@haex-space/vault-sdk 2.5.118 → 2.5.120

package/dist/{client-CA59HZfa.d.ts → client-CrXV__Zx.d.mts}

@@ -1,4 +1,4 @@
-import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, f as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult, g as EventCallback } from './types-neLTvZJ_.js';
+import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, f as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult, g as EventCallback } from './types-TFcm6hpl.mjs';
 import { SqliteRemoteDatabase } from 'drizzle-orm/sqlite-proxy';
 
 /**
@@ -939,7 +939,7 @@ declare class LocalSendAPI {
     cancelSend(sessionId: string): Promise<void>;
 }
 
-type SpaceRole = 'admin' | 'member' | 'viewer';
+type SpaceRole = 'admin' | 'owner' | 'member' | 'reader';
 interface SharedSpace {
     id: string;
     ownerId: string;
@@ -947,14 +947,12 @@ interface SharedSpace {
     nameNonce: string;
     currentKeyGeneration: number;
     role: SpaceRole;
-    canInvite: boolean;
     createdAt: string;
 }
 interface SpaceMemberInfo {
     publicKey: string;
     label: string;
     role: SpaceRole;
-    canInvite: boolean;
     invitedBy: string | null;
     joinedAt: string;
 }
@@ -993,7 +991,6 @@ interface DecryptedSpace {
     id: string;
     name: string;
     role: SpaceRole;
-    canInvite: boolean;
     serverUrl: string;
     createdAt: string;
 }
@@ -1174,4 +1171,4 @@ declare class HaexVaultSdk {
     private log;
 }
 
-export { type TransferState as $, type AuthorizedClient as A, type BlockedClient as B, type SelectFileOptions as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFolderOptions as G, HaexVaultSdk as H, type ServerInfo as I, type ServerStatus as J, type SessionAuthorization as K, LOCALSEND_EVENTS as L, type SharedSpace as M, type SpaceAccessTokenInfo as N, type SpaceAssignment as O, type PendingAuthorization as P, type SpaceInvite as Q, RemoteStorageAPI as R, StorageAPI as S, type SpaceKeyGrantInfo as T, type UpdateBackendRequest as U, type SpaceMemberInfo as V, type SpaceRole as W, SpacesAPI as X, type SyncBackendInfo as Y, type TransferDirection as Z, type TransferProgress as _, type DecryptedSpace as a, WebAPI as a0, canExternalClientSendRequests as a1, isExternalClientConnected as a2, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, LocalSendAPI as o, type LocalSendEvent as p, type FileInfo as q, type LocalSendSettings as r, type PendingTransfer as s, PermissionsAPI as t, type AddBackendRequest as u, type S3Config as v, type S3PublicConfig as w, type StorageBackendInfo as x, type StorageObjectInfo as y, type RequestedExtension as z };
+export { type TransferState as $, type AuthorizedClient as A, type BlockedClient as B, type RequestedExtension as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFileOptions as G, HaexVaultSdk as H, type SelectFolderOptions as I, type ServerInfo as J, type ServerStatus as K, LOCALSEND_EVENTS as L, type SessionAuthorization as M, type SharedSpace as N, type SpaceAccessTokenInfo as O, type PendingAuthorization as P, type SpaceAssignment as Q, RemoteStorageAPI as R, StorageAPI as S, type SpaceInvite as T, type UpdateBackendRequest as U, type SpaceKeyGrantInfo as V, type SpaceMemberInfo as W, SpacesAPI as X, type SyncBackendInfo as Y, type TransferDirection as Z, type TransferProgress as _, type SpaceRole as a, WebAPI as a0, canExternalClientSendRequests as a1, isExternalClientConnected as a2, type DecryptedSpace as b, type Device as c, type DeviceInfo as d, type DeviceType as e, type DirEntry as f, type ExternalConnection as g, ExternalConnectionErrorCode as h, ExternalConnectionState as i, type ExternalRequest as j, type ExternalRequestEvent as k, type ExternalRequestHandler as l, type ExternalRequestPayload as m, type ExternalResponse as n, FilesystemAPI as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type PendingTransfer as t, PermissionsAPI as u, type AddBackendRequest as v, type S3Config as w, type S3PublicConfig as x, type StorageBackendInfo as y, type StorageObjectInfo as z };

package/dist/{client-DSvkG_lC.d.mts → client-DzQv-YCD.d.ts}

@@ -1,4 +1,4 @@
-import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, f as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult, g as EventCallback } from './types-neLTvZJ_.mjs';
+import { b as HaexHubEvent, c as EXTERNAL_EVENTS, D as DatabaseQueryResult, M as Migration, d as MigrationResult, W as WebRequestOptions, e as WebResponse, H as HaexHubConfig, a as ExtensionInfo, A as ApplicationContext, f as DatabasePermissionRequest, P as PermissionResponse, S as SearchResult, g as EventCallback } from './types-TFcm6hpl.js';
 import { SqliteRemoteDatabase } from 'drizzle-orm/sqlite-proxy';
 
 /**
@@ -939,7 +939,7 @@ declare class LocalSendAPI {
     cancelSend(sessionId: string): Promise<void>;
 }
 
-type SpaceRole = 'admin' | 'member' | 'viewer';
+type SpaceRole = 'admin' | 'owner' | 'member' | 'reader';
 interface SharedSpace {
     id: string;
     ownerId: string;
@@ -947,14 +947,12 @@ interface SharedSpace {
     nameNonce: string;
     currentKeyGeneration: number;
     role: SpaceRole;
-    canInvite: boolean;
     createdAt: string;
 }
 interface SpaceMemberInfo {
     publicKey: string;
     label: string;
     role: SpaceRole;
-    canInvite: boolean;
     invitedBy: string | null;
     joinedAt: string;
 }
@@ -993,7 +991,6 @@ interface DecryptedSpace {
     id: string;
     name: string;
     role: SpaceRole;
-    canInvite: boolean;
     serverUrl: string;
     createdAt: string;
 }
@@ -1174,4 +1171,4 @@ declare class HaexVaultSdk {
     private log;
 }
 
-export { type TransferState as $, type AuthorizedClient as A, type BlockedClient as B, type SelectFileOptions as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFolderOptions as G, HaexVaultSdk as H, type ServerInfo as I, type ServerStatus as J, type SessionAuthorization as K, LOCALSEND_EVENTS as L, type SharedSpace as M, type SpaceAccessTokenInfo as N, type SpaceAssignment as O, type PendingAuthorization as P, type SpaceInvite as Q, RemoteStorageAPI as R, StorageAPI as S, type SpaceKeyGrantInfo as T, type UpdateBackendRequest as U, type SpaceMemberInfo as V, type SpaceRole as W, SpacesAPI as X, type SyncBackendInfo as Y, type TransferDirection as Z, type TransferProgress as _, type DecryptedSpace as a, WebAPI as a0, canExternalClientSendRequests as a1, isExternalClientConnected as a2, type Device as b, type DeviceInfo as c, type DeviceType as d, type DirEntry as e, type ExternalConnection as f, ExternalConnectionErrorCode as g, ExternalConnectionState as h, type ExternalRequest as i, type ExternalRequestEvent as j, type ExternalRequestHandler as k, type ExternalRequestPayload as l, type ExternalResponse as m, FilesystemAPI as n, LocalSendAPI as o, type LocalSendEvent as p, type FileInfo as q, type LocalSendSettings as r, type PendingTransfer as s, PermissionsAPI as t, type AddBackendRequest as u, type S3Config as v, type S3PublicConfig as w, type StorageBackendInfo as x, type StorageObjectInfo as y, type RequestedExtension as z };
+export { type TransferState as $, type AuthorizedClient as A, type BlockedClient as B, type RequestedExtension as C, DatabaseAPI as D, type ExternalAuthDecision as E, type FileStat as F, type SelectFileOptions as G, HaexVaultSdk as H, type SelectFolderOptions as I, type ServerInfo as J, type ServerStatus as K, LOCALSEND_EVENTS as L, type SessionAuthorization as M, type SharedSpace as N, type SpaceAccessTokenInfo as O, type PendingAuthorization as P, type SpaceAssignment as Q, RemoteStorageAPI as R, StorageAPI as S, type SpaceInvite as T, type UpdateBackendRequest as U, type SpaceKeyGrantInfo as V, type SpaceMemberInfo as W, SpacesAPI as X, type SyncBackendInfo as Y, type TransferDirection as Z, type TransferProgress as _, type SpaceRole as a, WebAPI as a0, canExternalClientSendRequests as a1, isExternalClientConnected as a2, type DecryptedSpace as b, type Device as c, type DeviceInfo as d, type DeviceType as e, type DirEntry as f, type ExternalConnection as g, ExternalConnectionErrorCode as h, ExternalConnectionState as i, type ExternalRequest as j, type ExternalRequestEvent as k, type ExternalRequestHandler as l, type ExternalRequestPayload as m, type ExternalResponse as n, FilesystemAPI as o, LocalSendAPI as p, type LocalSendEvent as q, type FileInfo as r, type LocalSendSettings as s, type PendingTransfer as t, PermissionsAPI as u, type AddBackendRequest as v, type S3Config as w, type S3PublicConfig as x, type StorageBackendInfo as y, type StorageObjectInfo as z };

package/dist/index.d.mts

@@ -1,7 +1,7 @@
-import { H as HaexVaultSdk } from './client-DSvkG_lC.mjs';
-export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, a as DecryptedSpace, b as Device, c as DeviceInfo, d as DeviceType, e as DirEntry, E as ExternalAuthDecision, f as ExternalConnection, g as ExternalConnectionErrorCode, h as ExternalConnectionState, i as ExternalRequest, j as ExternalRequestEvent, k as ExternalRequestHandler, l as ExternalRequestPayload, m as ExternalResponse, F as FileStat, n as FilesystemAPI, L as LOCALSEND_EVENTS, o as LocalSendAPI, p as LocalSendEvent, q as LocalSendFileInfo, r as LocalSendSettings, P as PendingAuthorization, s as PendingTransfer, t as PermissionsAPI, u as RemoteAddBackendRequest, v as RemoteS3Config, w as RemoteS3PublicConfig, R as RemoteStorageAPI, x as RemoteStorageBackendInfo, y as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, z as RequestedExtension, C as SelectFileOptions, G as SelectFolderOptions, I as ServerInfo, J as ServerStatus, K as SessionAuthorization, M as SharedSpace, N as SpaceAccessTokenInfo, O as SpaceAssignment, Q as SpaceInvite, T as SpaceKeyGrantInfo, V as SpaceMemberInfo, W as SpaceRole, X as SpacesAPI, Y as SyncBackendInfo, Z as TransferDirection, _ as TransferProgress, $ as TransferState, a0 as WebAPI, a1 as canExternalClientSendRequests, a2 as isExternalClientConnected } from './client-DSvkG_lC.mjs';
-import { E as ExtensionManifest, H as HaexHubConfig } from './types-neLTvZJ_.mjs';
-export { A as ApplicationContext, C as ContextChangedEvent, h as DEFAULT_TIMEOUT, i as DatabaseColumnInfo, j as DatabaseExecuteParams, k as DatabasePermission, f as DatabasePermissionRequest, l as DatabaseQueryParams, D as DatabaseQueryResult, m as DatabaseTableInfo, c as EXTERNAL_EVENTS, n as ErrorCode, g as EventCallback, a as ExtensionInfo, o as ExtensionRuntimeMode, p as ExternalEvent, F as FileChangeEvent, q as FileChangePayload, r as FileChangeType, s as FilteredSyncTablesResult, t as HAEXTENSION_EVENTS, b as HaexHubEvent, u as HaexHubRequest, v as HaexHubResponse, w as HaexVaultSdkError, x as HaextensionEvent, y as PermissionDeniedError, z as PermissionErrorBase, B as PermissionErrorCode, G as PermissionPromptError, P as PermissionResponse, I as PermissionStatus, J as SearchQuery, K as SearchRequestEvent, S as SearchResult, L as SyncTablesUpdatedEvent, T as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, N as getTableName, O as isPermissionDeniedError, Q as isPermissionError, R as isPermissionPromptError } from './types-neLTvZJ_.mjs';
+import { a as SpaceRole, H as HaexVaultSdk } from './client-CrXV__Zx.mjs';
+export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, L as LOCALSEND_EVENTS, p as LocalSendAPI, q as LocalSendEvent, r as LocalSendFileInfo, s as LocalSendSettings, P as PendingAuthorization, t as PendingTransfer, u as PermissionsAPI, v as RemoteAddBackendRequest, w as RemoteS3Config, x as RemoteS3PublicConfig, R as RemoteStorageAPI, y as RemoteStorageBackendInfo, z as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, C as RequestedExtension, G as SelectFileOptions, I as SelectFolderOptions, J as ServerInfo, K as ServerStatus, M as SessionAuthorization, N as SharedSpace, O as SpaceAccessTokenInfo, Q as SpaceAssignment, T as SpaceInvite, V as SpaceKeyGrantInfo, W as SpaceMemberInfo, X as SpacesAPI, Y as SyncBackendInfo, Z as TransferDirection, _ as TransferProgress, $ as TransferState, a0 as WebAPI, a1 as canExternalClientSendRequests, a2 as isExternalClientConnected } from './client-CrXV__Zx.mjs';
+import { E as ExtensionManifest, h as SignedClaimPresentation, H as HaexHubConfig } from './types-TFcm6hpl.mjs';
+export { A as ApplicationContext, C as ClaimRequirement, i as ContextChangedEvent, j as DEFAULT_TIMEOUT, k as DatabaseColumnInfo, l as DatabaseExecuteParams, m as DatabasePermission, f as DatabasePermissionRequest, n as DatabaseQueryParams, D as DatabaseQueryResult, o as DatabaseTableInfo, c as EXTERNAL_EVENTS, p as ErrorCode, g as EventCallback, a as ExtensionInfo, q as ExtensionRuntimeMode, r as ExternalEvent, F as FileChangeEvent, s as FileChangePayload, t as FileChangeType, u as FilteredSyncTablesResult, v as HAEXTENSION_EVENTS, b as HaexHubEvent, w as HaexHubRequest, x as HaexHubResponse, y as HaexVaultSdkError, z as HaextensionEvent, I as IdentityClaim, B as PermissionDeniedError, G as PermissionErrorBase, J as PermissionErrorCode, K as PermissionPromptError, P as PermissionResponse, L as PermissionStatus, N as SearchQuery, O as SearchRequestEvent, S as SearchResult, Q as SyncTablesUpdatedEvent, T as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, R as getTableName, U as isPermissionDeniedError, V as isPermissionError, X as isPermissionPromptError } from './types-TFcm6hpl.mjs';
 export { H as HaextensionConfig } from './config-D_HXjsEV.mjs';
 import 'drizzle-orm/sqlite-proxy';
 
@@ -88,6 +88,7 @@ declare function installPolyfills(): void;
  * Types for communicating with the haex-sync-server authentication endpoints.
  * Used by haex-vault and extensions that need to interact with the sync server.
  */
+
 /**
  * S3-compatible storage configuration provided by the sync server.
  *
@@ -201,8 +202,7 @@ interface CreateSpaceRequest {
 interface InviteMemberRequest {
     publicKey: string;
     label: string;
-    role: 'member' | 'viewer';
-    canInvite?: boolean;
+    role: SpaceRole;
     keyGrant: {
         encryptedSpaceKey: string;
         keyNonce: string;
@@ -860,6 +860,19 @@ declare function encryptSpaceNameAsync(spaceKey: Uint8Array, spaceName: string):
  */
 declare function decryptSpaceNameAsync(spaceKey: Uint8Array, encryptedName: string, nameNonce: string): Promise<string>;
 
+/**
+ * Creates a signed claim presentation for selective disclosure.
+ * The server can verify that the claims come from the identity holder.
+ *
+ * Canonical form for signing: did\0timestamp\0type1=value1\0type2=value2\0...
+ * (claims sorted alphabetically by type)
+ */
+declare function signClaimPresentationAsync(did: string, publicKeyBase64: string, claims: Record<string, string>, privateKeyBase64: string): Promise<SignedClaimPresentation>;
+/**
+ * Verifies a signed claim presentation.
+ */
+declare function verifyClaimPresentationAsync(presentation: SignedClaimPresentation): Promise<boolean>;
+
 interface SignableRecord {
     tableName: string;
     rowPks: string;
@@ -963,4 +976,4 @@ declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPa
 
 declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
 
-export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, SPACE_COMMANDS, type SignableRecord, type SpaceCommand, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptSpaceNameAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, didKeyToPublicKeyAsync, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptSpaceNameAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generateIdentityAsync, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, publicKeyToDidKeyAsync, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };
+export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, SPACE_COMMANDS, type SignableRecord, SignedClaimPresentation, type SpaceCommand, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptSpaceNameAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, didKeyToPublicKeyAsync, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptSpaceNameAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generateIdentityAsync, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, publicKeyToDidKeyAsync, signClaimPresentationAsync, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyClaimPresentationAsync, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };

package/dist/index.d.ts

@@ -1,7 +1,7 @@
-import { H as HaexVaultSdk } from './client-CA59HZfa.js';
-export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, a as DecryptedSpace, b as Device, c as DeviceInfo, d as DeviceType, e as DirEntry, E as ExternalAuthDecision, f as ExternalConnection, g as ExternalConnectionErrorCode, h as ExternalConnectionState, i as ExternalRequest, j as ExternalRequestEvent, k as ExternalRequestHandler, l as ExternalRequestPayload, m as ExternalResponse, F as FileStat, n as FilesystemAPI, L as LOCALSEND_EVENTS, o as LocalSendAPI, p as LocalSendEvent, q as LocalSendFileInfo, r as LocalSendSettings, P as PendingAuthorization, s as PendingTransfer, t as PermissionsAPI, u as RemoteAddBackendRequest, v as RemoteS3Config, w as RemoteS3PublicConfig, R as RemoteStorageAPI, x as RemoteStorageBackendInfo, y as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, z as RequestedExtension, C as SelectFileOptions, G as SelectFolderOptions, I as ServerInfo, J as ServerStatus, K as SessionAuthorization, M as SharedSpace, N as SpaceAccessTokenInfo, O as SpaceAssignment, Q as SpaceInvite, T as SpaceKeyGrantInfo, V as SpaceMemberInfo, W as SpaceRole, X as SpacesAPI, Y as SyncBackendInfo, Z as TransferDirection, _ as TransferProgress, $ as TransferState, a0 as WebAPI, a1 as canExternalClientSendRequests, a2 as isExternalClientConnected } from './client-CA59HZfa.js';
-import { E as ExtensionManifest, H as HaexHubConfig } from './types-neLTvZJ_.js';
-export { A as ApplicationContext, C as ContextChangedEvent, h as DEFAULT_TIMEOUT, i as DatabaseColumnInfo, j as DatabaseExecuteParams, k as DatabasePermission, f as DatabasePermissionRequest, l as DatabaseQueryParams, D as DatabaseQueryResult, m as DatabaseTableInfo, c as EXTERNAL_EVENTS, n as ErrorCode, g as EventCallback, a as ExtensionInfo, o as ExtensionRuntimeMode, p as ExternalEvent, F as FileChangeEvent, q as FileChangePayload, r as FileChangeType, s as FilteredSyncTablesResult, t as HAEXTENSION_EVENTS, b as HaexHubEvent, u as HaexHubRequest, v as HaexHubResponse, w as HaexVaultSdkError, x as HaextensionEvent, y as PermissionDeniedError, z as PermissionErrorBase, B as PermissionErrorCode, G as PermissionPromptError, P as PermissionResponse, I as PermissionStatus, J as SearchQuery, K as SearchRequestEvent, S as SearchResult, L as SyncTablesUpdatedEvent, T as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, N as getTableName, O as isPermissionDeniedError, Q as isPermissionError, R as isPermissionPromptError } from './types-neLTvZJ_.js';
+import { a as SpaceRole, H as HaexVaultSdk } from './client-DzQv-YCD.js';
+export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, L as LOCALSEND_EVENTS, p as LocalSendAPI, q as LocalSendEvent, r as LocalSendFileInfo, s as LocalSendSettings, P as PendingAuthorization, t as PendingTransfer, u as PermissionsAPI, v as RemoteAddBackendRequest, w as RemoteS3Config, x as RemoteS3PublicConfig, R as RemoteStorageAPI, y as RemoteStorageBackendInfo, z as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, C as RequestedExtension, G as SelectFileOptions, I as SelectFolderOptions, J as ServerInfo, K as ServerStatus, M as SessionAuthorization, N as SharedSpace, O as SpaceAccessTokenInfo, Q as SpaceAssignment, T as SpaceInvite, V as SpaceKeyGrantInfo, W as SpaceMemberInfo, X as SpacesAPI, Y as SyncBackendInfo, Z as TransferDirection, _ as TransferProgress, $ as TransferState, a0 as WebAPI, a1 as canExternalClientSendRequests, a2 as isExternalClientConnected } from './client-DzQv-YCD.js';
+import { E as ExtensionManifest, h as SignedClaimPresentation, H as HaexHubConfig } from './types-TFcm6hpl.js';
+export { A as ApplicationContext, C as ClaimRequirement, i as ContextChangedEvent, j as DEFAULT_TIMEOUT, k as DatabaseColumnInfo, l as DatabaseExecuteParams, m as DatabasePermission, f as DatabasePermissionRequest, n as DatabaseQueryParams, D as DatabaseQueryResult, o as DatabaseTableInfo, c as EXTERNAL_EVENTS, p as ErrorCode, g as EventCallback, a as ExtensionInfo, q as ExtensionRuntimeMode, r as ExternalEvent, F as FileChangeEvent, s as FileChangePayload, t as FileChangeType, u as FilteredSyncTablesResult, v as HAEXTENSION_EVENTS, b as HaexHubEvent, w as HaexHubRequest, x as HaexHubResponse, y as HaexVaultSdkError, z as HaextensionEvent, I as IdentityClaim, B as PermissionDeniedError, G as PermissionErrorBase, J as PermissionErrorCode, K as PermissionPromptError, P as PermissionResponse, L as PermissionStatus, N as SearchQuery, O as SearchRequestEvent, S as SearchResult, Q as SyncTablesUpdatedEvent, T as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, R as getTableName, U as isPermissionDeniedError, V as isPermissionError, X as isPermissionPromptError } from './types-TFcm6hpl.js';
 export { H as HaextensionConfig } from './config-D_HXjsEV.js';
 import 'drizzle-orm/sqlite-proxy';
 
@@ -88,6 +88,7 @@ declare function installPolyfills(): void;
  * Types for communicating with the haex-sync-server authentication endpoints.
  * Used by haex-vault and extensions that need to interact with the sync server.
  */
+
 /**
  * S3-compatible storage configuration provided by the sync server.
  *
@@ -201,8 +202,7 @@ interface CreateSpaceRequest {
 interface InviteMemberRequest {
     publicKey: string;
     label: string;
-    role: 'member' | 'viewer';
-    canInvite?: boolean;
+    role: SpaceRole;
     keyGrant: {
         encryptedSpaceKey: string;
         keyNonce: string;
@@ -860,6 +860,19 @@ declare function encryptSpaceNameAsync(spaceKey: Uint8Array, spaceName: string):
  */
 declare function decryptSpaceNameAsync(spaceKey: Uint8Array, encryptedName: string, nameNonce: string): Promise<string>;
 
+/**
+ * Creates a signed claim presentation for selective disclosure.
+ * The server can verify that the claims come from the identity holder.
+ *
+ * Canonical form for signing: did\0timestamp\0type1=value1\0type2=value2\0...
+ * (claims sorted alphabetically by type)
+ */
+declare function signClaimPresentationAsync(did: string, publicKeyBase64: string, claims: Record<string, string>, privateKeyBase64: string): Promise<SignedClaimPresentation>;
+/**
+ * Verifies a signed claim presentation.
+ */
+declare function verifyClaimPresentationAsync(presentation: SignedClaimPresentation): Promise<boolean>;
+
 interface SignableRecord {
     tableName: string;
     rowPks: string;
@@ -963,4 +976,4 @@ declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPa
 
 declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
 
-export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, SPACE_COMMANDS, type SignableRecord, type SpaceCommand, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptSpaceNameAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, didKeyToPublicKeyAsync, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptSpaceNameAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generateIdentityAsync, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, publicKeyToDidKeyAsync, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };
+export { type AuthUser, COSE_ALGORITHM, type CoseAlgorithm, type CreateSpaceRequest, type EncryptedSpaceKey, type ExportedPasskeyKeyPair, type ExportedUserKeypair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type InviteMemberRequest, KEY_AGREEMENT_ALGO, type PasskeyKeyPair, type RegisterKeypairRequest, SIGNING_ALGO, SPACE_COMMANDS, type SignableRecord, SignedClaimPresentation, type SpaceCommand, SpaceRole, type StorageConfig, type ErrorResponse as SyncServerErrorResponse, type ServerInfo as SyncServerInfo, type LoginRequest as SyncServerLoginRequest, type LoginResponse as SyncServerLoginResponse, type RefreshRequest as SyncServerRefreshRequest, TAURI_COMMANDS, type TauriCommand, type UserKeypair, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptPrivateKeyAsync, decryptSpaceKeyAsync, decryptSpaceNameAsync, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, didKeyToPublicKeyAsync, encryptCrdtData, encryptPrivateKeyAsync, encryptSpaceKeyForRecipientAsync, encryptSpaceNameAsync, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, exportUserKeypairAsync, generateCredentialId, generateIdentityAsync, generatePasskeyPairAsync, generateSpaceKey, generateUserKeypairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPrivateKeyForKeyAgreementAsync, importPublicKeyAsync, importPublicKeyForKeyAgreementAsync, importUserPrivateKeyAsync, importUserPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, publicKeyToDidKeyAsync, signClaimPresentationAsync, signRecordAsync, signSpaceChallengeAsync, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyClaimPresentationAsync, verifyExtensionSignature, verifyRecordSignatureAsync, verifySpaceChallengeAsync, verifyWithPasskeyAsync, wrapKey };

package/dist/index.js

@@ -3183,6 +3183,42 @@ async function decryptSpaceNameAsync(spaceKey, encryptedName, nameNonce) {
   return decryptString(encryptedName, nameNonce, cryptoKey);
 }
 
+// src/crypto/claims.ts
+init_userKeypair();
+async function signClaimPresentationAsync(did, publicKeyBase64, claims, privateKeyBase64) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const sortedEntries = Object.entries(claims).sort(([a], [b]) => a.localeCompare(b));
+  const canonical = [did, timestamp, ...sortedEntries.map(([k, v]) => `${k}=${v}`)].join("\0");
+  const privateKey = await importUserPrivateKeyAsync(privateKeyBase64);
+  const data = new TextEncoder().encode(canonical);
+  const sig = await crypto.subtle.sign(
+    { name: "ECDSA", hash: "SHA-256" },
+    privateKey,
+    data
+  );
+  return {
+    did,
+    publicKey: publicKeyBase64,
+    claims,
+    timestamp,
+    signature: btoa(String.fromCharCode(...new Uint8Array(sig)))
+  };
+}
+async function verifyClaimPresentationAsync(presentation) {
+  const { did, publicKey, claims, timestamp, signature } = presentation;
+  const sortedEntries = Object.entries(claims).sort(([a], [b]) => a.localeCompare(b));
+  const canonical = [did, timestamp, ...sortedEntries.map(([k, v]) => `${k}=${v}`)].join("\0");
+  const pubKey = await importUserPublicKeyAsync(publicKey);
+  const data = new TextEncoder().encode(canonical);
+  const sigBytes = Uint8Array.from(atob(signature), (c) => c.charCodeAt(0));
+  return crypto.subtle.verify(
+    { name: "ECDSA", hash: "SHA-256" },
+    pubKey,
+    sigBytes,
+    data
+  );
+}
+
 // src/crypto/recordSigning.ts
 init_userKeypair();
 init_vaultKey();
@@ -3490,11 +3526,13 @@ exports.isPermissionDeniedError = isPermissionDeniedError;
 exports.isPermissionError = isPermissionError;
 exports.isPermissionPromptError = isPermissionPromptError;
 exports.publicKeyToDidKeyAsync = publicKeyToDidKeyAsync;
+exports.signClaimPresentationAsync = signClaimPresentationAsync;
 exports.signRecordAsync = signRecordAsync;
 exports.signSpaceChallengeAsync = signSpaceChallengeAsync;
 exports.signWithPasskeyAsync = signWithPasskeyAsync;
 exports.sortObjectKeysRecursively = sortObjectKeysRecursively;
 exports.unwrapKey = unwrapKey;
+exports.verifyClaimPresentationAsync = verifyClaimPresentationAsync;
 exports.verifyExtensionSignature = verifyExtensionSignature;
 exports.verifyRecordSignatureAsync = verifyRecordSignatureAsync;
 exports.verifySpaceChallengeAsync = verifySpaceChallengeAsync;