@membox-cloud/membox 0.1.0

package/dist/src/store/keychain.d.ts

@@ -0,0 +1,26 @@
+export declare const INSECURE_FILE_KEYCHAIN_ENV = "MEMBOX_ALLOW_INSECURE_FILE_KEYCHAIN";
+export declare function storeBytes(account: string, data: Uint8Array): Promise<void>;
+export declare function getBytes(account: string): Promise<Uint8Array | null>;
+export declare function storeString(account: string, value: string): Promise<void>;
+export declare function getString(account: string): Promise<string | null>;
+export declare function deleteSecret(account: string): Promise<void>;
+/** Keychain account names for each stored secret. */
+export declare const ACCOUNTS: {
+    readonly ED25519_PRIVATE: "device-ed25519-private";
+    readonly ED25519_PUBLIC: "device-ed25519-public";
+    readonly X25519_PRIVATE: "device-x25519-private";
+    readonly X25519_PUBLIC: "device-x25519-public";
+    readonly WRAPPED_AMK: "wrapped-amk";
+    readonly WRAPPED_AMK_SALT: "wrapped-amk-salt";
+    readonly WRAPPED_AMK_IV: "wrapped-amk-iv";
+    readonly WRAPPED_AMK_TAG: "wrapped-amk-tag";
+    readonly REFRESH_TOKEN: "refresh-token";
+    readonly MANAGED_UNLOCK_PASSPHRASE: "managed-unlock-passphrase";
+    readonly PENDING_SETUP_ED25519_PRIVATE: "pending-setup-device-ed25519-private";
+    readonly PENDING_SETUP_ED25519_PUBLIC: "pending-setup-device-ed25519-public";
+    readonly PENDING_SETUP_X25519_PRIVATE: "pending-setup-device-x25519-private";
+    readonly PENDING_SETUP_X25519_PUBLIC: "pending-setup-device-x25519-public";
+    readonly PENDING_SETUP_REFRESH_TOKEN: "pending-setup-refresh-token";
+};
+export declare function clearStoredSecrets(): Promise<void>;
+export declare function clearPendingSetupSecrets(): Promise<void>;

package/dist/src/store/keychain.js

@@ -0,0 +1,151 @@
+import { chmod, mkdir, readFile, rename, writeFile } from "node:fs/promises";
+import { dirname, join } from "node:path";
+import { KEYCHAIN_SERVICE, resolveStateRoot } from "../constants.js";
+export const INSECURE_FILE_KEYCHAIN_ENV = "MEMBOX_ALLOW_INSECURE_FILE_KEYCHAIN";
+const DISABLE_KEYTAR_ENV = "MEMBOX_DISABLE_KEYTAR";
+let keytarPromise = null;
+let warnedAboutInsecureFallback = false;
+function toB64(d) {
+    return Buffer.from(d).toString("base64");
+}
+function fromB64(s) {
+    return new Uint8Array(Buffer.from(s, "base64"));
+}
+function fallbackPath() {
+    return join(resolveStateRoot(), "secrets.json");
+}
+async function readFallbackSecrets() {
+    try {
+        const raw = await readFile(fallbackPath(), "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}
+async function writeFallbackSecrets(secrets) {
+    const path = fallbackPath();
+    await mkdir(dirname(path), { recursive: true });
+    const tmp = path + ".tmp." + Date.now();
+    await writeFile(tmp, JSON.stringify(secrets, null, 2), { mode: 0o600 });
+    await rename(tmp, path);
+    await chmod(path, 0o600).catch(() => { });
+}
+function allowInsecureFileKeychain() {
+    return process.env[INSECURE_FILE_KEYCHAIN_ENV] === "1";
+}
+function ensureInsecureFallbackAllowed() {
+    if (allowInsecureFileKeychain()) {
+        if (!warnedAboutInsecureFallback) {
+            warnedAboutInsecureFallback = true;
+            console.warn(`[membox] keytar unavailable; using plaintext file fallback at ${fallbackPath()}. ` +
+                `This is for local development only.`);
+        }
+        return;
+    }
+    throw new Error("Secure keychain unavailable. Install keytar support for this platform, " +
+        `or set ${INSECURE_FILE_KEYCHAIN_ENV}=1 to opt into plaintext ~/.membox/secrets.json storage for local development.`);
+}
+async function loadKeytar() {
+    if (process.env[DISABLE_KEYTAR_ENV] === "1") {
+        return null;
+    }
+    if (!keytarPromise) {
+        keytarPromise = import("keytar")
+            .then((mod) => (mod.default ?? mod))
+            .catch(() => null);
+    }
+    return keytarPromise;
+}
+async function storeSecret(account, value) {
+    const keytar = await loadKeytar();
+    if (keytar) {
+        await keytar.setPassword(KEYCHAIN_SERVICE, account, value);
+        return;
+    }
+    ensureInsecureFallbackAllowed();
+    const secrets = await readFallbackSecrets();
+    secrets[account] = value;
+    await writeFallbackSecrets(secrets);
+}
+async function getSecret(account) {
+    const keytar = await loadKeytar();
+    if (keytar) {
+        return keytar.getPassword(KEYCHAIN_SERVICE, account);
+    }
+    ensureInsecureFallbackAllowed();
+    const secrets = await readFallbackSecrets();
+    return secrets[account] ?? null;
+}
+export async function storeBytes(account, data) {
+    await storeSecret(account, toB64(data));
+}
+export async function getBytes(account) {
+    const val = await getSecret(account);
+    return val ? fromB64(val) : null;
+}
+export async function storeString(account, value) {
+    await storeSecret(account, value);
+}
+export async function getString(account) {
+    return getSecret(account);
+}
+export async function deleteSecret(account) {
+    const keytar = await loadKeytar();
+    if (keytar) {
+        await keytar.deletePassword(KEYCHAIN_SERVICE, account);
+        return;
+    }
+    ensureInsecureFallbackAllowed();
+    const secrets = await readFallbackSecrets();
+    if (!(account in secrets)) {
+        return;
+    }
+    delete secrets[account];
+    await writeFallbackSecrets(secrets);
+}
+/** Keychain account names for each stored secret. */
+export const ACCOUNTS = {
+    ED25519_PRIVATE: "device-ed25519-private",
+    ED25519_PUBLIC: "device-ed25519-public",
+    X25519_PRIVATE: "device-x25519-private",
+    X25519_PUBLIC: "device-x25519-public",
+    WRAPPED_AMK: "wrapped-amk",
+    WRAPPED_AMK_SALT: "wrapped-amk-salt",
+    WRAPPED_AMK_IV: "wrapped-amk-iv",
+    WRAPPED_AMK_TAG: "wrapped-amk-tag",
+    REFRESH_TOKEN: "refresh-token",
+    MANAGED_UNLOCK_PASSPHRASE: "managed-unlock-passphrase",
+    PENDING_SETUP_ED25519_PRIVATE: "pending-setup-device-ed25519-private",
+    PENDING_SETUP_ED25519_PUBLIC: "pending-setup-device-ed25519-public",
+    PENDING_SETUP_X25519_PRIVATE: "pending-setup-device-x25519-private",
+    PENDING_SETUP_X25519_PUBLIC: "pending-setup-device-x25519-public",
+    PENDING_SETUP_REFRESH_TOKEN: "pending-setup-refresh-token",
+};
+export async function clearStoredSecrets() {
+    await Promise.allSettled([
+        ACCOUNTS.ED25519_PRIVATE,
+        ACCOUNTS.ED25519_PUBLIC,
+        ACCOUNTS.X25519_PRIVATE,
+        ACCOUNTS.X25519_PUBLIC,
+        ACCOUNTS.WRAPPED_AMK,
+        ACCOUNTS.WRAPPED_AMK_SALT,
+        ACCOUNTS.WRAPPED_AMK_IV,
+        ACCOUNTS.WRAPPED_AMK_TAG,
+        ACCOUNTS.REFRESH_TOKEN,
+        ACCOUNTS.MANAGED_UNLOCK_PASSPHRASE,
+    ].map(async (account) => {
+        await deleteSecret(account);
+    }));
+}
+export async function clearPendingSetupSecrets() {
+    await Promise.allSettled([
+        ACCOUNTS.PENDING_SETUP_ED25519_PRIVATE,
+        ACCOUNTS.PENDING_SETUP_ED25519_PUBLIC,
+        ACCOUNTS.PENDING_SETUP_X25519_PRIVATE,
+        ACCOUNTS.PENDING_SETUP_X25519_PUBLIC,
+        ACCOUNTS.PENDING_SETUP_REFRESH_TOKEN,
+    ].map(async (account) => {
+        await deleteSecret(account);
+    }));
+}

package/dist/src/store/local-state.d.ts

@@ -0,0 +1,27 @@
+export interface FileVersionEntry {
+    object_id: string;
+    version: number;
+    content_sha256: string;
+}
+export interface LocalState {
+    server_url: string;
+    device_id: string;
+    device_name: string;
+    user_id: string;
+    sync_cursor: number;
+    file_versions: Record<string, FileVersionEntry>;
+    setup_complete: boolean;
+    sync_paused: boolean;
+    managed_unlock_enabled: boolean;
+    last_sync_at?: string;
+}
+export declare function readState(): Promise<LocalState | null>;
+/** Write state atomically (write to tmp, then rename). */
+export declare function writeState(state: LocalState): Promise<void>;
+export declare function deleteState(): Promise<void>;
+export declare function createInitialState(params: {
+    serverUrl: string;
+    deviceId: string;
+    deviceName: string;
+    userId: string;
+}): LocalState;

package/dist/src/store/local-state.js

@@ -0,0 +1,47 @@
+import { readFile, writeFile, mkdir, rename, unlink } from "node:fs/promises";
+import { join, dirname } from "node:path";
+import { STATE_FILE, resolveStateRoot } from "../constants.js";
+function statePath() {
+    return join(resolveStateRoot(), STATE_FILE);
+}
+export async function readState() {
+    try {
+        const raw = await readFile(statePath(), "utf-8");
+        const parsed = JSON.parse(raw);
+        // Backward compat: default sync_paused for pre-V1 state files
+        if (parsed.sync_paused === undefined) {
+            parsed.sync_paused = false;
+        }
+        if (parsed.managed_unlock_enabled === undefined) {
+            parsed.managed_unlock_enabled = false;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+/** Write state atomically (write to tmp, then rename). */
+export async function writeState(state) {
+    const p = statePath();
+    await mkdir(dirname(p), { recursive: true });
+    const tmp = p + ".tmp." + Date.now();
+    await writeFile(tmp, JSON.stringify(state, null, 2));
+    await rename(tmp, p);
+}
+export async function deleteState() {
+    await unlink(statePath()).catch(() => { });
+}
+export function createInitialState(params) {
+    return {
+        server_url: params.serverUrl,
+        device_id: params.deviceId,
+        device_name: params.deviceName,
+        user_id: params.userId,
+        sync_cursor: 0,
+        file_versions: {},
+        setup_complete: true,
+        sync_paused: false,
+        managed_unlock_enabled: false,
+    };
+}

package/dist/src/store/managed-unlock.d.ts

@@ -0,0 +1,8 @@
+export interface ManagedUnlockStatus {
+    enabled: boolean;
+    secret_present: boolean;
+}
+export declare function getManagedUnlockStatus(): Promise<ManagedUnlockStatus>;
+export declare function getManagedUnlockPassphrase(): Promise<string | null>;
+export declare function enableManagedUnlock(passphrase: string): Promise<void>;
+export declare function disableManagedUnlock(): Promise<void>;

package/dist/src/store/managed-unlock.js

@@ -0,0 +1,46 @@
+import { ACCOUNTS, deleteSecret, getString, storeString, } from "./keychain.js";
+import { readState, writeState } from "./local-state.js";
+async function requireSetupState() {
+    const state = await readState();
+    if (!state?.setup_complete) {
+        throw new Error("Vault not set up. Complete `openclaw membox setup` before enabling managed unlock.");
+    }
+    return state;
+}
+export async function getManagedUnlockStatus() {
+    const state = await readState();
+    if (!state?.setup_complete) {
+        return {
+            enabled: false,
+            secret_present: false,
+        };
+    }
+    const secret = await getString(ACCOUNTS.MANAGED_UNLOCK_PASSPHRASE);
+    return {
+        enabled: state.managed_unlock_enabled === true,
+        secret_present: !!secret,
+    };
+}
+export async function getManagedUnlockPassphrase() {
+    const status = await getManagedUnlockStatus();
+    if (!status.enabled) {
+        return null;
+    }
+    return getString(ACCOUNTS.MANAGED_UNLOCK_PASSPHRASE);
+}
+export async function enableManagedUnlock(passphrase) {
+    const state = await requireSetupState();
+    await storeString(ACCOUNTS.MANAGED_UNLOCK_PASSPHRASE, passphrase);
+    if (!state.managed_unlock_enabled) {
+        state.managed_unlock_enabled = true;
+        await writeState(state);
+    }
+}
+export async function disableManagedUnlock() {
+    const state = await readState();
+    await deleteSecret(ACCOUNTS.MANAGED_UNLOCK_PASSPHRASE).catch(() => { });
+    if (state?.setup_complete && state.managed_unlock_enabled) {
+        state.managed_unlock_enabled = false;
+        await writeState(state);
+    }
+}

package/dist/src/store/pending-setup.d.ts

@@ -0,0 +1,23 @@
+import type { Platform } from "../contract-types.js";
+export type PendingSetupStatus = "pending" | "authorized";
+export interface PendingSetupState {
+    status: PendingSetupStatus;
+    server_url: string;
+    device_name: string;
+    platform: Platform;
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    interval_seconds: number;
+    expires_at: string;
+    started_at: string;
+    authorized_at?: string;
+    device_id?: string;
+    user_id?: string;
+    account_label?: string | null;
+}
+export declare function readPendingSetup(): Promise<PendingSetupState | null>;
+export declare function writePendingSetup(state: PendingSetupState): Promise<void>;
+export declare function deletePendingSetup(): Promise<void>;
+export declare function isPendingSetupExpired(state: Pick<PendingSetupState, "status" | "expires_at">): boolean;

package/dist/src/store/pending-setup.js

@@ -0,0 +1,32 @@
+import { readFile, writeFile, mkdir, rename, unlink } from "node:fs/promises";
+import { join, dirname } from "node:path";
+import { PENDING_SETUP_FILE, resolveStateRoot } from "../constants.js";
+function pendingSetupPath() {
+    return join(resolveStateRoot(), PENDING_SETUP_FILE);
+}
+export async function readPendingSetup() {
+    try {
+        const raw = await readFile(pendingSetupPath(), "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export async function writePendingSetup(state) {
+    const path = pendingSetupPath();
+    await mkdir(dirname(path), { recursive: true });
+    const tmp = `${path}.tmp.${Date.now()}`;
+    await writeFile(tmp, JSON.stringify(state, null, 2));
+    await rename(tmp, path);
+}
+export async function deletePendingSetup() {
+    await unlink(pendingSetupPath()).catch(() => { });
+}
+export function isPendingSetupExpired(state) {
+    if (state.status !== "pending") {
+        return false;
+    }
+    const expiresAt = Date.parse(state.expires_at);
+    return Number.isFinite(expiresAt) && expiresAt <= Date.now();
+}

package/dist/src/store/session.d.ts

@@ -0,0 +1,13 @@
+/**
+ * In-memory vault session holding the unlocked AMK.
+ * Exists for the lifetime of the gateway process.
+ */
+export declare class VaultSession {
+    private amk;
+    isUnlocked(): boolean;
+    getAMK(): Uint8Array;
+    unlock(amk: Uint8Array): void;
+    lock(): void;
+}
+/** Singleton session for the gateway process. */
+export declare const vaultSession: VaultSession;

package/dist/src/store/session.js

@@ -0,0 +1,28 @@
+/**
+ * In-memory vault session holding the unlocked AMK.
+ * Exists for the lifetime of the gateway process.
+ */
+export class VaultSession {
+    amk = null;
+    isUnlocked() {
+        return this.amk !== null;
+    }
+    getAMK() {
+        if (!this.amk) {
+            throw new Error("Vault is locked. Run `openclaw membox unlock` first.");
+        }
+        return this.amk;
+    }
+    unlock(amk) {
+        // Store a copy so the caller can zero their original
+        this.amk = new Uint8Array(amk);
+    }
+    lock() {
+        if (this.amk) {
+            this.amk.fill(0);
+            this.amk = null;
+        }
+    }
+}
+/** Singleton session for the gateway process. */
+export const vaultSession = new VaultSession();

package/dist/src/sync/auto-sync.d.ts

@@ -0,0 +1,12 @@
+export declare class AutoSyncService {
+    private workspaceDir;
+    private watchers;
+    private debounceTimer;
+    private running;
+    constructor(workspaceDir: string);
+    start(): void;
+    stop(): void;
+    triggerNow(): void;
+    private onFileChange;
+    private executeSync;
+}

package/dist/src/sync/auto-sync.js

@@ -0,0 +1,82 @@
+import { watch } from "node:fs";
+import { join } from "node:path";
+import { readState } from "../store/local-state.js";
+import { vaultSession } from "../store/session.js";
+const DEBOUNCE_MS = 3000;
+export class AutoSyncService {
+    workspaceDir;
+    watchers = [];
+    debounceTimer;
+    running = false;
+    constructor(workspaceDir) {
+        this.workspaceDir = workspaceDir;
+    }
+    start() {
+        if (this.running)
+            return;
+        this.running = true;
+        // Watch MEMORY.md
+        try {
+            const memoryPath = join(this.workspaceDir, "MEMORY.md");
+            const w = watch(memoryPath, () => this.onFileChange());
+            this.watchers.push(w);
+        }
+        catch {
+            // File may not exist yet
+        }
+        // Watch memory/ directory
+        try {
+            const memoryDir = join(this.workspaceDir, "memory");
+            const w = watch(memoryDir, { recursive: true }, () => this.onFileChange());
+            this.watchers.push(w);
+        }
+        catch {
+            // Directory may not exist yet
+        }
+        console.log("[membox] Auto-sync started.");
+    }
+    stop() {
+        if (!this.running)
+            return;
+        this.running = false;
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+            this.debounceTimer = undefined;
+        }
+        for (const w of this.watchers) {
+            w.close();
+        }
+        this.watchers = [];
+        console.log("[membox] Auto-sync stopped.");
+    }
+    triggerNow() {
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+            this.debounceTimer = undefined;
+        }
+        this.executeSync();
+    }
+    onFileChange() {
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+        }
+        this.debounceTimer = setTimeout(() => {
+            this.debounceTimer = undefined;
+            this.executeSync();
+        }, DEBOUNCE_MS);
+    }
+    async executeSync() {
+        try {
+            const state = await readState();
+            if (!state?.setup_complete || state.sync_paused)
+                return;
+            if (!vaultSession.isUnlocked())
+                return;
+            const { syncAction } = await import("../cli/sync.js");
+            await syncAction({ onConflict: "conflict-copy" });
+        }
+        catch (err) {
+            console.warn("[membox] Auto-sync error:", err instanceof Error ? err.message : err);
+        }
+    }
+}

package/dist/src/sync/conflict.d.ts

@@ -0,0 +1,24 @@
+import type { MemboxApiClient } from "../api/client.js";
+import type { ScannedFile } from "./scanner.js";
+import type { FileVersionEntry } from "../store/local-state.js";
+export type ConflictStrategy = "local-wins" | "remote-wins" | "conflict-copy";
+export interface ConflictItem {
+    logicalPath: string;
+    objectId: string;
+    localFile?: ScannedFile;
+    existingVersion?: number;
+}
+export interface ConflictResult {
+    /** If set, the caller should persist this file version update. */
+    fileVersionUpdate?: {
+        path: string;
+        entry: FileVersionEntry;
+    };
+}
+export declare function resolveConflict(item: ConflictItem, strategy: ConflictStrategy, params: {
+    amk: Uint8Array;
+    client: MemboxApiClient;
+    userId: string;
+    deviceId: string;
+    workspaceDir: string;
+}): Promise<ConflictResult>;

package/dist/src/sync/conflict.js

@@ -0,0 +1,92 @@
+import { writeFile, mkdir, rename } from "node:fs/promises";
+import { resolve, dirname, relative, isAbsolute } from "node:path";
+import { downloadAndDecrypt } from "./downloader.js";
+import { uploadFile } from "./uploader.js";
+import { computeSha256Hex } from "../crypto/manifest.js";
+function isSafePath(base, logicalPath) {
+    const resolved = resolve(base, logicalPath);
+    const rel = relative(base, resolved);
+    return !rel.startsWith("..") && !isAbsolute(rel);
+}
+function conflictCopyPath(logicalPath) {
+    return logicalPath.replace(/\.md$/, ".conflict.md");
+}
+export async function resolveConflict(item, strategy, params) {
+    switch (strategy) {
+        case "local-wins": {
+            if (!item.localFile) {
+                console.log(`  Skip conflict for ${item.logicalPath}: no local file.`);
+                return {};
+            }
+            console.log(`  Conflict ${item.logicalPath}: keeping local, uploading to remote.`);
+            const result = await uploadFile({
+                amk: params.amk,
+                content: item.localFile.content,
+                logicalPath: item.logicalPath,
+                fileKind: item.localFile.fileKind,
+                userId: params.userId,
+                deviceId: params.deviceId,
+                objectId: item.objectId,
+                objectVersion: item.existingVersion,
+                client: params.client,
+            });
+            return {
+                fileVersionUpdate: {
+                    path: item.logicalPath,
+                    entry: {
+                        object_id: result.objectId,
+                        version: result.version,
+                        content_sha256: item.localFile.sha256,
+                    },
+                },
+            };
+        }
+        case "remote-wins": {
+            console.log(`  Conflict ${item.logicalPath}: downloading remote version.`);
+            const result = await downloadAndDecrypt({
+                amk: params.amk,
+                objectId: item.objectId,
+                client: params.client,
+            });
+            if (!isSafePath(params.workspaceDir, result.logicalPath)) {
+                console.log(`  Skipping unsafe path: ${result.logicalPath}`);
+                return {};
+            }
+            const outPath = resolve(params.workspaceDir, result.logicalPath);
+            await mkdir(dirname(outPath), { recursive: true });
+            const tmp = outPath + ".tmp." + Date.now();
+            await writeFile(tmp, result.content);
+            await rename(tmp, outPath);
+            return {
+                fileVersionUpdate: {
+                    path: result.logicalPath,
+                    entry: {
+                        object_id: item.objectId,
+                        version: result.version,
+                        content_sha256: computeSha256Hex(result.content),
+                    },
+                },
+            };
+        }
+        case "conflict-copy": {
+            console.log(`  Conflict ${item.logicalPath}: saving remote as conflict copy.`);
+            const result = await downloadAndDecrypt({
+                amk: params.amk,
+                objectId: item.objectId,
+                client: params.client,
+            });
+            const copyPath = conflictCopyPath(result.logicalPath);
+            if (!isSafePath(params.workspaceDir, copyPath)) {
+                console.log(`  Skipping unsafe path: ${copyPath}`);
+                return {};
+            }
+            const outPath = resolve(params.workspaceDir, copyPath);
+            await mkdir(dirname(outPath), { recursive: true });
+            const tmp = outPath + ".tmp." + Date.now();
+            await writeFile(tmp, result.content);
+            await rename(tmp, outPath);
+            console.log(`  -> ${copyPath} (merge manually, then delete)`);
+            return {};
+        }
+    }
+}

package/dist/src/sync/diff.d.ts

@@ -0,0 +1,25 @@
+import type { ChangeItem } from "../contract-types.js";
+import type { LocalState } from "../store/local-state.js";
+import type { ScannedFile } from "./scanner.js";
+export interface SyncDiff {
+    toUpload: Array<{
+        logicalPath: string;
+        file: ScannedFile;
+        existingObjectId?: string;
+        existingVersion?: number;
+    }>;
+    toDownload: Array<{
+        objectId: string;
+        version: number;
+        changeType: "upsert" | "delete";
+    }>;
+    conflicts: Array<{
+        logicalPath: string;
+        objectId: string;
+    }>;
+}
+/**
+ * Compute the diff between local files and remote changes.
+ * V0.1: conflicts (both sides changed) are flagged and skipped.
+ */
+export declare function computeSyncDiff(localFiles: Map<string, ScannedFile>, remoteChanges: ChangeItem[], state: LocalState): SyncDiff;