npm - cojson - Versions diffs - 0.18.29 → 0.18.30 - Mend

cojson 0.18.29 → 0.18.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

package/.turbo/turbo-build.log +1 -1
package/CHANGELOG.md +9 -0
package/dist/PeerState.d.ts +23 -14
package/dist/PeerState.d.ts.map +1 -1
package/dist/PeerState.js +74 -23
package/dist/PeerState.js.map +1 -1
package/dist/SyncStateManager.d.ts +3 -3
package/dist/SyncStateManager.d.ts.map +1 -1
package/dist/SyncStateManager.js +18 -44
package/dist/SyncStateManager.js.map +1 -1
package/dist/coValueContentMessage.d.ts.map +1 -1
package/dist/coValueContentMessage.js +2 -1
package/dist/coValueContentMessage.js.map +1 -1
package/dist/coValueCore/PeerKnownState.d.ts +21 -0
package/dist/coValueCore/PeerKnownState.d.ts.map +1 -0
package/dist/coValueCore/PeerKnownState.js +52 -0
package/dist/coValueCore/PeerKnownState.js.map +1 -0
package/dist/coValueCore/coValueCore.d.ts +39 -8
package/dist/coValueCore/coValueCore.d.ts.map +1 -1
package/dist/coValueCore/coValueCore.js +139 -40
package/dist/coValueCore/coValueCore.js.map +1 -1
package/dist/coValueCore/decryptTransactionChangesAndMeta.d.ts.map +1 -1
package/dist/coValueCore/decryptTransactionChangesAndMeta.js +0 -5
package/dist/coValueCore/decryptTransactionChangesAndMeta.js.map +1 -1
package/dist/coValueCore/verifiedState.d.ts +0 -14
package/dist/coValueCore/verifiedState.d.ts.map +1 -1
package/dist/coValueCore/verifiedState.js +2 -32
package/dist/coValueCore/verifiedState.js.map +1 -1
package/dist/coValues/coList.d.ts +3 -4
package/dist/coValues/coList.d.ts.map +1 -1
package/dist/coValues/coList.js +4 -4
package/dist/coValues/coList.js.map +1 -1
package/dist/coValues/coMap.d.ts +3 -4
package/dist/coValues/coMap.d.ts.map +1 -1
package/dist/coValues/coMap.js +5 -4
package/dist/coValues/coMap.js.map +1 -1
package/dist/coValues/coStream.d.ts +3 -3
package/dist/coValues/coStream.d.ts.map +1 -1
package/dist/coValues/coStream.js +3 -4
package/dist/coValues/coStream.js.map +1 -1
package/dist/coValues/group.d.ts +3 -3
package/dist/coValues/group.d.ts.map +1 -1
package/dist/coValues/group.js +74 -52
package/dist/coValues/group.js.map +1 -1
package/dist/exports.d.ts +2 -2
package/dist/exports.d.ts.map +1 -1
package/dist/exports.js +2 -2
package/dist/exports.js.map +1 -1
package/dist/localNode.d.ts.map +1 -1
package/dist/localNode.js +7 -5
package/dist/localNode.js.map +1 -1
package/dist/permissions.d.ts +5 -1
package/dist/permissions.d.ts.map +1 -1
package/dist/permissions.js +173 -109
package/dist/permissions.js.map +1 -1
package/dist/sync.d.ts.map +1 -1
package/dist/sync.js +33 -44
package/dist/sync.js.map +1 -1
package/dist/tests/PeerKnownState.test.d.ts +2 -0
package/dist/tests/PeerKnownState.test.d.ts.map +1 -0
package/dist/tests/PeerKnownState.test.js +342 -0
package/dist/tests/PeerKnownState.test.js.map +1 -0
package/dist/tests/PeerState.test.js +17 -16
package/dist/tests/PeerState.test.js.map +1 -1
package/dist/tests/StorageApiAsync.test.js +12 -12
package/dist/tests/StorageApiAsync.test.js.map +1 -1
package/dist/tests/StorageApiSync.test.js +11 -11
package/dist/tests/StorageApiSync.test.js.map +1 -1
package/dist/tests/SyncStateManager.test.js +16 -21
package/dist/tests/SyncStateManager.test.js.map +1 -1
package/dist/tests/coValueCore.dependencies.test.js +59 -0
package/dist/tests/coValueCore.dependencies.test.js.map +1 -1
package/dist/tests/coValueCore.test.js +41 -21
package/dist/tests/coValueCore.test.js.map +1 -1
package/dist/tests/group.addMember.test.js +266 -219
package/dist/tests/group.addMember.test.js.map +1 -1
package/dist/tests/group.inheritance.test.js +12 -0
package/dist/tests/group.inheritance.test.js.map +1 -1
package/dist/tests/group.invite.test.js +77 -0
package/dist/tests/group.invite.test.js.map +1 -1
package/dist/tests/group.removeMember.test.js +64 -7
package/dist/tests/group.removeMember.test.js.map +1 -1
package/dist/tests/group.roleOf.test.js +14 -4
package/dist/tests/group.roleOf.test.js.map +1 -1
package/dist/tests/permissions.test.js +51 -202
package/dist/tests/permissions.test.js.map +1 -1
package/dist/tests/sync.content.test.js +2 -2
package/dist/tests/sync.content.test.js.map +1 -1
package/dist/tests/sync.invite.test.js +6 -6
package/dist/tests/sync.load.test.js +22 -22
package/dist/tests/sync.mesh.test.js +9 -9
package/dist/tests/sync.storage.test.js +13 -7
package/dist/tests/sync.storage.test.js.map +1 -1
package/dist/tests/sync.storageAsync.test.js +3 -3
package/dist/tests/sync.test.js +13 -33
package/dist/tests/sync.test.js.map +1 -1
package/dist/tests/sync.upload.test.js +2 -2
package/package.json +3 -3
package/src/PeerState.ts +86 -34
package/src/SyncStateManager.ts +25 -60
package/src/coValueContentMessage.ts +3 -1
package/src/coValueCore/PeerKnownState.ts +74 -0
package/src/coValueCore/coValueCore.ts +180 -49
package/src/coValueCore/decryptTransactionChangesAndMeta.ts +0 -6
package/src/coValueCore/verifiedState.ts +2 -37
package/src/coValues/coList.ts +7 -7
package/src/coValues/coMap.ts +9 -7
package/src/coValues/coStream.ts +6 -5
package/src/coValues/group.ts +99 -60
package/src/exports.ts +2 -1
package/src/localNode.ts +7 -5
package/src/permissions.ts +204 -123
package/src/sync.ts +37 -53
package/src/tests/PeerKnownState.test.ts +426 -0
package/src/tests/PeerState.test.ts +24 -24
package/src/tests/StorageApiAsync.test.ts +12 -12
package/src/tests/StorageApiSync.test.ts +11 -11
package/src/tests/SyncStateManager.test.ts +23 -53
package/src/tests/coValueCore.dependencies.test.ts +87 -0
package/src/tests/coValueCore.test.ts +64 -22
package/src/tests/group.addMember.test.ts +384 -345
package/src/tests/group.inheritance.test.ts +33 -0
package/src/tests/group.invite.test.ts +117 -0
package/src/tests/group.removeMember.test.ts +95 -9
package/src/tests/group.roleOf.test.ts +16 -4
package/src/tests/permissions.test.ts +56 -295
package/src/tests/sync.content.test.ts +2 -2
package/src/tests/sync.invite.test.ts +6 -6
package/src/tests/sync.load.test.ts +22 -22
package/src/tests/sync.mesh.test.ts +9 -9
package/src/tests/sync.storage.test.ts +13 -8
package/src/tests/sync.storageAsync.test.ts +3 -3
package/src/tests/sync.test.ts +21 -50
package/src/tests/sync.upload.test.ts +2 -2
package/dist/PeerKnownStates.d.ts +0 -19
package/dist/PeerKnownStates.d.ts.map +0 -1
package/dist/PeerKnownStates.js +0 -64
package/dist/PeerKnownStates.js.map +0 -1
package/dist/tests/PeerKnownStates.test.d.ts +0 -2
package/dist/tests/PeerKnownStates.test.d.ts.map +0 -1
package/dist/tests/PeerKnownStates.test.js +0 -77
package/dist/tests/PeerKnownStates.test.js.map +0 -1
package/src/PeerKnownStates.ts +0 -93
package/src/tests/PeerKnownStates.test.ts +0 -99

package/src/coValues/group.ts CHANGED Viewed

@@ -16,10 +16,8 @@ import {
   AgentID,
   ChildGroupReference,
   ParentGroupReference,
-  getChildGroupId,
   getParentGroupId,
   isAgentID,
-  isChildGroupReference,
   isParentGroupReference,
 } from "../ids.js";
 import { JsonObject } from "../jsonValue.js";
@@ -51,6 +49,7 @@ export type ParentGroupReferenceRole =
   | "extend"
   | "reader"
   | "writer"
+  | "manager"
   | "admin";
 export type GroupShape = {
@@ -123,6 +122,38 @@ function healMissingKeyForEveryone(group: RawGroup) {
   }
 }
+function needsKeyRotation(group: RawGroup) {
+  const currentReadKeyId = group.get("readKey");
+  if (!currentReadKeyId) {
+    return false;
+  }
+  for (const parentGroup of group.getParentGroups()) {
+    const parentReadKeyId = parentGroup.get("readKey");
+    if (!parentReadKeyId) {
+      continue;
+    }
+    const hasKeyRevelation = group.get(
+      `${currentReadKeyId}_for_${parentReadKeyId}`,
+    );
+    if (!hasKeyRevelation) {
+      return true;
+    }
+  }
+  return false;
+}
+function rotateReadKeyIfNeeded(group: RawGroup) {
+  if (needsKeyRotation(group)) {
+    group.rotateReadKey();
+  }
+}
 /** A `Group` is a scope for permissions of its members (`"reader" | "writer" | "admin"`), applying to objects owned by that group.
  *
  *  A `Group` object exposes methods for permission management and allows you to create new CoValues owned by that group.
@@ -160,7 +191,11 @@ export class RawGroup<
     super(core, options);
     this.crypto = core.node.crypto;
-    healMissingKeyForEveryone(this);
+    // Checks if this is not an account
+    if (core.isGroup()) {
+      rotateReadKeyIfNeeded(this);
+      healMissingKeyForEveryone(this);
+    }
   }
   /**
@@ -259,27 +294,20 @@ export class RawGroup<
   }
   forEachChildGroup(callback: (child: RawGroup) => void) {
-    for (const key of this.keys()) {
-      if (isChildGroupReference(key)) {
-        // Check if the child group reference is revoked
-        if (this.get(key) === "revoked") {
-          continue;
-        }
+    // When rotating the parent key, all the child groups loaded in memory rotate their key.
+    // The unloaded child groups will be rotated when they are loaded, by checking if their key has been revealed to the latest parent readKey.
+    for (const id of this.core.dependant) {
+      const dependant = this.core.node.getCoValue(id);
-        const id = getChildGroupId(key);
-        const child = this.core.node.getCoValue(id);
+      if (!dependant.isGroup()) {
+        continue;
+      }
-        if (child.isAvailable()) {
-          callback(expectGroup(child.getCurrentContent()));
-        } else {
-          this.core.node.load(id).then((child) => {
-            if (child !== "unavailable") {
-              callback(expectGroup(child));
-            } else {
-              logger.warn(`Unable to load child group ${id}, skipping`);
-            }
-          });
-        }
+      const childGroup = expectGroup(dependant.getCurrentContent());
+      const reference = childGroup.get(`parent_${this.id}`);
+      if (reference && reference !== "revoked") {
+        callback(childGroup);
       }
     }
   }
@@ -311,7 +339,15 @@ export class RawGroup<
     account: RawAccount | ControlledAccountOrAgent | AgentID | Everyone,
     role: Role,
   ) {
-    if (account === EVERYONE) {
+    const memberKey = typeof account === "string" ? account : account.id;
+    const previousRole = this.get(memberKey);
+    // if the role is the same, we don't need to do anything
+    if (previousRole === role) {
+      return;
+    }
+    if (memberKey === EVERYONE) {
       if (!(role === "reader" || role === "writer" || role === "writeOnly")) {
         throw new Error(
           "Can't make everyone something other than reader, writer or writeOnly",
@@ -323,22 +359,13 @@ export class RawGroup<
         throw new Error("Can't add member without read key secret");
       }
-      const previousRole = this.get(account);
+      const previousRole = this.get(memberKey);
-      this.set(account, role, "trusting");
+      this.set(memberKey, role, "trusting");
-      if (this.get(account) !== role) {
-        // The role was not set correctly; this presents three scenarios:
-        // 1. The current user is an administrator trying to set another administrator to a lower role
-        // 2. The current user is an administrator but something has gone wrong with the role assignment
-        // 3. The current user is not an administrator and does not have sufficient permissions to set the role
-        const myRole = this.myRole();
+      if (this.get(memberKey) !== role) {
         throw new Error(
-          myRole === "admin"
-            ? this.get(account) === "admin"
-              ? "Administrators cannot demote other administrators in a group"
-              : "Failed to set role"
-            : `Failed to set role due to insufficient permissions (role of current account is ${myRole})`,
+          `Failed to set role ${role} to ${memberKey} (role of current account is ${this.myRole()})`,
         );
       }
@@ -359,10 +386,13 @@ export class RawGroup<
       return;
     }
-    const memberKey = typeof account === "string" ? account : account.id;
     const agent =
       typeof account === "string" ? account : account.currentAgentID();
+    if (agent === EVERYONE) {
+      throw new Error("Agent should not be everyone");
+    }
     /**
      * WriteOnly members can only see their own changes.
      *
@@ -374,26 +404,23 @@ export class RawGroup<
      * invite.
      */
     if (role === "writeOnly" || role === "writeOnlyInvite") {
-      const previousRole = this.get(memberKey);
-      if (
-        previousRole === "admin" &&
-        memberKey !== this.core.node.getCurrentAgent().id
-      ) {
-        throw new Error(
-          "Administrators cannot demote other administrators in a group",
-        );
-      }
       if (
         previousRole === "reader" ||
         previousRole === "writer" ||
+        previousRole === "manager" ||
         previousRole === "admin"
       ) {
         this.rotateReadKey(memberKey);
       }
       this.set(memberKey, role, "trusting");
+      if (this.get(memberKey) !== role) {
+        throw new Error(
+          `Failed to set role ${role} to ${memberKey} (role of current account is ${this.myRole()})`,
+        );
+      }
       this.internalCreateWriteOnlyKeyForMember(memberKey, agent);
     } else {
       const currentReadKey = this.getCurrentReadKey();
@@ -405,13 +432,8 @@ export class RawGroup<
       this.set(memberKey, role, "trusting");
       if (this.get(memberKey) !== role) {
-        const myRole = this.myRole();
         throw new Error(
-          myRole === "admin"
-            ? this.get(memberKey) === "admin"
-              ? "Administrators cannot demote other administrators in a group"
-              : "Failed to set role"
-            : `Failed to set role due to insufficient permissions (role of current account is ${myRole})`,
+          `Failed to set role ${role} to ${memberKey} (role of current account is ${this.myRole()})`,
         );
       }
@@ -458,6 +480,7 @@ export class RawGroup<
         memberRole === "reader" ||
         memberRole === "writer" ||
         memberRole === "admin" ||
+        memberRole === "manager" ||
         memberRole === "readerInvite" ||
         memberRole === "writerInvite" ||
         memberRole === "adminInvite"
@@ -960,7 +983,7 @@ export class RawGroup<
   extend(
     parent: RawGroup,
-    role: "reader" | "writer" | "admin" | "inherit" = "inherit",
+    role: "reader" | "writer" | "manager" | "admin" | "inherit" = "inherit",
   ) {
     if (this.isSelfExtension(parent)) {
       return;
@@ -974,7 +997,6 @@ export class RawGroup<
     const value = role === "inherit" ? "extend" : role;
-    parent.set(`child_${this.id}`, "extend", "trusting");
     this.set(`parent_${parent.id}`, value, "trusting");
     const { id: childReadKeyID, secret: childReadKeySecret } =
@@ -1069,7 +1091,9 @@ export class RawGroup<
     this.set(`parent_${parent.id}`, "revoked", "trusting");
     // Set the child key on the parent group to `revoked`
-    parent.set(`child_${this.id}`, "revoked", "trusting");
+    if (parent.get(`child_${this.id}`)) {
+      parent.set(`child_${this.id}`, "revoked", "trusting");
+    }
     // Rotate the keys on the child group
     this.rotateReadKey();
@@ -1085,11 +1109,18 @@ export class RawGroup<
   removeMember(account: RawAccount | ControlledAccountOrAgent | Everyone) {
     const memberKey = typeof account === "string" ? account : account.id;
-    if (this.myRole() === "admin") {
+    if (this.myRole() === "admin" || this.myRole() === "manager") {
       this.rotateReadKey(memberKey);
     }
     this.set(memberKey, "revoked", "trusting");
+    // TODO: removeMember fails silently. Uncomment this will be a breaking change
+    // if (this.get(memberKey) !== "revoked") {
+    //   throw new Error(
+    //     `Failed to revoke role to ${memberKey} (role of current account is ${this.myRole()})`,
+    //   );
+    // }
   }
   /**
@@ -1254,23 +1285,30 @@ export class RawGroup<
 export function isInheritableRole(
   roleInParent: Role | undefined,
-): roleInParent is "revoked" | "admin" | "writer" | "reader" {
+): roleInParent is "revoked" | "admin" | "manager" | "writer" | "reader" {
   return (
     roleInParent === "revoked" ||
     roleInParent === "admin" ||
+    roleInParent === "manager" ||
     roleInParent === "writer" ||
     roleInParent === "reader"
   );
 }
 function isMorePermissiveAndShouldInherit(
-  roleInParent: "revoked" | "admin" | "writer" | "reader",
+  roleInParent: "revoked" | "admin" | "manager" | "writer" | "reader",
   roleInChild: Role | undefined,
 ) {
   if (roleInParent === "revoked") {
     return true;
   }
+  if (roleInParent === "manager") {
+    return (
+      !roleInChild || (roleInChild !== "manager" && roleInChild !== "admin")
+    );
+  }
   if (roleInParent === "admin") {
     return !roleInChild || roleInChild !== "admin";
   }
@@ -1314,6 +1352,7 @@ const canRead = (
   const role = group.get(key);
   return (
     role === "admin" ||
+    role === "manager" ||
     role === "writer" ||
     role === "reader" ||
     role === "adminInvite" ||

package/src/exports.ts CHANGED Viewed

@@ -60,7 +60,7 @@ import { AgentSecret, textDecoder, textEncoder } from "./crypto/crypto.js";
 import type { AgentID, RawCoID, SessionID } from "./ids.js";
 import type { JsonObject, JsonValue } from "./jsonValue.js";
 import type * as Media from "./media.js";
-import { disablePermissionErrors } from "./permissions.js";
+import { disablePermissionErrors, isAccountRole } from "./permissions.js";
 import type { Peer, SyncMessage } from "./sync.js";
 import {
   DisconnectedError,
@@ -169,6 +169,7 @@ export {
   base64URLtoBytes,
   bytesToBase64url,
   hwrServerPeerSelector,
+  isAccountRole,
 };
 export type {

package/src/localNode.ts CHANGED Viewed

@@ -640,11 +640,13 @@ export class LocalNode {
       account,
       inviteRole === "adminInvite"
         ? "admin"
-        : inviteRole === "writerInvite"
-          ? "writer"
-          : inviteRole === "writeOnlyInvite"
-            ? "writeOnly"
-            : "reader",
+        : inviteRole === "managerInvite"
+          ? "manager"
+          : inviteRole === "writerInvite"
+            ? "writer"
+            : inviteRole === "writeOnlyInvite"
+              ? "writeOnly"
+              : "reader",
     );
     const contentPieces =