@agentunion/fastaun-browser 0.4.4 → 0.4.5

package/dist/bundle.js

@@ -314,12 +314,12 @@ async function secretPut(storeName, key, value) {
     tx.oncomplete = () => db.close();
   });
 }
-var _noopLog6, SECRET_DB_NAME, SECRET_DB_VERSION, STORE_SECRETS, STORE_MASTER, IndexedDBSecretStore;
+var _noopLog7, SECRET_DB_NAME, SECRET_DB_VERSION, STORE_SECRETS, STORE_MASTER, IndexedDBSecretStore;
 var init_indexeddb_store = __esm({
   "src/secret-store/indexeddb-store.ts"() {
     "use strict";
     init_crypto();
-    _noopLog6 = { error: () => {
+    _noopLog7 = { error: () => {
     }, warn: () => {
     }, info: () => {
     }, debug: () => {
@@ -332,7 +332,7 @@ var init_indexeddb_store = __esm({
       constructor(encryptionSeed) {
         __publicField(this, "_encryptionSeed");
         __publicField(this, "_masterKeyPromise", null);
-        __publicField(this, "_log", _noopLog6);
+        __publicField(this, "_log", _noopLog7);
         this._encryptionSeed = encryptionSeed;
       }
       setLogger(log) {
@@ -454,7 +454,7 @@ var init_indexeddb_store = __esm({
 });
 
 // src/version.ts
-var VERSION = "0.4.4";
+var VERSION = "0.4.5";
 
 // src/types.ts
 var ConnectionState = /* @__PURE__ */ ((ConnectionState2) => {
@@ -2031,13 +2031,14 @@ function gatewayHttpUrl(gatewayUrl, path) {
 var _AuthFlow = class _AuthFlow {
   constructor(opts) {
     __publicField(this, "_log", _noopLog4);
-    __publicField(this, "_keystore");
+    __publicField(this, "_tokenStore");
     __publicField(this, "_crypto");
     __publicField(this, "_aid");
     __publicField(this, "_deviceId");
     __publicField(this, "_slotId");
     __publicField(this, "_rootCaPem");
     __publicField(this, "_verifySsl");
+    __publicField(this, "_memIdentity", null);
     // 缓存
     __publicField(this, "_rootCerts", null);
     __publicField(this, "_gatewayChainCache", /* @__PURE__ */ new Map());
@@ -2046,7 +2047,7 @@ var _AuthFlow = class _AuthFlow {
     __publicField(this, "_chainVerifiedCache", /* @__PURE__ */ new Map());
     __publicField(this, "_chainCacheTtl");
     __publicField(this, "_gatewayCaVerified", /* @__PURE__ */ new Map());
-    this._keystore = opts.keystore;
+    this._tokenStore = opts.tokenStore;
     this._crypto = opts.crypto;
     this._aid = opts.aid ?? null;
     this._deviceId = String(opts.deviceId ?? "").trim();
@@ -2059,13 +2060,18 @@ var _AuthFlow = class _AuthFlow {
     this._log = log;
   }
   // ── 公开 API ──────────────────────────────────────
+  /** 注入内存私钥，禁止 AuthFlow 内部再走 tokenStore 解密 */
+  setIdentity(identity) {
+    this._memIdentity = identity;
+    if (identity?.aid) this._aid = String(identity.aid);
+  }
   /** 加载本地身份信息 */
   async loadIdentity(aid) {
     const tStart = Date.now();
     this._log.debug(`loadIdentity enter: aid=${aid ?? "<current>"}`);
     try {
       const identity = await this._loadIdentityOrRaise(aid);
-      const cert = await this._keystore.loadCert(identity.aid);
+      const cert = await this._tokenStore.loadCert(identity.aid);
       if (cert) identity.cert = cert;
       const instanceState = await this._loadInstanceState(identity.aid);
       if (instanceState) {
@@ -2104,93 +2110,10 @@ var _AuthFlow = class _AuthFlow {
     this._deviceId = String(opts.deviceId ?? "").trim();
     this._slotId = String(opts.slotId ?? "").trim();
   }
-  /**
-   * 严格注册新 AID（对齐 TS registerAid / Go RegisterAID）。
-   *
-   * 注册与认证彻底分离：此方法绝不被 SDK 内部自动调用，
-   * 必须由应用层显式调用。
-   */
-  async registerAid(gatewayUrl, aid) {
-    const tStart = Date.now();
-    this._log.debug(`registerAid enter: aid=${aid} gateway=${gatewayUrl}`);
-    _AuthFlow._validateAidName(aid);
-    try {
-      const existing = await this._keystore.loadIdentity(aid);
-      if (existing && existing.private_key_pem && existing.public_key_der_b64) {
-        this._log.debug(`registerAid: local keypair exists, checking server: aid=${aid}`);
-        const localPubB642 = String(existing.public_key_der_b64);
-        const serverCertPem2 = await this._downloadRegisteredCert(gatewayUrl, aid);
-        if (serverCertPem2) {
-          const serverCert = parseCertDer(serverCertPem2);
-          const serverPubB64 = uint8ToBase64(serverCert.spkiBytes);
-          if (serverPubB64 !== localPubB642) {
-            throw new IdentityConflictError(
-              `AID '${aid}' is registered by another party on server (public key mismatch). Choose a different name.`
-            );
-          }
-          this._log.info(`registerAid: idempotent return for already-registered AID: aid=${aid}`);
-          if (!existing.cert) {
-            existing.cert = serverCertPem2;
-            await this._persistIdentity(existing);
-          }
-          this._aid = aid;
-          return { aid, cert: serverCertPem2 };
-        } else {
-          this._log.debug(`registerAid: server has no record, registering with existing keypair: aid=${aid}`);
-          const created2 = await this._createAid(gatewayUrl, existing);
-          const certPem2 = String(created2.cert ?? "");
-          if (!certPem2) {
-            throw new AuthError(`registerAid: server response missing cert for ${aid}`);
-          }
-          existing.cert = certPem2;
-          const returnedCert2 = parseCertDer(certPem2);
-          const certPubB642 = uint8ToBase64(returnedCert2.spkiBytes);
-          if (certPubB642 !== localPubB642) {
-            throw new AuthError(
-              `registerAid: server returned certificate with mismatched public key for ${aid}`
-            );
-          }
-          await this._persistIdentity(existing);
-          this._aid = aid;
-          this._log.debug(`registerAid exit (recovered): elapsed=${Date.now() - tStart}ms aid=${aid}`);
-          return { aid, cert: certPem2 };
-        }
-      }
-      const serverCertPem = await this._downloadRegisteredCert(gatewayUrl, aid);
-      if (serverCertPem) {
-        throw new IdentityConflictError(
-          `AID '${aid}' is already registered on server. Choose a different name, or if you own the keypair use a recovery flow.`
-        );
-      }
-      const identity = await this._crypto.generateIdentity();
-      identity.aid = aid;
-      const created = await this._createAid(gatewayUrl, identity);
-      const certPem = String(created.cert ?? "");
-      if (!certPem) {
-        throw new AuthError(`registerAid: server response missing cert for ${aid}`);
-      }
-      identity.cert = certPem;
-      const returnedCert = parseCertDer(certPem);
-      const certPubB64 = uint8ToBase64(returnedCert.spkiBytes);
-      const localPubB64 = String(identity.public_key_der_b64);
-      if (certPubB64 !== localPubB64) {
-        throw new AuthError(
-          `registerAid: server returned certificate with mismatched public key for ${aid}`
-        );
-      }
-      await this._persistIdentity(identity);
-      this._aid = aid;
-      this._log.debug(`registerAid exit: elapsed=${Date.now() - tStart}ms aid=${aid}`);
-      return { aid: identity.aid, cert: identity.cert };
-    } catch (err) {
-      this._log.debug(`registerAid exit (error): elapsed=${Date.now() - tStart}ms aid=${aid} err=${err instanceof Error ? err.message : String(err)}`);
-      throw err;
-    }
-  }
   /**
    * 认证已有 AID — login1/login2 双阶段流程。
    *
-   * 优先复用 keystore 里的 cached access_token（未过期且有 refresh_token），
+   * 优先复用 tokenStore 里的 cached access_token（未过期且有 refresh_token），
    * 避免每次 authenticate 都走两阶段重登的网络往返。与 Python SDK 行为对齐。
    */
   async authenticate(gatewayUrl, aid) {
@@ -2584,15 +2507,6 @@ var _AuthFlow = class _AuthFlow {
       clearTimeout(timeoutId);
     }
   }
-  // ── 内部方法：AID 创建 ───────────────────────────
-  async _createAid(gatewayUrl, identity) {
-    const response = await this._shortRpc(gatewayUrl, "auth.create_aid", {
-      aid: identity.aid,
-      public_key: identity.public_key_der_b64,
-      curve: identity.curve ?? "P-256"
-    });
-    return { cert: response.cert };
-  }
   /**
    * 从服务端下载指定 AID 的证书（公开 API）。
    *
@@ -3104,52 +3018,53 @@ var _AuthFlow = class _AuthFlow {
   /** 加载身份，不存在或半成品时抛出异常 */
   async _loadIdentityOrRaise(aid) {
     const requestedAid = aid ?? this._aid;
-    if (requestedAid) {
-      const existing = await this._keystore.loadIdentity(requestedAid);
-      if (!existing) {
-        throw new StateError(`identity not found for aid: ${requestedAid}`);
+    if (this._memIdentity) {
+      const mem = this._memIdentity;
+      if (requestedAid && String(mem.aid ?? "") !== requestedAid) {
+        throw new StateError(`identity mismatch: requested ${requestedAid}, loaded ${mem.aid}`);
       }
-      if (!existing.private_key_pem || !existing.public_key_der_b64) {
-        throw new StateError(
-          `local identity for aid ${requestedAid} is incomplete (missing keypair); call auth.registerAid() first`
-        );
+      if (!mem.private_key_pem || !mem.public_key_der_b64) {
+        throw new StateError(`injected identity for aid ${mem.aid} is incomplete (missing keypair)`);
       }
-      this._aid = requestedAid;
-      if (!existing.aid) existing.aid = requestedAid;
-      return existing;
+      if (requestedAid) this._aid = requestedAid;
+      return { ...mem };
+    }
+    if (requestedAid) {
+      throw new StateError(
+        `no injected identity for aid ${requestedAid}; call AUNClient.loadIdentity(aid) first`
+      );
     }
-    throw new StateError("no local identity found, call auth.registerAid() first");
+    throw new StateError("no local identity found, call AUNClient.loadIdentity(aid) first");
   }
   // （_ensureIdentity 已移除：注册和登录彻底分离）
   async _loadInstanceState(aid) {
-    if (typeof this._keystore.loadInstanceState !== "function") {
+    if (typeof this._tokenStore.loadInstanceState !== "function") {
       return null;
     }
-    return await this._keystore.loadInstanceState(aid, this._deviceId, this._slotId);
+    return await this._tokenStore.loadInstanceState(aid, this._deviceId, this._slotId);
   }
   async _persistIdentity(identity) {
     const aid = String(identity.aid ?? "");
     if (!aid) {
       throw new StateError("identity missing aid");
     }
-    const persisted = { ...identity };
     const instanceState = {};
     const instanceStateRecord = instanceState;
-    const persistedRecord = persisted;
+    const persistedRecord = { ...identity };
     for (const key of _AuthFlow._INSTANCE_STATE_FIELDS) {
-      if (key in persisted) {
+      if (key in persistedRecord) {
         instanceStateRecord[key] = persistedRecord[key];
         delete persistedRecord[key];
       }
     }
-    for (const key of ["private_key_pem", "public_key_der_b64", "curve"]) {
-      delete persistedRecord[key];
+    const certPem = String(persistedRecord.cert ?? "");
+    if (certPem) {
+      await this._tokenStore.saveCert(aid, certPem);
     }
-    await this._keystore.saveIdentity(aid, persisted);
-    if (Object.keys(instanceState).length === 0 || typeof this._keystore.updateInstanceState !== "function") {
+    if (Object.keys(instanceState).length === 0 || typeof this._tokenStore.updateInstanceState !== "function") {
       return;
     }
-    await this._keystore.updateInstanceState(aid, this._deviceId, this._slotId, (current) => {
+    await this._tokenStore.updateInstanceState(aid, this._deviceId, this._slotId, (current) => {
       Object.assign(current, instanceState);
       return current;
     });
@@ -3571,7 +3486,7 @@ function hasEncryptionSeed(seed) {
   return seed !== void 0;
 }
 var DB_NAME = "aun-keystore";
-var DB_VERSION = 6;
+var DB_VERSION = 7;
 var STORE_KEY_PAIRS = "key_pairs";
 var STORE_CERTS = "certs";
 var STORE_METADATA = "metadata";
@@ -3582,10 +3497,18 @@ var STORE_GROUP_OLD_EPOCHS = "group_old_epochs";
 var STORE_SESSIONS = "e2ee_sessions";
 var STORE_GROUP_STATE = "group_state";
 var STORE_AGENT_MD_CACHE = "agent_md_cache";
+var STORE_PENDING_IDENTITIES = "pending_identities";
 var STRUCTURED_RECOVERY_RETENTION_MS = 7 * 24 * 3600 * 1e3;
 function metadataStoreKey(aid) {
   return safeAid(aid);
 }
+function randomHex(byteLength) {
+  const bytes = crypto.getRandomValues(new Uint8Array(byteLength));
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function pendingIdentityPrefix(aid) {
+  return `${safeAid(aid)}-`;
+}
 function normalizeCertFingerprint(certFingerprint) {
   const normalized = String(certFingerprint ?? "").trim().toLowerCase();
   if (!normalized) return "";
@@ -3751,6 +3674,9 @@ function openDB() {
       if (!db.objectStoreNames.contains(STORE_AGENT_MD_CACHE)) {
         db.createObjectStore(STORE_AGENT_MD_CACHE);
       }
+      if (!db.objectStoreNames.contains(STORE_PENDING_IDENTITIES)) {
+        db.createObjectStore(STORE_PENDING_IDENTITIES);
+      }
     };
     request.onsuccess = () => {
       const db = request.result;
@@ -3885,9 +3811,9 @@ async function idbDelete(storeName, key) {
 var _IndexedDBKeyStore = class _IndexedDBKeyStore {
   constructor(opts) {
     __publicField(this, "_log", _noopLog5);
-    /** 私钥加密种子；为空时降级为明文存储（向后兼容） */
+    /** 私钥加密种子；空字符串也是有效 seed，默认不再写入明文私钥。 */
     __publicField(this, "_encryptionSeed");
-    this._encryptionSeed = opts?.encryptionSeed;
+    this._encryptionSeed = opts?.encryptionSeed ?? "";
   }
   setLogger(log) {
     this._log = log;
@@ -3901,7 +3827,13 @@ var _IndexedDBKeyStore = class _IndexedDBKeyStore {
     for (const row of rows) {
       if (!isRecord(row.value)) continue;
       const envelope = row.value._encrypted_pk;
-      if (!isRecord(envelope)) continue;
+      if (!isRecord(envelope)) {
+        const plain = row.value.private_key_pem;
+        if (typeof plain === "string" && plain) {
+          migrations.push({ key: row.key, value: deepClone(row.value), privateKeyPem: plain });
+        }
+        continue;
+      }
       try {
         const privateKeyPem = await _decryptPEM(envelope, oldSeed);
         migrations.push({ key: row.key, value: deepClone(row.value), privateKeyPem });
@@ -4000,16 +3932,14 @@ var _IndexedDBKeyStore = class _IndexedDBKeyStore {
         result.private_key_pem = await _decryptPEM(envelope, this._encryptionSeed);
         delete result._encrypted_pk;
       } catch {
-        this._log.error(`[keystore] decrypt ${aid} private keyfailed, maybe encryptionSeed mismatch`);
+        this._log.error(`[keystore] decrypt ${aid} private key failed, maybe encryptionSeed mismatch`);
+        throw new Error(`private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
       }
     } else if (
       // 透明迁移：旧版明文数据自动加密回写
       !epk && typeof result.private_key_pem === "string" && hasEncryptionSeed(this._encryptionSeed)
     ) {
-      try {
-        await this.saveKeyPair(aid, result);
-      } catch {
-      }
+      await this.saveKeyPair(aid, result);
     }
     return result;
   }
@@ -4021,6 +3951,123 @@ var _IndexedDBKeyStore = class _IndexedDBKeyStore {
     }
     await idbPut(STORE_KEY_PAIRS, metadataStoreKey(aid), record);
   }
+  // ── RegisterAID pending 身份 ─────────────────────────
+  async pendingIdentityDir(aid) {
+    const handle = `${pendingIdentityPrefix(aid)}${randomHex(4)}-${Math.floor(Date.now() / 1e3)}`;
+    const now = Date.now();
+    await idbPut(STORE_PENDING_IDENTITIES, handle, {
+      aid,
+      created_at: now,
+      updated_at: now
+    });
+    return handle;
+  }
+  async listPendingIdentityDirs(aid) {
+    const prefix = pendingIdentityPrefix(aid);
+    const rows = await idbGetAllByPrefix(STORE_PENDING_IDENTITIES, prefix);
+    return rows.filter((row) => row.key.startsWith(prefix) && isRecord(row.value) && String(row.value.aid ?? "") === aid).sort((a, b) => Number(b.value.updated_at ?? 0) - Number(a.value.updated_at ?? 0)).map((row) => row.key);
+  }
+  async savePendingKeyPair(handle, aid, keyPair) {
+    const current = await this._loadPendingRecord(handle, aid);
+    if (!current) throw new Error(`pending identity not found: ${handle}`);
+    const record = deepClone(keyPair);
+    const privateKeyPem = record.private_key_pem;
+    if (typeof privateKeyPem !== "string" || !privateKeyPem) {
+      throw new Error("savePendingKeyPair requires private_key_pem");
+    }
+    record._encrypted_pk = await _encryptPEM(privateKeyPem, this._encryptionSeed ?? "");
+    delete record.private_key_pem;
+    await idbPut(STORE_PENDING_IDENTITIES, handle, {
+      ...current,
+      aid,
+      key_pair: record,
+      updated_at: Date.now()
+    });
+  }
+  async loadPendingKeyPair(handle, aid) {
+    const current = await this._loadPendingRecord(handle, aid, false);
+    if (!current || !isRecord(current.key_pair)) return null;
+    const result = deepClone(current.key_pair);
+    const encrypted = result._encrypted_pk;
+    if (isRecord(encrypted)) {
+      try {
+        const envelope = encrypted;
+        result.private_key_pem = await _decryptPEM(envelope, this._encryptionSeed ?? "");
+        delete result._encrypted_pk;
+        return result;
+      } catch {
+        this._log.error(`[keystore] decrypt pending ${aid} private key failed, maybe encryptionSeed mismatch`);
+        throw new Error(`pending identity private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
+      }
+    }
+    if (typeof result.private_key_pem === "string" && result.private_key_pem) {
+      await this.savePendingKeyPair(handle, aid, result);
+      return result;
+    }
+    return result;
+  }
+  async savePendingCert(handle, certPem) {
+    const current = await this._loadPendingRecord(handle, void 0);
+    if (!current) throw new Error(`pending identity not found: ${handle}`);
+    await idbPut(STORE_PENDING_IDENTITIES, handle, {
+      ...current,
+      cert: certPem,
+      updated_at: Date.now()
+    });
+  }
+  async promotePendingIdentity(handle, aid) {
+    const current = await this._loadPendingRecord(handle, aid);
+    if (!current) throw new Error(`pending identity not found: ${handle}`);
+    if (!isRecord(current.key_pair)) {
+      throw new Error(`promotePendingIdentity: missing pending key pair: ${handle}`);
+    }
+    const targetKey = metadataStoreKey(aid);
+    const [existingKeyPair, existingCert, existingMetadata] = await Promise.all([
+      idbGet(STORE_KEY_PAIRS, targetKey),
+      idbGet(STORE_CERTS, certStoreKey(aid)),
+      idbGet(STORE_METADATA, targetKey)
+    ]);
+    if (existingKeyPair || existingCert || existingMetadata) {
+      throw new Error(`promotePendingIdentity: target exists: ${targetKey}`);
+    }
+    const keyPair = await this._protectedPendingKeyPair(current, aid);
+    await idbPut(STORE_KEY_PAIRS, targetKey, keyPair);
+    if (typeof current.cert === "string" && current.cert) {
+      await idbPut(STORE_CERTS, certStoreKey(aid), current.cert);
+    }
+    await idbDelete(STORE_PENDING_IDENTITIES, handle);
+    return targetKey;
+  }
+  async _protectedPendingKeyPair(current, aid) {
+    if (!isRecord(current.key_pair)) {
+      throw new Error(`pending identity missing key pair for ${aid}`);
+    }
+    const keyPair = deepClone(current.key_pair);
+    const privateKeyPem = keyPair.private_key_pem;
+    if (typeof privateKeyPem === "string" && privateKeyPem) {
+      throw new Error(`pending identity private key is plaintext for ${aid}`);
+    }
+    if (!isRecord(keyPair._encrypted_pk)) {
+      throw new Error(`pending identity private key is not encrypted for ${aid}`);
+    }
+    return keyPair;
+  }
+  async cleanupPendingDirs(maxAgeMs = 6e5) {
+    const rows = await idbGetAll(STORE_PENDING_IDENTITIES);
+    const now = Date.now();
+    let removed = 0;
+    for (const row of rows) {
+      if (!isRecord(row.value)) continue;
+      const updatedAt = Number(row.value.updated_at ?? row.value.created_at ?? 0);
+      if (updatedAt && now - updatedAt < maxAgeMs) continue;
+      await idbDelete(STORE_PENDING_IDENTITIES, row.key);
+      removed++;
+    }
+    return removed;
+  }
+  async discardPendingIdentity(handle) {
+    await idbDelete(STORE_PENDING_IDENTITIES, handle);
+  }
   // ── 证书 ──────────────────────────────────────────
   async loadCert(aid, certFingerprint) {
     const tStart = Date.now();
@@ -4387,6 +4434,18 @@ var _IndexedDBKeyStore = class _IndexedDBKeyStore {
     });
   }
   // ── 内部辅助 ─────────────────────────────────────────
+  async _loadPendingRecord(handle, aid, required = true) {
+    const data = await idbGet(STORE_PENDING_IDENTITIES, handle);
+    if (!isRecord(data)) {
+      if (required) throw new Error(`pending identity not found: ${handle}`);
+      return null;
+    }
+    const record = deepClone(data);
+    if (aid !== void 0 && String(record.aid ?? "") !== aid) {
+      throw new Error(`pending identity aid mismatch: ${handle}`);
+    }
+    return record;
+  }
   async _loadKeyPairUnlocked(aid) {
     const data = await idbGet(STORE_KEY_PAIRS, metadataStoreKey(aid));
     if (!isRecord(data)) return null;
@@ -4397,16 +4456,14 @@ var _IndexedDBKeyStore = class _IndexedDBKeyStore {
         result.private_key_pem = await _decryptPEM(envelope, this._encryptionSeed);
         delete result._encrypted_pk;
       } catch {
-        this._log.error(`[keystore] decrypt ${aid} private keyfailed, maybe encryptionSeed mismatch`);
+        this._log.error(`[keystore] decrypt ${aid} private key failed, maybe encryptionSeed mismatch`);
+        throw new Error(`private key decrypt failed for aid ${aid}: seed_password mismatch or IndexedDB record corrupted`);
       }
     } else if (
       // 透明迁移：旧版明文数据自动加密回写
       !isRecord(result._encrypted_pk) && typeof result.private_key_pem === "string" && hasEncryptionSeed(this._encryptionSeed)
     ) {
-      try {
-        await this._saveKeyPairUnlocked(aid, result);
-      } catch {
-      }
+      await this._saveKeyPairUnlocked(aid, result);
     }
     return result;
   }
@@ -5465,6 +5522,35 @@ var V2KeyStore = class _V2KeyStore {
       req.onerror = () => reject(req.error);
     });
   }
+  async saveGroupIdentity(deviceId, groupAid, privateKeyPem, pubDer) {
+    const record = {
+      device_id: deviceId,
+      key_type: "group_identity",
+      group_id: groupAid,
+      key_id: "",
+      private_key: new TextEncoder().encode(privateKeyPem),
+      public_key: pubDer,
+      created_at: Date.now()
+    };
+    return new Promise((resolve, reject) => {
+      const req = this.store("readwrite").put(record);
+      req.onsuccess = () => resolve();
+      req.onerror = () => reject(req.error);
+    });
+  }
+  async loadGroupIdentity(deviceId, groupAid) {
+    return new Promise((resolve, reject) => {
+      const req = this.store("readonly").get([deviceId, "group_identity", groupAid, ""]);
+      req.onsuccess = () => {
+        const r = req.result;
+        resolve(r ? {
+          privateKeyPem: new TextDecoder().decode(r.private_key),
+          pubDer: new Uint8Array(r.public_key)
+        } : null);
+      };
+      req.onerror = () => reject(req.error);
+    });
+  }
   async markGroupSPKUploaded(deviceId, groupId, spkId) {
     const record = {
       device_id: deviceId,
@@ -10368,7 +10454,7 @@ var _AUNClient = class _AUNClient {
     __publicField(this, "_sessionOptions", { ...DEFAULT_SESSION_OPTIONS });
     __publicField(this, "_dispatcher");
     __publicField(this, "_discovery");
-    __publicField(this, "_keystore");
+    __publicField(this, "_tokenStore");
     __publicField(this, "_auth");
     __publicField(this, "_transport");
     // E2EE 编排状态（内存缓存）
@@ -10450,7 +10536,7 @@ var _AUNClient = class _AUNClient {
     __publicField(this, "_clientLog");
     __publicField(this, "_logAuth");
     __publicField(this, "_logTransport");
-    __publicField(this, "_logKeystore");
+    __publicField(this, "_tokenStoreLog");
     __publicField(this, "_logDiscovery");
     __publicField(this, "_logEvents");
     /**
@@ -10479,18 +10565,18 @@ var _AUNClient = class _AUNClient {
     this._clientLog = this._logger.for("aun_core.client");
     this._logAuth = this._logger.for("aun_core.auth");
     this._logTransport = this._logger.for("aun_core.transport");
-    this._logKeystore = this._logger.for("aun_core.keystore");
+    this._tokenStoreLog = this._logger.for("aun_core.keystore");
     this._logDiscovery = this._logger.for("aun_core.discovery");
     this._logEvents = this._logger.for("aun_core.events");
     this._clientLog.info(`AUNClient initialized: debug=${_debug} aunPath=${this.configModel.aunPath} aid=${initAid ?? "-"}`);
     this._dispatcher = new EventDispatcher();
     this._discovery = new GatewayDiscovery();
-    this._keystore = new IndexedDBKeyStore({});
+    this._tokenStore = new IndexedDBKeyStore({});
     this._slotId = inputAid?.slotId || "default";
     this._connectDeliveryMode = normalizeDeliveryModeConfig({ mode: "fanout" });
     this._defaultConnectDeliveryMode = { ...this._connectDeliveryMode };
     this._auth = new AuthFlow({
-      keystore: this._keystore,
+      tokenStore: this._tokenStore,
       crypto: new CryptoProvider(),
       aid: initAid,
       deviceId: this._deviceId,
@@ -10518,6 +10604,7 @@ var _AUNClient = class _AUNClient {
           public_key_der_b64: inputAid.publicKey,
           cert: inputAid.certPem
         };
+        this._auth.setIdentity(this._identity);
         this._state = "disconnected";
       }
     }
@@ -10527,8 +10614,8 @@ var _AUNClient = class _AUNClient {
     if (typeof this._discovery.setLogger === "function") {
       this._discovery.setLogger(this._logger.for("aun_core.discovery"));
     }
-    if (typeof this._keystore.setLogger === "function") {
-      this._keystore.setLogger(this._logKeystore);
+    if (typeof this._tokenStore.setLogger === "function") {
+      this._tokenStore.setLogger(this._tokenStoreLog);
     }
     this._dispatcher.subscribe("_raw.message.received", (data) => {
       this._onRawMessageReceived(data);
@@ -10719,7 +10806,7 @@ var _AUNClient = class _AUNClient {
     if (!target) throw new ValidationError("verifyAgentMd requires non-empty aid");
     let peer = target === this._currentAid?.aid ? this._currentAid : null;
     if (!peer) {
-      let certPem = String(await this._keystore.loadCert(target) ?? "").trim();
+      let certPem = String(await this._tokenStore.loadCert(target) ?? "").trim();
       if (!certPem) {
         certPem = String(await this._fetchPeerCert(target) ?? "").trim();
       }
@@ -10866,11 +10953,11 @@ var _AUNClient = class _AUNClient {
   async _readAgentMdStorage(logicalKey) {
     const key = String(logicalKey ?? "").trim();
     if (!key) return null;
-    const load = this._keystore.loadAgentMdCache;
+    const load = this._tokenStore.loadAgentMdCache;
     if (typeof load !== "function") {
       throw new Error("IndexedDB agent.md storage unavailable");
     }
-    const record = await load.call(this._keystore, this._agentMdRoot(), key);
+    const record = await load.call(this._tokenStore, this._agentMdRoot(), key);
     if (record && Object.prototype.hasOwnProperty.call(record, "content")) {
       return String(record.content ?? "");
     }
@@ -10879,12 +10966,12 @@ var _AUNClient = class _AUNClient {
   async _writeAgentMdStorage(logicalKey, content) {
     const key = String(logicalKey ?? "").trim();
     if (!key) return;
-    const save = this._keystore.upsertAgentMdCache;
+    const save = this._tokenStore.upsertAgentMdCache;
     if (typeof save !== "function") {
       throw new Error("IndexedDB agent.md storage unavailable");
     }
     const text = String(content ?? "");
-    await save.call(this._keystore, this._agentMdRoot(), key, {
+    await save.call(this._tokenStore, this._agentMdRoot(), key, {
       content: text,
       local_etag: await this._agentMdContentEtag(text),
       fetched_at: Date.now()
@@ -11263,13 +11350,13 @@ var _AUNClient = class _AUNClient {
     this._clientLog = this._logger.for("aun_core.client");
     this._logAuth = this._logger.for("aun_core.auth");
     this._logTransport = this._logger.for("aun_core.transport");
-    this._logKeystore = this._logger.for("aun_core.keystore");
+    this._tokenStoreLog = this._logger.for("aun_core.keystore");
     this._logDiscovery = this._logger.for("aun_core.discovery");
     this._logEvents = this._logger.for("aun_core.events");
     this._discovery = new GatewayDiscovery();
-    this._keystore = new IndexedDBKeyStore({});
+    this._tokenStore = new IndexedDBKeyStore({});
     this._auth = new AuthFlow({
-      keystore: this._keystore,
+      tokenStore: this._tokenStore,
       crypto: new CryptoProvider(),
       aid: aid.aid,
       deviceId: this._deviceId,
@@ -11293,8 +11380,8 @@ var _AUNClient = class _AUNClient {
     if (typeof this._discovery.setLogger === "function") {
       this._discovery.setLogger(this._logDiscovery);
     }
-    if (typeof this._keystore.setLogger === "function") {
-      this._keystore.setLogger(this._logKeystore);
+    if (typeof this._tokenStore.setLogger === "function") {
+      this._tokenStore.setLogger(this._tokenStoreLog);
     }
   }
   loadIdentity(aid) {
@@ -11312,6 +11399,7 @@ var _AUNClient = class _AUNClient {
       public_key_der_b64: aid.publicKey,
       cert: aid.certPem
     };
+    this._auth.setIdentity(this._identity);
     this._state = "disconnected";
     this._closing = false;
   }
@@ -12571,8 +12659,8 @@ var _AUNClient = class _AUNClient {
     const keyEpoch = Number(d.key_epoch ?? 0);
     const membershipSnapshot = String(d.membership_snapshot ?? "").trim();
     const policySnapshot = String(d.policy_snapshot ?? "").trim();
-    const loadFn = this._keystore.loadGroupState;
-    const localState = loadFn ? await loadFn.call(this._keystore, groupId) : null;
+    const loadFn = this._tokenStore.loadGroupState;
+    const localState = loadFn ? await loadFn.call(this._tokenStore, groupId) : null;
     if (localState && localState.state_hash && localState.state_hash !== prevStateHash) {
       this._clientLog.warn(
         "[aun_core] state_hash \u94FE\u4E0D\u8FDE\u7EED group=%s local_sv=%d event_sv=%d",
@@ -12611,9 +12699,9 @@ var _AUNClient = class _AUNClient {
               return;
             }
           }
-          const saveFn2 = this._keystore.saveGroupState;
+          const saveFn2 = this._tokenStore.saveGroupState;
           if (saveFn2) {
-            await saveFn2.call(this._keystore, groupId, {
+            await saveFn2.call(this._tokenStore, groupId, {
               group_id: groupId,
               state_version: sv,
               state_hash: sHash,
@@ -12649,9 +12737,9 @@ var _AUNClient = class _AUNClient {
       );
       return;
     }
-    const saveFn = this._keystore.saveGroupState;
+    const saveFn = this._tokenStore.saveGroupState;
     if (saveFn) {
-      await saveFn.call(this._keystore, groupId, {
+      await saveFn.call(this._tokenStore, groupId, {
         group_id: groupId,
         state_version: stateVersion,
         state_hash: stateHash,
@@ -13022,7 +13110,7 @@ var _AUNClient = class _AUNClient {
         refreshAfter: now + PEER_CERT_CACHE_TTL
       });
       try {
-        await this._keystore.saveCert(aid, certPem, certFingerprint, { makeActive: false });
+        await this._tokenStore.saveCert(aid, certPem, certFingerprint, { makeActive: false });
       } catch (exc) {
         this._clientLog.error(`write cert to keystore failed (aid=${aid}): ${String(exc)}`, exc instanceof Error ? exc : void 0);
       }
@@ -13039,7 +13127,7 @@ var _AUNClient = class _AUNClient {
     const cached = this._certCache.get(cacheKey);
     const now = Date.now() / 1e3;
     if (cached && now < cached.refreshAfter) return true;
-    const localCert = await this._keystore.loadCert(aid, certFingerprint);
+    const localCert = await this._tokenStore.loadCert(aid, certFingerprint);
     if (localCert) {
       if (certFingerprint) {
         const actualFingerprint = await this._certFingerprint(localCert);
@@ -13062,7 +13150,7 @@ var _AUNClient = class _AUNClient {
     }
     try {
       const certPem = await this._fetchPeerCert(aid, certFingerprint);
-      await this._keystore.saveCert(aid, certPem, certFingerprint, { makeActive: false });
+      await this._tokenStore.saveCert(aid, certPem, certFingerprint, { makeActive: false });
       return true;
     } catch (exc) {
       if (cached && now < cached.validatedAt + PEER_CERT_CACHE_TTL * 2) {
@@ -13258,8 +13346,8 @@ var _AUNClient = class _AUNClient {
     if (!target) throw new StateError("gateway discovery requires a loaded AID");
     if (this._gatewayUrl) return this._gatewayUrl;
     try {
-      const getMetadata = this._keystore.getMetadata;
-      const raw = typeof getMetadata === "function" ? String(await getMetadata.call(this._keystore, target, "gateway_url") ?? "").trim() : "";
+      const getMetadata = this._tokenStore.getMetadata;
+      const raw = typeof getMetadata === "function" ? String(await getMetadata.call(this._tokenStore, target, "gateway_url") ?? "").trim() : "";
       if (raw) {
         const gateway = raw.startsWith('"') && raw.endsWith('"') ? String(JSON.parse(raw)).trim() : raw;
         if (gateway) {
@@ -13282,9 +13370,9 @@ var _AUNClient = class _AUNClient {
         const gateway = await this._discovery.discover(url);
         this._gatewayUrl = gateway;
         try {
-          const setMetadata = this._keystore.setMetadata;
+          const setMetadata = this._tokenStore.setMetadata;
           if (typeof setMetadata === "function") {
-            await setMetadata.call(this._keystore, target, "gateway_url", gateway);
+            await setMetadata.call(this._tokenStore, target, "gateway_url", gateway);
           }
         } catch {
         }
@@ -13316,13 +13404,8 @@ var _AUNClient = class _AUNClient {
     return [gateway];
   }
   async _syncIdentityAfterConnect(accessToken) {
-    let identity = null;
-    try {
-      identity = await this._auth.loadIdentityOrNone(this._aid ?? void 0);
-    } catch {
-    }
+    const identity = this._identity;
     if (!identity) {
-      this._identity = null;
       return;
     }
     identity.access_token = accessToken;
@@ -13332,8 +13415,6 @@ var _AUNClient = class _AUNClient {
       const persistIdentity = this._auth._persistIdentity;
       if (typeof persistIdentity === "function") {
         await persistIdentity.call(this._auth, identity);
-      } else {
-        await this._keystore.saveIdentity(String(identity.aid), identity);
       }
     }
   }
@@ -13803,8 +13884,7 @@ var _AUNClient = class _AUNClient {
   }
   // ── Named Group（命名群）高层 API ────────────────────────────
   /**
-   * 创建命名群：本地生成 P-256 keypair，调用 group.create 传入 public_key，
-   * 服务端签发群 AID 证书，返回后将证书和私钥存入 keystore。
+   * 创建命名群：群/P2P 私钥由 V2 数据库存储，不写入 AID 身份私钥存储。
    */
   async createNamedGroup(groupName, opts = {}) {
     const tStart = Date.now();
@@ -13824,15 +13904,10 @@ var _AUNClient = class _AUNClient {
       const aidCert = result?.aid_cert;
       const groupAid = String(groupInfo?.group_aid ?? "");
       if (groupAid && aidCert) {
-        await this._keystore.saveIdentity(groupAid, {
-          private_key_pem: identity.private_key_pem,
-          public_key: identity.public_key_der_b64,
-          curve: "P-256",
-          type: "group_identity"
-        });
+        await this._saveGroupIdentityToV2(groupAid, identity);
         const certPem = String(aidCert.cert ?? "");
         if (certPem) {
-          await this._keystore.saveCert(groupAid, certPem);
+          await this._tokenStore.saveCert(groupAid, certPem);
         }
       }
       this._clientLog.debug(`createNamedGroup exit: elapsed=${Date.now() - tStart}ms group_aid=${groupAid}`);
@@ -13862,15 +13937,10 @@ var _AUNClient = class _AUNClient {
       const aidCert = result?.aid_cert;
       const groupAid = String(groupInfo?.group_aid ?? "");
       if (groupAid && aidCert) {
-        await this._keystore.saveIdentity(groupAid, {
-          private_key_pem: identity.private_key_pem,
-          public_key: identity.public_key_der_b64,
-          curve: "P-256",
-          type: "group_identity"
-        });
+        await this._saveGroupIdentityToV2(groupAid, identity);
         const certPem = String(aidCert.cert ?? "");
         if (certPem) {
-          await this._keystore.saveCert(groupAid, certPem);
+          await this._tokenStore.saveCert(groupAid, certPem);
         }
       }
       this._clientLog.debug(`bindGroupAid exit: elapsed=${Date.now() - tStart}ms group_aid=${groupAid}`);
@@ -13906,7 +13976,7 @@ var _AUNClient = class _AUNClient {
     const deviceId = this._deviceId;
     const slotId = this._slotId;
     try {
-      const loadAll = this._keystore.loadAllSeqs?.bind(this._keystore);
+      const loadAll = this._tokenStore.loadAllSeqs?.bind(this._tokenStore);
       if (typeof loadAll === "function") {
         let state = await loadAll(aid, deviceId, slotId);
         if (this._seqTrackerContext !== context) return;
@@ -13916,7 +13986,7 @@ var _AUNClient = class _AUNClient {
         }
         return;
       }
-      const loader = this._keystore.loadInstanceState?.bind(this._keystore);
+      const loader = this._tokenStore.loadInstanceState?.bind(this._tokenStore);
       if (typeof loader !== "function") return;
       const stateHolder = await loader(aid, deviceId, slotId);
       if (this._seqTrackerContext !== context) return;
@@ -13969,8 +14039,8 @@ var _AUNClient = class _AUNClient {
     const aid = this._aid;
     const deviceId = this._deviceId;
     const slotId = this._slotId;
-    const saver = this._keystore.saveSeq?.bind(this._keystore);
-    const deleter = this._keystore.deleteSeq?.bind(this._keystore);
+    const saver = this._tokenStore.saveSeq?.bind(this._tokenStore);
+    const deleter = this._tokenStore.deleteSeq?.bind(this._tokenStore);
     if (typeof saver === "function") {
       for (const [oldNs, newNs] of Object.entries(renameMap)) {
         if (typeof deleter === "function") {
@@ -14037,7 +14107,7 @@ var _AUNClient = class _AUNClient {
     const state = this._seqTracker.exportState();
     if (Object.keys(state).length === 0) return;
     try {
-      const saveFn = this._keystore.saveSeq?.bind(this._keystore);
+      const saveFn = this._tokenStore.saveSeq?.bind(this._tokenStore);
       if (typeof saveFn === "function") {
         for (const [ns, seq] of Object.entries(state)) {
           saveFn(this._aid, this._deviceId, this._slotId, ns, seq).catch((exc) => {
@@ -14053,8 +14123,8 @@ var _AUNClient = class _AUNClient {
         }
         return;
       }
-      if (typeof this._keystore.updateInstanceState === "function") {
-        this._keystore.updateInstanceState(this._aid, this._deviceId, this._slotId, (current) => {
+      if (typeof this._tokenStore.updateInstanceState === "function") {
+        this._tokenStore.updateInstanceState(this._aid, this._deviceId, this._slotId, (current) => {
           current.seq_tracker_state = state;
           return current;
         }).catch((exc) => {
@@ -14083,15 +14153,15 @@ var _AUNClient = class _AUNClient {
     if (!this._aid || !ns) return;
     const seq = this._seqTracker.getContiguousSeq(ns);
     try {
-      if (seq > 0 && typeof this._keystore.saveSeq === "function") {
-        this._keystore.saveSeq(this._aid, this._deviceId, this._slotId, ns, seq).catch((exc) => {
+      if (seq > 0 && typeof this._tokenStore.saveSeq === "function") {
+        this._tokenStore.saveSeq(this._aid, this._deviceId, this._slotId, ns, seq).catch((exc) => {
           this._clientLog.debug(`persist repaired seq failed: ns=${ns} err=${formatCaughtError(exc)}`);
         });
         return;
       }
-      const deleteSeq = this._keystore.deleteSeq;
+      const deleteSeq = this._tokenStore.deleteSeq;
       if (seq <= 0 && typeof deleteSeq === "function") {
-        deleteSeq.call(this._keystore, this._aid, this._deviceId, this._slotId, ns).catch((exc) => {
+        deleteSeq.call(this._tokenStore, this._aid, this._deviceId, this._slotId, ns).catch((exc) => {
           this._clientLog.debug(`delete repaired seq failed: ns=${ns} err=${formatCaughtError(exc)}`);
         });
         return;
@@ -14190,6 +14260,25 @@ var _AUNClient = class _AUNClient {
     this._clientLog.debug(`V2 session initialized aid=${this._aid} device=${this._deviceId}`);
     this._safeAsync(this._v2AutoConfirmPendingProposals());
   }
+  _v2StoreDeviceId() {
+    return `aid:${encodeURIComponent(String(this._aid ?? ""))}|device:${encodeURIComponent(String(this._deviceId ?? ""))}`;
+  }
+  async _saveGroupIdentityToV2(groupAid, identity) {
+    const privateKeyPem = String(identity.private_key_pem ?? "").trim();
+    const publicKeyDerB642 = String(identity.public_key_der_b64 ?? "").trim();
+    if (!groupAid || !privateKeyPem || !publicKeyDerB642) {
+      throw new StateError("group identity is incomplete");
+    }
+    if (!this._v2KeyStore) {
+      this._v2KeyStore = await V2KeyStore.open();
+    }
+    await this._v2KeyStore.saveGroupIdentity(
+      this._v2StoreDeviceId(),
+      groupAid,
+      privateKeyPem,
+      base64ToUint8(publicKeyDerB642)
+    );
+  }
   async _v2TrustedIKPubDer(aid) {
     const normalizedAid = String(aid ?? "").trim();
     if (!normalizedAid) throw new E2EEError("spk_aid_missing");
@@ -16086,6 +16175,334 @@ function _uuidV4() {
 
 // src/aid-store.ts
 init_crypto();
+
+// src/register-flow.ts
+init_crypto();
+var _noopLog6 = { error: () => {
+}, warn: () => {
+}, info: () => {
+}, debug: () => {
+} };
+function _gatewayHttpUrl(gatewayUrl, path) {
+  try {
+    const parsed = new URL(gatewayUrl);
+    const scheme = parsed.protocol === "wss:" ? "https:" : "http:";
+    return `${scheme}//${parsed.host}${path}`;
+  } catch {
+    return gatewayUrl.replace(/^wss:/, "https:").replace(/^ws:/, "http:") + path;
+  }
+}
+function _extractSpkiB64FromPem(certPem) {
+  const der = new Uint8Array(pemToArrayBuffer(certPem));
+  function readLen(data, offset) {
+    const first = data[offset];
+    if (!(first & 128)) return { value: first, lenBytes: 1 };
+    const n = first & 127;
+    let v = 0;
+    for (let i = 0; i < n; i++) v = v << 8 | data[offset + 1 + i];
+    return { value: v, lenBytes: 1 + n };
+  }
+  function skipTlv(data, offset) {
+    const len = readLen(data, offset + 1);
+    return offset + 1 + len.lenBytes + len.value;
+  }
+  const certLen = readLen(der, 1);
+  const tbsStart = 1 + certLen.lenBytes;
+  const tbsLen = readLen(der, tbsStart + 1);
+  let pos = tbsStart + 1 + tbsLen.lenBytes;
+  if (der[pos] === 160) pos = skipTlv(der, pos);
+  pos = skipTlv(der, pos);
+  pos = skipTlv(der, pos);
+  pos = skipTlv(der, pos);
+  pos = skipTlv(der, pos);
+  pos = skipTlv(der, pos);
+  const spkiLen = readLen(der, pos + 1);
+  const spkiEnd = pos + 1 + spkiLen.lenBytes + spkiLen.value;
+  return uint8ToBase64(der.slice(pos, spkiEnd));
+}
+var RegisterFlow = class {
+  constructor(opts) {
+    __publicField(this, "_keystore");
+    __publicField(this, "_crypto");
+    __publicField(this, "_logger");
+    this._keystore = opts.keystore;
+    this._crypto = opts.crypto;
+    this._logger = opts.logger ?? _noopLog6;
+  }
+  async registerAid(gatewayUrl, aid) {
+    const tStart = Date.now();
+    AuthFlow._validateAidName(aid);
+    this._logger.debug(`registerAid enter: aid=${aid}, gateway=${gatewayUrl}`);
+    try {
+      const existing = await this._keystore.loadIdentity(aid);
+      if (existing && existing.private_key_pem && existing.public_key_der_b64) {
+        this._logger.debug(`registerAid: local keypair exists, checking server: aid=${aid}`);
+        const localPubB64 = String(existing.public_key_der_b64);
+        const serverCertPem = await this._downloadRegisteredCert(gatewayUrl, aid);
+        if (serverCertPem) {
+          const serverPubB64 = _extractSpkiB64FromPem(serverCertPem);
+          if (serverPubB64 !== localPubB64) {
+            throw new IdentityConflictError(
+              `AID '${aid}' is registered by another party on server (public key mismatch). Choose a different name.`
+            );
+          }
+          this._logger.info(`registerAid: idempotent return for already-registered AID: aid=${aid}`);
+          if (!existing.cert) {
+            existing.cert = serverCertPem;
+            await this._persistIdentity(existing);
+          }
+          this._logger.debug(`registerAid exit (idempotent): elapsed=${Date.now() - tStart}ms aid=${aid}`);
+          return {
+            aid,
+            cert: serverCertPem,
+            private_key_pem: String(existing.private_key_pem),
+            public_key_der_b64: localPubB64,
+            curve: String(existing.curve ?? "P-256")
+          };
+        } else {
+          this._logger.debug(`registerAid: server has no record, registering with existing keypair: aid=${aid}`);
+          const created2 = await this._createAid(gatewayUrl, existing);
+          const certPem2 = String(created2.cert ?? "");
+          if (!certPem2) throw new AuthError(`registerAid: server response missing cert for ${aid}`);
+          existing.cert = certPem2;
+          this._assertCertMatchesLocalKeypair(existing);
+          await this._persistIdentity(existing);
+          this._logger.debug(`registerAid exit (recovered): elapsed=${Date.now() - tStart}ms aid=${aid}`);
+          return {
+            aid,
+            cert: certPem2,
+            private_key_pem: String(existing.private_key_pem),
+            public_key_der_b64: localPubB64,
+            curve: String(existing.curve ?? "P-256")
+          };
+        }
+      }
+      const recovered = await this._tryRecoverPendingRegistration(gatewayUrl, aid);
+      if (recovered !== null) {
+        this._logger.info(`registerAid recovered from pending: aid=${aid}`);
+        return recovered;
+      }
+      const existingCert = await this._downloadRegisteredCert(gatewayUrl, aid);
+      if (existingCert) {
+        throw new IdentityConflictError(
+          `AID '${aid}' is already registered on server. Choose a different name, or if you own the keypair use a recovery flow.`
+        );
+      }
+      const identity = await this._crypto.generateIdentity();
+      identity.aid = aid;
+      const pendingStore = this._pendingStore();
+      const pendingHandle = await pendingStore.pendingIdentityDir(aid);
+      await pendingStore.savePendingKeyPair(pendingHandle, aid, identity);
+      let created;
+      try {
+        created = await this._createAid(gatewayUrl, identity);
+      } catch (e) {
+        this._logger.warn(`registerAid RPC failed (pending kept for recovery): aid=${aid}, pending=${pendingHandle}, error=${e instanceof Error ? e.message : String(e)}`);
+        throw e;
+      }
+      const certPem = String(created.cert ?? "");
+      if (!certPem) throw new AuthError(`registerAid: server response missing cert for ${aid}`);
+      identity.cert = certPem;
+      this._assertCertMatchesLocalKeypair(identity);
+      await pendingStore.savePendingCert(pendingHandle, certPem);
+      try {
+        await pendingStore.promotePendingIdentity(pendingHandle, aid);
+      } catch (e) {
+        throw new IdentityConflictError(
+          `AID '${aid}' was created by another process during registration; pending record kept for cleanup.`
+        );
+      }
+      await this._persistIdentity(identity);
+      this._logger.debug(`registerAid exit: elapsed=${Date.now() - tStart}ms aid=${aid}`);
+      return {
+        aid,
+        cert: certPem,
+        private_key_pem: String(identity.private_key_pem ?? ""),
+        public_key_der_b64: String(identity.public_key_der_b64 ?? ""),
+        curve: String(identity.curve ?? "P-256")
+      };
+    } catch (err) {
+      this._logger.debug(`registerAid exit (error): elapsed=${Date.now() - tStart}ms err=${err instanceof Error ? err.message : String(err)}`);
+      throw err;
+    }
+  }
+  _pendingStore() {
+    const store = this._keystore;
+    for (const name of [
+      "pendingIdentityDir",
+      "listPendingIdentityDirs",
+      "savePendingKeyPair",
+      "loadPendingKeyPair",
+      "savePendingCert",
+      "promotePendingIdentity"
+    ]) {
+      if (typeof store[name] !== "function") {
+        throw new AuthError(`keystore does not support pending registration: ${name}`);
+      }
+    }
+    return store;
+  }
+  async _tryRecoverPendingRegistration(gatewayUrl, aid) {
+    const pendingStore = this._pendingStore();
+    const handles = await pendingStore.listPendingIdentityDirs(aid);
+    for (const handle of handles) {
+      let keyPair;
+      try {
+        keyPair = await pendingStore.loadPendingKeyPair(handle, aid);
+      } catch (exc) {
+        this._logger.warn(`pending identity keypair load failed; keeping pending for retry: aid=${aid}, pending=${handle}, error=${exc instanceof Error ? exc.message : String(exc)}`);
+        throw exc;
+      }
+      const privateKeyPem = String(keyPair?.private_key_pem ?? "");
+      const publicKeyDerB642 = String(keyPair?.public_key_der_b64 ?? "");
+      if (!privateKeyPem || !publicKeyDerB642) {
+        await pendingStore.discardPendingIdentity?.(handle);
+        continue;
+      }
+      const serverCertPem = await this._downloadRegisteredCert(gatewayUrl, aid);
+      if (!serverCertPem) {
+        this._logger.info(`pending record found but server has no registration; cleaning up: ${handle}`);
+        await pendingStore.discardPendingIdentity?.(handle);
+        return null;
+      }
+      const serverPubB64 = _extractSpkiB64FromPem(serverCertPem);
+      if (serverPubB64 !== publicKeyDerB642) {
+        await pendingStore.discardPendingIdentity?.(handle);
+        throw new IdentityConflictError(
+          `AID '${aid}' has been registered by another party while local pending registration was incomplete; local pending key discarded.`
+        );
+      }
+      const identity = {
+        aid,
+        cert: serverCertPem,
+        private_key_pem: privateKeyPem,
+        public_key_der_b64: publicKeyDerB642,
+        curve: String(keyPair?.curve ?? "P-256")
+      };
+      await pendingStore.savePendingKeyPair(handle, aid, identity);
+      await pendingStore.savePendingCert(handle, serverCertPem);
+      try {
+        await pendingStore.promotePendingIdentity(handle, aid);
+      } catch (e) {
+        throw new IdentityConflictError(
+          `AID '${aid}' was created by another process during recovery; pending record kept for cleanup.`
+        );
+      }
+      await this._persistIdentity(identity);
+      return {
+        aid,
+        cert: serverCertPem,
+        private_key_pem: privateKeyPem,
+        public_key_der_b64: publicKeyDerB642,
+        curve: String(keyPair?.curve ?? "P-256")
+      };
+    }
+    return null;
+  }
+  async _downloadRegisteredCert(gatewayUrl, aid) {
+    const certUrl = _gatewayHttpUrl(gatewayUrl, `/pki/cert/${aid}`);
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), 5e3);
+    try {
+      const resp = await fetch(certUrl, { signal: controller.signal });
+      if (!resp.ok) return null;
+      const certPem = await resp.text();
+      if (!certPem || !certPem.includes("BEGIN CERTIFICATE")) return null;
+      return certPem;
+    } catch {
+      return null;
+    } finally {
+      clearTimeout(timer);
+    }
+  }
+  async _createAid(gatewayUrl, identity) {
+    const response = await this._shortRpc(gatewayUrl, "auth.create_aid", {
+      aid: identity.aid,
+      public_key: identity.public_key_der_b64,
+      curve: identity.curve ?? "P-256"
+    });
+    return { cert: response.cert };
+  }
+  _shortRpc(gatewayUrl, method, params) {
+    return new Promise((resolve, reject) => {
+      let ws;
+      try {
+        ws = new WebSocket(gatewayUrl);
+      } catch {
+        reject(new AuthError(`WebSocket \u8FDE\u63A5\u5931\u8D25: ${gatewayUrl}`));
+        return;
+      }
+      let receivedChallenge = false;
+      const timeout = globalThis.setTimeout(() => {
+        try {
+          ws.close();
+        } catch {
+        }
+        reject(new AuthError(`shortRpc \u8D85\u65F6: ${method}`));
+      }, 1e4);
+      ws.onerror = () => {
+        globalThis.clearTimeout(timeout);
+        reject(new AuthError(`WebSocket \u8FDE\u63A5\u9519\u8BEF: ${gatewayUrl}`));
+      };
+      ws.onmessage = (event) => {
+        try {
+          const msg = typeof event.data === "string" ? JSON.parse(event.data) : event.data;
+          if (!receivedChallenge) {
+            receivedChallenge = true;
+            ws.send(JSON.stringify({ jsonrpc: "2.0", id: `pre-${method}`, method, params }));
+            return;
+          }
+          globalThis.clearTimeout(timeout);
+          try {
+            ws.close();
+          } catch {
+          }
+          if (msg.error) {
+            reject(mapRemoteError(msg.error));
+            return;
+          }
+          const result = msg.result;
+          if (!isJsonObject(result)) {
+            reject(new ValidationError(`invalid pre-auth response for ${method}`));
+            return;
+          }
+          if (result.success === false) {
+            reject(new AuthError(String(result.error ?? `${method} failed`)));
+            return;
+          }
+          resolve(result);
+        } catch (e) {
+          globalThis.clearTimeout(timeout);
+          try {
+            ws.close();
+          } catch {
+          }
+          reject(e instanceof Error ? e : new AuthError(String(e)));
+        }
+      };
+    });
+  }
+  _assertCertMatchesLocalKeypair(identity) {
+    const aid = identity.aid ?? "?";
+    const certPem = identity.cert;
+    const localPubB64 = identity.public_key_der_b64;
+    if (!certPem || !localPubB64) {
+      throw new AuthError(`identity for aid ${aid} missing cert or public key`);
+    }
+    const certPubB64 = _extractSpkiB64FromPem(certPem);
+    if (certPubB64 !== localPubB64) {
+      throw new AuthError(`local certificate public key does not match local keypair for aid ${aid}`);
+    }
+  }
+  async _persistIdentity(identity) {
+    const aid = String(identity.aid ?? "");
+    if (!aid) return;
+    const certPem = String(identity.cert ?? "");
+    if (certPem) await this._keystore.saveCert(aid, certPem);
+  }
+};
+
+// src/aid-store.ts
 function _derReadLength(data, offset) {
   if (offset >= data.length) return null;
   const first = data[offset];
@@ -16311,6 +16728,7 @@ var AIDStore = class {
     __publicField(this, "_encryptionSeed");
     __publicField(this, "_keystore");
     __publicField(this, "_auth");
+    __publicField(this, "_registerFlow");
     __publicField(this, "_crypto");
     __publicField(this, "_discovery");
     __publicField(this, "_verifySsl");
@@ -16328,13 +16746,18 @@ var AIDStore = class {
     this._crypto = new CryptoProvider();
     this._discovery = new GatewayDiscovery();
     this._auth = new AuthFlow({
-      keystore: this._keystore,
+      tokenStore: this._keystore,
       crypto: this._crypto,
       deviceId: this.deviceId,
       slotId: this.slotId,
       rootCaPem: opts.rootCaPem ?? null,
       verifySsl: this._verifySsl
     });
+    this._registerFlow = new RegisterFlow({
+      keystore: this._keystore,
+      crypto: this._crypto,
+      verifySsl: this._verifySsl
+    });
   }
   close() {
     const close = this._keystore.close;
@@ -16453,7 +16876,17 @@ var AIDStore = class {
     try {
       validateRegisterAidName(target);
       const gatewayUrl = await this._resolveGateway(target);
-      await this._auth.registerAid(gatewayUrl, target);
+      const result = await this._registerFlow.registerAid(gatewayUrl, target);
+      if (result.cert) {
+        await this._keystore.saveCert(target, result.cert);
+      }
+      if (result.private_key_pem || result.public_key_der_b64) {
+        await this._keystore.saveKeyPair(target, {
+          private_key_pem: result.private_key_pem,
+          public_key_der_b64: result.public_key_der_b64,
+          curve: result.curve
+        });
+      }
       return resultOk({ registered: true });
     } catch (exc) {
       if (exc instanceof IdentityConflictError) {
@@ -16656,18 +17089,18 @@ var AIDStore = class {
       return resultErr(PRIVATE_KEY_REQUIRED, `private key required for aid: ${target}`);
     }
     try {
-      const identity = await this._auth.loadIdentityOrNone(target);
-      if (!identity?.cert || !identity.private_key_pem) {
+      const aidObj = loaded.data.aid;
+      if (!aidObj.certPem || !aidObj.privateKeyPem) {
         return resultErr(PRIVATE_KEY_REQUIRED, `private key required for aid: ${target}`);
       }
       const gatewayUrl = await this._resolveGateway(target);
       const clientNonce = this._crypto.newClientNonce();
       const phase1 = await this._auth._shortRpc(gatewayUrl, "auth.aid_login1", {
         aid: target,
-        cert: identity.cert,
+        cert: aidObj.certPem,
         client_nonce: clientNonce
       });
-      const [signature, clientTime] = await this._crypto.signLoginNonce(identity.private_key_pem, String(phase1.nonce ?? ""));
+      const [signature, clientTime] = await this._crypto.signLoginNonce(aidObj.privateKeyPem, String(phase1.nonce ?? ""));
       const response = await this._auth._shortRpc(gatewayUrl, "auth.renew_cert", {
         aid: target,
         request_id: String(phase1.request_id ?? ""),
@@ -16696,8 +17129,8 @@ var AIDStore = class {
       return resultErr(PRIVATE_KEY_REQUIRED, `private key required for aid: ${target}`);
     }
     try {
-      const identity = await this._auth.loadIdentityOrNone(target);
-      if (!identity?.cert || !identity.private_key_pem) {
+      const oldAid = loaded.data.aid;
+      if (!oldAid.certPem || !oldAid.privateKeyPem) {
         return resultErr(PRIVATE_KEY_REQUIRED, `private key required for aid: ${target}`);
       }
       const gatewayUrl = await this._resolveGateway(target);
@@ -16705,7 +17138,7 @@ var AIDStore = class {
       const clientNonce = this._crypto.newClientNonce();
       const phase1 = await this._auth._shortRpc(gatewayUrl, "auth.aid_login1", {
         aid: target,
-        cert: identity.cert,
+        cert: oldAid.certPem,
         client_nonce: clientNonce
       });
       const signPayload = `${String(phase1.nonce ?? "")}${newIdentity.public_key_der_b64}`;
@@ -16886,6 +17319,7 @@ export {
   ROOT_CA_PEM,
   RPCTransport,
   RateLimitError,
+  RegisterFlow,
   STATE_PREFIX,
   SeedMigrationError,
   SerializationError,