@oxyhq/core 1.11.12 → 1.11.14

package/dist/types/models/interfaces.d.ts

@@ -18,6 +18,40 @@ export interface OxyConfig {
     onRequestEnd?: (url: string, method: string, duration: number, success: boolean) => void;
     onRequestError?: (url: string, method: string, error: Error) => void;
 }
+/**
+ * Privacy settings for a user account.
+ *
+ * All fields are optional because:
+ *  - Updates are dot-path partial PATCHes — clients send only changed keys.
+ *  - The server may return a partial subdocument depending on the API
+ *    build (older builds returned only the field that changed).
+ *  - User accounts created before a new toggle was introduced won't
+ *    have that key persisted yet.
+ *
+ * Mirrors `IPrivacySettings` from `packages/api/src/types/privacy.types.ts`,
+ * but with every field marked optional.
+ */
+export interface PrivacySettings {
+    isPrivateAccount?: boolean;
+    hideOnlineStatus?: boolean;
+    hideLastSeen?: boolean;
+    profileVisibility?: boolean;
+    loginAlerts?: boolean;
+    blockScreenshots?: boolean;
+    login?: boolean;
+    biometricLogin?: boolean;
+    showActivity?: boolean;
+    allowTagging?: boolean;
+    allowMentions?: boolean;
+    hideReadReceipts?: boolean;
+    allowDirectMessages?: boolean;
+    dataSharing?: boolean;
+    locationSharing?: boolean;
+    analyticsSharing?: boolean;
+    sensitiveContent?: boolean;
+    autoFilter?: boolean;
+    muteKeywords?: boolean;
+}
 export interface User {
     id: string;
     publicKey: string;
@@ -25,9 +59,7 @@ export interface User {
     email?: string;
     avatar?: string;
     color?: string;
-    privacySettings?: {
-        [key: string]: unknown;
-    };
+    privacySettings?: PrivacySettings;
     name?: {
         first?: string;
         last?: string;
@@ -240,6 +272,33 @@ export interface FileDeleteResponse {
     message: string;
     fileId: string;
 }
+/**
+ * React Native file descriptor accepted by FormData.
+ *
+ * On React Native, the multipart upload reads the file from disk via the URI
+ * during the network request — no in-JS Blob construction is required (and
+ * doing so would fail on Hermes since RN's BlobManager cannot wrap an
+ * ArrayBuffer/ArrayBufferView).
+ *
+ * This shape matches what `expo-document-picker` and `expo-image-picker`
+ * return for selected assets, and is what `OxyServices.assetUpload` accepts
+ * on native platforms.
+ */
+export interface RNFileDescriptor {
+    uri: string;
+    type?: string;
+    name?: string;
+    size?: number;
+}
+/**
+ * Asset upload input — accepted by `OxyServices.assetUpload` and `uploadRawFile`.
+ *
+ * - `File` / `Blob`: standard web browser path. `assetUpload` appends the
+ *   Blob to FormData directly.
+ * - {@link RNFileDescriptor}: React Native path. FormData reads the file from
+ *   disk via the URI during the multipart request.
+ */
+export type AssetUploadInput = File | Blob | RNFileDescriptor;
 /**
  * Central Asset Service interfaces
  */

package/dist/types/utils/accountUtils.d.ts

@@ -10,6 +10,44 @@ export interface QuickAccount {
     avatar?: string;
     avatarUrl?: string;
 }
+/** Minimal user shape accepted by display-name helpers. Avoids importing the full User type. */
+export interface DisplayNameUserShape {
+    name?: string | {
+        first?: string;
+        last?: string;
+        full?: string;
+        [key: string]: unknown;
+    };
+    username?: string;
+    publicKey?: string;
+}
+/**
+ * Truncate a long public key for display, e.g. `0x12345678…`.
+ * Falls back to the raw key if it's too short to truncate.
+ */
+export declare const formatPublicKeyHandle: (publicKey: string) => string;
+/**
+ * Resolve a friendly display name for a user.
+ *
+ * Order of preference:
+ *  1. `name.full`, or composed `name.first name.last`
+ *  2. `name` (when stored as a plain string)
+ *  3. `username`
+ *  4. `Account 0x12345678…` (derived from publicKey, when present)
+ *  5. Translated fallback (e.g. "Unnamed")
+ *
+ * The translation key `common.unnamed` is used for the final fallback. If the
+ * caller does not pass a locale, the default English translation is used.
+ */
+export declare const getAccountDisplayName: (user: DisplayNameUserShape | null | undefined, locale?: string) => string;
+/**
+ * Resolve a `@handle` style identifier for a user.
+ *
+ * Returns the bare username when present (without the `@`), otherwise a
+ * truncated public-key handle (`0x12345678…`), or `undefined` when neither is
+ * available — callers can decide whether to hide the line entirely.
+ */
+export declare const getAccountFallbackHandle: (user: DisplayNameUserShape | null | undefined) => string | undefined;
 /**
  * Build an ordered array of QuickAccounts from a map and order list.
  */
@@ -23,11 +61,13 @@ export declare const buildAccountsArray: (accounts: Record<string, QuickAccount>
  * @param getFileDownloadUrl - Function to generate avatar download URL from file ID
  */
 export declare const createQuickAccount: (sessionId: string, userData: {
-    name?: {
+    name?: string | {
         full?: string;
         first?: string;
+        last?: string;
     };
     username?: string;
+    publicKey?: string;
     id?: string;
     _id?: {
         toString(): string;

package/dist/types/utils/languageUtils.d.ts

@@ -35,3 +35,4 @@ export declare function getNativeLanguageName(languageCode: string | null | unde
  * @returns Normalized BCP-47 language code
  */
 export declare function normalizeLanguageCode(lang?: string | null): string;
+export declare function isRTLLocale(locale?: string | null): boolean;

package/dist/types/utils/platformCrypto.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Platform Crypto / Storage — Default Variant (Node.js, Browser, generic bundlers)
+ *
+ * Provides lazy access to platform-specific crypto and storage modules.
+ *
+ * # Variants
+ *
+ * This module ships in two physical variants on disk, selected per consumer
+ * by the bundler / runtime:
+ *
+ * - `platformCrypto.js`           — this file. Used by Node.js, Vite, webpack,
+ *                                   Rollup, esbuild, and anything that does
+ *                                   not match Metro's `*.native.js`
+ *                                   source-extension preference.
+ * - `platformCrypto.native.js`    — sibling file. Picked up automatically by
+ *                                   Metro's resolver (which prefers
+ *                                   `*.<platform>.js` and `*.native.js` over
+ *                                   plain `*.js` when `preferNativePlatform`
+ *                                   is true — Expo sets this for all non-web
+ *                                   builds).
+ *
+ * The `package.json#exports` map also declares a `"react-native"` condition
+ * pointing at the same `dist/esm/index.js` entry — that entry transitively
+ * imports `./platformCrypto`, and Metro's per-file source-extension lookup
+ * substitutes the `.native.js` sibling automatically inside `dist/`. This
+ * means consumers never have to add resolver shims; Metro Just Works.
+ *
+ * Both variants expose the EXACT same public API; importers don't need to know
+ * which one they got. The variant difference is purely about which underlying
+ * native modules each one references:
+ *
+ *   ┌──────────────────┬───────────────────────┬───────────────────────────────┐
+ *   │ Function         │ Default variant       │ React Native variant          │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadNodeCrypto   │ `await import('crypto')` (Node built-in)              │
+ *   │                  │                       │ throws — Node crypto is not   │
+ *   │                  │                       │ available on Hermes/RN        │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadExpoCrypto   │ throws — expo-crypto  │ static `import 'expo-crypto'` │
+ *   │                  │ is not part of a      │                               │
+ *   │                  │ Node/Vite bundle      │                               │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadSecureStore  │ throws (web/Node have │ static `import 'expo-secure-` │
+ *   │                  │ their own storage)    │ store'                        │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ loadAsyncStorage │ throws (web/Node have │ static `import '@react-       │
+ *   │                  │ their own storage)    │ native-async-storage/...'     │
+ *   ├──────────────────┼───────────────────────┼───────────────────────────────┤
+ *   │ getRandomBytesRN │ throws (RN-only)      │ direct call into expo-crypto  │
+ *   └──────────────────┴───────────────────────┴───────────────────────────────┘
+ *
+ * Crucially, the default variant references ONLY Node's `'crypto'`. It never
+ * mentions `expo-*` or `@react-native-async-storage/*` — so Vite, webpack,
+ * esbuild, Rollup, and Node itself can bundle / require it without ever
+ * attempting to resolve those RN-only packages.
+ *
+ * The React Native variant references ONLY the RN packages. It never
+ * mentions `'crypto'` — so Metro and Hermes have nothing to choke on.
+ *
+ * # Why not a single file with dynamic import?
+ *
+ * A previous iteration used a "bundler-opaque" `new Function('s', 'return
+ * import(s)')` trick so a single file could service every platform. It
+ * bundled cleanly on Metro but Hermes refused to PARSE the resulting
+ * `import()` expression inside a Function-constructor body
+ * (`SyntaxError: Invalid expression encountered` at the `(` of `import(`).
+ * The platform-extension split is the only approach that lets each runtime
+ * see a file containing only specifiers it can understand — no tricks, no
+ * runtime parsing risks.
+ */
+export declare function loadNodeCrypto(): Promise<typeof import('crypto')>;
+export declare function loadExpoCrypto(): Promise<typeof import('expo-crypto')>;
+export declare function loadSecureStore(): Promise<typeof import('expo-secure-store')>;
+export declare function loadAsyncStorage(): Promise<{
+    default: {
+        getItem: (key: string) => Promise<string | null>;
+        setItem: (key: string, value: string) => Promise<void>;
+        removeItem: (key: string) => Promise<void>;
+    };
+}>;
+/**
+ * Synchronous random-bytes via `expo-crypto.getRandomBytes`. Only available
+ * in the React Native variant. The default variant throws because Node and
+ * browsers have their own native CSPRNGs (`crypto.randomBytes` and
+ * `crypto.getRandomValues` respectively) — callers should use those.
+ */
+export declare function getRandomBytesRN(_byteCount: number): Uint8Array;

package/dist/types/utils/platformCrypto.native.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Platform Crypto / Storage — React Native Variant
+ *
+ * Companion to `./platformCrypto.ts`. See the doc-comment at the top of that
+ * file for the full design.
+ *
+ * Metro auto-selects this file in any non-web build (`preferNativePlatform`
+ * is `true` for iOS / Android, so `*.native.js` shadows `*.js` during
+ * source-extension resolution inside `node_modules/@oxyhq/core/dist/`). On
+ * iOS / Android `<base>.ios.js` / `<base>.android.js` would shadow this file
+ * if they existed, but they don't — `.native.js` is the shared RN variant.
+ *
+ *   - The default variant references Node's `'crypto'` and would crash Metro
+ *     if bundled into an RN app.
+ *   - This variant references the RN-only modules (`expo-crypto`,
+ *     `expo-secure-store`, `@react-native-async-storage/async-storage`)
+ *     as static imports, so Metro and Hermes both resolve and parse them
+ *     cleanly.
+ *
+ * Both variants expose the same surface; importers don't care which one
+ * they got.
+ *
+ * # Why static imports?
+ *
+ * Every RN consumer of `@oxyhq/core` already lists or transitively pulls
+ * in `expo-crypto`, `expo-secure-store`, and
+ * `@react-native-async-storage/async-storage` (they're stable Expo modules
+ * present in `services`, `accounts`, `inbox`, and `test-app`). A static
+ * import is what Metro wants to see anyway, and Hermes parses it like any
+ * other ES module — no `Function`-constructor parser exotic-mode involved.
+ *
+ * This is also clearer to debug: Metro fails up-front with a normal
+ * unresolved-module error if a consumer is missing a peer dep, instead of
+ * a confusing runtime throw the first time a code path that needs the
+ * module is exercised.
+ */
+export declare function loadNodeCrypto(): Promise<typeof import('crypto')>;
+export declare function loadExpoCrypto(): Promise<typeof import('expo-crypto')>;
+export declare function loadSecureStore(): Promise<typeof import('expo-secure-store')>;
+type AsyncStorageLike = {
+    getItem: (key: string) => Promise<string | null>;
+    setItem: (key: string, value: string) => Promise<void>;
+    removeItem: (key: string) => Promise<void>;
+};
+export declare function loadAsyncStorage(): Promise<{
+    default: AsyncStorageLike;
+}>;
+/**
+ * Synchronous random-bytes via `expo-crypto.getRandomBytes`. Available
+ * synchronously because `expo-crypto` is statically imported by this file
+ * — no async initialization race.
+ */
+export declare function getRandomBytesRN(byteCount: number): Uint8Array;
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.11.12",
+  "version": "1.11.14",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -13,24 +13,31 @@
   "exports": {
     ".": {
       "types": "./dist/types/index.d.ts",
+      "react-native": "./dist/esm/index.js",
       "import": "./dist/esm/index.js",
       "require": "./dist/cjs/index.js",
       "default": "./dist/esm/index.js"
     },
     "./crypto": {
       "types": "./dist/types/crypto/index.d.ts",
+      "react-native": "./dist/esm/crypto/index.js",
       "import": "./dist/esm/crypto/index.js",
       "require": "./dist/cjs/crypto/index.js",
       "default": "./dist/esm/crypto/index.js"
     },
     "./shared": {
       "types": "./dist/types/shared/index.d.ts",
+      "react-native": "./dist/esm/shared/index.js",
       "import": "./dist/esm/shared/index.js",
       "require": "./dist/cjs/shared/index.js",
       "default": "./dist/esm/shared/index.js"
     },
     "./package.json": "./package.json"
   },
+  "react-native": {
+    "./dist/esm/utils/platformCrypto.js": "./dist/esm/utils/platformCrypto.native.js",
+    "./dist/cjs/utils/platformCrypto.js": "./dist/cjs/utils/platformCrypto.native.js"
+  },
   "files": [
     "dist",
     "src"
@@ -62,7 +69,23 @@
     "build:types": "tsc -p tsconfig.types.json",
     "clean": "rm -rf dist",
     "typescript": "tsc --noEmit",
-    "lint": "biome lint --error-on-warnings ./src"
+    "test": "jest --passWithNoTests",
+    "lint": "biome lint --error-on-warnings ./src",
+    "release": "rm -rf dist && bun run build && release-it"
+  },
+  "release-it": {
+    "git": {
+      "tagName": "@oxyhq/core@${version}",
+      "tagAnnotation": "Release @oxyhq/core@${version}",
+      "commitMessage": "chore(core): release @oxyhq/core@${version}"
+    },
+    "github": {
+      "release": true,
+      "releaseName": "@oxyhq/core@${version}"
+    },
+    "npm": {
+      "publish": true
+    }
   },
   "dependencies": {
     "bip39": "^3.1.0",
@@ -73,11 +96,31 @@
     "socket.io-client": "^4.8.1",
     "zod": "^3.25.64"
   },
+  "peerDependencies": {
+    "@react-native-async-storage/async-storage": "*",
+    "expo-crypto": "*",
+    "expo-secure-store": "*"
+  },
+  "peerDependenciesMeta": {
+    "@react-native-async-storage/async-storage": {
+      "optional": true
+    },
+    "expo-crypto": {
+      "optional": true
+    },
+    "expo-secure-store": {
+      "optional": true
+    }
+  },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
+    "@react-native-async-storage/async-storage": "^2.2.0",
     "@types/elliptic": "^6.4.18",
     "@types/invariant": "^2.2.34",
     "@types/node": "^20.19.9",
+    "expo-crypto": "~56.0.3",
+    "expo-secure-store": "~56.0.4",
+    "release-it": "^19.0.6",
     "typescript": "^5.9.2"
   }
 }

package/src/CrossDomainAuth.ts

@@ -130,7 +130,7 @@ export class CrossDomainAuth {
    * Best method - browser-native, no popups, Google-like experience
    */
   async signInWithFedCM(options: CrossDomainAuthOptions = {}): Promise<SessionLoginResponse> {
-    return (this.oxyServices as any).signInWithFedCM({
+    return this.oxyServices.signInWithFedCM({
       context: options.isSignup ? 'signup' : 'signin',
     });
   }
@@ -141,7 +141,7 @@ export class CrossDomainAuth {
    * Good method - preserves app state, no full page reload
    */
   async signInWithPopup(options: CrossDomainAuthOptions = {}): Promise<SessionLoginResponse> {
-    return (this.oxyServices as any).signInWithPopup({
+    return this.oxyServices.signInWithPopup({
       mode: options.isSignup ? 'signup' : 'login',
       width: options.popupDimensions?.width,
       height: options.popupDimensions?.height,
@@ -154,7 +154,7 @@ export class CrossDomainAuth {
    * Fallback method - works everywhere but loses app state
    */
   signInWithRedirect(options: CrossDomainAuthOptions = {}): void {
-    (this.oxyServices as any).signInWithRedirect({
+    this.oxyServices.signInWithRedirect({
       redirectUri: options.redirectUri,
       mode: options.isSignup ? 'signup' : 'login',
     });
@@ -166,7 +166,7 @@ export class CrossDomainAuth {
    * Call this on app startup to check if we're returning from auth redirect
    */
   handleRedirectCallback(): SessionLoginResponse | null {
-    return (this.oxyServices as any).handleAuthCallback();
+    return this.oxyServices.handleAuthCallback();
   }
 
   /**
@@ -181,7 +181,7 @@ export class CrossDomainAuth {
     // Try FedCM silent sign-in first (if supported)
     if (this.isFedCMSupported()) {
       try {
-        const session = await (this.oxyServices as any).silentSignInWithFedCM();
+        const session = await this.oxyServices.silentSignInWithFedCM();
         if (session) {
           return session;
         }
@@ -192,7 +192,7 @@ export class CrossDomainAuth {
 
     // Fallback to iframe-based silent auth
     try {
-      return await (this.oxyServices as any).silentSignIn();
+      return await this.oxyServices.silentSignIn();
     } catch (error) {
       console.warn('[CrossDomainAuth] Silent sign-in failed:', error);
       return null;
@@ -205,14 +205,16 @@ export class CrossDomainAuth {
    * For redirect method - restores previously authenticated session from localStorage
    */
   restoreSession(): boolean {
-    return (this.oxyServices as any).restoreSession?.() || false;
+    return this.oxyServices.restoreSession?.() || false;
   }
 
   /**
    * Check if FedCM is supported in current browser
    */
   isFedCMSupported(): boolean {
-    return (this.oxyServices as any).constructor.isFedCMSupported?.() || false;
+    // FedCM support is exposed both as a static and an instance method on
+    // OxyServices; the instance method is reliable across mixin composition.
+    return this.oxyServices.isFedCMSupported?.() || false;
   }
 
   /**
@@ -263,10 +265,10 @@ export class CrossDomainAuth {
     if (restored) {
       // Verify session is still valid by fetching user
       try {
-        const user = await (this.oxyServices as any).getCurrentUser();
+        const user = await this.oxyServices.getCurrentUser();
         if (user) {
           return {
-            sessionId: (this.oxyServices as any).getStoredSessionId?.() || '',
+            sessionId: this.oxyServices.getStoredSessionId?.() || '',
             deviceId: '',
             expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
             user,