@bandeira-tech/b3nd-web 0.2.7 → 0.3.1

package/dist/wallet/mod.d.ts

@@ -1,7 +1,8 @@
-import { A as AuthSession, H as HealthResponse, U as UserCredentials, P as PasswordResetToken, a as UserPublicKeys, b as ProxyWriteRequest, c as ProxyWriteResponse, d as ProxyReadRequest, e as ProxyReadResponse, G as GoogleAuthSession } from '../client-B0Ekm99R.js';
-export { g as ApiResponse, C as ChangePasswordResponse, k as GoogleLoginResponse, j as GoogleSignupResponse, L as LoginResponse, h as PublicKeysResponse, R as RequestPasswordResetResponse, i as ResetPasswordResponse, S as SignupResponse, W as WalletClient, f as WalletClientConfig } from '../client-B0Ekm99R.js';
-import { N as NodeProtocolInterface } from '../types-oQCx3U-_.js';
-import { S as ServerKeys, W as WalletServerCore } from '../core-CgxQpSVM.js';
+import { A as AuthSession, H as HealthResponse, U as UserCredentials, S as SessionKeypair, P as PasswordResetToken, a as UserPublicKeys, b as ProxyWriteRequest, c as ProxyWriteResponse, d as ProxyReadRequest, e as ProxyReadResponse, f as ProxyReadMultiRequest, g as ProxyReadMultiResponse, G as GoogleAuthSession } from '../client-C4oQxiDu.js';
+export { l as ApiResponse, C as ChangePasswordResponse, q as GoogleLoginResponse, p as GoogleSignupResponse, L as LoginResponse, k as ProxyReadMultiResultItem, n as PublicKeysResponse, R as RequestPasswordResetResponse, o as ResetPasswordResponse, m as SignupResponse, W as WalletClient, j as WalletClientConfig, i as WalletClientInterface, h as generateSessionKeypair } from '../client-C4oQxiDu.js';
+import { N as NodeProtocolInterface, S as Schema } from '../types-uuvn4oKw.js';
+import { S as ServerKeys, W as WalletServerCore } from '../core-ClnuubZw.js';
+import { MemoryClient } from '../clients/memory/mod.js';
 import 'hono';
 
 /**
@@ -106,8 +107,32 @@ declare class MemoryWalletClient {
     }>;
     signup(_credentials: UserCredentials): Promise<AuthSession>;
     login(_credentials: UserCredentials): Promise<AuthSession>;
-    signupWithToken(appKey: string, tokenOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
-    loginWithTokenSession(appKey: string, tokenOrSession: string, sessionOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
+    /**
+     * Sign up with session keypair (scoped to an app)
+     *
+     * The session must be approved by the app beforehand:
+     * 1. Client writes request to: immutable://inbox/{appKey}/sessions/{sessionPubkey} = 1
+     * 2. App approves by writing: mutable://accounts/{appKey}/sessions/{sessionPubkey} = 1
+     * 3. Client calls this method with the session keypair
+     *
+     * @param appKey - The app's public key
+     * @param session - Session keypair (generated via generateSessionKeypair)
+     * @param credentials - User credentials (username/password)
+     */
+    signupWithToken(appKey: string, session: SessionKeypair, credentials: UserCredentials): Promise<AuthSession>;
+    /**
+     * Login with session keypair (scoped to an app)
+     *
+     * The session must be approved by the app beforehand:
+     * 1. Client writes request to: immutable://inbox/{appKey}/sessions/{sessionPubkey} = 1
+     * 2. App approves by writing: mutable://accounts/{appKey}/sessions/{sessionPubkey} = 1
+     * 3. Client calls this method with the session keypair
+     *
+     * @param appKey - The app's public key
+     * @param session - Session keypair (generated via generateSessionKeypair)
+     * @param credentials - User credentials (username/password)
+     */
+    loginWithTokenSession(appKey: string, session: SessionKeypair, credentials: UserCredentials): Promise<AuthSession>;
     changePassword(appKey: string, oldPassword: string, newPassword: string): Promise<void>;
     requestPasswordReset(_username: string): Promise<PasswordResetToken>;
     resetPassword(_username: string, _resetToken: string, _newPassword: string): Promise<AuthSession>;
@@ -117,8 +142,21 @@ declare class MemoryWalletClient {
     getMyPublicKeys(appKey: string): Promise<UserPublicKeys>;
     proxyWrite(request: ProxyWriteRequest): Promise<ProxyWriteResponse>;
     proxyRead(request: ProxyReadRequest): Promise<ProxyReadResponse>;
+    proxyReadMulti(request: ProxyReadMultiRequest): Promise<ProxyReadMultiResponse>;
     signupWithGoogle(appKey: string, token: string, googleIdToken: string): Promise<GoogleAuthSession>;
-    loginWithGoogle(appKey: string, token: string, session: string, googleIdToken: string): Promise<GoogleAuthSession>;
+    /**
+     * Login with Google OAuth (scoped to app token and session keypair)
+     * Returns session data with Google profile info - call setSession() to activate it
+     *
+     * The session must be approved by the app beforehand.
+     *
+     * @param appKey - The app's public key
+     * @param token - App token from app server
+     * @param session - Session keypair (generated via generateSessionKeypair)
+     * @param googleIdToken - Google ID token from Google Sign-In
+     * @returns GoogleAuthSession with username, JWT token, and Google profile info
+     */
+    loginWithGoogle(appKey: string, token: string, session: SessionKeypair, googleIdToken: string): Promise<GoogleAuthSession>;
     /**
      * Get the underlying WalletServerCore (for testing/inspection)
      */
@@ -132,4 +170,141 @@ declare class MemoryWalletClient {
     };
 }
 
-export { AuthSession, GoogleAuthSession, HealthResponse, MemoryWalletClient, type MemoryWalletClientConfig, PasswordResetToken, ProxyReadRequest, ProxyReadResponse, ProxyWriteRequest, ProxyWriteResponse, UserCredentials, UserPublicKeys, generateTestServerKeys };
+/**
+ * Test Utilities for B3nd Wallet
+ *
+ * Provides helpers for setting up test environments with shared in-memory storage.
+ *
+ * @example
+ * ```typescript
+ * import { createTestEnvironment } from "@bandeira-tech/b3nd-web/wallet";
+ *
+ * const { backend, wallet, signupTestUser, cleanup } = await createTestEnvironment();
+ *
+ * // Sign up a test user
+ * const { session, keys } = await signupTestUser("app-key", "testuser", "pass123");
+ *
+ * // Now wallet.proxyRead/proxyWrite work with the shared backend
+ * const writeResult = await wallet.proxyWrite({ uri: "mutable://data/test", data: { foo: "bar" }, encrypt: true });
+ * const readResult = await wallet.proxyRead({ uri: "mutable://data/test" });
+ * console.log(readResult.decrypted); // { foo: "bar" }
+ *
+ * // Direct backend access also works
+ * const raw = await backend.read("mutable://data/test");
+ * ```
+ */
+
+/**
+ * Test environment configuration
+ */
+interface TestEnvironmentConfig {
+    /**
+     * Custom schema for the backend.
+     * If not provided, uses createTestSchema() which accepts all writes.
+     */
+    schema?: Schema;
+    /**
+     * Custom server keys.
+     * If not provided, keys are auto-generated.
+     */
+    serverKeys?: ServerKeys;
+    /**
+     * Custom JWT secret.
+     * Defaults to a test secret.
+     */
+    jwtSecret?: string;
+}
+/**
+ * Test environment with shared backend
+ */
+interface TestEnvironment {
+    /**
+     * The shared in-memory backend storage.
+     * Use this for direct reads/writes in tests.
+     */
+    backend: MemoryClient;
+    /**
+     * The wallet client connected to the shared backend.
+     * Same API as WalletClient but runs in-memory.
+     */
+    wallet: MemoryWalletClient;
+    /**
+     * Server keys (for advanced testing)
+     */
+    serverKeys: ServerKeys;
+    /**
+     * Sign up a test user and set the session.
+     * Automatically generates and approves a session keypair for testing.
+     *
+     * @param appKey - App key for the signup
+     * @param username - Username
+     * @param password - Password
+     * @returns Session, user public keys, and the session keypair used
+     */
+    signupTestUser(appKey: string, username: string, password: string): Promise<{
+        session: AuthSession;
+        keys: UserPublicKeys;
+        sessionKeypair: SessionKeypair;
+    }>;
+    /**
+     * Login a test user and set the session.
+     * Automatically generates and approves a session keypair for testing.
+     *
+     * @param appKey - App key for the login
+     * @param username - Username
+     * @param password - Password
+     * @returns Session, user public keys, and the session keypair used
+     */
+    loginTestUser(appKey: string, username: string, password: string): Promise<{
+        session: AuthSession;
+        keys: UserPublicKeys;
+        sessionKeypair: SessionKeypair;
+    }>;
+    /**
+     * Clean up the test environment.
+     * Clears all data from the backend.
+     */
+    cleanup(): Promise<void>;
+}
+/**
+ * Create a test environment with shared in-memory backend.
+ *
+ * This sets up a MemoryClient and MemoryWalletClient that share the same storage,
+ * enabling you to test wallet operations alongside direct backend access.
+ *
+ * @param config - Optional configuration
+ * @returns Test environment with backend, wallet, and helper functions
+ *
+ * @example
+ * ```typescript
+ * // Basic usage
+ * const { backend, wallet, signupTestUser } = await createTestEnvironment();
+ * const { keys } = await signupTestUser("my-app", "alice", "password123");
+ *
+ * // Write encrypted data
+ * await wallet.proxyWrite({
+ *   uri: "mutable://data/:key/profile",
+ *   data: { name: "Alice" },
+ *   encrypt: true
+ * });
+ *
+ * // Read and decrypt
+ * const result = await wallet.proxyRead({ uri: "mutable://data/:key/profile" });
+ * console.log(result.decrypted); // { name: "Alice" }
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // With custom schema
+ * const { backend, wallet } = await createTestEnvironment({
+ *   schema: {
+ *     "mutable://myapp": async () => ({ valid: true }),
+ *     "mutable://accounts": async () => ({ valid: true }),
+ *     "immutable://accounts": async () => ({ valid: true }),
+ *   }
+ * });
+ * ```
+ */
+declare function createTestEnvironment(config?: TestEnvironmentConfig): Promise<TestEnvironment>;
+
+export { AuthSession, GoogleAuthSession, HealthResponse, MemoryWalletClient, type MemoryWalletClientConfig, PasswordResetToken, ProxyReadMultiRequest, ProxyReadMultiResponse, ProxyReadRequest, ProxyReadResponse, ProxyWriteRequest, ProxyWriteResponse, SessionKeypair, type TestEnvironment, type TestEnvironmentConfig, UserCredentials, UserPublicKeys, createTestEnvironment, generateTestServerKeys };

package/dist/wallet/mod.js

@@ -1,15 +1,19 @@
 import {
   MemoryWalletClient,
   WalletClient,
+  createTestEnvironment,
+  generateSessionKeypair,
   generateTestServerKeys
-} from "../chunk-7O4D7SF6.js";
-import "../chunk-GIMIWVPX.js";
-import "../chunk-F3W5GZU6.js";
+} from "../chunk-GWPCZVXV.js";
+import "../chunk-B4VAPGAO.js";
 import "../chunk-JN75UL5C.js";
-import "../chunk-LFUC4ETD.js";
+import "../chunk-OY4CDOHY.js";
+import "../chunk-O53KW746.js";
 import "../chunk-MLKGABMK.js";
 export {
   MemoryWalletClient,
   WalletClient,
+  createTestEnvironment,
+  generateSessionKeypair,
   generateTestServerKeys
 };

package/dist/wallet-server/adapters/browser.d.ts

@@ -1,7 +1,7 @@
-import { F as FileStorage, S as ServerKeys, W as WalletServerCore } from '../../core-CgxQpSVM.js';
-export { C as BrowserEnvironment, M as BrowserMemoryStorage } from '../../core-CgxQpSVM.js';
+import { F as FileStorage, S as ServerKeys, W as WalletServerCore } from '../../core-ClnuubZw.js';
+export { C as BrowserEnvironment, M as BrowserMemoryStorage } from '../../core-ClnuubZw.js';
 import 'hono';
-import '../../types-oQCx3U-_.js';
+import '../../types-uuvn4oKw.js';
 
 /**
  * Browser Adapter for Wallet Server

package/dist/wallet-server/adapters/browser.js

@@ -1,13 +1,13 @@
-import {
-  LocalStorageClient
-} from "../../chunk-7U5JDFQW.js";
 import {
   ConfigEnvironment,
   MemoryFileStorage,
   WalletServerCore
-} from "../../chunk-F3W5GZU6.js";
+} from "../../chunk-B4VAPGAO.js";
 import "../../chunk-JN75UL5C.js";
-import "../../chunk-LFUC4ETD.js";
+import "../../chunk-OY4CDOHY.js";
+import {
+  LocalStorageClient
+} from "../../chunk-PZFEKQ7F.js";
 import "../../chunk-MLKGABMK.js";
 
 // wallet-server/adapters/browser.ts

package/dist/wallet-server/mod.d.ts

@@ -1,6 +1,6 @@
-import { P as ProxyWriteRequest, a as ProxyWriteResponse, b as ProxyReadResponse, U as UserKeys, L as Logger, H as HttpFetch } from '../core-CgxQpSVM.js';
-export { A as AppBackendConfig, f as AuthSessionResponse, C as ConfigEnvironment, E as Environment, F as FileStorage, h as HealthResponse, M as MemoryFileStorage, g as PublicKeysResponse, R as ResolvedWalletServerConfig, e as ServerKeyPair, S as ServerKeys, i as ServerKeysResponse, c as WalletServerConfig, W as WalletServerCore, d as WalletServerDeps, j as defaultLogger } from '../core-CgxQpSVM.js';
-import { N as NodeProtocolInterface } from '../types-oQCx3U-_.js';
+import { P as ProxyWriteRequest, a as ProxyWriteResponse, b as ProxyReadResponse, U as UserKeys, L as Logger, H as HttpFetch } from '../core-ClnuubZw.js';
+export { A as AppBackendConfig, f as AuthSessionResponse, C as ConfigEnvironment, E as Environment, F as FileStorage, h as HealthResponse, M as MemoryFileStorage, g as PublicKeysResponse, R as ResolvedWalletServerConfig, e as ServerKeyPair, S as ServerKeys, i as ServerKeysResponse, c as WalletServerConfig, W as WalletServerCore, d as WalletServerDeps, j as defaultLogger } from '../core-ClnuubZw.js';
+import { N as NodeProtocolInterface } from '../types-uuvn4oKw.js';
 import { S as SignedEncryptedMessage, E as EncryptedPayload } from '../mod-CII9wqu2.js';
 import 'hono';
 
@@ -43,8 +43,11 @@ declare function extractUsernameFromJwt(token: string): string | null;
 declare function proxyWrite(proxyClient: NodeProtocolInterface, credentialClient: NodeProtocolInterface, serverPublicKey: string, username: string, serverEncryptionPrivateKeyPem: string, request: ProxyWriteRequest): Promise<ProxyWriteResponse>;
 /**
  * Proxy a read request (with optional decryption)
+ *
+ * Data encrypted with proxyWrite is encrypted with the user's encryption key,
+ * so we need to load the user's encryption key to decrypt it.
  */
-declare function proxyRead(proxyClient: NodeProtocolInterface, uri: string, serverEncryptionPrivateKeyPem?: string): Promise<ProxyReadResponse>;
+declare function proxyRead(proxyClient: NodeProtocolInterface, credentialClient: NodeProtocolInterface, serverPublicKey: string, username: string, serverEncryptionPrivateKeyPem: string, uri: string): Promise<ProxyReadResponse>;
 
 /**
  * User Key Management
@@ -140,7 +143,7 @@ declare function createUser(client: NodeProtocolInterface, serverPublicKey: stri
 /**
  * Authenticate user with password
  */
-declare function authenticateUser(client: NodeProtocolInterface, serverPublicKey: string, username: string, password: string, serverIdentityPublicKeyHex: string, serverEncryptionPrivateKeyPem: string, appScope?: string, logger?: Logger): Promise<boolean>;
+declare function authenticateUser(client: NodeProtocolInterface, serverPublicKey: string, username: string, password: string, serverEncryptionPrivateKeyPem: string, appScope?: string, logger?: Logger): Promise<boolean>;
 /**
  * Change user password
  */
@@ -190,7 +193,10 @@ interface CredentialResult {
  */
 interface BaseCredentialPayload {
     type: string;
-    session?: string;
+    /** Session public key (hex). Required for login - identifies the session. */
+    sessionPubkey?: string;
+    /** Signature of the login payload by session private key (hex). Required for login. */
+    sessionSignature?: string;
 }
 /**
  * Password credential payload

package/dist/wallet-server/mod.js

@@ -34,9 +34,9 @@ import {
   userExists,
   verifyGoogleIdToken,
   verifyJwt
-} from "../chunk-F3W5GZU6.js";
+} from "../chunk-B4VAPGAO.js";
 import "../chunk-JN75UL5C.js";
-import "../chunk-LFUC4ETD.js";
+import "../chunk-OY4CDOHY.js";
 import "../chunk-MLKGABMK.js";
 export {
   ConfigEnvironment,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bandeira-tech/b3nd-web",
-  "version": "0.2.7",
+  "version": "0.3.1",
   "description": "Browser-focused B3nd SDK bundle",
   "type": "module",
   "main": "./dist/src/mod.web.js",