@haex-space/vault-sdk 2.7.1 → 2.8.0

package/dist/{client-3B1iWut9.d.ts → client-CQFc6DMu.d.ts}

@@ -1044,6 +1044,12 @@ interface SpaceAssignment {
     rowPks: string;
     /** The shared space ID this row is assigned to */
     spaceId: string;
+    /** Optional group identifier for logically related assignments (e.g. a calendar ID groups the calendar row + all its event rows) */
+    groupId?: string;
+    /** Optional type label for display categorization (e.g. "Calendar", "Password Folder") */
+    type?: string;
+    /** Optional display label (e.g. "Personal", "Team Q1") */
+    label?: string;
 }
 /**
  * Spaces API for managing row-to-space assignments.
@@ -1110,18 +1116,6 @@ declare class SpacesAPI {
      * Returns spaces with decrypted names (decryption happens vault-side).
      */
     listSpacesAsync(): Promise<DecryptedSpace[]>;
-    /**
-     * Create a new shared space.
-     * @param name - Human-readable space name
-     * @param serverUrl - The sync server URL to create the space on
-     * @returns The created space with decrypted name
-     */
-    createSpaceAsync(name: string, serverUrl: string): Promise<DecryptedSpace>;
-    /**
-     * List available sync backends that can host shared spaces.
-     * @returns Array of backend info with server URLs
-     */
-    listSyncBackendsAsync(): Promise<SyncBackendInfo[]>;
 }
 
 interface ShellCreateOptions {

package/dist/{client-BUsw25aA.d.mts → client-DdGvtNj_.d.mts}

@@ -1044,6 +1044,12 @@ interface SpaceAssignment {
     rowPks: string;
     /** The shared space ID this row is assigned to */
     spaceId: string;
+    /** Optional group identifier for logically related assignments (e.g. a calendar ID groups the calendar row + all its event rows) */
+    groupId?: string;
+    /** Optional type label for display categorization (e.g. "Calendar", "Password Folder") */
+    type?: string;
+    /** Optional display label (e.g. "Personal", "Team Q1") */
+    label?: string;
 }
 /**
  * Spaces API for managing row-to-space assignments.
@@ -1110,18 +1116,6 @@ declare class SpacesAPI {
      * Returns spaces with decrypted names (decryption happens vault-side).
      */
     listSpacesAsync(): Promise<DecryptedSpace[]>;
-    /**
-     * Create a new shared space.
-     * @param name - Human-readable space name
-     * @param serverUrl - The sync server URL to create the space on
-     * @returns The created space with decrypted name
-     */
-    createSpaceAsync(name: string, serverUrl: string): Promise<DecryptedSpace>;
-    /**
-     * List available sync backends that can host shared spaces.
-     * @returns Array of backend info with server URLs
-     */
-    listSyncBackendsAsync(): Promise<SyncBackendInfo[]>;
 }
 
 interface ShellCreateOptions {

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { a as SpaceRole, H as HaexVaultSdk } from './client-BUsw25aA.mjs';
-export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, K as KnownPath, p as KnownPaths, L as LOCALSEND_EVENTS, q as LocalSendAPI, r as LocalSendEvent, s as LocalSendFileInfo, t as LocalSendSettings, P as PendingAuthorization, u as PendingTransfer, v as PermissionsAPI, w as RemoteAddBackendRequest, x as RemoteS3Config, y as RemoteS3PublicConfig, R as RemoteStorageAPI, z as RemoteStorageBackendInfo, C as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, G as RequestedExtension, I as SelectFileOptions, J as SelectFolderOptions, M as ServerInfo, N as ServerStatus, O as SessionAuthorization, Q as SharedSpace, T as ShellAPI, V as ShellCreateOptions, W as ShellCreateResponse, X as ShellExitEvent, Y as ShellOutputEvent, Z as SpaceAccessTokenInfo, _ as SpaceAssignment, $ as SpaceInvite, a0 as SpaceKeyGrantInfo, a1 as SpaceMemberInfo, a2 as SpaceRoles, a3 as SpacesAPI, a4 as SyncBackendInfo, a5 as TransferDirection, a6 as TransferProgress, a7 as TransferState, a8 as WebAPI, a9 as canExternalClientSendRequests, aa as isExternalClientConnected } from './client-BUsw25aA.mjs';
+import { a as SpaceRole, H as HaexVaultSdk } from './client-DdGvtNj_.mjs';
+export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, K as KnownPath, p as KnownPaths, L as LOCALSEND_EVENTS, q as LocalSendAPI, r as LocalSendEvent, s as LocalSendFileInfo, t as LocalSendSettings, P as PendingAuthorization, u as PendingTransfer, v as PermissionsAPI, w as RemoteAddBackendRequest, x as RemoteS3Config, y as RemoteS3PublicConfig, R as RemoteStorageAPI, z as RemoteStorageBackendInfo, C as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, G as RequestedExtension, I as SelectFileOptions, J as SelectFolderOptions, M as ServerInfo, N as ServerStatus, O as SessionAuthorization, Q as SharedSpace, T as ShellAPI, V as ShellCreateOptions, W as ShellCreateResponse, X as ShellExitEvent, Y as ShellOutputEvent, Z as SpaceAccessTokenInfo, _ as SpaceAssignment, $ as SpaceInvite, a0 as SpaceKeyGrantInfo, a1 as SpaceMemberInfo, a2 as SpaceRoles, a3 as SpacesAPI, a4 as SyncBackendInfo, a5 as TransferDirection, a6 as TransferProgress, a7 as TransferState, a8 as WebAPI, a9 as canExternalClientSendRequests, aa as isExternalClientConnected } from './client-DdGvtNj_.mjs';
 import { E as ExtensionManifest, h as SignedClaimPresentation, H as HaexHubConfig } from './types-DmCSegdY.mjs';
 export { A as ApplicationContext, C as ClaimRequirement, i as ContextChangedEvent, j as DEFAULT_TIMEOUT, k as DatabaseColumnInfo, l as DatabaseExecuteParams, m as DatabasePermission, g as DatabasePermissionRequest, n as DatabaseQueryParams, D as DatabaseQueryResult, o as DatabaseTableInfo, c as EXTERNAL_EVENTS, p as ErrorCode, f as EventCallback, a as ExtensionInfo, q as ExtensionRuntimeMode, r as ExternalEvent, F as FileChangeEvent, s as FileChangePayload, t as FileChangeType, u as FilteredSyncTablesResult, v as HAEXTENSION_EVENTS, b as HaexHubEvent, w as HaexHubRequest, x as HaexHubResponse, y as HaexVaultSdkError, z as HaextensionEvent, I as IdentityClaim, B as ManifestI18nEntry, G as PermissionDeniedError, J as PermissionErrorBase, K as PermissionErrorCode, L as PermissionPromptError, P as PermissionResponse, N as PermissionStatus, O as SHELL_EVENTS, Q as SearchQuery, R as SearchRequestEvent, S as SearchResult, T as ShellEvent, U as SyncTablesUpdatedEvent, V as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, X as getTableName, Y as isPermissionDeniedError, Z as isPermissionError, _ as isPermissionPromptError } from './types-DmCSegdY.mjs';
 export { H as HaextensionConfig } from './config-D_HXjsEV.mjs';
@@ -814,21 +814,19 @@ declare function decryptCrdtData<T = object>(encryptedData: string, nonce: strin
 declare function arrayBufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
 declare function base64ToArrayBuffer(base64: string): Uint8Array<ArrayBuffer>;
 
-declare const SIGNING_ALGO: {
-    name: string;
-    namedCurve: string;
-};
-declare const KEY_AGREEMENT_ALGO: {
-    name: string;
-    namedCurve: string;
-};
+declare const SIGNING_ALGO: Algorithm;
+declare const KEY_AGREEMENT_ALGO: Algorithm;
 interface UserKeypair {
-    publicKey: CryptoKey;
-    privateKey: CryptoKey;
+    signingPublicKey: CryptoKey;
+    signingPrivateKey: CryptoKey;
+    agreementPublicKey: CryptoKey;
+    agreementPrivateKey: CryptoKey;
 }
 interface ExportedUserKeypair {
-    publicKey: string;
-    privateKey: string;
+    signingPublicKey: string;
+    signingPrivateKey: string;
+    agreementPublicKey: string;
+    agreementPrivateKey: string;
 }
 declare function generateUserKeypairAsync(): Promise<UserKeypair>;
 declare function exportUserKeypairAsync(keypair: UserKeypair): Promise<ExportedUserKeypair>;
@@ -848,26 +846,28 @@ declare function base58btcDecode(str: string): Uint8Array;
 /**
  * Convert a Base64-encoded SPKI public key to a `did:key` identifier.
  *
- * @param publicKeyBase64 - Base64-encoded SPKI public key (P-256)
- * @returns DID string, e.g. `did:key:zDnaerDaTF5BXE...`
+ * @param publicKeyBase64 - Base64-encoded SPKI public key (Ed25519)
+ * @returns DID string, e.g. `did:key:z6Mk...`
  */
 declare function publicKeyToDidKeyAsync(publicKeyBase64: string): Promise<string>;
 /**
  * Extract a Base64-encoded SPKI public key from a `did:key` identifier.
  *
- * @param did - DID string, e.g. `did:key:zDnaerDaTF5BXE...`
+ * @param did - DID string, e.g. `did:key:z6Mk...`
  * @returns Base64-encoded SPKI public key
  */
 declare function didKeyToPublicKeyAsync(did: string): Promise<string>;
 /**
  * Generate a fresh identity keypair and return it with its did:key.
  *
- * @returns { did, publicKeyBase64, privateKeyBase64 }
+ * @returns { did, signingPublicKey, signingPrivateKey, agreementPublicKey, agreementPrivateKey }
  */
 declare function generateIdentityAsync(): Promise<{
     did: string;
-    publicKeyBase64: string;
-    privateKeyBase64: string;
+    signingPublicKey: string;
+    signingPrivateKey: string;
+    agreementPublicKey: string;
+    agreementPrivateKey: string;
 }>;
 
 interface SealedData {

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { a as SpaceRole, H as HaexVaultSdk } from './client-3B1iWut9.js';
-export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, K as KnownPath, p as KnownPaths, L as LOCALSEND_EVENTS, q as LocalSendAPI, r as LocalSendEvent, s as LocalSendFileInfo, t as LocalSendSettings, P as PendingAuthorization, u as PendingTransfer, v as PermissionsAPI, w as RemoteAddBackendRequest, x as RemoteS3Config, y as RemoteS3PublicConfig, R as RemoteStorageAPI, z as RemoteStorageBackendInfo, C as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, G as RequestedExtension, I as SelectFileOptions, J as SelectFolderOptions, M as ServerInfo, N as ServerStatus, O as SessionAuthorization, Q as SharedSpace, T as ShellAPI, V as ShellCreateOptions, W as ShellCreateResponse, X as ShellExitEvent, Y as ShellOutputEvent, Z as SpaceAccessTokenInfo, _ as SpaceAssignment, $ as SpaceInvite, a0 as SpaceKeyGrantInfo, a1 as SpaceMemberInfo, a2 as SpaceRoles, a3 as SpacesAPI, a4 as SyncBackendInfo, a5 as TransferDirection, a6 as TransferProgress, a7 as TransferState, a8 as WebAPI, a9 as canExternalClientSendRequests, aa as isExternalClientConnected } from './client-3B1iWut9.js';
+import { a as SpaceRole, H as HaexVaultSdk } from './client-CQFc6DMu.js';
+export { A as AuthorizedClient, B as BlockedClient, D as DatabaseAPI, b as DecryptedSpace, c as Device, d as DeviceInfo, e as DeviceType, f as DirEntry, E as ExternalAuthDecision, g as ExternalConnection, h as ExternalConnectionErrorCode, i as ExternalConnectionState, j as ExternalRequest, k as ExternalRequestEvent, l as ExternalRequestHandler, m as ExternalRequestPayload, n as ExternalResponse, F as FileStat, o as FilesystemAPI, K as KnownPath, p as KnownPaths, L as LOCALSEND_EVENTS, q as LocalSendAPI, r as LocalSendEvent, s as LocalSendFileInfo, t as LocalSendSettings, P as PendingAuthorization, u as PendingTransfer, v as PermissionsAPI, w as RemoteAddBackendRequest, x as RemoteS3Config, y as RemoteS3PublicConfig, R as RemoteStorageAPI, z as RemoteStorageBackendInfo, C as RemoteStorageObjectInfo, U as RemoteUpdateBackendRequest, G as RequestedExtension, I as SelectFileOptions, J as SelectFolderOptions, M as ServerInfo, N as ServerStatus, O as SessionAuthorization, Q as SharedSpace, T as ShellAPI, V as ShellCreateOptions, W as ShellCreateResponse, X as ShellExitEvent, Y as ShellOutputEvent, Z as SpaceAccessTokenInfo, _ as SpaceAssignment, $ as SpaceInvite, a0 as SpaceKeyGrantInfo, a1 as SpaceMemberInfo, a2 as SpaceRoles, a3 as SpacesAPI, a4 as SyncBackendInfo, a5 as TransferDirection, a6 as TransferProgress, a7 as TransferState, a8 as WebAPI, a9 as canExternalClientSendRequests, aa as isExternalClientConnected } from './client-CQFc6DMu.js';
 import { E as ExtensionManifest, h as SignedClaimPresentation, H as HaexHubConfig } from './types-DmCSegdY.js';
 export { A as ApplicationContext, C as ClaimRequirement, i as ContextChangedEvent, j as DEFAULT_TIMEOUT, k as DatabaseColumnInfo, l as DatabaseExecuteParams, m as DatabasePermission, g as DatabasePermissionRequest, n as DatabaseQueryParams, D as DatabaseQueryResult, o as DatabaseTableInfo, c as EXTERNAL_EVENTS, p as ErrorCode, f as EventCallback, a as ExtensionInfo, q as ExtensionRuntimeMode, r as ExternalEvent, F as FileChangeEvent, s as FileChangePayload, t as FileChangeType, u as FilteredSyncTablesResult, v as HAEXTENSION_EVENTS, b as HaexHubEvent, w as HaexHubRequest, x as HaexHubResponse, y as HaexVaultSdkError, z as HaextensionEvent, I as IdentityClaim, B as ManifestI18nEntry, G as PermissionDeniedError, J as PermissionErrorBase, K as PermissionErrorCode, L as PermissionPromptError, P as PermissionResponse, N as PermissionStatus, O as SHELL_EVENTS, Q as SearchQuery, R as SearchRequestEvent, S as SearchResult, T as ShellEvent, U as SyncTablesUpdatedEvent, V as TABLE_SEPARATOR, W as WebRequestOptions, e as WebResponse, X as getTableName, Y as isPermissionDeniedError, Z as isPermissionError, _ as isPermissionPromptError } from './types-DmCSegdY.js';
 export { H as HaextensionConfig } from './config-D_HXjsEV.js';
@@ -814,21 +814,19 @@ declare function decryptCrdtData<T = object>(encryptedData: string, nonce: strin
 declare function arrayBufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
 declare function base64ToArrayBuffer(base64: string): Uint8Array<ArrayBuffer>;
 
-declare const SIGNING_ALGO: {
-    name: string;
-    namedCurve: string;
-};
-declare const KEY_AGREEMENT_ALGO: {
-    name: string;
-    namedCurve: string;
-};
+declare const SIGNING_ALGO: Algorithm;
+declare const KEY_AGREEMENT_ALGO: Algorithm;
 interface UserKeypair {
-    publicKey: CryptoKey;
-    privateKey: CryptoKey;
+    signingPublicKey: CryptoKey;
+    signingPrivateKey: CryptoKey;
+    agreementPublicKey: CryptoKey;
+    agreementPrivateKey: CryptoKey;
 }
 interface ExportedUserKeypair {
-    publicKey: string;
-    privateKey: string;
+    signingPublicKey: string;
+    signingPrivateKey: string;
+    agreementPublicKey: string;
+    agreementPrivateKey: string;
 }
 declare function generateUserKeypairAsync(): Promise<UserKeypair>;
 declare function exportUserKeypairAsync(keypair: UserKeypair): Promise<ExportedUserKeypair>;
@@ -848,26 +846,28 @@ declare function base58btcDecode(str: string): Uint8Array;
 /**
  * Convert a Base64-encoded SPKI public key to a `did:key` identifier.
  *
- * @param publicKeyBase64 - Base64-encoded SPKI public key (P-256)
- * @returns DID string, e.g. `did:key:zDnaerDaTF5BXE...`
+ * @param publicKeyBase64 - Base64-encoded SPKI public key (Ed25519)
+ * @returns DID string, e.g. `did:key:z6Mk...`
  */
 declare function publicKeyToDidKeyAsync(publicKeyBase64: string): Promise<string>;
 /**
  * Extract a Base64-encoded SPKI public key from a `did:key` identifier.
  *
- * @param did - DID string, e.g. `did:key:zDnaerDaTF5BXE...`
+ * @param did - DID string, e.g. `did:key:z6Mk...`
  * @returns Base64-encoded SPKI public key
  */
 declare function didKeyToPublicKeyAsync(did: string): Promise<string>;
 /**
  * Generate a fresh identity keypair and return it with its did:key.
  *
- * @returns { did, publicKeyBase64, privateKeyBase64 }
+ * @returns { did, signingPublicKey, signingPrivateKey, agreementPublicKey, agreementPrivateKey }
  */
 declare function generateIdentityAsync(): Promise<{
     did: string;
-    publicKeyBase64: string;
-    privateKeyBase64: string;
+    signingPublicKey: string;
+    signingPrivateKey: string;
+    agreementPublicKey: string;
+    agreementPrivateKey: string;
 }>;
 
 interface SealedData {

package/dist/index.js

@@ -250,13 +250,28 @@ __export(userKeypair_exports, {
   importUserPublicKeyAsync: () => importUserPublicKeyAsync
 });
 async function generateUserKeypairAsync() {
-  const keypair = await crypto.subtle.generateKey(exports.SIGNING_ALGO, true, ["sign", "verify"]);
-  return { publicKey: keypair.publicKey, privateKey: keypair.privateKey };
+  const signing = await crypto.subtle.generateKey(exports.SIGNING_ALGO, true, ["sign", "verify"]);
+  const agreement = await crypto.subtle.generateKey(exports.KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
+  return {
+    signingPublicKey: signing.publicKey,
+    signingPrivateKey: signing.privateKey,
+    agreementPublicKey: agreement.publicKey,
+    agreementPrivateKey: agreement.privateKey
+  };
 }
 async function exportUserKeypairAsync(keypair) {
-  const pub = await crypto.subtle.exportKey("spki", keypair.publicKey);
-  const priv = await crypto.subtle.exportKey("pkcs8", keypair.privateKey);
-  return { publicKey: arrayBufferToBase64(pub), privateKey: arrayBufferToBase64(priv) };
+  const [sigPub, sigPriv, agrPub, agrPriv] = await Promise.all([
+    crypto.subtle.exportKey("spki", keypair.signingPublicKey),
+    crypto.subtle.exportKey("pkcs8", keypair.signingPrivateKey),
+    crypto.subtle.exportKey("spki", keypair.agreementPublicKey),
+    crypto.subtle.exportKey("pkcs8", keypair.agreementPrivateKey)
+  ]);
+  return {
+    signingPublicKey: arrayBufferToBase64(sigPub),
+    signingPrivateKey: arrayBufferToBase64(sigPriv),
+    agreementPublicKey: arrayBufferToBase64(agrPub),
+    agreementPrivateKey: arrayBufferToBase64(agrPriv)
+  };
 }
 async function importUserPublicKeyAsync(base64) {
   return crypto.subtle.importKey("spki", base64ToArrayBuffer(base64), exports.SIGNING_ALGO, true, ["verify"]);
@@ -298,8 +313,8 @@ exports.SIGNING_ALGO = void 0; exports.KEY_AGREEMENT_ALGO = void 0;
 var init_userKeypair = __esm({
   "src/crypto/userKeypair.ts"() {
     init_vaultKey();
-    exports.SIGNING_ALGO = { name: "ECDSA", namedCurve: "P-256" };
-    exports.KEY_AGREEMENT_ALGO = { name: "ECDH", namedCurve: "P-256" };
+    exports.SIGNING_ALGO = { name: "Ed25519" };
+    exports.KEY_AGREEMENT_ALGO = { name: "X25519" };
   }
 });
 
@@ -1900,25 +1915,6 @@ var SpacesAPI = class {
   async listSpacesAsync() {
     return this.client.request(SPACE_COMMANDS.list);
   }
-  /**
-   * Create a new shared space.
-   * @param name - Human-readable space name
-   * @param serverUrl - The sync server URL to create the space on
-   * @returns The created space with decrypted name
-   */
-  async createSpaceAsync(name, serverUrl) {
-    return this.client.request(SPACE_COMMANDS.create, {
-      spaceName: name,
-      serverUrl
-    });
-  }
-  /**
-   * List available sync backends that can host shared spaces.
-   * @returns Array of backend info with server URLs
-   */
-  async listSyncBackendsAsync() {
-    return this.client.request(SPACE_COMMANDS.listBackends);
-  }
 };
 
 // src/api/shell.ts
@@ -3193,76 +3189,17 @@ function base58btcDecode(str) {
   }
   return result;
 }
-function compressP256Point(uncompressed) {
-  if (uncompressed.length !== 65 || uncompressed[0] !== 4) {
-    throw new Error("Expected 65-byte uncompressed P-256 point (0x04 prefix)");
-  }
-  const x = uncompressed.slice(1, 33);
-  const yLastByte = uncompressed[64];
-  const prefix = (yLastByte & 1) === 0 ? 2 : 3;
-  const compressed = new Uint8Array(33);
-  compressed[0] = prefix;
-  compressed.set(x, 1);
-  return compressed;
-}
-function decompressP256Point(compressed) {
-  if (compressed.length !== 33 || compressed[0] !== 2 && compressed[0] !== 3) {
-    throw new Error("Expected 33-byte compressed P-256 point");
-  }
-  const isOdd = compressed[0] === 3;
-  const x = bytesToBigInt(compressed.slice(1));
-  const p = BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff");
-  const b = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
-  const a = p - 3n;
-  const ySquared = (modPow(x, 3n, p) + a * x + b) % p;
-  let y = modSqrt(ySquared, p);
-  const yIsOdd = (y & 1n) === 1n;
-  if (isOdd !== yIsOdd) {
-    y = p - y;
-  }
-  const uncompressed = new Uint8Array(65);
-  uncompressed[0] = 4;
-  uncompressed.set(bigIntToBytes(x, 32), 1);
-  uncompressed.set(bigIntToBytes(y, 32), 33);
-  return uncompressed;
-}
-function bytesToBigInt(bytes) {
-  let result = 0n;
-  for (const b of bytes) {
-    result = result << 8n | BigInt(b);
-  }
-  return result;
-}
-function bigIntToBytes(n, length) {
-  const bytes = new Uint8Array(length);
-  let val = n;
-  for (let i = length - 1; i >= 0; i--) {
-    bytes[i] = Number(val & 0xffn);
-    val >>= 8n;
-  }
-  return bytes;
-}
-function modPow(base, exp, mod) {
-  let result = 1n;
-  base = base % mod;
-  while (exp > 0n) {
-    if (exp & 1n) result = result * base % mod;
-    exp >>= 1n;
-    base = base * base % mod;
-  }
-  return result;
-}
-function modSqrt(a, p) {
-  return modPow(a, (p + 1n) / 4n, p);
-}
-var P256_MULTICODEC_PREFIX = new Uint8Array([128, 36]);
+var ED25519_MULTICODEC_PREFIX = new Uint8Array([237, 1]);
+var ED25519_PUBLIC_KEY_LENGTH = 32;
 async function publicKeyToDidKeyAsync(publicKeyBase64) {
   const cryptoKey = await importUserPublicKeyAsync(publicKeyBase64);
   const rawBytes = new Uint8Array(await crypto.subtle.exportKey("raw", cryptoKey));
-  const compressed = compressP256Point(rawBytes);
-  const multicodecBytes = new Uint8Array(P256_MULTICODEC_PREFIX.length + compressed.length);
-  multicodecBytes.set(P256_MULTICODEC_PREFIX);
-  multicodecBytes.set(compressed, P256_MULTICODEC_PREFIX.length);
+  if (rawBytes.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new Error(`Expected ${ED25519_PUBLIC_KEY_LENGTH}-byte Ed25519 public key, got ${rawBytes.length}`);
+  }
+  const multicodecBytes = new Uint8Array(ED25519_MULTICODEC_PREFIX.length + rawBytes.length);
+  multicodecBytes.set(ED25519_MULTICODEC_PREFIX);
+  multicodecBytes.set(rawBytes, ED25519_MULTICODEC_PREFIX.length);
   return `did:key:z${base58btcEncode(multicodecBytes)}`;
 }
 async function didKeyToPublicKeyAsync(did) {
@@ -3270,15 +3207,17 @@ async function didKeyToPublicKeyAsync(did) {
     throw new Error("Only did:key with base58-btc multibase (z prefix) is supported");
   }
   const multicodecBytes = base58btcDecode(did.slice("did:key:z".length));
-  if (multicodecBytes[0] !== P256_MULTICODEC_PREFIX[0] || multicodecBytes[1] !== P256_MULTICODEC_PREFIX[1]) {
-    throw new Error("Unsupported key type in did:key (expected P-256)");
+  if (multicodecBytes[0] !== ED25519_MULTICODEC_PREFIX[0] || multicodecBytes[1] !== ED25519_MULTICODEC_PREFIX[1]) {
+    throw new Error("Unsupported key type in did:key (expected Ed25519)");
+  }
+  const rawKey = multicodecBytes.slice(ED25519_MULTICODEC_PREFIX.length);
+  if (rawKey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new Error(`Invalid Ed25519 public key length: ${rawKey.length}`);
   }
-  const compressed = multicodecBytes.slice(P256_MULTICODEC_PREFIX.length);
-  const uncompressed = decompressP256Point(compressed);
   const cryptoKey = await crypto.subtle.importKey(
     "raw",
-    uncompressed.buffer,
-    { name: "ECDSA", namedCurve: "P-256" },
+    rawKey.buffer,
+    exports.SIGNING_ALGO,
     true,
     ["verify"]
   );
@@ -3289,11 +3228,10 @@ async function generateIdentityAsync() {
   const { generateUserKeypairAsync: generateUserKeypairAsync2, exportUserKeypairAsync: exportUserKeypairAsync2 } = await Promise.resolve().then(() => (init_userKeypair(), userKeypair_exports));
   const keypair = await generateUserKeypairAsync2();
   const exported = await exportUserKeypairAsync2(keypair);
-  const did = await publicKeyToDidKeyAsync(exported.publicKey);
+  const did = await publicKeyToDidKeyAsync(exported.signingPublicKey);
   return {
     did,
-    publicKeyBase64: exported.publicKey,
-    privateKeyBase64: exported.privateKey
+    ...exported
   };
 }
 
@@ -3307,7 +3245,7 @@ async function encryptWithPublicKeyAsync(data, recipientPublicKeyBase64) {
   const ephemeral = await crypto.subtle.generateKey(exports.KEY_AGREEMENT_ALGO, true, ["deriveBits"]);
   const recipientKey = await importPublicKeyForKeyAgreementAsync(recipientPublicKeyBase64);
   const sharedBits = await crypto.subtle.deriveBits(
-    { name: "ECDH", public: recipientKey },
+    { ...exports.KEY_AGREEMENT_ALGO, public: recipientKey },
     ephemeral.privateKey,
     256
   );
@@ -3342,7 +3280,7 @@ async function decryptWithPrivateKeyAsync(sealed, ownPrivateKeyBase64) {
   );
   const ownPrivKey = await importPrivateKeyForKeyAgreementAsync(ownPrivateKeyBase64);
   const sharedBits = await crypto.subtle.deriveBits(
-    { name: "ECDH", public: ephPubKey },
+    { ...exports.KEY_AGREEMENT_ALGO, public: ephPubKey },
     ownPrivKey,
     256
   );
@@ -3396,7 +3334,7 @@ async function signClaimPresentationAsync(did, publicKeyBase64, claims, privateK
   const privateKey = await importUserPrivateKeyAsync(privateKeyBase64);
   const data = new TextEncoder().encode(canonical);
   const sig = await crypto.subtle.sign(
-    { name: "ECDSA", hash: "SHA-256" },
+    exports.SIGNING_ALGO,
     privateKey,
     data
   );
@@ -3416,7 +3354,7 @@ async function verifyClaimPresentationAsync(presentation) {
   const data = new TextEncoder().encode(canonical);
   const sigBytes = Uint8Array.from(atob(signature), (c) => c.charCodeAt(0));
   return crypto.subtle.verify(
-    { name: "ECDSA", hash: "SHA-256" },
+    exports.SIGNING_ALGO,
     pubKey,
     sigBytes,
     data
@@ -3438,13 +3376,13 @@ function canonicalize(record) {
 }
 async function signRecordAsync(record, privateKeyBase64) {
   const key = await importUserPrivateKeyAsync(privateKeyBase64);
-  const sig = await crypto.subtle.sign({ name: "ECDSA", hash: "SHA-256" }, key, canonicalize(record));
+  const sig = await crypto.subtle.sign(exports.SIGNING_ALGO, key, canonicalize(record));
   return arrayBufferToBase64(sig);
 }
 async function verifyRecordSignatureAsync(record, signatureBase64, publicKeyBase64) {
   const key = await importUserPublicKeyAsync(publicKeyBase64);
   return crypto.subtle.verify(
-    { name: "ECDSA", hash: "SHA-256" },
+    exports.SIGNING_ALGO,
     key,
     base64ToArrayBuffer(signatureBase64),
     canonicalize(record)
@@ -3458,7 +3396,7 @@ async function signSpaceChallengeAsync(spaceId, privateKeyBase64) {
   const timestamp = (/* @__PURE__ */ new Date()).toISOString();
   const key = await importUserPrivateKeyAsync(privateKeyBase64);
   const sig = await crypto.subtle.sign(
-    { name: "ECDSA", hash: "SHA-256" },
+    exports.SIGNING_ALGO,
     key,
     canonicalizeChallenge(spaceId, timestamp)
   );
@@ -3476,7 +3414,7 @@ async function verifySpaceChallengeAsync(spaceId, timestamp, signatureBase64, pu
   try {
     const key = await importUserPublicKeyAsync(publicKeyBase64);
     const isValid = await crypto.subtle.verify(
-      { name: "ECDSA", hash: "SHA-256" },
+      exports.SIGNING_ALGO,
       key,
       base64ToArrayBuffer(signatureBase64),
       canonicalizeChallenge(spaceId, timestamp)