@oxyhq/services 10.1.0 → 10.2.1

package/src/ui/hooks/useDeviceAccounts.ts

@@ -0,0 +1,348 @@
+import { useMemo } from 'react';
+import { useQuery } from '@tanstack/react-query';
+import {
+    getAccountDisplayName,
+    getAccountFallbackHandle,
+} from '@oxyhq/core';
+import type {
+    RefreshAllAccountUser,
+    User,
+    ClientSession,
+} from '@oxyhq/core';
+import { useOxy } from '../context/OxyContext';
+import { useI18n } from './useI18n';
+import { queryKeys } from './queries/queryKeys';
+
+/**
+ * The per-account user shape carried by a {@link DeviceAccount}. Either:
+ *  - the minimal projection returned by `POST /auth/refresh-all`
+ *    ({@link RefreshAllAccountUser}, the shared apex path), or
+ *  - the SDK's canonical {@link User} document (the active row on the local
+ *    fallback path, which already has the full user loaded in `useOxy()`).
+ *
+ * Both satisfy `getAccountDisplayName`'s `DisplayNameUserShape`, so display
+ * resolution is uniform across paths.
+ */
+export type DeviceAccountUser = RefreshAllAccountUser | User;
+
+/**
+ * One signed-in account on this device, fully hydrated for the account
+ * chooser. Unlike the old `AccountMenu` behaviour (which only carried the
+ * ACTIVE session's user), EVERY entry here carries real per-account
+ * `displayName` / `email` / `avatarUrl` / `color`.
+ */
+export interface DeviceAccount {
+    /** Session id used to switch to this account on native. */
+    sessionId: string;
+    /**
+     * Device-local refresh-cookie slot index (0..N-1), present only on the
+     * shared apex path. Web silent-switch (`refreshTokenViaCookie({ authuser }`)
+     * keys off this; absent on the local fallback and on native.
+     */
+    authuser?: number;
+    /** Whether this account is the currently-active session. */
+    isCurrent: boolean;
+    /** Friendly display name (never blank — falls back to a handle/sentinel). */
+    displayName: string;
+    /**
+     * Real account email, or `null` when the account genuinely has none.
+     * NEVER a synthesized `username@oxy.so` — a missing email stays `null` and
+     * the UI falls back to the `@handle` secondary line.
+     */
+    email: string | null;
+    /** Resolved avatar thumbnail URL, or `undefined` when the account has no avatar. */
+    avatarUrl?: string;
+    /** Account's preferred Bloom color preset, or `null` when unset. */
+    color: string | null;
+    /** The underlying per-account user payload (shared projection or full User). */
+    user: DeviceAccountUser;
+}
+
+export interface UseDeviceAccountsResult {
+    /** Every account signed in on this device, current one(s) flagged `isCurrent`. */
+    accounts: DeviceAccount[];
+    /** True until the first detection settles. */
+    isLoading: boolean;
+    /** The currently-active session id (mirrors `useOxy().activeSessionId`). */
+    currentSessionId: string | null;
+    /**
+     * `true` when the list came from the shared apex path
+     * (`refreshAllSessions()` returned >0 accounts — the cross-domain SSO cookie
+     * set on `*.oxy.so`). `false` when it came from the local `useOxy()`
+     * fallback (native, or cross-domain web where the apex cookie is absent).
+     */
+    fromSharedApex: boolean;
+}
+
+/**
+ * Resolve which entries are the current account, robustly.
+ *
+ * Primary signal: `entry.sessionId === activeSessionId`. On the web shared-apex
+ * path, `refreshAllSessions()` returns SERVER-side session ids that may not
+ * equal the locally-stored `activeSessionId` (a different storage namespace /
+ * server perspective), so a pure `sessionId` match can flag NO row as current —
+ * the bug that surfaced as "Not signed in" even while authenticated.
+ *
+ * Fallbacks, applied only when the `sessionId` match found nothing AND the user
+ * is authenticated:
+ *  1. Match the live `user.id` against each entry's per-account user id.
+ *  2. If still nothing and there is exactly one account, mark that one current.
+ *
+ * At most ONE entry is ever marked current.
+ *
+ * Pure & side-effect free so it is unit-testable without rendering React.
+ */
+export function markCurrentAccount(
+    accounts: DeviceAccount[],
+    activeSessionId: string | null | undefined,
+    liveUserId: string | null | undefined,
+    isAuthenticated: boolean,
+): DeviceAccount[] {
+    const bySession = accounts.map((account): DeviceAccount => ({
+        ...account,
+        isCurrent: Boolean(activeSessionId) && account.sessionId === activeSessionId,
+    }));
+
+    if (bySession.some((account) => account.isCurrent) || !isAuthenticated) {
+        return bySession;
+    }
+
+    // No row matched by session id: fall back to the live user's id, marking at
+    // most the FIRST matching entry current (never more than one).
+    if (liveUserId) {
+        let matched = false;
+        const byUser = bySession.map((account): DeviceAccount => {
+            if (!matched && account.user.id === liveUserId) {
+                matched = true;
+                return { ...account, isCurrent: true };
+            }
+            return account;
+        });
+        if (matched) {
+            return byUser;
+        }
+    }
+
+    // Authenticated, nothing matched, but there is exactly one account → it must
+    // be the current one (single-account shared-apex / cross-domain case).
+    if (bySession.length === 1) {
+        return [{ ...bySession[0], isCurrent: true }];
+    }
+
+    return bySession;
+}
+
+/**
+ * Resolve every account signed in on this device for the unified account
+ * switcher, with real per-account name / email / avatar / color.
+ *
+ * ## Data sources (web vs native)
+ *
+ * - **Web on a `*.oxy.so` host** → `oxyServices.refreshAllSessions()` returns
+ *   the full apex device-account list (identical to what `auth.oxy.so` sees,
+ *   because the `Domain=oxy.so` refresh cookies reach `api.oxy.so`). Used
+ *   directly — this is the `fromSharedApex: true` path.
+ * - **Cross-domain web (non-`oxy.so` apex)** OR **native (no browser cookies)**
+ *   → `refreshAllSessions()` yields `{ accounts: [] }` (the apex cookies never
+ *   reach the request: cross-domain by `Domain`, native by having no cookie
+ *   jar at all; a 401 is also normalised to `{ accounts: [] }` inside the
+ *   core mixin). In that case we FALL BACK to the SDK's local multi-account
+ *   list from `useOxy()` (`sessions` + `activeSessionId` + the active `user`).
+ *   This is the `fromSharedApex: false` path.
+ *
+ * The fallback decision is purely data-driven: **if `refreshAllSessions()`
+ * returns >0 accounts, use the shared path; otherwise fall back to local
+ * `useOxy()` sessions.** No host sniffing is needed — the cookie scoping does
+ * the discrimination for us, and the same code path works on native (where the
+ * fetch returns `{ accounts: [] }`).
+ *
+ * ## Why React Query (not a `useRef`/`useState` start-once like the auth app)
+ *
+ * The auth app's `use-device-accounts.ts` hand-rolls a `startedRef` because it
+ * has no React Query. The SDK does. `refreshAllSessions()` ROTATES single-use
+ * refresh cookies on every call, so it must run AT MOST ONCE per page load:
+ * we model that with `staleTime: Infinity` + `gcTime: Infinity` +
+ * `refetchOnWindowFocus/Reconnect/Mount: false` + `retry: false`. React Query
+ * dedupes concurrent mounts and caches the single result for the page's
+ * lifetime — the exact "run once" guarantee the auth app documents, but
+ * without the manual ref/state machinery.
+ *
+ * ## Validation note (intentionally NO zod re-parse)
+ *
+ * The auth app's hook calls `fetch` directly, so IT must `safeParse` the wire
+ * response with `@oxyhq/contracts`. This hook calls
+ * `oxyServices.refreshAllSessions()`, whose core mixin ALREADY validates and
+ * normalises the wire response (skips entries missing required fields,
+ * normalises `authuser` null→0, builds the `RefreshAllAccountUser` shape) — the
+ * mixin is the single source of truth. Re-validating the SDK's own already-typed
+ * output here would be redundant double-validation, so we do not re-parse.
+ *
+ * ## Error handling
+ *
+ * `refreshAllSessions()` already maps 401/404/abort to `{ accounts: [] }`
+ * internally. Any OTHER failure (network, 5xx) propagates as a thrown error and
+ * is surfaced by React Query (`query.isError`) — never swallowed. Callers that
+ * don't care can ignore it; the hook still returns the local fallback list so
+ * the chooser stays usable.
+ */
+export function useDeviceAccounts(): UseDeviceAccountsResult {
+    const {
+        oxyServices,
+        sessions,
+        activeSessionId,
+        user,
+        isAuthenticated,
+    } = useOxy();
+    const { locale } = useI18n();
+
+    // Stable, per-API-origin query key. `refreshAllSessions` resolves against
+    // the session base url derived from `getBaseURL()`, so keying on it scopes
+    // the cached result to the API the provider is pointed at.
+    const baseURL = oxyServices.getBaseURL();
+
+    const query = useQuery({
+        queryKey: [...queryKeys.accounts.all, 'deviceAccounts', baseURL] as const,
+        queryFn: () => oxyServices.refreshAllSessions(),
+        // Only attempt the shared apex path while signed in. When logged out
+        // there is nothing to enumerate and the fallback (also empty) is used.
+        enabled: isAuthenticated,
+        // Single-use cookie rotation → run at most once per page load.
+        staleTime: Number.POSITIVE_INFINITY,
+        gcTime: Number.POSITIVE_INFINITY,
+        refetchOnWindowFocus: false,
+        refetchOnReconnect: false,
+        refetchOnMount: false,
+        retry: false,
+    });
+
+    const sharedAccounts = query.data?.accounts ?? [];
+    const fromSharedApex = sharedAccounts.length > 0;
+
+    const accounts = useMemo<DeviceAccount[]>(() => {
+        const resolveAvatarUrl = (avatar: string | null | undefined): string | undefined =>
+            avatar ? oxyServices.getFileDownloadUrl(avatar, 'thumb') : undefined;
+
+        // Build a single current-account row from the live `useOxy().user`. Used
+        // as a last-resort fallback when neither the shared-apex probe nor the
+        // local session store yielded a row but the user IS authenticated (e.g.
+        // a cross-domain host where the apex probe returned empty before the
+        // local session store hydrated). The signed-in user must ALWAYS be
+        // represented. Email is the REAL email or the `@handle` line — never a
+        // synthesized `username@oxy.so`.
+        const liveUserRow = (): DeviceAccount[] => {
+            if (!isAuthenticated || !user || !activeSessionId) {
+                return [];
+            }
+            const displayName = getAccountDisplayName(user, locale);
+            const handle = getAccountFallbackHandle(user);
+            const secondaryHandle = handle ? `@${handle}` : null;
+            return [{
+                sessionId: activeSessionId,
+                authuser: undefined,
+                isCurrent: true,
+                displayName,
+                email: user.email ?? secondaryHandle,
+                avatarUrl: resolveAvatarUrl(user.avatar),
+                color: user.color ?? null,
+                user,
+            }];
+        };
+
+        let built: DeviceAccount[];
+
+        if (fromSharedApex) {
+            // Shared apex path: every entry carries a real per-account user.
+            built = sharedAccounts.map((entry): DeviceAccount => {
+                // `entry.user` is non-null on the refresh-all path; the core
+                // mixin skips entries without a valid user. The fallback below
+                // keeps rendering defensive if a server response is incomplete.
+                const accountUser: DeviceAccountUser = entry.user ?? {
+                    id: '',
+                    username: '',
+                };
+                const displayName = getAccountDisplayName(accountUser, locale);
+                const handle = getAccountFallbackHandle(accountUser);
+                const email = entry.user?.email ?? null;
+                const secondaryHandle = handle ? `@${handle}` : null;
+                return {
+                    sessionId: entry.sessionId,
+                    authuser: entry.authuser,
+                    // Provisional; finalised by `markCurrentAccount` below so the
+                    // shared-apex path is robust to server/local session-id skew.
+                    isCurrent: false,
+                    displayName,
+                    // Real email, or null (NEVER synthesized). The UI uses the
+                    // `@handle` line only when email is genuinely absent.
+                    email: email ?? secondaryHandle,
+                    avatarUrl: resolveAvatarUrl(entry.user?.avatar),
+                    color: entry.user?.color ?? null,
+                    user: accountUser,
+                };
+            });
+        } else {
+            // Local fallback path: build from the SDK's multi-session store. The
+            // active session row gets the full loaded `user`; inactive fallback
+            // rows carry only what the `ClientSession` exposes (no synthesized
+            // identity — they show the active user's data only when active).
+            built = (sessions ?? []).map((session: ClientSession): DeviceAccount => {
+                const isCurrent = session.sessionId === activeSessionId;
+                const accountUser: DeviceAccountUser = isCurrent && user
+                    ? user
+                    : { id: session.userId ?? '', username: '' };
+                const displayName = getAccountDisplayName(accountUser, locale);
+                const handle = getAccountFallbackHandle(accountUser);
+                const email = isCurrent && user?.email ? user.email : null;
+                const secondaryHandle = handle ? `@${handle}` : null;
+                const avatar = isCurrent && user ? user.avatar : undefined;
+                const color = isCurrent && user?.color ? user.color : null;
+                return {
+                    sessionId: session.sessionId,
+                    authuser: session.authuser,
+                    isCurrent,
+                    displayName,
+                    email: email ?? secondaryHandle,
+                    avatarUrl: resolveAvatarUrl(avatar),
+                    color,
+                    user: accountUser,
+                };
+            });
+        }
+
+        // Robust current-account detection: tolerate server/local session-id
+        // skew on the shared-apex path by falling back to the live user's id and
+        // the single-account heuristic.
+        const flagged = markCurrentAccount(
+            built,
+            activeSessionId,
+            user?.id ?? null,
+            isAuthenticated,
+        );
+
+        // The signed-in user must ALWAYS be represented. If detection produced
+        // an empty list yet the user is authenticated, synthesize a single
+        // current row from the live `useOxy().user`.
+        if (flagged.length === 0) {
+            return liveUserRow();
+        }
+        return flagged;
+    }, [
+        fromSharedApex,
+        sharedAccounts,
+        sessions,
+        activeSessionId,
+        user,
+        isAuthenticated,
+        locale,
+        oxyServices,
+    ]);
+
+    return {
+        accounts,
+        // `isLoading` only reflects the shared probe while it's the relevant
+        // source. Once we know we're on the fallback (probe settled with 0
+        // accounts) the local list is synchronously available.
+        isLoading: isAuthenticated && query.isLoading,
+        currentSessionId: activeSessionId ?? null,
+        fromSharedApex,
+    };
+}

package/src/ui/hooks/useSessionManagement.ts

@@ -199,7 +199,6 @@ export const useSessionManagement = ({
 
   const activateSession = useCallback(
     async (sessionId: string, user: User): Promise<void> => {
-      await oxyServices.getTokenBySession(sessionId);
       setTokenReady?.(true);
       setActiveSessionId(sessionId);
       loginSuccess(user);
@@ -207,14 +206,7 @@ export const useSessionManagement = ({
       await applyLanguagePreference(user);
       onAuthStateChange?.(user);
     },
-    [
-      applyLanguagePreference,
-      loginSuccess,
-      onAuthStateChange,
-      oxyServices,
-      saveActiveSessionId,
-      setTokenReady,
-    ],
+    [applyLanguagePreference, loginSuccess, onAuthStateChange, saveActiveSessionId, setTokenReady],
   );
 
   const removalTimerIdsRef = useRef<Set<ReturnType<typeof setTimeout>>>(new Set());
@@ -271,10 +263,10 @@ export const useSessionManagement = ({
         // `refreshAllSessions` it carries its `authuser` slot index. We
         // proactively plant that slot's access token via the httpOnly
         // refresh cookie BEFORE validating, so the bearer-protected
-        // validate/getCurrentUser calls don't need a token that was never
-        // in memory (cold reload / different browser tab). The native path
-        // has no per-session cookies and continues to rely on
-        // `validateSession` + `getTokenBySession` directly.
+        // validate/getCurrentUser calls have the correct in-memory token
+        // after a cold reload or account switch in another tab. The native
+        // path arrives here only after a bearer has been planted by
+        // `claimSessionByToken` or secure shared-session restore.
         if (isWebBrowser()) {
           const targetSession = sessionsRef.current.find((s) => s.sessionId === sessionId);
           const targetAuthuser = targetSession?.authuser;
@@ -449,4 +441,3 @@ export const useSessionManagement = ({
   };
 };
 
-

package/src/ui/hooks/useSessionSocket.ts

@@ -149,8 +149,7 @@ export function useSessionSocket({
       // appear in the switch. Anything unknown falls through to `default`,
       // which is intentionally a no-op for session lifecycle — it only logs
       // in dev. This guards against future server-side event additions
-      // (e.g. `session_created`) accidentally triggering sign-out via a
-      // "legacy fallback" branch.
+      // accidentally triggering sign-out.
       switch (data.type) {
         case 'session_removed': {
           if (data.sessionId && onSessionRemovedRef.current) {
@@ -199,9 +198,9 @@ export function useSessionSocket({
         case 'session_created':
         case 'session_update': {
           // Lifecycle event for the current user. Just resync the sessions
-          // list — never sign out. Historically this branch had a legacy
-          // fallback that compared `data.sessionId === currentActiveSessionId`
-          // and signed the user out if true, which was catastrophic: a
+          // list — never sign out. A prior implementation compared
+          // `data.sessionId === currentActiveSessionId` and signed the user
+          // out if true, which was catastrophic: a
           // `session_created` event fired immediately after a successful
           // sign-in carries the user's NEW (now-active) session id, which
           // matched and triggered an instant remote sign-out toast on every

package/src/ui/hooks/useWebSSO.ts

@@ -8,7 +8,7 @@
  * without relying on third-party cookies.
  *
  * For browsers without FedCM support, users will need to click a sign-in button
- * which triggers a popup-based authentication flow.
+ * which triggers redirect authentication.
  *
  * This is called automatically by OxyContext on web platforms.
  *

package/src/ui/navigation/routes.ts

@@ -28,12 +28,12 @@ export type RouteName =
     | 'SavesCollections'
     | 'EditProfileField' // Dedicated screen for editing a single profile field
     | 'LearnMoreUsernames' // Informational screen about usernames
-    | 'KarmaCenter'
-    | 'KarmaLeaderboard'
-    | 'KarmaRewards'
-    | 'KarmaRules'
-    | 'AboutKarma'
-    | 'KarmaFAQ'
+    | 'TrustCenter'
+    | 'TrustLeaderboard'
+    | 'TrustRewards'
+    | 'TrustRules'
+    | 'AboutTrust'
+    | 'TrustFAQ'
     | 'FollowersList'  // List of user's followers
     | 'FollowingList' // List of users being followed
     | 'CreateManagedAccount' // Create a new managed sub-account
@@ -67,13 +67,13 @@ const screenLoaders: Record<RouteName, () => ComponentType<BaseScreenProps>> = {
     EditProfileField: () => require('../screens/EditProfileFieldScreen').default,
     // Informational screens
     LearnMoreUsernames: () => require('../screens/LearnMoreUsernamesScreen').default,
-    // Karma screens
-    KarmaCenter: () => require('../screens/karma/KarmaCenterScreen').default,
-    KarmaLeaderboard: () => require('../screens/karma/KarmaLeaderboardScreen').default,
-    KarmaRewards: () => require('../screens/karma/KarmaRewardsScreen').default,
-    KarmaRules: () => require('../screens/karma/KarmaRulesScreen').default,
-    AboutKarma: () => require('../screens/karma/KarmaAboutScreen').default,
-    KarmaFAQ: () => require('../screens/karma/KarmaFAQScreen').default,
+    // Oxy Trust screens
+    TrustCenter: () => require('../screens/trust/TrustCenterScreen').default,
+    TrustLeaderboard: () => require('../screens/trust/TrustLeaderboardScreen').default,
+    TrustRewards: () => require('../screens/trust/TrustRewardsScreen').default,
+    TrustRules: () => require('../screens/trust/TrustRulesScreen').default,
+    AboutTrust: () => require('../screens/trust/TrustAboutScreen').default,
+    TrustFAQ: () => require('../screens/trust/TrustFAQScreen').default,
     // User list screens (followers/following)
     FollowersList: () => require('../screens/FollowersListScreen').default,
     FollowingList: () => require('../screens/FollowingListScreen').default,

package/src/ui/screens/OxyAuthScreen.tsx

@@ -142,13 +142,12 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
   // `claimSessionByToken` — the device-flow equivalent of OAuth's
   // code-for-token exchange (RFC 8628 §3.4).
   //
-  // Without that exchange the SDK has no bearer token, so the subsequent
-  // `switchSession` -> `getTokenBySession` call (`GET /session/token/:id`) 401s
-  // against the C1-hardened API — the session is authorized server-side but the
-  // app never becomes authenticated and the sheet sits "Waiting for
-  // authorization..." forever. Once `claimSessionByToken` plants the tokens in
-  // the HttpService, the rest of the session wiring flows through the normal
-  // `switchSession` path. This mirrors `SignInModal`'s web flow exactly.
+  // Without that exchange the SDK has no bearer token — the session is
+  // authorized server-side but the app never becomes authenticated and the
+  // sheet sits "Waiting for authorization..." forever. Once
+  // `claimSessionByToken` plants the tokens in the HttpService, the rest of the
+  // session wiring flows through the normal `switchSession` path. This mirrors
+  // `SignInModal`'s web flow exactly.
   const handleAuthSuccess = useCallback(async (sessionId: string, sessionToken: string) => {
     if (isProcessingRef.current) return;
     isProcessingRef.current = true;
@@ -221,8 +220,11 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
 
     socket.on('connect_error', (err) => {
       debug.log('Socket connection error, falling back to polling:', (err instanceof Error ? err.message : null));
-      // Fall back to polling if socket fails
+      // Realtime transport errored — reflect the honest connection state. The
+      // poll is already running (started unconditionally in
+      // `generateAuthSession`), so `startPolling` here is a no-op backstop.
       socket.disconnect();
+      setConnectionType('polling');
       startPolling(sessionToken);
     });
 
@@ -231,9 +233,13 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
     });
   }, [oxyServices, handleAuthSuccess]);
 
-  // Start polling for authorization (fallback)
+  // Start polling for authorization.
+  //
+  // Idempotent: if a poll interval is already running this is a no-op, so the
+  // `connect_error` path (which also calls this) cannot stack a second interval
+  // on top of the always-on poll started in `generateAuthSession`.
   const startPolling = useCallback((sessionToken: string) => {
-    setConnectionType('polling');
+    if (pollingIntervalRef.current) return;
 
     pollingIntervalRef.current = setInterval(async () => {
       if (isProcessingRef.current) return;
@@ -312,14 +318,17 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
       setAuthSession({ sessionToken, expiresAt });
       setIsWaiting(true);
 
-      // Try socket first, will fall back to polling if needed
+      // Socket is the fast path; the poll is a transport-independent backstop
+      // that guarantees completion even if the socket connects but silently
+      // never delivers auth_update (RN transport / idle-timeout).
       connectSocket(sessionToken);
+      startPolling(sessionToken);
     } catch (err: unknown) {
       setError((err instanceof Error ? err.message : null) || 'Failed to create auth session');
     } finally {
       setIsLoading(false);
     }
-  }, [oxyServices, connectSocket, clientId]);
+  }, [oxyServices, connectSocket, startPolling, clientId]);
 
   // Generate a random session token
   const generateSessionToken = (): string => {

package/src/ui/screens/ProfileScreen.tsx

@@ -32,7 +32,7 @@ const ProfileScreen: React.FC<ProfileScreenProps> = ({ userId, username, theme,
     // Use useOxy() hook for OxyContext values
     const { oxyServices, user: currentUser } = useOxy();
     const [profile, setProfile] = useState<User | null>(null);
-    const [karmaTotal, setKarmaTotal] = useState<number | null>(null);
+    const [reputationTotal, setReputationTotal] = useState<number | null>(null);
     const [postsCount, setPostsCount] = useState<number | null>(null);
     const [commentsCount, setCommentsCount] = useState<number | null>(null);
     const [isLoading, setIsLoading] = useState(true);
@@ -77,7 +77,7 @@ const ProfileScreen: React.FC<ProfileScreenProps> = ({ userId, username, theme,
         setIsLoading(true);
         setError(null);
 
-        // Load user profile, karma total, and stats
+        // Load user profile, reputation total, and stats
         Promise.all([
             oxyServices.getUserById(userId).catch((err: unknown) => {
                 // If this is the current user and the API call fails, use current user data as fallback
@@ -88,18 +88,16 @@ const ProfileScreen: React.FC<ProfileScreenProps> = ({ userId, username, theme,
                 }
                 throw err;
             }),
-            oxyServices.getUserKarmaTotal ?
-                oxyServices.getUserKarmaTotal(userId).catch(() => {
-                    return { total: undefined };
-                }) :
-                Promise.resolve({ total: undefined }),
+            oxyServices.getReputationBalance(userId)
+                .then((balance): { total: number | undefined } => ({ total: balance.total }))
+                .catch((): { total: number | undefined } => ({ total: undefined })),
             oxyServices.getUserStats ?
                 oxyServices.getUserStats(userId).catch(() => {
                     return { postCount: 0, commentCount: 0 };
                 }) :
                 Promise.resolve({ postCount: 0, commentCount: 0 })
         ])
-            .then(([profileRes, karmaRes, statsRes]) => {
+            .then(([profileRes, reputationRes, statsRes]) => {
                 if (!profileRes) {
                     setError('Profile data is not available');
                     setIsLoading(false);
@@ -107,7 +105,7 @@ const ProfileScreen: React.FC<ProfileScreenProps> = ({ userId, username, theme,
                 }
 
                 setProfile(profileRes);
-                setKarmaTotal(typeof karmaRes.total === 'number' ? karmaRes.total : null);
+                setReputationTotal(typeof reputationRes.total === 'number' ? reputationRes.total : null);
 
                 // Extract links from profile data
                 if (profileRes.linksMetadata && Array.isArray(profileRes.linksMetadata)) {
@@ -326,24 +324,24 @@ const ProfileScreen: React.FC<ProfileScreenProps> = ({ userId, username, theme,
                     {/* All Stats in one row */}
                     <View style={styles.statsRow}>
                         <View style={styles.statItem}>
-                            <Text style={styles.karmaAmount} className="text-primary">{karmaTotal !== null && karmaTotal !== undefined ? karmaTotal : '--'}</Text>
-                            <Text style={styles.karmaLabel} className="text-muted-foreground">{t('profile.karma') || 'Karma'}</Text>
+                            <Text style={styles.statAmount} className="text-primary">{reputationTotal !== null && reputationTotal !== undefined ? reputationTotal : '--'}</Text>
+                            <Text style={styles.statLabel} className="text-muted-foreground">{t('profile.reputation') || 'Reputation'}</Text>
                         </View>
                         <View style={styles.statItem}>
                             {isLoadingCounts ? (
                                 <ActivityIndicator size="small" color={bloomTheme.colors.text} />
                             ) : (
-                                <Text style={styles.karmaAmount} className="text-foreground">{followerCount !== null ? followerCount : '--'}</Text>
+                                <Text style={styles.statAmount} className="text-foreground">{followerCount !== null ? followerCount : '--'}</Text>
                             )}
-                            <Text style={styles.karmaLabel} className="text-muted-foreground">{t('profile.followers') || 'Followers'}</Text>
+                            <Text style={styles.statLabel} className="text-muted-foreground">{t('profile.followers') || 'Followers'}</Text>
                         </View>
                         <View style={styles.statItem}>
                             {isLoadingCounts ? (
                                 <ActivityIndicator size="small" color={bloomTheme.colors.text} />
                             ) : (
-                                <Text style={styles.karmaAmount} className="text-foreground">{followingCount !== null ? followingCount : '--'}</Text>
+                                <Text style={styles.statAmount} className="text-foreground">{followingCount !== null ? followingCount : '--'}</Text>
                             )}
-                            <Text style={styles.karmaLabel} className="text-muted-foreground">{t('profile.following') || 'Following'}</Text>
+                            <Text style={styles.statLabel} className="text-muted-foreground">{t('profile.following') || 'Following'}</Text>
                         </View>
                     </View>
                 </View>
@@ -401,8 +399,8 @@ const createStyles = () => StyleSheet.create({
     },
     statsRow: { width: '100%', flex: 1, flexDirection: 'row', alignItems: 'center', marginTop: 6, marginBottom: 2, justifyContent: 'space-between' },
     statItem: { flex: 1, alignItems: 'center', minWidth: 50, marginBottom: 12 },
-    karmaLabel: { fontSize: 14, marginBottom: 2, textAlign: 'center' },
-    karmaAmount: { fontSize: 24, fontWeight: 'bold', textAlign: 'center', letterSpacing: 0.2 },
+    statLabel: { fontSize: 14, marginBottom: 2, textAlign: 'center' },
+    statAmount: { fontSize: 24, fontWeight: 'bold', textAlign: 'center', letterSpacing: 0.2 },
     // Error handling styles
     errorHeader: {
         flexDirection: 'row',

package/src/ui/screens/WelcomeNewUserScreen.tsx

@@ -115,9 +115,9 @@ const WelcomeNewUserScreen: React.FC<BaseScreenProps & { newUser?: any }> = ({
                 t('welcomeNew.principles.bullets.3') || 'No selling your data',
             ]
         },
-        { key: 'karma', title: t('welcomeNew.karma.title') || 'Karma = Trust & Growth', body: t('welcomeNew.karma.body') || 'Oxy Karma is a points system that reacts to what you do. Helpful, respectful, constructive actions earn it. Harmful or low‑effort stuff chips it away. More karma can unlock benefits; low karma can limit features. It keeps things fair and rewards real contribution.' },
+        { key: 'trust', title: t('welcomeNew.trust.title') || 'Oxy Trust = Trust & Growth', body: t('welcomeNew.trust.body') || 'Oxy Trust is a reputation system that reacts to what you do. Helpful, respectful, constructive actions earn reputation. Harmful or low‑effort stuff chips it away. More reputation raises your trust tier and can unlock benefits; low reputation can limit features. It keeps things fair and rewards real contribution.' },
         { key: 'avatar', title: t('welcomeNew.avatar.title') || 'Make It Yours', body: t('welcomeNew.avatar.body') || 'Add an avatar so people recognize you. It will show anywhere you show up here. Skip if you want — you can add it later.', showAvatar: true },
-        { key: 'ready', title: t('welcomeNew.ready.title') || "You're Ready", body: t('welcomeNew.ready.body') || 'Explore. Contribute. Earn karma. Stay in control.' }
+        { key: 'ready', title: t('welcomeNew.ready.title') || "You're Ready", body: t('welcomeNew.ready.body') || 'Explore. Contribute. Earn reputation. Stay in control.' }
     ];
     const totalSteps = steps.length;
     const avatarStepIndex = steps.findIndex(s => s.showAvatar);