effect 4.0.0-beta.44 → 4.0.0-beta.45

package/dist/unstable/eventlog/EventLogSessionAuth.js

@@ -0,0 +1,284 @@
+/**
+ * @since 4.0.0
+ */
+import * as Data from "../../Data.js";
+import * as Effect from "../../Effect.js";
+const textEncoder = /*#__PURE__*/new TextEncoder();
+const textDecoder = /*#__PURE__*/new TextDecoder("utf-8", {
+  fatal: true
+});
+const constLengthPrefixBytes = 4;
+/**
+ * @since 4.0.0
+ * @category constants
+ */
+export const AuthPayloadContext = "eventlog-auth-v1";
+/**
+ * @since 4.0.0
+ * @category constants
+ */
+export const Ed25519PublicKeyLength = 32;
+/**
+ * @since 4.0.0
+ * @category constants
+ */
+export const Ed25519SignatureLength = 64;
+/**
+ * @since 4.0.0
+ * @category constants
+ */
+export const SessionAuthChallengeLength = 32;
+/**
+ * @since 4.0.0
+ * @category constants
+ */
+export const SessionAuthChallengeTimeToLiveMillis = 30_000;
+/**
+ * @since 4.0.0
+ * @category errors
+ */
+export class EventLogSessionAuthError extends /*#__PURE__*/Data.TaggedError("EventLogSessionAuthError") {}
+const toArrayBuffer = data => {
+  const copy = new Uint8Array(data.byteLength);
+  copy.set(data);
+  return copy.buffer;
+};
+const decodeUtf8 = bytes => Effect.try({
+  try: () => textDecoder.decode(bytes),
+  catch: cause => new EventLogSessionAuthError({
+    reason: "InvalidPayload",
+    message: "Session auth payload contains invalid UTF-8 bytes",
+    cause
+  })
+});
+const assertSigningPublicKeyLength = signingPublicKey => {
+  if (signingPublicKey.byteLength === Ed25519PublicKeyLength) return Effect.void;
+  return Effect.fail(new EventLogSessionAuthError({
+    reason: "InvalidSigningPublicKeyLength",
+    message: `Expected signingPublicKey length to be ${Ed25519PublicKeyLength} bytes, received ${signingPublicKey.byteLength}`
+  }));
+};
+const assertSignatureLength = signature => {
+  if (signature.byteLength === Ed25519SignatureLength) return Effect.void;
+  return Effect.fail(new EventLogSessionAuthError({
+    reason: "InvalidSignatureLength",
+    message: `Expected signature length to be ${Ed25519SignatureLength} bytes, received ${signature.byteLength}`
+  }));
+};
+const getSubtle = /*#__PURE__*/Effect.suspend(() => {
+  const subtle = globalThis.crypto?.subtle;
+  if (subtle === undefined) {
+    return Effect.fail(new EventLogSessionAuthError({
+      reason: "CryptoUnavailable",
+      message: "globalThis.crypto.subtle is not available"
+    }));
+  }
+  return Effect.succeed(subtle);
+});
+const getCrypto = /*#__PURE__*/Effect.suspend(() => {
+  const crypto = globalThis.crypto;
+  if (crypto === undefined) {
+    return Effect.fail(new EventLogSessionAuthError({
+      reason: "CryptoUnavailable",
+      message: "globalThis.crypto is not available"
+    }));
+  }
+  return Effect.succeed(crypto);
+});
+const writeLength = (target, offset, length) => {
+  if (length < 0 || length > 0xffff_ffff) {
+    return Effect.fail(new EventLogSessionAuthError({
+      reason: "InvalidPayload",
+      message: `Invalid canonical field length: ${length}`
+    }));
+  }
+  target[offset] = length >>> 24 & 0xff;
+  target[offset + 1] = length >>> 16 & 0xff;
+  target[offset + 2] = length >>> 8 & 0xff;
+  target[offset + 3] = length & 0xff;
+  return Effect.succeed(offset + constLengthPrefixBytes);
+};
+const readLength = (source, offset) => (source[offset] << 24 | source[offset + 1] << 16 | source[offset + 2] << 8 | source[offset + 3]) >>> 0;
+const readField = (payload, state) => {
+  if (state.offset + constLengthPrefixBytes > payload.byteLength) {
+    return Effect.fail(new EventLogSessionAuthError({
+      reason: "InvalidPayload",
+      message: "Session auth payload is truncated before field length"
+    }));
+  }
+  const length = readLength(payload, state.offset);
+  state.offset += constLengthPrefixBytes;
+  if (state.offset + length > payload.byteLength) {
+    return Effect.fail(new EventLogSessionAuthError({
+      reason: "InvalidPayload",
+      message: "Session auth payload is truncated inside a field"
+    }));
+  }
+  const field = payload.slice(state.offset, state.offset + length);
+  state.offset += length;
+  return Effect.succeed(field);
+};
+const bytesToHex = bytes => {
+  let hex = "";
+  for (const byte of bytes) {
+    hex += byte.toString(16).padStart(2, "0");
+  }
+  return hex;
+};
+const encodeRemoteIdField = remoteId => typeof remoteId === "string" ? textEncoder.encode(remoteId) : textEncoder.encode(bytesToHex(remoteId));
+/**
+ * Canonical payload format uses ordered big-endian length-prefixed fields:
+ *
+ * 1. context (fixed: eventlog-auth-v1)
+ * 2. remoteId
+ * 3. challenge bytes
+ * 4. publicKey
+ * 5. signingPublicKey bytes
+ *
+ * @since 4.0.0
+ * @category encoding
+ */
+export const encodeSessionAuthPayload = /*#__PURE__*/Effect.fnUntraced(function* (payload) {
+  yield* assertSigningPublicKeyLength(payload.signingPublicKey);
+  const fields = [textEncoder.encode(AuthPayloadContext), encodeRemoteIdField(payload.remoteId), payload.challenge, textEncoder.encode(payload.publicKey), payload.signingPublicKey];
+  const totalLength = fields.reduce((total, field) => total + constLengthPrefixBytes + field.byteLength, 0);
+  const encoded = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const field of fields) {
+    offset = yield* writeLength(encoded, offset, field.byteLength);
+    encoded.set(field, offset);
+    offset += field.byteLength;
+  }
+  return encoded;
+});
+/**
+ * @since 4.0.0
+ * @category encoding
+ */
+export const decodeSessionAuthPayload = /*#__PURE__*/Effect.fnUntraced(function* (payload) {
+  const state = {
+    offset: 0
+  };
+  const context = yield* decodeUtf8(yield* readField(payload, state));
+  if (context !== AuthPayloadContext) {
+    return yield* new EventLogSessionAuthError({
+      reason: "InvalidContext",
+      message: `Invalid session auth payload context: ${context}`
+    });
+  }
+  const remoteId = yield* decodeUtf8(yield* readField(payload, state));
+  const challenge = yield* readField(payload, state);
+  const publicKey = yield* decodeUtf8(yield* readField(payload, state));
+  const signingPublicKey = yield* readField(payload, state);
+  yield* assertSigningPublicKeyLength(signingPublicKey);
+  if (state.offset !== payload.byteLength) {
+    return yield* new EventLogSessionAuthError({
+      reason: "InvalidPayload",
+      message: "Session auth payload contains trailing bytes"
+    });
+  }
+  return {
+    remoteId,
+    challenge,
+    publicKey,
+    signingPublicKey
+  };
+});
+/**
+ * @since 4.0.0
+ * @category signing
+ */
+export const signSessionAuthPayloadBytes = /*#__PURE__*/Effect.fnUntraced(function* (options) {
+  yield* decodeSessionAuthPayload(options.payload);
+  const subtle = yield* getSubtle;
+  let privateKey = yield* Effect.tryPromise({
+    try: () => subtle.importKey("pkcs8", toArrayBuffer(options.signingPrivateKey), "Ed25519", false, ["sign"]),
+    catch: cause => new EventLogSessionAuthError({
+      reason: "InvalidSigningPrivateKey",
+      message: "Failed to import Ed25519 signing private key (expected PKCS#8 bytes)",
+      cause
+    })
+  });
+  const signature = yield* Effect.tryPromise({
+    try: () => subtle.sign("Ed25519", privateKey, toArrayBuffer(options.payload)),
+    catch: cause => new EventLogSessionAuthError({
+      reason: "CryptoFailure",
+      message: "Failed to sign canonical session auth payload",
+      cause
+    })
+  });
+  return new Uint8Array(signature);
+});
+/**
+ * @since 4.0.0
+ * @category verification
+ */
+export const verifySessionAuthPayloadBytes = /*#__PURE__*/Effect.fnUntraced(function* (options) {
+  yield* decodeSessionAuthPayload(options.payload);
+  yield* assertSigningPublicKeyLength(options.signingPublicKey);
+  yield* assertSignatureLength(options.signature);
+  const subtle = yield* getSubtle;
+  const publicKey = yield* Effect.tryPromise({
+    try: () => subtle.importKey("raw", toArrayBuffer(options.signingPublicKey), "Ed25519", false, ["verify"]),
+    catch: cause => new EventLogSessionAuthError({
+      reason: "InvalidSigningPublicKeyLength",
+      message: "Failed to import Ed25519 signing public key",
+      cause
+    })
+  });
+  return yield* Effect.tryPromise({
+    try: () => subtle.verify("Ed25519", publicKey, toArrayBuffer(options.signature), toArrayBuffer(options.payload)),
+    catch: cause => new EventLogSessionAuthError({
+      reason: "CryptoFailure",
+      message: "Failed to verify canonical session auth payload signature",
+      cause
+    })
+  });
+});
+/**
+ * @since 4.0.0
+ * @category signing
+ */
+export const signSessionAuthPayload = options => encodeSessionAuthPayload(options).pipe(Effect.flatMap(payload => signSessionAuthPayloadBytes({
+  payload,
+  signingPrivateKey: options.signingPrivateKey
+})));
+/**
+ * @since 4.0.0
+ * @category verification
+ */
+export const verifySessionAuthPayload = options => encodeSessionAuthPayload(options).pipe(Effect.flatMap(payload => verifySessionAuthPayloadBytes({
+  payload,
+  signingPublicKey: options.signingPublicKey,
+  signature: options.signature
+})));
+/**
+ * @since 4.0.0
+ * @category challenge
+ */
+export const makeSessionAuthChallenge = /*#__PURE__*/Effect.gen(function* () {
+  const crypto = yield* getCrypto;
+  const challenge = new Uint8Array(SessionAuthChallengeLength);
+  crypto.getRandomValues(challenge);
+  return challenge;
+});
+/**
+ * @since 4.0.0
+ * @category verification
+ */
+export const verifySessionAuthenticateRequest = /*#__PURE__*/Effect.fnUntraced(function* (options) {
+  if (options.algorithm !== "Ed25519") {
+    return yield* new EventLogSessionAuthError({
+      reason: "InvalidAlgorithm",
+      message: `Unsupported session auth algorithm: ${options.algorithm}`
+    });
+  }
+  return yield* verifySessionAuthPayload({
+    remoteId: options.remoteId,
+    challenge: options.challenge,
+    publicKey: options.publicKey,
+    signingPublicKey: options.signingPublicKey,
+    signature: options.signature
+  });
+});
+//# sourceMappingURL=EventLogSessionAuth.js.map

package/dist/unstable/eventlog/EventLogSessionAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EventLogSessionAuth.js","names":["Data","Effect","textEncoder","TextEncoder","textDecoder","TextDecoder","fatal","constLengthPrefixBytes","AuthPayloadContext","Ed25519PublicKeyLength","Ed25519SignatureLength","SessionAuthChallengeLength","SessionAuthChallengeTimeToLiveMillis","EventLogSessionAuthError","TaggedError","toArrayBuffer","data","copy","Uint8Array","byteLength","set","buffer","decodeUtf8","bytes","try","decode","catch","cause","reason","message","assertSigningPublicKeyLength","signingPublicKey","void","fail","assertSignatureLength","signature","getSubtle","suspend","subtle","globalThis","crypto","undefined","succeed","getCrypto","writeLength","target","offset","length","readLength","source","readField","payload","state","field","slice","bytesToHex","hex","byte","toString","padStart","encodeRemoteIdField","remoteId","encode","encodeSessionAuthPayload","fnUntraced","fields","challenge","publicKey","totalLength","reduce","total","encoded","decodeSessionAuthPayload","context","signSessionAuthPayloadBytes","options","privateKey","tryPromise","importKey","signingPrivateKey","sign","verifySessionAuthPayloadBytes","verify","signSessionAuthPayload","pipe","flatMap","verifySessionAuthPayload","makeSessionAuthChallenge","gen","getRandomValues","verifySessionAuthenticateRequest","algorithm"],"sources":["../../../src/unstable/eventlog/EventLogSessionAuth.ts"],"sourcesContent":[null],"mappings":"AAAA;;;AAGA,OAAO,KAAKA,IAAI,MAAM,eAAe;AACrC,OAAO,KAAKC,MAAM,MAAM,iBAAiB;AAEzC,MAAMC,WAAW,gBAAG,IAAIC,WAAW,EAAE;AACrC,MAAMC,WAAW,gBAAG,IAAIC,WAAW,CAAC,OAAO,EAAE;EAAEC,KAAK,EAAE;AAAI,CAAE,CAAC;AAE7D,MAAMC,sBAAsB,GAAG,CAAC;AAEhC;;;;AAIA,OAAO,MAAMC,kBAAkB,GAAG,kBAAkB;AAEpD;;;;AAIA,OAAO,MAAMC,sBAAsB,GAAG,EAAE;AAExC;;;;AAIA,OAAO,MAAMC,sBAAsB,GAAG,EAAE;AAExC;;;;AAIA,OAAO,MAAMC,0BAA0B,GAAG,EAAE;AAE5C;;;;AAIA,OAAO,MAAMC,oCAAoC,GAAG,MAAM;AAa1D;;;;AAIA,OAAM,MAAOC,wBAAyB,sBAAQb,IAAI,CAACc,WAAW,CAAC,0BAA0B,CAYvF;AAEF,MAAMC,aAAa,GAAIC,IAAgB,IAAiB;EACtD,MAAMC,IAAI,GAAG,IAAIC,UAAU,CAACF,IAAI,CAACG,UAAU,CAAC;EAC5CF,IAAI,CAACG,GAAG,CAACJ,IAAI,CAAC;EACd,OAAOC,IAAI,CAACI,MAAM;AACpB,CAAC;AAED,MAAMC,UAAU,GAAIC,KAAiB,IACnCtB,MAAM,CAACuB,GAAG,CAAC;EACTA,GAAG,EAAEA,CAAA,KAAMpB,WAAW,CAACqB,MAAM,CAACF,KAAK,CAAC;EACpCG,KAAK,EAAGC,KAAK,IACX,IAAId,wBAAwB,CAAC;IAC3Be,MAAM,EAAE,gBAAgB;IACxBC,OAAO,EAAE,mDAAmD;IAC5DF;GACD;CACJ,CAAC;AAEJ,MAAMG,4BAA4B,GAAIC,gBAA4B,IAAmD;EACnH,IAAIA,gBAAgB,CAACZ,UAAU,KAAKV,sBAAsB,EAAE,OAAOR,MAAM,CAAC+B,IAAI;EAC9E,OAAO/B,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;IAC3Be,MAAM,EAAE,+BAA+B;IACvCC,OAAO,EACL,0CAA0CpB,sBAAsB,oBAAoBsB,gBAAgB,CAACZ,UAAU;GAClH,CAAC,CACH;AACH,CAAC;AAED,MAAMe,qBAAqB,GAAIC,SAAqB,IAAmD;EACrG,IAAIA,SAAS,CAAChB,UAAU,KAAKT,sBAAsB,EAAE,OAAOT,MAAM,CAAC+B,IAAI;EACvE,OAAO/B,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;IAC3Be,MAAM,EAAE,wBAAwB;IAChCC,OAAO,EAAE,mCAAmCnB,sBAAsB,oBAAoByB,SAAS,CAAChB,UAAU;GAC3G,CAAC,CACH;AACH,CAAC;AAED,MAAMiB,SAAS,gBAAGnC,MAAM,CAACoC,OAAO,CAAC,MAAK;EACpC,MAAMC,MAAM,GAAGC,UAAU,CAACC,MAAM,EAAEF,MAAM;EACxC,IAAIA,MAAM,KAAKG,SAAS,EAAE;IACxB,OAAOxC,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,mBAAmB;MAC3BC,OAAO,EAAE;KACV,CAAC,CACH;EACH;EACA,OAAO5B,MAAM,CAACyC,OAAO,CAACJ,MAAM,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAMK,SAAS,gBAAG1C,MAAM,CAACoC,OAAO,CAAC,MAAK;EACpC,MAAMG,MAAM,GAAGD,UAAU,CAACC,MAAM;EAChC,IAAIA,MAAM,KAAKC,SAAS,EAAE;IACxB,OAAOxC,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,mBAAmB;MAC3BC,OAAO,EAAE;KACV,CAAC,CACH;EACH;EACA,OAAO5B,MAAM,CAACyC,OAAO,CAACF,MAAM,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAMI,WAAW,GAAGA,CAClBC,MAAkB,EAClBC,MAAc,EACdC,MAAc,KACqC;EACnD,IAAIA,MAAM,GAAG,CAAC,IAAIA,MAAM,GAAG,WAAW,EAAE;IACtC,OAAO9C,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,gBAAgB;MACxBC,OAAO,EAAE,mCAAmCkB,MAAM;KACnD,CAAC,CACH;EACH;EAEAF,MAAM,CAACC,MAAM,CAAC,GAAIC,MAAM,KAAK,EAAE,GAAI,IAAI;EACvCF,MAAM,CAACC,MAAM,GAAG,CAAC,CAAC,GAAIC,MAAM,KAAK,EAAE,GAAI,IAAI;EAC3CF,MAAM,CAACC,MAAM,GAAG,CAAC,CAAC,GAAIC,MAAM,KAAK,CAAC,GAAI,IAAI;EAC1CF,MAAM,CAACC,MAAM,GAAG,CAAC,CAAC,GAAGC,MAAM,GAAG,IAAI;EAElC,OAAO9C,MAAM,CAACyC,OAAO,CAACI,MAAM,GAAGvC,sBAAsB,CAAC;AACxD,CAAC;AAED,MAAMyC,UAAU,GAAGA,CAACC,MAAkB,EAAEH,MAAc,KACpD,CACGG,MAAM,CAACH,MAAM,CAAE,IAAI,EAAE,GACrBG,MAAM,CAACH,MAAM,GAAG,CAAC,CAAE,IAAI,EAAG,GAC1BG,MAAM,CAACH,MAAM,GAAG,CAAC,CAAE,IAAI,CAAE,GAC1BG,MAAM,CAACH,MAAM,GAAG,CAAC,CAAE,MACf,CAAC;AAET,MAAMI,SAAS,GAAGA,CAChBC,OAAmB,EACnBC,KAAyB,KAC8B;EACvD,IAAIA,KAAK,CAACN,MAAM,GAAGvC,sBAAsB,GAAG4C,OAAO,CAAChC,UAAU,EAAE;IAC9D,OAAOlB,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,gBAAgB;MACxBC,OAAO,EAAE;KACV,CAAC,CACH;EACH;EAEA,MAAMkB,MAAM,GAAGC,UAAU,CAACG,OAAO,EAAEC,KAAK,CAACN,MAAM,CAAC;EAChDM,KAAK,CAACN,MAAM,IAAIvC,sBAAsB;EAEtC,IAAI6C,KAAK,CAACN,MAAM,GAAGC,MAAM,GAAGI,OAAO,CAAChC,UAAU,EAAE;IAC9C,OAAOlB,MAAM,CAACgC,IAAI,CAChB,IAAIpB,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,gBAAgB;MACxBC,OAAO,EAAE;KACV,CAAC,CACH;EACH;EAEA,MAAMwB,KAAK,GAAGF,OAAO,CAACG,KAAK,CAACF,KAAK,CAACN,MAAM,EAAEM,KAAK,CAACN,MAAM,GAAGC,MAAM,CAAC;EAChEK,KAAK,CAACN,MAAM,IAAIC,MAAM;EACtB,OAAO9C,MAAM,CAACyC,OAAO,CAACW,KAAK,CAAC;AAC9B,CAAC;AAED,MAAME,UAAU,GAAIhC,KAAiB,IAAY;EAC/C,IAAIiC,GAAG,GAAG,EAAE;EACZ,KAAK,MAAMC,IAAI,IAAIlC,KAAK,EAAE;IACxBiC,GAAG,IAAIC,IAAI,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC;EAC3C;EACA,OAAOH,GAAG;AACZ,CAAC;AAED,MAAMI,mBAAmB,GAAIC,QAA6B,IACxD,OAAOA,QAAQ,KAAK,QAAQ,GACxB3D,WAAW,CAAC4D,MAAM,CAACD,QAAQ,CAAC,GAC5B3D,WAAW,CAAC4D,MAAM,CAACP,UAAU,CAACM,QAAQ,CAAC,CAAC;AAE9C;;;;;;;;;;;;AAYA,OAAO,MAAME,wBAAwB,gBAAG9D,MAAM,CAAC+D,UAAU,CAAC,WAAUb,OAA2B;EAC7F,OAAOrB,4BAA4B,CAACqB,OAAO,CAACpB,gBAAgB,CAAC;EAE7D,MAAMkC,MAAM,GAAG,CACb/D,WAAW,CAAC4D,MAAM,CAACtD,kBAAkB,CAAC,EACtCoD,mBAAmB,CAACT,OAAO,CAACU,QAAQ,CAAC,EACrCV,OAAO,CAACe,SAAS,EACjBhE,WAAW,CAAC4D,MAAM,CAACX,OAAO,CAACgB,SAAS,CAAC,EACrChB,OAAO,CAACpB,gBAAgB,CACzB;EAED,MAAMqC,WAAW,GAAGH,MAAM,CAACI,MAAM,CAC/B,CAACC,KAAK,EAAEjB,KAAK,KAAKiB,KAAK,GAAG/D,sBAAsB,GAAG8C,KAAK,CAAClC,UAAU,EACnE,CAAC,CACF;EACD,MAAMoD,OAAO,GAAG,IAAIrD,UAAU,CAACkD,WAAW,CAAC;EAE3C,IAAItB,MAAM,GAAG,CAAC;EACd,KAAK,MAAMO,KAAK,IAAIY,MAAM,EAAE;IAC1BnB,MAAM,GAAG,OAAOF,WAAW,CAAC2B,OAAO,EAAEzB,MAAM,EAAEO,KAAK,CAAClC,UAAU,CAAC;IAC9DoD,OAAO,CAACnD,GAAG,CAACiC,KAAK,EAAEP,MAAM,CAAC;IAC1BA,MAAM,IAAIO,KAAK,CAAClC,UAAU;EAC5B;EAEA,OAAOoD,OAAO;AAChB,CAAC,CAAC;AAEF;;;;AAIA,OAAO,MAAMC,wBAAwB,gBAAGvE,MAAM,CAAC+D,UAAU,CACvD,WAAUb,OAAmB;EAC3B,MAAMC,KAAK,GAAG;IAAEN,MAAM,EAAE;EAAC,CAAE;EAC3B,MAAM2B,OAAO,GAAG,OAAOnD,UAAU,CAAC,OAAO4B,SAAS,CAACC,OAAO,EAAEC,KAAK,CAAC,CAAC;EAEnE,IAAIqB,OAAO,KAAKjE,kBAAkB,EAAE;IAClC,OAAO,OAAO,IAAIK,wBAAwB,CAAC;MACzCe,MAAM,EAAE,gBAAgB;MACxBC,OAAO,EAAE,yCAAyC4C,OAAO;KAC1D,CAAC;EACJ;EAEA,MAAMZ,QAAQ,GAAG,OAAOvC,UAAU,CAAC,OAAO4B,SAAS,CAACC,OAAO,EAAEC,KAAK,CAAC,CAAC;EACpE,MAAMc,SAAS,GAAG,OAAOhB,SAAS,CAACC,OAAO,EAAEC,KAAK,CAAC;EAClD,MAAMe,SAAS,GAAG,OAAO7C,UAAU,CAAC,OAAO4B,SAAS,CAACC,OAAO,EAAEC,KAAK,CAAC,CAAC;EACrE,MAAMrB,gBAAgB,GAAG,OAAOmB,SAAS,CAACC,OAAO,EAAEC,KAAK,CAAC;EACzD,OAAOtB,4BAA4B,CAACC,gBAAgB,CAAC;EAErD,IAAIqB,KAAK,CAACN,MAAM,KAAKK,OAAO,CAAChC,UAAU,EAAE;IACvC,OAAO,OAAO,IAAIN,wBAAwB,CAAC;MACzCe,MAAM,EAAE,gBAAgB;MACxBC,OAAO,EAAE;KACV,CAAC;EACJ;EAEA,OAAO;IACLgC,QAAQ;IACRK,SAAS;IACTC,SAAS;IACTpC;GACD;AACH,CAAC,CACF;AAED;;;;AAIA,OAAO,MAAM2C,2BAA2B,gBAAGzE,MAAM,CAAC+D,UAAU,CAAC,WAAUW,OAGtE;EACC,OAAOH,wBAAwB,CAACG,OAAO,CAACxB,OAAO,CAAC;EAEhD,MAAMb,MAAM,GAAG,OAAOF,SAAS;EAC/B,IAAIwC,UAAU,GAAG,OAAO3E,MAAM,CAAC4E,UAAU,CAAC;IACxCrD,GAAG,EAAEA,CAAA,KACHc,MAAM,CAACwC,SAAS,CACd,OAAO,EACP/D,aAAa,CAAC4D,OAAO,CAACI,iBAAiB,CAAC,EACxC,SAAS,EACT,KAAK,EACL,CAAC,MAAM,CAAC,CACT;IACHrD,KAAK,EAAGC,KAAK,IACX,IAAId,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,0BAA0B;MAClCC,OAAO,EAAE,sEAAsE;MAC/EF;KACD;GACJ,CAAC;EAEF,MAAMQ,SAAS,GAAG,OAAOlC,MAAM,CAAC4E,UAAU,CAAC;IACzCrD,GAAG,EAAEA,CAAA,KAAMc,MAAM,CAAC0C,IAAI,CAAC,SAAS,EAAEJ,UAAU,EAAE7D,aAAa,CAAC4D,OAAO,CAACxB,OAAO,CAAC,CAAC;IAC7EzB,KAAK,EAAGC,KAAK,IACX,IAAId,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,eAAe;MACvBC,OAAO,EAAE,+CAA+C;MACxDF;KACD;GACJ,CAAC;EACF,OAAO,IAAIT,UAAU,CAACiB,SAAS,CAAC;AAClC,CAAC,CAAC;AAEF;;;;AAIA,OAAO,MAAM8C,6BAA6B,gBAAGhF,MAAM,CAAC+D,UAAU,CAAC,WAAUW,OAIxE;EACC,OAAOH,wBAAwB,CAACG,OAAO,CAACxB,OAAO,CAAC;EAChD,OAAOrB,4BAA4B,CAAC6C,OAAO,CAAC5C,gBAAgB,CAAC;EAC7D,OAAOG,qBAAqB,CAACyC,OAAO,CAACxC,SAAS,CAAC;EAE/C,MAAMG,MAAM,GAAG,OAAOF,SAAS;EAC/B,MAAM+B,SAAS,GAAG,OAAOlE,MAAM,CAAC4E,UAAU,CAAC;IACzCrD,GAAG,EAAEA,CAAA,KAAMc,MAAM,CAACwC,SAAS,CAAC,KAAK,EAAE/D,aAAa,CAAC4D,OAAO,CAAC5C,gBAAgB,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC;IACzGL,KAAK,EAAGC,KAAK,IACX,IAAId,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,+BAA+B;MACvCC,OAAO,EAAE,6CAA6C;MACtDF;KACD;GACJ,CAAC;EAEF,OAAO,OAAO1B,MAAM,CAAC4E,UAAU,CAAC;IAC9BrD,GAAG,EAAEA,CAAA,KAAMc,MAAM,CAAC4C,MAAM,CAAC,SAAS,EAAEf,SAAS,EAAEpD,aAAa,CAAC4D,OAAO,CAACxC,SAAS,CAAC,EAAEpB,aAAa,CAAC4D,OAAO,CAACxB,OAAO,CAAC,CAAC;IAChHzB,KAAK,EAAGC,KAAK,IACX,IAAId,wBAAwB,CAAC;MAC3Be,MAAM,EAAE,eAAe;MACvBC,OAAO,EAAE,2DAA2D;MACpEF;KACD;GACJ,CAAC;AACJ,CAAC,CAAC;AAEF;;;;AAIA,OAAO,MAAMwD,sBAAsB,GACjCR,OAEC,IAEDZ,wBAAwB,CAACY,OAAO,CAAC,CAACS,IAAI,CACpCnF,MAAM,CAACoF,OAAO,CAAElC,OAAO,IACrBuB,2BAA2B,CAAC;EAC1BvB,OAAO;EACP4B,iBAAiB,EAAEJ,OAAO,CAACI;CAC5B,CAAC,CACH,CACF;AAEH;;;;AAIA,OAAO,MAAMO,wBAAwB,GACnCX,OAEC,IAEDZ,wBAAwB,CAACY,OAAO,CAAC,CAACS,IAAI,CACpCnF,MAAM,CAACoF,OAAO,CAAElC,OAAO,IACrB8B,6BAA6B,CAAC;EAC5B9B,OAAO;EACPpB,gBAAgB,EAAE4C,OAAO,CAAC5C,gBAAgB;EAC1CI,SAAS,EAAEwC,OAAO,CAACxC;CACpB,CAAC,CACH,CACF;AAEH;;;;AAIA,OAAO,MAAMoD,wBAAwB,gBAGjCtF,MAAM,CAACuF,GAAG,CAAC,aAAS;EACtB,MAAMhD,MAAM,GAAG,OAAOG,SAAS;EAC/B,MAAMuB,SAAS,GAAG,IAAIhD,UAAU,CAACP,0BAA0B,CAAC;EAC5D6B,MAAM,CAACiD,eAAe,CAACvB,SAAS,CAAC;EACjC,OAAOA,SAAS;AAClB,CAAC,CAAC;AAEF;;;;AAIA,OAAO,MAAMwB,gCAAgC,gBAAGzF,MAAM,CAAC+D,UAAU,CAAC,WAAUW,OAO3E;EACC,IAAIA,OAAO,CAACgB,SAAS,KAAK,SAAS,EAAE;IACnC,OAAO,OAAO,IAAI9E,wBAAwB,CAAC;MACzCe,MAAM,EAAE,kBAAkB;MAC1BC,OAAO,EAAE,uCAAuC8C,OAAO,CAACgB,SAAS;KAClE,CAAC;EACJ;EAEA,OAAO,OAAOL,wBAAwB,CAAC;IACrCzB,QAAQ,EAAEc,OAAO,CAACd,QAAQ;IAC1BK,SAAS,EAAES,OAAO,CAACT,SAAS;IAC5BC,SAAS,EAAEQ,OAAO,CAACR,SAAS;IAC5BpC,gBAAgB,EAAE4C,OAAO,CAAC5C,gBAAgB;IAC1CI,SAAS,EAAEwC,OAAO,CAACxC;GACpB,CAAC;AACJ,CAAC,CAAC","ignoreList":[]}

package/dist/unstable/eventlog/{SqlEventLogJournal.d.ts → SqlEventJournal.d.ts}

@@ -1,7 +1,7 @@
 import * as Effect from "../../Effect.ts";
 import * as Layer from "../../Layer.ts";
 import * as SqlClient from "../sql/SqlClient.ts";
-import type * as SqlError from "../sql/SqlError.ts";
+import * as SqlError from "../sql/SqlError.ts";
 import * as EventJournal from "./EventJournal.ts";
 /**
  * @since 4.0.0
@@ -19,4 +19,4 @@ export declare const layer: (options?: {
     readonly entryTable?: string;
     readonly remotesTable?: string;
 }) => Layer.Layer<EventJournal.EventJournal, SqlError.SqlError, SqlClient.SqlClient>;
-//# sourceMappingURL=SqlEventLogJournal.d.ts.map
+//# sourceMappingURL=SqlEventJournal.d.ts.map

package/dist/unstable/eventlog/SqlEventJournal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlEventJournal.d.ts","sourceRoot":"","sources":["../../../src/unstable/eventlog/SqlEventJournal.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,KAAK,MAAM,gBAAgB,CAAA;AAGvC,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAE9C,OAAO,KAAK,YAAY,MAAM,mBAAmB,CAAA;AAIjD;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAI,UAAU;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAC/B,KAAG,MAAM,CAAC,MAAM,CACf,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC,EACpC,QAAQ,CAAC,QAAQ,EACjB,SAAS,CAAC,SAAS,CA2OjB,CAAA;AAEJ;;;GAGG;AACH,eAAO,MAAM,KAAK,GAAI,UAAU;IAC9B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAC/B,KAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CACzB,CAAA"}

package/dist/unstable/eventlog/{SqlEventLogJournal.js → SqlEventJournal.js}

@@ -7,6 +7,7 @@ import * as Layer from "../../Layer.js";
 import * as PubSub from "../../PubSub.js";
 import * as Schema from "../../Schema.js";
 import * as SqlClient from "../sql/SqlClient.js";
+import * as SqlError from "../sql/SqlError.js";
 import * as SqlSchema from "../sql/SqlSchema.js";
 import * as EventJournal from "./EventJournal.js";
 /**
@@ -120,10 +121,10 @@ export const make = options => Effect.gen(function* () {
       yield* insertRemotes(remoteRows);
     }
     const uncommitted = options.entries.filter(entry => !existingIds.has(entry.entry.idString));
-    const brackets = options.compact ? yield* options.compact(uncommitted) : [[uncommitted.map(remoteEntry => remoteEntry.entry), uncommitted]];
-    for (const [compacted] of brackets) {
-      for (const entry of compacted) {
-        const conflicts = yield* sql`
+    const duplicateEntries = options.entries.filter(entry => existingIds.has(entry.entry.idString)).map(entry => entry.entry);
+    const compacted = options.compact ? yield* options.compact(uncommitted) : uncommitted.map(remoteEntry => remoteEntry.entry);
+    for (const entry of compacted) {
+      const conflicts = yield* sql`
             SELECT *
             FROM ${entryTableSql}
             WHERE event = ${entry.event} AND
@@ -131,12 +132,14 @@ export const make = options => Effect.gen(function* () {
                   timestamp >= ${entry.createdAtMillis}
             ORDER BY timestamp ASC
           `.pipe(Effect.flatMap(decodeEntryRows), Effect.map(toEntries));
-        yield* options.effect({
-          entry,
-          conflicts
-        });
-      }
+      yield* options.effect({
+        entry,
+        conflicts
+      });
     }
+    return {
+      duplicateEntries
+    };
   });
   return EventJournal.EventJournal.of({
     entries: sql`SELECT * FROM ${entryTableSql} ORDER BY timestamp ASC`.pipe(Effect.flatMap(decodeEntryRows), Effect.map(toEntries), Effect.mapError(cause => new EventJournal.EventJournalError({
@@ -161,11 +164,11 @@ export const make = options => Effect.gen(function* () {
       const value = yield* effect(entry);
       yield* PubSub.publish(pubsub, entry);
       return value;
-    }, sql.withTransaction, Effect.mapError(cause => new EventJournal.EventJournalError({
+    }, Effect.mapError(cause => new EventJournal.EventJournalError({
       cause,
       method: "write"
     }))),
-    writeFromRemote: options => writeFromRemote(options).pipe(sql.withTransaction, Effect.catchIf(e => e._tag !== "EventJournalError", cause => Effect.fail(new EventJournal.EventJournalError({
+    writeFromRemote: options => writeFromRemote(options).pipe(Effect.catchIf(e => e._tag !== "EventJournalError", cause => Effect.fail(new EventJournal.EventJournalError({
       cause,
       method: "writeFromRemote"
     })))),
@@ -177,7 +180,7 @@ export const make = options => Effect.gen(function* () {
             ORDER BY timestamp ASC
           `.pipe(Effect.flatMap(decodeEntryRows), Effect.map(toEntries));
       return yield* f(entries);
-    }, sql.withTransaction, Effect.mapError(cause => new EventJournal.EventJournalError({
+    }, Effect.mapError(cause => new EventJournal.EventJournalError({
       cause,
       method: "withRemoteUncommited"
     }))),
@@ -196,7 +199,10 @@ export const make = options => Effect.gen(function* () {
     }).pipe(Effect.mapError(cause => new EventJournal.EventJournalError({
       cause,
       method: "destroy"
-    })))
+    }))),
+    withLock(_storeId) {
+      return effect => sql.withTransaction(effect).pipe(Effect.catchIf(SqlError.isSqlError, Effect.die));
+    }
   });
 });
 /**
@@ -233,4 +239,4 @@ const RemoteRow = /*#__PURE__*/Schema.Struct({
   sequence: Schema.Number
 });
 const RemoteRowArray = /*#__PURE__*/Schema.Array(RemoteRow);
-//# sourceMappingURL=SqlEventLogJournal.js.map
+//# sourceMappingURL=SqlEventJournal.js.map

package/dist/unstable/eventlog/SqlEventJournal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlEventJournal.js","names":["Uuid","Effect","Layer","PubSub","Schema","SqlClient","SqlError","SqlSchema","EventJournal","make","options","gen","sql","withoutTransforms","entryTable","remotesTable","entryTableSql","remotesTableSql","onDialectOrElse","pg","mysql","mssql","orElse","decodeEntryRows","decodeUnknownEffect","EntryRowArray","toEntries","rows","map","toEntry","insertEntry","void","Request","EntryRow","execute","entry","insert","insertEntries","entries","insertRemotes","RemoteRowArray","pubsub","unbounded","writeFromRemote","fnUntraced","remoteEntry","remoteRows","remote_id","remoteId","entry_id","id","sequence","remoteSequence","existingIds","Set","length","in","pipe","tap","sync","row","add","stringify","toEntryRow","uncommitted","filter","has","idString","duplicateEntries","compacted","compact","conflicts","event","primaryKey","createdAtMillis","flatMap","effect","of","mapError","cause","EventJournalError","method","write","payload","Entry","makeEntryIdUnsafe","disableChecks","value","publish","catchIf","e","_tag","fail","withRemoteUncommited","f","nextRemoteSequence","max","undefined","Number","changes","subscribe","destroy","withLock","_storeId","withTransaction","isSqlError","die","layer","Struct","EntryId","String","primary_key","Uint8Array","timestamp","Array","entryIdMillis","RemoteRow","RemoteId"],"sources":["../../../src/unstable/eventlog/SqlEventJournal.ts"],"sourcesContent":[null],"mappings":"AAAA;;;AAGA,OAAO,KAAKA,IAAI,MAAM,MAAM;AAC5B,OAAO,KAAKC,MAAM,MAAM,iBAAiB;AACzC,OAAO,KAAKC,KAAK,MAAM,gBAAgB;AACvC,OAAO,KAAKC,MAAM,MAAM,iBAAiB;AACzC,OAAO,KAAKC,MAAM,MAAM,iBAAiB;AACzC,OAAO,KAAKC,SAAS,MAAM,qBAAqB;AAChD,OAAO,KAAKC,QAAQ,MAAM,oBAAoB;AAC9C,OAAO,KAAKC,SAAS,MAAM,qBAAqB;AAChD,OAAO,KAAKC,YAAY,MAAM,mBAAmB;AAIjD;;;;AAIA,OAAO,MAAMC,IAAI,GAAIC,OAGpB,IAKCT,MAAM,CAACU,GAAG,CAAC,aAAS;EAClB,MAAMC,GAAG,GAAG,CAAC,OAAOP,SAAS,CAACA,SAAS,EAAEQ,iBAAiB,EAAE;EAE5D,MAAMC,UAAU,GAAGJ,OAAO,EAAEI,UAAU,IAAI,sBAAsB;EAChE,MAAMC,YAAY,GAAGL,OAAO,EAAEK,YAAY,IAAI,sBAAsB;EAEpE,MAAMC,aAAa,GAAGJ,GAAG,CAACE,UAAU,CAAC;EACrC,MAAMG,eAAe,GAAGL,GAAG,CAACG,YAAY,CAAC;EAEzC,OAAOH,GAAG,CAACM,eAAe,CAAC;IACzBC,EAAE,EAAEA,CAAA,KACFP,GAAG;uCAC4BI,aAAa;;;;;;YAMxC;IACNI,KAAK,EAAEA,CAAA,KACLR,GAAG;uCAC4BI,aAAa;;;;;;YAMxC;IACNK,KAAK,EAAEA,CAAA,KACLT,GAAG;uCAC4BI,aAAa;;;;;;YAMxC;IACNM,MAAM,EAAEA,CAAA,KACNV,GAAG;uCAC4BI,aAAa;;;;;;;GAO/C,CAAC;EAEF,OAAOJ,GAAG,CAACM,eAAe,CAAC;IACzBC,EAAE,EAAEA,CAAA,KACFP,GAAG;uCAC4BK,eAAe;;;;;YAK1C;IACNG,KAAK,EAAEA,CAAA,KACLR,GAAG;uCAC4BK,eAAe;;;;;YAK1C;IACNI,KAAK,EAAEA,CAAA,KACLT,GAAG;uCAC4BK,eAAe;;;;;YAK1C;IACNK,MAAM,EAAEA,CAAA,KACNV,GAAG;uCAC4BK,eAAe;;;;;;GAMjD,CAAC;EAEF,MAAMM,eAAe,GAAGnB,MAAM,CAACoB,mBAAmB,CAACC,aAAa,CAAC;EACjE,MAAMC,SAAS,GAAIC,IAA6B,IAAwCA,IAAI,CAACC,GAAG,CAACC,OAAO,CAAC;EAEzG,MAAMC,WAAW,GAAGvB,SAAS,CAACwB,IAAI,CAAC;IACjCC,OAAO,EAAEC,QAAQ;IACjBC,OAAO,EAAGC,KAAK,IAAKvB,GAAG,eAAeI,aAAa,IAAIJ,GAAG,CAACwB,MAAM,CAACD,KAAK,CAAC;GACzE,CAAC;EACF,MAAME,aAAa,GAAG9B,SAAS,CAACwB,IAAI,CAAC;IACnCC,OAAO,EAAEP,aAAa;IACtBS,OAAO,EAAGI,OAAO,IAAK1B,GAAG,eAAeI,aAAa,IAAIJ,GAAG,CAACwB,MAAM,CAACE,OAAO,CAAC;GAC7E,CAAC;EACF,MAAMC,aAAa,GAAGhC,SAAS,CAACwB,IAAI,CAAC;IACnCC,OAAO,EAAEQ,cAAc;IACvBN,OAAO,EAAGI,OAAO,IAAK1B,GAAG,eAAeK,eAAe,IAAIL,GAAG,CAACwB,MAAM,CAACE,OAAO,CAAC;GAC/E,CAAC;EAEF,MAAMG,MAAM,GAAG,OAAOtC,MAAM,CAACuC,SAAS,EAAsB;EAE5D,MAAMC,eAAe,GAAG1C,MAAM,CAAC2C,UAAU,CAAC,WAAUlC,OAA+B;IAMjF,MAAM4B,OAAO,GAAG5B,OAAO,CAAC4B,OAAO,CAACV,GAAG,CAAEiB,WAAW,IAAKA,WAAW,CAACV,KAAK,CAAC;IACvE,MAAMW,UAAU,GAAGpC,OAAO,CAAC4B,OAAO,CAACV,GAAG,CAAEiB,WAAW,KAAM;MACvDE,SAAS,EAAErC,OAAO,CAACsC,QAAQ;MAC3BC,QAAQ,EAAEJ,WAAW,CAACV,KAAK,CAACe,EAAE;MAC9BC,QAAQ,EAAEN,WAAW,CAACO;KACvB,CAAC,CAAC;IAEH,MAAMC,WAAW,GAAG,IAAIC,GAAG,EAAU;IACrC,IAAIhB,OAAO,CAACiB,MAAM,GAAG,CAAC,EAAE;MACtB,OAAO3C,GAAuB,kBAAkBI,aAAa,UAC3DJ,GAAG,CAAC4C,EAAE,CACJ,IAAI,EACJlB,OAAO,CAACV,GAAG,CAAEO,KAAK,IAAKA,KAAK,CAACe,EAAE,CAAC,CAEpC,EAAE,CAACO,IAAI,CACLxD,MAAM,CAACyD,GAAG,CAAE/B,IAAI,IACd1B,MAAM,CAAC0D,IAAI,CAAC,MAAK;QACf,KAAK,MAAMC,GAAG,IAAIjC,IAAI,EAAE;UACtB0B,WAAW,CAACQ,GAAG,CAAC7D,IAAI,CAAC8D,SAAS,CAACF,GAAG,CAACV,EAAE,CAAC,CAAC;QACzC;MACF,CAAC,CAAC,CACH,CACF;IACH;IACA,IAAIZ,OAAO,CAACiB,MAAM,GAAG,CAAC,EAAE;MACtB,OAAOlB,aAAa,CAACC,OAAO,CAACV,GAAG,CAACmC,UAAU,CAAC,CAAC;IAC/C;IACA,IAAIjB,UAAU,CAACS,MAAM,GAAG,CAAC,EAAE;MACzB,OAAOhB,aAAa,CAACO,UAAU,CAAC;IAClC;IAEA,MAAMkB,WAAW,GAAGtD,OAAO,CAAC4B,OAAO,CAAC2B,MAAM,CAAE9B,KAAK,IAAK,CAACkB,WAAW,CAACa,GAAG,CAAC/B,KAAK,CAACA,KAAK,CAACgC,QAAQ,CAAC,CAAC;IAC7F,MAAMC,gBAAgB,GAAG1D,OAAO,CAAC4B,OAAO,CACrC2B,MAAM,CAAE9B,KAAK,IAAKkB,WAAW,CAACa,GAAG,CAAC/B,KAAK,CAACA,KAAK,CAACgC,QAAQ,CAAC,CAAC,CACxDvC,GAAG,CAAEO,KAAK,IAAKA,KAAK,CAACA,KAAK,CAAC;IAC9B,MAAMkC,SAAS,GAAG3D,OAAO,CAAC4D,OAAO,GAC7B,OAAO5D,OAAO,CAAC4D,OAAO,CAACN,WAAW,CAAC,GACnCA,WAAW,CAACpC,GAAG,CAAEiB,WAAW,IAAKA,WAAW,CAACV,KAAK,CAAC;IAEvD,KAAK,MAAMA,KAAK,IAAIkC,SAAS,EAAE;MAC7B,MAAME,SAAS,GAAG,OAAO3D,GAAG;;mBAEjBI,aAAa;4BACJmB,KAAK,CAACqC,KAAK;kCACLrC,KAAK,CAACsC,UAAU;iCACjBtC,KAAK,CAACuC,eAAe;;WAE3C,CAACjB,IAAI,CACNxD,MAAM,CAAC0E,OAAO,CAACpD,eAAe,CAAC,EAC/BtB,MAAM,CAAC2B,GAAG,CAACF,SAAS,CAAC,CACtB;MACD,OAAOhB,OAAO,CAACkE,MAAM,CAAC;QAAEzC,KAAK;QAAEoC;MAAS,CAAE,CAAC;IAC7C;IAEA,OAAO;MACLH;KACD;EACH,CAAC,CAAC;EAEF,OAAO5D,YAAY,CAACA,YAAY,CAACqE,EAAE,CAAC;IAClCvC,OAAO,EAAE1B,GAAG,iBAAiBI,aAAa,yBAAyB,CAACyC,IAAI,CACtExD,MAAM,CAAC0E,OAAO,CAACpD,eAAe,CAAC,EAC/BtB,MAAM,CAAC2B,GAAG,CAACF,SAAS,CAAC,EACrBzB,MAAM,CAAC6E,QAAQ,CAAEC,KAAK,IAAK,IAAIvE,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAS,CAAE,CAAC,CAAC,CAC7F;IACDC,KAAK,EAAEjF,MAAM,CAAC2C,UAAU,CACtB,WAAU;MAAEgC,MAAM;MAAEJ,KAAK;MAAEW,OAAO;MAAEV;IAAU,CAAE;MAC9C,MAAMtC,KAAK,GAAG,IAAI3B,YAAY,CAAC4E,KAAK,CAAC;QACnClC,EAAE,EAAE1C,YAAY,CAAC6E,iBAAiB,EAAE;QACpCb,KAAK;QACLC,UAAU;QACVU;OACD,EAAE;QAAEG,aAAa,EAAE;MAAI,CAAE,CAAC;MAC3B,OAAOxD,WAAW,CAACiC,UAAU,CAAC5B,KAAK,CAAC,CAAC;MACrC,MAAMoD,KAAK,GAAG,OAAOX,MAAM,CAACzC,KAAK,CAAC;MAClC,OAAOhC,MAAM,CAACqF,OAAO,CAAC/C,MAAM,EAAEN,KAAK,CAAC;MACpC,OAAOoD,KAAK;IACd,CAAC,EACDtF,MAAM,CAAC6E,QAAQ,CAAEC,KAAK,IAAK,IAAIvE,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAO,CAAE,CAAC,CAAC,CAC3F;IACDtC,eAAe,EAAGjC,OAAO,IACvBiC,eAAe,CAACjC,OAAO,CAAC,CAAC+C,IAAI,CAC3BxD,MAAM,CAACwF,OAAO,CACXC,CAAC,IAAKA,CAAC,CAACC,IAAI,KAAK,mBAAmB,EACpCZ,KAAK,IAAK9E,MAAM,CAAC2F,IAAI,CAAC,IAAIpF,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAiB,CAAE,CAAC,CAAC,CACjG,CACF;IACHY,oBAAoB,EAAE5F,MAAM,CAAC2C,UAAU,CACrC,WAAUI,QAAQ,EAAE8C,CAAC;MACnB,MAAMxD,OAAO,GAAG,OAAO1B,GAAG;;mBAEjBI,aAAa;oDACoBC,eAAe,sBAAsB+B,QAAQ;;WAEtF,CAACS,IAAI,CACJxD,MAAM,CAAC0E,OAAO,CAACpD,eAAe,CAAC,EAC/BtB,MAAM,CAAC2B,GAAG,CAACF,SAAS,CAAC,CACtB;MACD,OAAO,OAAOoE,CAAC,CAACxD,OAAO,CAAC;IAC1B,CAAC,EACDrC,MAAM,CAAC6E,QAAQ,CAAEC,KAAK,IAAK,IAAIvE,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAsB,CAAE,CAAC,CAAC,CAC1G;IACDc,kBAAkB,EAAG/C,QAAQ,IAC3BpC,GAA2B,oCAAoCK,eAAe,sBAAsB+B,QAAQ,EAAE,CAC3GS,IAAI,CACHxD,MAAM,CAAC2B,GAAG,CAAED,IAAI,IAAI;MAClB,MAAM4D,KAAK,GAAG5D,IAAI,CAAC,CAAC,CAAC,EAAEqE,GAAG;MAC1B,IAAIT,KAAK,KAAK,IAAI,IAAIA,KAAK,KAAKU,SAAS,EAAE,OAAO,CAAC;MACnD,OAAOC,MAAM,CAACX,KAAK,CAAC,GAAG,CAAC;IAC1B,CAAC,CAAC,EACFtF,MAAM,CAAC6E,QAAQ,CAAEC,KAAK,IAAK,IAAIvE,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAoB,CAAE,CAAC,CAAC,CACxG;IACLkB,OAAO,EAAEhG,MAAM,CAACiG,SAAS,CAAC3D,MAAM,CAAC;IACjC4D,OAAO,EAAEpG,MAAM,CAACU,GAAG,CAAC,aAAS;MAC3B,OAAOC,GAAG,cAAcI,aAAa,EAAE;MACvC,OAAOJ,GAAG,cAAcK,eAAe,EAAE;IAC3C,CAAC,CAAC,CAACwC,IAAI,CACLxD,MAAM,CAAC6E,QAAQ,CAAEC,KAAK,IAAK,IAAIvE,YAAY,CAACwE,iBAAiB,CAAC;MAAED,KAAK;MAAEE,MAAM,EAAE;IAAS,CAAE,CAAC,CAAC,CAC7F;IACDqB,QAAQA,CAACC,QAAQ;MACf,OAAQ3B,MAAM,IACZhE,GAAG,CAAC4F,eAAe,CAAC5B,MAAM,CAAC,CAACnB,IAAI,CAC9BxD,MAAM,CAACwF,OAAO,CAACnF,QAAQ,CAACmG,UAAU,EAAExG,MAAM,CAACyG,GAAG,CAAC,CAChD;IACL;GACD,CAAC;AACJ,CAAC,CAAC;AAEJ;;;;AAIA,OAAO,MAAMC,KAAK,GAAIjG,OAGrB,IACCR,KAAK,CAAC0E,MAAM,CAACpE,YAAY,CAACA,YAAY,CAAC,CAACC,IAAI,CAACC,OAAO,CAAC,CAAC;AAExD,MAAMuB,QAAQ,gBAAG7B,MAAM,CAACwG,MAAM,CAAC;EAC7B1D,EAAE,EAAE1C,YAAY,CAACqG,OAAO;EACxBrC,KAAK,EAAEpE,MAAM,CAAC0G,MAAM;EACpBC,WAAW,EAAE3G,MAAM,CAAC0G,MAAM;EAC1B3B,OAAO,EAAE/E,MAAM,CAAC4G,UAAU;EAC1BC,SAAS,EAAE7G,MAAM,CAAC8F;CACnB,CAAC;AAEF,MAAMzE,aAAa,gBAAGrB,MAAM,CAAC8G,KAAK,CAACjF,QAAQ,CAAC;AAI5C,MAAMJ,OAAO,GAAI+B,GAAa,IAC5B,IAAIpD,YAAY,CAAC4E,KAAK,CAAC;EACrBlC,EAAE,EAAEU,GAAG,CAACV,EAAE;EACVsB,KAAK,EAAEZ,GAAG,CAACY,KAAK;EAChBC,UAAU,EAAEb,GAAG,CAACmD,WAAW;EAC3B5B,OAAO,EAAEvB,GAAG,CAACuB;CACd,EAAE;EAAEG,aAAa,EAAE;AAAI,CAAE,CAAC;AAE7B,MAAMvB,UAAU,GAAI5B,KAAyB,KAAgB;EAC3De,EAAE,EAAEf,KAAK,CAACe,EAAE;EACZsB,KAAK,EAAErC,KAAK,CAACqC,KAAK;EAClBuC,WAAW,EAAE5E,KAAK,CAACsC,UAAU;EAC7BU,OAAO,EAAEhD,KAAK,CAACgD,OAAO;EACtB8B,SAAS,EAAEzG,YAAY,CAAC2G,aAAa,CAAChF,KAAK,CAACe,EAAE;CAC/C,CAAC;AAEF,MAAMkE,SAAS,gBAAGhH,MAAM,CAACwG,MAAM,CAAC;EAC9B7D,SAAS,EAAEvC,YAAY,CAAC6G,QAAQ;EAChCpE,QAAQ,EAAEzC,YAAY,CAACqG,OAAO;EAC9B1D,QAAQ,EAAE/C,MAAM,CAAC8F;CAClB,CAAC;AAEF,MAAM1D,cAAc,gBAAGpC,MAAM,CAAC8G,KAAK,CAACE,SAAS,CAAC","ignoreList":[]}

package/dist/unstable/eventlog/{SqlEventLogServer.d.ts → SqlEventLogServerEncrypted.d.ts}

@@ -7,7 +7,7 @@ import type * as Scope from "../../Scope.ts";
 import * as SqlClient from "../sql/SqlClient.ts";
 import type * as SqlError from "../sql/SqlError.ts";
 import * as EventLogEncryption from "./EventLogEncryption.ts";
-import * as EventLogServer from "./EventLogServer.ts";
+import * as EventLogServerEncrypted from "./EventLogServerEncrypted.ts";
 /**
  * @since 4.0.0
  * @category constructors
@@ -16,7 +16,7 @@ export declare const makeStorage: (options?: {
     readonly entryTablePrefix?: string;
     readonly remoteIdTable?: string;
     readonly insertBatchSize?: number;
-}) => Effect.Effect<EventLogServer.Storage["Service"], SqlError.SqlError, SqlClient.SqlClient | EventLogEncryption.EventLogEncryption | Scope.Scope>;
+}) => Effect.Effect<EventLogServerEncrypted.Storage["Service"], SqlError.SqlError, SqlClient.SqlClient | EventLogEncryption.EventLogEncryption | Scope.Scope>;
 /**
  * @since 4.0.0
  * @category layers
@@ -25,7 +25,7 @@ export declare const layerStorage: (options?: {
     readonly entryTablePrefix?: string;
     readonly remoteIdTable?: string;
     readonly insertBatchSize?: number;
-}) => Layer.Layer<EventLogServer.Storage, SqlError.SqlError, SqlClient.SqlClient | EventLogEncryption.EventLogEncryption>;
+}) => Layer.Layer<EventLogServerEncrypted.Storage, SqlError.SqlError, SqlClient.SqlClient | EventLogEncryption.EventLogEncryption>;
 /**
  * @since 4.0.0
  * @category layers
@@ -34,5 +34,5 @@ export declare const layerStorageSubtle: (options?: {
     readonly entryTablePrefix?: string;
     readonly remoteIdTable?: string;
     readonly insertBatchSize?: number;
-}) => Layer.Layer<EventLogServer.Storage, SqlError.SqlError, SqlClient.SqlClient>;
-//# sourceMappingURL=SqlEventLogServer.d.ts.map
+}) => Layer.Layer<EventLogServerEncrypted.Storage, SqlError.SqlError, SqlClient.SqlClient>;
+//# sourceMappingURL=SqlEventLogServerEncrypted.d.ts.map

package/dist/unstable/eventlog/SqlEventLogServerEncrypted.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SqlEventLogServerEncrypted.d.ts","sourceRoot":"","sources":["../../../src/unstable/eventlog/SqlEventLogServerEncrypted.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,KAAK,MAAM,gBAAgB,CAAA;AAIvC,OAAO,KAAK,KAAK,KAAK,MAAM,gBAAgB,CAAA;AAE5C,OAAO,KAAK,SAAS,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAEnD,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAA;AAC7D,OAAO,KAAK,uBAAuB,MAAM,8BAA8B,CAAA;AAEvE;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAI,UAAU;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAClC,KAAG,MAAM,CAAC,MAAM,CACf,uBAAuB,CAAC,OAAO,CAAC,SAAS,CAAC,EAC1C,QAAQ,CAAC,QAAQ,EACjB,SAAS,CAAC,SAAS,GAAG,kBAAkB,CAAC,kBAAkB,GAAG,KAAK,CAAC,KAAK,CA6NvE,CAAA;AAqCJ;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,UAAU;IACrC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAClC,KAAG,KAAK,CAAC,KAAK,CACb,uBAAuB,CAAC,OAAO,EAC/B,QAAQ,CAAC,QAAQ,EACjB,SAAS,CAAC,SAAS,GAAG,kBAAkB,CAAC,kBAAkB,CACW,CAAA;AAExE;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAAI,UAAU;IAC3C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAClC,KAAG,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAGpF,CAAA"}

package/dist/unstable/eventlog/{SqlEventLogServer.js → SqlEventLogServerEncrypted.js}

@@ -4,13 +4,13 @@
 import * as Effect from "../../Effect.js";
 import * as Layer from "../../Layer.js";
 import * as PubSub from "../../PubSub.js";
-import * as Queue from "../../Queue.js";
 import * as RcMap from "../../RcMap.js";
 import * as Schema from "../../Schema.js";
+import * as Stream from "../../Stream.js";
 import * as SqlClient from "../sql/SqlClient.js";
 import { EntryId, makeRemoteIdUnsafe } from "./EventJournal.js";
 import * as EventLogEncryption from "./EventLogEncryption.js";
-import * as EventLogServer from "./EventLogServer.js";
+import * as EventLogServerEncrypted from "./EventLogServerEncrypted.js";
 /**
  * @since 4.0.0
  * @category constructors
@@ -20,8 +20,10 @@ export const makeStorage = options => Effect.gen(function* () {
   const sql = (yield* SqlClient.SqlClient).withoutTransforms();
   const tablePrefix = options?.entryTablePrefix ?? "effect_events";
   const remoteIdTable = options?.remoteIdTable ?? "effect_remote_id";
+  const sessionAuthBindingsTable = `${tablePrefix}_session_auth_bindings`;
   const insertBatchSize = options?.insertBatchSize ?? 200;
   const remoteIdTableSql = sql(remoteIdTable);
+  const sessionAuthBindingsTableSql = sql(sessionAuthBindingsTable);
   yield* sql.onDialectOrElse({
     pg: () => sql`
           CREATE TABLE IF NOT EXISTS ${remoteIdTableSql} (
@@ -40,6 +42,28 @@ export const makeStorage = options => Effect.gen(function* () {
             remote_id BLOB PRIMARY KEY
           )`
   });
+  yield* sql.onDialectOrElse({
+    pg: () => sql`
+          CREATE TABLE IF NOT EXISTS ${sessionAuthBindingsTableSql} (
+            public_key TEXT PRIMARY KEY,
+            signing_public_key BYTEA NOT NULL
+          )`,
+    mysql: () => sql`
+          CREATE TABLE IF NOT EXISTS ${sessionAuthBindingsTableSql} (
+            public_key VARCHAR(191) PRIMARY KEY,
+            signing_public_key BINARY(32) NOT NULL
+          )`,
+    mssql: () => sql`
+          CREATE TABLE IF NOT EXISTS ${sessionAuthBindingsTableSql} (
+            public_key NVARCHAR(191) PRIMARY KEY,
+            signing_public_key VARBINARY(32) NOT NULL
+          )`,
+    orElse: () => sql`
+          CREATE TABLE IF NOT EXISTS ${sessionAuthBindingsTableSql} (
+            public_key TEXT PRIMARY KEY,
+            signing_public_key BLOB NOT NULL
+          )`
+  });
   const remoteId = yield* sql`SELECT remote_id FROM ${remoteIdTableSql}`.pipe(Effect.flatMap(results => {
     if (results.length > 0) {
       return Effect.succeed(results[0].remote_id);
@@ -48,9 +72,9 @@ export const makeStorage = options => Effect.gen(function* () {
     return Effect.as(sql`INSERT INTO ${remoteIdTableSql} (remote_id) VALUES (${created})`, created);
   }));
   const resources = yield* RcMap.make({
-    lookup: Effect.fnUntraced(function* (publicKey) {
-      const publicKeyHash = (yield* encryptions.sha256String(new TextEncoder().encode(publicKey))).slice(0, 16);
-      const table = `${tablePrefix}_${publicKeyHash}`;
+    lookup: Effect.fnUntraced(function* (scopeKey) {
+      const scopeHash = (yield* encryptions.sha256String(new TextEncoder().encode(scopeKey))).slice(0, 16);
+      const table = `${tablePrefix}_${scopeHash}`;
       const tableSql = sql(table);
       yield* sql.onDialectOrElse({
         pg: () => sql`
@@ -90,14 +114,33 @@ export const makeStorage = options => Effect.gen(function* () {
     }),
     idleTimeToLive: "5 minutes"
   });
-  return EventLogServer.Storage.of({
+  const getSessionAuthBinding = publicKey => sql`
+          SELECT public_key, signing_public_key
+          FROM ${sessionAuthBindingsTableSql}
+          WHERE public_key = ${publicKey}
+        `.pipe(Effect.flatMap(decodeSessionAuthBindings), Effect.map(rows => {
+    const row = rows[0];
+    return row === undefined ? undefined : row.signing_public_key;
+  }), Effect.orDie);
+  return EventLogServerEncrypted.Storage.of({
     getId: Effect.succeed(remoteId),
-    write: Effect.fnUntraced(function* (publicKey, entries) {
+    getOrCreateSessionAuthBinding: Effect.fnUntraced(function* (publicKey, signingPublicKey) {
+      const existing = yield* getSessionAuthBinding(publicKey);
+      if (existing !== undefined) {
+        return existing;
+      }
+      return yield* sql`
+            INSERT INTO ${sessionAuthBindingsTableSql} (public_key, signing_public_key)
+            VALUES (${publicKey}, ${signingPublicKey})
+          `.pipe(Effect.as(signingPublicKey));
+    }, sql.withTransaction, Effect.orDie),
+    write: Effect.fnUntraced(function* (publicKey, storeId, entries) {
       if (entries.length === 0) return [];
+      const scopeKey = makeEncryptedScopeKey(publicKey, storeId);
       const {
         pubsub,
         table
-      } = yield* RcMap.get(resources, publicKey);
+      } = yield* RcMap.get(resources, scopeKey);
       const forInsert = [{
         ids: [],
         entries: []
@@ -129,27 +172,18 @@ export const makeStorage = options => Effect.gen(function* () {
       }
       return allEntries;
     }, Effect.orDie, Effect.scoped),
-    entries: Effect.fnUntraced(function* (publicKey, startSequence) {
-      const {
-        table
-      } = yield* RcMap.get(resources, publicKey);
-      return yield* sql`SELECT * FROM ${sql(table)} WHERE sequence >= ${startSequence} ORDER BY sequence ASC`.pipe(Effect.flatMap(decodeEntries));
-    }, Effect.orDie, Effect.scoped),
-    changes: Effect.fnUntraced(function* (publicKey, startSequence) {
+    changes: Effect.fnUntraced(function* (publicKey, storeId, startSequence) {
+      const scopeKey = makeEncryptedScopeKey(publicKey, storeId);
       const {
         pubsub,
         table
-      } = yield* RcMap.get(resources, publicKey);
-      const queue = yield* Queue.make();
+      } = yield* RcMap.get(resources, scopeKey);
       const subscription = yield* PubSub.subscribe(pubsub);
       const initial = yield* sql`
             SELECT * FROM ${sql(table)} WHERE sequence >= ${startSequence} ORDER BY sequence ASC
           `.pipe(Effect.flatMap(decodeEntries));
-      yield* Queue.offerAll(queue, initial);
-      yield* PubSub.takeAll(subscription).pipe(Effect.flatMap(entries => Queue.offerAll(queue, entries.filter(entry => entry.sequence >= startSequence))), Effect.forever, Effect.forkScoped);
-      yield* Effect.addFinalizer(() => Queue.shutdown(queue));
-      return Queue.asDequeue(queue);
-    }, Effect.orDie)
+      return Stream.fromArray(initial).pipe(Stream.concat(Stream.fromSubscription(subscription)));
+    }, Effect.orDie, Stream.unwrap)
   });
 });
 const EncryptedRemoteEntrySql = /*#__PURE__*/Schema.Struct({
@@ -158,7 +192,12 @@ const EncryptedRemoteEntrySql = /*#__PURE__*/Schema.Struct({
   entry_id: EntryId,
   encrypted_entry: Schema.Uint8Array
 });
+const SessionAuthBindingSql = /*#__PURE__*/Schema.Struct({
+  public_key: Schema.String,
+  signing_public_key: Schema.Uint8Array
+});
 const decodeEntryRows = /*#__PURE__*/Schema.decodeUnknownEffect(/*#__PURE__*/Schema.Array(EncryptedRemoteEntrySql));
+const decodeSessionAuthBindingRows = /*#__PURE__*/Schema.decodeUnknownEffect(/*#__PURE__*/Schema.Array(SessionAuthBindingSql));
 const toEncryptedRemoteEntry = row => ({
   sequence: row.sequence,
   iv: row.iv,
@@ -166,14 +205,16 @@ const toEncryptedRemoteEntry = row => ({
   encryptedEntry: row.encrypted_entry
 });
 const decodeEntries = rows => decodeEntryRows(rows).pipe(Effect.map(entries => entries.map(toEncryptedRemoteEntry)));
+const decodeSessionAuthBindings = rows => decodeSessionAuthBindingRows(rows);
 /**
  * @since 4.0.0
  * @category layers
  */
-export const layerStorage = options => Layer.effect(EventLogServer.Storage)(makeStorage(options));
+export const layerStorage = options => Layer.effect(EventLogServerEncrypted.Storage)(makeStorage(options));
 /**
  * @since 4.0.0
  * @category layers
  */
 export const layerStorageSubtle = options => layerStorage(options).pipe(Layer.provide(EventLogEncryption.layerSubtle));
-//# sourceMappingURL=SqlEventLogServer.js.map
+const makeEncryptedScopeKey = (publicKey, storeId) => `${publicKey}/${storeId}`;
+//# sourceMappingURL=SqlEventLogServerEncrypted.js.map