npm - @xnetjs/sync - Versions diffs - 0.0.2 → 0.0.3 - Mend

@xnetjs/sync 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,98 +1,7 @@
-import { DID, ContentId, PolicyEvaluator, AuthDecision } from '@xnetjs/core';
+import { ContentId, DID, PolicyEvaluator, AuthDecision } from '@xnetjs/core';
 import { UnifiedSignature, SignatureWire, SecurityLevel, EncryptedData, WrappedKey } from '@xnetjs/crypto';
 import { PQKeyRegistry, HybridKeyBundle } from '@xnetjs/identity';
-/**
- * Lamport clock utilities for total ordering in distributed systems.
- *
- * Lamport timestamps provide a simple, single-integer logical clock that:
- * - Guarantees total ordering of events (with tie-breaker)
- * - Requires no coordination between nodes
- * - Is trivial to merge (max + 1)
- *
- * Combined with author DID as tie-breaker, this gives deterministic
- * ordering across all nodes without the complexity of vector clocks.
- */
-/**
- * A Lamport timestamp with author for deterministic tie-breaking.
- *
- * Two changes are ordered by:
- * 1. Lamport time (lower = earlier)
- * 2. Author DID string comparison (deterministic tie-breaker)
- */
-interface LamportTimestamp {
-    /** Logical time - increments on each change */
-    time: number;
-    /** Author DID - used for deterministic tie-breaking */
-    author: DID;
-}
-/**
- * A Lamport clock that tracks the current logical time.
- * Each author maintains their own clock instance.
- */
-interface LamportClock {
-    /** Current logical time */
-    time: number;
-    /** The author's DID */
-    author: DID;
-}
-/**
- * Create a new Lamport clock for an author.
- * Starts at time 0; first tick will produce time 1.
- */
-declare function createLamportClock(author: DID): LamportClock;
-/**
- * Tick the clock and return a new timestamp.
- * This should be called when creating a new change.
- *
- * @param clock - The clock to tick
- * @returns A tuple of [newClock, timestamp]
- */
-declare function tick(clock: LamportClock): [LamportClock, LamportTimestamp];
-/**
- * Update the clock after receiving a change from another node.
- * Sets our time to max(ourTime, receivedTime) so next tick is greater.
- *
- * @param clock - Our local clock
- * @param receivedTime - The Lamport time from the received change
- * @returns Updated clock
- */
-declare function receive(clock: LamportClock, receivedTime: number): LamportClock;
-/**
- * Compare two Lamport timestamps for ordering.
- *
- * @returns
- *   -1 if a < b (a happened before b)
- *    1 if a > b (a happened after b)
- *    0 if a === b (same timestamp - should be rare)
- */
-declare function compareLamportTimestamps(a: LamportTimestamp, b: LamportTimestamp): -1 | 0 | 1;
-/**
- * Check if timestamp a is strictly before timestamp b.
- */
-declare function isBefore(a: LamportTimestamp, b: LamportTimestamp): boolean;
-/**
- * Check if timestamp a is strictly after timestamp b.
- */
-declare function isAfter(a: LamportTimestamp, b: LamportTimestamp): boolean;
-/**
- * Serialize a Lamport timestamp to a string for storage/sorting.
- * Format: {time-padded-16-digits}-{author}
- *
- * The padding ensures lexicographic string sorting matches numeric sorting.
- */
-declare function serializeTimestamp(ts: LamportTimestamp): string;
-/**
- * Parse a serialized Lamport timestamp.
- */
-declare function parseTimestamp(serialized: string): LamportTimestamp;
-/**
- * Get the maximum Lamport time from a list of timestamps.
- * Useful for initializing a clock after loading existing changes.
- */
-declare function maxTime(timestamps: LamportTimestamp[]): number;
 /**
  * Change types for xNet sync primitives
  *
@@ -149,8 +58,11 @@ interface Change<T = unknown> {
     signature: Uint8Array;
     /** Wall clock timestamp (milliseconds) - for display, not ordering */
     wallTime: number;
-    /** Lamport timestamp for ordering */
-    lamport: LamportTimestamp;
+    /**
+     * Lamport logical time for ordering (a plain integer). The author tiebreak
+     * for LWW comes from `authorDID`; this field is just the clock value.
+     */
+    lamport: number;
     /**
      * Groups changes that should be treated as a single atomic operation.
      * All changes with the same batchId were created in one transaction.
@@ -180,7 +92,7 @@ interface UnsignedChange<T = unknown> {
     parentHash: ContentId | null;
     authorDID: DID;
     wallTime: number;
-    lamport: LamportTimestamp;
+    lamport: number;
     batchId?: string;
     batchIndex?: number;
     batchSize?: number;
@@ -194,7 +106,7 @@ interface CreateChangeOptions<T> {
     payload: T;
     parentHash: ContentId | null;
     authorDID: DID;
-    lamport: LamportTimestamp;
+    lamport: number;
     wallTime?: number;
     batchId?: string;
     batchIndex?: number;
@@ -225,6 +137,22 @@ declare function computeChangeHash<T>(unsigned: UnsignedChange<T>): ContentId;
  * @returns Signed change with hash and signature
  */
 declare function signChange<T>(unsigned: UnsignedChange<T>, signingKey: Uint8Array): Change<T>;
+/**
+ * Pluggable async change signer. Lets integrators move Ed25519 signing off
+ * the interactive path (WebCrypto, a worker, or a remote signer) while
+ * producing byte-identical signatures to {@link signChange}.
+ */
+type ChangeSigner = <T>(unsigned: UnsignedChange<T>) => Promise<Change<T>>;
+/**
+ * Create a {@link ChangeSigner} backed by WebCrypto Ed25519.
+ *
+ * Ed25519 is deterministic (RFC 8032), so signatures are byte-identical to
+ * the synchronous {@link signChange} path — only the execution moves off
+ * the calling thread. Returns null when the runtime has no SubtleCrypto;
+ * if WebCrypto rejects Ed25519 at runtime, the signer falls back to the
+ * synchronous path transparently.
+ */
+declare function createWebCryptoChangeSigner(signingKey: Uint8Array): ChangeSigner | null;
 /**
  * Verify a change's signature against a public key.
  *
@@ -238,6 +166,16 @@ declare function signChange<T>(unsigned: UnsignedChange<T>, signingKey: Uint8Arr
  * @returns true if the signature is valid
  */
 declare function verifyChange<T>(change: Change<T>, publicKey: Uint8Array): boolean;
+/**
+ * Recompute the content hash of a signed change from its own fields.
+ *
+ * Reconstructs the unsigned form (the exact field set that goes into the hash)
+ * and runs {@link computeChangeHash}. This is the single source of truth for
+ * "which fields are hashed" — {@link verifyChangeHash} is defined in terms of
+ * it, and callers that need to *report* a mismatch (not just detect one) can
+ * use it to surface the hash this build expects.
+ */
+declare function recomputeChangeHash<T>(change: Change<T>): ContentId;
 /**
  * Verify that a change's hash is correct (not tampered).
  * This re-computes the hash from the change data and compares.
@@ -251,6 +189,97 @@ declare function verifyChangeHash<T>(change: Change<T>): boolean;
  */
 declare function createChangeId(): string;
+/**
+ * Lamport clock utilities for total ordering in distributed systems.
+ *
+ * Lamport timestamps provide a simple, single-integer logical clock that:
+ * - Guarantees total ordering of events (with tie-breaker)
+ * - Requires no coordination between nodes
+ * - Is trivial to merge (max + 1)
+ *
+ * Combined with author DID as tie-breaker, this gives deterministic
+ * ordering across all nodes without the complexity of vector clocks.
+ */
+/**
+ * A Lamport timestamp with author for deterministic tie-breaking.
+ *
+ * Two changes are ordered by:
+ * 1. Lamport time (lower = earlier)
+ * 2. Author DID string comparison (deterministic tie-breaker)
+ */
+interface LamportTimestamp {
+    /** Logical time - increments on each change */
+    time: number;
+    /** Author DID - used for deterministic tie-breaking */
+    author: DID;
+}
+/**
+ * A Lamport clock that tracks the current logical time.
+ * Each author maintains their own clock instance.
+ */
+interface LamportClock {
+    /** Current logical time */
+    time: number;
+    /** The author's DID */
+    author: DID;
+}
+/**
+ * Create a new Lamport clock for an author.
+ * Starts at time 0; first tick will produce time 1.
+ */
+declare function createLamportClock(author: DID): LamportClock;
+/**
+ * Tick the clock and return a new timestamp.
+ * This should be called when creating a new change.
+ *
+ * @param clock - The clock to tick
+ * @returns A tuple of [newClock, timestamp]
+ */
+declare function tick(clock: LamportClock): [LamportClock, LamportTimestamp];
+/**
+ * Update the clock after receiving a change from another node.
+ * Sets our time to max(ourTime, receivedTime) so next tick is greater.
+ *
+ * @param clock - Our local clock
+ * @param receivedTime - The Lamport time from the received change
+ * @returns Updated clock
+ */
+declare function receive(clock: LamportClock, receivedTime: number): LamportClock;
+/**
+ * Compare two Lamport timestamps for ordering.
+ *
+ * @returns
+ *   -1 if a < b (a happened before b)
+ *    1 if a > b (a happened after b)
+ *    0 if a === b (same timestamp - should be rare)
+ */
+declare function compareLamportTimestamps(a: LamportTimestamp, b: LamportTimestamp): -1 | 0 | 1;
+/**
+ * Check if timestamp a is strictly before timestamp b.
+ */
+declare function isBefore(a: LamportTimestamp, b: LamportTimestamp): boolean;
+/**
+ * Check if timestamp a is strictly after timestamp b.
+ */
+declare function isAfter(a: LamportTimestamp, b: LamportTimestamp): boolean;
+/**
+ * Serialize a Lamport timestamp to a string for storage/sorting.
+ * Format: {time-padded-16-digits}-{author}
+ *
+ * The padding ensures lexicographic string sorting matches numeric sorting.
+ */
+declare function serializeTimestamp(ts: LamportTimestamp): string;
+/**
+ * Parse a serialized Lamport timestamp.
+ */
+declare function parseTimestamp(serialized: string): LamportTimestamp;
+/**
+ * Get the maximum Lamport time from a list of timestamps.
+ * Useful for initializing a clock after loading existing changes.
+ */
+declare function maxTime(timestamps: LamportTimestamp[]): number;
 /**
  * Hash chain utilities for managing linked changes.
  *
@@ -946,6 +975,145 @@ declare abstract class BaseSyncProvider<T = unknown> implements SyncProvider<T>
     canUseFeatureWithAll(feature: FeatureFlag): boolean;
 }
+/**
+ * Sync runtime lifecycle helpers.
+ */
+type SyncConnectionStatus = 'disconnected' | 'connecting' | 'connected' | 'error';
+type SyncLifecyclePhase = 'idle' | 'starting' | 'local-ready' | 'connecting' | 'healthy' | 'degraded' | 'replaying' | 'stopped';
+type SyncLifecycleInput = {
+    started: boolean;
+    stopped: boolean;
+    localReady: boolean;
+    everConnected: boolean;
+    connectionStatus: SyncConnectionStatus;
+    replaying?: boolean;
+};
+type SyncLifecycleState = {
+    phase: SyncLifecyclePhase;
+    connectionStatus: SyncConnectionStatus;
+    replaying: boolean;
+    lastTransitionAt: number;
+};
+declare function deriveSyncLifecyclePhase(input: SyncLifecycleInput): SyncLifecyclePhase;
+declare function createSyncLifecycleState(input: SyncLifecycleInput, previous?: SyncLifecycleState): SyncLifecycleState;
+/**
+ * Signed-replication policy helpers.
+ */
+type ReplicationNamespaceKind = 'system' | 'user';
+type SyncFederationHub = {
+    /**
+     * Stable hub identifier used by policy nodes. Fallback hubs use their URL.
+     */
+    id: string;
+    /** WebSocket URL for this hub. */
+    url: string;
+    /** Lower values are selected first when maxHubs prunes a plan. */
+    priority?: number;
+    /** Namespace kinds this hub accepts. Omit to accept both. */
+    kinds?: readonly ReplicationNamespaceKind[];
+    /** Disabled hubs stay in config for traceability but are not selected. */
+    disabled?: boolean;
+};
+type SyncFederationNamespacePolicy = {
+    /** Exact namespace, namespace prefix, or `*`. */
+    namespace: string;
+    /** Optional override when namespace syntax is ambiguous. */
+    kind?: ReplicationNamespaceKind;
+    /** Restrict replication to these hub IDs. */
+    includeHubIds?: readonly string[];
+    /** Remove these hub IDs after includes/defaults are applied. */
+    excludeHubIds?: readonly string[];
+    /** Minimum destination count expected for this namespace. */
+    minHubs?: number;
+    /** Maximum destination count. Pruning is priority/id deterministic. */
+    maxHubs?: number;
+};
+type SyncFederationConfig = {
+    /** Federated hub inventory. */
+    hubs?: readonly SyncFederationHub[];
+    /** Namespace-specific destination policies. */
+    namespacePolicies?: readonly SyncFederationNamespacePolicy[];
+    /** Default destinations for `sys/*` namespaces when no policy include list exists. */
+    defaultSystemHubIds?: readonly string[];
+    /** Default destinations for user namespaces when no policy include list exists. */
+    defaultUserHubIds?: readonly string[];
+};
+interface SyncCompatibilityConfig {
+    /**
+     * Temporary compatibility mode for legacy peers that still send unsigned
+     * Yjs replication payloads.
+     */
+    allowUnsignedReplication?: boolean;
+}
+interface SyncReplicationConfig {
+    /**
+     * Compatibility toggles for older replication paths.
+     */
+    compatibility?: SyncCompatibilityConfig;
+    /**
+     * Multi-hub federation routing policy.
+     */
+    federation?: SyncFederationConfig;
+}
+interface ResolvedSyncReplicationPolicy {
+    /**
+     * Whether unsigned replication payloads are accepted.
+     */
+    allowUnsignedReplication: boolean;
+    /**
+     * Whether replication payloads must be signed.
+     */
+    requireSignedReplication: boolean;
+}
+type ReplicationPlanDestination = {
+    hubId: string;
+    url: string;
+    priority: number;
+    reason: string;
+};
+type ReplicationPlanDiagnostic = {
+    code: 'no_hubs_configured' | 'policy_hub_not_found' | 'minimum_hubs_not_satisfied' | 'hub_kind_mismatch' | 'hub_disabled';
+    message: string;
+    hubId?: string;
+};
+type ReplicationPlanTraceStep = {
+    step: string;
+    message: string;
+    hubId?: string;
+    namespace?: string;
+};
+type ReplicationPlan = {
+    namespace: string;
+    kind: ReplicationNamespaceKind;
+    policy: SyncFederationNamespacePolicy | null;
+    destinations: ReplicationPlanDestination[];
+    diagnostics: ReplicationPlanDiagnostic[];
+    trace: ReplicationPlanTraceStep[];
+};
+type PolicyRevisionSimulation = {
+    before: ReplicationPlan;
+    after: ReplicationPlan;
+    addedHubIds: string[];
+    removedHubIds: string[];
+    retainedHubIds: string[];
+    changed: boolean;
+};
+declare function resolveSyncReplicationPolicy(config: SyncReplicationConfig | undefined): ResolvedSyncReplicationPolicy;
+declare function inferReplicationNamespaceKind(namespace: string): ReplicationNamespaceKind;
+declare function normalizeSyncFederationHubs(config: SyncReplicationConfig | undefined, fallbackUrls?: string[]): SyncFederationHub[];
+declare function planReplicationDestinations(input: {
+    namespace: string;
+    config?: SyncReplicationConfig;
+    fallbackHubUrls?: string[];
+}): ReplicationPlan;
+declare function simulateSyncPolicyRevision(input: {
+    namespace: string;
+    current?: SyncReplicationConfig;
+    revision?: SyncReplicationConfig;
+    fallbackHubUrls?: string[];
+}): PolicyRevisionSimulation;
 /**
  * Signed Yjs Envelopes - Per-update signing and verification for Yjs sync messages
  *
@@ -1192,6 +1360,10 @@ declare function isLegacyUpdate(msg: unknown): msg is {
  */
 /** Maximum size of a single Yjs update (1MB) */
 declare const MAX_YJS_UPDATE_SIZE = 1048576;
+/** Maximum size of a Yjs state-vector request (64KB) */
+declare const MAX_YJS_STATE_VECTOR_SIZE = 65536;
+/** Maximum size of a Yjs awareness update or direct awareness state (64KB) */
+declare const MAX_YJS_AWARENESS_UPDATE_SIZE = 65536;
 /** Maximum updates per second per connection */
 declare const MAX_YJS_UPDATES_PER_SECOND = 30;
 /** Maximum updates per minute per connection (sustained rate) */
@@ -1287,6 +1459,22 @@ declare class YjsRateLimiter {
  * Check if an update exceeds the size limit.
  */
 declare function isUpdateTooLarge(update: Uint8Array, maxSize?: number): boolean;
+/**
+ * Estimate decoded byte length for a base64 payload.
+ */
+declare function estimateBase64DecodedLength(value: string): number;
+/**
+ * Check if a base64 payload would exceed a decoded size limit.
+ */
+declare function isBase64PayloadTooLarge(value: string, maxSize: number): boolean;
+/**
+ * Check if a state-vector request exceeds the size limit.
+ */
+declare function isStateVectorTooLarge(stateVector: Uint8Array, maxSize?: number): boolean;
+/**
+ * Check if an awareness update exceeds the size limit.
+ */
+declare function isAwarenessUpdateTooLarge(update: Uint8Array, maxSize?: number): boolean;
 /**
  * Check if a document state exceeds the size limit.
  */
@@ -1428,6 +1616,17 @@ type YjsViolationType = 'invalidSignature' | 'oversizedUpdate' | 'rateExceeded'
  * Action to take based on peer score.
  */
 type PeerAction = 'allow' | 'warn' | 'throttle' | 'block';
+/**
+ * Emitted whenever a violation produces a peer action.
+ */
+interface YjsPeerActionEvent {
+    peerId: string;
+    reason: YjsViolationType;
+    action: PeerAction;
+    score: number;
+    metrics: YjsPeerMetrics;
+}
+type YjsPeerActionListener = (event: YjsPeerActionEvent) => void;
 /**
  * Optional telemetry collector interface for sync operations.
  * Compatible with @xnetjs/telemetry TelemetryCollector.
@@ -1504,6 +1703,7 @@ declare class YjsPeerScorer {
     private scores;
     readonly config: YjsScoringConfig;
     private telemetry?;
+    private actionListeners;
     constructor(config?: Partial<YjsScoringConfig>);
     /**
      * Record a violation for a peer.
@@ -1549,10 +1749,17 @@ declare class YjsPeerScorer {
      * Get all metrics (for monitoring endpoint).
      */
     getAllMetrics(): Map<string, YjsPeerMetrics>;
+    /**
+     * Listen for peer actions caused by violations.
+     *
+     * Returns an unsubscribe callback so owning packages can cleanly detach bridges.
+     */
+    onAction(listener: YjsPeerActionListener): () => void;
     /**
      * Remove all state for a disconnected peer.
      */
     remove(peerId: string): void;
+    private emitAction;
     /**
      * Clear all state.
      */
@@ -2031,8 +2238,8 @@ interface CreateYjsChangeOptions {
     privateKey: Uint8Array;
     /** Hash of the previous change in the chain (null for first) */
     parentHash: ContentId | null;
-    /** Lamport timestamp for ordering */
-    lamport: LamportTimestamp;
+    /** Lamport logical clock value for ordering */
+    lamport: number;
     /** Optional wall time (defaults to Date.now()) */
     wallTime?: number;
 }
@@ -2059,7 +2266,7 @@ declare function createUnsignedYjsChange(options: Omit<CreateYjsChangeOptions, '
  *   authorDID: identity.did,
  *   privateKey: identity.privateKey,
  *   parentHash: lastChangeHash,
- *   lamport: { time: 42, did: identity.did }
+ *   lamport: 42
  * })
  * ```
  */
@@ -2334,7 +2541,7 @@ interface SerializerRegistry {
  *   authorDID: string,
  *   signature: string (base64),
  *   wallTime: number,
- *   lamport: { time: number, did: string },
+ *   lamport: number,
  *   batchId?: string,
  *   batchIndex?: number,
  *   batchSize?: number
@@ -3200,4 +3407,4 @@ declare function createSecurityPolicy(options?: Partial<SecurityPolicy>): Securi
  */
 declare function mergeSecurityPolicies(...policies: Partial<SecurityPolicy>[]): SecurityPolicy;
-export { ALL_FEATURES, type AttestationVerificationResult, type AttestationVerifyResult, type AuthorizedDoc, type AuthorizedRoom, type AuthorizedStateAdapter, AuthorizedSyncManager, type AuthorizedSyncManagerOptions, AuthorizedYjsError, AuthorizedYjsSyncProvider, type AuthorizedYjsSyncProviderOptions, BaseSyncProvider, type BatchFlushCallback, COMPACTION_TIME_THRESHOLD, COMPACTION_UPDATE_THRESHOLD, CURRENT_PROTOCOL_VERSION, type ChainValidationResult, type Change, type ChangeHandler, ChangeHandlerRegistry, type ChangeSerializer, type ClientIdAttestation, type ClientIdAttestationV1, type ClientIdAttestationV2, type ClientIdAttestationWire, type ClientIdMap, ClientIdMapImpl, type ContentKeyProvider, type CreateAttestationOptions, type CreateChangeOptions, type CreateEnvelopeOptions, type CreateYjsChangeOptions, DEFAULT_BATCHER_CONFIG, DEFAULT_RATE_LIMITER_CONFIG, DEFAULT_SECURITY_POLICY, DEFAULT_YJS_SCORING_CONFIG, DEPRECATIONS, DEPRECATION_POLICY, type DeprecationCallback, type DeprecationContext, DeprecationError, type DeprecationNotice, type DeprecationType, type DeprecationWarning, type DeserializeError, type DeserializeOutcome, type DeserializeResult, type EncryptedYjsState, type EnvelopeVerificationResult, type EnvelopeVerifyResult, FEATURES, type FeatureConfig, type FeatureFlag, type FeatureValidationError, type FeatureValidationResult, type FeatureValidationWarning, type Fork, type GrantEventStore, HYBRID_SECURITY_POLICY, type HandlerContext, type HandlerEvent, type IntegrityIssue, type IntegrityIssueType, type IntegrityMonitor, type IntegrityMonitorConfig, type IntegrityMonitorStats, type IntegrityReport, type LamportClock, type LamportTimestamp, MAX_SECURITY_POLICY, MAX_YJS_DOC_SIZE, MAX_YJS_UPDATES_PER_MINUTE, MAX_YJS_UPDATES_PER_SECOND, MAX_YJS_UPDATE_SIZE, type MergeUpdatesFn, type NegotiatedSession, type NegotiationFailure, type NegotiationResult, type NegotiationWarning, type OperationType, type PeerAction, type PeerCapabilities, type PeerInfo, type PersistedDocState, type ProcessResult, type RateLimiterConfig, type ReactIntegrityMonitorOptions, type RecipientKeyResolver, type RegistryStats, type RepairAction, type RepairActionType, type SecurityPolicy, type SerializeOptions, type SerializedChange, type SerializerRegistry, type SignedYjsEnvelope, type SignedYjsEnvelopeV1, type SignedYjsEnvelopeV2, type SignedYjsEnvelopeWire, type SyncEventListener, type SyncProvider, type SyncProviderEvents, type SyncProviderOptions, type SyncStatus, type UnsignedChange, type UnsignedYjsChange, V1Serializer, V2Serializer, type ValidationError, type ValidationResult, type ValidationWarning, type VerifyAttestationOptions, type VerifyEnvelopeOptions, type VerifyOptions, VersionNegotiator, type YDocCodec, type YDocLike, YJS_CHANGE_TYPE, YJS_RATE_BURST_ALLOWANCE, YJS_SYNC_CHUNK_SIZE, type YjsAuthDecision, YjsAuthGate, type YjsAuthGateOptions, YjsBatcher, type YjsBatcherConfig, type YjsChange, YjsCheckpointer, type YjsCheckpointerOptions, YjsIntegrityError, type YjsPeerMetrics, YjsPeerScorer, YjsRateLimiter, type YjsScoringConfig, YjsStateIntegrityError, type YjsUpdatePayload, type YjsViolationType, addDependencies, attemptRepair, autoDeserialize, autoSerialize, calculateChunkCount, changeHandlerRegistry, checkAndLogDeprecations, checkDeprecations, chunkUpdate, clearLoggedDeprecations, compareLamportTimestamps, computeChangeHash, configureDeprecationPolicy, createBatchId, createChangeId, createClientIdAttestation, createClientIdAttestationV1, createClientIdAttestationV2, createHandler, createIntegrityMonitor, createLamportClock, createLocalCapabilities, createPersistedDocState, createReactIntegrityMonitor, createSecurityPolicy, createSerializerRegistry, createTestContext, createUnsignedChange, createUnsignedYjsChange, createVersionedHandler, createYjsChange, decryptYjsState, defaultNegotiator, deserializeClientIdAttestation, deserializeEncryptedYjsState, deserializeYjsEnvelope, detectFork, diffFeatures, encryptYjsState, envelopeSize, findCommonAncestor, findHeads, findOrphans, findRoots, formatDeprecationReport, formatIntegrityReport, getAllDependencies, getAncestry, getChainDepth, getChainHeads, getChainRoots, getChangeNodeId, getDefaultSerializer, getDeprecation, getDeprecationsByType, getEnabledFeatures, getFeatureConflicts, getFeatureDependencies, getFeatureVersion, getForks, getOptionalFeatures, getRequiredFeatures, getSecurityLevel, getSerializer, hasSignedEnvelope, hashYjsState, intersectFeatures, isAfter, isBefore, isCriticalOperation, isDeprecated, isDocumentTooLarge, isEphemeralOperation, isFeatureAvailable, isFeatureEnabled, isLegacyUpdate, isNodeChange, isRemoved, isUpdateTooLarge, isV1Attestation, isV1Envelope, isV2Attestation, isV2Envelope, isYjsChange, loadVerifiedState, logDeprecation, maxTime, mergeSecurityPolicies, parseCapabilities, parseTimestamp, quickIntegrityCheck, reassembleChunks, receive, registerDeprecation, serializeClientIdAttestation, serializeEncryptedYjsState, serializeTimestamp, serializeYjsEnvelope, serializerRegistry, shouldCompact, signChange, signYjsUpdate, signYjsUpdateBatch, signYjsUpdateV1, signYjsUpdateV2, tick, toEncryptedData, topologicalSort, v1Serializer, v2Serializer, validateChain, validateClientIdOwnership, validateFeatureSet, verifyChange, verifyChangeHash, verifyClientIdAttestation, verifyClientIdAttestationV1, verifyClientIdAttestationV2, verifyIntegrity, verifyPersistedDocState, verifySingleChange, verifyYjsEnvelope, verifyYjsEnvelopeQuick, verifyYjsEnvelopeV1, verifyYjsEnvelopeV2, verifyYjsStateIntegrity };
+export { ALL_FEATURES, type AttestationVerificationResult, type AttestationVerifyResult, type AuthorizedDoc, type AuthorizedRoom, type AuthorizedStateAdapter, AuthorizedSyncManager, type AuthorizedSyncManagerOptions, AuthorizedYjsError, AuthorizedYjsSyncProvider, type AuthorizedYjsSyncProviderOptions, BaseSyncProvider, type BatchFlushCallback, COMPACTION_TIME_THRESHOLD, COMPACTION_UPDATE_THRESHOLD, CURRENT_PROTOCOL_VERSION, type ChainValidationResult, type Change, type ChangeHandler, ChangeHandlerRegistry, type ChangeSerializer, type ChangeSigner, type ClientIdAttestation, type ClientIdAttestationV1, type ClientIdAttestationV2, type ClientIdAttestationWire, type ClientIdMap, ClientIdMapImpl, type ContentKeyProvider, type CreateAttestationOptions, type CreateChangeOptions, type CreateEnvelopeOptions, type CreateYjsChangeOptions, DEFAULT_BATCHER_CONFIG, DEFAULT_RATE_LIMITER_CONFIG, DEFAULT_SECURITY_POLICY, DEFAULT_YJS_SCORING_CONFIG, DEPRECATIONS, DEPRECATION_POLICY, type DeprecationCallback, type DeprecationContext, DeprecationError, type DeprecationNotice, type DeprecationType, type DeprecationWarning, type DeserializeError, type DeserializeOutcome, type DeserializeResult, type EncryptedYjsState, type EnvelopeVerificationResult, type EnvelopeVerifyResult, FEATURES, type FeatureConfig, type FeatureFlag, type FeatureValidationError, type FeatureValidationResult, type FeatureValidationWarning, type Fork, type GrantEventStore, HYBRID_SECURITY_POLICY, type HandlerContext, type HandlerEvent, type IntegrityIssue, type IntegrityIssueType, type IntegrityMonitor, type IntegrityMonitorConfig, type IntegrityMonitorStats, type IntegrityReport, type LamportClock, type LamportTimestamp, MAX_SECURITY_POLICY, MAX_YJS_AWARENESS_UPDATE_SIZE, MAX_YJS_DOC_SIZE, MAX_YJS_STATE_VECTOR_SIZE, MAX_YJS_UPDATES_PER_MINUTE, MAX_YJS_UPDATES_PER_SECOND, MAX_YJS_UPDATE_SIZE, type MergeUpdatesFn, type NegotiatedSession, type NegotiationFailure, type NegotiationResult, type NegotiationWarning, type OperationType, type PeerAction, type PeerCapabilities, type PeerInfo, type PersistedDocState, type PolicyRevisionSimulation, type ProcessResult, type RateLimiterConfig, type ReactIntegrityMonitorOptions, type RecipientKeyResolver, type RegistryStats, type RepairAction, type RepairActionType, type ReplicationNamespaceKind, type ReplicationPlan, type ReplicationPlanDestination, type ReplicationPlanDiagnostic, type ReplicationPlanTraceStep, type ResolvedSyncReplicationPolicy, type SecurityPolicy, type SerializeOptions, type SerializedChange, type SerializerRegistry, type SignedYjsEnvelope, type SignedYjsEnvelopeV1, type SignedYjsEnvelopeV2, type SignedYjsEnvelopeWire, type SyncCompatibilityConfig, type SyncConnectionStatus, type SyncEventListener, type SyncFederationConfig, type SyncFederationHub, type SyncFederationNamespacePolicy, type SyncLifecycleInput, type SyncLifecyclePhase, type SyncLifecycleState, type SyncProvider, type SyncProviderEvents, type SyncProviderOptions, type SyncReplicationConfig, type SyncStatus, type UnsignedChange, type UnsignedYjsChange, V1Serializer, V2Serializer, type ValidationError, type ValidationResult, type ValidationWarning, type VerifyAttestationOptions, type VerifyEnvelopeOptions, type VerifyOptions, VersionNegotiator, type YDocCodec, type YDocLike, YJS_CHANGE_TYPE, YJS_RATE_BURST_ALLOWANCE, YJS_SYNC_CHUNK_SIZE, type YjsAuthDecision, YjsAuthGate, type YjsAuthGateOptions, YjsBatcher, type YjsBatcherConfig, type YjsChange, YjsCheckpointer, type YjsCheckpointerOptions, YjsIntegrityError, type YjsPeerActionEvent, type YjsPeerActionListener, type YjsPeerMetrics, YjsPeerScorer, YjsRateLimiter, type YjsRateLimiterOptions, type YjsScoringConfig, YjsStateIntegrityError, type YjsUpdatePayload, type YjsViolationType, addDependencies, attemptRepair, autoDeserialize, autoSerialize, calculateChunkCount, changeHandlerRegistry, checkAndLogDeprecations, checkDeprecations, chunkUpdate, clearLoggedDeprecations, compareLamportTimestamps, computeChangeHash, configureDeprecationPolicy, createBatchId, createChangeId, createClientIdAttestation, createClientIdAttestationV1, createClientIdAttestationV2, createHandler, createIntegrityMonitor, createLamportClock, createLocalCapabilities, createPersistedDocState, createReactIntegrityMonitor, createSecurityPolicy, createSerializerRegistry, createSyncLifecycleState, createTestContext, createUnsignedChange, createUnsignedYjsChange, createVersionedHandler, createWebCryptoChangeSigner, createYjsChange, decryptYjsState, defaultNegotiator, deriveSyncLifecyclePhase, deserializeClientIdAttestation, deserializeEncryptedYjsState, deserializeYjsEnvelope, detectFork, diffFeatures, encryptYjsState, envelopeSize, estimateBase64DecodedLength, findCommonAncestor, findHeads, findOrphans, findRoots, formatDeprecationReport, formatIntegrityReport, getAllDependencies, getAncestry, getChainDepth, getChainHeads, getChainRoots, getChangeNodeId, getDefaultSerializer, getDeprecation, getDeprecationsByType, getEnabledFeatures, getFeatureConflicts, getFeatureDependencies, getFeatureVersion, getForks, getOptionalFeatures, getRequiredFeatures, getSecurityLevel, getSerializer, hasSignedEnvelope, hashYjsState, inferReplicationNamespaceKind, intersectFeatures, isAfter, isAwarenessUpdateTooLarge, isBase64PayloadTooLarge, isBefore, isCriticalOperation, isDeprecated, isDocumentTooLarge, isEphemeralOperation, isFeatureAvailable, isFeatureEnabled, isLegacyUpdate, isNodeChange, isRemoved, isStateVectorTooLarge, isUpdateTooLarge, isV1Attestation, isV1Envelope, isV2Attestation, isV2Envelope, isYjsChange, loadVerifiedState, logDeprecation, maxTime, mergeSecurityPolicies, normalizeSyncFederationHubs, parseCapabilities, parseTimestamp, planReplicationDestinations, quickIntegrityCheck, reassembleChunks, receive, recomputeChangeHash, registerDeprecation, resolveSyncReplicationPolicy, serializeClientIdAttestation, serializeEncryptedYjsState, serializeTimestamp, serializeYjsEnvelope, serializerRegistry, shouldCompact, signChange, signYjsUpdate, signYjsUpdateBatch, signYjsUpdateV1, signYjsUpdateV2, simulateSyncPolicyRevision, tick, toEncryptedData, topologicalSort, v1Serializer, v2Serializer, validateChain, validateClientIdOwnership, validateFeatureSet, verifyChange, verifyChangeHash, verifyClientIdAttestation, verifyClientIdAttestationV1, verifyClientIdAttestationV2, verifyIntegrity, verifyPersistedDocState, verifySingleChange, verifyYjsEnvelope, verifyYjsEnvelopeQuick, verifyYjsEnvelopeV1, verifyYjsEnvelopeV2, verifyYjsStateIntegrity };

package/dist/index.js CHANGED Viewed

@@ -62,6 +62,55 @@ function signChange(unsigned, signingKey) {
     signature
   };
 }
+var ED25519_PKCS8_PREFIX = new Uint8Array([
+  48,
+  46,
+  2,
+  1,
+  0,
+  48,
+  5,
+  6,
+  3,
+  43,
+  101,
+  112,
+  4,
+  34,
+  4,
+  32
+]);
+function createWebCryptoChangeSigner(signingKey) {
+  const subtle = globalThis.crypto?.subtle;
+  if (!subtle || typeof subtle.importKey !== "function") {
+    return null;
+  }
+  const pkcs8 = new Uint8Array(ED25519_PKCS8_PREFIX.length + 32);
+  pkcs8.set(ED25519_PKCS8_PREFIX, 0);
+  pkcs8.set(signingKey.subarray(0, 32), ED25519_PKCS8_PREFIX.length);
+  let cryptoKeyPromise = null;
+  let webCryptoUnavailable = false;
+  const importSigningKey = () => {
+    cryptoKeyPromise ??= subtle.importKey("pkcs8", pkcs8, { name: "Ed25519" }, false, ["sign"]);
+    return cryptoKeyPromise;
+  };
+  return async (unsigned) => {
+    if (webCryptoUnavailable) {
+      return signChange(unsigned, signingKey);
+    }
+    const hash4 = computeChangeHash(unsigned);
+    try {
+      const key = await importSigningKey();
+      const signature = new Uint8Array(
+        await subtle.sign("Ed25519", key, new TextEncoder().encode(hash4))
+      );
+      return { ...unsigned, hash: hash4, signature };
+    } catch {
+      webCryptoUnavailable = true;
+      return signChange(unsigned, signingKey);
+    }
+  };
+}
 function verifyChange(change, publicKey) {
   const version = change.protocolVersion ?? 0;
   if (version > CURRENT_PROTOCOL_VERSION) {
@@ -72,7 +121,7 @@ function verifyChange(change, publicKey) {
   const hashBytes = new TextEncoder().encode(change.hash);
   return verify(hashBytes, change.signature, publicKey);
 }
-function verifyChangeHash(change) {
+function recomputeChangeHash(change) {
   const unsigned = {
     id: change.id,
     type: change.type,
@@ -90,8 +139,10 @@ function verifyChangeHash(change) {
     unsigned.batchIndex = change.batchIndex;
     unsigned.batchSize = change.batchSize;
   }
-  const computedHash = computeChangeHash(unsigned);
-  return computedHash === change.hash;
+  return computeChangeHash(unsigned);
+}
+function verifyChangeHash(change) {
+  return recomputeChangeHash(change) === change.hash;
 }
 function createChangeId() {
   return crypto.randomUUID();
@@ -116,9 +167,8 @@ function receive(clock, receivedTime) {
 function compareLamportTimestamps(a, b) {
   if (a.time < b.time) return -1;
   if (a.time > b.time) return 1;
-  const authorCmp = a.author.localeCompare(b.author);
-  if (authorCmp < 0) return -1;
-  if (authorCmp > 0) return 1;
+  if (a.author < b.author) return -1;
+  if (a.author > b.author) return 1;
   return 0;
 }
 function isBefore(a, b) {
@@ -150,6 +200,11 @@ function maxTime(timestamps) {
 }
 // src/chain.ts
+function compareChangeOrder(a, b) {
+  if (a.lamport !== b.lamport) return a.lamport - b.lamport;
+  if (a.wallTime !== b.wallTime) return a.wallTime - b.wallTime;
+  return a.authorDID < b.authorDID ? -1 : a.authorDID > b.authorDID ? 1 : 0;
+}
 function validateChain(changes) {
   if (changes.length === 0) {
     return { valid: true };
@@ -252,7 +307,7 @@ function getForks(changes) {
   for (const forkPoint of forkPoints) {
     const children = changes.filter((c) => c.parentHash === forkPoint);
     if (children.length >= 2) {
-      children.sort((a, b) => compareLamportTimestamps(a.lamport, b.lamport));
+      children.sort(compareChangeOrder);
       forks.push({
         commonAncestor: forkPoint,
         branch1: [children[0]],
@@ -286,7 +341,7 @@ function topologicalSort(changes) {
     visited.add(change.hash);
     sorted.push(change);
   }
-  const sortedInput = [...changes].sort((a, b) => compareLamportTimestamps(a.lamport, b.lamport));
+  const sortedInput = [...changes].sort(compareChangeOrder);
   for (const change of sortedInput) {
     visit(change);
   }
@@ -848,6 +903,222 @@ var BaseSyncProvider = class {
   }
 };
+// src/sync-runtime.ts
+function deriveSyncLifecyclePhase(input) {
+  if (input.stopped) {
+    return "stopped";
+  }
+  if (!input.started) {
+    return "idle";
+  }
+  if (!input.localReady) {
+    return "starting";
+  }
+  if (input.connectionStatus === "connected") {
+    return input.replaying ? "replaying" : "healthy";
+  }
+  if (input.connectionStatus === "connecting") {
+    return "connecting";
+  }
+  if (input.connectionStatus === "disconnected") {
+    return input.everConnected ? "degraded" : "local-ready";
+  }
+  return "degraded";
+}
+function createSyncLifecycleState(input, previous) {
+  const replaying = input.replaying ?? false;
+  const phase = deriveSyncLifecyclePhase({
+    ...input,
+    replaying
+  });
+  const changed = !previous || previous.phase !== phase || previous.connectionStatus !== input.connectionStatus || previous.replaying !== replaying;
+  return {
+    phase,
+    connectionStatus: input.connectionStatus,
+    replaying,
+    lastTransitionAt: changed ? Date.now() : previous.lastTransitionAt
+  };
+}
+// src/replication-policy.ts
+function resolveSyncReplicationPolicy(config) {
+  const allowUnsignedReplication = config?.compatibility?.allowUnsignedReplication === true;
+  return {
+    allowUnsignedReplication,
+    requireSignedReplication: !allowUnsignedReplication
+  };
+}
+function inferReplicationNamespaceKind(namespace) {
+  const normalized = namespace.trim().toLowerCase();
+  return normalized.startsWith("sys/") || normalized.includes("/sys/") ? "system" : "user";
+}
+function normalizeSyncFederationHubs(config, fallbackUrls = []) {
+  const configured = config?.federation?.hubs ?? [];
+  const fallback = fallbackUrls.map((url, index) => ({
+    id: url,
+    url,
+    priority: configured.length + index
+  }));
+  const seen = /* @__PURE__ */ new Set();
+  return [...configured, ...fallback].map((hub, index) => ({
+    ...hub,
+    id: hub.id.trim(),
+    url: hub.url.trim(),
+    priority: hub.priority ?? index
+  })).filter((hub) => {
+    if (!hub.id || !hub.url || seen.has(hub.id)) return false;
+    seen.add(hub.id);
+    return true;
+  });
+}
+function planReplicationDestinations(input) {
+  const namespace = input.namespace.trim();
+  const hubs = normalizeSyncFederationHubs(input.config, input.fallbackHubUrls);
+  const policy = selectNamespacePolicy(input.config?.federation?.namespacePolicies ?? [], namespace);
+  const kind = policy?.kind ?? inferReplicationNamespaceKind(namespace);
+  const defaultHubIds = kind === "system" ? input.config?.federation?.defaultSystemHubIds : input.config?.federation?.defaultUserHubIds;
+  const includeHubIds = policy?.includeHubIds ?? defaultHubIds;
+  const excludeHubIds = new Set(policy?.excludeHubIds ?? []);
+  const diagnostics = [];
+  const trace = [
+    {
+      step: "classify",
+      namespace,
+      message: `Classified namespace as ${kind}.`
+    }
+  ];
+  if (hubs.length === 0) {
+    diagnostics.push({
+      code: "no_hubs_configured",
+      message: "No federation hubs were configured."
+    });
+  }
+  const byId = new Map(hubs.map((hub) => [hub.id, hub]));
+  if (includeHubIds) {
+    for (const hubId of includeHubIds) {
+      if (!byId.has(hubId)) {
+        diagnostics.push({
+          code: "policy_hub_not_found",
+          hubId,
+          message: `Policy references unknown hub "${hubId}".`
+        });
+      }
+    }
+  }
+  const candidateHubs = includeHubIds ? includeHubIds.flatMap((hubId) => {
+    const hub = byId.get(hubId);
+    return hub ? [hub] : [];
+  }) : hubs;
+  const destinations = candidateHubs.flatMap((hub) => {
+    if (hub.disabled) {
+      diagnostics.push({
+        code: "hub_disabled",
+        hubId: hub.id,
+        message: `Hub "${hub.id}" is disabled.`
+      });
+      trace.push({
+        step: "reject-hub",
+        hubId: hub.id,
+        namespace,
+        message: "Rejected disabled hub."
+      });
+      return [];
+    }
+    if (excludeHubIds.has(hub.id)) {
+      trace.push({
+        step: "exclude-hub",
+        hubId: hub.id,
+        namespace,
+        message: "Excluded by namespace policy."
+      });
+      return [];
+    }
+    if (hub.kinds && !hub.kinds.includes(kind)) {
+      diagnostics.push({
+        code: "hub_kind_mismatch",
+        hubId: hub.id,
+        message: `Hub "${hub.id}" does not accept ${kind} namespaces.`
+      });
+      trace.push({
+        step: "reject-hub",
+        hubId: hub.id,
+        namespace,
+        message: `Rejected because hub does not accept ${kind} namespaces.`
+      });
+      return [];
+    }
+    return [
+      {
+        hubId: hub.id,
+        url: hub.url,
+        priority: hub.priority ?? 0,
+        reason: policy ? `matched ${policy.namespace}` : "default federation policy"
+      }
+    ];
+  }).sort(compareDestinations);
+  const maxHubs = policy?.maxHubs;
+  const selected = maxHubs && maxHubs >= 0 ? destinations.slice(0, maxHubs) : destinations;
+  const minHubs = policy?.minHubs;
+  if (minHubs && selected.length < minHubs) {
+    diagnostics.push({
+      code: "minimum_hubs_not_satisfied",
+      message: `Policy requires ${minHubs} hub(s), but only ${selected.length} matched.`
+    });
+  }
+  trace.push({
+    step: "select",
+    namespace,
+    message: `Selected ${selected.length} destination hub(s).`
+  });
+  return {
+    namespace,
+    kind,
+    policy: policy ?? null,
+    destinations: selected,
+    diagnostics,
+    trace
+  };
+}
+function simulateSyncPolicyRevision(input) {
+  const before = planReplicationDestinations({
+    namespace: input.namespace,
+    config: input.current,
+    fallbackHubUrls: input.fallbackHubUrls
+  });
+  const after = planReplicationDestinations({
+    namespace: input.namespace,
+    config: input.revision,
+    fallbackHubUrls: input.fallbackHubUrls
+  });
+  const beforeIds = new Set(before.destinations.map((destination) => destination.hubId));
+  const afterIds = new Set(after.destinations.map((destination) => destination.hubId));
+  const addedHubIds = after.destinations.map((destination) => destination.hubId).filter((hubId) => !beforeIds.has(hubId));
+  const removedHubIds = before.destinations.map((destination) => destination.hubId).filter((hubId) => !afterIds.has(hubId));
+  const retainedHubIds = after.destinations.map((destination) => destination.hubId).filter((hubId) => beforeIds.has(hubId));
+  return {
+    before,
+    after,
+    addedHubIds,
+    removedHubIds,
+    retainedHubIds,
+    changed: addedHubIds.length > 0 || removedHubIds.length > 0
+  };
+}
+function selectNamespacePolicy(policies, namespace) {
+  return policies.filter((policy) => namespaceMatches(policy.namespace, namespace)).sort(
+    (left, right) => right.namespace.length - left.namespace.length || compareText(left.namespace, right.namespace)
+  )[0];
+}
+function namespaceMatches(policyNamespace, namespace) {
+  return policyNamespace === "*" || namespace === policyNamespace || namespace.startsWith(policyNamespace);
+}
+function compareDestinations(left, right) {
+  return left.priority - right.priority || compareText(left.hubId, right.hubId);
+}
+function compareText(left, right) {
+  return left < right ? -1 : left > right ? 1 : 0;
+}
 // src/yjs-envelope.ts
 import {
   hash,
@@ -1056,6 +1327,8 @@ function isLegacyUpdate(msg) {
 // src/yjs-limits.ts
 var MAX_YJS_UPDATE_SIZE = 1048576;
+var MAX_YJS_STATE_VECTOR_SIZE = 65536;
+var MAX_YJS_AWARENESS_UPDATE_SIZE = 65536;
 var MAX_YJS_UPDATES_PER_SECOND = 30;
 var MAX_YJS_UPDATES_PER_MINUTE = 600;
 var MAX_YJS_DOC_SIZE = 52428800;
@@ -1186,6 +1459,21 @@ var YjsRateLimiter = class {
 function isUpdateTooLarge(update, maxSize = MAX_YJS_UPDATE_SIZE) {
   return update.length > maxSize;
 }
+function estimateBase64DecodedLength(value) {
+  const trimmed = value.trim();
+  if (trimmed.length === 0) return 0;
+  const padding = trimmed.endsWith("==") ? 2 : trimmed.endsWith("=") ? 1 : 0;
+  return Math.max(0, Math.floor(trimmed.length * 3 / 4) - padding);
+}
+function isBase64PayloadTooLarge(value, maxSize) {
+  return estimateBase64DecodedLength(value) > maxSize;
+}
+function isStateVectorTooLarge(stateVector, maxSize = MAX_YJS_STATE_VECTOR_SIZE) {
+  return stateVector.length > maxSize;
+}
+function isAwarenessUpdateTooLarge(update, maxSize = MAX_YJS_AWARENESS_UPDATE_SIZE) {
+  return update.length > maxSize;
+}
 function isDocumentTooLarge(state, maxSize = MAX_YJS_DOC_SIZE) {
   return state.length > maxSize;
 }
@@ -1287,6 +1575,7 @@ var YjsPeerScorer = class {
   scores = /* @__PURE__ */ new Map();
   config;
   telemetry;
+  actionListeners = /* @__PURE__ */ new Set();
   constructor(config) {
     this.config = {
       penalties: { ...DEFAULT_YJS_SCORING_CONFIG.penalties, ...config?.penalties },
@@ -1315,6 +1604,7 @@ var YjsPeerScorer = class {
           this.scores.set(peerId, 0);
           this.telemetry?.reportSecurityEvent("sync.yjs.peer_auto_blocked", "critical");
           this.telemetry?.reportUsage("sync.yjs.peer_action.block", 1);
+          this.emitAction({ peerId, reason, action: "block", score: 0, metrics });
           return "block";
         }
         break;
@@ -1347,6 +1637,7 @@ var YjsPeerScorer = class {
     if (action !== "allow") {
       this.telemetry?.reportUsage(`sync.yjs.peer_action.${action}`, 1);
     }
+    this.emitAction({ peerId, reason, action, score: newScore, metrics });
     return action;
   }
   /**
@@ -1415,6 +1706,17 @@ var YjsPeerScorer = class {
   getAllMetrics() {
     return new Map(this.metrics);
   }
+  /**
+   * Listen for peer actions caused by violations.
+   *
+   * Returns an unsubscribe callback so owning packages can cleanly detach bridges.
+   */
+  onAction(listener) {
+    this.actionListeners.add(listener);
+    return () => {
+      this.actionListeners.delete(listener);
+    };
+  }
   /**
    * Remove all state for a disconnected peer.
    */
@@ -1422,6 +1724,14 @@ var YjsPeerScorer = class {
     this.metrics.delete(peerId);
     this.scores.delete(peerId);
   }
+  emitAction(event) {
+    for (const listener of this.actionListeners) {
+      try {
+        listener(event);
+      } catch {
+      }
+    }
+  }
   /**
    * Clear all state.
    */
@@ -2253,7 +2563,7 @@ var V1Serializer = class {
       authorDID: change.authorDID,
       signature: encodeBase64(change.signature),
       wallTime: change.wallTime,
-      lamport: { time: change.lamport.time, author: change.lamport.author }
+      lamport: change.lamport
     };
     if (change.protocolVersion !== void 0) {
       wire.protocolVersion = change.protocolVersion;
@@ -2281,7 +2591,7 @@ var V1Serializer = class {
           rawData: data
         };
       }
-      if (!wire.lamport || typeof wire.lamport.time !== "number" || !wire.lamport.author) {
+      if (typeof wire.lamport !== "number") {
         return {
           success: false,
           error: "Invalid or missing lamport timestamp",
@@ -2297,10 +2607,7 @@ var V1Serializer = class {
         authorDID: wire.authorDID,
         signature: decodeBase64(wire.signature),
         wallTime: wire.wallTime,
-        lamport: {
-          time: wire.lamport.time,
-          author: wire.lamport.author
-        }
+        lamport: wire.lamport
       };
       if (wire.protocolVersion !== void 0) {
         change.protocolVersion = wire.protocolVersion;
@@ -2368,7 +2675,7 @@ var V2Serializer = class {
       a: change.authorDID,
       s: encodeBase642(change.signature),
       w: change.wallTime,
-      l: { t: change.lamport.time, a: change.lamport.author }
+      l: change.lamport
     };
     if (change.batchId !== void 0) {
       wire.bi = change.batchId;
@@ -2400,7 +2707,7 @@ var V2Serializer = class {
           rawData: data
         };
       }
-      if (!wire.l || typeof wire.l.t !== "number" || !wire.l.a) {
+      if (typeof wire.l !== "number") {
         return {
           success: false,
           error: "Invalid or missing lamport timestamp",
@@ -2417,10 +2724,7 @@ var V2Serializer = class {
         authorDID: wire.a,
         signature: decodeBase642(wire.s),
         wallTime: wire.w,
-        lamport: {
-          time: wire.l.t,
-          author: wire.l.a
-        }
+        lamport: wire.l
       };
       if (wire.bi !== void 0) {
         change.batchId = wire.bi;
@@ -2503,7 +2807,7 @@ var V3Serializer = class {
       a: change.authorDID,
       sig,
       w: change.wallTime,
-      l: { t: change.lamport.time, a: change.lamport.author }
+      l: change.lamport
     };
     if (change.batchId !== void 0) {
       wire.bi = change.batchId;
@@ -2542,7 +2846,7 @@ var V3Serializer = class {
           rawData: data
         };
       }
-      if (!wire.l || typeof wire.l.t !== "number" || !wire.l.a) {
+      if (typeof wire.l !== "number") {
         return {
           success: false,
           error: "Invalid or missing lamport timestamp",
@@ -2561,10 +2865,7 @@ var V3Serializer = class {
         signature,
         // Type cast for compatibility
         wallTime: wire.w,
-        lamport: {
-          time: wire.l.t,
-          author: wire.l.a
-        }
+        lamport: wire.l
       };
       if (wire.bi !== void 0) {
         change.batchId = wire.bi;
@@ -2928,11 +3229,11 @@ async function verifyIntegrity(changes, options = {}) {
         hasIssue = true;
       }
     }
-    if (change.lamport.time < 0) {
+    if (change.lamport < 0) {
       issues.push({
         changeId: change.id,
         type: "invalid-lamport",
-        details: `Invalid Lamport time: ${change.lamport.time}`,
+        details: `Invalid Lamport time: ${change.lamport}`,
         severity: "error"
       });
       hasIssue = true;
@@ -3560,7 +3861,9 @@ export {
   FEATURES,
   HYBRID_SECURITY_POLICY,
   MAX_SECURITY_POLICY,
+  MAX_YJS_AWARENESS_UPDATE_SIZE,
   MAX_YJS_DOC_SIZE,
+  MAX_YJS_STATE_VECTOR_SIZE,
   MAX_YJS_UPDATES_PER_MINUTE,
   MAX_YJS_UPDATES_PER_SECOND,
   MAX_YJS_UPDATE_SIZE,
@@ -3603,13 +3906,16 @@ export {
   createReactIntegrityMonitor,
   createSecurityPolicy,
   createSerializerRegistry,
+  createSyncLifecycleState,
   createTestContext,
   createUnsignedChange,
   createUnsignedYjsChange,
   createVersionedHandler,
+  createWebCryptoChangeSigner,
   createYjsChange,
   decryptYjsState,
   defaultNegotiator,
+  deriveSyncLifecyclePhase,
   deserializeClientIdAttestation,
   deserializeEncryptedYjsState,
   deserializeYjsEnvelope,
@@ -3617,6 +3923,7 @@ export {
   diffFeatures,
   encryptYjsState,
   envelopeSize,
+  estimateBase64DecodedLength,
   findCommonAncestor,
   findHeads,
   findOrphans,
@@ -3643,8 +3950,11 @@ export {
   getSerializer,
   hasSignedEnvelope,
   hashYjsState,
+  inferReplicationNamespaceKind,
   intersectFeatures,
   isAfter,
+  isAwarenessUpdateTooLarge,
+  isBase64PayloadTooLarge,
   isBefore,
   isCriticalOperation,
   isDeprecated,
@@ -3655,6 +3965,7 @@ export {
   isLegacyUpdate,
   isNodeChange,
   isRemoved,
+  isStateVectorTooLarge,
   isUpdateTooLarge,
   isV1Attestation,
   isV1Envelope,
@@ -3665,12 +3976,16 @@ export {
   logDeprecation,
   maxTime,
   mergeSecurityPolicies,
+  normalizeSyncFederationHubs,
   parseCapabilities,
   parseTimestamp,
+  planReplicationDestinations,
   quickIntegrityCheck,
   reassembleChunks,
   receive,
+  recomputeChangeHash,
   registerDeprecation,
+  resolveSyncReplicationPolicy,
   serializeClientIdAttestation,
   serializeEncryptedYjsState,
   serializeTimestamp,
@@ -3682,6 +3997,7 @@ export {
   signYjsUpdateBatch,
   signYjsUpdateV1,
   signYjsUpdateV2,
+  simulateSyncPolicyRevision,
   tick,
   toEncryptedData,
   topologicalSort,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@xnetjs/sync",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Unified sync primitives for xNet (Change<T>, vector clocks, hash chains)",
   "license": "MIT",
   "repository": {
@@ -26,9 +26,9 @@
     "provenance": true
   },
   "dependencies": {
-    "@xnetjs/core": "0.0.2",
-    "@xnetjs/crypto": "0.0.2",
-    "@xnetjs/identity": "0.0.2"
+    "@xnetjs/core": "0.0.3",
+    "@xnetjs/crypto": "0.0.3",
+    "@xnetjs/identity": "0.0.3"
   },
   "devDependencies": {
     "tsup": "^8.0.0",