@enbox/auth 0.5.0 → 0.6.0

package/dist/types/{flows/dwn-registration.d.ts → registration.d.ts}

@@ -11,7 +11,7 @@
  * @module
  */
 import type { EnboxUserAgent } from '@enbox/agent';
-import type { RegistrationOptions, RegistrationTokenData, StorageAdapter } from '../types.js';
+import type { RegistrationOptions, RegistrationTokenData, StorageAdapter } from './types.js';
 /** @internal */
 export interface RegistrationContext {
     /** The user agent with RPC access for getServerInfo(). */
@@ -55,4 +55,4 @@ export declare function loadTokensFromStorage(storage: StorageAdapter): Promise<
  * @internal
  */
 export declare function saveTokensToStorage(storage: StorageAdapter, tokens: Record<string, RegistrationTokenData>): Promise<void>;
-//# sourceMappingURL=dwn-registration.d.ts.map
+//# sourceMappingURL=registration.d.ts.map

package/dist/types/registration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAMnD,OAAO,KAAK,EACV,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACf,MAAM,YAAY,CAAC;AAEpB,gBAAgB;AAChB,MAAM,WAAW,mBAAmB;IAClC,0DAA0D;IAC1D,SAAS,EAAE,cAAc,CAAC;IAE1B,sCAAsC;IACtC,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IAEjB,kDAAkD;IAClD,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,OAAO,CAAC,EAAE,cAAc,CAAC;CAC1B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,mBAAmB,EACxB,YAAY,EAAE,mBAAmB,GAChC,OAAO,CAAC,IAAI,CAAC,CAqHf;AAID;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAQhD;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,EACvB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,GAC5C,OAAO,CAAC,IAAI,CAAC,CAEf"}

package/dist/types/types.d.ts

@@ -278,9 +278,10 @@ export interface WalletConnectOptions {
     /**
      * Protocol permission requests for the wallet connect flow.
      *
-     * Each entry is a `ConnectPermissionRequest` from `@enbox/agent` containing
-     * a `protocolDefinition` and `permissionScopes`. Use
-     * `WalletConnect.createPermissionRequestForProtocol()` to build these.
+     * Each entry is a `ConnectPermissionRequest` containing a
+     * `protocolDefinition` and `permissionScopes`. Use
+     * `WalletConnect.createPermissionRequestForProtocol()` from `@enbox/auth`
+     * to build these.
      */
     permissionRequests: ConnectPermissionRequest[];
     /** Called when the wallet URI is ready (render as QR code). */
@@ -384,6 +385,8 @@ export interface StorageAdapter {
 }
 /** The insecure default password used when none is provided. */
 export declare const INSECURE_DEFAULT_PASSWORD = "insecure-static-phrase";
+/** Default DWN endpoints for new identities when none are configured. */
+export declare const DEFAULT_DWN_ENDPOINTS: string[];
 /**
  * Storage keys used by the auth manager for session persistence.
  * @internal

package/dist/types/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAElI,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGvI,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IAEf,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;OAQG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAED,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9B;AAED,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;;OAMG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC,+CAA+C;IAC/C,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IAEvB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,sDAAsD;AACtD,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzC,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,6BAA6B;IAC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAID,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,2BAA2B,CAAC;AAElE;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAGpD,+CAA+C;;IAG/C,4DAA4D;;IAG5D,yDAAyD;;IAGzD;;;;;;OAMG;;IAGH;;;;;;OAMG;;CAEK,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,cAAc,EAAE,eAAe,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAElI,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG/D,YAAY,EAAE,wBAAwB,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGvI,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAInD;;;;;;;GAOG;AACH,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,GAAG,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,CAAC;AAI/D;;;;;;;;;GASG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,QAAQ,GACR,UAAU,GACV,WAAW,CAAC;AAIhB,mDAAmD;AACnD,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,aAAa,GACb,gBAAgB,GAChB,kBAAkB,GAClB,cAAc,GACd,gBAAgB,GAChB,qBAAqB,GACrB,uBAAuB,CAAC;AAE5B,wDAAwD;AACxD,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE;QAAE,QAAQ,EAAE,SAAS,CAAC;QAAC,OAAO,EAAE,SAAS,CAAA;KAAE,CAAC;IAC5D,eAAe,EAAE;QAAE,OAAO,EAAE,eAAe,CAAA;KAAE,CAAC;IAC9C,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/B,gBAAgB,EAAE;QAAE,QAAQ,EAAE,YAAY,CAAA;KAAE,CAAC;IAC7C,kBAAkB,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACtC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACxC,mEAAmE;IACnE,qBAAqB,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,6GAA6G;IAC7G,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CAChD;AAED,sDAAsD;AACtD,MAAM,MAAM,gBAAgB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAC1D,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;AAIrC,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IAEf,2BAA2B;IAC3B,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,+DAA+D;AAC/D,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,YAAY,CAAC;CACxB;AAID,gEAAgE;AAChE,MAAM,WAAW,kBAAkB;IACjC,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,WAAW,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,KAAK,EAAE,MAAM,CAAC;CACf;AAED,yEAAyE;AACzE,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gEAAgE;IAChE,QAAQ,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAID;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,mBAAmB;IAClC,+DAA+D;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IAEtB,8CAA8C;IAC9C,SAAS,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IAEpC;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAErF;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IAE3D;;;;;;;;OAQG;IACH,oBAAoB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,KAAK,IAAI,CAAC;IAE/E;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;IAEvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,eAAe,CAAC;IAE7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,8EAA8E;IAC9E,OAAO,CAAC,EAAE,cAAc,CAAC;IAEzB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,sCAAsC;IACtC,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAED,+CAA+C;AAC/C,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB,yBAAyB;IACzB,QAAQ,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9B;AAED,qDAAqD;AACrD,MAAM,WAAW,oBAAoB;IACnC,gEAAgE;IAChE,WAAW,EAAE,MAAM,CAAC;IAEpB,uCAAuC;IACvC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;;;;;OAOG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C,+DAA+D;IAC/D,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC,+CAA+C;IAC/C,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wDAAwD;AACxD,MAAM,WAAW,uBAAuB;IACtC,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC;IAEvB,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IAEjB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;IAElB,8CAA8C;IAC9C,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,0DAA0D;AAC1D,MAAM,WAAW,yBAAyB;IACxC,4CAA4C;IAC5C,gBAAgB,EAAE,gBAAgB,CAAC;IAEnC,8CAA8C;IAC9C,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,sDAAsD;AACtD,MAAM,WAAW,qBAAqB;IACpC,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CAC5C;AAED,uDAAuD;AACvD,MAAM,WAAW,sBAAsB;IACrC,kDAAkD;IAClD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uDAAuD;IACvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzC,4BAA4B;IAC5B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/C,oBAAoB;IACpB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,6BAA6B;IAC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB;;;;;;OAMG;IACH,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAID,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,2BAA2B,CAAC;AAElE,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,UAAgC,CAAC;AAEnE;;;GAGG;AACH,eAAO,MAAM,YAAY;IACvB,oDAAoD;;IAGpD,+CAA+C;;IAG/C,4DAA4D;;IAG5D,yDAAyD;;IAGzD;;;;;;OAMG;;IAGH;;;;;;OAMG;;CAEK,CAAC"}

package/dist/types/wallet-connect-client.d.ts

@@ -0,0 +1,89 @@
+/**
+ * WalletConnect client — initiates the relay-mediated connect flow.
+ *
+ * Moved from `@enbox/agent/src/connect.ts` because `initClient` has zero
+ * coupling to agent internals (no vault, no key store, no DWN processing,
+ * no sync). Its only consumer is `auth/src/connect/wallet.ts`.
+ *
+ * The server-side counterpart (`EnboxConnectProtocol`) correctly stays in
+ * `@enbox/agent` because it uses `agent.processDwnRequest()`,
+ * `agent.sendDwnRequest()`, and `AgentPermissionsApi`.
+ *
+ * @module
+ */
+import type { ConnectPermissionRequest, DwnProtocolDefinition } from '@enbox/agent';
+import type { EnboxConnectResponse } from '@enbox/agent';
+/**
+ * Options for initiating a wallet connect flow (remote, relay-mediated).
+ *
+ * This is the agent-level options type used by `initClient()`. The auth-level
+ * `WalletConnectOptions` (in `types.ts`) wraps this with additional fields
+ * like `sync`.
+ */
+export type WalletConnectClientOptions = {
+    /** The user-friendly name of the app, displayed in the wallet consent UI. */
+    displayName: string;
+    /** The URL of the connect server which relays messages between the app and wallet. */
+    connectServerUrl: string;
+    /**
+     * The URI of the wallet app. Query params (`request_uri`, `encryption_key`)
+     * are appended and passed to `onWalletUriReady`.
+     * @example `enbox://connect` or `http://localhost:3000/`
+     */
+    walletUri: string;
+    /**
+     * The protocols of permissions requested, along with the definition and
+     * permission scopes for each protocol. The key is the protocol URL and
+     * the value is an object with the protocol definition and the permission scopes.
+     */
+    permissionRequests: ConnectPermissionRequest[];
+    /**
+     * Called with the wallet URI including query params (`request_uri`, `encryption_key`).
+     * The app should render this as a QR code or use it as a deep link.
+     *
+     * @param uri - The wallet URI with connect payload.
+     */
+    onWalletUriReady: (uri: string) => void;
+    /**
+     * Called to collect the PIN from the user. The PIN is used as AAD
+     * when decrypting the connect response from the relay.
+     *
+     * @returns A promise that resolves to the PIN as a string.
+     */
+    validatePin: () => Promise<string>;
+};
+/**
+ * Shorthand for the types of permissions that can be requested.
+ */
+export type Permission = 'write' | 'read' | 'delete' | 'query' | 'subscribe' | 'configure';
+/**
+ * The options for creating a permission request for a given protocol.
+ */
+export type ProtocolPermissionOptions = {
+    /** The protocol definition for the protocol being requested */
+    definition: DwnProtocolDefinition;
+    /** The permissions being requested for the protocol */
+    permissions: Permission[];
+};
+/**
+ * Initiates the wallet connect process. Used when a client wants to obtain
+ * a did from a provider.
+ */
+declare function initClient({ displayName, connectServerUrl, walletUri, permissionRequests, onWalletUriReady, validatePin, }: WalletConnectClientOptions): Promise<{
+    delegateGrants: EnboxConnectResponse['delegateGrants'];
+    delegatePortableDid: EnboxConnectResponse['delegatePortableDid'];
+    connectedDid: string;
+} | undefined>;
+/**
+ * Creates a set of Dwn Permission Scopes to request for a given protocol.
+ *
+ * If no permissions are provided, the default is to request all relevant record permissions (write, read, delete, query, subscribe).
+ * 'configure' is not included by default, as this gives the application a lot of control over the protocol.
+ */
+declare function createPermissionRequestForProtocol({ definition, permissions }: ProtocolPermissionOptions): ConnectPermissionRequest;
+export declare const WalletConnect: {
+    initClient: typeof initClient;
+    createPermissionRequestForProtocol: typeof createPermissionRequestForProtocol;
+};
+export {};
+//# sourceMappingURL=wallet-connect-client.d.ts.map

package/dist/types/wallet-connect-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-connect-client.d.ts","sourceRoot":"","sources":["../../src/wallet-connect-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAsB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACxG,OAAO,KAAK,EAAyB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAQhF;;;;;;GAMG;AACH,MAAM,MAAM,0BAA0B,GAAG;IACvC,6EAA6E;IAC7E,WAAW,EAAE,MAAM,CAAC;IAEpB,sFAAsF;IACtF,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;;OAIG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;;OAIG;IACH,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;IAE/C;;;;;OAKG;IACH,gBAAgB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAExC;;;;;OAKG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,GAAG,WAAW,GAAG,WAAW,CAAC;AAE3F;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG;IACtC,+DAA+D;IAC/D,UAAU,EAAE,qBAAqB,CAAC;IAElC,uDAAuD;IACvD,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B,CAAC;AAEF;;;GAGG;AACH,iBAAe,UAAU,CAAC,EACxB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACZ,EAAE,0BAA0B,GAAG,OAAO,CAAC;IACtC,cAAc,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;IACvD,mBAAmB,EAAE,oBAAoB,CAAC,qBAAqB,CAAC,CAAC;IACjE,YAAY,EAAE,MAAM,CAAC;CACtB,GAAG,SAAS,CAAC,CAkGb;AAED;;;;;GAKG;AACH,iBAAS,kCAAkC,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,EAAE,yBAAyB,GAAG,wBAAwB,CAsE5H;AAED,eAAO,MAAM,aAAa;;;CAAqD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enbox/auth",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Headless authentication and identity management SDK for Enbox",
   "type": "module",
   "main": "./dist/esm/index.js",
@@ -56,15 +56,19 @@
     "bun": ">=1.0.0"
   },
   "dependencies": {
-    "@enbox/agent": "0.4.0",
-    "@enbox/common": "0.0.7",
-    "@enbox/dids": "0.0.9",
-    "@enbox/dwn-clients": "0.1.0",
+    "@enbox/agent": "0.5.0",
+    "@enbox/common": "0.1.0",
+    "@enbox/crypto": "0.1.0",
+    "@enbox/dids": "0.1.0",
+    "@enbox/dwn-clients": "0.2.0",
+    "@enbox/dwn-sdk-js": "0.2.0",
     "level": "8.0.1"
   },
   "devDependencies": {
     "@types/node": "22.19.15",
+    "@types/sinon": "17.0.3",
     "bun-types": "1.3.10",
+    "sinon": "18.0.0",
     "typescript": "5.9.3"
   }
 }

package/src/auth-manager.ts

@@ -6,19 +6,9 @@
  * @module
  */
 
-import { EnboxUserAgent } from '@enbox/agent';
-import type { BearerIdentity, PortableIdentity } from '@enbox/agent';
-
-import { AuthEventEmitter } from './events.js';
-import { AuthSession } from './identity-session.js';
-import { createDefaultStorage } from './storage/storage.js';
-import { discoverLocalDwn } from './flows/dwn-discovery.js';
-import { localConnect } from './flows/local-connect.js';
-import { restoreSession } from './flows/session-restore.js';
-import { STORAGE_KEYS } from './types.js';
-import { VaultManager } from './vault/vault-manager.js';
-import { walletConnect } from './flows/wallet-connect.js';
+import type { BearerIdentity, HdIdentityVault, PortableIdentity } from '@enbox/agent';
 
+import type { FlowContext } from './connect/lifecycle.js';
 import type { PasswordProvider } from './password-provider.js';
 import type {
   AuthEvent,
@@ -38,7 +28,19 @@ import type {
   SyncOption,
   WalletConnectOptions,
 } from './types.js';
-import { importFromPhrase, importFromPortable } from './flows/import-identity.js';
+
+import { EnboxUserAgent } from '@enbox/agent';
+
+import { AuthEventEmitter } from './events.js';
+import { AuthSession } from './identity-session.js';
+import { createDefaultStorage } from './storage/storage.js';
+import { discoverLocalDwn } from './discovery.js';
+import { localConnect } from './connect/local.js';
+import { restoreSession } from './connect/restore.js';
+import { STORAGE_KEYS } from './types.js';
+import { walletConnect } from './connect/wallet.js';
+import { ensureVaultReady, resolveIdentityDids, startSyncIfEnabled } from './connect/lifecycle.js';
+import { importFromPhrase, importFromPortable } from './connect/import.js';
 
 /**
  * The primary entry point for authentication and identity management.
@@ -77,7 +79,6 @@ export class AuthManager {
   private _userAgent: EnboxUserAgent;
   private _emitter: AuthEventEmitter;
   private _storage: StorageAdapter;
-  private _vault: VaultManager;
   private _session: AuthSession | undefined;
   private _state: AuthState = 'uninitialized';
   private _isConnecting = false;
@@ -102,7 +103,6 @@ export class AuthManager {
     userAgent: EnboxUserAgent;
     emitter: AuthEventEmitter;
     storage: StorageAdapter;
-    vault: VaultManager;
     defaultPassword?: string;
     passwordProvider?: PasswordProvider;
     defaultSync?: SyncOption;
@@ -113,7 +113,6 @@ export class AuthManager {
     this._userAgent = params.userAgent;
     this._emitter = params.emitter;
     this._storage = params.storage;
-    this._vault = params.vault;
     this._defaultPassword = params.defaultPassword;
     this._passwordProvider = params.passwordProvider;
     this._defaultSync = params.defaultSync;
@@ -159,13 +158,10 @@ export class AuthManager {
       localDwnEndpoint,
     });
 
-    const vault = new VaultManager(userAgent.vault, emitter);
-
     const manager = new AuthManager({
       userAgent,
       emitter,
       storage,
-      vault,
       defaultPassword     : options.password,
       passwordProvider    : options.passwordProvider,
       defaultSync         : options.sync,
@@ -175,8 +171,8 @@ export class AuthManager {
     });
 
     // Determine initial state.
-    if (await vault.isInitialized()) {
-      manager._setState(vault.isLocked ? 'locked' : 'unlocked');
+    if (await userAgent.vault.isInitialized()) {
+      manager._setState(userAgent.vault.isLocked() ? 'locked' : 'unlocked');
     } else {
       manager._setState('uninitialized');
     }
@@ -197,30 +193,7 @@ export class AuthManager {
    * @throws If a connection attempt is already in progress.
    */
   async connect(options?: LocalConnectOptions): Promise<AuthSession> {
-    this._guardConcurrency();
-    this._isConnecting = true;
-
-    try {
-      const session = await localConnect(
-        {
-          userAgent           : this._userAgent,
-          emitter             : this._emitter,
-          storage             : this._storage,
-          defaultPassword     : this._defaultPassword,
-          passwordProvider    : this._passwordProvider,
-          defaultSync         : this._defaultSync,
-          defaultDwnEndpoints : this._defaultDwnEndpoints,
-          registration        : this._registration,
-        },
-        options,
-      );
-
-      this._session = session;
-      this._setState('connected');
-      return session;
-    } finally {
-      this._isConnecting = false;
-    }
+    return this._withConnect(() => localConnect(this._flowContext(), options));
   }
 
   /**
@@ -235,50 +208,7 @@ export class AuthManager {
    * @throws If a connection attempt is already in progress.
    */
   async walletConnect(options: WalletConnectOptions): Promise<AuthSession> {
-    this._guardConcurrency();
-    this._isConnecting = true;
-
-    try {
-      // Ensure the agent is initialized and started before wallet connect.
-      const isFirstLaunch = await this._userAgent.firstLaunch();
-      let password = this._defaultPassword;
-
-      if (!password && this._passwordProvider) {
-        try {
-          password = await this._passwordProvider.getPassword({
-            reason: isFirstLaunch ? 'create' : 'unlock',
-          });
-        } catch {
-          // Provider failed — fall through to insecure default.
-        }
-      }
-
-      password ??= 'insecure-static-phrase';
-
-      if (isFirstLaunch) {
-        await this._userAgent.initialize({ password });
-      }
-      await this._userAgent.start({ password });
-      this._emitter.emit('vault-unlocked', {});
-
-      const session = await walletConnect(
-        {
-          userAgent           : this._userAgent,
-          emitter             : this._emitter,
-          storage             : this._storage,
-          defaultSync         : this._defaultSync,
-          defaultDwnEndpoints : this._defaultDwnEndpoints,
-          registration        : this._registration,
-        },
-        options,
-      );
-
-      this._session = session;
-      this._setState('connected');
-      return session;
-    } finally {
-      this._isConnecting = false;
-    }
+    return this._withConnect(() => walletConnect(this._flowContext(), options));
   }
 
   /**
@@ -288,28 +218,7 @@ export class AuthManager {
    * recovering the identity on this device.
    */
   async importFromPhrase(options: ImportFromPhraseOptions): Promise<AuthSession> {
-    this._guardConcurrency();
-    this._isConnecting = true;
-
-    try {
-      const session = await importFromPhrase(
-        {
-          userAgent           : this._userAgent,
-          emitter             : this._emitter,
-          storage             : this._storage,
-          defaultSync         : this._defaultSync,
-          defaultDwnEndpoints : this._defaultDwnEndpoints,
-          registration        : this._registration,
-        },
-        options,
-      );
-
-      this._session = session;
-      this._setState('connected');
-      return session;
-    } finally {
-      this._isConnecting = false;
-    }
+    return this._withConnect(() => importFromPhrase(this._flowContext(), options));
   }
 
   /**
@@ -318,28 +227,7 @@ export class AuthManager {
    * The portable identity contains the DID's private keys and metadata.
    */
   async importFromPortable(options: ImportFromPortableOptions): Promise<AuthSession> {
-    this._guardConcurrency();
-    this._isConnecting = true;
-
-    try {
-      const session = await importFromPortable(
-        {
-          userAgent           : this._userAgent,
-          emitter             : this._emitter,
-          storage             : this._storage,
-          defaultSync         : this._defaultSync,
-          defaultDwnEndpoints : this._defaultDwnEndpoints,
-          registration        : this._registration,
-        },
-        options,
-      );
-
-      this._session = session;
-      this._setState('connected');
-      return session;
-    } finally {
-      this._isConnecting = false;
-    }
+    return this._withConnect(() => importFromPortable(this._flowContext(), options));
   }
 
   /**
@@ -353,17 +241,7 @@ export class AuthManager {
     this._isConnecting = true;
 
     try {
-      const session = await restoreSession(
-        {
-          userAgent        : this._userAgent,
-          emitter          : this._emitter,
-          storage          : this._storage,
-          defaultPassword  : this._defaultPassword,
-          passwordProvider : this._passwordProvider,
-          defaultSync      : this._defaultSync,
-        },
-        options,
-      );
+      const session = await restoreSession(this._flowContext(), options);
 
       if (session) {
         this._session = session;
@@ -400,10 +278,10 @@ export class AuthManager {
    */
   async connectHeadless(options?: HeadlessConnectOptions): Promise<AuthSession> {
     let password = options?.password ?? this._defaultPassword;
+    const isFirstLaunch = await this._userAgent.firstLaunch();
 
     // Try the password provider if no explicit password.
     if (!password && this._passwordProvider) {
-      const isFirstLaunch = await this._userAgent.firstLaunch();
       password = await this._passwordProvider.getPassword({
         reason: isFirstLaunch ? 'create' : 'unlock',
       });
@@ -416,13 +294,13 @@ export class AuthManager {
       );
     }
 
-    // Unlock the vault (initialise on first launch).
-    if (await this._userAgent.firstLaunch()) {
-      await this._userAgent.initialize({ password });
-    } else {
-      await this._userAgent.start({ password });
-    }
-    this._emitter.emit('vault-unlocked', {});
+    // Unlock the vault (initialise on first launch, always start).
+    await ensureVaultReady({
+      userAgent : this._userAgent,
+      emitter   : this._emitter,
+      password,
+      isFirstLaunch,
+    });
 
     // Find the active identity.
     const identities = await this._userAgent.identity.list();
@@ -437,8 +315,7 @@ export class AuthManager {
       : undefined
     ) ?? identities[0];
 
-    const connectedDid = identity.metadata.connectedDid ?? identity.did.uri;
-    const delegateDid = identity.metadata.connectedDid ? identity.did.uri : undefined;
+    const { connectedDid, delegateDid } = resolveIdentityDids(identity);
 
     const identityInfo: IdentityInfo = {
       didUri       : connectedDid,
@@ -484,15 +361,14 @@ export class AuthManager {
     const did = this._session?.did;
 
     // 1. Stop sync.
-    if ('sync' in this._userAgent && typeof (this._userAgent as any).sync?.stopSync === 'function') {
-      await (this._userAgent as any).sync.stopSync(timeout);
-    }
+    await this._userAgent.sync.stopSync(timeout);
 
     // 2. Clear the session (but keep storage markers for restore).
     this._session = undefined;
 
-    // 3. Lock the vault (also emits 'vault-locked').
-    await this._vault.lock();
+    // 3. Lock the vault.
+    await this._userAgent.vault.lock();
+    this._emitter.emit('vault-locked', {});
 
     // 4. Transition state.
     this._setState('locked');
@@ -517,9 +393,7 @@ export class AuthManager {
 
     // Stop sync.
     if (this._session) {
-      if ('sync' in this._userAgent && typeof (this._userAgent as any).sync?.stopSync === 'function') {
-        await (this._userAgent as any).sync.stopSync(timeout);
-      }
+      await this._userAgent.sync.stopSync(timeout);
     }
 
     this._session = undefined;
@@ -591,33 +465,28 @@ export class AuthManager {
     const did = this._session?.did;
 
     // 1. Stop sync.
-    if ('sync' in this._userAgent &&
-        typeof (this._userAgent as any).sync?.stopSync === 'function') {
-      try {
-        await (this._userAgent as any).sync.stopSync(timeout);
-      } catch {
-        // Best-effort — don't block shutdown on sync errors.
-      }
+    try {
+      await this._userAgent.sync.stopSync(timeout);
+    } catch {
+      // Best-effort — don't block shutdown on sync errors.
     }
 
     // 2. Clear the active session.
     this._session = undefined;
 
-    // 3. Lock the vault (emits 'vault-locked').
+    // 3. Lock the vault.
     try {
-      await this._vault.lock();
+      await this._userAgent.vault.lock();
+      this._emitter.emit('vault-locked', {});
     } catch {
       // Vault may already be locked or uninitialised — safe to ignore.
     }
 
     // 4. Close the sync engine (releases LevelDB handles, timers).
-    if ('sync' in this._userAgent &&
-        typeof (this._userAgent as any).sync?.close === 'function') {
-      try {
-        await (this._userAgent as any).sync.close();
-      } catch {
-        // Best-effort.
-      }
+    try {
+      await this._userAgent.sync.close();
+    } catch {
+      // Best-effort.
     }
 
     // 5. Close the storage adapter (e.g. LevelDB session store).
@@ -673,8 +542,7 @@ export class AuthManager {
       throw new Error(`[@enbox/auth] Identity not found: ${didUri}`);
     }
 
-    const connectedDid = identity.metadata.connectedDid ?? identity.did.uri;
-    const delegateDid = identity.metadata.connectedDid ? identity.did.uri : undefined;
+    const { connectedDid, delegateDid } = resolveIdentityDids(identity);
 
     // Persist the switch.
     await this._storage.set(STORAGE_KEYS.PREVIOUSLY_CONNECTED, 'true');
@@ -699,10 +567,7 @@ export class AuthManager {
         // Already registered — safe to ignore.
       }
 
-      const syncMode = sync === undefined ? 'live' : 'poll';
-      const syncInterval = sync ?? (syncMode === 'live' ? '5m' : '2m');
-      this._userAgent.sync.startSync({ mode: syncMode, interval: syncInterval })
-        .catch((err: unknown) => console.error('[@enbox/auth] Sync failed:', err));
+      startSyncIfEnabled(this._userAgent, sync);
     }
 
     this._session = new AuthSession({
@@ -768,9 +633,9 @@ export class AuthManager {
 
   // ─── Vault ─────────────────────────────────────────────────────
 
-  /** Access the vault manager for lock/unlock/backup operations. */
-  get vault(): VaultManager {
-    return this._vault;
+  /** Access the underlying identity vault for lock/unlock/backup operations. */
+  get vault(): HdIdentityVault {
+    return this._userAgent.vault;
   }
 
   // ─── Events ────────────────────────────────────────────────────
@@ -800,7 +665,7 @@ export class AuthManager {
 
   /** Whether the vault is currently locked. */
   get isLocked(): boolean {
-    return this._vault.isLocked;
+    return this._userAgent.vault.isLocked();
   }
 
   /** Whether a connection attempt is in progress. */
@@ -826,6 +691,47 @@ export class AuthManager {
 
   // ─── Private helpers ───────────────────────────────────────────
 
+  /**
+   * Build a `FlowContext` from the manager's current state.
+   *
+   * Replaces the 5 manual inline context constructions that were
+   * previously duplicated across `connect()`, `walletConnect()`,
+   * `importFromPhrase()`, `importFromPortable()`, and `restoreSession()`.
+   */
+  private _flowContext(): FlowContext {
+    return {
+      userAgent           : this._userAgent,
+      emitter             : this._emitter,
+      storage             : this._storage,
+      defaultPassword     : this._defaultPassword,
+      passwordProvider    : this._passwordProvider,
+      defaultSync         : this._defaultSync,
+      defaultDwnEndpoints : this._defaultDwnEndpoints,
+      registration        : this._registration,
+    };
+  }
+
+  /**
+   * Template for connection flows that follow the guard → try/finally → setState pattern.
+   *
+   * Consolidates the duplicated concurrency guard, `_isConnecting` flag management,
+   * session assignment, and state transition across `connect()`, `walletConnect()`,
+   * `importFromPhrase()`, and `importFromPortable()`.
+   */
+  private async _withConnect(fn: () => Promise<AuthSession>): Promise<AuthSession> {
+    this._guardConcurrency();
+    this._isConnecting = true;
+
+    try {
+      const session = await fn();
+      this._session = session;
+      this._setState('connected');
+      return session;
+    } finally {
+      this._isConnecting = false;
+    }
+  }
+
   private _setState(state: AuthState): void {
     if (state === this._state) {return;}
     const previous = this._state;