npm - @haex-space/vault-sdk - Versions diffs - 3.0.0 → 3.2.0 - Mend

@haex-space/vault-sdk 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/dist/{client-dpJHb3FP.d.ts → client-GeColu97.d.mts} +270 -2
package/dist/{client-BXtzUBWv.d.mts → client-z1jTcuQE.d.ts} +270 -2
package/dist/index.d.mts +93 -6
package/dist/index.d.ts +93 -6
package/dist/index.js +301 -45
package/dist/index.js.map +1 -1
package/dist/index.mjs +298 -46
package/dist/index.mjs.map +1 -1
package/dist/node.d.mts +1 -1
package/dist/node.d.ts +1 -1
package/dist/nuxt.js +34 -7
package/dist/nuxt.js.map +1 -1
package/dist/nuxt.mjs +34 -7
package/dist/nuxt.mjs.map +1 -1
package/dist/react.d.mts +2 -2
package/dist/react.d.ts +2 -2
package/dist/react.js +294 -44
package/dist/react.js.map +1 -1
package/dist/react.mjs +294 -44
package/dist/react.mjs.map +1 -1
package/dist/runtime/nuxt.plugin.client.d.mts +2 -2
package/dist/runtime/nuxt.plugin.client.d.ts +2 -2
package/dist/runtime/nuxt.plugin.client.js +294 -48
package/dist/runtime/nuxt.plugin.client.js.map +1 -1
package/dist/runtime/nuxt.plugin.client.mjs +294 -48
package/dist/runtime/nuxt.plugin.client.mjs.map +1 -1
package/dist/svelte.d.mts +2 -2
package/dist/svelte.d.ts +2 -2
package/dist/svelte.js +294 -44
package/dist/svelte.js.map +1 -1
package/dist/svelte.mjs +294 -44
package/dist/svelte.mjs.map +1 -1
package/dist/{types-DmCSegdY.d.mts → types-CDMBvvjl.d.mts} +2 -0
package/dist/{types-DmCSegdY.d.ts → types-CDMBvvjl.d.ts} +2 -0
package/dist/vite.js +33 -6
package/dist/vite.js.map +1 -1
package/dist/vite.mjs +33 -6
package/dist/vite.mjs.map +1 -1
package/dist/vue.d.mts +2 -2
package/dist/vue.d.ts +2 -2
package/dist/vue.js +294 -44
package/dist/vue.js.map +1 -1
package/dist/vue.mjs +294 -44
package/dist/vue.mjs.map +1 -1
package/package.json +2 -1

package/dist/svelte.mjs CHANGED Viewed

@@ -267,7 +267,24 @@ var HAEXSPACE_MESSAGE_TYPES = {
   /** Debug message for development/troubleshooting */
   DEBUG: "haexspace:debug",
   /** Console forwarding from extension iframe */
-  CONSOLE_FORWARD: "console.forward"
+  CONSOLE_FORWARD: "console.forward",
+  /**
+   * Sent from main window to iframe on the shared window listener, carrying
+   * one `MessagePort` in `event.ports[0]`. Once received, the SDK switches
+   * to port-based messaging and never reads the window listener again.
+   *
+   * Payload: `{ type: PORT_INIT }` — no data. The port itself is the payload.
+   */
+  PORT_INIT: "haexspace:port:init",
+  /**
+   * Sent from SDK to main window *over the MessagePort* after the port is
+   * installed. Main uses this to mark the iframe as ready and flush any
+   * events buffered during the handshake window. Only valid on the port —
+   * a READY sent over window.postMessage is ignored.
+   *
+   * Payload: `{ type: PORT_READY }` — no data.
+   */
+  PORT_READY: "haexspace:port:ready"
 };
 // src/polyfills/debug.ts
@@ -631,6 +648,40 @@ var SHELL_COMMANDS = {
   close: "extension_shell_close"
 };
+// src/commands/passwords.ts
+var PASSWORD_COMMANDS = {
+  /** List items (no secrets) within the extension's tag scope */
+  list: "extension_password_list",
+  /** Read full item including secrets, by id */
+  read: "extension_password_read",
+  /** Create item — must include >=1 tag in scope */
+  create: "extension_password_create",
+  /** Update item — keeps >=1 tag in scope */
+  update: "extension_password_update",
+  /** Delete item — must be in scope */
+  delete: "extension_password_delete"
+};
+// src/commands/mail.ts
+var MAIL_COMMANDS = {
+  /** LIST mailboxes + optional STATUS counts */
+  listMailboxes: "extension_mail_list_mailboxes",
+  /** Lightweight envelope fetch for list views */
+  fetchEnvelopes: "extension_mail_fetch_envelopes",
+  /** Full message fetch (envelope + body + attachment metadata) */
+  fetchMessage: "extension_mail_fetch_message",
+  /** Set or unset IMAP flags on a UID set */
+  setFlags: "extension_mail_set_flags",
+  /** MOVE messages between mailboxes (COPY+EXPUNGE fallback) */
+  moveMessages: "extension_mail_move_messages",
+  /** APPEND a base64-encoded RFC822 message into a mailbox */
+  appendMessage: "extension_mail_append_message",
+  /** SMTP send. Returns the assigned Message-ID. */
+  sendMessage: "extension_mail_send_message",
+  /** Build RFC822 bytes without sending (for Drafts via APPEND) */
+  buildRfc822: "extension_mail_build_rfc822"
+};
 // src/api/storage.ts
 var StorageAPI = class {
   constructor(client) {
@@ -654,6 +705,12 @@ var StorageAPI = class {
 };
 // src/api/database.ts
+function quoteIdent(identifier) {
+  if (identifier.startsWith('"') && identifier.endsWith('"')) {
+    return identifier;
+  }
+  return `"${identifier.replace(/"/g, '""')}"`;
+}
 var DatabaseAPI = class {
   constructor(client) {
     this.client = client;
@@ -684,11 +741,11 @@ var DatabaseAPI = class {
     });
   }
   async createTable(tableName, columns) {
-    const query = `CREATE TABLE IF NOT EXISTS ${tableName} (${columns})`;
+    const query = `CREATE TABLE IF NOT EXISTS ${quoteIdent(tableName)} (${columns})`;
     await this.execute(query);
   }
   async dropTable(tableName) {
-    const query = `DROP TABLE IF EXISTS ${tableName}`;
+    const query = `DROP TABLE IF EXISTS ${quoteIdent(tableName)}`;
     await this.execute(query);
   }
   /**
@@ -717,18 +774,17 @@ var DatabaseAPI = class {
   async insert(tableName, data) {
     const keys = Object.keys(data);
     const values = Object.values(data);
+    const quotedCols = keys.map(quoteIdent).join(", ");
     const placeholders = keys.map(() => "?").join(", ");
-    const query = `INSERT INTO ${tableName} (${keys.join(
-      ", "
-    )}) VALUES (${placeholders})`;
+    const query = `INSERT INTO ${quoteIdent(tableName)} (${quotedCols}) VALUES (${placeholders})`;
     const result = await this.execute(query, values);
     return result.lastInsertId ?? -1;
   }
   async update(tableName, data, where, whereParams) {
     const keys = Object.keys(data);
     const values = Object.values(data);
-    const setClause = keys.map((key) => `${key} = ?`).join(", ");
-    const query = `UPDATE ${tableName} SET ${setClause} WHERE ${where}`;
+    const setClause = keys.map((key) => `${quoteIdent(key)} = ?`).join(", ");
+    const query = `UPDATE ${quoteIdent(tableName)} SET ${setClause} WHERE ${where}`;
     const result = await this.execute(query, [
       ...values,
       ...whereParams || []
@@ -736,12 +792,12 @@ var DatabaseAPI = class {
     return result.rowsAffected;
   }
   async delete(tableName, where, whereParams) {
-    const query = `DELETE FROM ${tableName} WHERE ${where}`;
+    const query = `DELETE FROM ${quoteIdent(tableName)} WHERE ${where}`;
     const result = await this.execute(query, whereParams);
     return result.rowsAffected;
   }
   async count(tableName, where, whereParams) {
-    const query = where ? `SELECT COUNT(*) as count FROM ${tableName} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${tableName}`;
+    const query = where ? `SELECT COUNT(*) as count FROM ${quoteIdent(tableName)} WHERE ${where}` : `SELECT COUNT(*) as count FROM ${quoteIdent(tableName)}`;
     const result = await this.queryOne(query, whereParams);
     return result?.count ?? 0;
   }
@@ -1563,6 +1619,140 @@ var ShellAPI = class {
   }
 };
+// src/api/passwords.ts
+var PasswordsAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /** List items in scope — summaries only, no secrets. */
+  async listAsync() {
+    return this.client.request(
+      PASSWORD_COMMANDS.list,
+      {}
+    );
+  }
+  /** Read a single item by id with full secrets. */
+  async readAsync(itemId) {
+    return this.client.request(PASSWORD_COMMANDS.read, {
+      itemId
+    });
+  }
+  /**
+   * Create a new password item. `input.tags` must contain at least one
+   * tag within the extension's permission scope, otherwise the write
+   * is rejected as a security violation.
+   *
+   * Returns the new item id.
+   */
+  async createAsync(input) {
+    return this.client.request(PASSWORD_COMMANDS.create, { input });
+  }
+  /**
+   * Update an existing item. The item must already be in scope, and
+   * the new tag set must keep at least one tag in scope (extensions
+   * cannot orphan an item out of their own reach).
+   */
+  async updateAsync(itemId, input) {
+    return this.client.request(PASSWORD_COMMANDS.update, {
+      itemId,
+      input
+    });
+  }
+  /** Delete an item by id. Item must be in scope. */
+  async deleteAsync(itemId) {
+    return this.client.request(PASSWORD_COMMANDS.delete, { itemId });
+  }
+};
+// src/api/mail.ts
+var MailAPI = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * LIST mailboxes for an IMAP account. Pass `includeStatus=true` for
+   * EXISTS/UNSEEN/UIDVALIDITY/UIDNEXT per box (one extra round-trip
+   * per mailbox — fine for typical accounts, expensive for large
+   * trees).
+   */
+  async listMailboxesAsync(imap, options = {}) {
+    return this.client.request(MAIL_COMMANDS.listMailboxes, {
+      imap,
+      reference: options.reference,
+      pattern: options.pattern,
+      includeStatus: options.includeStatus
+    });
+  }
+  /** Fetch lightweight envelopes for a mailbox + range (for list views). */
+  async fetchEnvelopesAsync(imap, mailbox, range) {
+    return this.client.request(
+      MAIL_COMMANDS.fetchEnvelopes,
+      { imap, mailbox, range }
+    );
+  }
+  /** Fetch a full message (envelope + body + attachment metadata) by UID. */
+  async fetchMessageAsync(imap, mailbox, uid) {
+    return this.client.request(MAIL_COMMANDS.fetchMessage, {
+      imap,
+      mailbox,
+      uid
+    });
+  }
+  /**
+   * Set or unset IMAP flags. Use `flags=["\\Seen"]` + `add=true` to
+   * mark messages as read; `add=false` removes the flag(s).
+   */
+  async setFlagsAsync(imap, mailbox, uids, flags, add) {
+    return this.client.request(MAIL_COMMANDS.setFlags, {
+      imap,
+      mailbox,
+      uids,
+      flags,
+      add
+    });
+  }
+  /** Move messages between mailboxes. Falls back to COPY+EXPUNGE on servers without MOVE. */
+  async moveMessagesAsync(imap, sourceMailbox, destinationMailbox, uids) {
+    return this.client.request(MAIL_COMMANDS.moveMessages, {
+      imap,
+      sourceMailbox,
+      destinationMailbox,
+      uids
+    });
+  }
+  /**
+   * APPEND a base64-encoded RFC822 message into a mailbox. Combine
+   * with `buildRfc822Async` to save drafts, or with the bytes returned
+   * after `sendMessageAsync` to mirror the sent copy into "Sent".
+   */
+  async appendMessageAsync(imap, mailbox, rfc822Base64, flags) {
+    return this.client.request(MAIL_COMMANDS.appendMessage, {
+      imap,
+      mailbox,
+      rfc822Base64,
+      flags
+    });
+  }
+  /** Send a message via SMTP. Returns the assigned Message-ID (no angle brackets). */
+  async sendMessageAsync(smtp, message) {
+    return this.client.request(MAIL_COMMANDS.sendMessage, {
+      smtp,
+      message
+    });
+  }
+  /**
+   * Build RFC822 bytes for a message without sending — useful for
+   * drafts that get APPENDed to a "Drafts" folder. Permission-wise
+   * this is a fetch operation (no SMTP host involved).
+   */
+  async buildRfc822Async(imapHost, message) {
+    return this.client.request(MAIL_COMMANDS.buildRfc822, {
+      imapHost,
+      message
+    });
+  }
+};
 // src/client/tableName.ts
 function validatePublicKey(publicKey) {
   if (!publicKey || typeof publicKey !== "string" || publicKey.trim() === "") {
@@ -1649,6 +1839,7 @@ function parseTableName(fullTableName) {
 }
 // src/client/init.ts
+var PORT_HANDSHAKE_TIMEOUT_MS = 1e4;
 function isInIframe() {
   return window.self !== window.top;
 }
@@ -1905,17 +2096,20 @@ async function initIframeMode(ctx, log, messageHandler, request) {
   if (!isInIframe()) {
     throw new HaexVaultSdkError("NOT_IN_IFRAME" /* NOT_IN_IFRAME */, "errors.not_in_iframe");
   }
+  const port = await waitForHostPortAsync(log);
   ctx.handlers.messageHandler = messageHandler;
-  window.addEventListener("message", messageHandler);
+  port.addEventListener("message", messageHandler);
+  port.start();
+  port.postMessage({ type: HAEXSPACE_MESSAGE_TYPES.PORT_READY });
   ctx.state.isNativeWindow = false;
   ctx.state.initialized = true;
-  log("HaexVault SDK initialized in iframe mode");
+  log("HaexVault SDK initialized in iframe mode (MessagePort transport)");
   if (ctx.config.manifest) {
     ctx.state.extensionInfo = {
       publicKey: ctx.config.manifest.publicKey,
       name: ctx.config.manifest.name,
       version: ctx.config.manifest.version,
-      displayName: ctx.config.manifest.name
+      displayName: ctx.config.manifest.displayName ?? ctx.config.manifest.name
     };
     log("Extension info loaded from manifest:", ctx.state.extensionInfo);
   }
@@ -1923,7 +2117,42 @@ async function initIframeMode(ctx, log, messageHandler, request) {
   const context2 = await request(EXTENSION_COMMANDS.getContext);
   ctx.state.context = context2;
   log("Application context received:", context2);
-  return { context: context2 };
+  return { context: context2, port };
+}
+function waitForHostPortAsync(log) {
+  return new Promise((resolve, reject) => {
+    let settled = false;
+    const cleanup = () => {
+      window.removeEventListener("message", handler);
+    };
+    const timeoutId = setTimeout(() => {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      reject(
+        new HaexVaultSdkError(
+          "TIMEOUT" /* TIMEOUT */,
+          "errors.port_handshake_timeout",
+          { timeout: PORT_HANDSHAKE_TIMEOUT_MS }
+        )
+      );
+    }, PORT_HANDSHAKE_TIMEOUT_MS);
+    const handler = (event) => {
+      const type = event.data?.type;
+      if (type !== HAEXSPACE_MESSAGE_TYPES.PORT_INIT) return;
+      const port = event.ports[0];
+      if (!port) {
+        log("PORT_INIT received but event.ports is empty \u2014 ignoring");
+        return;
+      }
+      if (settled) return;
+      settled = true;
+      clearTimeout(timeoutId);
+      cleanup();
+      resolve(port);
+    };
+    window.addEventListener("message", handler);
+  });
 }
 function sendDebugInfo(config) {
   if (!config.debug) return;
@@ -1947,7 +2176,15 @@ postMessage error: ${e}`);
 function generateRequestId(counter) {
   return `req_${counter}`;
 }
-function sendPostMessage(method, params, requestId, config, extensionInfo2, pendingRequests) {
+function sendPostMessage(method, params, requestId, config, extensionInfo2, pendingRequests, port) {
+  if (!port) {
+    return Promise.reject(
+      new HaexVaultSdkError(
+        "EXTENSION_NOT_INITIALIZED" /* EXTENSION_NOT_INITIALIZED */,
+        "errors.port_not_connected"
+      )
+    );
+  }
   const request = {
     method,
     params,
@@ -1963,17 +2200,16 @@ function sendPostMessage(method, params, requestId, config, extensionInfo2, pend
       );
     }, config.timeout);
     pendingRequests.set(requestId, { resolve, reject, timeout });
-    const targetOrigin = "*";
     if (config.debug) {
       console.log("[SDK Debug] ========== Sending Request ==========");
       console.log("[SDK Debug] Request ID:", requestId);
       console.log("[SDK Debug] Method:", request.method);
       console.log("[SDK Debug] Params:", request.params);
-      console.log("[SDK Debug] Target origin:", targetOrigin);
+      console.log("[SDK Debug] Transport: MessagePort");
       console.log("[SDK Debug] Extension info:", extensionInfo2);
       console.log("[SDK Debug] ========================================");
     }
-    window.parent.postMessage({ id: requestId, ...request }, targetOrigin);
+    port.postMessage({ id: requestId, ...request });
   });
 }
 async function sendInvoke(method, params, config, _log) {
@@ -1992,11 +2228,6 @@ function createMessageHandler(config, pendingRequests, extensionInfo2, onEvent)
   return (event) => {
     if (config.debug) {
       console.log("[SDK Debug] ========== Message Received ==========");
-      console.log("[SDK Debug] Event origin:", event.origin);
-      console.log(
-        "[SDK Debug] Event source:",
-        event.source === window.parent ? "parent window" : "unknown"
-      );
       console.log("[SDK Debug] Event data:", event.data);
       console.log("[SDK Debug] Extension info loaded:", !!extensionInfo2());
       console.log(
@@ -2004,12 +2235,6 @@ function createMessageHandler(config, pendingRequests, extensionInfo2, onEvent)
         pendingRequests.size
       );
     }
-    if (event.source !== window.parent) {
-      if (config.debug) {
-        console.error("[SDK Debug] \u274C REJECTED: Message not from parent window!");
-      }
-      return;
-    }
     const data = event.data;
     if ("id" in data && pendingRequests.has(data.id)) {
       if (config.debug) {
@@ -2075,11 +2300,10 @@ function processEvent(event, log, eventListeners, onContextChanged, onExternalRe
   emitEvent(event, log, eventListeners);
 }
 function emitEvent(event, log, eventListeners) {
-  console.log("[HaexVault SDK] emitEvent called with:", event.type, event);
-  console.log("[HaexVault SDK] Registered event types:", Array.from(eventListeners.keys()));
-  log("Event received:", event);
+  log("emitEvent called with:", event.type, event);
+  log("Registered event types:", Array.from(eventListeners.keys()));
   const listeners = eventListeners.get(event.type);
-  console.log("[HaexVault SDK] Listeners for", event.type, ":", listeners?.size ?? 0);
+  log("Listeners for", event.type, ":", listeners?.size ?? 0);
   if (listeners) {
     listeners.forEach((callback) => callback(event));
   }
@@ -2176,9 +2400,9 @@ function registerExternalHandler(action, handler, handlers, log) {
   };
 }
 async function handleExternalRequest(request, handlers, respond, log) {
-  console.log("[SDK Debug] handleExternalRequest called!");
-  console.log("[SDK Debug] Request:", JSON.stringify(request, null, 2));
-  console.log("[SDK Debug] Available handlers:", Array.from(handlers.keys()));
+  log("handleExternalRequest called");
+  log("Request:", request);
+  log("Available handlers:", Array.from(handlers.keys()));
   log(`[ExternalRequest] Received request: ${request.action} from ${request.publicKey.substring(0, 20)}...`);
   const handler = handlers.get(request.action);
   if (!handler) {
@@ -2204,7 +2428,6 @@ async function handleExternalRequest(request, handlers, respond, log) {
   }
 }
 async function respondToExternalRequest(response, request) {
-  console.log("[SDK Debug] respondToExternalRequest called with:", JSON.stringify(response, null, 2));
   await request(EXTERNAL_BRIDGE_COMMANDS.respond, response);
 }
@@ -2231,6 +2454,13 @@ var HaexVaultSdk = class {
     this.reactiveSubscribers = /* @__PURE__ */ new Set();
     // Handlers
     this.messageHandler = null;
+    /**
+     * MessagePort obtained from the main window during iframe-mode handshake.
+     * `null` until `initIframe()` completes successfully. Every outbound
+     * request in iframe mode flows through this port; `sendPostMessage` rejects
+     * if called before the handshake finishes.
+     */
+    this.hostPort = null;
     this.setupPromise = null;
     this.setupHook = null;
     // Public APIs
@@ -2255,11 +2485,17 @@ var HaexVaultSdk = class {
     this.localsend = new LocalSendAPI(this);
     this.spaces = new SpacesAPI(this);
     this.shell = new ShellAPI(this);
+    this.passwords = new PasswordsAPI(this);
+    this.mail = new MailAPI(this);
     installConsoleForwarding(this.config.debug);
-    this.readyPromise = new Promise((resolve) => {
+    this.readyPromise = new Promise((resolve, reject) => {
       this.resolveReady = resolve;
+      this.rejectReady = reject;
+    });
+    this.init().catch((error) => {
+      this.log("Init failed:", error);
+      this.rejectReady(error);
     });
-    this.init();
   }
   // ==========================================================================
   // Lifecycle
@@ -2287,9 +2523,14 @@ var HaexVaultSdk = class {
     return this.setupPromise;
   }
   destroy() {
-    if (this.messageHandler) {
-      window.removeEventListener("message", this.messageHandler);
+    if (this.messageHandler && this.hostPort) {
+      this.hostPort.removeEventListener("message", this.messageHandler);
     }
+    if (this.hostPort) {
+      this.hostPort.close();
+      this.hostPort = null;
+    }
+    this.messageHandler = null;
     this.pendingRequests.forEach(({ timeout }) => clearTimeout(timeout));
     this.pendingRequests.clear();
     this.eventListeners.clear();
@@ -2404,7 +2645,15 @@ var HaexVaultSdk = class {
       return sendInvoke(method, paramsWithCredentials, this.config, this.log.bind(this));
     }
     const requestId = generateRequestId(++this.requestCounter);
-    return sendPostMessage(method, resolvedParams, requestId, this.config, this._extensionInfo, this.pendingRequests);
+    return sendPostMessage(
+      method,
+      resolvedParams,
+      requestId,
+      this.config,
+      this._extensionInfo,
+      this.pendingRequests,
+      this.hostPort
+    );
   }
   // ==========================================================================
   // Private: Initialization
@@ -2471,7 +2720,7 @@ var HaexVaultSdk = class {
       () => this._extensionInfo,
       this.handleEvent.bind(this)
     );
-    const { context: context2 } = await initIframeMode(
+    const { context: context2, port } = await initIframeMode(
       {
         config: this.config,
         state: {
@@ -2503,12 +2752,13 @@ var HaexVaultSdk = class {
       this.messageHandler,
       this.request.bind(this)
     );
+    this.hostPort = port;
     if (this.config.manifest) {
       this._extensionInfo = {
         publicKey: this.config.manifest.publicKey,
         name: this.config.manifest.name,
         version: this.config.manifest.version,
-        displayName: this.config.manifest.name
+        displayName: this.config.manifest.displayName ?? this.config.manifest.name
       };
       this.notifySubscribersInternal();
     }