@abraca/dabra 1.0.20 → 1.0.22

package/dist/index.d.ts

@@ -315,8 +315,31 @@ declare class AbracadabraClient {
   }): Promise<void>;
   /** List all registered public keys for the current user. */
   listKeys(): Promise<PublicKeyInfo[]>;
+  /** Rename a registered device key. */
+  renameKey(keyId: string, deviceName: string): Promise<void>;
   /** Revoke a public key by its ID. */
   revokeKey(keyId: string): Promise<void>;
+  /** Create a single-use device invite code for pairing a new device to this account. */
+  createDeviceInvite(opts?: {
+    expiresIn?: number;
+  }): Promise<{
+    code: string;
+    expiresAt: number;
+  }>;
+  /** Redeem a device invite code to register a new device key. Returns a JWT token. */
+  redeemDeviceInvite(opts: {
+    code: string;
+    publicKey: string;
+    x25519Key?: string;
+    deviceName?: string;
+  }): Promise<{
+    token: string;
+    user: {
+      id: string;
+      username: string;
+      publicKey: string;
+    };
+  }>;
   /** Get encryption info for a document. */
   getDocEncryption(docId: string): Promise<DocEncryptionInfo>;
   /** Set the encryption mode for a document (no downgrade). */
@@ -598,6 +621,12 @@ interface AbracadabraProviderConfiguration extends Omit<AbracadabraBaseProviderC
   keystore?: CryptoIdentityKeystore;
   /** Shared WebSocket connection (use when multiplexing multiple root documents). */
   websocketProvider?: AbracadabraWS;
+  /**
+   * When true, the IndexedDB offline store is NOT scoped by server origin.
+   * This allows a single document to be synced across multiple servers while
+   * sharing one local store.  Used for the identity doc.
+   */
+  serverAgnostic?: boolean;
 }
 /**
  * AbracadabraProvider extends AbracadabraBaseProvider with:
@@ -1008,6 +1037,9 @@ interface PublicKeyInfo {
   publicKey: string;
   deviceName: string | null;
   revoked: boolean;
+  createdAt?: number | null;
+  pairedBy?: string | null;
+  pairedVia?: string | null;
 }
 interface PermissionEntry {
   user_id: string;
@@ -2040,6 +2072,7 @@ declare class AbracadabraWebRTC extends EventEmitter {
   broadcastFile(file: File | Blob, filename: string): Promise<FileTransferHandle[]>;
   /**
    * Send a custom string message to a specific peer via a data channel.
+   * When E2EE is active, the message is encrypted through the router.
    */
   sendCustomMessage(peerId: string, payload: string): void;
   /**
@@ -2211,6 +2244,82 @@ declare class ManualSignaling extends EventEmitter {
   destroy(): void;
 }
 //#endregion
+//#region packages/provider/src/webrtc/DevicePairingChannel.d.ts
+interface DevicePairingConfig {
+  /** Server base URL (http/https). */
+  serverUrl: string;
+  /** JWT token or async token factory for signaling auth. */
+  token: string | (() => string) | (() => Promise<string>);
+  /** E2EE identity (Ed25519 public key + X25519 private key). */
+  e2ee: E2EEIdentity;
+  /** ICE servers. Defaults to Google STUN. */
+  iceServers?: RTCIceServer[];
+  /** WebSocket polyfill (for Node.js). */
+  WebSocketPolyfill?: any;
+}
+interface PairingRequest {
+  /** Device B's Ed25519 public key (base64url). */
+  publicKey: string;
+  /** Device B's X25519 public key (base64url). */
+  x25519Key: string;
+  /** Human-readable device label. */
+  deviceName: string;
+}
+interface PairingResult {
+  success: boolean;
+  error?: string;
+}
+type PairingRole = "approver" | "requester";
+declare class DevicePairingChannel extends EventEmitter {
+  private readonly config;
+  private webrtc;
+  private timeoutHandle;
+  private _destroyed;
+  private _pendingRequest;
+  private _connectedPeerId;
+  readonly role: PairingRole;
+  readonly pairingCode: string;
+  private constructor();
+  /**
+   * Create an approver session (Device A). Returns the channel and a
+   * 6-character pairing code to share with Device B.
+   */
+  static createApprover(config: DevicePairingConfig): {
+    channel: DevicePairingChannel;
+    pairingCode: string;
+  };
+  /**
+   * Create a requester session (Device B). Joins with a pairing code
+   * obtained from Device A.
+   */
+  static createRequester(config: DevicePairingConfig, pairingCode: string): DevicePairingChannel;
+  /**
+   * Approve the pending pairing request. Calls `client.addKey()` to
+   * register Device B's public key, then notifies Device B.
+   */
+  approve(client: AbracadabraClient): Promise<PairingResult>;
+  /**
+   * Approve via server-side device invite. Creates a single-use invite code
+   * and sends it to Device B over the E2EE channel. Device B redeems it
+   * independently via HTTP — Device A can go offline after this.
+   */
+  approveWithInvite(client: AbracadabraClient): Promise<PairingResult>;
+  /**
+   * Reject the pending pairing request.
+   */
+  reject(reason?: string): void;
+  /**
+   * Send a pairing request to Device A. Call this after the "connected"
+   * event fires.
+   */
+  requestPairing(request: PairingRequest): void;
+  get isDestroyed(): boolean;
+  destroy(): void;
+  private start;
+  private sendMessage;
+  private handleMessage;
+}
+//#endregion
 //#region packages/provider/src/sync/BroadcastChannelSync.d.ts
 declare class BroadcastChannelSync extends EventEmitter {
   private readonly document;
@@ -2239,4 +2348,145 @@ declare class BroadcastChannelSync extends EventEmitter {
   private handleAwarenessMessage;
 }
 //#endregion
-export { AbracadabraBaseProvider, AbracadabraBaseProviderConfiguration, AbracadabraClient, AbracadabraClientConfig, AbracadabraOutgoingMessageArguments, AbracadabraProvider, AbracadabraProviderConfiguration, AbracadabraWS, AbracadabraWSConfiguration, AbracadabraWebRTC, type AbracadabraWebRTCConfiguration, AbracadabraWebSocketConn, AuthMessageType, AuthorizedScope, AwarenessError, BackgroundSyncManager, type BackgroundSyncManagerOptions, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, CloseEvent, CompleteAbracadabraBaseProviderConfiguration, CompleteAbracadabraWSConfiguration, CompleteHocuspocusProviderConfiguration, CompleteHocuspocusProviderWebsocketConfiguration, ConnectionTimeout, Constructable, ConstructableOutgoingMessage, CryptoIdentity, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, type DocEncryptionInfo, DocKeyManager, type DocSyncState, DocumentCache, type DocumentCacheOptions, DocumentMeta, E2EAbracadabraProvider, E2EEChannel, type E2EEIdentity, E2EOfflineStore, EffectivePermissionEntry, EffectivePermissionsResponse, EffectiveRole, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, type FileTransferMeta, type FileTransferStatus, Forbidden, HealthStatus, HocusPocusWebSocket, HocuspocusProvider, HocuspocusProviderConfiguration, HocuspocusProviderWebsocket, HocuspocusProviderWebsocketConfiguration, HocuspocusWebSocket, InviteRow, KEY_EXCHANGE_CHANNEL, ManualSignaling, type ManualSignalingBlob, MessageTooBig, MessageType, OfflineStore, OutgoingMessageArguments, OutgoingMessageInterface, PeerConnection, type PeerInfo, type PeerState, PendingSubdoc, PermissionEntry, PublicKeyInfo, ResetConnection, SearchIndex, SearchResult, ServerInfo, type SignalingIncoming, type SignalingOutgoing, SignalingSocket, SpaceMeta, StatesArray, SubdocMessage, SubdocRegisteredEvent, Unauthorized, UploadInfo, UploadMeta, UploadQueueEntry, UploadQueueStatus, UserProfile, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, encryptField, makeEncryptedYMap, makeEncryptedYText, onAuthenticatedParameters, onAuthenticationFailedParameters, onAwarenessChangeParameters, onAwarenessUpdateParameters, onCloseParameters, onDisconnectParameters, onMessageParameters, onOpenParameters, onOutgoingMessageParameters, onStatelessParameters, onStatusParameters, onSubdocLoadedParameters, onSubdocRegisteredParameters, onSyncedParameters, onUnsyncedChangesParameters, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };
+//#region packages/provider/src/IdentityDoc.d.ts
+/**
+ * Derives a deterministic UUID from an Ed25519 account-level public key.
+ *
+ * The result is a valid UUID v5-style string that any device sharing the
+ * same identity can independently compute.  The `abracadabra:identity:`
+ * prefix prevents collisions with randomly generated doc UUIDs.
+ *
+ * @param publicKeyB64 Base64url-encoded Ed25519 public key (32 bytes).
+ */
+declare function deriveIdentityDocId(publicKeyB64: string): string;
+interface IdentityProfile {
+  username?: string;
+  displayName?: string;
+  colorName?: string;
+  neutralColorName?: string;
+  locale?: string;
+  avatarUrl?: string;
+}
+interface IdentityServerEntry {
+  label: string;
+  hubDocId?: string;
+  entryDocId?: string;
+  defaultRole?: string;
+  spacesEnabled?: boolean;
+  addedAt: number;
+}
+interface IdentitySpaceEntry {
+  id: string;
+  name: string;
+  type: "local" | "remote";
+  serverUrl: string | null;
+  docId: string;
+  remoteSpaceId?: string;
+  visibility: "public" | "private" | "invite";
+  isHub: boolean;
+  order: number;
+  lastSyncedAt?: number;
+  createdAt: number;
+}
+interface IdentityDocConfiguration {
+  /** Base64url-encoded Ed25519 account public key. */
+  publicKey: string;
+  /**
+   * Trusted server URL for identity doc sync.
+   * Only this server (plus the local server) will receive the identity doc.
+   */
+  syncServerUrl?: string;
+  /** Local Tauri server URL for on-device persistence. */
+  localServerUrl?: string;
+  /**
+   * JWT token or async factory for authenticating with sync servers.
+   * When using multiple servers, provide a factory that returns the correct
+   * token for each.
+   */
+  token?: string | (() => string) | (() => Promise<string>);
+  /** Per-server token factories keyed by base URL. */
+  tokens?: Record<string, string | (() => string) | (() => Promise<string>)>;
+  /**
+   * WebRTC configuration for P2P identity sync.
+   * When provided, enables E2EE peer-to-peer sync using signaling from
+   * any connected server.
+   */
+  webrtc?: {
+    /** Server URL to use for signaling (any connected server works). */signalingServerUrl: string; /** Token for the signaling server. */
+    token: string | (() => string) | (() => Promise<string>); /** E2EE identity for the data channel. */
+    e2ee?: E2EEIdentity; /** ICE servers. */
+    iceServers?: RTCIceServer[];
+  };
+  /** Disable IndexedDB offline store. */
+  disableOfflineStore?: boolean;
+  /** Auto-connect on construction. Default: true. */
+  autoConnect?: boolean;
+  /** Additional provider config passed through to each AbracadabraProvider. */
+  providerDefaults?: Partial<AbracadabraProviderConfiguration>;
+}
+/**
+ * Manages a Y.Doc dedicated to user identity that syncs across trusted
+ * targets only: a designated sync server, a local Tauri server, and/or
+ * WebRTC P2P.
+ *
+ * The Y.Doc contains cross-device settings (profile, servers, spaces,
+ * plugins, preferences).  Each sync target gets its own
+ * AbracadabraProvider sharing the same Y.Doc, with `serverAgnostic: true`
+ * so they all use one IndexedDB store.
+ */
+declare class IdentityDocProvider extends EventEmitter {
+  readonly docId: string;
+  readonly document: Y.Doc;
+  private providers;
+  private websockets;
+  private webrtc;
+  private config;
+  private _destroyed;
+  constructor(configuration: IdentityDocConfiguration);
+  connect(): void;
+  private _connectToServer;
+  private _connectWebRTC;
+  get profileMap(): Y.Map<string>;
+  get serversMap(): Y.Map<Y.Map<any>>;
+  get spacesArray(): Y.Array<Y.Map<any>>;
+  get pluginsMap(): Y.Map<any>;
+  get preferencesMap(): Y.Map<any>;
+  getProfile(): IdentityProfile;
+  setProfile(profile: Partial<IdentityProfile>): void;
+  getServer(url: string): IdentityServerEntry | undefined;
+  setServer(url: string, entry: IdentityServerEntry): void;
+  removeServer(url: string): void;
+  getServers(): Map<string, IdentityServerEntry>;
+  getSpaces(): IdentitySpaceEntry[];
+  addSpace(space: IdentitySpaceEntry): void;
+  removeSpace(spaceId: string): void;
+  updateSpace(spaceId: string, updates: Partial<IdentitySpaceEntry>): void;
+  getExternalPlugins(): Y.Array<Y.Map<any>>;
+  getDisabledBuiltins(): Y.Array<string>;
+  getPreference<T = any>(key: string): T | undefined;
+  setPreference(key: string, value: any): void;
+  /**
+   * Observe deep changes on a specific top-level map.
+   * Returns an unsubscribe function.
+   */
+  observe(mapName: "profile" | "servers" | "plugins" | "preferences", callback: (events: Y.YEvent<any>[], transaction: Y.Transaction) => void): () => void;
+  /**
+   * Observe changes to the spaces array.
+   * Returns an unsubscribe function.
+   */
+  observeSpaces(callback: (event: Y.YArrayEvent<Y.Map<any>>, transaction: Y.Transaction) => void): () => void;
+  /**
+   * Returns true if the identity doc has no profile data yet (first use).
+   * Call this to decide whether to run migration from localStorage.
+   */
+  isEmpty(): boolean;
+  /**
+   * Update the sync server URL at runtime (e.g. when user changes their
+   * designated sync server in settings).
+   */
+  setSyncServer(url: string | null): void;
+  getProvider(key: string): AbracadabraProvider | undefined;
+  destroy(): void;
+}
+//#endregion
+export { AbracadabraBaseProvider, AbracadabraBaseProviderConfiguration, AbracadabraClient, AbracadabraClientConfig, AbracadabraOutgoingMessageArguments, AbracadabraProvider, AbracadabraProviderConfiguration, AbracadabraWS, AbracadabraWSConfiguration, AbracadabraWebRTC, type AbracadabraWebRTCConfiguration, AbracadabraWebSocketConn, AuthMessageType, AuthorizedScope, AwarenessError, BackgroundSyncManager, type BackgroundSyncManagerOptions, BackgroundSyncPersistence, BroadcastChannelSync, CHANNEL_NAMES, CloseEvent, CompleteAbracadabraBaseProviderConfiguration, CompleteAbracadabraWSConfiguration, CompleteHocuspocusProviderConfiguration, CompleteHocuspocusProviderWebsocketConfiguration, ConnectionTimeout, Constructable, ConstructableOutgoingMessage, CryptoIdentity, CryptoIdentityKeystore, DEFAULT_FILE_CHUNK_SIZE, DEFAULT_ICE_SERVERS, DataChannelRouter, DevicePairingChannel, type DevicePairingConfig, type DocEncryptionInfo, DocKeyManager, type DocSyncState, DocumentCache, type DocumentCacheOptions, DocumentMeta, E2EAbracadabraProvider, E2EEChannel, type E2EEIdentity, E2EOfflineStore, EffectivePermissionEntry, EffectivePermissionsResponse, EffectiveRole, EncryptedYMap, EncryptedYText, FileBlobStore, FileTransferChannel, FileTransferHandle, type FileTransferMeta, type FileTransferStatus, Forbidden, HealthStatus, HocusPocusWebSocket, HocuspocusProvider, HocuspocusProviderConfiguration, HocuspocusProviderWebsocket, HocuspocusProviderWebsocketConfiguration, HocuspocusWebSocket, type IdentityDocConfiguration, IdentityDocProvider, type IdentityProfile, type IdentityServerEntry, type IdentitySpaceEntry, InviteRow, KEY_EXCHANGE_CHANNEL, ManualSignaling, type ManualSignalingBlob, MessageTooBig, MessageType, OfflineStore, OutgoingMessageArguments, OutgoingMessageInterface, type PairingRequest, type PairingResult, PeerConnection, type PeerInfo, type PeerState, PendingSubdoc, PermissionEntry, PublicKeyInfo, ResetConnection, SearchIndex, SearchResult, ServerInfo, type SignalingIncoming, type SignalingOutgoing, SignalingSocket, SpaceMeta, StatesArray, SubdocMessage, SubdocRegisteredEvent, Unauthorized, UploadInfo, UploadMeta, UploadQueueEntry, UploadQueueStatus, UserProfile, WebSocketStatus, WsReadyStates, YjsDataChannel, attachUpdatedAtObserver, awarenessStatesToArray, decryptField, deriveIdentityDocId, encryptField, makeEncryptedYMap, makeEncryptedYText, onAuthenticatedParameters, onAuthenticationFailedParameters, onAwarenessChangeParameters, onAwarenessUpdateParameters, onCloseParameters, onDisconnectParameters, onMessageParameters, onOpenParameters, onOutgoingMessageParameters, onStatelessParameters, onStatusParameters, onSubdocLoadedParameters, onSubdocRegisteredParameters, onSyncedParameters, onUnsyncedChangesParameters, readAuthMessage, writeAuthenticated, writeAuthentication, writePermissionDenied, writeTokenSyncRequest };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@abraca/dabra",
-  "version": "1.0.20",
+  "version": "1.0.22",
   "description": "abracadabra provider",
   "keywords": [
     "abracadabra",

package/src/AbracadabraClient.ts

@@ -195,11 +195,38 @@ export class AbracadabraClient {
 		return res.keys;
 	}
 
+	/** Rename a registered device key. */
+	async renameKey(keyId: string, deviceName: string): Promise<void> {
+		await this.request("PATCH", `/auth/keys/${encodeURIComponent(keyId)}`, { body: { deviceName } });
+	}
+
 	/** Revoke a public key by its ID. */
 	async revokeKey(keyId: string): Promise<void> {
 		await this.request("DELETE", `/auth/keys/${encodeURIComponent(keyId)}`);
 	}
 
+	// ── Device Invites ───────────────────────────────────────────────────────
+
+	/** Create a single-use device invite code for pairing a new device to this account. */
+	async createDeviceInvite(opts?: { expiresIn?: number }): Promise<{ code: string; expiresAt: number }> {
+		return this.request<{ code: string; expiresAt: number }>("POST", "/auth/device-invite", {
+			body: opts?.expiresIn != null ? { expiresIn: opts.expiresIn } : {},
+		});
+	}
+
+	/** Redeem a device invite code to register a new device key. Returns a JWT token. */
+	async redeemDeviceInvite(opts: {
+		code: string;
+		publicKey: string;
+		x25519Key?: string;
+		deviceName?: string;
+	}): Promise<{ token: string; user: { id: string; username: string; publicKey: string } }> {
+		return this.request("POST", "/auth/device-redeem", {
+			body: { code: opts.code, publicKey: opts.publicKey, x25519Key: opts.x25519Key, deviceName: opts.deviceName },
+			auth: false,
+		});
+	}
+
 	// ── Encryption ───────────────────────────────────────────────────────────
 
 	/** Get encryption info for a document. */

package/src/AbracadabraProvider.ts

@@ -66,6 +66,13 @@ export interface AbracadabraProviderConfiguration
 
 	/** Shared WebSocket connection (use when multiplexing multiple root documents). */
 	websocketProvider?: AbracadabraWS;
+
+	/**
+	 * When true, the IndexedDB offline store is NOT scoped by server origin.
+	 * This allows a single document to be synced across multiple servers while
+	 * sharing one local store.  Used for the identity doc.
+	 */
+	serverAgnostic?: boolean;
 }
 
 /** Validate that a string is a UUID acceptable by the server's DocId parser. */
@@ -134,7 +141,9 @@ export class AbracadabraProvider extends AbracadabraBaseProvider {
 		this.abracadabraConfig = configuration;
 		this.subdocLoading = configuration.subdocLoading ?? "lazy";
 
-		const serverOrigin = AbracadabraProvider.deriveServerOrigin(configuration, client);
+		const serverOrigin = configuration.serverAgnostic
+			? undefined
+			: AbracadabraProvider.deriveServerOrigin(configuration, client);
 		this.offlineStore = configuration.disableOfflineStore
 			? null
 			: new OfflineStore(configuration.name, serverOrigin);