@oxyhq/services 5.16.39 → 5.16.41

package/lib/commonjs/ui/context/OxyContext.js

@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
 });
 exports.useOxy = exports.default = exports.OxyProvider = exports.OxyContextProvider = void 0;
 var _react = require("react");
-var _reactNative = require("react-native");
 var _core = require("../../core");
 var _sonner = require("../../lib/sonner");
 var _authStore = require("../stores/authStore");
@@ -13,49 +12,20 @@ var _shallow = require("zustand/react/shallow");
 var _useSessionSocket = require("../hooks/useSessionSocket");
 var _useStorage = require("../hooks/useStorage");
 var _useLanguageManagement = require("../hooks/useLanguageManagement");
-var _useSessionManagement = require("../hooks/useSessionManagement");
-var _useAuthOperations = require("./hooks/useAuthOperations");
-var _useDeviceManagement = require("../hooks/useDeviceManagement");
 var _storageHelpers = require("../utils/storageHelpers");
 var _errorHandlers = require("../utils/errorHandlers");
 var _bottomSheetManager = require("../navigation/bottomSheetManager");
 var _reactQuery = require("@tanstack/react-query");
 var _queryClient = require("../hooks/queryClient");
-var _crypto = require("../../crypto");
-var _i18n = require("../../i18n");
-var _avatarUtils = require("../utils/avatarUtils");
+var _identitySession = require("../../core/identity-session");
 var _accountStore = require("../stores/accountStore");
-var _loggerUtils = require("../../utils/loggerUtils");
 var _transferStore = require("../stores/transferStore");
 var _useTransferQueries = require("../hooks/useTransferQueries");
+var _useTransferCodesPersistence = require("../hooks/useTransferCodesPersistence");
+var _useIdentityTransfer = require("../hooks/useIdentityTransfer");
+var _useAvatarPicker = require("../hooks/useAvatarPicker");
 var _jsxRuntime = require("react/jsx-runtime");
 const OxyContext = /*#__PURE__*/(0, _react.createContext)(null);
-let cachedUseFollowHook = null;
-const loadUseFollowHook = () => {
-  if (cachedUseFollowHook) {
-    return cachedUseFollowHook;
-  }
-  try {
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
-    const {
-      useFollow
-    } = require('../hooks/useFollow');
-    cachedUseFollowHook = useFollow;
-    return cachedUseFollowHook;
-  } catch (error) {
-    if (__DEV__) {
-      _loggerUtils.logger.warn('useFollow hook is not available. Please import useFollow from @oxyhq/services directly.', {
-        component: 'OxyContext',
-        method: 'loadUseFollowHook'
-      }, error);
-    }
-    const fallback = () => {
-      throw new Error('useFollow hook is only available in the UI bundle. Import it from @oxyhq/services.');
-    };
-    cachedUseFollowHook = fallback;
-    return cachedUseFollowHook;
-  }
-};
 const OxyProvider = ({
   children,
   oxyServices: providedOxyServices,
@@ -105,7 +75,6 @@ const OxyProvider = ({
     setSyncing: state.setSyncing
   })));
   const [tokenReady, setTokenReady] = (0, _react.useState)(true);
-  const initializedRef = (0, _react.useRef)(false);
   const setAuthState = _authStore.useAuthStore.setState;
   const logger = (0, _react.useCallback)((message, err) => {
     if (__DEV__) {
@@ -125,55 +94,29 @@ const OxyProvider = ({
     logger
   });
 
-  // Invalidate KeyManager cache on mount to prevent stale cache issues
-  // useLayoutEffect runs synchronously after render but before paint, ensuring cache
-  // invalidation happens before any async operations start
-  (0, _react.useLayoutEffect)(() => {
-    if (_reactNative.Platform.OS !== 'web') {
-      _crypto.KeyManager.invalidateCache();
-    }
-  }, []);
-
-  // Identity integrity check and auto-restore on startup
-  // Skip on web platform - identity storage is only available on native platforms
+  // Initialize Identity Session Core
+  const [identityCore, setIdentityCore] = (0, _react.useState)(null);
+  const [isCoreInitialized, setIsCoreInitialized] = (0, _react.useState)(false);
   (0, _react.useEffect)(() => {
-    if (!storage || !isStorageReady) return;
-    if (_reactNative.Platform.OS === 'web') return; // Identity operations are native-only
-
-    const checkAndRestoreIdentity = async () => {
+    let mounted = true;
+    const initCore = async () => {
       try {
-        // Cache was already invalidated synchronously above
-
-        // Check if identity exists and verify integrity
-        const hasIdentity = await _crypto.KeyManager.hasIdentity();
-        if (hasIdentity) {
-          const isValid = await _crypto.KeyManager.verifyIdentityIntegrity();
-          if (!isValid) {
-            // Try to restore from backup (cache will be invalidated inside restoreIdentityFromBackup)
-            const restored = await _crypto.KeyManager.restoreIdentityFromBackup();
-            if (__DEV__) {
-              logger(restored ? 'Identity restored from backup successfully' : 'Identity integrity check failed - user may need to restore from backup file');
-            }
-          } else {
-            // Identity is valid - ensure backup is up to date
-            await _crypto.KeyManager.backupIdentity();
-          }
-        } else {
-          // No identity - try to restore from backup (cache will be invalidated inside restoreIdentityFromBackup)
-          const restored = await _crypto.KeyManager.restoreIdentityFromBackup();
-          if (restored && __DEV__) {
-            logger('Identity restored from backup on startup');
-          }
+        const core = await (0, _identitySession.createIdentitySessionCore)(oxyServices.getBaseURL() || baseURL);
+        if (mounted) {
+          setIdentityCore(core);
+          setIsCoreInitialized(true);
         }
       } catch (error) {
         if (__DEV__) {
-          logger('Error during identity integrity check', error);
+          logger('Failed to initialize identity session core', error);
         }
-        // Don't block app startup - user can recover with backup file
       }
     };
-    checkAndRestoreIdentity();
-  }, [storage, isStorageReady, logger]);
+    initCore();
+    return () => {
+      mounted = false;
+    };
+  }, [oxyServices, baseURL, logger]);
   const {
     currentLanguage,
     metadata: currentLanguageMetadata,
@@ -188,70 +131,112 @@ const OxyProvider = ({
     logger
   });
   const queryClient = (0, _reactQuery.useQueryClient)();
-  const {
-    sessions,
-    activeSessionId,
-    setActiveSessionId: setActiveSessionIdFromHook,
-    updateSessions,
-    switchSession,
-    refreshSessions,
-    clearSessionState,
-    saveActiveSessionId,
-    trackRemovedSession
-  } = (0, _useSessionManagement.useSessionManagement)({
-    oxyServices,
-    storage,
-    storageKeyPrefix,
-    loginSuccess,
-    logoutStore,
-    applyLanguagePreference,
-    onAuthStateChange,
-    onError,
-    setAuthError: message => setAuthState({
-      error: message
-    }),
-    logger,
-    setTokenReady,
-    queryClient
-  });
-  const {
-    createIdentity,
-    importIdentity: importIdentityBase,
-    signIn,
-    logout,
-    logoutAll,
-    hasIdentity,
-    getPublicKey,
-    isIdentitySynced,
-    syncIdentity: syncIdentityBase
-  } = (0, _useAuthOperations.useAuthOperations)({
-    oxyServices,
-    storage,
-    sessions,
-    activeSessionId,
-    setActiveSessionId: setActiveSessionIdFromHook,
-    updateSessions,
-    saveActiveSessionId,
-    clearSessionState,
-    switchSession,
-    applyLanguagePreference,
-    onAuthStateChange,
-    onError,
-    loginSuccess,
-    loginFailure,
-    logoutStore,
-    setAuthState,
-    setIdentitySynced,
-    setSyncing,
-    logger
-  });
 
-  // syncIdentity - TanStack Query handles offline mutations automatically
-  const syncIdentity = (0, _react.useCallback)(() => syncIdentityBase(), [syncIdentityBase]);
+  // Session state management using core
+  const [sessions, setSessions] = (0, _react.useState)([]);
+  const [activeSessionId, setActiveSessionId] = (0, _react.useState)(null);
+
+  // Load sessions from core
+  const loadSessionsFromCore = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized) return;
+    try {
+      const coreSessions = await identityCore.getAllSessions();
+      const activeId = await identityCore.getActiveSessionId();
+
+      // Convert core sessions to ClientSession format
+      const clientSessions = coreSessions.map(s => ({
+        deviceInfo: s.deviceInfo,
+        sessionId: s.sessionId,
+        deviceId: s.deviceId,
+        userId: s.userId,
+        expiresAt: s.expiresAt,
+        lastActive: s.lastActive,
+        isCurrent: s.isCurrent || false
+      }));
+      setSessions(clientSessions);
+      setActiveSessionId(activeId);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to load sessions from core', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, logger]);
+
+  // Load sessions when core is initialized
+  (0, _react.useEffect)(() => {
+    if (isCoreInitialized) {
+      loadSessionsFromCore();
+    }
+  }, [isCoreInitialized, loadSessionsFromCore]);
+
+  // Subscribe to core events
+  (0, _react.useEffect)(() => {
+    if (!identityCore || !isCoreInitialized) return;
+    const unsubscribe = identityCore.subscribe(event => {
+      if (event.type === 'session:created' || event.type === 'session:refreshed' || event.type === 'session:invalidated' || event.type === 'session:all-invalidated') {
+        loadSessionsFromCore();
+      }
+    });
+    return unsubscribe;
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore]);
+
+  // Identity operations using core
+  const hasIdentity = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized) return false;
+    return await identityCore.hasIdentity();
+  }, [identityCore, isCoreInitialized]);
+  const getPublicKey = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized) return null;
+    return await identityCore.getPublicKey();
+  }, [identityCore, isCoreInitialized]);
+  const isIdentitySynced = (0, _react.useCallback)(async () => {
+    if (!storage) return false;
+    const synced = await storage.getItem('oxy_identity_synced');
+    return synced === 'true';
+  }, [storage]);
+  const createIdentity = (0, _react.useCallback)(async username => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+    setSyncing(true);
+    try {
+      // Create identity using core
+      const identity = await identityCore.createIdentity(username);
 
-  // Wrapper for importIdentity to handle legacy calls gracefully
+      // Try to register with backend
+      let synced = false;
+      try {
+        const {
+          signature,
+          publicKey,
+          timestamp
+        } = await identityCore.createRegistrationSignature();
+        const result = await oxyServices.register(publicKey, signature, timestamp, username);
+        if (result?.user) {
+          loginSuccess(result.user);
+          synced = true;
+          await storage?.setItem('oxy_identity_synced', 'true');
+          setIdentitySynced(true);
+        }
+      } catch (error) {
+        // Registration failed (likely offline) - identity still created locally
+        if (__DEV__) {
+          logger('Failed to register identity with backend (offline mode)', error);
+        }
+      }
+      return {
+        synced
+      };
+    } finally {
+      setSyncing(false);
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing, logger]);
   const importIdentity = (0, _react.useCallback)(async (backupData, password) => {
-    // Handle legacy calls with single string argument (old recovery phrase signature)
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+
+    // Handle legacy calls with single string argument
     if (typeof backupData === 'string') {
       throw new Error('Recovery phrase import is no longer supported. Please use backup file import or QR code transfer instead.');
     }
@@ -260,90 +245,279 @@ const OxyProvider = ({
     if (!password || typeof password !== 'string') {
       throw new Error('Password is required for backup file import.');
     }
-    return importIdentityBase(backupData, password);
-  }, [importIdentityBase]);
+    setSyncing(true);
+    try {
+      // Import identity using core
+      const identity = await identityCore.importIdentity(backupData, password);
 
-  // Storage keys for transfer codes
-  const TRANSFER_CODES_STORAGE_KEY = `${storageKeyPrefix}_transfer_codes`;
-  const ACTIVE_TRANSFER_STORAGE_KEY = `${storageKeyPrefix}_active_transfer_id`;
+      // Try to register with backend if not already registered
+      let synced = false;
+      try {
+        const {
+          signature,
+          publicKey,
+          timestamp
+        } = await identityCore.createRegistrationSignature();
+        const result = await oxyServices.register(publicKey, signature, timestamp);
+        if (result?.user) {
+          loginSuccess(result.user);
+          synced = true;
+          await storage?.setItem('oxy_identity_synced', 'true');
+          setIdentitySynced(true);
+        }
+      } catch (error) {
+        // Check if user already exists (409 conflict)
+        if (error?.status === 409) {
+          // User already registered - try to sign in instead
+          try {
+            await signIn();
+            synced = true;
+            await storage?.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+          } catch (signInError) {
+            if (__DEV__) {
+              logger('Failed to sign in after import', signInError);
+            }
+          }
+        } else if (__DEV__) {
+          logger('Failed to register identity with backend (offline mode)', error);
+        }
+      }
+      return {
+        synced
+      };
+    } finally {
+      setSyncing(false);
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing, logger]);
+  const syncIdentity = (0, _react.useCallback)(async username => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+    const publicKey = await identityCore.getPublicKey();
+    if (!publicKey) {
+      throw new Error('No identity found');
+    }
+    setSyncing(true);
+    try {
+      const {
+        signature,
+        publicKey: pk,
+        timestamp
+      } = await identityCore.createRegistrationSignature();
+      const result = await oxyServices.register(pk, signature, timestamp, username);
+      if (result?.user) {
+        loginSuccess(result.user);
+        await storage?.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+        return result.user;
+      }
+      throw new Error('Registration failed');
+    } catch (error) {
+      // Check if user already exists (409 conflict) - try to sign in
+      if (error?.status === 409) {
+        const user = await signIn();
+        await storage?.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+        return user;
+      }
+      throw error;
+    } finally {
+      setSyncing(false);
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing]);
+  const signIn = (0, _react.useCallback)(async deviceName => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+    setAuthState({
+      isLoading: true
+    });
+    try {
+      // Create session using core
+      const session = await identityCore.createSession(deviceName);
 
-  // Clear all account data when identity is lost (for accounts app)
-  // In accounts app, identity = account, so losing identity means losing everything
-  const clearAllAccountData = (0, _react.useCallback)(async () => {
-    if (__DEV__) {
-      logger('Clearing all account data - identity changed or lost');
+      // Get user from OxyServices
+      const user = await oxyServices.getUserBySession(session.sessionId);
+      if (!user) {
+        throw new Error('Failed to get user data');
+      }
+
+      // Set token in OxyServices
+      if (session.accessToken) {
+        oxyServices.setTokens(session.accessToken, session.refreshToken || undefined);
+      }
+
+      // Update state
+      loginSuccess(user);
+      await loadSessionsFromCore();
+      onAuthStateChange?.(user);
+      await applyLanguagePreference(user);
+      setTokenReady(true);
+      return user;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      loginFailure(errorMessage);
+      throw error;
+    } finally {
+      setAuthState({
+        isLoading: false
+      });
     }
+  }, [identityCore, isCoreInitialized, oxyServices, loginSuccess, loginFailure, setAuthState, loadSessionsFromCore, onAuthStateChange, applyLanguagePreference, setTokenReady]);
+
+  // Session management functions
+  const clearSessionState = (0, _react.useCallback)(async () => {
+    setSessions([]);
+    setActiveSessionId(null);
+    logoutStore();
+    onAuthStateChange?.(null);
 
-    // Clear TanStack Query cache (in-memory)
+    // Clear TanStack Query cache
     queryClient.clear();
 
-    // Clear persisted query cache
+    // Clear persisted query cache and session storage
     if (storage) {
       try {
         await (0, _queryClient.clearQueryCache)(storage);
+        await storage.removeItem(storageKeys.activeSessionId);
+        await storage.removeItem(storageKeys.sessionIds);
+        await storage.removeItem('oxy_identity_synced').catch(() => {});
       } catch (error) {
-        logger('Failed to clear persisted query cache', error);
+        if (__DEV__) {
+          logger('Failed to clear session storage', error);
+        }
+      }
+    }
+  }, [logoutStore, onAuthStateChange, queryClient, storage, storageKeys, logger]);
+  const logout = (0, _react.useCallback)(async targetSessionId => {
+    if (!identityCore || !isCoreInitialized) return;
+    try {
+      await identityCore.invalidateSession(targetSessionId);
+      await loadSessionsFromCore();
+      await clearSessionState();
+      setTokenReady(false);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to logout', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, clearSessionState, setTokenReady, logger]);
+  const logoutAll = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized) return;
+    try {
+      await identityCore.invalidateAllSessions();
+      await loadSessionsFromCore();
+      await clearSessionState();
+      setTokenReady(false);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to logout all', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, clearSessionState, setTokenReady, logger]);
+  const switchSession = (0, _react.useCallback)(async sessionId => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+    try {
+      // Validate session
+      const validation = await oxyServices.validateSession(sessionId, {
+        useHeaderValidation: true
+      });
+      if (!validation?.valid || !validation.user) {
+        throw new Error('Session is invalid or expired');
+      }
+      const user = validation.user;
+
+      // Get token for this session
+      await oxyServices.getTokenBySession(sessionId);
+
+      // Update active session in core
+      const sessionManager = identityCore.getSessionManager();
+      await sessionManager.setActiveSessionId(sessionId);
+
+      // Update local state
+      setActiveSessionId(sessionId);
+      loginSuccess(user);
+      await applyLanguagePreference(user);
+      onAuthStateChange?.(user);
+      setTokenReady(true);
+      await loadSessionsFromCore();
+      return user;
+    } catch (error) {
+      if ((0, _errorHandlers.isInvalidSessionError)(error)) {
+        // Remove invalid session from list
+        setSessions(prev => prev.filter(s => s.sessionId !== sessionId));
+        if (sessionId === activeSessionId) {
+          await clearSessionState();
+        }
       }
+      throw error;
     }
+  }, [identityCore, isCoreInitialized, oxyServices, loginSuccess, applyLanguagePreference, onAuthStateChange, setTokenReady, loadSessionsFromCore, activeSessionId, clearSessionState]);
+  const refreshSessions = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized || !activeSessionId) return;
+    try {
+      // Refresh current session
+      await identityCore.refreshSession();
 
-    // Clear session state (sessions, activeSessionId, storage)
+      // Reload sessions from core
+      await loadSessionsFromCore();
+    } catch (error) {
+      if ((0, _errorHandlers.isInvalidSessionError)(error)) {
+        await clearSessionState();
+      } else if (__DEV__) {
+        logger('Failed to refresh sessions', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, activeSessionId, loadSessionsFromCore, clearSessionState, logger]);
+
+  // Device management functions
+  const getDeviceSessions = (0, _react.useCallback)(async () => {
+    if (!activeSessionId) throw new Error('No active session');
+    return await oxyServices.getDeviceSessions(activeSessionId);
+  }, [activeSessionId, oxyServices]);
+  const logoutAllDeviceSessions = (0, _react.useCallback)(async () => {
+    if (!activeSessionId) throw new Error('No active session');
+    await oxyServices.logoutAllDeviceSessions(activeSessionId);
     await clearSessionState();
+  }, [activeSessionId, oxyServices, clearSessionState]);
+  const updateDeviceName = (0, _react.useCallback)(async deviceName => {
+    if (!identityCore || !isCoreInitialized || !activeSessionId) {
+      throw new Error('Identity core not initialized or no active session');
+    }
+    await oxyServices.updateDeviceName(activeSessionId, deviceName);
 
-    // Clear identity sync state from storage
+    // Update device name in core
+    const deviceManager = identityCore.getDeviceManager();
+    await deviceManager.updateDeviceName(deviceName);
+  }, [identityCore, isCoreInitialized, activeSessionId, oxyServices]);
+  (0, _useTransferCodesPersistence.useTransferCodesPersistence)(storageKeyPrefix);
+  const clearAllAccountData = (0, _react.useCallback)(async () => {
+    if (__DEV__) logger('Clearing all account data - identity changed or lost');
+    queryClient.clear();
+    await clearSessionState();
     if (storage) {
       try {
+        await (0, _queryClient.clearQueryCache)(storage);
         await storage.removeItem('oxy_identity_synced');
       } catch (error) {
-        logger('Failed to clear identity sync state', error);
+        logger('Failed to clear persisted data', error);
       }
     }
-
-    // Reset auth store identity sync state
     _authStore.useAuthStore.getState().setIdentitySynced(false);
     _authStore.useAuthStore.getState().setSyncing(false);
-
-    // Reset account store
     _accountStore.useAccountStore.getState().reset();
-
-    // CRITICAL: Clear ALL transfer codes and active transfer state
-    // This prevents transfer state from previous identity from lingering
-    if (storage) {
-      try {
-        await storage.removeItem(TRANSFER_CODES_STORAGE_KEY);
-        await storage.removeItem(ACTIVE_TRANSFER_STORAGE_KEY);
-
-        // Also clear Zustand transfer store
-        _transferStore.useTransferStore.getState().clearAll();
-        if (__DEV__) {
-          logger('Cleared all transfer state');
-        }
-      } catch (error) {
-        logger('Failed to clear transfer state', error);
-      }
-    }
-
-    // Clear HTTP service cache
+    _transferStore.useTransferStore.getState().clearAll();
     oxyServices.clearCache();
+    identityCore?.getIdentityManager().invalidateCache();
+  }, [queryClient, storage, clearSessionState, logger, oxyServices, identityCore]);
 
-    // Force KeyManager cache invalidation
-    _crypto.KeyManager.invalidateCache();
-  }, [queryClient, storage, clearSessionState, logger, oxyServices, TRANSFER_CODES_STORAGE_KEY, ACTIVE_TRANSFER_STORAGE_KEY]);
-
-  // Extract Zustand store functions early (before they're used in callbacks)
-  const getAllPendingTransfersStore = (0, _transferStore.useTransferStore)(state => state.getAllPendingTransfers);
-  const getActiveTransferIdStore = (0, _transferStore.useTransferStore)(state => state.getActiveTransferId);
-  const storeTransferCodeStore = (0, _transferStore.useTransferStore)(state => state.storeTransferCode);
-  const getTransferCodeStore = (0, _transferStore.useTransferStore)(state => state.getTransferCode);
-  const updateTransferStateStore = (0, _transferStore.useTransferStore)(state => state.updateTransferState);
-  const clearTransferCodeStore = (0, _transferStore.useTransferStore)(state => state.clearTransferCode);
-
-  // Transfer code management functions (must be defined before deleteIdentityAndClearAccount)
-  const getAllPendingTransfers = (0, _react.useCallback)(() => {
-    return getAllPendingTransfersStore();
-  }, [getAllPendingTransfersStore]);
-  const getActiveTransferId = (0, _react.useCallback)(() => {
-    return getActiveTransferIdStore();
-  }, [getActiveTransferIdStore]);
+  // Get transfer store functions (used in deleteIdentityAndClearAccount)
+  const getAllPendingTransfers = (0, _transferStore.useTransferStore)(state => state.getAllPendingTransfers);
+  const getActiveTransferId = (0, _transferStore.useTransferStore)(state => state.getActiveTransferId);
+  const getTransferCode = (0, _transferStore.useTransferStore)(state => state.getTransferCode);
 
   // Delete identity and clear all account data
   // In accounts app, deleting identity means losing the account completely
@@ -365,659 +539,106 @@ const OxyProvider = ({
     await clearAllAccountData();
 
     // Then delete the identity keys
-    await _crypto.KeyManager.deleteIdentity(skipBackup, force, userConfirmed);
-  }, [clearAllAccountData, getAllPendingTransfers, getActiveTransferId]);
-
-  // Network reconnect sync - TanStack Query automatically retries mutations on reconnect
-  // We only need to sync identity if it's not synced
-  (0, _react.useEffect)(() => {
-    if (!storage) return;
-    let wasOffline = false;
-    let checkTimeout = null;
-    let lastReconnectionLog = 0;
-    const RECONNECTION_LOG_DEBOUNCE_MS = 5000; // 5 seconds
-
-    // Circuit breaker and exponential backoff state
-    const stateRef = {
-      consecutiveFailures: 0,
-      currentInterval: 10000,
-      // Start with 10 seconds
-      baseInterval: 10000,
-      // Base interval in milliseconds
-      maxInterval: 60000,
-      // Maximum interval (60 seconds)
-      maxFailures: 5 // Circuit breaker threshold
-    };
-    const scheduleNextCheck = () => {
-      if (checkTimeout) {
-        clearTimeout(checkTimeout);
-      }
-      checkTimeout = setTimeout(() => {
-        checkNetworkAndSync();
-      }, stateRef.currentInterval);
-    };
-    const checkNetworkAndSync = async () => {
-      try {
-        // Try a lightweight health check to see if we're online
-        await oxyServices.healthCheck().catch(() => {
-          wasOffline = true;
-          throw new Error('Health check failed');
-        });
-
-        // Health check succeeded - reset circuit breaker and backoff
-        if (stateRef.consecutiveFailures > 0) {
-          stateRef.consecutiveFailures = 0;
-          stateRef.currentInterval = stateRef.baseInterval;
-        }
-
-        // If we were offline and now we're online, sync identity if needed
-        if (wasOffline) {
-          const now = Date.now();
-          const timeSinceLastLog = now - lastReconnectionLog;
-          if (timeSinceLastLog >= RECONNECTION_LOG_DEBOUNCE_MS) {
-            logger('Network reconnected, checking identity sync...');
-            lastReconnectionLog = now;
-
-            // Sync identity first (if not synced)
-            try {
-              const hasIdentityValue = await hasIdentity();
-              if (hasIdentityValue) {
-                // Check sync status directly - sync if not explicitly 'true'
-                // undefined = not synced yet, 'false' = explicitly not synced, 'true' = synced
-                const syncStatus = await storage.getItem('oxy_identity_synced');
-                if (syncStatus !== 'true') {
-                  await syncIdentity();
-                }
-              }
-            } catch (syncError) {
-              // Skip sync silently if username is required (expected when offline onboarding)
-              if (syncError?.code === 'USERNAME_REQUIRED' || syncError?.message === 'USERNAME_REQUIRED') {
-                if (__DEV__) {
-                  _loggerUtils.logger.debug('Sync skipped - username required', {
-                    component: 'OxyContext',
-                    method: 'checkNetworkAndSync'
-                  }, syncError);
-                }
-                // Don't log or show error - username will be set later
-              } else if (!(0, _errorHandlers.isTimeoutOrNetworkError)(syncError)) {
-                // Only log unexpected errors - timeouts/network issues are expected when offline
-                logger('Error syncing identity on reconnect', syncError);
-              } else if (__DEV__) {
-                _loggerUtils.logger.debug('Identity sync timeout (expected when offline)', {
-                  component: 'OxyContext',
-                  method: 'checkNetworkAndSync'
-                }, syncError);
-              }
-            }
-
-            // Check for pending transfers that may have completed while offline
-            // This is handled by useCheckPendingTransfers hook which runs automatically
-            // when authenticated and online
-          }
-
-          // TanStack Query will automatically retry pending mutations
-          // Reset flag immediately after processing (whether logged or not)
-          wasOffline = false;
-        }
-      } catch (error) {
-        // Network check failed - we're offline
-        wasOffline = true;
-
-        // Increment failure count and apply exponential backoff
-        stateRef.consecutiveFailures++;
-
-        // Calculate new interval with exponential backoff, capped at maxInterval
-        const backoffMultiplier = Math.min(Math.pow(2, stateRef.consecutiveFailures - 1), stateRef.maxInterval / stateRef.baseInterval);
-        stateRef.currentInterval = Math.min(stateRef.baseInterval * backoffMultiplier, stateRef.maxInterval);
-
-        // If we hit the circuit breaker threshold, use max interval
-        if (stateRef.consecutiveFailures >= stateRef.maxFailures) {
-          stateRef.currentInterval = stateRef.maxInterval;
-        }
-      } finally {
-        // Always schedule next check (will use updated interval)
-        scheduleNextCheck();
-      }
-    };
-
-    // Check immediately
-    checkNetworkAndSync();
-    return () => {
-      if (checkTimeout) {
-        clearTimeout(checkTimeout);
-      }
-    };
-  }, [oxyServices, storage, syncIdentity, logger, hasIdentity]);
-  const {
-    getDeviceSessions,
-    logoutAllDeviceSessions,
-    updateDeviceName
-  } = (0, _useDeviceManagement.useDeviceManagement)({
-    oxyServices,
-    activeSessionId,
-    onError,
-    clearSessionState,
-    logger
-  });
-  const useFollowHook = loadUseFollowHook();
-  const restoreSessionsFromStorage = (0, _react.useCallback)(async () => {
-    if (!storage) {
-      return;
+    if (identityCore) {
+      await identityCore.deleteIdentity(skipBackup, force, userConfirmed);
+    } else {
+      throw new Error('Identity core not initialized');
     }
+  }, [clearAllAccountData, identityCore, getAllPendingTransfers, getActiveTransferId]);
+  const restoreSessionsFromStorage = (0, _react.useCallback)(async () => {
+    if (!identityCore || !isCoreInitialized) return;
     setTokenReady(false);
     try {
-      // CRITICAL: Get current identity's public key first
-      // Only restore sessions that belong to this identity
-      // Force cache invalidation to ensure we get the actual current identity
-      _crypto.KeyManager.invalidateCache();
-      const currentPublicKey = await _crypto.KeyManager.getPublicKey().catch(() => null);
-      const storedSessionIdsJson = await storage.getItem(storageKeys.sessionIds);
-      const storedSessionIds = storedSessionIdsJson ? JSON.parse(storedSessionIdsJson) : [];
-      const storedActiveSessionId = await storage.getItem(storageKeys.activeSessionId);
-
-      // If no identity exists, clear all sessions and return
-      if (!currentPublicKey) {
-        if (storedSessionIds.length > 0 || storedActiveSessionId) {
-          if (__DEV__) {
-            logger('No identity found - clearing all stored sessions to prevent cross-identity data leak');
-          }
-          await clearSessionState();
-        }
+      await loadSessionsFromCore();
+      const activeId = await identityCore.getActiveSessionId();
+      if (!activeId) {
         setTokenReady(true);
         return;
       }
-      if (__DEV__) {
-        logger('Restoring sessions for identity', {
-          publicKey: currentPublicKey.substring(0, 16) + '...',
-          sessionCount: storedSessionIds.length
-        });
-      }
-      const validSessions = [];
-      const invalidSessionIds = []; // Track invalid sessions for batch removal
-
-      if (storedSessionIds.length > 0) {
-        for (const sessionId of storedSessionIds) {
+      try {
+        await switchSession(activeId);
+      } catch (switchError) {
+        if ((0, _errorHandlers.isTimeoutOrNetworkError)(switchError)) {
           try {
-            const validation = await oxyServices.validateSession(sessionId, {
-              useHeaderValidation: true
+            const validation = await oxyServices.validateSession(activeId, {
+              useHeaderValidation: false
             });
             if (validation?.valid && validation.user) {
-              // CRITICAL: Verify session belongs to current identity
-              // Compare session's publicKey to current identity's publicKey
-              if (validation.user.publicKey !== currentPublicKey) {
-                // Session belongs to different identity - skip it and log warning
-                if (__DEV__) {
-                  logger('CRITICAL: Skipping session from different identity during restoration', {
-                    sessionPublicKey: validation.user.publicKey?.substring(0, 16) + '...',
-                    currentPublicKey: currentPublicKey.substring(0, 16) + '...',
-                    sessionId: sessionId.substring(0, 16) + '...'
-                  });
-                }
-                // Mark for batch removal
-                invalidSessionIds.push(sessionId);
-                continue;
-              }
-              const now = new Date();
-              validSessions.push({
-                sessionId,
-                deviceId: '',
-                expiresAt: new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
-                lastActive: now.toISOString(),
-                userId: validation.user.id?.toString() ?? '',
-                isCurrent: sessionId === storedActiveSessionId
-              });
-            }
-          } catch (validationError) {
-            // Silently handle expected errors (invalid sessions, timeouts, network issues) during restoration
-            // Only log unexpected errors
-            if (!(0, _errorHandlers.isInvalidSessionError)(validationError) && !(0, _errorHandlers.isTimeoutOrNetworkError)(validationError)) {
-              logger('Session validation failed during init', validationError);
-            } else if (__DEV__ && (0, _errorHandlers.isTimeoutOrNetworkError)(validationError)) {
-              // Only log timeouts in dev mode for debugging
-              _loggerUtils.logger.debug('Session validation timeout (expected when offline)', {
-                component: 'OxyContext',
-                method: 'restoreSessionsFromStorage'
-              }, validationError);
-            }
-          }
-        }
-
-        // Batch remove invalid sessions from storage (performance optimization)
-        if (invalidSessionIds.length > 0) {
-          try {
-            // Use Set for O(n) lookup instead of O(n²) with includes()
-            const invalidSessionSet = new Set(invalidSessionIds);
-            const updatedIds = storedSessionIds.filter(id => !invalidSessionSet.has(id));
-            await storage.setItem(storageKeys.sessionIds, JSON.stringify(updatedIds));
-            if (__DEV__) {
-              logger('Removed invalid sessions from storage', {
-                count: invalidSessionIds.length
-              });
-            }
-          } catch (cleanupError) {
-            // Ignore cleanup errors - will be cleaned on next restart
-            if (__DEV__) {
-              logger('Failed to remove invalid sessions from storage', cleanupError);
-            }
-          }
-        }
-        if (validSessions.length > 0) {
-          updateSessions(validSessions, {
-            merge: false
-          });
-        }
-      }
-      if (storedActiveSessionId) {
-        try {
-          await switchSession(storedActiveSessionId);
-        } catch (switchError) {
-          // Silently handle expected errors (invalid sessions, timeouts, network issues)
-          if ((0, _errorHandlers.isInvalidSessionError)(switchError)) {
-            await storage.removeItem(storageKeys.activeSessionId);
-            updateSessions(validSessions.filter(session => session.sessionId !== storedActiveSessionId), {
-              merge: false
-            });
-            // Don't log expected session errors during restoration
-          } else if ((0, _errorHandlers.isTimeoutOrNetworkError)(switchError)) {
-            // Timeout/network error - non-critical, don't block
-            // However, if we have valid sessions, we should still set activeSessionId
-            // so that isAuthenticated can be computed correctly
-            if (validSessions.length > 0) {
-              const matchingSession = validSessions.find(s => s.sessionId === storedActiveSessionId);
-              if (matchingSession) {
-                // Set active session even if validation timed out (offline scenario)
-                setActiveSessionIdFromHook(storedActiveSessionId);
-                // Try to get user from session if possible (might fail offline, but that's OK)
-                try {
-                  const validation = await oxyServices.validateSession(storedActiveSessionId, {
-                    useHeaderValidation: false
-                  });
-                  if (validation?.valid && validation.user) {
-                    loginSuccess(validation.user);
-                  }
-                } catch {
-                  // Ignore - we're offline, will sync when online
-                }
-              }
-            }
-            if (__DEV__) {
-              _loggerUtils.logger.debug('Active session validation timeout (expected when offline)', {
-                component: 'OxyContext',
-                method: 'restoreSessionsFromStorage'
-              }, switchError);
-            }
-          } else {
-            // Only log unexpected errors
-            logger('Active session validation error', switchError);
-          }
-        }
-      } else if (validSessions.length > 0) {
-        // No stored active session, but we have valid sessions - activate the first one
-        const firstSession = validSessions[0];
-        try {
-          await switchSession(firstSession.sessionId);
-        } catch (switchError) {
-          // If switch fails, at least set the activeSessionId so UI can show sessions
-          if ((0, _errorHandlers.isTimeoutOrNetworkError)(switchError)) {
-            setActiveSessionIdFromHook(firstSession.sessionId);
-            // Try to get user from session
-            try {
-              const validation = await oxyServices.validateSession(firstSession.sessionId, {
-                useHeaderValidation: false
-              });
-              if (validation?.valid && validation.user) {
-                loginSuccess(validation.user);
-              }
-            } catch {
-              // Ignore - offline scenario
+              loginSuccess(validation.user);
             }
+          } catch {
+            // Offline - will sync when online
           }
+        } else if ((0, _errorHandlers.isInvalidSessionError)(switchError)) {
+          await identityCore.invalidateSession(activeId);
+          await loadSessionsFromCore();
         }
       }
     } catch (error) {
-      if (__DEV__) {
-        _loggerUtils.logger.error('Auth init error', error instanceof Error ? error : new Error(String(error)), {
-          component: 'OxyContext',
-          method: 'restoreSessionsFromStorage'
-        });
-      }
+      if (__DEV__) logger('Failed to restore sessions from storage', error);
       await clearSessionState();
     } finally {
       setTokenReady(true);
     }
-  }, [clearSessionState, logger, oxyServices, storage, storageKeys.activeSessionId, storageKeys.sessionIds, switchSession, updateSessions, setActiveSessionIdFromHook, loginSuccess]);
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, switchSession, loginSuccess, clearSessionState, oxyServices, logger]);
+
+  // Restore sessions when core is initialized
   (0, _react.useEffect)(() => {
-    if (!storage || initializedRef.current) {
-      return;
+    if (isCoreInitialized) {
+      void restoreSessionsFromStorage();
     }
-    initializedRef.current = true;
-    void restoreSessionsFromStorage();
-  }, [restoreSessionsFromStorage, storage]);
+  }, [isCoreInitialized, restoreSessionsFromStorage]);
   const activeSession = activeSessionId ? sessions.find(session => session.sessionId === activeSessionId) : undefined;
   const currentDeviceId = activeSession?.deviceId ?? null;
 
   // Compute isAuthenticated from actual session state, not just auth store
   // This ensures UI shows correct state even if loginSuccess wasn't called during restoration
-  const isAuthenticatedFromSessions = (0, _react.useMemo)(() => {
-    return !!(activeSessionId && sessions.length > 0 && user);
-  }, [activeSessionId, sessions.length, user]);
-
-  // Use session-based authentication state if auth store says not authenticated but we have sessions
-  // This handles the case where sessions were restored but loginSuccess wasn't called
   const computedIsAuthenticated = (0, _react.useMemo)(() => {
-    return isAuthenticatedFromStore || isAuthenticatedFromSessions;
-  }, [isAuthenticatedFromStore, isAuthenticatedFromSessions]);
-
-  // Get userId from JWT token (MongoDB ObjectId) for socket room matching
-  // user.id contains the MongoDB ObjectId, user.publicKey contains the cryptographic public key
+    return isAuthenticatedFromStore || !!(activeSessionId && sessions.length > 0 && user);
+  }, [isAuthenticatedFromStore, activeSessionId, sessions.length, user]);
   const userId = oxyServices.getCurrentUserId() || user?.id;
-
-  // Use Zustand store for transfer state management
-  // Storage keys are defined above (TRANSFER_CODES_STORAGE_KEY, ACTIVE_TRANSFER_STORAGE_KEY)
-  const isRestored = (0, _transferStore.useTransferStore)(state => state.isRestored);
-  const restoreFromStorage = (0, _transferStore.useTransferStore)(state => state.restoreFromStorage);
-  const markRestored = (0, _transferStore.useTransferStore)(state => state.markRestored);
-  const cleanupExpired = (0, _transferStore.useTransferStore)(state => state.cleanupExpired);
-
-  // Load transfer codes from storage on startup (only once)
-  (0, _react.useEffect)(() => {
-    if (!storage || !isStorageReady || isRestored) return;
-    const loadTransferCodes = async () => {
-      try {
-        // Load transfer codes
-        const storedCodes = await storage.getItem(TRANSFER_CODES_STORAGE_KEY);
-        const storedActiveTransferId = await storage.getItem(ACTIVE_TRANSFER_STORAGE_KEY);
-        const parsedCodes = storedCodes ? JSON.parse(storedCodes) : {};
-        const activeTransferId = storedActiveTransferId || null;
-
-        // Restore to Zustand store (store handles validation and expiration)
-        restoreFromStorage(parsedCodes, activeTransferId);
-        markRestored();
-        if (__DEV__ && Object.keys(parsedCodes).length > 0) {
-          logger('Restored transfer codes from storage', {
-            count: Object.keys(parsedCodes).length,
-            hasActiveTransfer: !!activeTransferId
-          });
-        }
-      } catch (error) {
-        if (__DEV__) {
-          logger('Failed to load transfer codes from storage', error);
-        }
-        // Mark as restored even on error to prevent retries
-        markRestored();
-      }
-    };
-    loadTransferCodes();
-  }, [storage, isStorageReady, isRestored, restoreFromStorage, markRestored, logger, storageKeyPrefix]);
-
-  // Persist transfer codes to storage whenever store changes
-  const {
-    transferCodes,
-    activeTransferId
-  } = (0, _transferStore.useTransferCodesForPersistence)();
-  (0, _react.useEffect)(() => {
-    if (!storage || !isStorageReady || !isRestored) return;
-    const persistTransferCodes = async () => {
-      try {
-        await storage.setItem(TRANSFER_CODES_STORAGE_KEY, JSON.stringify(transferCodes));
-        if (activeTransferId) {
-          await storage.setItem(ACTIVE_TRANSFER_STORAGE_KEY, activeTransferId);
-        } else {
-          await storage.removeItem(ACTIVE_TRANSFER_STORAGE_KEY);
-        }
-      } catch (error) {
-        if (__DEV__) {
-          logger('Failed to persist transfer codes', error);
-        }
-      }
-    };
-    persistTransferCodes();
-  }, [transferCodes, activeTransferId, storage, isStorageReady, isRestored, logger]);
-
-  // Cleanup expired transfer codes (every minute)
-  (0, _react.useEffect)(() => {
-    const cleanup = setInterval(() => {
-      cleanupExpired();
-    }, 60000); // Check every minute
-
-    return () => clearInterval(cleanup);
-  }, [cleanupExpired]);
-
-  // Transfer code management functions using Zustand store
-  const storeTransferCode = (0, _react.useCallback)(async (transferId, code, sourceDeviceId, publicKey) => {
-    storeTransferCodeStore(transferId, code, sourceDeviceId, publicKey);
-    if (__DEV__) {
-      logger('Stored transfer code', {
-        transferId,
-        sourceDeviceId,
-        publicKey: publicKey.substring(0, 16) + '...'
-      });
-    }
-  }, [logger, storeTransferCodeStore]);
-  const getTransferCode = (0, _react.useCallback)(transferId => {
-    return getTransferCodeStore(transferId);
-  }, [getTransferCodeStore]);
-  const updateTransferState = (0, _react.useCallback)(async (transferId, state) => {
-    updateTransferStateStore(transferId, state);
-    if (__DEV__) {
-      logger('Updated transfer state', {
-        transferId,
-        state
-      });
-    }
-  }, [logger, updateTransferStateStore]);
-  const clearTransferCode = (0, _react.useCallback)(async transferId => {
-    clearTransferCodeStore(transferId);
-    if (__DEV__) {
-      logger('Cleared transfer code', {
-        transferId
-      });
-    }
-  }, [logger, clearTransferCodeStore]);
-  const refreshSessionsWithUser = (0, _react.useCallback)(() => refreshSessions(userId), [refreshSessions, userId]);
-  const handleSessionRemoved = (0, _react.useCallback)(sessionId => {
-    trackRemovedSession(sessionId);
-  }, [trackRemovedSession]);
-  const handleRemoteSignOut = (0, _react.useCallback)(() => {
-    _sonner.toast.info('You have been signed out remotely.');
-    logout().catch(remoteError => logger('Failed to process remote sign out', remoteError));
-  }, [logger, logout]);
-
-  // Check pending transfers when authenticated and online using TanStack Query
-  // Check for pending transfers that may have completed while offline
-  // Results are processed via socket events (onIdentityTransferComplete), so we don't need to process query results here
   (0, _useTransferQueries.useCheckPendingTransfers)(oxyServices, computedIsAuthenticated);
-  const handleIdentityTransferComplete = (0, _react.useCallback)(async data => {
-    try {
-      logger('Received identity transfer complete notification', {
-        transferId: data.transferId,
-        sourceDeviceId: data.sourceDeviceId,
-        currentDeviceId,
-        hasActiveSession: activeSessionId !== null,
-        publicKey: data.publicKey.substring(0, 16) + '...'
-      });
-      const storedTransfer = getTransferCode(data.transferId);
-      if (!storedTransfer) {
-        logger('Transfer code not found for transferId', {
-          transferId: data.transferId
-        });
-        _sonner.toast.error('Transfer verification failed: Code not found. Identity will not be deleted.');
-        return;
-      }
-
-      // Verify publicKey matches first (most important check)
-      const publicKeyMatches = data.publicKey === storedTransfer.publicKey;
-      if (!publicKeyMatches) {
-        logger('Public key mismatch for transfer', {
-          transferId: data.transferId,
-          receivedPublicKey: data.publicKey.substring(0, 16) + '...',
-          storedPublicKey: storedTransfer.publicKey.substring(0, 16) + '...'
-        });
-        _sonner.toast.error('Transfer verification failed: Public key mismatch. Identity will not be deleted.');
-        return;
-      }
-
-      // Verify deviceId matches - very lenient since publicKey is the critical check
-      // If publicKey matches, we allow deletion even if deviceId doesn't match exactly
-      // This handles cases where deviceId might not be available or slightly different
-      const deviceIdMatches =
-      // Exact match
-      data.sourceDeviceId && data.sourceDeviceId === currentDeviceId ||
-      // Stored sourceDeviceId matches current deviceId
-      storedTransfer.sourceDeviceId && storedTransfer.sourceDeviceId === currentDeviceId;
-
-      // If publicKey matches, we're very lenient with deviceId - only warn but don't block
-      if (!deviceIdMatches && publicKeyMatches) {
-        logger('Device ID mismatch for transfer, but publicKey matches - proceeding with deletion', {
-          transferId: data.transferId,
-          receivedDeviceId: data.sourceDeviceId,
-          storedDeviceId: storedTransfer.sourceDeviceId,
-          currentDeviceId,
-          hasActiveSession: activeSessionId !== null
-        });
-        // Proceed with deletion - publicKey match is the critical verification
-      } else if (!deviceIdMatches && !publicKeyMatches) {
-        // Both don't match - this is suspicious, block deletion
-        logger('Device ID and publicKey mismatch for transfer', {
-          transferId: data.transferId,
-          receivedDeviceId: data.sourceDeviceId,
-          currentDeviceId
-        });
-        _sonner.toast.error('Transfer verification failed: Device and key mismatch. Identity will not be deleted.');
-        return;
-      }
-
-      // Verify transfer code matches (if provided)
-      // Transfer code is optional - if not provided, we still proceed if publicKey matches
-      if (data.transferCode) {
-        const codeMatches = data.transferCode.toUpperCase() === storedTransfer.code.toUpperCase();
-        if (!codeMatches) {
-          logger('Transfer code mismatch, but publicKey matches - proceeding with deletion', {
-            transferId: data.transferId,
-            receivedCode: data.transferCode,
-            storedCode: storedTransfer.code.substring(0, 2) + '****'
-          });
-          // Don't block - publicKey match is sufficient, code mismatch might be due to user error
-          // Log warning but proceed
-        }
-      }
-
-      // Check if transfer is too old (safety timeout - 10 minutes)
-      const transferAge = Date.now() - storedTransfer.timestamp;
-      const tenMinutes = 10 * 60 * 1000;
-      if (transferAge > tenMinutes) {
-        logger('Transfer confirmation received too late', {
-          transferId: data.transferId,
-          age: transferAge,
-          ageMinutes: Math.round(transferAge / 60000)
-        });
-        _sonner.toast.error('Transfer verification failed: Confirmation received too late. Identity will not be deleted.');
-        clearTransferCode(data.transferId);
-        return;
-      }
-
-      // NOTE: Target device verification already happened server-side when notifyTransferComplete was called
-      // The server verified that the target device is authenticated and has the matching public key
-      // Additional client-side verification is not necessary and would require source device authentication
-      // which may not be available. The existing checks (public key match, transfer code, device ID) are sufficient.
-
-      logger('All transfer verifications passed, deleting identity from source device', {
-        transferId: data.transferId,
-        sourceDeviceId: data.sourceDeviceId,
-        publicKey: data.publicKey.substring(0, 16) + '...'
-      });
-      try {
-        // Verify identity still exists before deletion (safety check)
-        const identityStillExists = await _crypto.KeyManager.hasIdentity();
-        if (!identityStillExists) {
-          logger('Identity already deleted - skipping deletion', {
-            transferId: data.transferId
-          });
-          await updateTransferState(data.transferId, 'completed');
-          await clearTransferCode(data.transferId);
-          return;
-        }
-        await deleteIdentityAndClearAccount(false, false, true);
-
-        // Verify identity was actually deleted
-        const identityDeleted = !(await _crypto.KeyManager.hasIdentity());
-        if (!identityDeleted) {
-          logger('Identity deletion failed - identity still exists', {
-            transferId: data.transferId
-          });
-          await updateTransferState(data.transferId, 'failed');
-          throw new Error('Identity deletion failed - identity still exists');
-        }
-        await updateTransferState(data.transferId, 'completed');
-        await clearTransferCode(data.transferId);
-        logger('Identity successfully deleted and transfer code cleared', {
-          transferId: data.transferId
-        });
-        _sonner.toast.success('Identity successfully transferred and removed from this device');
-      } catch (deleteError) {
-        logger('Error during identity deletion', deleteError);
-        await updateTransferState(data.transferId, 'failed');
-        throw deleteError;
-      }
-    } catch (error) {
-      logger('Failed to delete identity after transfer', error);
-      _sonner.toast.error(error?.message || 'Failed to remove identity from this device. Please try again manually from Security Settings.');
-    }
-  }, [deleteIdentityAndClearAccount, logger, getTransferCode, clearTransferCode, updateTransferState, currentDeviceId, activeSessionId, oxyServices]);
+  const {
+    handleIdentityTransferComplete
+  } = (0, _useIdentityTransfer.useIdentityTransfer)({
+    identityCore,
+    currentDeviceId,
+    activeSessionId,
+    getPublicKey,
+    deleteIdentityAndClearAccount,
+    logger
+  });
   (0, _useSessionSocket.useSessionSocket)({
     userId,
     activeSessionId,
     currentDeviceId,
-    refreshSessions: refreshSessionsWithUser,
+    refreshSessions,
     logout,
     clearSessionState,
     baseURL: oxyServices.getBaseURL(),
     getAccessToken: () => oxyServices.getAccessToken(),
     getTransferCode: getTransferCode,
-    onRemoteSignOut: handleRemoteSignOut,
-    onSessionRemoved: handleSessionRemoved,
+    onRemoteSignOut: () => {
+      _sonner.toast.info('You have been signed out remotely.');
+      logout().catch(err => logger('Failed to process remote sign out', err));
+    },
+    onSessionRemoved: sessionId => {
+      setSessions(prev => prev.filter(s => s.sessionId !== sessionId));
+      if (sessionId === activeSessionId) {
+        setActiveSessionId(null);
+      }
+    },
     onIdentityTransferComplete: handleIdentityTransferComplete
   });
-  const switchSessionForContext = (0, _react.useCallback)(async sessionId => {
-    await switchSession(sessionId);
-  }, [switchSession]);
-
-  // Create showBottomSheet function that uses the global function
-  const showBottomSheetForContext = (0, _react.useCallback)(screenOrConfig => {
-    (0, _bottomSheetManager.showBottomSheet)(screenOrConfig);
-  }, []);
-
-  // Create openAvatarPicker function
-  const openAvatarPicker = (0, _react.useCallback)(() => {
-    showBottomSheetForContext({
-      screen: 'FileManagement',
-      props: {
-        selectMode: true,
-        multiSelect: false,
-        disabledMimeTypes: ['video/', 'audio/', 'application/pdf'],
-        afterSelect: 'none',
-        // Don't navigate away - stay on current screen
-        onSelect: async file => {
-          if (!file.contentType.startsWith('image/')) {
-            _sonner.toast.error((0, _i18n.translate)(currentLanguage, 'editProfile.toasts.selectImage') || 'Please select an image file');
-            return;
-          }
-          try {
-            // Update file visibility to public for avatar
-            await (0, _avatarUtils.updateAvatarVisibility)(file.id, oxyServices, 'OxyContext');
-
-            // Update user profile (handles query invalidation and accountStore update)
-            await (0, _avatarUtils.updateProfileWithAvatar)({
-              avatar: file.id
-            }, oxyServices, activeSessionId, queryClient, syncIdentity);
-            _sonner.toast.success((0, _i18n.translate)(currentLanguage, 'editProfile.toasts.avatarUpdated') || 'Avatar updated');
-          } catch (e) {
-            _sonner.toast.error(e.message || (0, _i18n.translate)(currentLanguage, 'editProfile.toasts.updateAvatarFailed') || 'Failed to update avatar');
-          }
-        }
-      }
-    });
-  }, [oxyServices, currentLanguage, showBottomSheetForContext, activeSessionId, queryClient, syncIdentity]);
+  const {
+    openAvatarPicker
+  } = (0, _useAvatarPicker.useAvatarPicker)({
+    oxyServices,
+    currentLanguage,
+    activeSessionId,
+    queryClient,
+    syncIdentity
+  });
   const contextValue = (0, _react.useMemo)(() => ({
     user,
     sessions,
@@ -1040,21 +661,15 @@ const OxyProvider = ({
     isIdentitySynced,
     syncIdentity,
     deleteIdentityAndClearAccount,
-    storeTransferCode,
-    getTransferCode,
-    clearTransferCode,
-    getAllPendingTransfers,
-    getActiveTransferId,
-    updateTransferState,
     identitySyncState: {
       isSynced: isIdentitySyncedStore ?? true,
       isSyncing: isSyncing ?? false
     },
     logout,
     logoutAll,
-    switchSession: switchSessionForContext,
+    switchSession,
     removeSession: logout,
-    refreshSessions: refreshSessionsWithUser,
+    refreshSessions,
     setLanguage,
     getDeviceSessions,
     logoutAllDeviceSessions,
@@ -1062,10 +677,9 @@ const OxyProvider = ({
     clearSessionState,
     clearAllAccountData,
     oxyServices,
-    useFollow: useFollowHook,
-    showBottomSheet: showBottomSheetForContext,
+    showBottomSheet: _bottomSheetManager.showBottomSheet,
     openAvatarPicker
-  }), [activeSessionId, currentDeviceId, createIdentity, importIdentity, signIn, hasIdentity, getPublicKey, isIdentitySynced, syncIdentity, deleteIdentityAndClearAccount, storeTransferCode, getTransferCode, clearTransferCode, getAllPendingTransfers, getActiveTransferId, updateTransferState, isIdentitySyncedStore, isSyncing, currentLanguage, currentLanguageMetadata, currentLanguageName, currentNativeLanguageName, error, getDeviceSessions, computedIsAuthenticated, isLoading, logout, logoutAll, logoutAllDeviceSessions, oxyServices, refreshSessionsWithUser, sessions, setLanguage, switchSessionForContext, tokenReady, isStorageReady, updateDeviceName, clearAllAccountData, useFollowHook, user, showBottomSheetForContext, openAvatarPicker]);
+  }), [activeSessionId, currentDeviceId, createIdentity, importIdentity, signIn, hasIdentity, getPublicKey, isIdentitySynced, syncIdentity, deleteIdentityAndClearAccount, isIdentitySyncedStore, isSyncing, currentLanguage, currentLanguageMetadata, currentLanguageName, currentNativeLanguageName, error, getDeviceSessions, computedIsAuthenticated, isLoading, logout, logoutAll, logoutAllDeviceSessions, oxyServices, refreshSessions, sessions, setLanguage, switchSession, tokenReady, isStorageReady, updateDeviceName, clearAllAccountData, user, openAvatarPicker]);
   return /*#__PURE__*/(0, _jsxRuntime.jsx)(OxyContext.Provider, {
     value: contextValue,
     children: children