sh3-core 0.8.0 → 0.8.1

package/dist/api.d.ts

@@ -17,9 +17,10 @@ export { listRegisteredApps, getActiveApp } from './apps/registry.svelte';
 export { launchApp, returnToHome, unregisterApp } from './apps/lifecycle';
 export { inspectActiveLayout, spliceIntoActiveLayout, dockIntoActiveLayout, focusTab, focusView, collapseChild, expandChild, closeTab, } from './layout/inspection';
 export type { DocumentHandle, DocumentHandleOptions, DocumentFormat, DocumentMeta, DocumentChange, AutosaveController, } from './documents/types';
+export { PERMISSION_DOCUMENTS_BROWSE } from './documents/types';
+export type { BrowseCapability } from './documents/browse';
 export type { SyncHandle, SyncScope, ManifestEntry, ApplyEntry, ApplyOpts, ApplyOutcome, ApplyBatchResult, ConflictPolicy, ConflictResolution, ConflictContext, JournalEntry, ChangePage, GrantRecord, } from './documents/sync/types';
 export { PERMISSION_DOCUMENTS_SYNC, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './documents/sync/types';
-export { createSyncRegistry } from './documents/sync/registry';
 export type { SyncRegistry } from './documents/sync/registry';
 export { default as SyncGrantPicker } from './documents/sync/components/SyncGrantPicker.svelte';
 export { default as DocumentSyncExplorer } from './documents/sync/components/DocumentSyncExplorer.svelte';

package/dist/api.js

@@ -29,8 +29,8 @@ export { listRegisteredApps, getActiveApp } from './apps/registry.svelte';
 export { launchApp, returnToHome, unregisterApp } from './apps/lifecycle';
 // Layout inspection / mutation for advanced shards (diagnostic, etc.).
 export { inspectActiveLayout, spliceIntoActiveLayout, dockIntoActiveLayout, focusTab, focusView, collapseChild, expandChild, closeTab, } from './layout/inspection';
+export { PERMISSION_DOCUMENTS_BROWSE } from './documents/types';
 export { PERMISSION_DOCUMENTS_SYNC, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './documents/sync/types';
-export { createSyncRegistry } from './documents/sync/registry';
 export { default as SyncGrantPicker } from './documents/sync/components/SyncGrantPicker.svelte';
 export { default as DocumentSyncExplorer } from './documents/sync/components/DocumentSyncExplorer.svelte';
 // Shard introspection — read-only reactive maps exposing which shards are

package/dist/app/admin/SystemView.svelte

@@ -1,12 +1,38 @@
 <script lang="ts">
   /**
-   * Admin System view — server status and restart.
+   * Admin System view — server status, restart, and package-bundle cache policy.
    */
 
+  const SNAP_POINTS: Array<{ value: number; label: string }> = [
+    { value: 0, label: 'Off (no-store)' },
+    { value: 5, label: '5s (dev)' },
+    { value: 60, label: '1 min' },
+    { value: 3600, label: '1 hour' },
+    { value: 86400, label: '1 day' },
+    { value: 31536000, label: '1 year' },
+  ];
+
   let version = $state('...');
   let restarting = $state(false);
   let restartError = $state<string | null>(null);
 
+  let cacheMaxAge = $state(31536000);
+  let loadedMaxAge = $state(31536000);
+  let savingCache = $state(false);
+  let cacheError = $state<string | null>(null);
+
+  const dirty = $derived(cacheMaxAge !== loadedMaxAge);
+  const humanized = $derived(humanize(cacheMaxAge));
+
+  function humanize(sec: number): string {
+    if (sec === 0) return '0 seconds (off — browsers never cache)';
+    if (sec < 60) return `${sec} seconds`;
+    if (sec < 3600) return `${Math.round(sec / 60)} minutes`;
+    if (sec < 86400) return `${Math.round(sec / 3600)} hours`;
+    if (sec < 31536000) return `${Math.round(sec / 86400)} days`;
+    return `${Math.round(sec / 31536000)} years`;
+  }
+
   async function fetchVersion() {
     try {
       const res = await fetch('/api/version');
@@ -17,6 +43,43 @@
     } catch { /* ignore */ }
   }
 
+  async function fetchSettings() {
+    try {
+      const res = await fetch('/api/admin/settings', { credentials: 'include' });
+      if (res.ok) {
+        const body = await res.json();
+        const age = body.packages?.cacheMaxAge ?? 31536000;
+        cacheMaxAge = age;
+        loadedMaxAge = age;
+      }
+    } catch { /* ignore */ }
+  }
+
+  async function saveCache() {
+    savingCache = true;
+    cacheError = null;
+    try {
+      const res = await fetch('/api/admin/settings', {
+        method: 'PUT',
+        credentials: 'include',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ packages: { cacheMaxAge } }),
+      });
+      if (!res.ok) {
+        const body = await res.json().catch(() => ({}));
+        cacheError = body.error || 'Save failed';
+      } else {
+        const body = await res.json();
+        loadedMaxAge = body.packages?.cacheMaxAge ?? cacheMaxAge;
+        cacheMaxAge = loadedMaxAge;
+      }
+    } catch {
+      cacheError = 'Network error';
+    } finally {
+      savingCache = false;
+    }
+  }
+
   async function restart() {
     restarting = true;
     restartError = null;
@@ -38,6 +101,7 @@
   }
 
   fetchVersion();
+  fetchSettings();
 </script>
 
 <div class="admin-system">
@@ -50,24 +114,98 @@
     </div>
   </div>
 
-  <div class="admin-system-actions">
-    <button type="button" class="admin-btn-danger" onclick={restart} disabled={restarting}>
-      {restarting ? 'Restarting...' : 'Restart server'}
-    </button>
-    {#if restartError}
-      <div class="admin-error">{restartError}</div>
-    {/if}
-  </div>
+  <section class="admin-system-section">
+    <h3>Package bundle cache</h3>
+    <p class="admin-system-hint">
+      Controls the <code>Cache-Control</code> header on <code>/packages/:id/client.js</code>.
+      Set to <strong>0</strong> during development so drop-in bundle replacements take effect on F5.
+      Use a long value in production.
+    </p>
+
+    <input
+      type="range"
+      min="0"
+      max="31536000"
+      step="1"
+      bind:value={cacheMaxAge}
+      disabled={savingCache}
+    />
+    <div class="admin-system-readout">
+      <code>{cacheMaxAge}</code> — {humanized}
+    </div>
+
+    <div class="admin-system-snaps">
+      {#each SNAP_POINTS as snap (snap.value)}
+        <button
+          type="button"
+          class="admin-snap"
+          class:active={cacheMaxAge === snap.value}
+          onclick={() => (cacheMaxAge = snap.value)}
+          disabled={savingCache}
+        >
+          {snap.label}
+        </button>
+      {/each}
+    </div>
+
+    <div class="admin-system-actions">
+      <button
+        type="button"
+        class="admin-btn"
+        onclick={saveCache}
+        disabled={!dirty || savingCache}
+      >
+        {savingCache ? 'Saving...' : 'Save'}
+      </button>
+      <button
+        type="button"
+        class="admin-btn-ghost"
+        onclick={() => (cacheMaxAge = loadedMaxAge)}
+        disabled={!dirty || savingCache}
+      >
+        Reset
+      </button>
+      {#if cacheError}
+        <div class="admin-error">{cacheError}</div>
+      {/if}
+    </div>
+  </section>
+
+  <section class="admin-system-section">
+    <h3>Server control</h3>
+    <div class="admin-system-actions">
+      <button type="button" class="admin-btn-danger" onclick={restart} disabled={restarting}>
+        {restarting ? 'Restarting...' : 'Restart server'}
+      </button>
+      {#if restartError}
+        <div class="admin-error">{restartError}</div>
+      {/if}
+    </div>
+  </section>
 </div>
 
 <style>
   .admin-system { padding: 24px; font-family: system-ui, sans-serif; color: var(--shell-fg); }
   .admin-system h2 { margin: 0 0 16px; font-size: 18px; }
+  .admin-system h3 { margin: 0 0 8px; font-size: 14px; text-transform: uppercase; letter-spacing: 0.05em; color: var(--shell-fg-subtle); }
   .admin-system-info { margin-bottom: 24px; }
   .admin-system-row { display: flex; gap: 12px; padding: 8px 0; border-bottom: 1px solid var(--shell-border, #3a3a5c); font-size: 13px; }
   .admin-system-label { color: var(--shell-fg-subtle); min-width: 140px; }
-  .admin-system-actions { display: flex; flex-direction: column; gap: 8px; align-items: flex-start; }
-  .admin-btn-danger { padding: 8px 16px; background: transparent; color: var(--shell-error, #d32f2f); border: 1px solid var(--shell-error, #d32f2f); font-weight: 600; }
+  .admin-system-section { margin-bottom: 24px; padding-bottom: 16px; border-bottom: 1px solid var(--shell-border, #3a3a5c); }
+  .admin-system-section:last-child { border-bottom: none; }
+  .admin-system-hint { font-size: 13px; color: var(--shell-fg-subtle); margin: 0 0 12px; }
+  .admin-system-readout { font-size: 13px; margin: 8px 0 12px; }
+  .admin-system-snaps { display: flex; flex-wrap: wrap; gap: 6px; margin-bottom: 12px; }
+  .admin-snap { padding: 4px 10px; font-size: 12px; background: transparent; border: 1px solid var(--shell-border, #3a3a5c); color: var(--shell-fg); cursor: pointer; border-radius: var(--shell-radius-sm, 3px); }
+  .admin-snap.active { background: var(--shell-accent, #4a7bd4); color: var(--shell-bg); border-color: var(--shell-accent, #4a7bd4); }
+  .admin-snap:disabled { opacity: 0.5; cursor: not-allowed; }
+  .admin-system-actions { display: flex; flex-direction: row; gap: 8px; align-items: center; flex-wrap: wrap; }
+  .admin-btn { padding: 8px 16px; background: var(--shell-accent, #4a7bd4); color: var(--shell-bg); border: 1px solid var(--shell-accent, #4a7bd4); font-weight: 600; cursor: pointer; border-radius: var(--shell-radius-sm, 3px); }
+  .admin-btn:disabled { opacity: 0.5; cursor: not-allowed; }
+  .admin-btn-ghost { padding: 8px 16px; background: transparent; color: var(--shell-fg); border: 1px solid var(--shell-border, #3a3a5c); cursor: pointer; border-radius: var(--shell-radius-sm, 3px); }
+  .admin-btn-ghost:disabled { opacity: 0.5; cursor: not-allowed; }
+  .admin-btn-danger { padding: 8px 16px; background: transparent; color: var(--shell-error, #d32f2f); border: 1px solid var(--shell-error, #d32f2f); font-weight: 600; cursor: pointer; border-radius: var(--shell-radius-sm, 3px); }
   .admin-btn-danger:disabled { opacity: 0.6; cursor: not-allowed; }
   .admin-error { color: var(--shell-error, #d32f2f); font-size: 13px; }
+  input[type="range"] { width: 100%; max-width: 480px; }
 </style>

package/dist/documents/backends.d.ts

@@ -6,6 +6,10 @@ export declare class MemoryDocumentBackend implements DocumentBackend {
     delete(tenantId: string, shardId: string, path: string): Promise<void>;
     list(tenantId: string, shardId: string): Promise<DocumentMeta[]>;
     exists(tenantId: string, shardId: string, path: string): Promise<boolean>;
+    listAllShards(tenantId: string): Promise<string[]>;
+    listAllDocuments(tenantId: string): Promise<Array<DocumentMeta & {
+        shardId: string;
+    }>>;
 }
 export declare class IndexedDBDocumentBackend implements DocumentBackend {
     #private;
@@ -14,4 +18,8 @@ export declare class IndexedDBDocumentBackend implements DocumentBackend {
     delete(tenantId: string, shardId: string, path: string): Promise<void>;
     list(tenantId: string, shardId: string): Promise<DocumentMeta[]>;
     exists(tenantId: string, shardId: string, path: string): Promise<boolean>;
+    listAllShards(tenantId: string): Promise<string[]>;
+    listAllDocuments(tenantId: string): Promise<Array<DocumentMeta & {
+        shardId: string;
+    }>>;
 }

package/dist/documents/backends.js

@@ -62,6 +62,36 @@ export class MemoryDocumentBackend {
     async exists(tenantId, shardId, path) {
         return __classPrivateFieldGet(this, _MemoryDocumentBackend_store, "f").has(compositeKey(tenantId, shardId, path));
     }
+    async listAllShards(tenantId) {
+        const prefix = `${tenantId}/`;
+        const shards = new Set();
+        for (const key of __classPrivateFieldGet(this, _MemoryDocumentBackend_store, "f").keys()) {
+            if (!key.startsWith(prefix))
+                continue;
+            const rest = key.slice(prefix.length);
+            const slash = rest.indexOf('/');
+            if (slash < 0)
+                continue;
+            shards.add(rest.slice(0, slash));
+        }
+        return [...shards];
+    }
+    async listAllDocuments(tenantId) {
+        const prefix = `${tenantId}/`;
+        const out = [];
+        for (const [key, entry] of __classPrivateFieldGet(this, _MemoryDocumentBackend_store, "f")) {
+            if (!key.startsWith(prefix))
+                continue;
+            const rest = key.slice(prefix.length);
+            const slash = rest.indexOf('/');
+            if (slash < 0)
+                continue;
+            const shardId = rest.slice(0, slash);
+            const path = rest.slice(slash + 1);
+            out.push({ shardId, path, size: entry.size, lastModified: entry.lastModified });
+        }
+        return out;
+    }
 }
 _MemoryDocumentBackend_store = new WeakMap();
 // ---------------------------------------------------------------------------
@@ -126,6 +156,63 @@ export class IndexedDBDocumentBackend {
         const result = await __classPrivateFieldGet(this, _IndexedDBDocumentBackend_instances, "m", _IndexedDBDocumentBackend_tx).call(this, 'readonly', (s) => s.getKey(key));
         return result !== undefined;
     }
+    async listAllShards(tenantId) {
+        const prefix = `${tenantId}/`;
+        const db = await __classPrivateFieldGet(this, _IndexedDBDocumentBackend_instances, "m", _IndexedDBDocumentBackend_db).call(this);
+        return new Promise((resolve, reject) => {
+            const tx = db.transaction(IDB_STORE, 'readonly');
+            const store = tx.objectStore(IDB_STORE);
+            const range = IDBKeyRange.bound(prefix, prefix + '\uffff', false, false);
+            const req = store.openKeyCursor(range);
+            const shards = new Set();
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor) {
+                    const rest = cursor.key.slice(prefix.length);
+                    const slash = rest.indexOf('/');
+                    if (slash >= 0)
+                        shards.add(rest.slice(0, slash));
+                    cursor.continue();
+                }
+                else {
+                    resolve([...shards]);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
+    async listAllDocuments(tenantId) {
+        const prefix = `${tenantId}/`;
+        const db = await __classPrivateFieldGet(this, _IndexedDBDocumentBackend_instances, "m", _IndexedDBDocumentBackend_db).call(this);
+        return new Promise((resolve, reject) => {
+            const tx = db.transaction(IDB_STORE, 'readonly');
+            const store = tx.objectStore(IDB_STORE);
+            const range = IDBKeyRange.bound(prefix, prefix + '\uffff', false, false);
+            const req = store.openCursor(range);
+            const out = [];
+            req.onsuccess = () => {
+                const cursor = req.result;
+                if (cursor) {
+                    const rest = cursor.key.slice(prefix.length);
+                    const slash = rest.indexOf('/');
+                    if (slash >= 0) {
+                        const entry = cursor.value;
+                        out.push({
+                            shardId: rest.slice(0, slash),
+                            path: rest.slice(slash + 1),
+                            size: entry.size,
+                            lastModified: entry.lastModified,
+                        });
+                    }
+                    cursor.continue();
+                }
+                else {
+                    resolve(out);
+                }
+            };
+            req.onerror = () => reject(req.error);
+        });
+    }
 }
 _IndexedDBDocumentBackend_dbPromise = new WeakMap(), _IndexedDBDocumentBackend_instances = new WeakSet(), _IndexedDBDocumentBackend_db = function _IndexedDBDocumentBackend_db() {
     if (!__classPrivateFieldGet(this, _IndexedDBDocumentBackend_dbPromise, "f")) {

package/dist/documents/backends.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/documents/backends.test.js

@@ -0,0 +1,33 @@
+import { describe, it, expect } from 'vitest';
+import { MemoryDocumentBackend } from './backends';
+describe('DocumentBackend tenant-wide primitives', () => {
+    it('listAllShards returns every shard that has content for a tenant', async () => {
+        const be = new MemoryDocumentBackend();
+        await be.write('t1', 'shard-a', 'x.txt', 'a');
+        await be.write('t1', 'shard-b', 'y.txt', 'b');
+        await be.write('t1', 'shard-b', 'nested/z.txt', 'bb');
+        await be.write('t2', 'shard-c', 'z.txt', 'c');
+        const shards = await be.listAllShards('t1');
+        expect(shards.sort()).toEqual(['shard-a', 'shard-b']);
+        const other = await be.listAllShards('t2');
+        expect(other).toEqual(['shard-c']);
+    });
+    it('listAllDocuments returns docs with shardId attached across the tenant', async () => {
+        const be = new MemoryDocumentBackend();
+        await be.write('t1', 'shard-a', 'x.txt', 'a');
+        await be.write('t1', 'shard-b', 'nested/y.txt', 'bb');
+        await be.write('t2', 'shard-c', 'z.txt', 'c');
+        const docs = await be.listAllDocuments('t1');
+        expect(docs).toHaveLength(2);
+        expect(docs.map((d) => `${d.shardId}/${d.path}`).sort()).toEqual([
+            'shard-a/x.txt',
+            'shard-b/nested/y.txt',
+        ]);
+    });
+    it('listAllDocuments returns an empty array for an unknown tenant', async () => {
+        const be = new MemoryDocumentBackend();
+        await be.write('t1', 'shard-a', 'x.txt', 'a');
+        expect(await be.listAllDocuments('ghost')).toEqual([]);
+        expect(await be.listAllShards('ghost')).toEqual([]);
+    });
+});

package/dist/documents/browse.d.ts

@@ -0,0 +1,12 @@
+import type { DocumentBackend, DocumentChange, DocumentMeta } from './types';
+export interface BrowseCapability {
+    /** Every document in the tenant across all shards, each tagged with its owning shardId. */
+    listDocuments(): Promise<Array<DocumentMeta & {
+        shardId: string;
+    }>>;
+    /** Subscribe to tenant-wide document changes. Returns an unsubscribe. */
+    watchDocuments(callback: (change: DocumentChange) => void): () => void;
+    /** Enumerate shard ids with at least one document in the tenant. */
+    listShards(): Promise<string[]>;
+}
+export declare function createBrowseCapability(tenantId: string, backend: DocumentBackend): BrowseCapability;

package/dist/documents/browse.js

@@ -0,0 +1,19 @@
+/*
+ * BrowseCapability — tenant-wide document observation surface.
+ *
+ * Exposed on ShardContext as `ctx.browse` when the shard declares the
+ * 'documents:browse' permission. Read-only: writes still flow through
+ * the owning shard's own ctx.documents() handle.
+ */
+import { documentChanges } from './notifications';
+export function createBrowseCapability(tenantId, backend) {
+    return {
+        listDocuments: () => backend.listAllDocuments(tenantId),
+        listShards: () => backend.listAllShards(tenantId),
+        watchDocuments: (callback) => documentChanges.subscribe((change) => {
+            if (change.tenantId !== tenantId)
+                return;
+            callback(change);
+        }),
+    };
+}

package/dist/documents/browse.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/documents/browse.test.js

@@ -0,0 +1,41 @@
+import { describe, it, expect, vi } from 'vitest';
+import { MemoryDocumentBackend } from './backends';
+import { createBrowseCapability } from './browse';
+import { documentChanges } from './notifications';
+describe('BrowseCapability', () => {
+    it('lists documents tenant-wide with shardId attached', async () => {
+        const be = new MemoryDocumentBackend();
+        await be.write('t1', 'a', 'x.txt', '1');
+        await be.write('t1', 'b', 'y.txt', '22');
+        const browse = createBrowseCapability('t1', be);
+        const docs = await browse.listDocuments();
+        expect(docs.map((d) => d.shardId).sort()).toEqual(['a', 'b']);
+    });
+    it('listShards enumerates tenant shards', async () => {
+        const be = new MemoryDocumentBackend();
+        await be.write('t1', 'a', 'x.txt', '1');
+        await be.write('t1', 'b', 'y.txt', '2');
+        const browse = createBrowseCapability('t1', be);
+        expect((await browse.listShards()).sort()).toEqual(['a', 'b']);
+    });
+    it('watchDocuments fires with shardId on tenant-wide emits; filters other tenants', () => {
+        const be = new MemoryDocumentBackend();
+        const browse = createBrowseCapability('t1', be);
+        const cb = vi.fn();
+        const unsub = browse.watchDocuments(cb);
+        documentChanges.emit({ type: 'create', path: 'f.txt', tenantId: 't1', shardId: 's1' });
+        documentChanges.emit({ type: 'create', path: 'g.txt', tenantId: 't2', shardId: 's2' });
+        expect(cb).toHaveBeenCalledTimes(1);
+        expect(cb).toHaveBeenCalledWith(expect.objectContaining({ shardId: 's1', path: 'f.txt', tenantId: 't1' }));
+        unsub();
+    });
+    it('watchDocuments unsubscribe stops callbacks', () => {
+        const be = new MemoryDocumentBackend();
+        const browse = createBrowseCapability('t1', be);
+        const cb = vi.fn();
+        const unsub = browse.watchDocuments(cb);
+        unsub();
+        documentChanges.emit({ type: 'create', path: 'f.txt', tenantId: 't1', shardId: 's1' });
+        expect(cb).not.toHaveBeenCalled();
+    });
+});

package/dist/documents/http-backend.d.ts

@@ -19,4 +19,8 @@ export declare class HttpDocumentBackend implements DocumentBackend {
     delete(tenantId: string, shardId: string, path: string): Promise<void>;
     list(tenantId: string, shardId: string): Promise<DocumentMeta[]>;
     exists(tenantId: string, shardId: string, path: string): Promise<boolean>;
+    listAllShards(tenantId: string): Promise<string[]>;
+    listAllDocuments(tenantId: string): Promise<Array<DocumentMeta & {
+        shardId: string;
+    }>>;
 }

package/dist/documents/http-backend.js

@@ -70,6 +70,20 @@ export class HttpDocumentBackend {
         const res = await fetch(url, { method: 'HEAD' });
         return res.ok;
     }
+    async listAllShards(tenantId) {
+        const url = `${__classPrivateFieldGet(this, _HttpDocumentBackend_baseUrl, "f")}/api/docs/${tenantId}/_shards`;
+        const res = await fetch(url);
+        if (!res.ok)
+            throw new Error(`listAllShards failed: ${res.status}`);
+        return res.json();
+    }
+    async listAllDocuments(tenantId) {
+        const url = `${__classPrivateFieldGet(this, _HttpDocumentBackend_baseUrl, "f")}/api/docs/${tenantId}/_all`;
+        const res = await fetch(url);
+        if (!res.ok)
+            throw new Error(`listAllDocuments failed: ${res.status}`);
+        return res.json();
+    }
 }
 _HttpDocumentBackend_baseUrl = new WeakMap(), _HttpDocumentBackend_apiKey = new WeakMap(), _HttpDocumentBackend_instances = new WeakSet(), _HttpDocumentBackend_authHeaders = function _HttpDocumentBackend_authHeaders() {
     if (!__classPrivateFieldGet(this, _HttpDocumentBackend_apiKey, "f"))

package/dist/documents/sync/index.d.ts

@@ -1,6 +1,5 @@
 export type { SyncScope, SyncHandle, ManifestEntry, ApplyEntry, ApplyOpts, ApplyOutcome, ApplyBatchResult, ConflictPolicy, ConflictResolution, ConflictContext, JournalEntry, ChangePage, GrantRecord, } from './types';
 export { PERMISSION_DOCUMENTS_SYNC, SYNC_RESERVED_SHARD_ID, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './types';
-export { createSyncRegistry, type SyncRegistry } from './registry';
-export { getSyncBundle } from './singleton';
+export type { SyncRegistry } from './registry';
 export { default as SyncGrantPicker } from './components/SyncGrantPicker.svelte';
 export { default as DocumentSyncExplorer } from './components/DocumentSyncExplorer.svelte';

package/dist/documents/sync/index.js

@@ -6,7 +6,5 @@
  * it is imported directly by SyncGrantPicker.svelte only.
  */
 export { PERMISSION_DOCUMENTS_SYNC, SYNC_RESERVED_SHARD_ID, ScopeNotGrantedError, ScopeRevokedError, TenantMismatchError, } from './types';
-export { createSyncRegistry } from './registry';
-export { getSyncBundle } from './singleton';
 export { default as SyncGrantPicker } from './components/SyncGrantPicker.svelte';
 export { default as DocumentSyncExplorer } from './components/DocumentSyncExplorer.svelte';

package/dist/documents/sync/observer.d.ts

@@ -0,0 +1,3 @@
+import type { DocumentBackend } from '../types';
+import type { SyncRegistry } from './registry';
+export declare function createSyncRegistryAccessor(backend: DocumentBackend, tenantId: string): () => SyncRegistry;

package/dist/documents/sync/observer.js

@@ -0,0 +1,45 @@
+/*
+ * Observer factory for ctx.syncRegistry.
+ *
+ * Returns a lazy accessor that resolves to the same SyncRegistry instance
+ * backed by the per-tenant sync bundle. Observer-class shards (e.g. the
+ * file-explorer) and connector shards share one view of grants and
+ * conflicts.
+ *
+ * Gated upstream on the 'documents:browse' permission — granting remains
+ * exclusive to <SyncGrantPicker />.
+ */
+import { getSyncBundle } from './singleton';
+export function createSyncRegistryAccessor(backend, tenantId) {
+    let cached = null;
+    let initPromise = null;
+    function resolve() {
+        if (cached)
+            return Promise.resolve(cached);
+        if (!initPromise) {
+            initPromise = getSyncBundle(backend, tenantId).then(({ registry }) => {
+                cached = registry;
+                return registry;
+            });
+        }
+        return initPromise;
+    }
+    return () => {
+        const proxy = {
+            async list(connectorId) {
+                return (await resolve()).list(connectorId);
+            },
+            async revoke(connectorId, scope) {
+                return (await resolve()).revoke(connectorId, scope);
+            },
+            listConflicts: (async (shardId) => {
+                const r = await resolve();
+                return shardId === undefined ? r.listConflicts() : r.listConflicts(shardId);
+            }),
+            async listAllConnectorIds() {
+                return (await resolve()).listAllConnectorIds();
+            },
+        };
+        return proxy;
+    };
+}

package/dist/documents/sync/registry.d.ts

@@ -4,7 +4,10 @@ export declare function __grantInternal(backend: DocumentBackend, tenantId: stri
 export interface SyncRegistry {
     list(connectorId?: string): Promise<GrantRecord[]>;
     revoke(connectorId: string, scope: SyncScope): Promise<void>;
+    /** Per-shard conflict enumeration. */
     listConflicts(shardId: string): Promise<ConflictResolution[]>;
+    /** Tenant-wide conflict enumeration (fans out over every shard). */
+    listConflicts(): Promise<ConflictResolution[]>;
     listAllConnectorIds(): Promise<string[]>;
 }
 export declare function createSyncRegistry(backend: DocumentBackend, tenantId: string): SyncRegistry;

package/dist/documents/sync/registry.js

@@ -56,7 +56,14 @@ export function createSyncRegistry(backend, tenantId) {
                 await writeJson(backend, tenantId, grantPath(connectorId), next);
         },
         async listConflicts(shardId) {
-            return conflicts.listConflicts(shardId);
+            if (shardId !== undefined)
+                return conflicts.listConflicts(shardId);
+            const shards = await backend.listAllShards(tenantId);
+            const out = [];
+            for (const s of shards) {
+                out.push(...(await conflicts.listConflicts(s)));
+            }
+            return out;
         },
         async listAllConnectorIds() {
             const paths = await listJsonPaths(backend, tenantId, GRANTS_PREFIX);

package/dist/documents/sync/registry.test.js

@@ -39,4 +39,15 @@ describe('syncRegistry', () => {
         await __grantInternal(backend, 'tenant-a', 'conn-A', { kind: 'tenant' });
         expect((await reg.list('conn-A')).length).toBe(1);
     });
+    it('listConflicts() with no args returns conflicts across all shards', async () => {
+        var _a, _b;
+        // Seed conflict artifacts directly via the backend (matches
+        // ConflictManager's artifact naming).
+        await backend.write('tenant-a', 'shard-a', 'doc.md.sync-conflict-connA-111', 'remote-a');
+        await backend.write('tenant-a', 'shard-b', 'other.md.sync-conflict-connB-222', 'remote-b');
+        const all = await reg.listConflicts();
+        expect(all.map((c) => c.shardId).sort()).toEqual(['shard-a', 'shard-b']);
+        expect((_a = all.find((c) => c.shardId === 'shard-a')) === null || _a === void 0 ? void 0 : _a.path).toBe('doc.md');
+        expect((_b = all.find((c) => c.shardId === 'shard-b')) === null || _b === void 0 ? void 0 : _b.path).toBe('other.md');
+    });
 });

package/dist/documents/types.d.ts

@@ -1,3 +1,9 @@
+/**
+ * Manifest permission string: grants tenant-wide document observation
+ * (`ctx.browse`) and sync registry visibility (`ctx.syncRegistry`).
+ * Read-only; writes still flow through the shard's own `ctx.documents()`.
+ */
+export declare const PERMISSION_DOCUMENTS_BROWSE = "documents:browse";
 /**
  * Format hint for document content. Determines whether reads return a string
  * (`text`) or an `ArrayBuffer` (`binary`).
@@ -50,6 +56,18 @@ export interface DocumentBackend {
     list(tenantId: string, shardId: string): Promise<DocumentMeta[]>;
     /** Return true if the document at `path` exists. */
     exists(tenantId: string, shardId: string, path: string): Promise<boolean>;
+    /**
+     * List every shard id that currently has at least one document stored
+     * for this tenant. Tenant-wide observation primitive.
+     */
+    listAllShards(tenantId: string): Promise<string[]>;
+    /**
+     * List every document in the tenant across all shards. Each entry
+     * carries the owning `shardId`. Tenant-wide observation primitive.
+     */
+    listAllDocuments(tenantId: string): Promise<Array<DocumentMeta & {
+        shardId: string;
+    }>>;
 }
 /**
  * Shard-facing document handle returned by `ctx.documents()`. Binds

package/dist/documents/types.js

@@ -9,4 +9,9 @@
  * The document zone is a parallel subsystem — it does not extend
  * ZoneName or ZoneSchema. Shards access it via `ctx.documents()`.
  */
-export {};
+/**
+ * Manifest permission string: grants tenant-wide document observation
+ * (`ctx.browse`) and sync registry visibility (`ctx.syncRegistry`).
+ * Read-only; writes still flow through the shard's own `ctx.documents()`.
+ */
+export const PERMISSION_DOCUMENTS_BROWSE = 'documents:browse';