@peers-app/peers-sdk 0.7.40 → 0.8.1

package/dist/device/streamed-socket.js

@@ -1,11 +1,27 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.StreamedSocket = void 0;
+exports.createSocketStats = createSocketStats;
 const lodash_1 = require("lodash");
 const utils_1 = require("../utils");
 const socket_type_1 = require("./socket.type");
 const tx_encoding_1 = require("./tx-encoding");
 const msgpack_1 = require("@msgpack/msgpack");
+/** Creates a new stats object for tracking socket throughput */
+function createSocketStats() {
+    const now = Date.now();
+    return {
+        bytesSent: 0,
+        bytesReceived: 0,
+        messagesSent: 0,
+        messagesReceived: 0,
+        startTime: now,
+        // For calculating recent rates
+        lastSampleTime: now,
+        lastSampleBytesSent: 0,
+        lastSampleBytesReceived: 0,
+    };
+}
 // Encode chunk metadata + data into a single Uint8Array
 function encodeChunk(chunk) {
     // Encode metadata using msgpack
@@ -30,14 +46,24 @@ function encodeChunk(chunk) {
 }
 // Decode binary chunk back into IMessageChunk
 function decodeChunk(bytes) {
+    // Ensure we have a proper Uint8Array with a valid ArrayBuffer
+    // Socket.io might send data that doesn't have a proper buffer property
+    let normalizedBytes;
+    if (bytes.buffer instanceof ArrayBuffer) {
+        normalizedBytes = bytes;
+    }
+    else {
+        // Create a new Uint8Array copy which will have a proper buffer
+        normalizedBytes = new Uint8Array(bytes);
+    }
     // Read metadata length
-    const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+    const view = new DataView(normalizedBytes.buffer, normalizedBytes.byteOffset, normalizedBytes.byteLength);
     const metadataLength = view.getUint32(0, false); // big-endian
     // Extract metadata
-    const metadataBytes = bytes.subarray(4, 4 + metadataLength);
+    const metadataBytes = normalizedBytes.subarray(4, 4 + metadataLength);
     const metadata = (0, msgpack_1.decode)(metadataBytes);
     // Extract data
-    const data = bytes.subarray(4 + metadataLength);
+    const data = normalizedBytes.subarray(4 + metadataLength);
     return {
         messageId: metadata.messageId,
         chunkIndex: metadata.chunkIndex,
@@ -51,10 +77,13 @@ class StreamedSocket {
     maxChunkSize;
     safeSocketChunkEventName = '__streamed-socket-chunk';
     safeSocketResponseEventName = '__streamed-socket-response';
+    stats = createSocketStats();
     constructor(socket, maxChunkSize = socket_type_1.DEFAULT_MAX_CHUNK_SIZE) {
         this.socket = socket;
         this.maxChunkSize = maxChunkSize;
         socket.on(this.safeSocketChunkEventName, (encodedChunk) => {
+            // Track received bytes
+            this.stats.bytesReceived += encodedChunk.length;
             const chunk = decodeChunk(encodedChunk);
             this.handleChunk(chunk);
         });
@@ -103,13 +132,18 @@ class StreamedSocket {
         if (chunks.length > 1) {
             console.debug(`Sending ${chunks.length} chunks for event ${eventName} with messageId ${messageId}`);
         }
+        let totalBytesSent = 0;
         for (const chunk of chunks) {
             // Encode chunk with metadata into single Uint8Array
             const encodedChunk = encodeChunk(chunk);
+            totalBytesSent += encodedChunk.length;
             // TODO on error or timeout retry
             // TODO respond to backpressure from socket
             this.socket.emit(this.safeSocketChunkEventName, encodedChunk, lodash_1.noop);
         }
+        // Track stats
+        this.stats.bytesSent += totalBytesSent;
+        this.stats.messagesSent++;
     }
     handlers = {};
     on(eventName, handler) {
@@ -159,6 +193,8 @@ class StreamedSocket {
                 reassembled.set(chunk.data, offset);
                 offset += chunk.data.length;
             }
+            // Track message received
+            this.stats.messagesReceived++;
             delete this.chunkBuffers[chunkZero.messageId];
             const eventName = chunkZero.eventName;
             const args = (0, tx_encoding_1.txDecode)(reassembled);
@@ -190,7 +226,12 @@ class StreamedSocket {
             }, lodash_1.noop);
         }
         catch (error) {
-            console.error(`Error handling chunked request:`, error);
+            if (String(error).includes('No handler registered for event')) {
+                console.warn(String(error));
+            }
+            else {
+                console.error(`Error handling chunked request:`, error);
+            }
             return;
         }
     }

package/dist/device/tx-encoding.js

@@ -5,16 +5,34 @@ exports.txDecode = txDecode;
 const msgpack_1 = require("@msgpack/msgpack");
 const fflate_1 = require("fflate");
 const serial_json_1 = require("../serial-json");
+// Minimum size before attempting compression (bytes)
+// Small payloads don't benefit much from compression
+const COMPRESSION_THRESHOLD = 8 * 1024; // 8KB
+// Minimum compression ratio to justify the CPU cost
+// If compressed isn't at least 20% smaller, skip it
+const MIN_COMPRESSION_RATIO = 0.8;
+// Compression level: 1 (fastest) to 9 (best compression)
+// Level 1 is ~5-10x faster than level 6 with reasonable compression
+const COMPRESSION_LEVEL = 1;
 function txEncode(data) {
     const noCycles = (0, serial_json_1.toJSON)(data); // remove cycles and encode dates, etc.
     // First encode to msgpack
     const encoded = (0, msgpack_1.encode)(noCycles);
     let body;
     let flag;
-    if (encoded.length > 1024) {
-        // Compress big payloads
-        body = (0, fflate_1.compressSync)(encoded);
-        flag = 1; // compressed
+    if (encoded.length > COMPRESSION_THRESHOLD) {
+        // Try to compress - use fast compression level
+        const compressed = (0, fflate_1.compressSync)(encoded, { level: COMPRESSION_LEVEL });
+        // Only use compression if it actually helps significantly
+        if (compressed.length < encoded.length * MIN_COMPRESSION_RATIO) {
+            body = compressed;
+            flag = 1; // compressed
+        }
+        else {
+            // Compression didn't help much, skip it
+            body = encoded;
+            flag = 0; // not compressed
+        }
     }
     else {
         body = encoded;

package/dist/device/tx-encoding.test.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const tx_encoding_1 = require("./tx-encoding");
+const msgpack_1 = require("@msgpack/msgpack");
+const serial_json_1 = require("../serial-json");
 describe('tx-encode-decode', () => {
     describe('txEncode and txDecode', () => {
         it('should encode and decode simple objects', () => {
@@ -88,14 +90,22 @@ describe('tx-encode-decode', () => {
             expect(encoded[0]).toBe(0); // flag = 0 means not compressed
         });
         it('should compress large payloads (> 1024 bytes)', () => {
-            // Create an object that will exceed 1024 bytes when encoded
+            // Create an object that will exceed 8KB when msgpack-encoded
+            // msgpack is more compact than JSON, so we need significantly more data
+            // A string of 20,000 chars is roughly 20KB in JSON, but msgpack uses length prefix + bytes
+            // So we need even more to ensure msgpack encoding exceeds 8KB
             const largeObj = {
-                data: 'x'.repeat(2000),
-                array: Array.from({ length: 100 }, (_, i) => ({ id: i, value: `item ${i}` }))
+                data: 'x'.repeat(30000),
+                array: Array.from({ length: 1000 }, (_, i) => ({
+                    id: i,
+                    value: `item ${i} with some extra text to make it larger and ensure we exceed the threshold`,
+                    nested: { prop: `nested value ${i}` }
+                }))
             };
-            const jsonStr = JSON.stringify(largeObj);
-            expect(jsonStr.length).toBeGreaterThan(1024);
             const encoded = (0, tx_encoding_1.txEncode)(largeObj);
+            // Verify the encoded size (without flag byte) exceeds 8KB threshold
+            const encodedSize = encoded.length - 1; // subtract flag byte
+            expect(encodedSize).toBeGreaterThan(8 * 1024);
             // First byte is the flag
             expect(encoded[0]).toBe(1); // flag = 1 means compressed
             // Verify it can still be decoded correctly
@@ -103,14 +113,22 @@ describe('tx-encode-decode', () => {
             expect(decoded).toEqual(largeObj);
         });
         it('should have smaller encoded size for large compressible data', () => {
+            // Create data that exceeds 8KB when msgpack-encoded and compresses well
+            // Use data with some repetition but also enough variety to ensure msgpack size is large
             const largeRepetitiveObj = {
-                data: 'repeat '.repeat(500),
-                values: Array.from({ length: 200 }, () => 'same string')
+                data: 'repeat '.repeat(10000), // Highly repetitive string - will compress well
+                values: Array.from({ length: 5000 }, (_, i) => `item ${i} with some text that repeats to create compressible data pattern`)
             };
+            // First, verify the msgpack-encoded size exceeds 8KB threshold
+            const noCycles = (0, serial_json_1.toJSON)(largeRepetitiveObj);
+            const msgpackEncoded = (0, msgpack_1.encode)(noCycles);
+            expect(msgpackEncoded.length).toBeGreaterThan(8 * 1024);
             const encoded = (0, tx_encoding_1.txEncode)(largeRepetitiveObj);
-            // Compressed size should be significantly smaller than the raw data
-            const rawDataSize = JSON.stringify(largeRepetitiveObj).length;
-            expect(encoded.length).toBeLessThan(rawDataSize / 2);
+            // Verify compression flag is set (means compression was applied)
+            expect(encoded[0]).toBe(1); // flag = 1 means compressed
+            // Compressed size should be significantly smaller than the raw msgpack data
+            const compressedSize = encoded.length - 1; // subtract flag byte
+            expect(compressedSize).toBeLessThan(msgpackEncoded.length * 0.8); // Should be at least 20% smaller
             // Verify correctness
             const decoded = (0, tx_encoding_1.txDecode)(encoded);
             expect(decoded).toEqual(largeRepetitiveObj);

package/dist/index.d.ts

@@ -12,6 +12,8 @@ export * from "./types/workflow";
 export * from "./types/workflow-logger";
 export * from "./types/workflow-run-context";
 export * from "./types/zod-types";
+export * from "./device/binary-peer-connection";
+export * from "./device/socket-io-binary-peer";
 export * from "./device/connection";
 export * from "./device/device";
 export * from "./device/device-election";
@@ -33,3 +35,4 @@ export * from "./rpc-types";
 export * from "./serial-json";
 export * from "./utils";
 export * from "./logging";
+export * from "./user-connect";

package/dist/index.js

@@ -29,6 +29,8 @@ __exportStar(require("./types/workflow"), exports);
 __exportStar(require("./types/workflow-logger"), exports);
 __exportStar(require("./types/workflow-run-context"), exports);
 __exportStar(require("./types/zod-types"), exports);
+__exportStar(require("./device/binary-peer-connection"), exports);
+__exportStar(require("./device/socket-io-binary-peer"), exports);
 __exportStar(require("./device/connection"), exports);
 __exportStar(require("./device/device"), exports);
 __exportStar(require("./device/device-election"), exports);
@@ -50,3 +52,4 @@ __exportStar(require("./rpc-types"), exports);
 __exportStar(require("./serial-json"), exports);
 __exportStar(require("./utils"), exports);
 __exportStar(require("./logging"), exports);
+__exportStar(require("./user-connect"), exports);

package/dist/keys.js

@@ -28,6 +28,7 @@ const buffer_1 = require("buffer");
 const nacl = require("tweetnacl");
 const utils = require("tweetnacl-util");
 const tweetnacl_util_1 = require("tweetnacl-util");
+const ed2curve = require("ed2curve");
 const tx_encoding_1 = require("./device/tx-encoding");
 const serial_json_1 = require("./serial-json");
 globalThis.Buffer = buffer_1.Buffer; // shim for browsers/RN
@@ -72,23 +73,23 @@ function newToken(size = 32) {
     return encodeBase64(nacl.randomBytes(size));
 }
 function newKeys() {
-    const keyPair = nacl.sign.keyPair();
-    // the first 32 bytes of the secret key are the secret part.  The second 32 bytes are the public part.
-    const secretKeyPart = keyPair.secretKey.slice(0, 32);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(secretKeyPart);
+    const sign = nacl.sign.keyPair(); // Ed25519
+    const curveSecret = ed2curve.convertSecretKey(sign.secretKey); // 32 bytes
+    const box = nacl.box.keyPair.fromSecretKey(curveSecret); // X25519
     return {
-        secretKey: encodeBase64(keyPair.secretKey),
-        publicKey: encodeBase64(keyPair.publicKey),
-        publicBoxKey: encodeBase64(boxKeyPair.publicKey),
+        secretKey: encodeBase64(sign.secretKey),
+        publicKey: encodeBase64(sign.publicKey),
+        publicBoxKey: encodeBase64(box.publicKey),
     };
 }
 function hydrateKeys(secretKey) {
-    let _secretKey = decodeBase64(secretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const sk64 = decodeBase64(secretKey); // Ed25519 64-byte secretKey
+    const curveSecret = ed2curve.convertSecretKey(sk64);
+    const box = nacl.box.keyPair.fromSecretKey(curveSecret);
     return {
-        secretKey: encodeBase64(_secretKey),
-        publicKey: encodeBase64(_secretKey.slice(32)),
-        publicBoxKey: encodeBase64(boxKeyPair.publicKey),
+        secretKey: encodeBase64(sk64),
+        publicKey: encodeBase64(sk64.slice(32)), // last 32 bytes = Ed25519 pk
+        publicBoxKey: encodeBase64(box.publicKey),
     };
 }
 function signMessageWithSecretKey(msg, secretKey) {
@@ -145,7 +146,8 @@ function openSignedObject(signedObj) {
 }
 function boxDataWithKeys(data, toPublicBoxKey, mySecretKey) {
     let _secretKey = decodeBase64(mySecretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const curveSecret = ed2curve.convertSecretKey(_secretKey);
+    const boxKeyPair = nacl.box.keyPair.fromSecretKey(curveSecret);
     const _toPublicBoxKey = decodeBase64(toPublicBoxKey);
     const nonce = nacl.randomBytes(24);
     const dataByteArray = (0, tx_encoding_1.txEncode)(data);
@@ -161,7 +163,8 @@ function isBoxedData(data) {
 }
 function openBoxWithSecretKey(box, mySecretKey) {
     let _secretKey = decodeBase64(mySecretKey);
-    const boxKeyPair = nacl.box.keyPair.fromSecretKey(_secretKey.slice(0, 32));
+    const curveSecret = ed2curve.convertSecretKey(_secretKey);
+    const boxKeyPair = nacl.box.keyPair.fromSecretKey(curveSecret);
     const boxedData = decodeBase64(box.contents);
     const nonce = decodeBase64(box.nonce);
     const _fromPublicBoxKey = decodeBase64(box.fromPublicKey);

package/dist/package-loader/package-loader.d.ts

@@ -3,6 +3,8 @@ import type { IPeersPackage } from "../types/peers-package";
 import { IPackage } from "../data/packages";
 export declare class PackageLoader {
     readonly dataContext: DataContext;
+    static PeersSDK: any;
+    static Zod: any;
     private packageInstances;
     require: (<T>(module: string) => T) | undefined;
     constructor(dataContext: DataContext);

package/dist/package-loader/package-loader.js

@@ -8,6 +8,8 @@ const packages_1 = require("../data/packages");
 const tools_2 = require("../data/tools");
 class PackageLoader {
     dataContext;
+    static PeersSDK;
+    static Zod;
     packageInstances = {};
     require = undefined;
     constructor(dataContext) {
@@ -59,9 +61,9 @@ class PackageLoader {
                     case 'PeersSDK':
                         // Import all peers-sdk exports
                         // return _require('peers-sdk');
-                        return _require('../index');
+                        return PackageLoader.PeersSDK || _require('../index');
                     case 'zod':
-                        return _require('zod');
+                        return PackageLoader.Zod || _require('zod');
                     default:
                         // For other modules, use the standard require
                         console.warn(`Package ${pkg.name} is requiring a module ${moduleId}, which is not provided by the package loader.`);

package/dist/rpc-types.d.ts

@@ -18,6 +18,7 @@ export declare const rpcServerCalls: {
     encryptData: ((value: string, groupId?: string) => Promise<string>);
     tableMethodCall: ((dataContextId: string, tableName: string, methodName: string, ...args: any[]) => Promise<any>);
     getFileContents: ((fileId: string, encoding?: BufferEncoding) => Promise<string>);
+    injectUIBundle: ((uiBundleFileId: string) => Promise<void>);
     resetAllDeviceSyncInfo: (() => Promise<void>);
     importGroupShare: ((groupShareJson: string) => Promise<string>);
 };

package/dist/rpc-types.js

@@ -19,6 +19,8 @@ exports.rpcServerCalls = {
     tableMethodCall: rpcStub('tableMethodCall'),
     // TODO lock this down so not all code can get any file contents
     getFileContents: rpcStub('getFileContents'),
+    // Inject UI bundle directly into WebView (bypasses slow postMessage for large strings)
+    injectUIBundle: rpcStub('injectUIBundle'),
     resetAllDeviceSyncInfo: rpcStub('resetAllDeviceSyncInfo'),
     importGroupShare: rpcStub('importGroupShare'),
     // TODO try to get rid of this and rely on the client-side table and server-side table individually emitting events
@@ -33,7 +35,9 @@ exports.rpcClientCalls = {
     setClientPath: rpcStub('setClientPath'),
     openThread: rpcStub('openThread'),
 };
-exports.isClient = typeof window !== 'undefined';
+// Check if we're in a web browser or webview (not React Native or Node.js)
+// React Native has window but not document, so we check for both
+exports.isClient = typeof window !== 'undefined' && typeof document !== 'undefined';
 if (exports.isClient) {
     // @ts-ignore
     const _window = window;

package/dist/user-connect/connection-code.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Utilities for generating and handling connection codes.
+ *
+ * Connection codes are 12 characters of Crockford Base32:
+ * - First 4 chars: device alias (rendezvous point)
+ * - Last 8 chars: shared secret for encryption
+ *
+ * Displayed format: XXXX-YYYY-ZZZZ
+ */
+import type { IUserConnectInfo } from './user-connect.types';
+export interface IConnectionCode {
+    /** Full 12-character code */
+    code: string;
+    /** First 4 characters - device alias for rendezvous */
+    alias: string;
+    /** Last 8 characters - shared secret for encryption */
+    secret: string;
+}
+/**
+ * Generate a new connection code.
+ * @returns Object with full code, alias, and secret
+ */
+export declare function generateConnectionCode(): IConnectionCode;
+/**
+ * Format a connection code for display.
+ * @param code 12-character code
+ * @returns Formatted as "XXXX-YYYY-ZZZZ"
+ */
+export declare function formatConnectionCode(code: string): string;
+/**
+ * Parse a formatted connection code.
+ * @param formatted Code in any format (with or without dashes)
+ * @returns Object with alias and secret
+ */
+export declare function parseConnectionCode(formatted: string): {
+    code: string;
+    alias: string;
+    secret: string;
+};
+/**
+ * Encrypt data using the shared secret.
+ * @param data Data to encrypt
+ * @param secret 8-character shared secret
+ * @returns Base64-encoded encrypted data with nonce
+ */
+export declare function encryptWithSecret(data: any, secret: string): string;
+/**
+ * Decrypt data using the shared secret.
+ * @param encrypted Base64-encoded encrypted data
+ * @param secret 8-character shared secret
+ * @returns Decrypted data
+ */
+export declare function decryptWithSecret(encrypted: string, secret: string): any;
+/**
+ * Generate a confirmation hash from both users' information.
+ * Both parties should see the same hash if the exchange was successful.
+ * @param userA First user's info
+ * @param userB Second user's info
+ * @returns 4-character confirmation code
+ */
+export declare function generateConfirmationHash(userA: IUserConnectInfo, userB: IUserConnectInfo): string;
+/**
+ * Validate that a string is a valid connection code format.
+ * @param code Code to validate (with or without dashes)
+ * @returns true if valid
+ */
+export declare function isValidConnectionCode(code: string): boolean;

package/dist/user-connect/connection-code.js

@@ -0,0 +1,176 @@
+"use strict";
+/**
+ * Utilities for generating and handling connection codes.
+ *
+ * Connection codes are 12 characters of Crockford Base32:
+ * - First 4 chars: device alias (rendezvous point)
+ * - Last 8 chars: shared secret for encryption
+ *
+ * Displayed format: XXXX-YYYY-ZZZZ
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateConnectionCode = generateConnectionCode;
+exports.formatConnectionCode = formatConnectionCode;
+exports.parseConnectionCode = parseConnectionCode;
+exports.encryptWithSecret = encryptWithSecret;
+exports.decryptWithSecret = decryptWithSecret;
+exports.generateConfirmationHash = generateConfirmationHash;
+exports.isValidConnectionCode = isValidConnectionCode;
+const nacl = require("tweetnacl");
+const sha2_1 = require("@noble/hashes/sha2");
+const tx_encoding_1 = require("../device/tx-encoding");
+const keys_1 = require("../keys");
+/**
+ * Crockford Base32 alphabet.
+ * Excludes I, L, O, U to avoid confusion with 1, 1, 0, V respectively.
+ */
+const CROCKFORD_ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';
+/**
+ * Generate random bytes using nacl.
+ */
+function randomBytes(length) {
+    return nacl.randomBytes(length);
+}
+/**
+ * Encode bytes to Crockford Base32 string.
+ */
+function toCrockfordBase32(bytes, length) {
+    let result = '';
+    let i = 0;
+    while (result.length < length) {
+        if (i >= bytes.length) {
+            // Need more bytes
+            const moreBytes = randomBytes(length - result.length);
+            for (const b of moreBytes) {
+                result += CROCKFORD_ALPHABET[b % 32];
+                if (result.length >= length)
+                    break;
+            }
+            break;
+        }
+        // Use 5 bits at a time for base32
+        result += CROCKFORD_ALPHABET[bytes[i] % 32];
+        i++;
+    }
+    return result.substring(0, length);
+}
+/**
+ * Derive a 32-byte encryption key from the shared secret.
+ */
+function deriveKeyFromSecret(secret) {
+    // Use SHA-256 to derive a proper 32-byte key from the secret
+    const secretBytes = new TextEncoder().encode(secret);
+    return (0, sha2_1.sha256)(secretBytes);
+}
+/**
+ * Generate a new connection code.
+ * @returns Object with full code, alias, and secret
+ */
+function generateConnectionCode() {
+    const bytes = randomBytes(16);
+    const alias = toCrockfordBase32(bytes.slice(0, 4), 4);
+    const secret = toCrockfordBase32(bytes.slice(4), 8);
+    return {
+        code: alias + secret,
+        alias,
+        secret,
+    };
+}
+/**
+ * Format a connection code for display.
+ * @param code 12-character code
+ * @returns Formatted as "XXXX-YYYY-ZZZZ"
+ */
+function formatConnectionCode(code) {
+    const normalized = code.toUpperCase().replace(/[^0-9A-Z]/g, '');
+    if (normalized.length !== 12) {
+        throw new Error(`Connection code must be 12 characters, got ${normalized.length}`);
+    }
+    return `${normalized.slice(0, 4)}-${normalized.slice(4, 8)}-${normalized.slice(8, 12)}`;
+}
+/**
+ * Parse a formatted connection code.
+ * @param formatted Code in any format (with or without dashes)
+ * @returns Object with alias and secret
+ */
+function parseConnectionCode(formatted) {
+    const normalized = formatted.toUpperCase().replace(/[^0-9A-Z]/g, '');
+    if (normalized.length !== 12) {
+        throw new Error(`Connection code must be 12 characters, got ${normalized.length}`);
+    }
+    return {
+        code: normalized,
+        alias: normalized.slice(0, 4),
+        secret: normalized.slice(4, 12),
+    };
+}
+/**
+ * Encrypt data using the shared secret.
+ * @param data Data to encrypt
+ * @param secret 8-character shared secret
+ * @returns Base64-encoded encrypted data with nonce
+ */
+function encryptWithSecret(data, secret) {
+    const key = deriveKeyFromSecret(secret);
+    const nonce = nacl.randomBytes(24);
+    const dataBytes = (0, tx_encoding_1.txEncode)(data);
+    const encrypted = nacl.secretbox(dataBytes, nonce, key);
+    // Combine nonce + encrypted data
+    const combined = new Uint8Array(nonce.length + encrypted.length);
+    combined.set(nonce);
+    combined.set(encrypted, nonce.length);
+    return (0, keys_1.encodeBase64)(combined);
+}
+/**
+ * Decrypt data using the shared secret.
+ * @param encrypted Base64-encoded encrypted data
+ * @param secret 8-character shared secret
+ * @returns Decrypted data
+ */
+function decryptWithSecret(encrypted, secret) {
+    const key = deriveKeyFromSecret(secret);
+    const combined = (0, keys_1.decodeBase64)(encrypted);
+    const nonce = combined.slice(0, 24);
+    const ciphertext = combined.slice(24);
+    const decrypted = nacl.secretbox.open(ciphertext, nonce, key);
+    if (!decrypted) {
+        throw new Error('Decryption failed - invalid secret or corrupted data');
+    }
+    return (0, tx_encoding_1.txDecode)(decrypted);
+}
+/**
+ * Generate a confirmation hash from both users' information.
+ * Both parties should see the same hash if the exchange was successful.
+ * @param userA First user's info
+ * @param userB Second user's info
+ * @returns 4-character confirmation code
+ */
+function generateConfirmationHash(userA, userB) {
+    // Sort by userId to ensure consistent ordering regardless of who is A or B
+    const sorted = [userA, userB].sort((a, b) => a.userId.localeCompare(b.userId));
+    const combined = JSON.stringify(sorted);
+    const hash = (0, sha2_1.sha256)(new TextEncoder().encode(combined));
+    // Take first 4 characters of the hash encoded in Crockford Base32
+    return toCrockfordBase32(hash.slice(0, 4), 4);
+}
+/**
+ * Validate that a string is a valid connection code format.
+ * @param code Code to validate (with or without dashes)
+ * @returns true if valid
+ */
+function isValidConnectionCode(code) {
+    try {
+        const normalized = code.toUpperCase().replace(/[^0-9A-Z]/g, '');
+        if (normalized.length !== 12)
+            return false;
+        // Check all characters are valid Crockford Base32
+        for (const char of normalized) {
+            if (!CROCKFORD_ALPHABET.includes(char))
+                return false;
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/user-connect/connection-code.test.d.ts

@@ -0,0 +1 @@
+export {};