npm - @fileverse/api - Versions diffs - 0.0.21 → 0.0.23 - Mend

@fileverse/api 0.0.21 → 0.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/cli/index.js +33 -41
package/dist/cli/index.js.map +1 -1
package/dist/commands/index.js +17 -127
package/dist/commands/index.js.map +1 -1
package/dist/index.js +116 -330
package/dist/index.js.map +1 -1
package/dist/worker.js +85 -258
package/dist/worker.js.map +1 -1
package/package.json +6 -5
package/public/guide.md +286 -0
package/public/llm.txt +239 -499
package/dist/cloudflare.js +0 -18259
package/dist/cloudflare.js.map +0 -1

package/dist/index.js CHANGED Viewed

@@ -116,12 +116,7 @@ var init_config = __esm({
     init_constants();
     projectEnvPath = path2.join(process.cwd(), "config", ".env");
     userEnvPath = path2.join(os.homedir(), ".fileverse", ".env");
-    if (typeof globalThis.process !== "undefined" && typeof globalThis.process.cwd === "function") {
-      try {
-        loadConfig(false);
-      } catch {
-      }
-    }
+    loadConfig(false);
     config = {
       ...STATIC_CONFIG,
       get SERVICE_NAME() {
@@ -669,9 +664,7 @@ var init_files_model = __esm({
           linkKey: fileRaw.linkKey,
           linkKeyNonce: fileRaw.linkKeyNonce,
           commentKey: fileRaw.commentKey,
-          link: fileRaw.link,
-          derivedKey: fileRaw.derivedKey,
-          secretKey: fileRaw.secretKey
+          link: fileRaw.link
         };
       }
       static async findAll(portalAddress, limit, skip) {
@@ -755,20 +748,10 @@ var init_files_model = __esm({
         const _id = uuidv7();
         const sql = `
       INSERT INTO ${this.TABLE}
-      (_id, title, content, ddocId, portalAddress, linkKey, linkKeyNonce, derivedKey, secretKey)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      (_id, title, content, ddocId, portalAddress)
+      VALUES (?, ?, ?, ?, ?)
     `;
-        await QueryBuilder.execute(sql, [
-          _id,
-          input.title,
-          input.content,
-          input.ddocId,
-          input.portalAddress,
-          input.linkKey ?? null,
-          input.linkKeyNonce ?? null,
-          input.derivedKey ?? null,
-          input.secretKey ?? null
-        ]);
+        await QueryBuilder.execute(sql, [_id, input.title, input.content, input.ddocId, input.portalAddress]);
         const created = await this.findById(_id, input.portalAddress);
         if (!created) {
           throw new Error("Failed to create file");
@@ -1148,29 +1131,6 @@ var init_events_model = __esm({
     `;
         await QueryBuilder.execute(sql, [Date.now(), _id]);
       }
-      static async markSubmitted(_id) {
-        const sql = `
-      UPDATE ${this.TABLE}
-      SET status = 'submitted',
-          lockedAt = NULL
-      WHERE _id = ?
-    `;
-        await QueryBuilder.execute(sql, [_id]);
-      }
-      static async findNextSubmitted(lockedFileIds) {
-        const exclusionClause = lockedFileIds.length > 0 ? `AND fileId NOT IN (${lockedFileIds.map(() => "?").join(", ")})` : "";
-        const sql = `
-      SELECT * FROM ${this.TABLE}
-      WHERE status = 'submitted'
-      AND userOpHash IS NOT NULL
-      ${exclusionClause}
-      ORDER BY timestamp ASC
-      LIMIT 1
-    `;
-        const params = [...lockedFileIds];
-        const row = await QueryBuilder.selectOne(sql, params);
-        return row ? this.parseEvent(row) : void 0;
-      }
       static async markProcessed(_id) {
         const sql = `
       UPDATE ${this.TABLE}
@@ -1373,114 +1333,13 @@ var init_key_store = __esm({
   }
 });
-// src/sdk/ucan.ts
-import { sign, extractPublicKeyFromSecretKey } from "@stablelib/ed25519";
-import { toUint8Array } from "js-base64";
-function base58btcEncode(bytes) {
-  const digits = [0];
-  for (const byte of bytes) {
-    let carry = byte;
-    for (let j = 0; j < digits.length; j++) {
-      carry += digits[j] << 8;
-      digits[j] = carry % 58;
-      carry = carry / 58 | 0;
-    }
-    while (carry > 0) {
-      digits.push(carry % 58);
-      carry = carry / 58 | 0;
-    }
-  }
-  let result = "";
-  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
-    result += BASE58_ALPHABET[0];
-  }
-  for (let i = digits.length - 1; i >= 0; i--) {
-    result += BASE58_ALPHABET[digits[i]];
-  }
-  return result;
-}
-function base64urlEncode(data) {
-  const bytes = typeof data === "string" ? new TextEncoder().encode(data) : data;
-  let binary = "";
-  for (let i = 0; i < bytes.length; i++) {
-    binary += String.fromCharCode(bytes[i]);
-  }
-  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-async function buildAndEncode(params) {
-  const {
-    issuer,
-    audience,
-    capabilities = [],
-    lifetimeInSeconds = 30,
-    expiration,
-    notBefore,
-    facts,
-    proofs = []
-  } = params;
-  const currentTime = Math.floor(Date.now() / 1e3);
-  const exp = expiration ?? currentTime + lifetimeInSeconds;
-  const header = { alg: issuer.jwtAlg, typ: "JWT", ucv: "0.8.1" };
-  const att = capabilities.map((cap) => ({
-    with: `${cap.with.scheme}:${cap.with.hierPart}`,
-    can: [cap.can.namespace, ...cap.can.segments].join("/")
-  }));
-  const payload = {
-    iss: issuer.did(),
-    aud: audience,
-    exp,
-    att,
-    prf: proofs
-  };
-  if (notBefore !== void 0) payload.nbf = notBefore;
-  if (facts !== void 0) payload.fct = facts;
-  const encodedHeader = base64urlEncode(JSON.stringify(header));
-  const encodedPayload = base64urlEncode(JSON.stringify(payload));
-  const signedData = `${encodedHeader}.${encodedPayload}`;
-  const sig = await issuer.sign(new TextEncoder().encode(signedData));
-  const signature = base64urlEncode(sig);
-  return `${signedData}.${signature}`;
-}
-var BASE58_ALPHABET, EDWARDS_DID_PREFIX, EdKeypair;
-var init_ucan = __esm({
-  "src/sdk/ucan.ts"() {
-    "use strict";
-    init_esm_shims();
-    BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-    EDWARDS_DID_PREFIX = new Uint8Array([237, 1]);
-    EdKeypair = class _EdKeypair {
-      jwtAlg = "EdDSA";
-      secretKey;
-      publicKey;
-      constructor(secretKey, publicKey) {
-        this.secretKey = secretKey;
-        this.publicKey = publicKey;
-      }
-      static fromSecretKey(key) {
-        const secretKey = toUint8Array(key);
-        const publicKey = extractPublicKeyFromSecretKey(secretKey);
-        return new _EdKeypair(secretKey, publicKey);
-      }
-      did() {
-        const bytes = new Uint8Array(EDWARDS_DID_PREFIX.length + this.publicKey.length);
-        bytes.set(EDWARDS_DID_PREFIX);
-        bytes.set(this.publicKey, EDWARDS_DID_PREFIX.length);
-        return "did:key:z" + base58btcEncode(bytes);
-      }
-      async sign(msg) {
-        return sign(this.secretKey, msg);
-      }
-    };
-  }
-});
 // src/sdk/auth-token-provider.ts
+import * as ucans from "@ucans/ucans";
 var AuthTokenProvider;
 var init_auth_token_provider = __esm({
   "src/sdk/auth-token-provider.ts"() {
     "use strict";
     init_esm_shims();
-    init_ucan();
     AuthTokenProvider = class {
       DEFAULT_OPTIONS = {
         namespace: "file",
@@ -1494,7 +1353,7 @@ var init_auth_token_provider = __esm({
         this.portalAddress = portalAddress;
       }
       async getAuthToken(audienceDid, options = this.DEFAULT_OPTIONS) {
-        return buildAndEncode({
+        const ucan = await ucans.build({
           audience: audienceDid,
           issuer: this.keyPair,
           lifetimeInSeconds: 7 * 86400,
@@ -1508,6 +1367,7 @@ var init_auth_token_provider = __esm({
             }
           ]
         });
+        return ucans.encode(ucan);
       }
     };
   }
@@ -2675,20 +2535,60 @@ var init_file_encryption = __esm({
 });
 // src/sdk/file-utils.ts
+import { getArgon2idHash } from "@fileverse/crypto/argon";
 import { bytesToBase64, generateRandomBytes as generateRandomBytes2 } from "@fileverse/crypto/utils";
 import { derivePBKDF2Key, encryptAesCBC } from "@fileverse/crypto/kdf";
 import { secretBoxEncrypt } from "@fileverse/crypto/nacl";
+import hkdf from "futoin-hkdf";
 import tweetnacl from "tweetnacl";
-import { fromUint8Array, toUint8Array as toUint8Array2 } from "js-base64";
+import { fromUint8Array, toUint8Array } from "js-base64";
 import { toAESKey, aesEncrypt } from "@fileverse/crypto/webcrypto";
+import axios from "axios";
 import { encodeFunctionData, parseEventLogs } from "viem";
-var jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
+var deriveKeyFromAg2Hash, decryptSecretKey, getExistingEncryptionMaterial, getNaclSecretKey, generateLinkKeyMaterial, jsonToFile, appendAuthTagIvToBlob, encryptFile, getNonceAppendedCipherText, jsonToBytes, buildLinklock, encryptTitleWithFileKey, uploadFileToIPFS, getEditFileTrxCalldata, getAddFileTrxCalldata, prepareCallData, prepareDeleteFileCallData, createEncryptedContentFile, buildFileMetadata, parseFileEventLog, uploadAllFilesToIPFS;
 var init_file_utils = __esm({
   "src/sdk/file-utils.ts"() {
     "use strict";
     init_esm_shims();
     init_file_encryption();
     init_constants3();
+    deriveKeyFromAg2Hash = async (pass, salt) => {
+      const key = await getArgon2idHash(pass, salt);
+      return hkdf(Buffer.from(key), tweetnacl.secretbox.keyLength, {
+        info: Buffer.from("encryptionKey")
+      });
+    };
+    decryptSecretKey = async (docId, nonce, encryptedSecretKey) => {
+      const derivedKey = await deriveKeyFromAg2Hash(docId, toUint8Array(nonce));
+      return tweetnacl.secretbox.open(toUint8Array(encryptedSecretKey), toUint8Array(nonce), derivedKey);
+    };
+    getExistingEncryptionMaterial = async (existingEncryptedSecretKey, existingNonce, docId) => {
+      const secretKey = await decryptSecretKey(docId, existingNonce, existingEncryptedSecretKey);
+      return {
+        encryptedSecretKey: existingEncryptedSecretKey,
+        nonce: toUint8Array(existingNonce),
+        secretKey
+      };
+    };
+    getNaclSecretKey = async (ddocId) => {
+      const { secretKey } = tweetnacl.box.keyPair();
+      const nonce = tweetnacl.randomBytes(tweetnacl.secretbox.nonceLength);
+      const derivedKey = await deriveKeyFromAg2Hash(ddocId, nonce);
+      const encryptedSecretKey = fromUint8Array(tweetnacl.secretbox(secretKey, nonce, derivedKey), true);
+      return { nonce, encryptedSecretKey, secretKey };
+    };
+    generateLinkKeyMaterial = async (params) => {
+      if (params.linkKeyNonce && params.linkKey) {
+        const { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 } = await getExistingEncryptionMaterial(
+          params.linkKey,
+          params.linkKeyNonce,
+          params.ddocId
+        );
+        if (secretKey2) return { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2 };
+      }
+      const { secretKey, nonce, encryptedSecretKey } = await getNaclSecretKey(params.ddocId);
+      return { secretKey, nonce, encryptedSecretKey };
+    };
     jsonToFile = (json2, fileName) => {
       const blob = new Blob([JSON.stringify(json2)], {
         type: "application/json"
@@ -2718,8 +2618,8 @@ var init_file_utils = __esm({
       const encryptedBlob = new Blob([ciphertext], { type: file2.type });
       const encryptedBlobWithAuthTagIv = await appendAuthTagIvToBlob(
         encryptedBlob,
-        toUint8Array2(authTag),
-        toUint8Array2(iv)
+        toUint8Array(authTag),
+        toUint8Array(iv)
       );
       return {
         encryptedFile: new File([encryptedBlobWithAuthTagIv], file2.name),
@@ -2765,7 +2665,7 @@ var init_file_utils = __esm({
       };
     };
     encryptTitleWithFileKey = async (args) => {
-      const key = await toAESKey(toUint8Array2(args.key));
+      const key = await toAESKey(toUint8Array(args.key));
       if (!key) throw new Error("Key is undefined");
       const titleBytes = new TextEncoder().encode(args.title);
       const encryptedTitle = await aesEncrypt(key, titleBytes, "base64");
@@ -2779,21 +2679,16 @@ var init_file_utils = __esm({
       body.append("ipfsType", ipfsType);
       body.append("appFileId", appFileId);
       body.append("sourceApp", "ddoc");
-      const response = await fetch(UPLOAD_SERVER_URL + "upload", {
-        method: "POST",
+      const uploadEndpoint = UPLOAD_SERVER_URL + "upload";
+      const response = await axios.post(uploadEndpoint, body, {
         headers: {
           Authorization: `Bearer ${token}`,
           contract: contractAddress,
           invoker,
-          chain: NETWORK_NAME
-        },
-        body
+          chain: process.env.chainId
+        }
       });
-      if (!response.ok) {
-        throw new Error(`Upload failed: ${response.status} ${response.statusText}`);
-      }
-      const data = await response.json();
-      return data.ipfsHash;
+      return response.data.ipfsHash;
     };
     getEditFileTrxCalldata = (args) => {
       return encodeFunctionData({
@@ -2888,7 +2783,7 @@ var init_file_utils = __esm({
 });
 // src/sdk/file-manager.ts
-import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array3 } from "js-base64";
+import { fromUint8Array as fromUint8Array2, toUint8Array as toUint8Array2 } from "js-base64";
 import { generateAESKey, exportAESKey } from "@fileverse/crypto/webcrypto";
 import { markdownToYjs } from "@fileverse/content-processor";
 var FileManager;
@@ -2909,8 +2804,8 @@ var init_file_manager = __esm({
       }
       createLocks(key, encryptedSecretKey, commentKey) {
         const appLock = {
-          lockedFileKey: this.keyStore.encryptData(toUint8Array3(key)),
-          lockedLinkKey: this.keyStore.encryptData(toUint8Array3(encryptedSecretKey)),
+          lockedFileKey: this.keyStore.encryptData(toUint8Array2(key)),
+          lockedLinkKey: this.keyStore.encryptData(toUint8Array2(encryptedSecretKey)),
           lockedChatKey: this.keyStore.encryptData(commentKey)
         };
         return { appLock, ownerLock: { ...appLock } };
@@ -2944,28 +2839,22 @@ var init_file_manager = __esm({
         return this.agentClient.getAuthParams();
       }
       async submitAddFileTrx(file2) {
-        console.log("Submitting add file trx");
         logger.debug(`Preparing to add file ${file2.ddocId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
-        console.log("Got encrypted secret key, nonce, and secret key");
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file2.ddocId,
+          linkKey: file2.linkKey,
+          linkKeyNonce: file2.linkKeyNonce
+        });
         const yJSContent = markdownToYjs(file2.content);
-        console.log("Generated yjs content");
         const { encryptedFile, key } = await createEncryptedContentFile(yJSContent);
-        console.log("Generated encrypted content file");
         logger.debug(`Generated encrypted content file for file ${file2.ddocId}`);
         const commentKey = await exportAESKey(await generateAESKey(128));
-        console.log("Generated comment key");
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        console.log("Built app lock and owner lock");
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        console.log("Built link lock");
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file2.title || "Untitled",
           key
         });
-        console.log("Built encrypted title");
         const metadata = buildFileMetadata({
           encryptedTitle,
           encryptedFileSize: encryptedFile.size,
@@ -2975,15 +2864,11 @@ var init_file_manager = __esm({
           nonce: fromUint8Array2(nonce),
           owner: this.agentClient.getAgentAddress()
         });
-        console.log("Built metadata");
         const authParams = await this.getAuthParams();
-        console.log("Got auth params");
-        console.log("Uploading files to IPFS");
         const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
           { metadata, encryptedFile, linkLock, ddocId: file2.ddocId },
           authParams
         );
-        console.log("Uploaded files to IPFS");
         logger.debug(`Uploaded files to IPFS for file ${file2.ddocId}`);
         const callData = prepareCallData({
           metadataHash,
@@ -2992,10 +2877,8 @@ var init_file_manager = __esm({
           appFileId: file2.ddocId,
           fileId: file2.fileId
         });
-        console.log("Prepared call data");
         logger.debug(`Prepared call data for file ${file2.ddocId}`);
         const userOpHash = await this.sendFileOperation(callData);
-        console.log("Submitted user op");
         logger.debug(`Submitted user op for file ${file2.ddocId}`);
         return {
           userOpHash,
@@ -3005,65 +2888,19 @@ var init_file_manager = __esm({
           metadata
         };
       }
-      async submitUpdateFile(file2) {
-        logger.debug(`Submitting update for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
-        const yjsContent = markdownToYjs(file2.content);
-        const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file2.commentKey);
-        const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
-        const encryptedTitle = await encryptTitleWithFileKey({
-          title: file2.title || "Untitled",
-          key
-        });
-        const metadata = buildFileMetadata({
-          encryptedTitle,
-          encryptedFileSize: encryptedFile.size,
-          appLock,
-          ownerLock,
-          ddocId: file2.ddocId,
-          nonce: fromUint8Array2(nonce),
-          owner: this.agentClient.getAgentAddress()
-        });
-        const authParams = await this.getAuthParams();
-        const { metadataHash, contentHash, gateHash } = await uploadAllFilesToIPFS(
-          { metadata, encryptedFile, linkLock, ddocId: file2.ddocId },
-          authParams
-        );
-        const callData = prepareCallData({
-          metadataHash,
-          contentHash,
-          gateHash,
-          appFileId: file2.ddocId,
-          fileId: file2.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted update user op for file ${file2.ddocId}`);
-        return { userOpHash, metadata };
-      }
-      async submitDeleteFile(file2) {
-        logger.debug(`Submitting delete for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const callData = prepareDeleteFileCallData({
-          onChainFileId: file2.onChainFileId
-        });
-        const userOpHash = await this.sendFileOperation(callData);
-        logger.debug(`Submitted delete user op for file ${file2.ddocId}`);
-        return { userOpHash };
-      }
       async updateFile(file2) {
         logger.debug(`Updating file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
-        const encryptedSecretKey = file2.linkKey;
-        const nonce = toUint8Array3(file2.linkKeyNonce);
-        const secretKey = toUint8Array3(file2.secretKey);
+        const { encryptedSecretKey, nonce, secretKey } = await generateLinkKeyMaterial({
+          ddocId: file2.ddocId,
+          linkKey: file2.linkKey,
+          linkKeyNonce: file2.linkKeyNonce
+        });
         logger.debug(`Generating encrypted content file for file ${file2.ddocId} with onChainFileId ${file2.onChainFileId}`);
         const yjsContent = markdownToYjs(file2.content);
         const { encryptedFile, key } = await createEncryptedContentFile(yjsContent);
-        const commentKey = toUint8Array3(file2.commentKey);
+        const commentKey = toUint8Array2(file2.commentKey);
         const { appLock, ownerLock } = this.createLocks(key, encryptedSecretKey, commentKey);
-        const linkLock = buildLinklock(secretKey, toUint8Array3(key), commentKey);
+        const linkLock = buildLinklock(secretKey, toUint8Array2(key), commentKey);
         const encryptedTitle = await encryptTitleWithFileKey({
           title: file2.title || "Untitled",
           key
@@ -3115,10 +2952,11 @@ var init_file_manager = __esm({
 });
 // src/domain/portal/publish.ts
-import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array4 } from "js-base64";
+import { fromUint8Array as fromUint8Array3, toUint8Array as toUint8Array3 } from "js-base64";
 import { stringToBytes } from "viem";
 import { deriveHKDFKey } from "@fileverse/crypto/kdf";
 import { generateKeyPairFromSeed } from "@stablelib/ed25519";
+import * as ucans2 from "@ucans/ucans";
 async function getPortalData(fileId) {
   const file2 = await FilesModel.findByIdIncludingDeleted(fileId);
   if (!file2) {
@@ -3150,23 +2988,17 @@ var init_publish = __esm({
     init_infra();
     init_key_store();
     init_auth_token_provider();
-    init_ucan();
     init_smart_agent();
     init_file_manager();
     init_config();
-    init_pimlico_utils();
     createFileManager = async (portalSeed, portalAddress, ucanSecret, privateAccountKey) => {
-      console.log("Creating file manager");
-      const keyPair = EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret));
-      console.log("Created key pair");
+      const keyPair = ucans2.EdKeypair.fromSecretKey(fromUint8Array3(ucanSecret), {
+        exportable: true
+      });
       const authTokenProvider = new AuthTokenProvider(keyPair, portalAddress);
-      console.log("Created auth token provider");
-      const keyStore = new KeyStore(toUint8Array4(portalSeed), portalAddress, authTokenProvider);
-      console.log("Created key store");
+      const keyStore = new KeyStore(toUint8Array3(portalSeed), portalAddress, authTokenProvider);
       const agentClient = new AgentClient(authTokenProvider);
-      console.log("Created agent client");
       await agentClient.initializeAgentClient(privateAccountKey);
-      console.log("Initialized agent client");
       return new FileManager(keyStore, agentClient);
     };
     executeOperation = async (fileManager, file2, operation) => {
@@ -3183,7 +3015,7 @@ var init_publish = __esm({
     handleExistingFileOp = async (fileId, operation) => {
       try {
         const { file: file2, portalDetails, apiKey } = await getPortalData(fileId);
-        const apiKeySeed = toUint8Array4(apiKey);
+        const apiKeySeed = toUint8Array3(apiKey);
         const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
         const fileManager = await createFileManager(
           portalDetails.portalSeed,
@@ -3199,22 +3031,19 @@ var init_publish = __esm({
     };
     handleNewFileOp = async (fileId) => {
       const { file: file2, portalDetails, apiKey } = await getPortalData(fileId);
-      console.log("Got portal data");
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
-      console.log("Derived collaborator keys");
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
         portalDetails.portalAddress,
         ucanSecret,
         privateAccountKey
       );
-      console.log("Created file manager");
       return fileManager.submitAddFileTrx(file2);
     };
     getProxyAuthParams = async (fileId) => {
       const { portalDetails, apiKey } = await getPortalData(fileId);
-      const apiKeySeed = toUint8Array4(apiKey);
+      const apiKeySeed = toUint8Array3(apiKey);
       const { privateAccountKey, ucanSecret } = deriveCollaboratorKeys(apiKeySeed);
       const fileManager = await createFileManager(
         portalDetails.portalSeed,
@@ -3736,9 +3565,7 @@ CREATE TABLE IF NOT EXISTS files (
   commentKey TEXT,
   linkKey TEXT,
   linkKeyNonce TEXT,
-  link TEXT,
-  derivedKey TEXT,
-  secretKey TEXT
+  link TEXT
 );
 CREATE INDEX IF NOT EXISTS idx_files_createdAt ON files(createdAt);
 CREATE INDEX IF NOT EXISTS idx_files_syncStatus ON files(syncStatus);
@@ -3769,7 +3596,7 @@ CREATE TABLE IF NOT EXISTS events (
   type TEXT NOT NULL CHECK (type IN ('create', 'update', 'delete')),
   timestamp BIGINT NOT NULL,
   fileId TEXT NOT NULL,
-  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'submitted', 'processed', 'failed')),
+  status TEXT NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'processing', 'processed', 'failed')),
   retryCount INTEGER NOT NULL DEFAULT 0,
   lastError TEXT,
   lockedAt BIGINT,
@@ -3819,17 +3646,30 @@ init_esm_shims();
 // src/cli/fetch-api-key.ts
 init_esm_shims();
 init_constants();
-import { toUint8Array as toUint8Array5 } from "js-base64";
+import axios2 from "axios";
+import { toUint8Array as toUint8Array4 } from "js-base64";
 import { sha256 } from "viem";
 var fetchApiKeyData = async (apiKey) => {
   try {
-    const keyHash = sha256(toUint8Array5(apiKey));
+    const keyHash = sha256(toUint8Array4(apiKey));
     const fullUrl = BASE_CONFIG.API_URL + `api-access/${keyHash}`;
-    const response = await fetch(fullUrl);
-    const { encryptedKeyMaterial, encryptedAppMaterial, id } = await response.json();
+    const response = await axios2.get(fullUrl);
+    const { encryptedKeyMaterial, encryptedAppMaterial, id } = response.data;
     return { encryptedKeyMaterial, encryptedAppMaterial, id };
   } catch (error48) {
-    throw new Error(`Server error: ${error48.message}`);
+    if (axios2.isAxiosError(error48)) {
+      if (error48.response?.status === 401) {
+        throw new Error("Invalid API key");
+      }
+      if (error48.response?.status === 404) {
+        throw new Error("API key not found");
+      }
+      if (error48.code === "ECONNREFUSED") {
+        throw new Error(`Cannot connect to server at ${BASE_CONFIG.API_URL}`);
+      }
+      throw new Error(`Server error: ${error48.response?.data?.message || error48.message}`);
+    }
+    throw error48;
   }
 };
@@ -3839,7 +3679,7 @@ init_saveApiKey();
 init_apikeys_model();
 init_infra();
 import { deriveHKDFKey as deriveHKDFKey2 } from "@fileverse/crypto/hkdf";
-import { toUint8Array as toUint8Array6 } from "js-base64";
+import { toUint8Array as toUint8Array5 } from "js-base64";
 import { stringToBytes as stringToBytes2 } from "viem";
 import { toAESKey as toAESKey2, aesDecrypt } from "@fileverse/crypto/webcrypto";
 var SAVED_DATA_ENCRYPTION_KEY_INFO = "SAVED_DATA_ENCRYPTION_KEY";
@@ -3864,7 +3704,7 @@ async function initializeWithData(data) {
 }
 var getAesKeyFromApiKey = async (apiKey) => {
   const rawSecret = deriveHKDFKey2(
-    toUint8Array6(apiKey),
+    toUint8Array5(apiKey),
     new Uint8Array([0]),
     stringToBytes2(SAVED_DATA_ENCRYPTION_KEY_INFO)
   );
@@ -3875,7 +3715,7 @@ var bytestToJSON = (bytes) => {
 };
 var decryptSavedData = async (apiKey, encryptedData) => {
   const aesKey = await getAesKeyFromApiKey(apiKey);
-  const decryptedBytes = await aesDecrypt(aesKey, toUint8Array6(encryptedData));
+  const decryptedBytes = await aesDecrypt(aesKey, toUint8Array5(encryptedData));
   const data = bytestToJSON(decryptedBytes);
   return data;
 };
@@ -3920,55 +3760,6 @@ init_esm_shims();
 init_models();
 init_constants2();
 import { generate } from "short-uuid";
-import { fromUint8Array as fromUint8Array5 } from "js-base64";
-// src/sdk/link-key-utils.ts
-init_esm_shims();
-import { getArgon2idHash } from "@fileverse/crypto/argon";
-import hkdf from "futoin-hkdf";
-import tweetnacl2 from "tweetnacl";
-import { fromUint8Array as fromUint8Array4, toUint8Array as toUint8Array7 } from "js-base64";
-var deriveKeyFromAg2Hash = async (pass, salt) => {
-  const key = await getArgon2idHash(pass, salt);
-  return hkdf(Buffer.from(key), tweetnacl2.secretbox.keyLength, {
-    info: Buffer.from("encryptionKey")
-  });
-};
-var getExistingEncryptionMaterial = async (existingEncryptedSecretKey, existingNonce, docId) => {
-  const derivedKey = await deriveKeyFromAg2Hash(docId, toUint8Array7(existingNonce));
-  const secretKey = tweetnacl2.secretbox.open(
-    toUint8Array7(existingEncryptedSecretKey),
-    toUint8Array7(existingNonce),
-    derivedKey
-  );
-  return {
-    encryptedSecretKey: existingEncryptedSecretKey,
-    nonce: toUint8Array7(existingNonce),
-    secretKey,
-    derivedKey: new Uint8Array(derivedKey)
-  };
-};
-var getNaclSecretKey = async (ddocId) => {
-  const { secretKey } = tweetnacl2.box.keyPair();
-  const nonce = tweetnacl2.randomBytes(tweetnacl2.secretbox.nonceLength);
-  const derivedKey = await deriveKeyFromAg2Hash(ddocId, nonce);
-  const encryptedSecretKey = fromUint8Array4(tweetnacl2.secretbox(secretKey, nonce, derivedKey), true);
-  return { nonce, encryptedSecretKey, secretKey, derivedKey: new Uint8Array(derivedKey) };
-};
-var generateLinkKeyMaterial = async (params) => {
-  if (params.linkKeyNonce && params.linkKey) {
-    const { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2, derivedKey: derivedKey2 } = await getExistingEncryptionMaterial(
-      params.linkKey,
-      params.linkKeyNonce,
-      params.ddocId
-    );
-    if (secretKey2) return { encryptedSecretKey: encryptedSecretKey2, nonce: nonce2, secretKey: secretKey2, derivedKey: derivedKey2 };
-  }
-  const { secretKey, nonce, encryptedSecretKey, derivedKey } = await getNaclSecretKey(params.ddocId);
-  return { secretKey, nonce, encryptedSecretKey, derivedKey };
-};
-// src/domain/file/index.ts
 async function listFiles(params) {
   const { limit, skip, portalAddress } = params;
   const effectiveLimit = limit || DEFAULT_LIST_LIMIT;
@@ -4021,20 +3812,11 @@ var createFile = async (input) => {
     throw new Error("title, content, and portalAddress are required");
   }
   const ddocId = generate();
-  const { encryptedSecretKey, nonce, secretKey, derivedKey } = await generateLinkKeyMaterial({
-    ddocId,
-    linkKey: void 0,
-    linkKeyNonce: void 0
-  });
   const file2 = await FilesModel.create({
     title: input.title,
     content: input.content,
     ddocId,
-    portalAddress: input.portalAddress,
-    linkKey: encryptedSecretKey,
-    linkKeyNonce: fromUint8Array5(nonce),
-    derivedKey: fromUint8Array5(derivedKey),
-    secretKey: fromUint8Array5(secretKey)
+    portalAddress: input.portalAddress
   });
   await EventsModel.create({ type: "create", fileId: file2._id, portalAddress: file2.portalAddress });
   return file2;
@@ -4846,7 +4628,7 @@ __export(external_exports, {
   e164: () => e1642,
   email: () => email2,
   emoji: () => emoji2,
-  encode: () => encode2,
+  encode: () => encode3,
   encodeAsync: () => encodeAsync2,
   endsWith: () => _endsWith,
   enum: () => _enum2,
@@ -5220,7 +5002,7 @@ __export(core_exports2, {
   decode: () => decode,
   decodeAsync: () => decodeAsync,
   describe: () => describe,
-  encode: () => encode,
+  encode: () => encode2,
   encodeAsync: () => encodeAsync,
   extractDefs: () => extractDefs,
   finalize: () => finalize,
@@ -6207,7 +5989,7 @@ var _encode = (_Err) => (schema, value, _ctx) => {
   const ctx = _ctx ? Object.assign(_ctx, { direction: "backward" }) : { direction: "backward" };
   return _parse(_Err)(schema, value, ctx);
 };
-var encode = /* @__PURE__ */ _encode($ZodRealError);
+var encode2 = /* @__PURE__ */ _encode($ZodRealError);
 var _decode = (_Err) => (schema, value, _ctx) => {
   return _parse(_Err)(schema, value, _ctx);
 };
@@ -16971,7 +16753,7 @@ var parse2 = /* @__PURE__ */ _parse(ZodRealError);
 var parseAsync2 = /* @__PURE__ */ _parseAsync(ZodRealError);
 var safeParse2 = /* @__PURE__ */ _safeParse(ZodRealError);
 var safeParseAsync2 = /* @__PURE__ */ _safeParseAsync(ZodRealError);
-var encode2 = /* @__PURE__ */ _encode(ZodRealError);
+var encode3 = /* @__PURE__ */ _encode(ZodRealError);
 var decode2 = /* @__PURE__ */ _decode(ZodRealError);
 var encodeAsync2 = /* @__PURE__ */ _encodeAsync(ZodRealError);
 var decodeAsync2 = /* @__PURE__ */ _decodeAsync(ZodRealError);
@@ -17015,7 +16797,7 @@ var ZodType = /* @__PURE__ */ $constructor("ZodType", (inst, def) => {
   inst.parseAsync = async (data, params) => parseAsync2(inst, data, params, { callee: inst.parseAsync });
   inst.safeParseAsync = async (data, params) => safeParseAsync2(inst, data, params);
   inst.spa = inst.safeParseAsync;
-  inst.encode = (data, params) => encode2(inst, data, params);
+  inst.encode = (data, params) => encode3(inst, data, params);
   inst.decode = (data, params) => decode2(inst, data, params);
   inst.encodeAsync = async (data, params) => encodeAsync2(inst, data, params);
   inst.decodeAsync = async (data, params) => decodeAsync2(inst, data, params);
@@ -18746,6 +18528,7 @@ function createMcpRouter(config3) {
 }
 // src/index.ts
+import { join as join2 } from "path";
 var port = parseInt(config.PORT || "8001", 10);
 var ip = config.IP || "0.0.0.0";
 var server;
@@ -18771,6 +18554,9 @@ var startServer = async () => {
     if (req.method === "POST" && req.path === "/" && req.body?.jsonrpc) {
       req.url = "/mcp";
     }
+    if (req.method === "GET" && req.path === "/") {
+      return _res.sendFile(join2(__dirname, "../public/guide.md"));
+    }
     next();
   });
   app_default.use("/mcp", createMcpRouter({ serverUrl: `http://localhost:${port}`, apiKey }));