npm - @merklevault/core - Versions diffs - 0.1.0 - Mend

@merklevault/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,2028 @@
+// src/merklevault.ts
+import { EventEmitter as EventEmitter2 } from "events";
+import { readFileSync, mkdirSync as mkdirSync3, existsSync as existsSync3 } from "fs";
+import path3 from "path";
+// ../daemon/kubo-manager.ts
+import { spawn } from "child_process";
+import { existsSync, mkdirSync } from "fs";
+import path from "path";
+import { EventEmitter } from "events";
+var KuboManager = class extends EventEmitter {
+  process = null;
+  config;
+  apiPort;
+  crashTimestamps = [];
+  heartbeatInterval = null;
+  isShuttingDown = false;
+  _ready = false;
+  constructor(config) {
+    super();
+    this.config = config;
+    this.apiPort = config.apiPort ?? 5001;
+  }
+  get ready() {
+    return this._ready;
+  }
+  get apiUrl() {
+    return `http://127.0.0.1:${this.apiPort}`;
+  }
+  get pid() {
+    return this.process?.pid ?? null;
+  }
+  /**
+   * Initialise le repo IPFS si inexistant, puis lance Kubo
+   */
+  async start() {
+    if (!existsSync(this.config.repoPath)) {
+      mkdirSync(this.config.repoPath, { recursive: true });
+    }
+    if (!existsSync(path.join(this.config.repoPath, "config"))) {
+      await this.initRepo();
+    }
+    await this.configureRepo();
+    await this.spawnDaemon();
+    this.startHeartbeat();
+  }
+  /**
+   * Arrêt propre : SIGTERM + timeout 30s
+   */
+  async stop() {
+    this.isShuttingDown = true;
+    if (this.heartbeatInterval) {
+      clearInterval(this.heartbeatInterval);
+      this.heartbeatInterval = null;
+    }
+    if (!this.process) return;
+    return new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        this.process?.kill("SIGKILL");
+        resolve();
+      }, 3e4);
+      this.process.on("exit", () => {
+        clearTimeout(timeout);
+        this.process = null;
+        this._ready = false;
+        resolve();
+      });
+      this.process.kill("SIGTERM");
+    });
+  }
+  /**
+   * ipfs init avec profil lowpower
+   */
+  async initRepo() {
+    return new Promise((resolve, reject) => {
+      const proc = spawn(this.config.kuboBinaryPath, ["init", "--profile=lowpower"], {
+        env: { ...process.env, IPFS_PATH: this.config.repoPath },
+        stdio: "pipe"
+      });
+      let stderr = "";
+      proc.stderr?.on("data", (d) => {
+        stderr += d.toString();
+      });
+      proc.on("exit", (code) => {
+        if (code === 0) resolve();
+        else reject(new Error(`ipfs init failed (code ${code}): ${stderr}`));
+      });
+    });
+  }
+  /**
+   * Configure le repo pour MerkleVault :
+   * - API sur 127.0.0.1:port
+   * - Gateway désactivée
+   * - Routing dhtclient
+   * - Swarm limits bas
+   */
+  async configureRepo() {
+    const stringConfigs = [
+      ["Addresses.API", `/ip4/127.0.0.1/tcp/${this.apiPort}`],
+      ["Addresses.Gateway", ""],
+      ["Routing.Type", "dhtclient"],
+      ["Reprovider.Interval", "0s"]
+    ];
+    const jsonConfigs = [
+      ["Swarm.ConnMgr.LowWater", "20"],
+      ["Swarm.ConnMgr.HighWater", "40"]
+    ];
+    for (const [key, value] of stringConfigs) {
+      await this.runIpfsCommand(["config", key, value]);
+    }
+    for (const [key, value] of jsonConfigs) {
+      await this.runIpfsCommand(["config", key, value, "--json"]);
+    }
+  }
+  async runIpfsCommand(args) {
+    return new Promise((resolve, reject) => {
+      const proc = spawn(this.config.kuboBinaryPath, args, {
+        env: { ...process.env, IPFS_PATH: this.config.repoPath },
+        stdio: "pipe"
+      });
+      let stdout = "";
+      let stderr = "";
+      proc.stdout?.on("data", (d) => {
+        stdout += d.toString();
+      });
+      proc.stderr?.on("data", (d) => {
+        stderr += d.toString();
+      });
+      proc.on("exit", (code) => {
+        if (code === 0) resolve(stdout.trim());
+        else reject(new Error(`ipfs ${args[0]} failed: ${stderr}`));
+      });
+    });
+  }
+  /**
+   * Lance le daemon Kubo en subprocess
+   */
+  async spawnDaemon() {
+    return new Promise((resolve, reject) => {
+      const proc = spawn(this.config.kuboBinaryPath, ["daemon", "--migrate"], {
+        env: { ...process.env, IPFS_PATH: this.config.repoPath },
+        stdio: "pipe"
+      });
+      this.process = proc;
+      let resolved = false;
+      proc.stdout?.on("data", (data) => {
+        const line = data.toString();
+        this.emit("log", line.trim());
+        if (!resolved && line.includes("Daemon is ready")) {
+          resolved = true;
+          this._ready = true;
+          this.emit("ready");
+          resolve();
+        }
+      });
+      proc.stderr?.on("data", (data) => {
+        this.emit("log", `[stderr] ${data.toString().trim()}`);
+      });
+      proc.on("exit", (code, signal) => {
+        this._ready = false;
+        this.process = null;
+        if (!resolved) {
+          reject(new Error(`Kubo exited before ready (code=${code}, signal=${signal})`));
+          return;
+        }
+        if (!this.isShuttingDown) {
+          this.emit("crash", { code, signal });
+          this.handleCrash();
+        }
+      });
+      proc.on("error", (err) => {
+        if (!resolved) reject(err);
+      });
+      setTimeout(() => {
+        if (!resolved) {
+          resolved = true;
+          proc.kill("SIGKILL");
+          reject(new Error("Kubo startup timeout (30s)"));
+        }
+      }, 3e4);
+    });
+  }
+  /**
+   * Restart auto avec protection anti-boucle (max 3 en 60s)
+   */
+  async handleCrash() {
+    const now = Date.now();
+    this.crashTimestamps.push(now);
+    this.crashTimestamps = this.crashTimestamps.filter((t) => now - t < 6e4);
+    if (this.crashTimestamps.length > 3) {
+      this.emit("fatal", "Kubo crashed 3+ times in 60s, giving up");
+      return;
+    }
+    this.emit("restarting");
+    await new Promise((r) => setTimeout(r, 2e3));
+    if (!this.isShuttingDown) {
+      try {
+        await this.spawnDaemon();
+        this.emit("ready");
+      } catch (err) {
+        this.emit("fatal", `Kubo restart failed: ${err}`);
+      }
+    }
+  }
+  /**
+   * Heartbeat toutes les 30s sur /api/v0/id
+   */
+  startHeartbeat() {
+    this.heartbeatInterval = setInterval(async () => {
+      if (!this._ready || this.isShuttingDown) return;
+      try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5e3);
+        const res = await fetch(`${this.apiUrl}/api/v0/id`, {
+          method: "POST",
+          signal: controller.signal
+        });
+        clearTimeout(timeout);
+        if (!res.ok) {
+          this.emit("unhealthy", `Kubo returned ${res.status}`);
+        }
+      } catch {
+        this.emit("unhealthy", "Kubo heartbeat failed");
+      }
+    }, 3e4);
+  }
+};
+// ../daemon/database.ts
+import BetterSqlite3 from "better-sqlite3";
+import path2 from "path";
+import { mkdirSync as mkdirSync2, existsSync as existsSync2 } from "fs";
+var Database = class {
+  db;
+  constructor(dataDir) {
+    if (!existsSync2(dataDir)) {
+      mkdirSync2(dataDir, { recursive: true });
+    }
+    const dbPath = path2.join(dataDir, "merklevault.db");
+    this.db = new BetterSqlite3(dbPath);
+    this.db.pragma("journal_mode = WAL");
+    this.db.pragma("synchronous = NORMAL");
+    this.db.pragma("foreign_keys = ON");
+    this.db.pragma("temp_store = MEMORY");
+    this.db.pragma("mmap_size = 268435456");
+    this.db.pragma("cache_size = -64000");
+    this.db.pragma("busy_timeout = 5000");
+    this.migrate();
+  }
+  /**
+   * Applique le schéma initial (migration 001)
+   */
+  migrate() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS settings (
+        key        TEXT PRIMARY KEY,
+        value      TEXT NOT NULL,
+        updated_at INTEGER NOT NULL
+      );
+    `);
+    const version = this.getSetting("schema_version");
+    if (!version) {
+      this.migration001();
+      this.setSetting("schema_version", "1");
+    }
+    const currentVersion = parseInt(this.getSetting("schema_version") ?? "0", 10);
+    if (currentVersion < 2) {
+      this.migration002();
+      this.setSetting("schema_version", "2");
+    }
+    if (parseInt(this.getSetting("schema_version") ?? "0", 10) < 3) {
+      this.migration003();
+      this.setSetting("schema_version", "3");
+    }
+  }
+  migration001() {
+    this.db.exec(`
+      -- Table nodes : structure logique du filesystem
+      CREATE TABLE IF NOT EXISTS nodes (
+        id                 INTEGER PRIMARY KEY AUTOINCREMENT,
+        parent_id          INTEGER REFERENCES nodes(id) ON DELETE RESTRICT,
+        name               TEXT NOT NULL,
+        kind               TEXT NOT NULL CHECK (kind IN ('file', 'folder')),
+        created_at         INTEGER NOT NULL,
+        modified_at        INTEGER NOT NULL,
+        deleted_at         INTEGER,
+        current_version_id INTEGER REFERENCES file_versions(id),
+        UNIQUE (parent_id, name, deleted_at)
+      );
+      CREATE INDEX IF NOT EXISTS idx_nodes_parent ON nodes(parent_id) WHERE deleted_at IS NULL;
+      CREATE INDEX IF NOT EXISTS idx_nodes_name   ON nodes(name)      WHERE deleted_at IS NULL;
+      -- Table file_versions : versions des fichiers
+      CREATE TABLE IF NOT EXISTS file_versions (
+        id              INTEGER PRIMARY KEY AUTOINCREMENT,
+        node_id         INTEGER NOT NULL REFERENCES nodes(id) ON DELETE RESTRICT,
+        cid             TEXT NOT NULL,
+        size_bytes      INTEGER NOT NULL,
+        sha256_plain    TEXT,
+        created_at      INTEGER NOT NULL,
+        enc_algo        TEXT NOT NULL DEFAULT 'none',
+        enc_key_wrapped BLOB,
+        enc_key_nonce   BLOB,
+        enc_data_nonce  BLOB,
+        is_pinned       INTEGER NOT NULL DEFAULT 1,
+        UNIQUE (node_id, cid)
+      );
+      CREATE INDEX IF NOT EXISTS idx_versions_node    ON file_versions(node_id);
+      CREATE INDEX IF NOT EXISTS idx_versions_cid     ON file_versions(cid);
+      CREATE INDEX IF NOT EXISTS idx_versions_created ON file_versions(created_at);
+      -- Table cid_refcount : compteur de r\xE9f\xE9rences par CID
+      CREATE TABLE IF NOT EXISTS cid_refcount (
+        cid             TEXT PRIMARY KEY,
+        ref_count       INTEGER NOT NULL DEFAULT 0,
+        first_seen_at   INTEGER NOT NULL,
+        last_seen_at    INTEGER NOT NULL
+      );
+      -- Triggers pour maintenir le refcount automatiquement
+      CREATE TRIGGER IF NOT EXISTS trg_refcount_insert
+      AFTER INSERT ON file_versions
+      BEGIN
+        INSERT INTO cid_refcount (cid, ref_count, first_seen_at, last_seen_at)
+        VALUES (NEW.cid, 1, NEW.created_at, NEW.created_at)
+        ON CONFLICT(cid) DO UPDATE SET
+          ref_count    = ref_count + 1,
+          last_seen_at = NEW.created_at;
+      END;
+      CREATE TRIGGER IF NOT EXISTS trg_refcount_delete
+      AFTER DELETE ON file_versions
+      BEGIN
+        UPDATE cid_refcount SET ref_count = ref_count - 1 WHERE cid = OLD.cid;
+      END;
+      -- Table pending_operations : file d'attente des op\xE9rations async
+      CREATE TABLE IF NOT EXISTS pending_operations (
+        id             INTEGER PRIMARY KEY AUTOINCREMENT,
+        op_type        TEXT NOT NULL,
+        op_payload     TEXT NOT NULL,
+        status         TEXT NOT NULL DEFAULT 'pending',
+        attempts       INTEGER NOT NULL DEFAULT 0,
+        last_error     TEXT,
+        created_at     INTEGER NOT NULL,
+        updated_at     INTEGER NOT NULL,
+        scheduled_for  INTEGER
+      );
+      CREATE INDEX IF NOT EXISTS idx_ops_status ON pending_operations(status, scheduled_for);
+      -- Table anchor_jobs : r\xE9serv\xE9e V2 (ancrage blockchain)
+      CREATE TABLE IF NOT EXISTS anchor_jobs (
+        id            INTEGER PRIMARY KEY AUTOINCREMENT,
+        merkle_root   TEXT NOT NULL,
+        file_cids     TEXT NOT NULL,
+        anchor_target TEXT NOT NULL,
+        tx_hash       TEXT,
+        block_height  INTEGER,
+        anchored_at   INTEGER,
+        status        TEXT NOT NULL DEFAULT 'pending',
+        proof_blob    BLOB
+      );
+      -- Recherche plein texte sur noms
+      CREATE VIRTUAL TABLE IF NOT EXISTS fts_nodes USING fts5(
+        name, path, content='', tokenize='unicode61'
+      );
+      -- Journal GC
+      CREATE TABLE IF NOT EXISTS gc_audit_log (
+        id          INTEGER PRIMARY KEY AUTOINCREMENT,
+        op_type     TEXT NOT NULL,
+        target      TEXT,
+        details     TEXT,
+        executed_at INTEGER NOT NULL
+      );
+      CREATE INDEX IF NOT EXISTS idx_audit_executed ON gc_audit_log(executed_at);
+      -- Cr\xE9er le noeud racine "Accueil"
+      INSERT INTO nodes (parent_id, name, kind, created_at, modified_at)
+      VALUES (NULL, 'Accueil', 'folder', unixepoch(), unixepoch());
+    `);
+  }
+  /**
+   * Migration 002 — Sprint 2 : table vault_config pour le chiffrement
+   */
+  migration002() {
+    this.db.exec(`
+      -- Table vault_config : configuration cryptographique du vault
+      CREATE TABLE IF NOT EXISTS vault_config (
+        key        TEXT PRIMARY KEY,
+        value      TEXT NOT NULL,
+        updated_at INTEGER NOT NULL
+      );
+    `);
+  }
+  /**
+   * Migration 003 — Sprint 3 : colonnes cloud sync + settings Pinata
+   */
+  migration003() {
+    this.db.exec(`
+      -- Ajouter les colonnes cloud \xE0 file_versions
+      ALTER TABLE file_versions ADD COLUMN provider TEXT NOT NULL DEFAULT 'local';
+      ALTER TABLE file_versions ADD COLUMN pinata_cid TEXT;
+      ALTER TABLE file_versions ADD COLUMN sync_status TEXT NOT NULL DEFAULT 'none';
+      -- Index pour requ\xEAtes de sync
+      CREATE INDEX IF NOT EXISTS idx_fv_sync_status ON file_versions(sync_status) WHERE sync_status != 'none';
+      CREATE INDEX IF NOT EXISTS idx_fv_provider ON file_versions(provider);
+    `);
+    console.log("[database] Migration 003 applied \u2014 cloud sync columns added");
+  }
+  // ─── Cloud Sync (Sprint 3) ───────────────────────────────────
+  /**
+   * Met à jour le statut de sync d'une version de fichier
+   */
+  updateSyncStatus(versionId, status, pinataCid) {
+    if (pinataCid) {
+      this.db.prepare(
+        "UPDATE file_versions SET sync_status = ?, provider = ?, pinata_cid = ? WHERE id = ?"
+      ).run(status, "pinata", pinataCid, versionId);
+    } else {
+      this.db.prepare(
+        "UPDATE file_versions SET sync_status = ? WHERE id = ?"
+      ).run(status, versionId);
+    }
+  }
+  /**
+   * Récupère les fichiers en attente de synchronisation
+   */
+  getPendingSyncFiles() {
+    return this.db.prepare(
+      "SELECT fv.*, n.name FROM file_versions fv JOIN nodes n ON n.id = fv.node_id WHERE fv.sync_status = ? ORDER BY fv.created_at ASC"
+    ).all("pending");
+  }
+  /**
+   * Ajoute une opération à la queue de sync
+   */
+  addPendingOperation(opType, payload) {
+    const now = Math.floor(Date.now() / 1e3);
+    const info = this.db.prepare(`
+      INSERT INTO pending_operations (op_type, op_payload, status, created_at, updated_at)
+      VALUES (?, ?, 'pending', ?, ?)
+    `).run(opType, JSON.stringify(payload), now, now);
+    return Number(info.lastInsertRowid);
+  }
+  /**
+   * Récupère les opérations en attente
+   */
+  getPendingOperations() {
+    return this.db.prepare(
+      "SELECT id, op_type, op_payload, attempts FROM pending_operations WHERE status = 'pending' ORDER BY created_at ASC"
+    ).all();
+  }
+  /**
+   * Met à jour le statut d'une opération
+   */
+  updateOperationStatus(opId, status, error) {
+    const now = Math.floor(Date.now() / 1e3);
+    this.db.prepare(
+      "UPDATE pending_operations SET status = ?, last_error = ?, attempts = attempts + 1, updated_at = ? WHERE id = ?"
+    ).run(status, error ?? null, now, opId);
+  }
+  /**
+   * Supprime les opérations terminées
+   */
+  clearCompletedOperations() {
+    this.db.prepare("DELETE FROM pending_operations WHERE status = 'completed'").run();
+  }
+  /**
+   * Récupère les CIDs Pinata d'un node et ses descendants (pour unpin cloud)
+   */
+  getPinataCidsForNode(nodeId) {
+    const rows = this.db.prepare(`
+      WITH RECURSIVE descendants(id) AS (
+        SELECT id FROM nodes WHERE id = ?
+        UNION ALL
+        SELECT n.id FROM nodes n JOIN descendants d ON n.parent_id = d.id
+      )
+      SELECT DISTINCT fv.pinata_cid
+      FROM file_versions fv
+      JOIN descendants d ON fv.node_id = d.id
+      WHERE fv.pinata_cid IS NOT NULL AND fv.sync_status = 'synced'
+    `).all(nodeId);
+    return rows.map((r) => r.pinata_cid);
+  }
+  // ─── Vault Config (Sprint 2) ──────────────────────────────────
+  getVaultConfig() {
+    const rows = this.db.prepare("SELECT key, value FROM vault_config").all();
+    if (rows.length === 0) return null;
+    const config = {};
+    for (const row of rows) {
+      config[row.key] = row.value;
+    }
+    return config;
+  }
+  setVaultConfig(config) {
+    const stmt = this.db.prepare(`
+      INSERT INTO vault_config (key, value, updated_at) VALUES (?, ?, unixepoch())
+      ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at
+    `);
+    const transaction = this.db.transaction(() => {
+      for (const [key, value] of Object.entries(config)) {
+        stmt.run(key, value);
+      }
+    });
+    transaction();
+  }
+  isVaultInitialized() {
+    const row = this.db.prepare("SELECT COUNT(*) as count FROM vault_config").get();
+    return row.count > 0;
+  }
+  // ─── Settings ─────────────────────────────────────────────────
+  getSetting(key) {
+    const row = this.db.prepare("SELECT value FROM settings WHERE key = ?").get(key);
+    return row?.value ?? null;
+  }
+  setSetting(key, value) {
+    this.db.prepare(`
+      INSERT INTO settings (key, value, updated_at) VALUES (?, ?, unixepoch())
+      ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = excluded.updated_at
+    `).run(key, value);
+  }
+  // ─── Nodes (fichiers & dossiers) ──────────────────────────────
+  getRootNode() {
+    return this.db.prepare("SELECT * FROM nodes WHERE parent_id IS NULL AND deleted_at IS NULL").get();
+  }
+  getNode(id) {
+    return this.db.prepare("SELECT * FROM nodes WHERE id = ?").get(id) ?? null;
+  }
+  listChildren(parentId) {
+    return this.db.prepare(
+      "SELECT * FROM nodes WHERE parent_id = ? AND deleted_at IS NULL ORDER BY kind DESC, name ASC"
+    ).all(parentId);
+  }
+  createFolder(parentId, name) {
+    const now = Math.floor(Date.now() / 1e3);
+    const info = this.db.prepare(
+      "INSERT INTO nodes (parent_id, name, kind, created_at, modified_at) VALUES (?, ?, ?, ?, ?)"
+    ).run(parentId, name, "folder", now, now);
+    return this.getNode(Number(info.lastInsertRowid));
+  }
+  createFileNode(parentId, name) {
+    const now = Math.floor(Date.now() / 1e3);
+    const info = this.db.prepare(
+      "INSERT INTO nodes (parent_id, name, kind, created_at, modified_at) VALUES (?, ?, ?, ?, ?)"
+    ).run(parentId, name, "file", now, now);
+    return this.getNode(Number(info.lastInsertRowid));
+  }
+  rename(nodeId, newName) {
+    const node = this.getNode(nodeId);
+    const oldName = node?.name;
+    const oldPath = node ? this.getNodePath(nodeId) : void 0;
+    const now = Math.floor(Date.now() / 1e3);
+    this.db.prepare("UPDATE nodes SET name = ?, modified_at = ? WHERE id = ?").run(newName, now, nodeId);
+    this.reindexNode(nodeId, oldName, oldPath);
+  }
+  moveNode(nodeId, newParentId) {
+    const now = Math.floor(Date.now() / 1e3);
+    this.db.prepare("UPDATE nodes SET parent_id = ?, modified_at = ? WHERE id = ?").run(newParentId, now, nodeId);
+  }
+  softDelete(nodeId) {
+    const now = Math.floor(Date.now() / 1e3);
+    const deleteRecursive = this.db.prepare(`
+      WITH RECURSIVE descendants(id) AS (
+        SELECT id FROM nodes WHERE id = ?
+        UNION ALL
+        SELECT n.id FROM nodes n JOIN descendants d ON n.parent_id = d.id WHERE n.deleted_at IS NULL
+      )
+      UPDATE nodes SET deleted_at = ? WHERE id IN (SELECT id FROM descendants)
+    `);
+    deleteRecursive.run(nodeId, now);
+  }
+  restore(nodeId) {
+    const restoreRecursive = this.db.prepare(`
+      WITH RECURSIVE descendants(id) AS (
+        SELECT id FROM nodes WHERE id = ?
+        UNION ALL
+        SELECT n.id FROM nodes n JOIN descendants d ON n.parent_id = d.id WHERE n.deleted_at IS NOT NULL
+      )
+      UPDATE nodes SET deleted_at = NULL WHERE id IN (SELECT id FROM descendants)
+    `);
+    restoreRecursive.run(nodeId);
+  }
+  listTrash() {
+    return this.db.prepare(
+      "SELECT * FROM nodes WHERE deleted_at IS NOT NULL ORDER BY deleted_at DESC"
+    ).all();
+  }
+  // ─── File versions ────────────────────────────────────────────
+  addFileVersion(nodeId, cid, sizeBytes, sha256Plain, encParams) {
+    const now = Math.floor(Date.now() / 1e3);
+    const info = this.db.prepare(`
+      INSERT INTO file_versions (node_id, cid, size_bytes, sha256_plain, created_at, enc_algo, enc_key_wrapped, enc_key_nonce, enc_data_nonce)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(
+      nodeId,
+      cid,
+      sizeBytes,
+      sha256Plain ?? null,
+      now,
+      encParams?.enc_algo ?? "none",
+      encParams?.enc_key_wrapped ?? null,
+      encParams?.enc_key_nonce ?? null,
+      encParams?.enc_data_nonce ?? null
+    );
+    const versionId = Number(info.lastInsertRowid);
+    this.db.prepare("UPDATE nodes SET current_version_id = ?, modified_at = ? WHERE id = ?").run(versionId, now, nodeId);
+    return this.db.prepare("SELECT * FROM file_versions WHERE id = ?").get(versionId);
+  }
+  getFileVersions(nodeId) {
+    return this.db.prepare(
+      "SELECT * FROM file_versions WHERE node_id = ? ORDER BY created_at DESC"
+    ).all(nodeId);
+  }
+  getCurrentVersion(nodeId) {
+    const node = this.getNode(nodeId);
+    if (!node?.current_version_id) return null;
+    return this.db.prepare("SELECT * FROM file_versions WHERE id = ?").get(node.current_version_id) ?? null;
+  }
+  // ─── CID refcount ─────────────────────────────────────────────
+  getOrphanCids() {
+    return this.db.prepare("SELECT cid FROM cid_refcount WHERE ref_count <= 0").all();
+  }
+  // ─── Paths ────────────────────────────────────────────────────
+  getNodePath(nodeId) {
+    const parts = [];
+    let current = this.getNode(nodeId);
+    while (current) {
+      parts.unshift(current.name);
+      current = current.parent_id ? this.getNode(current.parent_id) : null;
+    }
+    return "/" + parts.join("/");
+  }
+  // ─── GC Audit ─────────────────────────────────────────────────
+  logGcOp(opType, target, details) {
+    const now = Math.floor(Date.now() / 1e3);
+    this.db.prepare("INSERT INTO gc_audit_log (op_type, target, details, executed_at) VALUES (?, ?, ?, ?)").run(opType, target, details, now);
+  }
+  // ─── FTS ──────────────────────────────────────────────────────
+  indexNode(nodeId) {
+    const node = this.getNode(nodeId);
+    if (!node) return;
+    const nodePath = this.getNodePath(nodeId);
+    this.db.prepare("INSERT INTO fts_nodes(rowid, name, path) VALUES (?, ?, ?)").run(nodeId, node.name, nodePath);
+  }
+  reindexNode(nodeId, oldName, oldPath) {
+    const node = this.getNode(nodeId);
+    if (!node) return;
+    const nodePath = this.getNodePath(nodeId);
+    if (oldName !== void 0 && oldPath !== void 0) {
+      this.db.prepare("INSERT INTO fts_nodes(fts_nodes, rowid, name, path) VALUES ('delete', ?, ?, ?)").run(nodeId, oldName, oldPath);
+    }
+    this.db.prepare("INSERT INTO fts_nodes(rowid, name, path) VALUES (?, ?, ?)").run(nodeId, node.name, nodePath);
+  }
+  searchNodes(query) {
+    return this.db.prepare(
+      "SELECT rowid, name, path FROM fts_nodes WHERE fts_nodes MATCH ? ORDER BY rank"
+    ).all(query);
+  }
+  // ─── Sync Stats (Sprint 3) ─────────────────────────────────────
+  getSyncStats() {
+    return this.db.prepare(
+      "SELECT sync_status, COUNT(*) as count FROM file_versions GROUP BY sync_status"
+    ).all();
+  }
+  // ─── Cleanup ──────────────────────────────────────────────────
+  close() {
+    this.db.close();
+  }
+};
+// ../daemon/content-store.ts
+import { createHash } from "crypto";
+var KuboContentStore = class {
+  apiUrl;
+  constructor(apiUrl) {
+    this.apiUrl = apiUrl;
+  }
+  /**
+   * Ajoute du contenu dans IPFS
+   * Équivalent : ipfs add --pin --cid-version=1 --raw-leaves
+   */
+  async put(data) {
+    const boundary = "----MerkleVaultBoundary" + Date.now();
+    const header = `--${boundary}\r
+Content-Disposition: form-data; name="file"; filename="data"\r
+Content-Type: application/octet-stream\r
+\r
+`;
+    const footer = `\r
+--${boundary}--\r
+`;
+    const body = Buffer.concat([
+      Buffer.from(header),
+      data,
+      Buffer.from(footer)
+    ]);
+    const res = await fetch(
+      `${this.apiUrl}/api/v0/add?cid-version=1&raw-leaves=true&pin=true`,
+      {
+        method: "POST",
+        headers: { "Content-Type": `multipart/form-data; boundary=${boundary}` },
+        body
+      }
+    );
+    if (!res.ok) {
+      throw new Error(`IPFS add failed: ${res.status} ${await res.text()}`);
+    }
+    const result = JSON.parse(await res.text());
+    return { cid: result.Hash, size: parseInt(result.Size, 10) };
+  }
+  /**
+   * Récupère du contenu depuis IPFS
+   * Équivalent : ipfs cat <cid>
+   */
+  async get(cid) {
+    const res = await fetch(`${this.apiUrl}/api/v0/cat?arg=${cid}`, {
+      method: "POST"
+    });
+    if (!res.ok) {
+      throw new Error(`IPFS cat failed: ${res.status} ${await res.text()}`);
+    }
+    return Buffer.from(await res.arrayBuffer());
+  }
+  /**
+   * Pin un CID
+   */
+  async pin(cid) {
+    const res = await fetch(`${this.apiUrl}/api/v0/pin/add?arg=${cid}`, {
+      method: "POST"
+    });
+    if (!res.ok) {
+      throw new Error(`IPFS pin failed: ${res.status} ${await res.text()}`);
+    }
+  }
+  /**
+   * Unpin un CID
+   */
+  async unpin(cid) {
+    const res = await fetch(`${this.apiUrl}/api/v0/pin/rm?arg=${cid}`, {
+      method: "POST"
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      if (!text.includes("not pinned")) {
+        throw new Error(`IPFS unpin failed: ${res.status} ${text}`);
+      }
+    }
+  }
+  /**
+   * Déclenche le garbage collector Kubo
+   */
+  async gc() {
+    const res = await fetch(`${this.apiUrl}/api/v0/repo/gc`, {
+      method: "POST"
+    });
+    if (!res.ok) {
+      throw new Error(`IPFS gc failed: ${res.status} ${await res.text()}`);
+    }
+    await res.text();
+  }
+  /**
+   * Vérifie si Kubo répond
+   */
+  async isOnline() {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 3e3);
+      const res = await fetch(`${this.apiUrl}/api/v0/id`, {
+        method: "POST",
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+};
+function sha256(data) {
+  return createHash("sha256").update(data).digest("hex");
+}
+// ../daemon/pinata-content-store.ts
+var PinataContentStore = class {
+  baseUrl = "https://api.pinata.cloud";
+  gatewayUrl;
+  headers;
+  constructor(config) {
+    this.gatewayUrl = config.gateway || "https://gateway.pinata.cloud";
+    if (config.jwt) {
+      this.headers = {
+        "Authorization": `Bearer ${config.jwt}`
+      };
+    } else {
+      this.headers = {
+        "pinata_api_key": config.apiKey,
+        "pinata_secret_api_key": config.secretApiKey
+      };
+    }
+  }
+  /**
+   * Upload un fichier chiffré vers Pinata et le pin automatiquement
+   * Endpoint : POST /pinning/pinFileToIPFS
+   */
+  async put(data) {
+    const boundary = "----MerkleVaultPinata" + Date.now();
+    const metadata = JSON.stringify({
+      name: `merklevault-${Date.now()}`,
+      keyvalues: { app: "merklevault", encrypted: "true" }
+    });
+    const parts = [];
+    parts.push(Buffer.from(
+      `--${boundary}\r
+Content-Disposition: form-data; name="pinataMetadata"\r
+Content-Type: application/json\r
+\r
+` + metadata + "\r\n"
+    ));
+    parts.push(Buffer.from(
+      `--${boundary}\r
+Content-Disposition: form-data; name="file"; filename="encrypted-blob"\r
+Content-Type: application/octet-stream\r
+\r
+`
+    ));
+    parts.push(data);
+    parts.push(Buffer.from(`\r
+--${boundary}--\r
+`));
+    const body = Buffer.concat(parts);
+    const res = await fetch(`${this.baseUrl}/pinning/pinFileToIPFS`, {
+      method: "POST",
+      headers: {
+        ...this.headers,
+        "Content-Type": `multipart/form-data; boundary=${boundary}`
+      },
+      body
+    });
+    if (!res.ok) {
+      const errText = await res.text();
+      throw new Error(`Pinata upload failed: ${res.status} ${errText}`);
+    }
+    const result = await res.json();
+    return {
+      cid: result.IpfsHash,
+      size: result.PinSize || data.length
+    };
+  }
+  /**
+   * Récupère un fichier depuis le gateway Pinata
+   * Endpoint : GET {gateway}/ipfs/{CID}
+   */
+  async get(cid) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 6e4);
+    try {
+      const res = await fetch(`${this.gatewayUrl}/ipfs/${cid}`, {
+        method: "GET",
+        signal: controller.signal
+      });
+      if (!res.ok) {
+        throw new Error(`Pinata get failed: ${res.status} ${await res.text()}`);
+      }
+      return Buffer.from(await res.arrayBuffer());
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+  /**
+   * Pin un CID déjà présent sur le réseau IPFS
+   * Endpoint : POST /pinning/pinByHash
+   */
+  async pin(cid) {
+    const res = await fetch(`${this.baseUrl}/pinning/pinByHash`, {
+      method: "POST",
+      headers: {
+        ...this.headers,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ hashToPin: cid })
+    });
+    if (!res.ok) {
+      const errText = await res.text();
+      throw new Error(`Pinata pin failed: ${res.status} ${errText}`);
+    }
+  }
+  /**
+   * Supprime le pin d'un CID sur Pinata
+   * Endpoint : DELETE /pinning/unpin/{CID}
+   */
+  async unpin(cid) {
+    const res = await fetch(`${this.baseUrl}/pinning/unpin/${cid}`, {
+      method: "DELETE",
+      headers: this.headers
+    });
+    if (!res.ok) {
+      const errText = await res.text();
+      if (res.status !== 404) {
+        throw new Error(`Pinata unpin failed: ${res.status} ${errText}`);
+      }
+    }
+  }
+  /**
+   * Pas de GC côté Pinata — opération no-op
+   */
+  async gc() {
+  }
+  /**
+   * Vérifie la connectivité et l'authentification avec Pinata
+   * Endpoint : GET /data/testAuthentication
+   */
+  async isOnline() {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 5e3);
+      const res = await fetch(`${this.baseUrl}/data/testAuthentication`, {
+        method: "GET",
+        headers: this.headers,
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Vérifie si un CID est déjà pinné sur Pinata
+   * Endpoint : GET /data/pinList?cid={CID}
+   */
+  async stat(cid) {
+    try {
+      const res = await fetch(
+        `${this.baseUrl}/data/pinList?status=pinned&hashContains=${cid}`,
+        { method: "GET", headers: this.headers }
+      );
+      if (!res.ok) return null;
+      const result = await res.json();
+      if (result.rows && result.rows.length > 0) {
+        return {
+          pinned: true,
+          size: result.rows[0].size || 0
+        };
+      }
+      return { pinned: false, size: 0 };
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Met à jour la configuration (clé API, gateway)
+   */
+  updateConfig(config) {
+    if (config.gateway) {
+      this.gatewayUrl = config.gateway;
+    }
+    if (config.jwt) {
+      this.headers = { "Authorization": `Bearer ${config.jwt}` };
+    } else if (config.apiKey && config.secretApiKey) {
+      this.headers = {
+        "pinata_api_key": config.apiKey,
+        "pinata_secret_api_key": config.secretApiKey
+      };
+    }
+  }
+};
+// ../daemon/storage-router.ts
+var StorageRouter = class {
+  kuboStore;
+  pinataStore = null;
+  provider = "local";
+  constructor(kuboStore) {
+    this.kuboStore = kuboStore;
+  }
+  /**
+   * Configure le provider cloud.
+   * Peut être appelé à tout moment pour basculer local ↔ pinata.
+   */
+  setProvider(provider, pinataConfig) {
+    this.provider = provider;
+    if (provider === "pinata" && pinataConfig) {
+      if (this.pinataStore) {
+        this.pinataStore.updateConfig(pinataConfig);
+      } else {
+        this.pinataStore = new PinataContentStore(pinataConfig);
+      }
+    }
+    console.log(`[storage-router] Provider set to: ${provider}`);
+  }
+  /**
+   * Retourne le provider actif
+   */
+  getProvider() {
+    return this.provider;
+  }
+  /**
+   * Vérifie si le cloud est configuré et actif
+   */
+  isCloudActive() {
+    return this.provider === "pinata" && this.pinataStore !== null;
+  }
+  /**
+   * Retourne le PinataContentStore pour les opérations spécifiques (stat, etc.)
+   */
+  getPinataStore() {
+    return this.pinataStore;
+  }
+  // ─── ContentStore interface ────────────────────────────────────
+  /**
+   * Stocke les données selon le provider actif.
+   *
+   * Mode local : put dans Kubo uniquement
+   * Mode pinata : put dans Pinata (le CID IPFS est identique)
+   */
+  async put(data) {
+    const result = await this.kuboStore.put(data);
+    console.log(`[storage-router] Stored locally: ${result.cid} (cloud=${this.provider})`);
+    return result;
+  }
+  /**
+   * Récupère les données selon le provider actif.
+   *
+   * Mode local : get depuis Kubo
+   * Mode pinata : essaie Pinata d'abord, fallback sur Kubo
+   */
+  async get(cid) {
+    if (this.provider === "pinata" && this.pinataStore) {
+      try {
+        return await this.pinataStore.get(cid);
+      } catch (err) {
+        console.warn(`[storage-router] Pinata get failed, trying Kubo: ${err.message}`);
+        return this.kuboStore.get(cid);
+      }
+    }
+    return this.kuboStore.get(cid);
+  }
+  /**
+   * Pin : selon le provider actif
+   */
+  async pin(cid) {
+    if (this.provider === "pinata" && this.pinataStore) {
+      await this.pinataStore.pin(cid);
+      return;
+    }
+    await this.kuboStore.pin(cid);
+  }
+  /**
+   * Unpin : selon le provider actif
+   */
+  async unpin(cid) {
+    if (this.provider === "pinata" && this.pinataStore) {
+      await this.pinataStore.unpin(cid);
+      return;
+    }
+    await this.kuboStore.unpin(cid);
+  }
+  /**
+   * GC : toujours sur Kubo (Pinata gère son propre stockage)
+   */
+  async gc() {
+    await this.kuboStore.gc();
+  }
+  /**
+   * Vérifie la connectivité du provider actif
+   */
+  async isOnline() {
+    if (this.provider === "pinata" && this.pinataStore) {
+      return this.pinataStore.isOnline();
+    }
+    return this.kuboStore.isOnline();
+  }
+  /**
+   * Vérifie la connectivité de Kubo (toujours utile même en mode cloud)
+   */
+  async isKuboOnline() {
+    return this.kuboStore.isOnline();
+  }
+  /**
+   * Vérifie la connectivité Pinata (même si le provider est local)
+   */
+  async isPinataOnline() {
+    if (!this.pinataStore) return false;
+    return this.pinataStore.isOnline();
+  }
+};
+// ../daemon/sync-queue-processor.ts
+var SyncQueueProcessor = class {
+  db;
+  store;
+  kuboStore;
+  intervalId = null;
+  isProcessing = false;
+  isOnline = false;
+  CHECK_INTERVAL_MS = 3e4;
+  // 30 secondes
+  MAX_RETRIES = 5;
+  eventCallback = null;
+  constructor(db, store, kuboStore) {
+    this.db = db;
+    this.store = store;
+    this.kuboStore = kuboStore;
+  }
+  /**
+   * Définit le callback pour les événements de sync
+   */
+  onEvent(callback) {
+    this.eventCallback = callback;
+  }
+  emit(event) {
+    if (this.eventCallback) {
+      this.eventCallback(event);
+    }
+  }
+  /**
+   * Démarre le processeur de sync en arrière-plan
+   */
+  start() {
+    if (this.intervalId) return;
+    console.log("[sync] SyncQueueProcessor started");
+    this.processQueue().catch(
+      (err) => console.error("[sync] Initial check failed:", err.message)
+    );
+    this.intervalId = setInterval(() => {
+      this.processQueue().catch(
+        (err) => console.error("[sync] Periodic check failed:", err.message)
+      );
+    }, this.CHECK_INTERVAL_MS);
+  }
+  /**
+   * Arrête le processeur
+   */
+  stop() {
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+    console.log("[sync] SyncQueueProcessor stopped");
+  }
+  /**
+   * Force un traitement immédiat de la queue
+   */
+  async forceProcess() {
+    await this.processQueue();
+  }
+  /**
+   * Retourne le statut courant du processeur
+   */
+  getStatus() {
+    return {
+      running: this.intervalId !== null,
+      online: this.isOnline,
+      processing: this.isProcessing
+    };
+  }
+  /**
+   * Traite la queue de sync
+   */
+  async processQueue() {
+    if (this.isProcessing) return;
+    if (!this.store.isCloudActive()) {
+      console.log("[sync] Skipping \u2014 cloud not active");
+      return;
+    }
+    this.isProcessing = true;
+    try {
+      const online = await this.store.isPinataOnline();
+      if (online !== this.isOnline) {
+        this.isOnline = online;
+        this.emit({
+          type: online ? "sync:online" : "sync:offline"
+        });
+      }
+      if (!online) {
+        this.isProcessing = false;
+        return;
+      }
+      const pendingOps = this.db.getPendingOperations();
+      if (pendingOps.length === 0) {
+        this.isProcessing = false;
+        return;
+      }
+      console.log(`[sync] Processing ${pendingOps.length} pending operations`);
+      this.emit({ type: "sync:start", data: { count: pendingOps.length } });
+      let completed = 0;
+      let errors = 0;
+      for (const op of pendingOps) {
+        if (op.attempts >= this.MAX_RETRIES) {
+          this.db.updateOperationStatus(op.id, "failed", "Max retries exceeded");
+          errors++;
+          continue;
+        }
+        try {
+          if (op.op_type === "pinata_upload") {
+            await this.processPinataUpload(op);
+            completed++;
+          } else {
+            console.warn(`[sync] Unknown operation type: ${op.op_type}`);
+            this.db.updateOperationStatus(op.id, "failed", `Unknown op_type: ${op.op_type}`);
+            errors++;
+          }
+        } catch (err) {
+          console.error(`[sync] Operation ${op.id} failed: ${err.message}`);
+          this.db.updateOperationStatus(op.id, "pending", err.message);
+          errors++;
+          if (err.message.includes("fetch") || err.message.includes("network")) {
+            this.isOnline = false;
+            this.emit({ type: "sync:offline" });
+            break;
+          }
+        }
+        this.emit({
+          type: "sync:progress",
+          data: { completed, errors, total: pendingOps.length }
+        });
+      }
+      this.db.clearCompletedOperations();
+      this.emit({
+        type: "sync:complete",
+        data: { completed, errors }
+      });
+      console.log(`[sync] Queue processed: ${completed} completed, ${errors} errors`);
+    } finally {
+      this.isProcessing = false;
+    }
+  }
+  /**
+   * Traite une opération d'upload vers Pinata
+   */
+  async processPinataUpload(op) {
+    const payload = JSON.parse(op.op_payload);
+    const { versionId, cid } = payload;
+    this.db.updateSyncStatus(versionId, "syncing");
+    const data = await this.kuboStore.get(cid);
+    const pinataStore = this.store.getPinataStore();
+    if (!pinataStore) {
+      throw new Error("Pinata store not available");
+    }
+    const result = await pinataStore.put(data);
+    this.db.updateSyncStatus(versionId, "synced", result.cid);
+    this.db.updateOperationStatus(op.id, "completed");
+    console.log(`[sync] Uploaded to Pinata: version ${versionId} \u2192 ${result.cid}`);
+  }
+};
+// ../daemon/crypto.ts
+import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
+import { randomBytes as nobleRandomBytes } from "@noble/ciphers/utils.js";
+import { argon2id } from "@noble/hashes/argon2.js";
+import { sha256 as sha2562 } from "@noble/hashes/sha2.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { bytesToHex, hexToBytes } from "@noble/hashes/utils.js";
+import * as bip39 from "@scure/bip39";
+import { wordlist as english } from "@scure/bip39/wordlists/english.js";
+var ENC_ALGO = "xchacha20-poly1305";
+var ARGON2_PARAMS = {
+  t: 3,
+  // 3 itérations
+  m: 65536,
+  // 64 MB mémoire
+  p: 4
+  // 4 threads parallèles
+};
+var KEY_LENGTH = 32;
+var NONCE_LENGTH = 24;
+var SALT_LENGTH = 16;
+function generateMnemonic2() {
+  return bip39.generateMnemonic(english, 256);
+}
+function validateMnemonic2(mnemonic) {
+  return bip39.validateMnemonic(mnemonic, english);
+}
+async function mnemonicToSeed2(mnemonic) {
+  return bip39.mnemonicToSeed(mnemonic);
+}
+function deriveKeyFromPassword(password, salt) {
+  const passwordBytes = new TextEncoder().encode(password);
+  return argon2id(passwordBytes, salt, {
+    t: ARGON2_PARAMS.t,
+    m: ARGON2_PARAMS.m,
+    p: ARGON2_PARAMS.p,
+    dkLen: KEY_LENGTH
+  });
+}
+function deriveRecoveryKey(seed) {
+  const info = new TextEncoder().encode("MerkleVault-Recovery-v1");
+  return hkdf(sha2562, seed, void 0, info, KEY_LENGTH);
+}
+function encryptFile(plaintext, masterKey) {
+  const fileKey = nobleRandomBytes(KEY_LENGTH);
+  const dataNonce = nobleRandomBytes(NONCE_LENGTH);
+  const cipher = xchacha20poly1305(fileKey, dataNonce);
+  const ciphertext = cipher.encrypt(new Uint8Array(plaintext));
+  const keyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const keyCipher = xchacha20poly1305(masterKey, keyNonce);
+  const wrappedKey = keyCipher.encrypt(fileKey);
+  return {
+    ciphertext: Buffer.from(ciphertext),
+    wrappedKey: Buffer.from(wrappedKey),
+    keyNonce: Buffer.from(keyNonce),
+    dataNonce: Buffer.from(dataNonce)
+  };
+}
+function decryptFile(params) {
+  const { ciphertext, wrappedKey, keyNonce, dataNonce, masterKey } = params;
+  const keyCipher = xchacha20poly1305(masterKey, new Uint8Array(keyNonce));
+  const fileKey = keyCipher.decrypt(new Uint8Array(wrappedKey));
+  const dataCipher = xchacha20poly1305(fileKey, new Uint8Array(dataNonce));
+  const plaintext = dataCipher.decrypt(new Uint8Array(ciphertext));
+  return Buffer.from(plaintext);
+}
+async function createVault(password) {
+  const mnemonic = generateMnemonic2();
+  const salt = nobleRandomBytes(SALT_LENGTH);
+  const masterKey = nobleRandomBytes(KEY_LENGTH);
+  const passwordKey = deriveKeyFromPassword(password, salt);
+  const pwKeyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const pwCipher = xchacha20poly1305(passwordKey, pwKeyNonce);
+  const pwEncryptedMasterKey = pwCipher.encrypt(masterKey);
+  const seed = await mnemonicToSeed2(mnemonic);
+  const recoveryKey = deriveRecoveryKey(seed);
+  const masterKeyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const recoveryCipher = xchacha20poly1305(recoveryKey, masterKeyNonce);
+  const encryptedMasterKey = recoveryCipher.encrypt(masterKey);
+  const mnemonicHash = sha2562(new TextEncoder().encode(mnemonic));
+  const masterKeyHash = sha2562(masterKey);
+  const config = {
+    salt: bytesToHex(salt),
+    encryptedMasterKey: bytesToHex(encryptedMasterKey),
+    masterKeyNonce: bytesToHex(masterKeyNonce),
+    pwEncryptedMasterKey: bytesToHex(pwEncryptedMasterKey),
+    pwKeyNonce: bytesToHex(pwKeyNonce),
+    mnemonicHash: bytesToHex(mnemonicHash),
+    masterKeyHash: bytesToHex(masterKeyHash)
+  };
+  return { mnemonic, config, masterKey };
+}
+function unlockVault(password, config) {
+  const salt = hexToBytes(config.salt);
+  const passwordKey = deriveKeyFromPassword(password, salt);
+  let masterKey;
+  try {
+    const pwNonce = hexToBytes(config.pwKeyNonce);
+    const pwEncrypted = hexToBytes(config.pwEncryptedMasterKey);
+    const cipher = xchacha20poly1305(passwordKey, pwNonce);
+    masterKey = cipher.decrypt(pwEncrypted);
+  } catch {
+    return null;
+  }
+  const computedHash = bytesToHex(sha2562(masterKey));
+  if (computedHash !== config.masterKeyHash) {
+    return null;
+  }
+  return masterKey;
+}
+async function recoverVault(mnemonic, newPassword, oldConfig) {
+  if (!validateMnemonic2(mnemonic)) {
+    return null;
+  }
+  const mnemonicHash = bytesToHex(sha2562(new TextEncoder().encode(mnemonic)));
+  if (mnemonicHash !== oldConfig.mnemonicHash) {
+    return null;
+  }
+  const seed = await mnemonicToSeed2(mnemonic);
+  const recoveryKey = deriveRecoveryKey(seed);
+  let masterKey;
+  try {
+    const nonce = hexToBytes(oldConfig.masterKeyNonce);
+    const encryptedMasterKey = hexToBytes(oldConfig.encryptedMasterKey);
+    const cipher = xchacha20poly1305(recoveryKey, nonce);
+    masterKey = cipher.decrypt(encryptedMasterKey);
+  } catch {
+    return null;
+  }
+  const computedHash = bytesToHex(sha2562(masterKey));
+  if (computedHash !== oldConfig.masterKeyHash) {
+    return null;
+  }
+  const newSalt = nobleRandomBytes(SALT_LENGTH);
+  const newPasswordKey = deriveKeyFromPassword(newPassword, newSalt);
+  const newPwKeyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const pwCipher = xchacha20poly1305(newPasswordKey, newPwKeyNonce);
+  const newPwEncryptedMasterKey = pwCipher.encrypt(masterKey);
+  const newMasterKeyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const newRecoveryCipher = xchacha20poly1305(recoveryKey, newMasterKeyNonce);
+  const newEncryptedMasterKey = newRecoveryCipher.encrypt(masterKey);
+  const config = {
+    salt: bytesToHex(newSalt),
+    encryptedMasterKey: bytesToHex(newEncryptedMasterKey),
+    masterKeyNonce: bytesToHex(newMasterKeyNonce),
+    pwEncryptedMasterKey: bytesToHex(newPwEncryptedMasterKey),
+    pwKeyNonce: bytesToHex(newPwKeyNonce),
+    mnemonicHash: oldConfig.mnemonicHash,
+    // Ne change pas
+    masterKeyHash: oldConfig.masterKeyHash
+    // La master key ne change pas
+  };
+  return { masterKey, config };
+}
+async function changePassword(oldPassword, newPassword, oldConfig) {
+  const masterKey = unlockVault(oldPassword, oldConfig);
+  if (!masterKey) return null;
+  const newSalt = nobleRandomBytes(SALT_LENGTH);
+  const newPasswordKey = deriveKeyFromPassword(newPassword, newSalt);
+  const newPwKeyNonce = nobleRandomBytes(NONCE_LENGTH);
+  const pwCipher = xchacha20poly1305(newPasswordKey, newPwKeyNonce);
+  const newPwEncryptedMasterKey = pwCipher.encrypt(masterKey);
+  return {
+    ...oldConfig,
+    salt: bytesToHex(newSalt),
+    pwEncryptedMasterKey: bytesToHex(newPwEncryptedMasterKey),
+    pwKeyNonce: bytesToHex(newPwKeyNonce)
+    // encryptedMasterKey, masterKeyNonce, mnemonicHash, masterKeyHash : inchangés
+  };
+}
+function zeroKey(key) {
+  key.fill(0);
+}
+// src/merklevault.ts
+function toFileNode(row) {
+  return {
+    id: row.id,
+    parentId: row.parent_id,
+    name: row.name,
+    kind: row.kind,
+    createdAt: row.created_at,
+    modifiedAt: row.modified_at,
+    deletedAt: row.deleted_at,
+    currentVersionId: row.current_version_id
+  };
+}
+function toFileVersion(row) {
+  return {
+    id: row.id,
+    nodeId: row.node_id,
+    cid: row.cid,
+    sizeBytes: row.size_bytes,
+    sha256Plain: row.sha256_plain,
+    createdAt: row.created_at,
+    encAlgo: row.enc_algo,
+    provider: row.provider || "local",
+    pinataCid: row.pinata_cid || null,
+    syncStatus: row.sync_status || "none"
+  };
+}
+var MerkleVault = class extends EventEmitter2 {
+  opts;
+  kubo;
+  db;
+  store;
+  kuboStore;
+  syncProcessor = null;
+  // Vault state
+  masterKey = null;
+  lockTimer = null;
+  started = false;
+  constructor(options) {
+    super();
+    this.opts = {
+      dataDir: options.dataDir,
+      kuboBinaryPath: options.kuboBinaryPath ?? "",
+      kuboApiPort: options.kuboApiPort ?? 5101,
+      autoLockMs: options.autoLockMs ?? 15 * 60 * 1e3,
+      disableAutoLock: options.disableAutoLock ?? false
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════
+  //  LIFECYCLE
+  // ═══════════════════════════════════════════════════════════════
+  /**
+   * Demarre le vault : initialise la DB, lance Kubo, restaure la config cloud.
+   * Doit etre appele avant toute autre operation.
+   */
+  async start() {
+    if (this.started) return;
+    const { dataDir, kuboBinaryPath, kuboApiPort } = this.opts;
+    if (!existsSync3(dataDir)) {
+      mkdirSync3(dataDir, { recursive: true });
+    }
+    this.db = new Database(dataDir);
+    const defaultKuboPath = kuboBinaryPath || path3.resolve(path3.join(dataDir, "..", "kubo", "ipfs"));
+    this.kubo = new KuboManager({
+      kuboBinaryPath: defaultKuboPath,
+      repoPath: path3.join(dataDir, "ipfs-repo"),
+      apiPort: kuboApiPort
+    });
+    this.kubo.on("ready", () => this.emitEvent("kubo:ready"));
+    this.kubo.on("crash", (info) => this.emitEvent("kubo:crash", info));
+    this.kubo.on("log", (msg) => {
+    });
+    await this.kubo.start();
+    this.kuboStore = new KuboContentStore(`http://127.0.0.1:${kuboApiPort}`);
+    this.store = new StorageRouter(this.kuboStore);
+    this.restoreCloudConfig();
+    this.syncProcessor = new SyncQueueProcessor(this.db, this.store, this.kuboStore);
+    this.syncProcessor.onEvent((event) => {
+      this.emitEvent(event.type, event.data);
+    });
+    this.syncProcessor.start();
+    this.started = true;
+  }
+  /**
+   * Arrete le vault proprement : ferme Kubo, la DB, le sync processor.
+   */
+  async stop() {
+    if (!this.started) return;
+    this.lock();
+    if (this.syncProcessor) {
+      this.syncProcessor.stop();
+      this.syncProcessor = null;
+    }
+    await this.kubo.stop();
+    this.db.close();
+    this.started = false;
+  }
+  /**
+   * Verifie que le vault est demarre, sinon throw.
+   */
+  ensureStarted() {
+    if (!this.started) {
+      throw new Error("MerkleVault not started \u2014 call vault.start() first");
+    }
+  }
+  /**
+   * Verifie que le vault est deverrouille, sinon throw.
+   */
+  ensureUnlocked() {
+    this.ensureStarted();
+    if (!this.masterKey) {
+      throw new Error("Vault is locked \u2014 call vault.unlock() first");
+    }
+  }
+  // ═══════════════════════════════════════════════════════════════
+  //  VAULT MANAGEMENT
+  // ═══════════════════════════════════════════════════════════════
+  /**
+   * Cree un nouveau vault avec un mot de passe.
+   * Retourne la phrase de recuperation BIP39 (24 mots).
+   *
+   * @param password - Mot de passe maitre (min 8 caracteres)
+   * @returns Phrase de recuperation a afficher UNE SEULE FOIS
+   */
+  async create(password) {
+    this.ensureStarted();
+    if (this.db.isVaultInitialized()) {
+      throw new Error("Vault already initialized");
+    }
+    if (!password || password.length < 8) {
+      throw new Error("Password must be at least 8 characters");
+    }
+    const { mnemonic, config, masterKey } = await createVault(password);
+    this.saveVaultConfig(config);
+    this.masterKey = masterKey;
+    this.resetLockTimer();
+    this.emitEvent("vault:created");
+    this.emitEvent("vault:unlocked");
+    return { mnemonic };
+  }
+  /**
+   * Deverrouille le vault avec le mot de passe.
+   *
+   * @param password - Mot de passe maitre
+   * @returns true si le deverrouillage a reussi
+   * @throws Si le mot de passe est invalide
+   */
+  unlock(password) {
+    this.ensureStarted();
+    const config = this.loadVaultConfig();
+    const masterKey = unlockVault(password, config);
+    if (!masterKey) {
+      throw new Error("Invalid password");
+    }
+    this.masterKey = masterKey;
+    this.resetLockTimer();
+    this.emitEvent("vault:unlocked");
+    return true;
+  }
+  /**
+   * Verrouille le vault — efface la master key de la memoire.
+   */
+  lock() {
+    if (this.masterKey) {
+      zeroKey(this.masterKey);
+      this.masterKey = null;
+    }
+    if (this.lockTimer) {
+      clearTimeout(this.lockTimer);
+      this.lockTimer = null;
+    }
+    this.emitEvent("vault:locked", { reason: "manual" });
+  }
+  /**
+   * Recupere le vault via la phrase BIP39 et definit un nouveau mot de passe.
+   *
+   * @param mnemonic - Phrase de recuperation (24 mots)
+   * @param newPassword - Nouveau mot de passe
+   */
+  async recover(mnemonic, newPassword) {
+    this.ensureStarted();
+    const config = this.loadVaultConfig();
+    const result = await recoverVault(mnemonic, newPassword, config);
+    if (!result) {
+      throw new Error("Recovery failed \u2014 invalid mnemonic");
+    }
+    this.saveVaultConfig(result.config);
+    this.masterKey = result.masterKey;
+    this.resetLockTimer();
+    this.emitEvent("vault:unlocked");
+    return true;
+  }
+  /**
+   * Change le mot de passe du vault sans re-chiffrer les fichiers.
+   *
+   * @param oldPassword - Ancien mot de passe
+   * @param newPassword - Nouveau mot de passe
+   */
+  async changePassword(oldPassword, newPassword) {
+    this.ensureStarted();
+    const config = this.loadVaultConfig();
+    const newConfig = await changePassword(oldPassword, newPassword, config);
+    if (!newConfig) {
+      throw new Error("Invalid current password");
+    }
+    this.saveVaultConfig(newConfig);
+    return true;
+  }
+  /**
+   * Retourne l'etat du vault (initialise, deverrouille).
+   */
+  getVaultInfo() {
+    this.ensureStarted();
+    return {
+      initialized: this.db.isVaultInitialized(),
+      unlocked: this.masterKey !== null
+    };
+  }
+  /**
+   * Verifie si le vault est deverrouille.
+   */
+  isUnlocked() {
+    return this.masterKey !== null;
+  }
+  // ═══════════════════════════════════════════════════════════════
+  //  FILE OPERATIONS
+  // ═══════════════════════════════════════════════════════════════
+  /**
+   * Ajoute un fichier au vault depuis un Buffer.
+   *
+   * @param data - Contenu du fichier
+   * @param options - Nom et dossier parent
+   * @returns Noeud cree, version et CID
+   */
+  async addFile(data, options) {
+    this.ensureStarted();
+    const parentId = options.parentId ?? this.db.getRootNode().id;
+    const plaintext = data;
+    const hash = sha256(plaintext);
+    let dataToStore;
+    let encParams;
+    if (this.masterKey) {
+      const encrypted = encryptFile(plaintext, this.masterKey);
+      dataToStore = encrypted.ciphertext;
+      encParams = {
+        enc_algo: ENC_ALGO,
+        enc_key_wrapped: encrypted.wrappedKey,
+        enc_key_nonce: encrypted.keyNonce,
+        enc_data_nonce: encrypted.dataNonce
+      };
+    } else {
+      dataToStore = plaintext;
+    }
+    const { cid, size } = await this.store.put(dataToStore);
+    const nodeRow = this.db.createFileNode(parentId, options.name);
+    const versionRow = this.db.addFileVersion(nodeRow.id, cid, size, hash, encParams);
+    this.db.indexNode(nodeRow.id);
+    if (this.store.isCloudActive()) {
+      this.db.updateSyncStatus(versionRow.id, "pending");
+      this.db.addPendingOperation("pinata_upload", { versionId: versionRow.id, cid });
+    }
+    this.resetLockTimer();
+    this.emitEvent("file:added", { nodeId: nodeRow.id, name: options.name, cid });
+    return {
+      node: toFileNode(nodeRow),
+      version: toFileVersion(versionRow),
+      cid
+    };
+  }
+  /**
+   * Ajoute un fichier depuis un chemin sur le disque.
+   *
+   * @param filePath - Chemin absolu du fichier
+   * @param options - Nom (optionnel, deduit du path) et dossier parent
+   */
+  async addFileFromPath(filePath, options) {
+    const data = readFileSync(filePath);
+    const name = options?.name ?? path3.basename(filePath);
+    return this.addFile(data, { name, parentId: options?.parentId });
+  }
+  /**
+   * Recupere le contenu dechiffre d'un fichier.
+   *
+   * @param nodeId - ID du noeud fichier
+   * @returns Contenu dechiffre + metadonnees
+   */
+  async getFile(nodeId) {
+    this.ensureStarted();
+    const version = this.db.getCurrentVersion(nodeId);
+    if (!version) throw new Error("No version found for this file");
+    const nodeRow = this.db.getNode(nodeId);
+    if (!nodeRow) throw new Error(`Node ${nodeId} not found`);
+    const rawData = await this.store.get(version.cid);
+    let data;
+    if (version.enc_algo !== "none" && version.enc_algo !== null) {
+      if (!this.masterKey) {
+        throw new Error("Vault is locked \u2014 unlock required to access encrypted files");
+      }
+      if (!version.enc_key_wrapped || !version.enc_key_nonce || !version.enc_data_nonce) {
+        throw new Error("Missing encryption metadata for this file version");
+      }
+      data = decryptFile({
+        ciphertext: rawData,
+        wrappedKey: version.enc_key_wrapped,
+        keyNonce: version.enc_key_nonce,
+        dataNonce: version.enc_data_nonce,
+        masterKey: this.masterKey
+      });
+    } else {
+      data = rawData;
+    }
+    this.resetLockTimer();
+    return {
+      node: toFileNode(nodeRow),
+      data,
+      cid: version.cid,
+      size: data.length
+    };
+  }
+  /**
+   * Liste le contenu d'un dossier.
+   *
+   * @param parentId - ID du dossier (undefined = racine)
+   */
+  listFolder(parentId) {
+    this.ensureStarted();
+    const nodeRow = parentId ? this.db.getNode(parentId) : this.db.getRootNode();
+    const children = this.db.listChildren(nodeRow.id);
+    return {
+      node: toFileNode(nodeRow),
+      children: children.map(toFileNode)
+    };
+  }
+  /**
+   * Recupere un noeud par son ID.
+   */
+  getNode(nodeId) {
+    this.ensureStarted();
+    const row = this.db.getNode(nodeId);
+    return row ? toFileNode(row) : null;
+  }
+  /**
+   * Recupere le chemin complet d'un noeud (fil d'ariane).
+   */
+  getNodePath(nodeId) {
+    this.ensureStarted();
+    const rows = this.db.getNodePath(nodeId);
+    return rows.map(toFileNode);
+  }
+  /**
+   * Recupere le noeud racine.
+   */
+  getRootNode() {
+    this.ensureStarted();
+    return toFileNode(this.db.getRootNode());
+  }
+  /**
+   * Cree un nouveau dossier.
+   *
+   * @param name - Nom du dossier
+   * @param parentId - ID du dossier parent (defaut: racine)
+   */
+  createFolder(name, parentId) {
+    this.ensureStarted();
+    const pid = parentId ?? this.db.getRootNode().id;
+    const folder = this.db.createFolder(pid, name);
+    this.db.indexNode(folder.id);
+    this.emitEvent("folder:created", { nodeId: folder.id, name });
+    return toFileNode(folder);
+  }
+  /**
+   * Renomme un noeud (fichier ou dossier).
+   */
+  rename(nodeId, newName) {
+    this.ensureStarted();
+    this.db.rename(nodeId, newName);
+    this.emitEvent("file:renamed", { nodeId, newName });
+  }
+  /**
+   * Deplace un noeud vers un autre dossier.
+   */
+  move(nodeId, newParentId) {
+    this.ensureStarted();
+    this.db.moveNode(nodeId, newParentId);
+    this.emitEvent("file:moved", { nodeId, newParentId });
+  }
+  /**
+   * Supprime un noeud (soft delete → corbeille).
+   * Unpin de Pinata si le fichier y est synchronise.
+   */
+  async delete(nodeId) {
+    this.ensureStarted();
+    const pinataCids = this.db.getPinataCidsForNode(nodeId);
+    this.db.softDelete(nodeId);
+    if (pinataCids.length > 0 && this.store.isCloudActive()) {
+      const pinataStore = this.store.getPinataStore();
+      if (pinataStore) {
+        for (const cid of pinataCids) {
+          try {
+            await pinataStore.unpin(cid);
+          } catch (err) {
+          }
+        }
+      }
+    }
+    this.emitEvent("file:deleted", { nodeId });
+  }
+  /**
+   * Restaure un noeud depuis la corbeille.
+   */
+  restore(nodeId) {
+    this.ensureStarted();
+    this.db.restore(nodeId);
+  }
+  /**
+   * Liste les elements dans la corbeille.
+   */
+  listTrash() {
+    this.ensureStarted();
+    return this.db.listTrash().map(toFileNode);
+  }
+  /**
+   * Recupere l'historique des versions d'un fichier.
+   */
+  getVersions(nodeId) {
+    this.ensureStarted();
+    return this.db.getFileVersions(nodeId).map(toFileVersion);
+  }
+  /**
+   * Recherche dans le vault (FTS5).
+   */
+  search(query) {
+    this.ensureStarted();
+    const ftsResults = this.db.searchNodes(query);
+    return ftsResults.map((r) => this.db.getNode(r.rowid)).filter((row) => row !== null).map(toFileNode);
+  }
+  // ═══════════════════════════════════════════════════════════════
+  //  CLOUD SYNC
+  // ═══════════════════════════════════════════════════════════════
+  /**
+   * Configure les credentials Pinata et teste la connexion.
+   *
+   * @param credentials - JWT ou apiKey + secretApiKey
+   * @returns true si la connexion a reussi
+   */
+  async configureCloud(credentials) {
+    this.ensureStarted();
+    const config = {
+      apiKey: credentials.apiKey || "",
+      secretApiKey: credentials.secretApiKey || "",
+      jwt: credentials.jwt || void 0,
+      gateway: credentials.gateway || void 0
+    };
+    this.store.setProvider("pinata", config);
+    const online = await this.store.isPinataOnline();
+    if (online) {
+      if (credentials.jwt) this.db.setSetting("pinata_jwt", credentials.jwt);
+      if (credentials.apiKey) this.db.setSetting("pinata_api_key", credentials.apiKey);
+      if (credentials.secretApiKey) this.db.setSetting("pinata_secret_key", credentials.secretApiKey);
+      if (credentials.gateway) this.db.setSetting("pinata_gateway", credentials.gateway);
+      this.db.setSetting("cloud.provider", "pinata");
+      this.emitEvent("cloud:configured", { provider: "pinata" });
+    } else {
+      this.store.setProvider("local");
+    }
+    return online;
+  }
+  /**
+   * Active ou desactive la synchronisation cloud.
+   */
+  toggleCloud(enabled) {
+    this.ensureStarted();
+    if (enabled) {
+      const jwt = this.db.getSetting("pinata_jwt");
+      const apiKey = this.db.getSetting("pinata_api_key");
+      const secretKey = this.db.getSetting("pinata_secret_key");
+      if (!jwt && !(apiKey && secretKey)) {
+        throw new Error("Pinata credentials not configured \u2014 use configureCloud() first");
+      }
+      this.store.setProvider("pinata", {
+        apiKey: apiKey || "",
+        secretApiKey: secretKey || "",
+        jwt: jwt || void 0,
+        gateway: this.db.getSetting("pinata_gateway") || void 0
+      });
+      this.db.setSetting("cloud.provider", "pinata");
+    } else {
+      this.store.setProvider("local");
+      this.db.setSetting("cloud.provider", "local");
+    }
+    const provider = this.store.getProvider();
+    this.emitEvent("cloud:toggled", { enabled, provider });
+    return provider;
+  }
+  /**
+   * Retourne la configuration cloud actuelle.
+   */
+  getCloudConfig() {
+    this.ensureStarted();
+    return {
+      provider: this.store.getProvider(),
+      active: this.store.isCloudActive(),
+      hasCredentials: !!(this.db.getSetting("pinata_jwt") || this.db.getSetting("pinata_api_key")),
+      gateway: this.db.getSetting("pinata_gateway")
+    };
+  }
+  /**
+   * Retourne le statut de synchronisation.
+   */
+  getSyncStatus() {
+    this.ensureStarted();
+    const stats = this.db.getSyncStats();
+    const counts = {};
+    let total = 0;
+    for (const s of stats) {
+      counts[s.sync_status] = s.count;
+      total += s.count;
+    }
+    return {
+      total,
+      synced: counts["synced"] || 0,
+      pending: (counts["pending"] || 0) + (counts["syncing"] || 0),
+      errors: counts["error"] || 0,
+      provider: this.store.getProvider()
+    };
+  }
+  /**
+   * Retourne le statut global du vault.
+   */
+  async getStatus() {
+    this.ensureStarted();
+    return {
+      kuboReady: this.kubo.ready,
+      kuboPid: this.kubo.pid,
+      rootNode: toFileNode(this.db.getRootNode()),
+      ipfsOnline: await this.store.isKuboOnline(),
+      vaultInitialized: this.db.isVaultInitialized(),
+      vaultUnlocked: this.masterKey !== null,
+      cloudProvider: this.store.getProvider(),
+      cloudActive: this.store.isCloudActive()
+    };
+  }
+  // ═══════════════════════════════════════════════════════════════
+  //  INTERNALS
+  // ═══════════════════════════════════════════════════════════════
+  loadVaultConfig() {
+    const raw = this.db.getVaultConfig();
+    if (!raw) throw new Error("Vault not initialized");
+    return {
+      salt: raw.salt,
+      encryptedMasterKey: raw.encryptedMasterKey,
+      masterKeyNonce: raw.masterKeyNonce,
+      pwEncryptedMasterKey: raw.pwEncryptedMasterKey,
+      pwKeyNonce: raw.pwKeyNonce,
+      mnemonicHash: raw.mnemonicHash,
+      masterKeyHash: raw.masterKeyHash
+    };
+  }
+  saveVaultConfig(config) {
+    this.db.setVaultConfig({
+      salt: config.salt,
+      encryptedMasterKey: config.encryptedMasterKey,
+      masterKeyNonce: config.masterKeyNonce,
+      pwEncryptedMasterKey: config.pwEncryptedMasterKey,
+      pwKeyNonce: config.pwKeyNonce,
+      mnemonicHash: config.mnemonicHash,
+      masterKeyHash: config.masterKeyHash
+    });
+  }
+  restoreCloudConfig() {
+    const provider = this.db.getSetting("cloud.provider");
+    if (provider === "pinata") {
+      const apiKey = this.db.getSetting("pinata_api_key");
+      const secretKey = this.db.getSetting("pinata_secret_key");
+      const gateway = this.db.getSetting("pinata_gateway");
+      const jwt = this.db.getSetting("pinata_jwt");
+      if (jwt || apiKey && secretKey) {
+        this.store.setProvider("pinata", {
+          apiKey: apiKey || "",
+          secretApiKey: secretKey || "",
+          gateway: gateway || void 0,
+          jwt: jwt || void 0
+        });
+      }
+    }
+  }
+  resetLockTimer() {
+    if (this.opts.disableAutoLock) return;
+    if (this.lockTimer) {
+      clearTimeout(this.lockTimer);
+    }
+    this.lockTimer = setTimeout(() => {
+      this.lock();
+      this.emitEvent("vault:locked", { reason: "inactivity" });
+    }, this.opts.autoLockMs);
+  }
+  emitEvent(type, data) {
+    const event = { type, data, timestamp: Date.now() };
+    this.emit(type, event);
+    this.emit("*", event);
+  }
+};
+export {
+  MerkleVault
+};
+//# sourceMappingURL=index.js.map