@agora-sdk/secure-chat-react-js 0.6.4 → 0.7.0

package/dist/esm/encrypted-store.d.ts

@@ -0,0 +1,140 @@
+import type { SecureChatStore } from "@agora-sdk/secure-chat-core";
+/**
+ * Thrown by every {@link EncryptedStore} data operation (`get`/`set`/`delete`/`list`) while the store
+ * is locked. Surfacing it (rather than silently returning empty) keeps the store fail-closed: a caller
+ * must `unlock(password)` before any persistence happens. Carries no secret material.
+ */
+export declare class StoreLockedError extends Error {
+    constructor(message?: string);
+}
+/** Options for {@link createEncryptedStore}. */
+export interface EncryptedStoreOptions {
+}
+/**
+ * A {@link SecureChatStore} decorator that adds at-rest encryption: it seals each VALUE under a
+ * password-derived key before delegating to a base store, and opens it on read. Store KEYS pass
+ * through in the clear (see the file header for the honest scope). Beyond the four store methods it
+ * exposes `unlock`/`lock`/`isLocked`/`changePassword` so the app can drive lock state while the
+ * provider still receives a plain `SecureChatStore`.
+ *
+ * Construct via {@link createEncryptedStore}; do not `new` it directly.
+ *
+ * @example
+ * ```ts
+ * const enc = createEncryptedStore(createIndexedDBStore());
+ * await enc.unlock(password);            // derive KEK, unwrap/generate DEK
+ * <SecureChatProvider store={enc} crypto={crypto} projectId={id} />
+ * // later, on logout / idle:
+ * enc.lock();                            // drops the in-memory DEK/KEK
+ * ```
+ */
+export declare class EncryptedStore implements SecureChatStore {
+    #private;
+    private readonly base;
+    /**
+     * @param base - The underlying store to seal/open values against (normally `createIndexedDBStore()`).
+     * @param _opts - {@link EncryptedStoreOptions} (reserved; no effect today).
+     */
+    constructor(base: SecureChatStore, _opts?: EncryptedStoreOptions);
+    /**
+     * Whether the store is currently locked (no DEK in memory). All data operations throw
+     * {@link StoreLockedError} while locked.
+     *
+     * @returns `true` if locked, `false` once {@link unlock} has succeeded.
+     */
+    isLocked(): boolean;
+    /**
+     * Unlock the store with the user's password. On first use (no meta record) this generates a fresh
+     * salt + DEK, wraps the DEK under the password-derived KEK, and persists the meta record. On a
+     * re-open it derives the KEK from the stored salt and unwraps the existing DEK. After success the
+     * (non-extractable) DEK is held in memory and data operations work.
+     *
+     * @param password - The user's password. Never logged, thrown, or persisted in the clear.
+     * @returns A promise that resolves once the DEK is in memory.
+     * @throws {Error} A generic "wrong password or corrupt store" error if the meta record exists but
+     *   the DEK cannot be unwrapped (wrong password OR tampered store — deliberately indistinguishable).
+     *   The store stays locked on failure.
+     */
+    unlock(password: string): Promise<void>;
+    /**
+     * Lock the store by dropping the in-memory DEK. Subsequent data operations throw
+     * {@link StoreLockedError} until {@link unlock} is called again. This is a disk-lock: it does not
+     * purge plaintext already cached elsewhere (provider/crypto in-memory state) — that is a later
+     * feature.
+     */
+    lock(): void;
+    /**
+     * Change the password without re-encrypting any data: verify/derive against the SAME DEK and re-wrap
+     * it under a KEK derived from the new password + a fresh salt, then rewrite the meta record.
+     *
+     * Requires the store to be unlocked (the in-memory DEK is the source of truth); `oldPassword` is
+     * additionally verified by re-deriving its KEK and unwrapping the stored DEK, so a wrong old password
+     * fails closed without touching the meta record.
+     *
+     * @param oldPassword - The current password (verified before any change).
+     * @param newPassword - The replacement password.
+     * @returns A promise that resolves once the meta record has been rewritten.
+     * @throws {StoreLockedError} If the store is locked (unlock first).
+     * @throws {Error} A generic "wrong password or corrupt store" error if `oldPassword` does not unwrap
+     *   the stored DEK. The meta record is left unchanged.
+     */
+    changePassword(oldPassword: string, newPassword: string): Promise<void>;
+    /**
+     * Read and open the value at `key`. A miss returns `null`. On any decrypt/authentication failure it
+     * THROWS (fail closed) and never returns raw or partially-decrypted bytes.
+     *
+     * @param key - The store key (passed through to the base store unencrypted).
+     * @returns The decrypted bytes, or `null` if the key is absent.
+     * @throws {StoreLockedError} If the store is locked.
+     * @throws {Error} If the stored blob is malformed or fails AES-GCM authentication (tamper/corruption).
+     */
+    get(key: string): Promise<Uint8Array | null>;
+    /**
+     * Seal `value` and write it at `key`. Format: `[version:1][nonce:12][AES-GCM ciphertext+tag]`, with
+     * a fresh CSPRNG nonce per write.
+     *
+     * @param key - The store key (passed through unencrypted).
+     * @param value - The plaintext bytes to seal.
+     * @returns A promise that resolves once the sealed blob is persisted.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    set(key: string, value: Uint8Array): Promise<void>;
+    /**
+     * Remove `key` from the base store (no-op when absent). Requires the store to be unlocked.
+     *
+     * @param key - The store key to delete.
+     * @returns A promise that resolves once the key is removed.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    delete(key: string): Promise<void>;
+    /**
+     * List base-store keys starting with `prefix`, with the reserved meta key filtered out so it never
+     * surfaces to the repository.
+     *
+     * @param prefix - The key prefix (`""` for every key).
+     * @returns The matching keys, excluding the internal `__enc__` meta record.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    list(prefix: string): Promise<string[]>;
+}
+/**
+ * Wrap a base {@link SecureChatStore} (normally `createIndexedDBStore()`) with at-rest encryption.
+ * Returns a locked store: the app must call `unlock(password)` before mounting `<SecureChatProvider>`,
+ * and may `lock()` it on logout/idle. Values are sealed with AES-256-GCM under a DEK that is wrapped by
+ * an argon2id-derived KEK; store keys pass through in the clear (see this module's header for scope).
+ *
+ * @param base - The underlying durable store to seal/open values against.
+ * @param opts - {@link EncryptedStoreOptions} (reserved; no effect today).
+ * @returns A locked {@link EncryptedStore} — call `unlock(password)` to enable persistence.
+ *
+ * @example
+ * ```ts
+ * import { createIndexedDBStore, createEncryptedStore } from "@agora-sdk/secure-chat-react-js";
+ *
+ * const store = createEncryptedStore(createIndexedDBStore());
+ * await store.unlock(userPassword);      // first use mints the DEK; later opens unwrap it
+ * // pass `store` to <SecureChatProvider store={store} … />
+ * store.lock();                          // drop the in-memory DEK when locking the app
+ * ```
+ */
+export declare function createEncryptedStore(base: SecureChatStore, opts?: EncryptedStoreOptions): EncryptedStore;

package/dist/esm/encrypted-store.js

@@ -0,0 +1,353 @@
+// Encryption-at-rest decorator for the web SecureChatStore.
+//
+// Where it sits in the blind-server / client-crypto model: everything the secure-chat client persists
+// flows through one `SecureChatStore` key→blob seam — MLS group/ratchet secrets (`group:`), the device
+// signing key (`device`), DECRYPTED message plaintext (`msg:`, the durable history), and delivery
+// cursors. On web the base store is `createIndexedDBStore()`, which writes plaintext readable by any
+// same-origin script or anyone with disk access. The blind server still never sees any of it; this
+// decorator closes the *local* at-rest gap by sealing every VALUE under a password-derived key before
+// it reaches the base store, and opening it on the way out.
+//
+// Key hierarchy (Approach A): a password is stretched with argon2id into a Key-Encryption-Key (KEK,
+// once per unlock), which unwraps a random AES-256-GCM Data-Encryption-Key (DEK) held only as a
+// NON-EXTRACTABLE WebCrypto CryptoKey. Per-value AES-GCM uses the DEK with a fresh random nonce. The
+// AEAD unlock IS the password check — there is no separate stored hash to leak. A password change
+// re-wraps the SAME DEK (no bulk re-encryption), so existing values stay readable.
+//
+// SECURITY POSTURE (honest, per CLAUDE.md §1):
+//   • Values are sealed; store KEYS pass through in the clear. Keys leak conversation ids and
+//     per-conversation message counts — which the blind server already observes — but never plaintext
+//     or key material. Encrypting keys/metadata is a deliberately-deferred later feature.
+//   • Fail closed everywhere: locked → every op throws `StoreLockedError`; a wrong password or a
+//     tampered value → the AEAD throws and we rethrow a GENERIC error (we never distinguish wrong
+//     password from tamper, and never return raw/undecrypted bytes).
+//   • Nothing here ever logs, throws, or serializes the password, KEK, DEK, or any plaintext.
+//   • All crypto is WebCrypto + @noble/hashes argon2id — no hand-rolled primitives, CSPRNG nonces only.
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _EncryptedStore_instances, _EncryptedStore_dek, _EncryptedStore_requireUnlocked, _EncryptedStore_deriveKek, _EncryptedStore_unwrapDek, _EncryptedStore_parseMeta;
+import { toBase64, fromBase64 } from "@agora-sdk/secure-chat-core";
+import { argon2idAsync } from "@noble/hashes/argon2.js";
+/**
+ * argon2id parameters for deriving the KEK from the password — RFC 9106 "FIRST RECOMMENDED"
+ * high-memory profile (m=64 MiB, t=3, p=1) with a 32-byte output, matching
+ * `@agora-sdk/secure-chat-crypto`'s backup codec. Unlock is interactive-but-rare, so the ~0.5–1s cost
+ * is acceptable and buys strong resistance to offline brute-force of the password if the on-disk store
+ * is exfiltrated.
+ */
+const ARGON2_PARAMS = { m: 65536, t: 3, p: 1, dkLen: 32 };
+/** The on-disk format version stamped into the meta record and every sealed value. */
+const VERSION = 1;
+/** Reserved base-store key for the (never-encrypted, never-listed) meta record. */
+const META_KEY = "__enc__";
+/** Random salt length for argon2id (bytes). */
+const SALT_BYTES = 16;
+/** AES-GCM nonce length (bytes) — 96-bit, the WebCrypto/NIST-recommended IV size. */
+const NONCE_BYTES = 12;
+const utf8 = (s) => new TextEncoder().encode(s);
+/**
+ * Coerce bytes to a WebCrypto `BufferSource` backed by a plain `ArrayBuffer`. `@noble/hashes` and
+ * `subarray` views are typed `Uint8Array<ArrayBufferLike>`, which TS will not accept where WebCrypto
+ * wants an `ArrayBuffer`-backed `BufferSource`; copying into a fresh `Uint8Array` guarantees that
+ * backing. The copies are small (nonces, the wrapped DEK, per-value ciphertext) — no secret is exposed.
+ */
+const buf = (bytes) => new Uint8Array(bytes);
+/**
+ * Thrown by every {@link EncryptedStore} data operation (`get`/`set`/`delete`/`list`) while the store
+ * is locked. Surfacing it (rather than silently returning empty) keeps the store fail-closed: a caller
+ * must `unlock(password)` before any persistence happens. Carries no secret material.
+ */
+export class StoreLockedError extends Error {
+    constructor(message = "secure-chat: store is locked — call unlock(password) first") {
+        super(message);
+        this.name = "StoreLockedError";
+    }
+}
+/**
+ * A {@link SecureChatStore} decorator that adds at-rest encryption: it seals each VALUE under a
+ * password-derived key before delegating to a base store, and opens it on read. Store KEYS pass
+ * through in the clear (see the file header for the honest scope). Beyond the four store methods it
+ * exposes `unlock`/`lock`/`isLocked`/`changePassword` so the app can drive lock state while the
+ * provider still receives a plain `SecureChatStore`.
+ *
+ * Construct via {@link createEncryptedStore}; do not `new` it directly.
+ *
+ * @example
+ * ```ts
+ * const enc = createEncryptedStore(createIndexedDBStore());
+ * await enc.unlock(password);            // derive KEK, unwrap/generate DEK
+ * <SecureChatProvider store={enc} crypto={crypto} projectId={id} />
+ * // later, on logout / idle:
+ * enc.lock();                            // drops the in-memory DEK/KEK
+ * ```
+ */
+export class EncryptedStore {
+    /**
+     * @param base - The underlying store to seal/open values against (normally `createIndexedDBStore()`).
+     * @param _opts - {@link EncryptedStoreOptions} (reserved; no effect today).
+     */
+    constructor(base, _opts = {}) {
+        _EncryptedStore_instances.add(this);
+        this.base = base;
+        /** The unwrapped, non-extractable per-value AES-GCM key. `null` ⇒ locked. */
+        _EncryptedStore_dek.set(this, null);
+    }
+    /**
+     * Whether the store is currently locked (no DEK in memory). All data operations throw
+     * {@link StoreLockedError} while locked.
+     *
+     * @returns `true` if locked, `false` once {@link unlock} has succeeded.
+     */
+    isLocked() {
+        return __classPrivateFieldGet(this, _EncryptedStore_dek, "f") === null;
+    }
+    /**
+     * Unlock the store with the user's password. On first use (no meta record) this generates a fresh
+     * salt + DEK, wraps the DEK under the password-derived KEK, and persists the meta record. On a
+     * re-open it derives the KEK from the stored salt and unwraps the existing DEK. After success the
+     * (non-extractable) DEK is held in memory and data operations work.
+     *
+     * @param password - The user's password. Never logged, thrown, or persisted in the clear.
+     * @returns A promise that resolves once the DEK is in memory.
+     * @throws {Error} A generic "wrong password or corrupt store" error if the meta record exists but
+     *   the DEK cannot be unwrapped (wrong password OR tampered store — deliberately indistinguishable).
+     *   The store stays locked on failure.
+     */
+    async unlock(password) {
+        const metaBytes = await this.base.get(META_KEY);
+        if (metaBytes === null) {
+            // First unlock: mint a salt + DEK, wrap it under the KEK, persist the meta record.
+            const salt = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
+            const kek = await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_deriveKek).call(this, password, salt);
+            // Extractable so we can wrap it now; the in-memory handle below is re-imported non-extractable.
+            const freshDek = await crypto.subtle.generateKey({ name: "AES-GCM", length: 256 }, true, [
+                "encrypt",
+                "decrypt",
+            ]);
+            const wrapNonce = crypto.getRandomValues(new Uint8Array(NONCE_BYTES));
+            const wrapped = new Uint8Array(await crypto.subtle.wrapKey("raw", freshDek, kek, { name: "AES-GCM", iv: wrapNonce }));
+            const meta = {
+                version: VERSION,
+                kdf: "argon2id",
+                kdfParams: { salt: toBase64(salt), m: ARGON2_PARAMS.m, t: ARGON2_PARAMS.t, p: ARGON2_PARAMS.p },
+                wrappedDEK: toBase64(wrapped),
+                wrapNonce: toBase64(wrapNonce),
+            };
+            await this.base.set(META_KEY, utf8(JSON.stringify(meta)));
+            // Re-derive the in-memory DEK as NON-EXTRACTABLE (the extractable handle is dropped here).
+            __classPrivateFieldSet(this, _EncryptedStore_dek, await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_unwrapDek).call(this, kek, wrapped, wrapNonce), "f");
+            return;
+        }
+        // Re-open: derive the KEK from the stored salt and unwrap the existing DEK.
+        const meta = __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_parseMeta).call(this, metaBytes);
+        const kek = await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_deriveKek).call(this, password, fromBase64(meta.kdfParams.salt));
+        try {
+            __classPrivateFieldSet(this, _EncryptedStore_dek, await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_unwrapDek).call(this, kek, fromBase64(meta.wrappedDEK), fromBase64(meta.wrapNonce)), "f");
+        }
+        catch {
+            // Wrong password and a tampered wrappedDEK are indistinguishable here, and we keep it that way.
+            // Stay locked; surface nothing about the password or the failure cause.
+            __classPrivateFieldSet(this, _EncryptedStore_dek, null, "f");
+            throw new Error("secure-chat: unlock failed (wrong password or corrupt store)");
+        }
+    }
+    /**
+     * Lock the store by dropping the in-memory DEK. Subsequent data operations throw
+     * {@link StoreLockedError} until {@link unlock} is called again. This is a disk-lock: it does not
+     * purge plaintext already cached elsewhere (provider/crypto in-memory state) — that is a later
+     * feature.
+     */
+    lock() {
+        __classPrivateFieldSet(this, _EncryptedStore_dek, null, "f");
+    }
+    /**
+     * Change the password without re-encrypting any data: verify/derive against the SAME DEK and re-wrap
+     * it under a KEK derived from the new password + a fresh salt, then rewrite the meta record.
+     *
+     * Requires the store to be unlocked (the in-memory DEK is the source of truth); `oldPassword` is
+     * additionally verified by re-deriving its KEK and unwrapping the stored DEK, so a wrong old password
+     * fails closed without touching the meta record.
+     *
+     * @param oldPassword - The current password (verified before any change).
+     * @param newPassword - The replacement password.
+     * @returns A promise that resolves once the meta record has been rewritten.
+     * @throws {StoreLockedError} If the store is locked (unlock first).
+     * @throws {Error} A generic "wrong password or corrupt store" error if `oldPassword` does not unwrap
+     *   the stored DEK. The meta record is left unchanged.
+     */
+    async changePassword(oldPassword, newPassword) {
+        if (__classPrivateFieldGet(this, _EncryptedStore_dek, "f") === null)
+            throw new StoreLockedError();
+        const metaBytes = await this.base.get(META_KEY);
+        if (metaBytes === null)
+            throw new Error("secure-chat: cannot change password before first unlock");
+        const meta = __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_parseMeta).call(this, metaBytes);
+        // Verify the old password by unwrapping the stored DEK with its KEK (we re-wrap THIS exact DEK).
+        const oldKek = await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_deriveKek).call(this, oldPassword, fromBase64(meta.kdfParams.salt));
+        let dekToRewrap;
+        try {
+            // Re-wrap needs an EXTRACTABLE handle, so unwrap extractable here (held only for the wrap below).
+            dekToRewrap = await crypto.subtle.unwrapKey("raw", buf(fromBase64(meta.wrappedDEK)), oldKek, { name: "AES-GCM", iv: buf(fromBase64(meta.wrapNonce)) }, { name: "AES-GCM", length: 256 }, true, ["encrypt", "decrypt"]);
+        }
+        catch {
+            throw new Error("secure-chat: unlock failed (wrong password or corrupt store)");
+        }
+        // Derive a new KEK from the new password + a fresh salt, and re-wrap the same DEK under it.
+        const newSalt = crypto.getRandomValues(new Uint8Array(SALT_BYTES));
+        const newKek = await __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_deriveKek).call(this, newPassword, newSalt);
+        const newWrapNonce = crypto.getRandomValues(new Uint8Array(NONCE_BYTES));
+        const newWrapped = new Uint8Array(await crypto.subtle.wrapKey("raw", dekToRewrap, newKek, { name: "AES-GCM", iv: newWrapNonce }));
+        const newMeta = {
+            version: VERSION,
+            kdf: "argon2id",
+            kdfParams: { salt: toBase64(newSalt), m: ARGON2_PARAMS.m, t: ARGON2_PARAMS.t, p: ARGON2_PARAMS.p },
+            wrappedDEK: toBase64(newWrapped),
+            wrapNonce: toBase64(newWrapNonce),
+        };
+        await this.base.set(META_KEY, utf8(JSON.stringify(newMeta)));
+    }
+    /**
+     * Read and open the value at `key`. A miss returns `null`. On any decrypt/authentication failure it
+     * THROWS (fail closed) and never returns raw or partially-decrypted bytes.
+     *
+     * @param key - The store key (passed through to the base store unencrypted).
+     * @returns The decrypted bytes, or `null` if the key is absent.
+     * @throws {StoreLockedError} If the store is locked.
+     * @throws {Error} If the stored blob is malformed or fails AES-GCM authentication (tamper/corruption).
+     */
+    async get(key) {
+        const dek = __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_requireUnlocked).call(this);
+        const sealed = await this.base.get(key);
+        if (sealed === null)
+            return null;
+        if (sealed.length < 1 + NONCE_BYTES || sealed[0] !== VERSION) {
+            throw new Error("secure-chat: stored value is malformed (bad header)");
+        }
+        const nonce = sealed.subarray(1, 1 + NONCE_BYTES);
+        const ciphertext = sealed.subarray(1 + NONCE_BYTES);
+        let plain;
+        try {
+            plain = await crypto.subtle.decrypt({ name: "AES-GCM", iv: buf(nonce) }, dek, buf(ciphertext));
+        }
+        catch {
+            // AEAD failure ⇒ wrong key or tampered ciphertext. Fail closed; never return raw bytes.
+            throw new Error("secure-chat: value decrypt failed (corrupt or tampered store)");
+        }
+        return new Uint8Array(plain);
+    }
+    /**
+     * Seal `value` and write it at `key`. Format: `[version:1][nonce:12][AES-GCM ciphertext+tag]`, with
+     * a fresh CSPRNG nonce per write.
+     *
+     * @param key - The store key (passed through unencrypted).
+     * @param value - The plaintext bytes to seal.
+     * @returns A promise that resolves once the sealed blob is persisted.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    async set(key, value) {
+        const dek = __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_requireUnlocked).call(this);
+        const nonce = crypto.getRandomValues(new Uint8Array(NONCE_BYTES));
+        const ct = new Uint8Array(await crypto.subtle.encrypt({ name: "AES-GCM", iv: buf(nonce) }, dek, buf(value)));
+        const sealed = new Uint8Array(1 + NONCE_BYTES + ct.length);
+        sealed[0] = VERSION;
+        sealed.set(nonce, 1);
+        sealed.set(ct, 1 + NONCE_BYTES);
+        await this.base.set(key, sealed);
+    }
+    /**
+     * Remove `key` from the base store (no-op when absent). Requires the store to be unlocked.
+     *
+     * @param key - The store key to delete.
+     * @returns A promise that resolves once the key is removed.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    async delete(key) {
+        __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_requireUnlocked).call(this);
+        await this.base.delete(key);
+    }
+    /**
+     * List base-store keys starting with `prefix`, with the reserved meta key filtered out so it never
+     * surfaces to the repository.
+     *
+     * @param prefix - The key prefix (`""` for every key).
+     * @returns The matching keys, excluding the internal `__enc__` meta record.
+     * @throws {StoreLockedError} If the store is locked.
+     */
+    async list(prefix) {
+        __classPrivateFieldGet(this, _EncryptedStore_instances, "m", _EncryptedStore_requireUnlocked).call(this);
+        const keys = await this.base.list(prefix);
+        return keys.filter((k) => k !== META_KEY);
+    }
+}
+_EncryptedStore_dek = new WeakMap(), _EncryptedStore_instances = new WeakSet(), _EncryptedStore_requireUnlocked = function _EncryptedStore_requireUnlocked() {
+    if (__classPrivateFieldGet(this, _EncryptedStore_dek, "f") === null)
+        throw new StoreLockedError();
+    return __classPrivateFieldGet(this, _EncryptedStore_dek, "f");
+}, _EncryptedStore_deriveKek = 
+/** Stretch the password + salt into a non-extractable AES-GCM KEK with wrap/unwrap usages. */
+async function _EncryptedStore_deriveKek(password, salt) {
+    const raw = await argon2idAsync(utf8(password), salt, ARGON2_PARAMS);
+    try {
+        return await crypto.subtle.importKey("raw", buf(raw), { name: "AES-GCM" }, false, [
+            "wrapKey",
+            "unwrapKey",
+        ]);
+    }
+    finally {
+        raw.fill(0); // zeroize the raw KEK bytes; the CryptoKey handle is non-extractable.
+    }
+}, _EncryptedStore_unwrapDek = 
+/** Unwrap the stored DEK under `kek` into a NON-EXTRACTABLE per-value AES-GCM key. */
+async function _EncryptedStore_unwrapDek(kek, wrapped, wrapNonce) {
+    return crypto.subtle.unwrapKey("raw", buf(wrapped), kek, { name: "AES-GCM", iv: buf(wrapNonce) }, { name: "AES-GCM", length: 256 }, false, // non-extractable: the DEK bytes can never be read back out of WebCrypto.
+    ["encrypt", "decrypt"]);
+}, _EncryptedStore_parseMeta = function _EncryptedStore_parseMeta(bytes) {
+    let meta;
+    try {
+        meta = JSON.parse(new TextDecoder().decode(bytes));
+    }
+    catch {
+        throw new Error("secure-chat: store meta record is malformed");
+    }
+    if (meta.version !== VERSION ||
+        meta.kdf !== "argon2id" ||
+        typeof meta.kdfParams?.salt !== "string" ||
+        typeof meta.wrappedDEK !== "string" ||
+        typeof meta.wrapNonce !== "string") {
+        throw new Error("secure-chat: unsupported or malformed store meta record");
+    }
+    return meta;
+};
+/**
+ * Wrap a base {@link SecureChatStore} (normally `createIndexedDBStore()`) with at-rest encryption.
+ * Returns a locked store: the app must call `unlock(password)` before mounting `<SecureChatProvider>`,
+ * and may `lock()` it on logout/idle. Values are sealed with AES-256-GCM under a DEK that is wrapped by
+ * an argon2id-derived KEK; store keys pass through in the clear (see this module's header for scope).
+ *
+ * @param base - The underlying durable store to seal/open values against.
+ * @param opts - {@link EncryptedStoreOptions} (reserved; no effect today).
+ * @returns A locked {@link EncryptedStore} — call `unlock(password)` to enable persistence.
+ *
+ * @example
+ * ```ts
+ * import { createIndexedDBStore, createEncryptedStore } from "@agora-sdk/secure-chat-react-js";
+ *
+ * const store = createEncryptedStore(createIndexedDBStore());
+ * await store.unlock(userPassword);      // first use mints the DEK; later opens unwrap it
+ * // pass `store` to <SecureChatProvider store={store} … />
+ * store.lock();                          // drop the in-memory DEK when locking the app
+ * ```
+ */
+export function createEncryptedStore(base, opts = {}) {
+    return new EncryptedStore(base, opts);
+}
+//# sourceMappingURL=encrypted-store.js.map

package/dist/esm/encrypted-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-store.js","sourceRoot":"","sources":["../../src/encrypted-store.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,EAAE;AACF,sGAAsG;AACtG,uGAAuG;AACvG,kGAAkG;AAClG,qGAAqG;AACrG,mGAAmG;AACnG,sGAAsG;AACtG,4DAA4D;AAC5D,EAAE;AACF,oGAAoG;AACpG,gGAAgG;AAChG,qGAAqG;AACrG,kGAAkG;AAClG,mFAAmF;AACnF,EAAE;AACF,+CAA+C;AAC/C,8FAA8F;AAC9F,sGAAsG;AACtG,0FAA0F;AAC1F,iGAAiG;AACjG,kGAAkG;AAClG,qEAAqE;AACrE,8FAA8F;AAC9F,wGAAwG;;;;;;;;;;;;;AAGxG,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD;;;;;;GAMG;AACH,MAAM,aAAa,GAAG,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAW,CAAC;AAEnE,sFAAsF;AACtF,MAAM,OAAO,GAAG,CAAU,CAAC;AAE3B,mFAAmF;AACnF,MAAM,QAAQ,GAAG,SAAS,CAAC;AAE3B,+CAA+C;AAC/C,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,qFAAqF;AACrF,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAExD;;;;;GAKG;AACH,MAAM,GAAG,GAAG,CAAC,KAAiB,EAAgB,EAAE,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;AAqBvE;;;;GAIG;AACH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAO,GAAG,4DAA4D;QAChF,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAQD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,OAAO,cAAc;IAIzB;;;OAGG;IACH,YACmB,IAAqB,EACtC,QAA+B,EAAE;;QADhB,SAAI,GAAJ,IAAI,CAAiB;QARxC,6EAA6E;QAC7E,8BAAyB,IAAI,EAAC;IAS3B,CAAC;IAEJ;;;;;OAKG;IACH,QAAQ;QACN,OAAO,uBAAA,IAAI,2BAAK,KAAK,IAAI,CAAC;IAC5B,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB;QAC3B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACvB,mFAAmF;YACnF,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;YAChE,MAAM,GAAG,GAAG,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,QAAQ,EAAE,IAAI,CAAC,CAAC;YAClD,gGAAgG;YAChG,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE;gBACvF,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;YACtE,MAAM,OAAO,GAAG,IAAI,UAAU,CAC5B,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CACtF,CAAC;YACF,MAAM,IAAI,GAAe;gBACvB,OAAO,EAAE,OAAO;gBAChB,GAAG,EAAE,UAAU;gBACf,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE;gBAC/F,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC;gBAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC;aAC/B,CAAC;YACF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1D,2FAA2F;YAC3F,uBAAA,IAAI,uBAAQ,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,MAAA,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,4EAA4E;QAC5E,MAAM,IAAI,GAAG,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,SAAS,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7E,IAAI,CAAC;YACH,uBAAA,IAAI,uBAAQ,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EACpB,GAAG,EACH,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAC3B,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAC3B,MAAA,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,gGAAgG;YAChG,wEAAwE;YACxE,uBAAA,IAAI,uBAAQ,IAAI,MAAA,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,IAAI;QACF,uBAAA,IAAI,uBAAQ,IAAI,MAAA,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,cAAc,CAAC,WAAmB,EAAE,WAAmB;QAC3D,IAAI,uBAAA,IAAI,2BAAK,KAAK,IAAI;YAAE,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACrD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,SAAS,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACnG,MAAM,IAAI,GAAG,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,SAAS,CAAC,CAAC;QAExC,iGAAiG;QACjG,MAAM,MAAM,GAAG,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QACnF,IAAI,WAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,kGAAkG;YAClG,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACzC,KAAK,EACL,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAChC,MAAM,EACN,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EACxD,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,IAAI,EACJ,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;QAED,4FAA4F;QAC5F,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,MAAM,uBAAA,IAAI,4DAAW,MAAf,IAAI,EAAY,WAAW,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACzE,MAAM,UAAU,GAAG,IAAI,UAAU,CAC/B,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC,CAC/F,CAAC;QACF,MAAM,OAAO,GAAe;YAC1B,OAAO,EAAE,OAAO;YAChB,GAAG,EAAE,UAAU;YACf,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE;YAClG,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC;YAChC,SAAS,EAAE,QAAQ,CAAC,YAAY,CAAC;SAClC,CAAC;QACF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,GAAG,GAAG,uBAAA,IAAI,kEAAiB,MAArB,IAAI,CAAmB,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,MAAM,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QACjC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC;QACpD,IAAI,KAAkB,CAAC;QACvB,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QACjG,CAAC;QAAC,MAAM,CAAC;YACP,wFAAwF;YACxF,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAiB;QACtC,MAAM,GAAG,GAAG,uBAAA,IAAI,kEAAiB,MAArB,IAAI,CAAmB,CAAC;QACpC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QAClE,MAAM,EAAE,GAAG,IAAI,UAAU,CACvB,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAClF,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;QACpB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,uBAAA,IAAI,kEAAiB,MAArB,IAAI,CAAmB,CAAC;QACxB,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,uBAAA,IAAI,kEAAiB,MAArB,IAAI,CAAmB,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAC5C,CAAC;CAqDF;;IAjDG,IAAI,uBAAA,IAAI,2BAAK,KAAK,IAAI;QAAE,MAAM,IAAI,gBAAgB,EAAE,CAAC;IACrD,OAAO,uBAAA,IAAI,2BAAK,CAAC;AACnB,CAAC;AAED,8FAA8F;AAC9F,KAAK,oCAAY,QAAgB,EAAE,IAAgB;IACjD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE;YAChF,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,sEAAsE;IACrF,CAAC;AACH,CAAC;AAED,sFAAsF;AACtF,KAAK,oCAAY,GAAc,EAAE,OAAmB,EAAE,SAAqB;IACzE,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAC5B,KAAK,EACL,GAAG,CAAC,OAAO,CAAC,EACZ,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,EACvC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EAAE,0EAA0E;IACjF,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;AACJ,CAAC,iEAGU,KAAiB;IAC1B,IAAI,IAAgB,CAAC;IACrB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAe,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IACE,IAAI,CAAC,OAAO,KAAK,OAAO;QACxB,IAAI,CAAC,GAAG,KAAK,UAAU;QACvB,OAAO,IAAI,CAAC,SAAS,EAAE,IAAI,KAAK,QAAQ;QACxC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;QACnC,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,EAClC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAGH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,oBAAoB,CAClC,IAAqB,EACrB,OAA8B,EAAE;IAEhC,OAAO,IAAI,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACxC,CAAC"}

package/dist/esm/index.d.ts

@@ -2,3 +2,5 @@ export * from "@agora-sdk/secure-chat-core";
 export { createWebSecureChatCrypto } from "./crypto-web.js";
 export { createIndexedDBStore } from "./indexeddb-store.js";
 export type { IndexedDBStoreOptions } from "./indexeddb-store.js";
+export { createEncryptedStore, EncryptedStore, StoreLockedError } from "./encrypted-store.js";
+export type { EncryptedStoreOptions } from "./encrypted-store.js";

package/dist/esm/index.js

@@ -6,4 +6,5 @@
 export * from "@agora-sdk/secure-chat-core";
 export { createWebSecureChatCrypto } from "./crypto-web.js";
 export { createIndexedDBStore } from "./indexeddb-store.js";
+export { createEncryptedStore, EncryptedStore, StoreLockedError } from "./encrypted-store.js";
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8CAA8C;AAE9C,cAAc,6BAA6B,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8CAA8C;AAE9C,cAAc,6BAA6B,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE5D,OAAO,EAAE,oBAAoB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agora-sdk/secure-chat-react-js",
-  "version": "0.6.4",
+  "version": "0.7.0",
   "private": false,
   "license": "Apache-2.0",
   "author": "Agora SDK Plus, maintained by Jenova Marie",
@@ -27,7 +27,7 @@
   "module": "dist/esm/index.js",
   "types": "dist/esm/index.d.ts",
   "type": "module",
-  "comment:esm-only": "ESM-only: this web binding depends on @agora-sdk/core (bundler-only, see UPSTREAM_FIX.md) and the ESM-only @agora-sdk/secure-chat-crypto/ts-mls core, so a CJS build would never load at runtime. Web/React consumers always bundle (Vite/webpack/Metro).",
+  "comment:esm-only": "ESM-only: this web binding depends on the ESM-only @agora-sdk/secure-chat-crypto/ts-mls core, so a CJS build would never load at runtime. Web/React consumers always bundle (Vite/webpack/Metro) anyway.",
   "publishConfig": {
     "access": "public"
   },
@@ -35,11 +35,12 @@
     "dist"
   ],
   "dependencies": {
-    "@agora-sdk/secure-chat-core": "0.6.4",
-    "@agora-sdk/secure-chat-crypto": "0.6.4"
+    "@noble/hashes": "2.0.1",
+    "@agora-sdk/secure-chat-core": "0.7.0",
+    "@agora-sdk/secure-chat-crypto": "0.7.0"
   },
   "peerDependencies": {
-    "@agora-sdk/core": "^1.2.2",
+    "@types/react": "^18.0.0 || ^19.0.0",
     "react": "^18.0.0 || ^19.0.0",
     "react-dom": "^18.0.0 || ^19.0.0"
   },