lakesync 0.1.0

package/dist/chunk-ICNT7I3K.js

@@ -0,0 +1,1180 @@
+// ../core/src/result/errors.ts
+var LakeSyncError = class extends Error {
+  code;
+  cause;
+  constructor(message, code, cause) {
+    super(message);
+    this.name = this.constructor.name;
+    this.code = code;
+    this.cause = cause;
+  }
+};
+var ClockDriftError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "CLOCK_DRIFT", cause);
+  }
+};
+var ConflictError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "CONFLICT", cause);
+  }
+};
+var FlushError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "FLUSH_FAILED", cause);
+  }
+};
+var SchemaError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "SCHEMA_MISMATCH", cause);
+  }
+};
+var AdapterError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "ADAPTER_ERROR", cause);
+  }
+};
+var AdapterNotFoundError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "ADAPTER_NOT_FOUND", cause);
+  }
+};
+var BackpressureError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "BACKPRESSURE", cause);
+  }
+};
+function toError(err) {
+  return err instanceof Error ? err : new Error(String(err));
+}
+
+// ../core/src/action/errors.ts
+var ActionExecutionError = class extends LakeSyncError {
+  retryable;
+  constructor(message, retryable, cause) {
+    super(message, "ACTION_EXECUTION_ERROR", cause);
+    this.retryable = retryable;
+  }
+};
+var ActionNotSupportedError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "ACTION_NOT_SUPPORTED", cause);
+  }
+};
+var ActionValidationError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "ACTION_VALIDATION_ERROR", cause);
+  }
+};
+
+// ../core/src/action/generate-id.ts
+import stableStringify from "fast-json-stable-stringify";
+async function generateActionId(params) {
+  const payload = stableStringify({
+    clientId: params.clientId,
+    hlc: params.hlc.toString(),
+    connector: params.connector,
+    actionType: params.actionType,
+    params: params.params
+  });
+  const data = new TextEncoder().encode(payload);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const bytes = new Uint8Array(hashBuffer);
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+
+// ../core/src/action/types.ts
+function isActionError(result) {
+  return "code" in result && "retryable" in result;
+}
+
+// ../core/src/result/result.ts
+function Ok(value) {
+  return { ok: true, value };
+}
+function Err(error) {
+  return { ok: false, error };
+}
+function mapResult(result, fn) {
+  if (result.ok) {
+    return Ok(fn(result.value));
+  }
+  return result;
+}
+function flatMapResult(result, fn) {
+  if (result.ok) {
+    return fn(result.value);
+  }
+  return result;
+}
+function unwrapOrThrow(result) {
+  if (result.ok) {
+    return result.value;
+  }
+  throw result.error;
+}
+async function fromPromise(promise) {
+  try {
+    const value = await promise;
+    return Ok(value);
+  } catch (error) {
+    return Err(error instanceof Error ? error : new Error(String(error)));
+  }
+}
+
+// ../core/src/action/validate.ts
+function validateAction(action) {
+  if (action === null || typeof action !== "object") {
+    return Err(new ActionValidationError("Action must be a non-null object"));
+  }
+  const a = action;
+  if (typeof a.actionId !== "string" || a.actionId.length === 0) {
+    return Err(new ActionValidationError("actionId must be a non-empty string"));
+  }
+  if (typeof a.clientId !== "string" || a.clientId.length === 0) {
+    return Err(new ActionValidationError("clientId must be a non-empty string"));
+  }
+  if (typeof a.hlc !== "bigint") {
+    return Err(new ActionValidationError("hlc must be a bigint"));
+  }
+  if (typeof a.connector !== "string" || a.connector.length === 0) {
+    return Err(new ActionValidationError("connector must be a non-empty string"));
+  }
+  if (typeof a.actionType !== "string" || a.actionType.length === 0) {
+    return Err(new ActionValidationError("actionType must be a non-empty string"));
+  }
+  if (a.params === null || typeof a.params !== "object" || Array.isArray(a.params)) {
+    return Err(new ActionValidationError("params must be a non-null object"));
+  }
+  if (a.idempotencyKey !== void 0 && typeof a.idempotencyKey !== "string") {
+    return Err(new ActionValidationError("idempotencyKey must be a string if provided"));
+  }
+  return Ok(action);
+}
+
+// ../core/src/auth.ts
+var AuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthError";
+  }
+};
+function base64urlDecode(input) {
+  const base64 = input.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64.padEnd(base64.length + (4 - base64.length % 4) % 4, "=");
+  const binary = atob(padded);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function parseJson(text) {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+async function verifyToken(token, secret) {
+  const parts = token.split(".");
+  if (parts.length !== 3) {
+    return Err(new AuthError("Malformed JWT: expected three dot-separated segments"));
+  }
+  const [headerB64, payloadB64, signatureB64] = parts;
+  if (!headerB64 || !payloadB64 || !signatureB64) {
+    return Err(new AuthError("Malformed JWT: empty segment"));
+  }
+  let headerBytes;
+  try {
+    headerBytes = base64urlDecode(headerB64);
+  } catch {
+    return Err(new AuthError("Malformed JWT: invalid base64url in header"));
+  }
+  const header = parseJson(new TextDecoder().decode(headerBytes));
+  if (!header || header.alg !== "HS256" || header.typ !== "JWT") {
+    return Err(new AuthError('Unsupported JWT: header must be {"alg":"HS256","typ":"JWT"}'));
+  }
+  const encoder = new TextEncoder();
+  const keyData = encoder.encode(secret);
+  let cryptoKey;
+  try {
+    cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      keyData,
+      { name: "HMAC", hash: "SHA-256" },
+      false,
+      ["verify"]
+    );
+  } catch {
+    return Err(new AuthError("Failed to import HMAC key"));
+  }
+  let signatureBytes;
+  try {
+    signatureBytes = base64urlDecode(signatureB64);
+  } catch {
+    return Err(new AuthError("Malformed JWT: invalid base64url in signature"));
+  }
+  const signingInput = encoder.encode(`${headerB64}.${payloadB64}`);
+  let valid;
+  try {
+    valid = await crypto.subtle.verify(
+      "HMAC",
+      cryptoKey,
+      signatureBytes,
+      signingInput
+    );
+  } catch {
+    return Err(new AuthError("Signature verification failed"));
+  }
+  if (!valid) {
+    return Err(new AuthError("Invalid JWT signature"));
+  }
+  let payloadBytes;
+  try {
+    payloadBytes = base64urlDecode(payloadB64);
+  } catch {
+    return Err(new AuthError("Malformed JWT: invalid base64url in payload"));
+  }
+  const payload = parseJson(new TextDecoder().decode(payloadBytes));
+  if (!payload) {
+    return Err(new AuthError("Malformed JWT: payload is not valid JSON"));
+  }
+  if (payload.exp === void 0 || typeof payload.exp !== "number") {
+    return Err(new AuthError('Missing or invalid "exp" claim (expiry)'));
+  }
+  const nowSeconds = Math.floor(Date.now() / 1e3);
+  if (payload.exp <= nowSeconds) {
+    return Err(new AuthError("JWT has expired"));
+  }
+  if (typeof payload.sub !== "string" || payload.sub.length === 0) {
+    return Err(new AuthError('Missing or invalid "sub" claim (clientId)'));
+  }
+  if (typeof payload.gw !== "string" || payload.gw.length === 0) {
+    return Err(new AuthError('Missing or invalid "gw" claim (gatewayId)'));
+  }
+  const standardClaims = /* @__PURE__ */ new Set(["sub", "gw", "exp", "iat", "iss", "aud", "role"]);
+  const customClaims = {};
+  for (const [key, value] of Object.entries(payload)) {
+    if (standardClaims.has(key)) continue;
+    if (typeof value === "string") {
+      customClaims[key] = value;
+    } else if (Array.isArray(value) && value.every((v) => typeof v === "string")) {
+      customClaims[key] = value;
+    }
+  }
+  customClaims.sub = payload.sub;
+  const role = typeof payload.role === "string" && payload.role.length > 0 ? payload.role : "client";
+  return Ok({
+    clientId: payload.sub,
+    gatewayId: payload.gw,
+    role,
+    customClaims
+  });
+}
+
+// ../core/src/hlc/hlc.ts
+var HLC = class _HLC {
+  wallClock;
+  counter = 0;
+  lastWall = 0;
+  /** Maximum tolerated drift between local and remote physical clocks (ms). */
+  static MAX_DRIFT_MS = 5e3;
+  /** Maximum value of the 16-bit logical counter. */
+  static MAX_COUNTER = 65535;
+  /**
+   * Create a new HLC instance.
+   *
+   * @param wallClock - Optional injectable clock source returning epoch ms.
+   *                    Defaults to `Date.now`.
+   */
+  constructor(wallClock) {
+    this.wallClock = wallClock ?? (() => Date.now());
+  }
+  /**
+   * Generate a new monotonically increasing HLC timestamp.
+   *
+   * The returned timestamp is guaranteed to be strictly greater than any
+   * previously returned by this instance.
+   */
+  now() {
+    const physical = this.wallClock();
+    const wall = Math.max(physical, this.lastWall);
+    if (wall === this.lastWall) {
+      this.counter++;
+      if (this.counter > _HLC.MAX_COUNTER) {
+        this.lastWall = wall + 1;
+        this.counter = 0;
+      }
+    } else {
+      this.lastWall = wall;
+      this.counter = 0;
+    }
+    return _HLC.encode(this.lastWall, this.counter);
+  }
+  /**
+   * Receive a remote HLC timestamp and advance the local clock.
+   *
+   * Returns `Err(ClockDriftError)` if the remote timestamp indicates
+   * clock drift exceeding {@link MAX_DRIFT_MS}.
+   *
+   * @param remote - The HLC timestamp received from a remote node.
+   * @returns A `Result` containing the new local HLC timestamp, or a
+   *          `ClockDriftError` if the remote clock is too far ahead.
+   */
+  recv(remote) {
+    const { wall: remoteWall, counter: remoteCounter } = _HLC.decode(remote);
+    const physical = this.wallClock();
+    const localWall = Math.max(physical, this.lastWall);
+    if (remoteWall - physical > _HLC.MAX_DRIFT_MS) {
+      return Err(
+        new ClockDriftError(
+          `Remote clock is ${remoteWall - physical}ms ahead (max drift: ${_HLC.MAX_DRIFT_MS}ms)`
+        )
+      );
+    }
+    if (remoteWall > localWall) {
+      this.lastWall = remoteWall;
+      this.counter = remoteCounter + 1;
+    } else if (remoteWall === localWall) {
+      this.lastWall = localWall;
+      this.counter = Math.max(this.counter, remoteCounter) + 1;
+    } else {
+      this.lastWall = localWall;
+      this.counter++;
+    }
+    if (this.counter > _HLC.MAX_COUNTER) {
+      this.lastWall = this.lastWall + 1;
+      this.counter = 0;
+    }
+    return Ok(_HLC.encode(this.lastWall, this.counter));
+  }
+  /**
+   * Encode a wall clock value (ms) and logical counter into a 64-bit HLC timestamp.
+   *
+   * @param wall    - Wall clock component in epoch milliseconds (48-bit).
+   * @param counter - Logical counter component (16-bit, 0..65535).
+   * @returns The encoded {@link HLCTimestamp}.
+   */
+  static encode(wall, counter) {
+    return BigInt(wall) << 16n | BigInt(counter & 65535);
+  }
+  /**
+   * Decode an HLC timestamp into its wall clock (ms) and logical counter components.
+   *
+   * @param ts - The {@link HLCTimestamp} to decode.
+   * @returns An object with `wall` (epoch ms) and `counter` (logical) fields.
+   */
+  static decode(ts) {
+    return {
+      wall: Number(ts >> 16n),
+      counter: Number(ts & 0xffffn)
+    };
+  }
+  /**
+   * Compare two HLC timestamps.
+   *
+   * @returns `-1` if `a < b`, `0` if `a === b`, `1` if `a > b`.
+   */
+  static compare(a, b) {
+    if (a < b) return -1;
+    if (a > b) return 1;
+    return 0;
+  }
+};
+
+// ../core/src/base-poller.ts
+function isIngestTarget(target) {
+  return typeof target.flush === "function" && typeof target.shouldFlush === "function" && "bufferStats" in target;
+}
+var DEFAULT_CHUNK_SIZE = 500;
+var DEFAULT_FLUSH_THRESHOLD = 0.7;
+var BaseSourcePoller = class {
+  gateway;
+  hlc;
+  clientId;
+  intervalMs;
+  timer = null;
+  running = false;
+  chunkSize;
+  memoryBudgetBytes;
+  flushThreshold;
+  pendingDeltas = [];
+  constructor(config) {
+    this.gateway = config.gateway;
+    this.hlc = new HLC();
+    this.clientId = `ingest:${config.name}`;
+    this.intervalMs = config.intervalMs;
+    this.chunkSize = config.memory?.chunkSize ?? DEFAULT_CHUNK_SIZE;
+    this.memoryBudgetBytes = config.memory?.memoryBudgetBytes;
+    this.flushThreshold = config.memory?.flushThreshold ?? DEFAULT_FLUSH_THRESHOLD;
+  }
+  /** Start the polling loop. */
+  start() {
+    if (this.running) return;
+    this.running = true;
+    this.schedulePoll();
+  }
+  /** Stop the polling loop. */
+  stop() {
+    this.running = false;
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+  }
+  /** Whether the poller is currently running. */
+  get isRunning() {
+    return this.running;
+  }
+  /** Push collected deltas to the gateway (single-shot, backward compat). */
+  pushDeltas(deltas) {
+    if (deltas.length === 0) return;
+    const push = {
+      clientId: this.clientId,
+      deltas,
+      lastSeenHlc: 0n
+    };
+    this.gateway.handlePush(push);
+  }
+  /**
+   * Accumulate a single delta. When `chunkSize` is reached, the pending
+   * deltas are automatically pushed (and flushed if needed).
+   */
+  async accumulateDelta(delta) {
+    this.pendingDeltas.push(delta);
+    if (this.pendingDeltas.length >= this.chunkSize) {
+      await this.pushPendingChunk();
+    }
+  }
+  /** Flush any remaining accumulated deltas. Call at the end of `poll()`. */
+  async flushAccumulator() {
+    if (this.pendingDeltas.length > 0) {
+      await this.pushPendingChunk();
+    }
+  }
+  /**
+   * Push a chunk of pending deltas. If the gateway is an IngestTarget,
+   * checks memory pressure and flushes before/after push when needed.
+   * On backpressure, flushes once and retries.
+   */
+  async pushPendingChunk() {
+    const chunk = this.pendingDeltas;
+    this.pendingDeltas = [];
+    await this.pushChunkWithFlush(chunk);
+  }
+  async pushChunkWithFlush(chunk) {
+    if (chunk.length === 0) return;
+    const target = this.gateway;
+    if (isIngestTarget(target)) {
+      if (this.shouldFlushTarget(target)) {
+        await target.flush();
+      }
+    }
+    const push = {
+      clientId: this.clientId,
+      deltas: chunk,
+      lastSeenHlc: 0n
+    };
+    const result = target.handlePush(push);
+    if (result && typeof result === "object" && "ok" in result && !result.ok) {
+      if (isIngestTarget(target)) {
+        await target.flush();
+        target.handlePush(push);
+      }
+    }
+  }
+  shouldFlushTarget(target) {
+    if (target.shouldFlush()) return true;
+    if (this.memoryBudgetBytes != null) {
+      const threshold = Math.floor(this.memoryBudgetBytes * this.flushThreshold);
+      if (target.bufferStats.byteSize >= threshold) return true;
+    }
+    return false;
+  }
+  schedulePoll() {
+    if (!this.running) return;
+    this.timer = setTimeout(async () => {
+      try {
+        await this.poll();
+      } catch {
+      }
+      this.schedulePoll();
+    }, this.intervalMs);
+  }
+};
+
+// ../core/src/conflict/lww.ts
+var LWWResolver = class {
+  /**
+   * Resolve two conflicting deltas for the same row, returning the merged result.
+   *
+   * Rules:
+   * - Both DELETE: the delta with the higher HLC (or clientId tiebreak) wins.
+   * - One DELETE, one non-DELETE: the delta with the higher HLC wins.
+   *   If the DELETE wins, the row is tombstoned (empty columns).
+   *   If the non-DELETE wins, the row is resurrected.
+   * - Both non-DELETE: columns are merged per-column using LWW semantics.
+   *
+   * @param local  - The locally held delta for this row.
+   * @param remote - The incoming remote delta for this row.
+   * @returns A `Result` containing the resolved `RowDelta`, or a
+   *          `ConflictError` if the deltas refer to different tables/rows.
+   */
+  resolve(local, remote) {
+    if (local.table !== remote.table || local.rowId !== remote.rowId) {
+      return Err(
+        new ConflictError(
+          `Cannot resolve conflict: mismatched table/rowId (${local.table}:${local.rowId} vs ${remote.table}:${remote.rowId})`
+        )
+      );
+    }
+    const winner = pickWinner(local, remote);
+    if (local.op === "DELETE" && remote.op === "DELETE") {
+      return Ok({ ...winner, columns: [] });
+    }
+    if (local.op === "DELETE" || remote.op === "DELETE") {
+      const deleteDelta = local.op === "DELETE" ? local : remote;
+      const otherDelta = local.op === "DELETE" ? remote : local;
+      if (deleteDelta === winner) {
+        return Ok({ ...deleteDelta, columns: [] });
+      }
+      return Ok({ ...otherDelta });
+    }
+    const mergedColumns = mergeColumns(local, remote);
+    const op = local.op === "INSERT" && remote.op === "INSERT" ? "INSERT" : "UPDATE";
+    return Ok({
+      op,
+      table: local.table,
+      rowId: local.rowId,
+      clientId: winner.clientId,
+      columns: mergedColumns,
+      hlc: winner.hlc,
+      deltaId: winner.deltaId
+    });
+  }
+};
+function pickWinner(local, remote) {
+  const cmp = HLC.compare(local.hlc, remote.hlc);
+  if (cmp > 0) return local;
+  if (cmp < 0) return remote;
+  return local.clientId > remote.clientId ? local : remote;
+}
+function mergeColumns(local, remote) {
+  const localMap = new Map(local.columns.map((c) => [c.column, c]));
+  const remoteMap = new Map(remote.columns.map((c) => [c.column, c]));
+  const allColumns = /* @__PURE__ */ new Set([...localMap.keys(), ...remoteMap.keys()]);
+  const winner = pickWinner(local, remote);
+  const merged = [];
+  for (const col of allColumns) {
+    const localCol = localMap.get(col);
+    const remoteCol = remoteMap.get(col);
+    if (!remoteCol) {
+      merged.push(localCol);
+    } else if (!localCol) {
+      merged.push(remoteCol);
+    } else {
+      merged.push(winner === local ? localCol : remoteCol);
+    }
+  }
+  return merged;
+}
+var _singleton = new LWWResolver();
+function resolveLWW(local, remote) {
+  return _singleton.resolve(local, remote);
+}
+
+// ../core/src/connector/action-handler.ts
+function isActionHandler(obj) {
+  if (obj === null || typeof obj !== "object") return false;
+  const candidate = obj;
+  return Array.isArray(candidate.supportedActions) && typeof candidate.executeAction === "function";
+}
+
+// ../core/src/connector/errors.ts
+var ConnectorValidationError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "CONNECTOR_VALIDATION", cause);
+  }
+};
+
+// ../core/src/connector/types.ts
+var CONNECTOR_TYPES = ["postgres", "mysql", "bigquery", "jira", "salesforce"];
+
+// ../core/src/connector/validate.ts
+var VALID_STRATEGIES = /* @__PURE__ */ new Set(["cursor", "diff"]);
+function validateConnectorConfig(input) {
+  if (typeof input !== "object" || input === null) {
+    return Err(new ConnectorValidationError("Connector config must be an object"));
+  }
+  const obj = input;
+  if (typeof obj.name !== "string" || obj.name.length === 0) {
+    return Err(new ConnectorValidationError("Connector name must be a non-empty string"));
+  }
+  if (typeof obj.type !== "string" || !CONNECTOR_TYPES.includes(obj.type)) {
+    return Err(
+      new ConnectorValidationError(`Connector type must be one of: ${CONNECTOR_TYPES.join(", ")}`)
+    );
+  }
+  const connectorType = obj.type;
+  switch (connectorType) {
+    case "postgres": {
+      const pg = obj.postgres;
+      if (typeof pg !== "object" || pg === null) {
+        return Err(
+          new ConnectorValidationError(
+            'Connector type "postgres" requires a postgres config object'
+          )
+        );
+      }
+      const pgObj = pg;
+      if (typeof pgObj.connectionString !== "string" || pgObj.connectionString.length === 0) {
+        return Err(
+          new ConnectorValidationError("Postgres connector requires a non-empty connectionString")
+        );
+      }
+      break;
+    }
+    case "mysql": {
+      const my = obj.mysql;
+      if (typeof my !== "object" || my === null) {
+        return Err(
+          new ConnectorValidationError('Connector type "mysql" requires a mysql config object')
+        );
+      }
+      const myObj = my;
+      if (typeof myObj.connectionString !== "string" || myObj.connectionString.length === 0) {
+        return Err(
+          new ConnectorValidationError("MySQL connector requires a non-empty connectionString")
+        );
+      }
+      break;
+    }
+    case "bigquery": {
+      const bq = obj.bigquery;
+      if (typeof bq !== "object" || bq === null) {
+        return Err(
+          new ConnectorValidationError(
+            'Connector type "bigquery" requires a bigquery config object'
+          )
+        );
+      }
+      const bqObj = bq;
+      if (typeof bqObj.projectId !== "string" || bqObj.projectId.length === 0) {
+        return Err(
+          new ConnectorValidationError("BigQuery connector requires a non-empty projectId")
+        );
+      }
+      if (typeof bqObj.dataset !== "string" || bqObj.dataset.length === 0) {
+        return Err(new ConnectorValidationError("BigQuery connector requires a non-empty dataset"));
+      }
+      break;
+    }
+    case "jira": {
+      const jira = obj.jira;
+      if (typeof jira !== "object" || jira === null) {
+        return Err(
+          new ConnectorValidationError('Connector type "jira" requires a jira config object')
+        );
+      }
+      const jiraObj = jira;
+      if (typeof jiraObj.domain !== "string" || jiraObj.domain.length === 0) {
+        return Err(new ConnectorValidationError("Jira connector requires a non-empty domain"));
+      }
+      if (typeof jiraObj.email !== "string" || jiraObj.email.length === 0) {
+        return Err(new ConnectorValidationError("Jira connector requires a non-empty email"));
+      }
+      if (typeof jiraObj.apiToken !== "string" || jiraObj.apiToken.length === 0) {
+        return Err(new ConnectorValidationError("Jira connector requires a non-empty apiToken"));
+      }
+      break;
+    }
+    case "salesforce": {
+      const sf = obj.salesforce;
+      if (typeof sf !== "object" || sf === null) {
+        return Err(
+          new ConnectorValidationError(
+            'Connector type "salesforce" requires a salesforce config object'
+          )
+        );
+      }
+      const sfObj = sf;
+      if (typeof sfObj.instanceUrl !== "string" || sfObj.instanceUrl.length === 0) {
+        return Err(
+          new ConnectorValidationError("Salesforce connector requires a non-empty instanceUrl")
+        );
+      }
+      if (typeof sfObj.clientId !== "string" || sfObj.clientId.length === 0) {
+        return Err(
+          new ConnectorValidationError("Salesforce connector requires a non-empty clientId")
+        );
+      }
+      if (typeof sfObj.clientSecret !== "string" || sfObj.clientSecret.length === 0) {
+        return Err(
+          new ConnectorValidationError("Salesforce connector requires a non-empty clientSecret")
+        );
+      }
+      if (typeof sfObj.username !== "string" || sfObj.username.length === 0) {
+        return Err(
+          new ConnectorValidationError("Salesforce connector requires a non-empty username")
+        );
+      }
+      if (typeof sfObj.password !== "string" || sfObj.password.length === 0) {
+        return Err(
+          new ConnectorValidationError("Salesforce connector requires a non-empty password")
+        );
+      }
+      break;
+    }
+  }
+  if (obj.ingest !== void 0) {
+    if (typeof obj.ingest !== "object" || obj.ingest === null) {
+      return Err(new ConnectorValidationError("Ingest config must be an object"));
+    }
+    const ingest = obj.ingest;
+    if (connectorType === "jira" || connectorType === "salesforce") {
+      if (ingest.intervalMs !== void 0) {
+        if (typeof ingest.intervalMs !== "number" || ingest.intervalMs < 1) {
+          return Err(new ConnectorValidationError("Ingest intervalMs must be a positive number"));
+        }
+      }
+      return Ok(input);
+    }
+    if (!Array.isArray(ingest.tables) || ingest.tables.length === 0) {
+      return Err(new ConnectorValidationError("Ingest config must have a non-empty tables array"));
+    }
+    for (let i = 0; i < ingest.tables.length; i++) {
+      const table = ingest.tables[i];
+      if (typeof table !== "object" || table === null) {
+        return Err(new ConnectorValidationError(`Ingest table at index ${i} must be an object`));
+      }
+      if (typeof table.table !== "string" || table.table.length === 0) {
+        return Err(
+          new ConnectorValidationError(
+            `Ingest table at index ${i} must have a non-empty table name`
+          )
+        );
+      }
+      if (typeof table.query !== "string" || table.query.length === 0) {
+        return Err(
+          new ConnectorValidationError(`Ingest table at index ${i} must have a non-empty query`)
+        );
+      }
+      if (typeof table.strategy !== "object" || table.strategy === null) {
+        return Err(
+          new ConnectorValidationError(`Ingest table at index ${i} must have a strategy object`)
+        );
+      }
+      const strategy = table.strategy;
+      if (!VALID_STRATEGIES.has(strategy.type)) {
+        return Err(
+          new ConnectorValidationError(
+            `Ingest table at index ${i} strategy type must be "cursor" or "diff"`
+          )
+        );
+      }
+      if (strategy.type === "cursor") {
+        if (typeof strategy.cursorColumn !== "string" || strategy.cursorColumn.length === 0) {
+          return Err(
+            new ConnectorValidationError(
+              `Ingest table at index ${i} cursor strategy requires a non-empty cursorColumn`
+            )
+          );
+        }
+      }
+    }
+    if (ingest.intervalMs !== void 0) {
+      if (typeof ingest.intervalMs !== "number" || ingest.intervalMs < 1) {
+        return Err(new ConnectorValidationError("Ingest intervalMs must be a positive number"));
+      }
+    }
+  }
+  return Ok(input);
+}
+
+// ../core/src/delta/apply.ts
+function applyDelta(row, delta) {
+  if (delta.op === "DELETE") return null;
+  const base = row ? { ...row } : {};
+  for (const col of delta.columns) {
+    base[col.column] = col.value;
+  }
+  return base;
+}
+
+// ../core/src/delta/extract.ts
+import equal from "fast-deep-equal";
+import stableStringify2 from "fast-json-stable-stringify";
+async function extractDelta(before, after, opts) {
+  const { table, rowId, clientId, hlc, schema } = opts;
+  const beforeExists = before != null;
+  const afterExists = after != null;
+  if (!beforeExists && !afterExists) {
+    return null;
+  }
+  if (!beforeExists && afterExists) {
+    const columns2 = buildColumns(after, schema);
+    const deltaId2 = await generateDeltaId({ clientId, hlc, table, rowId, columns: columns2 });
+    return { op: "INSERT", table, rowId, clientId, columns: columns2, hlc, deltaId: deltaId2 };
+  }
+  if (beforeExists && !afterExists) {
+    const columns2 = [];
+    const deltaId2 = await generateDeltaId({ clientId, hlc, table, rowId, columns: columns2 });
+    return { op: "DELETE", table, rowId, clientId, columns: columns2, hlc, deltaId: deltaId2 };
+  }
+  const columns = diffColumns(before, after, schema);
+  if (columns.length === 0) {
+    return null;
+  }
+  const deltaId = await generateDeltaId({ clientId, hlc, table, rowId, columns });
+  return { op: "UPDATE", table, rowId, clientId, columns, hlc, deltaId };
+}
+function allowedSet(schema) {
+  return schema ? new Set(schema.columns.map((c) => c.name)) : null;
+}
+function buildColumns(row, schema) {
+  const allowed = allowedSet(schema);
+  const columns = [];
+  for (const [key, value] of Object.entries(row)) {
+    if (value === void 0) continue;
+    if (allowed && !allowed.has(key)) continue;
+    columns.push({ column: key, value });
+  }
+  return columns;
+}
+function diffColumns(before, after, schema) {
+  const allowed = allowedSet(schema);
+  const allKeys = /* @__PURE__ */ new Set([...Object.keys(before), ...Object.keys(after)]);
+  const columns = [];
+  for (const key of allKeys) {
+    if (allowed && !allowed.has(key)) continue;
+    const beforeVal = before[key];
+    const afterVal = after[key];
+    if (afterVal === void 0) continue;
+    if (beforeVal === void 0) {
+      columns.push({ column: key, value: afterVal });
+      continue;
+    }
+    if (Object.is(beforeVal, afterVal)) continue;
+    if (typeof beforeVal === "object" && beforeVal !== null && typeof afterVal === "object" && afterVal !== null && equal(beforeVal, afterVal)) {
+      continue;
+    }
+    columns.push({ column: key, value: afterVal });
+  }
+  return columns;
+}
+async function generateDeltaId(params) {
+  const payload = stableStringify2({
+    clientId: params.clientId,
+    hlc: params.hlc.toString(),
+    table: params.table,
+    rowId: params.rowId,
+    columns: params.columns
+  });
+  const data = new TextEncoder().encode(payload);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const bytes = new Uint8Array(hashBuffer);
+  let hex = "";
+  for (const b of bytes) {
+    hex += b.toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+
+// ../core/src/delta/types.ts
+function rowKey(table, rowId) {
+  return `${table}:${rowId}`;
+}
+
+// ../core/src/json.ts
+function bigintReplacer(_key, value) {
+  return typeof value === "bigint" ? value.toString() : value;
+}
+function bigintReviver(key, value) {
+  if (typeof value === "string" && /hlc$/i.test(key)) {
+    try {
+      return BigInt(value);
+    } catch {
+      return value;
+    }
+  }
+  return value;
+}
+
+// ../core/src/sync-rules/defaults.ts
+function createPassAllRules() {
+  return {
+    version: 1,
+    buckets: [
+      {
+        name: "all",
+        tables: [],
+        filters: []
+      }
+    ]
+  };
+}
+function createUserScopedRules(tables, userColumn = "user_id") {
+  return {
+    version: 1,
+    buckets: [
+      {
+        name: "user",
+        tables,
+        filters: [
+          {
+            column: userColumn,
+            op: "eq",
+            value: "jwt:sub"
+          }
+        ]
+      }
+    ]
+  };
+}
+
+// ../core/src/sync-rules/errors.ts
+var SyncRuleError = class extends LakeSyncError {
+  constructor(message, cause) {
+    super(message, "SYNC_RULE_ERROR", cause);
+  }
+};
+
+// ../core/src/sync-rules/evaluator.ts
+function resolveFilterValue(value, claims) {
+  if (!value.startsWith("jwt:")) {
+    return [value];
+  }
+  const claimKey = value.slice(4);
+  const claimValue = claims[claimKey];
+  if (claimValue === void 0) {
+    return [];
+  }
+  return Array.isArray(claimValue) ? claimValue : [claimValue];
+}
+function deltaMatchesBucket(delta, bucket, claims) {
+  if (bucket.tables.length > 0 && !bucket.tables.includes(delta.table)) {
+    return false;
+  }
+  for (const filter of bucket.filters) {
+    if (!filterMatchesDelta(delta, filter, claims)) {
+      return false;
+    }
+  }
+  return true;
+}
+function compareValues(deltaValue, filterValue, op) {
+  const numDelta = parseFloat(deltaValue);
+  const numFilter = parseFloat(filterValue);
+  const useNumeric = !Number.isNaN(numDelta) && !Number.isNaN(numFilter);
+  if (useNumeric) {
+    switch (op) {
+      case "gt":
+        return numDelta > numFilter;
+      case "lt":
+        return numDelta < numFilter;
+      case "gte":
+        return numDelta >= numFilter;
+      case "lte":
+        return numDelta <= numFilter;
+    }
+  }
+  const cmp = deltaValue.localeCompare(filterValue);
+  switch (op) {
+    case "gt":
+      return cmp > 0;
+    case "lt":
+      return cmp < 0;
+    case "gte":
+      return cmp >= 0;
+    case "lte":
+      return cmp <= 0;
+  }
+}
+var FILTER_OPS = {
+  eq: (dv, rv) => rv.includes(dv),
+  in: (dv, rv) => rv.includes(dv),
+  neq: (dv, rv) => !rv.includes(dv),
+  gt: (dv, rv) => compareValues(dv, rv[0], "gt"),
+  lt: (dv, rv) => compareValues(dv, rv[0], "lt"),
+  gte: (dv, rv) => compareValues(dv, rv[0], "gte"),
+  lte: (dv, rv) => compareValues(dv, rv[0], "lte")
+};
+function filterMatchesDelta(delta, filter, claims) {
+  const col = delta.columns.find((c) => c.column === filter.column);
+  if (!col) {
+    return false;
+  }
+  const deltaValue = String(col.value);
+  const resolvedValues = resolveFilterValue(filter.value, claims);
+  if (resolvedValues.length === 0) {
+    return false;
+  }
+  return FILTER_OPS[filter.op]?.(deltaValue, resolvedValues) ?? false;
+}
+function filterDeltas(deltas, context) {
+  if (context.rules.buckets.length === 0) {
+    return deltas;
+  }
+  return deltas.filter(
+    (delta) => context.rules.buckets.some((bucket) => deltaMatchesBucket(delta, bucket, context.claims))
+  );
+}
+function resolveClientBuckets(rules, claims) {
+  return rules.buckets.filter((bucket) => {
+    for (const filter of bucket.filters) {
+      if (filter.value.startsWith("jwt:")) {
+        const resolved = resolveFilterValue(filter.value, claims);
+        if (resolved.length === 0) {
+          return false;
+        }
+      }
+    }
+    return true;
+  }).map((b) => b.name);
+}
+function validateSyncRules(config) {
+  if (typeof config !== "object" || config === null) {
+    return Err(new SyncRuleError("Sync rules config must be an object"));
+  }
+  const obj = config;
+  if (typeof obj.version !== "number" || !Number.isInteger(obj.version) || obj.version < 1) {
+    return Err(new SyncRuleError("Sync rules version must be a positive integer"));
+  }
+  if (!Array.isArray(obj.buckets)) {
+    return Err(new SyncRuleError("Sync rules buckets must be an array"));
+  }
+  const seenNames = /* @__PURE__ */ new Set();
+  for (let i = 0; i < obj.buckets.length; i++) {
+    const bucket = obj.buckets[i];
+    if (typeof bucket !== "object" || bucket === null) {
+      return Err(new SyncRuleError(`Bucket at index ${i} must be an object`));
+    }
+    if (typeof bucket.name !== "string" || bucket.name.length === 0) {
+      return Err(new SyncRuleError(`Bucket at index ${i} must have a non-empty name`));
+    }
+    if (seenNames.has(bucket.name)) {
+      return Err(new SyncRuleError(`Duplicate bucket name: "${bucket.name}"`));
+    }
+    seenNames.add(bucket.name);
+    if (!Array.isArray(bucket.tables)) {
+      return Err(new SyncRuleError(`Bucket "${bucket.name}" tables must be an array`));
+    }
+    for (const table of bucket.tables) {
+      if (typeof table !== "string" || table.length === 0) {
+        return Err(
+          new SyncRuleError(`Bucket "${bucket.name}" tables must contain non-empty strings`)
+        );
+      }
+    }
+    if (!Array.isArray(bucket.filters)) {
+      return Err(new SyncRuleError(`Bucket "${bucket.name}" filters must be an array`));
+    }
+    for (let j = 0; j < bucket.filters.length; j++) {
+      const filter = bucket.filters[j];
+      if (typeof filter !== "object" || filter === null) {
+        return Err(
+          new SyncRuleError(`Bucket "${bucket.name}" filter at index ${j} must be an object`)
+        );
+      }
+      if (typeof filter.column !== "string" || filter.column.length === 0) {
+        return Err(
+          new SyncRuleError(
+            `Bucket "${bucket.name}" filter at index ${j} must have a non-empty column`
+          )
+        );
+      }
+      const validOps = ["eq", "in", "neq", "gt", "lt", "gte", "lte"];
+      if (!validOps.includes(filter.op)) {
+        return Err(
+          new SyncRuleError(
+            `Bucket "${bucket.name}" filter at index ${j} op must be one of: ${validOps.join(", ")}`
+          )
+        );
+      }
+      if (typeof filter.value !== "string" || filter.value.length === 0) {
+        return Err(
+          new SyncRuleError(
+            `Bucket "${bucket.name}" filter at index ${j} must have a non-empty value`
+          )
+        );
+      }
+    }
+  }
+  return Ok(void 0);
+}
+
+// ../core/src/validation/identifier.ts
+var IDENTIFIER_RE = /^[a-zA-Z_][a-zA-Z0-9_]{0,63}$/;
+function isValidIdentifier(name) {
+  return IDENTIFIER_RE.test(name);
+}
+function assertValidIdentifier(name) {
+  if (isValidIdentifier(name)) {
+    return Ok(void 0);
+  }
+  return Err(
+    new SchemaError(
+      `Invalid SQL identifier: "${name}". Identifiers must start with a letter or underscore, contain only alphanumeric characters and underscores, and be at most 64 characters long.`
+    )
+  );
+}
+function quoteIdentifier(name) {
+  return `"${name.replace(/"/g, '""')}"`;
+}
+
+export {
+  LakeSyncError,
+  ClockDriftError,
+  ConflictError,
+  FlushError,
+  SchemaError,
+  AdapterError,
+  AdapterNotFoundError,
+  BackpressureError,
+  toError,
+  ActionExecutionError,
+  ActionNotSupportedError,
+  ActionValidationError,
+  generateActionId,
+  isActionError,
+  Ok,
+  Err,
+  mapResult,
+  flatMapResult,
+  unwrapOrThrow,
+  fromPromise,
+  validateAction,
+  AuthError,
+  verifyToken,
+  HLC,
+  isIngestTarget,
+  BaseSourcePoller,
+  LWWResolver,
+  resolveLWW,
+  isActionHandler,
+  ConnectorValidationError,
+  CONNECTOR_TYPES,
+  validateConnectorConfig,
+  applyDelta,
+  extractDelta,
+  rowKey,
+  bigintReplacer,
+  bigintReviver,
+  createPassAllRules,
+  createUserScopedRules,
+  SyncRuleError,
+  resolveFilterValue,
+  deltaMatchesBucket,
+  filterDeltas,
+  resolveClientBuckets,
+  validateSyncRules,
+  isValidIdentifier,
+  assertValidIdentifier,
+  quoteIdentifier
+};
+//# sourceMappingURL=chunk-ICNT7I3K.js.map