@fairfox/polly 0.21.0 → 0.22.0

package/dist/src/index.js

@@ -2062,1579 +2062,6 @@ async function createBlobRef({
 // src/index.ts
 init_constraints();
 
-// src/shared/lib/crdt-specialised.ts
-import { Counter, updateText } from "@automerge/automerge-repo";
-import { effect as effect3, signal as signal4 } from "@preact/signals";
-
-// src/shared/lib/migrate-primitive.ts
-class MigrationError extends Error {
-  code;
-  key;
-  primitive;
-  constructor(message, code, key, primitive) {
-    super(message);
-    this.name = "MigrationError";
-    this.code = code;
-    this.key = key;
-    this.primitive = primitive;
-  }
-}
-
-class MigrationRegistry {
-  marks = new Set;
-  entryKey(key, primitive) {
-    return `${primitive}:${key}`;
-  }
-  mark(key, primitive) {
-    this.marks.add(this.entryKey(key, primitive));
-  }
-  isMarked(key, primitive) {
-    return this.marks.has(this.entryKey(key, primitive));
-  }
-  clear() {
-    this.marks.clear();
-  }
-  get size() {
-    return this.marks.size;
-  }
-}
-var migrationRegistry = new MigrationRegistry;
-async function migratePrimitive(source, destination, transform) {
-  if (source === destination) {
-    throw new MigrationError(`Cannot migrate a primitive to itself: "${source.key}" under ${source.primitive}.`, "same-primitive-instance", source.key, source.primitive);
-  }
-  if (migrationRegistry.isMarked(source.key, source.primitive)) {
-    throw new MigrationError(`Cannot migrate: source "${source.key}" under $${source.primitive} has already been migrated. Migrations are one-way and one-time.`, "already-migrated", source.key, source.primitive);
-  }
-  await source.loaded;
-  await destination.loaded;
-  const transformed = transform(source.value);
-  destination.value = transformed;
-  migrationRegistry.mark(source.key, source.primitive);
-}
-
-// src/shared/lib/primitive-registry.ts
-class PrimitiveCollisionError extends Error {
-  key;
-  firstPrimitive;
-  firstCallSite;
-  secondPrimitive;
-  secondCallSite;
-  constructor(key, firstPrimitive, firstCallSite, secondPrimitive, secondCallSite) {
-    const firstLocation = firstCallSite ? ` (at ${firstCallSite})` : "";
-    const secondLocation = secondCallSite ? ` (at ${secondCallSite})` : "";
-    super(`Polly primitive key collision: "${key}" is already registered as ` + `$${firstPrimitive}${firstLocation} and cannot also be registered ` + `as $${secondPrimitive}${secondLocation}. Pick a different key or ` + `use the same primitive in both places.`);
-    this.name = "PrimitiveCollisionError";
-    this.key = key;
-    this.firstPrimitive = firstPrimitive;
-    this.firstCallSite = firstCallSite;
-    this.secondPrimitive = secondPrimitive;
-    this.secondCallSite = secondCallSite;
-  }
-}
-
-class PrimitiveRegistry {
-  entries = new Map;
-  register(key, primitive, callSite) {
-    const existing = this.entries.get(key);
-    if (existing && existing.primitive !== primitive) {
-      throw new PrimitiveCollisionError(key, existing.primitive, existing.callSite, primitive, callSite);
-    }
-    if (!existing) {
-      this.entries.set(key, { primitive, callSite });
-    }
-  }
-  has(key) {
-    return this.entries.has(key);
-  }
-  kindOf(key) {
-    return this.entries.get(key)?.primitive;
-  }
-  clear() {
-    this.entries.clear();
-  }
-  get size() {
-    return this.entries.size;
-  }
-}
-var primitiveRegistry = new PrimitiveRegistry;
-
-// src/shared/lib/schema-version.ts
-var SCHEMA_VERSION_FIELD = "__schemaVersion";
-
-class SchemaVersionError extends Error {
-  code;
-  docVersion;
-  targetVersion;
-  opVersion;
-  missingVersion;
-  constructor(message, code, details = {}) {
-    super(message);
-    this.name = "SchemaVersionError";
-    this.code = code;
-    if (details.docVersion !== undefined)
-      this.docVersion = details.docVersion;
-    if (details.targetVersion !== undefined)
-      this.targetVersion = details.targetVersion;
-    if (details.opVersion !== undefined)
-      this.opVersion = details.opVersion;
-    if (details.missingVersion !== undefined)
-      this.missingVersion = details.missingVersion;
-  }
-}
-function getDocVersion(doc) {
-  if (typeof doc !== "object" || doc === null)
-    return 0;
-  const record = doc;
-  const value = record[SCHEMA_VERSION_FIELD];
-  return typeof value === "number" && Number.isInteger(value) && value >= 0 ? value : 0;
-}
-function setDocVersion(doc, version) {
-  doc[SCHEMA_VERSION_FIELD] = version;
-}
-function runMigrations(doc, targetVersion, migrations) {
-  const current = getDocVersion(doc);
-  if (current > targetVersion) {
-    throw new SchemaVersionError(`Document is at schema version ${current} but the application targets ${targetVersion}. Upgrade the application to continue.`, "doc-ahead-of-app", { docVersion: current, targetVersion });
-  }
-  for (let v = current + 1;v <= targetVersion; v++) {
-    const migration = migrations[v];
-    if (!migration) {
-      throw new SchemaVersionError(`Missing migration for schema version ${v}. Migrations must be contiguous from ${current + 1} through ${targetVersion}.`, "missing-migration", { docVersion: current, targetVersion, missingVersion: v });
-    }
-    migration(doc);
-    setDocVersion(doc, v);
-  }
-}
-function checkOpVersion(opVersion, docVersion) {
-  if (opVersion < docVersion) {
-    return { compatible: false, reason: "op-older-than-doc", opVersion, docVersion };
-  }
-  if (opVersion > docVersion) {
-    return { compatible: false, reason: "op-newer-than-doc", opVersion, docVersion };
-  }
-  return { compatible: true };
-}
-function assertOpVersion(opVersion, docVersion) {
-  const result = checkOpVersion(opVersion, docVersion);
-  if (result.compatible)
-    return;
-  const message = result.reason === "op-older-than-doc" ? `Incoming op was produced at schema version ${opVersion} but the document is at version ${docVersion}. The producing peer is behind.` : `Incoming op was produced at schema version ${opVersion} but the document is at version ${docVersion}. The current peer is behind and should upgrade.`;
-  throw new SchemaVersionError(message, result.reason, { opVersion, docVersion });
-}
-
-// src/shared/lib/crdt-specialised.ts
-function createSpecialisedPrimitive(config) {
-  if (migrationRegistry.isMarked(config.key, config.primitive)) {
-    throw new MigrationError(`Cannot construct $${config.primitive}("${config.key}"): this key has been marked as migrated. Migrations are one-way; use the destination primitive instead.`, "already-migrated", config.key, config.primitive);
-  }
-  primitiveRegistry.register(config.key, config.primitive, config.callSite);
-  const inner = signal4(config.initialValue);
-  let updating = false;
-  let currentHandle;
-  const loaded = (async () => {
-    const handle = await config.getHandle();
-    await handle.whenReady();
-    currentHandle = handle;
-    if (config.schemaVersion !== undefined) {
-      const targetVersion = config.schemaVersion;
-      const migrations = config.migrations ?? {};
-      handle.change((doc) => {
-        runMigrations(doc, targetVersion, migrations);
-        setDocVersion(doc, targetVersion);
-      });
-    }
-    updating = true;
-    try {
-      inner.value = config.extractValue(handle.doc());
-    } finally {
-      updating = false;
-    }
-    handle.on("change", (payload) => {
-      if (updating)
-        return;
-      updating = true;
-      try {
-        inner.value = config.extractValue(payload.doc);
-      } finally {
-        updating = false;
-      }
-    });
-    effect3(() => {
-      const value = inner.value;
-      if (updating)
-        return;
-      if (!currentHandle)
-        return;
-      updating = true;
-      try {
-        currentHandle.change((doc) => {
-          config.applyWrite(doc, value);
-        });
-      } finally {
-        updating = false;
-      }
-    });
-  })();
-  return {
-    key: config.key,
-    primitive: config.primitive,
-    get value() {
-      return inner.value;
-    },
-    set value(next) {
-      inner.value = next;
-    },
-    loaded,
-    get handle() {
-      return currentHandle;
-    }
-  };
-}
-function $crdtText(key, initialValue, options) {
-  return createSpecialisedPrimitive({
-    key,
-    primitive: options.primitive ?? "peerState",
-    initialValue,
-    getHandle: options.getHandle,
-    extractValue: (doc) => doc.text ?? "",
-    applyWrite: (doc, value) => {
-      if (doc.text === undefined) {
-        doc.text = value;
-      } else {
-        updateText(doc, ["text"], value);
-      }
-    },
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access,
-    callSite: options.callSite
-  });
-}
-function $crdtCounter(key, initialValue, options) {
-  return createSpecialisedPrimitive({
-    key,
-    primitive: options.primitive ?? "peerState",
-    initialValue,
-    getHandle: options.getHandle,
-    extractValue: (doc) => {
-      const c = doc.count;
-      if (c === undefined)
-        return 0;
-      return c.value;
-    },
-    applyWrite: (doc, value) => {
-      const existing = doc.count;
-      if (existing === undefined) {
-        doc.count = new Counter(value);
-      } else {
-        const delta = value - existing.value;
-        if (delta !== 0) {
-          existing.increment(delta);
-        }
-      }
-    },
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access,
-    callSite: options.callSite
-  });
-}
-function $crdtList(key, initialValue, options) {
-  return createSpecialisedPrimitive({
-    key,
-    primitive: options.primitive ?? "peerState",
-    initialValue,
-    getHandle: options.getHandle,
-    extractValue: (doc) => doc.items ? [...doc.items] : [],
-    applyWrite: (doc, value) => {
-      doc.items = [...value];
-    },
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access,
-    callSite: options.callSite
-  });
-}
-// src/shared/lib/crdt-state.ts
-import { effect as effect4, signal as signal5 } from "@preact/signals";
-function $crdtState(options) {
-  if (migrationRegistry.isMarked(options.key, options.primitive)) {
-    throw new MigrationError(`Cannot construct $${options.primitive}("${options.key}"): this key has been marked as migrated. Migrations are one-way; use the destination primitive instead.`, "already-migrated", options.key, options.primitive);
-  }
-  primitiveRegistry.register(options.key, options.primitive, options.callSite);
-  const inner = signal5(options.initialValue);
-  let updating = false;
-  let currentHandle;
-  const loaded = (async () => {
-    const handle = await options.getHandle();
-    await handle.whenReady();
-    currentHandle = handle;
-    if (options.schemaVersion !== undefined) {
-      const targetVersion = options.schemaVersion;
-      const migrations = options.migrations ?? {};
-      handle.change((doc) => {
-        runMigrations(doc, targetVersion, migrations);
-        setDocVersion(doc, targetVersion);
-      });
-    }
-    updating = true;
-    try {
-      inner.value = cloneDoc(handle.doc());
-    } finally {
-      updating = false;
-    }
-    handle.on("change", (payload) => {
-      if (updating)
-        return;
-      updating = true;
-      try {
-        inner.value = cloneDoc(payload.doc);
-      } finally {
-        updating = false;
-      }
-    });
-    effect4(() => {
-      const value = inner.value;
-      if (updating)
-        return;
-      if (!currentHandle)
-        return;
-      updating = true;
-      try {
-        currentHandle.change((doc) => {
-          applyTopLevel(doc, value);
-        });
-      } finally {
-        updating = false;
-      }
-    });
-  })();
-  return {
-    key: options.key,
-    primitive: options.primitive,
-    get value() {
-      return inner.value;
-    },
-    set value(next) {
-      inner.value = next;
-    },
-    loaded,
-    get handle() {
-      return currentHandle;
-    }
-  };
-}
-function cloneDoc(doc) {
-  return JSON.parse(JSON.stringify(doc));
-}
-function applyTopLevel(doc, value) {
-  for (const key of Object.keys(value)) {
-    if (key === SCHEMA_VERSION_FIELD)
-      continue;
-    doc[key] = value[key];
-  }
-}
-// src/shared/lib/encryption.ts
-import nacl from "tweetnacl";
-var KEY_BYTES = 32;
-var NONCE_BYTES = 24;
-var TAG_BYTES = 16;
-
-class EncryptionError extends Error {
-  code;
-  constructor(message, code) {
-    super(message);
-    this.name = "EncryptionError";
-    this.code = code;
-  }
-}
-function generateDocumentKey() {
-  return nacl.randomBytes(KEY_BYTES);
-}
-function encrypt(payload, key) {
-  if (key.length !== KEY_BYTES) {
-    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
-  }
-  const nonce = nacl.randomBytes(NONCE_BYTES);
-  const ciphertext = nacl.secretbox(payload, nonce, key);
-  const out = new Uint8Array(NONCE_BYTES + ciphertext.length);
-  out.set(nonce, 0);
-  out.set(ciphertext, NONCE_BYTES);
-  return out;
-}
-function decrypt(sealed, key) {
-  if (key.length !== KEY_BYTES) {
-    throw new EncryptionError(`secretbox key must be ${KEY_BYTES} bytes, got ${key.length}.`, "invalid-key-length");
-  }
-  if (sealed.length < NONCE_BYTES + TAG_BYTES) {
-    return;
-  }
-  const nonce = sealed.subarray(0, NONCE_BYTES);
-  const ciphertext = sealed.subarray(NONCE_BYTES);
-  const opened = nacl.secretbox.open(ciphertext, nonce, key);
-  return opened ?? undefined;
-}
-function decryptOrThrow(sealed, key) {
-  const opened = decrypt(sealed, key);
-  if (!opened) {
-    throw new EncryptionError(`Failed to decrypt sealed blob: wrong key, malformed input, or tampered ciphertext.`, "decrypt-failed");
-  }
-  return opened;
-}
-function sealEnvelope(payload, documentId, key) {
-  return {
-    documentId,
-    sealed: encrypt(payload, key)
-  };
-}
-function openEnvelope(envelope, key) {
-  return decryptOrThrow(envelope.sealed, key);
-}
-function encodeEncryptedEnvelope(envelope) {
-  const idBytes = new TextEncoder().encode(envelope.documentId);
-  const out = new Uint8Array(4 + idBytes.length + envelope.sealed.length);
-  const view = new DataView(out.buffer);
-  view.setUint32(0, idBytes.length, false);
-  out.set(idBytes, 4);
-  out.set(envelope.sealed, 4 + idBytes.length);
-  return out;
-}
-function decodeEncryptedEnvelope(bytes) {
-  if (bytes.length < 4) {
-    throw new EncryptionError(`Encrypted envelope too short: ${bytes.length} bytes.`, "envelope-malformed");
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const idLen = view.getUint32(0, false);
-  if (bytes.length < 4 + idLen) {
-    throw new EncryptionError(`Encrypted envelope truncated: declared id length ${idLen}, total ${bytes.length}.`, "envelope-malformed");
-  }
-  const documentId = new TextDecoder().decode(bytes.subarray(4, 4 + idLen));
-  const sealed = bytes.slice(4 + idLen);
-  return { documentId, sealed };
-}
-// src/shared/lib/mesh-network-adapter.ts
-import {
-  NetworkAdapter
-} from "@automerge/automerge-repo";
-
-// src/shared/lib/signing.ts
-import nacl2 from "tweetnacl";
-var PUBLIC_KEY_BYTES = 32;
-var SECRET_KEY_BYTES = 64;
-var SIGNATURE_BYTES = 64;
-
-class SigningError extends Error {
-  code;
-  constructor(message, code) {
-    super(message);
-    this.name = "SigningError";
-    this.code = code;
-  }
-}
-function generateSigningKeyPair() {
-  const pair = nacl2.sign.keyPair();
-  return {
-    publicKey: pair.publicKey,
-    secretKey: pair.secretKey
-  };
-}
-function signingKeyPairFromSecret(secretKey) {
-  if (secretKey.length !== SECRET_KEY_BYTES) {
-    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
-  }
-  const pair = nacl2.sign.keyPair.fromSecretKey(secretKey);
-  return {
-    publicKey: pair.publicKey,
-    secretKey: pair.secretKey
-  };
-}
-function sign(payload, secretKey) {
-  if (secretKey.length !== SECRET_KEY_BYTES) {
-    throw new SigningError(`Ed25519 secret key must be ${SECRET_KEY_BYTES} bytes, got ${secretKey.length}.`, "invalid-secret-key");
-  }
-  return nacl2.sign.detached(payload, secretKey);
-}
-function verify(payload, signature, publicKey) {
-  if (publicKey.length !== PUBLIC_KEY_BYTES) {
-    throw new SigningError(`Ed25519 public key must be ${PUBLIC_KEY_BYTES} bytes, got ${publicKey.length}.`, "invalid-public-key");
-  }
-  if (signature.length !== SIGNATURE_BYTES) {
-    throw new SigningError(`Ed25519 signature must be ${SIGNATURE_BYTES} bytes, got ${signature.length}.`, "invalid-signature-length");
-  }
-  return nacl2.sign.detached.verify(payload, signature, publicKey);
-}
-function signEnvelope(payload, senderId, secretKey) {
-  const signature = sign(payload, secretKey);
-  return { senderId, payload, signature };
-}
-function openEnvelope2(envelope, publicKey) {
-  const ok = verify(envelope.payload, envelope.signature, publicKey);
-  if (!ok) {
-    throw new SigningError(`Signature verification failed for envelope from ${envelope.senderId}.`, "envelope-malformed");
-  }
-  return envelope.payload;
-}
-function encodeSignedEnvelope(envelope) {
-  const senderBytes = new TextEncoder().encode(envelope.senderId);
-  const total = 4 + senderBytes.length + SIGNATURE_BYTES + envelope.payload.length;
-  const out = new Uint8Array(total);
-  const view = new DataView(out.buffer);
-  view.setUint32(0, senderBytes.length, false);
-  out.set(senderBytes, 4);
-  out.set(envelope.signature, 4 + senderBytes.length);
-  out.set(envelope.payload, 4 + senderBytes.length + SIGNATURE_BYTES);
-  return out;
-}
-function decodeSignedEnvelope(bytes) {
-  if (bytes.length < 4 + SIGNATURE_BYTES) {
-    throw new SigningError(`Envelope too short: ${bytes.length} bytes, need at least ${4 + SIGNATURE_BYTES}.`, "envelope-malformed");
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const senderLen = view.getUint32(0, false);
-  if (bytes.length < 4 + senderLen + SIGNATURE_BYTES) {
-    throw new SigningError(`Envelope truncated: declared sender length ${senderLen}, total ${bytes.length}.`, "envelope-malformed");
-  }
-  const senderId = new TextDecoder().decode(bytes.subarray(4, 4 + senderLen));
-  const signature = bytes.slice(4 + senderLen, 4 + senderLen + SIGNATURE_BYTES);
-  const payload = bytes.slice(4 + senderLen + SIGNATURE_BYTES);
-  return { senderId, payload, signature };
-}
-
-// src/shared/lib/mesh-network-adapter.ts
-var DEFAULT_MESH_KEY_ID = "polly-mesh-default";
-
-class MeshNetworkAdapter extends NetworkAdapter {
-  base;
-  keyring;
-  encryptionEnabled;
-  constructor(options) {
-    super();
-    this.base = options.base;
-    this.keyring = options.keyring;
-    this.encryptionEnabled = options.encryptionEnabled ?? true;
-    this.base.on("close", () => this.emit("close"));
-    this.base.on("peer-candidate", (payload) => this.emit("peer-candidate", payload));
-    this.base.on("peer-disconnected", (payload) => this.emit("peer-disconnected", payload));
-    this.base.on("message", (rawMessage) => {
-      const unwrapped = this.tryUnwrap(rawMessage);
-      if (unwrapped) {
-        this.emit("message", unwrapped);
-      }
-    });
-  }
-  isReady() {
-    return this.base.isReady();
-  }
-  whenReady() {
-    return this.base.whenReady();
-  }
-  connect(peerId, peerMetadata) {
-    this.peerId = peerId;
-    if (peerMetadata !== undefined) {
-      this.peerMetadata = peerMetadata;
-    }
-    this.base.connect(peerId, peerMetadata);
-  }
-  disconnect() {
-    this.base.disconnect();
-  }
-  send(message) {
-    const wrapped = this.wrap(message);
-    this.base.send(wrapped);
-  }
-  wrap(message) {
-    const serialised = serialiseMessage(message);
-    let payloadToSign;
-    if (this.encryptionEnabled) {
-      const docKey = this.keyring.documentKeys.get(DEFAULT_MESH_KEY_ID);
-      if (!docKey) {
-        throw new Error(`MeshNetworkAdapter: missing document encryption key under id "${DEFAULT_MESH_KEY_ID}". Provision the key in the keyring before sending.`);
-      }
-      const encrypted = sealEnvelope(serialised, DEFAULT_MESH_KEY_ID, docKey);
-      payloadToSign = encodeEncryptedEnvelope(encrypted);
-    } else {
-      payloadToSign = serialised;
-    }
-    const signed = signEnvelope(payloadToSign, message.senderId, this.keyring.identity.secretKey);
-    const signedBytes = encodeSignedEnvelope(signed);
-    return {
-      type: message.type,
-      senderId: message.senderId,
-      targetId: message.targetId,
-      data: signedBytes
-    };
-  }
-  tryUnwrap(message) {
-    if (!message.data)
-      return;
-    let signed;
-    try {
-      signed = decodeSignedEnvelope(message.data);
-    } catch {
-      return;
-    }
-    if (this.keyring.revokedPeers.has(signed.senderId)) {
-      return;
-    }
-    const senderKey = this.keyring.knownPeers.get(signed.senderId);
-    if (!senderKey) {
-      return;
-    }
-    let verifiedPayload;
-    try {
-      verifiedPayload = openEnvelope2(signed, senderKey);
-    } catch {
-      return;
-    }
-    if (!this.encryptionEnabled) {
-      return deserialiseMessage(verifiedPayload);
-    }
-    let encrypted;
-    try {
-      encrypted = decodeEncryptedEnvelope(verifiedPayload);
-    } catch {
-      return;
-    }
-    const docKey = this.keyring.documentKeys.get(encrypted.documentId);
-    if (!docKey) {
-      return;
-    }
-    let plaintext;
-    try {
-      plaintext = openEnvelope(encrypted, docKey);
-    } catch {
-      return;
-    }
-    return deserialiseMessage(plaintext);
-  }
-}
-function serialiseMessage(message) {
-  const headerObj = {
-    type: message.type,
-    senderId: message.senderId,
-    targetId: message.targetId
-  };
-  if ("documentId" in message && message.documentId !== undefined) {
-    headerObj["documentId"] = message.documentId;
-  }
-  if ("count" in message && message.count !== undefined) {
-    headerObj["count"] = message.count;
-  }
-  if ("sessionId" in message && message.sessionId !== undefined) {
-    headerObj["sessionId"] = message.sessionId;
-  }
-  const headerBytes = new TextEncoder().encode(JSON.stringify(headerObj));
-  const dataBytes = "data" in message && message.data instanceof Uint8Array ? message.data : new Uint8Array(0);
-  const out = new Uint8Array(4 + headerBytes.length + dataBytes.length);
-  const view = new DataView(out.buffer);
-  view.setUint32(0, headerBytes.length, false);
-  out.set(headerBytes, 4);
-  out.set(dataBytes, 4 + headerBytes.length);
-  return out;
-}
-function deserialiseMessage(bytes) {
-  if (bytes.length < 4) {
-    throw new Error("MeshNetworkAdapter: message too short to deserialise.");
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const headerLen = view.getUint32(0, false);
-  if (bytes.length < 4 + headerLen) {
-    throw new Error("MeshNetworkAdapter: message header truncated.");
-  }
-  const header = JSON.parse(new TextDecoder().decode(bytes.subarray(4, 4 + headerLen)));
-  const data = bytes.slice(4 + headerLen);
-  return { ...header, data };
-}
-// src/shared/lib/mesh-signaling-client.ts
-class MeshSignalingClient {
-  url;
-  peerId;
-  onSignal;
-  onError;
-  onOpen;
-  onClose;
-  socket;
-  joined = false;
-  constructor(options) {
-    this.url = options.url;
-    this.peerId = options.peerId;
-    this.onSignal = options.onSignal;
-    if (options.onError !== undefined)
-      this.onError = options.onError;
-    if (options.onOpen !== undefined)
-      this.onOpen = options.onOpen;
-    if (options.onClose !== undefined)
-      this.onClose = options.onClose;
-  }
-  async connect() {
-    return new Promise((resolve, reject) => {
-      const ws = new WebSocket(this.url);
-      this.socket = ws;
-      ws.addEventListener("open", () => {
-        ws.send(JSON.stringify({ type: "join", peerId: this.peerId }));
-        this.joined = true;
-        this.onOpen?.();
-        resolve();
-      });
-      ws.addEventListener("message", (event) => {
-        let msg;
-        try {
-          msg = typeof event.data === "string" ? JSON.parse(event.data) : event.data;
-        } catch {
-          return;
-        }
-        if (msg.type === "signal" && typeof msg.peerId === "string") {
-          this.onSignal(msg.peerId, msg.payload);
-          return;
-        }
-        if (msg.type === "error" && msg.reason) {
-          this.onError?.(msg.reason, msg.targetPeerId);
-        }
-      });
-      ws.addEventListener("error", (err) => {
-        reject(err);
-      });
-      ws.addEventListener("close", () => {
-        this.joined = false;
-        this.onClose?.();
-      });
-    });
-  }
-  sendSignal(targetPeerId, payload) {
-    if (!this.socket || this.socket.readyState !== WebSocket.OPEN || !this.joined) {
-      return false;
-    }
-    const msg = {
-      type: "signal",
-      peerId: this.peerId,
-      targetPeerId,
-      payload
-    };
-    this.socket.send(JSON.stringify(msg));
-    return true;
-  }
-  close() {
-    this.socket?.close();
-    this.socket = undefined;
-    this.joined = false;
-  }
-  get isConnected() {
-    return this.joined && this.socket?.readyState === WebSocket.OPEN;
-  }
-}
-// src/shared/lib/mesh-state.ts
-var keyMapsByRepo = new WeakMap;
-var defaultRepo;
-function configureMeshState(repo) {
-  defaultRepo = repo;
-  keyMapsByRepo.set(repo, new Map);
-}
-function resetMeshState() {
-  defaultRepo = undefined;
-}
-function resolveRepo(option) {
-  const repo = option ?? defaultRepo;
-  if (!repo) {
-    throw new Error("Polly $meshState: no Repo configured. Call configureMeshState(repo) at startup or pass { repo } in the primitive options.");
-  }
-  return repo;
-}
-function getKeyMap(repo) {
-  let map = keyMapsByRepo.get(repo);
-  if (!map) {
-    map = new Map;
-    keyMapsByRepo.set(repo, map);
-  }
-  return map;
-}
-function buildHandleFactory(repo, key, initialDoc) {
-  return async () => {
-    const map = getKeyMap(repo);
-    const existingId = map.get(key);
-    if (existingId !== undefined) {
-      return repo.find(existingId);
-    }
-    const handle = repo.create(initialDoc);
-    map.set(key, handle.documentId);
-    return handle;
-  };
-}
-function $meshState(key, initialValue, options = {}) {
-  const repo = resolveRepo(options.repo);
-  return $crdtState({
-    key,
-    primitive: "meshState",
-    initialValue,
-    getHandle: buildHandleFactory(repo, key, initialValue),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $meshText(key, initialValue, options = {}) {
-  const repo = resolveRepo(options.repo);
-  return $crdtText(key, initialValue, {
-    primitive: "meshState",
-    getHandle: buildHandleFactory(repo, key, { text: initialValue }),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $meshCounter(key, initialValue, options = {}) {
-  const repo = resolveRepo(options.repo);
-  return $crdtCounter(key, initialValue, {
-    primitive: "meshState",
-    getHandle: buildHandleFactory(repo, key, {}),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $meshList(key, initialValue, options = {}) {
-  const repo = resolveRepo(options.repo);
-  return $crdtList(key, initialValue, {
-    primitive: "meshState",
-    getHandle: buildHandleFactory(repo, key, { items: initialValue }),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-// src/shared/lib/mesh-webrtc-adapter.ts
-import {
-  NetworkAdapter as NetworkAdapter2
-} from "@automerge/automerge-repo";
-var DEFAULT_ICE_SERVERS = [
-  { urls: "stun:stun.l.google.com:19302" },
-  { urls: "stun:stun1.l.google.com:19302" }
-];
-
-class MeshWebRTCAdapter extends NetworkAdapter2 {
-  signaling;
-  iceServers;
-  dataChannelLabel;
-  knownPeerIds;
-  slots = new Map;
-  ready = false;
-  readyResolver;
-  constructor(options) {
-    super();
-    this.signaling = options.signaling;
-    this.iceServers = options.iceServers ?? DEFAULT_ICE_SERVERS;
-    this.dataChannelLabel = options.dataChannelLabel ?? "polly-mesh";
-    this.knownPeerIds = options.knownPeerIds ?? [];
-  }
-  isReady() {
-    return this.ready;
-  }
-  whenReady() {
-    if (this.ready)
-      return Promise.resolve();
-    return new Promise((resolve) => {
-      this.readyResolver = resolve;
-    });
-  }
-  connect(peerId, peerMetadata) {
-    this.peerId = peerId;
-    if (peerMetadata !== undefined) {
-      this.peerMetadata = peerMetadata;
-    }
-    this.ready = true;
-    this.readyResolver?.();
-    for (const remotePeerId of this.knownPeerIds) {
-      if (remotePeerId !== peerId && !this.slots.has(remotePeerId)) {
-        this.createInitiatingSlot(remotePeerId);
-      }
-    }
-  }
-  disconnect() {
-    for (const slot of this.slots.values()) {
-      slot.channel?.close();
-      slot.connection.close();
-    }
-    this.slots.clear();
-    this.signaling.close();
-    this.ready = false;
-    this.emit("close");
-  }
-  send(message) {
-    const targetId = message.targetId;
-    const bytes = this.serialiseMessage(message);
-    let slot = this.slots.get(targetId);
-    if (!slot) {
-      slot = this.createInitiatingSlot(targetId);
-    }
-    if (slot.channel && slot.channel.readyState === "open") {
-      slot.channel.send(bytes);
-    } else {
-      slot.pendingSends.push(bytes);
-    }
-  }
-  handleSignal(fromPeerId, rawPayload) {
-    const payload = rawPayload;
-    if (!payload || typeof payload !== "object" || !("kind" in payload)) {
-      return;
-    }
-    switch (payload.kind) {
-      case "offer":
-        this.handleOffer(fromPeerId, payload.sdp);
-        return;
-      case "answer":
-        this.handleAnswer(fromPeerId, payload.sdp);
-        return;
-      case "ice":
-        this.handleIceCandidate(fromPeerId, payload.candidate);
-        return;
-    }
-  }
-  createInitiatingSlot(targetId) {
-    const connection = new RTCPeerConnection({ iceServers: this.iceServers });
-    const channel = connection.createDataChannel(this.dataChannelLabel, { ordered: true });
-    const slot = { connection, channel, pendingSends: [] };
-    this.slots.set(targetId, slot);
-    this.wireConnection(targetId, connection);
-    this.wireDataChannel(targetId, channel);
-    this.initiateOffer(targetId, connection);
-    return slot;
-  }
-  async initiateOffer(targetId, connection) {
-    const offer = await connection.createOffer();
-    await connection.setLocalDescription(offer);
-    this.signaling.sendSignal(targetId, { kind: "offer", sdp: offer });
-  }
-  async handleOffer(fromPeerId, sdp) {
-    const existing = this.slots.get(fromPeerId);
-    if (existing) {
-      const localId = this.peerId;
-      if (localId > fromPeerId) {
-        return;
-      }
-      existing.channel?.close();
-      existing.connection.close();
-      this.slots.delete(fromPeerId);
-    }
-    const connection = new RTCPeerConnection({ iceServers: this.iceServers });
-    const slot = { connection, channel: undefined, pendingSends: [] };
-    this.slots.set(fromPeerId, slot);
-    this.wireConnection(fromPeerId, connection);
-    connection.ondatachannel = (event) => {
-      slot.channel = event.channel;
-      this.wireDataChannel(fromPeerId, event.channel);
-    };
-    await connection.setRemoteDescription(sdp);
-    const answer = await connection.createAnswer();
-    await connection.setLocalDescription(answer);
-    this.signaling.sendSignal(fromPeerId, {
-      kind: "answer",
-      sdp: answer
-    });
-  }
-  async handleAnswer(fromPeerId, sdp) {
-    const slot = this.slots.get(fromPeerId);
-    if (!slot)
-      return;
-    await slot.connection.setRemoteDescription(sdp);
-  }
-  async handleIceCandidate(fromPeerId, candidate) {
-    const slot = this.slots.get(fromPeerId);
-    if (!slot)
-      return;
-    try {
-      await slot.connection.addIceCandidate(candidate);
-    } catch {}
-  }
-  wireConnection(peerId, connection) {
-    connection.onicecandidate = (event) => {
-      if (event.candidate) {
-        this.signaling.sendSignal(peerId, {
-          kind: "ice",
-          candidate: event.candidate.toJSON()
-        });
-      }
-    };
-    connection.onconnectionstatechange = () => {
-      const state = connection.connectionState;
-      if (state === "connected") {
-        this.emit("peer-candidate", {
-          peerId,
-          peerMetadata: {}
-        });
-      } else if (state === "disconnected" || state === "failed" || state === "closed") {
-        this.slots.delete(peerId);
-        this.emit("peer-disconnected", { peerId });
-      }
-    };
-  }
-  wireDataChannel(peerId, channel) {
-    channel.onopen = () => {
-      const slot = this.slots.get(peerId);
-      if (!slot)
-        return;
-      for (const bytes of slot.pendingSends) {
-        channel.send(bytes);
-      }
-      slot.pendingSends = [];
-    };
-    channel.onmessage = (event) => {
-      const data = event.data;
-      if (data instanceof ArrayBuffer) {
-        this.dispatchMessage(new Uint8Array(data));
-      } else if (data instanceof Uint8Array) {
-        this.dispatchMessage(data);
-      }
-    };
-    channel.onclose = () => {
-      const slot = this.slots.get(peerId);
-      if (slot?.channel === channel) {
-        slot.channel = undefined;
-      }
-    };
-  }
-  dispatchMessage(bytes) {
-    try {
-      const message = this.deserialiseMessage(bytes);
-      this.emit("message", message);
-    } catch {}
-  }
-  serialiseMessage(message) {
-    const headerObj = {
-      type: message.type,
-      senderId: message.senderId,
-      targetId: message.targetId
-    };
-    if ("documentId" in message && message.documentId !== undefined) {
-      headerObj["documentId"] = message.documentId;
-    }
-    const headerBytes = new TextEncoder().encode(JSON.stringify(headerObj));
-    const dataBytes = "data" in message && message.data instanceof Uint8Array ? message.data : new Uint8Array(0);
-    const size = 4 + headerBytes.length + dataBytes.length;
-    const buffer = new ArrayBuffer(size);
-    const out = new Uint8Array(buffer);
-    const view = new DataView(buffer);
-    view.setUint32(0, headerBytes.length, false);
-    out.set(headerBytes, 4);
-    out.set(dataBytes, 4 + headerBytes.length);
-    return out;
-  }
-  deserialiseMessage(bytes) {
-    if (bytes.length < 4) {
-      throw new Error("MeshWebRTCAdapter: message too short to deserialise.");
-    }
-    const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-    const headerLen = view.getUint32(0, false);
-    if (bytes.length < 4 + headerLen) {
-      throw new Error("MeshWebRTCAdapter: message header truncated.");
-    }
-    const header = JSON.parse(new TextDecoder().decode(bytes.subarray(4, 4 + headerLen)));
-    const data = bytes.slice(4 + headerLen);
-    return { ...header, data };
-  }
-}
-// src/shared/lib/pairing.ts
-var PAIRING_TOKEN_VERSION = 1;
-var PAIRING_TOKEN_MAGIC = new Uint8Array([80, 80, 84, 49]);
-var PAIRING_NONCE_BYTES = 16;
-var DEFAULT_PAIRING_TTL_MS = 10 * 60 * 1000;
-
-class PairingError extends Error {
-  code;
-  constructor(message, code) {
-    super(message);
-    this.name = "PairingError";
-    this.code = code;
-  }
-}
-function createPairingToken(options) {
-  const now = options.now ? options.now() : Date.now();
-  const ttlMs = options.ttlMs ?? DEFAULT_PAIRING_TTL_MS;
-  const documentKey = options.documentKey ?? generateDocumentKey();
-  const nonce = randomBytes(PAIRING_NONCE_BYTES);
-  return {
-    version: PAIRING_TOKEN_VERSION,
-    issuerPeerId: options.issuerPeerId,
-    issuerPublicKey: options.identity.publicKey,
-    documentKey,
-    documentKeyId: options.documentKeyId,
-    expiresAt: now + ttlMs,
-    nonce
-  };
-}
-function createPairingTokenWithFreshIdentity(args) {
-  const identity = generateSigningKeyPair();
-  const token = createPairingToken({
-    identity,
-    issuerPeerId: args.issuerPeerId,
-    documentKeyId: args.documentKeyId,
-    ttlMs: args.ttlMs,
-    now: args.now
-  });
-  return { identity, token };
-}
-function isPairingTokenExpired(token, now) {
-  const t = now ? now() : Date.now();
-  return t >= token.expiresAt;
-}
-function applyPairingToken(token, keyring, options = {}) {
-  if (isPairingTokenExpired(token, options.now)) {
-    throw new PairingError(`Pairing token from ${token.issuerPeerId} expired at ${new Date(token.expiresAt).toISOString()}.`, "expired");
-  }
-  keyring.knownPeers.set(token.issuerPeerId, token.issuerPublicKey);
-  keyring.documentKeys.set(token.documentKeyId, token.documentKey);
-}
-function serialisePairingToken(token) {
-  validateForSerialisation(token);
-  const issuerBytes = new TextEncoder().encode(token.issuerPeerId);
-  const keyIdBytes = new TextEncoder().encode(token.documentKeyId);
-  const total = PAIRING_TOKEN_MAGIC.length + 1 + 4 + issuerBytes.length + PUBLIC_KEY_BYTES + KEY_BYTES + 4 + keyIdBytes.length + 8 + PAIRING_NONCE_BYTES;
-  const out = new Uint8Array(total);
-  let offset = 0;
-  out.set(PAIRING_TOKEN_MAGIC, offset);
-  offset += PAIRING_TOKEN_MAGIC.length;
-  out[offset] = token.version;
-  offset += 1;
-  const view = new DataView(out.buffer);
-  view.setUint32(offset, issuerBytes.length, false);
-  offset += 4;
-  out.set(issuerBytes, offset);
-  offset += issuerBytes.length;
-  out.set(token.issuerPublicKey, offset);
-  offset += PUBLIC_KEY_BYTES;
-  out.set(token.documentKey, offset);
-  offset += KEY_BYTES;
-  view.setUint32(offset, keyIdBytes.length, false);
-  offset += 4;
-  out.set(keyIdBytes, offset);
-  offset += keyIdBytes.length;
-  view.setBigUint64(offset, BigInt(token.expiresAt), false);
-  offset += 8;
-  out.set(token.nonce, offset);
-  offset += PAIRING_NONCE_BYTES;
-  return out;
-}
-function parsePairingToken(bytes) {
-  let offset = 0;
-  if (bytes.length < PAIRING_TOKEN_MAGIC.length) {
-    throw new PairingError(`Pairing token too short: ${bytes.length} bytes.`, "truncated");
-  }
-  for (let i = 0;i < PAIRING_TOKEN_MAGIC.length; i++) {
-    if (bytes[offset + i] !== PAIRING_TOKEN_MAGIC[i]) {
-      throw new PairingError(`Pairing token magic mismatch: not a Polly pairing token.`, "wrong-magic");
-    }
-  }
-  offset += PAIRING_TOKEN_MAGIC.length;
-  if (bytes.length < offset + 1) {
-    throw new PairingError("Pairing token truncated at version.", "truncated");
-  }
-  const version = bytes[offset];
-  offset += 1;
-  if (version !== PAIRING_TOKEN_VERSION) {
-    throw new PairingError(`Unknown pairing token version: ${version}. This Polly build supports version ${PAIRING_TOKEN_VERSION}.`, "unknown-version");
-  }
-  if (bytes.length < offset + 4) {
-    throw new PairingError("Pairing token truncated at issuer id length.", "truncated");
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const issuerLen = view.getUint32(offset, false);
-  offset += 4;
-  if (bytes.length < offset + issuerLen) {
-    throw new PairingError("Pairing token truncated at issuer id.", "truncated");
-  }
-  const issuerPeerId = new TextDecoder().decode(bytes.subarray(offset, offset + issuerLen));
-  offset += issuerLen;
-  if (bytes.length < offset + PUBLIC_KEY_BYTES) {
-    throw new PairingError("Pairing token truncated at public key.", "truncated");
-  }
-  const issuerPublicKey = bytes.slice(offset, offset + PUBLIC_KEY_BYTES);
-  offset += PUBLIC_KEY_BYTES;
-  if (bytes.length < offset + KEY_BYTES) {
-    throw new PairingError("Pairing token truncated at document key.", "truncated");
-  }
-  const documentKey = bytes.slice(offset, offset + KEY_BYTES);
-  offset += KEY_BYTES;
-  if (bytes.length < offset + 4) {
-    throw new PairingError("Pairing token truncated at document key id length.", "truncated");
-  }
-  const keyIdLen = view.getUint32(offset, false);
-  offset += 4;
-  if (bytes.length < offset + keyIdLen) {
-    throw new PairingError("Pairing token truncated at document key id.", "truncated");
-  }
-  const documentKeyId = new TextDecoder().decode(bytes.subarray(offset, offset + keyIdLen));
-  offset += keyIdLen;
-  if (bytes.length < offset + 8) {
-    throw new PairingError("Pairing token truncated at expiry.", "truncated");
-  }
-  const expiresAtBig = view.getBigUint64(offset, false);
-  offset += 8;
-  const expiresAt = Number(expiresAtBig);
-  if (bytes.length < offset + PAIRING_NONCE_BYTES) {
-    throw new PairingError("Pairing token truncated at nonce.", "truncated");
-  }
-  const nonce = bytes.slice(offset, offset + PAIRING_NONCE_BYTES);
-  offset += PAIRING_NONCE_BYTES;
-  return {
-    version,
-    issuerPeerId,
-    issuerPublicKey,
-    documentKey,
-    documentKeyId,
-    expiresAt,
-    nonce
-  };
-}
-function encodePairingToken(token) {
-  const bytes = serialisePairingToken(token);
-  let binary = "";
-  for (const byte of bytes) {
-    binary += String.fromCharCode(byte);
-  }
-  return btoa(binary);
-}
-function decodePairingToken(encoded) {
-  let binary;
-  try {
-    binary = atob(encoded);
-  } catch {
-    throw new PairingError("Pairing token is not valid base64.", "wrong-magic");
-  }
-  const bytes = new Uint8Array(binary.length);
-  for (let i = 0;i < binary.length; i++) {
-    bytes[i] = binary.charCodeAt(i);
-  }
-  return parsePairingToken(bytes);
-}
-function validateForSerialisation(token) {
-  if (token.issuerPublicKey.length !== PUBLIC_KEY_BYTES) {
-    throw new PairingError(`Issuer public key must be ${PUBLIC_KEY_BYTES} bytes, got ${token.issuerPublicKey.length}.`, "invalid-public-key");
-  }
-  if (token.documentKey.length !== KEY_BYTES) {
-    throw new PairingError(`Document key must be ${KEY_BYTES} bytes, got ${token.documentKey.length}.`, "invalid-document-key");
-  }
-  if (token.nonce.length !== PAIRING_NONCE_BYTES) {
-    throw new PairingError(`Nonce must be ${PAIRING_NONCE_BYTES} bytes, got ${token.nonce.length}.`, "invalid-nonce");
-  }
-}
-function randomBytes(n) {
-  const out = new Uint8Array(n);
-  crypto.getRandomValues(out);
-  return out;
-}
-// src/shared/lib/peer-relay-adapter.ts
-import { Repo } from "@automerge/automerge-repo";
-import { WebSocketClientAdapter } from "@automerge/automerge-repo-network-websocket";
-import { signal as signal6 } from "@preact/signals";
-function createPeerStateClient(options) {
-  if (options.sign && !options.keyring) {
-    throw new Error("Polly createPeerStateClient: { sign: true } requires a keyring. Pass { keyring: { identity, knownPeers, documentKeys: new Map(), revokedPeers: new Set() } } to enable signing.");
-  }
-  const adapter = new WebSocketClientAdapter(options.url, options.retryInterval);
-  const connectionState = signal6("connecting");
-  adapter.on("peer-candidate", () => {
-    connectionState.value = "connected";
-  });
-  adapter.on("peer-disconnected", () => {
-    connectionState.value = "disconnected";
-  });
-  adapter.on("close", () => {
-    connectionState.value = "disconnected";
-  });
-  const networkAdapter = options.sign && options.keyring ? new MeshNetworkAdapter({
-    base: adapter,
-    keyring: options.keyring,
-    encryptionEnabled: false
-  }) : adapter;
-  const repo = new Repo({
-    network: [networkAdapter],
-    ...options.storage !== undefined && { storage: options.storage }
-  });
-  return {
-    repo,
-    connectionState,
-    adapter,
-    signEnabled: options.sign === true,
-    close: async () => {
-      await repo.shutdown();
-    }
-  };
-}
-// src/shared/lib/peer-repo-server.ts
-import { Repo as Repo2 } from "@automerge/automerge-repo";
-import { WebSocketServerAdapter } from "@automerge/automerge-repo-network-websocket";
-import { NodeFSStorageAdapter } from "@automerge/automerge-repo-storage-nodefs";
-import * as ws from "ws";
-async function createPeerRepoServer(options) {
-  const wss = await (options.webSocketServer ? Promise.resolve(options.webSocketServer) : new Promise((resolve, reject) => {
-    const created = new ws.WebSocketServer({
-      port: options.port,
-      ...options.host !== undefined && { host: options.host }
-    }, () => resolve(created));
-    created.once("error", reject);
-  }));
-  const adapter = new WebSocketServerAdapter(wss);
-  const storage2 = new NodeFSStorageAdapter(options.storagePath);
-  const repo = new Repo2({
-    network: [adapter],
-    storage: storage2
-  });
-  await repo.storageId();
-  return {
-    repo,
-    webSocketServer: wss,
-    adapter,
-    storage: storage2,
-    close: async () => {
-      for (const client of wss.clients) {
-        try {
-          client.terminate();
-        } catch {}
-      }
-      repo.shutdown();
-      try {
-        wss.close();
-      } catch {}
-    }
-  };
-}
-// src/shared/lib/peer-state.ts
-var keyMapsByRepo2 = new WeakMap;
-var signingEnabledRepos = new WeakSet;
-var defaultRepo2;
-function configurePeerState(repo, options) {
-  defaultRepo2 = repo;
-  keyMapsByRepo2.set(repo, new Map);
-  if (options?.signEnabled) {
-    signingEnabledRepos.add(repo);
-  }
-}
-function resetPeerState() {
-  defaultRepo2 = undefined;
-}
-function resolveRepo2(option) {
-  const repo = option ?? defaultRepo2;
-  if (!repo) {
-    throw new Error("Polly $peerState: no Repo configured. Call configurePeerState(repo) at startup or pass { repo } in the primitive options.");
-  }
-  return repo;
-}
-function getKeyMap2(repo) {
-  let map = keyMapsByRepo2.get(repo);
-  if (!map) {
-    map = new Map;
-    keyMapsByRepo2.set(repo, map);
-  }
-  return map;
-}
-function validateSignOption(options, repo) {
-  if (!options.sign)
-    return;
-  if (!signingEnabledRepos.has(repo)) {
-    throw new Error("Polly $peerState: { sign: true } was passed to the primitive but the configured Repo does not have signing enabled. " + "Pass { sign: true, keyring: ... } to createPeerStateClient to enable signing at the transport level, " + "then call configurePeerState(client.repo, { signEnabled: true }).");
-  }
-}
-function buildHandleFactory2(repo, key, initialDoc) {
-  return async () => {
-    const map = getKeyMap2(repo);
-    const existingId = map.get(key);
-    if (existingId !== undefined) {
-      return repo.find(existingId);
-    }
-    const handle = repo.create(initialDoc);
-    map.set(key, handle.documentId);
-    return handle;
-  };
-}
-function $peerState(key, initialValue, options = {}) {
-  const repo = resolveRepo2(options.repo);
-  validateSignOption(options, repo);
-  return $crdtState({
-    key,
-    primitive: "peerState",
-    initialValue,
-    getHandle: buildHandleFactory2(repo, key, initialValue),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $peerText(key, initialValue, options = {}) {
-  const repo = resolveRepo2(options.repo);
-  validateSignOption(options, repo);
-  return $crdtText(key, initialValue, {
-    primitive: "peerState",
-    getHandle: buildHandleFactory2(repo, key, { text: initialValue }),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $peerCounter(key, initialValue, options = {}) {
-  const repo = resolveRepo2(options.repo);
-  validateSignOption(options, repo);
-  return $crdtCounter(key, initialValue, {
-    primitive: "peerState",
-    getHandle: buildHandleFactory2(repo, key, {}),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-function $peerList(key, initialValue, options = {}) {
-  const repo = resolveRepo2(options.repo);
-  validateSignOption(options, repo);
-  return $crdtList(key, initialValue, {
-    primitive: "peerState",
-    getHandle: buildHandleFactory2(repo, key, { items: initialValue }),
-    schemaVersion: options.schemaVersion,
-    migrations: options.migrations,
-    access: options.access
-  });
-}
-// src/shared/lib/revocation.ts
-var REVOCATION_RECORD_VERSION = 1;
-var REVOCATION_MAGIC = new Uint8Array([80, 82, 86, 49]);
-
-class RevocationError extends Error {
-  code;
-  constructor(message, code) {
-    super(message);
-    this.name = "RevocationError";
-    this.code = code;
-  }
-}
-function createRevocation(options) {
-  const now = options.now ? options.now() : Date.now();
-  return {
-    version: REVOCATION_RECORD_VERSION,
-    issuerPeerId: options.issuerPeerId,
-    revokedPeerId: options.revokedPeerId,
-    issuedAt: now,
-    ...options.reason === undefined ? {} : { reason: options.reason }
-  };
-}
-function applyRevocation(record, keyring) {
-  keyring.revokedPeers.add(record.revokedPeerId);
-}
-function revokePeerLocally(peerId, keyring) {
-  keyring.revokedPeers.add(peerId);
-}
-function serialiseRevocationPayload(record) {
-  const issuerBytes = new TextEncoder().encode(record.issuerPeerId);
-  const revokedBytes = new TextEncoder().encode(record.revokedPeerId);
-  const reasonBytes = new TextEncoder().encode(record.reason ?? "");
-  const total = REVOCATION_MAGIC.length + 1 + 4 + issuerBytes.length + 4 + revokedBytes.length + 8 + 4 + reasonBytes.length;
-  const out = new Uint8Array(total);
-  let offset = 0;
-  out.set(REVOCATION_MAGIC, offset);
-  offset += REVOCATION_MAGIC.length;
-  out[offset] = record.version;
-  offset += 1;
-  const view = new DataView(out.buffer);
-  view.setUint32(offset, issuerBytes.length, false);
-  offset += 4;
-  out.set(issuerBytes, offset);
-  offset += issuerBytes.length;
-  view.setUint32(offset, revokedBytes.length, false);
-  offset += 4;
-  out.set(revokedBytes, offset);
-  offset += revokedBytes.length;
-  view.setBigUint64(offset, BigInt(record.issuedAt), false);
-  offset += 8;
-  view.setUint32(offset, reasonBytes.length, false);
-  offset += 4;
-  out.set(reasonBytes, offset);
-  return out;
-}
-function parseRevocationPayload(bytes) {
-  let offset = 0;
-  if (bytes.length < REVOCATION_MAGIC.length) {
-    throw new RevocationError("Revocation record too short for magic.", "truncated");
-  }
-  for (let i = 0;i < REVOCATION_MAGIC.length; i++) {
-    if (bytes[offset + i] !== REVOCATION_MAGIC[i]) {
-      throw new RevocationError("Revocation record magic mismatch.", "wrong-magic");
-    }
-  }
-  offset += REVOCATION_MAGIC.length;
-  if (bytes.length < offset + 1) {
-    throw new RevocationError("Revocation record truncated at version.", "truncated");
-  }
-  const version = bytes[offset];
-  offset += 1;
-  if (version !== REVOCATION_RECORD_VERSION) {
-    throw new RevocationError(`Unknown revocation record version: ${version}.`, "unknown-version");
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  if (bytes.length < offset + 4) {
-    throw new RevocationError("Revocation record truncated at issuer length.", "truncated");
-  }
-  const issuerLen = view.getUint32(offset, false);
-  offset += 4;
-  if (bytes.length < offset + issuerLen) {
-    throw new RevocationError("Revocation record truncated at issuer id.", "truncated");
-  }
-  const issuerPeerId = new TextDecoder().decode(bytes.subarray(offset, offset + issuerLen));
-  offset += issuerLen;
-  if (bytes.length < offset + 4) {
-    throw new RevocationError("Revocation record truncated at revoked id length.", "truncated");
-  }
-  const revokedLen = view.getUint32(offset, false);
-  offset += 4;
-  if (bytes.length < offset + revokedLen) {
-    throw new RevocationError("Revocation record truncated at revoked id.", "truncated");
-  }
-  const revokedPeerId = new TextDecoder().decode(bytes.subarray(offset, offset + revokedLen));
-  offset += revokedLen;
-  if (bytes.length < offset + 8) {
-    throw new RevocationError("Revocation record truncated at issuedAt.", "truncated");
-  }
-  const issuedAt = Number(view.getBigUint64(offset, false));
-  offset += 8;
-  if (bytes.length < offset + 4) {
-    throw new RevocationError("Revocation record truncated at reason length.", "truncated");
-  }
-  const reasonLen = view.getUint32(offset, false);
-  offset += 4;
-  if (bytes.length < offset + reasonLen) {
-    throw new RevocationError("Revocation record truncated at reason.", "truncated");
-  }
-  const reason = new TextDecoder().decode(bytes.subarray(offset, offset + reasonLen));
-  offset += reasonLen;
-  return {
-    version,
-    issuerPeerId,
-    revokedPeerId,
-    issuedAt,
-    ...reason ? { reason } : {}
-  };
-}
-function encodeRevocation(record, issuer) {
-  const payload = serialiseRevocationPayload(record);
-  const envelope = signEnvelope(payload, record.issuerPeerId, issuer.secretKey);
-  return encodeSignedEnvelope(envelope);
-}
-function decodeRevocation(bytes, keyring) {
-  const envelope = decodeSignedEnvelope(bytes);
-  const issuerKey = keyring.knownPeers.get(envelope.senderId);
-  if (!issuerKey) {
-    throw new RevocationError(`Revocation issuer ${envelope.senderId} is not in the local keyring.`, "unknown-issuer");
-  }
-  if (keyring.revocationAuthority !== undefined && keyring.revocationAuthority.size > 0 && !keyring.revocationAuthority.has(envelope.senderId)) {
-    throw new RevocationError(`Revocation issuer ${envelope.senderId} is not in the keyring's revocation authority set.`, "unauthorised-issuer");
-  }
-  let payloadBytes;
-  try {
-    payloadBytes = openEnvelope2(envelope, issuerKey);
-  } catch {
-    throw new RevocationError(`Revocation signature failed verification for issuer ${envelope.senderId}.`, "signature-invalid");
-  }
-  const record = parseRevocationPayload(payloadBytes);
-  if (record.issuerPeerId !== envelope.senderId) {
-    throw new RevocationError(`Revocation payload claims issuer ${record.issuerPeerId} but the envelope was signed by ${envelope.senderId}.`, "not-signed-by-issuer");
-  }
-  return record;
-}
 // src/shared/lib/validation.ts
 function checkPrimitiveType(val, type) {
   if (type === "array")
@@ -3685,116 +2112,49 @@ function validatePartial(_validator) {
   };
 }
 export {
-  verify,
   validateShape,
   validatePartial,
   validateEnum,
   validateArray,
-  signingKeyPairFromSecret,
-  sign,
   settings,
-  serialisePairingToken,
   runInContext,
-  revokePeerLocally,
-  resetPeerState,
-  resetMeshState,
   registerConstraints,
   registerConstraint,
   readOnlyExcept,
   quickTest,
   publicAccess,
-  parsePairingToken,
   ownerAccess,
   or,
   onlyPeer,
   not,
   nobody,
-  migratePrimitive,
   isRuntimeConstraintsEnabled,
-  isPairingTokenExpired,
   isBlobRef,
   groupAccess,
   getMessageBus,
-  getDocVersion,
-  generateSigningKeyPair,
-  generateDocumentKey,
-  encrypt,
-  encodeRevocation,
-  encodePairingToken,
-  decryptOrThrow,
-  decrypt,
-  decodeRevocation,
-  decodePairingToken,
   createTestSuite,
-  createRevocation,
-  createPeerStateClient,
-  createPeerRepoServer,
-  createPairingTokenWithFreshIdentity,
-  createPairingToken,
   createContext,
   createChromeAdapters2 as createChromeAdapters,
   createBlobRef,
-  configurePeerState,
-  configureMeshState,
   computeBlobHash,
   clearConstraints,
   checkPreconditions,
   checkPostconditions,
-  checkOpVersion,
-  assertOpVersion,
-  applyRevocation,
-  applyPairingToken,
   anyone,
   anyOfPeers,
   and,
   TimeoutError,
   TestRunner,
-  SigningError,
-  SchemaVersionError,
-  SIGNATURE_BYTES as SIGNING_SIGNATURE_BYTES,
-  SECRET_KEY_BYTES as SIGNING_SECRET_KEY_BYTES,
-  PUBLIC_KEY_BYTES as SIGNING_PUBLIC_KEY_BYTES,
-  SCHEMA_VERSION_FIELD,
-  RevocationError,
-  REVOCATION_RECORD_VERSION,
-  REVOCATION_MAGIC,
-  PrimitiveCollisionError,
-  PairingError,
-  PAIRING_TOKEN_VERSION,
-  PAIRING_NONCE_BYTES,
-  MigrationError,
   MessageBus,
-  MeshWebRTCAdapter,
-  MeshSignalingClient,
-  MeshNetworkAdapter,
   HandlerError,
   ExtensionError,
   ErrorHandler,
-  EncryptionError,
-  TAG_BYTES as ENCRYPTION_TAG_BYTES,
-  NONCE_BYTES as ENCRYPTION_NONCE_BYTES,
-  KEY_BYTES as ENCRYPTION_KEY_BYTES,
-  DEFAULT_PAIRING_TTL_MS,
-  DEFAULT_MESH_KEY_ID,
-  DEFAULT_ICE_SERVERS,
   ConnectionError,
   $syncedState,
   $state,
   $sharedState,
   $resource,
-  $persistedState,
-  $peerText,
-  $peerState,
-  $peerList,
-  $peerCounter,
-  $meshText,
-  $meshState,
-  $meshList,
-  $meshCounter,
-  $crdtText,
-  $crdtState,
-  $crdtList,
-  $crdtCounter
+  $persistedState
 };
 
-//# debugId=DC7C621AC65ABFA764756E2164756E21
+//# debugId=0888B09580CA471964756E2164756E21