data, users, keys, and policies.
+- **Sharding vs shredding**: **Sharding** partitions the **tenant plane** (today, one isolated dataset per project; finer-grain sharding is on the roadmap). **Shredding** splits **individual documents** into **fragments** with their own keys—see convention 3.
 - **LMDB engine**: Data is memory-mapped; reads are microsecond-class on warm data.
 - **Versioning**: **Temporal revisions** are always on when using dates. **Workspaces** isolate draft work; **checkpoints** are optional named snapshots; **publish** merges a workspace into a target timeline. **`X-Date`** selects an instant for **as-of reads** and, when set, for **writes** under that revision (any calendar time you choose — e.g. publication date — not only “now”). Omit **`X-Date`** for **flat** writes on that request, or use **`X-Unversioned: true`** to state that explicitly.
 - **Two user tiers**: Platform operators manage infrastructure; App users are end-users of applications built on XciteDB.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@xcitedbs/client",
-  "version": "0.2.20",
+  "version": "0.2.23",
   "description": "XCiteDB BaaS client SDK",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",