web3ql-client 1.2.0

package/dist/src/constraints.js

@@ -0,0 +1,192 @@
+/**
+ * @file   constraints.ts
+ * @notice Web3QL v1.2 — integrity constraint engine.
+ *
+ * Constraints live in the SDK layer (off-chain) with the following guarantees:
+ *
+ *   • PRIMARY KEY uniqueness  — contract enforces at write (requires exists() pre-check)
+ *   • UNIQUE                  — SDK maintains an in-memory seen-values set per column
+ *   • DEFAULT / NOT NULL      — enforced by types.ts validateAndEncode()
+ *   • CHECK                   — per-column validation function
+ *   • FOREIGN KEY             — SDK reads target table at write time
+ *   • AUTO_INCREMENT          — SDK-maintained counter (persisted in a meta record)
+ *   • ON DELETE CASCADE       — SDK fetches referencing records and deletes them
+ *
+ * None of these require contract changes for CHECK/UNIQUE (client-side enforcement).
+ * PK uniqueness IS enforced at the contract level via `recordExists`.
+ *
+ * Usage:
+ * ─────────────────────────────────────────────────────────────
+ *   const constraints = new ConstraintEngine([
+ *     { type: 'unique',  column: 'email' },
+ *     { type: 'check',   column: 'age',   check: (v) => Number(v) >= 0 },
+ *     { type: 'fk',      column: 'userId', references: { table: userTable, column: 'id' } },
+ *   ]);
+ *
+ *   // Before writing:
+ *   await constraints.validate(row, existingRows);
+ *
+ *   // Get next AUTO_INCREMENT id:
+ *   const nextId = await constraints.nextId(tableAddress, client);
+ * ─────────────────────────────────────────────────────────────
+ */
+// ─────────────────────────────────────────────────────────────
+//  Constraint violation error
+// ─────────────────────────────────────────────────────────────
+export class ConstraintViolation extends Error {
+    constraintType;
+    column;
+    constructor(constraintType, column, message) {
+        super(message);
+        this.constraintType = constraintType;
+        this.column = column;
+        this.name = 'ConstraintViolation';
+    }
+}
+// ─────────────────────────────────────────────────────────────
+//  ConstraintEngine
+// ─────────────────────────────────────────────────────────────
+export class ConstraintEngine {
+    constraints;
+    constructor(constraints = []) {
+        this.constraints = constraints;
+    }
+    /**
+     * Validate a new/updated row against all constraints.
+     *
+     * @param row          The row being written (fully encoded, post validateAndEncode).
+     * @param existingRows Already-decoded rows from the same table (for UNIQUE checks).
+     *                     Pass an empty array if fetching is not possible.
+     */
+    async validate(row, existingRows = []) {
+        for (const c of this.constraints) {
+            switch (c.type) {
+                case 'notNull':
+                    this._checkNotNull(c, row);
+                    break;
+                case 'unique':
+                    this._checkUnique(c, row, existingRows);
+                    break;
+                case 'check':
+                    await this._checkCheck(c, row);
+                    break;
+                case 'fk':
+                    await this._checkForeignKey(c, row);
+                    break;
+            }
+        }
+    }
+    _checkNotNull(c, row) {
+        const v = row[c.column];
+        if (v === null || v === undefined || v === '__NULL__') {
+            throw new ConstraintViolation('notNull', c.column, `NOT NULL violation: column "${c.column}" cannot be null`);
+        }
+    }
+    _checkUnique(c, row, existingRows) {
+        const newVal = row[c.column];
+        const conflict = existingRows.find((existing) => existing[c.column] === newVal && newVal !== null && newVal !== undefined);
+        if (conflict) {
+            throw new ConstraintViolation('unique', c.column, `UNIQUE violation: column "${c.column}" already has value "${String(newVal)}"`);
+        }
+    }
+    async _checkCheck(c, row) {
+        const value = row[c.column];
+        const valid = await c.check(value, row);
+        if (!valid) {
+            throw new ConstraintViolation('check', c.column, `CHECK violation: column "${c.column}"${c.name ? ` (${c.name})` : ''} rejected value "${String(value)}"`);
+        }
+    }
+    async _checkForeignKey(c, row) {
+        const refValue = row[c.column];
+        if (refValue === null || refValue === undefined || refValue === '__NULL__')
+            return; // NULL FK is allowed
+        const { table, tableName } = c.references;
+        const refKey = table.deriveKey(tableName, BigInt(String(refValue)));
+        const exists = await table.exists(refKey);
+        if (!exists) {
+            throw new ConstraintViolation('fk', c.column, `FOREIGN KEY violation: column "${c.column}" references non-existent record "${String(refValue)}"`);
+        }
+    }
+    /**
+     * ON DELETE CASCADE — delete all records in this table that reference
+     * the deleted row in the foreign-key column.
+     *
+     * @param deletedValue  The primary-key value of the deleted parent record.
+     * @param fkColumn      The column in this table that holds the FK.
+     * @param ownedRecords  All decoded records in this table (to find referencing rows).
+     * @param deleteRecord  Callback to actually delete a record by its bytes32 key.
+     */
+    async onDeleteCascade(deletedValue, fkColumn, ownedRecords, deleteRecord) {
+        const toDelete = ownedRecords.filter((r) => String(r.data[fkColumn]) === String(deletedValue));
+        for (const r of toDelete) {
+            await deleteRecord(r.key);
+        }
+    }
+}
+// ─────────────────────────────────────────────────────────────
+//  AUTO_INCREMENT counter
+// ─────────────────────────────────────────────────────────────
+/**
+ * Client-side AUTO_INCREMENT counter backed by a special meta record on-chain.
+ *
+ * The counter is stored as a JSON record encrypted for the table owner under
+ * the key `keccak256("__auto_increment__" + tableName)`.
+ *
+ * ⚠  This is NOT atomic across multiple concurrent writers.
+ *    For single-writer tables (personal data), it is safe.
+ *    For multi-writer tables, use a relay-maintained counter (v1.2).
+ */
+export class AutoIncrementCounter {
+    tableName;
+    client;
+    metaKey;
+    constructor(tableName, client) {
+        this.tableName = tableName;
+        this.client = client;
+        this.metaKey = client.deriveKey(`__auto_increment__${tableName}`, 0n);
+    }
+    /**
+     * Read the current counter value. Returns 0 if not yet initialised.
+     */
+    async current() {
+        try {
+            const exists = await this.client.exists(this.metaKey);
+            if (!exists)
+                return 0n;
+            const json = await this.client.readPlaintext(this.metaKey);
+            const { counter } = JSON.parse(json);
+            return BigInt(counter);
+        }
+        catch {
+            return 0n;
+        }
+    }
+    /**
+     * Atomically increment and return the next ID.
+     * Reads current → increments → writes new value → returns incremented.
+     */
+    async next() {
+        const cur = await this.current();
+        const nextId = cur + 1n;
+        const payload = JSON.stringify({ counter: nextId.toString() });
+        if (cur === 0n) {
+            await this.client.writeRaw(this.metaKey, payload);
+        }
+        else {
+            await this.client.updateRaw(this.metaKey, payload);
+        }
+        return nextId;
+    }
+    /** Reset the counter (use with caution — may cause PK collisions). */
+    async reset(to = 0n) {
+        const payload = JSON.stringify({ counter: to.toString() });
+        const cur = await this.current();
+        if (cur === 0n) {
+            await this.client.writeRaw(this.metaKey, payload);
+        }
+        else {
+            await this.client.updateRaw(this.metaKey, payload);
+        }
+    }
+}
+//# sourceMappingURL=constraints.js.map

package/dist/src/constraints.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constraints.js","sourceRoot":"","sources":["../../src/constraints.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAgDH,gEAAgE;AAChE,8BAA8B;AAC9B,gEAAgE;AAEhE,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAE1B;IACA;IAFlB,YACkB,cAAsB,EACtB,MAAsB,EACtC,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,mBAAc,GAAd,cAAc,CAAQ;QACtB,WAAM,GAAN,MAAM,CAAgB;QAItC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,gEAAgE;AAChE,oBAAoB;AACpB,gEAAgE;AAEhE,MAAM,OAAO,gBAAgB;IACnB,WAAW,CAAe;IAElC,YAAY,cAA4B,EAAE;QACxC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CACZ,GAAsC,EACtC,eAA2C,EAAE;QAE7C,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;gBACf,KAAK,SAAS;oBACZ,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC3B,MAAM;gBACR,KAAK,QAAQ;oBACX,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;oBACxC,MAAM;gBACR,KAAK,OAAO;oBACV,MAAM,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC/B,MAAM;gBACR,KAAK,IAAI;oBACP,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBACpC,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,CAAoB,EAAE,GAA4B;QACtE,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,UAAU,EAAE,CAAC;YACtD,MAAM,IAAI,mBAAmB,CAC3B,SAAS,EAAE,CAAC,CAAC,MAAM,EACnB,+BAA+B,CAAC,CAAC,MAAM,kBAAkB,CAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,YAAY,CAClB,CAA8B,EAC9B,GAAqC,EACrC,YAAuC;QAEvC,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAChC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,MAAM,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,CACvF,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,mBAAmB,CAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAClB,6BAA6B,CAAC,CAAC,MAAM,wBAAwB,MAAM,CAAC,MAAM,CAAC,GAAG,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,CAAkB,EAAE,GAA4B;QACxE,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,mBAAmB,CAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EACjB,4BAA4B,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,oBAAoB,MAAM,CAAC,KAAK,CAAC,GAAG,CACzG,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,CAAyB,EACzB,GAA4B;QAE5B,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,UAAU;YAAE,OAAO,CAAC,qBAAqB;QAEzG,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC;QAC1C,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,mBAAmB,CAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EACd,kCAAkC,CAAC,CAAC,MAAM,qCAAqC,MAAM,CAAC,QAAQ,CAAC,GAAG,CACnG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CACnB,YAAsB,EACtB,QAAqB,EACrB,YAA+D,EAC/D,YAAgD;QAEhD,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC,CACzD,CAAC;QACF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;CACF;AAED,gEAAgE;AAChE,0BAA0B;AAC1B,gEAAgE;AAEhE;;;;;;;;;GASG;AACH,MAAM,OAAO,oBAAoB;IACvB,SAAS,CAAS;IAClB,MAAM,CAA0B;IAChC,OAAO,CAAW;IAE1B,YAAY,SAAiB,EAAE,MAA4B;QACzD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAM,MAAM,CAAC;QACxB,IAAI,CAAC,OAAO,GAAK,MAAM,CAAC,SAAS,CAAC,qBAAqB,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACtD,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3D,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;YAC5D,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAM,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,GAAG,GAAG,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAE/D,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;CACF"}

package/dist/src/crypto.d.ts

@@ -0,0 +1,118 @@
+/**
+ * @file   crypto.ts
+ * @notice Off-chain encryption layer for Web3QL.
+ *
+ * Security model:
+ * ─────────────────────────────────────────────────────────────
+ *  • One random 32-byte symmetric key is generated per record.
+ *  • Record data is encrypted with that key using NaCl secretbox
+ *    (XSalsa20-Poly1305, 256-bit key, 192-bit nonce, 128-bit MAC).
+ *  • The symmetric key is encrypted separately for each authorised
+ *    user using NaCl box (X25519-XSalsa20-Poly1305, ECDH key agreement).
+ *  • Only the encrypted blobs ever touch the chain — the symmetric key
+ *    and plaintext never leave the client device.
+ *
+ * Key derivation from Ethereum wallet:
+ * ─────────────────────────────────────────────────────────────
+ *  X25519 private key = SHA-256(Ethereum private key bytes)
+ *  X25519 public key  = scalar multiplication (computed by nacl)
+ *
+ *  This means no separate key management — the wallet IS the
+ *  encryption identity.  Losing the wallet private key = losing
+ *  access to encrypted records (same as losing any crypto key).
+ *
+ * Wire format (self-describing, no external framing needed):
+ * ─────────────────────────────────────────────────────────────
+ *  secretbox blob: [ 24-byte nonce | encrypted payload ]
+ *  box blob:       [ 24-byte nonce | encrypted payload ]
+ */
+import type { Signer } from 'ethers';
+export interface EncryptionKeypair {
+    /** X25519 public key — safe to publish on-chain */
+    publicKey: Uint8Array;
+    /** X25519 private key — never leaves the client */
+    privateKey: Uint8Array;
+}
+/** Message signed by the wallet to derive the X25519 keypair.
+ *  Must be identical to the constant in cloud/lib/browser-crypto.ts so
+ *  browser and SDK produce the same keypair for the same wallet.
+ */
+export declare const KEY_DERIVATION_MESSAGE = "Web3QL encryption key derivation v1";
+/**
+ * Derive an X25519 keypair from an ethers Signer by signing a fixed
+ * derivation message.  Because Ethereum personal_sign (RFC 6979) is
+ * deterministic, the same wallet always produces the same keypair.
+ *
+ * ✅ Use this when both SDK and browser clients need to share the same
+ *    encryption identity — the resulting pubkey matches what the browser
+ *    derives via `deriveKeypairFromSignature` in browser-crypto.ts.
+ *
+ * @param signer  Any ethers v6 Signer (e.g. `new ethers.Wallet(privKey)`).
+ */
+export declare function deriveKeypairFromWallet(signer: Signer): Promise<EncryptionKeypair>;
+/**
+ * Derive an X25519 encryption keypair from an Ethereum private key.
+ *
+ * @deprecated Prefer `deriveKeypairFromWallet(signer)` — it produces a
+ *   keypair that is compatible with the Web3QL browser Explorer and any
+ *   other client that uses wallet-signature derivation.  Raw-private-key
+ *   derivation generates a DIFFERENT keypair, so records written with this
+ *   function cannot be decrypted in the browser (and vice-versa).
+ *
+ * @param ethPrivateKey  Hex string, with or without "0x" prefix.
+ */
+export declare function deriveKeypair(ethPrivateKey: string): EncryptionKeypair;
+/**
+ * Derive ONLY the public key (useful when you only have a signed
+ * message and want to register — not when you have the private key).
+ * Exposed for completeness; normally call deriveKeypair() directly.
+ */
+export declare function publicKeyFromPrivate(ethPrivateKey: string): Uint8Array;
+/**
+ * Generate a random 32-byte symmetric key for a new record.
+ * Call this once per write — never reuse across records.
+ */
+export declare function generateSymmetricKey(): Uint8Array;
+/**
+ * Encrypt plaintext with a symmetric key.
+ * Wire format: [ 24-byte nonce | MAC+ciphertext ]
+ */
+export declare function encryptData(plaintext: Uint8Array, symmetricKey: Uint8Array): Uint8Array;
+/**
+ * Decrypt a secretbox blob (nonce||ciphertext) with a symmetric key.
+ * Throws if the MAC check fails (data tampered or wrong key).
+ */
+export declare function decryptData(blob: Uint8Array, symmetricKey: Uint8Array): Uint8Array;
+/**
+ * Encrypt a symmetric key for a specific recipient.
+ *
+ * The caller (sharer) needs their own X25519 private key and the
+ * recipient's X25519 public key (registered on-chain in PublicKeyRegistry).
+ *
+ * Wire format: [ 24-byte nonce | MAC+ciphertext ]
+ */
+export declare function encryptKeyForRecipient(symmetricKey: Uint8Array, recipientPublicKey: Uint8Array, senderPrivateKey: Uint8Array): Uint8Array;
+/**
+ * Decrypt a symmetric key that was encrypted for us.
+ * Throws if authentication fails.
+ */
+export declare function decryptKeyFromSender(blob: Uint8Array, senderPublicKey: Uint8Array, recipientPrivKey: Uint8Array): Uint8Array;
+/**
+ * Encrypt the symmetric key to yourself — used on the initial write
+ * so the owner can always recover their own key.
+ */
+export declare function encryptKeyForSelf(symmetricKey: Uint8Array, keypair: EncryptionKeypair): Uint8Array;
+/**
+ * Decrypt a symmetric key that was encrypted to yourself.
+ */
+export declare function decryptKeyForSelf(blob: Uint8Array, keypair: EncryptionKeypair): Uint8Array;
+/**
+ * Encode a 32-byte X25519 public key as a 0x-prefixed hex string
+ * suitable for passing to PublicKeyRegistry.register().
+ */
+export declare function publicKeyToHex(pubKey: Uint8Array): string;
+/**
+ * Decode a 0x-prefixed hex bytes32 from the registry back to Uint8Array.
+ */
+export declare function hexToPublicKey(hex: string): Uint8Array;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/src/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAKH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAMrC,MAAM,WAAW,iBAAiB;IAChC,mDAAmD;IACnD,SAAS,EAAI,UAAU,CAAC;IACxB,mDAAmD;IACnD,UAAU,EAAG,UAAU,CAAC;CACzB;AAMD;;;GAGG;AACH,eAAO,MAAM,sBAAsB,wCAAwC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC,CAM5B;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAAC,aAAa,EAAE,MAAM,GAAG,iBAAiB,CAOtE;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,UAAU,CAEtE;AAMD;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,UAAU,CAEjD;AAED;;;GAGG;AACH,wBAAgB,WAAW,CACzB,SAAS,EAAM,UAAU,EACzB,YAAY,EAAG,UAAU,GACxB,UAAU,CAKZ;AAED;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAW,UAAU,EACzB,YAAY,EAAG,UAAU,GACxB,UAAU,CAMZ;AAMD;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,YAAY,EAAS,UAAU,EAC/B,kBAAkB,EAAG,UAAU,EAC/B,gBAAgB,EAAK,UAAU,GAC9B,UAAU,CAKZ;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAgB,UAAU,EAC9B,eAAe,EAAK,UAAU,EAC9B,gBAAgB,EAAI,UAAU,GAC7B,UAAU,CAMZ;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,YAAY,EAAG,UAAU,EACzB,OAAO,EAAQ,iBAAiB,GAC/B,UAAU,CAEZ;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAM,UAAU,EACpB,OAAO,EAAG,iBAAiB,GAC1B,UAAU,CAEZ;AAMD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAGzD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAKtD"}

package/dist/src/crypto.js

@@ -0,0 +1,192 @@
+/**
+ * @file   crypto.ts
+ * @notice Off-chain encryption layer for Web3QL.
+ *
+ * Security model:
+ * ─────────────────────────────────────────────────────────────
+ *  • One random 32-byte symmetric key is generated per record.
+ *  • Record data is encrypted with that key using NaCl secretbox
+ *    (XSalsa20-Poly1305, 256-bit key, 192-bit nonce, 128-bit MAC).
+ *  • The symmetric key is encrypted separately for each authorised
+ *    user using NaCl box (X25519-XSalsa20-Poly1305, ECDH key agreement).
+ *  • Only the encrypted blobs ever touch the chain — the symmetric key
+ *    and plaintext never leave the client device.
+ *
+ * Key derivation from Ethereum wallet:
+ * ─────────────────────────────────────────────────────────────
+ *  X25519 private key = SHA-256(Ethereum private key bytes)
+ *  X25519 public key  = scalar multiplication (computed by nacl)
+ *
+ *  This means no separate key management — the wallet IS the
+ *  encryption identity.  Losing the wallet private key = losing
+ *  access to encrypted records (same as losing any crypto key).
+ *
+ * Wire format (self-describing, no external framing needed):
+ * ─────────────────────────────────────────────────────────────
+ *  secretbox blob: [ 24-byte nonce | encrypted payload ]
+ *  box blob:       [ 24-byte nonce | encrypted payload ]
+ */
+import nacl from 'tweetnacl';
+import { sha256 } from '@noble/hashes/sha256';
+import { hexToBytes } from '@noble/hashes/utils';
+// ─────────────────────────────────────────────────────────────
+//  Keypair derivation
+// ─────────────────────────────────────────────────────────────
+/** Message signed by the wallet to derive the X25519 keypair.
+ *  Must be identical to the constant in cloud/lib/browser-crypto.ts so
+ *  browser and SDK produce the same keypair for the same wallet.
+ */
+export const KEY_DERIVATION_MESSAGE = 'Web3QL encryption key derivation v1';
+/**
+ * Derive an X25519 keypair from an ethers Signer by signing a fixed
+ * derivation message.  Because Ethereum personal_sign (RFC 6979) is
+ * deterministic, the same wallet always produces the same keypair.
+ *
+ * ✅ Use this when both SDK and browser clients need to share the same
+ *    encryption identity — the resulting pubkey matches what the browser
+ *    derives via `deriveKeypairFromSignature` in browser-crypto.ts.
+ *
+ * @param signer  Any ethers v6 Signer (e.g. `new ethers.Wallet(privKey)`).
+ */
+export async function deriveKeypairFromWallet(signer) {
+    const sig = await signer.signMessage(KEY_DERIVATION_MESSAGE);
+    const sigHex = sig.startsWith('0x') ? sig.slice(2) : sig;
+    const seed = sha256(hexToBytes(sigHex));
+    const kp = nacl.box.keyPair.fromSecretKey(seed);
+    return { publicKey: kp.publicKey, privateKey: kp.secretKey };
+}
+/**
+ * Derive an X25519 encryption keypair from an Ethereum private key.
+ *
+ * @deprecated Prefer `deriveKeypairFromWallet(signer)` — it produces a
+ *   keypair that is compatible with the Web3QL browser Explorer and any
+ *   other client that uses wallet-signature derivation.  Raw-private-key
+ *   derivation generates a DIFFERENT keypair, so records written with this
+ *   function cannot be decrypted in the browser (and vice-versa).
+ *
+ * @param ethPrivateKey  Hex string, with or without "0x" prefix.
+ */
+export function deriveKeypair(ethPrivateKey) {
+    const stripped = ethPrivateKey.startsWith('0x')
+        ? ethPrivateKey.slice(2)
+        : ethPrivateKey;
+    const seed = sha256(hexToBytes(stripped));
+    const kp = nacl.box.keyPair.fromSecretKey(seed);
+    return { publicKey: kp.publicKey, privateKey: kp.secretKey };
+}
+/**
+ * Derive ONLY the public key (useful when you only have a signed
+ * message and want to register — not when you have the private key).
+ * Exposed for completeness; normally call deriveKeypair() directly.
+ */
+export function publicKeyFromPrivate(ethPrivateKey) {
+    return deriveKeypair(ethPrivateKey).publicKey;
+}
+// ─────────────────────────────────────────────────────────────
+//  Symmetric encryption (record data)
+// ─────────────────────────────────────────────────────────────
+/**
+ * Generate a random 32-byte symmetric key for a new record.
+ * Call this once per write — never reuse across records.
+ */
+export function generateSymmetricKey() {
+    return nacl.randomBytes(nacl.secretbox.keyLength); // 32 bytes
+}
+/**
+ * Encrypt plaintext with a symmetric key.
+ * Wire format: [ 24-byte nonce | MAC+ciphertext ]
+ */
+export function encryptData(plaintext, symmetricKey) {
+    const nonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+    const encrypted = nacl.secretbox(plaintext, nonce, symmetricKey);
+    if (!encrypted)
+        throw new Error('encryptData: nacl.secretbox returned null');
+    return concat(nonce, encrypted);
+}
+/**
+ * Decrypt a secretbox blob (nonce||ciphertext) with a symmetric key.
+ * Throws if the MAC check fails (data tampered or wrong key).
+ */
+export function decryptData(blob, symmetricKey) {
+    const nonce = blob.subarray(0, nacl.secretbox.nonceLength);
+    const ciphertext = blob.subarray(nacl.secretbox.nonceLength);
+    const plaintext = nacl.secretbox.open(ciphertext, nonce, symmetricKey);
+    if (!plaintext)
+        throw new Error('decryptData: authentication failed — wrong key or tampered data');
+    return plaintext;
+}
+// ─────────────────────────────────────────────────────────────
+//  Asymmetric key wrapping (per-recipient symmetric key copies)
+// ─────────────────────────────────────────────────────────────
+/**
+ * Encrypt a symmetric key for a specific recipient.
+ *
+ * The caller (sharer) needs their own X25519 private key and the
+ * recipient's X25519 public key (registered on-chain in PublicKeyRegistry).
+ *
+ * Wire format: [ 24-byte nonce | MAC+ciphertext ]
+ */
+export function encryptKeyForRecipient(symmetricKey, recipientPublicKey, senderPrivateKey) {
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const encrypted = nacl.box(symmetricKey, nonce, recipientPublicKey, senderPrivateKey);
+    if (!encrypted)
+        throw new Error('encryptKeyForRecipient: nacl.box returned null');
+    return concat(nonce, encrypted);
+}
+/**
+ * Decrypt a symmetric key that was encrypted for us.
+ * Throws if authentication fails.
+ */
+export function decryptKeyFromSender(blob, senderPublicKey, recipientPrivKey) {
+    const nonce = blob.subarray(0, nacl.box.nonceLength);
+    const ciphertext = blob.subarray(nacl.box.nonceLength);
+    const key = nacl.box.open(ciphertext, nonce, senderPublicKey, recipientPrivKey);
+    if (!key)
+        throw new Error('decryptKeyFromSender: authentication failed — wrong key or tampered data');
+    return key;
+}
+/**
+ * Encrypt the symmetric key to yourself — used on the initial write
+ * so the owner can always recover their own key.
+ */
+export function encryptKeyForSelf(symmetricKey, keypair) {
+    return encryptKeyForRecipient(symmetricKey, keypair.publicKey, keypair.privateKey);
+}
+/**
+ * Decrypt a symmetric key that was encrypted to yourself.
+ */
+export function decryptKeyForSelf(blob, keypair) {
+    return decryptKeyFromSender(blob, keypair.publicKey, keypair.privateKey);
+}
+// ─────────────────────────────────────────────────────────────
+//  Encode/decode public key for on-chain storage (bytes32)
+// ─────────────────────────────────────────────────────────────
+/**
+ * Encode a 32-byte X25519 public key as a 0x-prefixed hex string
+ * suitable for passing to PublicKeyRegistry.register().
+ */
+export function publicKeyToHex(pubKey) {
+    if (pubKey.length !== 32)
+        throw new Error('publicKeyToHex: expected 32 bytes');
+    return '0x' + Buffer.from(pubKey).toString('hex');
+}
+/**
+ * Decode a 0x-prefixed hex bytes32 from the registry back to Uint8Array.
+ */
+export function hexToPublicKey(hex) {
+    const stripped = hex.startsWith('0x') ? hex.slice(2) : hex;
+    const bytes = hexToBytes(stripped);
+    if (bytes.length !== 32)
+        throw new Error('hexToPublicKey: expected 32 hex bytes');
+    return bytes;
+}
+// ─────────────────────────────────────────────────────────────
+//  Utility
+// ─────────────────────────────────────────────────────────────
+function concat(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/src/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,IAAI,MAAgB,WAAW,CAAC;AACvC,OAAO,EAAE,MAAM,EAAE,MAAU,sBAAsB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAcjD,gEAAgE;AAChE,sBAAsB;AACtB,gEAAgE;AAEhE;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,qCAAqC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,MAAc;IAEd,MAAM,GAAG,GAAO,MAAM,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IACjE,MAAM,MAAM,GAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC1D,MAAM,IAAI,GAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAQ,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IACrD,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC;AAC/D,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC;QAC7C,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;QACxB,CAAC,CAAC,aAAa,CAAC;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAClD,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,CAAC,SAAS,EAAE,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,aAAqB;IACxD,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC,SAAS,CAAC;AAChD,CAAC;AAED,gEAAgE;AAChE,sCAAsC;AACtC,gEAAgE;AAEhE;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW;AAChE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,SAAyB,EACzB,YAAyB;IAEzB,MAAM,KAAK,GAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC7E,OAAO,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,IAAyB,EACzB,YAAyB;IAEzB,MAAM,KAAK,GAAQ,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;IACxE,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACnG,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,gEAAgE;AAChE,gEAAgE;AAChE,gEAAgE;AAEhE;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,YAA+B,EAC/B,kBAA+B,EAC/B,gBAA+B;IAE/B,MAAM,KAAK,GAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;IACtF,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IAClF,OAAO,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAA8B,EAC9B,eAA8B,EAC9B,gBAA8B;IAE9B,MAAM,KAAK,GAAQ,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,GAAG,GAAU,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACvF,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IACtG,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAC/B,YAAyB,EACzB,OAAgC;IAEhC,OAAO,sBAAsB,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;AACrF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAAoB,EACpB,OAA2B;IAE3B,OAAO,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3E,CAAC;AAED,gEAAgE;AAChE,2DAA2D;AAC3D,gEAAgE;AAEhE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAkB;IAC/C,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAC/E,OAAO,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC3D,MAAM,KAAK,GAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAClF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gEAAgE;AAChE,WAAW;AACX,gEAAgE;AAEhE,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/src/factory-client.d.ts

@@ -0,0 +1,106 @@
+/**
+ * @file   factory-client.ts
+ * @notice High-level client for the Web3QL Factory + Database contracts.
+ *
+ * Entry point for every Web3QL app:
+ * ─────────────────────────────────────────────────────────────
+ *   const web3ql = new Web3QLClient(factoryAddress, signer, keypair, registryAddress);
+ *
+ *   // Register your public key once (one-time, ~40k gas)
+ *   await web3ql.register();
+ *
+ *   // Create a personal database (or get existing)
+ *   const db = await web3ql.getOrCreateDatabase();
+ *
+ *   // Create a table
+ *   const tableAddr = await db.createTable('users', schemaBytes);
+ *
+ *   // Get an encrypted client for that table
+ *   const users = db.table(tableAddr);
+ *
+ *   // Write (auto-encrypts)
+ *   await users.writeRaw(users.deriveKey('users', 1n), '{"name":"Alice"}');
+ */
+import { ethers } from 'ethers';
+import { EncryptedTableClient } from './table-client.js';
+import { PublicKeyRegistryClient } from './registry.js';
+import type { EncryptionKeypair } from './crypto.js';
+export declare class DatabaseClient {
+    readonly address: string;
+    private contract;
+    private signer;
+    private keypair;
+    constructor(address: string, signer: ethers.Signer, keypair: EncryptionKeypair);
+    /**
+     * Create a new encrypted table inside this database.
+     * @param name        Human-readable table name (matches your schema).
+     * @param schemaBytes ABI-encoded schema from @web3ql/compiler's compileSchema().
+     * @returns           Address of the deployed table proxy.
+     */
+    createTable(name: string, schemaBytes: string): Promise<string>;
+    /**
+     * Get the address of an existing table by name.
+     * Returns ethers.ZeroAddress if not found.
+     */
+    getTable(name: string): Promise<string>;
+    /**
+     * List all table names in this database.
+     */
+    listTables(): Promise<string[]>;
+    /**
+     * Drop (remove from registry) a table by name.
+     * Records inside the table are NOT purged by this call — they remain
+     * as unreachable ciphertext. Use SchemaManager.dropTable() first to
+     * bulk-delete records if you want storage refunds.
+     */
+    dropTable(name: string): Promise<ethers.TransactionReceipt>;
+    /**
+     * Get an EncryptedTableClient for a specific table address.
+     * Use this after createTable() or getTable() to read/write records.
+     */
+    table(tableAddress: string): EncryptedTableClient;
+}
+export declare class Web3QLClient {
+    private factory;
+    private signer;
+    private keypair;
+    readonly registry: PublicKeyRegistryClient;
+    constructor(factoryAddress: string, signer: ethers.Signer, keypair: EncryptionKeypair, registryAddress: string);
+    /**
+     * Register the caller's encryption public key on-chain.
+     * Must be called once per address before anyone can share records
+     * with that address.  Safe to call again — will overwrite.
+     */
+    register(): Promise<ethers.TransactionReceipt>;
+    /**
+     * Check if an address has registered its public key.
+     */
+    isRegistered(address: string): Promise<boolean>;
+    /**
+     * Create a new personal database for the calling wallet.
+     * Most users only ever need one database — use getOrCreateDatabase().
+     * @param name  Human-readable label stored immutably on-chain.
+     */
+    createDatabase(name?: string): Promise<DatabaseClient>;
+    /**
+     * Get all database proxies owned by a user.
+     */
+    getDatabases(owner?: string): Promise<string[]>;
+    /**
+     * Return the first existing database for the caller, or create one
+     * if none exists.  Idempotent — safe to call on every app startup.
+     * @param name  Passed to createDatabase() only when a new one is created.
+     */
+    getOrCreateDatabase(name?: string): Promise<DatabaseClient>;
+    /**
+     * Wrap an already-known database address (e.g. loaded from config).
+     */
+    database(address: string): DatabaseClient;
+    /**
+     * Remove a database from the factory’s registry.
+     * The proxy contract is NOT destroyed — it remains on-chain.
+     * After calling this it will no longer appear in getDatabases().
+     */
+    removeDatabase(dbAddress: string): Promise<ethers.TransactionReceipt>;
+}
+//# sourceMappingURL=factory-client.d.ts.map

package/dist/src/factory-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory-client.d.ts","sourceRoot":"","sources":["../../src/factory-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAoC,QAAQ,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAsB,mBAAmB,CAAC;AACzE,OAAO,EAAE,uBAAuB,EAAE,MAAmB,eAAe,CAAC;AACrE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAoB,aAAa,CAAC;AA4BnE,qBAAa,cAAc;IACzB,QAAQ,CAAC,OAAO,EAAG,MAAM,CAAC;IAC1B,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,OAAO,CAAsB;gBAGnC,OAAO,EAAI,MAAM,EACjB,MAAM,EAAK,MAAM,CAAC,MAAM,EACxB,OAAO,EAAI,iBAAiB;IAQ9B;;;;;OAKG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiBrE;;;OAGG;IACG,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK7C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKrC;;;;;OAKG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC;IAMjE;;;OAGG;IACH,KAAK,CAAC,YAAY,EAAE,MAAM,GAAG,oBAAoB;CAGlD;AAMD,qBAAa,YAAY;IACvB,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,OAAO,CAAsB;IACrC,QAAQ,CAAC,QAAQ,EAAE,uBAAuB,CAAC;gBAGzC,cAAc,EAAK,MAAM,EACzB,MAAM,EAAa,MAAM,CAAC,MAAM,EAChC,OAAO,EAAY,iBAAiB,EACpC,eAAe,EAAI,MAAM;IAQ3B;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC;IAIpD;;OAEG;IACG,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIrD;;;;OAIG;IACG,cAAc,CAAC,IAAI,GAAE,MAAW,GAAG,OAAO,CAAC,cAAc,CAAC;IAqBhE;;OAEG;IACG,YAAY,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAMrD;;;;OAIG;IACG,mBAAmB,CAAC,IAAI,GAAE,MAAW,GAAG,OAAO,CAAC,cAAc,CAAC;IAQrE;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc;IAIzC;;;;OAIG;IACG,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAAC;CAK5E"}