@le-space/p2pass 0.1.0

package/dist/identity/signing-preference.js

@@ -0,0 +1,55 @@
+/**
+ * User-selectable signing strategy for OrbitDB WebAuthn DID (hardware Ed25519 / hardware P-256 / worker Ed25519).
+ * Maps to {@link IdentityService} `initialize` options and WebAuthn `forceP256` in the upstream provider.
+ */
+
+export const SIGNING_PREFERENCE_STORAGE_KEY = 'p2p_passkeys_signing_preference';
+
+/** @typedef {'hardware-ed25519' | 'hardware-p256' | 'worker'} SigningPreference */
+
+/** @type {SigningPreference[]} */
+export const SIGNING_PREFERENCE_LIST = ['hardware-ed25519', 'hardware-p256', 'worker'];
+
+/**
+ * @param {unknown} v
+ * @returns {v is SigningPreference}
+ */
+export function isSigningPreference(v) {
+  return v === 'hardware-ed25519' || v === 'hardware-p256' || v === 'worker';
+}
+
+/**
+ * @returns {SigningPreference|null}
+ */
+export function readSigningPreferenceFromStorage() {
+  if (typeof globalThis.localStorage === 'undefined') return null;
+  try {
+    const v = localStorage.getItem(SIGNING_PREFERENCE_STORAGE_KEY);
+    return isSigningPreference(v) ? v : null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * @param {SigningPreference} pref
+ */
+export function writeSigningPreferenceToStorage(pref) {
+  if (typeof globalThis.localStorage === 'undefined') return;
+  try {
+    localStorage.setItem(SIGNING_PREFERENCE_STORAGE_KEY, pref);
+  } catch {
+    /* ignore */
+  }
+}
+
+/**
+ * @param {{ signingPreference?: SigningPreference | null, preferWorkerMode?: boolean }} opts
+ * @returns {SigningPreference}
+ */
+export function resolveSigningPreference(opts) {
+  const { signingPreference, preferWorkerMode } = opts;
+  if (preferWorkerMode) return 'worker';
+  if (signingPreference && isSigningPreference(signingPreference)) return signingPreference;
+  return 'hardware-ed25519';
+}

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+export const VERSION: "0.1.0";
+export { default as StorachaIntegration } from "./ui/StorachaIntegration.svelte";
+export { default as StorachaFab } from "./ui/StorachaFab.svelte";
+export { MultiDeviceManager } from "./registry/manager.js";
+export { IdentityService, hasLocalPasskeyHint } from "./identity/identity-service.js";
+export { detectSigningMode, getStoredSigningMode } from "./identity/mode-detector.js";
+export { SIGNING_PREFERENCE_STORAGE_KEY, SIGNING_PREFERENCE_LIST, isSigningPreference, readSigningPreferenceFromStorage, writeSigningPreferenceToStorage, resolveSigningPreference } from "./identity/signing-preference.js";
+export { createStorachaClient, parseDelegation, storeDelegation, loadStoredDelegation, clearStoredDelegation } from "./ucan/storacha-auth.js";
+export { openDeviceRegistry, registerDevice, listDevices, getDeviceByCredentialId, getDeviceByDID, grantDeviceWriteAccess, revokeDeviceAccess, hashCredentialId, coseToJwk, storeDelegationEntry, listDelegations, getDelegation, removeDelegation, storeArchiveEntry, getArchiveEntry, storeKeypairEntry, getKeypairEntry, listKeypairs } from "./registry/device-registry.js";
+export { LINK_DEVICE_PROTOCOL, registerLinkDeviceHandler, unregisterLinkDeviceHandler, sendPairingRequest, detectDeviceLabel, sortPairingMultiaddrs, filterPairingDialMultiaddrs, pairingFlow, PAIRING_HINT_ADDR_CAP } from "./registry/pairing-protocol.js";
+export { setupP2PStack, createLibp2pInstance, createHeliaInstance, cleanupP2PStack } from "./p2p/setup.js";
+export { listSpaces, getSpaceUsage, listStorachaFiles } from "./ui/storacha-backup.js";
+export { deriveIPNSKeyPair, computeDeterministicPrfSalt, recoverPrfSeed } from "./recovery/ipns-key.js";
+export { createManifest, publishManifest, resolveManifest, resolveManifestByName, uploadArchiveToIPFS, fetchArchiveFromIPFS } from "./recovery/manifest.js";
+export { backupRegistryDb, restoreRegistryDb } from "./backup/registry-backup.js";

package/dist/index.js

@@ -0,0 +1,91 @@
+// @le-space/p2pass — public API
+export const VERSION = '0.1.0';
+
+// UI components
+export { default as StorachaIntegration } from './ui/StorachaIntegration.svelte';
+export { default as StorachaFab } from './ui/StorachaFab.svelte';
+
+// Identity
+export { IdentityService, hasLocalPasskeyHint } from './identity/identity-service.js';
+export { detectSigningMode, getStoredSigningMode } from './identity/mode-detector.js';
+export {
+  SIGNING_PREFERENCE_STORAGE_KEY,
+  SIGNING_PREFERENCE_LIST,
+  isSigningPreference,
+  readSigningPreferenceFromStorage,
+  writeSigningPreferenceToStorage,
+  resolveSigningPreference,
+} from './identity/signing-preference.js';
+
+// UCAN / Storacha auth
+export {
+  createStorachaClient,
+  parseDelegation,
+  storeDelegation,
+  loadStoredDelegation,
+  clearStoredDelegation,
+} from './ucan/storacha-auth.js';
+
+// Registry (multi-device + credential storage)
+export { MultiDeviceManager } from './registry/manager.js';
+export {
+  openDeviceRegistry,
+  registerDevice,
+  listDevices,
+  getDeviceByCredentialId,
+  getDeviceByDID,
+  grantDeviceWriteAccess,
+  revokeDeviceAccess,
+  hashCredentialId,
+  coseToJwk,
+  storeDelegationEntry,
+  listDelegations,
+  getDelegation,
+  removeDelegation,
+  storeArchiveEntry,
+  getArchiveEntry,
+  storeKeypairEntry,
+  getKeypairEntry,
+  listKeypairs,
+} from './registry/device-registry.js';
+export {
+  LINK_DEVICE_PROTOCOL,
+  registerLinkDeviceHandler,
+  unregisterLinkDeviceHandler,
+  sendPairingRequest,
+  detectDeviceLabel,
+  sortPairingMultiaddrs,
+  filterPairingDialMultiaddrs,
+  pairingFlow,
+  PAIRING_HINT_ADDR_CAP,
+} from './registry/pairing-protocol.js';
+
+// P2P stack setup
+export {
+  setupP2PStack,
+  createLibp2pInstance,
+  createHeliaInstance,
+  cleanupP2PStack,
+} from './p2p/setup.js';
+
+// Legacy storacha backup utilities (will be replaced)
+export { listSpaces, getSpaceUsage, listStorachaFiles } from './ui/storacha-backup.js';
+
+// Recovery (IPNS manifest)
+export {
+  deriveIPNSKeyPair,
+  computeDeterministicPrfSalt,
+  recoverPrfSeed,
+} from './recovery/ipns-key.js';
+
+export {
+  createManifest,
+  publishManifest,
+  resolveManifest,
+  resolveManifestByName,
+  uploadArchiveToIPFS,
+  fetchArchiveFromIPFS,
+} from './recovery/manifest.js';
+
+// Backup (registry)
+export { backupRegistryDb, restoreRegistryDb } from './backup/registry-backup.js';

package/dist/p2p/setup.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Create a browser-compatible libp2p instance.
+ *
+ * @param {Object} [options]
+ * @param {string[]} [options.bootstrapList] - Bootstrap peer multiaddrs (defaults to relay from env)
+ * @param {boolean} [options.enablePeerConnections=true] - Auto-dial peers from `peer:discovery`
+ * @returns {Promise<Object>} libp2p instance
+ */
+export function createLibp2pInstance(options?: {
+    bootstrapList?: string[] | undefined;
+    enablePeerConnections?: boolean | undefined;
+}): Promise<Object>;
+/**
+ * Create a Helia IPFS instance with persistent Level storage.
+ *
+ * @param {Object} libp2p - libp2p instance
+ * @param {string} [dbPath] - path prefix for Level storage
+ * @returns {Promise<Object>} Helia instance
+ */
+export function createHeliaInstance(libp2p: Object, dbPath?: string): Promise<Object>;
+/**
+ * Complete OrbitDB setup with WebAuthn identity.
+ *
+ * @param {Object} credential - WebAuthn credential object
+ * @param {Object} [options]
+ * @param {string[]} [options.bootstrapList] - Bootstrap peers
+ * @param {boolean} [options.encryptKeystore] - Enable PRF encryption (default: true)
+ * @param {string} [options.keystoreEncryptionMethod] - 'prf' (default)
+ * @param {string} [options.dbPath] - Level storage path
+ * @returns {Promise<{ orbitdb: Object, ipfs: Object, libp2p: Object, identity: Object }>}
+ */
+export function setupP2PStack(credential: Object, options?: {
+    bootstrapList?: string[] | undefined;
+    encryptKeystore?: boolean | undefined;
+    keystoreEncryptionMethod?: string | undefined;
+    dbPath?: string | undefined;
+}): Promise<{
+    orbitdb: Object;
+    ipfs: Object;
+    libp2p: Object;
+    identity: Object;
+}>;
+/**
+ * Cleanup all P2P resources.
+ *
+ * @param {Object} stack - { orbitdb, ipfs, libp2p }
+ */
+export function cleanupP2PStack(stack: Object): Promise<void>;

package/dist/p2p/setup.js

@@ -0,0 +1,283 @@
+/**
+ * P2P stack setup — libp2p + Helia + OrbitDB for browser environments.
+ *
+ * Relay/bootstrap config ported from NiKrause/simple-todo/src/lib/libp2p-config.js
+ */
+
+import { createOrbitDB, Identities, useIdentityProvider } from '@orbitdb/core';
+import { createLibp2p } from 'libp2p';
+import { createHelia } from 'helia';
+import { circuitRelayTransport } from '@libp2p/circuit-relay-v2';
+import { webSockets } from '@libp2p/websockets';
+import { webRTC, webRTCDirect } from '@libp2p/webrtc';
+import { noise } from '@chainsafe/libp2p-noise';
+import { yamux } from '@chainsafe/libp2p-yamux';
+import { identify, identifyPush } from '@libp2p/identify';
+import { gossipsub } from '@chainsafe/libp2p-gossipsub';
+import { pubsubPeerDiscovery } from '@libp2p/pubsub-peer-discovery';
+import { bootstrap } from '@libp2p/bootstrap';
+import { autoNAT } from '@libp2p/autonat';
+import { dcutr } from '@libp2p/dcutr';
+import { ping } from '@libp2p/ping';
+import { LevelBlockstore } from 'blockstore-level';
+import { LevelDatastore } from 'datastore-level';
+import { OrbitDBWebAuthnIdentityProviderFunction } from '@le-space/orbitdb-identity-provider-webauthn-did';
+
+const parseAddrList = (value) =>
+  (value || '')
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+
+function getEnv(key) {
+  try {
+    return import.meta.env?.[key] || '';
+  } catch {
+    return '';
+  }
+}
+
+function getDefaultBootstrapList() {
+  const seeds = getEnv('VITE_BOOTSTRAP_PEERS');
+  if (seeds) return parseAddrList(seeds);
+  console.warn('[p2p] No VITE_BOOTSTRAP_PEERS set — node will have no relay/bootstrap peers');
+  return [];
+}
+
+const PUBSUB_PEER_DISCOVERY_TOPIC =
+  (typeof import.meta !== 'undefined' && import.meta.env?.VITE_PUBSUB_TOPICS) ||
+  'p2p-passkeys._peer-discovery._p2p._pubsub';
+
+const STUN_SERVERS = [
+  { urls: ['stun:stun.l.google.com:19302', 'stun:global.stun.twilio.com:3478'] },
+];
+
+/** Last `/p2p/<peerId>` segment from each multiaddr — bootstrap list is usually the relay. */
+function peerIdsFromBootstrapMultiaddrs(multiaddrs) {
+  const ids = new Set();
+  for (const ma of multiaddrs) {
+    const parts = String(ma).split('/p2p/');
+    if (parts.length > 1) {
+      const id = parts[parts.length - 1].split('/')[0];
+      if (id) ids.add(id);
+    }
+  }
+  return ids;
+}
+
+function attachRelayConnectionLogging(libp2p, bootstrapMultiaddrs) {
+  const relayPeerIds = peerIdsFromBootstrapMultiaddrs(bootstrapMultiaddrs);
+  if (relayPeerIds.size === 0) return;
+
+  const peerStr = (evt) => evt.detail?.toString?.() ?? String(evt.detail);
+
+  libp2p.addEventListener('peer:connect', (evt) => {
+    const id = peerStr(evt);
+    if (relayPeerIds.has(id)) {
+      console.log('[p2p] Relay (bootstrap) peer connected:', id);
+    }
+  });
+  libp2p.addEventListener('peer:disconnect', (evt) => {
+    const id = peerStr(evt);
+    if (relayPeerIds.has(id)) {
+      console.log('[p2p] Relay (bootstrap) peer disconnected:', id);
+    }
+  });
+}
+
+const rtcConfig = { iceServers: STUN_SERVERS };
+
+/**
+ * Dial peers discovered via pubsub (and other discovery). One `dial(peerId)` per event — libp2p’s
+ * connection manager + peer store pick addresses; looping every multiaddr is redundant and can
+ * amplify failures (e.g. repeated protocol negotiation on bad paths).
+ */
+function attachPeerDiscoveryAutoDial(libp2p, { enablePeerConnections = true } = {}) {
+  if (!enablePeerConnections) return;
+
+  const DIAL_MS = 30_000;
+
+  libp2p.addEventListener('peer:discovery', (event) => {
+    const { id: remotePeerId, multiaddrs } = event.detail || {};
+    if (!remotePeerId) return;
+
+    const self = libp2p.peerId;
+    if (remotePeerId.equals?.(self) || remotePeerId.toString() === self.toString()) return;
+
+    const n = Array.isArray(multiaddrs) ? multiaddrs.length : 0;
+    if (n > 0) {
+      console.log('[p2p] peer:discovery:', remotePeerId.toString(), `(event addrs: ${n})`);
+    }
+
+    const existing = libp2p.getConnections(remotePeerId);
+    const hasDirect = existing?.some((conn) => {
+      const a = conn.remoteAddr?.toString() || '';
+      return !a.includes('/p2p-circuit');
+    });
+    if (hasDirect) return;
+
+    (async () => {
+      try {
+        const signal =
+          typeof AbortSignal !== 'undefined' && AbortSignal.timeout
+            ? AbortSignal.timeout(DIAL_MS)
+            : undefined;
+        await libp2p.dial(remotePeerId, signal ? { signal } : {});
+      } catch (err) {
+        console.warn('[p2p] peer:discovery dial failed:', remotePeerId.toString(), err?.message || err);
+      }
+    })();
+  });
+}
+
+/**
+ * Create a browser-compatible libp2p instance.
+ *
+ * @param {Object} [options]
+ * @param {string[]} [options.bootstrapList] - Bootstrap peer multiaddrs (defaults to relay from env)
+ * @param {boolean} [options.enablePeerConnections=true] - Auto-dial peers from `peer:discovery`
+ * @returns {Promise<Object>} libp2p instance
+ */
+export async function createLibp2pInstance(options = {}) {
+  const { bootstrapList, enablePeerConnections = true } = options;
+  const peers =
+    bootstrapList && bootstrapList.length > 0 ? bootstrapList : getDefaultBootstrapList();
+
+  const peerDiscovery = [
+    pubsubPeerDiscovery({
+      interval: 3_000,
+      topics: [PUBSUB_PEER_DISCOVERY_TOPIC],
+      listenOnly: false,
+    }),
+  ];
+
+  if (peers.length > 0) {
+    peerDiscovery.push(bootstrap({ list: peers }));
+    console.log('[p2p] Bootstrap peers:', peers);
+  }
+
+  const libp2p = await createLibp2p({
+    addresses: {
+      listen: ['/p2p-circuit', '/webrtc'],
+    },
+    transports: [
+      webSockets(),
+      webRTCDirect({ rtcConfiguration: rtcConfig }),
+      webRTC({ rtcConfiguration: rtcConfig }),
+      circuitRelayTransport({ reservationCompletionTimeout: 20_000 }),
+    ],
+    connectionEncrypters: [noise()],
+    streamMuxers: [yamux()],
+    connectionGater: {
+      denyDialMultiaddr: async () => false,
+    },
+    connectionManager: {
+      /** Default 25 can throw `Peer had more than maxPeerAddrsToDial` when the peer store lists many paths (relay + LAN + IPv6). */
+      maxPeerAddrsToDial: 128,
+      inboundStreamProtocolNegotiationTimeout: 10_000,
+      inboundUpgradeTimeout: 10_000,
+      outboundStreamProtocolNegotiationTimeout: 10_000,
+      outboundUpgradeTimeout: 10_000,
+    },
+    peerDiscovery,
+    services: {
+      identify: identify(),
+      identifyPush: identifyPush(),
+      pubsub: gossipsub({
+        emitSelf: true,
+        allowPublishToZeroTopicPeers: true,
+      }),
+      autonat: autoNAT(),
+      dcutr: dcutr(),
+      ping: ping(),
+    },
+  });
+
+  console.log('[p2p] libp2p started, peerId:', libp2p.peerId.toString());
+  attachRelayConnectionLogging(libp2p, peers);
+  attachPeerDiscoveryAutoDial(libp2p, { enablePeerConnections });
+
+  return libp2p;
+}
+
+/**
+ * Create a Helia IPFS instance with persistent Level storage.
+ *
+ * @param {Object} libp2p - libp2p instance
+ * @param {string} [dbPath] - path prefix for Level storage
+ * @returns {Promise<Object>} Helia instance
+ */
+export async function createHeliaInstance(libp2p, dbPath = './p2p-passkeys') {
+  const ipfs = await createHelia({
+    libp2p,
+    blockstore: new LevelBlockstore(`${dbPath}/blocks`),
+    datastore: new LevelDatastore(`${dbPath}/data`),
+  });
+
+  console.log('[p2p] Helia IPFS started');
+  return ipfs;
+}
+
+/**
+ * Complete OrbitDB setup with WebAuthn identity.
+ *
+ * @param {Object} credential - WebAuthn credential object
+ * @param {Object} [options]
+ * @param {string[]} [options.bootstrapList] - Bootstrap peers
+ * @param {boolean} [options.encryptKeystore] - Enable PRF encryption (default: true)
+ * @param {string} [options.keystoreEncryptionMethod] - 'prf' (default)
+ * @param {string} [options.dbPath] - Level storage path
+ * @returns {Promise<{ orbitdb: Object, ipfs: Object, libp2p: Object, identity: Object }>}
+ */
+export async function setupP2PStack(credential, options = {}) {
+  const libp2pNode = options.libp2p || (await createLibp2pInstance(options));
+  const ipfs = await createHeliaInstance(libp2pNode, options.dbPath);
+
+  let identity;
+
+  // Only use WebAuthn identity provider if credential has full properties
+  // (i.e., a live credential from navigator.credentials, not a localStorage restoration)
+  if (credential?.response || credential?.getClientExtensionResults) {
+    useIdentityProvider(OrbitDBWebAuthnIdentityProviderFunction);
+    const identities = await Identities({ ipfs });
+    identity = await identities.createIdentity({
+      provider: OrbitDBWebAuthnIdentityProviderFunction({
+        webauthnCredential: credential,
+        useKeystoreDID: true,
+        keystore: identities.keystore,
+        keystoreKeyType: 'Ed25519',
+        encryptKeystore: options.encryptKeystore !== false,
+        keystoreEncryptionMethod: options.keystoreEncryptionMethod || 'prf',
+      }),
+    });
+    console.log('[p2p] OrbitDB identity created (WebAuthn):', identity.id);
+  } else {
+    console.log('[p2p] Using default OrbitDB identity');
+  }
+
+  const orbitdbOpts = { ipfs };
+  if (identity) {
+    const identities = await Identities({ ipfs });
+    orbitdbOpts.identities = identities;
+    orbitdbOpts.identity = identity;
+  }
+  const orbitdb = await createOrbitDB(orbitdbOpts);
+  console.log('[p2p] OrbitDB started');
+
+  return { orbitdb, ipfs, libp2p: libp2pNode, identity };
+}
+
+/**
+ * Cleanup all P2P resources.
+ *
+ * @param {Object} stack - { orbitdb, ipfs, libp2p }
+ */
+export async function cleanupP2PStack(stack) {
+  try {
+    if (stack.orbitdb) await stack.orbitdb.stop();
+    if (stack.ipfs) await stack.ipfs.stop();
+    console.log('[p2p] Cleanup complete');
+  } catch (err) {
+    console.warn('[p2p] Cleanup error:', err.message);
+  }
+}

package/dist/recovery/ipns-key.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Compute a deterministic PRF salt by hashing "p2p-passkeys:" + hostname.
+ *
+ * The salt is used in the WebAuthn PRF extension so the same passkey on
+ * the same origin always produces the same seed material.
+ *
+ * @returns {Promise<Uint8Array>} 32-byte SHA-256 digest
+ */
+export function computeDeterministicPrfSalt(): Promise<Uint8Array>;
+/**
+ * Derive a deterministic Ed25519 keypair from a PRF seed using HKDF.
+ *
+ * The derivation chain is:
+ *   prfSeed  -->  HKDF(SHA-256, salt=SHA-256(prfSeed)[0:16],
+ *                      info="p2p-passkeys/ipns-key")  -->  32-byte seed
+ *           -->  Ed25519 keypair via libp2p/crypto
+ *
+ * @param {Uint8Array} prfSeed - raw PRF seed bytes
+ * @returns {Promise<{ privateKey: object, publicKey: object }>} libp2p key objects
+ */
+export function deriveIPNSKeyPair(prfSeed: Uint8Array): Promise<{
+    privateKey: object;
+    publicKey: object;
+}>;
+/**
+ * Recover a PRF seed by performing a discoverable-credential WebAuthn
+ * assertion with the PRF extension.
+ *
+ * The browser will show its native passkey picker (no `allowCredentials`),
+ * letting the user choose which credential to authenticate with.
+ *
+ * If the authenticator supports PRF, the raw PRF output is used as the seed.
+ * Otherwise, `rawId` is used as a less-secure fallback.
+ *
+ * @returns {Promise<{ prfSeed: Uint8Array, rawCredentialId: Uint8Array, credential: object }>}
+ */
+export function recoverPrfSeed(): Promise<{
+    prfSeed: Uint8Array;
+    rawCredentialId: Uint8Array;
+    credential: object;
+}>;

package/dist/recovery/ipns-key.js

@@ -0,0 +1,127 @@
+/**
+ * IPNS key derivation from WebAuthn PRF seeds.
+ *
+ * Derives a deterministic Ed25519 keypair suitable for IPNS record
+ * publishing/resolving, using HKDF over the PRF seed extracted during
+ * WebAuthn authentication.
+ *
+ * @module recovery/ipns-key
+ */
+
+import { generateKeyPairFromSeed } from '@libp2p/crypto/keys';
+
+const PREFIX = '[recovery]';
+
+/**
+ * Compute a deterministic PRF salt by hashing "p2p-passkeys:" + hostname.
+ *
+ * The salt is used in the WebAuthn PRF extension so the same passkey on
+ * the same origin always produces the same seed material.
+ *
+ * @returns {Promise<Uint8Array>} 32-byte SHA-256 digest
+ */
+export async function computeDeterministicPrfSalt() {
+  let hostname;
+  try {
+    hostname = location.hostname || 'localhost';
+  } catch {
+    hostname = 'localhost';
+  }
+
+  const input = `p2p-passkeys:${hostname}`;
+  const encoded = new TextEncoder().encode(input);
+  const hash = await crypto.subtle.digest('SHA-256', encoded);
+  return new Uint8Array(hash);
+}
+
+/**
+ * Derive a deterministic Ed25519 keypair from a PRF seed using HKDF.
+ *
+ * The derivation chain is:
+ *   prfSeed  -->  HKDF(SHA-256, salt=SHA-256(prfSeed)[0:16],
+ *                      info="p2p-passkeys/ipns-key")  -->  32-byte seed
+ *           -->  Ed25519 keypair via libp2p/crypto
+ *
+ * @param {Uint8Array} prfSeed - raw PRF seed bytes
+ * @returns {Promise<{ privateKey: object, publicKey: object }>} libp2p key objects
+ */
+export async function deriveIPNSKeyPair(prfSeed) {
+  // Import the PRF seed as HKDF base key material
+  const baseKey = await crypto.subtle.importKey('raw', prfSeed, 'HKDF', false, ['deriveBits']);
+
+  // Derive a salt from the seed itself: SHA-256(prfSeed) truncated to 16 bytes
+  const seedHash = await crypto.subtle.digest('SHA-256', prfSeed);
+  const salt = new Uint8Array(seedHash).slice(0, 16);
+
+  const info = new TextEncoder().encode('p2p-passkeys/ipns-key');
+
+  // Derive 256 bits (32 bytes) of key material
+  const derivedBits = await crypto.subtle.deriveBits(
+    { name: 'HKDF', hash: 'SHA-256', salt, info },
+    baseKey,
+    256
+  );
+
+  const derivedSeed = new Uint8Array(derivedBits);
+
+  // Generate the Ed25519 keypair from the deterministic seed
+  const keyPair = await generateKeyPairFromSeed('Ed25519', derivedSeed);
+
+  console.log(PREFIX, 'Derived IPNS Ed25519 keypair from PRF seed');
+
+  return { privateKey: keyPair, publicKey: keyPair.publicKey };
+}
+
+/**
+ * Recover a PRF seed by performing a discoverable-credential WebAuthn
+ * assertion with the PRF extension.
+ *
+ * The browser will show its native passkey picker (no `allowCredentials`),
+ * letting the user choose which credential to authenticate with.
+ *
+ * If the authenticator supports PRF, the raw PRF output is used as the seed.
+ * Otherwise, `rawId` is used as a less-secure fallback.
+ *
+ * @returns {Promise<{ prfSeed: Uint8Array, rawCredentialId: Uint8Array, credential: object }>}
+ */
+export async function recoverPrfSeed() {
+  const deterministicSalt = await computeDeterministicPrfSalt();
+
+  console.log(PREFIX, 'Initiating discoverable-credential assertion for PRF seed recovery');
+
+  let hostname;
+  try {
+    hostname = location.hostname || 'localhost';
+  } catch {
+    hostname = 'localhost';
+  }
+
+  const assertion = await navigator.credentials.get({
+    publicKey: {
+      challenge: crypto.getRandomValues(new Uint8Array(32)),
+      rpId: hostname,
+      userVerification: 'required',
+      extensions: {
+        prf: { eval: { first: deterministicSalt } },
+      },
+    },
+  });
+
+  const rawCredentialId = new Uint8Array(assertion.rawId);
+
+  // Try to extract PRF result
+  const extResults = assertion.getClientExtensionResults?.();
+  const prfResult = extResults?.prf?.results?.first;
+
+  let prfSeed;
+  if (prfResult) {
+    prfSeed = new Uint8Array(prfResult);
+    console.log(PREFIX, 'PRF seed recovered from authenticator extension');
+  } else {
+    // Fallback: use rawId as seed (less secure but functional)
+    prfSeed = new Uint8Array(assertion.rawId);
+    console.log(PREFIX, 'PRF not available, falling back to rawId as seed');
+  }
+
+  return { prfSeed, rawCredentialId, credential: assertion };
+}