@peers-app/peers-sdk 0.7.40 → 0.8.0

package/dist/data/groups.d.ts

@@ -17,8 +17,8 @@ export declare const groupSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
     name: string;
     description: string;
-    signature: string;
     publicKey: string;
+    signature: string;
     publicBoxKey: string;
     groupId: string;
     founderUserId: string;
@@ -28,8 +28,8 @@ export declare const groupSchema: z.ZodObject<{
 }, {
     name: string;
     description: string;
-    signature: string;
     publicKey: string;
+    signature: string;
     publicBoxKey: string;
     groupId: string;
     founderUserId: string;

package/dist/index.d.ts

@@ -33,3 +33,4 @@ export * from "./rpc-types";
 export * from "./serial-json";
 export * from "./utils";
 export * from "./logging";
+export * from "./user-connect";

package/dist/index.js

@@ -50,3 +50,4 @@ __exportStar(require("./rpc-types"), exports);
 __exportStar(require("./serial-json"), exports);
 __exportStar(require("./utils"), exports);
 __exportStar(require("./logging"), exports);
+__exportStar(require("./user-connect"), exports);

package/dist/keys.js

@@ -28,6 +28,7 @@ const buffer_1 = require("buffer");
 const nacl = require("tweetnacl");
 const utils = require("tweetnacl-util");
 const tweetnacl_util_1 = require("tweetnacl-util");
+const ed2curve = require("ed2curve");
 const tx_encoding_1 = require("./device/tx-encoding");
 const serial_json_1 = require("./serial-json");
 globalThis.Buffer = buffer_1.Buffer; // shim for browsers/RN
@@ -72,23 +73,23 @@ function newToken(size = 32) {
     return encodeBase64(nacl.randomBytes(size));
 }
 function newKeys() {
-    const keyPair = nacl.sign.keyPair();
-    // the first 32 bytes of the secret key are the secret part.  The second 32 bytes are the public part.
-    const secretKeyPart = keyPair.secretKey.slice(0, 32);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(secretKeyPart);
+    const sign = nacl.sign.keyPair(); // Ed25519
+    const curveSecret = ed2curve.convertSecretKey(sign.secretKey); // 32 bytes
+    const box = nacl.box.keyPair.fromSecretKey(curveSecret); // X25519
     return {
-        secretKey: encodeBase64(keyPair.secretKey),
-        publicKey: encodeBase64(keyPair.publicKey),
-        publicBoxKey: encodeBase64(boxKeyPair.publicKey),
+        secretKey: encodeBase64(sign.secretKey),
+        publicKey: encodeBase64(sign.publicKey),
+        publicBoxKey: encodeBase64(box.publicKey),
     };
 }
 function hydrateKeys(secretKey) {
-    let _secretKey = decodeBase64(secretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const sk64 = decodeBase64(secretKey); // Ed25519 64-byte secretKey
+    const curveSecret = ed2curve.convertSecretKey(sk64);
+    const box = nacl.box.keyPair.fromSecretKey(curveSecret);
     return {
-        secretKey: encodeBase64(_secretKey),
-        publicKey: encodeBase64(_secretKey.slice(32)),
-        publicBoxKey: encodeBase64(boxKeyPair.publicKey),
+        secretKey: encodeBase64(sk64),
+        publicKey: encodeBase64(sk64.slice(32)), // last 32 bytes = Ed25519 pk
+        publicBoxKey: encodeBase64(box.publicKey),
     };
 }
 function signMessageWithSecretKey(msg, secretKey) {
@@ -145,7 +146,8 @@ function openSignedObject(signedObj) {
 }
 function boxDataWithKeys(data, toPublicBoxKey, mySecretKey) {
     let _secretKey = decodeBase64(mySecretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const curveSecret = ed2curve.convertSecretKey(_secretKey);
+    const boxKeyPair = nacl.box.keyPair.fromSecretKey(curveSecret);
     const _toPublicBoxKey = decodeBase64(toPublicBoxKey);
     const nonce = nacl.randomBytes(24);
     const dataByteArray = (0, tx_encoding_1.txEncode)(data);
@@ -161,7 +163,8 @@ function isBoxedData(data) {
 }
 function openBoxWithSecretKey(box, mySecretKey) {
     let _secretKey = decodeBase64(mySecretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const curveSecret = ed2curve.convertSecretKey(_secretKey);
+    const boxKeyPair = nacl.box.keyPair.fromSecretKey(curveSecret);
     const boxedData = decodeBase64(box.contents);
     const nonce = decodeBase64(box.nonce);
     const _fromPublicBoxKey = decodeBase64(box.fromPublicKey);

package/dist/user-connect/connection-code.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Utilities for generating and handling connection codes.
+ *
+ * Connection codes are 12 characters of Crockford Base32:
+ * - First 4 chars: device alias (rendezvous point)
+ * - Last 8 chars: shared secret for encryption
+ *
+ * Displayed format: XXXX-YYYY-ZZZZ
+ */
+import type { IUserConnectInfo } from './user-connect.types';
+export interface IConnectionCode {
+    /** Full 12-character code */
+    code: string;
+    /** First 4 characters - device alias for rendezvous */
+    alias: string;
+    /** Last 8 characters - shared secret for encryption */
+    secret: string;
+}
+/**
+ * Generate a new connection code.
+ * @returns Object with full code, alias, and secret
+ */
+export declare function generateConnectionCode(): IConnectionCode;
+/**
+ * Format a connection code for display.
+ * @param code 12-character code
+ * @returns Formatted as "XXXX-YYYY-ZZZZ"
+ */
+export declare function formatConnectionCode(code: string): string;
+/**
+ * Parse a formatted connection code.
+ * @param formatted Code in any format (with or without dashes)
+ * @returns Object with alias and secret
+ */
+export declare function parseConnectionCode(formatted: string): {
+    code: string;
+    alias: string;
+    secret: string;
+};
+/**
+ * Encrypt data using the shared secret.
+ * @param data Data to encrypt
+ * @param secret 8-character shared secret
+ * @returns Base64-encoded encrypted data with nonce
+ */
+export declare function encryptWithSecret(data: any, secret: string): string;
+/**
+ * Decrypt data using the shared secret.
+ * @param encrypted Base64-encoded encrypted data
+ * @param secret 8-character shared secret
+ * @returns Decrypted data
+ */
+export declare function decryptWithSecret(encrypted: string, secret: string): any;
+/**
+ * Generate a confirmation hash from both users' information.
+ * Both parties should see the same hash if the exchange was successful.
+ * @param userA First user's info
+ * @param userB Second user's info
+ * @returns 4-character confirmation code
+ */
+export declare function generateConfirmationHash(userA: IUserConnectInfo, userB: IUserConnectInfo): string;
+/**
+ * Validate that a string is a valid connection code format.
+ * @param code Code to validate (with or without dashes)
+ * @returns true if valid
+ */
+export declare function isValidConnectionCode(code: string): boolean;

package/dist/user-connect/connection-code.js

@@ -0,0 +1,176 @@
+"use strict";
+/**
+ * Utilities for generating and handling connection codes.
+ *
+ * Connection codes are 12 characters of Crockford Base32:
+ * - First 4 chars: device alias (rendezvous point)
+ * - Last 8 chars: shared secret for encryption
+ *
+ * Displayed format: XXXX-YYYY-ZZZZ
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateConnectionCode = generateConnectionCode;
+exports.formatConnectionCode = formatConnectionCode;
+exports.parseConnectionCode = parseConnectionCode;
+exports.encryptWithSecret = encryptWithSecret;
+exports.decryptWithSecret = decryptWithSecret;
+exports.generateConfirmationHash = generateConfirmationHash;
+exports.isValidConnectionCode = isValidConnectionCode;
+const nacl = require("tweetnacl");
+const sha2_1 = require("@noble/hashes/sha2");
+const tx_encoding_1 = require("../device/tx-encoding");
+const keys_1 = require("../keys");
+/**
+ * Crockford Base32 alphabet.
+ * Excludes I, L, O, U to avoid confusion with 1, 1, 0, V respectively.
+ */
+const CROCKFORD_ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
+/**
+ * Generate random bytes using nacl.
+ */
+function randomBytes(length) {
+    return nacl.randomBytes(length);
+}
+/**
+ * Encode bytes to Crockford Base32 string.
+ */
+function toCrockfordBase32(bytes, length) {
+    let result = '';
+    let i = 0;
+    while (result.length < length) {
+        if (i >= bytes.length) {
+            // Need more bytes
+            const moreBytes = randomBytes(length - result.length);
+            for (const b of moreBytes) {
+                result += CROCKFORD_ALPHABET[b % 32];
+                if (result.length >= length)
+                    break;
+            }
+            break;
+        }
+        // Use 5 bits at a time for base32
+        result += CROCKFORD_ALPHABET[bytes[i] % 32];
+        i++;
+    }
+    return result.substring(0, length);
+}
+/**
+ * Derive a 32-byte encryption key from the shared secret.
+ */
+function deriveKeyFromSecret(secret) {
+    // Use SHA-256 to derive a proper 32-byte key from the secret
+    const secretBytes = new TextEncoder().encode(secret);
+    return (0, sha2_1.sha256)(secretBytes);
+}
+/**
+ * Generate a new connection code.
+ * @returns Object with full code, alias, and secret
+ */
+function generateConnectionCode() {
+    const bytes = randomBytes(16);
+    const alias = toCrockfordBase32(bytes.slice(0, 4), 4);
+    const secret = toCrockfordBase32(bytes.slice(4), 8);
+    return {
+        code: alias + secret,
+        alias,
+        secret,
+    };
+}
+/**
+ * Format a connection code for display.
+ * @param code 12-character code
+ * @returns Formatted as "XXXX-YYYY-ZZZZ"
+ */
+function formatConnectionCode(code) {
+    const normalized = code.toUpperCase().replace(/[^0-9A-Z]/g, '');
+    if (normalized.length !== 12) {
+        throw new Error(`Connection code must be 12 characters, got ${normalized.length}`);
+    }
+    return `${normalized.slice(0, 4)}-${normalized.slice(4, 8)}-${normalized.slice(8, 12)}`;
+}
+/**
+ * Parse a formatted connection code.
+ * @param formatted Code in any format (with or without dashes)
+ * @returns Object with alias and secret
+ */
+function parseConnectionCode(formatted) {
+    const normalized = formatted.toUpperCase().replace(/[^0-9A-Z]/g, '');
+    if (normalized.length !== 12) {
+        throw new Error(`Connection code must be 12 characters, got ${normalized.length}`);
+    }
+    return {
+        code: normalized,
+        alias: normalized.slice(0, 4),
+        secret: normalized.slice(4, 12),
+    };
+}
+/**
+ * Encrypt data using the shared secret.
+ * @param data Data to encrypt
+ * @param secret 8-character shared secret
+ * @returns Base64-encoded encrypted data with nonce
+ */
+function encryptWithSecret(data, secret) {
+    const key = deriveKeyFromSecret(secret);
+    const nonce = nacl.randomBytes(24);
+    const dataBytes = (0, tx_encoding_1.txEncode)(data);
+    const encrypted = nacl.secretbox(dataBytes, nonce, key);
+    // Combine nonce + encrypted data
+    const combined = new Uint8Array(nonce.length + encrypted.length);
+    combined.set(nonce);
+    combined.set(encrypted, nonce.length);
+    return (0, keys_1.encodeBase64)(combined);
+}
+/**
+ * Decrypt data using the shared secret.
+ * @param encrypted Base64-encoded encrypted data
+ * @param secret 8-character shared secret
+ * @returns Decrypted data
+ */
+function decryptWithSecret(encrypted, secret) {
+    const key = deriveKeyFromSecret(secret);
+    const combined = (0, keys_1.decodeBase64)(encrypted);
+    const nonce = combined.slice(0, 24);
+    const ciphertext = combined.slice(24);
+    const decrypted = nacl.secretbox.open(ciphertext, nonce, key);
+    if (!decrypted) {
+        throw new Error('Decryption failed - invalid secret or corrupted data');
+    }
+    return (0, tx_encoding_1.txDecode)(decrypted);
+}
+/**
+ * Generate a confirmation hash from both users' information.
+ * Both parties should see the same hash if the exchange was successful.
+ * @param userA First user's info
+ * @param userB Second user's info
+ * @returns 4-character confirmation code
+ */
+function generateConfirmationHash(userA, userB) {
+    // Sort by userId to ensure consistent ordering regardless of who is A or B
+    const sorted = [userA, userB].sort((a, b) => a.userId.localeCompare(b.userId));
+    const combined = JSON.stringify(sorted);
+    const hash = (0, sha2_1.sha256)(new TextEncoder().encode(combined));
+    // Take first 4 characters of the hash encoded in Crockford Base32
+    return toCrockfordBase32(hash.slice(0, 4), 4);
+}
+/**
+ * Validate that a string is a valid connection code format.
+ * @param code Code to validate (with or without dashes)
+ * @returns true if valid
+ */
+function isValidConnectionCode(code) {
+    try {
+        const normalized = code.toUpperCase().replace(/[^0-9A-Z]/g, '');
+        if (normalized.length !== 12)
+            return false;
+        // Check all characters are valid Crockford Base32
+        for (const char of normalized) {
+            if (!CROCKFORD_ALPHABET.includes(char))
+                return false;
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/user-connect/connection-code.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/user-connect/connection-code.test.js

@@ -0,0 +1,213 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const connection_code_1 = require("./connection-code");
+describe('connection-code', () => {
+    describe('generateConnectionCode', () => {
+        it('should generate a code with 12 characters', () => {
+            const result = (0, connection_code_1.generateConnectionCode)();
+            expect(result.code).toHaveLength(12);
+        });
+        it('should have alias of 4 characters', () => {
+            const result = (0, connection_code_1.generateConnectionCode)();
+            expect(result.alias).toHaveLength(4);
+        });
+        it('should have secret of 8 characters', () => {
+            const result = (0, connection_code_1.generateConnectionCode)();
+            expect(result.secret).toHaveLength(8);
+        });
+        it('should have code = alias + secret', () => {
+            const result = (0, connection_code_1.generateConnectionCode)();
+            expect(result.code).toBe(result.alias + result.secret);
+        });
+        it('should only contain valid Crockford Base32 characters', () => {
+            const validChars = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
+            for (let i = 0; i < 10; i++) {
+                const result = (0, connection_code_1.generateConnectionCode)();
+                for (const char of result.code) {
+                    expect(validChars).toContain(char);
+                }
+            }
+        });
+        it('should generate different codes each time', () => {
+            const codes = new Set();
+            for (let i = 0; i < 100; i++) {
+                codes.add((0, connection_code_1.generateConnectionCode)().code);
+            }
+            expect(codes.size).toBe(100);
+        });
+    });
+    describe('formatConnectionCode', () => {
+        it('should format a 12-character code as XXXX-YYYY-ZZZZ', () => {
+            expect((0, connection_code_1.formatConnectionCode)('ABCD1234EFGH')).toBe('ABCD-1234-EFGH');
+        });
+        it('should handle lowercase input', () => {
+            expect((0, connection_code_1.formatConnectionCode)('abcd1234efgh')).toBe('ABCD-1234-EFGH');
+        });
+        it('should handle input with existing dashes', () => {
+            expect((0, connection_code_1.formatConnectionCode)('ABCD-1234-EFGH')).toBe('ABCD-1234-EFGH');
+        });
+        it('should handle input with spaces', () => {
+            expect((0, connection_code_1.formatConnectionCode)('ABCD 1234 EFGH')).toBe('ABCD-1234-EFGH');
+        });
+        it('should throw for codes that are too short', () => {
+            expect(() => (0, connection_code_1.formatConnectionCode)('ABCD1234')).toThrow('must be 12 characters');
+        });
+        it('should throw for codes that are too long', () => {
+            expect(() => (0, connection_code_1.formatConnectionCode)('ABCD1234EFGH5678')).toThrow('must be 12 characters');
+        });
+    });
+    describe('parseConnectionCode', () => {
+        it('should parse a plain 12-character code', () => {
+            const result = (0, connection_code_1.parseConnectionCode)('ABCD12345678');
+            expect(result.alias).toBe('ABCD');
+            expect(result.secret).toBe('12345678');
+        });
+        it('should parse a formatted code with dashes', () => {
+            const result = (0, connection_code_1.parseConnectionCode)('ABCD-1234-5678');
+            expect(result.alias).toBe('ABCD');
+            expect(result.secret).toBe('12345678');
+        });
+        it('should handle lowercase input', () => {
+            const result = (0, connection_code_1.parseConnectionCode)('abcd-1234-5678');
+            expect(result.alias).toBe('ABCD');
+            expect(result.secret).toBe('12345678');
+        });
+        it('should handle mixed case and spaces', () => {
+            const result = (0, connection_code_1.parseConnectionCode)('AbCd 1234 5678');
+            expect(result.alias).toBe('ABCD');
+            expect(result.secret).toBe('12345678');
+        });
+        it('should throw for invalid length', () => {
+            expect(() => (0, connection_code_1.parseConnectionCode)('ABCD1234')).toThrow('must be 12 characters');
+        });
+        it('should be the inverse of formatConnectionCode', () => {
+            const original = (0, connection_code_1.generateConnectionCode)();
+            const formatted = (0, connection_code_1.formatConnectionCode)(original.code);
+            const parsed = (0, connection_code_1.parseConnectionCode)(formatted);
+            expect(parsed.alias).toBe(original.alias);
+            expect(parsed.secret).toBe(original.secret);
+        });
+    });
+    describe('encryptWithSecret and decryptWithSecret', () => {
+        it('should round-trip a simple string', () => {
+            const secret = 'ABCD1234';
+            const data = 'Hello, World!';
+            const encrypted = (0, connection_code_1.encryptWithSecret)(data, secret);
+            const decrypted = (0, connection_code_1.decryptWithSecret)(encrypted, secret);
+            expect(decrypted).toBe(data);
+        });
+        it('should round-trip an object', () => {
+            const secret = 'ZYXW9876';
+            const data = { userId: 'user123', name: 'Test User', count: 42 };
+            const encrypted = (0, connection_code_1.encryptWithSecret)(data, secret);
+            const decrypted = (0, connection_code_1.decryptWithSecret)(encrypted, secret);
+            expect(decrypted).toEqual(data);
+        });
+        it('should round-trip user connect info', () => {
+            const secret = 'TESTCODE';
+            const userInfo = {
+                userId: 'user123',
+                publicKey: 'pk_abc123',
+                publicBoxKey: 'pbk_xyz789',
+                deviceId: 'device456',
+            };
+            const encrypted = (0, connection_code_1.encryptWithSecret)(userInfo, secret);
+            const decrypted = (0, connection_code_1.decryptWithSecret)(encrypted, secret);
+            expect(decrypted).toEqual(userInfo);
+        });
+        it('should produce different ciphertext for same data (due to random nonce)', () => {
+            const secret = 'ABCD1234';
+            const data = 'Same data';
+            const encrypted1 = (0, connection_code_1.encryptWithSecret)(data, secret);
+            const encrypted2 = (0, connection_code_1.encryptWithSecret)(data, secret);
+            expect(encrypted1).not.toBe(encrypted2);
+        });
+        it('should fail decryption with wrong secret', () => {
+            const data = 'Secret message';
+            const encrypted = (0, connection_code_1.encryptWithSecret)(data, 'CORRECT1');
+            expect(() => (0, connection_code_1.decryptWithSecret)(encrypted, 'WRONGKEY')).toThrow('Decryption failed');
+        });
+        it('should fail decryption with corrupted data', () => {
+            const secret = 'ABCD1234';
+            const data = 'Hello';
+            const encrypted = (0, connection_code_1.encryptWithSecret)(data, secret);
+            const corrupted = encrypted.slice(0, -5) + 'XXXXX';
+            expect(() => (0, connection_code_1.decryptWithSecret)(corrupted, secret)).toThrow();
+        });
+    });
+    describe('generateConfirmationHash', () => {
+        const userA = {
+            userId: 'userA123',
+            publicKey: 'pkA',
+            publicBoxKey: 'pbkA',
+            deviceId: 'deviceA',
+        };
+        const userB = {
+            userId: 'userB456',
+            publicKey: 'pkB',
+            publicBoxKey: 'pbkB',
+            deviceId: 'deviceB',
+        };
+        it('should return a 4-character hash', () => {
+            const hash = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            expect(hash).toHaveLength(4);
+        });
+        it('should only contain valid Crockford Base32 characters', () => {
+            const validChars = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
+            const hash = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            for (const char of hash) {
+                expect(validChars).toContain(char);
+            }
+        });
+        it('should produce same hash regardless of argument order', () => {
+            const hashAB = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            const hashBA = (0, connection_code_1.generateConfirmationHash)(userB, userA);
+            expect(hashAB).toBe(hashBA);
+        });
+        it('should produce different hash for different users', () => {
+            const userC = {
+                userId: 'userC789',
+                publicKey: 'pkC',
+                publicBoxKey: 'pbkC',
+                deviceId: 'deviceC',
+            };
+            const hashAB = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            const hashAC = (0, connection_code_1.generateConfirmationHash)(userA, userC);
+            expect(hashAB).not.toBe(hashAC);
+        });
+        it('should be deterministic', () => {
+            const hash1 = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            const hash2 = (0, connection_code_1.generateConfirmationHash)(userA, userB);
+            expect(hash1).toBe(hash2);
+        });
+    });
+    describe('isValidConnectionCode', () => {
+        it('should return true for valid 12-character codes', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('ABCD1234EFGH')).toBe(true);
+        });
+        it('should return true for codes with dashes', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('ABCD-1234-EFGH')).toBe(true);
+        });
+        it('should return true for lowercase codes', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('abcd1234efgh')).toBe(true);
+        });
+        it('should return true for generated codes', () => {
+            const code = (0, connection_code_1.generateConnectionCode)();
+            expect((0, connection_code_1.isValidConnectionCode)(code.code)).toBe(true);
+            expect((0, connection_code_1.isValidConnectionCode)((0, connection_code_1.formatConnectionCode)(code.code))).toBe(true);
+        });
+        it('should return false for codes that are too short', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('ABCD1234')).toBe(false);
+        });
+        it('should return false for codes that are too long', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('ABCD1234EFGH5678')).toBe(false);
+        });
+        it('should return false for codes with invalid characters', () => {
+            // I, L, O, U are not in Crockford Base32
+            expect((0, connection_code_1.isValidConnectionCode)('ABCDILOU1234')).toBe(false);
+        });
+        it('should return false for empty string', () => {
+            expect((0, connection_code_1.isValidConnectionCode)('')).toBe(false);
+        });
+    });
+});

package/dist/user-connect/index.d.ts

@@ -0,0 +1,3 @@
+export * from './connection-code';
+export * from './user-connect.types';
+export * from './user-connect.pvars';

package/dist/user-connect/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./connection-code"), exports);
+__exportStar(require("./user-connect.types"), exports);
+__exportStar(require("./user-connect.pvars"), exports);

package/dist/user-connect/user-connect.pvars.d.ts

@@ -0,0 +1,3 @@
+export declare const userConnectStatus: import("../data/persistent-vars").PersistentVar<any>;
+export declare const userConnectCodeOffer: import("../data/persistent-vars").PersistentVar<string>;
+export declare const userConnectCodeAnswer: import("../data/persistent-vars").PersistentVar<string>;

package/dist/user-connect/user-connect.pvars.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.userConnectCodeAnswer = exports.userConnectCodeOffer = exports.userConnectStatus = void 0;
+const persistent_vars_1 = require("../data/persistent-vars");
+exports.userConnectStatus = (0, persistent_vars_1.deviceVar)('userConnectStatus', { defaultValue: undefined });
+exports.userConnectCodeOffer = (0, persistent_vars_1.deviceVar)('userConnectCodeOffer', { defaultValue: '' });
+exports.userConnectCodeOffer.loadingPromise.then(() => {
+    let codeTimeout = undefined;
+    (0, exports.userConnectStatus)('');
+    exports.userConnectCodeOffer.subscribe(() => {
+        (0, exports.userConnectStatus)('');
+        clearTimeout(codeTimeout);
+        if ((0, exports.userConnectCodeOffer)()) {
+            codeTimeout = setTimeout(() => {
+                (0, exports.userConnectCodeOffer)('');
+            }, 600_000); // 10 minutes
+        }
+    });
+});
+exports.userConnectCodeAnswer = (0, persistent_vars_1.deviceVar)('userConnectCodeAnswer', { defaultValue: '' });
+exports.userConnectCodeAnswer.loadingPromise.then(() => {
+    let codeTimeout = undefined;
+    (0, exports.userConnectStatus)('');
+    exports.userConnectCodeAnswer.subscribe(() => {
+        (0, exports.userConnectStatus)('');
+        clearTimeout(codeTimeout);
+        if ((0, exports.userConnectCodeAnswer)()) {
+            codeTimeout = setTimeout(() => {
+                (0, exports.userConnectCodeAnswer)('');
+            }, 600_000); // 10 minutes
+        }
+    });
+});

package/dist/user-connect/user-connect.types.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Types for the user connection flow.
+ *
+ * This flow allows two users to securely exchange user information
+ * using a 12-character code (4-char rendezvous alias + 8-char shared secret).
+ */
+/**
+ * User information exchanged during the connection flow.
+ */
+export interface IUserConnectInfo {
+    userId: string;
+    name?: string;
+    publicKey: string;
+    publicBoxKey: string;
+    deviceId: string;
+}
+/**
+ * Message sent by the responder to initiate the connection.
+ * The payload is encrypted with the shared secret from the connection code.
+ */
+export interface IUserConnectRequest {
+    type: 'user-connect-request';
+    /** User info encrypted with the shared secret */
+    encryptedUserInfo: string;
+    /** The responder's deviceId so the initiator can respond directly */
+    responseDeviceId: string;
+}
+/**
+ * Message sent by the initiator in response to a connection request.
+ * The payload is encrypted with the shared secret.
+ */
+export interface IUserConnectResponse {
+    type: 'user-connect-response';
+    /** User info encrypted with the shared secret */
+    encryptedUserInfo: string;
+}
+/**
+ * Message broadcast to register a short-lived device alias.
+ * Other devices store this mapping for routing purposes.
+ */
+export interface IDeviceAliasMessage {
+    type: 'device-alias';
+    /** The short alias (4 chars Crockford Base32) */
+    alias: string;
+    /** The actual deviceId this alias maps to */
+    deviceId: string;
+    /** TTL in milliseconds (typically 10 minutes) */
+    ttlMs: number;
+}
+/**
+ * Result of a successful user connection.
+ */
+export interface IUserConnectResult {
+    /** The remote user's information */
+    remoteUser: IUserConnectInfo;
+    /** Confirmation hash (first 4 chars) for visual verification */
+    confirmationHash: string;
+}

package/dist/user-connect/user-connect.types.js

@@ -0,0 +1,8 @@
+"use strict";
+/**
+ * Types for the user connection flow.
+ *
+ * This flow allows two users to securely exchange user information
+ * using a 12-character code (4-char rendezvous alias + 8-char shared secret).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peers-app/peers-sdk",
-  "version": "0.7.40",
+  "version": "0.8.0",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/peers-app/peers-sdk.git"
@@ -32,6 +32,7 @@
   "dependencies": {
     "@msgpack/msgpack": "^3.1.2",
     "@noble/hashes": "^1.8.0",
+    "ed2curve": "^0.3.0",
     "fast-json-stable-stringify": "^2.1.0",
     "fflate": "^0.8.2",
     "lodash": "^4.17.21",
@@ -43,6 +44,7 @@
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.12",
+    "@types/ed2curve": "^0.2.4",
     "@types/jest": "^29.5.13",
     "@types/lodash": "^4.17.7",
     "@types/moment": "^2.13.0",