dominus-sdk-nodejs-dev 1.2.4

package/dist/namespaces/redis.js

@@ -0,0 +1,218 @@
+/**
+ * Redis Namespace - Whisperer caching operations.
+ *
+ * Provides Redis caching operations via Upstash REST API.
+ * TTL enforced: min 60 seconds, max 86400 seconds (24 hours).
+ */
+export class RedisNamespace {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    /**
+     * Set a value with TTL.
+     *
+     * @param key - Key name
+     * @param value - Any JSON-serializable value
+     * @param ttl - Time-to-live in seconds (60-86400, default: 3600)
+     * @param category - Optional namespace category
+     */
+    async set(key, value, ttl = 3600, category) {
+        const body = {
+            logical_path: key,
+            value,
+            ttl_seconds: ttl,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/set',
+            body,
+        });
+    }
+    /**
+     * Get a value, optionally refreshing TTL.
+     *
+     * @param key - Key name
+     * @param options - Get options (category, nudge, ttl)
+     */
+    async get(key, options = {}) {
+        const { category, nudge = false, ttl } = options;
+        const body = {
+            logical_path: key,
+            nudge,
+        };
+        if (category)
+            body.category = category;
+        if (ttl && nudge)
+            body.ttl_seconds = ttl;
+        return this.client.request({
+            endpoint: '/api/whisperer/get',
+            body,
+        });
+    }
+    /**
+     * Delete a key.
+     *
+     * @param key - Key name
+     * @param category - Optional namespace category
+     */
+    async delete(key, category) {
+        const body = { logical_path: key };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/delete',
+            body,
+        });
+    }
+    /**
+     * List keys by prefix with pagination.
+     *
+     * @param options - List options (prefix, category, limit, cursor)
+     */
+    async list(options = {}) {
+        const { prefix, category, limit = 100, cursor } = options;
+        const body = { limit: Math.min(limit, 500) };
+        if (prefix)
+            body.logical_prefix = prefix;
+        if (category)
+            body.category = category;
+        if (cursor)
+            body.cursor = cursor;
+        return this.client.request({
+            endpoint: '/api/whisperer/list',
+            body,
+        });
+    }
+    /**
+     * Get multiple keys at once.
+     *
+     * @param keys - List of key specs (max 100)
+     */
+    async mget(keys) {
+        return this.client.request({
+            endpoint: '/api/whisperer/mget',
+            body: { keys: keys.slice(0, 100) },
+        });
+    }
+    /**
+     * Set if not exists (for distributed locks).
+     *
+     * @param key - Key name
+     * @param value - Any JSON-serializable value
+     * @param ttl - Time-to-live in seconds (60-86400, default: 60)
+     * @param category - Optional namespace category
+     */
+    async setnx(key, value, ttl = 60, category) {
+        const body = {
+            logical_path: key,
+            value,
+            ttl_seconds: ttl,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/setnx',
+            body,
+        });
+    }
+    /**
+     * Increment counter (creates if not exists).
+     *
+     * @param key - Key name
+     * @param delta - Increment amount (default: 1)
+     * @param ttl - Time-to-live in seconds (60-86400, default: 3600)
+     * @param category - Optional namespace category
+     */
+    async incr(key, delta = 1, ttl = 3600, category) {
+        const body = {
+            logical_path: key,
+            delta,
+            ttl_seconds: ttl,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/incr',
+            body,
+        });
+    }
+    /**
+     * Set a hash field.
+     *
+     * @param key - Hash key name
+     * @param field - Field name
+     * @param value - Any JSON-serializable value
+     * @param ttl - Time-to-live in seconds (60-86400, default: 3600)
+     * @param category - Optional namespace category
+     */
+    async hset(key, field, value, ttl = 3600, category) {
+        const body = {
+            logical_path: key,
+            field,
+            value,
+            ttl_seconds: ttl,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/hset',
+            body,
+        });
+    }
+    /**
+     * Get a hash field.
+     *
+     * @param key - Hash key name
+     * @param field - Field name
+     * @param category - Optional namespace category
+     */
+    async hget(key, field, category) {
+        const body = {
+            logical_path: key,
+            field,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/hget',
+            body,
+        });
+    }
+    /**
+     * Get all fields from a hash.
+     *
+     * @param key - Hash key name
+     * @param category - Optional namespace category
+     */
+    async hgetall(key, category) {
+        const body = { logical_path: key };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/hgetall',
+            body,
+        });
+    }
+    /**
+     * Delete a hash field.
+     *
+     * @param key - Hash key name
+     * @param field - Field name to delete
+     * @param category - Optional namespace category
+     */
+    async hdel(key, field, category) {
+        const body = {
+            logical_path: key,
+            field,
+        };
+        if (category)
+            body.category = category;
+        return this.client.request({
+            endpoint: '/api/whisperer/hdel',
+            body,
+        });
+    }
+}
+//# sourceMappingURL=redis.js.map

package/dist/namespaces/redis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/namespaces/redis.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuCH,MAAM,OAAO,cAAc;IACL;IAApB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C;;;;;;;OAOG;IACH,KAAK,CAAC,GAAG,CACP,GAAW,EACX,KAAc,EACd,GAAG,GAAG,IAAI,EACV,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;YACL,WAAW,EAAE,GAAG;SACjB,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB;YAC9B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,GAAG,CACP,GAAW,EACX,UAAgE,EAAE;QAElE,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,KAAK,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QAEjD,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;SACN,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACvC,IAAI,GAAG,IAAI,KAAK;YAAE,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC;QAEzC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB;YAC9B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CACV,GAAW,EACX,QAAiB;QAEjB,MAAM,IAAI,GAA4B,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;QAC5D,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,uBAAuB;YACjC,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CACR,UAKI,EAAE;QAEN,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,GAAG,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAE1D,MAAM,IAAI,GAA4B,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;QACtE,IAAI,MAAM;YAAE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;QACzC,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACvC,IAAI,MAAM;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAEjC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CACR,IAAwD;QAExD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;SACnC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,KAAK,CACT,GAAW,EACX,KAAc,EACd,GAAG,GAAG,EAAE,EACR,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;YACL,WAAW,EAAE,GAAG;SACjB,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,sBAAsB;YAChC,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,IAAI,CACR,GAAW,EACX,KAAK,GAAG,CAAC,EACT,GAAG,GAAG,IAAI,EACV,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;YACL,WAAW,EAAE,GAAG;SACjB,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CACR,GAAW,EACX,KAAa,EACb,KAAc,EACd,GAAG,GAAG,IAAI,EACV,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;YACL,KAAK;YACL,WAAW,EAAE,GAAG;SACjB,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,CACR,GAAW,EACX,KAAa,EACb,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;SACN,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,QAAiB;QAC1C,MAAM,IAAI,GAA4B,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;QAC5D,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,wBAAwB;YAClC,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,CACR,GAAW,EACX,KAAa,EACb,QAAiB;QAEjB,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,GAAG;YACjB,KAAK;SACN,CAAC;QACF,IAAI,QAAQ;YAAE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/namespaces/secrets.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Secrets Namespace - Warden secrets management.
+ *
+ * Provides CRUD operations for secrets stored in the Warden service.
+ */
+import type { DominusClient } from '../lib/client.js';
+export interface Secret {
+    key: string;
+    value: unknown;
+    comment?: string;
+}
+export interface UpsertResult {
+    operation: 'created' | 'updated';
+    [key: string]: unknown;
+}
+export declare class SecretsNamespace {
+    private client;
+    constructor(client: DominusClient);
+    /**
+     * Get a secret value.
+     *
+     * @param key - Secret key name
+     * @returns Secret value
+     */
+    get(key: string): Promise<unknown>;
+    /**
+     * Create or update a secret.
+     *
+     * @param key - Secret key name
+     * @param value - Secret value
+     * @param comment - Optional comment/description
+     * @returns Operation result with created/updated status
+     */
+    upsert(key: string, value: string, comment?: string): Promise<UpsertResult>;
+    /**
+     * List secrets, optionally filtered by prefix.
+     *
+     * @param prefix - Optional key prefix filter
+     * @returns List of secret metadata (keys only, not values)
+     */
+    list(prefix?: string): Promise<Array<Record<string, unknown>>>;
+    /**
+     * Delete a secret.
+     *
+     * @param key - Secret key to delete
+     * @returns Operation result
+     */
+    delete(key: string): Promise<Record<string, unknown>>;
+}
+//# sourceMappingURL=secrets.d.ts.map

package/dist/namespaces/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/namespaces/secrets.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,SAAS,GAAG,SAAS,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qBAAa,gBAAgB;IACf,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAEzC;;;;;OAKG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQxC;;;;;;;OAOG;IACG,MAAM,CACV,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC;IAkCxB;;;;;OAKG;IACG,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAepE;;;;;OAKG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAM5D"}

package/dist/namespaces/secrets.js

@@ -0,0 +1,93 @@
+/**
+ * Secrets Namespace - Warden secrets management.
+ *
+ * Provides CRUD operations for secrets stored in the Warden service.
+ */
+export class SecretsNamespace {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    /**
+     * Get a secret value.
+     *
+     * @param key - Secret key name
+     * @returns Secret value
+     */
+    async get(key) {
+        const result = await this.client.request({
+            endpoint: '/api/warden/secrets',
+            body: { action: 'get', key },
+        });
+        return result.secret?.value;
+    }
+    /**
+     * Create or update a secret.
+     *
+     * @param key - Secret key name
+     * @param value - Secret value
+     * @param comment - Optional comment/description
+     * @returns Operation result with created/updated status
+     */
+    async upsert(key, value, comment) {
+        const body = {
+            action: 'update',
+            key,
+            value,
+        };
+        if (comment) {
+            body.comment = comment;
+        }
+        try {
+            const result = await this.client.request({
+                endpoint: '/api/warden/secrets',
+                body,
+            });
+            return { ...result, operation: 'updated' };
+        }
+        catch (error) {
+            // If update fails (secret doesn't exist), try create
+            if (error instanceof Error &&
+                'statusCode' in error &&
+                error.statusCode === 500) {
+                body.action = 'create';
+                const result = await this.client.request({
+                    endpoint: '/api/warden/secrets',
+                    body,
+                });
+                return { ...result, operation: 'created' };
+            }
+            throw error;
+        }
+    }
+    /**
+     * List secrets, optionally filtered by prefix.
+     *
+     * @param prefix - Optional key prefix filter
+     * @returns List of secret metadata (keys only, not values)
+     */
+    async list(prefix) {
+        const body = { action: 'list' };
+        if (prefix) {
+            body.prefix = prefix;
+        }
+        const result = await this.client.request({
+            endpoint: '/api/warden/secrets',
+            body,
+        });
+        return result.secrets || [];
+    }
+    /**
+     * Delete a secret.
+     *
+     * @param key - Secret key to delete
+     * @returns Operation result
+     */
+    async delete(key) {
+        return this.client.request({
+            endpoint: '/api/warden/secrets',
+            body: { action: 'delete', key },
+        });
+    }
+}
+//# sourceMappingURL=secrets.js.map

package/dist/namespaces/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/namespaces/secrets.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAeH,MAAM,OAAO,gBAAgB;IACP;IAApB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C;;;;;OAKG;IACH,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB;YAC5D,QAAQ,EAAE,qBAAqB;YAC/B,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE;SAC7B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;IAC9B,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,MAAM,CACV,GAAW,EACX,KAAa,EACb,OAAgB;QAEhB,MAAM,IAAI,GAA4B;YACpC,MAAM,EAAE,QAAQ;YAChB,GAAG;YACH,KAAK;SACN,CAAC;QACF,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAe;gBACrD,QAAQ,EAAE,qBAAqB;gBAC/B,IAAI;aACL,CAAC,CAAC;YACH,OAAO,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,qDAAqD;YACrD,IACE,KAAK,YAAY,KAAK;gBACtB,YAAY,IAAI,KAAK;gBACpB,KAAgC,CAAC,UAAU,KAAK,GAAG,EACpD,CAAC;gBACD,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC;gBACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAe;oBACrD,QAAQ,EAAE,qBAAqB;oBAC/B,IAAI;iBACL,CAAC,CAAC;gBACH,OAAO,EAAE,GAAG,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;YAC7C,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI,CAAC,MAAe;QACxB,MAAM,IAAI,GAA4B,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACzD,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAErC;YACD,QAAQ,EAAE,qBAAqB;YAC/B,IAAI;SACL,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,qBAAqB;YAC/B,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/namespaces/secure.d.ts

@@ -0,0 +1,102 @@
+/**
+ * Secure Namespace - Operations requiring audit logging.
+ *
+ * Provides convenience methods for accessing tables registered as secure.
+ * All operations automatically include reason/actor for audit trail.
+ *
+ * Secure tables are registered via auth.createSecureTable() and require
+ * a justification reason for every access.
+ */
+import type { DominusClient } from '../lib/client.js';
+import type { QueryResult, TableInfo, ColumnInfo } from './db.js';
+export interface SecureQueryOptions {
+    schema?: string;
+    filters?: Record<string, unknown>;
+    sortBy?: string;
+    sortOrder?: 'ASC' | 'DESC';
+    limit?: number;
+    offset?: number;
+}
+export interface SecureAccessContext {
+    /** Justification for accessing secure data (required) */
+    reason: string;
+    /** User ID or identifier performing the action */
+    actor: string;
+}
+export declare class SecureNamespace {
+    private client;
+    constructor(client: DominusClient);
+    /**
+     * List tables in a schema.
+     *
+     * @param schema - Schema name (default: "public")
+     * @returns List of table metadata
+     */
+    tables(schema?: string): Promise<TableInfo[]>;
+    /**
+     * List columns in a table.
+     *
+     * @param table - Table name
+     * @param schema - Schema name (default: "public")
+     * @returns List of column metadata
+     */
+    columns(table: string, schema?: string): Promise<ColumnInfo[]>;
+    /**
+     * Query secure table data with audit logging.
+     *
+     * @param table - Table name
+     * @param context - Access context (reason and actor required)
+     * @param options - Query options
+     * @returns Query result with rows and total count
+     */
+    query(table: string, context: SecureAccessContext, options?: SecureQueryOptions): Promise<QueryResult>;
+    /**
+     * Insert a row into a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param data - Column:value dictionary
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Inserted row data
+     */
+    insert(table: string, data: Record<string, unknown>, context: SecureAccessContext, schema?: string): Promise<Record<string, unknown>>;
+    /**
+     * Update rows in a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param data - Column:value dictionary of updates
+     * @param filters - Column:value dictionary for WHERE clause
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Affected rows count
+     */
+    update(table: string, data: Record<string, unknown>, filters: Record<string, unknown>, context: SecureAccessContext, schema?: string): Promise<{
+        affected_rows: number;
+    }>;
+    /**
+     * Delete rows from a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param filters - Column:value dictionary for WHERE clause
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Affected rows count
+     */
+    delete(table: string, filters: Record<string, unknown>, context: SecureAccessContext, schema?: string): Promise<{
+        affected_rows: number;
+    }>;
+    /**
+     * Insert multiple rows into a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param rows - List of column:value dictionaries
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Insert count and optionally rows
+     */
+    bulkInsert(table: string, rows: Array<Record<string, unknown>>, context: SecureAccessContext, schema?: string): Promise<{
+        inserted_count: number;
+        rows?: Array<Record<string, unknown>>;
+    }>;
+}
+//# sourceMappingURL=secure.d.ts.map

package/dist/namespaces/secure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure.d.ts","sourceRoot":"","sources":["../../src/namespaces/secure.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAElE,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,MAAM,EAAE,MAAM,CAAC;IACf,kDAAkD;IAClD,KAAK,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAMzC;;;;;OAKG;IACG,MAAM,CAAC,MAAM,SAAW,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IASrD;;;;;;OAMG;IACG,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,SAAW,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAStE;;;;;;;OAOG;IACG,KAAK,CACT,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,mBAAmB,EAC5B,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC;IAwBvB;;;;;;;;OAQG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,mBAAmB,EAC5B,MAAM,SAAW,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC;;;;;;;;;OASG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,EAAE,mBAAmB,EAC5B,MAAM,SAAW,GAChB,OAAO,CAAC;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAYrC;;;;;;;;OAQG;IACG,MAAM,CACV,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,OAAO,EAAE,mBAAmB,EAC5B,MAAM,SAAW,GAChB,OAAO,CAAC;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAWrC;;;;;;;;OAQG;IACG,UAAU,CACd,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,EACpC,OAAO,EAAE,mBAAmB,EAC5B,MAAM,SAAW,GAChB,OAAO,CAAC;QAAE,cAAc,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;KAAE,CAAC;CAU9E"}

package/dist/namespaces/secure.js

@@ -0,0 +1,151 @@
+/**
+ * Secure Namespace - Operations requiring audit logging.
+ *
+ * Provides convenience methods for accessing tables registered as secure.
+ * All operations automatically include reason/actor for audit trail.
+ *
+ * Secure tables are registered via auth.createSecureTable() and require
+ * a justification reason for every access.
+ */
+export class SecureNamespace {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    // ========================================
+    // SECURE DATA OPERATIONS
+    // ========================================
+    /**
+     * List tables in a schema.
+     *
+     * @param schema - Schema name (default: "public")
+     * @returns List of table metadata
+     */
+    async tables(schema = 'public') {
+        const result = await this.client.request({
+            endpoint: `/api/scribe/data/${schema}/tables`,
+            method: 'GET',
+        });
+        if (Array.isArray(result))
+            return result;
+        return result.tables || [];
+    }
+    /**
+     * List columns in a table.
+     *
+     * @param table - Table name
+     * @param schema - Schema name (default: "public")
+     * @returns List of column metadata
+     */
+    async columns(table, schema = 'public') {
+        const result = await this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/columns`,
+            method: 'GET',
+        });
+        if (Array.isArray(result))
+            return result;
+        return result.columns || [];
+    }
+    /**
+     * Query secure table data with audit logging.
+     *
+     * @param table - Table name
+     * @param context - Access context (reason and actor required)
+     * @param options - Query options
+     * @returns Query result with rows and total count
+     */
+    async query(table, context, options = {}) {
+        const { schema = 'public', filters, sortBy, sortOrder = 'ASC', limit = 100, offset = 0, } = options;
+        return this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/query`,
+            body: {
+                filters,
+                sort_by: sortBy,
+                sort_order: sortOrder,
+                limit,
+                offset,
+                reason: context.reason,
+                actor: context.actor,
+            },
+        });
+    }
+    /**
+     * Insert a row into a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param data - Column:value dictionary
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Inserted row data
+     */
+    async insert(table, data, context, schema = 'public') {
+        return this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/insert`,
+            body: {
+                data,
+                reason: context.reason,
+                actor: context.actor,
+            },
+        });
+    }
+    /**
+     * Update rows in a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param data - Column:value dictionary of updates
+     * @param filters - Column:value dictionary for WHERE clause
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Affected rows count
+     */
+    async update(table, data, filters, context, schema = 'public') {
+        return this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/update`,
+            body: {
+                data,
+                filters,
+                reason: context.reason,
+                actor: context.actor,
+            },
+        });
+    }
+    /**
+     * Delete rows from a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param filters - Column:value dictionary for WHERE clause
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Affected rows count
+     */
+    async delete(table, filters, context, schema = 'public') {
+        return this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/delete`,
+            body: {
+                filters,
+                reason: context.reason,
+                actor: context.actor,
+            },
+        });
+    }
+    /**
+     * Insert multiple rows into a secure table with audit logging.
+     *
+     * @param table - Table name
+     * @param rows - List of column:value dictionaries
+     * @param context - Access context (reason and actor required)
+     * @param schema - Schema name (default: "public")
+     * @returns Insert count and optionally rows
+     */
+    async bulkInsert(table, rows, context, schema = 'public') {
+        return this.client.request({
+            endpoint: `/api/scribe/data/${schema}/${table}/bulk-insert`,
+            body: {
+                rows,
+                reason: context.reason,
+                actor: context.actor,
+            },
+        });
+    }
+}
+//# sourceMappingURL=secure.js.map

package/dist/namespaces/secure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure.js","sourceRoot":"","sources":["../../src/namespaces/secure.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqBH,MAAM,OAAO,eAAe;IACN;IAApB,YAAoB,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAE7C,2CAA2C;IAC3C,yBAAyB;IACzB,2CAA2C;IAE3C;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,QAAQ;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAyC;YAC/E,QAAQ,EAAE,oBAAoB,MAAM,SAAS;YAC7C,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,OAAO,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,KAAa,EAAE,MAAM,GAAG,QAAQ;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAA4C;YAClF,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,UAAU;YACvD,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QACH,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,OAAO,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,KAAK,CACT,KAAa,EACb,OAA4B,EAC5B,UAA8B,EAAE;QAEhC,MAAM,EACJ,MAAM,GAAG,QAAQ,EACjB,OAAO,EACP,MAAM,EACN,SAAS,GAAG,KAAK,EACjB,KAAK,GAAG,GAAG,EACX,MAAM,GAAG,CAAC,GACX,GAAG,OAAO,CAAC;QAEZ,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAc;YACtC,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,QAAQ;YACrD,IAAI,EAAE;gBACJ,OAAO;gBACP,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,SAAS;gBACrB,KAAK;gBACL,MAAM;gBACN,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,MAAM,CACV,KAAa,EACb,IAA6B,EAC7B,OAA4B,EAC5B,MAAM,GAAG,QAAQ;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,SAAS;YACtD,IAAI,EAAE;gBACJ,IAAI;gBACJ,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM,CACV,KAAa,EACb,IAA6B,EAC7B,OAAgC,EAChC,OAA4B,EAC5B,MAAM,GAAG,QAAQ;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,SAAS;YACtD,IAAI,EAAE;gBACJ,IAAI;gBACJ,OAAO;gBACP,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,MAAM,CACV,KAAa,EACb,OAAgC,EAChC,OAA4B,EAC5B,MAAM,GAAG,QAAQ;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,SAAS;YACtD,IAAI,EAAE;gBACJ,OAAO;gBACP,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,UAAU,CACd,KAAa,EACb,IAAoC,EACpC,OAA4B,EAC5B,MAAM,GAAG,QAAQ;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YACzB,QAAQ,EAAE,oBAAoB,MAAM,IAAI,KAAK,cAAc;YAC3D,IAAI,EAAE;gBACJ,IAAI;gBACJ,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;CACF"}