@raviolelabs/engram-mcp 0.2.0

package/dist/sync/recovery-setup.js

@@ -0,0 +1,113 @@
+// src/sync/recovery-setup.ts
+/**
+ * Opt-in recovery shards setup flow — runs on the user's PC.
+ *
+ * Steps:
+ *   1. Generate a random 32-byte Key-Wrapping Key (KWK).
+ *   2. Encrypt the current master key with KWK → mk_ciphertext.
+ *   3. Split KWK into 5 Shamir shares (3-of-5).
+ *   4. POST /saves/recovery/initiate with shares + mk_ciphertext.
+ *      - Sends each share code to the corresponding trusted email via Resend
+ *        (the cloud worker handles email delivery via plaintext_codes in the body).
+ *   5. Store local record of setup completion in SQLite.
+ */
+import sodium from 'libsodium-wrappers';
+import { randomBytes } from 'crypto';
+import { createLogger } from '../logger.js';
+import { shamirSplit } from './shamir.js';
+import { getDb } from '../db/index.js';
+import { ulid } from 'ulid';
+const log = createLogger('recovery-setup');
+/**
+ * Encrypt masterKey with kwk using XChaCha20-Poly1305 (libsodium secretbox).
+ * Returns a hex string: nonce (24 bytes) || ciphertext.
+ */
+async function encryptMasterKey(masterKey, kwk) {
+    await sodium.ready;
+    const nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);
+    const ciphertext = sodium.crypto_secretbox_easy(new Uint8Array(masterKey), nonce, new Uint8Array(kwk));
+    return Buffer.concat([Buffer.from(nonce), Buffer.from(ciphertext)]).toString('hex');
+}
+/**
+ * Envelope-encrypt a share code for server-side storage.
+ * For local dev: we hex-encode the base32 code. In production the cloud worker
+ * would apply its own envelope encryption before persisting to D1.
+ */
+function envelopeEncryptShare(share) {
+    // Simplified: hex-encode the base32 code for transport.
+    // The cloud worker stores as-is; it treats this as the share_ciphertext column.
+    return Buffer.from(share.code).toString('hex');
+}
+export async function setupRecoveryShards(input) {
+    const { masterKey, trustedEmails, jwt, cloudBaseUrl } = input;
+    if (masterKey.length !== 32)
+        throw new Error('masterKey must be 32 bytes');
+    if (trustedEmails.length !== 5)
+        throw new Error('Need exactly 5 trusted emails');
+    // 1. Generate KWK
+    const kwk = Buffer.from(randomBytes(32));
+    log.info('Generated KWK for recovery setup');
+    // 2. Encrypt master key with KWK
+    const mkCiphertext = await encryptMasterKey(masterKey, kwk);
+    log.info('Encrypted master key with KWK');
+    // 3. Split KWK into 5 shares (3-of-5)
+    const shares = shamirSplit(kwk, 3, 5);
+    log.info('Split KWK into 5 Shamir shares');
+    // 4. Prepare payload for cloud
+    const sharesPayload = shares.map((share) => ({
+        index: share.index,
+        encrypted_share: envelopeEncryptShare(share),
+        plaintext_code: share.code, // sent for email delivery; not stored server-side
+    }));
+    // 5. POST /saves/recovery/initiate
+    const res = await fetch(`${cloudBaseUrl}/saves/recovery/initiate`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${jwt}`,
+        },
+        body: JSON.stringify({
+            trusted_emails: trustedEmails,
+            mk_ciphertext: mkCiphertext,
+            shares: sharesPayload,
+            plaintext_codes: shares.map((s) => s.code),
+        }),
+    });
+    if (!res.ok) {
+        const errBody = await res.text();
+        throw new Error(`Recovery initiate failed: ${res.status} — ${errBody}`);
+    }
+    // 6. Store local record
+    const db = getDb();
+    // Clear any previous shards
+    db.prepare(`DELETE FROM recovery_shards`).run();
+    for (let i = 0; i < 5; i++) {
+        db.prepare(`INSERT INTO recovery_shards (id, share_index, trusted_email, created_at)
+       VALUES (?, ?, ?, ?)`).run(ulid(), i + 1, trustedEmails[i], Date.now());
+    }
+    log.info('Recovery shards setup complete — 5 emails will receive their share codes');
+    // 7. Zero out KWK from buffer after use (best-effort in JS)
+    const kwkCopy = Buffer.from(kwk); // return a copy for caller verification
+    kwk.fill(0);
+    return { ok: true, shardsStored: 5, kwk: kwkCopy };
+}
+/**
+ * Decrypt the encrypted master key using the KWK reconstructed from Shamir shares.
+ * Called during the recovery restore flow on the client side.
+ *
+ * @param mkCiphertextHex - hex string: nonce (24 bytes) || ciphertext
+ * @param kwk             - 32-byte key-wrapping key (reconstructed from 3-of-5 shares)
+ */
+export async function decryptMasterKey(mkCiphertextHex, kwk) {
+    await sodium.ready;
+    const combined = Buffer.from(mkCiphertextHex, 'hex');
+    const NONCE_LEN = sodium.crypto_secretbox_NONCEBYTES; // 24
+    const nonce = combined.subarray(0, NONCE_LEN);
+    const ciphertext = combined.subarray(NONCE_LEN);
+    const plaintext = sodium.crypto_secretbox_open_easy(new Uint8Array(ciphertext), new Uint8Array(nonce), new Uint8Array(kwk));
+    if (!plaintext) {
+        throw new Error('Failed to decrypt master key — wrong KWK or corrupted ciphertext');
+    }
+    return Buffer.from(plaintext);
+}
+//# sourceMappingURL=recovery-setup.js.map

package/dist/sync/recovery-setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recovery-setup.js","sourceRoot":"","sources":["../../src/sync/recovery-setup.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B;;;;;;;;;;;GAWG;AACH,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAoB,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;AAoB3C;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAAC,SAAiB,EAAE,GAAW;IAC5D,MAAM,MAAM,CAAC,KAAK,CAAC;IAEnB,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACzE,MAAM,UAAU,GAAG,MAAM,CAAC,qBAAqB,CAC7C,IAAI,UAAU,CAAC,SAAS,CAAC,EACzB,KAAK,EACL,IAAI,UAAU,CAAC,GAAG,CAAC,CACpB,CAAC;IAEF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtF,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAkB;IAC9C,wDAAwD;IACxD,gFAAgF;IAChF,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAyB;IAEzB,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;IAE9D,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAC3E,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAEjF,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzC,GAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAE7C,iCAAiC;IACjC,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IAC5D,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAE1C,sCAAsC;IACtC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,GAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAE3C,+BAA+B;IAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,eAAe,EAAE,oBAAoB,CAAC,KAAK,CAAC;QAC5C,cAAc,EAAE,KAAK,CAAC,IAAI,EAAE,kDAAkD;KAC/E,CAAC,CAAC,CAAC;IAEJ,mCAAmC;IACnC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,0BAA0B,EAAE;QACjE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,GAAG,EAAE;SAC/B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,cAAc,EAAE,aAAa;YAC7B,aAAa,EAAE,YAAY;YAC3B,MAAM,EAAE,aAAa;YACrB,eAAe,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC3C,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,MAAM,MAAM,OAAO,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,wBAAwB;IACxB,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,4BAA4B;IAC5B,EAAE,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,GAAG,EAAE,CAAC;IAEhD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,EAAE,CAAC,OAAO,CACR;2BACqB,CACtB,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;IAErF,4DAA4D;IAC5D,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,wCAAwC;IAC1E,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;AACrD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,eAAuB,EAAE,GAAW;IACzE,MAAM,MAAM,CAAC,KAAK,CAAC;IAEnB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,MAAM,CAAC,2BAA2B,CAAC,CAAC,KAAK;IAC3D,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,SAAS,GAAG,MAAM,CAAC,0BAA0B,CACjD,IAAI,UAAU,CAAC,UAAU,CAAC,EAC1B,IAAI,UAAU,CAAC,KAAK,CAAC,EACrB,IAAI,UAAU,CAAC,GAAG,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAChC,CAAC"}

package/dist/sync/replay.d.ts

@@ -0,0 +1,19 @@
+import type { ReplayApplier } from './apply.js';
+import type { OpsLogger } from './ops-log.js';
+export interface ReplayOptions {
+    cloudBaseUrl: string;
+    jwtToken: string;
+    localDeviceId: string;
+    opsLogger: OpsLogger;
+    applier: ReplayApplier;
+    batchSize?: number;
+}
+/**
+ * Fetch and apply all ops from cloud that are newer than the local max applied op.
+ * Iterates until the server returns fewer ops than `batchSize` (no more to fetch).
+ * Safe to call on every boot — idempotent via op_id deduplication in ReplayApplier.
+ */
+export declare function replayFromCloud(opts: ReplayOptions): Promise<{
+    applied: number;
+}>;
+//# sourceMappingURL=replay.d.ts.map

package/dist/sync/replay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.d.ts","sourceRoot":"","sources":["../../src/sync/replay.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAI9C,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,aAAa,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAuDvF"}

package/dist/sync/replay.js

@@ -0,0 +1,59 @@
+// src/sync/replay.ts
+import { createLogger } from '../logger.js';
+import { WireOpSchema } from './types.js';
+const log = createLogger('sync:replay');
+/**
+ * Fetch and apply all ops from cloud that are newer than the local max applied op.
+ * Iterates until the server returns fewer ops than `batchSize` (no more to fetch).
+ * Safe to call on every boot — idempotent via op_id deduplication in ReplayApplier.
+ */
+export async function replayFromCloud(opts) {
+    const batchSize = opts.batchSize ?? 200;
+    let afterOpId = ''; // start from the beginning on first run
+    let totalApplied = 0;
+    // Find the last op_id we have applied (ULID = lexicographic ordering)
+    const maxAppliedOpId = opts.opsLogger.maxAppliedOpId();
+    if (maxAppliedOpId)
+        afterOpId = maxAppliedOpId;
+    log.info('starting catch-up replay', { afterOpId: afterOpId || '(start)', batchSize });
+    while (true) {
+        const url = new URL(`${opts.cloudBaseUrl}/sync/ops`);
+        url.searchParams.set('after', afterOpId);
+        url.searchParams.set('limit', String(batchSize));
+        let resp;
+        try {
+            resp = await fetch(url.toString(), {
+                headers: { Authorization: `Bearer ${opts.jwtToken}` },
+            });
+        }
+        catch (err) {
+            log.warn('catch-up fetch failed — will retry on reconnect', { err });
+            break;
+        }
+        if (!resp.ok) {
+            log.warn('catch-up fetch non-200', { status: resp.status });
+            break;
+        }
+        const body = (await resp.json());
+        const ops = body.ops ?? [];
+        log.debug('catch-up batch received', { count: ops.length });
+        for (const raw of ops) {
+            try {
+                const op = WireOpSchema.parse(raw);
+                await opts.applier.applyOp(op, opts.localDeviceId);
+                afterOpId = op.op_id; // advance cursor
+                totalApplied++;
+            }
+            catch (err) {
+                log.warn('failed to parse/apply catch-up op', { err });
+            }
+        }
+        if (ops.length < batchSize) {
+            // Server has no more ops — done
+            break;
+        }
+    }
+    log.info('catch-up replay complete', { totalApplied });
+    return { applied: totalApplied };
+}
+//# sourceMappingURL=replay.js.map

package/dist/sync/replay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay.js","sourceRoot":"","sources":["../../src/sync/replay.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI1C,MAAM,GAAG,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;AAWxC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAmB;IACvD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,IAAI,SAAS,GAAG,EAAE,CAAC,CAAC,wCAAwC;IAC5D,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,sEAAsE;IACtE,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;IACvD,IAAI,cAAc;QAAE,SAAS,GAAG,cAAc,CAAC;IAE/C,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,SAAS,IAAI,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;IAEvF,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,WAAW,CAAC,CAAC;QACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACzC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAEjD,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;gBACjC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,QAAQ,EAAE,EAAE;aACtD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YACrE,MAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,MAAM;QACR,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAsC,CAAC;QACtE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;QAE3B,GAAG,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAE5D,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;gBACnD,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,iBAAiB;gBACvC,YAAY,EAAE,CAAC;YACjB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,gCAAgC;YAChC,MAAM;QACR,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IACvD,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;AACnC,CAAC"}

package/dist/sync/shamir.d.ts

@@ -0,0 +1,22 @@
+export interface ShamirShare {
+    /** 1-based index of this share */
+    index: number;
+    /** Base32-encoded share for safe email delivery */
+    code: string;
+}
+/**
+ * Split a 32-byte key-wrapping key into `total` shares, requiring `threshold`
+ * to reconstruct.
+ *
+ * @param kwk   32-byte Buffer (the key-wrapping key)
+ * @param threshold  minimum shares to reconstruct (e.g. 3)
+ * @param total      total number of shares (e.g. 5)
+ */
+export declare function shamirSplit(kwk: Buffer, threshold: number, total: number): ShamirShare[];
+/**
+ * Reconstruct the 32-byte KWK from at least `threshold` shares.
+ *
+ * @param shares  Array of ShamirShare (any order, only threshold needed)
+ */
+export declare function shamirCombine(shares: ShamirShare[]): Buffer;
+//# sourceMappingURL=shamir.d.ts.map

package/dist/sync/shamir.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shamir.d.ts","sourceRoot":"","sources":["../../src/sync/shamir.ts"],"names":[],"mappings":"AAoEA,MAAM,WAAW,WAAW;IAC1B,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,WAAW,EAAE,CAcf;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,CAe3D"}

package/dist/sync/shamir.js

@@ -0,0 +1,109 @@
+// src/sync/shamir.ts
+/**
+ * Thin wrapper around secrets.js-grempe for Shamir Secret Sharing.
+ *
+ * Splits a 32-byte Buffer into `total` hex-encoded shares, any `threshold`
+ * of which can reconstruct the original.  Shares are base32-encoded for
+ * safe transmission over email (no case-sensitivity issues, no ambiguous chars).
+ *
+ * We operate on the Key-Wrapping Key (KWK), NOT the master key or passphrase.
+ */
+import secrets from 'secrets.js-grempe';
+import { createLogger } from '../logger.js';
+const log = createLogger('shamir');
+/** Base32 alphabet (RFC 4648 without padding) */
+const B32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+/**
+ * Encode a secrets.js share string (hex-encoded ASCII) as base32.
+ * The share from secrets.js-grempe is a hex string like "8011ab..."; we encode
+ * its ASCII bytes (not the decoded binary) so the round-trip is exact regardless
+ * of whether the hex string has odd or even length.
+ */
+function shareToBase32(hexShare) {
+    // Treat each ASCII character of the hex share as a byte
+    const bytes = Buffer.from(hexShare, 'ascii');
+    let bits = 0;
+    let value = 0;
+    let out = '';
+    for (const byte of bytes) {
+        value = (value << 8) | byte;
+        bits += 8;
+        while (bits >= 5) {
+            out += B32_ALPHABET[(value >>> (bits - 5)) & 31];
+            bits -= 5;
+        }
+    }
+    if (bits > 0) {
+        out += B32_ALPHABET[(value << (5 - bits)) & 31];
+    }
+    return out;
+}
+/**
+ * Decode a base32 string back to the secrets.js share hex string.
+ */
+function base32ToShare(b32) {
+    const clean = b32
+        .toUpperCase()
+        .replace(/\s/g, '')
+        .replace(/[^A-Z2-7]/g, '');
+    let bits = 0;
+    let value = 0;
+    const byteArr = [];
+    for (const char of clean) {
+        const idx = B32_ALPHABET.indexOf(char);
+        if (idx < 0)
+            throw new Error(`Invalid base32 char: ${char}`);
+        value = (value << 5) | idx;
+        bits += 5;
+        if (bits >= 8) {
+            byteArr.push((value >>> (bits - 8)) & 0xff);
+            bits -= 8;
+        }
+    }
+    return Buffer.from(byteArr).toString('ascii');
+}
+/**
+ * Split a 32-byte key-wrapping key into `total` shares, requiring `threshold`
+ * to reconstruct.
+ *
+ * @param kwk   32-byte Buffer (the key-wrapping key)
+ * @param threshold  minimum shares to reconstruct (e.g. 3)
+ * @param total      total number of shares (e.g. 5)
+ */
+export function shamirSplit(kwk, threshold, total) {
+    if (kwk.length !== 32)
+        throw new Error('KWK must be 32 bytes');
+    if (threshold < 2)
+        throw new Error('threshold must be >= 2');
+    if (total < threshold)
+        throw new Error('total must be >= threshold');
+    const hexSecret = kwk.toString('hex');
+    const hexShares = secrets.share(hexSecret, total, threshold);
+    log.info(`Shamir split: ${total} shares, threshold ${threshold}`);
+    return hexShares.map((hexShare, i) => ({
+        index: i + 1,
+        code: shareToBase32(hexShare),
+    }));
+}
+/**
+ * Reconstruct the 32-byte KWK from at least `threshold` shares.
+ *
+ * @param shares  Array of ShamirShare (any order, only threshold needed)
+ */
+export function shamirCombine(shares) {
+    if (shares.length < 2)
+        throw new Error('Need at least 2 shares to combine');
+    const hexShares = shares.map((s) => base32ToShare(s.code));
+    const hexSecret = secrets.combine(hexShares);
+    const kwk = Buffer.from(hexSecret, 'hex');
+    // Note: with fewer shares than threshold, secrets.js-grempe returns garbage of
+    // a different length — callers should validate length === 32 before trusting the result.
+    if (kwk.length === 32) {
+        log.info(`Shamir combine: reconstructed KWK from ${shares.length} shares`);
+    }
+    else {
+        log.warn(`Shamir combine: reconstructed key has unexpected length ${kwk.length} — wrong key or insufficient shares`);
+    }
+    return kwk;
+}
+//# sourceMappingURL=shamir.js.map

package/dist/sync/shamir.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shamir.js","sourceRoot":"","sources":["../../src/sync/shamir.ts"],"names":[],"mappings":"AAAA,qBAAqB;AACrB;;;;;;;;GAQG;AACH,OAAO,OAAO,MAAM,mBAAmB,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;AAEnC,iDAAiD;AACjD,MAAM,YAAY,GAAG,kCAAkC,CAAC;AAExD;;;;;GAKG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,wDAAwD;IACxD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,CAAC;QACV,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC;YACjB,GAAG,IAAI,YAAY,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACjD,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,GAAG,IAAI,YAAY,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,KAAK,GAAG,GAAG;SACd,WAAW,EAAE;SACb,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;SAClB,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;IAC7B,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,GAAG,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;QAC7D,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;QAC3B,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AASD;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,GAAW,EACX,SAAiB,EACjB,KAAa;IAEb,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC/D,IAAI,SAAS,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC7D,IAAI,KAAK,GAAG,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAErE,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,SAAS,GAAa,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAEvE,GAAG,CAAC,IAAI,CAAC,iBAAiB,KAAK,sBAAsB,SAAS,EAAE,CAAC,CAAC;IAElE,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,KAAK,EAAE,CAAC,GAAG,CAAC;QACZ,IAAI,EAAE,aAAa,CAAC,QAAQ,CAAC;KAC9B,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IACjD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC1C,+EAA+E;IAC/E,yFAAyF;IACzF,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,GAAG,CAAC,IAAI,CAAC,0CAA0C,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,IAAI,CAAC,2DAA2D,GAAG,CAAC,MAAM,qCAAqC,CAAC,CAAC;IACvH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/sync/tests/apply.test.d.ts

@@ -0,0 +1,4 @@
+import type { WireOp } from '../types.js';
+declare function buildFakeOp(deviceId: string, privkeyHex: string, opType: string, memoryId: string, payload: Record<string, unknown>): WireOp;
+export { buildFakeOp };
+//# sourceMappingURL=apply.test.d.ts.map

package/dist/sync/tests/apply.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apply.test.d.ts","sourceRoot":"","sources":["../../../src/sync/tests/apply.test.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AA8G1C,iBAAS,WAAW,CAClB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,MAAM,CA4BR;AAGD,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/sync/tests/apply.test.js

@@ -0,0 +1,119 @@
+// src/sync/tests/apply.test.ts
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { monotonicFactory } from 'ulid';
+import { initDb } from '../../db/index.js';
+import { getOrCreateDeviceIdentity, generateKeypair, opCanonicalBytes, signBytes, } from '../ed25519.js';
+import { encryptPayload } from '../ops-log.js';
+import { ReplayApplier, lwwMergeProperties } from '../apply.js';
+const ulid = monotonicFactory();
+const masterKey = Buffer.alloc(32, 0x11);
+describe('lwwMergeProperties', () => {
+    it('incoming newer: scalars from incoming, arrays union', () => {
+        const result = lwwMergeProperties({ title: 'old', tags: ['a', 'b'] }, { title: 'new', tags: ['b', 'c'] }, 1, 2);
+        expect(result.title).toBe('new');
+        expect(result.tags).toEqual(expect.arrayContaining(['a', 'b', 'c']));
+        expect(result.tags.length).toBe(3);
+    });
+    it('current newer: scalars from current win, arrays still union', () => {
+        const result = lwwMergeProperties({ title: 'current', tags: ['x'] }, { title: 'stale', tags: ['y'] }, 10, 5);
+        expect(result.title).toBe('current');
+        expect(result.tags).toEqual(expect.arrayContaining(['x', 'y']));
+    });
+});
+describe('ReplayApplier', () => {
+    let tmpDir;
+    let db;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(join(tmpdir(), 'engram-apply-test-'));
+        db = initDb(join(tmpDir, 'engram.db'));
+    });
+    afterEach(() => {
+        db.close();
+        rmSync(tmpDir, { recursive: true });
+    });
+    it('skips ops from own device', async () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        // Build a fake op attributed to this device
+        const op = buildFakeOp(identity.device_id, identity.privkey_hex, 'add_memory', 'mem-1', {
+            item: { id: 'mem-1', type: 'notes', content: 'hi', content_hash: 'abc' },
+        });
+        const applier = new ReplayApplier(db, {}, masterKey);
+        await applier.applyOp(op, identity.device_id); // should be no-op
+        const row = db.prepare(`SELECT id FROM memories WHERE id = 'mem-1'`).get();
+        expect(row).toBeUndefined();
+    });
+    it('rejects ops with invalid signature', async () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const other = generateKeypair();
+        const op = buildFakeOp(other.pubkeyHex, other.privkeyHex, 'add_memory', 'mem-2', {
+            item: { id: 'mem-2', type: 'notes', content: 'hi', content_hash: 'xyz' },
+        });
+        // Corrupt the sig
+        const corruptOp = { ...op, sig: 'a'.repeat(128) };
+        const applier = new ReplayApplier(db, {}, masterKey);
+        await applier.applyOp(corruptOp, identity.device_id); // should be rejected
+        const row = db.prepare(`SELECT id FROM memories WHERE id = 'mem-2'`).get();
+        expect(row).toBeUndefined();
+    });
+    it('is idempotent — applying same op twice is safe', async () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const other = generateKeypair();
+        // Insert a memory to update
+        db.prepare(`INSERT INTO memories (id, type, source_id, content, content_hash, properties_json,
+         wikilinks_json, related_ids_json, embedding_model, created_at)
+       VALUES ('mem-idem', 'notes', 'manual', 'text', 'hashidem', '{"title":"orig","tags":[]}',
+         '[]', '[]', 'nomic', ?)`).run(Date.now());
+        const op = buildFakeOp(other.pubkeyHex, other.privkeyHex, 'update_properties', 'mem-idem', {
+            memory_id: 'mem-idem',
+            delta: { title: 'updated', tags: ['sync'] },
+        });
+        const storeStub = {
+            async insertWithoutLog() { },
+            async deleteVectorIfExists() { },
+        };
+        const applier = new ReplayApplier(db, storeStub, masterKey);
+        await applier.applyOp(op, identity.device_id);
+        await applier.applyOp(op, identity.device_id); // second apply should no-op
+        const row = db
+            .prepare(`SELECT properties_json FROM memories WHERE id = 'mem-idem'`)
+            .get();
+        const props = JSON.parse(row.properties_json);
+        expect(props.title).toBe('updated');
+    });
+});
+// Helper — build a signed WireOp for tests
+function buildFakeOp(deviceId, privkeyHex, opType, memoryId, payload) {
+    const opId = ulid();
+    const lamportTs = 1;
+    const plaintext = Buffer.from(JSON.stringify(payload), 'utf8');
+    const { enc, nonce } = encryptPayload(plaintext, masterKey);
+    const payloadEncB64 = enc.toString('base64');
+    const nonceB64 = nonce.toString('base64');
+    const canonical = opCanonicalBytes({
+        op_id: opId,
+        device_id: deviceId,
+        lamport_ts: lamportTs,
+        op_type: opType,
+        memory_id: memoryId,
+        payload_enc: payloadEncB64,
+        nonce: nonceB64,
+    });
+    const sigHex = signBytes(canonical, privkeyHex);
+    return {
+        op_id: opId,
+        device_id: deviceId,
+        lamport_ts: lamportTs,
+        op_type: opType,
+        memory_id: memoryId,
+        payload_enc: payloadEncB64,
+        nonce: nonceB64,
+        sig: sigHex,
+        created_at: Date.now(),
+    };
+}
+// Export helper for use in other test files
+export { buildFakeOp };
+//# sourceMappingURL=apply.test.js.map

package/dist/sync/tests/apply.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apply.test.js","sourceRoot":"","sources":["../../../src/sync/tests/apply.test.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EACL,yBAAyB,EACzB,eAAe,EACf,gBAAgB,EAChB,SAAS,GACV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAIhE,MAAM,IAAI,GAAG,gBAAgB,EAAE,CAAC;AAChC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AAEzC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAG,kBAAkB,CAC/B,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAClC,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAClC,CAAC,EACD,CAAC,CACF,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACrE,MAAM,CAAE,MAAM,CAAC,IAAiB,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,MAAM,GAAG,kBAAkB,CAC/B,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,EACjC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,EAC/B,EAAE,EACF,CAAC,CACF,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAI,MAAc,CAAC;IACnB,IAAI,EAAqB,CAAC;IAE1B,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC;QAC3D,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,4CAA4C;QAC5C,MAAM,EAAE,GAAW,WAAW,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,EAAE;YAC9F,IAAI,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE;SACzE,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,EAA4B,EAAE,SAAS,CAAC,CAAC;QAC/E,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB;QAEjE,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC,GAAG,EAAE,CAAC;QAC3E,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,YAAY,EAAE,OAAO,EAAE;YAC/E,IAAI,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE;SACzE,CAAC,CAAC;QACH,kBAAkB;QAClB,MAAM,SAAS,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAElD,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,EAA4B,EAAE,SAAS,CAAC,CAAC;QAC/E,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,qBAAqB;QAE3E,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC,GAAG,EAAE,CAAC;QAC3E,MAAM,CAAC,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAEhC,4BAA4B;QAC5B,EAAE,CAAC,OAAO,CACR;;;iCAG2B,CAC5B,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAElB,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,UAAU,EAAE,mBAAmB,EAAE,UAAU,EAAE;YACzF,SAAS,EAAE,UAAU;YACrB,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;SAC5C,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG;YAChB,KAAK,CAAC,gBAAgB,KAAI,CAAC;YAC3B,KAAK,CAAC,oBAAoB,KAAI,CAAC;SACN,CAAC;QAE5B,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC5D,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,4BAA4B;QAE3E,MAAM,GAAG,GAAG,EAAE;aACX,OAAO,CAAC,4DAA4D,CAAC;aACrE,GAAG,EAAiC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,CAAsB,CAAC;QACnE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,2CAA2C;AAC3C,SAAS,WAAW,CAClB,QAAgB,EAChB,UAAkB,EAClB,MAAc,EACd,QAAgB,EAChB,OAAgC;IAEhC,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;IACpB,MAAM,SAAS,GAAG,CAAC,CAAC;IACpB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC;QACjC,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,SAAS;QACrB,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,aAAa;QAC1B,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAChD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,SAAS;QACrB,OAAO,EAAE,MAA2B;QACpC,SAAS,EAAE,QAAQ;QACnB,WAAW,EAAE,aAAa;QAC1B,KAAK,EAAE,QAAQ;QACf,GAAG,EAAE,MAAM;QACX,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;KACvB,CAAC;AACJ,CAAC;AAED,4CAA4C;AAC5C,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/sync/tests/ops-log.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=ops-log.test.d.ts.map

package/dist/sync/tests/ops-log.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ops-log.test.d.ts","sourceRoot":"","sources":["../../../src/sync/tests/ops-log.test.ts"],"names":[],"mappings":""}

package/dist/sync/tests/ops-log.test.js

@@ -0,0 +1,105 @@
+// src/sync/tests/ops-log.test.ts
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { initDb } from '../../db/index.js';
+import { getOrCreateDeviceIdentity, verifySignature, opCanonicalBytes } from '../ed25519.js';
+import { OpsLogger, encryptPayload, decryptPayload } from '../ops-log.js';
+let tmpDir;
+let db;
+const masterKey = Buffer.alloc(32, 0x42); // test key
+beforeEach(() => {
+    tmpDir = mkdtempSync(join(tmpdir(), 'engram-ops-test-'));
+    db = initDb(join(tmpDir, 'engram.db'));
+});
+afterEach(() => {
+    db.close();
+    rmSync(tmpDir, { recursive: true });
+});
+describe('encryptPayload / decryptPayload', () => {
+    it('roundtrips', () => {
+        const plain = Buffer.from('{"hello":"world"}');
+        const { enc, nonce } = encryptPayload(plain, masterKey);
+        const dec = decryptPayload(enc, nonce, masterKey);
+        expect(dec.toString()).toBe('{"hello":"world"}');
+    });
+    it('rejects wrong key', () => {
+        const { enc, nonce } = encryptPayload(Buffer.from('test'), masterKey);
+        const badKey = Buffer.alloc(32, 0xff);
+        expect(() => decryptPayload(enc, nonce, badKey)).toThrow();
+    });
+});
+describe('OpsLogger', () => {
+    it('appends op and lists as pending', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        const opId = logger.append('add_memory', 'mem-123', { content: 'hello' });
+        const pending = logger.listPending();
+        expect(pending).toHaveLength(1);
+        expect(pending[0].op_id).toBe(opId);
+        expect(pending[0].op_type).toBe('add_memory');
+        expect(pending[0].memory_id).toBe('mem-123');
+    });
+    it('increments Lamport clock monotonically', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        const ids = Array.from({ length: 5 }, (_, i) => logger.append('update_properties', `mem-${i}`, { tags: [`t${i}`] }));
+        const pending = logger.listPending();
+        const lamports = pending.map((p) => p.lamport_ts);
+        for (let i = 1; i < lamports.length; i++) {
+            expect(lamports[i]).toBeGreaterThan(lamports[i - 1]);
+        }
+        expect(ids).toHaveLength(5);
+    });
+    it('markSent clears pending list', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        const opId = logger.append('delete_memory', 'mem-del', {});
+        expect(logger.listPending()).toHaveLength(1);
+        logger.markSent([opId]);
+        expect(logger.listPending()).toHaveLength(0);
+    });
+    it('maxAppliedLamport returns 0 when nothing applied', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        expect(logger.maxAppliedLamport()).toBe(0);
+    });
+    it('sig field can be verified via ed25519', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        logger.append('add_memory', 'mem-sig-test', { content: 'sign test' });
+        const pending = logger.listPending();
+        const op = pending[0];
+        const canonical = opCanonicalBytes({
+            op_id: op.op_id,
+            device_id: op.device_id,
+            lamport_ts: op.lamport_ts,
+            op_type: op.op_type,
+            memory_id: op.memory_id,
+            payload_enc: op.payload_enc,
+            nonce: op.nonce,
+        });
+        expect(verifySignature(canonical, op.sig, identity.pubkey_hex)).toBe(true);
+    });
+    it('tampered payload fails signature verification', () => {
+        const identity = getOrCreateDeviceIdentity(db);
+        const logger = new OpsLogger(db, identity, masterKey);
+        logger.append('add_memory', 'mem-tamper', { content: 'original' });
+        const pending = logger.listPending();
+        const op = pending[0];
+        // Tamper payload_enc
+        const tamperedOp = { ...op, payload_enc: 'AAAAAAAAAAAAAAAA' };
+        const canonical = opCanonicalBytes({
+            op_id: tamperedOp.op_id,
+            device_id: tamperedOp.device_id,
+            lamport_ts: tamperedOp.lamport_ts,
+            op_type: tamperedOp.op_type,
+            memory_id: tamperedOp.memory_id,
+            payload_enc: tamperedOp.payload_enc,
+            nonce: tamperedOp.nonce,
+        });
+        expect(verifySignature(canonical, op.sig, identity.pubkey_hex)).toBe(false);
+    });
+});
+//# sourceMappingURL=ops-log.test.js.map

package/dist/sync/tests/ops-log.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ops-log.test.js","sourceRoot":"","sources":["../../../src/sync/tests/ops-log.test.ts"],"names":[],"mappings":"AAAA,iCAAiC;AACjC,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAC7F,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE1E,IAAI,MAAc,CAAC;AACnB,IAAI,EAAqB,CAAC;AAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,WAAW;AAErD,UAAU,CAAC,GAAG,EAAE;IACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;IACzD,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;AACzC,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,EAAE,CAAC,KAAK,EAAE,CAAC;IACX,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,YAAY,EAAE,GAAG,EAAE;QACpB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACxD,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAClD,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,SAAS,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAE1E,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAC7C,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CACpE,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAE,CAAC,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAEtD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,cAAc,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QAEtE,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;QACvB,MAAM,SAAS,GAAG,gBAAgB,CAAC;YACjC,KAAK,EAAE,EAAE,CAAC,KAAK;YACf,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,UAAU,EAAE,EAAE,CAAC,UAAU;YACzB,OAAO,EAAE,EAAE,CAAC,OAAO;YACnB,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,WAAW,EAAE,EAAE,CAAC,WAAW;YAC3B,KAAK,EAAE,EAAE,CAAC,KAAK;SAChB,CAAC,CAAC;QACH,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,QAAQ,GAAG,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;QAEnE,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;QACvB,qBAAqB;QACrB,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC;QAC9D,MAAM,SAAS,GAAG,gBAAgB,CAAC;YACjC,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,KAAK,EAAE,UAAU,CAAC,KAAK;SACxB,CAAC,CAAC;QACH,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/sync/tests/two-device-sync.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=two-device-sync.test.d.ts.map

package/dist/sync/tests/two-device-sync.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"two-device-sync.test.d.ts","sourceRoot":"","sources":["../../../src/sync/tests/two-device-sync.test.ts"],"names":[],"mappings":""}