@agora-sdk/secure-chat-core 0.4.0 → 0.5.0

package/dist/esm/backup/passphrase-strength.d.ts

@@ -0,0 +1,22 @@
+/** The outcome of {@link estimatePassphraseStrength}: a coarse 0–4 score plus display copy. */
+export interface PassphraseStrength {
+    /** 0 (weakest) … 4 (strongest) — for a 5-segment meter. */
+    score: 0 | 1 | 2 | 3 | 4;
+    /** A short human label for the score (e.g. "Weak", "Strong"). */
+    label: string;
+    /** A specific reason the passphrase is weak, when applicable (e.g. a common password). */
+    warning?: string;
+}
+/**
+ * Estimate the strength of a backup passphrase for a strength meter.
+ *
+ * @param passphrase - The candidate passphrase (never logged or sent anywhere).
+ * @returns A {@link PassphraseStrength} with a 0–4 score, a label, and an optional warning.
+ *
+ * @example
+ * ```ts
+ * const { score, label, warning } = estimatePassphraseStrength(input);
+ * // render a 5-segment meter from `score`, show `warning` if present.
+ * ```
+ */
+export declare function estimatePassphraseStrength(passphrase: string): PassphraseStrength;

package/dist/esm/backup/passphrase-strength.js

@@ -0,0 +1,72 @@
+// Passphrase-strength estimator for backup UX.
+//
+// Why this exists (CLAUDE.md #1 + spec §16.5): the blind server stores the passphrase-encrypted
+// backup blob, so a weak passphrase is offline-brute-forceable on a DB exfil. The real argon2id KDF
+// raises the cost per guess, but it can't rescue a guessable passphrase — so we nudge the user toward
+// a strong one at entry time. This is a deliberately small, dependency-free heuristic (length +
+// character-class diversity + a common-password penalty), NOT a substitute for zxcvbn-grade entropy
+// estimation. It runs purely client-side and never logs or transmits the passphrase.
+const LABELS = ["Very weak", "Weak", "Fair", "Strong", "Very strong"];
+// A tiny set of the most-guessed passwords/substrings. Not exhaustive — a guardrail against the
+// obvious, not a real dictionary check.
+const COMMON = [
+    "password", "passw0rd", "12345", "123456", "qwerty", "letmein", "admin", "welcome",
+    "iloveyou", "abc123", "hunter2", "monkey", "dragon", "trustno1", "secret",
+];
+/**
+ * Estimate the strength of a backup passphrase for a strength meter.
+ *
+ * @param passphrase - The candidate passphrase (never logged or sent anywhere).
+ * @returns A {@link PassphraseStrength} with a 0–4 score, a label, and an optional warning.
+ *
+ * @example
+ * ```ts
+ * const { score, label, warning } = estimatePassphraseStrength(input);
+ * // render a 5-segment meter from `score`, show `warning` if present.
+ * ```
+ */
+export function estimatePassphraseStrength(passphrase) {
+    const pw = passphrase ?? "";
+    if (pw.length === 0)
+        return { score: 0, label: LABELS[0] };
+    const lower = pw.toLowerCase();
+    const hitsCommon = COMMON.some((c) => lower.includes(c));
+    // Character-class diversity.
+    let classes = 0;
+    if (/[a-z]/.test(pw))
+        classes++;
+    if (/[A-Z]/.test(pw))
+        classes++;
+    if (/[0-9]/.test(pw))
+        classes++;
+    if (/[^a-zA-Z0-9]/.test(pw))
+        classes++;
+    // Length is the dominant factor (passphrases >> complex-but-short passwords).
+    let score = 0;
+    if (pw.length >= 8)
+        score++;
+    if (pw.length >= 12)
+        score++;
+    if (pw.length >= 16)
+        score++;
+    // Diversity adds at most one step, and only once there's some length.
+    if (classes >= 3 && pw.length >= 8)
+        score++;
+    // A short, single-class passphrase never rates above "weak".
+    if (pw.length < 8 || classes <= 1)
+        score = Math.min(score, 1);
+    // A recognizably common password is capped hard regardless of shape.
+    if (hitsCommon)
+        score = Math.min(score, 1);
+    const clamped = Math.max(0, Math.min(4, score));
+    return {
+        score: clamped,
+        label: LABELS[clamped],
+        warning: hitsCommon
+            ? "This looks like a common password — choose something less guessable."
+            : clamped <= 1
+                ? "Use a longer passphrase (4+ random words) with mixed character types."
+                : undefined,
+    };
+}
+//# sourceMappingURL=passphrase-strength.js.map

package/dist/esm/backup/passphrase-strength.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passphrase-strength.js","sourceRoot":"","sources":["../../../src/backup/passphrase-strength.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,gGAAgG;AAChG,oGAAoG;AACpG,sGAAsG;AACtG,gGAAgG;AAChG,oGAAoG;AACpG,qFAAqF;AAYrF,MAAM,MAAM,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAU,CAAC;AAE/E,gGAAgG;AAChG,wCAAwC;AACxC,MAAM,MAAM,GAAG;IACb,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS;IAClF,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ;CAC1E,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,MAAM,EAAE,GAAG,UAAU,IAAI,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3D,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,6BAA6B;IAC7B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,8EAA8E;IAC9E,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC;QAAE,KAAK,EAAE,CAAC;IAC5B,IAAI,EAAE,CAAC,MAAM,IAAI,EAAE;QAAE,KAAK,EAAE,CAAC;IAC7B,IAAI,EAAE,CAAC,MAAM,IAAI,EAAE;QAAE,KAAK,EAAE,CAAC;IAC7B,sEAAsE;IACtE,IAAI,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,IAAI,CAAC;QAAE,KAAK,EAAE,CAAC;IAE5C,6DAA6D;IAC7D,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,IAAI,CAAC;QAAE,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE9D,qEAAqE;IACrE,IAAI,UAAU;QAAE,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE3C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAgC,CAAC;IAC/E,OAAO;QACL,KAAK,EAAE,OAAO;QACd,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC;QACtB,OAAO,EAAE,UAAU;YACjB,CAAC,CAAC,sEAAsE;YACxE,CAAC,CAAC,OAAO,IAAI,CAAC;gBACZ,CAAC,CAAC,uEAAuE;gBACzE,CAAC,CAAC,SAAS;KAChB,CAAC;AACJ,CAAC"}

package/dist/esm/context/secure-chat-context.d.ts

@@ -4,6 +4,7 @@ import { SecureChatRestClient } from "../transport/rest.js";
 import { SecureChatSocketClient } from "../transport/socket.js";
 import { SecureChatStore } from "../persistence/store.js";
 import { SecureChatRepository } from "../persistence/repository.js";
+import { PaddingPolicy } from "../util/padding.js";
 /**
  * The value exposed by {@link useSecureChat}: shared transport clients, the injected crypto, the
  * persistence repository, the group-handle resolver, and the active project id.
@@ -31,6 +32,11 @@ export interface SecureChatContextValue {
      * @returns An unsubscribe function.
      */
     subscribeGroupChange: (listener: () => void) => () => void;
+    /**
+     * Outbound message size-bucket padding policy. `useSecureMessages` pads plaintext to this before
+     * encryption so ciphertext size leaks less; defaults to `"ladder"`.
+     */
+    padding: PaddingPolicy;
     /** The Agora project id these clients are scoped to. */
     projectId: string;
 }
@@ -50,6 +56,11 @@ export interface SecureChatProviderProps {
     baseUrl?: string;
     /** Override the socket origin. Defaults to @agora-sdk/core `getSocketUrl()`. */
     socketUrl?: string;
+    /**
+     * Outbound message size-bucket padding policy (metadata hardening). `"ladder"` (default) pads each
+     * message up to a fixed size bucket so ciphertext length leaks less; `"none"` frames without padding.
+     */
+    padding?: PaddingPolicy;
     children: React.ReactNode;
 }
 /**
@@ -66,7 +77,7 @@ export interface SecureChatProviderProps {
  * </SecureChatProvider>
  * ```
  */
-export declare function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, children, }: SecureChatProviderProps): React.JSX.Element;
+export declare function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, padding, children, }: SecureChatProviderProps): React.JSX.Element;
 /**
  * Access the nearest {@link SecureChatContextValue}.
  *

package/dist/esm/context/secure-chat-context.js

@@ -27,7 +27,7 @@ const SecureChatContext = createContext(null);
  * </SecureChatProvider>
  * ```
  */
-export function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, children, }) {
+export function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, padding = "ladder", children, }) {
     const tokenRef = useRef(accessToken);
     tokenRef.current = accessToken;
     const resolveToken = useMemo(() => getAccessToken ?? (() => tokenRef.current), [getAccessToken]);
@@ -91,6 +91,7 @@ export function SecureChatProvider({ crypto, projectId, store, accessToken, getA
         rememberGroup,
         getGroupVersion,
         subscribeGroupChange,
+        padding,
         projectId,
     }), [
         rest,
@@ -101,6 +102,7 @@ export function SecureChatProvider({ crypto, projectId, store, accessToken, getA
         rememberGroup,
         getGroupVersion,
         subscribeGroupChange,
+        padding,
         projectId,
     ]);
     return _jsx(SecureChatContext.Provider, { value: value, children: children });

package/dist/esm/context/secure-chat-context.js.map

@@ -1 +1 @@
-{"version":3,"file":"secure-chat-context.js","sourceRoot":"","sources":["../../../src/context/secure-chat-context.tsx"],"names":[],"mappings":";AAAA,yFAAyF;AACzF,EAAE;AACF,gGAAgG;AAChG,kGAAkG;AAClG,+FAA+F;AAC/F,mGAAmG;AACnG,gEAAgE;AAEhE,OAAc,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAiCpE,MAAM,iBAAiB,GAAG,aAAa,CAAgC,IAAI,CAAC,CAAC;AAqB7E;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,EACjC,MAAM,EACN,SAAS,EACT,KAAK,EACL,WAAW,EACX,cAAc,EACd,OAAO,EACP,SAAS,EACT,QAAQ,GACgB;IACxB,MAAM,QAAQ,GAAG,MAAM,CAAqB,WAAW,CAAC,CAAC;IACzD,QAAQ,CAAC,OAAO,GAAG,WAAW,CAAC;IAE/B,MAAM,YAAY,GAAG,OAAO,CAC1B,GAAG,EAAE,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAChD,CAAC,cAAc,CAAC,CACjB,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,IAAI,oBAAoB,CAAC;QACvB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,aAAa,EAAE;KAC7C,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CACnC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,EAAE,CACH,IAAI,sBAAsB,CAAC;QACzB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS,IAAI,YAAY,EAAE;KAChD,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,CAAC,CACrC,CAAC;IAEF,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,oBAAoB,CAAC,aAAa,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAErF,yFAAyF;IACzF,6FAA6F;IAC7F,+EAA+E;IAC/E,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,GAAG,EAAuB,CAAC,CAAC;IAE1D,kGAAkG;IAClG,6FAA6F;IAC7F,+FAA+F;IAC/F,mDAAmD;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,GAAG,EAAkB,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,GAAG,EAAc,CAAC,CAAC;IAErD,MAAM,YAAY,GAAG,WAAW,CAC9B,KAAK,EAAE,cAAsB,EAA+B,EAAE;QAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACtD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACpD,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,aAAa,GAAG,WAAW,CAC/B,KAAK,EAAE,cAAsB,EAAE,MAAmB,EAAiB,EAAE;QACnE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACjD,uFAAuF;QACvF,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9F,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,eAAe,GAAG,WAAW,CACjC,CAAC,cAAsB,EAAU,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,EACjF,EAAE,CACH,CAAC;IAEF,MAAM,oBAAoB,GAAG,WAAW,CAAC,CAAC,QAAoB,EAAgB,EAAE;QAC9E,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACnC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,IAAI;QACJ,MAAM;QACN,MAAM;QACN,IAAI;QACJ,YAAY;QACZ,aAAa;QACb,eAAe;QACf,oBAAoB;QACpB,SAAS;KACV,CAAC,EACF;QACE,IAAI;QACJ,MAAM;QACN,MAAM;QACN,IAAI;QACJ,YAAY;QACZ,aAAa;QACb,eAAe;QACf,oBAAoB;QACpB,SAAS;KACV,CACF,CAAC;IAEF,OAAO,KAAC,iBAAiB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA8B,CAAC;AAC3F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"secure-chat-context.js","sourceRoot":"","sources":["../../../src/context/secure-chat-context.tsx"],"names":[],"mappings":";AAAA,yFAAyF;AACzF,EAAE;AACF,gGAAgG;AAChG,kGAAkG;AAClG,+FAA+F;AAC/F,mGAAmG;AACnG,gEAAgE;AAEhE,OAAc,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAuCpE,MAAM,iBAAiB,GAAG,aAAa,CAAgC,IAAI,CAAC,CAAC;AA0B7E;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,EACjC,MAAM,EACN,SAAS,EACT,KAAK,EACL,WAAW,EACX,cAAc,EACd,OAAO,EACP,SAAS,EACT,OAAO,GAAG,QAAQ,EAClB,QAAQ,GACgB;IACxB,MAAM,QAAQ,GAAG,MAAM,CAAqB,WAAW,CAAC,CAAC;IACzD,QAAQ,CAAC,OAAO,GAAG,WAAW,CAAC;IAE/B,MAAM,YAAY,GAAG,OAAO,CAC1B,GAAG,EAAE,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAChD,CAAC,cAAc,CAAC,CACjB,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAClB,GAAG,EAAE,CACH,IAAI,oBAAoB,CAAC;QACvB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,aAAa,EAAE;KAC7C,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CACnC,CAAC;IAEF,MAAM,MAAM,GAAG,OAAO,CACpB,GAAG,EAAE,CACH,IAAI,sBAAsB,CAAC;QACzB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS,IAAI,YAAY,EAAE;KAChD,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,CAAC,CACrC,CAAC;IAEF,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,IAAI,WAAW,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,oBAAoB,CAAC,aAAa,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAErF,yFAAyF;IACzF,6FAA6F;IAC7F,+EAA+E;IAC/E,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,GAAG,EAAuB,CAAC,CAAC;IAE1D,kGAAkG;IAClG,6FAA6F;IAC7F,+FAA+F;IAC/F,mDAAmD;IACnD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,GAAG,EAAkB,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,GAAG,EAAc,CAAC,CAAC;IAErD,MAAM,YAAY,GAAG,WAAW,CAC9B,KAAK,EAAE,cAAsB,EAA+B,EAAE;QAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACtD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACpD,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,aAAa,GAAG,WAAW,CAC/B,KAAK,EAAE,cAAsB,EAAE,MAAmB,EAAiB,EAAE;QACnE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACjD,uFAAuF;QACvF,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9F,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,eAAe,GAAG,WAAW,CACjC,CAAC,cAAsB,EAAU,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,EACjF,EAAE,CACH,CAAC;IAEF,MAAM,oBAAoB,GAAG,WAAW,CAAC,CAAC,QAAoB,EAAgB,EAAE;QAC9E,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACnC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,MAAM,KAAK,GAAG,OAAO,CACnB,GAAG,EAAE,CAAC,CAAC;QACL,IAAI;QACJ,MAAM;QACN,MAAM;QACN,IAAI;QACJ,YAAY;QACZ,aAAa;QACb,eAAe;QACf,oBAAoB;QACpB,OAAO;QACP,SAAS;KACV,CAAC,EACF;QACE,IAAI;QACJ,MAAM;QACN,MAAM;QACN,IAAI;QACJ,YAAY;QACZ,aAAa;QACb,eAAe;QACf,oBAAoB;QACpB,OAAO;QACP,SAAS;KACV,CACF,CAAC;IAEF,OAAO,KAAC,iBAAiB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA8B,CAAC;AAC3F,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/esm/hooks/useSecureBackup.d.ts

@@ -0,0 +1,67 @@
+import { type PassphraseStrength } from "../backup/passphrase-strength.js";
+/** State + actions returned by {@link useSecureBackup}. */
+export interface UseSecureBackupValues {
+    /**
+     * Seal all local key material under `passphrase` and upload it to the blind server.
+     * @throws {Error} If export or upload fails.
+     */
+    backup: (passphrase: string) => Promise<void>;
+    /**
+     * Restore local key material on a fresh client from the server's backup, rehydrating the device and
+     * every conversation's group state.
+     * @throws {Error} If no backup exists, the passphrase is wrong, or the backup is corrupt.
+     */
+    restore: (passphrase: string) => Promise<void>;
+    /** True while {@link UseSecureBackupValues.backup} is in flight. */
+    backingUp: boolean;
+    /** True while {@link UseSecureBackupValues.restore} is in flight. */
+    restoring: boolean;
+    /** The last error thrown by backup or restore, or `null`. */
+    error: unknown;
+    /** Server `updatedAt` of the most recent successful upload this session, or `null`. */
+    lastBackupAt: string | null;
+    /** True once a group has advanced since the last backup (membership/epoch change) — prompt a re-backup. */
+    needsBackup: boolean;
+    /**
+     * True when there is NO local key material but a backup exists on the server — i.e. this client was
+     * evicted (Safari ITP / "clear browsing data") or is a fresh browser, and recovery is possible. The
+     * app should route to a passphrase prompt → {@link UseSecureBackupValues.restore} instead of
+     * registering a new device. Indistinguishable cases (evicted vs cleared vs new browser) all resolve
+     * the same way. Cleared after a successful restore.
+     */
+    needsRestore: boolean;
+    /** True while the mount-time eviction check (or {@link UseSecureBackupValues.recheckRestore}) is in flight. */
+    checkingRestore: boolean;
+    /**
+     * Re-run the eviction check on demand (e.g. after catching a storage error mid-session, or after
+     * sign-in). Skips the server entirely when local key material is present.
+     * @returns The new {@link UseSecureBackupValues.needsRestore} value.
+     */
+    recheckRestore: () => Promise<boolean>;
+    /** Coarse client-side passphrase-strength estimate for a meter (see {@link estimatePassphraseStrength}). */
+    estimateStrength: (passphrase: string) => PassphraseStrength;
+}
+/**
+ * Manage passphrase backup + restore of the client's secure-chat key material.
+ *
+ * Backups are explicit (call {@link UseSecureBackupValues.backup}); `needsBackup` flips true when a
+ * group advances so the app can prompt. On mount it also detects an evicted/fresh client
+ * (`needsRestore`) so the app restores rather than registering a fresh, history-less identity.
+ *
+ * @returns Backup/restore actions, the evicted-client `needsRestore` signal, in-flight + error state, a
+ *   stale-backup signal, and a passphrase-strength helper.
+ * @throws {Error} When used outside a `<SecureChatProvider>`.
+ *
+ * @example
+ * ```tsx
+ * const { needsRestore, restore, backup } = useSecureBackup();
+ * const { device, register } = useSecureDevice();
+ * // Route an evicted / fresh client to restore; a true first-run to register.
+ * if (needsRestore) await restore(passphrase);      // prompt for the passphrase first
+ * else if (!device) await register();
+ * await backup(passphrase);                          // later, after a device/chat exists
+ * ```
+ * Restore should complete before the app relies on `useSecureDevice` (which read `device: null` on its
+ * own mount) — gate the chat subtree on a post-restore flag or remount it after restore.
+ */
+export declare function useSecureBackup(): UseSecureBackupValues;

package/dist/esm/hooks/useSecureBackup.js

@@ -0,0 +1,204 @@
+// useSecureBackup — passphrase backup + restore of all local key material.
+//
+// Backup: crypto.exportBackup(passphrase) seals the device identity + every group's state under a
+// real argon2id KDF + AEAD; we base64 the blob/nonce at the wire boundary and PUT it to the blind
+// server, which stores the ciphertext verbatim (it never sees the passphrase or plaintext).
+//
+// Restore (fresh browser): GET the blob → crypto.importBackup re-derives the identity + groups in
+// memory → re-assert the device server-side (idempotent) to recover its row → persist the device →
+// rebind each conversation's group state by conversationId from the server's conversation list (the
+// server is the source of truth for membership; the backup itself is conversationId-agnostic). The
+// handshake cursor is intentionally left unset so useSecureHandshakes re-pulls from since=0 and
+// dedupes — no cursor needs to live in the backup.
+import { useCallback, useEffect, useRef, useState } from "react";
+import { toBase64, fromBase64 } from "../util/base64.js";
+import { useSecureChat } from "../context/secure-chat-context.js";
+import { estimatePassphraseStrength, } from "../backup/passphrase-strength.js";
+/**
+ * Manage passphrase backup + restore of the client's secure-chat key material.
+ *
+ * Backups are explicit (call {@link UseSecureBackupValues.backup}); `needsBackup` flips true when a
+ * group advances so the app can prompt. On mount it also detects an evicted/fresh client
+ * (`needsRestore`) so the app restores rather than registering a fresh, history-less identity.
+ *
+ * @returns Backup/restore actions, the evicted-client `needsRestore` signal, in-flight + error state, a
+ *   stale-backup signal, and a passphrase-strength helper.
+ * @throws {Error} When used outside a `<SecureChatProvider>`.
+ *
+ * @example
+ * ```tsx
+ * const { needsRestore, restore, backup } = useSecureBackup();
+ * const { device, register } = useSecureDevice();
+ * // Route an evicted / fresh client to restore; a true first-run to register.
+ * if (needsRestore) await restore(passphrase);      // prompt for the passphrase first
+ * else if (!device) await register();
+ * await backup(passphrase);                          // later, after a device/chat exists
+ * ```
+ * Restore should complete before the app relies on `useSecureDevice` (which read `device: null` on its
+ * own mount) — gate the chat subtree on a post-restore flag or remount it after restore.
+ */
+export function useSecureBackup() {
+    const { crypto, rest, repo, rememberGroup, subscribeGroupChange } = useSecureChat();
+    const [backingUp, setBackingUp] = useState(false);
+    const [restoring, setRestoring] = useState(false);
+    const [error, setError] = useState(null);
+    const [lastBackupAt, setLastBackupAt] = useState(null);
+    const [needsBackup, setNeedsBackup] = useState(false);
+    const [needsRestore, setNeedsRestore] = useState(false);
+    const [checkingRestore, setCheckingRestore] = useState(false);
+    // A group advancing (a join or a processed Commit) means the on-server backup is now stale.
+    // Guard the very first synchronous fire so mount doesn't immediately flag a backup as needed.
+    const armed = useRef(false);
+    useEffect(() => {
+        armed.current = true;
+        return subscribeGroupChange(() => {
+            if (armed.current)
+                setNeedsBackup(true);
+        });
+    }, [subscribeGroupChange]);
+    // Eviction / fresh-client detection: local key material gone but a server backup exists ⇒ restore is
+    // possible (and preferable to registering a new, history-less identity). Evicted, "cleared browsing
+    // data", and a brand-new browser are indistinguishable here and resolve the same way. We only hit the
+    // server when there's no local device, so the common (healthy) path stays a single IndexedDB read.
+    const recheckRestore = useCallback(async () => {
+        setCheckingRestore(true);
+        try {
+            const persisted = await repo.loadDevice();
+            if (persisted) {
+                setNeedsRestore(false);
+                return false;
+            }
+            const model = await rest.getKeyBackup();
+            const possible = model !== null;
+            setNeedsRestore(possible);
+            return possible;
+        }
+        catch (err) {
+            // Fail soft: a network blip must not strand the user as "needs restore". Surface the error only.
+            setError(err);
+            setNeedsRestore(false);
+            return false;
+        }
+        finally {
+            setCheckingRestore(false);
+        }
+    }, [repo, rest]);
+    useEffect(() => {
+        let alive = true;
+        repo
+            .loadDevice()
+            .then(async (persisted) => {
+            if (!alive || persisted)
+                return; // have local state → not evicted; skip the server call
+            const model = await rest.getKeyBackup();
+            if (alive)
+                setNeedsRestore(model !== null);
+        })
+            .catch((err) => {
+            if (alive)
+                setError(err); // fail soft
+        });
+        return () => {
+            alive = false;
+        };
+    }, [repo, rest]);
+    const backup = useCallback(async (passphrase) => {
+        setBackingUp(true);
+        setError(null);
+        try {
+            const b = await crypto.exportBackup(passphrase);
+            const { updatedAt } = await rest.uploadKeyBackup({
+                // base64 at the wire boundary; KDF params (incl. the hex salt) are non-secret metadata.
+                blob: toBase64(b.blob),
+                nonce: toBase64(b.nonce),
+                kdf: b.kdf,
+                kdfParams: b.kdfParams,
+                cipher: b.cipher,
+                version: b.version,
+            });
+            setLastBackupAt(updatedAt);
+            setNeedsBackup(false);
+        }
+        catch (err) {
+            setError(err);
+            throw err;
+        }
+        finally {
+            setBackingUp(false);
+        }
+    }, [crypto, rest]);
+    const restore = useCallback(async (passphrase) => {
+        setRestoring(true);
+        setError(null);
+        try {
+            const model = await rest.getKeyBackup();
+            if (!model)
+                throw new Error("No key backup found on the server to restore.");
+            // Decrypt + repopulate crypto memory (identity + groups). Returns the restored identity.
+            const id = await crypto.importBackup(passphrase, {
+                blob: fromBase64(model.blob),
+                nonce: fromBase64(model.nonce),
+                kdf: model.kdf,
+                kdfParams: model.kdfParams,
+                cipher: model.cipher,
+                version: model.version,
+            });
+            // Re-assert the (already-registered) device to recover its server row — idempotent on
+            // (userId, deviceId). The row's id is the senderDeviceId messages need.
+            const device = await rest.registerDevice({
+                deviceId: id.deviceId,
+                signaturePublicKey: toBase64(id.signaturePublicKey),
+                credential: toBase64(id.credential),
+                ciphersuite: id.ciphersuite,
+            });
+            await repo.saveDevice({
+                deviceId: id.deviceId,
+                deviceState: await crypto.exportDeviceState(),
+                device,
+            });
+            // Rebind conversationId → restored group state from the server's conversation list.
+            let cursor;
+            for (;;) {
+                const page = await rest.listConversations(cursor ? { cursor } : undefined);
+                for (const c of page.conversations) {
+                    try {
+                        await rememberGroup(c.id, {
+                            mlsGroupId: fromBase64(c.mlsGroupId),
+                            epoch: BigInt(c.currentEpoch),
+                        });
+                    }
+                    catch {
+                        // The group isn't in this backup (created after it, or we're not a member) — skip it.
+                    }
+                }
+                if (!page.hasMore || page.conversations.length === 0)
+                    break;
+                const last = page.conversations[page.conversations.length - 1];
+                cursor = last.lastMessageAt ?? last.createdAt;
+            }
+            setNeedsBackup(false);
+            setNeedsRestore(false); // we now hold local key material again
+        }
+        catch (err) {
+            setError(err);
+            throw err;
+        }
+        finally {
+            setRestoring(false);
+        }
+    }, [crypto, rest, repo, rememberGroup]);
+    return {
+        backup,
+        restore,
+        backingUp,
+        restoring,
+        error,
+        lastBackupAt,
+        needsBackup,
+        needsRestore,
+        checkingRestore,
+        recheckRestore,
+        estimateStrength: estimatePassphraseStrength,
+    };
+}
+//# sourceMappingURL=useSecureBackup.js.map

package/dist/esm/hooks/useSecureBackup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSecureBackup.js","sourceRoot":"","sources":["../../../src/hooks/useSecureBackup.tsx"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,EAAE;AACF,kGAAkG;AAClG,kGAAkG;AAClG,4FAA4F;AAC5F,EAAE;AACF,kGAAkG;AAClG,mGAAmG;AACnG,oGAAoG;AACpG,mGAAmG;AACnG,gGAAgG;AAChG,mDAAmD;AAEnD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAClE,OAAO,EACL,0BAA0B,GAE3B,MAAM,kCAAkC,CAAC;AA6C1C;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,EAAE,oBAAoB,EAAE,GAAG,aAAa,EAAE,CAAC;IAEpF,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IACtE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACxD,MAAM,CAAC,eAAe,EAAE,kBAAkB,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE9D,4FAA4F;IAC5F,8FAA8F;IAC9F,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,SAAS,CAAC,GAAG,EAAE;QACb,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC;QACrB,OAAO,oBAAoB,CAAC,GAAG,EAAE;YAC/B,IAAI,KAAK,CAAC,OAAO;gBAAE,cAAc,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAE3B,qGAAqG;IACrG,oGAAoG;IACpG,sGAAsG;IACtG,mGAAmG;IACnG,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,IAAsB,EAAE;QAC9D,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,SAAS,EAAE,CAAC;gBACd,eAAe,CAAC,KAAK,CAAC,CAAC;gBACvB,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,KAAK,KAAK,IAAI,CAAC;YAChC,eAAe,CAAC,QAAQ,CAAC,CAAC;YAC1B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,iGAAiG;YACjG,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,eAAe,CAAC,KAAK,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;gBAAS,CAAC;YACT,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAEjB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,IAAI;aACD,UAAU,EAAE;aACZ,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE;YACxB,IAAI,CAAC,KAAK,IAAI,SAAS;gBAAE,OAAO,CAAC,uDAAuD;YACxF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,IAAI,KAAK;gBAAE,eAAe,CAAC,KAAK,KAAK,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,IAAI,KAAK;gBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY;QACxC,CAAC,CAAC,CAAC;QACL,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAEjB,MAAM,MAAM,GAAG,WAAW,CACxB,KAAK,EAAE,UAAkB,EAAiB,EAAE;QAC1C,YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC;gBAC/C,wFAAwF;gBACxF,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;gBACtB,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;gBACxB,GAAG,EAAE,CAAC,CAAC,GAA4B;gBACnC,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,MAAM,EAAE,CAAC,CAAC,MAA6C;gBACvD,OAAO,EAAE,CAAC,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,eAAe,CAAC,SAAS,CAAC,CAAC;YAC3B,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,CAAC,CACf,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,CACzB,KAAK,EAAE,UAAkB,EAAiB,EAAE;QAC1C,YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YAE7E,yFAAyF;YACzF,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,UAAU,EAAE;gBAC/C,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC;gBAC9B,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC,CAAC;YAEH,sFAAsF;YACtF,wEAAwE;YACxE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBACvC,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,kBAAkB,EAAE,QAAQ,CAAC,EAAE,CAAC,kBAAkB,CAAC;gBACnD,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC,UAAU,CAAC;gBACnC,WAAW,EAAE,EAAE,CAAC,WAAW;aAC5B,CAAC,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC;gBACpB,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,WAAW,EAAE,MAAM,MAAM,CAAC,iBAAiB,EAAE;gBAC7C,MAAM;aACP,CAAC,CAAC;YAEH,oFAAoF;YACpF,IAAI,MAA0B,CAAC;YAC/B,SAAS,CAAC;gBACR,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBAC3E,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnC,IAAI,CAAC;wBACH,MAAM,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE;4BACxB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;4BACpC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC;yBAC9B,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,sFAAsF;oBACxF,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC;oBAAE,MAAM;gBAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;gBAChE,MAAM,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,SAAS,CAAC;YAChD,CAAC;YAED,cAAc,CAAC,KAAK,CAAC,CAAC;YACtB,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,uCAAuC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,aAAa,CAAC,CACpC,CAAC;IAEF,OAAO;QACL,MAAM;QACN,OAAO;QACP,SAAS;QACT,SAAS;QACT,KAAK;QACL,YAAY;QACZ,WAAW;QACX,YAAY;QACZ,eAAe;QACf,cAAc;QACd,gBAAgB,EAAE,0BAA0B;KAC7C,CAAC;AACJ,CAAC"}

package/dist/esm/hooks/useSecureDevice.d.ts

@@ -8,7 +8,20 @@ export interface UseSecureDeviceOptions {
     ciphersuite?: number;
     /** How many KeyPackages to publish on registration and replenish toward. Default 20. */
     keyPackageTarget?: number;
-    /** Auto-replenish when `secure:key-packages-low` fires. Default true. */
+    /**
+     * Low-water mark: when the server's available count drops **below** this, a top-up refills to
+     * {@link UseSecureDeviceOptions.keyPackageTarget}. KeyPackages are single-use, so this guards
+     * against exhaustion (peers unable to add this device). Default `ceil(keyPackageTarget / 2)` (10 for
+     * the default target of 20). Only governs the proactive/manual path — the server's
+     * `secure:key-packages-low` signal always tops up, since the server already judged the stock low.
+     */
+    keyPackageLowWater?: number;
+    /**
+     * Auto-replenish without app involvement. Default true. When true the hook subscribes to
+     * `secure:key-packages-low` and runs a one-shot proactive count check once the device is ready. When
+     * false, both automatic paths are disabled but {@link UseSecureDeviceValues.checkAndReplenish}
+     * still works on demand.
+     */
     autoReplenish?: boolean;
 }
 /** The state and actions returned by {@link useSecureDevice}. */
@@ -29,6 +42,13 @@ export interface UseSecureDeviceValues {
     publishKeyPackages: (count?: number) => Promise<number>;
     /** Re-query the server for the available KeyPackage count and update `keyPackagesAvailable`. */
     refreshKeyPackageCount: () => Promise<number>;
+    /**
+     * Refresh the server count and, if it's below the low-water mark, top up to `keyPackageTarget`
+     * (publishing only the deficit). Safe to call before {@link UseSecureDeviceValues.register} — it
+     * no-ops to 0 when there's no device and never throws for that case — so an app can wire it to a
+     * window-focus / app-foreground handler.
+     */
+    checkAndReplenish: () => Promise<number>;
 }
 /**
  * Register this client as an MLS device, persist its identity, and keep KeyPackages stocked.

package/dist/esm/hooks/useSecureDevice.js

@@ -3,7 +3,14 @@
 //
 // On mount it re-hydrates a persisted device (stable deviceId + private state via
 // crypto.importDeviceState) so a reload does NOT mint a new identity. register() generates, registers
-// on the server, and persists. Replenishes on the `secure:key-packages-low` realtime signal.
+// on the server, and persists.
+//
+// KeyPackages are single-use (the server consumes one per group-add), so running dry means peers can't
+// add this device. The hook keeps the stock topped up to `keyPackageTarget` from three triggers: the
+// server's `secure:key-packages-low` realtime signal, a one-shot proactive count check once the device
+// is ready (self-heals a client that missed the signal while offline), and an app-callable
+// `checkAndReplenish()` (e.g. on window focus). Each top-up publishes only the DEFICIT to the target
+// (using the actual available count), not a blind full batch.
 import { useCallback, useEffect, useRef, useState } from "react";
 import { toBase64 } from "../util/base64.js";
 import { useSecureChat } from "../context/secure-chat-context.js";
@@ -37,6 +44,7 @@ function newDeviceId() {
 export function useSecureDevice(options = {}) {
     const { crypto, rest, socket, repo } = useSecureChat();
     const { ciphersuite, keyPackageTarget = 20, autoReplenish = true } = options;
+    const keyPackageLowWater = options.keyPackageLowWater ?? Math.ceil(keyPackageTarget / 2);
     const [device, setDevice] = useState(null);
     const [loading, setLoading] = useState(true);
     const [registering, setRegistering] = useState(false);
@@ -44,6 +52,8 @@ export function useSecureDevice(options = {}) {
     const [keyPackagesAvailable, setKeyPackagesAvailable] = useState(null);
     const deviceIdRef = useRef(options.deviceId ?? newDeviceId());
     const registerStartedRef = useRef(false);
+    // Guards the one-shot proactive count check so it runs once per device-ready, not on every render.
+    const proactiveCheckedRef = useRef(false);
     // On mount: re-hydrate a persisted device (stable id + private state). No persisted device ⇒
     // first-run; the app calls register().
     useEffect(() => {
@@ -96,6 +106,25 @@ export function useSecureDevice(options = {}) {
         setKeyPackagesAvailable(available);
         return available;
     }, [rest, device]);
+    // Publish only the shortfall (target − available) to refill to the target; nothing if already
+    // at/above it. Optimistically bumps the local count so the UI reflects the refill without a re-query.
+    // Callers guarantee `device` exists (publishKeyPackages throws otherwise).
+    const replenishToTarget = useCallback(async (available) => {
+        const deficit = keyPackageTarget - available;
+        if (deficit <= 0)
+            return 0;
+        const published = await publishKeyPackages(deficit);
+        setKeyPackagesAvailable(available + published);
+        return published;
+    }, [keyPackageTarget, publishKeyPackages]);
+    const checkAndReplenish = useCallback(async () => {
+        if (!device)
+            return 0; // not registered yet — no-op (app may call this eagerly on focus)
+        const available = await refreshKeyPackageCount();
+        if (available >= keyPackageLowWater)
+            return 0;
+        return replenishToTarget(available);
+    }, [device, refreshKeyPackageCount, keyPackageLowWater, replenishToTarget]);
     const register = useCallback(async () => {
         registerStartedRef.current = true;
         setRegistering(true);
@@ -125,17 +154,28 @@ export function useSecureDevice(options = {}) {
             setRegistering(false);
         }
     }, [crypto, rest, repo, ciphersuite]);
-    // Auto-replenish on the server's low-water signal for this device.
+    // Auto-replenish on the server's low-water signal for this device. We top up to the target using the
+    // count the signal reports (not a blind full batch), and trust the server's "low" verdict — the
+    // client `keyPackageLowWater` only gates the proactive path below.
     useEffect(() => {
         if (!autoReplenish || !device)
             return;
         const off = socket.on("secure:key-packages-low", (signal) => {
             if (signal.deviceId !== device.id)
-                return;
-            publishKeyPackages().catch(setError);
+                return; // device.id is the server ROW id, not the deviceId
+            setKeyPackagesAvailable(signal.available);
+            replenishToTarget(signal.available).catch(setError);
         });
         return off;
-    }, [autoReplenish, device, socket, publishKeyPackages]);
+    }, [autoReplenish, device, socket, replenishToTarget]);
+    // One-shot proactive top-up once the device is ready (covers both register and rehydrate-on-mount),
+    // so a client that missed the realtime signal while offline self-heals on next load.
+    useEffect(() => {
+        if (!autoReplenish || !device || proactiveCheckedRef.current)
+            return;
+        proactiveCheckedRef.current = true;
+        checkAndReplenish().catch(setError);
+    }, [autoReplenish, device, checkAndReplenish]);
     return {
         device,
         loading,
@@ -145,6 +185,7 @@ export function useSecureDevice(options = {}) {
         register,
         publishKeyPackages,
         refreshKeyPackageCount,
+        checkAndReplenish,
     };
 }
 //# sourceMappingURL=useSecureDevice.js.map

package/dist/esm/hooks/useSecureDevice.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSecureDevice.js","sourceRoot":"","sources":["../../../src/hooks/useSecureDevice.tsx"],"names":[],"mappings":"AAAA,qGAAqG;AACrG,yBAAyB;AACzB,EAAE;AACF,kFAAkF;AAClF,sGAAsG;AACtG,6FAA6F;AAE7F,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAElE;;;;;GAKG;AACH,SAAS,WAAW;IAClB,MAAM,CAAC,GAAI,UAAyD,CAAC,MAAM,CAAC;IAC5E,IAAI,CAAC,EAAE,UAAU;QAAE,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC;IACzC,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AAC1F,CAAC;AAmCD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkC,EAAE;IAClE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,EAAE,CAAC;IACvD,MAAM,EAAE,WAAW,EAAE,gBAAgB,GAAG,EAAE,EAAE,aAAa,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE7E,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAA2B,IAAI,CAAC,CAAC;IACrE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAEtF,MAAM,WAAW,GAAG,MAAM,CAAS,OAAO,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC,CAAC;IACtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAEzC,6FAA6F;IAC7F,uCAAuC;IACvC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,CAAC,KAAK,IAAI,EAAE;YACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;gBAClB,OAAO;YACT,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBACtD,+EAA+E;gBAC/E,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAClB,OAAO;gBACT,CAAC;gBACD,WAAW,CAAC,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC;gBACzC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC9B,CAAC;YACD,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,IAAI,CAAC,KAAK;gBAAE,OAAO;YACnB,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,kBAAkB,GAAG,WAAW,CACpC,KAAK,EAAE,QAAgB,gBAAgB,EAAmB,EAAE;QAC1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACzD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;gBAClC,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACzC,CAAC;IAEF,MAAM,sBAAsB,GAAG,WAAW,CAAC,KAAK,IAAqB,EAAE;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,IAAgC,EAAE;QAClE,kBAAkB,CAAC,OAAO,GAAG,IAAI,CAAC;QAClC,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC;gBACvD,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,WAAW;aACZ,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzD,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACzC,WAAW,EAAE,QAAQ,CAAC,WAAW;aAClC,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACrD,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YACxF,WAAW,CAAC,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACxC,SAAS,CAAC,UAAU,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAEtC,mEAAmE;IACnE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM;YAAE,OAAO;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,yBAAyB,EAAE,CAAC,MAAM,EAAE,EAAE;YAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE;gBAAE,OAAO;YAC1C,kBAAkB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAExD,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;QACX,KAAK;QACL,oBAAoB;QACpB,QAAQ;QACR,kBAAkB;QAClB,sBAAsB;KACvB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"useSecureDevice.js","sourceRoot":"","sources":["../../../src/hooks/useSecureDevice.tsx"],"names":[],"mappings":"AAAA,qGAAqG;AACrG,yBAAyB;AACzB,EAAE;AACF,kFAAkF;AAClF,sGAAsG;AACtG,+BAA+B;AAC/B,EAAE;AACF,uGAAuG;AACvG,qGAAqG;AACrG,uGAAuG;AACvG,2FAA2F;AAC3F,qGAAqG;AACrG,8DAA8D;AAE9D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,mCAAmC,CAAC;AAElE;;;;;GAKG;AACH,SAAS,WAAW;IAClB,MAAM,CAAC,GAAI,UAAyD,CAAC,MAAM,CAAC;IAC5E,IAAI,CAAC,EAAE,UAAU;QAAE,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC;IACzC,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AAC1F,CAAC;AAuDD;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,UAAkC,EAAE;IAClE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,EAAE,CAAC;IACvD,MAAM,EAAE,WAAW,EAAE,gBAAgB,GAAG,EAAE,EAAE,aAAa,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAC7E,MAAM,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC,CAAC;IAEzF,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAA2B,IAAI,CAAC,CAAC;IACrE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,GAAG,QAAQ,CAAgB,IAAI,CAAC,CAAC;IAEtF,MAAM,WAAW,GAAG,MAAM,CAAS,OAAO,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC,CAAC;IACtE,MAAM,kBAAkB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,mGAAmG;IACnG,MAAM,mBAAmB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAE1C,6FAA6F;IAC7F,uCAAuC;IACvC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,CAAC,KAAK,IAAI,EAAE;YACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;gBAClB,OAAO;YACT,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBACtD,+EAA+E;gBAC/E,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAClB,OAAO;gBACT,CAAC;gBACD,WAAW,CAAC,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC;gBACzC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC9B,CAAC;YACD,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,IAAI,CAAC,KAAK;gBAAE,OAAO;YACnB,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,kBAAkB,GAAG,WAAW,CACpC,KAAK,EAAE,QAAgB,gBAAgB,EAAmB,EAAE;QAC1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACzD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;gBAClC,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACzC,CAAC;IAEF,MAAM,sBAAsB,GAAG,WAAW,CAAC,KAAK,IAAqB,EAAE;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,8FAA8F;IAC9F,sGAAsG;IACtG,2EAA2E;IAC3E,MAAM,iBAAiB,GAAG,WAAW,CACnC,KAAK,EAAE,SAAiB,EAAmB,EAAE;QAC3C,MAAM,OAAO,GAAG,gBAAgB,GAAG,SAAS,CAAC;QAC7C,IAAI,OAAO,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;QAC3B,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACpD,uBAAuB,CAAC,SAAS,GAAG,SAAS,CAAC,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC,EACD,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CACvC,CAAC;IAEF,MAAM,iBAAiB,GAAG,WAAW,CAAC,KAAK,IAAqB,EAAE;QAChE,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC,CAAC,kEAAkE;QACzF,MAAM,SAAS,GAAG,MAAM,sBAAsB,EAAE,CAAC;QACjD,IAAI,SAAS,IAAI,kBAAkB;YAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC,EAAE,CAAC,MAAM,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAE5E,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,IAAgC,EAAE;QAClE,kBAAkB,CAAC,OAAO,GAAG,IAAI,CAAC;QAClC,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC;gBACvD,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,WAAW;aACZ,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzD,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACzC,WAAW,EAAE,QAAQ,CAAC,WAAW;aAClC,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACrD,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YACxF,WAAW,CAAC,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACxC,SAAS,CAAC,UAAU,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAEtC,qGAAqG;IACrG,gGAAgG;IAChG,mEAAmE;IACnE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM;YAAE,OAAO;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,yBAAyB,EAAE,CAAC,MAAM,EAAE,EAAE;YAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE;gBAAE,OAAO,CAAC,mDAAmD;YAC9F,uBAAuB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1C,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAEvD,oGAAoG;IACpG,qFAAqF;IACrF,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM,IAAI,mBAAmB,CAAC,OAAO;YAAE,OAAO;QACrE,mBAAmB,CAAC,OAAO,GAAG,IAAI,CAAC;QACnC,iBAAiB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAE/C,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;QACX,KAAK;QACL,oBAAoB;QACpB,QAAQ;QACR,kBAAkB;QAClB,sBAAsB;QACtB,iBAAiB;KAClB,CAAC;AACJ,CAAC"}