synapse 2.170.0__py311-none-any.whl → 2.172.0__py311-none-any.whl

synapse/lib/lmdbslab.py

@@ -1253,18 +1253,18 @@ class Slab(s_base.Base):
         finally:
             self._relXactForReading()
 
-    def scanKeys(self, db=None):
+    def scanKeys(self, db=None, nodup=False):
 
-        with ScanKeys(self, db) as scan:
+        with ScanKeys(self, db, nodup=nodup) as scan:
 
             if not scan.first():
                 return
 
             yield from scan.iternext()
 
-    def scanKeysByPref(self, byts, db=None):
+    def scanKeysByPref(self, byts, db=None, nodup=False):
 
-        with ScanKeys(self, db) as scan:
+        with ScanKeys(self, db, nodup=nodup) as scan:
 
             if not scan.set_range(byts):
                 return
@@ -1283,7 +1283,7 @@ class Slab(s_base.Base):
         '''
         count = 0
         size = len(byts)
-        with ScanKeys(self, db) as scan:
+        with ScanKeys(self, db, nodup=True) as scan:
 
             if not scan.set_range(byts):
                 return 0
@@ -1293,7 +1293,7 @@ class Slab(s_base.Base):
                 if lkey[:size] != byts:
                     return count
 
-                count += 1
+                count += scan.curs.count()
                 if maxsize is not None and maxsize == count:
                     return count
 
@@ -1367,6 +1367,10 @@ class Slab(s_base.Base):
                 if not scan.set_range(nextbyts):
                     return
 
+                if scan.atitem[0] == nextbyts:
+                    if not scan.next_key():
+                        return
+
             except OverflowError:
                 if not scan.first():
                     return
@@ -1752,14 +1756,21 @@ class ScanKeys(Scan):
     An iterator over the keys of the database.  If the database is dupsort, a key with multiple values with be yielded
     once for each value.
     '''
+    def __init__(self, slab, db, nodup=False):
+        Scan.__init__(self, slab, db)
+        self.nodup = nodup
+
     def iterfunc(self):
         if self.dupsort:
-            return Scan.iterfunc(self)
+            if self.nodup:
+                return self.curs.iternext_nodup(keys=True, values=False)
+            else:
+                return Scan.iterfunc(self)
 
         return self.curs.iternext(keys=True, values=False)
 
     def resume(self):
-        if self.dupsort:
+        if self.dupsort and not self.nodup:
             return Scan.resume(self)
 
         return self.curs.set_range(self.atitem)
@@ -1768,13 +1779,13 @@ class ScanKeys(Scan):
         '''
         Returns if the cursor is at the value in atitem
         '''
-        if self.dupsort:
+        if self.dupsort and not self.nodup:
             return Scan.isatitem(self)
 
         return self.atitem == self.curs.key()
 
     def iternext(self):
-        if self.dupsort:
+        if self.dupsort and not self.nodup:
             yield from (item[0] for item in Scan.iternext(self))
             return
 
@@ -1810,6 +1821,19 @@ class ScanBack(Scan):
         self.atitem = next(self.genr)
         return True
 
+    def next_key(self):
+
+        if not self.curs.prev_nodup():
+            return False
+
+        if self.dupsort:
+            self.curs.last_dup()
+
+        self.genr = self.iterfunc()
+        self.atitem = next(self.genr)
+
+        return True
+
     def set_range(self, lkey):
 
         if not self.curs.set_range(lkey):

synapse/lib/node.py

@@ -270,7 +270,7 @@ class Node:
 
         if self.form.isrunt:
             if prop.info.get('ro'):
-                mesg = f'Cannot set read-only props on runt nodes: {repr(valu)[:256]}'
+                mesg = f'Cannot set read-only props on runt nodes: {s_common.trimText(repr(valu))}'
                 raise s_exc.IsRuntForm(mesg=mesg, form=self.form.full, prop=name)
 
             await self.snap.core.runRuntPropSet(self, prop, valu)

synapse/lib/slabseqn.py

@@ -169,7 +169,7 @@ class SlabSeqn:
 
         return s_common.int64un(byts) + 1
 
-    def iter(self, offs):
+    def iter(self, offs, reverse=False):
         '''
         Iterate over items in a sequence from a given offset.
 
@@ -180,10 +180,16 @@ class SlabSeqn:
             (indx, valu): The index and valu of the item.
         '''
         startkey = s_common.int64en(offs)
-        for lkey, lval in self.slab.scanByRange(startkey, db=self.db):
-            offs = s_common.int64un(lkey)
-            valu = s_msgpack.un(lval)
-            yield offs, valu
+        if reverse:
+            for lkey, lval in self.slab.scanByRangeBack(startkey, db=self.db):
+                offs = s_common.int64un(lkey)
+                valu = s_msgpack.un(lval)
+                yield offs, valu
+        else:
+            for lkey, lval in self.slab.scanByRange(startkey, db=self.db):
+                offs = s_common.int64un(lkey)
+                valu = s_msgpack.un(lval)
+                yield offs, valu
 
     async def aiter(self, offs, wait=False, timeout=None):
         '''

synapse/lib/storm.py

@@ -2195,92 +2195,28 @@ class Runtime(s_base.Base):
         return self.user.allowed(perms, gateiden=gateiden, default=default)
 
     def allowedReason(self, perms, gateiden=None, default=None):
-        '''
-        Similar to allowed, but always prefer the default value specified by the caller.
-        Default values are still pulled from permdefs if there is a match there; but still prefer caller default.
-        This results in a ternary response that can be used to know if a rule had a positive/negative or no match.
-        The matching reason metadata is also returned.
-        '''
         if self.asroot:
             return self._admin_reason
 
-        if default is None:
-            permdef = self.snap.core.getPermDef(perms)
-            if permdef:
-                default = permdef.get('default', default)
-
-        return self.user.getAllowedReason(perms, gateiden=gateiden, default=default)
+        return self.snap.core._propAllowedReason(self.user, perms, gateiden=gateiden, default=default)
 
     def confirmPropSet(self, prop, layriden=None):
+        if self.asroot:
+            return
 
         if layriden is None:
             layriden = self.snap.wlyr.iden
 
-        meta0 = self.allowedReason(prop.setperms[0], gateiden=layriden)
-
-        if meta0.isadmin:
-            return
-
-        allowed0 = meta0.value
-
-        meta1 = self.allowedReason(prop.setperms[1], gateiden=layriden)
-        allowed1 = meta1.value
-
-        if allowed0:
-            if allowed1:
-                return
-            elif allowed1 is False:
-                # This is a allow-with-precedence case.
-                # Inspect meta to determine if the rule a0 is more specific than rule a1
-                if len(meta0.rule) >= len(meta1.rule):
-                    return
-                self.user.raisePermDeny(prop.setperms[0], gateiden=layriden)
-            return
-
-        if allowed1:
-            if allowed0 is None:
-                return
-            # allowed0 here is False. This is a deny-with-precedence case.
-            # Inspect meta to determine if the rule a1 is more specific than rule a0
-            if len(meta1.rule) > len(meta0.rule):
-                return
-
-        self.user.raisePermDeny(prop.setperms[0], gateiden=layriden)
+        return self.snap.core.confirmPropSet(self.user, prop, layriden=layriden)
 
     def confirmPropDel(self, prop, layriden=None):
+        if self.asroot:
+            return
 
         if layriden is None:
             layriden = self.snap.wlyr.iden
 
-        meta0 = self.allowedReason(prop.delperms[0], gateiden=layriden)
-
-        if meta0.isadmin:
-            return
-
-        allowed0 = meta0.value
-        meta1 = self.allowedReason(prop.delperms[1], gateiden=layriden)
-        allowed1 = meta1.value
-
-        if allowed0:
-            if allowed1:
-                return
-            elif allowed1 is False:
-                # This is a allow-with-precedence case.
-                # Inspect meta to determine if the rule a0 is more specific than rule a1
-                if len(meta0.rule) >= len(meta1.rule):
-                    return
-                self.user.raisePermDeny(prop.delperms[0], gateiden=layriden)
-            return
-
-        if allowed1:
-            if allowed0 is None:
-                return
-            # allowed0 here is False. This is a deny-with-precedence case.
-            # Inspect meta to determine if the rule a1 is more specific than rule a0
-            if len(meta1.rule) > len(meta0.rule):
-                return
-
-        self.user.raisePermDeny(prop.delperms[0], gateiden=layriden)
+        return self.snap.core.confirmPropDel(self.user, prop, layriden=layriden)
 
     def confirmEasyPerm(self, item, perm, mesg=None):
         if not self.asroot:

synapse/lib/stormhttp.py

@@ -549,7 +549,7 @@ class HttpResp(s_stormtypes.Prim):
             return json.loads(valu.decode(encoding, errors))
 
         except UnicodeDecodeError as e:
-            raise s_exc.StormRuntimeError(mesg=f'{e}: {repr(valu)[:256]}') from None
+            raise s_exc.StormRuntimeError(mesg=f'{e}: {s_common.trimText(repr(valu))}') from None
 
         except json.JSONDecodeError as e:
             mesg = f'Unable to decode HTTP response as json: {e.args[0]}'

synapse/lib/stormlib/auth.py

@@ -959,6 +959,18 @@ class User(s_stormtypes.Prim):
                       {'name': 'locked', 'type': 'boolean', 'desc': 'True to lock the user, false to unlock them.', },
                   ),
                   'returns': {'type': 'null', }}},
+        {'name': 'setArchived', 'desc': '''
+        Set the archived status for a user.
+
+        Notes:
+            Setting a user as "archived" will also lock the user.
+            Removing a users "archived" status will not unlock the user.
+        ''',
+         'type': {'type': 'function', '_funcname': '_methUserSetArchived',
+                  'args': (
+                      {'name': 'archived', 'type': 'boolean', 'desc': 'True to archive the user, false to unarchive them.', },
+                  ),
+                  'returns': {'type': 'null', }}},
         {'name': 'setPasswd', 'desc': 'Set the Users password.',
          'type': {'type': 'function', '_funcname': '_methUserSetPasswd',
                   'args': (
@@ -1113,6 +1125,7 @@ class User(s_stormtypes.Prim):
             'setEmail': self._methUserSetEmail,
             'setLocked': self._methUserSetLocked,
             'setPasswd': self._methUserSetPasswd,
+            'setArchived': self._methUserSetArchived,
             'getAllowedReason': self._methGetAllowedReason,
             'genApiKey': self._methGenApiKey,
             'getApiKey': self._methGetApiKey,
@@ -1286,6 +1299,10 @@ class User(s_stormtypes.Prim):
         self.runt.confirm(('auth', 'user', 'set', 'locked'))
         await self.runt.snap.core.setUserLocked(self.valu, await s_stormtypes.tobool(locked))
 
+    async def _methUserSetArchived(self, archived):
+        self.runt.confirm(('auth', 'user', 'set', 'archived'))
+        await self.runt.snap.core.setUserArchived(self.valu, await s_stormtypes.tobool(archived))
+
     async def _methGenApiKey(self, name, duration=None):
         name = await s_stormtypes.tostr(name)
         duration = await s_stormtypes.toint(duration, noneok=True)
@@ -1703,6 +1720,8 @@ class LibUsers(s_stormtypes.Lib):
          'desc': 'Controls changing a user\'s email address.'},
         {'perm': ('auth', 'user', 'set', 'locked'), 'gate': 'cortex',
          'desc': 'Controls locking/unlocking a user account.'},
+        {'perm': ('auth', 'user', 'set', 'archived'), 'gate': 'cortex',
+         'desc': 'Controls archiving/unarchiving a user account.'},
         {'perm': ('auth', 'user', 'set', 'passwd'), 'gate': 'cortex',
          'desc': 'Controls changing a user password.'},
         {'perm': ('auth', 'user', 'set', 'rules'), 'gate': 'cortex',

synapse/lib/stormlib/cell.py

@@ -2,11 +2,16 @@ import asyncio
 import logging
 
 import synapse.exc as s_exc
-import synapse.lib.const as s_const
+import synapse.lib.autodoc as s_autodoc
 import synapse.lib.stormtypes as s_stormtypes
 
 logger = logging.getLogger(__name__)
 
+def prepHotfixDesc(txt):
+    lines = txt.split('\n')
+    lines = s_autodoc.scrubLines(lines)
+    lines = s_autodoc.ljuster(lines)
+    return lines
 
 storm_missing_autoadds = '''
 $absoluteOrder = $lib.view.list(deporder=$lib.true)
@@ -64,6 +69,17 @@ for $view in $views {
 }
 '''
 
+storm_migrate_riskhasvuln = '''
+for $view in $lib.view.list(deporder=$lib.true) {
+    view.exec $view.iden {
+        $layer = $lib.layer.get()
+        for ($buid, $sode) in $layer.getStorNodesByForm(risk:hasvuln) {
+            yield $buid
+            $lib.model.migration.s.riskHasVulnToVulnerable($node)
+        }
+    }
+}
+'''
 
 hotfixes = (
     ((1, 0, 0), {
@@ -78,6 +94,20 @@ hotfixes = (
         'desc': 'Populate it:sec:cpe:v2_2 properties from existing CPE where the property is not set.',
         'query': storm_missing_cpe22,
     }),
+    ((4, 0, 0), {
+        'desc': '''
+            Create risk:vulnerable nodes from existing risk:hasvuln nodes.
+
+            This hotfix should only be applied after all logic that would create
+            risk:hasvuln nodes has been updated. The hotfix uses the
+            $lib.model.migration.s.riskHasVulnToVulnerable() function,
+            which can be used directly for testing.
+
+            Tags, tag properties, edges, and node data will all be copied
+            to the risk:vulnerable nodes.
+        ''',
+        'query': storm_migrate_riskhasvuln,
+    }),
 )
 runtime_fixes_key = 'cortex:runtime:stormfixes'
 
@@ -174,7 +204,9 @@ class CellLib(s_stormtypes.Lib):
             assert desc is not None
             assert vars is not None
 
-            await self.runt.printf(f'Applying hotfix {vers} for [{desc}]')
+            title = prepHotfixDesc(desc)[0]
+            await self.runt.printf(f'Applying hotfix {vers} for [{title}]')
+
             try:
                 query = await self.runt.getStormQuery(text)
                 async with self.runt.getSubRuntime(query, opts={'vars': vars}) as runt:
@@ -206,8 +238,14 @@ class CellLib(s_stormtypes.Lib):
                 continue
 
             dowork = True
-            desc = info.get('desc')
-            await self.runt.printf(f'Would apply fix {vers} for [{desc}]')
+
+            desclines = prepHotfixDesc(info.get('desc'))
+            await self.runt.printf(f'Would apply fix {vers} for [{desclines[0]}]')
+            if len(desclines) > 1:
+                for line in desclines[1:]:
+                    await self.runt.printf(f'    {line}' if line else '')
+            else:
+                await self.runt.printf('')
 
         return dowork
 

synapse/lib/stormlib/compression.py

@@ -53,7 +53,7 @@ class Bzip2Lib(s_stormtypes.Lib):
         try:
             return bz2.compress(valu)
         except Exception as e:
-            mesg = f'Error during bzip2 compression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during bzip2 compression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None
 
     async def un(self, valu):
@@ -61,7 +61,7 @@ class Bzip2Lib(s_stormtypes.Lib):
         try:
             return bz2.decompress(valu)
         except Exception as e:
-            mesg = f'Error during bzip2 decompression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during bzip2 decompression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None
 
 @s_stormtypes.registry.registerLib
@@ -110,7 +110,7 @@ class GzipLib(s_stormtypes.Lib):
         try:
             return gzip.compress(valu)
         except Exception as e:
-            mesg = f'Error during gzip compression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during gzip compression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None
 
     async def un(self, valu):
@@ -118,7 +118,7 @@ class GzipLib(s_stormtypes.Lib):
         try:
             return gzip.decompress(valu)
         except Exception as e:
-            mesg = f'Error during gzip decompression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during gzip decompression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None
 
 @s_stormtypes.registry.registerLib
@@ -167,7 +167,7 @@ class ZlibLib(s_stormtypes.Lib):
         try:
             return zlib.compress(valu)
         except Exception as e:
-            mesg = f'Error during zlib compression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during zlib compression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None
 
     async def un(self, valu):
@@ -175,5 +175,5 @@ class ZlibLib(s_stormtypes.Lib):
         try:
             return zlib.decompress(valu)
         except Exception as e:
-            mesg = f'Error during zlib decompression - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during zlib decompression - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg) from None

synapse/lib/stormlib/env.py

@@ -0,0 +1,50 @@
+import os
+
+import synapse.exc as s_exc
+import synapse.common as s_common
+import synapse.lib.stormtypes as s_stormtypes
+
+@s_stormtypes.registry.registerLib
+class LibEnv(s_stormtypes.Lib):
+    '''
+    A Storm Library for accessing environment vars.
+    '''
+    _storm_locals = (
+        {'name': 'get', 'desc': '''
+            Retrieve an environment variable.
+
+            Notes:
+                Environment variables must begin with ``SYN_STORM_ENV_`` in
+                order to be accessed by this API.
+        ''',
+         'type': {
+            'type': 'function', '_funcname': '_libEnvGet',
+            'args': (
+                {'name': 'name', 'type': 'str', 'desc': 'The name of the environment variable.', },
+                {'name': 'default', 'type': 'obj', 'default': None,
+                    'desc': 'The value to return if the environment variable is not set.', },
+            ),
+         'returns': {'type': 'str', 'desc': 'The environment variable string.'},
+         },
+        },
+    )
+    _storm_lib_path = ('env',)
+
+    def getObjLocals(self):
+        return {
+            'get': self._libEnvGet,
+        }
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _libEnvGet(self, name, default=None):
+
+        self.runt.reqAdmin(mesg='$lib.env.get() requires admin privileges.')
+
+        name = await s_stormtypes.tostr(name)
+        default = await s_stormtypes.toprim(default)
+
+        if not name.startswith('SYN_STORM_ENV_'):
+            mesg = f'Environment variable must start with SYN_STORM_ENV_ : {name}'
+            raise s_exc.BadArg(mesg=mesg)
+
+        return os.getenv(name, default=default)

synapse/lib/stormlib/gen.py

@@ -603,7 +603,7 @@ stormcmds = (
     {
         'name': 'gen.it.av.scan.result',
         'descr': '''
-            Lift (or create) the it:av:scan:result node by deconflicting the target and signature time.
+            Lift (or create) the it:av:scan:result node by deconflicting the target and signature name.
 
             The scan time and scanner name may also optionally be provided for deconfliction.
 

synapse/lib/stormlib/model.py

@@ -1090,7 +1090,7 @@ class LibModelMigrations(s_stormtypes.Lib, MigrationEditorMixin):
         self.runt.confirmPropSet(riskvuln.props['vuln'])
         self.runt.confirmPropSet(riskvuln.props['node'])
 
-        if (seen := n.get('.seen')):
+        if seen := n.get('.seen'):
             self.runt.confirmPropSet(riskvuln.props['.seen'])
             props['.seen'] = seen
 

synapse/lib/stormtypes.py

@@ -4130,7 +4130,7 @@ class LibBase64(Lib):
                 return base64.urlsafe_b64encode(valu).decode('ascii')
             return base64.b64encode(valu).decode('ascii')
         except TypeError as e:
-            mesg = f'Error during base64 encoding - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during base64 encoding - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg, urlsafe=urlsafe) from None
 
     @stormfunc(readonly=True)
@@ -4140,7 +4140,7 @@ class LibBase64(Lib):
                 return base64.urlsafe_b64decode(valu)
             return base64.b64decode(valu)
         except binascii.Error as e:
-            mesg = f'Error during base64 decoding - {str(e)}: {repr(valu)[:256]}'
+            mesg = f'Error during base64 decoding - {str(e)}: {s_common.trimText(repr(valu))}'
             raise s_exc.StormRuntimeError(mesg=mesg, urlsafe=urlsafe) from None
 
 @functools.total_ordering
@@ -4488,7 +4488,7 @@ class Str(Prim):
         try:
             return self.valu.encode(encoding, 'surrogatepass')
         except UnicodeEncodeError as e:
-            raise s_exc.StormRuntimeError(mesg=f'{e}: {repr(self.valu)[:256]}') from None
+            raise s_exc.StormRuntimeError(mesg=f'{e}: {s_common.trimText(repr(self.valu))}') from None
 
     @stormfunc(readonly=True)
     async def _methStrSplit(self, text, maxsplit=-1):
@@ -4733,7 +4733,7 @@ class Bytes(Prim):
         try:
             return self.valu.decode(encoding, errors)
         except UnicodeDecodeError as e:
-            raise s_exc.StormRuntimeError(mesg=f'{e}: {repr(self.valu)[:256]}') from None
+            raise s_exc.StormRuntimeError(mesg=f'{e}: {s_common.trimText(repr(self.valu))}') from None
 
     async def _methBunzip(self):
         return bz2.decompress(self.valu)
@@ -4763,7 +4763,7 @@ class Bytes(Prim):
             return json.loads(valu.decode(encoding, errors))
 
         except UnicodeDecodeError as e:
-            raise s_exc.StormRuntimeError(mesg=f'{e}: {repr(valu)[:256]}') from None
+            raise s_exc.StormRuntimeError(mesg=f'{e}: {s_common.trimText(repr(valu))}') from None
 
         except json.JSONDecodeError as e:
             mesg = f'Unable to decode bytes as json: {e.args[0]}'
@@ -6606,7 +6606,12 @@ class Layer(Prim):
         {'name': 'repr', 'desc': 'Get a string representation of the Layer.',
          'type': {'type': 'function', '_funcname': '_methLayerRepr',
                   'returns': {'type': 'str', 'desc': 'A string that can be printed, representing a Layer.', }}},
-        {'name': 'edits', 'desc': 'Yield (offs, nodeedits) tuples from the given offset.',
+        {'name': 'edits', 'desc': '''
+            Yield (offs, nodeedits) tuples from the given offset.
+
+            Notes:
+                Specifying reverse=(true) disables the wait behavior.
+         ''',
          'type': {'type': 'function', '_funcname': '_methLayerEdits',
                   'args': (
                       {'name': 'offs', 'type': 'int', 'desc': 'Offset to start getting nodeedits from the layer at.',
@@ -6616,9 +6621,14 @@ class Layer(Prim):
                                'otherwise exit the generator when there are no more edits.', },
                       {'name': 'size', 'type': 'int', 'desc': 'The maximum number of nodeedits to yield.',
                        'default': None, },
+                      {'name': 'reverse', 'type': 'boolean', 'desc': 'Yield the edits in reverse order.',
+                       'default': False, },
                   ),
                   'returns': {'name': 'Yields', 'type': 'list',
                               'desc': 'Yields offset, nodeedit tuples from a given offset.', }}},
+        {'name': 'edited', 'desc': 'Return the last time the layer was edited or null if no edits are present.',
+         'type': {'type': 'function', '_funcname': '_methLayerEdited',
+                  'returns': {'type': 'time', 'desc': 'The last time the layer was edited.', }}},
         {'name': 'addPush', 'desc': 'Configure the layer to push edits to a remote layer/feed.',
          'type': {'type': 'function', '_funcname': '_addPush',
                   'args': (
@@ -6901,6 +6911,7 @@ class Layer(Prim):
             'pack': self._methLayerPack,
             'repr': self._methLayerRepr,
             'edits': self._methLayerEdits,
+            'edited': self._methLayerEdited,
             'verify': self.verify,
             'addPush': self._addPush,
             'delPush': self._delPush,
@@ -7181,15 +7192,22 @@ class Layer(Prim):
         return layr.getTagPropValuCount(form, tag, prop.name, prop.type.stortype, norm)
 
     @stormfunc(readonly=True)
-    async def _methLayerEdits(self, offs=0, wait=True, size=None):
+    async def _methLayerEdits(self, offs=0, wait=True, size=None, reverse=False):
         offs = await toint(offs)
         wait = await tobool(wait)
-        layriden = self.valu.get('iden')
-        gatekeys = ((self.runt.user.iden, ('layer', 'edits', 'read'), layriden),)
-        todo = s_common.todo('syncNodeEdits', offs, wait=wait)
+        reverse = await tobool(reverse)
+
+        layr = self.runt.snap.core.reqLayer(self.valu.get('iden'))
+
+        self.runt.confirm(('layer', 'edits', 'read'), gateiden=layr.iden)
+
+        if reverse:
+            wait = False
+            if offs == 0:
+                offs = 0xffffffffffffffff
 
         count = 0
-        async for item in self.runt.dyniter(layriden, todo, gatekeys=gatekeys):
+        async for item in layr.syncNodeEdits(offs, wait=wait, reverse=reverse):
 
             yield item
 
@@ -7197,6 +7215,12 @@ class Layer(Prim):
             if size is not None and size == count:
                 break
 
+    @stormfunc(readonly=True)
+    async def _methLayerEdited(self):
+        layr = self.runt.snap.core.reqLayer(self.valu.get('iden'))
+        async for offs, edits, meta in layr.syncNodeEdits2(0xffffffffffffffff, wait=False, reverse=True):
+            return meta.get('time')
+
     @stormfunc(readonly=True)
     async def getStorNode(self, nodeid):
         nodeid = await tostr(nodeid)