@oxyhq/core 1.11.24 → 2.1.0

package/src/utils/__tests__/coldBoot.test.ts

@@ -0,0 +1,226 @@
+import {
+  runColdBoot,
+  type ColdBootStep,
+  type ColdBootStepResult,
+} from '../coldBoot';
+
+interface TestSession {
+  readonly userId: string;
+}
+
+function sessionStep(
+  id: string,
+  userId: string,
+  onRun?: () => void
+): ColdBootStep<TestSession> {
+  return {
+    id,
+    run: async (): Promise<ColdBootStepResult<TestSession>> => {
+      onRun?.();
+      return { kind: 'session', session: { userId } };
+    },
+  };
+}
+
+function skipStep(id: string, onRun?: () => void): ColdBootStep<TestSession> {
+  return {
+    id,
+    run: async (): Promise<ColdBootStepResult<TestSession>> => {
+      onRun?.();
+      return { kind: 'skip' };
+    },
+  };
+}
+
+describe('runColdBoot', () => {
+  it('returns the first session and short-circuits remaining steps', async () => {
+    const ranLater = jest.fn();
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        skipStep('first'),
+        sessionStep('winner', 'u-123'),
+        sessionStep('later', 'u-999', ranLater),
+      ],
+    });
+
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'winner',
+      session: { userId: 'u-123' },
+    });
+    expect(ranLater).not.toHaveBeenCalled();
+  });
+
+  it('outcome.via is the winning step id', async () => {
+    const outcome = await runColdBoot<TestSession>({
+      steps: [skipStep('a'), skipStep('b'), sessionStep('c', 'u-7')],
+    });
+
+    expect(outcome.kind).toBe('session');
+    if (outcome.kind === 'session') {
+      expect(outcome.via).toBe('c');
+      expect(outcome.session).toEqual({ userId: 'u-7' });
+    }
+  });
+
+  it('returns unauthenticated when every step skips', async () => {
+    const outcome = await runColdBoot<TestSession>({
+      steps: [skipStep('a'), skipStep('b'), skipStep('c')],
+    });
+
+    expect(outcome).toEqual({ kind: 'unauthenticated' });
+  });
+
+  it('returns unauthenticated for an empty step list', async () => {
+    const outcome = await runColdBoot<TestSession>({ steps: [] });
+    expect(outcome).toEqual({ kind: 'unauthenticated' });
+  });
+
+  it('skips a disabled step WITHOUT calling its run()', async () => {
+    const disabledRun = jest.fn();
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'disabled',
+          enabled: () => false,
+          run: async (): Promise<ColdBootStepResult<TestSession>> => {
+            disabledRun();
+            return { kind: 'session', session: { userId: 'should-not-run' } };
+          },
+        },
+        sessionStep('enabled', 'u-ok'),
+      ],
+    });
+
+    expect(disabledRun).not.toHaveBeenCalled();
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'enabled',
+      session: { userId: 'u-ok' },
+    });
+  });
+
+  it('runs an enabled:()=>true step', async () => {
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'gated',
+          enabled: () => true,
+          run: async (): Promise<ColdBootStepResult<TestSession>> => ({
+            kind: 'session',
+            session: { userId: 'u-gated' },
+          }),
+        },
+      ],
+    });
+
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'gated',
+      session: { userId: 'u-gated' },
+    });
+  });
+
+  it('reports a thrown run() via onStepError and continues to the next step', async () => {
+    const onStepError = jest.fn();
+    const boom = new Error('run exploded');
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'throws',
+          run: async (): Promise<ColdBootStepResult<TestSession>> => {
+            throw boom;
+          },
+        },
+        sessionStep('recovers', 'u-after-throw'),
+      ],
+      onStepError,
+    });
+
+    expect(onStepError).toHaveBeenCalledTimes(1);
+    expect(onStepError).toHaveBeenCalledWith('throws', boom);
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'recovers',
+      session: { userId: 'u-after-throw' },
+    });
+  });
+
+  it('treats a thrown enabled() as disabled, reports via onStepError, and continues', async () => {
+    const onStepError = jest.fn();
+    const enabledThrew = new Error('enabled exploded');
+    const guardedRun = jest.fn();
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'enabled-throws',
+          enabled: () => {
+            throw enabledThrew;
+          },
+          run: async (): Promise<ColdBootStepResult<TestSession>> => {
+            guardedRun();
+            return { kind: 'session', session: { userId: 'should-not-run' } };
+          },
+        },
+        sessionStep('next', 'u-next'),
+      ],
+      onStepError,
+    });
+
+    expect(guardedRun).not.toHaveBeenCalled();
+    expect(onStepError).toHaveBeenCalledTimes(1);
+    expect(onStepError).toHaveBeenCalledWith('enabled-throws', enabledThrew);
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'next',
+      session: { userId: 'u-next' },
+    });
+  });
+
+  it('returns unauthenticated when all steps error and reports each', async () => {
+    const onStepError = jest.fn();
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'a',
+          run: async (): Promise<ColdBootStepResult<TestSession>> => {
+            throw new Error('a');
+          },
+        },
+        {
+          id: 'b',
+          enabled: () => {
+            throw new Error('b');
+          },
+          run: async (): Promise<ColdBootStepResult<TestSession>> => ({
+            kind: 'skip',
+          }),
+        },
+      ],
+      onStepError,
+    });
+
+    expect(outcome).toEqual({ kind: 'unauthenticated' });
+    expect(onStepError).toHaveBeenCalledTimes(2);
+  });
+
+  it('does not require onStepError to be provided when a step throws', async () => {
+    const outcome = await runColdBoot<TestSession>({
+      steps: [
+        {
+          id: 'throws',
+          run: async (): Promise<ColdBootStepResult<TestSession>> => {
+            throw new Error('no observer');
+          },
+        },
+        sessionStep('ok', 'u-ok'),
+      ],
+    });
+
+    expect(outcome).toEqual({
+      kind: 'session',
+      via: 'ok',
+      session: { userId: 'u-ok' },
+    });
+  });
+});

package/src/utils/__tests__/fapiAutoDetect.test.ts

@@ -0,0 +1,93 @@
+/**
+ * Auto-detect of `auth.<rp-apex>` from `window.location` for the Clerk-style
+ * multi-domain FAPI setup. The IdP backend independently derives `iss` and
+ * the FedCM manifest from the request host, so the only contract the SDK
+ * needs to honour is: build URLs against the same host the page is on,
+ * one subdomain over.
+ *
+ * Ported verbatim from packages/auth-sdk/__tests__/utils/fapiAutoDetect.test.ts
+ * plus multi-part-TLD bail-out cases that are unique to the core copy's
+ * MULTIPART_TLDS guard.
+ */
+
+import { autoDetectAuthWebUrl } from '../fapiAutoDetect';
+
+function loc(hostname: string, protocol = 'https:'): Pick<Location, 'hostname' | 'protocol'> {
+  return { hostname, protocol };
+}
+
+describe('autoDetectAuthWebUrl', () => {
+  describe('returns auth.<apex> for public hostnames', () => {
+    it('derives from the apex itself', () => {
+      expect(autoDetectAuthWebUrl(loc('mention.earth'))).toBe('https://auth.mention.earth');
+    });
+
+    it('strips one leading subdomain', () => {
+      expect(autoDetectAuthWebUrl(loc('www.mention.earth'))).toBe('https://auth.mention.earth');
+      expect(autoDetectAuthWebUrl(loc('app.alia.onl'))).toBe('https://auth.alia.onl');
+    });
+
+    it('strips multiple leading subdomains down to the last two labels', () => {
+      // The heuristic is "last two labels" — fine for our use case because
+      // the IdP itself validates the request host. Deeply-nested hostnames
+      // resolve to the trailing two-label apex.
+      expect(autoDetectAuthWebUrl(loc('deep.app.homiio.com'))).toBe('https://auth.homiio.com');
+    });
+
+    it('honours the request protocol so dev http stays http', () => {
+      expect(autoDetectAuthWebUrl(loc('staging.example.test', 'http:'))).toBe(
+        'http://auth.example.test'
+      );
+    });
+  });
+
+  describe('returns current origin when already on the IdP', () => {
+    it('keeps everything same-origin instead of hopping to a sibling IdP', () => {
+      expect(autoDetectAuthWebUrl(loc('auth.mention.earth'))).toBe('https://auth.mention.earth');
+      expect(autoDetectAuthWebUrl(loc('auth.oxy.so'))).toBe('https://auth.oxy.so');
+    });
+  });
+
+  describe('returns undefined where auto-detect would be wrong', () => {
+    it('skips localhost and 127.0.0.1 (dev)', () => {
+      expect(autoDetectAuthWebUrl(loc('localhost', 'http:'))).toBeUndefined();
+      expect(autoDetectAuthWebUrl(loc('127.0.0.1', 'http:'))).toBeUndefined();
+    });
+
+    it('skips IPv4 literals', () => {
+      expect(autoDetectAuthWebUrl(loc('192.168.1.10'))).toBeUndefined();
+      expect(autoDetectAuthWebUrl(loc('10.0.0.1'))).toBeUndefined();
+    });
+
+    it('skips IPv6 literals (bracketed)', () => {
+      expect(autoDetectAuthWebUrl(loc('[::1]'))).toBeUndefined();
+    });
+
+    it('skips single-label hostnames', () => {
+      expect(autoDetectAuthWebUrl(loc('intranet'))).toBeUndefined();
+    });
+
+    it('skips unknown protocols', () => {
+      expect(autoDetectAuthWebUrl({ hostname: 'mention.earth', protocol: 'file:' })).toBeUndefined();
+      expect(autoDetectAuthWebUrl({ hostname: 'mention.earth', protocol: 'ftp:' })).toBeUndefined();
+    });
+
+    it('skips empty/missing hostnames', () => {
+      expect(autoDetectAuthWebUrl(loc(''))).toBeUndefined();
+    });
+
+    it('returns undefined when no location is available (SSR / non-browser)', () => {
+      expect(autoDetectAuthWebUrl(undefined)).toBeUndefined();
+    });
+  });
+
+  describe('bails out on multi-part public suffixes (would derive an attacker-registrable apex)', () => {
+    it('does not derive auth.co.uk from a two-label co.uk host', () => {
+      expect(autoDetectAuthWebUrl(loc('foo.co.uk'))).toBeUndefined();
+    });
+
+    it('does not derive auth.com.au from a two-label com.au host', () => {
+      expect(autoDetectAuthWebUrl(loc('shop.com.au'))).toBeUndefined();
+    });
+  });
+});

package/src/utils/accountUtils.ts

@@ -4,6 +4,7 @@
  */
 
 import { translate } from '../i18n';
+import type { RefreshAllAccount } from '../models/interfaces';
 
 export interface QuickAccount {
     sessionId: string;
@@ -12,6 +13,19 @@ export interface QuickAccount {
     displayName: string;
     avatar?: string;
     avatarUrl?: string;
+    /**
+     * Device-local account slot index, 0..N-1 (Google-style multi-account).
+     * Mirrors the server's `oxy_rt_${authuser}` cookie slot. Optional so that
+     * pre-multi-account QuickAccounts (sessionId-only, non-cookie auth on RN)
+     * remain valid; web flows always populate it after `refreshAllSessions`.
+     */
+    authuser?: number;
+    /**
+     * Account's preferred Bloom color preset (e.g. `"blue"`, `"oxy"`). Drives
+     * per-account theming in the account chooser. `null` / `undefined` means
+     * the account has no preference and the base theme should be used.
+     */
+    color?: string | null;
 }
 
 /** Minimal user shape accepted by display-name helpers. Avoids importing the full User type. */
@@ -147,3 +161,73 @@ export const createQuickAccount = (
         avatarUrl,
     };
 };
+
+/**
+ * Merge a fresh `/auth/refresh-all` snapshot into an existing QuickAccount
+ * list, preserving any cached fields (`avatarUrl`) for slots that didn't
+ * change. The fresh response is canonical: the resulting list contains EXACTLY
+ * the slots present in `fresh`, sorted by `authuser` ascending. Stale stored
+ * accounts that no longer appear in `fresh` are dropped (the server already
+ * authoritatively cleared the corresponding cookie).
+ *
+ * @param stored Previously persisted QuickAccount list (any order).
+ * @param fresh Server's authoritative refresh-all response.
+ * @returns Canonical merged list, sorted by `authuser` asc.
+ */
+export const mergeAccountsFromRefreshAll = (
+    stored: QuickAccount[] | undefined,
+    fresh: RefreshAllAccount[],
+): QuickAccount[] => {
+    const storedByAuthuser = new Map<number, QuickAccount>();
+    if (stored) {
+        for (const account of stored) {
+            if (typeof account.authuser === 'number') {
+                storedByAuthuser.set(account.authuser, account);
+            }
+        }
+    }
+
+    const merged: QuickAccount[] = fresh.map((entry) => {
+        const previous = storedByAuthuser.get(entry.authuser);
+        // `entry.user` is null on the SDK legacy-fallback path; preserve any
+        // previously cached identity for that slot rather than overwriting
+        // it with blanks, and let the AuthManager's getCurrentUser() hydration
+        // refresh it on the next snapshot.
+        const wireUser = entry.user;
+        const username = wireUser?.username ?? previous?.username ?? '';
+        const displayName = getAccountDisplayName({
+            name: wireUser?.name,
+            username,
+        });
+        const avatar = wireUser?.avatar ?? previous?.avatar ?? undefined;
+        const avatarUrl =
+            previous && previous.avatar === avatar ? previous.avatarUrl : undefined;
+        return {
+            sessionId: entry.sessionId,
+            userId: wireUser?.id ?? previous?.userId,
+            username,
+            displayName,
+            avatar,
+            avatarUrl,
+            authuser: entry.authuser,
+            color: wireUser?.color ?? previous?.color ?? null,
+        };
+    });
+
+    merged.sort((a, b) => {
+        const aIdx = a.authuser ?? Number.POSITIVE_INFINITY;
+        const bIdx = b.authuser ?? Number.POSITIVE_INFINITY;
+        return aIdx - bIdx;
+    });
+
+    return merged;
+};
+
+/**
+ * Return the account's preferred Bloom color preset, or `null` if it has no
+ * preference. Centralises the `color ?? null` normalisation so consumers can
+ * drive per-account theming without duplicating the nullish-handling.
+ */
+export const getAccountColor = (account: QuickAccount): string | null => {
+    return account.color ?? null;
+};

package/src/utils/coldBoot.ts

@@ -0,0 +1,136 @@
+/**
+ * coldBoot — a pure, ordered, short-circuit runner for "cold boot"
+ * authentication resolution.
+ *
+ * On a fresh page load / app launch the SDK may have several ways to recover an
+ * existing session (silent FedCM, a persisted refresh token, a cross-domain
+ * claim, an explicit popup flow, …). They must be attempted in a *deterministic
+ * order*, and the FIRST one that yields a session wins — every later step is
+ * skipped. This module encodes exactly that contract and nothing else.
+ *
+ * Design constraints (all enforced):
+ *   - PURE: no DOM, no `navigator`, no `window`, no React, no platform globals.
+ *   - NO module-level mutable state. Every call to {@link runColdBoot} is fully
+ *     self-contained, so it is safe under bundler re-evaluation (e.g. the Metro
+ *     web bundle, which is precisely why the FedCM silent-SSO guard had to live
+ *     in consumers rather than a core singleton).
+ *   - Architecture-agnostic: both candidate cross-domain SSO designs consume
+ *     this same primitive; it knows nothing about HOW a step resolves a session.
+ *
+ * A step is skipped (without running) when its `enabled` predicate returns
+ * false. Any thrown error — from either `enabled` or `run` — is reported via
+ * `onStepError` and treated as a non-fatal skip, so one broken recovery path
+ * can never prevent a later, healthy one from succeeding.
+ */
+
+/**
+ * A successful step result carrying the recovered session.
+ */
+export interface ColdBootSession<S> {
+  readonly kind: 'session';
+  readonly session: S;
+}
+
+/**
+ * A step result indicating this step has nothing to contribute; the runner
+ * should fall through to the next step.
+ */
+export interface ColdBootSkip {
+  readonly kind: 'skip';
+}
+
+/**
+ * The result of running a single cold-boot step.
+ */
+export type ColdBootStepResult<S> = ColdBootSession<S> | ColdBootSkip;
+
+/**
+ * A single ordered cold-boot recovery step.
+ */
+export interface ColdBootStep<S> {
+  /** Stable identifier; surfaced as {@link ColdBootOutcome.via} on success. */
+  readonly id: string;
+  /**
+   * Optional gate. When provided and it returns `false`, `run` is NOT called
+   * and the runner moves to the next step. A throw is treated as disabled
+   * (and reported via `onStepError`).
+   */
+  readonly enabled?: () => boolean;
+  /**
+   * Attempts to recover a session. Resolve with `{ kind: 'session' }` to win
+   * the cold boot, or `{ kind: 'skip' }` to defer to the next step. A throw is
+   * treated as a skip (and reported via `onStepError`).
+   */
+  readonly run: () => Promise<ColdBootStepResult<S>>;
+}
+
+/**
+ * The terminal outcome of a cold boot: either the winning step's session
+ * (with the step `id` it came from), or `unauthenticated` if every step
+ * skipped, was disabled, or errored.
+ */
+export type ColdBootOutcome<S> =
+  | { readonly kind: 'session'; readonly via: string; readonly session: S }
+  | { readonly kind: 'unauthenticated' };
+
+/**
+ * Options for {@link runColdBoot}.
+ */
+export interface RunColdBootOptions<S> {
+  /** Ordered steps; evaluated front to back, first session wins. */
+  readonly steps: ReadonlyArray<ColdBootStep<S>>;
+  /**
+   * Optional observer invoked whenever a step's `enabled` or `run` throws.
+   * Receives the offending step `id` and the thrown value. Must not throw;
+   * the runner does not guard against an observer that itself throws.
+   */
+  readonly onStepError?: (id: string, error: unknown) => void;
+}
+
+/**
+ * Run the ordered cold-boot steps and resolve to the first recovered session,
+ * or `unauthenticated` if none recovers one.
+ *
+ * Semantics:
+ *   1. Iterate `steps` in order.
+ *   2. If a step has an `enabled` predicate, call it inside try/catch:
+ *      - throw → report via `onStepError(id, err)` → treat as disabled → continue.
+ *      - returns false → continue (skip, `run` not called).
+ *   3. Otherwise await `step.run()` inside try/catch:
+ *      - throw → report via `onStepError(id, err)` → continue.
+ *      - `{ kind: 'session' }` → return `{ kind: 'session', via: step.id, session }`.
+ *      - `{ kind: 'skip' }` → continue.
+ *   4. After the loop with no winner → `{ kind: 'unauthenticated' }`.
+ */
+export async function runColdBoot<S>(
+  options: RunColdBootOptions<S>
+): Promise<ColdBootOutcome<S>> {
+  const { steps, onStepError } = options;
+
+  for (const step of steps) {
+    if (step.enabled) {
+      let isEnabled: boolean;
+      try {
+        isEnabled = step.enabled();
+      } catch (error) {
+        onStepError?.(step.id, error);
+        continue;
+      }
+      if (!isEnabled) continue;
+    }
+
+    let result: ColdBootStepResult<S>;
+    try {
+      result = await step.run();
+    } catch (error) {
+      onStepError?.(step.id, error);
+      continue;
+    }
+
+    if (result.kind === 'session') {
+      return { kind: 'session', via: step.id, session: result.session };
+    }
+  }
+
+  return { kind: 'unauthenticated' };
+}

package/src/utils/fapiAutoDetect.ts

@@ -0,0 +1,82 @@
+/**
+ * Auto-detect the FAPI (IdP) URL from the current browser hostname.
+ *
+ * This is the canonical cross-domain IdP-resolution primitive for the Oxy
+ * ecosystem. Both candidate cross-domain SSO designs derive `auth.<rp-apex>`
+ * through this helper; do not fork it.
+ *
+ * Clerk-style multi-domain SSO depends on the IdP being reachable on a
+ * subdomain of the RP's own apex (e.g. `auth.mention.earth` CNAMEd to the
+ * central Oxy IdP). That way every FedCM endpoint, the session cookie,
+ * and any popup/redirect target are same-site with the RP — the only way
+ * to get first-party cookies in Safari ITP and Firefox Total Cookie
+ * Protection.
+ *
+ * This helper computes `https://auth.<rp-apex>` from
+ * `window.location.hostname` so a consuming app doesn't have to pass
+ * `authWebUrl` explicitly. Returns `undefined` for environments where
+ * auto-detection would be wrong:
+ *
+ *   - SSR / non-browser (no `window`).
+ *   - `localhost`, `127.0.0.1`, IPv4/IPv6 literals.
+ *   - Hostnames with fewer than two labels.
+ *   - Hostnames whose trailing two labels form a known multi-part public
+ *     suffix (e.g. `co.uk`), where the naive `labels.slice(-2)` apex would be
+ *     an attacker-registrable suffix like `auth.co.uk` rather than the real
+ *     registrable domain.
+ *
+ * When the page is already loaded ON the IdP itself (`auth.<anything>`),
+ * the helper returns the current origin so the SDK keeps everything
+ * same-origin instead of hopping to a different IdP host.
+ *
+ * The IdP backend independently derives `iss`, `provider_urls`, and the
+ * `fedcm.json` icon URLs from the request host
+ * (`packages/auth/server/index.ts`), so an honest CNAME pair is all that
+ * is required for end-to-end FedCM correctness — no per-RP config.
+ */
+
+/**
+ * Known multi-part public suffixes where the registrable domain is the LAST
+ * THREE labels, not two. Deriving an apex from `labels.slice(-2)` against any
+ * of these would yield an attacker-registrable suffix (e.g. `auth.co.uk`),
+ * so we bail out instead.
+ *
+ * This is intentionally a small, explicit allow-list rather than the full
+ * Public Suffix List — it covers the suffixes the Oxy ecosystem's RPs use.
+ * Any multi-part-TLD RP MUST extend this set (or wire in a proper PSL check)
+ * before relying on this helper, otherwise auto-detection silently bails to
+ * `undefined` and the consumer must pass `authWebUrl` explicitly.
+ */
+const MULTIPART_TLDS: ReadonlySet<string> = new Set([
+  'co.uk',
+  'com.au',
+  'co.jp',
+  'co.nz',
+  'com.br',
+  'co.za',
+  'com.mx',
+  'co.in',
+  'co.kr',
+  'com.sg',
+]);
+
+export function autoDetectAuthWebUrl(
+  location: Pick<Location, 'hostname' | 'protocol'> | undefined =
+    typeof window !== 'undefined' ? window.location : undefined
+): string | undefined {
+  if (!location) return undefined;
+  const { hostname, protocol } = location;
+  if (!hostname) return undefined;
+  if (protocol !== 'https:' && protocol !== 'http:') return undefined;
+  if (hostname === 'localhost' || hostname === '127.0.0.1') return undefined;
+  if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname)) return undefined;
+  if (hostname.startsWith('[')) return undefined;
+  if (hostname.startsWith('auth.')) {
+    return `${protocol}//${hostname}`;
+  }
+  const labels = hostname.split('.');
+  if (labels.length < 2) return undefined;
+  if (MULTIPART_TLDS.has(labels.slice(-2).join('.'))) return undefined;
+  const apex = labels.slice(-2).join('.');
+  return `${protocol}//auth.${apex}`;
+}

package/dist/cjs/crypto/index.js

@@ -1,22 +0,0 @@
-"use strict";
-/**
- * Oxy Crypto Module
- *
- * Provides cryptographic identity management for the Oxy ecosystem.
- * Handles key generation, secure storage, digital signatures, and recovery phrases.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = exports.RecoveryPhraseService = exports.SignatureService = exports.IdentityPersistError = exports.IdentityAlreadyExistsError = exports.KeyManager = void 0;
-// Import polyfills first - this ensures Buffer is available for bip39 and other libraries
-require("./polyfill");
-var keyManager_1 = require("./keyManager");
-Object.defineProperty(exports, "KeyManager", { enumerable: true, get: function () { return keyManager_1.KeyManager; } });
-Object.defineProperty(exports, "IdentityAlreadyExistsError", { enumerable: true, get: function () { return keyManager_1.IdentityAlreadyExistsError; } });
-Object.defineProperty(exports, "IdentityPersistError", { enumerable: true, get: function () { return keyManager_1.IdentityPersistError; } });
-var signatureService_1 = require("./signatureService");
-Object.defineProperty(exports, "SignatureService", { enumerable: true, get: function () { return signatureService_1.SignatureService; } });
-var recoveryPhrase_1 = require("./recoveryPhrase");
-Object.defineProperty(exports, "RecoveryPhraseService", { enumerable: true, get: function () { return recoveryPhrase_1.RecoveryPhraseService; } });
-// Re-export for convenience
-var keyManager_2 = require("./keyManager");
-Object.defineProperty(exports, "default", { enumerable: true, get: function () { return keyManager_2.KeyManager; } });