@drakkar.software/starfish-client 2.2.0 → 3.0.0-alpha.0

package/README.md

@@ -0,0 +1,219 @@
+# @drakkar.software/starfish-client
+
+TypeScript client SDK for [Starfish](../../../README.md) — browser, Node.js, and React Native. Pull/push documents with hash-based conflict detection, end-to-end multi-recipient encryption, and cap-cert authorization.
+
+## Install
+
+```bash
+pnpm add @drakkar.software/starfish-client @drakkar.software/starfish-protocol
+```
+
+Optional state bindings: `npm install zustand` (or `@legendapp/state`).
+
+## What's in v3.0
+
+Starfish 3.0 is a clean break from 2.x. The v2 `deriveCredentials` / `generatePassphrase` / Bearer-token `authProvider` / `signData` / `signatureVerifier` / `createEncryptor` / `group-crypto` surface is **deleted**. See [docs/migration/v2-to-v3.md](../../../docs/migration/v2-to-v3.md).
+
+The v3 model in one sentence: a passphrase derives an Ed25519+X25519 **root identity**, which signs **capability certificates** for each device or member, and each authenticated request is itself Ed25519-signed under the cap's subject key.
+
+## Quickstart (v3)
+
+```ts
+import {
+  StarfishClient,
+  SyncManager,
+  bootstrapRootIdentity,
+  createKeyringEncryptor,
+  type Keyring,
+} from "@drakkar.software/starfish-client"
+
+// 1. Derive root identity + self-signed cap-cert from a passphrase.
+const creds = await bootstrapRootIdentity(passphrase)
+// creds = { rootEdPub, userId, device: {edPriv,edPub,kemPriv,kemPub}, capCert }
+
+// 2. Wire StarfishClient to a CapProvider — every request is signed.
+const client = new StarfishClient({
+  baseUrl: "https://api.example.com/v1",
+  capProvider: {
+    getCap: async () => ({ cap: creds.capCert, devEdPrivHex: creds.device.edPriv }),
+  },
+})
+
+// 3. (Delegated only) build an encryptor from the collection's keyring.
+const keyring = (await client.pull(`/pull/notes/_keyring`)).data as Keyring
+const encryptor = await createKeyringEncryptor(
+  keyring,
+  { kemPubHex: creds.device.kemPub, kemPrivHex: creds.device.kemPriv },
+  { trustedAdders: [creds.rootEdPub] },   // required — pubkey(s) you trust to grant access
+)
+
+// 4. Sync with optional per-push author signature.
+const sync = new SyncManager({
+  client,
+  pullPath: `/pull/notes/${creds.userId}`,
+  pushPath: `/push/notes/${creds.userId}`,
+  encryptor,
+  signer: {
+    getSigner: async () => ({
+      devEdPubHex: creds.device.edPub,
+      sign: async (bytes) => ed25519Sign(creds.device.edPriv, bytes),
+    }),
+  },
+})
+
+await sync.push({ items: ["note 1"] })  // sealed, signed, hash-checked
+await sync.pull()                        // decrypted plaintext
+```
+
+## Identity & key derivation
+
+```ts
+import { bootstrapRootIdentity, deriveRootIdentity } from "@drakkar.software/starfish-client"
+```
+
+- `deriveRootIdentity(passphrase)` — passphrase → `{ userId, keys: {edPriv, edPub, kemPriv, kemPub} }`. Pure derivation, no cap-cert.
+- `bootstrapRootIdentity(passphrase)` — same derivation plus a self-signed `kind: "device"` full-scope cap-cert. Use this on the first device.
+
+`userId = sha256(rootEdPub)[0:32]`. Two independent HKDF derivations (signing vs KEM) give full domain separation.
+
+Details: [docs/ts/client/11-identity-key-derivation.md](../../../docs/ts/client/11-identity-key-derivation.md).
+
+## Cap-cert minting
+
+```ts
+import { mintDeviceCap, mintMemberCap, scopes } from "@drakkar.software/starfish-client"
+```
+
+- `mintDeviceCap(rootEdPriv, rootEdPub, subject, scope, opts?)` — subject acts as a proxy for the issuer (`auth.identity = issUserId`). Used for additional devices the user controls.
+- `mintMemberCap(rootEdPriv, rootEdPub, subject, scope, opts?)` — subject keeps its own identity (`auth.identity = subUserId`); cap adds collection-scoped roles only.
+
+### Scope presets
+
+| Preset | Ops | Paths |
+|---|---|---|
+| `scopes.readOnly(c)` | `read`, `list` | `c/*` |
+| `scopes.writer(c)` | `read`, `list`, `write` | `c/*`, `!c/_keyring` (cannot grant new recipients) |
+| `scopes.admin(c)` | `read`, `list`, `write` | `c/*` (can grant via the keyring) |
+| `scopes.rootAll()` | all | `*` (device caps only) |
+
+The `!` prefix in `paths` is a denylist; explicit deny beats wildcard allow.
+
+Details: [docs/ts/client/25-capability-certs.md](../../../docs/ts/client/25-capability-certs.md).
+
+## Pairing additional devices
+
+Three onboarding flows, all returning the same `DeviceCredentials` shape:
+
+| Flow | Network | Helper |
+|---|---|---|
+| Bootstrap (first device) | none | `bootstrapRootIdentity(passphrase)` |
+| QR (in-person, server-free) | none | `buildPairingQr` → `parsePairingQr` → `assemblePairingBundle` → `installPairingBundle` |
+| Server-relay (remote, 6-digit code) | 2 TTL'd Starfish documents | `buildPairingRequest` → `readPairingRequest` → `buildPairingResponse` → `readPairingResponse` → `installPairingBundle` |
+
+```ts
+import {
+  bootstrapRootIdentity,
+  buildPairingQr,
+  parsePairingQr,
+  assemblePairingBundle,
+  installPairingBundle,
+  buildPairingRequest,
+  readPairingRequest,
+  buildPairingResponse,
+  readPairingResponse,
+  deriveCodeKey,
+} from "@drakkar.software/starfish-client"
+```
+
+`deriveCodeKey(code, salt, iterations?)` is the PBKDF2-HMAC-SHA256 (200 000 iterations by default) used by the relay flow.
+
+Full walkthroughs: [docs/ts/client/24-pairing.md](../../../docs/ts/client/24-pairing.md).
+
+## Multi-recipient delegated encryption
+
+A `"delegated"` collection has data documents (opaque ciphertext) plus one **keyring document** at `<collection>/_keyring` that wraps the current Content Encryption Key (CEK) for each recipient via X25519 ECDH + HKDF + AES-256-GCM (HPKE-DHKEM style).
+
+### Low-level keyring API
+
+```ts
+import {
+  createKeyring,
+  addRecipient,            // low-level: append entry to an in-memory keyring
+  rotateEpoch,
+  wrapForRecipient,
+  unwrapFromEntry,
+  verifyEntrySignature,
+  createKeyringEncryptor,
+  type Keyring,
+  type KeyringEpoch,
+  type WrappedKeyEntry,
+  type KeyringEncryptor,
+  KEYRING_WRAP_SALT,
+  KEYRING_WRAP_INFO,
+  KEYRING_IV_BYTES,
+} from "@drakkar.software/starfish-client"
+```
+
+- `createKeyring(adder, recipients, cek?, addedAt?)` — first-time setup, generates a CEK if not provided.
+- `addRecipient(keyring, adder, currentCek, recipientKemHex, addedAt?)` — appends one wrap entry to the current epoch.
+- `rotateEpoch(keyring, adder, retainedRecipients, addedAt?)` — mints a fresh CEK in `currentEpoch + 1`, re-wraps for the retained set.
+- `createKeyringEncryptor(keyring, deviceKem, { trustedAdders, minEpoch? })` — returns an `Encryptor` compatible with `SyncManager`. Encrypts under `currentEpoch`; decrypts any epoch the device has a wrap for. `trustedAdders` is **required** (throws without it); optional `minEpoch` rejects a rolled-back keyring below the last-seen epoch.
+
+### Collection-scoped recipient management
+
+```ts
+import {
+  addCollectionRecipient,   // adds + pushes the keyring back to the server
+  removeRecipient,
+  listRecipients,
+  currentEpoch,
+  keyringPathFor,
+  type RecipientRef,
+  type AdderKeys,
+  type ListedRecipient,
+} from "@drakkar.software/starfish-client"
+```
+
+These wrap the low-level helpers with HTTP I/O via `StarfishClient`: each operation pulls the keyring, mutates it, and pushes back with hash-checked optimistic concurrency. `addCollectionRecipient`, `removeRecipient`, and `listRecipients` all **require** a `trustedAdders` pin (they throw without one); `listRecipients` returns only provenance-verified entries.
+
+Details + algorithm + threat model: [docs/ts/client/23-multi-recipient-delegated.md](../../../docs/ts/client/23-multi-recipient-delegated.md).
+
+## `StarfishClient`
+
+```ts
+new StarfishClient({
+  baseUrl: "https://api.example.com/v1",
+  capProvider,            // v3 — signs every request. Replaces v2 `auth`/`authProvider`.
+  fetch,                  // optional custom fetch
+})
+```
+
+`StarfishCapProvider` is a single-method protocol: `getCap(): Promise<{ cap: CapCert, devEdPrivHex: string }>`. Implementations are expected to cache. When a `capProvider` is set, every outgoing request carries `Authorization: Cap <base64(stableStringify(cap))>` plus `X-Starfish-Sig`, `X-Starfish-Ts`, `X-Starfish-Nonce`.
+
+Omit `capProvider` for unauthenticated public reads.
+
+## `SyncManager`
+
+```ts
+new SyncManager({
+  client, pullPath, pushPath,
+  encryptor,              // typically createKeyringEncryptor(...)
+  signer,                 // SyncSigner — replaces v2 `signData`
+  onConflict, maxRetries, validate, logger,
+})
+```
+
+- `signer.getSigner()` returns `{ devEdPubHex, sign(payload) }`. When set, every push attaches `authorPubkey = cap.sub` and `authorSignature = base64(Ed25519(payload))` over the encrypted payload (without the author fields).
+- `encryptor` is the only encryption option — the v2 single-secret `encryptionSecret`/`encryptionSalt` shorthand was removed in v3.
+
+## Other utilities
+
+The package also re-exports the v2 ergonomics that survived intact: `consoleSyncLogger`, `noopSyncLogger`, `createMetricsCollector`, `createMigrator`, `createSchemaValidator`, `classifyError`, conflict resolvers (`createUnionMerge`, `createSoftDeleteResolver`, `timestampWinner`, `pruneTombstones`), `SnapshotHistory`, `startPolling`/`startAdaptivePolling`, `createDedupFetch`, `fetchServerConfig`, `pullEntitlements`, `createIndexedDBStorage`, `exportData`/`importData`, `createDebouncedSync`/`createDebouncedPush`, `createMultiStoreSync`, `createMobileLifecycle`, and the Zustand/Legend bindings via the `./zustand` and `./legend` subpaths.
+
+See the root [README.md](../../../README.md) for the catalog and [docs/ts/client/](../../../docs/ts/client/) for in-depth guides.
+
+## Removed in v3.0
+
+`deriveCredentials`, `generatePassphrase`, `buildInviteUrl`, `parseInviteUrl` (the v2 passphrase identity surface), `createEncryptor` and the `SyncManager` `encryptionSecret`/`encryptionSalt`/`encryptionInfo` options, `wrapGroupKey`, `createGroupKeyring`, `addGroupMember`, `rotateGroupKey`, `createGroupEncryptor`, the v2 `auth`/`authProvider` Bearer hook, the `signData` callback, and the `signatureVerifier` server hook are all gone. Code that imports any of them will fail to build against v3.
+
+Migration runbook: [docs/migration/v2-to-v3.md](../../../docs/migration/v2-to-v3.md).

package/dist/_crypto_helpers.d.ts

@@ -0,0 +1,4 @@
+export declare function hkdfBytes(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array, lengthBytes?: number): Promise<Uint8Array>;
+export declare function bytesToHex(bytes: Uint8Array): string;
+export declare function hexToBytes(hex: string): Uint8Array;
+export declare function concat(...parts: Uint8Array[]): Uint8Array;

package/dist/bindings/zustand.d.ts

@@ -1,8 +1,9 @@
 import { type StoreApi } from "zustand/vanilla";
 import { type StateStorage } from "zustand/middleware";
 import type { DevtoolsOptions } from "zustand/middleware";
+import type { Encryptor } from "@drakkar.software/starfish-protocol";
 import { SyncManager } from "../sync.js";
-import type { AuthProvider, ConflictResolver } from "../types.js";
+import type { StarfishCapProvider, ConflictResolver } from "../types.js";
 import type { SyncLogger } from "../logger.js";
 import type { Validator } from "../validate.js";
 export interface StarfishState {
@@ -103,11 +104,11 @@ export declare function useConnectivity(store: StoreApi<StarfishStore>): void;
 export declare function useLastSynced(store: StoreApi<StarfishStore>): string;
 export interface SyncInitConfig {
     serverUrl: string;
-    auth?: AuthProvider;
+    capProvider?: StarfishCapProvider;
     pullPath: string;
     pushPath: string;
-    encryptionSecret?: string;
-    encryptionSalt?: string;
+    /** Pre-built encryptor for E2E collections (build via `createKeyringEncryptor`). */
+    encryptor?: Encryptor;
     onConflict?: ConflictResolver;
     /** Called when pulled data arrives. Use to restore domain stores. */
     onData?: (data: Record<string, unknown>) => void;

package/dist/bindings/zustand.js

@@ -228,6 +228,12 @@ var persist = persistImpl;
 // src/bindings/zustand.ts
 import { useEffect, useRef, useState, useCallback } from "react";
 
+// src/client.ts
+import {
+  signRequest,
+  stableStringify
+} from "@drakkar.software/starfish-protocol";
+
 // src/types.ts
 var ConflictError = class extends Error {
   constructor() {
@@ -246,34 +252,109 @@ var StarfishHttpError = class extends Error {
 
 // src/client.ts
 var APPEND_DEFAULT_FIELD = "items";
+function encodeCapAuth(cap) {
+  const json = stableStringify(cap);
+  if (typeof btoa === "function") {
+    return btoa(json);
+  }
+  const bufCtor = globalThis.Buffer;
+  if (bufCtor) return bufCtor.from(json, "utf-8").toString("base64");
+  throw new Error("No base64 encoder available");
+}
 var StarfishClient = class {
   baseUrl;
-  auth;
+  capProvider;
   fetch;
+  /**
+   * Installed client-side plugins. Currently stored as inert data; no
+   * hooks fire yet. Extensions can inspect this list if needed.
+   */
+  plugins;
   constructor(options) {
     this.baseUrl = options.baseUrl.replace(/\/$/, "");
-    this.auth = options.auth;
+    this.capProvider = options.capProvider;
     this.fetch = options.fetch ?? globalThis.fetch.bind(globalThis);
+    this.plugins = options.plugins ? [...options.plugins] : [];
+  }
+  /**
+   * Resolve the host portion of the URL the client will send to. The host
+   * is folded into the signed canonical input as the `h` field so the
+   * server can refuse a signature that was minted against a different
+   * Starfish host (replay-across-servers defence).
+   *
+   * When `baseUrl` is relative — e.g. the consumer passed a custom `fetch`
+   * that resolves relative URLs in its own context — there is no parseable
+   * host; we return `""` so signing still proceeds. The server-side
+   * verifier will also reconstruct host from its inbound URL, so the
+   * empty-host case still verifies symmetrically when both sides agree.
+   */
+  signingHost() {
+    try {
+      return new URL(this.baseUrl).host;
+    } catch {
+      return "";
+    }
+  }
+  /**
+   * Build auth headers for a request. When a `capProvider` is set, signs the
+   * request with the device's Ed25519 private key and returns the v3 header
+   * set (`Authorization: Cap …`, `X-Starfish-Sig`, `X-Starfish-Ts`,
+   * `X-Starfish-Nonce`). Empty when no provider is configured (public reads).
+   *
+   * Body bytes signed MUST equal the bytes sent on the wire — callers pass
+   * the already-serialized body string here so signing and transmission agree.
+   * The host bound into the signature is derived from `baseUrl` once per call.
+   */
+  async buildAuthHeaders(method, pathAndQuery, body) {
+    if (this.capProvider) {
+      const { cap, devEdPrivHex } = await this.capProvider.getCap();
+      const req = {
+        method,
+        pathAndQuery,
+        body,
+        host: this.signingHost()
+      };
+      const { sig, ts, nonce } = await signRequest(req, devEdPrivHex);
+      return {
+        Authorization: `Cap ${encodeCapAuth(cap)}`,
+        "X-Starfish-Sig": sig,
+        "X-Starfish-Ts": String(ts),
+        "X-Starfish-Nonce": nonce
+      };
+    }
+    return {};
   }
   async pull(path, checkpointOrOptions) {
-    let url = `${this.baseUrl}${path}`;
+    let pathAndQuery = path;
     let appendField;
     if (typeof checkpointOrOptions === "number") {
-      if (checkpointOrOptions) url += `?checkpoint=${checkpointOrOptions}`;
+      if (checkpointOrOptions) pathAndQuery += `?checkpoint=${checkpointOrOptions}`;
     } else if (checkpointOrOptions != null) {
-      appendField = checkpointOrOptions.appendField ?? APPEND_DEFAULT_FIELD;
+      const opts = checkpointOrOptions;
+      const isPullOptions = opts.withKeyring !== void 0 || opts.checkpoint !== void 0;
       const params = new URLSearchParams();
-      if (checkpointOrOptions.since != null) {
-        if (checkpointOrOptions.since < 0) throw new Error("since must be non-negative");
-        params.set("checkpoint", String(checkpointOrOptions.since));
-      }
-      if (checkpointOrOptions.last != null) {
-        if (checkpointOrOptions.last < 0) throw new Error("last must be non-negative");
-        params.set("last", String(checkpointOrOptions.last));
+      if (isPullOptions) {
+        if (opts.checkpoint != null && opts.checkpoint > 0) {
+          params.set("checkpoint", String(opts.checkpoint));
+        }
+        if (opts.withKeyring) {
+          params.set("withKeyring", "1");
+        }
+      } else {
+        appendField = opts.appendField ?? APPEND_DEFAULT_FIELD;
+        if (opts.since != null) {
+          if (opts.since < 0) throw new Error("since must be non-negative");
+          params.set("checkpoint", String(opts.since));
+        }
+        if (opts.last != null) {
+          if (opts.last < 0) throw new Error("last must be non-negative");
+          params.set("last", String(opts.last));
+        }
       }
-      if (params.size > 0) url += `?${params.toString()}`;
+      if (params.size > 0) pathAndQuery += `?${params.toString()}`;
     }
-    const authHeaders = this.auth ? await this.auth({ method: "GET", path, body: null }) : {};
+    const url = `${this.baseUrl}${pathAndQuery}`;
+    const authHeaders = await this.buildAuthHeaders("GET", pathAndQuery, void 0);
     const res = await this.fetch(url, {
       method: "GET",
       headers: { Accept: "application/json", ...authHeaders }
@@ -293,16 +374,17 @@ var StarfishClient = class {
    * @param path - The push endpoint path (e.g. "/push/users/abc/settings")
    * @param data - The full document data to push
    * @param baseHash - Hash of the document this push is based on (null for first push)
-   * @param authorSignature - Optional author signature for provenance
+   *
+   * v3 author fields (`authorPubkey` + `authorSignature`) live inside `data`
+   * and are produced by `SyncManager` when a `signer` is configured.
    * @throws {ConflictError} if the server detects a hash mismatch (409)
    */
-  async push(path, data, baseHash, authorSignature) {
+  async push(path, data, baseHash) {
     const body = JSON.stringify({
       data,
-      baseHash,
-      ...authorSignature && { authorSignature }
+      baseHash
     });
-    const authHeaders = this.auth ? await this.auth({ method: "POST", path, body }) : {};
+    const authHeaders = await this.buildAuthHeaders("POST", path, body);
     const res = await this.fetch(`${this.baseUrl}${path}`, {
       method: "POST",
       headers: {
@@ -325,7 +407,7 @@ var StarfishClient = class {
    * Returns raw bytes with the content hash from the ETag header.
    */
   async pullBlob(path) {
-    const authHeaders = this.auth ? await this.auth({ method: "GET", path, body: null }) : {};
+    const authHeaders = await this.buildAuthHeaders("GET", path, void 0);
     const res = await this.fetch(`${this.baseUrl}${path}`, {
       method: "GET",
       headers: { Accept: "*/*", ...authHeaders }
@@ -343,7 +425,7 @@ var StarfishClient = class {
    * Binary collections use last-write-wins (no conflict detection).
    */
   async pushBlob(path, data, contentType) {
-    const authHeaders = this.auth ? await this.auth({ method: "POST", path, body: null }) : {};
+    const authHeaders = await this.buildAuthHeaders("POST", path, void 0);
     const res = await this.fetch(`${this.baseUrl}${path}`, {
       method: "POST",
       headers: {
@@ -361,51 +443,7 @@ var StarfishClient = class {
 };
 
 // src/sync.ts
-import { deepMerge, stableStringify } from "@drakkar.software/starfish-protocol";
-
-// src/crypto.ts
-import { getCrypto, getBase64, IV_BYTES, ENCRYPTED_KEY, deriveKey } from "@drakkar.software/starfish-protocol";
-var ALGO = "AES-GCM";
-function createEncryptor(secret, salt, info = "starfish-e2e") {
-  if (!secret) throw new Error("encryptionSecret must not be empty");
-  if (!salt) throw new Error("encryptionSalt must not be empty");
-  const keyPromise = deriveKey(secret, salt, info);
-  return {
-    async encrypt(data) {
-      const key = await keyPromise;
-      const c = getCrypto();
-      const b64 = getBase64();
-      const plaintext = new TextEncoder().encode(JSON.stringify(data));
-      const iv = c.getRandomValues(new Uint8Array(IV_BYTES));
-      const ciphertext = await c.subtle.encrypt({ name: ALGO, iv }, key, plaintext);
-      const combined = new Uint8Array(iv.length + ciphertext.byteLength);
-      combined.set(iv);
-      combined.set(new Uint8Array(ciphertext), iv.length);
-      return { [ENCRYPTED_KEY]: b64.encode(combined) };
-    },
-    async decrypt(wrapper) {
-      const encoded = wrapper[ENCRYPTED_KEY];
-      if (typeof encoded !== "string") {
-        throw new Error("Expected encrypted data but received unencrypted document");
-      }
-      const key = await keyPromise;
-      const c = getCrypto();
-      const b64 = getBase64();
-      const combined = b64.decode(encoded);
-      if (combined.length < IV_BYTES) {
-        throw new Error("Encrypted data is too short");
-      }
-      const iv = combined.slice(0, IV_BYTES);
-      const ciphertext = combined.slice(IV_BYTES);
-      try {
-        const plaintext = await c.subtle.decrypt({ name: ALGO, iv }, key, ciphertext);
-        return JSON.parse(new TextDecoder().decode(plaintext));
-      } catch (err) {
-        throw new Error("Decryption failed: data may be tampered or key is incorrect", { cause: err });
-      }
-    }
-  };
-}
+import { deepMerge, getBase64, stableStringify as stableStringify2 } from "@drakkar.software/starfish-protocol";
 
 // src/validate.ts
 var ValidationError = class extends Error {
@@ -430,7 +468,7 @@ var SyncManager = class {
   onConflict;
   maxRetries;
   encryptor;
-  signData;
+  signer;
   logger;
   loggerName;
   validate;
@@ -444,11 +482,11 @@ var SyncManager = class {
     this.pushPath = options.pushPath;
     this.onConflict = options.onConflict ?? deepMerge;
     this.maxRetries = options.maxRetries ?? 3;
-    this.signData = options.signData;
+    this.signer = options.signer;
     this.logger = options.logger;
     this.loggerName = options.loggerName ?? options.pullPath.split("/").filter(Boolean).pop() ?? options.pullPath;
     this.validate = options.validate;
-    this.encryptor = options.encryptor ?? (options.encryptionSecret && options.encryptionSalt ? createEncryptor(options.encryptionSecret, options.encryptionSalt, options.encryptionInfo) : null);
+    this.encryptor = options.encryptor ?? null;
   }
   abort() {
     this.aborted = true;
@@ -508,15 +546,25 @@ var SyncManager = class {
     let pendingData = data;
     while (attempt <= this.maxRetries) {
       try {
-        const payload = this.encryptor ? await this.encryptor.encrypt(pendingData) : pendingData;
-        if (this.aborted) throw new AbortError();
-        const sig = this.signData ? await this.signData(stableStringify(payload)) : void 0;
+        const sealed = this.encryptor ? await this.encryptor.encrypt(pendingData) : pendingData;
         if (this.aborted) throw new AbortError();
+        let payload = sealed;
+        if (this.signer) {
+          const { devEdPubHex, sign } = await this.signer.getSigner();
+          if (this.aborted) throw new AbortError();
+          const canonical = stableStringify2(sealed);
+          const sigBytes = await sign(new TextEncoder().encode(canonical));
+          if (this.aborted) throw new AbortError();
+          payload = {
+            ...sealed,
+            authorPubkey: devEdPubHex,
+            authorSignature: getBase64().encode(sigBytes)
+          };
+        }
         const result = await this.client.push(
           this.pushPath,
           payload,
-          this.lastHash,
-          sig
+          this.lastHash
         );
         if (this.aborted) throw new AbortError();
         this.lastHash = result.hash;
@@ -790,15 +838,14 @@ function useSyncInit(config) {
     }
     const client = new StarfishClient({
       baseUrl: config.serverUrl,
-      auth: config.auth,
+      capProvider: config.capProvider,
       fetch: config.fetch
     });
     const syncManager = new SyncManager({
       client,
       pullPath: config.pullPath,
       pushPath: config.pushPath,
-      encryptionSecret: config.encryptionSecret,
-      encryptionSalt: config.encryptionSalt,
+      encryptor: config.encryptor,
       onConflict: config.onConflict,
       logger: config.logger,
       validate: config.validate
@@ -829,8 +876,7 @@ function useSyncInit(config) {
     config?.serverUrl,
     config?.pullPath,
     config?.pushPath,
-    config?.encryptionSecret,
-    config?.encryptionSalt,
+    config?.encryptor,
     config?.storeName
   ]);
   return store;