npm - @haex-space/vault-sdk - Versions diffs - 2.5.117 → 2.5.119 - Mend

@haex-space/vault-sdk 2.5.117 → 2.5.119

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/dist/{client-DSvkG_lC.d.mts → client-CJTSbNLI.d.mts} +1 -1
package/dist/{client-CA59HZfa.d.ts → client-E86CS0KK.d.ts} +1 -1
package/dist/index.d.mts +43 -5
package/dist/index.d.ts +43 -5
package/dist/index.js +727 -487
package/dist/index.js.map +1 -1
package/dist/index.mjs +716 -479
package/dist/index.mjs.map +1 -1
package/dist/node.d.mts +1 -1
package/dist/node.d.ts +1 -1
package/dist/react.d.mts +2 -2
package/dist/react.d.ts +2 -2
package/dist/react.js +66 -28
package/dist/react.js.map +1 -1
package/dist/react.mjs +66 -28
package/dist/react.mjs.map +1 -1
package/dist/runtime/nuxt.plugin.client.d.mts +2 -2
package/dist/runtime/nuxt.plugin.client.d.ts +2 -2
package/dist/runtime/nuxt.plugin.client.js.map +1 -1
package/dist/runtime/nuxt.plugin.client.mjs.map +1 -1
package/dist/svelte.d.mts +2 -2
package/dist/svelte.d.ts +2 -2
package/dist/svelte.js +66 -28
package/dist/svelte.js.map +1 -1
package/dist/svelte.mjs +66 -28
package/dist/svelte.mjs.map +1 -1
package/dist/{types-neLTvZJ_.d.mts → types-TFcm6hpl.d.mts} +19 -1
package/dist/{types-neLTvZJ_.d.ts → types-TFcm6hpl.d.ts} +19 -1
package/dist/vue.d.mts +2 -2
package/dist/vue.d.ts +2 -2
package/dist/vue.js +66 -28
package/dist/vue.js.map +1 -1
package/dist/vue.mjs +66 -28
package/dist/vue.mjs.map +1 -1
package/package.json +3 -2

package/dist/index.js CHANGED Viewed

@@ -2,62 +2,363 @@
 var sqliteProxy = require('drizzle-orm/sqlite-proxy');
-// src/polyfills/localStorage.ts
-function installLocalStoragePolyfill() {
-  if (typeof window === "undefined") {
-    return;
-  }
-  console.log("[HaexSpace] Storage Polyfill loading immediately");
-  let localStorageWorks = false;
-  try {
-    const testKey = "__ls_test__";
-    localStorage.setItem(testKey, testKey);
-    localStorage.removeItem(testKey);
-    localStorageWorks = true;
-  } catch {
-    console.warn("[HaexSpace] localStorage blocked \u2013 using in-memory fallback");
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+// src/crypto/vaultKey.ts
+async function deriveKeyFromPassword(password, salt) {
+  const encoder = new TextEncoder();
+  const passwordBuffer = encoder.encode(password);
+  const saltBuffer = new Uint8Array(salt);
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    passwordBuffer,
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+  return await crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: saltBuffer,
+      iterations: PBKDF2_ITERATIONS,
+      hash: "SHA-256"
+    },
+    keyMaterial,
+    { name: ALGORITHM, length: KEY_LENGTH },
+    false,
+    // not extractable
+    ["encrypt", "decrypt"]
+  );
+}
+function generateVaultKey() {
+  return crypto.getRandomValues(new Uint8Array(32));
+}
+async function encryptString(data, derivedKey) {
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    derivedKey,
+    dataBuffer
+  );
+  return {
+    encryptedData: arrayBufferToBase64(encryptedBuffer),
+    nonce: arrayBufferToBase64(nonce)
+  };
+}
+async function decryptString(encryptedData, nonce, derivedKey) {
+  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
+  const nonceBuffer = base64ToArrayBuffer(nonce);
+  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    derivedKey,
+    encryptedDataBuffer
+  );
+  const decoder = new TextDecoder();
+  return decoder.decode(decryptedBuffer);
+}
+async function encryptVaultKey(vaultKey, password) {
+  const salt = crypto.getRandomValues(new Uint8Array(32));
+  const derivedKey = await deriveKeyFromPassword(password, salt);
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    derivedKey,
+    vaultKeyBuffer
+  );
+  return {
+    encryptedVaultKey: arrayBufferToBase64(encryptedBuffer),
+    salt: arrayBufferToBase64(salt),
+    vaultKeyNonce: arrayBufferToBase64(nonce)
+  };
+}
+async function decryptVaultKey(encryptedVaultKey, salt, vaultKeyNonce, password) {
+  const encryptedBuffer = base64ToArrayBuffer(encryptedVaultKey);
+  const saltBuffer = base64ToArrayBuffer(salt);
+  const nonceBuffer = base64ToArrayBuffer(vaultKeyNonce);
+  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
+  const encryptedData = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    derivedKey,
+    encryptedData
+  );
+  return new Uint8Array(decryptedBuffer);
+}
+async function decryptVaultName(encryptedVaultName, vaultNameNonce, vaultNameSalt, password) {
+  const saltBuffer = base64ToArrayBuffer(vaultNameSalt);
+  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
+  return decryptString(encryptedVaultName, vaultNameNonce, derivedKey);
+}
+async function encryptCrdtData(data, vaultKey) {
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    vaultKeyBuffer,
+    { name: ALGORITHM },
+    false,
+    ["encrypt"]
+  );
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(JSON.stringify(data));
+  const encryptedBuffer = await crypto.subtle.encrypt(
+    {
+      name: ALGORITHM,
+      iv: nonce
+    },
+    cryptoKey,
+    dataBuffer
+  );
+  return {
+    encryptedData: arrayBufferToBase64(encryptedBuffer),
+    nonce: arrayBufferToBase64(nonce)
+  };
+}
+async function wrapKey(keyToWrap, wrappingKey) {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    new Uint8Array(wrappingKey),
+    { name: ALGORITHM },
+    false,
+    ["encrypt"]
+  );
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: ALGORITHM, iv: nonce },
+    cryptoKey,
+    new Uint8Array(keyToWrap)
+  );
+  const result = new Uint8Array(12 + ciphertext.byteLength);
+  result.set(nonce, 0);
+  result.set(new Uint8Array(ciphertext), 12);
+  return result;
+}
+async function unwrapKey(wrappedKey, wrappingKey) {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    new Uint8Array(wrappingKey),
+    { name: ALGORITHM },
+    false,
+    ["decrypt"]
+  );
+  const nonce = wrappedKey.slice(0, 12);
+  const ciphertext = wrappedKey.slice(12);
+  const plaintext = await crypto.subtle.decrypt(
+    { name: ALGORITHM, iv: nonce },
+    cryptoKey,
+    ciphertext
+  );
+  return new Uint8Array(plaintext);
+}
+async function decryptCrdtData(encryptedData, nonce, vaultKey) {
+  const vaultKeyBuffer = new Uint8Array(vaultKey);
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    vaultKeyBuffer,
+    { name: ALGORITHM },
+    false,
+    ["decrypt"]
+  );
+  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
+  const nonceBuffer = base64ToArrayBuffer(nonce);
+  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
+  const iv = new Uint8Array(nonceBuffer);
+  const decryptedBuffer = await crypto.subtle.decrypt(
+    {
+      name: ALGORITHM,
+      iv
+    },
+    cryptoKey,
+    encryptedDataBuffer
+  );
+  const decoder = new TextDecoder();
+  const jsonString = decoder.decode(decryptedBuffer);
+  return JSON.parse(jsonString);
+}
+function arrayBufferToBase64(buffer) {
+  const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(bytes).toString("base64");
   }
-  if (!localStorageWorks) {
-    const lsStorage = /* @__PURE__ */ new Map();
-    const localStoragePoly = {
-      getItem(key) {
-        return lsStorage.get(key) || null;
-      },
-      setItem(key, value) {
-        lsStorage.set(key, String(value));
-      },
-      removeItem(key) {
-        lsStorage.delete(key);
-      },
-      clear() {
-        lsStorage.clear();
-      },
-      get length() {
-        return lsStorage.size;
-      },
-      key(index) {
-        return Array.from(lsStorage.keys())[index] || null;
-      }
-    };
-    try {
-      Object.defineProperty(window, "localStorage", {
-        value: localStoragePoly,
-        writable: true,
-        configurable: true
-      });
-    } catch {
-      window.localStorage = localStoragePoly;
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    const byte = bytes[i];
+    if (byte !== void 0) {
+      binary += String.fromCharCode(byte);
     }
-    console.log("[HaexSpace] localStorage replaced with in-memory polyfill");
   }
+  return btoa(binary);
 }
-function installSessionStoragePolyfill() {
-  if (typeof window === "undefined") {
-    return;
+function base64ToArrayBuffer(base64) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(base64, "base64"));
   }
-  try {
-    const sessionStoragePoly = {
-      getItem() {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+var PBKDF2_ITERATIONS, KEY_LENGTH, ALGORITHM;
+var init_vaultKey = __esm({
+  "src/crypto/vaultKey.ts"() {
+    PBKDF2_ITERATIONS = 6e5;
+    KEY_LENGTH = 256;
+    ALGORITHM = "AES-GCM";
+  }
+});
+// src/crypto/userKeypair.ts
+var userKeypair_exports = {};
+__export(userKeypair_exports, {
+  KEY_AGREEMENT_ALGO: () => exports.KEY_AGREEMENT_ALGO,
+  SIGNING_ALGO: () => exports.SIGNING_ALGO,
+  decryptPrivateKeyAsync: () => decryptPrivateKeyAsync,
+  encryptPrivateKeyAsync: () => encryptPrivateKeyAsync,
+  exportUserKeypairAsync: () => exportUserKeypairAsync,
+  generateUserKeypairAsync: () => generateUserKeypairAsync,
+  importPrivateKeyForKeyAgreementAsync: () => importPrivateKeyForKeyAgreementAsync,
+  importPublicKeyForKeyAgreementAsync: () => importPublicKeyForKeyAgreementAsync,
+  importUserPrivateKeyAsync: () => importUserPrivateKeyAsync,
+  importUserPublicKeyAsync: () => importUserPublicKeyAsync
+});
+async function generateUserKeypairAsync() {
+  const keypair = await crypto.subtle.generateKey(exports.SIGNING_ALGO, true, ["sign", "verify"]);
+  return { publicKey: keypair.publicKey, privateKey: keypair.privateKey };
+}
+async function exportUserKeypairAsync(keypair) {
+  const pub = await crypto.subtle.exportKey("spki", keypair.publicKey);
+  const priv = await crypto.subtle.exportKey("pkcs8", keypair.privateKey);
+  return { publicKey: arrayBufferToBase64(pub), privateKey: arrayBufferToBase64(priv) };
+}
+async function importUserPublicKeyAsync(base64) {
+  return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), exports.SIGNING_ALGO, true, ["verify"]);
+}
+async function importUserPrivateKeyAsync(base64) {
+  return crypto.subtle.importKey("pkcs8", base64ToArrayBuffer(base64), exports.SIGNING_ALGO, true, ["sign"]);
+}
+async function importPublicKeyForKeyAgreementAsync(base64) {
+  return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), exports.KEY_AGREEMENT_ALGO, true, []);
+}
+async function importPrivateKeyForKeyAgreementAsync(base64) {
+  return crypto.subtle.importKey("pkcs8", base64ToArrayBuffer(base64), exports.KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
+}
+async function encryptPrivateKeyAsync(privateKeyBase64, password) {
+  const salt = crypto.getRandomValues(new Uint8Array(32));
+  const derivedKey = await deriveKeyFromPassword(password, salt);
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encrypted = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv: nonce },
+    derivedKey,
+    new TextEncoder().encode(privateKeyBase64)
+  );
+  return {
+    encryptedPrivateKey: arrayBufferToBase64(encrypted),
+    nonce: arrayBufferToBase64(nonce),
+    salt: arrayBufferToBase64(salt)
+  };
+}
+async function decryptPrivateKeyAsync(encryptedPrivateKey, nonce, salt, password) {
+  const derivedKey = await deriveKeyFromPassword(password, base64ToArrayBuffer(salt));
+  const decrypted = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: base64ToArrayBuffer(nonce) },
+    derivedKey,
+    base64ToArrayBuffer(encryptedPrivateKey)
+  );
+  return new TextDecoder().decode(decrypted);
+}
+exports.SIGNING_ALGO = void 0; exports.KEY_AGREEMENT_ALGO = void 0;
+var init_userKeypair = __esm({
+  "src/crypto/userKeypair.ts"() {
+    init_vaultKey();
+    exports.SIGNING_ALGO = { name: "ECDSA", namedCurve: "P-256" };
+    exports.KEY_AGREEMENT_ALGO = { name: "ECDH", namedCurve: "P-256" };
+  }
+});
+// src/polyfills/localStorage.ts
+function installLocalStoragePolyfill() {
+  if (typeof window === "undefined") {
+    return;
+  }
+  console.log("[HaexSpace] Storage Polyfill loading immediately");
+  let localStorageWorks = false;
+  try {
+    const testKey = "__ls_test__";
+    localStorage.setItem(testKey, testKey);
+    localStorage.removeItem(testKey);
+    localStorageWorks = true;
+  } catch {
+    console.warn("[HaexSpace] localStorage blocked \u2013 using in-memory fallback");
+  }
+  if (!localStorageWorks) {
+    const lsStorage = /* @__PURE__ */ new Map();
+    const localStoragePoly = {
+      getItem(key) {
+        return lsStorage.get(key) || null;
+      },
+      setItem(key, value) {
+        lsStorage.set(key, String(value));
+      },
+      removeItem(key) {
+        lsStorage.delete(key);
+      },
+      clear() {
+        lsStorage.clear();
+      },
+      get length() {
+        return lsStorage.size;
+      },
+      key(index) {
+        return Array.from(lsStorage.keys())[index] || null;
+      }
+    };
+    try {
+      Object.defineProperty(window, "localStorage", {
+        value: localStoragePoly,
+        writable: true,
+        configurable: true
+      });
+    } catch {
+      window.localStorage = localStoragePoly;
+    }
+    console.log("[HaexSpace] localStorage replaced with in-memory polyfill");
+  }
+}
+function installSessionStoragePolyfill() {
+  if (typeof window === "undefined") {
+    return;
+  }
+  try {
+    const sessionStoragePoly = {
+      getItem() {
         return null;
       },
       setItem() {
@@ -643,404 +944,187 @@ var LOCALSEND_COMMANDS = {
   /** Get current settings */
   getSettings: "localsend_get_settings",
   /** Update settings */
-  setSettings: "localsend_set_settings",
-  // Discovery (desktop only)
-  /** Start device discovery via multicast UDP */
-  startDiscovery: "localsend_start_discovery",
-  /** Stop device discovery */
-  stopDiscovery: "localsend_stop_discovery",
-  /** Get list of discovered devices */
-  getDevices: "localsend_get_devices",
-  // Network scan (mobile only)
-  /** Scan network for devices via HTTP */
-  scanNetwork: "localsend_scan_network",
-  // Server (receiving files)
-  /** Start the HTTPS server for receiving files */
-  startServer: "localsend_start_server",
-  /** Stop the HTTPS server */
-  stopServer: "localsend_stop_server",
-  /** Get server status */
-  getServerStatus: "localsend_get_server_status",
-  /** Get pending incoming transfer requests */
-  getPendingTransfers: "localsend_get_pending_transfers",
-  /** Accept an incoming transfer */
-  acceptTransfer: "localsend_accept_transfer",
-  /** Reject an incoming transfer */
-  rejectTransfer: "localsend_reject_transfer",
-  // Client (sending files)
-  /** Prepare files for sending - collect metadata */
-  prepareFiles: "localsend_prepare_files",
-  /** Send files to a device */
-  sendFiles: "localsend_send_files",
-  /** Cancel an outgoing transfer */
-  cancelSend: "localsend_cancel_send"
-};
-// src/commands/spaces.ts
-var SPACE_COMMANDS = {
-  /** Bulk assign rows to spaces */
-  assign: "extension_space_assign",
-  /** Bulk unassign rows from spaces */
-  unassign: "extension_space_unassign",
-  /** Get space assignments for a table */
-  getAssignments: "extension_space_get_assignments",
-  /** List all spaces the user is a member of (with decrypted names) */
-  list: "extension_space_list",
-  /** Create a new shared space */
-  create: "extension_space_create",
-  /** List available sync backends */
-  listBackends: "extension_space_list_backends"
-};
-// src/commands/index.ts
-var TAURI_COMMANDS = {
-  database: DATABASE_COMMANDS,
-  permissions: PERMISSIONS_COMMANDS,
-  web: WEB_COMMANDS,
-  webStorage: WEB_STORAGE_COMMANDS,
-  filesystem: FILESYSTEM_COMMANDS,
-  externalBridge: EXTERNAL_BRIDGE_COMMANDS,
-  extension: EXTENSION_COMMANDS,
-  remoteStorage: REMOTE_STORAGE_COMMANDS,
-  localsend: LOCALSEND_COMMANDS,
-  spaces: SPACE_COMMANDS
-};
-// src/api/storage.ts
-var StorageAPI = class {
-  constructor(client) {
-    this.client = client;
-  }
-  async getItem(key) {
-    return this.client.request(WEB_STORAGE_COMMANDS.getItem, { key });
-  }
-  async setItem(key, value) {
-    await this.client.request(WEB_STORAGE_COMMANDS.setItem, { key, value });
-  }
-  async removeItem(key) {
-    await this.client.request(WEB_STORAGE_COMMANDS.removeItem, { key });
-  }
-  async clear() {
-    await this.client.request(WEB_STORAGE_COMMANDS.clear);
-  }
-  async keys() {
-    return this.client.request(WEB_STORAGE_COMMANDS.keys);
-  }
-};
-// src/api/database.ts
-var DatabaseAPI = class {
-  constructor(client) {
-    this.client = client;
-  }
-  async query(query, params) {
-    const result = await this.client.request(
-      DATABASE_COMMANDS.query,
-      {
-        query,
-        params: params || []
-      }
-    );
-    return result.rows;
-  }
-  async queryOne(query, params) {
-    const rows = await this.query(query, params);
-    return rows.length > 0 ? rows[0] ?? null : null;
-  }
-  async execute(query, params) {
-    return this.client.request(DATABASE_COMMANDS.execute, {
-      query,
-      params: params || []
-    });
-  }
-  async transaction(statements) {
-    await this.client.request(DATABASE_COMMANDS.transaction, {
-      statements
-    });
-  }
-  async createTable(tableName, columns) {
-    const query = `CREATE TABLE IF NOT EXISTS ${tableName} (${columns})`;
-    await this.execute(query);
-  }
-  async dropTable(tableName) {
-    const query = `DROP TABLE IF EXISTS ${tableName}`;
-    await this.execute(query);
-  }
-  /**
-   * Registers and applies extension migrations with HaexVault
-   *
-   * HaexVault will:
-   * 1. Validate all SQL statements (ensure only extension's own tables are accessed)
-   * 2. Store migrations with applied_at = NULL
-   * 3. Query pending migrations sorted by name
-   * 4. Apply pending migrations and set up CRDT triggers
-   * 5. Mark successful migrations with applied_at timestamp
-   *
-   * @param extensionVersion - The version of the extension
-   * @param migrations - Array of migration objects with name and SQL content
-   * @returns Promise with migration result (applied count, already applied count, applied migration names)
-   */
-  async registerMigrationsAsync(extensionVersion, migrations) {
-    return this.client.request(
-      DATABASE_COMMANDS.registerMigrations,
-      {
-        extensionVersion,
-        migrations
-      }
-    );
-  }
-  async insert(tableName, data) {
-    const keys = Object.keys(data);
-    const values = Object.values(data);
-    const placeholders = keys.map(() => "?").join(", ");
-    const query = `INSERT INTO ${tableName} (${keys.join(
-      ", "
-    )}) VALUES (${placeholders})`;
-    const result = await this.execute(query, values);
-    return result.lastInsertId ?? -1;
-  }
-  async update(tableName, data, where, whereParams) {
-    const keys = Object.keys(data);
-    const values = Object.values(data);
-    const setClause = keys.map((key) => `${key} = ?`).join(", ");
-    const query = `UPDATE ${tableName} SET ${setClause} WHERE ${where}`;
-    const result = await this.execute(query, [
-      ...values,
-      ...whereParams || []
-    ]);
-    return result.rowsAffected;
-  }
-  async delete(tableName, where, whereParams) {
-    const query = `DELETE FROM ${tableName} WHERE ${where}`;
-    const result = await this.execute(query, whereParams);
-    return result.rowsAffected;
-  }
-  async count(tableName, where, whereParams) {
-    const query = where ? `SELECT COUNT(*) as count FROM ${tableName} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${tableName}`;
-    const result = await this.queryOne(query, whereParams);
-    return result?.count ?? 0;
-  }
-};
-// src/crypto/vaultKey.ts
-var PBKDF2_ITERATIONS = 6e5;
-var KEY_LENGTH = 256;
-var ALGORITHM = "AES-GCM";
-async function deriveKeyFromPassword(password, salt) {
-  const encoder = new TextEncoder();
-  const passwordBuffer = encoder.encode(password);
-  const saltBuffer = new Uint8Array(salt);
-  const keyMaterial = await crypto.subtle.importKey(
-    "raw",
-    passwordBuffer,
-    "PBKDF2",
-    false,
-    ["deriveKey"]
-  );
-  return await crypto.subtle.deriveKey(
-    {
-      name: "PBKDF2",
-      salt: saltBuffer,
-      iterations: PBKDF2_ITERATIONS,
-      hash: "SHA-256"
-    },
-    keyMaterial,
-    { name: ALGORITHM, length: KEY_LENGTH },
-    false,
-    // not extractable
-    ["encrypt", "decrypt"]
-  );
-}
-function generateVaultKey() {
-  return crypto.getRandomValues(new Uint8Array(32));
-}
-async function encryptString(data, derivedKey) {
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const encoder = new TextEncoder();
-  const dataBuffer = encoder.encode(data);
-  const encryptedBuffer = await crypto.subtle.encrypt(
-    {
-      name: ALGORITHM,
-      iv: nonce
-    },
-    derivedKey,
-    dataBuffer
-  );
-  return {
-    encryptedData: arrayBufferToBase64(encryptedBuffer),
-    nonce: arrayBufferToBase64(nonce)
-  };
-}
-async function decryptString(encryptedData, nonce, derivedKey) {
-  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
-  const nonceBuffer = base64ToArrayBuffer(nonce);
-  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
-  const iv = new Uint8Array(nonceBuffer);
-  const decryptedBuffer = await crypto.subtle.decrypt(
-    {
-      name: ALGORITHM,
-      iv
-    },
-    derivedKey,
-    encryptedDataBuffer
-  );
-  const decoder = new TextDecoder();
-  return decoder.decode(decryptedBuffer);
-}
-async function encryptVaultKey(vaultKey, password) {
-  const salt = crypto.getRandomValues(new Uint8Array(32));
-  const derivedKey = await deriveKeyFromPassword(password, salt);
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const vaultKeyBuffer = new Uint8Array(vaultKey);
-  const encryptedBuffer = await crypto.subtle.encrypt(
-    {
-      name: ALGORITHM,
-      iv: nonce
-    },
-    derivedKey,
-    vaultKeyBuffer
-  );
-  return {
-    encryptedVaultKey: arrayBufferToBase64(encryptedBuffer),
-    salt: arrayBufferToBase64(salt),
-    vaultKeyNonce: arrayBufferToBase64(nonce)
-  };
-}
-async function decryptVaultKey(encryptedVaultKey, salt, vaultKeyNonce, password) {
-  const encryptedBuffer = base64ToArrayBuffer(encryptedVaultKey);
-  const saltBuffer = base64ToArrayBuffer(salt);
-  const nonceBuffer = base64ToArrayBuffer(vaultKeyNonce);
-  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
-  const encryptedData = new Uint8Array(encryptedBuffer);
-  const iv = new Uint8Array(nonceBuffer);
-  const decryptedBuffer = await crypto.subtle.decrypt(
-    {
-      name: ALGORITHM,
-      iv
-    },
-    derivedKey,
-    encryptedData
-  );
-  return new Uint8Array(decryptedBuffer);
-}
-async function decryptVaultName(encryptedVaultName, vaultNameNonce, vaultNameSalt, password) {
-  const saltBuffer = base64ToArrayBuffer(vaultNameSalt);
-  const derivedKey = await deriveKeyFromPassword(password, saltBuffer);
-  return decryptString(encryptedVaultName, vaultNameNonce, derivedKey);
-}
-async function encryptCrdtData(data, vaultKey) {
-  const vaultKeyBuffer = new Uint8Array(vaultKey);
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw",
-    vaultKeyBuffer,
-    { name: ALGORITHM },
-    false,
-    ["encrypt"]
-  );
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const encoder = new TextEncoder();
-  const dataBuffer = encoder.encode(JSON.stringify(data));
-  const encryptedBuffer = await crypto.subtle.encrypt(
-    {
-      name: ALGORITHM,
-      iv: nonce
-    },
-    cryptoKey,
-    dataBuffer
-  );
-  return {
-    encryptedData: arrayBufferToBase64(encryptedBuffer),
-    nonce: arrayBufferToBase64(nonce)
-  };
-}
-async function wrapKey(keyToWrap, wrappingKey) {
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw",
-    new Uint8Array(wrappingKey),
-    { name: ALGORITHM },
-    false,
-    ["encrypt"]
-  );
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const ciphertext = await crypto.subtle.encrypt(
-    { name: ALGORITHM, iv: nonce },
-    cryptoKey,
-    new Uint8Array(keyToWrap)
-  );
-  const result = new Uint8Array(12 + ciphertext.byteLength);
-  result.set(nonce, 0);
-  result.set(new Uint8Array(ciphertext), 12);
-  return result;
-}
-async function unwrapKey(wrappedKey, wrappingKey) {
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw",
-    new Uint8Array(wrappingKey),
-    { name: ALGORITHM },
-    false,
-    ["decrypt"]
-  );
-  const nonce = wrappedKey.slice(0, 12);
-  const ciphertext = wrappedKey.slice(12);
-  const plaintext = await crypto.subtle.decrypt(
-    { name: ALGORITHM, iv: nonce },
-    cryptoKey,
-    ciphertext
-  );
-  return new Uint8Array(plaintext);
-}
-async function decryptCrdtData(encryptedData, nonce, vaultKey) {
-  const vaultKeyBuffer = new Uint8Array(vaultKey);
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw",
-    vaultKeyBuffer,
-    { name: ALGORITHM },
-    false,
-    ["decrypt"]
-  );
-  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
-  const nonceBuffer = base64ToArrayBuffer(nonce);
-  const encryptedDataBuffer = new Uint8Array(encryptedBuffer);
-  const iv = new Uint8Array(nonceBuffer);
-  const decryptedBuffer = await crypto.subtle.decrypt(
-    {
-      name: ALGORITHM,
-      iv
-    },
-    cryptoKey,
-    encryptedDataBuffer
-  );
-  const decoder = new TextDecoder();
-  const jsonString = decoder.decode(decryptedBuffer);
-  return JSON.parse(jsonString);
-}
-function arrayBufferToBase64(buffer) {
-  const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
-  if (typeof Buffer !== "undefined") {
-    return Buffer.from(bytes).toString("base64");
+  setSettings: "localsend_set_settings",
+  // Discovery (desktop only)
+  /** Start device discovery via multicast UDP */
+  startDiscovery: "localsend_start_discovery",
+  /** Stop device discovery */
+  stopDiscovery: "localsend_stop_discovery",
+  /** Get list of discovered devices */
+  getDevices: "localsend_get_devices",
+  // Network scan (mobile only)
+  /** Scan network for devices via HTTP */
+  scanNetwork: "localsend_scan_network",
+  // Server (receiving files)
+  /** Start the HTTPS server for receiving files */
+  startServer: "localsend_start_server",
+  /** Stop the HTTPS server */
+  stopServer: "localsend_stop_server",
+  /** Get server status */
+  getServerStatus: "localsend_get_server_status",
+  /** Get pending incoming transfer requests */
+  getPendingTransfers: "localsend_get_pending_transfers",
+  /** Accept an incoming transfer */
+  acceptTransfer: "localsend_accept_transfer",
+  /** Reject an incoming transfer */
+  rejectTransfer: "localsend_reject_transfer",
+  // Client (sending files)
+  /** Prepare files for sending - collect metadata */
+  prepareFiles: "localsend_prepare_files",
+  /** Send files to a device */
+  sendFiles: "localsend_send_files",
+  /** Cancel an outgoing transfer */
+  cancelSend: "localsend_cancel_send"
+};
+// src/commands/spaces.ts
+var SPACE_COMMANDS = {
+  /** Bulk assign rows to spaces */
+  assign: "extension_space_assign",
+  /** Bulk unassign rows from spaces */
+  unassign: "extension_space_unassign",
+  /** Get space assignments for a table */
+  getAssignments: "extension_space_get_assignments",
+  /** List all spaces the user is a member of (with decrypted names) */
+  list: "extension_space_list",
+  /** Create a new shared space */
+  create: "extension_space_create",
+  /** List available sync backends */
+  listBackends: "extension_space_list_backends"
+};
+// src/commands/index.ts
+var TAURI_COMMANDS = {
+  database: DATABASE_COMMANDS,
+  permissions: PERMISSIONS_COMMANDS,
+  web: WEB_COMMANDS,
+  webStorage: WEB_STORAGE_COMMANDS,
+  filesystem: FILESYSTEM_COMMANDS,
+  externalBridge: EXTERNAL_BRIDGE_COMMANDS,
+  extension: EXTENSION_COMMANDS,
+  remoteStorage: REMOTE_STORAGE_COMMANDS,
+  localsend: LOCALSEND_COMMANDS,
+  spaces: SPACE_COMMANDS
+};
+// src/api/storage.ts
+var StorageAPI = class {
+  constructor(client) {
+    this.client = client;
   }
-  let binary = "";
-  for (let i = 0; i < bytes.length; i++) {
-    const byte = bytes[i];
-    if (byte !== void 0) {
-      binary += String.fromCharCode(byte);
-    }
+  async getItem(key) {
+    return this.client.request(WEB_STORAGE_COMMANDS.getItem, { key });
   }
-  return btoa(binary);
-}
-function base64ToArrayBuffer(base64) {
-  if (typeof Buffer !== "undefined") {
-    return new Uint8Array(Buffer.from(base64, "base64"));
+  async setItem(key, value) {
+    await this.client.request(WEB_STORAGE_COMMANDS.setItem, { key, value });
   }
-  const binary = atob(base64);
-  const bytes = new Uint8Array(binary.length);
-  for (let i = 0; i < binary.length; i++) {
-    bytes[i] = binary.charCodeAt(i);
+  async removeItem(key) {
+    await this.client.request(WEB_STORAGE_COMMANDS.removeItem, { key });
   }
-  return bytes;
-}
+  async clear() {
+    await this.client.request(WEB_STORAGE_COMMANDS.clear);
+  }
+  async keys() {
+    return this.client.request(WEB_STORAGE_COMMANDS.keys);
+  }
+};
+// src/api/database.ts
+var DatabaseAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  async query(query, params) {
+    const result = await this.client.request(
+      DATABASE_COMMANDS.query,
+      {
+        query,
+        params: params || []
+      }
+    );
+    return result.rows;
+  }
+  async queryOne(query, params) {
+    const rows = await this.query(query, params);
+    return rows.length > 0 ? rows[0] ?? null : null;
+  }
+  async execute(query, params) {
+    return this.client.request(DATABASE_COMMANDS.execute, {
+      query,
+      params: params || []
+    });
+  }
+  async transaction(statements) {
+    await this.client.request(DATABASE_COMMANDS.transaction, {
+      statements
+    });
+  }
+  async createTable(tableName, columns) {
+    const query = `CREATE TABLE IF NOT EXISTS ${tableName} (${columns})`;
+    await this.execute(query);
+  }
+  async dropTable(tableName) {
+    const query = `DROP TABLE IF EXISTS ${tableName}`;
+    await this.execute(query);
+  }
+  /**
+   * Registers and applies extension migrations with HaexVault
+   *
+   * HaexVault will:
+   * 1. Validate all SQL statements (ensure only extension's own tables are accessed)
+   * 2. Store migrations with applied_at = NULL
+   * 3. Query pending migrations sorted by name
+   * 4. Apply pending migrations and set up CRDT triggers
+   * 5. Mark successful migrations with applied_at timestamp
+   *
+   * @param extensionVersion - The version of the extension
+   * @param migrations - Array of migration objects with name and SQL content
+   * @returns Promise with migration result (applied count, already applied count, applied migration names)
+   */
+  async registerMigrationsAsync(extensionVersion, migrations) {
+    return this.client.request(
+      DATABASE_COMMANDS.registerMigrations,
+      {
+        extensionVersion,
+        migrations
+      }
+    );
+  }
+  async insert(tableName, data) {
+    const keys = Object.keys(data);
+    const values = Object.values(data);
+    const placeholders = keys.map(() => "?").join(", ");
+    const query = `INSERT INTO ${tableName} (${keys.join(
+      ", "
+    )}) VALUES (${placeholders})`;
+    const result = await this.execute(query, values);
+    return result.lastInsertId ?? -1;
+  }
+  async update(tableName, data, where, whereParams) {
+    const keys = Object.keys(data);
+    const values = Object.values(data);
+    const setClause = keys.map((key) => `${key} = ?`).join(", ");
+    const query = `UPDATE ${tableName} SET ${setClause} WHERE ${where}`;
+    const result = await this.execute(query, [
+      ...values,
+      ...whereParams || []
+    ]);
+    return result.rowsAffected;
+  }
+  async delete(tableName, where, whereParams) {
+    const query = `DELETE FROM ${tableName} WHERE ${where}`;
+    const result = await this.execute(query, whereParams);
+    return result.rowsAffected;
+  }
+  async count(tableName, where, whereParams) {
+    const query = where ? `SELECT COUNT(*) as count FROM ${tableName} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${tableName}`;
+    const result = await this.queryOne(query, whereParams);
+    return result?.count ?? 0;
+  }
+};
 // src/api/filesystem.ts
+init_vaultKey();
 var FilesystemAPI = class {
   constructor(client) {
     this.client = client;
@@ -1426,6 +1510,7 @@ var PermissionsAPI = class {
 };
 // src/api/remoteStorage.ts
+init_vaultKey();
 var RemoteStorageAPI = class {
   constructor(client) {
     this.client = client;
@@ -2848,61 +2933,174 @@ async function verifyExtensionSignature(files, manifest) {
   }
 }
-// src/crypto/userKeypair.ts
-var SIGNING_ALGO = { name: "ECDSA", namedCurve: "P-256" };
-var KEY_AGREEMENT_ALGO = { name: "ECDH", namedCurve: "P-256" };
-async function generateUserKeypairAsync() {
-  const keypair = await crypto.subtle.generateKey(SIGNING_ALGO, true, ["sign", "verify"]);
-  return { publicKey: keypair.publicKey, privateKey: keypair.privateKey };
-}
-async function exportUserKeypairAsync(keypair) {
-  const pub = await crypto.subtle.exportKey("spki", keypair.publicKey);
-  const priv = await crypto.subtle.exportKey("pkcs8", keypair.privateKey);
-  return { publicKey: arrayBufferToBase64(pub), privateKey: arrayBufferToBase64(priv) };
-}
-async function importUserPublicKeyAsync(base64) {
-  return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), SIGNING_ALGO, true, ["verify"]);
+// src/index.ts
+init_vaultKey();
+init_userKeypair();
+// src/crypto/didKey.ts
+init_userKeypair();
+init_vaultKey();
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58btcEncode(bytes) {
+  let zeros = 0;
+  for (const b of bytes) {
+    if (b !== 0) break;
+    zeros++;
+  }
+  const digits = [];
+  for (const b of bytes) {
+    let carry = b;
+    for (let j = 0; j < digits.length; j++) {
+      carry += digits[j] << 8;
+      digits[j] = carry % 58;
+      carry = carry / 58 | 0;
+    }
+    while (carry > 0) {
+      digits.push(carry % 58);
+      carry = carry / 58 | 0;
+    }
+  }
+  return "1".repeat(zeros) + digits.reverse().map((d) => BASE58_ALPHABET[d]).join("");
+}
+function base58btcDecode(str) {
+  let zeros = 0;
+  for (const c of str) {
+    if (c !== "1") break;
+    zeros++;
+  }
+  const bytes = [];
+  for (const c of str) {
+    const value = BASE58_ALPHABET.indexOf(c);
+    if (value === -1) throw new Error(`Invalid base58 character: ${c}`);
+    let carry = value;
+    for (let j = 0; j < bytes.length; j++) {
+      carry += bytes[j] * 58;
+      bytes[j] = carry & 255;
+      carry >>= 8;
+    }
+    while (carry > 0) {
+      bytes.push(carry & 255);
+      carry >>= 8;
+    }
+  }
+  const result = new Uint8Array(zeros + bytes.length);
+  for (let i = 0; i < bytes.length; i++) {
+    result[zeros + i] = bytes[bytes.length - 1 - i];
+  }
+  return result;
 }
-async function importUserPrivateKeyAsync(base64) {
-  return crypto.subtle.importKey("pkcs8", base64ToArrayBuffer(base64), SIGNING_ALGO, true, ["sign"]);
+function compressP256Point(uncompressed) {
+  if (uncompressed.length !== 65 || uncompressed[0] !== 4) {
+    throw new Error("Expected 65-byte uncompressed P-256 point (0x04 prefix)");
+  }
+  const x = uncompressed.slice(1, 33);
+  const yLastByte = uncompressed[64];
+  const prefix = (yLastByte & 1) === 0 ? 2 : 3;
+  const compressed = new Uint8Array(33);
+  compressed[0] = prefix;
+  compressed.set(x, 1);
+  return compressed;
+}
+function decompressP256Point(compressed) {
+  if (compressed.length !== 33 || compressed[0] !== 2 && compressed[0] !== 3) {
+    throw new Error("Expected 33-byte compressed P-256 point");
+  }
+  const isOdd = compressed[0] === 3;
+  const x = bytesToBigInt(compressed.slice(1));
+  const p = BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff");
+  const b = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
+  const a = p - 3n;
+  const ySquared = (modPow(x, 3n, p) + a * x + b) % p;
+  let y = modSqrt(ySquared, p);
+  const yIsOdd = (y & 1n) === 1n;
+  if (isOdd !== yIsOdd) {
+    y = p - y;
+  }
+  const uncompressed = new Uint8Array(65);
+  uncompressed[0] = 4;
+  uncompressed.set(bigIntToBytes(x, 32), 1);
+  uncompressed.set(bigIntToBytes(y, 32), 33);
+  return uncompressed;
+}
+function bytesToBigInt(bytes) {
+  let result = 0n;
+  for (const b of bytes) {
+    result = result << 8n | BigInt(b);
+  }
+  return result;
 }
-async function importPublicKeyForKeyAgreementAsync(base64) {
-  return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), KEY_AGREEMENT_ALGO, true, []);
+function bigIntToBytes(n, length) {
+  const bytes = new Uint8Array(length);
+  let val = n;
+  for (let i = length - 1; i >= 0; i--) {
+    bytes[i] = Number(val & 0xffn);
+    val >>= 8n;
+  }
+  return bytes;
 }
-async function importPrivateKeyForKeyAgreementAsync(base64) {
-  return crypto.subtle.importKey("pkcs8", base64ToArrayBuffer(base64), KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
+function modPow(base, exp, mod) {
+  let result = 1n;
+  base = base % mod;
+  while (exp > 0n) {
+    if (exp & 1n) result = result * base % mod;
+    exp >>= 1n;
+    base = base * base % mod;
+  }
+  return result;
 }
-async function encryptPrivateKeyAsync(privateKeyBase64, password) {
-  const salt = crypto.getRandomValues(new Uint8Array(32));
-  const derivedKey = await deriveKeyFromPassword(password, salt);
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const encrypted = await crypto.subtle.encrypt(
-    { name: "AES-GCM", iv: nonce },
-    derivedKey,
-    new TextEncoder().encode(privateKeyBase64)
+function modSqrt(a, p) {
+  return modPow(a, (p + 1n) / 4n, p);
+}
+var P256_MULTICODEC_PREFIX = new Uint8Array([128, 36]);
+async function publicKeyToDidKeyAsync(publicKeyBase64) {
+  const cryptoKey = await importUserPublicKeyAsync(publicKeyBase64);
+  const rawBytes = new Uint8Array(await crypto.subtle.exportKey("raw", cryptoKey));
+  const compressed = compressP256Point(rawBytes);
+  const multicodecBytes = new Uint8Array(P256_MULTICODEC_PREFIX.length + compressed.length);
+  multicodecBytes.set(P256_MULTICODEC_PREFIX);
+  multicodecBytes.set(compressed, P256_MULTICODEC_PREFIX.length);
+  return `did:key:z${base58btcEncode(multicodecBytes)}`;
+}
+async function didKeyToPublicKeyAsync(did) {
+  if (!did.startsWith("did:key:z")) {
+    throw new Error("Only did:key with base58-btc multibase (z prefix) is supported");
+  }
+  const multicodecBytes = base58btcDecode(did.slice("did:key:z".length));
+  if (multicodecBytes[0] !== P256_MULTICODEC_PREFIX[0] || multicodecBytes[1] !== P256_MULTICODEC_PREFIX[1]) {
+    throw new Error("Unsupported key type in did:key (expected P-256)");
+  }
+  const compressed = multicodecBytes.slice(P256_MULTICODEC_PREFIX.length);
+  const uncompressed = decompressP256Point(compressed);
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    uncompressed.buffer,
+    { name: "ECDSA", namedCurve: "P-256" },
+    true,
+    ["verify"]
   );
+  const spki = await crypto.subtle.exportKey("spki", cryptoKey);
+  return arrayBufferToBase64(spki);
+}
+async function generateIdentityAsync() {
+  const { generateUserKeypairAsync: generateUserKeypairAsync2, exportUserKeypairAsync: exportUserKeypairAsync2 } = await Promise.resolve().then(() => (init_userKeypair(), userKeypair_exports));
+  const keypair = await generateUserKeypairAsync2();
+  const exported = await exportUserKeypairAsync2(keypair);
+  const did = await publicKeyToDidKeyAsync(exported.publicKey);
   return {
-    encryptedPrivateKey: arrayBufferToBase64(encrypted),
-    nonce: arrayBufferToBase64(nonce),
-    salt: arrayBufferToBase64(salt)
+    did,
+    publicKeyBase64: exported.publicKey,
+    privateKeyBase64: exported.privateKey
   };
 }
-async function decryptPrivateKeyAsync(encryptedPrivateKey, nonce, salt, password) {
-  const derivedKey = await deriveKeyFromPassword(password, base64ToArrayBuffer(salt));
-  const decrypted = await crypto.subtle.decrypt(
-    { name: "AES-GCM", iv: base64ToArrayBuffer(nonce) },
-    derivedKey,
-    base64ToArrayBuffer(encryptedPrivateKey)
-  );
-  return new TextDecoder().decode(decrypted);
-}
 // src/crypto/spaceKey.ts
+init_userKeypair();
+init_vaultKey();
 function generateSpaceKey() {
   return generateVaultKey();
 }
 async function encryptSpaceKeyForRecipientAsync(spaceKey, recipientPublicKeyBase64) {
-  const ephemeral = await crypto.subtle.generateKey(KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
+  const ephemeral = await crypto.subtle.generateKey(exports.KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
   const recipientKey = await importPublicKeyForKeyAgreementAsync(recipientPublicKeyBase64);
   const sharedBits = await crypto.subtle.deriveBits(
     { name: "ECDH", public: recipientKey },
@@ -2934,7 +3132,7 @@ async function decryptSpaceKeyAsync(encrypted, ownPrivateKeyBase64) {
   const ephPubKey = await crypto.subtle.importKey(
     "spki",
     base64ToArrayBuffer(encrypted.ephemeralPublicKey),
-    KEY_AGREEMENT_ALGO,
+    exports.KEY_AGREEMENT_ALGO,
     true,
     []
   );
@@ -2985,7 +3183,45 @@ async function decryptSpaceNameAsync(spaceKey, encryptedName, nameNonce) {
   return decryptString(encryptedName, nameNonce, cryptoKey);
 }
+// src/crypto/claims.ts
+init_userKeypair();
+async function signClaimPresentationAsync(did, publicKeyBase64, claims, privateKeyBase64) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const sortedEntries = Object.entries(claims).sort(([a], [b]) => a.localeCompare(b));
+  const canonical = [did, timestamp, ...sortedEntries.map(([k, v]) => `${k}=${v}`)].join("\0");
+  const privateKey = await importUserPrivateKeyAsync(privateKeyBase64);
+  const data = new TextEncoder().encode(canonical);
+  const sig = await crypto.subtle.sign(
+    { name: "ECDSA", hash: "SHA-256" },
+    privateKey,
+    data
+  );
+  return {
+    did,
+    publicKey: publicKeyBase64,
+    claims,
+    timestamp,
+    signature: btoa(String.fromCharCode(...new Uint8Array(sig)))
+  };
+}
+async function verifyClaimPresentationAsync(presentation) {
+  const { did, publicKey, claims, timestamp, signature } = presentation;
+  const sortedEntries = Object.entries(claims).sort(([a], [b]) => a.localeCompare(b));
+  const canonical = [did, timestamp, ...sortedEntries.map(([k, v]) => `${k}=${v}`)].join("\0");
+  const pubKey = await importUserPublicKeyAsync(publicKey);
+  const data = new TextEncoder().encode(canonical);
+  const sigBytes = Uint8Array.from(atob(signature), (c) => c.charCodeAt(0));
+  return crypto.subtle.verify(
+    { name: "ECDSA", hash: "SHA-256" },
+    pubKey,
+    sigBytes,
+    data
+  );
+}
 // src/crypto/recordSigning.ts
+init_userKeypair();
+init_vaultKey();
 function canonicalize(record) {
   const parts = [
     record.tableName,
@@ -3048,6 +3284,7 @@ async function verifySpaceChallengeAsync(spaceId, timestamp, signatureBase64, pu
 }
 // src/crypto/passkey.ts
+init_vaultKey();
 function toArrayBuffer(data) {
   if (data instanceof ArrayBuffer) {
     return data;
@@ -3229,14 +3466,12 @@ exports.HAEXSPACE_MESSAGE_TYPES = HAEXSPACE_MESSAGE_TYPES;
 exports.HAEXTENSION_EVENTS = HAEXTENSION_EVENTS;
 exports.HaexVaultSdk = HaexVaultSdk;
 exports.HaexVaultSdkError = HaexVaultSdkError;
-exports.KEY_AGREEMENT_ALGO = KEY_AGREEMENT_ALGO;
 exports.LOCALSEND_EVENTS = LOCALSEND_EVENTS;
 exports.LocalSendAPI = LocalSendAPI;
 exports.PermissionErrorCode = PermissionErrorCode;
 exports.PermissionStatus = PermissionStatus;
 exports.PermissionsAPI = PermissionsAPI;
 exports.RemoteStorageAPI = RemoteStorageAPI;
-exports.SIGNING_ALGO = SIGNING_ALGO;
 exports.SPACE_COMMANDS = SPACE_COMMANDS;
 exports.SpacesAPI = SpacesAPI;
 exports.TABLE_SEPARATOR = TABLE_SEPARATOR;
@@ -3254,6 +3489,7 @@ exports.decryptString = decryptString;
 exports.decryptVaultKey = decryptVaultKey;
 exports.decryptVaultName = decryptVaultName;
 exports.deriveKeyFromPassword = deriveKeyFromPassword;
+exports.didKeyToPublicKeyAsync = didKeyToPublicKeyAsync;
 exports.encryptCrdtData = encryptCrdtData;
 exports.encryptPrivateKeyAsync = encryptPrivateKeyAsync;
 exports.encryptSpaceKeyForRecipientAsync = encryptSpaceKeyForRecipientAsync;
@@ -3266,6 +3502,7 @@ exports.exportPublicKeyAsync = exportPublicKeyAsync;
 exports.exportPublicKeyCoseAsync = exportPublicKeyCoseAsync;
 exports.exportUserKeypairAsync = exportUserKeypairAsync;
 exports.generateCredentialId = generateCredentialId;
+exports.generateIdentityAsync = generateIdentityAsync;
 exports.generatePasskeyPairAsync = generatePasskeyPairAsync;
 exports.generateSpaceKey = generateSpaceKey;
 exports.generateUserKeypairAsync = generateUserKeypairAsync;
@@ -3288,11 +3525,14 @@ exports.isExternalClientConnected = isExternalClientConnected;
 exports.isPermissionDeniedError = isPermissionDeniedError;
 exports.isPermissionError = isPermissionError;
 exports.isPermissionPromptError = isPermissionPromptError;
+exports.publicKeyToDidKeyAsync = publicKeyToDidKeyAsync;
+exports.signClaimPresentationAsync = signClaimPresentationAsync;
 exports.signRecordAsync = signRecordAsync;
 exports.signSpaceChallengeAsync = signSpaceChallengeAsync;
 exports.signWithPasskeyAsync = signWithPasskeyAsync;
 exports.sortObjectKeysRecursively = sortObjectKeysRecursively;
 exports.unwrapKey = unwrapKey;
+exports.verifyClaimPresentationAsync = verifyClaimPresentationAsync;
 exports.verifyExtensionSignature = verifyExtensionSignature;
 exports.verifyRecordSignatureAsync = verifyRecordSignatureAsync;
 exports.verifySpaceChallengeAsync = verifySpaceChallengeAsync;