@haex-space/vault-sdk 3.0.0 → 3.2.0

package/dist/runtime/nuxt.plugin.client.d.mts

@@ -1,7 +1,7 @@
 import * as nuxt_app from 'nuxt/app';
 import { ShallowRef } from 'vue';
-import { H as HaexVaultSdk } from '../client-BXtzUBWv.mjs';
-import { A as ApplicationContext } from '../types-DmCSegdY.mjs';
+import { H as HaexVaultSdk } from '../client-GeColu97.mjs';
+import { A as ApplicationContext } from '../types-CDMBvvjl.mjs';
 import 'drizzle-orm/sqlite-proxy';
 
 declare const _default: nuxt_app.Plugin<{

package/dist/runtime/nuxt.plugin.client.d.ts

@@ -1,7 +1,7 @@
 import * as nuxt_app from 'nuxt/app';
 import { ShallowRef } from 'vue';
-import { H as HaexVaultSdk } from '../client-dpJHb3FP.js';
-import { A as ApplicationContext } from '../types-DmCSegdY.js';
+import { H as HaexVaultSdk } from '../client-z1jTcuQE.js';
+import { A as ApplicationContext } from '../types-CDMBvvjl.js';
 import 'drizzle-orm/sqlite-proxy';
 
 declare const _default: nuxt_app.Plugin<{

package/dist/runtime/nuxt.plugin.client.js

@@ -267,6 +267,40 @@ var SHELL_COMMANDS = {
   close: "extension_shell_close"
 };
 
+// src/commands/passwords.ts
+var PASSWORD_COMMANDS = {
+  /** List items (no secrets) within the extension's tag scope */
+  list: "extension_password_list",
+  /** Read full item including secrets, by id */
+  read: "extension_password_read",
+  /** Create item — must include >=1 tag in scope */
+  create: "extension_password_create",
+  /** Update item — keeps >=1 tag in scope */
+  update: "extension_password_update",
+  /** Delete item — must be in scope */
+  delete: "extension_password_delete"
+};
+
+// src/commands/mail.ts
+var MAIL_COMMANDS = {
+  /** LIST mailboxes + optional STATUS counts */
+  listMailboxes: "extension_mail_list_mailboxes",
+  /** Lightweight envelope fetch for list views */
+  fetchEnvelopes: "extension_mail_fetch_envelopes",
+  /** Full message fetch (envelope + body + attachment metadata) */
+  fetchMessage: "extension_mail_fetch_message",
+  /** Set or unset IMAP flags on a UID set */
+  setFlags: "extension_mail_set_flags",
+  /** MOVE messages between mailboxes (COPY+EXPUNGE fallback) */
+  moveMessages: "extension_mail_move_messages",
+  /** APPEND a base64-encoded RFC822 message into a mailbox */
+  appendMessage: "extension_mail_append_message",
+  /** SMTP send. Returns the assigned Message-ID. */
+  sendMessage: "extension_mail_send_message",
+  /** Build RFC822 bytes without sending (for Drafts via APPEND) */
+  buildRfc822: "extension_mail_build_rfc822"
+};
+
 // src/api/storage.ts
 var StorageAPI = class {
   constructor(client) {
@@ -290,6 +324,12 @@ var StorageAPI = class {
 };
 
 // src/api/database.ts
+function quoteIdent(identifier) {
+  if (identifier.startsWith('"') && identifier.endsWith('"')) {
+    return identifier;
+  }
+  return `"${identifier.replace(/"/g, '""')}"`;
+}
 var DatabaseAPI = class {
   constructor(client) {
     this.client = client;
@@ -320,11 +360,11 @@ var DatabaseAPI = class {
     });
   }
   async createTable(tableName, columns) {
-    const query = `CREATE TABLE IF NOT EXISTS ${tableName} (${columns})`;
+    const query = `CREATE TABLE IF NOT EXISTS ${quoteIdent(tableName)} (${columns})`;
     await this.execute(query);
   }
   async dropTable(tableName) {
-    const query = `DROP TABLE IF EXISTS ${tableName}`;
+    const query = `DROP TABLE IF EXISTS ${quoteIdent(tableName)}`;
     await this.execute(query);
   }
   /**
@@ -353,18 +393,17 @@ var DatabaseAPI = class {
   async insert(tableName, data) {
     const keys = Object.keys(data);
     const values = Object.values(data);
+    const quotedCols = keys.map(quoteIdent).join(", ");
     const placeholders = keys.map(() => "?").join(", ");
-    const query = `INSERT INTO ${tableName} (${keys.join(
-      ", "
-    )}) VALUES (${placeholders})`;
+    const query = `INSERT INTO ${quoteIdent(tableName)} (${quotedCols}) VALUES (${placeholders})`;
     const result = await this.execute(query, values);
     return result.lastInsertId ?? -1;
   }
   async update(tableName, data, where, whereParams) {
     const keys = Object.keys(data);
     const values = Object.values(data);
-    const setClause = keys.map((key) => `${key} = ?`).join(", ");
-    const query = `UPDATE ${tableName} SET ${setClause} WHERE ${where}`;
+    const setClause = keys.map((key) => `${quoteIdent(key)} = ?`).join(", ");
+    const query = `UPDATE ${quoteIdent(tableName)} SET ${setClause} WHERE ${where}`;
     const result = await this.execute(query, [
       ...values,
       ...whereParams || []
@@ -372,12 +411,12 @@ var DatabaseAPI = class {
     return result.rowsAffected;
   }
   async delete(tableName, where, whereParams) {
-    const query = `DELETE FROM ${tableName} WHERE ${where}`;
+    const query = `DELETE FROM ${quoteIdent(tableName)} WHERE ${where}`;
     const result = await this.execute(query, whereParams);
     return result.rowsAffected;
   }
   async count(tableName, where, whereParams) {
-    const query = where ? `SELECT COUNT(*) as count FROM ${tableName} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${tableName}`;
+    const query = where ? `SELECT COUNT(*) as count FROM ${quoteIdent(tableName)} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${quoteIdent(tableName)}`;
     const result = await this.queryOne(query, whereParams);
     return result?.count ?? 0;
   }
@@ -1224,12 +1263,163 @@ var ShellAPI = class {
   }
 };
 
+// src/api/passwords.ts
+var PasswordsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /** List items in scope — summaries only, no secrets. */
+  async listAsync() {
+    return this.client.request(
+      PASSWORD_COMMANDS.list,
+      {}
+    );
+  }
+  /** Read a single item by id with full secrets. */
+  async readAsync(itemId) {
+    return this.client.request(PASSWORD_COMMANDS.read, {
+      itemId
+    });
+  }
+  /**
+   * Create a new password item. `input.tags` must contain at least one
+   * tag within the extension's permission scope, otherwise the write
+   * is rejected as a security violation.
+   *
+   * Returns the new item id.
+   */
+  async createAsync(input) {
+    return this.client.request(PASSWORD_COMMANDS.create, { input });
+  }
+  /**
+   * Update an existing item. The item must already be in scope, and
+   * the new tag set must keep at least one tag in scope (extensions
+   * cannot orphan an item out of their own reach).
+   */
+  async updateAsync(itemId, input) {
+    return this.client.request(PASSWORD_COMMANDS.update, {
+      itemId,
+      input
+    });
+  }
+  /** Delete an item by id. Item must be in scope. */
+  async deleteAsync(itemId) {
+    return this.client.request(PASSWORD_COMMANDS.delete, { itemId });
+  }
+};
+
+// src/api/mail.ts
+var MailAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * LIST mailboxes for an IMAP account. Pass `includeStatus=true` for
+   * EXISTS/UNSEEN/UIDVALIDITY/UIDNEXT per box (one extra round-trip
+   * per mailbox — fine for typical accounts, expensive for large
+   * trees).
+   */
+  async listMailboxesAsync(imap, options = {}) {
+    return this.client.request(MAIL_COMMANDS.listMailboxes, {
+      imap,
+      reference: options.reference,
+      pattern: options.pattern,
+      includeStatus: options.includeStatus
+    });
+  }
+  /** Fetch lightweight envelopes for a mailbox + range (for list views). */
+  async fetchEnvelopesAsync(imap, mailbox, range) {
+    return this.client.request(
+      MAIL_COMMANDS.fetchEnvelopes,
+      { imap, mailbox, range }
+    );
+  }
+  /** Fetch a full message (envelope + body + attachment metadata) by UID. */
+  async fetchMessageAsync(imap, mailbox, uid) {
+    return this.client.request(MAIL_COMMANDS.fetchMessage, {
+      imap,
+      mailbox,
+      uid
+    });
+  }
+  /**
+   * Set or unset IMAP flags. Use `flags=["\\Seen"]` + `add=true` to
+   * mark messages as read; `add=false` removes the flag(s).
+   */
+  async setFlagsAsync(imap, mailbox, uids, flags, add) {
+    return this.client.request(MAIL_COMMANDS.setFlags, {
+      imap,
+      mailbox,
+      uids,
+      flags,
+      add
+    });
+  }
+  /** Move messages between mailboxes. Falls back to COPY+EXPUNGE on servers without MOVE. */
+  async moveMessagesAsync(imap, sourceMailbox, destinationMailbox, uids) {
+    return this.client.request(MAIL_COMMANDS.moveMessages, {
+      imap,
+      sourceMailbox,
+      destinationMailbox,
+      uids
+    });
+  }
+  /**
+   * APPEND a base64-encoded RFC822 message into a mailbox. Combine
+   * with `buildRfc822Async` to save drafts, or with the bytes returned
+   * after `sendMessageAsync` to mirror the sent copy into "Sent".
+   */
+  async appendMessageAsync(imap, mailbox, rfc822Base64, flags) {
+    return this.client.request(MAIL_COMMANDS.appendMessage, {
+      imap,
+      mailbox,
+      rfc822Base64,
+      flags
+    });
+  }
+  /** Send a message via SMTP. Returns the assigned Message-ID (no angle brackets). */
+  async sendMessageAsync(smtp, message) {
+    return this.client.request(MAIL_COMMANDS.sendMessage, {
+      smtp,
+      message
+    });
+  }
+  /**
+   * Build RFC822 bytes for a message without sending — useful for
+   * drafts that get APPENDed to a "Drafts" folder. Permission-wise
+   * this is a fetch operation (no SMTP host involved).
+   */
+  async buildRfc822Async(imapHost, message) {
+    return this.client.request(MAIL_COMMANDS.buildRfc822, {
+      imapHost,
+      message
+    });
+  }
+};
+
 // src/messages.ts
 var HAEXSPACE_MESSAGE_TYPES = {
   /** Debug message for development/troubleshooting */
   DEBUG: "haexspace:debug",
   /** Console forwarding from extension iframe */
-  CONSOLE_FORWARD: "console.forward"
+  CONSOLE_FORWARD: "console.forward",
+  /**
+   * Sent from main window to iframe on the shared window listener, carrying
+   * one `MessagePort` in `event.ports[0]`. Once received, the SDK switches
+   * to port-based messaging and never reads the window listener again.
+   *
+   * Payload: `{ type: PORT_INIT }` — no data. The port itself is the payload.
+   */
+  PORT_INIT: "haexspace:port:init",
+  /**
+   * Sent from SDK to main window *over the MessagePort* after the port is
+   * installed. Main uses this to mark the iframe as ready and flush any
+   * events buffered during the handshake window. Only valid on the port —
+   * a READY sent over window.postMessage is ignored.
+   *
+   * Payload: `{ type: PORT_READY }` — no data.
+   */
+  PORT_READY: "haexspace:port:ready"
 };
 
 // src/polyfills/consoleForwarding.ts
@@ -1384,6 +1574,7 @@ function parseTableName(fullTableName) {
 }
 
 // src/client/init.ts
+var PORT_HANDSHAKE_TIMEOUT_MS = 1e4;
 function isInIframe() {
   return window.self !== window.top;
 }
@@ -1640,17 +1831,20 @@ async function initIframeMode(ctx, log, messageHandler, request) {
   if (!isInIframe()) {
     throw new HaexVaultSdkError("NOT_IN_IFRAME" /* NOT_IN_IFRAME */, "errors.not_in_iframe");
   }
+  const port = await waitForHostPortAsync(log);
   ctx.handlers.messageHandler = messageHandler;
-  window.addEventListener("message", messageHandler);
+  port.addEventListener("message", messageHandler);
+  port.start();
+  port.postMessage({ type: HAEXSPACE_MESSAGE_TYPES.PORT_READY });
   ctx.state.isNativeWindow = false;
   ctx.state.initialized = true;
-  log("HaexVault SDK initialized in iframe mode");
+  log("HaexVault SDK initialized in iframe mode (MessagePort transport)");
   if (ctx.config.manifest) {
     ctx.state.extensionInfo = {
       publicKey: ctx.config.manifest.publicKey,
       name: ctx.config.manifest.name,
       version: ctx.config.manifest.version,
-      displayName: ctx.config.manifest.name
+      displayName: ctx.config.manifest.displayName ?? ctx.config.manifest.name
     };
     log("Extension info loaded from manifest:", ctx.state.extensionInfo);
   }
@@ -1658,7 +1852,42 @@ async function initIframeMode(ctx, log, messageHandler, request) {
   const context = await request(EXTENSION_COMMANDS.getContext);
   ctx.state.context = context;
   log("Application context received:", context);
-  return { context };
+  return { context, port };
+}
+function waitForHostPortAsync(log) {
+  return new Promise((resolve, reject) => {
+    let settled = false;
+    const cleanup = () => {
+      window.removeEventListener("message", handler);
+    };
+    const timeoutId = setTimeout(() => {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      reject(
+        new HaexVaultSdkError(
+          "TIMEOUT" /* TIMEOUT */,
+          "errors.port_handshake_timeout",
+          { timeout: PORT_HANDSHAKE_TIMEOUT_MS }
+        )
+      );
+    }, PORT_HANDSHAKE_TIMEOUT_MS);
+    const handler = (event) => {
+      const type = event.data?.type;
+      if (type !== HAEXSPACE_MESSAGE_TYPES.PORT_INIT) return;
+      const port = event.ports[0];
+      if (!port) {
+        log("PORT_INIT received but event.ports is empty \u2014 ignoring");
+        return;
+      }
+      if (settled) return;
+      settled = true;
+      clearTimeout(timeoutId);
+      cleanup();
+      resolve(port);
+    };
+    window.addEventListener("message", handler);
+  });
 }
 function sendDebugInfo(config) {
   if (!config.debug) return;
@@ -1682,7 +1911,15 @@ postMessage error: ${e}`);
 function generateRequestId(counter) {
   return `req_${counter}`;
 }
-function sendPostMessage(method, params, requestId, config, extensionInfo, pendingRequests) {
+function sendPostMessage(method, params, requestId, config, extensionInfo, pendingRequests, port) {
+  if (!port) {
+    return Promise.reject(
+      new HaexVaultSdkError(
+        "EXTENSION_NOT_INITIALIZED" /* EXTENSION_NOT_INITIALIZED */,
+        "errors.port_not_connected"
+      )
+    );
+  }
   const request = {
     method,
     params,
@@ -1698,17 +1935,16 @@ function sendPostMessage(method, params, requestId, config, extensionInfo, pendi
       );
     }, config.timeout);
     pendingRequests.set(requestId, { resolve, reject, timeout });
-    const targetOrigin = "*";
     if (config.debug) {
       console.log("[SDK Debug] ========== Sending Request ==========");
       console.log("[SDK Debug] Request ID:", requestId);
       console.log("[SDK Debug] Method:", request.method);
       console.log("[SDK Debug] Params:", request.params);
-      console.log("[SDK Debug] Target origin:", targetOrigin);
+      console.log("[SDK Debug] Transport: MessagePort");
       console.log("[SDK Debug] Extension info:", extensionInfo);
       console.log("[SDK Debug] ========================================");
     }
-    window.parent.postMessage({ id: requestId, ...request }, targetOrigin);
+    port.postMessage({ id: requestId, ...request });
   });
 }
 async function sendInvoke(method, params, config, _log) {
@@ -1727,11 +1963,6 @@ function createMessageHandler(config, pendingRequests, extensionInfo, onEvent) {
   return (event) => {
     if (config.debug) {
       console.log("[SDK Debug] ========== Message Received ==========");
-      console.log("[SDK Debug] Event origin:", event.origin);
-      console.log(
-        "[SDK Debug] Event source:",
-        event.source === window.parent ? "parent window" : "unknown"
-      );
       console.log("[SDK Debug] Event data:", event.data);
       console.log("[SDK Debug] Extension info loaded:", !!extensionInfo());
       console.log(
@@ -1739,12 +1970,6 @@ function createMessageHandler(config, pendingRequests, extensionInfo, onEvent) {
         pendingRequests.size
       );
     }
-    if (event.source !== window.parent) {
-      if (config.debug) {
-        console.error("[SDK Debug] \u274C REJECTED: Message not from parent window!");
-      }
-      return;
-    }
     const data = event.data;
     if ("id" in data && pendingRequests.has(data.id)) {
       if (config.debug) {
@@ -1810,11 +2035,10 @@ function processEvent(event, log, eventListeners, onContextChanged, onExternalRe
   emitEvent(event, log, eventListeners);
 }
 function emitEvent(event, log, eventListeners) {
-  console.log("[HaexVault SDK] emitEvent called with:", event.type, event);
-  console.log("[HaexVault SDK] Registered event types:", Array.from(eventListeners.keys()));
-  log("Event received:", event);
+  log("emitEvent called with:", event.type, event);
+  log("Registered event types:", Array.from(eventListeners.keys()));
   const listeners = eventListeners.get(event.type);
-  console.log("[HaexVault SDK] Listeners for", event.type, ":", listeners?.size ?? 0);
+  log("Listeners for", event.type, ":", listeners?.size ?? 0);
   if (listeners) {
     listeners.forEach((callback) => callback(event));
   }
@@ -1911,9 +2135,9 @@ function registerExternalHandler(action, handler, handlers, log) {
   };
 }
 async function handleExternalRequest(request, handlers, respond, log) {
-  console.log("[SDK Debug] handleExternalRequest called!");
-  console.log("[SDK Debug] Request:", JSON.stringify(request, null, 2));
-  console.log("[SDK Debug] Available handlers:", Array.from(handlers.keys()));
+  log("handleExternalRequest called");
+  log("Request:", request);
+  log("Available handlers:", Array.from(handlers.keys()));
   log(`[ExternalRequest] Received request: ${request.action} from ${request.publicKey.substring(0, 20)}...`);
   const handler = handlers.get(request.action);
   if (!handler) {
@@ -1939,7 +2163,6 @@ async function handleExternalRequest(request, handlers, respond, log) {
   }
 }
 async function respondToExternalRequest(response, request) {
-  console.log("[SDK Debug] respondToExternalRequest called with:", JSON.stringify(response, null, 2));
   await request(EXTERNAL_BRIDGE_COMMANDS.respond, response);
 }
 
@@ -1966,6 +2189,13 @@ var HaexVaultSdk = class {
     this.reactiveSubscribers = /* @__PURE__ */ new Set();
     // Handlers
     this.messageHandler = null;
+    /**
+     * MessagePort obtained from the main window during iframe-mode handshake.
+     * `null` until `initIframe()` completes successfully. Every outbound
+     * request in iframe mode flows through this port; `sendPostMessage` rejects
+     * if called before the handshake finishes.
+     */
+    this.hostPort = null;
     this.setupPromise = null;
     this.setupHook = null;
     // Public APIs
@@ -1990,11 +2220,17 @@ var HaexVaultSdk = class {
     this.localsend = new LocalSendAPI(this);
     this.spaces = new SpacesAPI(this);
     this.shell = new ShellAPI(this);
+    this.passwords = new PasswordsAPI(this);
+    this.mail = new MailAPI(this);
     installConsoleForwarding(this.config.debug);
-    this.readyPromise = new Promise((resolve) => {
+    this.readyPromise = new Promise((resolve, reject) => {
       this.resolveReady = resolve;
+      this.rejectReady = reject;
+    });
+    this.init().catch((error) => {
+      this.log("Init failed:", error);
+      this.rejectReady(error);
     });
-    this.init();
   }
   // ==========================================================================
   // Lifecycle
@@ -2022,9 +2258,14 @@ var HaexVaultSdk = class {
     return this.setupPromise;
   }
   destroy() {
-    if (this.messageHandler) {
-      window.removeEventListener("message", this.messageHandler);
+    if (this.messageHandler && this.hostPort) {
+      this.hostPort.removeEventListener("message", this.messageHandler);
     }
+    if (this.hostPort) {
+      this.hostPort.close();
+      this.hostPort = null;
+    }
+    this.messageHandler = null;
     this.pendingRequests.forEach(({ timeout }) => clearTimeout(timeout));
     this.pendingRequests.clear();
     this.eventListeners.clear();
@@ -2139,7 +2380,15 @@ var HaexVaultSdk = class {
       return sendInvoke(method, paramsWithCredentials, this.config, this.log.bind(this));
     }
     const requestId = generateRequestId(++this.requestCounter);
-    return sendPostMessage(method, resolvedParams, requestId, this.config, this._extensionInfo, this.pendingRequests);
+    return sendPostMessage(
+      method,
+      resolvedParams,
+      requestId,
+      this.config,
+      this._extensionInfo,
+      this.pendingRequests,
+      this.hostPort
+    );
   }
   // ==========================================================================
   // Private: Initialization
@@ -2206,7 +2455,7 @@ var HaexVaultSdk = class {
       () => this._extensionInfo,
       this.handleEvent.bind(this)
     );
-    const { context } = await initIframeMode(
+    const { context, port } = await initIframeMode(
       {
         config: this.config,
         state: {
@@ -2238,12 +2487,13 @@ var HaexVaultSdk = class {
       this.messageHandler,
       this.request.bind(this)
     );
+    this.hostPort = port;
     if (this.config.manifest) {
       this._extensionInfo = {
         publicKey: this.config.manifest.publicKey,
         name: this.config.manifest.name,
         version: this.config.manifest.version,
-        displayName: this.config.manifest.name
+        displayName: this.config.manifest.displayName ?? this.config.manifest.name
       };
       this.notifySubscribersInternal();
     }
@@ -2325,22 +2575,18 @@ var nuxt_plugin_client_default = app.defineNuxtPlugin(async (nuxtApp) => {
     context: client.context
   });
   await client.ready();
-  console.log("[Nuxt Plugin] Client ready, context:", client.context);
   state.value = {
     isReady: true,
     isSetupComplete: false,
     context: client.context
   };
-  console.log("[Nuxt Plugin] Initial state set:", state.value);
   client.subscribe(() => {
-    console.log("[Nuxt Plugin] Client context updated:", client.context);
     const isSetupComplete = client.setupCompleted;
     state.value = {
       ...state.value,
       context: client.context,
       isSetupComplete
     };
-    console.log("[Nuxt Plugin] State updated:", state.value);
   });
   const haexVaultPlugin = {
     client,