npm - @cmdoss/memwal-sdk - Versions diffs - 0.7.0 → 0.8.0 - Mend

@cmdoss/memwal-sdk 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

package/README.md +129 -0
package/dist/client/ClientMemoryManager.js +2 -2
package/dist/client/ClientMemoryManager.js.map +1 -1
package/dist/client/PersonalDataWallet.d.ts.map +1 -1
package/dist/client/SimplePDWClient.d.ts +28 -0
package/dist/client/SimplePDWClient.d.ts.map +1 -1
package/dist/client/SimplePDWClient.js +29 -6
package/dist/client/SimplePDWClient.js.map +1 -1
package/dist/client/namespaces/MemoryNamespace.d.ts +4 -0
package/dist/client/namespaces/MemoryNamespace.d.ts.map +1 -1
package/dist/client/namespaces/MemoryNamespace.js +168 -39
package/dist/client/namespaces/MemoryNamespace.js.map +1 -1
package/dist/client/namespaces/consolidated/BlockchainNamespace.d.ts +12 -2
package/dist/client/namespaces/consolidated/BlockchainNamespace.d.ts.map +1 -1
package/dist/client/namespaces/consolidated/BlockchainNamespace.js +40 -2
package/dist/client/namespaces/consolidated/BlockchainNamespace.js.map +1 -1
package/dist/client/namespaces/consolidated/StorageNamespace.d.ts +67 -2
package/dist/client/namespaces/consolidated/StorageNamespace.d.ts.map +1 -1
package/dist/client/namespaces/consolidated/StorageNamespace.js +549 -16
package/dist/client/namespaces/consolidated/StorageNamespace.js.map +1 -1
package/dist/config/ConfigurationHelper.js +61 -61
package/dist/config/defaults.js +2 -2
package/dist/config/defaults.js.map +1 -1
package/dist/graph/GraphService.js +20 -20
package/dist/infrastructure/seal/EncryptionService.d.ts +9 -5
package/dist/infrastructure/seal/EncryptionService.d.ts.map +1 -1
package/dist/infrastructure/seal/EncryptionService.js +37 -15
package/dist/infrastructure/seal/EncryptionService.js.map +1 -1
package/dist/infrastructure/seal/SealService.d.ts +13 -5
package/dist/infrastructure/seal/SealService.d.ts.map +1 -1
package/dist/infrastructure/seal/SealService.js +36 -34
package/dist/infrastructure/seal/SealService.js.map +1 -1
package/dist/langchain/createPDWRAG.js +30 -30
package/dist/retrieval/MemoryDecryptionPipeline.d.ts.map +1 -1
package/dist/retrieval/MemoryDecryptionPipeline.js +2 -1
package/dist/retrieval/MemoryDecryptionPipeline.js.map +1 -1
package/dist/services/CapabilityService.d.ts.map +1 -1
package/dist/services/CapabilityService.js +30 -14
package/dist/services/CapabilityService.js.map +1 -1
package/dist/services/CrossContextPermissionService.d.ts.map +1 -1
package/dist/services/CrossContextPermissionService.js +9 -7
package/dist/services/CrossContextPermissionService.js.map +1 -1
package/dist/services/EncryptionService.d.ts.map +1 -1
package/dist/services/EncryptionService.js +6 -5
package/dist/services/EncryptionService.js.map +1 -1
package/dist/services/GeminiAIService.js +309 -309
package/dist/services/StorageService.d.ts +1 -0
package/dist/services/StorageService.d.ts.map +1 -1
package/dist/services/StorageService.js +60 -10
package/dist/services/StorageService.js.map +1 -1
package/dist/services/TransactionService.d.ts +20 -0
package/dist/services/TransactionService.d.ts.map +1 -1
package/dist/services/TransactionService.js +43 -0
package/dist/services/TransactionService.js.map +1 -1
package/dist/services/ViewService.js +2 -2
package/dist/services/ViewService.js.map +1 -1
package/package.json +1 -1
package/src/access/PermissionService.ts +635 -635
package/src/access/index.ts +8 -8
package/src/aggregation/AggregationService.ts +389 -389
package/src/aggregation/index.ts +8 -8
package/src/ai-sdk/PDWVectorStore.ts +715 -715
package/src/ai-sdk/index.ts +65 -65
package/src/ai-sdk/tools.ts +460 -460
package/src/ai-sdk/types.ts +404 -404
package/src/batch/BatchManager.ts +597 -597
package/src/batch/BatchingService.ts +429 -429
package/src/batch/MemoryProcessingCache.ts +492 -492
package/src/batch/index.ts +30 -30
package/src/browser.ts +200 -200
package/src/client/ClientMemoryManager.ts +987 -987
package/src/client/PersonalDataWallet.ts +345 -345
package/src/client/SimplePDWClient.ts +1289 -1237
package/src/client/factory.ts +154 -154
package/src/client/namespaces/AnalyticsNamespace.ts +377 -377
package/src/client/namespaces/BatchNamespace.ts +356 -356
package/src/client/namespaces/CacheNamespace.ts +123 -123
package/src/client/namespaces/CapabilityNamespace.ts +217 -217
package/src/client/namespaces/ClassifyNamespace.ts +169 -169
package/src/client/namespaces/ContextNamespace.ts +297 -297
package/src/client/namespaces/EmbeddingsNamespace.ts +99 -99
package/src/client/namespaces/EncryptionNamespace.ts +221 -221
package/src/client/namespaces/GraphNamespace.ts +468 -468
package/src/client/namespaces/IndexNamespace.ts +361 -361
package/src/client/namespaces/MemoryNamespace.ts +1422 -1272
package/src/client/namespaces/PermissionsNamespace.ts +254 -254
package/src/client/namespaces/PipelineNamespace.ts +220 -220
package/src/client/namespaces/SearchNamespace.ts +1049 -1049
package/src/client/namespaces/StorageNamespace.ts +458 -458
package/src/client/namespaces/TxNamespace.ts +260 -260
package/src/client/namespaces/WalletNamespace.ts +243 -243
package/src/client/namespaces/consolidated/AINamespace.ts +449 -449
package/src/client/namespaces/consolidated/BlockchainNamespace.ts +607 -564
package/src/client/namespaces/consolidated/SecurityNamespace.ts +648 -648
package/src/client/namespaces/consolidated/StorageNamespace.ts +1141 -497
package/src/client/namespaces/consolidated/index.ts +39 -39
package/src/client/signers/DappKitSigner.ts +207 -207
package/src/client/signers/KeypairSigner.ts +108 -108
package/src/client/signers/UnifiedSigner.ts +110 -110
package/src/client/signers/WalletAdapterSigner.ts +159 -159
package/src/client/signers/index.ts +26 -26
package/src/config/ConfigurationHelper.ts +412 -412
package/src/config/defaults.ts +51 -51
package/src/config/index.ts +8 -8
package/src/config/validation.ts +70 -70
package/src/core/index.ts +14 -14
package/src/core/interfaces/IService.ts +307 -307
package/src/core/interfaces/index.ts +8 -8
package/src/core/types/capability.ts +297 -297
package/src/core/types/index.ts +870 -870
package/src/core/types/wallet.ts +270 -270
package/src/core/types.ts +9 -9
package/src/core/wallet.ts +222 -222
package/src/embedding/index.ts +19 -19
package/src/embedding/types.ts +357 -357
package/src/errors/index.ts +602 -602
package/src/errors/recovery.ts +461 -461
package/src/errors/validation.ts +567 -567
package/src/generated/pdw/capability.ts +319 -319
package/src/generated/pdw/deps/sui/object.ts +12 -12
package/src/generated/pdw/deps/sui/vec_map.ts +32 -32
package/src/generated/pdw/memory.ts +1087 -1087
package/src/generated/pdw/wallet.ts +123 -123
package/src/generated/utils/index.ts +159 -159
package/src/graph/GraphService.ts +887 -887
package/src/graph/KnowledgeGraphManager.ts +728 -728
package/src/graph/index.ts +25 -25
package/src/index.ts +498 -498
package/src/infrastructure/index.ts +22 -22
package/src/infrastructure/seal/EncryptionService.ts +628 -603
package/src/infrastructure/seal/SealService.ts +613 -615
package/src/infrastructure/seal/index.ts +9 -9
package/src/infrastructure/sui/BlockchainManager.ts +627 -627
package/src/infrastructure/sui/SuiService.ts +888 -888
package/src/infrastructure/sui/index.ts +9 -9
package/src/infrastructure/walrus/StorageManager.ts +604 -604
package/src/infrastructure/walrus/WalrusStorageService.ts +612 -612
package/src/infrastructure/walrus/index.ts +9 -9
package/src/langchain/PDWEmbeddings.ts +145 -145
package/src/langchain/PDWVectorStore.ts +456 -456
package/src/langchain/createPDWRAG.ts +303 -303
package/src/langchain/index.ts +47 -47
package/src/permissions/ConsentRepository.browser.ts +249 -249
package/src/permissions/ConsentRepository.ts +364 -364
package/src/permissions/index.ts +9 -9
package/src/pipeline/MemoryPipeline.ts +862 -862
package/src/pipeline/PipelineManager.ts +683 -683
package/src/pipeline/index.ts +26 -26
package/src/retrieval/AdvancedSearchService.ts +629 -629
package/src/retrieval/MemoryAnalyticsService.ts +711 -711
package/src/retrieval/MemoryDecryptionPipeline.ts +825 -824
package/src/retrieval/MemoryRetrievalService.ts +904 -904
package/src/retrieval/index.ts +42 -42
package/src/services/BatchService.ts +352 -352
package/src/services/CapabilityService.ts +464 -448
package/src/services/ClassifierService.ts +465 -465
package/src/services/CrossContextPermissionService.ts +486 -484
package/src/services/EmbeddingService.ts +771 -771
package/src/services/EncryptionService.ts +712 -711
package/src/services/GeminiAIService.ts +753 -753
package/src/services/IndexManager.ts +977 -977
package/src/services/MemoryIndexService.ts +1003 -1003
package/src/services/MemoryService.ts +369 -369
package/src/services/QueryService.ts +890 -890
package/src/services/StorageService.ts +1182 -1126
package/src/services/TransactionService.ts +838 -790
package/src/services/VectorService.ts +462 -462
package/src/services/ViewService.ts +484 -484
package/src/services/index.ts +25 -25
package/src/services/storage/BlobAttributesManager.ts +333 -333
package/src/services/storage/KnowledgeGraphManager.ts +425 -425
package/src/services/storage/MemorySearchManager.ts +387 -387
package/src/services/storage/QuiltBatchManager.ts +1130 -1130
package/src/services/storage/WalrusMetadataManager.ts +268 -268
package/src/services/storage/WalrusStorageManager.ts +287 -287
package/src/services/storage/index.ts +57 -57
package/src/types/index.ts +13 -13
package/src/utils/LRUCache.ts +378 -378
package/src/utils/index.ts +76 -76
package/src/utils/memoryIndexOnChain.ts +507 -507
package/src/utils/rebuildIndex.ts +290 -290
package/src/utils/rebuildIndexNode.ts +771 -771
package/src/vector/BrowserHnswIndexService.ts +758 -758
package/src/vector/HnswWasmService.ts +731 -731
package/src/vector/IHnswService.ts +233 -233
package/src/vector/NodeHnswService.ts +833 -833
package/src/vector/VectorManager.ts +478 -478
package/src/vector/createHnswService.ts +135 -135
package/src/vector/index.ts +56 -56
package/src/wallet/ContextWalletService.ts +656 -656
package/src/wallet/MainWalletService.ts +317 -317
package/src/wallet/index.ts +17 -17

package/src/client/namespaces/EmbeddingsNamespace.ts CHANGED Viewed

@@ -1,99 +1,99 @@
-/**
- * Embeddings Namespace - Direct Embedding Operations
- *
- * Pure delegation to EmbeddingService for direct embedding access.
- * Useful for custom RAG pipelines and advanced AI integrations.
- *
- * @module client/namespaces
- */
-import type { ServiceContainer } from '../SimplePDWClient';
-/**
- * Embeddings Namespace
- *
- * Handles direct embedding generation and operations
- */
-export class EmbeddingsNamespace {
-  constructor(private services: ServiceContainer) {}
-  /**
-   * Generate embedding for single text
-   *
-   * Delegates to: EmbeddingService.embedText()
-   *
-   * @param text - Text to embed
-   * @param options - Embedding options
-   * @returns Embedding vector (3072 dimensions for Gemini)
-   */
-  async generate(text: string, options?: { type?: 'query' | 'document' }): Promise<number[]> {
-    if (!this.services.embedding) {
-      throw new Error('Embedding service not configured. Please provide geminiApiKey.');
-    }
-    const result = await this.services.embedding.embedText({ text });
-    return result.vector;
-  }
-  /**
-   * Generate embeddings for multiple texts
-   *
-   * Delegates to: EmbeddingService.embedBatch()
-   *
-   * @param texts - Array of texts
-   * @returns Array of embedding vectors
-   */
-  async batch(texts: string[]): Promise<number[][]> {
-    if (!this.services.embedding) {
-      throw new Error('Embedding service not configured.');
-    }
-    const result = await this.services.embedding.embedBatch(texts);
-    return result.vectors;
-  }
-  /**
-   * Calculate cosine similarity between two vectors
-   *
-   * Delegates to: EmbeddingService.calculateCosineSimilarity()
-   *
-   * @param vector1 - First vector
-   * @param vector2 - Second vector
-   * @returns Similarity score (0-1, higher is more similar)
-   */
-  similarity(vector1: number[], vector2: number[]): number {
-    if (!this.services.embedding) {
-      throw new Error('Embedding service not configured.');
-    }
-    return this.services.embedding.calculateCosineSimilarity(vector1, vector2);
-  }
-  /**
-   * Find most similar vectors from candidates
-   *
-   * Delegates to: EmbeddingService.findMostSimilar()
-   *
-   * @param queryVector - Query vector
-   * @param candidateVectors - Candidate vectors to compare
-   * @param k - Number of results (default: 5)
-   * @returns Top k similar vectors with scores
-   */
-  findSimilar(
-    queryVector: number[],
-    candidateVectors: number[][],
-    k: number = 5
-  ): Array<{ index: number; score: number }> {
-    if (!this.services.embedding) {
-      throw new Error('Embedding service not configured.');
-    }
-    const results = this.services.embedding.findMostSimilar(queryVector, candidateVectors, k);
-    // Adapt result format (similarity → score)
-    return results.map(r => ({
-      index: r.index,
-      score: r.similarity
-    }));
-  }
-}
+/**
+ * Embeddings Namespace - Direct Embedding Operations
+ *
+ * Pure delegation to EmbeddingService for direct embedding access.
+ * Useful for custom RAG pipelines and advanced AI integrations.
+ *
+ * @module client/namespaces
+ */
+import type { ServiceContainer } from '../SimplePDWClient';
+/**
+ * Embeddings Namespace
+ *
+ * Handles direct embedding generation and operations
+ */
+export class EmbeddingsNamespace {
+  constructor(private services: ServiceContainer) {}
+  /**
+   * Generate embedding for single text
+   *
+   * Delegates to: EmbeddingService.embedText()
+   *
+   * @param text - Text to embed
+   * @param options - Embedding options
+   * @returns Embedding vector (3072 dimensions for Gemini)
+   */
+  async generate(text: string, options?: { type?: 'query' | 'document' }): Promise<number[]> {
+    if (!this.services.embedding) {
+      throw new Error('Embedding service not configured. Please provide geminiApiKey.');
+    }
+    const result = await this.services.embedding.embedText({ text });
+    return result.vector;
+  }
+  /**
+   * Generate embeddings for multiple texts
+   *
+   * Delegates to: EmbeddingService.embedBatch()
+   *
+   * @param texts - Array of texts
+   * @returns Array of embedding vectors
+   */
+  async batch(texts: string[]): Promise<number[][]> {
+    if (!this.services.embedding) {
+      throw new Error('Embedding service not configured.');
+    }
+    const result = await this.services.embedding.embedBatch(texts);
+    return result.vectors;
+  }
+  /**
+   * Calculate cosine similarity between two vectors
+   *
+   * Delegates to: EmbeddingService.calculateCosineSimilarity()
+   *
+   * @param vector1 - First vector
+   * @param vector2 - Second vector
+   * @returns Similarity score (0-1, higher is more similar)
+   */
+  similarity(vector1: number[], vector2: number[]): number {
+    if (!this.services.embedding) {
+      throw new Error('Embedding service not configured.');
+    }
+    return this.services.embedding.calculateCosineSimilarity(vector1, vector2);
+  }
+  /**
+   * Find most similar vectors from candidates
+   *
+   * Delegates to: EmbeddingService.findMostSimilar()
+   *
+   * @param queryVector - Query vector
+   * @param candidateVectors - Candidate vectors to compare
+   * @param k - Number of results (default: 5)
+   * @returns Top k similar vectors with scores
+   */
+  findSimilar(
+    queryVector: number[],
+    candidateVectors: number[][],
+    k: number = 5
+  ): Array<{ index: number; score: number }> {
+    if (!this.services.embedding) {
+      throw new Error('Embedding service not configured.');
+    }
+    const results = this.services.embedding.findMostSimilar(queryVector, candidateVectors, k);
+    // Adapt result format (similarity → score)
+    return results.map(r => ({
+      index: r.index,
+      score: r.similarity
+    }));
+  }
+}

package/src/client/namespaces/EncryptionNamespace.ts CHANGED Viewed

@@ -1,221 +1,221 @@
-/**
- * Encryption Namespace - SEAL-based Encryption Operations
- *
- * Pure delegation to EncryptionService for SEAL encryption.
- * Provides identity-based encryption with decentralized key management.
- *
- * @module client/namespaces
- */
-import type { ServiceContainer } from '../SimplePDWClient';
-import type { SessionKey } from '@mysten/seal';
-/**
- * Encryption result
- */
-export interface EncryptionResult {
-  encryptedData: Uint8Array;
-  backupKey: Uint8Array;
-}
-/**
- * Decryption options
- */
-export interface DecryptionOptions {
-  encryptedData: Uint8Array;
-  sessionKey?: SessionKey;
-  requestingWallet?: string;
-  /** MemoryCap object ID for capability-based access control */
-  memoryCapId?: string;
-  /** SEAL key ID bytes - required with memoryCapId */
-  keyId?: Uint8Array;
-}
-/**
- * Encryption Namespace
- *
- * Handles SEAL-based encryption with identity-based access control
- */
-export class EncryptionNamespace {
-  constructor(private services: ServiceContainer) {}
-  /**
-   * Encrypt data using SEAL
-   *
-   * Delegates to: EncryptionService.encrypt()
-   *
-   * NOTE: This uses userAddress as identity. For capability pattern,
-   * use encryptWithKeyId() instead.
-   *
-   * @param data - Data to encrypt
-   * @param threshold - Min key servers required (default: 2)
-   * @returns Encrypted data and backup key
-   */
-  async encrypt(data: Uint8Array, threshold: number = 2): Promise<EncryptionResult> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured. Initialize with encryption config.');
-    }
-    const result = await this.services.encryption.encrypt(
-      data,
-      this.services.config.userAddress,
-      threshold
-    );
-    return {
-      encryptedData: result.encryptedObject,
-      backupKey: result.backupKey
-    };
-  }
-  /**
-   * Encrypt data using SEAL with capability-based key ID
-   *
-   * Use this for capability pattern where keyId = keccak256(owner || nonce)
-   * The keyId MUST match what's passed to seal_approve during decryption.
-   *
-   * @param data - Data to encrypt
-   * @param keyId - Key ID bytes (compute with computeKeyId())
-   * @param threshold - Min key servers required (default: 2)
-   * @returns Encrypted data and backup key
-   */
-  async encryptWithKeyId(data: Uint8Array, keyId: Uint8Array, threshold: number = 2): Promise<EncryptionResult> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured. Initialize with encryption config.');
-    }
-    // Convert keyId to hex string for SEAL identity
-    const keyIdHex = '0x' + Array.from(keyId).map(b => b.toString(16).padStart(2, '0')).join('');
-    console.log(`🔒 Encrypting with capability keyId: ${keyIdHex.substring(0, 20)}...`);
-    const result = await this.services.encryption.encrypt(
-      data,
-      keyIdHex,
-      threshold
-    );
-    return {
-      encryptedData: result.encryptedObject,
-      backupKey: result.backupKey
-    };
-  }
-  /**
-   * Decrypt SEAL-encrypted data
-   *
-   * Delegates to: EncryptionService.decrypt()
-   *
-   * Supports two access control patterns:
-   * 1. Capability pattern (recommended): Pass memoryCapId and keyId
-   * 2. Legacy allowlist pattern: Only requestingWallet needed
-   *
-   * @param options - Decryption options
-   * @returns Decrypted data
-   */
-  async decrypt(options: DecryptionOptions): Promise<Uint8Array> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return await this.services.encryption.decrypt({
-      encryptedContent: options.encryptedData,
-      userAddress: this.services.config.userAddress,
-      sessionKey: options.sessionKey,
-      requestingWallet: options.requestingWallet || this.services.config.userAddress,
-      memoryCapId: options.memoryCapId,
-      keyId: options.keyId
-    });
-  }
-  /**
-   * Compute SEAL key_id from owner and nonce
-   *
-   * Use this to compute the key_id needed for capability-based decryption.
-   * The nonce comes from the MemoryCap object on-chain.
-   *
-   * @param ownerAddress - Owner's Sui address
-   * @param nonce - Nonce from MemoryCap object (32 bytes)
-   * @returns key_id bytes for SEAL approval
-   */
-  computeKeyId(ownerAddress: string, nonce: Uint8Array): Uint8Array {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return this.services.encryption.computeKeyId(ownerAddress, nonce);
-  }
-  /**
-   * Create session key for SEAL operations
-   *
-   * Delegates to: EncryptionService.createSessionKey()
-   *
-   * @param signer - Optional signer (keypair or signPersonalMessage function)
-   * @returns Session key
-   */
-  async createSessionKey(signer?: {
-    signPersonalMessageFn?: (message: string) => Promise<{ signature: string }>;
-    keypair?: any;
-  }): Promise<SessionKey> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return await this.services.encryption.createSessionKey(
-      this.services.config.userAddress,
-      signer
-    );
-  }
-  /**
-   * Get or create session key (cached)
-   *
-   * Delegates to: EncryptionService.getOrCreateSessionKey()
-   *
-   * @returns Cached or new session key
-   */
-  async getSessionKey(): Promise<SessionKey> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return await this.services.encryption.getOrCreateSessionKey(
-      this.services.config.userAddress
-    );
-  }
-  /**
-   * Export session key for persistence
-   *
-   * Delegates to: EncryptionService.exportSessionKey()
-   *
-   * @param sessionKey - Session key to export
-   * @returns Serialized session key
-   */
-  async exportSessionKey(sessionKey: SessionKey): Promise<string> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return await this.services.encryption.exportSessionKey(sessionKey);
-  }
-  /**
-   * Import previously exported session key
-   *
-   * Delegates to: EncryptionService.importSessionKey()
-   *
-   * @param exportedKey - Serialized session key
-   * @returns Session key instance
-   */
-  async importSessionKey(exportedKey: string): Promise<SessionKey> {
-    if (!this.services.encryption) {
-      throw new Error('Encryption service not configured.');
-    }
-    return await this.services.encryption.importSessionKey(
-      exportedKey,
-      this.services.config.userAddress
-    );
-  }
-}
+/**
+ * Encryption Namespace - SEAL-based Encryption Operations
+ *
+ * Pure delegation to EncryptionService for SEAL encryption.
+ * Provides identity-based encryption with decentralized key management.
+ *
+ * @module client/namespaces
+ */
+import type { ServiceContainer } from '../SimplePDWClient';
+import type { SessionKey } from '@mysten/seal';
+/**
+ * Encryption result
+ */
+export interface EncryptionResult {
+  encryptedData: Uint8Array;
+  backupKey: Uint8Array;
+}
+/**
+ * Decryption options
+ */
+export interface DecryptionOptions {
+  encryptedData: Uint8Array;
+  sessionKey?: SessionKey;
+  requestingWallet?: string;
+  /** MemoryCap object ID for capability-based access control */
+  memoryCapId?: string;
+  /** SEAL key ID bytes - required with memoryCapId */
+  keyId?: Uint8Array;
+}
+/**
+ * Encryption Namespace
+ *
+ * Handles SEAL-based encryption with identity-based access control
+ */
+export class EncryptionNamespace {
+  constructor(private services: ServiceContainer) {}
+  /**
+   * Encrypt data using SEAL
+   *
+   * Delegates to: EncryptionService.encrypt()
+   *
+   * NOTE: This uses userAddress as identity. For capability pattern,
+   * use encryptWithKeyId() instead.
+   *
+   * @param data - Data to encrypt
+   * @param threshold - Min key servers required (default: 2)
+   * @returns Encrypted data and backup key
+   */
+  async encrypt(data: Uint8Array, threshold: number = 2): Promise<EncryptionResult> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured. Initialize with encryption config.');
+    }
+    const result = await this.services.encryption.encrypt(
+      data,
+      this.services.config.userAddress,
+      threshold
+    );
+    return {
+      encryptedData: result.encryptedObject,
+      backupKey: result.backupKey
+    };
+  }
+  /**
+   * Encrypt data using SEAL with capability-based key ID
+   *
+   * Use this for capability pattern where keyId = keccak256(owner || nonce)
+   * The keyId MUST match what's passed to seal_approve during decryption.
+   *
+   * @param data - Data to encrypt
+   * @param keyId - Key ID bytes (compute with computeKeyId())
+   * @param threshold - Min key servers required (default: 2)
+   * @returns Encrypted data and backup key
+   */
+  async encryptWithKeyId(data: Uint8Array, keyId: Uint8Array, threshold: number = 2): Promise<EncryptionResult> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured. Initialize with encryption config.');
+    }
+    // Convert keyId to hex string for SEAL identity
+    const keyIdHex = '0x' + Array.from(keyId).map(b => b.toString(16).padStart(2, '0')).join('');
+    console.log(`🔒 Encrypting with capability keyId: ${keyIdHex.substring(0, 20)}...`);
+    const result = await this.services.encryption.encrypt(
+      data,
+      keyIdHex,
+      threshold
+    );
+    return {
+      encryptedData: result.encryptedObject,
+      backupKey: result.backupKey
+    };
+  }
+  /**
+   * Decrypt SEAL-encrypted data
+   *
+   * Delegates to: EncryptionService.decrypt()
+   *
+   * Supports two access control patterns:
+   * 1. Capability pattern (recommended): Pass memoryCapId and keyId
+   * 2. Legacy allowlist pattern: Only requestingWallet needed
+   *
+   * @param options - Decryption options
+   * @returns Decrypted data
+   */
+  async decrypt(options: DecryptionOptions): Promise<Uint8Array> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return await this.services.encryption.decrypt({
+      encryptedContent: options.encryptedData,
+      userAddress: this.services.config.userAddress,
+      sessionKey: options.sessionKey,
+      requestingWallet: options.requestingWallet || this.services.config.userAddress,
+      memoryCapId: options.memoryCapId,
+      keyId: options.keyId
+    });
+  }
+  /**
+   * Compute SEAL key_id from owner and nonce
+   *
+   * Use this to compute the key_id needed for capability-based decryption.
+   * The nonce comes from the MemoryCap object on-chain.
+   *
+   * @param ownerAddress - Owner's Sui address
+   * @param nonce - Nonce from MemoryCap object (32 bytes)
+   * @returns key_id bytes for SEAL approval
+   */
+  computeKeyId(ownerAddress: string, nonce: Uint8Array): Uint8Array {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return this.services.encryption.computeKeyId(ownerAddress, nonce);
+  }
+  /**
+   * Create session key for SEAL operations
+   *
+   * Delegates to: EncryptionService.createSessionKey()
+   *
+   * @param signer - Optional signer (keypair or signPersonalMessage function)
+   * @returns Session key
+   */
+  async createSessionKey(signer?: {
+    signPersonalMessageFn?: (message: string) => Promise<{ signature: string }>;
+    keypair?: any;
+  }): Promise<SessionKey> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return await this.services.encryption.createSessionKey(
+      this.services.config.userAddress,
+      signer
+    );
+  }
+  /**
+   * Get or create session key (cached)
+   *
+   * Delegates to: EncryptionService.getOrCreateSessionKey()
+   *
+   * @returns Cached or new session key
+   */
+  async getSessionKey(): Promise<SessionKey> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return await this.services.encryption.getOrCreateSessionKey(
+      this.services.config.userAddress
+    );
+  }
+  /**
+   * Export session key for persistence
+   *
+   * Delegates to: EncryptionService.exportSessionKey()
+   *
+   * @param sessionKey - Session key to export
+   * @returns Serialized session key
+   */
+  async exportSessionKey(sessionKey: SessionKey): Promise<string> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return await this.services.encryption.exportSessionKey(sessionKey);
+  }
+  /**
+   * Import previously exported session key
+   *
+   * Delegates to: EncryptionService.importSessionKey()
+   *
+   * @param exportedKey - Serialized session key
+   * @returns Session key instance
+   */
+  async importSessionKey(exportedKey: string): Promise<SessionKey> {
+    if (!this.services.encryption) {
+      throw new Error('Encryption service not configured.');
+    }
+    return await this.services.encryption.importSessionKey(
+      exportedKey,
+      this.services.config.userAddress
+    );
+  }
+}