@enbox/auth 0.4.0 → 0.6.0

package/dist/types/auth-manager.d.ts

@@ -5,11 +5,10 @@
  * multi-identity-aware auth system that works in both browser and CLI environments.
  * @module
  */
+import type { HdIdentityVault, PortableIdentity } from '@enbox/agent';
+import type { AuthEvent, AuthEventHandler, AuthManagerOptions, AuthState, DisconnectOptions, HeadlessConnectOptions, IdentityInfo, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, RestoreSessionOptions, ShutdownOptions, WalletConnectOptions } from './types.js';
 import { EnboxUserAgent } from '@enbox/agent';
-import type { PortableIdentity } from '@enbox/agent';
 import { AuthSession } from './identity-session.js';
-import { VaultManager } from './vault/vault-manager.js';
-import type { AuthEvent, AuthEventHandler, AuthManagerOptions, AuthState, DisconnectOptions, IdentityInfo, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, RestoreSessionOptions, WalletConnectOptions } from './types.js';
 /**
  * The primary entry point for authentication and identity management.
  *
@@ -47,14 +46,22 @@ export declare class AuthManager {
     private _userAgent;
     private _emitter;
     private _storage;
-    private _vault;
     private _session;
     private _state;
     private _isConnecting;
+    private _isShutDown;
     private _defaultPassword?;
+    private _passwordProvider?;
     private _defaultSync?;
     private _defaultDwnEndpoints?;
     private _registration?;
+    /**
+     * The local DWN server endpoint discovered during `create()`, if any.
+     * `undefined` means no local server was found. This is set before any
+     * event listeners are attached, so consumers should check this property
+     * after `create()` returns rather than relying solely on events.
+     */
+    private _localDwnEndpoint?;
     private constructor();
     /**
      * Create a new AuthManager instance.
@@ -79,7 +86,7 @@ export declare class AuthManager {
      */
     connect(options?: LocalConnectOptions): Promise<AuthSession>;
     /**
-     * Connect to an external wallet via the OIDC/QR relay protocol.
+     * Connect to an external wallet via the Enbox Connect relay protocol.
      *
      * This runs the full WalletConnect flow: generates a URI for QR display,
      * validates the PIN, imports the delegated DID, and processes grants.
@@ -110,6 +117,30 @@ export declare class AuthManager {
      * This replaces the manual `previouslyConnected` localStorage pattern.
      */
     restoreSession(options?: RestoreSessionOptions): Promise<AuthSession | undefined>;
+    /**
+     * Lightweight vault unlock for one-shot utilities and subprocesses.
+     *
+     * Unlocks the vault and retrieves the active (or first available)
+     * identity **without** starting sync, DWN registration, or persisting
+     * session markers. This is the recommended replacement for calling
+     * `agent.start({ password })` directly.
+     *
+     * Typical use cases:
+     * - Git credential helpers that need to sign a token and exit
+     * - CLI utilities that perform a single operation
+     * - Any subprocess that shares a data directory with a long-running daemon
+     *
+     * @param options - Optional password override.
+     * @returns An active AuthSession (with sync disabled).
+     *
+     * @example
+     * ```ts
+     * const session = await auth.connectHeadless({ password });
+     * const did = session.did; // ready to use
+     * await auth.shutdown();   // clean exit
+     * ```
+     */
+    connectHeadless(options?: HeadlessConnectOptions): Promise<AuthSession>;
     /** The current active session, or `undefined` if not connected. */
     get session(): AuthSession | undefined;
     /**
@@ -137,6 +168,30 @@ export declare class AuthManager {
      * @param options.timeout - Milliseconds to wait for sync to complete.
      */
     disconnect(options?: DisconnectOptions): Promise<void>;
+    /**
+     * Gracefully shut down the auth manager, releasing all resources.
+     *
+     * This goes beyond {@link disconnect} or {@link lock}: it stops sync,
+     * clears the active session, locks the vault, and **closes** the
+     * underlying storage handles (e.g. LevelDB) so the process can exit
+     * without dangling timers or open file descriptors.
+     *
+     * After calling `shutdown()`, the `AuthManager` instance should not be
+     * reused — create a new one via {@link AuthManager.create} if needed.
+     *
+     * Idempotent: calling `shutdown()` more than once is safe.
+     *
+     * @param options - Optional shutdown configuration.
+     * @param options.timeout - Milliseconds to wait for sync to stop. Default: `2000`.
+     *
+     * @example
+     * ```ts
+     * const session = await auth.connectHeadless({ password });
+     * // ... perform work ...
+     * await auth.shutdown(); // clean exit, no process.exit() needed
+     * ```
+     */
+    shutdown(options?: ShutdownOptions): Promise<void>;
     /**
      * List all stored identities.
      *
@@ -166,8 +221,8 @@ export declare class AuthManager {
      * to another device.
      */
     exportIdentity(didUri: string): Promise<PortableIdentity>;
-    /** Access the vault manager for lock/unlock/backup operations. */
-    get vault(): VaultManager;
+    /** Access the underlying identity vault for lock/unlock/backup operations. */
+    get vault(): HdIdentityVault;
     /**
      * Subscribe to an auth lifecycle event.
      *
@@ -186,6 +241,30 @@ export declare class AuthManager {
     get isConnecting(): boolean;
     /** The underlying EnboxUserAgent (for advanced usage). */
     get agent(): EnboxUserAgent;
+    /**
+     * The local DWN server endpoint discovered during `create()`, if any.
+     *
+     * When set, the agent is operating in remote mode (no in-process DWN).
+     * This property is available immediately after `create()` returns,
+     * before any event listeners are attached.
+     */
+    get localDwnEndpoint(): string | undefined;
+    /**
+     * Build a `FlowContext` from the manager's current state.
+     *
+     * Replaces the 5 manual inline context constructions that were
+     * previously duplicated across `connect()`, `walletConnect()`,
+     * `importFromPhrase()`, `importFromPortable()`, and `restoreSession()`.
+     */
+    private _flowContext;
+    /**
+     * Template for connection flows that follow the guard → try/finally → setState pattern.
+     *
+     * Consolidates the duplicated concurrency guard, `_isConnecting` flag management,
+     * session assignment, and state transition across `connect()`, `walletConnect()`,
+     * `importFromPhrase()`, and `importFromPortable()`.
+     */
+    private _withConnect;
     private _setState;
     private _guardConcurrency;
 }

package/dist/types/auth-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,KAAK,EAAkB,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,YAAY,EACZ,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EAEnB,qBAAqB,EAGrB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAGpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,UAAU,CAAiB;IACnC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,aAAa,CAAS;IAG9B,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAClC,OAAO,CAAC,YAAY,CAAC,CAAa;IAClC,OAAO,CAAC,oBAAoB,CAAC,CAAW;IACxC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAE5C,OAAO;IAoBP;;;;;;;;;OASG;WACU,MAAM,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAoC3E;;;;;;;;;OASG;IACG,OAAO,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC;IA0BlE;;;;;;;;;;OAUG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;IAiCxE;;;;;OAKG;IACG,gBAAgB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAyB9E;;;;OAIG;IACG,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,WAAW,CAAC;IAyBlF;;;;;OAKG;IACG,cAAc,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IA4BvF,mEAAmE;IACnE,IAAI,OAAO,IAAI,WAAW,GAAG,SAAS,CAErC;IAED;;;;;;;;;;;;OAYG;IACG,IAAI,CAAC,OAAO,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAwB7D;;;;;;;OAOG;IACG,UAAU,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAkDhE;;;;;OAKG;IACG,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAS/C;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IA2D1D;;;;;;OAMG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BnD;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM/D,kEAAkE;IAClE,IAAI,KAAK,IAAI,YAAY,CAExB;IAID;;;;;;OAMG;IACH,EAAE,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI;IAM3E,8BAA8B;IAC9B,IAAI,KAAK,IAAI,SAAS,CAErB;IAED,wCAAwC;IACxC,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED,6CAA6C;IAC7C,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,mDAAmD;IACnD,IAAI,YAAY,IAAI,OAAO,CAE1B;IAED,0DAA0D;IAC1D,IAAI,KAAK,IAAI,cAAc,CAE1B;IAID,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,iBAAiB;CAQ1B"}
+{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../src/auth-manager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAkB,eAAe,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAItF,OAAO,KAAK,EACV,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,sBAAsB,EACtB,YAAY,EACZ,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EAEnB,qBAAqB,EACrB,eAAe,EAGf,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAG9C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAUpD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,UAAU,CAAiB;IACnC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,aAAa,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAS;IAG5B,OAAO,CAAC,gBAAgB,CAAC,CAAS;IAClC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAC7C,OAAO,CAAC,YAAY,CAAC,CAAa;IAClC,OAAO,CAAC,oBAAoB,CAAC,CAAW;IACxC,OAAO,CAAC,aAAa,CAAC,CAAsB;IAE5C;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB,CAAC,CAAS;IAEnC,OAAO;IAsBP;;;;;;;;;OASG;WACU,MAAM,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAmD3E;;;;;;;;;OASG;IACG,OAAO,CAAC,OAAO,CAAC,EAAE,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIlE;;;;;;;;;;OAUG;IACG,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIxE;;;;;OAKG;IACG,gBAAgB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAI9E;;;;OAIG;IACG,kBAAkB,CAAC,OAAO,EAAE,yBAAyB,GAAG,OAAO,CAAC,WAAW,CAAC;IAIlF;;;;;OAKG;IACG,cAAc,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAiBvF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,WAAW,CAAC;IA8D7E,mEAAmE;IACnE,IAAI,OAAO,IAAI,WAAW,GAAG,SAAS,CAErC;IAED;;;;;;;;;;;;OAYG;IACG,IAAI,CAAC,OAAO,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB7D;;;;;;;OAOG;IACG,UAAU,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IA8ChE;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,QAAQ,CAAC,OAAO,GAAE,eAAoB,GAAG,OAAO,CAAC,IAAI,CAAC;IAsD5D;;;;;OAKG;IACG,cAAc,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAS/C;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAuD1D;;;;;;OAMG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BnD;;;;;OAKG;IACG,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAM/D,8EAA8E;IAC9E,IAAI,KAAK,IAAI,eAAe,CAE3B;IAID;;;;;;OAMG;IACH,EAAE,CAAC,CAAC,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI;IAM3E,8BAA8B;IAC9B,IAAI,KAAK,IAAI,SAAS,CAErB;IAED,wCAAwC;IACxC,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED,6CAA6C;IAC7C,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,mDAAmD;IACnD,IAAI,YAAY,IAAI,OAAO,CAE1B;IAED,0DAA0D;IAC1D,IAAI,KAAK,IAAI,cAAc,CAE1B;IAED;;;;;;OAMG;IACH,IAAI,gBAAgB,IAAI,MAAM,GAAG,SAAS,CAEzC;IAID;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;IAapB;;;;;;OAMG;YACW,YAAY;IAc1B,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,iBAAiB;CAQ1B"}

package/dist/types/connect/import.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Identity import flows.
+ *
+ * - Import from BIP-39 recovery phrase (re-derive vault + identity).
+ * - Import from PortableIdentity JSON.
+ * @module
+ */
+import type { AuthSession } from '../identity-session.js';
+import type { FlowContext } from './lifecycle.js';
+import type { ImportFromPhraseOptions, ImportFromPortableOptions } from '../types.js';
+/**
+ * Import (or recover) an identity from a BIP-39 recovery phrase.
+ *
+ * This re-initializes the vault with the given phrase and password,
+ * recovering the agent DID and all derived keys.
+ */
+export declare function importFromPhrase(ctx: FlowContext, options: ImportFromPhraseOptions): Promise<AuthSession>;
+/**
+ * Import an identity from a PortableIdentity JSON object.
+ *
+ * The portable identity contains the DID's private keys and metadata,
+ * allowing it to be used on this device.
+ */
+export declare function importFromPortable(ctx: FlowContext, options: ImportFromPortableOptions): Promise<AuthSession>;
+//# sourceMappingURL=import.d.ts.map

package/dist/types/connect/import.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../../src/connect/import.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAMtF;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC,CAiEtB;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,WAAW,CAAC,CA8CtB"}

package/dist/types/connect/lifecycle.d.ts

@@ -0,0 +1,152 @@
+/**
+ * Shared helpers for connect flows.
+ *
+ * Consolidates duplicated logic across `local-connect`, `session-restore`,
+ * `wallet-connect`, and `import-identity` flows:
+ *
+ * - Password resolution chain
+ * - Vault init/start lifecycle
+ * - Sync mode/interval calculation and startup
+ * - `connectedDid` / `delegateDid` derivation from identity metadata
+ * - Session finalization (storage persistence + AuthSession construction + events)
+ *
+ * @module
+ * @internal
+ */
+import type { BearerIdentity, EnboxUserAgent } from '@enbox/agent';
+import type { AuthEventEmitter } from '../events.js';
+import type { PasswordProvider } from '../password-provider.js';
+import type { RegistrationOptions, StorageAdapter, SyncOption } from '../types.js';
+import { AuthSession } from '../identity-session.js';
+/**
+ * Unified context passed from `AuthManager` to every connect flow.
+ *
+ * Replaces the per-flow `LocalConnectContext`, `SessionRestoreContext`,
+ * `WalletConnectContext`, and `ImportContext` interfaces. All fields are
+ * optional beyond the core triple (`userAgent`, `emitter`, `storage`) so
+ * flows only consume what they need.
+ *
+ * @internal
+ */
+export interface FlowContext {
+    userAgent: EnboxUserAgent;
+    emitter: AuthEventEmitter;
+    storage: StorageAdapter;
+    defaultPassword?: string;
+    passwordProvider?: PasswordProvider;
+    defaultSync?: SyncOption;
+    defaultDwnEndpoints?: string[];
+    registration?: RegistrationOptions;
+}
+/**
+ * Resolve a password through the standard chain:
+ * explicit option → manager default → provider → insecure fallback.
+ *
+ * Emits a console warning when the insecure default is used.
+ *
+ * @param ctx          - The flow context (provides `defaultPassword` and `passwordProvider`).
+ * @param explicit     - An explicit password from the caller (highest priority).
+ * @param isFirstLaunch - Whether the vault has never been initialized.
+ * @returns The resolved password string.
+ *
+ * @internal
+ */
+export declare function resolvePassword(ctx: Pick<FlowContext, 'defaultPassword' | 'passwordProvider'>, explicit: string | undefined, isFirstLaunch: boolean): Promise<string>;
+/**
+ * Initialize (on first launch) and start the agent, then emit `vault-unlocked`.
+ *
+ * This consolidates the 5 copies of:
+ * ```ts
+ * if (isFirstLaunch) { await userAgent.initialize({ password, ... }); }
+ * await userAgent.start({ password });
+ * emitter.emit('vault-unlocked', {});
+ * ```
+ *
+ * @returns The recovery phrase if the vault was just initialized, otherwise `undefined`.
+ *
+ * @internal
+ */
+export declare function ensureVaultReady(params: {
+    userAgent: EnboxUserAgent;
+    emitter: AuthEventEmitter;
+    password: string;
+    isFirstLaunch: boolean;
+    recoveryPhrase?: string;
+    dwnEndpoints?: string[];
+}): Promise<string | undefined>;
+/**
+ * Start DWN synchronisation if `sync` is not `'off'`.
+ *
+ * Consolidates 6 copies of:
+ * ```ts
+ * const syncMode = sync === undefined ? 'live' : 'poll';
+ * const syncInterval = sync ?? (syncMode === 'live' ? '5m' : '2m');
+ * userAgent.sync.startSync({ mode: syncMode, interval: syncInterval })
+ *   .catch((err) => console.error('[@enbox/auth] Sync failed:', err));
+ * ```
+ *
+ * @internal
+ */
+export declare function startSyncIfEnabled(userAgent: EnboxUserAgent, sync: SyncOption | undefined): void;
+/**
+ * Create a new `did:dht` identity with Ed25519 signing and X25519
+ * encryption keys, and a DWN service endpoint.
+ *
+ * This consolidates the identical identity creation block that was
+ * duplicated in `localConnect` and `importFromPhrase`.
+ *
+ * @internal
+ */
+export declare function createDefaultIdentity(userAgent: EnboxUserAgent, dwnEndpoints?: string[], name?: string): Promise<BearerIdentity>;
+/**
+ * Derive `connectedDid` and `delegateDid` from identity metadata.
+ *
+ * For a **local** identity: `connectedDid` is the identity's own DID URI
+ * and `delegateDid` is `undefined`.
+ *
+ * For a **wallet-connected** identity: `connectedDid` is the external wallet
+ * DID, and `delegateDid` is the local identity's DID URI.
+ *
+ * @param identity            - The bearer identity to extract DIDs from.
+ * @param storedDelegateDid   - Optional fallback delegate DID from storage,
+ *   used by session-restore when the identity metadata doesn't include a
+ *   `connectedDid` but a delegate DID was persisted in a prior session.
+ *
+ * @internal
+ */
+export declare function resolveIdentityDids(identity: BearerIdentity, storedDelegateDid?: string): {
+    connectedDid: string;
+    delegateDid: string | undefined;
+};
+/**
+ * Persist session markers, build an `AuthSession`, and emit lifecycle events.
+ *
+ * Consolidates 5 copies of:
+ * ```ts
+ * await storage.set(STORAGE_KEYS.PREVIOUSLY_CONNECTED, 'true');
+ * await storage.set(STORAGE_KEYS.ACTIVE_IDENTITY, connectedDid);
+ * const session = new AuthSession({ ... });
+ * emitter.emit('identity-added', { identity: identityInfo });
+ * emitter.emit('session-start', { session: { ... } });
+ * ```
+ *
+ * @param params.emitIdentityAdded - Whether to emit `identity-added`. Defaults to `true`.
+ *   Set to `false` for session-restore (identity was already added in the original flow).
+ * @param params.extraStorageKeys  - Additional key-value pairs to persist (e.g. delegate/connected DIDs
+ *   for wallet-connect flows).
+ *
+ * @internal
+ */
+export declare function finalizeSession(params: {
+    userAgent: EnboxUserAgent;
+    emitter: AuthEventEmitter;
+    storage: StorageAdapter;
+    connectedDid: string;
+    delegateDid?: string;
+    recoveryPhrase?: string;
+    identityName: string;
+    identityConnectedDid?: string;
+    emitIdentityAdded?: boolean;
+    extraStorageKeys?: Record<string, string>;
+}): Promise<AuthSession>;
+//# sourceMappingURL=lifecycle.d.ts.map

package/dist/types/connect/lifecycle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lifecycle.d.ts","sourceRoot":"","sources":["../../../src/connect/lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAEnE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACrD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAgB,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEjG,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAKrD;;;;;;;;;GASG;AACH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,IAAI,CAAC,WAAW,EAAE,iBAAiB,GAAG,kBAAkB,CAAC,EAC9D,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE;IAC7C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgB9B;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,cAAc,EACzB,IAAI,EAAE,UAAU,GAAG,SAAS,GAC3B,IAAI,CAYN;AAID;;;;;;;;GAQG;AACH,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,cAAc,EACzB,YAAY,GAAE,MAAM,EAA0B,EAC9C,IAAI,SAAY,GACf,OAAO,CAAC,cAAc,CAAC,CA0BzB;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,cAAc,EACxB,iBAAiB,CAAC,EAAE,MAAM,GACzB;IACD,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC,CAMA;AAID;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,eAAe,CAAC,MAAM,EAAE;IAC5C,SAAS,EAAE,cAAc,CAAC;IAC1B,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C,GAAG,OAAO,CAAC,WAAW,CAAC,CA+CvB"}

package/dist/types/connect/local.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Local DID connect flow.
+ *
+ * Creates or reconnects a local identity with vault-protected keys.
+ * This replaces the "Mode D/E" paths in Enbox.connect().
+ * @module
+ */
+import type { AuthSession } from '../identity-session.js';
+import type { FlowContext } from './lifecycle.js';
+import type { LocalConnectOptions } from '../types.js';
+/**
+ * Execute the local connect flow.
+ *
+ * - On first launch: initializes the vault, creates a new DID, returns recovery phrase.
+ * - On subsequent launches: unlocks the vault and reconnects to the existing identity.
+ */
+export declare function localConnect(ctx: FlowContext, options?: LocalConnectOptions): Promise<AuthSession>;
+//# sourceMappingURL=local.d.ts.map

package/dist/types/connect/local.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../../src/connect/local.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAOvD;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,WAAW,CAAC,CA0EtB"}

package/dist/types/connect/restore.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Session restore flow.
+ *
+ * Restores a previously established session from persisted storage,
+ * replacing the "previouslyConnected" pattern in apps.
+ * @module
+ */
+import type { AuthSession } from '../identity-session.js';
+import type { FlowContext } from './lifecycle.js';
+import type { RestoreSessionOptions } from '../types.js';
+/**
+ * Attempt to restore a previous session.
+ *
+ * Returns `undefined` if no previous session exists.
+ * Returns an `AuthSession` if the session was successfully restored.
+ */
+export declare function restoreSession(ctx: FlowContext, options?: RestoreSessionOptions): Promise<AuthSession | undefined>;
+//# sourceMappingURL=restore.d.ts.map

package/dist/types/connect/restore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"restore.d.ts","sourceRoot":"","sources":["../../../src/connect/restore.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAMzD;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,WAAW,EAChB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CA2FlC"}

package/dist/types/{flows/wallet-connect.d.ts → connect/wallet.d.ts}

@@ -1,24 +1,15 @@
 /**
- * Wallet connect (OIDC/QR) flow.
+ * Wallet connect (Enbox Connect relay) flow.
  *
- * Connects to an external wallet via the WalletConnect relay protocol,
+ * Connects to an external wallet via the Enbox Connect relay protocol,
  * importing a delegated DID with permission grants.
  * This replaces the "Mode B/C" paths in Enbox.connect().
  * @module
  */
 import type { DwnDataEncodedRecordsWriteMessage, EnboxUserAgent } from '@enbox/agent';
-import type { AuthEventEmitter } from '../events.js';
-import { AuthSession } from '../identity-session.js';
-import type { RegistrationOptions, StorageAdapter, SyncOption, WalletConnectOptions } from '../types.js';
-/** @internal */
-export interface WalletConnectContext {
-    userAgent: EnboxUserAgent;
-    emitter: AuthEventEmitter;
-    storage: StorageAdapter;
-    defaultSync?: SyncOption;
-    defaultDwnEndpoints?: string[];
-    registration?: RegistrationOptions;
-}
+import type { AuthSession } from '../identity-session.js';
+import type { FlowContext } from './lifecycle.js';
+import type { WalletConnectOptions } from '../types.js';
 /**
  * Process connected grants by storing them in the local DWN as the owner.
  *
@@ -40,5 +31,5 @@ export declare function processConnectedGrants(params: {
  * 2. Imports the delegate DID and processes grants.
  * 3. Sets up sync and returns an AuthSession.
  */
-export declare function walletConnect(ctx: WalletConnectContext, options: WalletConnectOptions): Promise<AuthSession>;
-//# sourceMappingURL=wallet-connect.d.ts.map
+export declare function walletConnect(ctx: FlowContext, options: WalletConnectOptions): Promise<AuthSession>;
+//# sourceMappingURL=wallet.d.ts.map

package/dist/types/connect/wallet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../../src/connect/wallet.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,iCAAiC,EAAyD,cAAc,EAAE,MAAM,cAAc,CAAC;AAE7I,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AASxD;;;;;;;;GAQG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,KAAK,EAAE,cAAc,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,iCAAiC,EAAE,CAAC;CAC7C,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAmCpB;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,WAAW,CAAC,CA8HtB"}

package/dist/types/{flows/dwn-discovery.d.ts → discovery.d.ts}

@@ -7,36 +7,31 @@
  *
  * ## Discovery channels (browser, highest to lowest priority)
  *
- * 1. **URL fragment payload** — A `dwn://register` redirect just landed
+ * 1. **URL fragment payload** — A `dwn://connect` redirect just landed
  *    on the page with the endpoint in `#`. Highest priority because it's
  *    fresh and explicit.
  * 2. **Persisted endpoint** (localStorage) — A previously discovered
  *    endpoint restored and re-validated via `GET /info`.
- * 3. **Agent-level discovery** (transparent, runs on every `sendRequest`)
- *    — `~/.enbox/dwn.json` discovery file (Node/Bun only; skipped in
- *    browsers) and sequential port probing on `127.0.0.1:{3000,55500–55509}`.
- *    This channel works even if the browser-specific functions here
- *    return `false`.
  *
  * ## Discovery channels (CLI / native, all transparent)
  *
- * In Node/Bun environments, all discovery happens automatically inside
+ * In Node/Bun environments, the agent's `LocalDwnDiscovery` reads the
+ * `~/.enbox/dwn.json` discovery file automatically inside
  * `AgentDwnApi.getLocalDwnEndpoint()`. The browser-specific functions
  * in this module (`checkUrlForDwnDiscoveryPayload`, `requestLocalDwnDiscovery`)
- * are not needed — the agent reads `~/.enbox/dwn.json` and probes ports
- * on its own.
+ * are not needed in those environments.
  *
- * @see https://github.com/enboxorg/enbox/issues/589
+ * @see https://github.com/enboxorg/enbox/issues/677
  * @module
  */
 import type { EnboxUserAgent } from '@enbox/agent';
-import type { AuthEventEmitter } from '../events.js';
-import type { StorageAdapter } from '../types.js';
+import type { AuthEventEmitter } from './events.js';
+import type { StorageAdapter } from './types.js';
 /**
  * Check the current page URL for a `DwnDiscoveryPayload` in the fragment.
  *
  * This is called once at the start of a connection flow to detect whether
- * the user was just redirected back from a `dwn://register` handler. If a
+ * the user was just redirected back from a `dwn://connect` handler. If a
  * valid payload is found, the endpoint is persisted and the fragment is
  * cleared to prevent double-reads.
  *
@@ -44,6 +39,28 @@ import type { StorageAdapter } from '../types.js';
  *   was found in the URL.
  */
 export declare function checkUrlForDwnDiscoveryPayload(): string | undefined;
+/**
+ * Run local DWN discovery **before the agent exists**.
+ *
+ * This is the standalone counterpart of {@link applyLocalDwnDiscovery} and
+ * is designed to be called in `AuthManager.create()`, before
+ * `EnboxUserAgent.create()`, so the agent creation can decide whether to
+ * spin up an in-process DWN or operate in remote mode.
+ *
+ * Discovery channels (highest → lowest priority):
+ * 1. **URL fragment payload** — A `dwn://connect` redirect just landed.
+ * 2. **Persisted endpoint** (localStorage) — A previously discovered
+ *    endpoint, re-validated via `GET /info`.
+ *
+ * When a valid endpoint is found it is persisted to storage. When a
+ * previously-persisted endpoint is stale, it is removed.
+ *
+ * @param storage - The auth storage adapter (for reading/writing the
+ *   cached endpoint).
+ * @returns The validated endpoint URL, or `undefined` if no local DWN
+ *   server is available.
+ */
+export declare function discoverLocalDwn(storage: StorageAdapter): Promise<string | undefined>;
 /**
  * Persist a discovered local DWN endpoint in auth storage.
  *
@@ -76,25 +93,18 @@ export declare function restoreLocalDwnEndpoint(agent: EnboxUserAgent, storage:
  * Run the full local DWN discovery sequence for a browser connection flow.
  *
  * This function handles the **receiving** side of local DWN discovery in
- * the browser. It does NOT trigger the `dwn://register` redirect — use
+ * the browser. It does NOT trigger the `dwn://connect` redirect — use
  * {@link requestLocalDwnDiscovery} for that.
  *
  * The discovery channels, from highest to lowest priority:
  *
- * 1. **URL fragment payload** — A `dwn://register` redirect just landed on
+ * 1. **URL fragment payload** — A `dwn://connect` redirect just landed on
  *    this page with the DWN endpoint in `#`. This is the highest-priority
  *    signal because it's fresh and explicit.
  *
  * 2. **Persisted endpoint** (localStorage) — A previously discovered
  *    endpoint is restored and re-validated via `GET /info`.
  *
- * 3. **Agent-level discovery** (transparent) — Even if this function
- *    returns `false`, the agent's `LocalDwnDiscovery` will independently
- *    try the discovery file (`~/.enbox/dwn.json`) and port probing on
- *    every `sendRequest()` call. Those channels are not available in
- *    browsers (no filesystem access, CORS may block probes), but they
- *    work transparently in Node/Bun CLI environments.
- *
  * When an `emitter` is provided, this function emits:
  * - `'local-dwn-available'` with the endpoint when discovery succeeds.
  * - `'local-dwn-unavailable'` when no local DWN could be reached.
@@ -106,52 +116,29 @@ export declare function restoreLocalDwnEndpoint(agent: EnboxUserAgent, storage:
  */
 export declare function applyLocalDwnDiscovery(agent: EnboxUserAgent, storage: StorageAdapter, emitter?: AuthEventEmitter): Promise<boolean>;
 /**
- * Initiate the `dwn://register` flow by opening the register URL.
+ * Initiate the `dwn://connect` flow by opening the connect URL.
  *
- * This asks the operating system to route `dwn://register?callback=<url>`
+ * This asks the operating system to route `dwn://connect?callback=<url>`
  * to the registered handler (electrobun-dwn), which will redirect the
  * user's browser back to `callbackUrl` with the local DWN endpoint
  * encoded in the URL fragment.
  *
- * **Important:** There is no reliable cross-browser API to detect whether
- * a `dwn://` handler is installed. If no handler is registered, this call
- * will silently fail or show an OS-level error dialog. Use
- * {@link probeLocalDwn} first to check if a local DWN is already
- * reachable via port probing — if it is, you can skip the register flow
- * entirely and call {@link applyLocalDwnDiscovery} instead.
+ * **Note:** There is no reliable cross-browser API to detect whether a
+ * `dwn://` handler is installed. If no handler is registered, this call
+ * will silently fail or show an OS-level error dialog.
  *
  * @param callbackUrl - The URL to redirect back to. Defaults to the
  *   current page URL (without its fragment) if running in a browser.
- * @returns `true` if the register URL was opened, `false` if no
+ * @returns `true` if the connect URL was opened, `false` if no
  *   callback URL could be determined (e.g. no `globalThis.location`).
  *
  * @example
  * ```ts
- * // Check if local DWN is already available via direct probe.
- * const alreadyAvailable = await probeLocalDwn();
- * if (!alreadyAvailable) {
- *   // No local DWN found — trigger the dwn://register flow.
- *   requestLocalDwnDiscovery();
- *   // The page will reload with the endpoint in the URL fragment.
- * }
+ * // Trigger the dwn://connect flow to discover a local DWN.
+ * requestLocalDwnDiscovery();
+ * // The page will reload with the endpoint in the URL fragment.
+ * // On the next connect/restore, applyLocalDwnDiscovery() reads it.
  * ```
  */
 export declare function requestLocalDwnDiscovery(callbackUrl?: string): boolean;
-/**
- * Probe whether a local DWN server is reachable via direct HTTP fetch.
- *
- * Attempts `GET http://127.0.0.1:{port}/info` on the well-known port
- * candidates and returns the endpoint URL of the first server that
- * responds with a valid `@enbox/dwn-server` identity.
- *
- * This is useful in browsers to check if a local DWN is available
- * *before* triggering the `dwn://register` redirect flow — if the
- * server is already reachable (CORS permitting), the redirect is
- * unnecessary.
- *
- * @returns The local DWN endpoint URL, or `undefined` if no server
- *   was found. Returns `undefined` (rather than throwing) on CORS
- *   errors or network failures.
- */
-export declare function probeLocalDwn(): Promise<string | undefined>;
-//# sourceMappingURL=dwn-discovery.d.ts.map
+//# sourceMappingURL=discovery.d.ts.map

package/dist/types/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAKnD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAIjD;;;;;;;;;;GAUG;AACH,wBAAgB,8BAA8B,IAAI,MAAM,GAAG,SAAS,CAkBnE;AA4BD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAwB7B;AAID;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,cAAc,EACvB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAEf;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,IAAI,CAAC,CAEf;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,cAAc,EACrB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,cAAc,EACrB,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAID;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,wBAAwB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAuBtE"}

package/dist/types/index.d.ts

@@ -35,11 +35,15 @@
  */
 export { AuthManager } from './auth-manager.js';
 export { AuthSession } from './identity-session.js';
-export { VaultManager } from './vault/vault-manager.js';
 export { AuthEventEmitter } from './events.js';
+export { PasswordProvider } from './password-provider.js';
+export type { PasswordContext } from './password-provider.js';
 export { EnboxUserAgent, HdIdentityVault } from '@enbox/agent';
-export { processConnectedGrants } from './flows/wallet-connect.js';
-export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEndpoint, persistLocalDwnEndpoint, probeLocalDwn, requestLocalDwnDiscovery, restoreLocalDwnEndpoint, } from './flows/dwn-discovery.js';
+export { processConnectedGrants } from './connect/wallet.js';
+export { WalletConnect } from './wallet-connect-client.js';
+export type { Permission, ProtocolPermissionOptions, WalletConnectClientOptions } from './wallet-connect-client.js';
+export { loadTokensFromStorage, saveTokensToStorage } from './registration.js';
+export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEndpoint, discoverLocalDwn, persistLocalDwnEndpoint, requestLocalDwnDiscovery, restoreLocalDwnEndpoint, } from './discovery.js';
 export { BrowserStorage, LevelStorage, MemoryStorage, createDefaultStorage } from './storage/storage.js';
-export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectPermissionRequest, DisconnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, PortableIdentity, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
+export type { AuthEvent, AuthEventHandler, AuthEventMap, AuthManagerOptions, AuthSessionInfo, AuthState, ConnectPermissionRequest, DisconnectOptions, HeadlessConnectOptions, IdentityInfo, IdentityVaultBackup, ImportFromPhraseOptions, ImportFromPortableOptions, LocalConnectOptions, LocalDwnStrategy, PortableIdentity, ProviderAuthParams, ProviderAuthResult, RegistrationOptions, RegistrationTokenData, RestoreSessionOptions, ShutdownOptions, StorageAdapter, SyncOption, WalletConnectOptions, } from './types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAI/C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAGnE,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,uBAAuB,EACvB,aAAa,EACb,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGzG,YAAY,EACV,SAAS,EACT,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,wBAAwB,EACxB,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,cAAc,EACd,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAI9D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAG/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,YAAY,EAAE,UAAU,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAGpH,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAG/E,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGzG,YAAY,EACV,SAAS,EACT,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,SAAS,EACT,wBAAwB,EACxB,iBAAiB,EACjB,sBAAsB,EACtB,YAAY,EACZ,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,UAAU,EACV,oBAAoB,GACrB,MAAM,YAAY,CAAC"}