npm - @xcitedbs/client - Versions diffs - 0.2.8 → 0.2.10 - Mend

@xcitedbs/client 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/client.d.ts +65 -1
package/dist/client.js +502 -62
package/dist/index.d.ts +1 -1
package/dist/types.d.ts +168 -0
package/dist/user-isolation.test.d.ts +1 -0
package/dist/user-isolation.test.js +175 -0
package/llms-full.txt +5 -2
package/llms.txt +51 -4
package/package.json +4 -2

package/dist/client.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AccessCheckResult, AppAuthConfig, AppEmailConfig, AppEmailTemplates, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BranchInfo, CommitRecord, DatabaseContext, DiffRef, DiffResult, Flags, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, LogEntry, MergeResult, MetaValue, PlatformRegisterResult, PolicySubjectInput, UnqueryResult, UnqueryTemplate, PolicyUpdateResponse, RealtimeEvent, SecurityConfig, SecurityPolicy, StoredTriggerResponse, TriggerDefinition, StoredPolicyResponse, SubscriptionOptions, TagRecord, TextSearchQuery, TextSearchResult, OAuthProvidersResponse, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspacesResponse, TokenPair, UserInfo, ApiKeyInfo, WriteDocumentOptions, CreateTestSessionOptions, XCiteDBClientOptions, XCiteQuery } from './types';
+import { AccessCheckResult, AppAuthConfig, AppEmailConfig, AppEmailTemplates, AppUser, AppUserTokenPair, EmailTestResponse, ForgotPasswordResponse, SendVerificationResponse, BranchInfo, CommitRecord, DatabaseContext, DiffRef, DiffResult, Flags, ListIdentifierChildrenResult, ListIdentifiersResult, LockInfo, LogEntry, MergeResult, MetaValue, PlatformRegisterResult, PolicySubjectInput, UnqueryResult, UnqueryTemplate, PolicyUpdateResponse, RealtimeEvent, SecurityConfig, SecurityPolicy, StoredTriggerResponse, TriggerDefinition, StoredPolicyResponse, SubscriptionOptions, TagRecord, TextSearchQuery, TextSearchResult, ProjectSearchSettings, ProjectSearchSettingsUpdate, VectorIndexEstimate, RagQueryOptions, RagQueryResult, RagStreamEvent, OAuthProvidersResponse, ProjectInfo, PlatformRegistrationConfig, PlatformWorkspacesResponse, TokenPair, UserInfo, ApiKeyInfo, WriteDocumentOptions, CreateTestSessionOptions, XCiteDBClientOptions, XCiteDBJwtClaims, XCiteQuery, UserIsolationConfig } from './types';
 import { WebSocketSubscription } from './websocket';
 export declare class XCiteDBClient {
     private baseUrl;
@@ -16,12 +16,38 @@ export declare class XCiteDBClient {
     private onSessionInvalid?;
     private testSessionToken?;
     private testRequireAuth?;
+    private userIsolation?;
+    private cachedAppUserId?;
     constructor(options: XCiteDBClientOptions);
     /**
      * Create an ephemeral isolated database: calls `POST /api/v1/test/sessions` with your API key or Bearer,
      * then returns a client that sends `X-Test-Session` (auth-free by default).
      */
     static createTestSession(opts: CreateTestSessionOptions): Promise<XCiteDBClient>;
+    /**
+     * Canonical `project:<tenant_id>:<role>` group string. The middle segment must match the app JWT `tenant_id`
+     * (internal project id), not the human-readable project name.
+     */
+    static buildProjectGroup(projectId: string, role: 'admin' | 'editor' | 'viewer'): string;
+    private static decodeJwtPayloadJson;
+    /**
+     * Decode `appUserAccessToken`, or `accessToken` if no app token (platform JWT), without verifying the signature.
+     * Use for debugging ABAC (compare `tenant_id` and `groups` to `project:<…>:role` in policies).
+     */
+    getTokenClaims(): XCiteDBJwtClaims | null;
+    private cacheAppUserIdFromPair;
+    private clearAppUserIdCache;
+    private getAppUserId;
+    private normalizeIsolationNamespaceTemplate;
+    private canonicalId;
+    /** Resolved namespace root, e.g. `/users/abc`, or `null` if isolation is off or no app user id. */
+    private userIsolationNamespace;
+    private allSharedPassthroughPrefixes;
+    private pathMatchesSharedPassthrough;
+    private isoPrefixId;
+    private isoUnprefixId;
+    private isoPrefixQuery;
+    private isoApplyXmlDbIdentifier;
     /** Destroy this test session on the server (`DELETE /api/v1/test/sessions/current`). */
     destroyTestSession(): Promise<{
         message: string;
@@ -46,6 +72,7 @@ export declare class XCiteDBClient {
     private mergeAppTenant;
     private authHeaders;
     private testHeaders;
+    private requestHeaders;
     private request;
     /** Developer Bearer refresh first, then app-user refresh (no API key refresh). */
     private tryRefreshSessionAfter401;
@@ -255,6 +282,17 @@ export declare class XCiteDBClient {
      * ```
      */
     updateSecurityConfig(config: Partial<SecurityConfig>): Promise<void>;
+    /** Per-tenant user data spaces (`GET /api/v1/security/user-isolation`). Requires security admin. */
+    getUserIsolationConfig(): Promise<UserIsolationConfig>;
+    /** Enable or reconfigure user isolation (`PUT /api/v1/security/user-isolation`). */
+    setUserIsolationConfig(config: Partial<UserIsolationConfig>): Promise<UserIsolationConfig>;
+    /** Disable user isolation and remove generated policies (`DELETE /api/v1/security/user-isolation`). */
+    disableUserIsolation(): Promise<void>;
+    /**
+     * Loads server isolation config; when enabled, configures client-side identifier prefixing to match
+     * the server (namespace + shared paths). Does not send `X-Prefix`; identifiers in requests are rewritten.
+     */
+    enableUserIsolation(): Promise<UserIsolationConfig>;
     createBranch(name: string, fromBranch?: string, fromDate?: string): Promise<void>;
     deleteBranch(name: string): Promise<void>;
     deleteRevision(branch: string, date: string): Promise<void>;
@@ -375,6 +413,32 @@ export declare class XCiteDBClient {
         status: string;
         message: string;
     }>;
+    reembedVector(): Promise<{
+        status: string;
+        message: string;
+    }>;
+    /** Project search / FTS / vector / LLM configuration (`GET /api/v1/project/settings/search`). */
+    getProjectSearchSettings(): Promise<ProjectSearchSettings>;
+    /** Update project search settings (`PUT /api/v1/project/settings/search`). Returns the same shape as GET. */
+    updateProjectSearchSettings(patch: ProjectSearchSettingsUpdate): Promise<ProjectSearchSettings>;
+    /** Blocking full DB scan (admin; no calls to embedding API). Prefer {@link postVectorIndexEstimateSession} for UI. */
+    getVectorIndexEstimate(): Promise<VectorIndexEstimate>;
+    /** Start background estimate (202); cancel prior session for this tenant. */
+    postVectorIndexEstimateSession(): Promise<VectorIndexEstimate>;
+    getVectorIndexEstimateSession(sessionId: string): Promise<VectorIndexEstimate>;
+    deleteVectorIndexEstimateSession(sessionId: string): Promise<{
+        status?: string;
+    }>;
+    /**
+     * RAG over indexed documents (`POST /api/v1/rag/query` with JSON body).
+     * Requires LLM completion; embedding required when retrieval uses semantic or hybrid.
+     */
+    ragQuery(options: Omit<RagQueryOptions, 'stream'>): Promise<RagQueryResult>;
+    /**
+     * Streaming RAG (`POST /api/v1/rag/query` with `stream: true`). Parses SSE `data: {...}` lines.
+     * The final event has `done: true` and may include `sources`.
+     */
+    ragQueryStream(options: Omit<RagQueryOptions, 'stream'>, onEvent: (ev: RagStreamEvent) => void): Promise<void>;
     writeJsonDocument(identifier: string, data: unknown): Promise<void>;
     readJsonDocument<T = unknown>(identifier: string): Promise<T>;
     deleteJsonDocument(identifier: string): Promise<void>;