@fileverse/api 0.0.21 → 0.0.22

package/dist/index.js

@@ -116,12 +116,7 @@ var init_config = __esm({
     init_constants();
     projectEnvPath = path2.join(process.cwd(), "config", ".env");
     userEnvPath = path2.join(os.homedir(), ".fileverse", ".env");
-    if (typeof globalThis.process !== "undefined" && typeof globalThis.process.cwd === "function") {
-      try {
-        loadConfig(false);
-      } catch {
-      }
-    }
+    loadConfig(false);
     config = {
       ...STATIC_CONFIG,
       get SERVICE_NAME() {
@@ -669,9 +664,7 @@ var init_files_model = __esm({
           linkKey: fileRaw.linkKey,
           linkKeyNonce: fileRaw.linkKeyNonce,
           commentKey: fileRaw.commentKey,
-          link: fileRaw.link,
-          derivedKey: fileRaw.derivedKey,
-          secretKey: fileRaw.secretKey
+          link: fileRaw.link
         };
       }
       static async findAll(portalAddress, limit, skip) {
@@ -755,20 +748,10 @@ var init_files_model = __esm({
         const _id = uuidv7();
         const sql = `
       INSERT INTO ${this.TABLE}
-      (_id, title, content, ddocId, portalAddress, linkKey, linkKeyNonce, derivedKey, secretKey)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      (_id, title, content, ddocId, portalAddress)
+      VALUES (?, ?, ?, ?, ?)
     `;
-        await QueryBuilder.execute(sql, [
-          _id,
-          input.title,
-          input.content,
-          input.ddocId,
-          input.portalAddress,
-          input.linkKey ?? null,
-          input.linkKeyNonce ?? null,
-          input.derivedKey ?? null,
-          input.secretKey ?? null
-        ]);
+        await QueryBuilder.execute(sql, [_id, input.title, input.content, input.ddocId, input.portalAddress]);
         const created = await this.findById(_id, input.portalAddress);
         if (!created) {
           throw new Error("Failed to create file");
@@ -1148,29 +1131,6 @@ var init_events_model = __esm({
     `;
         await QueryBuilder.execute(sql, [Date.now(), _id]);
       }
-      static async markSubmitted(_id) {
-        const sql = `
-      UPDATE ${this.TABLE}
-      SET status = 'submitted',
-          lockedAt = NULL
-      WHERE _id = ?
-    `;
-        await QueryBuilder.execute(sql, [_id]);
-      }
-      static async findNextSubmitted(lockedFileIds) {
-        const exclusionClause = lockedFileIds.length > 0 ? `AND fileId NOT IN (${lockedFileIds.map(() => "?").join(", ")})` : "";
-        const sql = `
-      SELECT * FROM ${this.TABLE}
-      WHERE status = 'submitted'
-      AND userOpHash IS NOT NULL
-      ${exclusionClause}
-      ORDER BY timestamp ASC
-      LIMIT 1
-    `;
-        const params = [...lockedFileIds];
-        const row = await QueryBuilder.selectOne(sql, params);
-        return row ? this.parseEvent(row) : void 0;
-      }
       static async markProcessed(_id) {
         const sql = `
       UPDATE ${this.TABLE}
@@ -1373,114 +1333,13 @@ var init_key_store = __esm({
   }
 });
 
-// src/sdk/ucan.ts
-import { sign, extractPublicKeyFromSecretKey } from "@stablelib/ed25519";
-import { toUint8Array } from "js-base64";
-function base58btcEncode(bytes) {
-  const digits = [0];
-  for (const byte of bytes) {
-    let carry = byte;
-    for (let j = 0; j < digits.length; j++) {
-      carry += digits[j] << 8;
-      digits[j] = carry % 58;
-      carry = carry / 58 | 0;
-    }
-    while (carry > 0) {
-      digits.push(carry % 58);
-      carry = carry / 58 | 0;
-    }
-  }
-  let result = "";
-  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
-    result += BASE58_ALPHABET[0];
-  }
-  for (let i = digits.length - 1; i >= 0; i--) {
-    result += BASE58_ALPHABET[digits[i]];
-  }
-  return result;
-}
-function base64urlEncode(data) {
-  const bytes = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  let binary = "";
-  for (let i = 0; i < bytes.length; i++) {
-    binary += String.fromCharCode(bytes[i]);
-  }
-  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-async function buildAndEncode(params) {
-  const {
-    issuer,
-    audience,
-    capabilities = [],
-    lifetimeInSeconds = 30,
-    expiration,
-    notBefore,
-    facts,
-    proofs = []
-  } = params;
-  const currentTime = Math.floor(Date.now() / 1e3);
-  const exp = expiration ?? currentTime + lifetimeInSeconds;
-  const header = { alg: issuer.jwtAlg, typ: "JWT", ucv: "0.8.1" };
-  const att = capabilities.map((cap) => ({
-    with: `${cap.with.scheme}:${cap.with.hierPart}`,
-    can: [cap.can.namespace, ...cap.can.segments].join("/")
-  }));
-  const payload = {
-    iss: issuer.did(),
-    aud: audience,
-    exp,
-    att,
-    prf: proofs
-  };
-  if (notBefore !== void 0) payload.nbf = notBefore;
-  if (facts !== void 0) payload.fct = facts;
-  const encodedHeader = base64urlEncode(JSON.stringify(header));
-  const encodedPayload = base64urlEncode(JSON.stringify(payload));
-  const signedData = `${encodedHeader}.${encodedPayload}`;
-  const sig = await issuer.sign(new TextEncoder().encode(signedData));
-  const signature = base64urlEncode(sig);
-  return `${signedData}.${signature}`;
-}
-var BASE58_ALPHABET, EDWARDS_DID_PREFIX, EdKeypair;
-var init_ucan = __esm({
-  "src/sdk/ucan.ts"() {
-    "use strict";
-    init_esm_shims();
-    BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-    EDWARDS_DID_PREFIX = new Uint8Array([237, 1]);
-    EdKeypair = class _EdKeypair {
-      jwtAlg = "EdDSA";
-      secretKey;
-      publicKey;
-      constructor(secretKey, publicKey) {
-        this.secretKey = secretKey;
-        this.publicKey = publicKey;
-      }
-      static fromSecretKey(key) {
-        const secretKey = toUint8Array(key);
-        const publicKey = extractPublicKeyFromSecretKey(secretKey);
-        return new _EdKeypair(secretKey, publicKey);
-      }
-      did() {
-        const bytes = new Uint8Array(EDWARDS_DID_PREFIX.length + this.publicKey.length);
-        bytes.set(EDWARDS_DID_PREFIX);
-        bytes.set(this.publicKey, EDWARDS_DID_PREFIX.length);
-        return "did:key:z" + base58btcEncode(bytes);
-      }
-      async sign(msg) {
-        return sign(this.secretKey, msg);
-      }
-    };
-  }
-});
-
 // src/sdk/auth-token-provider.ts
+import * as ucans from "@ucans/ucans";
 var AuthTokenProvider;
 var init_auth_token_provider = __esm({
   "src/sdk/auth-token-provider.ts"() {
     "use strict";
     init_esm_shims();
-    init_ucan();
     AuthTokenProvider = class {
       DEFAULT_OPTIONS = {
         namespace: "file",
@@ -1494,7 +1353,7 @@ var init_auth_token_provider = __esm({
         this.portalAddress = portalAddress;
       }
       async getAuthToken(audienceDid, options = this.DEFAULT_OPTIONS) {
-        return buildAndEncode({
+        const ucan = await ucans.build({
           audience: audienceDid,
           issuer: this.keyPair,
           lifetimeInSeconds: 7 * 86400,
@@ -1508,6 +1367,7 @@ var init_auth_token_provider = __esm({
             }
           ]
         });
+        return ucans.encode(ucan);
       }
     };
   }
@@ -2675,20 +2535,60 @@ var init_file_encryption = __esm({
 });
 
 // src/sdk/file-utils.ts
+import { getArgon2idHash } from "@fileverse/crypto/argon";
 import { bytesToBase64, generateRandomBytes as generateRandomBytes2 } from "@fileverse/crypto/utils";
 import { derivePBKDF2Key, encryptAesCBC } from "@fileverse/crypto/kdf";
 import { secretBoxEncrypt } from "@fileverse/crypto/nacl";
+import hkdf from "futoin-hkdf";
 import tweetnacl from "tweetnacl";
-import { fromUint8Array, toUint8Array as toUint8Array2 } from "js-base64";
+import { fromUint8Array, toUint8Array } from "js-base64";
 import { toAESKey, aesEncrypt } from "@fileverse/crypto/webcrypto";
+import axios from "axios";
 import { encodeFunctionData, parseEventLogs } from "viem";
-var jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
+var deriveKeyFromAg2Hash, decryptSecretKey, getExistingEncryptionMaterial, getNaclSecretKey, generateLinkKeyMaterial, jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
 var init_file_utils = __esm({
   "src/sdk/file-utils.ts"() {
     "use strict";
     init_esm_shims();
     init_file_encryption();
     init_constants3();
+    deriveKeyFromAg2Hash = async (pass, salt) => {
+      const key = await getArgon2idHash(pass, salt);
+      return hkdf(Buffer.from(key), tweetnacl.secretbox.keyLength, {
+        info: Buffer.from("encryptionKey")
+      });
+    };
+    decryptSecretKey = async (docId, nonce, encryptedSecretKey) => {
+      const derivedKey = await deriveKeyFromAg2Hash(docId, toUint8Array(nonce));
+      return tweetnacl.secretbox.open(toUint8Array(encryptedSecretKey), toUint8Array(nonce), derivedKey);
+    };
+    getExistingEncryptionMaterial = async (existingEncryptedSecretKey, existingNonce, docId) => {
+      const secretKey = await decryptSecretKey(docId, existingNonce, existingEncryptedSecretKey);
+      return {
+        encryptedSecretKey: existingEncryptedSecretKey,
+        nonce: toUint8Array(existingNonce),
+        secretKey
+      };
+    };
+    getNaclSecretKey = async (ddocId) => {
+      const { secretKey } = tweetnacl.box.keyPair();
+      const nonce = tweetnacl.randomBytes(tweetnacl.secretbox.nonceLength);
+      const derivedKey = await deriveKeyFromAg2Hash(ddocId, nonce);
+      const encryptedSecretKey = fromUint8Array(tweetnacl.secretbox(secretKey, nonce, derivedKey), true);
+      return { nonce, encryptedSecretKey, secretKey };
+    };
+    generateLinkKeyMaterial = async (params) => {
+      if (params.linkKeyNonce && params.linkKey) {
+        const { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 } = await getExistingEncryptionMaterial(
+          params.linkKey,
+          params.linkKeyNonce,
+          params.ddocId
+        );
+        if (secretKey2) return { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 };
+      }
+      const { secretKey, nonce, encryptedSecretKey } = await getNaclSecretKey(params.ddocId);
+      return { secretKey, nonce, encryptedSecretKey };
+    };
     jsonToFile = (json2, fileName) => {
       const blob = new Blob([JSON.stringify(json2)], {
         type: "application/json"
@@ -2718,8 +2618,8 @@ var init_file_utils = __esm({
       const encryptedBlob = new Blob([ciphertext], { type: file2.type });
       const encryptedBlobWithAuthTagIv = await appendAuthTagIvToBlob(
         encryptedBlob,
-        toUint8Array2(authTag),
-        toUint8Array2(iv)
+        toUint8Array(authTag),
+        toUint8Array(iv)
       );
       return {
         encryptedFile: new File([encryptedBlobWithAuthTagIv], file2.name),
@@ -2765,7 +2665,7 @@ var init_file_utils = __esm({
       };
     };
     encryptTitleWithFileKey = async (args) => {
-      const key = await toAESKey(toUint8Array2(args.key));
+      const key = await toAESKey(toUint8Array(args.key));
       if (!key) throw new Error("Key is undefined");
       const titleBytes = new TextEncoder().encode(args.title);
       const encryptedTitle = await aesEncrypt(key, titleBytes, "base64");
@@ -2779,21 +2679,16 @@ var init_file_utils = __esm({
       body.append("ipfsType", ipfsType);
       body.append("appFileId", appFileId);
       body.append("sourceApp", "ddoc");
-      const response = await fetch(UPLOAD_SERVER_URL + "upload", {
-        method: "POST",
+      const uploadEndpoint = UPLOAD_SERVER_URL + "upload";
+      const response = await axios.post(uploadEndpoint, body, {
         headers: {
           Authorization: `Bearer ${token}`,
           contract: contractAddress,
           invoker,
-          chain: NETWORK_NAME
-        },
-        body
+          chain: process.env.chainId
+        }
       });
-      if (!response.ok) {
-        throw new Error(`Upload failed: ${response.status} ${response.statusText}`);
-      }
-      const data = await response.json();
-      return data.ipfsHash;
+      return response.data.ipfsHash;
     };
     getEditFileTrxCalldata = (args) => {
       return encodeFunctionData({
@@ -2888,7 +2783,7 @@ var init_file_utils = __esm({
 });
 
 // src/sdk/file-manager.ts
-import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array3 } from "js-base64";
+import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array2 } from "js-base64";
 import { generateAESKey, exportAESKey } from "@fileverse/crypto/webcrypto";
 import { markdownToYjs } from "@fileverse/content-processor";
 var FileManager;
@@ -2909,8 +2804,8 @@ var init_file_manager = __esm({
       }
       createLocks(key, encryptedSecretKey, commentKey) {
         const appLock = {
-          lockedFileKey: this.keyStore.encryptData(toUint8Array3(key)),
-          lockedLinkKey: this.keyStore.encryptData(toUint8Array3(encryptedSecretKey)),
+          lockedFileKey: this.keyStore.encryptData(toUint8Array2(key)),
+          lockedLinkKey: this.keyStore.encryptData(toUint8Array2(encryptedSecretKey)),
           lockedChatKey: this.keyStore.encryptData(commentKey)
         };
         return { appLock, ownerLock: { ...appLock } };
@@ -2944,28 +2839,22 @@ var init_file_manager = __esm({
         return this.agentClient.getAuthParams();
       }
       async submitAddFileTrx(file2) {
-        console.log("Submitting add file trx");
         logger.debug(`Preparing to add file ${file2.ddocId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
-        console.log("Got encrypted secret key, nonce, and secret key");
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file2.ddocId,
+          linkKey: file2.linkKey,
+          linkKeyNonce: file2.linkKeyNonce
+        });
         const yJSContent = markdownToYjs(file2.content);
-        console.log("Generated yjs content");
         const { encryptedFile, key } = await createEncryptedContentFile(yJSContent);
-        console.log("Generated encrypted content file");
         logger.debug(`Generated encrypted content file for file ${file2.ddocId}`);
         const commentKey = await exportAESKey(await generateAESKey(128));
-        console.log("Generated comment key");
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        console.log("Built app lock and owner lock");
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        console.log("Built link lock");
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file2.title || "Untitled",
           key
         });
-        console.log("Built encrypted title");
         const metadata = buildFileMetadata({
           encryptedTitle,
           encryptedFileSize: encryptedFile.size,
@@ -2975,15 +2864,11 @@ var init_file_manager = __esm({
           nonce: fromUint8Array2(nonce),
           owner: this.agentClient.getAgentAddress()
         });
-        console.log("Built metadata");
         const authParams = await this.getAuthParams();
-        console.log("Got auth params");
-        console.log("Uploading files to IPFS");
         const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
           { metadata, encryptedFile, linkLock, ddocId: file2.ddocId },
           authParams
         );
-        console.log("Uploaded files to IPFS");
         logger.debug(`Uploaded files to IPFS for file ${file2.ddocId}`);
         const callData = prepareCallData({
           metadataHash,
@@ -2992,10 +2877,8 @@ var init_file_manager = __esm({
           appFileId: file2.ddocId,
           fileId: file2.fileId
         });
-        console.log("Prepared call data");
         logger.debug(`Prepared call data for file ${file2.ddocId}`);
         const userOpHash = await this.sendFileOperation(callData);
-        console.log("Submitted user op");
         logger.debug(`Submitted user op for file ${file2.ddocId}`);
         return {
           userOpHash,
@@ -3005,65 +2888,19 @@ var init_file_manager = __esm({
           metadata
         };
       }
-      async submitUpdateFile(file2) {
-        logger.debug(`Submitting update for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
-        const yjsContent = markdownToYjs(file2.content);
-        const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file2.commentKey);
-        const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        const encryptedTitle = await encryptTitleWithFileKey({
-          title: file2.title || "Untitled",
-          key
-        });
-        const metadata = buildFileMetadata({
-          encryptedTitle,
-          encryptedFileSize: encryptedFile.size,
-          appLock,
-          ownerLock,
-          ddocId: file2.ddocId,
-          nonce: fromUint8Array2(nonce),
-          owner: this.agentClient.getAgentAddress()
-        });
-        const authParams = await this.getAuthParams();
-        const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
-          { metadata, encryptedFile, linkLock, ddocId: file2.ddocId },
-          authParams
-        );
-        const callData = prepareCallData({
-          metadataHash,
-          contentHash,
-          gateHash,
-          appFileId: file2.ddocId,
-          fileId: file2.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted update user op for file ${file2.ddocId}`);
-        return { userOpHash, metadata };
-      }
-      async submitDeleteFile(file2) {
-        logger.debug(`Submitting delete for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const callData = prepareDeleteFileCallData({
-          onChainFileId: file2.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted delete user op for file ${file2.ddocId}`);
-        return { userOpHash };
-      }
       async updateFile(file2) {
         logger.debug(`Updating file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file2.ddocId,
+          linkKey: file2.linkKey,
+          linkKeyNonce: file2.linkKeyNonce
+        });
         logger.debug(`Generating encrypted content file for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
         const yjsContent = markdownToYjs(file2.content);
         const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file2.commentKey);
+        const commentKey = toUint8Array2(file2.commentKey);
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file2.title || "Untitled",
           key
@@ -3115,10 +2952,11 @@ var init_file_manager = __esm({
 });
 
 // src/domain/portal/publish.ts
-import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array4 } from "js-base64";
+import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array3 } from "js-base64";
 import { stringToBytes } from "viem";
 import { deriveHKDFKey } from "@fileverse/crypto/kdf";
 import { generateKeyPairFromSeed } from "@stablelib/ed25519";
+import * as ucans2 from "@ucans/ucans";
 async function getPortalData(fileId) {
   const file2 = await FilesModel.findByIdIncludingDeleted(fileId);
   if (!file2) {
@@ -3150,23 +2988,17 @@ var init_publish = __esm({
     init_infra();
     init_key_store();
     init_auth_token_provider();
-    init_ucan();
     init_smart_agent();
     init_file_manager();
     init_config();
-    init_pimlico_utils();
     createFileManager = async (portalSeed, portalAddress, ucanSecret, privateAccountKey) => {
-      console.log("Creating file manager");
-      const keyPair = EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret));
-      console.log("Created key pair");
+      const keyPair = ucans2.EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret), {
+        exportable: true
+      });
       const authTokenProvider = new AuthTokenProvider(keyPair, portalAddress);
-      console.log("Created auth token provider");
-      const keyStore = new KeyStore(toUint8Array4(portalSeed), portalAddress, authTokenProvider);
-      console.log("Created key store");
+      const keyStore = new KeyStore(toUint8Array3(portalSeed), portalAddress, authTokenProvider);
       const agentClient = new AgentClient(authTokenProvider);
-      console.log("Created agent client");
       await agentClient.initializeAgentClient(privateAccountKey);
-      console.log("Initialized agent client");
       return new FileManager(keyStore, agentClient);
     };
     executeOperation = async (fileManager, file2, operation) => {
@@ -3183,7 +3015,7 @@ var init_publish = __esm({
     handleExistingFileOp = async (fileId, operation) => {
       try {
         const { file: file2, portalDetails, apiKey } = await getPortalData(fileId);
-        const apiKeySeed = toUint8Array4(apiKey);
+        const apiKeySeed = toUint8Array3(apiKey);
         const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
         const fileManager = await createFileManager(
           portalDetails.portalSeed,
@@ -3199,22 +3031,19 @@ var init_publish = __esm({
     };
     handleNewFileOp = async (fileId) => {
       const { file: file2, portalDetails, apiKey } = await getPortalData(fileId);
-      console.log("Got portal data");
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
-      console.log("Derived collaborator keys");
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
         portalDetails.portalAddress,
         ucanSecret,
         privateAccountKey
       );
-      console.log("Created file manager");
       return fileManager.submitAddFileTrx(file2);
     };
     getProxyAuthParams = async (fileId) => {
       const { portalDetails, apiKey } = await getPortalData(fileId);
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
@@ -3736,9 +3565,7 @@ CREATE TABLE IF NOT EXISTS files (
   commentKey TEXT,
   linkKey TEXT,
   linkKeyNonce TEXT,
-  link TEXT,
-  derivedKey TEXT,
-  secretKey TEXT
+  link TEXT
 );
 CREATE INDEX IF NOT EXISTS idx_files_createdAt ON files(createdAt);
 CREATE INDEX IF NOT EXISTS idx_files_syncStatus ON files(syncStatus);
@@ -3769,7 +3596,7 @@ CREATE TABLE IF NOT EXISTS events (
   type TEXT NOT NULL CHECK (type IN ('create', 'update', 'delete')),
   timestamp BIGINT NOT NULL,
   fileId TEXT NOT NULL,
-  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'submitted', 'processed', 'failed')),
+  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'processed', 'failed')),
   retryCount INTEGER NOT NULL DEFAULT 0,
   lastError TEXT,
   lockedAt BIGINT,
@@ -3819,17 +3646,30 @@ init_esm_shims();
 // src/cli/fetch-api-key.ts
 init_esm_shims();
 init_constants();
-import { toUint8Array as toUint8Array5 } from "js-base64";
+import axios2 from "axios";
+import { toUint8Array as toUint8Array4 } from "js-base64";
 import { sha256 } from "viem";
 var fetchApiKeyData = async (apiKey) => {
   try {
-    const keyHash = sha256(toUint8Array5(apiKey));
+    const keyHash = sha256(toUint8Array4(apiKey));
     const fullUrl = BASE_CONFIG.API_URL + `api-access/${keyHash}`;
-    const response = await fetch(fullUrl);
-    const { encryptedKeyMaterial, encryptedAppMaterial, id } = await response.json();
+    const response = await axios2.get(fullUrl);
+    const { encryptedKeyMaterial, encryptedAppMaterial, id } = response.data;
     return { encryptedKeyMaterial, encryptedAppMaterial, id };
   } catch (error48) {
-    throw new Error(`Server error: ${error48.message}`);
+    if (axios2.isAxiosError(error48)) {
+      if (error48.response?.status === 401) {
+        throw new Error("Invalid API key");
+      }
+      if (error48.response?.status === 404) {
+        throw new Error("API key not found");
+      }
+      if (error48.code === "ECONNREFUSED") {
+        throw new Error(`Cannot connect to server at ${BASE_CONFIG.API_URL}`);
+      }
+      throw new Error(`Server error: ${error48.response?.data?.message || error48.message}`);
+    }
+    throw error48;
   }
 };
 
@@ -3839,7 +3679,7 @@ init_saveApiKey();
 init_apikeys_model();
 init_infra();
 import { deriveHKDFKey as deriveHKDFKey2 } from "@fileverse/crypto/hkdf";
-import { toUint8Array as toUint8Array6 } from "js-base64";
+import { toUint8Array as toUint8Array5 } from "js-base64";
 import { stringToBytes as stringToBytes2 } from "viem";
 import { toAESKey as toAESKey2, aesDecrypt } from "@fileverse/crypto/webcrypto";
 var SAVED_DATA_ENCRYPTION_KEY_INFO = "SAVED_DATA_ENCRYPTION_KEY";
@@ -3864,7 +3704,7 @@ async function initializeWithData(data) {
 }
 var getAesKeyFromApiKey = async (apiKey) => {
   const rawSecret = deriveHKDFKey2(
-    toUint8Array6(apiKey),
+    toUint8Array5(apiKey),
     new Uint8Array([0]),
     stringToBytes2(SAVED_DATA_ENCRYPTION_KEY_INFO)
   );
@@ -3875,7 +3715,7 @@ var bytestToJSON = (bytes) => {
 };
 var decryptSavedData = async (apiKey, encryptedData) => {
   const aesKey = await getAesKeyFromApiKey(apiKey);
-  const decryptedBytes = await aesDecrypt(aesKey, toUint8Array6(encryptedData));
+  const decryptedBytes = await aesDecrypt(aesKey, toUint8Array5(encryptedData));
   const data = bytestToJSON(decryptedBytes);
   return data;
 };
@@ -3920,55 +3760,6 @@ init_esm_shims();
 init_models();
 init_constants2();
 import { generate } from "short-uuid";
-import { fromUint8Array as fromUint8Array5 } from "js-base64";
-
-// src/sdk/link-key-utils.ts
-init_esm_shims();
-import { getArgon2idHash } from "@fileverse/crypto/argon";
-import hkdf from "futoin-hkdf";
-import tweetnacl2 from "tweetnacl";
-import { fromUint8Array as fromUint8Array4, toUint8Array as toUint8Array7 } from "js-base64";
-var deriveKeyFromAg2Hash = async (pass, salt) => {
-  const key = await getArgon2idHash(pass, salt);
-  return hkdf(Buffer.from(key), tweetnacl2.secretbox.keyLength, {
-    info: Buffer.from("encryptionKey")
-  });
-};
-var getExistingEncryptionMaterial = async (existingEncryptedSecretKey, existingNonce, docId) => {
-  const derivedKey = await deriveKeyFromAg2Hash(docId, toUint8Array7(existingNonce));
-  const secretKey = tweetnacl2.secretbox.open(
-    toUint8Array7(existingEncryptedSecretKey),
-    toUint8Array7(existingNonce),
-    derivedKey
-  );
-  return {
-    encryptedSecretKey: existingEncryptedSecretKey,
-    nonce: toUint8Array7(existingNonce),
-    secretKey,
-    derivedKey: new Uint8Array(derivedKey)
-  };
-};
-var getNaclSecretKey = async (ddocId) => {
-  const { secretKey } = tweetnacl2.box.keyPair();
-  const nonce = tweetnacl2.randomBytes(tweetnacl2.secretbox.nonceLength);
-  const derivedKey = await deriveKeyFromAg2Hash(ddocId, nonce);
-  const encryptedSecretKey = fromUint8Array4(tweetnacl2.secretbox(secretKey, nonce, derivedKey), true);
-  return { nonce, encryptedSecretKey, secretKey, derivedKey: new Uint8Array(derivedKey) };
-};
-var generateLinkKeyMaterial = async (params) => {
-  if (params.linkKeyNonce && params.linkKey) {
-    const { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2, derivedKey: derivedKey2 } = await getExistingEncryptionMaterial(
-      params.linkKey,
-      params.linkKeyNonce,
-      params.ddocId
-    );
-    if (secretKey2) return { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2, derivedKey: derivedKey2 };
-  }
-  const { secretKey, nonce, encryptedSecretKey, derivedKey } = await getNaclSecretKey(params.ddocId);
-  return { secretKey, nonce, encryptedSecretKey, derivedKey };
-};
-
-// src/domain/file/index.ts
 async function listFiles(params) {
   const { limit, skip, portalAddress } = params;
   const effectiveLimit = limit || DEFAULT_LIST_LIMIT;
@@ -4021,20 +3812,11 @@ var createFile = async (input) => {
     throw new Error("title, content, and portalAddress are required");
   }
   const ddocId = generate();
-  const { encryptedSecretKey, nonce, secretKey, derivedKey } = await generateLinkKeyMaterial({
-    ddocId,
-    linkKey: void 0,
-    linkKeyNonce: void 0
-  });
   const file2 = await FilesModel.create({
     title: input.title,
     content: input.content,
     ddocId,
-    portalAddress: input.portalAddress,
-    linkKey: encryptedSecretKey,
-    linkKeyNonce: fromUint8Array5(nonce),
-    derivedKey: fromUint8Array5(derivedKey),
-    secretKey: fromUint8Array5(secretKey)
+    portalAddress: input.portalAddress
   });
   await EventsModel.create({ type: "create", fileId: file2._id, portalAddress: file2.portalAddress });
   return file2;
@@ -4846,7 +4628,7 @@ __export(external_exports, {
   e164: () => e1642,
   email: () => email2,
   emoji: () => emoji2,
-  encode: () => encode2,
+  encode: () => encode3,
   encodeAsync: () => encodeAsync2,
   endsWith: () => _endsWith,
   enum: () => _enum2,
@@ -5220,7 +5002,7 @@ __export(core_exports2, {
   decode: () => decode,
   decodeAsync: () => decodeAsync,
   describe: () => describe,
-  encode: () => encode,
+  encode: () => encode2,
   encodeAsync: () => encodeAsync,
   extractDefs: () => extractDefs,
   finalize: () => finalize,
@@ -6207,7 +5989,7 @@ var _encode = (_Err) => (schema, value, _ctx) => {
   const ctx = _ctx ? Object.assign(_ctx, { direction: "backward" }) : { direction: "backward" };
   return _parse(_Err)(schema, value, ctx);
 };
-var encode = /* @__PURE__ */ _encode($ZodRealError);
+var encode2 = /* @__PURE__ */ _encode($ZodRealError);
 var _decode = (_Err) => (schema, value, _ctx) => {
   return _parse(_Err)(schema, value, _ctx);
 };
@@ -16971,7 +16753,7 @@ var parse2 = /* @__PURE__ */ _parse(ZodRealError);
 var parseAsync2 = /* @__PURE__ */ _parseAsync(ZodRealError);
 var safeParse2 = /* @__PURE__ */ _safeParse(ZodRealError);
 var safeParseAsync2 = /* @__PURE__ */ _safeParseAsync(ZodRealError);
-var encode2 = /* @__PURE__ */ _encode(ZodRealError);
+var encode3 = /* @__PURE__ */ _encode(ZodRealError);
 var decode2 = /* @__PURE__ */ _decode(ZodRealError);
 var encodeAsync2 = /* @__PURE__ */ _encodeAsync(ZodRealError);
 var decodeAsync2 = /* @__PURE__ */ _decodeAsync(ZodRealError);
@@ -17015,7 +16797,7 @@ var ZodType = /* @__PURE__ */ $constructor("ZodType", (inst, def) => {
   inst.parseAsync = async (data, params) => parseAsync2(inst, data, params, { callee: inst.parseAsync });
   inst.safeParseAsync = async (data, params) => safeParseAsync2(inst, data, params);
   inst.spa = inst.safeParseAsync;
-  inst.encode = (data, params) => encode2(inst, data, params);
+  inst.encode = (data, params) => encode3(inst, data, params);
   inst.decode = (data, params) => decode2(inst, data, params);
   inst.encodeAsync = async (data, params) => encodeAsync2(inst, data, params);
   inst.decodeAsync = async (data, params) => decodeAsync2(inst, data, params);