@drakkar.software/octospaces-sdk 0.1.0

package/dist/index.js

@@ -0,0 +1,1656 @@
+// src/core/config.ts
+var cfg = null;
+function configureOctoSpaces(config) {
+  if ("namespace" in config && !config.syncNamespace) {
+    throw new Error(
+      `octospaces-sdk: configureOctoSpaces received "namespace" \u2014 did you mean "syncNamespace"?`
+    );
+  }
+  const ns = (config.syncNamespace ?? "").trim();
+  if (ns !== "" && !/^[A-Za-z0-9_-]+$/.test(ns)) {
+    throw new Error(`octospaces-sdk: syncNamespace must be a bare name ([A-Za-z0-9_-]+), got "${ns}"`);
+  }
+  const sharedNs = (config.sharedSpacesNamespace ?? "").trim();
+  if (sharedNs !== "" && !/^[A-Za-z0-9_-]+$/.test(sharedNs)) {
+    throw new Error(`octospaces-sdk: sharedSpacesNamespace must be a bare name ([A-Za-z0-9_-]+), got "${sharedNs}"`);
+  }
+  cfg = {
+    ...config,
+    syncNamespace: ns || void 0,
+    sharedSpacesNamespace: sharedNs || void 0
+  };
+}
+function req() {
+  if (!cfg) throw new Error("octospaces-sdk: configureOctoSpaces() not called \u2014 wire it at app boot.");
+  return cfg;
+}
+var getSyncBase = () => req().syncBase;
+var getSyncNamespace = () => req().syncNamespace;
+var getSyncPrefix = () => {
+  const ns = req().syncNamespace;
+  return ns ? `/v1/${ns}` : "";
+};
+var getSharedSpacesNamespace = () => cfg?.sharedSpacesNamespace;
+var getOnServerReachable = () => cfg?.onServerReachable;
+
+// src/core/adapters.ts
+var kv = null;
+function configureKv(adapter) {
+  kv = adapter;
+}
+function getKv() {
+  if (!kv) throw new Error("octospaces-sdk: configureKv() not called \u2014 wire it at app boot.");
+  return kv;
+}
+var kvGet = (key2) => getKv().get(key2);
+var kvSet = (key2, value) => getKv().set(key2, value);
+var kvRemove = (key2) => getKv().remove(key2);
+
+// src/core/ids.ts
+function randomId() {
+  const bytes = new Uint8Array(16);
+  globalThis.crypto.getRandomValues(bytes);
+  let s = "";
+  for (const b of bytes) s += b.toString(16).padStart(2, "0");
+  return s;
+}
+function roomSlug(name) {
+  return name.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40) || "room";
+}
+
+// src/sync/paths.ts
+var pull = (rest) => `/pull/${rest}`;
+var push = (rest) => `/push/${rest}`;
+var spaceIdFromRoomId = (roomId) => roomId.split("-").slice(0, 2).join("-");
+var keyringName = (spaceId) => `spaces/${spaceId}`;
+var keyringPull = (spaceId) => pull(`${keyringName(spaceId)}/_keyring`);
+var keyringPush = (spaceId) => push(`${keyringName(spaceId)}/_keyring`);
+var attachmentName = (roomId, blobId) => `spaces/${spaceIdFromRoomId(roomId)}/attachments/${roomId}/${blobId}`;
+var attachmentPull = (roomId, blobId) => pull(attachmentName(roomId, blobId));
+var attachmentPush = (roomId, blobId) => push(attachmentName(roomId, blobId));
+var profilePull = (userId) => pull(`user/${userId}/profile`);
+var profilePush = (userId) => push(`user/${userId}/profile`);
+var spacesPull = (userId) => pull(`user/${userId}/_spaces`);
+var spacesPush = (userId) => push(`user/${userId}/_spaces`);
+var roomsRegistryPull = (spaceId) => pull(`spaces/${spaceId}/_rooms`);
+var roomsRegistryPush = (spaceId) => push(`spaces/${spaceId}/_rooms`);
+var objIndexName = (spaceId) => `spaces/${spaceId}/objects/_index`;
+var objIndexPull = (spaceId) => pull(objIndexName(spaceId));
+var objIndexPush = (spaceId) => push(objIndexName(spaceId));
+var objLogName = (spaceId, objectId) => `spaces/${spaceId}/objects/logs/${objectId}`;
+var objLogPull = (spaceId, objectId) => pull(objLogName(spaceId, objectId));
+var objLogPush = (spaceId, objectId) => push(objLogName(spaceId, objectId));
+var objDocName = (spaceId, objectId) => `spaces/${spaceId}/objects/docs/${objectId}`;
+var objDocPull = (spaceId, objectId) => pull(objDocName(spaceId, objectId));
+var objDocPush = (spaceId, objectId) => push(objDocName(spaceId, objectId));
+var objectBlobName = (spaceId, blobId) => `spaces/${spaceId}/objects/blobs/${blobId}`;
+var objectBlobPull = (spaceId, blobId) => pull(objectBlobName(spaceId, blobId));
+var objectBlobPush = (spaceId, blobId) => push(objectBlobName(spaceId, blobId));
+var typesIndexName = (spaceId) => `spaces/${spaceId}/types/_index`;
+var typesIndexPull = (spaceId) => pull(typesIndexName(spaceId));
+var typesIndexPush = (spaceId) => push(typesIndexName(spaceId));
+var spaceIndexName = (shard) => `_index/spaces/${shard}`;
+var spaceIndexPull = (shard) => pull(spaceIndexName(shard));
+var OBJECT_COLLECTIONS = [
+  "keyring",
+  "objindex",
+  "objlog",
+  "objsnap",
+  "objdoc",
+  "objblob",
+  "typeindex"
+];
+function ownerScope() {
+  return {
+    ops: ["read", "list", "write"],
+    collections: OBJECT_COLLECTIONS,
+    paths: ["spaces/**"]
+  };
+}
+function spaceMemberScope(spaceId, canWrite) {
+  const ops = canWrite ? ["read", "list", "write"] : ["read", "list"];
+  return {
+    ops,
+    collections: OBJECT_COLLECTIONS,
+    paths: [`spaces/${spaceId}/**`]
+  };
+}
+function accountScope(userId) {
+  return {
+    ops: ["read", "list", "write"],
+    collections: ["profile", "devices", "spaces", "rooms"],
+    paths: [
+      `user/${userId}/profile`,
+      `users/${userId}/_devices`,
+      `user/${userId}/_spaces`,
+      "spaces/**"
+    ]
+  };
+}
+function linkedDeviceScope(userId) {
+  return {
+    ops: ["read", "list", "write"],
+    collections: [...OBJECT_COLLECTIONS, "profile", "devices", "spaces", "rooms"],
+    paths: [
+      "spaces/**",
+      `user/${userId}/profile`,
+      `users/${userId}/_devices`,
+      `user/${userId}/_spaces`
+    ]
+  };
+}
+function bytesToHex(b) {
+  let s = "";
+  for (const x of b) s += x.toString(16).padStart(2, "0");
+  return s;
+}
+async function userIdFromEdPub(edPubHex) {
+  const bytes = new Uint8Array(edPubHex.length / 2);
+  for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(edPubHex.slice(i * 2, i * 2 + 2), 16);
+  const digest = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+  return bytesToHex(new Uint8Array(digest)).slice(0, 32);
+}
+
+// src/sync/client.ts
+import { StarfishClient } from "@drakkar.software/starfish-client";
+import { createKeyring, createKeyringEncryptor } from "@drakkar.software/starfish-keyring";
+import { signRequest, stableStringify } from "@drakkar.software/starfish-protocol";
+
+// src/sync/fetch-timeout.ts
+var CONNECT_TIMEOUT_MS = 12e3;
+function fetchWithTimeout(timeoutMs = CONNECT_TIMEOUT_MS) {
+  return (input, init) => {
+    const ctrl = new AbortController();
+    const timer = setTimeout(() => ctrl.abort(), timeoutMs);
+    const caller = init?.signal;
+    if (caller) {
+      if (caller.aborted) ctrl.abort();
+      else caller.addEventListener("abort", () => ctrl.abort(), { once: true });
+    }
+    return fetch(input, { ...init, signal: ctrl.signal }).finally(() => clearTimeout(timer));
+  };
+}
+
+// src/sync/pull-cache.ts
+var PREFIX = "octospaces.pullcache.";
+var PULL_CACHE_MAX_AGE_MS = 30 * 24 * 60 * 60 * 1e3;
+var shared;
+function pullCache() {
+  return shared ?? (shared = {
+    get: (key2) => kvGet(PREFIX + key2),
+    set: (key2, value) => kvSet(PREFIX + key2, value)
+  });
+}
+
+// src/sync/profile-cache.ts
+var key = (userId) => `octospaces.profile.v1.${userId}`;
+function cacheProfile(userId, profile) {
+  void kvSet(key(userId), JSON.stringify(profile)).catch(() => {
+  });
+}
+async function loadCachedProfile(userId) {
+  try {
+    const raw = await kvGet(key(userId));
+    if (!raw) return null;
+    const d = JSON.parse(raw);
+    return {
+      pseudo: typeof d.pseudo === "string" ? d.pseudo : null,
+      avatar: typeof d.avatar === "string" ? d.avatar : null,
+      edPub: typeof d.edPub === "string" ? d.edPub : null,
+      kemPub: typeof d.kemPub === "string" ? d.kemPub : null
+    };
+  } catch {
+    return null;
+  }
+}
+
+// src/core/space-access-error.ts
+var SpaceAccessError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SpaceAccessError";
+  }
+};
+
+// src/sync/client.ts
+function capProviderFor(cap, devEdPrivHex) {
+  return {
+    async getCap() {
+      return { cap, devEdPrivHex };
+    }
+  };
+}
+function makeClient(cap, devEdPrivHex, namespaceOverride) {
+  return new StarfishClient({
+    baseUrl: getSyncBase(),
+    namespace: namespaceOverride ?? getSyncNamespace(),
+    capProvider: capProviderFor(cap, devEdPrivHex),
+    fetch: fetchWithTimeout(),
+    cache: pullCache(),
+    cacheMaxAgeMs: PULL_CACHE_MAX_AGE_MS,
+    cacheFallbackStatuses: [429, 500, 502, 503, 504],
+    onRevalidated: () => getOnServerReachable()?.()
+  });
+}
+async function openEncryptor(client, keys, spaceId, trustedAdders) {
+  const res = await client.pull(keyringPull(spaceId)).catch(() => {
+    throw new Error("Could not reach the server to fetch space keys.");
+  });
+  const keyring = res?.data;
+  if (!keyring || !keyring.epochs) {
+    throw new SpaceAccessError("This space has no keyring yet \u2014 ask the owner to open it first.");
+  }
+  try {
+    const enc = await createKeyringEncryptor(
+      keyring,
+      { kemPubHex: keys.kemPub, kemPrivHex: keys.kemPriv },
+      { trustedAdders }
+    );
+    return enc;
+  } catch {
+    throw new SpaceAccessError("You're not a recipient of this space's keyring yet \u2014 ask the owner to re-invite.");
+  }
+}
+async function buildEncryptor(client, keys, spaceId, trustedAdders) {
+  try {
+    return await openEncryptor(client, keys, spaceId, trustedAdders);
+  } catch {
+    return null;
+  }
+}
+async function ownerEnsureKeyring(client, keys, spaceId, trustedAdders = [keys.edPub]) {
+  const krRes = await client.pull(keyringPull(spaceId)).catch(() => null);
+  let keyring = krRes?.data;
+  if (!keyring || !keyring.epochs) {
+    const created = await createKeyring({ edPrivHex: keys.edPriv, edPubHex: keys.edPub }, [
+      { subKemHex: keys.kemPub }
+    ]);
+    keyring = created.keyring;
+    await client.push(keyringPush(spaceId), keyring, krRes?.hash ?? null);
+  }
+  const enc = await createKeyringEncryptor(
+    keyring,
+    { kemPubHex: keys.kemPub, kemPrivHex: keys.kemPriv },
+    { trustedAdders }
+  );
+  return enc;
+}
+async function readProfile(userId) {
+  try {
+    const r = await fetchWithTimeout()(`${getSyncBase()}${getSyncPrefix()}${profilePull(userId)}`);
+    if (!r.ok) return { pseudo: null, avatar: null, edPub: null, kemPub: null };
+    const body = await r.json();
+    const data = body?.data;
+    const profile = {
+      pseudo: typeof data?.pseudo === "string" ? data.pseudo : null,
+      avatar: typeof data?.avatar === "string" ? data.avatar : null,
+      edPub: typeof data?.edPub === "string" ? data.edPub : null,
+      kemPub: typeof data?.kemPub === "string" ? data.kemPub : null
+    };
+    cacheProfile(userId, profile);
+    return profile;
+  } catch {
+    return await loadCachedProfile(userId) ?? { pseudo: null, avatar: null, edPub: null, kemPub: null };
+  }
+}
+async function readPseudo(userId) {
+  return (await readProfile(userId)).pseudo;
+}
+var profileBatchClient;
+function getProfileBatchClient() {
+  if (!profileBatchClient) {
+    profileBatchClient = new StarfishClient({ baseUrl: getSyncBase(), namespace: getSyncNamespace(), fetch: fetchWithTimeout() });
+  }
+  return profileBatchClient;
+}
+var PROFILE_BATCH_CHUNK = 24;
+async function readProfiles(ids) {
+  const out = /* @__PURE__ */ new Map();
+  const client = getProfileBatchClient();
+  for (let i = 0; i < ids.length; i += PROFILE_BATCH_CHUNK) {
+    const chunk = ids.slice(i, i + PROFILE_BATCH_CHUNK);
+    let entries;
+    try {
+      entries = await client.batchPullMany("profile", chunk.map((id) => ({ identity: id })));
+    } catch {
+      for (const id of chunk) {
+        const cached = await loadCachedProfile(id);
+        if (cached) out.set(id, cached);
+      }
+      continue;
+    }
+    chunk.forEach((id, j) => {
+      const entry = entries[j];
+      if (!entry || entry.error) return;
+      const data = entry.data ?? null;
+      const profile = {
+        pseudo: typeof data?.pseudo === "string" ? data.pseudo : null,
+        avatar: typeof data?.avatar === "string" ? data.avatar : null,
+        edPub: typeof data?.edPub === "string" ? data.edPub : null,
+        kemPub: typeof data?.kemPub === "string" ? data.kemPub : null
+      };
+      cacheProfile(id, profile);
+      out.set(id, profile);
+    });
+  }
+  return out;
+}
+async function writeProfile(client, userId, patch) {
+  const current = await client.pull(profilePull(userId)).catch(() => null);
+  const base = current?.data ?? {};
+  const next = { ...base, ...patch, v: 1 };
+  if (next.avatar == null) delete next.avatar;
+  await client.push(profilePush(userId), next, current?.hash ?? null);
+}
+async function writePseudo(client, userId, pseudo) {
+  await writeProfile(client, userId, { pseudo });
+}
+async function ensureProfileKeys(client, userId, keys) {
+  let confirmedAbsent = false;
+  try {
+    const r = await fetchWithTimeout()(`${getSyncBase()}${getSyncPrefix()}${profilePull(userId)}`);
+    if (r.status === 404) confirmedAbsent = true;
+    else if (r.ok) {
+      const body = await r.json();
+      const data = body?.data;
+      confirmedAbsent = !(typeof data?.edPub === "string" && typeof data?.kemPub === "string");
+    } else return;
+  } catch {
+    return;
+  }
+  if (!confirmedAbsent) return;
+  await writeProfile(client, userId, { edPub: keys.edPub, kemPub: keys.kemPub });
+}
+async function buildAuthHeaders(cap, devEdPrivHex, method, pathAndQuery) {
+  let host = "";
+  try {
+    host = new URL(getSyncBase()).host;
+  } catch {
+  }
+  const { sig, ts, nonce } = await signRequest(
+    { method, pathAndQuery, host },
+    devEdPrivHex
+  );
+  const capJson = stableStringify(cap);
+  const capB64 = typeof btoa === "function" ? btoa(capJson) : Buffer.from(capJson, "utf-8").toString("base64");
+  return {
+    Authorization: `Cap ${capB64}`,
+    "X-Starfish-Sig": sig,
+    "X-Starfish-Ts": String(ts),
+    "X-Starfish-Nonce": nonce
+  };
+}
+async function readOwnPseudo(userId) {
+  try {
+    const r = await fetchWithTimeout()(`${getSyncBase()}${getSyncPrefix()}${profilePull(userId)}`);
+    if (r.status === 404) return { read: true, pseudo: null };
+    if (!r.ok) return { read: false, pseudo: null };
+    const body = await r.json();
+    const data = body?.data;
+    return { read: true, pseudo: typeof data?.pseudo === "string" ? data.pseudo : null };
+  } catch {
+    return { read: false, pseudo: null };
+  }
+}
+async function ensurePseudo(client, userId, fallback) {
+  const { read, pseudo } = await readOwnPseudo(userId);
+  if (pseudo && pseudo.trim()) return pseudo;
+  if (!read) return fallback;
+  await writeProfile(client, userId, { pseudo: fallback });
+  return fallback;
+}
+
+// src/sync/identity.ts
+import { generateMnemonic, validateMnemonic } from "@scure/bip39";
+import { wordlist } from "@scure/bip39/wordlists/english.js";
+import { bootstrapRootIdentity, mintDeviceCap } from "@drakkar.software/starfish-identities";
+function ownerTrustedAdders(session) {
+  return session.ownerEdPub === session.keys.edPub ? [session.keys.edPub] : [session.ownerEdPub, session.keys.edPub];
+}
+function generateSeedWords() {
+  return generateMnemonic(wordlist, 128).split(" ");
+}
+function isValidSeed(words) {
+  return validateMnemonic(words.join(" ").trim(), wordlist);
+}
+function fingerprintFromUserId(userId) {
+  const h = userId.replace(/[^0-9a-f]/gi, "").toUpperCase();
+  return [h.slice(0, 4), h.slice(4, 8), h.slice(8, 12)].filter(Boolean).join(" \xB7 ");
+}
+async function buildSession({ userId, keys }, name) {
+  const fallback = name && name.trim() ? name.trim() : `user-${userId.slice(0, 6)}`;
+  const sub = { edPubHex: keys.edPub, kemPubHex: keys.kemPub };
+  const chatCap = await mintDeviceCap(keys.edPriv, keys.edPub, sub, ownerScope());
+  const accountCap = await mintDeviceCap(keys.edPriv, keys.edPub, sub, accountScope(userId));
+  const chatClient = makeClient(chatCap, keys.edPriv);
+  const accountClient = makeClient(accountCap, keys.edPriv);
+  const sharedNs = getSharedSpacesNamespace();
+  const spacesRegistryClient = sharedNs ? makeClient(accountCap, keys.edPriv, sharedNs) : accountClient;
+  const spacesKeyringClient = sharedNs ? makeClient(chatCap, keys.edPriv, sharedNs) : chatClient;
+  const displayName = await ensurePseudo(accountClient, userId, fallback).catch(() => fallback);
+  void ensureProfileKeys(accountClient, userId, keys).catch(() => {
+  });
+  return {
+    userId,
+    name: displayName,
+    keys,
+    chatCap,
+    accountCap,
+    chatClient,
+    accountClient,
+    spacesRegistryClient,
+    spacesKeyringClient,
+    fingerprint: fingerprintFromUserId(userId),
+    ownerEdPub: keys.edPub
+  };
+}
+async function buildLinkedSession({ userId, keys, capCert }, name) {
+  const fallback = name && name.trim() ? name.trim() : `user-${userId.slice(0, 6)}`;
+  const chatClient = makeClient(capCert, keys.edPriv);
+  const accountClient = makeClient(capCert, keys.edPriv);
+  const sharedNs = getSharedSpacesNamespace();
+  const spacesRegistryClient = sharedNs ? makeClient(capCert, keys.edPriv, sharedNs) : accountClient;
+  const spacesKeyringClient = sharedNs ? makeClient(capCert, keys.edPriv, sharedNs) : chatClient;
+  const displayName = await ensurePseudo(accountClient, userId, fallback).catch(() => fallback);
+  return {
+    userId,
+    name: displayName,
+    keys,
+    chatCap: capCert,
+    accountCap: capCert,
+    chatClient,
+    accountClient,
+    spacesRegistryClient,
+    spacesKeyringClient,
+    fingerprint: fingerprintFromUserId(userId),
+    ownerEdPub: capCert.iss
+  };
+}
+async function deriveSession(seedWords, name) {
+  const passphrase = seedWords.join(" ").trim();
+  const creds = await bootstrapRootIdentity(passphrase);
+  return buildSession({ userId: creds.userId, keys: creds.device }, name);
+}
+function rootIdentityOf(s) {
+  return { userId: s.userId, keys: s.keys };
+}
+
+// src/sync/account-seal.ts
+import {
+  bytesToHex as bytesToHex2,
+  hexToBytes,
+  unwrapFromEntry,
+  verifyEntrySignature,
+  wrapForRecipient
+} from "@drakkar.software/starfish-keyring";
+var SELF_EPOCH = 0;
+var subtle = () => globalThis.crypto.subtle;
+async function seal(session, recipientKemPub, plaintext) {
+  const cek = globalThis.crypto.getRandomValues(new Uint8Array(32));
+  const entry = await wrapForRecipient(cek, recipientKemPub, {
+    adderEdPrivHex: session.keys.edPriv,
+    adderEdPubHex: session.keys.edPub,
+    addedAt: Math.floor(Date.now() / 1e3),
+    epoch: SELF_EPOCH
+  });
+  const iv = globalThis.crypto.getRandomValues(new Uint8Array(12));
+  const key2 = await subtle().importKey("raw", cek, { name: "AES-GCM" }, false, ["encrypt"]);
+  const ctBuf = await subtle().encrypt({ name: "AES-GCM", iv }, key2, new TextEncoder().encode(plaintext));
+  const packed = new Uint8Array(iv.length + ctBuf.byteLength);
+  packed.set(iv, 0);
+  packed.set(new Uint8Array(ctBuf), iv.length);
+  return { entry, ct: bytesToHex2(packed) };
+}
+async function open(session, blob) {
+  const cek = await unwrapFromEntry(blob.entry, session.keys.kemPriv);
+  const packed = hexToBytes(blob.ct);
+  const iv = new Uint8Array(packed.subarray(0, 12));
+  const ctBytes = new Uint8Array(packed.subarray(12));
+  const key2 = await subtle().importKey("raw", new Uint8Array(cek), { name: "AES-GCM" }, false, ["decrypt"]);
+  const out = await subtle().decrypt({ name: "AES-GCM", iv }, key2, ctBytes);
+  return new TextDecoder().decode(out);
+}
+function sealToSelf(session, plaintext) {
+  return seal(session, session.keys.kemPub, plaintext);
+}
+async function unsealFromSelf(session, blob) {
+  if (blob.entry.addedBy !== session.keys.edPub) throw new Error("sealed blob not self-signed");
+  if (!await verifyEntrySignature(blob.entry, SELF_EPOCH)) throw new Error("sealed blob signature invalid");
+  return open(session, blob);
+}
+function sealToRecipient(session, recipientKemPub, plaintext) {
+  return seal(session, recipientKemPub, plaintext);
+}
+async function unsealFromRecipient(session, blob) {
+  if (!await verifyEntrySignature(blob.entry, SELF_EPOCH)) throw new Error("sealed blob signature invalid");
+  return open(session, blob);
+}
+
+// src/sync/space-access-store.ts
+var keyFor = (userId) => `octospaces.spaceaccess.${userId}`;
+var cache = {};
+var activeKey = null;
+async function hydrateSpaceAccessStore(userId, serverCaps, serverLinkAccess) {
+  const key2 = keyFor(userId);
+  if (activeKey === key2) return;
+  activeKey = key2;
+  cache = {};
+  const raw = await kvGet(key2);
+  if (raw) {
+    try {
+      cache = JSON.parse(raw);
+    } catch (e) {
+      console.error("[octospaces] space-access-store: corrupt cache, resetting:", e);
+      cache = {};
+    }
+  }
+  let changed = false;
+  for (const [spaceId, capJson] of Object.entries(serverCaps)) {
+    cache[spaceId] = { kind: "member", cap: capJson };
+    changed = true;
+  }
+  for (const [spaceId, access] of Object.entries(serverLinkAccess)) {
+    cache[spaceId] = { kind: "link", cap: access.cap, key: access.key, write: access.write };
+    changed = true;
+  }
+  if (changed) await kvSet(key2, JSON.stringify(cache));
+}
+function persist() {
+  if (activeKey) void kvSet(activeKey, JSON.stringify(cache));
+}
+function getSpaceAccessEntry(spaceId) {
+  return cache[spaceId] ?? null;
+}
+function saveSpaceAccessEntry(spaceId, entry) {
+  cache = { ...cache, [spaceId]: entry };
+  persist();
+}
+function removeSpaceAccessEntry(spaceId) {
+  if (!(spaceId in cache)) return;
+  const next = { ...cache };
+  delete next[spaceId];
+  cache = next;
+  persist();
+}
+function localSpaceAccessEntries() {
+  return cache;
+}
+function memberCapsFromStore() {
+  const out = {};
+  for (const [id, e] of Object.entries(cache)) if (e.kind === "member") out[id] = e.cap;
+  return out;
+}
+function linkAccessFromStore() {
+  const out = {};
+  for (const [id, e] of Object.entries(cache)) {
+    if (e.kind === "link") out[id] = { cap: e.cap, key: e.key, write: e.write };
+  }
+  return out;
+}
+function clearSpaceAccessStore() {
+  cache = {};
+  activeKey = null;
+}
+
+// src/sync/space-access.ts
+var cache2 = /* @__PURE__ */ new Map();
+function clearSpaceAccessCache() {
+  cache2.clear();
+}
+function getSpaceAccess(spaceId, session, reg) {
+  const hit = cache2.get(spaceId);
+  if (hit) return hit;
+  const p = (async () => {
+    const entry = getSpaceAccessEntry(spaceId);
+    if (entry?.kind === "link") {
+      const cap = entry.cap;
+      const client = makeClient(cap, entry.key);
+      return { encryptor: null, client, isOwnerOpen: false };
+    }
+    if (entry?.kind === "member") {
+      const cap = JSON.parse(entry.cap);
+      const client = makeClient(cap, session.keys.edPriv);
+      const encryptor2 = await openEncryptor(client, session.keys, spaceId, cap.iss ? [cap.iss] : []);
+      return { encryptor: encryptor2, client, isOwnerOpen: false };
+    }
+    const visibility = reg?.visibility;
+    if (visibility === "public") {
+      return { encryptor: null, client: session.chatClient, isOwnerOpen: reg.owner === session.userId };
+    }
+    const owner = reg?.owner ?? null;
+    const members = reg?.members ?? [];
+    if (owner !== null && owner !== session.userId) {
+      throw new SpaceAccessError(
+        members.includes(session.userId) ? "You're a member of this space, but its key isn't on this device yet \u2014 reconnect, or ask the owner to re-invite." : "You don't have access to this space."
+      );
+    }
+    const encryptor = await ownerEnsureKeyring(
+      session.chatClient,
+      session.keys,
+      spaceId,
+      ownerTrustedAdders(session)
+    );
+    return { encryptor, client: session.chatClient, isOwnerOpen: true };
+  })();
+  cache2.set(spaceId, p);
+  p.catch(() => cache2.delete(spaceId));
+  return p;
+}
+async function buildSpaceAccess(session, spaceId, hint) {
+  const entry = getSpaceAccessEntry(spaceId);
+  if (entry?.kind === "link") {
+    const client2 = makeClient(entry.cap, entry.key);
+    return { client: client2, encryptor: null };
+  }
+  let client = session.chatClient;
+  let trustedAdders = ownerTrustedAdders(session);
+  if (entry?.kind === "member") {
+    const cap = JSON.parse(entry.cap);
+    client = makeClient(cap, session.keys.edPriv);
+    if (cap.iss) trustedAdders = [cap.iss];
+    const encryptor2 = await buildEncryptor(client, session.keys, spaceId, trustedAdders);
+    return encryptor2 ? { client, encryptor: encryptor2 } : null;
+  }
+  if (hint?.visibility === "public") {
+    return { client, encryptor: null };
+  }
+  const encryptor = await buildEncryptor(client, session.keys, spaceId, trustedAdders);
+  return encryptor ? { client, encryptor } : null;
+}
+
+// src/spaces/registry.ts
+import { ConflictError as ConflictError2, StarfishHttpError } from "@drakkar.software/starfish-client";
+
+// src/objects/objects.ts
+var DEFAULT_CATEGORY = "CHANNELS";
+var categoryId = (name) => `cat-${roomSlug(name) || randomId()}`;
+function roomKindToSubtype(kind) {
+  switch (kind) {
+    case "dm":
+      return "dm";
+    case "automated":
+      return "automation";
+    default:
+      return "channel";
+  }
+}
+function subtypeToRoomKind(subtype) {
+  switch (subtype) {
+    case "dm":
+      return "dm";
+    case "automation":
+      return "automated";
+    default:
+      return "channel";
+  }
+}
+function compareSiblings(a, b) {
+  if (a.order !== b.order) return a.order - b.order;
+  return a.id < b.id ? -1 : a.id > b.id ? 1 : 0;
+}
+function nextOrder(siblings) {
+  let max = 0;
+  for (const s of siblings) if (s.order > max) max = s.order;
+  return max + 1;
+}
+function buildTree(nodes, includeArchived = false) {
+  const live = includeArchived ? nodes : nodes.filter((n) => !n.archived);
+  const byId = new Map(live.map((n) => [n.id, n]));
+  const effectiveParent = (n) => {
+    if (n.parentId == null) return null;
+    if (!byId.has(n.parentId)) return null;
+    const seen = /* @__PURE__ */ new Set([n.id]);
+    let cur = n.parentId;
+    while (cur != null) {
+      if (seen.has(cur)) return null;
+      seen.add(cur);
+      const parent = byId.get(cur);
+      if (!parent) return null;
+      cur = parent.parentId;
+    }
+    return n.parentId;
+  };
+  const childrenOf = /* @__PURE__ */ new Map();
+  for (const n of live) {
+    const p = effectiveParent(n);
+    const bucket = childrenOf.get(p) ?? [];
+    bucket.push(n);
+    childrenOf.set(p, bucket);
+  }
+  function attach(parent, depth) {
+    return (childrenOf.get(parent) ?? []).slice().sort(compareSiblings).map((n) => ({ ...n, depth, children: attach(n.id, depth + 1) }));
+  }
+  return attach(null, 0);
+}
+function breadcrumbs(nodes, id) {
+  const byId = new Map(nodes.map((n) => [n.id, n]));
+  const trail = [];
+  const seen = /* @__PURE__ */ new Set();
+  let cur = id;
+  while (cur != null && byId.has(cur) && !seen.has(cur)) {
+    seen.add(cur);
+    const node = byId.get(cur);
+    trail.unshift(node);
+    cur = node.parentId;
+  }
+  return trail;
+}
+function ancestors(nodes, id) {
+  return breadcrumbs(nodes, id).slice(0, -1);
+}
+function subtreeIds(nodes, rootId) {
+  const childrenOf = /* @__PURE__ */ new Map();
+  for (const n of nodes) {
+    const bucket = childrenOf.get(n.parentId) ?? [];
+    bucket.push(n.id);
+    childrenOf.set(n.parentId, bucket);
+  }
+  const out = /* @__PURE__ */ new Set();
+  const walk = (id) => {
+    if (out.has(id)) return;
+    out.add(id);
+    for (const child of childrenOf.get(id) ?? []) walk(child);
+  };
+  walk(rootId);
+  return out;
+}
+function addObject(nodes, input, now) {
+  const parentId = input.parentId ?? null;
+  const siblings = nodes.filter((n) => n.parentId === parentId);
+  const node = {
+    id: input.id ?? `obj-${randomId()}`,
+    type: input.type,
+    ...input.subtype ? { subtype: input.subtype } : {},
+    parentId,
+    order: nextOrder(siblings),
+    title: input.title,
+    ...input.emoji ? { emoji: input.emoji } : {},
+    updatedAt: now,
+    ...input.automation ? { automation: input.automation } : {}
+  };
+  return { nodes: [...nodes, node], node };
+}
+function patchObject(nodes, id, patch, now) {
+  return nodes.map((n) => n.id === id ? { ...n, ...patch, updatedAt: now } : n);
+}
+function reparentObject(nodes, id, parentId, now) {
+  if (id === parentId) return nodes;
+  if (parentId != null && subtreeIds(nodes, id).has(parentId)) return nodes;
+  const siblings = nodes.filter((n) => n.parentId === parentId && n.id !== id);
+  return nodes.map((n) => n.id === id ? { ...n, parentId, order: nextOrder(siblings), updatedAt: now } : n);
+}
+function reorderObjects(nodes, orderById, now) {
+  return nodes.map((n) => n.id in orderById ? { ...n, order: orderById[n.id], updatedAt: now } : n);
+}
+function archiveObject(nodes, id, now) {
+  const ids = subtreeIds(nodes, id);
+  return nodes.map((n) => ids.has(n.id) ? { ...n, archived: true, updatedAt: now } : n);
+}
+function objectsToRoomCategories(nodes, spaceId, fallbackCategory) {
+  const live = nodes.filter((n) => !n.archived);
+  const cats = live.filter((n) => n.type === "category").slice().sort(compareSiblings);
+  const rooms = live.filter((n) => n.type === "room");
+  if (cats.length === 0 && rooms.length === 0) return null;
+  const titleById = new Map(cats.map((c) => [c.id, c.title]));
+  const buckets = /* @__PURE__ */ new Map();
+  for (const c of cats) buckets.set(c.title, []);
+  const toRoom = (n, category) => ({
+    id: n.id,
+    spaceId,
+    category,
+    name: n.title,
+    kind: subtypeToRoomKind(n.subtype),
+    ...n.automation ? { automation: n.automation } : {}
+  });
+  for (const n of rooms.slice().sort(compareSiblings)) {
+    const category = n.parentId != null && titleById.get(n.parentId) || fallbackCategory;
+    if (!buckets.has(category)) buckets.set(category, []);
+    buckets.get(category).push(toRoom(n, category));
+  }
+  return [...buckets.entries()].map(([name, rs]) => ({ name, rooms: rs }));
+}
+function excludeAutomatedRooms(categories) {
+  return categories.map((c) => ({ ...c, rooms: c.rooms.filter((r) => r.kind !== "automated") })).filter((c, i) => c.rooms.length > 0 || categories[i].rooms.length === 0);
+}
+function seedIndexNodes(rooms, now) {
+  const out = [];
+  const catId = /* @__PURE__ */ new Map();
+  let catOrder = 0;
+  for (const r of rooms) {
+    if (catId.has(r.category)) continue;
+    const id = categoryId(r.category);
+    catId.set(r.category, id);
+    out.push({ id, type: "category", parentId: null, order: catOrder++, title: r.category, updatedAt: now });
+  }
+  const orderInCat = /* @__PURE__ */ new Map();
+  for (const r of rooms) {
+    const parentId = catId.get(r.category);
+    const order = (orderInCat.get(parentId) ?? 0) + 1;
+    orderInCat.set(parentId, order);
+    out.push({ id: r.id, type: "room", subtype: roomKindToSubtype(r.kind), parentId, order, title: r.name, updatedAt: now });
+  }
+  return out;
+}
+
+// src/spaces/object-index.ts
+import { ConflictError } from "@drakkar.software/starfish-client";
+function indexNodes(plain) {
+  return Array.isArray(plain.objects) ? plain.objects : [];
+}
+async function readIndexRooms(client, encryptor, indexPath, spaceId) {
+  try {
+    const res = await client.pull(indexPath).catch(() => null);
+    if (!res?.data) return null;
+    const plain = encryptor ? await encryptor.decrypt(res.data) : res.data;
+    const cats = objectsToRoomCategories(indexNodes(plain), spaceId, DEFAULT_CATEGORY);
+    if (!cats) return null;
+    return { rooms: cats.flatMap((c) => c.rooms), categories: cats.map((c) => c.name) };
+  } catch {
+    return null;
+  }
+}
+async function readSpaceIndexRooms(session, spaceId, reg) {
+  if (reg.owner === null && reg.visibility !== "public") return null;
+  try {
+    const { encryptor, client } = await getSpaceAccess(spaceId, session, reg);
+    return await readIndexRooms(client, encryptor, objIndexPull(spaceId), spaceId);
+  } catch {
+    return null;
+  }
+}
+async function readSpaceRooms(session, spaceId, hint) {
+  const access = await buildSpaceAccess(session, spaceId, hint).catch(() => null);
+  if (!access) return [];
+  const idx = await readIndexRooms(access.client, access.encryptor, objIndexPull(spaceId), spaceId);
+  return idx?.rooms ?? [];
+}
+async function pushIndexSeed(client, encryptor, spaceId, rooms) {
+  const res = await client.pull(objIndexPull(spaceId)).catch(() => null);
+  const existing = res?.data;
+  if (existing?._encrypted || Array.isArray(existing?.objects)) return;
+  const nodes = seedIndexNodes(rooms, Date.now());
+  const payload = encryptor ? await encryptor.encrypt({ objects: nodes }) : { objects: nodes };
+  await client.push(objIndexPush(spaceId), payload, res?.hash ?? null);
+}
+async function seedSpaceObjectIndex(session, spaceId, rooms, opts) {
+  const { encryptor, client } = await getSpaceAccess(spaceId, session, {
+    owner: session.userId,
+    members: [],
+    visibility: opts?.visibility
+  });
+  await pushIndexSeed(client, encryptor, spaceId, rooms);
+}
+async function updateObjectIndex(session, spaceId, mutator, reg) {
+  const { client, encryptor } = await getSpaceAccess(spaceId, session, reg ?? null);
+  const pullPath = objIndexPull(spaceId);
+  const pushPath = objIndexPush(spaceId);
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const res = await client.pull(pullPath).catch(() => null);
+    const raw = res?.data;
+    const plain = raw ? encryptor ? await encryptor.decrypt(raw) : raw : {};
+    const cur = Array.isArray(plain.objects) ? plain.objects : [];
+    const next = mutator(cur, Date.now());
+    if (!next) return;
+    const payload = encryptor ? await encryptor.encrypt({ objects: next }) : { objects: next };
+    try {
+      await client.push(pushPath, payload, res?.hash ?? null);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+
+// src/spaces/registry.ts
+var spaceMetaListeners = /* @__PURE__ */ new Set();
+function onSpaceMeta(fn) {
+  spaceMetaListeners.add(fn);
+  return () => {
+    spaceMetaListeners.delete(fn);
+  };
+}
+function broadcastSpaceMeta(spaceId, meta) {
+  for (const fn of spaceMetaListeners) fn(spaceId, meta);
+}
+function coerceDms(raw) {
+  const src = raw && typeof raw === "object" ? raw : {};
+  const out = {};
+  for (const [k, v] of Object.entries(src)) if (typeof v === "string") out[k] = v;
+  return out;
+}
+function coerceMutes(raw) {
+  const r = raw && typeof raw === "object" ? raw : {};
+  const pick = (v) => v && typeof v === "object" ? v : {};
+  return { rooms: pick(r.rooms), spaces: pick(r.spaces) };
+}
+function coerceReads(raw) {
+  const r = raw && typeof raw === "object" ? raw : {};
+  const src = r.rooms && typeof r.rooms === "object" ? r.rooms : {};
+  const rooms = {};
+  for (const [id, v] of Object.entries(src)) if (typeof v === "number" && Number.isFinite(v)) rooms[id] = v;
+  return { rooms };
+}
+function coerceQuickReactions(raw) {
+  return Array.isArray(raw) ? raw.filter((v) => typeof v === "string") : [];
+}
+function coerceArchivedDms(raw) {
+  const src = raw && typeof raw === "object" ? raw : {};
+  const out = {};
+  for (const [k, v] of Object.entries(src)) if (v === true) out[k] = true;
+  return out;
+}
+async function pullSpacesDoc(client, userId) {
+  const res = await client.pull(spacesPull(userId)).catch((err) => {
+    if (err instanceof StarfishHttpError && err.status === 404) return null;
+    throw err;
+  });
+  const data = res?.data;
+  return {
+    spaces: Array.isArray(data?.spaces) ? data.spaces : [],
+    caps: data?.caps && typeof data.caps === "object" ? data.caps : {},
+    mutes: coerceMutes(data?.mutes),
+    reads: coerceReads(data?.reads),
+    pubAccess: data?.pubAccess && typeof data.pubAccess === "object" ? data.pubAccess : {},
+    dms: coerceDms(data?.dms),
+    quickReactions: coerceQuickReactions(data?.quickReactions),
+    archivedDms: coerceArchivedDms(data?.archivedDms),
+    hash: res?.hash ?? null
+  };
+}
+async function readSpaces(client, userId) {
+  try {
+    return await pullSpacesDoc(client, userId);
+  } catch (err) {
+    console.error("[readSpaces] failed to pull spaces registry", err);
+    return {
+      spaces: [],
+      caps: {},
+      mutes: coerceMutes(void 0),
+      reads: coerceReads(void 0),
+      pubAccess: {},
+      dms: {},
+      quickReactions: [],
+      archivedDms: {},
+      hash: null
+    };
+  }
+}
+async function updateSpacesDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const cur = { spaces, caps, pubAccess };
+    const next = mutator(cur);
+    if (next === cur) return;
+    try {
+      await client.push(
+        spacesPush(userId),
+        { v: 1, spaces: next.spaces, caps: next.caps, mutes, reads, pubAccess: next.pubAccess, dms, quickReactions, archivedDms },
+        hash
+      );
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function updateMutesDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const next = mutator(mutes);
+    if (!next) return;
+    try {
+      await client.push(spacesPush(userId), { v: 1, spaces, caps, mutes: next, reads, pubAccess, dms, quickReactions, archivedDms }, hash);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function updateReadsDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const next = mutator(reads);
+    if (!next) return;
+    try {
+      await client.push(spacesPush(userId), { v: 1, spaces, caps, mutes, reads: next, pubAccess, dms, quickReactions, archivedDms }, hash);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function updateDmsDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const next = mutator(dms);
+    if (!next) return;
+    try {
+      await client.push(spacesPush(userId), { v: 1, spaces, caps, mutes, reads, pubAccess, dms: next, quickReactions, archivedDms }, hash);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function updateQuickReactionsDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const next = mutator(quickReactions);
+    if (!next) return;
+    try {
+      await client.push(spacesPush(userId), { v: 1, spaces, caps, mutes, reads, pubAccess, dms, quickReactions: next, archivedDms }, hash);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function updateArchivedDmsDoc(client, userId, mutator) {
+  const MAX_ATTEMPTS = 3;
+  for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+    const { spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms, hash } = await pullSpacesDoc(client, userId);
+    const next = mutator(archivedDms);
+    if (!next) return;
+    try {
+      await client.push(spacesPush(userId), { v: 1, spaces, caps, mutes, reads, pubAccess, dms, quickReactions, archivedDms: next }, hash);
+      return;
+    } catch (err) {
+      if (err instanceof ConflictError2 && attempt < MAX_ATTEMPTS - 1) continue;
+      throw err;
+    }
+  }
+}
+async function setDmMapping(client, userId, peerUserId, spaceId) {
+  await updateDmsDoc(client, userId, (cur) => cur[peerUserId] === spaceId ? null : { ...cur, [peerUserId]: spaceId });
+}
+async function writeSpaces(client, userId, spaces, _hash) {
+  await updateSpacesDoc(client, userId, (cur) => ({ spaces, caps: cur.caps, pubAccess: cur.pubAccess }));
+}
+async function reorderSpaces(client, userId, order) {
+  await updateSpacesDoc(client, userId, (cur) => {
+    const byId = new Map(cur.spaces.map((s) => [s.id, s]));
+    const next = [];
+    for (const id of order) {
+      const s = byId.get(id);
+      if (s) {
+        next.push(s);
+        byId.delete(id);
+      }
+    }
+    for (const s of cur.spaces) if (byId.has(s.id)) next.push(s);
+    const unchanged = next.length === cur.spaces.length && next.every((s, i) => s === cur.spaces[i]);
+    if (unchanged) return cur;
+    return { spaces: next, caps: cur.caps, pubAccess: cur.pubAccess };
+  });
+}
+function newSpaceId() {
+  return `sp-${randomId()}`;
+}
+function normalizeCategories(rooms, stored) {
+  const distinct = [];
+  for (const r of rooms) if (r.category && !distinct.includes(r.category)) distinct.push(r.category);
+  const list = Array.isArray(stored) ? stored.filter((c) => typeof c === "string") : [];
+  if (!list.length) return distinct;
+  const result = [...list];
+  for (const c of distinct) if (!result.includes(c)) result.push(c);
+  return result;
+}
+async function readRooms(client, spaceId) {
+  const res = await client.pull(roomsRegistryPull(spaceId)).catch((err) => {
+    if (err instanceof StarfishHttpError && err.status === 404) return null;
+    throw err;
+  });
+  const data = res?.data;
+  return {
+    owner: typeof data?.owner === "string" ? data.owner : null,
+    members: Array.isArray(data?.members) ? data.members.filter((m) => typeof m === "string") : [],
+    visibility: data?.visibility === "public" ? "public" : null,
+    name: typeof data?.name === "string" ? data.name : null,
+    image: typeof data?.image === "string" ? data.image : null,
+    hash: res?.hash ?? null
+  };
+}
+async function writeRooms(client, spaceId, owner, members, hash, meta) {
+  const name = meta?.name?.trim() || void 0;
+  const image = meta?.image || void 0;
+  const visibility = meta?.visibility === "public" ? "public" : void 0;
+  await client.push(
+    roomsRegistryPush(spaceId),
+    { v: 1, owner, members, ...visibility ? { visibility } : {}, ...name ? { name } : {}, ...image ? { image } : {} },
+    hash
+  );
+}
+async function addSpaceMember(client, spaceId, ownerUserId, memberUserId) {
+  const { owner, members, visibility, name, image, hash } = await readRooms(client, spaceId);
+  if (memberUserId === (owner ?? ownerUserId) || members.includes(memberUserId)) return;
+  await writeRooms(client, spaceId, owner ?? ownerUserId, [...members, memberUserId], hash, { name, image, visibility: visibility ?? void 0 });
+}
+async function removeSpaceMember(client, spaceId, memberUserId) {
+  const { owner, members, visibility, name, image, hash } = await readRooms(client, spaceId);
+  if (!members.includes(memberUserId)) return;
+  await writeRooms(client, spaceId, owner ?? memberUserId, members.filter((m) => m !== memberUserId), hash, { name, image, visibility: visibility ?? void 0 });
+}
+async function addJoinedSpace(client, userId, space) {
+  await updateSpacesDoc(
+    client,
+    userId,
+    (cur) => cur.spaces.some((s) => s.id === space.id) ? cur : { spaces: [...cur.spaces, space], caps: cur.caps, pubAccess: cur.pubAccess }
+  );
+}
+async function addJoinedSpaceWithCap(client, userId, space, capJson) {
+  await updateSpacesDoc(client, userId, (cur) => ({
+    spaces: cur.spaces.some((s) => s.id === space.id) ? cur.spaces : [...cur.spaces, space],
+    caps: { ...cur.caps, [space.id]: capJson },
+    pubAccess: cur.pubAccess
+  }));
+}
+async function addJoinedSpaceWithLinkAccess(client, userId, space, sealed) {
+  await updateSpacesDoc(client, userId, (cur) => ({
+    spaces: cur.spaces.some((s) => s.id === space.id) ? cur.spaces : [...cur.spaces, space],
+    caps: cur.caps,
+    pubAccess: { ...cur.pubAccess, [space.id]: sealed }
+  }));
+}
+async function createSpace(session, name, opts) {
+  const { accountClient, userId } = session;
+  const { spaces, hash } = await readSpaces(accountClient, userId);
+  const trimmed = name.trim() || "New Space";
+  const visibility = opts?.visibility ?? "private";
+  const id = newSpaceId();
+  const space = {
+    id,
+    name: trimmed,
+    short: trimmed.slice(0, 2).toUpperCase(),
+    members: 1,
+    ...visibility === "public" ? { visibility: "public", ownerId: userId, write: true } : {}
+  };
+  await writeRooms(accountClient, id, userId, [], null, { name: trimmed, visibility: visibility === "public" ? "public" : void 0 });
+  await seedSpaceObjectIndex(session, id, [{ id: `${id}-general`, name: "general", kind: "channel", category: DEFAULT_CATEGORY }], { visibility });
+  await writeSpaces(accountClient, userId, [...spaces, space], hash);
+  return space;
+}
+var CategoryError = class extends Error {
+};
+async function reconcileSpaceMeta(client, userId, spaceId, shared2, knownSpaces) {
+  const sharedName = typeof shared2.name === "string" && shared2.name.trim() ? shared2.name : null;
+  const sharedImage = typeof shared2.image === "string" && shared2.image ? shared2.image : null;
+  if (sharedName === null && sharedImage === null) return;
+  const known = knownSpaces?.find((s) => s.id === spaceId);
+  if (known) {
+    const name2 = sharedName ?? known.name;
+    const short2 = name2.slice(0, 2).toUpperCase();
+    const image2 = sharedImage ?? known.image;
+    if (name2 === known.name && short2 === known.short && (image2 ?? null) === (known.image ?? null)) return;
+  }
+  const { spaces, hash } = await readSpaces(client, userId);
+  const cur = spaces.find((s) => s.id === spaceId);
+  if (!cur) return;
+  const name = sharedName ?? cur.name;
+  const image = sharedImage ?? cur.image;
+  const short = name.slice(0, 2).toUpperCase();
+  if (name === cur.name && short === cur.short && (image ?? null) === (cur.image ?? null)) return;
+  const next = spaces.map((s) => s.id === spaceId ? { ...s, name, short, image } : s);
+  await writeSpaces(client, userId, next, hash);
+  broadcastSpaceMeta(spaceId, { name, short, image });
+}
+
+// src/spaces/members.ts
+import { generateDeviceKeys } from "@drakkar.software/starfish-identities";
+import { addCollectionRecipient } from "@drakkar.software/starfish-keyring";
+import { mintMemberCap } from "@drakkar.software/starfish-sharing";
+
+// src/sync/base64url.ts
+function toBase64Url(json) {
+  const bytes = new TextEncoder().encode(json);
+  let bin = "";
+  for (const b of bytes) bin += String.fromCharCode(b);
+  const b64 = typeof btoa === "function" ? btoa(bin) : Buffer.from(json, "utf-8").toString("base64");
+  return b64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function fromBase64Url(b64url) {
+  const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+  if (typeof atob === "function") {
+    const bin = atob(b64);
+    const bytes = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i);
+    return new TextDecoder().decode(bytes);
+  }
+  return Buffer.from(b64, "base64").toString("utf-8");
+}
+
+// src/spaces/members.ts
+function makeJoinRequest(session) {
+  const req2 = { edPub: session.keys.edPub, kemPub: session.keys.kemPub, userId: session.userId };
+  return JSON.stringify(req2);
+}
+function isAlreadyPresentRecipient(err) {
+  return err instanceof Error && /already present in epoch/.test(err.message);
+}
+async function addDeviceToSpaceKeyring(session, spaceId, recipient) {
+  try {
+    await addCollectionRecipient(
+      session.chatClient,
+      keyringName(spaceId),
+      { subKem: recipient.kemPub, userId: recipient.userId, label: recipient.userId.slice(0, 8) },
+      { edPriv: session.keys.edPriv, edPub: session.keys.edPub, kemPriv: session.keys.kemPriv },
+      { trustedAdders: [session.keys.edPub] }
+    );
+  } catch (err) {
+    if (!isAlreadyPresentRecipient(err)) throw err;
+  }
+}
+async function inviteToSpace(session, spaceId, requestJson, canWrite = true, spaceName) {
+  const req2 = JSON.parse(requestJson);
+  if (!req2.edPub || !req2.kemPub || !req2.userId) throw new Error("That is not a valid join request.");
+  await addDeviceToSpaceKeyring(session, spaceId, { kemPub: req2.kemPub, userId: req2.userId });
+  await addSpaceMember(session.accountClient, spaceId, session.userId, req2.userId);
+  const cap = await mintMemberCap(
+    session.keys.edPriv,
+    session.keys.edPub,
+    { edPubHex: req2.edPub, kemPubHex: req2.kemPub, userIdHex: req2.userId },
+    "chat",
+    spaceMemberScope(spaceId, canWrite)
+  );
+  let name = spaceName?.trim();
+  if (!name) {
+    const { spaces } = await readSpaces(session.accountClient, session.userId);
+    name = spaces.find((s) => s.id === spaceId)?.name ?? "Space";
+  }
+  const invite = { spaceId, spaceName: name, cap };
+  return JSON.stringify(invite);
+}
+async function acceptSpaceInvite(session, inviteJson) {
+  const inv = JSON.parse(inviteJson);
+  const cap = inv.cap;
+  if (!cap || !inv.spaceId) throw new Error("That is not a valid space invite.");
+  if (cap.kind !== "member") throw new Error("That is not a valid space invite.");
+  if (!cap.sub || cap.sub !== session.keys.edPub) {
+    throw new Error("This invite was issued for a different identity.");
+  }
+  if (!cap.iss) throw new Error("This invite is missing its issuer.");
+  const spaceId = inv.spaceId;
+  const client = makeClient(cap, session.keys.edPriv);
+  const enc = await buildEncryptor(client, session.keys, spaceId, [cap.iss]);
+  if (!enc) throw new Error("Accepted, but you're not in the space keyring yet \u2014 ask the owner to re-invite.");
+  const capJson = JSON.stringify(cap);
+  const name = inv.spaceName?.trim() || `space-${spaceId.slice(-6)}`;
+  const space = { id: spaceId, name, short: name.slice(0, 2).toUpperCase(), members: 1 };
+  await addJoinedSpaceWithCap(session.accountClient, session.userId, space, capJson);
+  saveSpaceAccessEntry(spaceId, { kind: "member", cap: capJson });
+  return space;
+}
+function encodeSpaceInviteLink(origin, token) {
+  const base = origin.replace(/\/+$/, "");
+  return `${base}/join#${toBase64Url(JSON.stringify(token))}`;
+}
+function decodeSpaceInviteLink(fragment) {
+  const frag = fragment.startsWith("#") ? fragment.slice(1) : fragment;
+  const tok = JSON.parse(fromBase64Url(frag));
+  if (!tok || !tok.spaceId || !tok.cap || !tok.key) {
+    throw new Error("That space invite link is malformed or incomplete.");
+  }
+  return {
+    v: 1,
+    spaceId: tok.spaceId,
+    spaceName: tok.spaceName ?? "Space",
+    cap: tok.cap,
+    key: tok.key,
+    write: !!tok.write
+  };
+}
+async function createSpaceInviteLink(session, spaceId, spaceName, write, origin) {
+  const ek = generateDeviceKeys();
+  const ephemeralUserId = await userIdFromEdPub(ek.edPub);
+  const cap = await mintMemberCap(
+    session.keys.edPriv,
+    session.keys.edPub,
+    { edPubHex: ek.edPub, kemPubHex: ek.kemPub, userIdHex: ephemeralUserId },
+    "chat",
+    spaceMemberScope(spaceId, write)
+  );
+  await addSpaceMember(session.accountClient, spaceId, session.userId, ephemeralUserId);
+  const token = { v: 1, spaceId, spaceName, cap, key: ek.edPriv, write };
+  return { token, link: encodeSpaceInviteLink(origin, token) };
+}
+async function joinSpaceByLink(session, token) {
+  const cap = token.cap;
+  const ownerId = cap.iss ? await userIdFromEdPub(cap.iss) : void 0;
+  const name = token.spaceName.trim() || `space-${token.spaceId.slice(-6)}`;
+  const space = {
+    id: token.spaceId,
+    name,
+    short: name.slice(0, 2).toUpperCase(),
+    members: 1,
+    visibility: "public",
+    ...ownerId ? { ownerId } : {},
+    write: token.write
+  };
+  const accessPayload = { cap: token.cap, key: token.key, write: token.write };
+  const sealed = await sealToSelf(session, JSON.stringify(accessPayload));
+  await addJoinedSpaceWithLinkAccess(session.accountClient, session.userId, space, sealed);
+  saveSpaceAccessEntry(token.spaceId, { kind: "link", cap: token.cap, key: token.key, write: token.write });
+  return space;
+}
+async function recoverSpaceAccess(session, server) {
+  const linkAccess = {};
+  for (const [spaceId, sealed] of Object.entries(server.pubAccess)) {
+    try {
+      const raw = await unsealFromSelf(session, sealed);
+      const parsed = JSON.parse(raw);
+      if (parsed.cap && parsed.key) linkAccess[spaceId] = parsed;
+    } catch (e) {
+      console.error("[octospaces] recoverSpaceAccess: failed to unseal", spaceId, e);
+    }
+  }
+  await hydrateSpaceAccessStore(session.userId, server.caps, linkAccess);
+  const local = localSpaceAccessEntries();
+  const missingMemberCaps = Object.entries(local).filter(([id, e]) => e.kind === "member" && !(id in server.caps));
+  const missingLinks = Object.entries(local).filter(([id, e]) => e.kind === "link" && !(id in server.pubAccess));
+  if (missingMemberCaps.length === 0 && missingLinks.length === 0) return;
+  try {
+    const newCaps = {};
+    for (const [id, e] of missingMemberCaps) if (e.kind === "member") newCaps[id] = e.cap;
+    const newPubAccess = {};
+    for (const [id, e] of missingLinks) {
+      if (e.kind === "link") {
+        newPubAccess[id] = await sealToSelf(session, JSON.stringify({ cap: e.cap, key: e.key, write: e.write }));
+      }
+    }
+    await updateSpacesDoc(session.accountClient, session.userId, (cur) => ({
+      spaces: cur.spaces,
+      caps: { ...cur.caps, ...newCaps },
+      pubAccess: { ...cur.pubAccess, ...newPubAccess }
+    }));
+  } catch (e) {
+    console.error("[octospaces] recoverSpaceAccess: backfill failed", e);
+  }
+}
+
+// src/sync/pairing.ts
+import { StarfishClient as StarfishClient2 } from "@drakkar.software/starfish-client";
+import {
+  installPairingBundle,
+  openWithPassphrase,
+  provisionDevice,
+  sealWithPassphrase
+} from "@drakkar.software/starfish-identities";
+var PAIR_PREFIX = "octospaces-pair:";
+var LINKED_DEVICE_TTL_SEC = 365 * 24 * 60 * 60;
+function anonClient() {
+  return new StarfishClient2({ baseUrl: getSyncBase(), namespace: getSyncNamespace(), fetch: fetchWithTimeout() });
+}
+function randomNonce() {
+  const b = new Uint8Array(16);
+  globalThis.crypto.getRandomValues(b);
+  return bytesToHex(b);
+}
+async function startDevicePairing(session, pin) {
+  const { deviceKeys, bundle } = await provisionDevice(
+    { edPriv: session.keys.edPriv, edPub: session.keys.edPub },
+    { scope: linkedDeviceScope(session.userId), ttlSec: LINKED_DEVICE_TTL_SEC }
+  );
+  const { spaces, caps } = await readSpaces(session.accountClient, session.userId);
+  for (const space of spaces) {
+    if (caps[space.id]) continue;
+    try {
+      await addDeviceToSpaceKeyring(session, space.id, { kemPub: deviceKeys.kemPub, userId: session.userId });
+    } catch (err) {
+      console.log("[pairing] keyring grant failed", { spaceId: space.id, error: String(err?.message ?? err) });
+    }
+  }
+  const blob = JSON.stringify({ v: 1, keys: deviceKeys, bundle });
+  const sealed = await sealWithPassphrase(pin, new TextEncoder().encode(blob));
+  const nonce = randomNonce();
+  await anonClient().push(`/push/_pairing/${nonce}`, sealed, null);
+  return `${PAIR_PREFIX}${nonce}.${session.keys.edPub}`;
+}
+async function completeDevicePairing(payload, pin) {
+  const body = (payload.startsWith(PAIR_PREFIX) || payload.includes("-pair:") ? payload.slice(payload.indexOf(":") + 1) : payload).trim();
+  const [nonce, expectedRootEdPub] = body.split(".");
+  const res = await anonClient().pull(`/pull/_pairing/${nonce}`).catch(() => null);
+  const sealed = res?.data;
+  if (!sealed || !sealed.v) throw new Error("Pairing code not found or expired.");
+  let inner;
+  try {
+    inner = await openWithPassphrase(pin, sealed);
+  } catch {
+    throw new Error("Wrong PIN or corrupted pairing code.");
+  }
+  const blob = JSON.parse(new TextDecoder().decode(inner));
+  const opts = expectedRootEdPub ? { expectedRootEdPub } : {};
+  const installed = await installPairingBundle(
+    blob.bundle,
+    blob.keys,
+    opts
+  );
+  const userId = installed.credentials.userId;
+  return {
+    userId,
+    fingerprint: fingerprintFromUserId(userId),
+    deviceKeys: installed.credentials.device,
+    capCert: installed.credentials.capCert
+  };
+}
+
+// src/sync/base64.ts
+var CHUNK = 24576;
+var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+var REVERSE = (() => {
+  const table = new Int16Array(128).fill(-1);
+  for (let i = 0; i < ALPHABET.length; i++) table[ALPHABET.charCodeAt(i)] = i;
+  return table;
+})();
+var nativeCodec = typeof globalThis !== "undefined" && typeof globalThis.btoa === "function" && typeof globalThis.atob === "function";
+function encodeViaBtoa(data) {
+  let binary = "";
+  for (let i = 0; i < data.length; i += CHUNK) {
+    binary += String.fromCharCode.apply(null, data.subarray(i, i + CHUNK));
+  }
+  return globalThis.btoa(binary);
+}
+function decodeViaAtob(encoded) {
+  const binary = globalThis.atob(encoded);
+  const out = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);
+  return out;
+}
+function encodePure(data) {
+  const len = data.length;
+  const full = len - len % 3;
+  const parts = [];
+  for (let start = 0; start < full; start += CHUNK) {
+    const stop = Math.min(start + CHUNK, full);
+    let s = "";
+    for (let i = start; i < stop; i += 3) {
+      const n = data[i] << 16 | data[i + 1] << 8 | data[i + 2];
+      s += ALPHABET[n >> 18 & 63] + ALPHABET[n >> 12 & 63] + ALPHABET[n >> 6 & 63] + ALPHABET[n & 63];
+    }
+    parts.push(s);
+  }
+  if (len - full === 1) {
+    const n = data[full] << 16;
+    parts.push(ALPHABET[n >> 18 & 63] + ALPHABET[n >> 12 & 63] + "==");
+  } else if (len - full === 2) {
+    const n = data[full] << 16 | data[full + 1] << 8;
+    parts.push(ALPHABET[n >> 18 & 63] + ALPHABET[n >> 12 & 63] + ALPHABET[n >> 6 & 63] + "=");
+  }
+  return parts.join("");
+}
+function decodePure(encoded) {
+  let validLen = encoded.length;
+  while (validLen > 0 && encoded.charCodeAt(validLen - 1) === 61) validLen--;
+  const out = new Uint8Array(validLen * 3 >> 2);
+  let o = 0, buf = 0, bits = 0;
+  for (let i = 0; i < validLen; i++) {
+    const code = encoded.charCodeAt(i);
+    const v = code < 128 ? REVERSE[code] : -1;
+    if (v < 0) continue;
+    buf = buf << 6 | v;
+    bits += 6;
+    if (bits >= 8) {
+      bits -= 8;
+      out[o++] = buf >> bits & 255;
+    }
+  }
+  return o === out.length ? out : out.subarray(0, o);
+}
+var starfishBase64 = nativeCodec ? { encode: encodeViaBtoa, decode: decodeViaAtob } : { encode: encodePure, decode: decodePure };
+export {
+  CONNECT_TIMEOUT_MS,
+  CategoryError,
+  DEFAULT_CATEGORY,
+  OBJECT_COLLECTIONS,
+  PAIR_PREFIX,
+  PULL_CACHE_MAX_AGE_MS,
+  SpaceAccessError,
+  acceptSpaceInvite,
+  accountScope,
+  addDeviceToSpaceKeyring,
+  addJoinedSpace,
+  addJoinedSpaceWithCap,
+  addJoinedSpaceWithLinkAccess,
+  addObject,
+  addSpaceMember,
+  ancestors,
+  archiveObject,
+  attachmentPull,
+  attachmentPush,
+  breadcrumbs,
+  broadcastSpaceMeta,
+  buildAuthHeaders,
+  buildEncryptor,
+  buildLinkedSession,
+  buildSession,
+  buildSpaceAccess,
+  buildTree,
+  bytesToHex,
+  cacheProfile,
+  capProviderFor,
+  categoryId,
+  clearSpaceAccessCache,
+  clearSpaceAccessStore,
+  completeDevicePairing,
+  configureKv,
+  configureOctoSpaces,
+  createSpace,
+  createSpaceInviteLink,
+  decodeSpaceInviteLink,
+  deriveSession,
+  encodeSpaceInviteLink,
+  ensureProfileKeys,
+  ensurePseudo,
+  excludeAutomatedRooms,
+  fetchWithTimeout,
+  fingerprintFromUserId,
+  fromBase64Url,
+  generateSeedWords,
+  getSharedSpacesNamespace,
+  getSpaceAccess,
+  getSpaceAccessEntry,
+  getSyncBase,
+  getSyncNamespace,
+  getSyncPrefix,
+  hydrateSpaceAccessStore,
+  inviteToSpace,
+  isValidSeed,
+  joinSpaceByLink,
+  keyringName,
+  keyringPull,
+  keyringPush,
+  kvGet,
+  kvRemove,
+  kvSet,
+  linkAccessFromStore,
+  linkedDeviceScope,
+  loadCachedProfile,
+  localSpaceAccessEntries,
+  makeClient,
+  makeJoinRequest,
+  memberCapsFromStore,
+  nextOrder,
+  normalizeCategories,
+  objDocPull,
+  objDocPush,
+  objIndexPull,
+  objIndexPush,
+  objLogPull,
+  objLogPush,
+  objectBlobPull,
+  objectBlobPush,
+  objectsToRoomCategories,
+  onSpaceMeta,
+  openEncryptor,
+  ownerEnsureKeyring,
+  ownerScope,
+  ownerTrustedAdders,
+  patchObject,
+  profilePull,
+  profilePush,
+  pullCache,
+  pushIndexSeed,
+  randomId,
+  readIndexRooms,
+  readProfile,
+  readProfiles,
+  readPseudo,
+  readRooms,
+  readSpaceIndexRooms,
+  readSpaceRooms,
+  readSpaces,
+  reconcileSpaceMeta,
+  recoverSpaceAccess,
+  removeSpaceAccessEntry,
+  removeSpaceMember,
+  reorderObjects,
+  reorderSpaces,
+  reparentObject,
+  roomKindToSubtype,
+  roomSlug,
+  roomsRegistryPull,
+  roomsRegistryPush,
+  rootIdentityOf,
+  saveSpaceAccessEntry,
+  sealToRecipient,
+  sealToSelf,
+  seedIndexNodes,
+  seedSpaceObjectIndex,
+  setDmMapping,
+  spaceIndexPull,
+  spaceMemberScope,
+  spacesPull,
+  spacesPush,
+  starfishBase64,
+  startDevicePairing,
+  subtreeIds,
+  subtypeToRoomKind,
+  toBase64Url,
+  typesIndexPull,
+  typesIndexPush,
+  unsealFromRecipient,
+  unsealFromSelf,
+  updateArchivedDmsDoc,
+  updateDmsDoc,
+  updateMutesDoc,
+  updateObjectIndex,
+  updateQuickReactionsDoc,
+  updateReadsDoc,
+  updateSpacesDoc,
+  userIdFromEdPub,
+  writeProfile,
+  writePseudo,
+  writeRooms,
+  writeSpaces
+};
+//# sourceMappingURL=index.js.map