@fileverse/api 0.0.20 → 0.0.22

package/dist/worker.js

@@ -111,12 +111,7 @@ var init_config = __esm({
     init_constants();
     projectEnvPath = path2.join(process.cwd(), "config", ".env");
     userEnvPath = path2.join(os.homedir(), ".fileverse", ".env");
-    if (typeof globalThis.process !== "undefined" && typeof globalThis.process.cwd === "function") {
-      try {
-        loadConfig(false);
-      } catch {
-      }
-    }
+    loadConfig(false);
     config = {
       ...STATIC_CONFIG,
       get SERVICE_NAME() {
@@ -649,9 +644,7 @@ var init_files_model = __esm({
           linkKey: fileRaw.linkKey,
           linkKeyNonce: fileRaw.linkKeyNonce,
           commentKey: fileRaw.commentKey,
-          link: fileRaw.link,
-          derivedKey: fileRaw.derivedKey,
-          secretKey: fileRaw.secretKey
+          link: fileRaw.link
         };
       }
       static async findAll(portalAddress, limit, skip) {
@@ -735,20 +728,10 @@ var init_files_model = __esm({
         const _id = uuidv7();
         const sql = `
       INSERT INTO ${this.TABLE}
-      (_id, title, content, ddocId, portalAddress, linkKey, linkKeyNonce, derivedKey, secretKey)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      (_id, title, content, ddocId, portalAddress)
+      VALUES (?, ?, ?, ?, ?)
     `;
-        await QueryBuilder.execute(sql, [
-          _id,
-          input.title,
-          input.content,
-          input.ddocId,
-          input.portalAddress,
-          input.linkKey ?? null,
-          input.linkKeyNonce ?? null,
-          input.derivedKey ?? null,
-          input.secretKey ?? null
-        ]);
+        await QueryBuilder.execute(sql, [_id, input.title, input.content, input.ddocId, input.portalAddress]);
         const created = await this.findById(_id, input.portalAddress);
         if (!created) {
           throw new Error("Failed to create file");
@@ -981,29 +964,6 @@ var init_events_model = __esm({
     `;
         await QueryBuilder.execute(sql, [Date.now(), _id]);
       }
-      static async markSubmitted(_id) {
-        const sql = `
-      UPDATE ${this.TABLE}
-      SET status = 'submitted',
-          lockedAt = NULL
-      WHERE _id = ?
-    `;
-        await QueryBuilder.execute(sql, [_id]);
-      }
-      static async findNextSubmitted(lockedFileIds) {
-        const exclusionClause = lockedFileIds.length > 0 ? `AND fileId NOT IN (${lockedFileIds.map(() => "?").join(", ")})` : "";
-        const sql = `
-      SELECT * FROM ${this.TABLE}
-      WHERE status = 'submitted'
-      AND userOpHash IS NOT NULL
-      ${exclusionClause}
-      ORDER BY timestamp ASC
-      LIMIT 1
-    `;
-        const params = [...lockedFileIds];
-        const row = await QueryBuilder.selectOne(sql, params);
-        return row ? this.parseEvent(row) : void 0;
-      }
       static async markProcessed(_id) {
         const sql = `
       UPDATE ${this.TABLE}
@@ -1206,114 +1166,13 @@ var init_key_store = __esm({
   }
 });
 
-// src/sdk/ucan.ts
-import { sign, extractPublicKeyFromSecretKey } from "@stablelib/ed25519";
-import { toUint8Array } from "js-base64";
-function base58btcEncode(bytes) {
-  const digits = [0];
-  for (const byte of bytes) {
-    let carry = byte;
-    for (let j = 0; j < digits.length; j++) {
-      carry += digits[j] << 8;
-      digits[j] = carry % 58;
-      carry = carry / 58 | 0;
-    }
-    while (carry > 0) {
-      digits.push(carry % 58);
-      carry = carry / 58 | 0;
-    }
-  }
-  let result = "";
-  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
-    result += BASE58_ALPHABET[0];
-  }
-  for (let i = digits.length - 1; i >= 0; i--) {
-    result += BASE58_ALPHABET[digits[i]];
-  }
-  return result;
-}
-function base64urlEncode(data) {
-  const bytes = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  let binary = "";
-  for (let i = 0; i < bytes.length; i++) {
-    binary += String.fromCharCode(bytes[i]);
-  }
-  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-async function buildAndEncode(params) {
-  const {
-    issuer,
-    audience,
-    capabilities = [],
-    lifetimeInSeconds = 30,
-    expiration,
-    notBefore,
-    facts,
-    proofs = []
-  } = params;
-  const currentTime = Math.floor(Date.now() / 1e3);
-  const exp = expiration ?? currentTime + lifetimeInSeconds;
-  const header = { alg: issuer.jwtAlg, typ: "JWT", ucv: "0.8.1" };
-  const att = capabilities.map((cap) => ({
-    with: `${cap.with.scheme}:${cap.with.hierPart}`,
-    can: [cap.can.namespace, ...cap.can.segments].join("/")
-  }));
-  const payload = {
-    iss: issuer.did(),
-    aud: audience,
-    exp,
-    att,
-    prf: proofs
-  };
-  if (notBefore !== void 0) payload.nbf = notBefore;
-  if (facts !== void 0) payload.fct = facts;
-  const encodedHeader = base64urlEncode(JSON.stringify(header));
-  const encodedPayload = base64urlEncode(JSON.stringify(payload));
-  const signedData = `${encodedHeader}.${encodedPayload}`;
-  const sig = await issuer.sign(new TextEncoder().encode(signedData));
-  const signature = base64urlEncode(sig);
-  return `${signedData}.${signature}`;
-}
-var BASE58_ALPHABET, EDWARDS_DID_PREFIX, EdKeypair;
-var init_ucan = __esm({
-  "src/sdk/ucan.ts"() {
-    "use strict";
-    init_esm_shims();
-    BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-    EDWARDS_DID_PREFIX = new Uint8Array([237, 1]);
-    EdKeypair = class _EdKeypair {
-      jwtAlg = "EdDSA";
-      secretKey;
-      publicKey;
-      constructor(secretKey, publicKey) {
-        this.secretKey = secretKey;
-        this.publicKey = publicKey;
-      }
-      static fromSecretKey(key) {
-        const secretKey = toUint8Array(key);
-        const publicKey = extractPublicKeyFromSecretKey(secretKey);
-        return new _EdKeypair(secretKey, publicKey);
-      }
-      did() {
-        const bytes = new Uint8Array(EDWARDS_DID_PREFIX.length + this.publicKey.length);
-        bytes.set(EDWARDS_DID_PREFIX);
-        bytes.set(this.publicKey, EDWARDS_DID_PREFIX.length);
-        return "did:key:z" + base58btcEncode(bytes);
-      }
-      async sign(msg) {
-        return sign(this.secretKey, msg);
-      }
-    };
-  }
-});
-
 // src/sdk/auth-token-provider.ts
+import * as ucans from "@ucans/ucans";
 var AuthTokenProvider;
 var init_auth_token_provider = __esm({
   "src/sdk/auth-token-provider.ts"() {
     "use strict";
     init_esm_shims();
-    init_ucan();
     AuthTokenProvider = class {
       DEFAULT_OPTIONS = {
         namespace: "file",
@@ -1327,7 +1186,7 @@ var init_auth_token_provider = __esm({
         this.portalAddress = portalAddress;
       }
       async getAuthToken(audienceDid, options = this.DEFAULT_OPTIONS) {
-        return buildAndEncode({
+        const ucan = await ucans.build({
           audience: audienceDid,
           issuer: this.keyPair,
           lifetimeInSeconds: 7 * 86400,
@@ -1341,6 +1200,7 @@ var init_auth_token_provider = __esm({
             }
           ]
         });
+        return ucans.encode(ucan);
       }
     };
   }
@@ -1672,29 +1532,19 @@ var init_pimlico_utils = __esm({
         version: "0.7"
       }
     });
-    signerToSmartAccount = async (signer) => {
-      console.log("[pimlico] creating public client");
-      const client = getPublicClient();
-      console.log("[pimlico] calling toSafeSmartAccount");
-      const account = await toSafeSmartAccount({
-        client,
-        owners: [signer],
-        entryPoint: {
-          address: entryPoint07Address,
-          version: "0.7"
-        },
-        version: "1.4.1"
-      });
-      console.log("[pimlico] safe smart account created");
-      return account;
-    };
+    signerToSmartAccount = async (signer) => await toSafeSmartAccount({
+      client: getPublicClient(),
+      owners: [signer],
+      entryPoint: {
+        address: entryPoint07Address,
+        version: "0.7"
+      },
+      version: "1.4.1"
+    });
     getSmartAccountClient = async (signer, authToken, portalAddress) => {
-      console.log("[pimlico] signerToSmartAccount start");
       const smartAccount = await signerToSmartAccount(signer);
-      console.log("[pimlico] creating pimlico client");
       const pimlicoClient = getPimlicoClient(authToken, portalAddress, smartAccount.address);
-      console.log("[pimlico] creating smart account client");
-      const result = createSmartAccountClient({
+      return createSmartAccountClient({
         account: smartAccount,
         chain: CHAIN,
         paymaster: pimlicoClient,
@@ -1712,8 +1562,6 @@ var init_pimlico_utils = __esm({
           estimateFeesPerGas: async () => (await pimlicoClient.getUserOperationGasPrice()).fast
         }
       });
-      console.log("[pimlico] smart account client created");
-      return result;
     };
     getNonce = () => hexToBigInt(
       toHex(toBytes(generatePrivateKey()).slice(0, 24), {
@@ -1749,17 +1597,13 @@ var init_smart_agent = __esm({
       MAX_CALL_GAS_LIMIT = 5e5;
       authOptions = { namespace: "proxy", segment: "ACCESS", scheme: "pimlico" };
       async initializeAgentClient(keyMaterial) {
-        console.log("[agent] creating account from key");
         const agentAccount = privateKeyToAccount(toHex2(keyMaterial));
-        console.log("[agent] getting auth token");
         const authToken = await this.authTokenProvider.getAuthToken(STATIC_CONFIG.PROXY_SERVER_DID, this.authOptions);
-        console.log("[agent] getting smart account client");
         const smartAccountClient = await getSmartAccountClient(
           agentAccount,
           authToken,
           this.authTokenProvider.portalAddress
         );
-        console.log("[agent] smart account client ready");
         this.smartAccountAgent = smartAccountClient;
       }
       getSmartAccountAgent() {
@@ -1799,19 +1643,17 @@ var init_smart_agent = __esm({
         ]);
       }
       async sendUserOperation(request, customGasLimit) {
-        const smartAccountAgent = this.getSmartAccountAgent();
-        console.log("[agent] encoding call data");
-        const callData = await this.getCallData(request);
-        console.log("[agent] generating nonce");
-        const nonce = getNonce();
-        console.log("[agent] sending user operation");
-        const hash = await smartAccountAgent.sendUserOperation({
-          callData,
-          callGasLimit: BigInt(customGasLimit || this.MAX_CALL_GAS_LIMIT),
-          nonce
-        });
-        console.log("[agent] user operation sent");
-        return hash;
+        try {
+          const smartAccountAgent = this.getSmartAccountAgent();
+          const callData = await this.getCallData(request);
+          return await smartAccountAgent.sendUserOperation({
+            callData,
+            callGasLimit: BigInt(customGasLimit || this.MAX_CALL_GAS_LIMIT),
+            nonce: getNonce()
+          });
+        } catch (error) {
+          throw error;
+        }
       }
       async executeUserOperationRequest(request, timeout, customGasLimit) {
         const userOpHash = await this.sendUserOperation(request, customGasLimit);
@@ -2526,20 +2368,60 @@ var init_file_encryption = __esm({
 });
 
 // src/sdk/file-utils.ts
+import { getArgon2idHash } from "@fileverse/crypto/argon";
 import { bytesToBase64, generateRandomBytes as generateRandomBytes2 } from "@fileverse/crypto/utils";
 import { derivePBKDF2Key, encryptAesCBC } from "@fileverse/crypto/kdf";
 import { secretBoxEncrypt } from "@fileverse/crypto/nacl";
+import hkdf from "futoin-hkdf";
 import tweetnacl from "tweetnacl";
-import { fromUint8Array, toUint8Array as toUint8Array2 } from "js-base64";
+import { fromUint8Array, toUint8Array } from "js-base64";
 import { toAESKey, aesEncrypt } from "@fileverse/crypto/webcrypto";
+import axios from "axios";
 import { encodeFunctionData, parseEventLogs } from "viem";
-var jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
+var deriveKeyFromAg2Hash, decryptSecretKey, getExistingEncryptionMaterial, getNaclSecretKey, generateLinkKeyMaterial, jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
 var init_file_utils = __esm({
   "src/sdk/file-utils.ts"() {
     "use strict";
     init_esm_shims();
     init_file_encryption();
     init_constants3();
+    deriveKeyFromAg2Hash = async (pass, salt) => {
+      const key = await getArgon2idHash(pass, salt);
+      return hkdf(Buffer.from(key), tweetnacl.secretbox.keyLength, {
+        info: Buffer.from("encryptionKey")
+      });
+    };
+    decryptSecretKey = async (docId, nonce, encryptedSecretKey) => {
+      const derivedKey = await deriveKeyFromAg2Hash(docId, toUint8Array(nonce));
+      return tweetnacl.secretbox.open(toUint8Array(encryptedSecretKey), toUint8Array(nonce), derivedKey);
+    };
+    getExistingEncryptionMaterial = async (existingEncryptedSecretKey, existingNonce, docId) => {
+      const secretKey = await decryptSecretKey(docId, existingNonce, existingEncryptedSecretKey);
+      return {
+        encryptedSecretKey: existingEncryptedSecretKey,
+        nonce: toUint8Array(existingNonce),
+        secretKey
+      };
+    };
+    getNaclSecretKey = async (ddocId) => {
+      const { secretKey } = tweetnacl.box.keyPair();
+      const nonce = tweetnacl.randomBytes(tweetnacl.secretbox.nonceLength);
+      const derivedKey = await deriveKeyFromAg2Hash(ddocId, nonce);
+      const encryptedSecretKey = fromUint8Array(tweetnacl.secretbox(secretKey, nonce, derivedKey), true);
+      return { nonce, encryptedSecretKey, secretKey };
+    };
+    generateLinkKeyMaterial = async (params) => {
+      if (params.linkKeyNonce && params.linkKey) {
+        const { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 } = await getExistingEncryptionMaterial(
+          params.linkKey,
+          params.linkKeyNonce,
+          params.ddocId
+        );
+        if (secretKey2) return { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 };
+      }
+      const { secretKey, nonce, encryptedSecretKey } = await getNaclSecretKey(params.ddocId);
+      return { secretKey, nonce, encryptedSecretKey };
+    };
     jsonToFile = (json, fileName) => {
       const blob = new Blob([JSON.stringify(json)], {
         type: "application/json"
@@ -2569,8 +2451,8 @@ var init_file_utils = __esm({
       const encryptedBlob = new Blob([ciphertext], { type: file.type });
       const encryptedBlobWithAuthTagIv = await appendAuthTagIvToBlob(
         encryptedBlob,
-        toUint8Array2(authTag),
-        toUint8Array2(iv)
+        toUint8Array(authTag),
+        toUint8Array(iv)
       );
       return {
         encryptedFile: new File([encryptedBlobWithAuthTagIv], file.name),
@@ -2616,7 +2498,7 @@ var init_file_utils = __esm({
       };
     };
     encryptTitleWithFileKey = async (args) => {
-      const key = await toAESKey(toUint8Array2(args.key));
+      const key = await toAESKey(toUint8Array(args.key));
       if (!key) throw new Error("Key is undefined");
       const titleBytes = new TextEncoder().encode(args.title);
       const encryptedTitle = await aesEncrypt(key, titleBytes, "base64");
@@ -2630,21 +2512,16 @@ var init_file_utils = __esm({
       body.append("ipfsType", ipfsType);
       body.append("appFileId", appFileId);
       body.append("sourceApp", "ddoc");
-      const response = await fetch(UPLOAD_SERVER_URL + "upload", {
-        method: "POST",
+      const uploadEndpoint = UPLOAD_SERVER_URL + "upload";
+      const response = await axios.post(uploadEndpoint, body, {
         headers: {
           Authorization: `Bearer ${token}`,
           contract: contractAddress,
           invoker,
-          chain: NETWORK_NAME
-        },
-        body
+          chain: process.env.chainId
+        }
       });
-      if (!response.ok) {
-        throw new Error(`Upload failed: ${response.status} ${response.statusText}`);
-      }
-      const data = await response.json();
-      return data.ipfsHash;
+      return response.data.ipfsHash;
     };
     getEditFileTrxCalldata = (args) => {
       return encodeFunctionData({
@@ -2739,7 +2616,7 @@ var init_file_utils = __esm({
 });
 
 // src/sdk/file-manager.ts
-import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array3 } from "js-base64";
+import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array2 } from "js-base64";
 import { generateAESKey, exportAESKey } from "@fileverse/crypto/webcrypto";
 import { markdownToYjs } from "@fileverse/content-processor";
 var FileManager;
@@ -2760,8 +2637,8 @@ var init_file_manager = __esm({
       }
       createLocks(key, encryptedSecretKey, commentKey) {
         const appLock = {
-          lockedFileKey: this.keyStore.encryptData(toUint8Array3(key)),
-          lockedLinkKey: this.keyStore.encryptData(toUint8Array3(encryptedSecretKey)),
+          lockedFileKey: this.keyStore.encryptData(toUint8Array2(key)),
+          lockedLinkKey: this.keyStore.encryptData(toUint8Array2(encryptedSecretKey)),
           lockedChatKey: this.keyStore.encryptData(commentKey)
         };
         return { appLock, ownerLock: { ...appLock } };
@@ -2795,28 +2672,22 @@ var init_file_manager = __esm({
         return this.agentClient.getAuthParams();
       }
       async submitAddFileTrx(file) {
-        console.log("Submitting add file trx");
         logger.debug(`Preparing to add file ${file.ddocId}`);
-        const encryptedSecretKey = file.linkKey;
-        const nonce = toUint8Array3(file.linkKeyNonce);
-        const secretKey = toUint8Array3(file.secretKey);
-        console.log("Got encrypted secret key, nonce, and secret key");
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file.ddocId,
+          linkKey: file.linkKey,
+          linkKeyNonce: file.linkKeyNonce
+        });
         const yJSContent = markdownToYjs(file.content);
-        console.log("Generated yjs content");
         const { encryptedFile, key } = await createEncryptedContentFile(yJSContent);
-        console.log("Generated encrypted content file");
         logger.debug(`Generated encrypted content file for file ${file.ddocId}`);
         const commentKey = await exportAESKey(await generateAESKey(128));
-        console.log("Generated comment key");
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        console.log("Built app lock and owner lock");
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        console.log("Built link lock");
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file.title || "Untitled",
           key
         });
-        console.log("Built encrypted title");
         const metadata = buildFileMetadata({
           encryptedTitle,
           encryptedFileSize: encryptedFile.size,
@@ -2826,15 +2697,11 @@ var init_file_manager = __esm({
           nonce: fromUint8Array2(nonce),
           owner: this.agentClient.getAgentAddress()
         });
-        console.log("Built metadata");
         const authParams = await this.getAuthParams();
-        console.log("Got auth params");
-        console.log("Uploading files to IPFS");
         const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
           { metadata, encryptedFile, linkLock, ddocId: file.ddocId },
           authParams
         );
-        console.log("Uploaded files to IPFS");
         logger.debug(`Uploaded files to IPFS for file ${file.ddocId}`);
         const callData = prepareCallData({
           metadataHash,
@@ -2843,10 +2710,8 @@ var init_file_manager = __esm({
           appFileId: file.ddocId,
           fileId: file.fileId
         });
-        console.log("Prepared call data");
         logger.debug(`Prepared call data for file ${file.ddocId}`);
         const userOpHash = await this.sendFileOperation(callData);
-        console.log("Submitted user op");
         logger.debug(`Submitted user op for file ${file.ddocId}`);
         return {
           userOpHash,
@@ -2856,65 +2721,19 @@ var init_file_manager = __esm({
           metadata
         };
       }
-      async submitUpdateFile(file) {
-        logger.debug(`Submitting update for file ${file.ddocId} with onChainFileId ${file.onChainFileId}`);
-        const encryptedSecretKey = file.linkKey;
-        const nonce = toUint8Array3(file.linkKeyNonce);
-        const secretKey = toUint8Array3(file.secretKey);
-        const yjsContent = markdownToYjs(file.content);
-        const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file.commentKey);
-        const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        const encryptedTitle = await encryptTitleWithFileKey({
-          title: file.title || "Untitled",
-          key
-        });
-        const metadata = buildFileMetadata({
-          encryptedTitle,
-          encryptedFileSize: encryptedFile.size,
-          appLock,
-          ownerLock,
-          ddocId: file.ddocId,
-          nonce: fromUint8Array2(nonce),
-          owner: this.agentClient.getAgentAddress()
-        });
-        const authParams = await this.getAuthParams();
-        const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
-          { metadata, encryptedFile, linkLock, ddocId: file.ddocId },
-          authParams
-        );
-        const callData = prepareCallData({
-          metadataHash,
-          contentHash,
-          gateHash,
-          appFileId: file.ddocId,
-          fileId: file.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted update user op for file ${file.ddocId}`);
-        return { userOpHash, metadata };
-      }
-      async submitDeleteFile(file) {
-        logger.debug(`Submitting delete for file ${file.ddocId} with onChainFileId ${file.onChainFileId}`);
-        const callData = prepareDeleteFileCallData({
-          onChainFileId: file.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted delete user op for file ${file.ddocId}`);
-        return { userOpHash };
-      }
       async updateFile(file) {
         logger.debug(`Updating file ${file.ddocId} with onChainFileId ${file.onChainFileId}`);
-        const encryptedSecretKey = file.linkKey;
-        const nonce = toUint8Array3(file.linkKeyNonce);
-        const secretKey = toUint8Array3(file.secretKey);
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file.ddocId,
+          linkKey: file.linkKey,
+          linkKeyNonce: file.linkKeyNonce
+        });
         logger.debug(`Generating encrypted content file for file ${file.ddocId} with onChainFileId ${file.onChainFileId}`);
         const yjsContent = markdownToYjs(file.content);
         const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file.commentKey);
+        const commentKey = toUint8Array2(file.commentKey);
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file.title || "Untitled",
           key
@@ -2966,10 +2785,11 @@ var init_file_manager = __esm({
 });
 
 // src/domain/portal/publish.ts
-import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array4 } from "js-base64";
+import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array3 } from "js-base64";
 import { stringToBytes } from "viem";
 import { deriveHKDFKey } from "@fileverse/crypto/kdf";
 import { generateKeyPairFromSeed } from "@stablelib/ed25519";
+import * as ucans2 from "@ucans/ucans";
 async function getPortalData(fileId) {
   const file = await FilesModel.findByIdIncludingDeleted(fileId);
   if (!file) {
@@ -3001,23 +2821,17 @@ var init_publish = __esm({
     init_infra();
     init_key_store();
     init_auth_token_provider();
-    init_ucan();
     init_smart_agent();
     init_file_manager();
     init_config();
-    init_pimlico_utils();
     createFileManager = async (portalSeed, portalAddress, ucanSecret, privateAccountKey) => {
-      console.log("Creating file manager");
-      const keyPair = EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret));
-      console.log("Created key pair");
+      const keyPair = ucans2.EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret), {
+        exportable: true
+      });
       const authTokenProvider = new AuthTokenProvider(keyPair, portalAddress);
-      console.log("Created auth token provider");
-      const keyStore = new KeyStore(toUint8Array4(portalSeed), portalAddress, authTokenProvider);
-      console.log("Created key store");
+      const keyStore = new KeyStore(toUint8Array3(portalSeed), portalAddress, authTokenProvider);
       const agentClient = new AgentClient(authTokenProvider);
-      console.log("Created agent client");
       await agentClient.initializeAgentClient(privateAccountKey);
-      console.log("Initialized agent client");
       return new FileManager(keyStore, agentClient);
     };
     executeOperation = async (fileManager, file, operation) => {
@@ -3034,7 +2848,7 @@ var init_publish = __esm({
     handleExistingFileOp = async (fileId, operation) => {
       try {
         const { file, portalDetails, apiKey } = await getPortalData(fileId);
-        const apiKeySeed = toUint8Array4(apiKey);
+        const apiKeySeed = toUint8Array3(apiKey);
         const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
         const fileManager = await createFileManager(
           portalDetails.portalSeed,
@@ -3050,22 +2864,19 @@ var init_publish = __esm({
     };
     handleNewFileOp = async (fileId) => {
       const { file, portalDetails, apiKey } = await getPortalData(fileId);
-      console.log("Got portal data");
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
-      console.log("Derived collaborator keys");
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
         portalDetails.portalAddress,
         ucanSecret,
         privateAccountKey
       );
-      console.log("Created file manager");
       return fileManager.submitAddFileTrx(file);
     };
     getProxyAuthParams = async (fileId) => {
       const { portalDetails, apiKey } = await getPortalData(fileId);
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
@@ -3574,9 +3385,7 @@ CREATE TABLE IF NOT EXISTS files (
   commentKey TEXT,
   linkKey TEXT,
   linkKeyNonce TEXT,
-  link TEXT,
-  derivedKey TEXT,
-  secretKey TEXT
+  link TEXT
 );
 CREATE INDEX IF NOT EXISTS idx_files_createdAt ON files(createdAt);
 CREATE INDEX IF NOT EXISTS idx_files_syncStatus ON files(syncStatus);
@@ -3607,7 +3416,7 @@ CREATE TABLE IF NOT EXISTS events (
   type TEXT NOT NULL CHECK (type IN ('create', 'update', 'delete')),
   timestamp BIGINT NOT NULL,
   fileId TEXT NOT NULL,
-  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'submitted', 'processed', 'failed')),
+  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'processed', 'failed')),
   retryCount INTEGER NOT NULL DEFAULT 0,
   lastError TEXT,
   lockedAt BIGINT,