@oxyhq/services 5.16.40 → 5.16.41

package/src/ui/context/OxyContext.tsx

@@ -4,7 +4,6 @@ import {
   useCallback,
   useContext,
   useEffect,
-  useLayoutEffect,
   useMemo,
   useRef,
   useState,
@@ -18,25 +17,22 @@ import { toast } from '../../lib/sonner';
 import { useAuthStore, type AuthState } from '../stores/authStore';
 import { useShallow } from 'zustand/react/shallow';
 import { useSessionSocket } from '../hooks/useSessionSocket';
-import type { UseFollowHook } from '../hooks/useFollow.types';
 import { useStorage } from '../hooks/useStorage';
 import { useLanguageManagement } from '../hooks/useLanguageManagement';
-import { useSessionManagement } from '../hooks/useSessionManagement';
-import { useAuthOperations } from './hooks/useAuthOperations';
-import { useDeviceManagement } from '../hooks/useDeviceManagement';
 import { getStorageKeys } from '../utils/storageHelpers';
 import { isInvalidSessionError, isTimeoutOrNetworkError } from '../utils/errorHandlers';
 import type { RouteName } from '../navigation/routes';
 import { showBottomSheet as globalShowBottomSheet } from '../navigation/bottomSheetManager';
 import { useQueryClient } from '@tanstack/react-query';
 import { clearQueryCache } from '../hooks/queryClient';
-import { KeyManager, type BackupData } from '../../crypto';
+import { createIdentitySessionCore, type IdentitySessionCore, type BackupData } from '../../core/identity-session';
 import { translate } from '../../i18n';
-import { updateAvatarVisibility, updateProfileWithAvatar } from '../utils/avatarUtils';
 import { useAccountStore } from '../stores/accountStore';
-import { logger as loggerUtil } from '../../utils/loggerUtils';
-import { useTransferStore, useTransferCodesForPersistence } from '../stores/transferStore';
+import { useTransferStore } from '../stores/transferStore';
 import { useCheckPendingTransfers } from '../hooks/useTransferQueries';
+import { useTransferCodesPersistence } from '../hooks/useTransferCodesPersistence';
+import { useIdentityTransfer } from '../hooks/useIdentityTransfer';
+import { useAvatarPicker } from '../hooks/useAvatarPicker';
 
 export interface OxyContextState {
   user: User | null;
@@ -62,12 +58,6 @@ export interface OxyContextState {
   isIdentitySynced: () => Promise<boolean>;
   syncIdentity: (username?: string) => Promise<User>;
   deleteIdentityAndClearAccount: (skipBackup?: boolean, force?: boolean, userConfirmed?: boolean) => Promise<void>;
-  storeTransferCode: (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => Promise<void>;
-  getTransferCode: (transferId: string) => { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } | null;
-  clearTransferCode: (transferId: string) => Promise<void>;
-  getAllPendingTransfers: () => Array<{ transferId: string; data: { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } }>;
-  getActiveTransferId: () => string | null;
-  updateTransferState: (transferId: string, state: 'pending' | 'completed' | 'failed') => Promise<void>;
 
   // Identity sync state (reactive, from Zustand store)
   identitySyncState: {
@@ -78,7 +68,7 @@ export interface OxyContextState {
   // Session management
   logout: (targetSessionId?: string) => Promise<void>;
   logoutAll: () => Promise<void>;
-  switchSession: (sessionId: string) => Promise<void>;
+  switchSession: (sessionId: string) => Promise<User>;
   removeSession: (sessionId: string) => Promise<void>;
   refreshSessions: () => Promise<void>;
   setLanguage: (languageId: string) => Promise<void>;
@@ -96,7 +86,6 @@ export interface OxyContextState {
   clearSessionState: () => Promise<void>;
   clearAllAccountData: () => Promise<void>;
   oxyServices: OxyServices;
-  useFollow?: UseFollowHook;
   showBottomSheet?: (screenOrConfig: RouteName | { screen: RouteName; props?: Record<string, unknown> }) => void;
   openAvatarPicker: () => void;
 }
@@ -112,35 +101,6 @@ export interface OxyContextProviderProps {
   onError?: (error: ApiError) => void;
 }
 
-let cachedUseFollowHook: UseFollowHook | null = null;
-
-const loadUseFollowHook = (): UseFollowHook => {
-  if (cachedUseFollowHook) {
-    return cachedUseFollowHook;
-  }
-
-  try {
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
-    const { useFollow } = require('../hooks/useFollow');
-    cachedUseFollowHook = useFollow as UseFollowHook;
-    return cachedUseFollowHook;
-  } catch (error) {
-    if (__DEV__) {
-      loggerUtil.warn(
-        'useFollow hook is not available. Please import useFollow from @oxyhq/services directly.',
-        { component: 'OxyContext', method: 'loadUseFollowHook' },
-        error
-      );
-    }
-
-    const fallback: UseFollowHook = () => {
-      throw new Error('useFollow hook is only available in the UI bundle. Import it from @oxyhq/services.');
-    };
-
-    cachedUseFollowHook = fallback;
-    return cachedUseFollowHook;
-  }
-};
 
 export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   children,
@@ -195,7 +155,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   );
 
   const [tokenReady, setTokenReady] = useState(true);
-  const initializedRef = useRef(false);
   const setAuthState = useAuthStore.setState;
 
   const logger = useCallback((message: string, err?: unknown) => {
@@ -212,59 +171,30 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   const { storage, isReady: isStorageReady } = useStorage({ onError, logger });
 
-  // Invalidate KeyManager cache on mount to prevent stale cache issues
-  // useLayoutEffect runs synchronously after render but before paint, ensuring cache
-  // invalidation happens before any async operations start
-  useLayoutEffect(() => {
-    if (Platform.OS !== 'web') {
-      KeyManager.invalidateCache();
-    }
-  }, []);
+  // Initialize Identity Session Core
+  const [identityCore, setIdentityCore] = useState<IdentitySessionCore | null>(null);
+  const [isCoreInitialized, setIsCoreInitialized] = useState(false);
 
-  // Identity integrity check and auto-restore on startup
-  // Skip on web platform - identity storage is only available on native platforms
   useEffect(() => {
-    if (!storage || !isStorageReady) return;
-    if (Platform.OS === 'web') return; // Identity operations are native-only
-
-    const checkAndRestoreIdentity = async () => {
+    let mounted = true;
+    const initCore = async () => {
       try {
-        // Cache was already invalidated synchronously above
-        
-        // Check if identity exists and verify integrity
-        const hasIdentity = await KeyManager.hasIdentity();
-        if (hasIdentity) {
-          const isValid = await KeyManager.verifyIdentityIntegrity();
-          if (!isValid) {
-            // Try to restore from backup (cache will be invalidated inside restoreIdentityFromBackup)
-            const restored = await KeyManager.restoreIdentityFromBackup();
-            if (__DEV__) {
-              logger(restored
-                ? 'Identity restored from backup successfully'
-                : 'Identity integrity check failed - user may need to restore from backup file'
-              );
-            }
-          } else {
-            // Identity is valid - ensure backup is up to date
-            await KeyManager.backupIdentity();
-          }
-        } else {
-          // No identity - try to restore from backup (cache will be invalidated inside restoreIdentityFromBackup)
-          const restored = await KeyManager.restoreIdentityFromBackup();
-          if (restored && __DEV__) {
-            logger('Identity restored from backup on startup');
-          }
+        const core = await createIdentitySessionCore(oxyServices.getBaseURL() || baseURL);
+        if (mounted) {
+          setIdentityCore(core);
+          setIsCoreInitialized(true);
         }
       } catch (error) {
         if (__DEV__) {
-          logger('Error during identity integrity check', error);
+          logger('Failed to initialize identity session core', error);
         }
-        // Don't block app startup - user can recover with backup file
       }
     };
-
-    checkAndRestoreIdentity();
-  }, [storage, isStorageReady, logger]);
+    initCore();
+    return () => {
+      mounted = false;
+    };
+  }, [oxyServices, baseURL, logger]);
 
   const {
     currentLanguage,
@@ -282,70 +212,115 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   const queryClient = useQueryClient();
 
-  const {
-    sessions,
-    activeSessionId,
-    setActiveSessionId: setActiveSessionIdFromHook,
-    updateSessions,
-    switchSession,
-    refreshSessions,
-    clearSessionState,
-    saveActiveSessionId,
-    trackRemovedSession,
-  } = useSessionManagement({
-    oxyServices,
-    storage,
-    storageKeyPrefix,
-    loginSuccess,
-    logoutStore,
-    applyLanguagePreference,
-    onAuthStateChange,
-    onError,
-    setAuthError: (message) => setAuthState({ error: message }),
-    logger,
-    setTokenReady,
-    queryClient,
-  });
+  // Session state management using core
+  const [sessions, setSessions] = useState<ClientSession[]>([]);
+  const [activeSessionId, setActiveSessionId] = useState<string | null>(null);
 
-  const {
-    createIdentity,
-    importIdentity: importIdentityBase,
-    signIn,
-    logout,
-    logoutAll,
-    hasIdentity,
-    getPublicKey,
-    isIdentitySynced,
-    syncIdentity: syncIdentityBase,
-  } = useAuthOperations({
-    oxyServices,
-    storage,
-    sessions,
-    activeSessionId,
-    setActiveSessionId: setActiveSessionIdFromHook,
-    updateSessions,
-    saveActiveSessionId,
-    clearSessionState,
-    switchSession,
-    applyLanguagePreference,
-    onAuthStateChange,
-    onError,
-    loginSuccess,
-    loginFailure,
-    logoutStore,
-    setAuthState,
-    setIdentitySynced,
-    setSyncing,
-    logger,
-  });
+  // Load sessions from core
+  const loadSessionsFromCore = useCallback(async () => {
+    if (!identityCore || !isCoreInitialized) return;
+    try {
+      const coreSessions = await identityCore.getAllSessions();
+      const activeId = await identityCore.getActiveSessionId();
+
+      // Convert core sessions to ClientSession format
+      const clientSessions: ClientSession[] = coreSessions.map(s => ({
+        deviceInfo: s.deviceInfo,
+        sessionId: s.sessionId,
+        deviceId: s.deviceId,
+        userId: s.userId,
+        expiresAt: s.expiresAt,
+        lastActive: s.lastActive,
+        isCurrent: s.isCurrent || false,
+      }));
+
+      setSessions(clientSessions);
+      setActiveSessionId(activeId);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to load sessions from core', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, logger]);
+
+  // Load sessions when core is initialized
+  useEffect(() => {
+    if (isCoreInitialized) {
+      loadSessionsFromCore();
+    }
+  }, [isCoreInitialized, loadSessionsFromCore]);
+
+  // Subscribe to core events
+  useEffect(() => {
+    if (!identityCore || !isCoreInitialized) return;
+
+    const unsubscribe = identityCore.subscribe((event) => {
+      if (event.type === 'session:created' || event.type === 'session:refreshed' || event.type === 'session:invalidated' || event.type === 'session:all-invalidated') {
+        loadSessionsFromCore();
+      }
+    });
+
+    return unsubscribe;
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore]);
+
+  // Identity operations using core
+  const hasIdentity = useCallback(async (): Promise<boolean> => {
+    if (!identityCore || !isCoreInitialized) return false;
+    return await identityCore.hasIdentity();
+  }, [identityCore, isCoreInitialized]);
+
+  const getPublicKey = useCallback(async (): Promise<string | null> => {
+    if (!identityCore || !isCoreInitialized) return null;
+    return await identityCore.getPublicKey();
+  }, [identityCore, isCoreInitialized]);
+
+  const isIdentitySynced = useCallback(async (): Promise<boolean> => {
+    if (!storage) return false;
+    const synced = await storage.getItem('oxy_identity_synced');
+    return synced === 'true';
+  }, [storage]);
+
+  const createIdentity = useCallback(async (username?: string): Promise<{ synced: boolean }> => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
 
-  // syncIdentity - TanStack Query handles offline mutations automatically
-  const syncIdentity = useCallback(() => syncIdentityBase(), [syncIdentityBase]);
+    setSyncing(true);
+    try {
+      // Create identity using core
+      const identity = await identityCore.createIdentity(username);
+
+      // Try to register with backend
+      let synced = false;
+      try {
+        const { signature, publicKey, timestamp } = await identityCore.createRegistrationSignature();
+        const result = await oxyServices.register(publicKey, signature, timestamp, username);
+        if (result?.user) {
+          loginSuccess(result.user);
+          synced = true;
+          await storage?.setItem('oxy_identity_synced', 'true');
+          setIdentitySynced(true);
+        }
+      } catch (error) {
+        // Registration failed (likely offline) - identity still created locally
+        if (__DEV__) {
+          logger('Failed to register identity with backend (offline mode)', error);
+        }
+      }
+
+      return { synced };
+    } finally {
+      setSyncing(false);
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing, logger]);
 
-  // Wrapper for importIdentity to handle legacy calls gracefully
   const importIdentity = useCallback(
     async (backupData: BackupData | string, password?: string): Promise<{ synced: boolean }> => {
-      // Handle legacy calls with single string argument (old recovery phrase signature)
+      if (!identityCore || !isCoreInitialized) {
+        throw new Error('Identity core not initialized');
+      }
+
+      // Handle legacy calls with single string argument
       if (typeof backupData === 'string') {
         throw new Error('Recovery phrase import is no longer supported. Please use backup file import or QR code transfer instead.');
       }
@@ -355,94 +330,290 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         throw new Error('Password is required for backup file import.');
       }
 
-      return importIdentityBase(backupData, password);
+      setSyncing(true);
+      try {
+        // Import identity using core
+        const identity = await identityCore.importIdentity(backupData, password);
+
+        // Try to register with backend if not already registered
+        let synced = false;
+        try {
+          const { signature, publicKey, timestamp } = await identityCore.createRegistrationSignature();
+          const result = await oxyServices.register(publicKey, signature, timestamp);
+          if (result?.user) {
+            loginSuccess(result.user);
+            synced = true;
+            await storage?.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+          }
+        } catch (error: any) {
+          // Check if user already exists (409 conflict)
+          if (error?.status === 409) {
+            // User already registered - try to sign in instead
+            try {
+              await signIn();
+              synced = true;
+              await storage?.setItem('oxy_identity_synced', 'true');
+              setIdentitySynced(true);
+            } catch (signInError) {
+              if (__DEV__) {
+                logger('Failed to sign in after import', signInError);
+              }
+            }
+          } else if (__DEV__) {
+            logger('Failed to register identity with backend (offline mode)', error);
+          }
+        }
+
+        return { synced };
+      } finally {
+        setSyncing(false);
+      }
     },
-    [importIdentityBase]
+    [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing, logger]
   );
 
-  // Storage keys for transfer codes
-  const TRANSFER_CODES_STORAGE_KEY = `${storageKeyPrefix}_transfer_codes`;
-  const ACTIVE_TRANSFER_STORAGE_KEY = `${storageKeyPrefix}_active_transfer_id`;
+  const syncIdentity = useCallback(async (username?: string): Promise<User> => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+
+    const publicKey = await identityCore.getPublicKey();
+    if (!publicKey) {
+      throw new Error('No identity found');
+    }
 
-  // Clear all account data when identity is lost (for accounts app)
-  // In accounts app, identity = account, so losing identity means losing everything
-  const clearAllAccountData = useCallback(async (): Promise<void> => {
-    if (__DEV__) {
-      logger('Clearing all account data - identity changed or lost');
+    setSyncing(true);
+    try {
+      const { signature, publicKey: pk, timestamp } = await identityCore.createRegistrationSignature();
+      const result = await oxyServices.register(pk, signature, timestamp, username);
+      if (result?.user) {
+        loginSuccess(result.user);
+        await storage?.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+        return result.user;
+      }
+      throw new Error('Registration failed');
+    } catch (error: any) {
+      // Check if user already exists (409 conflict) - try to sign in
+      if (error?.status === 409) {
+        const user = await signIn();
+        await storage?.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+        return user;
+      }
+      throw error;
+    } finally {
+      setSyncing(false);
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, storage, loginSuccess, setIdentitySynced, setSyncing]);
+
+  const signIn = useCallback(async (deviceName?: string): Promise<User> => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+
+    setAuthState({ isLoading: true });
+    try {
+      // Create session using core
+      const session = await identityCore.createSession(deviceName);
+
+      // Get user from OxyServices
+      const user = await oxyServices.getUserBySession(session.sessionId);
+      if (!user) {
+        throw new Error('Failed to get user data');
+      }
+
+      // Set token in OxyServices
+      if (session.accessToken) {
+        oxyServices.setTokens(session.accessToken, session.refreshToken || undefined);
+      }
+
+      // Update state
+      loginSuccess(user);
+      await loadSessionsFromCore();
+      onAuthStateChange?.(user);
+      await applyLanguagePreference(user);
+      setTokenReady(true);
+
+      return user;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      loginFailure(errorMessage);
+      throw error;
+    } finally {
+      setAuthState({ isLoading: false });
     }
+  }, [identityCore, isCoreInitialized, oxyServices, loginSuccess, loginFailure, setAuthState, loadSessionsFromCore, onAuthStateChange, applyLanguagePreference, setTokenReady]);
+
+  // Session management functions
+  const clearSessionState = useCallback(async (): Promise<void> => {
+    setSessions([]);
+    setActiveSessionId(null);
+    logoutStore();
+    onAuthStateChange?.(null);
 
-    // Clear TanStack Query cache (in-memory)
+    // Clear TanStack Query cache
     queryClient.clear();
 
-    // Clear persisted query cache
+    // Clear persisted query cache and session storage
     if (storage) {
       try {
         await clearQueryCache(storage);
+        await storage.removeItem(storageKeys.activeSessionId);
+        await storage.removeItem(storageKeys.sessionIds);
+        await storage.removeItem('oxy_identity_synced').catch(() => { });
       } catch (error) {
-        logger('Failed to clear persisted query cache', error);
+        if (__DEV__) {
+          logger('Failed to clear session storage', error);
+        }
       }
     }
+  }, [logoutStore, onAuthStateChange, queryClient, storage, storageKeys, logger]);
 
-    // Clear session state (sessions, activeSessionId, storage)
-    await clearSessionState();
+  const logout = useCallback(async (targetSessionId?: string): Promise<void> => {
+    if (!identityCore || !isCoreInitialized) return;
 
-    // Clear identity sync state from storage
-    if (storage) {
-      try {
-        await storage.removeItem('oxy_identity_synced');
-      } catch (error) {
-        logger('Failed to clear identity sync state', error);
+    try {
+      await identityCore.invalidateSession(targetSessionId);
+      await loadSessionsFromCore();
+      await clearSessionState();
+      setTokenReady(false);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to logout', error);
       }
     }
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, clearSessionState, setTokenReady, logger]);
 
-    // Reset auth store identity sync state
-    useAuthStore.getState().setIdentitySynced(false);
-    useAuthStore.getState().setSyncing(false);
+  const logoutAll = useCallback(async (): Promise<void> => {
+    if (!identityCore || !isCoreInitialized) return;
 
-    // Reset account store
-    useAccountStore.getState().reset();
+    try {
+      await identityCore.invalidateAllSessions();
+      await loadSessionsFromCore();
+      await clearSessionState();
+      setTokenReady(false);
+    } catch (error) {
+      if (__DEV__) {
+        logger('Failed to logout all', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, clearSessionState, setTokenReady, logger]);
+
+  const switchSession = useCallback(async (sessionId: string): Promise<User> => {
+    if (!identityCore || !isCoreInitialized) {
+      throw new Error('Identity core not initialized');
+    }
+
+    try {
+      // Validate session
+      const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation: true });
+      if (!validation?.valid || !validation.user) {
+        throw new Error('Session is invalid or expired');
+      }
+
+      const user = validation.user;
+
+      // Get token for this session
+      await oxyServices.getTokenBySession(sessionId);
+
+      // Update active session in core
+      const sessionManager = identityCore.getSessionManager();
+      await sessionManager.setActiveSessionId(sessionId);
+
+      // Update local state
+      setActiveSessionId(sessionId);
+      loginSuccess(user);
+      await applyLanguagePreference(user);
+      onAuthStateChange?.(user);
+      setTokenReady(true);
+      await loadSessionsFromCore();
+
+      return user;
+    } catch (error) {
+      if (isInvalidSessionError(error)) {
+        // Remove invalid session from list
+        setSessions(prev => prev.filter(s => s.sessionId !== sessionId));
+        if (sessionId === activeSessionId) {
+          await clearSessionState();
+        }
+      }
+      throw error;
+    }
+  }, [identityCore, isCoreInitialized, oxyServices, loginSuccess, applyLanguagePreference, onAuthStateChange, setTokenReady, loadSessionsFromCore, activeSessionId, clearSessionState]);
+
+  const refreshSessions = useCallback(async (): Promise<void> => {
+    if (!identityCore || !isCoreInitialized || !activeSessionId) return;
+
+    try {
+      // Refresh current session
+      await identityCore.refreshSession();
+
+      // Reload sessions from core
+      await loadSessionsFromCore();
+    } catch (error) {
+      if (isInvalidSessionError(error)) {
+        await clearSessionState();
+      } else if (__DEV__) {
+        logger('Failed to refresh sessions', error);
+      }
+    }
+  }, [identityCore, isCoreInitialized, activeSessionId, loadSessionsFromCore, clearSessionState, logger]);
+
+  // Device management functions
+  const getDeviceSessions = useCallback(async () => {
+    if (!activeSessionId) throw new Error('No active session');
+    return await oxyServices.getDeviceSessions(activeSessionId);
+  }, [activeSessionId, oxyServices]);
+
+  const logoutAllDeviceSessions = useCallback(async (): Promise<void> => {
+    if (!activeSessionId) throw new Error('No active session');
+    await oxyServices.logoutAllDeviceSessions(activeSessionId);
+    await clearSessionState();
+  }, [activeSessionId, oxyServices, clearSessionState]);
+
+  const updateDeviceName = useCallback(async (deviceName: string): Promise<void> => {
+    if (!identityCore || !isCoreInitialized || !activeSessionId) {
+      throw new Error('Identity core not initialized or no active session');
+    }
+
+    await oxyServices.updateDeviceName(activeSessionId, deviceName);
+
+    // Update device name in core
+    const deviceManager = identityCore.getDeviceManager();
+    await deviceManager.updateDeviceName(deviceName);
+  }, [identityCore, isCoreInitialized, activeSessionId, oxyServices]);
+
+  useTransferCodesPersistence(storageKeyPrefix);
+
+  const clearAllAccountData = useCallback(async (): Promise<void> => {
+    if (__DEV__) logger('Clearing all account data - identity changed or lost');
+
+    queryClient.clear();
+    await clearSessionState();
 
-    // CRITICAL: Clear ALL transfer codes and active transfer state
-    // This prevents transfer state from previous identity from lingering
     if (storage) {
       try {
-        await storage.removeItem(TRANSFER_CODES_STORAGE_KEY);
-        await storage.removeItem(ACTIVE_TRANSFER_STORAGE_KEY);
-        
-        // Also clear Zustand transfer store
-        useTransferStore.getState().clearAll();
-        
-        if (__DEV__) {
-          logger('Cleared all transfer state');
-        }
+        await clearQueryCache(storage);
+        await storage.removeItem('oxy_identity_synced');
       } catch (error) {
-        logger('Failed to clear transfer state', error);
+        logger('Failed to clear persisted data', error);
       }
     }
 
-    // Clear HTTP service cache
+    useAuthStore.getState().setIdentitySynced(false);
+    useAuthStore.getState().setSyncing(false);
+    useAccountStore.getState().reset();
+    useTransferStore.getState().clearAll();
     oxyServices.clearCache();
-    
-    // Force KeyManager cache invalidation
-    KeyManager.invalidateCache();
-  }, [queryClient, storage, clearSessionState, logger, oxyServices, TRANSFER_CODES_STORAGE_KEY, ACTIVE_TRANSFER_STORAGE_KEY]);
-
-  // Extract Zustand store functions early (before they're used in callbacks)
-  const getAllPendingTransfersStore = useTransferStore((state) => state.getAllPendingTransfers);
-  const getActiveTransferIdStore = useTransferStore((state) => state.getActiveTransferId);
-  const storeTransferCodeStore = useTransferStore((state) => state.storeTransferCode);
-  const getTransferCodeStore = useTransferStore((state) => state.getTransferCode);
-  const updateTransferStateStore = useTransferStore((state) => state.updateTransferState);
-  const clearTransferCodeStore = useTransferStore((state) => state.clearTransferCode);
-
-  // Transfer code management functions (must be defined before deleteIdentityAndClearAccount)
-  const getAllPendingTransfers = useCallback(() => {
-    return getAllPendingTransfersStore();
-  }, [getAllPendingTransfersStore]);
-
-  const getActiveTransferId = useCallback(() => {
-    return getActiveTransferIdStore();
-  }, [getActiveTransferIdStore]);
+    identityCore?.getIdentityManager().invalidateCache();
+  }, [queryClient, storage, clearSessionState, logger, oxyServices, identityCore]);
+
+  // Get transfer store functions (used in deleteIdentityAndClearAccount)
+  const getAllPendingTransfers = useTransferStore((state) => state.getAllPendingTransfers);
+  const getActiveTransferId = useTransferStore((state) => state.getActiveTransferId);
+  const getTransferCode = useTransferStore((state) => state.getTransferCode);
 
   // Delete identity and clear all account data
   // In accounts app, deleting identity means losing the account completely
@@ -458,7 +629,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       if (pendingTransfers.length > 0) {
         const activeTransferId = getActiveTransferId();
         const hasActiveTransfer = activeTransferId && pendingTransfers.some((t: { transferId: string; data: any }) => t.transferId === activeTransferId);
-        
+
         if (hasActiveTransfer) {
           throw new Error(
             'Cannot delete identity: An active identity transfer is in progress. ' +
@@ -473,335 +644,56 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     await clearAllAccountData();
 
     // Then delete the identity keys
-    await KeyManager.deleteIdentity(skipBackup, force, userConfirmed);
-  }, [clearAllAccountData, getAllPendingTransfers, getActiveTransferId]);
-
-  // Network reconnect sync - TanStack Query automatically retries mutations on reconnect
-  // We only need to sync identity if it's not synced
-  useEffect(() => {
-    if (!storage) return;
-
-    let wasOffline = false;
-    let checkTimeout: NodeJS.Timeout | null = null;
-    let lastReconnectionLog = 0;
-    const RECONNECTION_LOG_DEBOUNCE_MS = 5000; // 5 seconds
-
-    // Circuit breaker and exponential backoff state
-    const stateRef = {
-      consecutiveFailures: 0,
-      currentInterval: 10000, // Start with 10 seconds
-      baseInterval: 10000, // Base interval in milliseconds
-      maxInterval: 60000, // Maximum interval (60 seconds)
-      maxFailures: 5, // Circuit breaker threshold
-    };
-
-    const scheduleNextCheck = () => {
-      if (checkTimeout) {
-        clearTimeout(checkTimeout);
-      }
-      checkTimeout = setTimeout(() => {
-        checkNetworkAndSync();
-      }, stateRef.currentInterval);
-    };
-
-    const checkNetworkAndSync = async () => {
-      try {
-        // Try a lightweight health check to see if we're online
-        await oxyServices.healthCheck().catch(() => {
-          wasOffline = true;
-          throw new Error('Health check failed');
-        });
-
-        // Health check succeeded - reset circuit breaker and backoff
-        if (stateRef.consecutiveFailures > 0) {
-          stateRef.consecutiveFailures = 0;
-          stateRef.currentInterval = stateRef.baseInterval;
-        }
-
-        // If we were offline and now we're online, sync identity if needed
-        if (wasOffline) {
-          const now = Date.now();
-          const timeSinceLastLog = now - lastReconnectionLog;
-          
-          if (timeSinceLastLog >= RECONNECTION_LOG_DEBOUNCE_MS) {
-            logger('Network reconnected, checking identity sync...');
-            lastReconnectionLog = now;
-            
-            // Sync identity first (if not synced)
-            try {
-              const hasIdentityValue = await hasIdentity();
-              if (hasIdentityValue) {
-                // Check sync status directly - sync if not explicitly 'true'
-                // undefined = not synced yet, 'false' = explicitly not synced, 'true' = synced
-                const syncStatus = await storage.getItem('oxy_identity_synced');
-                if (syncStatus !== 'true') {
-                  await syncIdentity();
-                }
-              }
-            } catch (syncError: any) {
-              // Skip sync silently if username is required (expected when offline onboarding)
-              if (syncError?.code === 'USERNAME_REQUIRED' || syncError?.message === 'USERNAME_REQUIRED') {
-                if (__DEV__) {
-                  loggerUtil.debug('Sync skipped - username required', { component: 'OxyContext', method: 'checkNetworkAndSync' }, syncError as unknown);
-                }
-                // Don't log or show error - username will be set later
-              } else if (!isTimeoutOrNetworkError(syncError)) {
-                // Only log unexpected errors - timeouts/network issues are expected when offline
-                logger('Error syncing identity on reconnect', syncError);
-              } else if (__DEV__) {
-                loggerUtil.debug('Identity sync timeout (expected when offline)', { component: 'OxyContext', method: 'checkNetworkAndSync' }, syncError as unknown);
-              }
-            }
-
-            // Check for pending transfers that may have completed while offline
-            // This is handled by useCheckPendingTransfers hook which runs automatically
-            // when authenticated and online
-          }
-          
-          // TanStack Query will automatically retry pending mutations
-          // Reset flag immediately after processing (whether logged or not)
-          wasOffline = false;
-        }
-      } catch (error) {
-        // Network check failed - we're offline
-        wasOffline = true;
-
-        // Increment failure count and apply exponential backoff
-        stateRef.consecutiveFailures++;
-
-        // Calculate new interval with exponential backoff, capped at maxInterval
-        const backoffMultiplier = Math.min(
-          Math.pow(2, stateRef.consecutiveFailures - 1),
-          stateRef.maxInterval / stateRef.baseInterval
-        );
-        stateRef.currentInterval = Math.min(
-          stateRef.baseInterval * backoffMultiplier,
-          stateRef.maxInterval
-        );
-
-        // If we hit the circuit breaker threshold, use max interval
-        if (stateRef.consecutiveFailures >= stateRef.maxFailures) {
-          stateRef.currentInterval = stateRef.maxInterval;
-        }
-      } finally {
-        // Always schedule next check (will use updated interval)
-        scheduleNextCheck();
-      }
-    };
-
-    // Check immediately
-    checkNetworkAndSync();
-
-    return () => {
-      if (checkTimeout) {
-        clearTimeout(checkTimeout);
-      }
-    };
-  }, [oxyServices, storage, syncIdentity, logger, hasIdentity]);
-
-  const { getDeviceSessions, logoutAllDeviceSessions, updateDeviceName } = useDeviceManagement({
-    oxyServices,
-    activeSessionId,
-    onError,
-    clearSessionState,
-    logger,
-  });
-
-  const useFollowHook = loadUseFollowHook();
+    if (identityCore) {
+      await identityCore.deleteIdentity(skipBackup, force, userConfirmed);
+    } else {
+      throw new Error('Identity core not initialized');
+    }
+  }, [clearAllAccountData, identityCore, getAllPendingTransfers, getActiveTransferId]);
 
   const restoreSessionsFromStorage = useCallback(async (): Promise<void> => {
-    if (!storage) {
-      return;
-    }
+    if (!identityCore || !isCoreInitialized) return;
 
     setTokenReady(false);
-
     try {
-      // CRITICAL: Get current identity's public key first
-      // Only restore sessions that belong to this identity
-      // Force cache invalidation to ensure we get the actual current identity
-      KeyManager.invalidateCache();
-      const currentPublicKey = await KeyManager.getPublicKey().catch(() => null);
-      
-      const storedSessionIdsJson = await storage.getItem(storageKeys.sessionIds);
-      const storedSessionIds: string[] = storedSessionIdsJson ? JSON.parse(storedSessionIdsJson) : [];
-      const storedActiveSessionId = await storage.getItem(storageKeys.activeSessionId);
-
-      // If no identity exists, clear all sessions and return
-      if (!currentPublicKey) {
-        if (storedSessionIds.length > 0 || storedActiveSessionId) {
-          if (__DEV__) {
-            logger('No identity found - clearing all stored sessions to prevent cross-identity data leak');
-          }
-          await clearSessionState();
-        }
+      await loadSessionsFromCore();
+      const activeId = await identityCore.getActiveSessionId();
+      if (!activeId) {
         setTokenReady(true);
         return;
       }
 
-      if (__DEV__) {
-        logger('Restoring sessions for identity', { publicKey: currentPublicKey.substring(0, 16) + '...', sessionCount: storedSessionIds.length });
-      }
-
-      const validSessions: ClientSession[] = [];
-      const invalidSessionIds: string[] = []; // Track invalid sessions for batch removal
-
-      if (storedSessionIds.length > 0) {
-        for (const sessionId of storedSessionIds) {
+      try {
+        await switchSession(activeId);
+      } catch (switchError) {
+        if (isTimeoutOrNetworkError(switchError)) {
           try {
-            const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation: true });
+            const validation = await oxyServices.validateSession(activeId, { useHeaderValidation: false });
             if (validation?.valid && validation.user) {
-              // CRITICAL: Verify session belongs to current identity
-              // Compare session's publicKey to current identity's publicKey
-              if (validation.user.publicKey !== currentPublicKey) {
-                // Session belongs to different identity - skip it and log warning
-                if (__DEV__) {
-                  logger('CRITICAL: Skipping session from different identity during restoration', {
-                    sessionPublicKey: validation.user.publicKey?.substring(0, 16) + '...',
-                    currentPublicKey: currentPublicKey.substring(0, 16) + '...',
-                    sessionId: sessionId.substring(0, 16) + '...',
-                  });
-                }
-                // Mark for batch removal
-                invalidSessionIds.push(sessionId);
-                continue;
-              }
-              
-              const now = new Date();
-              validSessions.push({
-                sessionId,
-                deviceId: '',
-                expiresAt: new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
-                lastActive: now.toISOString(),
-                userId: validation.user.id?.toString() ?? '',
-                isCurrent: sessionId === storedActiveSessionId,
-              });
-            }
-          } catch (validationError) {
-            // Silently handle expected errors (invalid sessions, timeouts, network issues) during restoration
-            // Only log unexpected errors
-            if (!isInvalidSessionError(validationError) && !isTimeoutOrNetworkError(validationError)) {
-              logger('Session validation failed during init', validationError);
-            } else if (__DEV__ && isTimeoutOrNetworkError(validationError)) {
-              // Only log timeouts in dev mode for debugging
-              loggerUtil.debug('Session validation timeout (expected when offline)', { component: 'OxyContext', method: 'restoreSessionsFromStorage' }, validationError as unknown);
-            }
-          }
-        }
-
-        // Batch remove invalid sessions from storage (performance optimization)
-        if (invalidSessionIds.length > 0) {
-          try {
-            // Use Set for O(n) lookup instead of O(n²) with includes()
-            const invalidSessionSet = new Set(invalidSessionIds);
-            const updatedIds = storedSessionIds.filter(id => !invalidSessionSet.has(id));
-            await storage.setItem(storageKeys.sessionIds, JSON.stringify(updatedIds));
-            if (__DEV__) {
-              logger('Removed invalid sessions from storage', { count: invalidSessionIds.length });
-            }
-          } catch (cleanupError) {
-            // Ignore cleanup errors - will be cleaned on next restart
-            if (__DEV__) {
-              logger('Failed to remove invalid sessions from storage', cleanupError);
-            }
-          }
-        }
-
-        if (validSessions.length > 0) {
-          updateSessions(validSessions, { merge: false });
-        }
-      }
-
-      if (storedActiveSessionId) {
-        try {
-          await switchSession(storedActiveSessionId);
-        } catch (switchError) {
-          // Silently handle expected errors (invalid sessions, timeouts, network issues)
-          if (isInvalidSessionError(switchError)) {
-            await storage.removeItem(storageKeys.activeSessionId);
-            updateSessions(
-              validSessions.filter((session) => session.sessionId !== storedActiveSessionId),
-              { merge: false },
-            );
-            // Don't log expected session errors during restoration
-          } else if (isTimeoutOrNetworkError(switchError)) {
-            // Timeout/network error - non-critical, don't block
-            // However, if we have valid sessions, we should still set activeSessionId
-            // so that isAuthenticated can be computed correctly
-            if (validSessions.length > 0) {
-              const matchingSession = validSessions.find(s => s.sessionId === storedActiveSessionId);
-              if (matchingSession) {
-                // Set active session even if validation timed out (offline scenario)
-                setActiveSessionIdFromHook(storedActiveSessionId);
-                // Try to get user from session if possible (might fail offline, but that's OK)
-                try {
-                  const validation = await oxyServices.validateSession(storedActiveSessionId, { useHeaderValidation: false });
-                  if (validation?.valid && validation.user) {
-                    loginSuccess(validation.user);
-                  }
-                } catch {
-                  // Ignore - we're offline, will sync when online
-                }
-              }
-            }
-            if (__DEV__) {
-              loggerUtil.debug('Active session validation timeout (expected when offline)', { component: 'OxyContext', method: 'restoreSessionsFromStorage' }, switchError as unknown);
-            }
-          } else {
-            // Only log unexpected errors
-            logger('Active session validation error', switchError);
-          }
-        }
-      } else if (validSessions.length > 0) {
-        // No stored active session, but we have valid sessions - activate the first one
-        const firstSession = validSessions[0];
-        try {
-          await switchSession(firstSession.sessionId);
-        } catch (switchError) {
-          // If switch fails, at least set the activeSessionId so UI can show sessions
-          if (isTimeoutOrNetworkError(switchError)) {
-            setActiveSessionIdFromHook(firstSession.sessionId);
-            // Try to get user from session
-            try {
-              const validation = await oxyServices.validateSession(firstSession.sessionId, { useHeaderValidation: false });
-              if (validation?.valid && validation.user) {
-                loginSuccess(validation.user);
-              }
-            } catch {
-              // Ignore - offline scenario
+              loginSuccess(validation.user);
             }
+          } catch {
+            // Offline - will sync when online
           }
+        } else if (isInvalidSessionError(switchError)) {
+          await identityCore.invalidateSession(activeId);
+          await loadSessionsFromCore();
         }
       }
     } catch (error) {
-      if (__DEV__) {
-        loggerUtil.error('Auth init error', error instanceof Error ? error : new Error(String(error)), { component: 'OxyContext', method: 'restoreSessionsFromStorage' });
-      }
+      if (__DEV__) logger('Failed to restore sessions from storage', error);
       await clearSessionState();
     } finally {
       setTokenReady(true);
     }
-  }, [
-    clearSessionState,
-    logger,
-    oxyServices,
-    storage,
-    storageKeys.activeSessionId,
-    storageKeys.sessionIds,
-    switchSession,
-    updateSessions,
-    setActiveSessionIdFromHook,
-    loginSuccess,
-  ]);
+  }, [identityCore, isCoreInitialized, loadSessionsFromCore, switchSession, loginSuccess, clearSessionState, oxyServices, logger]);
 
+  // Restore sessions when core is initialized
   useEffect(() => {
-    if (!storage || initializedRef.current) {
-      return;
+    if (isCoreInitialized) {
+      void restoreSessionsFromStorage();
     }
-
-    initializedRef.current = true;
-    void restoreSessionsFromStorage();
-  }, [restoreSessionsFromStorage, storage]);
+  }, [isCoreInitialized, restoreSessionsFromStorage]);
 
   const activeSession = activeSessionId
     ? sessions.find((session) => session.sessionId === activeSessionId)
@@ -810,359 +702,53 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   // Compute isAuthenticated from actual session state, not just auth store
   // This ensures UI shows correct state even if loginSuccess wasn't called during restoration
-  const isAuthenticatedFromSessions = useMemo(() => {
-    return !!(activeSessionId && sessions.length > 0 && user);
-  }, [activeSessionId, sessions.length, user]);
-
-  // Use session-based authentication state if auth store says not authenticated but we have sessions
-  // This handles the case where sessions were restored but loginSuccess wasn't called
   const computedIsAuthenticated = useMemo(() => {
-    return isAuthenticatedFromStore || isAuthenticatedFromSessions;
-  }, [isAuthenticatedFromStore, isAuthenticatedFromSessions]);
+    return isAuthenticatedFromStore || !!(activeSessionId && sessions.length > 0 && user);
+  }, [isAuthenticatedFromStore, activeSessionId, sessions.length, user]);
 
-  // Get userId from JWT token (MongoDB ObjectId) for socket room matching
-  // user.id contains the MongoDB ObjectId, user.publicKey contains the cryptographic public key
   const userId = oxyServices.getCurrentUserId() || user?.id;
 
-  // Use Zustand store for transfer state management
-  // Storage keys are defined above (TRANSFER_CODES_STORAGE_KEY, ACTIVE_TRANSFER_STORAGE_KEY)
-  const isRestored = useTransferStore((state) => state.isRestored);
-  const restoreFromStorage = useTransferStore((state) => state.restoreFromStorage);
-  const markRestored = useTransferStore((state) => state.markRestored);
-  const cleanupExpired = useTransferStore((state) => state.cleanupExpired);
-
-  // Load transfer codes from storage on startup (only once)
-  useEffect(() => {
-    if (!storage || !isStorageReady || isRestored) return;
-
-    const loadTransferCodes = async () => {
-      try {
-        // Load transfer codes
-        const storedCodes = await storage.getItem(TRANSFER_CODES_STORAGE_KEY);
-        const storedActiveTransferId = await storage.getItem(ACTIVE_TRANSFER_STORAGE_KEY);
-        
-        const parsedCodes = storedCodes ? JSON.parse(storedCodes) : {};
-        const activeTransferId = storedActiveTransferId || null;
-        
-        // Restore to Zustand store (store handles validation and expiration)
-        restoreFromStorage(parsedCodes, activeTransferId);
-        markRestored();
-        
-        if (__DEV__ && Object.keys(parsedCodes).length > 0) {
-          logger('Restored transfer codes from storage', { 
-            count: Object.keys(parsedCodes).length,
-            hasActiveTransfer: !!activeTransferId,
-          });
-        }
-      } catch (error) {
-        if (__DEV__) {
-          logger('Failed to load transfer codes from storage', error);
-        }
-        // Mark as restored even on error to prevent retries
-        markRestored();
-      }
-    };
-
-    loadTransferCodes();
-  }, [storage, isStorageReady, isRestored, restoreFromStorage, markRestored, logger, storageKeyPrefix]);
-
-  // Persist transfer codes to storage whenever store changes
-  const { transferCodes, activeTransferId } = useTransferCodesForPersistence();
-  useEffect(() => {
-    if (!storage || !isStorageReady || !isRestored) return;
-
-    const persistTransferCodes = async () => {
-      try {
-        await storage.setItem(TRANSFER_CODES_STORAGE_KEY, JSON.stringify(transferCodes));
-        
-        if (activeTransferId) {
-          await storage.setItem(ACTIVE_TRANSFER_STORAGE_KEY, activeTransferId);
-        } else {
-          await storage.removeItem(ACTIVE_TRANSFER_STORAGE_KEY);
-        }
-      } catch (error) {
-        if (__DEV__) {
-          logger('Failed to persist transfer codes', error);
-        }
-      }
-    };
-
-    persistTransferCodes();
-  }, [transferCodes, activeTransferId, storage, isStorageReady, isRestored, logger]);
-
-  // Cleanup expired transfer codes (every minute)
-  useEffect(() => {
-    const cleanup = setInterval(() => {
-      cleanupExpired();
-    }, 60000); // Check every minute
-
-    return () => clearInterval(cleanup);
-  }, [cleanupExpired]);
-
-  // Transfer code management functions using Zustand store
-  const storeTransferCode = useCallback(async (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => {
-    storeTransferCodeStore(transferId, code, sourceDeviceId, publicKey);
-    
-    if (__DEV__) {
-      logger('Stored transfer code', { transferId, sourceDeviceId, publicKey: publicKey.substring(0, 16) + '...' });
-    }
-  }, [logger, storeTransferCodeStore]);
-
-  const getTransferCode = useCallback((transferId: string) => {
-    return getTransferCodeStore(transferId);
-  }, [getTransferCodeStore]);
-
-  const updateTransferState = useCallback(async (transferId: string, state: 'pending' | 'completed' | 'failed') => {
-    updateTransferStateStore(transferId, state);
-    
-    if (__DEV__) {
-      logger('Updated transfer state', { transferId, state });
-    }
-  }, [logger, updateTransferStateStore]);
-
-  const clearTransferCode = useCallback(async (transferId: string) => {
-    clearTransferCodeStore(transferId);
-    
-    if (__DEV__) {
-      logger('Cleared transfer code', { transferId });
-    }
-  }, [logger, clearTransferCodeStore]);
-
-  const refreshSessionsWithUser = useCallback(
-    () => refreshSessions(userId),
-    [refreshSessions, userId],
-  );
-
-  const handleSessionRemoved = useCallback(
-    (sessionId: string) => {
-      trackRemovedSession(sessionId);
-    },
-    [trackRemovedSession],
-  );
-
-  const handleRemoteSignOut = useCallback(() => {
-    toast.info('You have been signed out remotely.');
-    logout().catch((remoteError) => logger('Failed to process remote sign out', remoteError));
-  }, [logger, logout]);
-
-  // Check pending transfers when authenticated and online using TanStack Query
-  // Check for pending transfers that may have completed while offline
-  // Results are processed via socket events (onIdentityTransferComplete), so we don't need to process query results here
   useCheckPendingTransfers(oxyServices, computedIsAuthenticated);
 
-  const handleIdentityTransferComplete = useCallback(
-    async (data: { transferId: string; sourceDeviceId: string; publicKey: string; transferCode?: string; completedAt: string }) => {
-      try {
-        logger('Received identity transfer complete notification', {
-          transferId: data.transferId,
-          sourceDeviceId: data.sourceDeviceId,
-          currentDeviceId,
-          hasActiveSession: activeSessionId !== null,
-          publicKey: data.publicKey.substring(0, 16) + '...',
-        });
-
-        const storedTransfer = getTransferCode(data.transferId);
-
-        if (!storedTransfer) {
-          logger('Transfer code not found for transferId', { 
-            transferId: data.transferId,
-          });
-          toast.error('Transfer verification failed: Code not found. Identity will not be deleted.');
-          return;
-        }
-
-        // Verify publicKey matches first (most important check)
-        const publicKeyMatches = data.publicKey === storedTransfer.publicKey;
-        if (!publicKeyMatches) {
-          logger('Public key mismatch for transfer', {
-            transferId: data.transferId,
-            receivedPublicKey: data.publicKey.substring(0, 16) + '...',
-            storedPublicKey: storedTransfer.publicKey.substring(0, 16) + '...',
-          });
-          toast.error('Transfer verification failed: Public key mismatch. Identity will not be deleted.');
-          return;
-        }
-
-        // Verify deviceId matches - very lenient since publicKey is the critical check
-        // If publicKey matches, we allow deletion even if deviceId doesn't match exactly
-        // This handles cases where deviceId might not be available or slightly different
-        const deviceIdMatches = 
-          // Exact match
-          (data.sourceDeviceId && data.sourceDeviceId === currentDeviceId) ||
-          // Stored sourceDeviceId matches current deviceId
-          (storedTransfer.sourceDeviceId && storedTransfer.sourceDeviceId === currentDeviceId);
-
-        // If publicKey matches, we're very lenient with deviceId - only warn but don't block
-        if (!deviceIdMatches && publicKeyMatches) {
-          logger('Device ID mismatch for transfer, but publicKey matches - proceeding with deletion', {
-            transferId: data.transferId,
-            receivedDeviceId: data.sourceDeviceId,
-            storedDeviceId: storedTransfer.sourceDeviceId,
-            currentDeviceId,
-            hasActiveSession: activeSessionId !== null,
-          });
-          // Proceed with deletion - publicKey match is the critical verification
-        } else if (!deviceIdMatches && !publicKeyMatches) {
-          // Both don't match - this is suspicious, block deletion
-          logger('Device ID and publicKey mismatch for transfer', {
-            transferId: data.transferId,
-            receivedDeviceId: data.sourceDeviceId,
-            currentDeviceId,
-          });
-          toast.error('Transfer verification failed: Device and key mismatch. Identity will not be deleted.');
-          return;
-        }
-
-        // Verify transfer code matches (if provided)
-        // Transfer code is optional - if not provided, we still proceed if publicKey matches
-        if (data.transferCode) {
-          const codeMatches = data.transferCode.toUpperCase() === storedTransfer.code.toUpperCase();
-          if (!codeMatches) {
-            logger('Transfer code mismatch, but publicKey matches - proceeding with deletion', {
-              transferId: data.transferId,
-              receivedCode: data.transferCode,
-              storedCode: storedTransfer.code.substring(0, 2) + '****',
-            });
-            // Don't block - publicKey match is sufficient, code mismatch might be due to user error
-            // Log warning but proceed
-          }
-        }
-
-        // Check if transfer is too old (safety timeout - 10 minutes)
-        const transferAge = Date.now() - storedTransfer.timestamp;
-        const tenMinutes = 10 * 60 * 1000;
-        if (transferAge > tenMinutes) {
-          logger('Transfer confirmation received too late', {
-            transferId: data.transferId,
-            age: transferAge,
-            ageMinutes: Math.round(transferAge / 60000),
-          });
-          toast.error('Transfer verification failed: Confirmation received too late. Identity will not be deleted.');
-          clearTransferCode(data.transferId);
-          return;
-        }
-
-        // NOTE: Target device verification already happened server-side when notifyTransferComplete was called
-        // The server verified that the target device is authenticated and has the matching public key
-        // Additional client-side verification is not necessary and would require source device authentication
-        // which may not be available. The existing checks (public key match, transfer code, device ID) are sufficient.
-
-        logger('All transfer verifications passed, deleting identity from source device', {
-          transferId: data.transferId,
-          sourceDeviceId: data.sourceDeviceId,
-          publicKey: data.publicKey.substring(0, 16) + '...',
-        });
-
-        try {
-          // Verify identity still exists before deletion (safety check)
-          const identityStillExists = await KeyManager.hasIdentity();
-          if (!identityStillExists) {
-            logger('Identity already deleted - skipping deletion', {
-              transferId: data.transferId,
-            });
-            await updateTransferState(data.transferId, 'completed');
-            await clearTransferCode(data.transferId);
-            return;
-          }
-
-          await deleteIdentityAndClearAccount(false, false, true);
-          
-          // Verify identity was actually deleted
-          const identityDeleted = !(await KeyManager.hasIdentity());
-          if (!identityDeleted) {
-            logger('Identity deletion failed - identity still exists', {
-              transferId: data.transferId,
-            });
-            await updateTransferState(data.transferId, 'failed');
-            throw new Error('Identity deletion failed - identity still exists');
-          }
-
-          await updateTransferState(data.transferId, 'completed');
-          await clearTransferCode(data.transferId);
-
-          logger('Identity successfully deleted and transfer code cleared', {
-            transferId: data.transferId,
-          });
-
-          toast.success('Identity successfully transferred and removed from this device');
-        } catch (deleteError: any) {
-          logger('Error during identity deletion', deleteError);
-          await updateTransferState(data.transferId, 'failed');
-          throw deleteError;
-        }
-      } catch (error: any) {
-        logger('Failed to delete identity after transfer', error);
-        toast.error(error?.message || 'Failed to remove identity from this device. Please try again manually from Security Settings.');
-      }
-    },
-    [deleteIdentityAndClearAccount, logger, getTransferCode, clearTransferCode, updateTransferState, currentDeviceId, activeSessionId, oxyServices],
-  );
+  const { handleIdentityTransferComplete } = useIdentityTransfer({
+    identityCore,
+    currentDeviceId,
+    activeSessionId,
+    getPublicKey,
+    deleteIdentityAndClearAccount,
+    logger,
+  });
 
   useSessionSocket({
     userId,
     activeSessionId,
     currentDeviceId,
-    refreshSessions: refreshSessionsWithUser,
+    refreshSessions,
     logout,
     clearSessionState,
     baseURL: oxyServices.getBaseURL(),
     getAccessToken: () => oxyServices.getAccessToken(),
     getTransferCode: getTransferCode,
-    onRemoteSignOut: handleRemoteSignOut,
-    onSessionRemoved: handleSessionRemoved,
-    onIdentityTransferComplete: handleIdentityTransferComplete,
-  });
-
-  const switchSessionForContext = useCallback(
-    async (sessionId: string): Promise<void> => {
-      await switchSession(sessionId);
+    onRemoteSignOut: () => {
+      toast.info('You have been signed out remotely.');
+      logout().catch((err) => logger('Failed to process remote sign out', err));
     },
-    [switchSession],
-  );
-
-  // Create showBottomSheet function that uses the global function
-  const showBottomSheetForContext = useCallback(
-    (screenOrConfig: RouteName | { screen: RouteName; props?: Record<string, unknown> }) => {
-      globalShowBottomSheet(screenOrConfig);
+    onSessionRemoved: (sessionId: string) => {
+      setSessions(prev => prev.filter(s => s.sessionId !== sessionId));
+      if (sessionId === activeSessionId) {
+        setActiveSessionId(null);
+      }
     },
-    [],
-  );
+    onIdentityTransferComplete: handleIdentityTransferComplete,
+  });
 
-  // Create openAvatarPicker function
-  const openAvatarPicker = useCallback(() => {
-    showBottomSheetForContext({
-      screen: 'FileManagement' as RouteName,
-      props: {
-        selectMode: true,
-        multiSelect: false,
-        disabledMimeTypes: ['video/', 'audio/', 'application/pdf'],
-        afterSelect: 'none', // Don't navigate away - stay on current screen
-        onSelect: async (file: any) => {
-          if (!file.contentType.startsWith('image/')) {
-            toast.error(translate(currentLanguage, 'editProfile.toasts.selectImage') || 'Please select an image file');
-            return;
-          }
-          try {
-            // Update file visibility to public for avatar
-            await updateAvatarVisibility(file.id, oxyServices, 'OxyContext');
-
-            // Update user profile (handles query invalidation and accountStore update)
-            await updateProfileWithAvatar(
-              { avatar: file.id },
-              oxyServices,
-              activeSessionId,
-              queryClient,
-              syncIdentity
-            );
-
-            toast.success(translate(currentLanguage, 'editProfile.toasts.avatarUpdated') || 'Avatar updated');
-          } catch (e: any) {
-            toast.error(e.message || translate(currentLanguage, 'editProfile.toasts.updateAvatarFailed') || 'Failed to update avatar');
-          }
-        },
-      },
-    });
-  }, [oxyServices, currentLanguage, showBottomSheetForContext, activeSessionId, queryClient, syncIdentity]);
+  const { openAvatarPicker } = useAvatarPicker({
+    oxyServices,
+    currentLanguage,
+    activeSessionId,
+    queryClient,
+    syncIdentity,
+  });
 
   const contextValue: OxyContextState = useMemo(() => ({
     user,
@@ -1186,21 +772,15 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     isIdentitySynced,
     syncIdentity,
     deleteIdentityAndClearAccount,
-    storeTransferCode,
-    getTransferCode,
-    clearTransferCode,
-    getAllPendingTransfers,
-    getActiveTransferId,
-    updateTransferState,
     identitySyncState: {
       isSynced: isIdentitySyncedStore ?? true,
       isSyncing: isSyncing ?? false,
     },
     logout,
     logoutAll,
-    switchSession: switchSessionForContext,
+    switchSession,
     removeSession: logout,
-    refreshSessions: refreshSessionsWithUser,
+    refreshSessions,
     setLanguage,
     getDeviceSessions,
     logoutAllDeviceSessions,
@@ -1208,8 +788,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     clearSessionState,
     clearAllAccountData,
     oxyServices,
-    useFollow: useFollowHook,
-    showBottomSheet: showBottomSheetForContext,
+    showBottomSheet: globalShowBottomSheet,
     openAvatarPicker,
   }), [
     activeSessionId,
@@ -1222,12 +801,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     isIdentitySynced,
     syncIdentity,
     deleteIdentityAndClearAccount,
-    storeTransferCode,
-    getTransferCode,
-    clearTransferCode,
-    getAllPendingTransfers,
-    getActiveTransferId,
-    updateTransferState,
     isIdentitySyncedStore,
     isSyncing,
     currentLanguage,
@@ -1242,17 +815,15 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     logoutAll,
     logoutAllDeviceSessions,
     oxyServices,
-    refreshSessionsWithUser,
+    refreshSessions,
     sessions,
     setLanguage,
-    switchSessionForContext,
+    switchSession,
     tokenReady,
     isStorageReady,
     updateDeviceName,
     clearAllAccountData,
-    useFollowHook,
     user,
-    showBottomSheetForContext,
     openAvatarPicker,
   ]);