lakesync 0.1.0

package/dist/gateway.d.ts

@@ -0,0 +1,196 @@
+import { S as SyncRulesConfig, R as ResolvedClaims, b as SyncRulesContext, i as ActionPush } from './types-Bs-QyOe-.js';
+export { d as ActionDiscovery, g as ActionHandler, j as ActionResponse, l as AuthContext } from './types-Bs-QyOe-.js';
+export { I as IngestTarget, i as isIngestTarget } from './base-poller-Qo_SmCZs.js';
+import { T as TableSchema, R as RowDelta, S as SyncPull, b as SyncPush } from './types-V_jVu2sA.js';
+export { c as SyncResponse } from './types-V_jVu2sA.js';
+export { b as bigintReplacer, a as bigintReviver } from './json-dYtqiL0F.js';
+import { S as SyncGateway } from './gateway-D5SaaMvT.js';
+export { A as ActionDispatcher, B as BufferConfig, D as DeltaBuffer, F as FlushEnvelope, G as GatewayConfig, a as GatewayState, H as HandlePushResult, b as SchemaManager } from './gateway-D5SaaMvT.js';
+import { C as ConnectorConfig } from './types-DAQL_vU_.js';
+import { R as Result, F as FlushError, H as HLCTimestamp } from './result-CojzlFE2.js';
+import { D as DatabaseAdapter } from './db-types-BR6Kt4uf.js';
+import { L as LakeAdapter } from './types-DSC_EiwR.js';
+import { N as NessieCatalogueClient } from './nessie-client-DrNikVXy.js';
+import './hlc-DiD8QNG3.js';
+
+/**
+ * Platform-agnostic configuration storage interface.
+ *
+ * Implemented by MemoryConfigStore (tests, gateway-server) and
+ * DurableStorageConfigStore (gateway-worker).
+ */
+interface ConfigStore {
+    getSchema(gatewayId: string): Promise<TableSchema | undefined>;
+    setSchema(gatewayId: string, schema: TableSchema): Promise<void>;
+    getSyncRules(gatewayId: string): Promise<SyncRulesConfig | undefined>;
+    setSyncRules(gatewayId: string, rules: SyncRulesConfig): Promise<void>;
+    getConnectors(): Promise<Record<string, ConnectorConfig>>;
+    setConnectors(connectors: Record<string, ConnectorConfig>): Promise<void>;
+}
+/**
+ * In-memory implementation of ConfigStore.
+ * Used by tests and gateway-server.
+ */
+declare class MemoryConfigStore implements ConfigStore {
+    private schemas;
+    private syncRules;
+    private connectors;
+    getSchema(gatewayId: string): Promise<TableSchema | undefined>;
+    setSchema(gatewayId: string, schema: TableSchema): Promise<void>;
+    getSyncRules(gatewayId: string): Promise<SyncRulesConfig | undefined>;
+    setSyncRules(gatewayId: string, rules: SyncRulesConfig): Promise<void>;
+    getConnectors(): Promise<Record<string, ConnectorConfig>>;
+    setConnectors(connectors: Record<string, ConnectorConfig>): Promise<void>;
+}
+
+/** Maximum push payload size (1 MiB). */
+declare const MAX_PUSH_PAYLOAD_BYTES = 1048576;
+/** Maximum number of deltas allowed in a single push. */
+declare const MAX_DELTAS_PER_PUSH = 10000;
+/** Maximum number of deltas returned in a single pull. */
+declare const MAX_PULL_LIMIT = 10000;
+/** Default number of deltas returned in a pull when no limit is specified. */
+declare const DEFAULT_PULL_LIMIT = 100;
+/** Allowed column types for schema validation. */
+declare const VALID_COLUMN_TYPES: Set<string>;
+/** Default maximum buffer size before triggering flush (4 MiB). */
+declare const DEFAULT_MAX_BUFFER_BYTES: number;
+/** Default maximum buffer age before triggering flush (30 seconds). */
+declare const DEFAULT_MAX_BUFFER_AGE_MS = 30000;
+
+/** Configuration for flush operations. */
+interface FlushConfig {
+    gatewayId: string;
+    flushFormat?: "json" | "parquet";
+    tableSchema?: TableSchema;
+    catalogue?: NessieCatalogueClient;
+}
+/** Dependencies injected into flush operations. */
+interface FlushDeps {
+    adapter: LakeAdapter | DatabaseAdapter;
+    config: FlushConfig;
+    restoreEntries: (entries: RowDelta[]) => void;
+}
+/** Find the min and max HLC in a non-empty array of deltas. */
+declare function hlcRange(entries: RowDelta[]): {
+    min: HLCTimestamp;
+    max: HLCTimestamp;
+};
+/**
+ * Flush a set of entries to the configured adapter.
+ *
+ * Unifies both full-buffer flush and per-table flush. The `keyPrefix`
+ * parameter, when provided, is prepended to the HLC range in the object key
+ * (e.g. "todos" for per-table flush).
+ */
+declare function flushEntries(entries: RowDelta[], byteSize: number, deps: FlushDeps, keyPrefix?: string): Promise<Result<void, FlushError>>;
+/**
+ * Best-effort catalogue commit. Registers the flushed Parquet file
+ * as an Iceberg snapshot via Nessie. Errors are logged but do not
+ * fail the flush — the Parquet file is the source of truth.
+ */
+declare function commitToCatalogue(objectKey: string, fileSizeInBytes: number, recordCount: number, catalogue: NessieCatalogueClient, schema: TableSchema): Promise<void>;
+
+/** Result from a request handler, ready for platform-specific serialisation. */
+interface HandlerResult {
+    status: number;
+    body: unknown;
+}
+/**
+ * Handle a push request.
+ *
+ * @param gateway - The SyncGateway instance.
+ * @param raw - The raw request body string.
+ * @param headerClientId - Client ID from auth header (for mismatch check).
+ * @param opts - Optional callbacks for persistence and broadcast.
+ */
+declare function handlePushRequest(gateway: SyncGateway, raw: string, headerClientId?: string | null, opts?: {
+    /** Persist deltas before processing (WAL-style). */
+    persistBatch?: (deltas: RowDelta[]) => void;
+    /** Clear persisted deltas after successful push. */
+    clearPersistence?: () => void;
+    /** Broadcast deltas to connected clients. */
+    broadcastFn?: (deltas: RowDelta[], serverHlc: HLCTimestamp, excludeClientId: string) => void | Promise<void>;
+}): HandlerResult;
+/**
+ * Handle a pull request.
+ */
+declare function handlePullRequest(gateway: SyncGateway, params: {
+    since: string | null;
+    clientId: string | null;
+    limit: string | null;
+    source: string | null;
+}, claims?: ResolvedClaims, syncRules?: SyncRulesConfig): Promise<HandlerResult>;
+/**
+ * Handle an action request.
+ */
+declare function handleActionRequest(gateway: SyncGateway, raw: string, headerClientId?: string | null, claims?: ResolvedClaims): Promise<HandlerResult>;
+/**
+ * Handle a flush request.
+ */
+declare function handleFlushRequest(gateway: SyncGateway, opts?: {
+    clearPersistence?: () => void;
+}): Promise<HandlerResult>;
+/**
+ * Handle saving a table schema.
+ */
+declare function handleSaveSchema(raw: string, store: ConfigStore, gatewayId: string): Promise<HandlerResult>;
+/**
+ * Handle saving sync rules.
+ */
+declare function handleSaveSyncRules(raw: string, store: ConfigStore, gatewayId: string): Promise<HandlerResult>;
+/**
+ * Handle registering a connector.
+ */
+declare function handleRegisterConnector(raw: string, store: ConfigStore): Promise<HandlerResult>;
+/**
+ * Handle unregistering a connector.
+ */
+declare function handleUnregisterConnector(name: string, store: ConfigStore): Promise<HandlerResult>;
+/**
+ * Handle listing connectors.
+ */
+declare function handleListConnectors(store: ConfigStore): Promise<HandlerResult>;
+/**
+ * Handle metrics request.
+ */
+declare function handleMetrics(gateway: SyncGateway, extra?: Record<string, unknown>): HandlerResult;
+
+/** Validation error with HTTP status code. */
+interface RequestError {
+    status: number;
+    message: string;
+}
+/**
+ * Validate and parse a push request body.
+ * Handles JSON parsing with bigint revival.
+ */
+declare function validatePushBody(raw: string, headerClientId?: string | null): Result<SyncPush, RequestError>;
+/**
+ * Parse and validate pull query parameters.
+ */
+declare function parsePullParams(params: {
+    since: string | null;
+    clientId: string | null;
+    limit: string | null;
+    source: string | null;
+}): Result<SyncPull, RequestError>;
+/**
+ * Validate and parse an action request body.
+ */
+declare function validateActionBody(raw: string, headerClientId?: string | null): Result<ActionPush, RequestError>;
+/**
+ * Validate a table schema body.
+ */
+declare function validateSchemaBody(raw: string): Result<TableSchema, RequestError>;
+/**
+ * Map a gateway push error code to an HTTP status code.
+ */
+declare function pushErrorToStatus(code: string): number;
+/**
+ * Build a SyncRulesContext from rules and claims.
+ * Returns undefined when no rules or empty buckets.
+ */
+declare function buildSyncRulesContext(rules: SyncRulesConfig | undefined, claims: ResolvedClaims): SyncRulesContext | undefined;
+
+export { ActionPush, type ConfigStore, DEFAULT_MAX_BUFFER_AGE_MS, DEFAULT_MAX_BUFFER_BYTES, DEFAULT_PULL_LIMIT, type FlushConfig, type FlushDeps, type HandlerResult, MAX_DELTAS_PER_PUSH, MAX_PULL_LIMIT, MAX_PUSH_PAYLOAD_BYTES, MemoryConfigStore, type RequestError, SyncGateway, SyncPull, SyncPush, VALID_COLUMN_TYPES, buildSyncRulesContext, commitToCatalogue, flushEntries, handleActionRequest, handleFlushRequest, handleListConnectors, handleMetrics, handlePullRequest, handlePushRequest, handleRegisterConnector, handleSaveSchema, handleSaveSyncRules, handleUnregisterConnector, hlcRange, parsePullParams, pushErrorToStatus, validateActionBody, validatePushBody, validateSchemaBody };

package/dist/gateway.js

@@ -0,0 +1,79 @@
+import {
+  ActionDispatcher,
+  DEFAULT_MAX_BUFFER_AGE_MS,
+  DEFAULT_MAX_BUFFER_BYTES,
+  DEFAULT_PULL_LIMIT,
+  DeltaBuffer,
+  MAX_DELTAS_PER_PUSH,
+  MAX_PULL_LIMIT,
+  MAX_PUSH_PAYLOAD_BYTES,
+  MemoryConfigStore,
+  SchemaManager,
+  SyncGateway,
+  VALID_COLUMN_TYPES,
+  buildSyncRulesContext,
+  commitToCatalogue,
+  flushEntries,
+  handleActionRequest,
+  handleFlushRequest,
+  handleListConnectors,
+  handleMetrics,
+  handlePullRequest,
+  handlePushRequest,
+  handleRegisterConnector,
+  handleSaveSchema,
+  handleSaveSyncRules,
+  handleUnregisterConnector,
+  hlcRange,
+  parsePullParams,
+  pushErrorToStatus,
+  validateActionBody,
+  validatePushBody,
+  validateSchemaBody
+} from "./chunk-5YOFCJQ7.js";
+import "./chunk-X3RO5SYJ.js";
+import "./chunk-P5DRFKIT.js";
+import "./chunk-4ARO6KTJ.js";
+import {
+  bigintReplacer,
+  bigintReviver,
+  isIngestTarget
+} from "./chunk-ICNT7I3K.js";
+import "./chunk-7D4SUZUM.js";
+export {
+  ActionDispatcher,
+  DEFAULT_MAX_BUFFER_AGE_MS,
+  DEFAULT_MAX_BUFFER_BYTES,
+  DEFAULT_PULL_LIMIT,
+  DeltaBuffer,
+  MAX_DELTAS_PER_PUSH,
+  MAX_PULL_LIMIT,
+  MAX_PUSH_PAYLOAD_BYTES,
+  MemoryConfigStore,
+  SchemaManager,
+  SyncGateway,
+  VALID_COLUMN_TYPES,
+  bigintReplacer,
+  bigintReviver,
+  buildSyncRulesContext,
+  commitToCatalogue,
+  flushEntries,
+  handleActionRequest,
+  handleFlushRequest,
+  handleListConnectors,
+  handleMetrics,
+  handlePullRequest,
+  handlePushRequest,
+  handleRegisterConnector,
+  handleSaveSchema,
+  handleSaveSyncRules,
+  handleUnregisterConnector,
+  hlcRange,
+  isIngestTarget,
+  parsePullParams,
+  pushErrorToStatus,
+  validateActionBody,
+  validatePushBody,
+  validateSchemaBody
+};
+//# sourceMappingURL=gateway.js.map

package/dist/gateway.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/hlc-DiD8QNG3.d.ts

@@ -0,0 +1,70 @@
+import { H as HLCTimestamp, R as Result, b as ClockDriftError } from './result-CojzlFE2.js';
+
+/**
+ * Hybrid Logical Clock implementation.
+ *
+ * 64-bit layout: [48-bit wall clock ms][16-bit logical counter].
+ * Maximum allowed clock drift: 5 seconds.
+ *
+ * The wall clock source is injectable for deterministic testing.
+ */
+declare class HLC {
+    private readonly wallClock;
+    private counter;
+    private lastWall;
+    /** Maximum tolerated drift between local and remote physical clocks (ms). */
+    static readonly MAX_DRIFT_MS = 5000;
+    /** Maximum value of the 16-bit logical counter. */
+    static readonly MAX_COUNTER = 65535;
+    /**
+     * Create a new HLC instance.
+     *
+     * @param wallClock - Optional injectable clock source returning epoch ms.
+     *                    Defaults to `Date.now`.
+     */
+    constructor(wallClock?: () => number);
+    /**
+     * Generate a new monotonically increasing HLC timestamp.
+     *
+     * The returned timestamp is guaranteed to be strictly greater than any
+     * previously returned by this instance.
+     */
+    now(): HLCTimestamp;
+    /**
+     * Receive a remote HLC timestamp and advance the local clock.
+     *
+     * Returns `Err(ClockDriftError)` if the remote timestamp indicates
+     * clock drift exceeding {@link MAX_DRIFT_MS}.
+     *
+     * @param remote - The HLC timestamp received from a remote node.
+     * @returns A `Result` containing the new local HLC timestamp, or a
+     *          `ClockDriftError` if the remote clock is too far ahead.
+     */
+    recv(remote: HLCTimestamp): Result<HLCTimestamp, ClockDriftError>;
+    /**
+     * Encode a wall clock value (ms) and logical counter into a 64-bit HLC timestamp.
+     *
+     * @param wall    - Wall clock component in epoch milliseconds (48-bit).
+     * @param counter - Logical counter component (16-bit, 0..65535).
+     * @returns The encoded {@link HLCTimestamp}.
+     */
+    static encode(wall: number, counter: number): HLCTimestamp;
+    /**
+     * Decode an HLC timestamp into its wall clock (ms) and logical counter components.
+     *
+     * @param ts - The {@link HLCTimestamp} to decode.
+     * @returns An object with `wall` (epoch ms) and `counter` (logical) fields.
+     */
+    static decode(ts: HLCTimestamp): {
+        wall: number;
+        counter: number;
+    };
+    /**
+     * Compare two HLC timestamps.
+     *
+     * @returns `-1` if `a < b`, `0` if `a === b`, `1` if `a > b`.
+     */
+    static compare(a: HLCTimestamp, b: HLCTimestamp): -1 | 0 | 1;
+}
+
+export { HLC as H };

package/dist/index.d.ts

@@ -0,0 +1,245 @@
+import { A as Action, a as ActionValidationError, S as SyncRulesConfig, B as BucketDefinition, R as ResolvedClaims, b as SyncRulesContext } from './types-Bs-QyOe-.js';
+export { c as ActionDescriptor, d as ActionDiscovery, e as ActionErrorResult, f as ActionExecutionError, g as ActionHandler, h as ActionNotSupportedError, i as ActionPush, j as ActionResponse, k as ActionResult, l as AuthContext, m as SyncRuleFilter, n as SyncRuleOp, o as isActionError, p as isActionHandler } from './types-Bs-QyOe-.js';
+import { H as HLCTimestamp, R as Result, C as ConflictError, L as LakeSyncError, S as SchemaError } from './result-CojzlFE2.js';
+export { A as AdapterError, a as AdapterNotFoundError, B as BackpressureError, b as ClockDriftError, E as Err, F as FlushError, O as Ok, f as flatMapResult, c as fromPromise, m as mapResult, t as toError, u as unwrapOrThrow } from './result-CojzlFE2.js';
+export { A as AuthClaims, a as AuthError, v as verifyToken } from './auth-CAVutXzx.js';
+export { B as BaseSourcePoller, I as IngestTarget, P as PollerMemoryConfig, a as PushTarget, i as isIngestTarget } from './base-poller-Qo_SmCZs.js';
+import { R as RowDelta, T as TableSchema } from './types-V_jVu2sA.js';
+export { C as ColumnDelta, D as DeltaOp, a as RowKey, S as SyncPull, b as SyncPush, c as SyncResponse, r as rowKey } from './types-V_jVu2sA.js';
+import { C as ConflictResolver } from './resolver-C3Wphi6O.js';
+import { C as ConnectorConfig } from './types-DAQL_vU_.js';
+export { B as BigQueryConnectorConfig, a as CONNECTOR_TYPES, b as ConnectorIngestConfig, c as ConnectorIngestTable, d as ConnectorType, J as JiraConnectorConfig, M as MySQLConnectorConfig, P as PostgresConnectorConfig, S as SalesforceConnectorConfig } from './types-DAQL_vU_.js';
+export { H as HLC } from './hlc-DiD8QNG3.js';
+export { b as bigintReplacer, a as bigintReviver } from './json-dYtqiL0F.js';
+
+/**
+ * Generate a deterministic action ID using SHA-256.
+ *
+ * Same pattern as `generateDeltaId` in `delta/extract.ts` — uses the
+ * Web Crypto API for cross-runtime compatibility (Node, Bun, browsers).
+ */
+declare function generateActionId(params: {
+    clientId: string;
+    hlc: HLCTimestamp;
+    connector: string;
+    actionType: string;
+    params: Record<string, unknown>;
+}): Promise<string>;
+
+/**
+ * Validate the structural integrity of an Action.
+ *
+ * Checks that all required fields are present and of the correct type.
+ * Returns a `Result` so callers never need to catch.
+ */
+declare function validateAction(action: unknown): Result<Action, ActionValidationError>;
+
+/**
+ * Column-level Last-Write-Wins conflict resolver.
+ *
+ * For each column present in both deltas, the one with the higher HLC wins.
+ * Equal HLC tiebreak: lexicographically higher clientId wins (deterministic).
+ * Columns only present in one delta are always included in the result.
+ */
+declare class LWWResolver implements ConflictResolver {
+    /**
+     * Resolve two conflicting deltas for the same row, returning the merged result.
+     *
+     * Rules:
+     * - Both DELETE: the delta with the higher HLC (or clientId tiebreak) wins.
+     * - One DELETE, one non-DELETE: the delta with the higher HLC wins.
+     *   If the DELETE wins, the row is tombstoned (empty columns).
+     *   If the non-DELETE wins, the row is resurrected.
+     * - Both non-DELETE: columns are merged per-column using LWW semantics.
+     *
+     * @param local  - The locally held delta for this row.
+     * @param remote - The incoming remote delta for this row.
+     * @returns A `Result` containing the resolved `RowDelta`, or a
+     *          `ConflictError` if the deltas refer to different tables/rows.
+     */
+    resolve(local: RowDelta, remote: RowDelta): Result<RowDelta, ConflictError>;
+}
+/**
+ * Convenience function — resolves two conflicting deltas using the
+ * column-level Last-Write-Wins strategy.
+ *
+ * @param local  - The locally held delta for this row.
+ * @param remote - The incoming remote delta for this row.
+ * @returns A `Result` containing the resolved `RowDelta`, or a
+ *          `ConflictError` if the deltas refer to different tables/rows.
+ */
+declare function resolveLWW(local: RowDelta, remote: RowDelta): Result<RowDelta, ConflictError>;
+
+/** Connector configuration validation error. */
+declare class ConnectorValidationError extends LakeSyncError {
+    constructor(message: string, cause?: Error);
+}
+
+/**
+ * Validate a connector configuration for structural correctness.
+ *
+ * Checks:
+ * - `name` is a non-empty string
+ * - `type` is one of the supported connector types
+ * - Type-specific config object is present and valid
+ * - Optional ingest config has valid table definitions
+ *
+ * @param input - Raw input to validate.
+ * @returns The validated {@link ConnectorConfig} or a validation error.
+ */
+declare function validateConnectorConfig(input: unknown): Result<ConnectorConfig, ConnectorValidationError>;
+
+/**
+ * Apply a delta to an existing row, returning the merged result.
+ *
+ * - DELETE → returns null
+ * - INSERT → creates a new row from delta columns
+ * - UPDATE → merges delta columns onto existing row (immutable — returns a new object)
+ *
+ * @param row - The current row state, or null if no row exists
+ * @param delta - The delta to apply
+ * @returns The merged row, or null for DELETE operations
+ */
+declare function applyDelta(row: Record<string, unknown> | null, delta: RowDelta): Record<string, unknown> | null;
+
+/**
+ * Extract a column-level delta between two row states.
+ *
+ * - `before` null/undefined + `after` present -> INSERT (all columns)
+ * - `before` present + `after` null/undefined -> DELETE (empty columns)
+ * - Both present -> compare each column, emit only changed columns as UPDATE
+ * - No columns changed -> returns null (no-op)
+ *
+ * If `schema` is provided, only columns listed in the schema are considered.
+ *
+ * @param before - The previous row state, or null/undefined for a new row
+ * @param after - The current row state, or null/undefined for a deleted row
+ * @param opts - Table name, row ID, client ID, HLC timestamp, and optional schema
+ * @returns The extracted RowDelta, or null if nothing changed
+ */
+declare function extractDelta(before: Record<string, unknown> | null | undefined, after: Record<string, unknown> | null | undefined, opts: {
+    table: string;
+    rowId: string;
+    clientId: string;
+    hlc: HLCTimestamp;
+    schema?: TableSchema;
+}): Promise<RowDelta | null>;
+
+/**
+ * Create a pass-all sync rules configuration.
+ *
+ * Every delta reaches every client — equivalent to having no rules at all.
+ * Useful for apps without multi-tenancy or per-user data isolation.
+ */
+declare function createPassAllRules(): SyncRulesConfig;
+/**
+ * Create user-scoped sync rules configuration.
+ *
+ * Filters rows by matching a configurable column against the JWT `sub` claim,
+ * so each client only receives deltas belonging to the authenticated user.
+ *
+ * @param tables - Which tables to scope. Empty array means all tables.
+ * @param userColumn - Column to match against `jwt:sub`. Defaults to `"user_id"`.
+ */
+declare function createUserScopedRules(tables: string[], userColumn?: string): SyncRulesConfig;
+
+/** Sync rule configuration or evaluation error */
+declare class SyncRuleError extends LakeSyncError {
+    constructor(message: string, cause?: Error);
+}
+
+/**
+ * Resolve a filter value, substituting JWT claim references.
+ *
+ * Values prefixed with `jwt:` are looked up in the claims record.
+ * Literal values are returned as-is (wrapped in an array for uniform handling).
+ *
+ * @param value - The filter value string (e.g. "jwt:sub" or "tenant-1")
+ * @param claims - Resolved JWT claims
+ * @returns An array of resolved values, or an empty array if the claim is missing
+ */
+declare function resolveFilterValue(value: string, claims: ResolvedClaims): string[];
+/**
+ * Check whether a delta matches a single bucket definition.
+ *
+ * A delta matches if:
+ * 1. The bucket's `tables` list is empty (matches all tables) or includes the delta's table
+ * 2. All filters match (conjunctive AND):
+ *    - `eq`: the delta column value equals one of the resolved filter values
+ *    - `in`: the delta column value is contained in the resolved filter values
+ *
+ * @param delta - The row delta to evaluate
+ * @param bucket - The bucket definition
+ * @param claims - Resolved JWT claims
+ * @returns true if the delta matches this bucket
+ */
+declare function deltaMatchesBucket(delta: RowDelta, bucket: BucketDefinition, claims: ResolvedClaims): boolean;
+/**
+ * Filter an array of deltas by sync rules.
+ *
+ * A delta is included if it matches **any** bucket (union across buckets).
+ * If no sync rules are configured (empty buckets), all deltas pass through.
+ *
+ * @param deltas - The deltas to filter
+ * @param context - Sync rules context (rules + resolved claims)
+ * @returns Filtered array of deltas
+ */
+declare function filterDeltas(deltas: RowDelta[], context: SyncRulesContext): RowDelta[];
+/**
+ * Determine which buckets a client matches based on their claims.
+ *
+ * A client matches a bucket if the bucket has no table-level restrictions
+ * or if the client's claims satisfy all filter conditions for at least
+ * one possible row. This is used for bucket-level access decisions, not
+ * row-level filtering.
+ *
+ * @param rules - The sync rules configuration
+ * @param claims - Resolved JWT claims
+ * @returns Array of bucket names the client matches
+ */
+declare function resolveClientBuckets(rules: SyncRulesConfig, claims: ResolvedClaims): string[];
+/**
+ * Validate a sync rules configuration for structural correctness.
+ *
+ * Checks:
+ * - Version is a positive integer
+ * - Buckets is an array
+ * - Each bucket has a non-empty name, valid tables array, valid filters
+ * - Filter operators are "eq" or "in"
+ * - Filter values and columns are non-empty strings
+ * - Bucket names are unique
+ *
+ * @param config - The sync rules configuration to validate
+ * @returns Ok(void) if valid, Err(SyncRuleError) with details if invalid
+ */
+declare function validateSyncRules(config: unknown): Result<void, SyncRuleError>;
+
+/**
+ * Check whether a string is a valid SQL identifier.
+ *
+ * Valid identifiers start with a letter or underscore, contain only
+ * alphanumeric characters and underscores, and are at most 64 characters long.
+ *
+ * @param name - The identifier to validate
+ * @returns `true` if valid, `false` otherwise
+ */
+declare function isValidIdentifier(name: string): boolean;
+/**
+ * Assert that a string is a valid SQL identifier, returning a Result.
+ *
+ * @param name - The identifier to validate
+ * @returns Ok(undefined) if valid, Err(SchemaError) if invalid
+ */
+declare function assertValidIdentifier(name: string): Result<void, SchemaError>;
+/**
+ * Quote a SQL identifier using double quotes as defence-in-depth.
+ *
+ * Any embedded double-quote characters are escaped by doubling them,
+ * following the SQL standard for delimited identifiers.
+ *
+ * @param name - The identifier to quote
+ * @returns The double-quoted identifier string
+ */
+declare function quoteIdentifier(name: string): string;
+
+export { Action, ActionValidationError, BucketDefinition, ConflictError, ConflictResolver, ConnectorConfig, ConnectorValidationError, HLCTimestamp, LWWResolver, LakeSyncError, ResolvedClaims, Result, RowDelta, SchemaError, SyncRuleError, SyncRulesConfig, SyncRulesContext, TableSchema, applyDelta, assertValidIdentifier, createPassAllRules, createUserScopedRules, deltaMatchesBucket, extractDelta, filterDeltas, generateActionId, isValidIdentifier, quoteIdentifier, resolveClientBuckets, resolveFilterValue, resolveLWW, validateAction, validateConnectorConfig, validateSyncRules };

package/dist/index.js

@@ -0,0 +1,102 @@
+import {
+  ActionExecutionError,
+  ActionNotSupportedError,
+  ActionValidationError,
+  AdapterError,
+  AdapterNotFoundError,
+  AuthError,
+  BackpressureError,
+  BaseSourcePoller,
+  CONNECTOR_TYPES,
+  ClockDriftError,
+  ConflictError,
+  ConnectorValidationError,
+  Err,
+  FlushError,
+  HLC,
+  LWWResolver,
+  LakeSyncError,
+  Ok,
+  SchemaError,
+  SyncRuleError,
+  applyDelta,
+  assertValidIdentifier,
+  bigintReplacer,
+  bigintReviver,
+  createPassAllRules,
+  createUserScopedRules,
+  deltaMatchesBucket,
+  extractDelta,
+  filterDeltas,
+  flatMapResult,
+  fromPromise,
+  generateActionId,
+  isActionError,
+  isActionHandler,
+  isIngestTarget,
+  isValidIdentifier,
+  mapResult,
+  quoteIdentifier,
+  resolveClientBuckets,
+  resolveFilterValue,
+  resolveLWW,
+  rowKey,
+  toError,
+  unwrapOrThrow,
+  validateAction,
+  validateConnectorConfig,
+  validateSyncRules,
+  verifyToken
+} from "./chunk-ICNT7I3K.js";
+import "./chunk-7D4SUZUM.js";
+export {
+  ActionExecutionError,
+  ActionNotSupportedError,
+  ActionValidationError,
+  AdapterError,
+  AdapterNotFoundError,
+  AuthError,
+  BackpressureError,
+  BaseSourcePoller,
+  CONNECTOR_TYPES,
+  ClockDriftError,
+  ConflictError,
+  ConnectorValidationError,
+  Err,
+  FlushError,
+  HLC,
+  LWWResolver,
+  LakeSyncError,
+  Ok,
+  SchemaError,
+  SyncRuleError,
+  applyDelta,
+  assertValidIdentifier,
+  bigintReplacer,
+  bigintReviver,
+  createPassAllRules,
+  createUserScopedRules,
+  deltaMatchesBucket,
+  extractDelta,
+  filterDeltas,
+  flatMapResult,
+  fromPromise,
+  generateActionId,
+  isActionError,
+  isActionHandler,
+  isIngestTarget,
+  isValidIdentifier,
+  mapResult,
+  quoteIdentifier,
+  resolveClientBuckets,
+  resolveFilterValue,
+  resolveLWW,
+  rowKey,
+  toError,
+  unwrapOrThrow,
+  validateAction,
+  validateConnectorConfig,
+  validateSyncRules,
+  verifyToken
+};
+//# sourceMappingURL=index.js.map