{"id":48486529,"url":"https://github.com/vlannaai/noy-db","last_synced_at":"2026-06-08T00:01:49.577Z","repository":{"id":356474724,"uuid":"1225590215","full_name":"vLannaAi/noy-db","owner":"vLannaAi","description":"Zero-knowledge, offline-first, encrypted document store with pluggable backends and multi-user access control","archived":false,"fork":false,"pushed_at":"2026-06-04T15:55:08.000Z","size":5213,"stargazers_count":2,"open_issues_count":15,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T16:16:24.038Z","etag":null,"topics":["aes-256-gcm","database","document-store","e2ee","encryption","monorepo","multi-user","offline-first","pbkdf2","pluggable-backends","privacy","sync","typescript","web-crypto","zero-knowledge"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/@noy-db/hub","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vLannaAi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-30T12:41:58.000Z","updated_at":"2026-06-04T14:47:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"0e45d950-d32a-4b45-9b4c-d89ba6d362c8","html_url":"https://github.com/vLannaAi/noy-db","commit_stats":null,"previous_names":["vlannaai/noy-db"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/vLannaAi/noy-db","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vLannaAi%2Fnoy-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vLannaAi%2Fnoy-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vLannaAi%2Fnoy-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vLannaAi%2Fnoy-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vLannaAi","download_url":"https://codeload.github.com/vLannaAi/noy-db/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vLannaAi%2Fnoy-db/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34042554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-07T02:00:07.652Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aes-256-gcm","database","document-store","e2ee","encryption","monorepo","multi-user","offline-first","pbkdf2","pluggable-backends","privacy","sync","typescript","web-crypto","zero-knowledge"],"created_at":"2026-04-07T10:02:03.401Z","updated_at":"2026-06-08T00:01:49.566Z","avatar_url":"https://github.com/vLannaAi.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003csub\u003e\u003ca href=\"docs/th/README.md\"\u003eπŸ‡ΉπŸ‡­ ΰΈ ΰΈ²ΰΈ©ΰΈ²ΰΉ„ΰΈ—ΰΈ’\u003c/a\u003e\u003c/sub\u003e\n\n\u003cimg alt=\"noy-db logo\" src=\"docs/assets/brand.svg\" width=\"180\"\u003e\n\n# noy-db\n\n## None Of Your DataBase\n\u003csub\u003e\u003cem\u003e(formerly shortened as: \"None Of Your \u003cstrong\u003eDamn Business\u003c/strong\u003e\")\u003c/em\u003e\u003c/sub\u003e\n\n**Your data. Your device. Your keys. Nobody else's server.**\n\nAn encrypted, offline-first, **serverless** document store. The library lives inside your app, stores in whatever backend you choose, and nobody in the middle ever sees plaintext β€” not the cloud provider, not the sysadmin, not the database vendor. Not noy-db either.\n\n[![npm](https://img.shields.io/npm/v/@noy-db/hub.svg?label=%40noy-db%2Fhub)](https://www.npmjs.com/package/@noy-db/hub)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Node.js](https://img.shields.io/badge/Node.js-18%2B-green.svg)](https://nodejs.org)\n[![TypeScript](https://img.shields.io/badge/TypeScript-Strict-blue.svg)](https://www.typescriptlang.org)\n[![Runtime Deps](https://img.shields.io/badge/Runtime_Deps-0-brightgreen.svg)](#zero-dependencies)\n[![Crypto](https://img.shields.io/badge/Crypto-Web_Crypto_API-purple.svg)](#encryption)\n\n\u003c/div\u003e\n\n---\n\n## What makes noy-db different\n\n- **πŸ”’ Hard privacy by construction.** Stores only ever see ciphertext. AES-256-GCM with per-user keys derived from a passphrase via PBKDF2. Breach the cloud, subpoena the provider, lose the USB stick β€” **every one of those surfaces already holds ciphertext**. Zero crypto dependencies β€” only the Web Crypto API.\n- **☁️ Serverless, runs anywhere.** No noy-db server. No Docker. No managed service. The library embeds in your app β€” ~30 KB, 0 runtime deps. Works in Node 18+, Bun, Deno, every modern browser, Cloudflare Workers, Electron, mobile PWAs.\n- **πŸ“΄ Offline-first.** Every operation works without network. Sync when you want to, to whatever you want to. Single code path for online and offline β€” no \"online mode\" to toggle.\n- **πŸ‘₯ Multi-user, no auth server.** 5 roles (owner / admin / operator / viewer / client), per-collection permissions, key rotation on revoke. The keyring travels with the data.\n- **🧩 One core, many bridges.** `@noy-db/hub` is the encrypted document-store core. ~60 optional `to-*` / `in-*` / `on-*` / `as-*` / `by-*` / `at-*` packages let existing apps keep their preferred storage, framework, unlock method, export format, session-share transport, and server-side sealing host β€” without changing anything else.\n- **πŸ” Advanced crypto features.** Hierarchical per-record tiers, deterministic encryption for searchable indexes, WebRTC peer-to-peer sync, AES-256-GCM blob store with deduplication, HKDF-keyed ETags, hash-chained audit ledger.\n- **πŸ§ͺ Thousand-plus tests, CI in under a minute.** Every store / integration / auth / export package is mock-tested β€” CI runs without AWS, Google Drive, SFTP servers, or any real service.\n\n\u003e **`@noy-db/hub` is the trust boundary.** Encryption happens in the core before data reaches any store. The `to-*`, `in-*`, `on-*`, `as-*`, and `by-*` bridges **never see plaintext** β€” zero-knowledge by construction.\n\u003e\n\u003e **Two trust boundaries.** The `at-*` family is the one deliberate exception: a sealing-key host *you* control (Lambda, EC2, a worker) **can decrypt the scoped slice it unseals** β€” that's the point, so you can run server-side work for users who never hold a key. You trust it because it's your infrastructure and the key lives in your managed key store; least privilege via per-user sealed credentials. Offline-first by default; online when you want.\n\u003e\n\u003e **Pre-1.0 stance.** The core privacy model, envelope format, keyrings, permissions, and query DSL are implemented and tested. Public APIs may still change based on adopter feedback before 1.0; data migrations and security-critical changes will be documented. No third-party cryptographic audit yet β€” that is a v1.0 target.\n\n---\n\n## 30-second vanilla example\n\nThe minimum β€” no framework, no cloud, nothing to install beyond two packages:\n\n```ts\nimport { createNoydb } from '@noy-db/hub'\nimport { memory } from '@noy-db/to-memory'\n\nconst db = await createNoydb({\n store: memory(),\n user: 'alice',\n secret: 'correct-horse-battery-staple',\n})\n\nconst vault = await db.openVault('acme')\nconst invoices = vault.collection\u003c{ id: string; amount: number }\u003e('invoices')\n\nawait invoices.put('inv-001', { id: 'inv-001', amount: 1200 })\nconsole.log(await invoices.get('inv-001')) // { id: 'inv-001', amount: 1200 }\n\nawait db.close() // clears keys from memory\n```\n\n**Swap storage with one line** β€” keep the rest identical:\n\n```ts\n// Persist to disk\nimport { jsonFile } from '@noy-db/to-file'\nstore: jsonFile({ dir: './data' })\n\n// PostgreSQL\nimport { postgres } from '@noy-db/to-postgres'\nstore: postgres({ client: myPool })\n\n// S3\nimport { s3 } from '@noy-db/to-aws-s3'\nstore: s3({ bucket: 'my-vaults', client: myS3Client })\n```\n\nβ†’ See 20+ backends in **[Storage stores (`to-*`)](docs/packages/to-stores.md)**.\n\n---\n\n## The 21-subsystem catalog\n\nA minimalist core (~6,500 LOC) plus 21 opt-in capabilities behind `with*()` strategy seams. Apps that don't import a strategy ship none of its code.\n\n```ts\nimport { createNoydb } from '@noy-db/hub'\nimport { withHistory } from '@noy-db/hub/history'\nimport { withAggregate } from '@noy-db/hub/aggregate'\nimport { withBlobs } from '@noy-db/hub/blobs'\n\nconst db = await createNoydb({\n store: ...,\n user: ...,\n historyStrategy: withHistory(), // versioning + ledger + time-machine\n aggregateStrategy: withAggregate(), // sum/groupBy/avg\n blobStrategy: withBlobs(), // file attachments\n // ... 18 more available\n})\n```\n\n| Cluster | Subsystems |\n|---|---|\n| **Read \u0026 Query** | [indexing](docs/subsystems/indexing.md) Β· [joins](docs/subsystems/joins.md) Β· [aggregate](docs/subsystems/aggregate.md) Β· [live](docs/subsystems/live.md) |\n| **Write \u0026 Mutate** | [history](docs/subsystems/history.md) Β· [transactions](docs/subsystems/transactions.md) Β· [crdt](docs/subsystems/crdt.md) |\n| **Derived data** | [derivations](docs/subsystems/derivations.md) Β· [materialized-views](docs/subsystems/derivations.md#materialized-views) Β· [overlay-views](docs/subsystems/derivations.md#overlay-views) |\n| **Data Shape** | [blobs](docs/subsystems/blobs.md) Β· [i18n](docs/subsystems/i18n.md) |\n| **Time \u0026 Audit** | [periods](docs/subsystems/periods.md) Β· [consent](docs/subsystems/consent.md) Β· [guards](docs/subsystems/guards.md) |\n| **Snapshot \u0026 Portability** | [shadow](docs/subsystems/shadow.md) Β· [bundle](docs/subsystems/bundle.md) |\n| **Collaboration \u0026 Auth** | [sync](docs/subsystems/sync.md) Β· [team](docs/subsystems/team.md) Β· [session](docs/subsystems/session.md) |\n| **Operations** | [routing](docs/subsystems/routing.md) |\n\nβ†’ Full catalog: **[SUBSYSTEMS.md](SUBSYSTEMS.md)**\nβ†’ Starter recipes: **[docs/recipes/](docs/recipes/)** β€” personal-notebook Β· accounting-app Β· realtime-crdt-app Β· analytics-app\n\n---\n\n## Try it β€” playground + showcases\n\n- **[`playground/cli/`](playground/cli/)** β€” guided 5-minute CLI walkthrough. `pnpm -C playground/cli demo`. Shows CRUD, multi-user, sync, backup.\n- **[`playground/nuxt/`](playground/nuxt/)** β€” runnable Nuxt 4 reference app (invoices, multi-tenant, biometric unlock, magic-link client portal).\n- **[`showcases/`](showcases/)** β€” 50 progressive end-to-end tests that double as tutorials. Numbered 00-49 across storage, multi-user, subsystems, auth, exports, frameworks, and session-share transports β€” pick a feature and read the runnable code. Plus 4 recipe tests verifying the starter applications.\n\n```bash\n# Clone, install, run\ngit clone https://github.com/vLannaAi/noy-db.git\ncd noy-db \u0026\u0026 pnpm install\npnpm demo # interactive CLI tour\npnpm --filter @noy-db/showcases test # run all showcase tests\n```\n\n---\n\n## The six package families\n\nEach prefix reads as a preposition β€” the mental model stays the same as you scale from one-file vaults to multi-tenant cloud deployments.\n\n| Prefix | Reads as | What it is | Catalog |\n|---|---|---|---|\n| **`to-`** | *\"data goes **to** a backend\"* | **Storage destinations** β€” the only piece that touches ciphertext on the wire. 20 packages: file, browser, SQL, cloud, remote FS, iCloud, Drive, metrics, diagnostics. | [β†’ stores.md](docs/packages/to-stores.md) |\n| **`in-`** | *\"runs **in** a framework\"* | **Framework integrations** β€” thin reactive bindings. React, Next.js, Vue, Nuxt, Pinia, Svelte, Zustand, TanStack Query/Table, Yjs CRDT, LLM tool-calling. | [β†’ integrations.md](docs/packages/in-integrations.md) |\n| **`on-`** | *\"you get **on** via this method\"* | **Unlock / auth** β€” composable primitives. Passkeys (WebAuthn), OIDC split-key, magic links, TOTP, email OTP, recovery codes, Shamir k-of-n, duress + honeypot. | [β†’ auth.md](docs/packages/on-auth.md) |\n| **`as-`** | *\"export **as** XLSX / JSON / …\"* | **Portable artefacts** β€” two-tier authorisation with audit ledger. CSV, Excel, XML, JSON, NDJSON, SQL dump, PDF blobs, ZIP, and the encrypted `.noydb` bundle. | [β†’ exports.md](docs/packages/as-exports.md) |\n| **`by-`** | *\"sync **by** way of …\"* | **Session-share transports** β€” live-state bridges between realms. `@noy-db/by-peer` (WebRTC peers, renamed from `@noy-db/p2p`) and `@noy-db/by-tabs` (BroadcastChannel multi-tab) ship today; `by-server`, `by-room` reserved. | [β†’ transports.md](docs/packages/by-transports.md) |\n| **`at-`** | *\"sealed **at** a trusted host\"* | **Sealing-key providers** β€” the online complement to offline-first. A host you control unseals a scoped slice for server-side work (it *can* decrypt what it unseals β€” the one non-zero-knowledge family). `at-env`, `at-macos-keychain`, `at-aws-kms`, `at-gcp-kms`, `at-azure-keyvault`. | [β†’ at-hosts.md](docs/packages/at-hosts.md) |\n\nPlus the hub (`@noy-db/hub`) and the standalone tools: `@noy-db/cli`, `create-noy-db` (scaffolder).\n\n\u003e **Maturity at a glance.** `@noy-db/hub` is **Core** β€” security-critical, highest test bar. `to-memory`, `to-file`, `to-browser-idb`, `to-aws-dynamo`, `to-aws-s3` are **Recommended** β€” first-class production paths. Most other satellites are **Bridges** β€” thin adapters proven in tests but less production-battled. P2P, niche stores, and unusual auth modes are **Experimental** β€” useful, validate before depending on them.\n\n---\n\n## Querying without SQL\n\nThe store never sees plaintext, so it never runs your query. The query DSL lives inside `@noy-db/hub` and runs **after decryption** β€” the storage backend stays a dumb, untrusted ciphertext store.\n\n```ts\nawait invoices.query()\n .where('status', '==', 'issued')\n .where('clientId', '==', 'c-42')\n .orderBy('issuedAt', 'desc')\n .toArray()\n\n// Intra-vault joins, live queries, aggregations, streaming\ninvoices.query().join\u003c'client', Client\u003e('clientId', { as: 'client' }).toArray()\ninvoices.query().where(...).live().subscribe(() =\u003e render())\ninvoices.query().groupBy('clientId').aggregate({ total: sum('amount') }).run()\nfor await (const r of invoices.scan()) { /* backpressure-friendly */ }\n```\n\nJoins are **intra-vault and core-side** β€” no backend ever inspects plaintext fields. Cross-vault correlation is explicit via `queryAcross`. Huge relational workloads are still better served by a real database; noy-db is for sensitive, small-to-mid datasets where the trust boundary matters more than query throughput.\n\n---\n\n## The 6-method store contract\n\n```ts\nget(vault, collection, id)\nput(vault, collection, id, envelope, expectedVersion?)\ndelete(vault, collection, id)\nlist(vault, collection)\nloadAll(vault)\nsaveAll(vault, data)\n```\n\n\u003e If your existing storage can implement these six methods, it can store noy-db ciphertext. That is the full contract β€” 20+ shipped `to-*` stores (browser, file, SQL, object, remote-FS) are all built against it, and a custom one is `createStore(opts =\u003e ({ name, ...methods }))`.\n\n---\n\n## Install for common scenarios\n\n```bash\n# Development / testing β€” in-memory, no persistence\npnpm add @noy-db/hub @noy-db/to-memory\n\n# Local CLI / Node service β€” files on disk\npnpm add @noy-db/hub @noy-db/to-file\n\n# Browser app with IndexedDB\npnpm add @noy-db/hub @noy-db/to-browser-idb\n\n# Nuxt 4 + Pinia β€” the happy path\npnpm add @noy-db/in-nuxt @noy-db/in-pinia @noy-db/hub @noy-db/to-browser-idb @pinia/nuxt pinia\n\n# React / Next.js\npnpm add @noy-db/in-nextjs @noy-db/in-react @noy-db/hub @noy-db/to-browser-idb\n\n# Offline-first with cloud sync\npnpm add @noy-db/hub @noy-db/to-file @noy-db/to-aws-dynamo\n```\n\nFor starter applications see [`docs/recipes/`](docs/recipes/) β€” four runnable recipes covering personal, accounting, real-time, and analytics shapes.\n\n### Release channels\n\nnoy-db ships through two npm dist-tags. The default install pulls the curated, themed releases; an opt-in `@next` channel carries in-flight features for early-adopter consumers.\n\n```bash\n# Stable β€” themed releases (default)\npnpm add @noy-db/hub\n\n# Early-adopter β€” in-flight features, expect breakage between versions\npnpm add @noy-db/hub@next\n```\n\nPre-1.0 (today): both channels can be ahead of where you'd expect a `0.x` library to be β€” anything in `@next` is \"actively maturing\"; anything in `@latest` has at least passed a themed release gate. Post-1.0: `@latest` becomes a strict-SemVer contract, `@next` keeps its experimental nature.\n\n---\n\n## Runs on whatever you've got\n\n| Platform | Runtime | Default backend |\n|---|---|---|\n| πŸ–₯️ Desktop (macOS / Linux / Windows) | Node 18+, Bun, Deno | [`to-file`](docs/packages/to-stores.md) |\n| πŸ“± Mobile browser | Safari 14+, Chrome 90+ | [`to-browser-idb`](docs/packages/to-stores.md) |\n| 🌐 Desktop browser | Chrome, Firefox, Safari, Edge | [`to-browser-idb`](docs/packages/to-stores.md) |\n| ⚑ PWA / offline web app | Service Worker + browser | [`to-browser-idb`](docs/packages/to-stores.md) |\n| πŸ–§ Server (headless) | Node 18+ | [`to-file`](docs/packages/to-stores.md) / [`to-aws-dynamo`](docs/packages/to-stores.md) / [`to-postgres`](docs/packages/to-stores.md) |\n| πŸ’Ύ USB stick / removable disk | Any OS + any runtime | [`to-file`](docs/packages/to-stores.md) |\n| πŸ”Œ Electron / Tauri | Desktop shell | [`to-file`](docs/packages/to-stores.md) |\n| ☁️ Cloudflare Workers | Edge JS | [`to-cloudflare-d1`](docs/packages/to-stores.md) + [`to-cloudflare-r2`](docs/packages/to-stores.md) |\n| πŸ§ͺ Tests / CI | Any JS runtime | [`to-memory`](docs/packages/to-stores.md) |\n\nMinimum requirements: a JavaScript engine and the Web Crypto API. That's it.\n\n---\n\n## Hard privacy is the point\n\nIn privacy engineering there's a distinction worth naming.\n\n- **Soft privacy** is a promise. A provider pledges to protect your data β€” by policy, by staff training, by a compliance certificate on the wall. You trust the policy, the people, the future owners, the jurisdiction, the subpoena response, the breach-response team on their worst day.\n- **Hard privacy** removes the need for that trust. Nobody else *can* break the promise because nobody else is in a position to. They don't have the keys. They never had the keys.\n\nnoy-db is a hard-privacy tool. The only party that can read a record is the party holding the passphrase. That holds whether your cloud is breached, a sysadmin inspects the table, a court compels the provider, a laptop is stolen, or a backup is left on cafΓ© Wi-Fi β€” **every one of those surfaces already holds ciphertext**.\n\nThere is no \"encrypted in transit, briefly decrypted at rest for processing\" step. There is no support engineer at noy-db with a recovery key β€” we do not run a service and we do not possess any key. The KEK exists in your process memory for the length of a session and is destroyed when you call `db.close()`.\n\nThis matters to an individual keeping private journals, medical notes, immigration paperwork, legal correspondence, or financial records. It matters a great deal more to an **organisation** that holds other people's sensitive data as a fiduciary β€” a law firm, an professional services firm, a clinic, a small newsroom, a union office, a humanitarian NGO β€” and cannot, in good conscience, hand that data to a third-party service whose incident response, jurisdiction, and future acquirer they don't control.\n\n### A note on the ethics of hard privacy\n\nStrong encryption is a dual-use technology. The same guarantees that protect dissidents, journalists, abuse survivors, clinicians' patients, and every ordinary person's private life can also shield conduct that is unlawful or harmful. We do not pretend otherwise.\n\nOur position: **the capacity to keep one's own records, thoughts, and correspondence private from everyone else β€” including one's government, one's employer, and the company selling one the software β€” is foundational. It is bound up with personal autonomy itself, and it is a right, not a feature we chose to grant.**\n\nnoy-db does not inspect your data. It cannot β€” that is the architectural point. What you choose to store in a noy-db vault, and what you do with it, is your business. If you are using noy-db in a context where you have legal or professional obligations β€” GDPR, PDPA, HIPAA, PCI-DSS, retention, lawful-access rules, auditability, tax record-keeping β€” those obligations remain yours to meet under the law of wherever you operate.\n\n---\n\n## Encryption\n\n| Layer | Algorithm | Purpose |\n|---|---|---|\n| Key derivation | PBKDF2-SHA256 (600K iterations) | Passphrase β†’ KEK |\n| Key wrapping | AES-KW (RFC 3394) | KEK wraps/unwraps DEKs |\n| Data encryption | AES-256-GCM | DEK encrypts records |\n| IV generation | CSPRNG | Fresh 12-byte IV per write |\n| Integrity | HMAC-SHA256 | Presence channel + blob eTags |\n\n**Zero crypto dependencies.** Everything uses `crypto.subtle` β€” built into Node 18+ and modern browsers.\n\n---\n\n## Roles \u0026 permissions\n\n| Role | Read | Write | Grant | Revoke | Export |\n|---|:-:|:-:|:-:|:-:|:-:|\n| **owner** | all | all | all roles | all | yes |\n| **admin** | all | all | operator, viewer, client, admin | admin and below | yes |\n| **operator** | granted collections | granted collections | β€” | β€” | ACL-scoped |\n| **viewer** | all | β€” | β€” | β€” | yes |\n| **client** | granted collections | β€” | β€” | β€” | ACL-scoped |\n\nEvery mutation (grant, revoke, rotate, elevate) writes a hash-chained audit ledger entry. Hierarchical per-record classification tiers (`collection.elevate()` / `demote()` / `delegate()` / invisibility / ghost modes) plus scoped tier-elevated handles (`vault.elevate(tier, { ttlMs, reason })` for time-boxed privileged writes) are covered in the [`history`](docs/subsystems/history.md) and [`team`](docs/subsystems/team.md) subsystems.\n\n---\n\n## Not for\n\n- Million-row analytics workloads.\n- Server-side SQL over plaintext β€” the store is deliberately blind.\n- Workloads that need the storage backend itself to run joins, filters, or aggregations over plaintext.\n- Search-heavy workloads unless the searchable-index privacy tradeoff (opt-in deterministic encryption) is acceptable for your threat model.\n- Teams that need **audited** cryptography today β€” noy-db has not yet had a third-party cryptographic audit. That is a v1.0 target.\n\nSerious use of noy-db is for sensitive, small-to-mid datasets where the privacy boundary matters more than query throughput.\n\n---\n\n## Architecture\n\n\u003cpicture\u003e\n \u003cimg alt=\"noy-db architecture overview β€” hub at the center, five satellite package families around it\" src=\"docs/assets/overview.svg\" width=\"100%\"\u003e\n\u003c/picture\u003e\n\nStores **only see ciphertext**. Encryption happens in core before data reaches any backend β€” a DynamoDB admin, an S3 bucket owner, or whoever finds the USB stick all see encrypted blobs.\n\n---\n\n## International project, Global project\n\nnoy-db is an international open-source project. The first production consumer was an enterprise pilot β€” the library's design assumptions (offline-first, multi-user, sensitive domain data, per-tenant isolation, USB-based workflows for intermittent connectivity) come directly from that real-world deployment.\n\n**Multi-language data is a first-class concern, not an afterthought.** The optional [`i18n`](docs/subsystems/i18n.md) subsystem lets a single field hold values in multiple locales (`i18nText({ languages: ['en', 'th', 'zh'] })`), pairs enum-like fields with shared label dictionaries (`dictKey('status', ['draft', 'paid'])` resolving to per-locale labels), and resolves the right locale at read time without touching ciphertext on the wire. Dictionaries are themselves encrypted and versioned, so even your translation strings stay private. Records, dictionaries, and exports are Unicode-clean β€” Thai (ΰΈ ΰΈ²ΰΈ©ΰΈ²ΰΉ„ΰΈ—ΰΈ’), Chinese (δΈ­ζ–‡), Arabic (Ψ§Ω„ΨΉΨ±Ψ¨ΩŠΨ©), Devanagari (ΰ€Ήΰ€Ώΰ€‚ΰ€¦ΰ₯€), Cyrillic, Hebrew, every script the Web Crypto API and your storage backend can carry. Locale-aware exports round-trip human-readable headers back to stable keys (the `xlsx` reader inverts dictionary labels on import; same for `csv`, `json`, `ndjson`, `xml`).\n\n---\n\n\u003ca name=\"zero-dependencies\"\u003e\u003c/a\u003e\n## Zero dependencies\n\nEvery package has zero runtime dependencies. SDKs like `@aws-sdk/client-dynamodb`, `ssh2`, `pg`, `mysql2`, `zustand`, `react`, `vue`, `@tanstack/query-core` are peer dependencies β€” you already have them in your app.\n\nThe hub package itself uses only `crypto.subtle`, which is built into every target runtime (Node β‰₯ 18, Bun, Deno, modern browsers, Cloudflare Workers).\n\n---\n\n## Where to go next\n\n| If you want to… | Read |\n|---|---|\n| see what's always-on (the floor) | [`docs/core/`](docs/core/) |\n| browse the 17 opt-in subsystems | [`docs/subsystems/`](docs/subsystems/) β€” index + the [SUBSYSTEMS.md](SUBSYSTEMS.md) catalog |\n| copy a starter recipe | [`docs/recipes/`](docs/recipes/) β€” personal-notebook Β· accounting-app Β· realtime-crdt-app Β· analytics-app |\n| pick a storage backend | [`docs/packages/to-stores.md`](docs/packages/to-stores.md) |\n| pick a framework integration | [`docs/packages/in-integrations.md`](docs/packages/in-integrations.md) |\n| pick an unlock method | [`docs/packages/on-auth.md`](docs/packages/on-auth.md) |\n| pick an export format | [`docs/packages/as-exports.md`](docs/packages/as-exports.md) |\n| pick a session-share transport | [`docs/packages/by-transports.md`](docs/packages/by-transports.md) |\n| see real workflows | [`showcases/`](showcases/) |\n| check what is stable or next | [`ROADMAP.md`](ROADMAP.md) |\n| audit design decisions | [`SPEC.md`](SPEC.md) |\n\n---\n\n## License\n\n[MIT](LICENSE)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n \u003csub\u003eYour data. Your device. Your keys. \u003cb\u003eNone Of Your DataBase.\u003c/b\u003e\u003c/sub\u003e\n \u003cbr\u003e\n \u003csub\u003e\u003cem\u003e(Originally, and still occasionally: \"None Of Your \u003cstrong\u003eDamn Business\u003c/strong\u003e\".)\u003c/em\u003e\u003c/sub\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvlannaai%2Fnoy-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvlannaai%2Fnoy-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvlannaai%2Fnoy-db/lists"}