@drakkar.software/starfish-client 3.0.0-alpha.0 → 3.0.0-alpha.10

package/dist/index.d.ts

@@ -5,9 +5,11 @@ export { buildRevocationList, revocationListCanonicalSigningInput } from "@drakk
 export type { RevocationList, RevocationEntry, RevokedSubject, BuildRevocationListOpts, } from "@drakkar.software/starfish-protocol";
 export type { PullResult, PushSuccess, PullKeyringProjection } from "@drakkar.software/starfish-protocol";
 export { StarfishClient } from "./client.js";
-export type { BlobPullResult, BlobPushResult, AppendPullOptions, PullOptions } from "./client.js";
+export type { BlobPullResult, BlobPushResult, AppendPullOptions, PullOptions, BatchPullOptions, BatchPullResult, BatchPullEntry, } from "./client.js";
 export { SyncManager, AbortError } from "./sync.js";
 export type { SyncManagerOptions, SyncSigner } from "./sync.js";
+export { AppendLogCursor, AppendAuthorError, checkpointOf } from "./append-log.js";
+export type { AppendLogCursorOptions, AppendElement, AuthorVerifier, ElementErrorPolicy } from "./append-log.js";
 export { ENCRYPTED_KEY } from "@drakkar.software/starfish-protocol";
 export type { Encryptor } from "@drakkar.software/starfish-protocol";
 export { ConflictError, StarfishHttpError, } from "./types.js";
@@ -40,8 +42,8 @@ export type { ServiceWorkerOptions } from "./service-worker.js";
 export { createSuspenseResource } from "./bindings/suspense.js";
 export { createDebouncedSync, createDebouncedPush } from "./debounced-sync.js";
 export type { DebouncedSyncOptions, DebouncedSync, DebouncedPushOptions, DebouncedPush } from "./debounced-sync.js";
-export { createMobileLifecycle } from "./mobile-lifecycle.js";
-export type { AppStateModule, NetInfoModule, MobileLifecycleDeps, MobileLifecycleOptions } from "./mobile-lifecycle.js";
+export { createMobileLifecycle, createAppendLogMobileLifecycle } from "./mobile-lifecycle.js";
+export type { AppStateModule, NetInfoModule, MobileLifecycleDeps, MobileLifecycleOptions, AppendLogLifecycleOptions } from "./mobile-lifecycle.js";
 export { createMultiStoreSync } from "./multi-store.js";
 export type { StoreSlice, BackupDocument, MultiStoreMigrationFn, MultiStoreSyncOptions, MultiStoreSync, } from "./multi-store.js";
 export type { AppendOnlyClientInfo } from "./config.js";

package/dist/index.js

@@ -1,10 +1,26 @@
 // src/index.ts
 import { configurePlatform } from "@drakkar.software/starfish-protocol";
-import { stableStringify as stableStringify3, computeHash } from "@drakkar.software/starfish-protocol";
+import { stableStringify as stableStringify2, computeHash } from "@drakkar.software/starfish-protocol";
 import { buildRevocationList, revocationListCanonicalSigningInput } from "@drakkar.software/starfish-protocol";
 
 // src/client.ts
 import {
+  AUTHOR_PUBKEY_FIELD,
+  AUTHOR_SIGNATURE_FIELD,
+  DATA_FIELD,
+  TS_FIELD,
+  BASE_HASH_FIELD,
+  PUSH_PATH_PREFIX,
+  HEADER_AUTHORIZATION,
+  HEADER_SIG,
+  HEADER_TS,
+  HEADER_NONCE,
+  HEADER_ALG,
+  HEADER_PUB,
+  HEADER_CONTENT_TYPE,
+  HEADER_ACCEPT,
+  DEFAULT_ALG,
+  signAppendAuthor,
   signRequest,
   stableStringify
 } from "@drakkar.software/starfish-protocol";
@@ -27,6 +43,9 @@ var StarfishHttpError = class extends Error {
 
 // src/client.ts
 var APPEND_DEFAULT_FIELD = "items";
+function stripPushPrefix(path) {
+  return path.startsWith(PUSH_PATH_PREFIX) ? path.slice(PUSH_PATH_PREFIX.length) : path;
+}
 function encodeCapAuth(cap) {
   const json = stableStringify(cap);
   if (typeof btoa === "function") {
@@ -38,6 +57,7 @@ function encodeCapAuth(cap) {
 }
 var StarfishClient = class {
   baseUrl;
+  namespace;
   capProvider;
   fetch;
   /**
@@ -47,6 +67,7 @@ var StarfishClient = class {
   plugins;
   constructor(options) {
     this.baseUrl = options.baseUrl.replace(/\/$/, "");
+    this.namespace = options.namespace || void 0;
     this.capProvider = options.capProvider;
     this.fetch = options.fetch ?? globalThis.fetch.bind(globalThis);
     this.plugins = options.plugins ? [...options.plugins] : [];
@@ -70,6 +91,20 @@ var StarfishClient = class {
       return "";
     }
   }
+  /**
+   * Rewrite a request path for the configured namespace. A no-op when no
+   * namespace is set; otherwise `/{action}/…` becomes `/v1/{namespace}/{action}/…`
+   * (the `/v1` protocol-version segment is part of the namespaced route, matching
+   * the Python client and the server's namespace mount).
+   *
+   * Applied to the path used for BOTH the signature and the URL so the canonical
+   * path the client signs equals the path the server reconstructs from the URL.
+   * Covers SDK-helper-built paths too — that's the point: a namespace-unaware
+   * helper passing `/push/spaces/x/_keyring` reaches `/v1/{ns}/push/spaces/x/_keyring`.
+   */
+  applyNamespace(path) {
+    return this.namespace ? `/v1/${this.namespace}${path}` : path;
+  }
   /**
    * Build auth headers for a request. When a `capProvider` is set, signs the
    * request with the device's Ed25519 private key and returns the v3 header
@@ -81,26 +116,57 @@ var StarfishClient = class {
    * The host bound into the signature is derived from `baseUrl` once per call.
    */
   async buildAuthHeaders(method, pathAndQuery, body) {
-    if (this.capProvider) {
-      const { cap, devEdPrivHex } = await this.capProvider.getCap();
-      const req = {
-        method,
-        pathAndQuery,
-        body,
-        host: this.signingHost()
-      };
-      const { sig, ts, nonce } = await signRequest(req, devEdPrivHex);
-      return {
-        Authorization: `Cap ${encodeCapAuth(cap)}`,
-        "X-Starfish-Sig": sig,
-        "X-Starfish-Ts": String(ts),
-        "X-Starfish-Nonce": nonce
-      };
-    }
-    return {};
+    if (!this.capProvider) return {};
+    const capCtx = await this.capProvider.getCap();
+    return this.capRequestHeaders(capCtx, method, pathAndQuery, body);
+  }
+  /**
+   * Build the request-signing headers from an ALREADY-fetched cap context. Split
+   * out of {@link buildAuthHeaders} so {@link append} can fetch the cap once and
+   * reuse it for BOTH the author signature (over the element data) and the
+   * request signature (over the body), without redeeming the cap twice — a
+   * second `getCap()` could rotate keys and break the `authorPubkey ===
+   * presenter` bind the server checks.
+   */
+  async capRequestHeaders(capCtx, method, pathAndQuery, body) {
+    const { cap, devEdPrivHex, pubHex, presenterAlg } = capCtx;
+    const req = {
+      method,
+      pathAndQuery,
+      body,
+      host: this.signingHost()
+    };
+    const signAlg = cap.kind === "audience" ? presenterAlg ?? DEFAULT_ALG : cap.subAlg ?? cap.issAlg;
+    const { alg, sig, ts, nonce } = await signRequest(req, devEdPrivHex, {
+      alg: signAlg
+    });
+    const headers = {
+      [HEADER_AUTHORIZATION]: `Cap ${encodeCapAuth(cap)}`,
+      [HEADER_SIG]: sig,
+      [HEADER_TS]: String(ts),
+      [HEADER_NONCE]: nonce,
+      [HEADER_ALG]: alg
+    };
+    if (pubHex !== void 0) headers[HEADER_PUB] = pubHex;
+    return headers;
+  }
+  /**
+   * Resolve the author public key to attach to a signed append: the redeemer's
+   * `pubHex` for an audience cap, else the cert subject `cap.sub` for a
+   * device/member cap. This is the SAME key that signs the request, so a server
+   * enforcing author proof can bind the stored element to its writer. Returns
+   * undefined only for a (malformed) cap with neither — the append then goes
+   * unsigned and a server requiring signatures rejects it.
+   */
+  appendAuthorKey(capCtx) {
+    const { cap, pubHex, presenterAlg } = capCtx;
+    const authorPubHex = pubHex ?? cap.sub;
+    if (authorPubHex === void 0) return null;
+    const signAlg = cap.kind === "audience" ? presenterAlg ?? DEFAULT_ALG : cap.subAlg ?? cap.issAlg;
+    return { authorPubHex, signAlg };
   }
   async pull(path, checkpointOrOptions) {
-    let pathAndQuery = path;
+    let pathAndQuery = this.applyNamespace(path);
     let appendField;
     if (typeof checkpointOrOptions === "number") {
       if (checkpointOrOptions) pathAndQuery += `?checkpoint=${checkpointOrOptions}`;
@@ -132,7 +198,7 @@ var StarfishClient = class {
     const authHeaders = await this.buildAuthHeaders("GET", pathAndQuery, void 0);
     const res = await this.fetch(url, {
       method: "GET",
-      headers: { Accept: "application/json", ...authHeaders }
+      headers: { [HEADER_ACCEPT]: "application/json", ...authHeaders }
     });
     if (!res.ok) {
       throw new StarfishHttpError(res.status, await res.text());
@@ -144,27 +210,62 @@ var StarfishClient = class {
     }
     return result;
   }
+  /**
+   * Pull several collections in one round-trip via `/batch/pull`. `collections`
+   * is the list of collection names; `opts.params` supplies path params per
+   * collection (serialized to a URL-encoded JSON `params` query). The server
+   * auto-fills the `{identity}` param from the authenticated caller, so per-user
+   * collections need no params. Returns a map of collection name → its pulled
+   * document or a per-collection `{ error }`. Honors the configured namespace.
+   *
+   * Note: not append/checkpoint-aware — for incremental append-only reads use
+   * `pull(path, { since })` (or `AppendLogCursor`) per collection.
+   */
+  async batchPull(collections, opts = {}) {
+    const search = new URLSearchParams();
+    search.set("collections", collections.join(","));
+    if (opts.params && Object.keys(opts.params).length > 0) {
+      search.set("params", JSON.stringify(opts.params));
+    }
+    const pathAndQuery = `${this.applyNamespace("/batch/pull")}?${search.toString()}`;
+    const url = `${this.baseUrl}${pathAndQuery}`;
+    const authHeaders = await this.buildAuthHeaders("GET", pathAndQuery, void 0);
+    const res = await this.fetch(url, {
+      method: "GET",
+      headers: { [HEADER_ACCEPT]: "application/json", ...authHeaders }
+    });
+    if (!res.ok) {
+      throw new StarfishHttpError(res.status, await res.text());
+    }
+    return await res.json();
+  }
   /**
    * Push synced data to the server.
    * @param path - The push endpoint path (e.g. "/push/users/abc/settings")
    * @param data - The full document data to push
    * @param baseHash - Hash of the document this push is based on (null for first push)
    *
-   * v3 author fields (`authorPubkey` + `authorSignature`) live inside `data`
-   * and are produced by `SyncManager` when a `signer` is configured.
+   * v3 author proof (`authorPubkey` + `authorSignature`) is passed via `author`
+   * (produced by `SyncManager` when a `signer` is configured) and sent as
+   * top-level body siblings of `data`, where the server verifies it.
    * @throws {ConflictError} if the server detects a hash mismatch (409)
    */
-  async push(path, data, baseHash) {
+  async push(path, data, baseHash, author) {
     const body = JSON.stringify({
-      data,
-      baseHash
+      [DATA_FIELD]: data,
+      [BASE_HASH_FIELD]: baseHash,
+      ...author && {
+        [AUTHOR_PUBKEY_FIELD]: author.authorPubkey,
+        [AUTHOR_SIGNATURE_FIELD]: author.authorSignature
+      }
     });
-    const authHeaders = await this.buildAuthHeaders("POST", path, body);
-    const res = await this.fetch(`${this.baseUrl}${path}`, {
+    const sendPath = this.applyNamespace(path);
+    const authHeaders = await this.buildAuthHeaders("POST", sendPath, body);
+    const res = await this.fetch(`${this.baseUrl}${sendPath}`, {
       method: "POST",
       headers: {
-        "Content-Type": "application/json",
-        Accept: "application/json",
+        [HEADER_CONTENT_TYPE]: "application/json",
+        [HEADER_ACCEPT]: "application/json",
         ...authHeaders
       },
       body
@@ -177,21 +278,77 @@ var StarfishClient = class {
     }
     return res.json();
   }
+  /**
+   * Append an element to an appendOnly (`by_timestamp`) collection.
+   *
+   * Unlike {@link push}, appendOnly writes carry no hash/conflict check — an
+   * authorized append is always accepted. Each element is stored server-side as
+   * `{ts, data}` and pulls can filter by `ts` via `since`/`checkpoint`.
+   *
+   * @param path - the push endpoint (e.g. "/push/events")
+   * @param data - the element payload. For a `delegated` collection, encrypt it
+   *   first (e.g. `createKeyringEncryptor(keyring, kem).encrypt(data)`); the
+   *   server stores it opaquely and never reads it.
+   * @param opts.ts - optional client-supplied element timestamp (ms). Must be a
+   *   non-negative integer strictly greater than the latest stored element's ts
+   *   (else the server responds 409). Omit to let the server assign one.
+   * @throws {StarfishHttpError} on a non-2xx response — e.g. 409
+   *   `{ error: "non_monotonic_timestamp" }` for a non-monotonic timestamp, or
+   *   `{ error: "append_limit_exceeded", limit }` if the collection's `maxItems`
+   *   cap is reached (partition by a path parameter for higher volume).
+   */
+  async append(path, data, opts = {}) {
+    const sendPath = this.applyNamespace(path);
+    const bodyObj = { [DATA_FIELD]: data };
+    if (opts.ts !== void 0) bodyObj[TS_FIELD] = opts.ts;
+    const capCtx = this.capProvider ? await this.capProvider.getCap() : null;
+    if (capCtx) {
+      const authorKey = this.appendAuthorKey(capCtx);
+      if (authorKey) {
+        const documentKey = stripPushPrefix(path);
+        const { authorPubkey, authorSignature } = signAppendAuthor(
+          documentKey,
+          data,
+          authorKey.authorPubHex,
+          capCtx.devEdPrivHex,
+          authorKey.signAlg
+        );
+        bodyObj[AUTHOR_PUBKEY_FIELD] = authorPubkey;
+        bodyObj[AUTHOR_SIGNATURE_FIELD] = authorSignature;
+      }
+    }
+    const body = JSON.stringify(bodyObj);
+    const authHeaders = capCtx ? await this.capRequestHeaders(capCtx, "POST", sendPath, body) : {};
+    const res = await this.fetch(`${this.baseUrl}${sendPath}`, {
+      method: "POST",
+      headers: {
+        [HEADER_CONTENT_TYPE]: "application/json",
+        [HEADER_ACCEPT]: "application/json",
+        ...authHeaders
+      },
+      body
+    });
+    if (!res.ok) {
+      throw new StarfishHttpError(res.status, await res.text());
+    }
+    return res.json();
+  }
   /**
    * Pull binary data from a blob collection.
    * Returns raw bytes with the content hash from the ETag header.
    */
   async pullBlob(path) {
-    const authHeaders = await this.buildAuthHeaders("GET", path, void 0);
-    const res = await this.fetch(`${this.baseUrl}${path}`, {
+    const sendPath = this.applyNamespace(path);
+    const authHeaders = await this.buildAuthHeaders("GET", sendPath, void 0);
+    const res = await this.fetch(`${this.baseUrl}${sendPath}`, {
       method: "GET",
-      headers: { Accept: "*/*", ...authHeaders }
+      headers: { [HEADER_ACCEPT]: "*/*", ...authHeaders }
     });
     if (!res.ok) {
       throw new StarfishHttpError(res.status, await res.text());
     }
     const etag = res.headers.get("ETag")?.replace(/"/g, "") ?? null;
-    const contentType = res.headers.get("Content-Type") ?? "application/octet-stream";
+    const contentType = res.headers.get(HEADER_CONTENT_TYPE) ?? "application/octet-stream";
     const data = await res.arrayBuffer();
     return { data, hash: etag, contentType };
   }
@@ -200,12 +357,13 @@ var StarfishClient = class {
    * Binary collections use last-write-wins (no conflict detection).
    */
   async pushBlob(path, data, contentType) {
-    const authHeaders = await this.buildAuthHeaders("POST", path, void 0);
-    const res = await this.fetch(`${this.baseUrl}${path}`, {
+    const sendPath = this.applyNamespace(path);
+    const authHeaders = await this.buildAuthHeaders("POST", sendPath, void 0);
+    const res = await this.fetch(`${this.baseUrl}${sendPath}`, {
       method: "POST",
       headers: {
-        "Content-Type": contentType,
-        Accept: "application/json",
+        [HEADER_CONTENT_TYPE]: contentType,
+        [HEADER_ACCEPT]: "application/json",
         ...authHeaders
       },
       body: data
@@ -218,7 +376,13 @@ var StarfishClient = class {
 };
 
 // src/sync.ts
-import { deepMerge, getBase64, stableStringify as stableStringify2 } from "@drakkar.software/starfish-protocol";
+import {
+  AUTHOR_PUBKEY_FIELD as AUTHOR_PUBKEY_FIELD2,
+  AUTHOR_SIGNATURE_FIELD as AUTHOR_SIGNATURE_FIELD2,
+  deepMerge,
+  docAuthorCanonicalInput,
+  getBase64
+} from "@drakkar.software/starfish-protocol";
 
 // src/validate.ts
 var ValidationError = class extends Error {
@@ -330,23 +494,24 @@ var SyncManager = class {
       try {
         const sealed = this.encryptor ? await this.encryptor.encrypt(pendingData) : pendingData;
         if (this.aborted) throw new AbortError();
-        let payload = sealed;
+        let author;
         if (this.signer) {
           const { devEdPubHex, sign } = await this.signer.getSigner();
           if (this.aborted) throw new AbortError();
-          const canonical = stableStringify2(sealed);
+          const documentKey = stripPushPrefix(this.pushPath);
+          const canonical = docAuthorCanonicalInput(documentKey, sealed);
           const sigBytes = await sign(new TextEncoder().encode(canonical));
           if (this.aborted) throw new AbortError();
-          payload = {
-            ...sealed,
-            authorPubkey: devEdPubHex,
-            authorSignature: getBase64().encode(sigBytes)
+          author = {
+            [AUTHOR_PUBKEY_FIELD2]: devEdPubHex,
+            [AUTHOR_SIGNATURE_FIELD2]: getBase64().encode(sigBytes)
           };
         }
         const result = await this.client.push(
           this.pushPath,
-          payload,
-          this.lastHash
+          sealed,
+          this.lastHash,
+          author
         );
         if (this.aborted) throw new AbortError();
         this.lastHash = result.hash;
@@ -388,6 +553,209 @@ var SyncManager = class {
   }
 };
 
+// src/append-log.ts
+import {
+  DEFAULT_ALG as DEFAULT_ALG2,
+  verifyAppendAuthor
+} from "@drakkar.software/starfish-protocol";
+var PULL_PATH_PREFIX = "/pull/";
+function stripPullPrefix(path) {
+  return path.startsWith(PULL_PATH_PREFIX) ? path.slice(PULL_PATH_PREFIX.length) : path;
+}
+var AppendAuthorError = class extends Error {
+  constructor(ts) {
+    super(`append element author verification failed (ts=${ts})`);
+    this.ts = ts;
+    this.name = "AppendAuthorError";
+  }
+};
+function checkpointOf(items) {
+  let max = 0;
+  for (const it of items) if (it.ts > max) max = it.ts;
+  return max;
+}
+function withAuthor(ts, data, src) {
+  const out = { ts, data };
+  if (src.authorPubkey !== void 0) out.authorPubkey = src.authorPubkey;
+  if (src.authorSignature !== void 0) out.authorSignature = src.authorSignature;
+  return out;
+}
+var AppendLogCursor = class {
+  client;
+  pullPath;
+  appendField;
+  encryptor;
+  verifyAuthor;
+  onElementError;
+  persistEncrypted;
+  documentKey;
+  logger;
+  loggerName;
+  items;
+  lastCheckpoint;
+  /** Tail of the serialized pull chain. Concurrent `pull()` calls queue behind
+   *  it so each runs against the checkpoint the previous one advanced — no two
+   *  overlapping fetches read the same checkpoint and double-append a window. */
+  pullChain = Promise.resolve();
+  constructor(options) {
+    this.client = options.client;
+    this.pullPath = options.pullPath;
+    this.appendField = options.appendField ?? "items";
+    this.encryptor = options.encryptor;
+    this.verifyAuthor = options.verifyAuthor;
+    this.onElementError = options.onElementError ?? "throw";
+    this.persistEncrypted = options.persistEncrypted ?? false;
+    this.documentKey = stripPullPrefix(options.pullPath);
+    this.logger = options.logger;
+    this.loggerName = options.loggerName ?? options.pullPath.split("/").filter(Boolean).pop() ?? options.pullPath;
+    const seed = options.initialItems ?? [];
+    const seedCheckpoint = checkpointOf(seed);
+    if (options.since != null) {
+      if (options.since < 0) throw new Error("since must be non-negative");
+      if (options.since < seedCheckpoint) {
+        throw new Error("since must be >= the max ts of initialItems");
+      }
+      this.lastCheckpoint = options.since;
+    } else {
+      this.lastCheckpoint = seedCheckpoint;
+    }
+    this.items = [...seed];
+  }
+  /**
+   * Fetch elements newer than the current checkpoint, verify + decrypt them,
+   * append them to the local log, and return ONLY the newly-fetched batch
+   * (decrypted when an `encryptor` is set).
+   *
+   * Atomic under `onElementError: "throw"` (the default): the batch is fully
+   * verified and decrypted into a local before any state mutation, so a
+   * verify/decrypt failure throws without advancing the checkpoint past elements
+   * that could never be re-fetched. Under `"skip"`, a failing element is dropped
+   * from the returned batch but the checkpoint still advances past it.
+   *
+   * Safe to call concurrently: overlapping calls are serialized internally, so
+   * each runs against the checkpoint the previous one advanced (no double-fetch
+   * of the same window). The next pull after one completes will pick up anything
+   * that arrived in between.
+   */
+  async pull() {
+    const run = this.pullChain.then(
+      () => this.doPull(),
+      () => this.doPull()
+    );
+    this.pullChain = run.then(
+      () => void 0,
+      () => void 0
+    );
+    return run;
+  }
+  async doPull() {
+    this.logger?.pullStart(this.loggerName);
+    const start = performance.now();
+    try {
+      const since = this.lastCheckpoint;
+      const opts = since > 0 ? { appendField: this.appendField, since } : { appendField: this.appendField };
+      const raw = await this.client.pull(this.pullPath, opts);
+      const batch = [];
+      const stored = [];
+      let maxTs = since;
+      let skipped = 0;
+      for (const el of raw) {
+        if (since > 0 && el.ts <= since) continue;
+        if (el.ts > maxTs) maxTs = el.ts;
+        let decrypted = null;
+        try {
+          this.verifyOne(el);
+          const data = this.encryptor ? await this.encryptor.decrypt(el.data) : el.data;
+          decrypted = withAuthor(el.ts, data, el);
+        } catch (err) {
+          if (this.onElementError !== "skip") throw err;
+          skipped++;
+        }
+        if (this.persistEncrypted) {
+          stored.push(withAuthor(el.ts, el.data, el));
+        } else if (decrypted) {
+          stored.push(decrypted);
+        }
+        if (decrypted) batch.push(decrypted);
+      }
+      this.items.push(...stored);
+      this.lastCheckpoint = maxTs;
+      this.logger?.pullSuccess(
+        this.loggerName,
+        Math.round(performance.now() - start),
+        skipped > 0 ? { skippedCount: skipped } : void 0
+      );
+      return batch;
+    } catch (err) {
+      this.logger?.pullError(this.loggerName, err instanceof Error ? err.message : String(err));
+      throw err;
+    }
+  }
+  /** Verify a single element's author signature over its RAW (pre-decryption)
+   *  `data`. Throws {@link AppendAuthorError} on any failure. No-op when
+   *  verification is disabled. */
+  verifyOne(el) {
+    if (!this.verifyAuthor) return;
+    const policy = typeof this.verifyAuthor === "object" ? this.verifyAuthor : {};
+    const { authorPubkey, authorSignature } = el;
+    if (!authorPubkey || !authorSignature) throw new AppendAuthorError(el.ts);
+    if (policy.expectedAuthorPubkey && authorPubkey.toLowerCase() !== policy.expectedAuthorPubkey.toLowerCase()) {
+      throw new AppendAuthorError(el.ts);
+    }
+    const ok = verifyAppendAuthor(
+      this.documentKey,
+      el.data,
+      authorPubkey,
+      authorSignature,
+      policy.alg ?? DEFAULT_ALG2
+    );
+    if (!ok) throw new AppendAuthorError(el.ts);
+  }
+  /** The full accumulated log (a shallow copy), in `ts` order. Under
+   *  `persistEncrypted` these carry CIPHERTEXT `data` (persist them as-is, then
+   *  re-seed via `initialItems`); otherwise they carry decrypted/plaintext data. */
+  getItems() {
+    return [...this.items];
+  }
+  /**
+   * The full accumulated log, DECRYPTED — for rendering warm-started history in
+   * `persistEncrypted` mode (where {@link getItems} holds ciphertext). Honors
+   * `onElementError` (a `"skip"` cursor drops elements it cannot read). When the
+   * cursor has no `encryptor`, or is not in `persistEncrypted` mode, the held
+   * elements are already plaintext/decrypted and are returned as-is.
+   */
+  async getDecryptedItems() {
+    const snapshot = [...this.items];
+    if (!this.encryptor || !this.persistEncrypted) return snapshot;
+    const out = [];
+    for (const el of snapshot) {
+      try {
+        this.verifyOne(el);
+        const data = await this.encryptor.decrypt(el.data);
+        out.push(withAuthor(el.ts, data, el));
+      } catch (err) {
+        if (this.onElementError !== "skip") throw err;
+      }
+    }
+    return out;
+  }
+  /** The current checkpoint: the max `ts` held (the next pull's `since`). `0`
+   *  when nothing has been pulled or seeded. */
+  getCheckpoint() {
+    return this.lastCheckpoint;
+  }
+  /** Restore the checkpoint without seeding items — for persistence layers that
+   *  store only the checkpoint. Used to resume incrementally across restarts.
+   *  Rejects a value below the max `ts` already held: rewinding would make the
+   *  next pull re-deliver, and duplicate, elements the cursor already has. */
+  setCheckpoint(ts) {
+    if (ts < checkpointOf(this.items)) {
+      throw new Error("checkpoint must be >= the max ts already held");
+    }
+    this.lastCheckpoint = ts;
+  }
+};
+
 // src/index.ts
 import { ENCRYPTED_KEY } from "@drakkar.software/starfish-protocol";
 
@@ -1173,6 +1541,29 @@ function createMobileLifecycle(store, deps, options = {}) {
     netUnsub?.();
   };
 }
+function createAppendLogMobileLifecycle(store, deps, options = {}) {
+  const { pullOnForeground = true } = options;
+  const appSub = deps.appState.addEventListener("change", (appState) => {
+    if (appState === "active" && pullOnForeground) {
+      const { online, loading } = store.getState();
+      if (online && !loading) {
+        store.getState().pull().catch((err) => {
+          console.error("[Starfish] foreground log pull failed:", err);
+        });
+      }
+    }
+  });
+  let netUnsub = null;
+  if (deps.netInfo) {
+    netUnsub = deps.netInfo.addEventListener(({ isConnected }) => {
+      store.getState().setOnline(!!isConnected);
+    });
+  }
+  return () => {
+    appSub.remove();
+    netUnsub?.();
+  };
+}
 
 // src/multi-store.ts
 function createMultiStoreSync(options) {
@@ -1225,6 +1616,8 @@ function createMultiStoreSync(options) {
 }
 export {
   AbortError,
+  AppendAuthorError,
+  AppendLogCursor,
   ConflictError,
   ENCRYPTED_KEY,
   SnapshotHistory,
@@ -1233,10 +1626,12 @@ export {
   SyncManager,
   ValidationError,
   buildRevocationList,
+  checkpointOf,
   classifyError,
   computeHash,
   configurePlatform,
   consoleSyncLogger,
+  createAppendLogMobileLifecycle,
   createDebouncedPush,
   createDebouncedSync,
   createDedupFetch,
@@ -1260,7 +1655,7 @@ export {
   registerBackgroundSync,
   registerServiceWorker,
   revocationListCanonicalSigningInput,
-  stableStringify3 as stableStringify,
+  stableStringify2 as stableStringify,
   startAdaptivePolling,
   startPolling,
   timestampWinner,