@le-space/p2pass 0.2.0 → 0.3.1

package/dist/index.d.ts

@@ -1,12 +1,13 @@
-export const VERSION: "0.1.0";
-export { default as StorachaIntegration } from "./ui/StorachaIntegration.svelte";
-export { default as StorachaFab } from "./ui/StorachaFab.svelte";
+export const VERSION: "0.3.1";
 export { MultiDeviceManager } from "./registry/manager.js";
+import StorachaIntegration from './ui/StorachaIntegration.svelte';
+import StorachaFab from './ui/StorachaFab.svelte';
+export { StorachaIntegration, StorachaFab };
 export { IdentityService, hasLocalPasskeyHint } from "./identity/identity-service.js";
 export { detectSigningMode, getStoredSigningMode } from "./identity/mode-detector.js";
 export { SIGNING_PREFERENCE_STORAGE_KEY, SIGNING_PREFERENCE_LIST, isSigningPreference, readSigningPreferenceFromStorage, writeSigningPreferenceToStorage, resolveSigningPreference } from "./identity/signing-preference.js";
-export { createStorachaClient, parseDelegation, storeDelegation, loadStoredDelegation, clearStoredDelegation } from "./ucan/storacha-auth.js";
-export { openDeviceRegistry, registerDevice, listDevices, getDeviceByCredentialId, getDeviceByDID, grantDeviceWriteAccess, revokeDeviceAccess, hashCredentialId, coseToJwk, storeDelegationEntry, listDelegations, getDelegation, removeDelegation, storeArchiveEntry, getArchiveEntry, storeKeypairEntry, getKeypairEntry, listKeypairs } from "./registry/device-registry.js";
+export { createStorachaClient, parseDelegation, storeDelegation, loadStoredDelegation, clearStoredDelegation, formatDelegationsTooltipSummary } from "./ucan/storacha-auth.js";
+export { openDeviceRegistry, registerDevice, listDevices, getDeviceByCredentialId, getDeviceByDID, grantDeviceWriteAccess, revokeDeviceAccess, removeDeviceEntry, delegationCountForDevice, delegationsEntriesForDevice, hashCredentialId, coseToJwk, storeDelegationEntry, listDelegations, getDelegation, removeDelegation, storeArchiveEntry, getArchiveEntry, storeKeypairEntry, getKeypairEntry, listKeypairs } from "./registry/device-registry.js";
 export { LINK_DEVICE_PROTOCOL, registerLinkDeviceHandler, unregisterLinkDeviceHandler, sendPairingRequest, detectDeviceLabel, sortPairingMultiaddrs, filterPairingDialMultiaddrs, pairingFlow, PAIRING_HINT_ADDR_CAP } from "./registry/pairing-protocol.js";
 export { setupP2PStack, createLibp2pInstance, createHeliaInstance, cleanupP2PStack } from "./p2p/setup.js";
 export { listSpaces, getSpaceUsage, listStorachaFiles } from "./ui/storacha-backup.js";

package/dist/index.js

@@ -1,9 +1,10 @@
 // @le-space/p2pass — public API
-export const VERSION = '0.1.0';
+export const VERSION = '0.3.1';
 
-// UI components
-export { default as StorachaIntegration } from './ui/StorachaIntegration.svelte';
-export { default as StorachaFab } from './ui/StorachaFab.svelte';
+// Explicit default bindings (not `export { default as X } from`) — avoids star-export / default resolution errors in Vite.
+import StorachaIntegration from './ui/StorachaIntegration.svelte';
+import StorachaFab from './ui/StorachaFab.svelte';
+export { StorachaIntegration, StorachaFab };
 
 // Identity
 export { IdentityService, hasLocalPasskeyHint } from './identity/identity-service.js';
@@ -24,6 +25,7 @@ export {
   storeDelegation,
   loadStoredDelegation,
   clearStoredDelegation,
+  formatDelegationsTooltipSummary,
 } from './ucan/storacha-auth.js';
 
 // Registry (multi-device + credential storage)
@@ -36,6 +38,9 @@ export {
   getDeviceByDID,
   grantDeviceWriteAccess,
   revokeDeviceAccess,
+  removeDeviceEntry,
+  delegationCountForDevice,
+  delegationsEntriesForDevice,
   hashCredentialId,
   coseToJwk,
   storeDelegationEntry,

package/dist/registry/device-registry.d.ts

@@ -23,7 +23,7 @@ export function openDeviceRegistry(orbitdb: Object, ownerIdentityId: string, add
 /**
  * Register a device entry in the registry.
  * @param {Object} db - OrbitDB KV database
- * @param {Object} entry - { credential_id, public_key, device_label, created_at, status, ed25519_did }
+ * @param {Object} entry - { credential_id, public_key, device_label, created_at, status, ed25519_did, passkey_kind? }
  */
 export function registerDevice(db: Object, entry: Object): Promise<void>;
 /**
@@ -58,14 +58,46 @@ export function grantDeviceWriteAccess(db: Object, did: string): Promise<void>;
  * @param {string} did - Ed25519 DID to revoke
  */
 export function revokeDeviceAccess(db: Object, did: string): Promise<void>;
+/**
+ * Revoke a device's write access and remove its registry row (OrbitDB KV key).
+ *
+ * @param {Object} db - OrbitDB KV database
+ * @param {string} credentialId - device entry credential_id (same string used at registration)
+ * @returns {Promise<boolean>} true if an entry was removed
+ */
+export function removeDeviceEntry(db: Object, credentialId: string): Promise<boolean>;
+/**
+ * UCAN delegations attributed to a device (stored_by_did). Entries without stored_by_did count toward ownerDidForLegacy only.
+ *
+ * @param {Array<{ stored_by_did?: string }>} delegations
+ * @param {string} deviceDid
+ * @param {string} [ownerDidForLegacy]
+ * @returns {number}
+ */
+export function delegationCountForDevice(delegations: Array<{
+    stored_by_did?: string;
+}>, deviceDid: string, ownerDidForLegacy?: string): number;
+/**
+ * Registry delegation rows attributed to a device (same rules as {@link delegationCountForDevice}).
+ *
+ * @param {Array<{ stored_by_did?: string, delegation?: string }>} delegations
+ * @param {string} deviceDid
+ * @param {string} [ownerDidForLegacy]
+ * @returns {Array<Record<string, unknown>>}
+ */
+export function delegationsEntriesForDevice(delegations: Array<{
+    stored_by_did?: string;
+    delegation?: string;
+}>, deviceDid: string, ownerDidForLegacy?: string): Array<Record<string, unknown>>;
 /**
  * Store a UCAN delegation in the registry.
  * @param {Object} db - OrbitDB KV database
  * @param {string} delegationBase64 - raw delegation string
  * @param {string} [spaceDid] - Storacha space DID
  * @param {string} [label] - human-readable label
+ * @param {string} [storedByDid] - Ed25519 DID of the device that stored this delegation (for per-device UI)
  */
-export function storeDelegationEntry(db: Object, delegationBase64: string, spaceDid?: string, label?: string): Promise<void>;
+export function storeDelegationEntry(db: Object, delegationBase64: string, spaceDid?: string, label?: string, storedByDid?: string): Promise<void>;
 /**
  * List all stored UCAN delegations.
  * @param {Object} db - OrbitDB KV database

package/dist/registry/device-registry.js

@@ -81,7 +81,7 @@ export async function openDeviceRegistry(orbitdb, ownerIdentityId, address = nul
 /**
  * Register a device entry in the registry.
  * @param {Object} db - OrbitDB KV database
- * @param {Object} entry - { credential_id, public_key, device_label, created_at, status, ed25519_did }
+ * @param {Object} entry - { credential_id, public_key, device_label, created_at, status, ed25519_did, passkey_kind? }
  */
 export async function registerDevice(db, entry) {
   const key = await hashCredentialId(entry.credential_id);
@@ -153,6 +153,72 @@ export async function revokeDeviceAccess(db, did) {
   }
 }
 
+/**
+ * Revoke a device's write access and remove its registry row (OrbitDB KV key).
+ *
+ * @param {Object} db - OrbitDB KV database
+ * @param {string} credentialId - device entry credential_id (same string used at registration)
+ * @returns {Promise<boolean>} true if an entry was removed
+ */
+export async function removeDeviceEntry(db, credentialId) {
+  const key = await hashCredentialId(credentialId);
+  const entry = await db.get(key);
+  if (!entry) return false;
+  const did = entry.ed25519_did;
+  try {
+    if (did) await db.access.revoke('write', did);
+  } catch (err) {
+    console.warn('[device-registry] revoke write before del:', err?.message);
+  }
+  await db.del(key);
+  return true;
+}
+
+/**
+ * UCAN delegations attributed to a device (stored_by_did). Entries without stored_by_did count toward ownerDidForLegacy only.
+ *
+ * @param {Array<{ stored_by_did?: string }>} delegations
+ * @param {string} deviceDid
+ * @param {string} [ownerDidForLegacy]
+ * @returns {number}
+ */
+export function delegationCountForDevice(delegations, deviceDid, ownerDidForLegacy) {
+  if (!deviceDid) return 0;
+  let n = 0;
+  for (const d of delegations) {
+    if (d.stored_by_did === deviceDid) n++;
+  }
+  if (ownerDidForLegacy && deviceDid === ownerDidForLegacy) {
+    for (const d of delegations) {
+      if (!d.stored_by_did) n++;
+    }
+  }
+  return n;
+}
+
+/**
+ * Registry delegation rows attributed to a device (same rules as {@link delegationCountForDevice}).
+ *
+ * @param {Array<{ stored_by_did?: string, delegation?: string }>} delegations
+ * @param {string} deviceDid
+ * @param {string} [ownerDidForLegacy]
+ * @returns {Array<Record<string, unknown>>}
+ */
+export function delegationsEntriesForDevice(delegations, deviceDid, ownerDidForLegacy) {
+  if (!deviceDid) return [];
+  /** @type {Array<Record<string, unknown>>} */
+  const out = [];
+  for (const d of delegations) {
+    if (d.stored_by_did === deviceDid) out.push(d);
+  }
+  if (ownerDidForLegacy && deviceDid === ownerDidForLegacy) {
+    for (const d of delegations) {
+      if (!d.stored_by_did) out.push(d);
+    }
+  }
+  return out;
+}
+
 // ---------------------------------------------------------------------------
 // UCAN delegation entries
 // ---------------------------------------------------------------------------
@@ -163,8 +229,9 @@ export async function revokeDeviceAccess(db, did) {
  * @param {string} delegationBase64 - raw delegation string
  * @param {string} [spaceDid] - Storacha space DID
  * @param {string} [label] - human-readable label
+ * @param {string} [storedByDid] - Ed25519 DID of the device that stored this delegation (for per-device UI)
  */
-export async function storeDelegationEntry(db, delegationBase64, spaceDid, label) {
+export async function storeDelegationEntry(db, delegationBase64, spaceDid, label, storedByDid) {
   const hash = await hashCredentialId(delegationBase64);
   const key = `delegation:${hash}`;
   await db.put(key, {
@@ -172,6 +239,7 @@ export async function storeDelegationEntry(db, delegationBase64, spaceDid, label
     space_did: spaceDid || '',
     label: label || 'default',
     created_at: Date.now(),
+    stored_by_did: storedByDid || '',
   });
 }
 

package/dist/registry/index.d.ts

@@ -1,3 +1,3 @@
 export { MultiDeviceManager } from "./manager.js";
-export { openDeviceRegistry, registerDevice, listDevices, getDeviceByCredentialId, getDeviceByDID, grantDeviceWriteAccess, revokeDeviceAccess, hashCredentialId, coseToJwk, storeDelegationEntry, listDelegations, getDelegation, removeDelegation, storeArchiveEntry, getArchiveEntry, storeKeypairEntry, getKeypairEntry, listKeypairs } from "./device-registry.js";
+export { openDeviceRegistry, registerDevice, listDevices, getDeviceByCredentialId, getDeviceByDID, grantDeviceWriteAccess, revokeDeviceAccess, removeDeviceEntry, delegationCountForDevice, delegationsEntriesForDevice, hashCredentialId, coseToJwk, storeDelegationEntry, listDelegations, getDelegation, removeDelegation, storeArchiveEntry, getArchiveEntry, storeKeypairEntry, getKeypairEntry, listKeypairs } from "./device-registry.js";
 export { LINK_DEVICE_PROTOCOL, registerLinkDeviceHandler, unregisterLinkDeviceHandler, sendPairingRequest, detectDeviceLabel, sortPairingMultiaddrs, filterPairingDialMultiaddrs, pairingFlow, PAIRING_HINT_ADDR_CAP } from "./pairing-protocol.js";

package/dist/registry/index.js

@@ -13,6 +13,9 @@ export {
   getDeviceByDID,
   grantDeviceWriteAccess,
   revokeDeviceAccess,
+  removeDeviceEntry,
+  delegationCountForDevice,
+  delegationsEntriesForDevice,
   hashCredentialId,
   coseToJwk,
   // Delegation storage

package/dist/registry/manager.d.ts

@@ -59,6 +59,11 @@ export class MultiDeviceManager {
     listDevices(): Promise<any[]>;
     syncDevices(): Promise<void>;
     revokeDevice(did: any): Promise<void>;
+    /**
+     * Remove a device row from the registry and revoke its OrbitDB write access.
+     * @param {string} credentialId - value stored as device entry `credential_id`
+     */
+    removeLinkedDevice(credentialId: string): Promise<boolean>;
     processIncomingPairingRequest(requestMsg: any): Promise<{
         type: string;
         orbitdbAddress: any;

package/dist/registry/manager.js

@@ -13,6 +13,7 @@ import {
   getDeviceByDID,
   grantDeviceWriteAccess,
   revokeDeviceAccess,
+  removeDeviceEntry,
   coseToJwk,
 } from './device-registry.js';
 
@@ -140,6 +141,7 @@ export class MultiDeviceManager {
       created_at: Date.now(),
       status: 'active',
       ed25519_did: this._identity.id,
+      passkey_kind: this._identity.passkeyKind || null,
     });
 
     await this.syncDevices();
@@ -247,6 +249,7 @@ export class MultiDeviceManager {
           this._credential?.credentialId || this._credential?.id || this._libp2p.peerId.toString(),
         publicKey: null,
         deviceLabel: detectDeviceLabel(),
+        passkeyKind: this._identity.passkeyKind || null,
       },
       multiaddrs
     );
@@ -325,6 +328,15 @@ export class MultiDeviceManager {
     await revokeDeviceAccess(this._devicesDb, did);
   }
 
+  /**
+   * Remove a device row from the registry and revoke its OrbitDB write access.
+   * @param {string} credentialId - value stored as device entry `credential_id`
+   */
+  async removeLinkedDevice(credentialId) {
+    if (!this._devicesDb) throw new Error('Device registry not initialized');
+    return removeDeviceEntry(this._devicesDb, credentialId);
+  }
+
   async processIncomingPairingRequest(requestMsg) {
     if (!this._devicesDb) throw new Error('Device registry not initialized');
     const { identity } = requestMsg;
@@ -348,6 +360,7 @@ export class MultiDeviceManager {
         created_at: Date.now(),
         status: 'active',
         ed25519_did: identity.id,
+        passkey_kind: identity.passkeyKind || null,
       });
       return { type: 'granted', orbitdbAddress: this._dbAddress };
     }

package/dist/registry/pairing-protocol.d.ts

@@ -42,7 +42,7 @@ export function detectDeviceLabel(): string;
  *
  * @param {Object} libp2p - libp2p instance (Device B)
  * @param {string|Object} deviceAPeerId - peerId string or PeerId object of Device A
- * @param {Object} identity - { id, credentialId, publicKey?, deviceLabel? }
+ * @param {Object} identity - { id, credentialId, publicKey?, deviceLabel?, passkeyKind? }
  * @param {string[]} [hintMultiaddrs] - Known multiaddrs for Device A (from QR payload)
  * @returns {Promise<{type: 'granted', orbitdbAddress: string}|{type: 'rejected', reason: string}>}
  */

package/dist/registry/pairing-protocol.js

@@ -4,7 +4,7 @@
  * Protocol: /orbitdb/link-device/1.0.0
  *
  * Message flow:
- *   Device B → Device A: { type: 'request', identity: { id, credentialId, deviceLabel } }
+ *   Device B → Device A: { type: 'request', identity: { id, credentialId, deviceLabel, passkeyKind?, ... } }
  *   Device A → Device B: { type: 'granted', orbitdbAddress } | { type: 'rejected', reason }
  *
  * Copied from orbitdb-identity-provider-webauthn-did/src/multi-device/pairing-protocol.js
@@ -330,12 +330,14 @@ export async function registerLinkDeviceHandler(libp2p, db, onRequest, onDeviceL
           result = { type: 'granted', orbitdbAddress: db.address };
           if (isKnown && onDeviceLinked) {
             onDeviceLinked({
+              ...isKnown,
               credential_id: identity.credentialId,
-              public_key: identity.publicKey || null,
-              device_label: identity.deviceLabel || 'Linked Device',
+              public_key: identity.publicKey ?? isKnown.public_key ?? null,
+              device_label: identity.deviceLabel || isKnown.device_label || 'Linked Device',
               created_at: isKnown.created_at || Date.now(),
               status: 'active',
               ed25519_did: identity.id,
+              passkey_kind: identity.passkeyKind || isKnown.passkey_kind || null,
             });
           }
         } else {
@@ -365,6 +367,7 @@ export async function registerLinkDeviceHandler(libp2p, db, onRequest, onDeviceL
               created_at: Date.now(),
               status: 'active',
               ed25519_did: identity.id,
+              passkey_kind: identity.passkeyKind || null,
             };
             try {
               await registerDevice(db, deviceEntry);
@@ -528,7 +531,7 @@ export function detectDeviceLabel() {
  *
  * @param {Object} libp2p - libp2p instance (Device B)
  * @param {string|Object} deviceAPeerId - peerId string or PeerId object of Device A
- * @param {Object} identity - { id, credentialId, publicKey?, deviceLabel? }
+ * @param {Object} identity - { id, credentialId, publicKey?, deviceLabel?, passkeyKind? }
  * @param {string[]} [hintMultiaddrs] - Known multiaddrs for Device A (from QR payload)
  * @returns {Promise<{type: 'granted', orbitdbAddress: string}|{type: 'rejected', reason: string}>}
  */
@@ -628,6 +631,7 @@ export async function sendPairingRequest(libp2p, deviceAPeerId, identity, hintMu
       credentialId: identity.credentialId,
       publicKey: identity.publicKey || null,
       deviceLabel: identity.deviceLabel || detectDeviceLabel(),
+      passkeyKind: identity.passkeyKind || null,
     },
   };
   pairingFlow('BOB', 'sending link-device REQUEST (length-prefixed JSON) to Alice', {

package/dist/ucan/storacha-auth.d.ts

@@ -24,8 +24,9 @@ export function parseDelegation(proofString: string): Promise<any>;
  * @param {string} delegationBase64
  * @param {Object} [registryDb] - OrbitDB registry database
  * @param {string} [spaceDid] - Storacha space DID (for registry metadata)
+ * @param {string} [storedByDid] - device DID that imported the delegation (per-device counts in UI)
  */
-export function storeDelegation(delegationBase64: string, registryDb?: Object, spaceDid?: string): Promise<void>;
+export function storeDelegation(delegationBase64: string, registryDb?: Object, spaceDid?: string, storedByDid?: string): Promise<void>;
 /**
  * Load a stored delegation string.
  * Reads from registry DB if provided, otherwise localStorage.
@@ -43,3 +44,15 @@ export function loadStoredDelegation(registryDb?: Object): Promise<string | null
  * @param {string} [delegationBase64] - specific delegation to remove (if omitted, removes all)
  */
 export function clearStoredDelegation(registryDb?: Object, delegationBase64?: string): Promise<void>;
+/**
+ * Multi-line text suitable for a native HTML `title` on the linked-device UCAN badge.
+ * Parses each stored delegation via {@link parseDelegation}.
+ *
+ * @param {Array<{ delegation?: string, space_did?: string, label?: string }>} entries
+ * @returns {Promise<string>}
+ */
+export function formatDelegationsTooltipSummary(entries: Array<{
+    delegation?: string;
+    space_did?: string;
+    label?: string;
+}>): Promise<string>;

package/dist/ucan/storacha-auth.js

@@ -98,11 +98,12 @@ export async function parseDelegation(proofString) {
  * @param {string} delegationBase64
  * @param {Object} [registryDb] - OrbitDB registry database
  * @param {string} [spaceDid] - Storacha space DID (for registry metadata)
+ * @param {string} [storedByDid] - device DID that imported the delegation (per-device counts in UI)
  */
-export async function storeDelegation(delegationBase64, registryDb, spaceDid) {
+export async function storeDelegation(delegationBase64, registryDb, spaceDid, storedByDid) {
   if (registryDb) {
     try {
-      await storeDelegationEntry(registryDb, delegationBase64, spaceDid);
+      await storeDelegationEntry(registryDb, delegationBase64, spaceDid, undefined, storedByDid);
       console.log('[storacha] Delegation stored in registry DB');
       return;
     } catch (err) {
@@ -162,3 +163,120 @@ export async function clearStoredDelegation(registryDb, delegationBase64) {
     localStorage.removeItem(STORAGE_KEY_DELEGATION);
   }
 }
+
+/** Max characters for native `title` tooltips (browser-dependent display). */
+const DELEGATION_TOOLTIP_MAX = 1200;
+
+/**
+ * @param {string} s
+ * @param {number} max
+ */
+function truncateMiddle(s, max) {
+  if (s.length <= max) return s;
+  const half = Math.floor((max - 1) / 2);
+  return `${s.slice(0, half)}…${s.slice(s.length - half)}`;
+}
+
+/**
+ * @param {unknown} p - UCANTO principal or string
+ */
+function principalDid(p) {
+  if (p == null) return '—';
+  if (typeof p === 'string') return p;
+  if (typeof p === 'object' && p !== null && 'did' in p && typeof p.did === 'function') {
+    try {
+      return /** @type {{ did: () => string }} */ (p).did();
+    } catch {
+      return String(p);
+    }
+  }
+  return String(p);
+}
+
+/**
+ * @param {unknown} exp - UCAN expiration (seconds or ms since epoch)
+ */
+function formatUcanExpiration(exp) {
+  if (exp == null) return null;
+  const n = typeof exp === 'bigint' ? Number(exp) : Number(exp);
+  if (!Number.isFinite(n) || n <= 0) return null;
+  const ms = n > 1e12 ? n : n * 1000;
+  try {
+    return new Date(ms).toUTCString();
+  } catch {
+    return String(exp);
+  }
+}
+
+/**
+ * @param {any} d - Parsed delegation from {@link parseDelegation}
+ * @returns {string}
+ */
+function summarizeParsedDelegationForTooltip(d) {
+  const lines = [];
+  lines.push(`Issuer: ${truncateMiddle(principalDid(d?.issuer), 64)}`);
+  lines.push(`Audience: ${truncateMiddle(principalDid(d?.audience), 64)}`);
+  const expStr = formatUcanExpiration(d?.expiration);
+  if (expStr) lines.push(`Expires: ${expStr}`);
+  const nbStr = formatUcanExpiration(d?.notBefore);
+  if (nbStr) lines.push(`Not before: ${nbStr}`);
+  const caps = d?.capabilities;
+  if (Array.isArray(caps) && caps.length > 0) {
+    const shown = caps.slice(0, 6).map((c) => {
+      const can = c?.can ?? '?';
+      const w = c?.with != null ? String(c.with) : '—';
+      return `${can} → ${truncateMiddle(w, 48)}`;
+    });
+    let capBlock = shown.join('\n');
+    if (caps.length > 6) capBlock += `\n… +${caps.length - 6} more`;
+    lines.push(`Capabilities:\n${capBlock}`);
+  }
+  const facts = d?.facts;
+  if (Array.isArray(facts) && facts.length > 0) {
+    lines.push(`Facts: ${facts.length} attached`);
+  }
+  try {
+    if (d?.cid != null) lines.push(`Root CID: ${truncateMiddle(String(d.cid), 72)}`);
+  } catch {
+    /* ignore */
+  }
+  return lines.join('\n');
+}
+
+/**
+ * Multi-line text suitable for a native HTML `title` on the linked-device UCAN badge.
+ * Parses each stored delegation via {@link parseDelegation}.
+ *
+ * @param {Array<{ delegation?: string, space_did?: string, label?: string }>} entries
+ * @returns {Promise<string>}
+ */
+export async function formatDelegationsTooltipSummary(entries) {
+  if (!Array.isArray(entries) || entries.length === 0) {
+    return 'No UCAN delegations';
+  }
+  const blocks = [];
+  for (let i = 0; i < entries.length; i++) {
+    const e = entries[i];
+    const raw = e?.delegation;
+    if (typeof raw !== 'string' || !raw.trim()) continue;
+    let head =
+      entries.length > 1 ? `Delegation ${i + 1} of ${entries.length}` : 'UCAN delegation';
+    if (e.space_did) head += ` · Space ${truncateMiddle(e.space_did, 40)}`;
+    if (e.label && e.label !== 'default') head += ` · ${e.label}`;
+    try {
+      const parsed = await parseDelegation(raw);
+      blocks.push(`${head}\n${summarizeParsedDelegationForTooltip(parsed)}`);
+    } catch (err) {
+      const msg =
+        err && typeof err === 'object' && 'message' in err
+          ? String(/** @type {{ message: string }} */ (err).message)
+          : String(err);
+      blocks.push(`${head}\n(parse failed: ${truncateMiddle(msg, 100)})`);
+    }
+  }
+  if (blocks.length === 0) return 'No valid delegation payloads';
+  const joined = blocks.join('\n\n────────\n\n');
+  return joined.length > DELEGATION_TOOLTIP_MAX
+    ? truncateMiddle(joined, DELEGATION_TOOLTIP_MAX)
+    : joined;
+}

package/dist/ui/StorachaFab.svelte

@@ -13,16 +13,41 @@
     libp2p = null,
     preferWorkerMode = false,
     signingPreference = null,
+    /** When false, hide the floating FAB (e.g. host app opens the panel from the footer). */
+    fabVisible = true,
+    /**
+     * When set, panel open state is synced with this store so the host can toggle from a footer control.
+     * @type {import('svelte/store').Writable<boolean> | null}
+     */
+    panelOpenStore = null,
   } = $props();
 
   let showPanel = $state(false);
   let isHovered = $state(false);
+
+  function setPanelOpen(/** @type {boolean} */ v) {
+    showPanel = v;
+    panelOpenStore?.set(v);
+  }
+
+  function togglePanel() {
+    setPanelOpen(!showPanel);
+  }
+
+  $effect(() => {
+    if (!panelOpenStore) return;
+    const unsub = panelOpenStore.subscribe((v) => {
+      showPanel = v;
+    });
+    return unsub;
+  });
 </script>
 
 <!-- Floating Storacha FAB Button -->
+{#if fabVisible}
 <button
   data-testid="storacha-fab-toggle"
-  onclick={() => (showPanel = !showPanel)}
+  onclick={() => togglePanel()}
   onmouseenter={() => (isHovered = true)}
   onmouseleave={() => (isHovered = false)}
   title={showPanel ? 'Hide P2Pass panel' : 'Open P2Pass — passkey & UCAN, peer-to-peer'}
@@ -84,13 +109,14 @@
     />
   </svg>
 </button>
+{/if}
 
 <!-- Backdrop overlay -->
 {#if showPanel}
   <!-- svelte-ignore a11y_no_noninteractive_element_interactions -->
   <div
-    onclick={() => (showPanel = false)}
-    onkeydown={(e) => e.key === 'Escape' && (showPanel = false)}
+    onclick={() => setPanelOpen(false)}
+    onkeydown={(e) => e.key === 'Escape' && setPanelOpen(false)}
     role="presentation"
     style="
 			position: fixed;
@@ -125,7 +151,7 @@
     {onBackup}
     {onAuthenticate}
     onPairingPromptOpen={() => {
-      showPanel = true;
+      setPanelOpen(true);
     }}
     {libp2p}
     {preferWorkerMode}