@reverbia/sdk 1.0.0-next.20251229084841 → 1.1.0-next.20251230221037

package/dist/react/index.d.mts

@@ -969,12 +969,14 @@ declare function clearAllEncryptionKeys(): void;
 /**
  * Encrypts data using AES-GCM with the stored encryption key
  * @param plaintext - The data to encrypt (string or Uint8Array)
+ * @param address - The wallet address for encryption
  * @returns Encrypted data as hex string (IV + ciphertext + auth tag)
  */
 declare function encryptData(plaintext: string | Uint8Array, address: string): Promise<string>;
 /**
  * Decrypts data using AES-GCM with the stored encryption key
  * @param encryptedHex - Encrypted data as hex string (IV + ciphertext + auth tag)
+ * @param address - The wallet address for decryption
  * @returns Decrypted data as string
  */
 declare function decryptData(encryptedHex: string, address: string): Promise<string>;
@@ -999,19 +1001,61 @@ type SignMessageFn = (message: string) => Promise<string>;
  * Note: Keys are stored in memory only and do not persist across page reloads.
  * This is a security feature - users must sign once per session to derive their key.
  *
+ * Handles Privy rate limits (429 errors) with automatic retry and exponential backoff.
+ *
  * @param walletAddress - The wallet address to generate the key for
  * @param signMessage - Function to sign a message (returns signature hex string)
  * @returns Promise that resolves when the key is available
  */
 declare function requestEncryptionKey(walletAddress: string, signMessage: SignMessageFn): Promise<void>;
+/**
+ * Requests the user to sign a message to generate an ECDH key pair.
+ * If a key pair already exists in memory for the given wallet, resolves immediately.
+ *
+ * Note: Key pairs are stored in memory only and do not persist across page reloads.
+ * This is a security feature - users must sign once per session to derive their key pair.
+ *
+ * Handles Privy rate limits (429 errors) with automatic retry and exponential backoff.
+ *
+ * @param walletAddress - The wallet address to generate the key pair for
+ * @param signMessage - Function to sign a message (returns signature hex string)
+ * @returns Promise that resolves when the key pair is available
+ */
+declare function requestKeyPair(walletAddress: string, signMessage: SignMessageFn): Promise<void>;
+/**
+ * Exports the public key for a wallet address as SPKI format (base64)
+ * @param address - The wallet address
+ * @param signMessage - Function to sign a message (returns signature hex string)
+ * @returns The public key as base64-encoded SPKI string
+ */
+declare function exportPublicKey(address: string, signMessage: SignMessageFn): Promise<string>;
+/**
+ * Checks if a key pair exists in memory for the given wallet address
+ * @param address - The wallet address
+ * @returns True if key pair exists, false otherwise
+ */
+declare function hasKeyPair(address: string): boolean;
+/**
+ * Clears the key pair for a wallet address from memory
+ * @param address - The wallet address
+ */
+declare function clearKeyPair(address: string): void;
+/**
+ * Clears all key pairs from memory
+ */
+declare function clearAllKeyPairs(): void;
 /**
  * Hook that provides on-demand encryption key management.
  * @param signMessage - Function to sign a message (from Privy's useSignMessage)
- * @returns Functions to request encryption keys
+ * @returns Functions to request encryption keys and manage key pairs
  * @category Hooks
  */
 declare function useEncryption(signMessage: SignMessageFn): {
     requestEncryptionKey: (walletAddress: string) => Promise<void>;
+    requestKeyPair: (walletAddress: string) => Promise<void>;
+    exportPublicKey: (walletAddress: string) => Promise<string>;
+    hasKeyPair: (walletAddress: string) => boolean;
+    clearKeyPair: (walletAddress: string) => void;
 };
 
 declare const chatStorageSchema: Readonly<{
@@ -1075,6 +1119,12 @@ interface BaseUseMemoryStorageOptions {
     onFactsExtracted?: (facts: MemoryExtractionResult) => void;
     getToken?: () => Promise<string | null>;
     baseUrl?: string;
+    /** Wallet address for encryption (optional - encryption disabled if not provided) */
+    walletAddress?: string | null;
+    /** Function to request encryption key (optional - encryption disabled if not provided) */
+    requestEncryptionKey?: (address: string) => Promise<void>;
+    /** Function to sign message for migration (optional - migration disabled if not provided) */
+    signMessage?: (message: string) => Promise<string>;
 }
 interface BaseUseMemoryStorageResult {
     memories: StoredMemory[];
@@ -1209,6 +1259,12 @@ interface BaseUseChatStorageOptions {
     onData?: (chunk: string) => void;
     onFinish?: (response: LlmapiResponseResponse) => void;
     onError?: (error: Error) => void;
+    /** Wallet address for encryption (optional - encryption disabled if not provided) */
+    walletAddress?: string | null;
+    /** Function to request encryption key (optional - encryption disabled if not provided) */
+    requestEncryptionKey?: (address: string) => Promise<void>;
+    /** Function to sign message for migration (optional - required for migrating old encrypted data) */
+    signMessage?: (message: string) => Promise<string>;
 }
 interface BaseSendMessageWithStorageArgs {
     content: string;
@@ -1588,6 +1644,151 @@ type UseMemoryStorageResult = BaseUseMemoryStorageResult;
  */
 declare function useMemoryStorage(options: UseMemoryStorageOptions): UseMemoryStorageResult;
 
+/**
+ * Memory Encryption Utilities
+ *
+ * Encrypts sensitive memory fields at rest while keeping search/index fields unencrypted.
+ * Based on the implementation from ai-memoryless-client.
+ */
+
+/**
+ * Get the encryption version from an encrypted value
+ */
+declare function getEncryptionVersion(value: string): "v1" | "v2" | null;
+/**
+ * Encrypt a single string value using the SDK's encryption.
+ * Returns the encrypted value with a prefix for identification.
+ *
+ * @param value - The plain text value to encrypt
+ * @param address - The user's wallet address (encryption key identifier)
+ * @returns The encrypted value with prefix
+ * @throws {Error} If encryption fails - prevents sensitive data from being stored unencrypted
+ */
+declare function encryptField(value: string, address: string): Promise<string>;
+/**
+ * Placeholder returned when decryption fails.
+ * Allows UI to render a friendly message instead of gibberish.
+ */
+declare const DECRYPTION_FAILED_PLACEHOLDER = "[Decryption Failed]";
+/**
+ * Decrypt a single string value using the SDK's decryption.
+ * Supports both v1 (legacy) and v2 encryption formats.
+ * Automatically migrates old encrypted values to new format.
+ *
+ * @param value - The encrypted value (with prefix)
+ * @param address - The user's wallet address (encryption key identifier)
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param onMigrated - Optional callback when a value is migrated
+ * @returns The decrypted plain text, original value if not encrypted, or placeholder on error
+ */
+declare function decryptField(value: string, address: string, signMessage?: SignMessageFn, onMigrated?: (migratedValue: string) => Promise<void>): Promise<string>;
+/**
+ * Memory data structure with fields that may be encrypted
+ */
+interface MemoryData {
+    value?: string;
+    rawEvidence?: string;
+    key?: string;
+    namespace?: string;
+    [key: string]: unknown;
+}
+/**
+ * Encrypt sensitive fields in a memory object.
+ * Only encrypts the fields defined in ENCRYPTED_FIELDS.
+ * Embeddings and other indexed fields are left unencrypted.
+ *
+ * @param memory - The memory object with plain text fields
+ * @param address - The user's wallet address
+ * @returns A new memory object with sensitive fields encrypted
+ */
+declare function encryptMemoryFields<T extends MemoryData>(memory: T, address: string): Promise<T>;
+/**
+ * Decrypt sensitive fields in a memory object.
+ * Only decrypts the fields defined in ENCRYPTED_FIELDS.
+ * Automatically migrates old encrypted values to new format.
+ * Also encrypts unencrypted fields when found (for users migrating to encryption).
+ *
+ * @param memory - The memory object with encrypted fields
+ * @param address - The user's wallet address
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param updateMemory - Optional function to update memory in storage after migration/encryption
+ * @returns A new memory object with sensitive fields decrypted
+ */
+declare function decryptMemoryFields<T extends MemoryData>(memory: T, address: string, signMessage?: SignMessageFn, updateMemory?: (id: string, data: Partial<T>) => Promise<void>): Promise<T>;
+/**
+ * Batch encrypt multiple memory objects.
+ * Uses parallel processing for performance.
+ *
+ * @param memories - Array of memory objects
+ * @param address - The user's wallet address
+ * @returns Array of memory objects with encrypted fields
+ */
+declare function encryptMemoriesBatch<T extends MemoryData>(memories: T[], address: string): Promise<T[]>;
+/**
+ * Batch decrypt multiple memory objects.
+ * Uses parallel processing for performance.
+ * Automatically migrates old encrypted values to new format.
+ *
+ * @param memories - Array of memory objects
+ * @param address - The user's wallet address
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param updateMemory - Optional function to update memory in storage after migration
+ * @returns Array of memory objects with decrypted fields
+ */
+declare function decryptMemoriesBatch<T extends MemoryData>(memories: T[], address: string, signMessage?: SignMessageFn, updateMemory?: (id: string, data: Partial<T>) => Promise<void>): Promise<T[]>;
+/**
+ * Check if a memory has any encrypted fields.
+ * Useful for determining if migration is needed.
+ */
+declare function hasEncryptedFields(memory: MemoryData): boolean;
+/**
+ * Check if a memory needs encryption (has unencrypted sensitive fields).
+ */
+declare function needsEncryption(memory: MemoryData): boolean;
+/**
+ * Memory fields needed for encryption update
+ */
+interface MemoryEncryptionFields extends MemoryData {
+    type: string;
+    namespace: string;
+    key: string;
+    value: string;
+    rawEvidence: string;
+    confidence: number;
+    pii: boolean;
+}
+/**
+ * Memory object with the required fields for batch encryption
+ */
+interface MemoryForBatchEncryption {
+    uniqueId: string;
+    type: string;
+    namespace: string;
+    key: string;
+    value: string;
+    rawEvidence: string;
+    confidence: number;
+    pii: boolean;
+}
+/**
+ * Encrypt a batch of memories in parallel with rate limiting and retry logic.
+ * Tracks failed memories for error reporting.
+ *
+ * @param memories - Array of memories to encrypt
+ * @param address - User's wallet address
+ * @param updateFn - Function to update a memory in storage
+ * @param batchSize - Number of memories to process in parallel (default: 5)
+ * @returns Object with success count and failed memory IDs
+ */
+declare function encryptMemoriesBatchInPlace(memories: MemoryForBatchEncryption[], address: string, updateFn: (id: string, data: MemoryData) => Promise<unknown>, batchSize?: number): Promise<{
+    success: number;
+    failed: string[];
+    errors: Array<{
+        id: string;
+        error: string;
+    }>;
+}>;
+
 declare const settingsStorageSchema: Readonly<{
     version: _nozbe_watermelondb_Schema.SchemaVersion;
     tables: _nozbe_watermelondb_Schema.TableMap;
@@ -2003,6 +2204,7 @@ declare function useDropboxBackup(options: UseDropboxBackupOptions): UseDropboxB
 declare function clearToken(): void;
 /**
  * Check if we have any stored credentials (including refresh token)
+ * Works with both encrypted and unencrypted credentials
  */
 declare function hasDropboxCredentials(): boolean;
 
@@ -2112,6 +2314,7 @@ declare function getGoogleDriveStoredToken(): string | null;
 declare function clearGoogleDriveToken(): void;
 /**
  * Check if we have any stored credentials (including refresh token)
+ * Works with both encrypted and unencrypted credentials
  */
 declare function hasGoogleDriveCredentials(): boolean;
 
@@ -2933,4 +3136,4 @@ interface UseBackupResult {
  */
 declare function useBackup(options: UseBackupOptions): UseBackupResult;
 
-export { DEFAULT_CONVERSATIONS_FOLDER as BACKUP_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as BACKUP_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER as BACKUP_ICLOUD_FOLDER, type BackupAuthContextValue, BackupAuthProvider, type BackupAuthProviderProps, type BackupOperationOptions, Conversation as ChatConversation, Message as ChatMessage, type ChatRole, type CreateConversationOptions, type CreateMemoryOptions, type CreateMessageOptions, type CreateModelPreferenceOptions, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_BACKUP_FOLDER, DEFAULT_CONVERSATIONS_FOLDER as DEFAULT_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as DEFAULT_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_DROPBOX_FOLDER, DEFAULT_BACKUP_FOLDER as DEFAULT_ICLOUD_BACKUP_FOLDER, type DropboxAuthContextValue, DropboxAuthProvider, type DropboxAuthProviderProps, type DropboxExportResult, type DropboxImportResult, type FileMetadata, type GoogleDriveAuthContextValue, GoogleDriveAuthProvider, type GoogleDriveAuthProviderProps, type GoogleDriveExportResult, type GoogleDriveImportResult, type ICloudAuthContextValue, ICloudAuthProvider, type ICloudAuthProviderProps, type ICloudExportResult, type ICloudImportResult, type MemoryItem, type MemoryType, type OCRFile, type PdfFile, type ProgressCallback, type ProviderAuthState, type ProviderBackupState, type SearchMessagesOptions, type SearchSource, type SendMessageWithStorageArgs, type SendMessageWithStorageResult, type SignMessageFn, type ChatCompletionUsage as StoredChatCompletionUsage, type StoredConversation, type StoredMemory, Memory as StoredMemoryModel, type StoredMemoryWithSimilarity, type StoredMessage, type StoredMessageWithSimilarity, type StoredModelPreference, ModelPreference as StoredModelPreferenceModel, type UpdateMemoryOptions, type UpdateModelPreferenceOptions, type UseBackupOptions, type UseBackupResult, type UseChatStorageOptions, type UseChatStorageResult, type UseDropboxBackupOptions, type UseDropboxBackupResult, type UseGoogleDriveBackupOptions, type UseGoogleDriveBackupResult, type UseICloudBackupOptions, type UseICloudBackupResult, type UseMemoryStorageOptions, type UseMemoryStorageResult, type UseSettingsOptions, type UseSettingsResult, chatStorageMigrations, chatStorageSchema, clearAllEncryptionKeys, clearToken as clearDropboxToken, clearEncryptionKey, clearGoogleDriveToken, clearICloudAuth, createMemoryContextSystemMessage, decryptData, decryptDataBytes, encryptData, extractConversationContext, formatMemoriesForChat, generateCompositeKey, generateConversationId, generateUniqueKey, getGoogleDriveStoredToken, hasDropboxCredentials, hasEncryptionKey, hasGoogleDriveCredentials, hasICloudCredentials, memoryStorageSchema, requestEncryptionKey, sdkMigrations, sdkModelClasses, sdkSchema, settingsStorageSchema, useBackup, useBackupAuth, useChat, useChatStorage, useDropboxAuth, useDropboxBackup, useEncryption, useGoogleDriveAuth, useGoogleDriveBackup, useICloudAuth, useICloudBackup, useImageGeneration, useMemoryStorage, useModels, useOCR, usePdf, useSearch, useSettings };
+export { DEFAULT_CONVERSATIONS_FOLDER as BACKUP_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as BACKUP_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER as BACKUP_ICLOUD_FOLDER, type BackupAuthContextValue, BackupAuthProvider, type BackupAuthProviderProps, type BackupOperationOptions, Conversation as ChatConversation, Message as ChatMessage, type ChatRole, type CreateConversationOptions, type CreateMemoryOptions, type CreateMessageOptions, type CreateModelPreferenceOptions, DECRYPTION_FAILED_PLACEHOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_BACKUP_FOLDER, DEFAULT_CONVERSATIONS_FOLDER as DEFAULT_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as DEFAULT_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_DROPBOX_FOLDER, DEFAULT_BACKUP_FOLDER as DEFAULT_ICLOUD_BACKUP_FOLDER, type DropboxAuthContextValue, DropboxAuthProvider, type DropboxAuthProviderProps, type DropboxExportResult, type DropboxImportResult, type FileMetadata, type GoogleDriveAuthContextValue, GoogleDriveAuthProvider, type GoogleDriveAuthProviderProps, type GoogleDriveExportResult, type GoogleDriveImportResult, type ICloudAuthContextValue, ICloudAuthProvider, type ICloudAuthProviderProps, type ICloudExportResult, type ICloudImportResult, type MemoryData, type MemoryEncryptionFields, type MemoryItem, type MemoryType, type OCRFile, type PdfFile, type ProgressCallback, type ProviderAuthState, type ProviderBackupState, type SearchMessagesOptions, type SearchSource, type SendMessageWithStorageArgs, type SendMessageWithStorageResult, type SignMessageFn, type ChatCompletionUsage as StoredChatCompletionUsage, type StoredConversation, type StoredMemory, Memory as StoredMemoryModel, type StoredMemoryWithSimilarity, type StoredMessage, type StoredMessageWithSimilarity, type StoredModelPreference, ModelPreference as StoredModelPreferenceModel, type UpdateMemoryOptions, type UpdateModelPreferenceOptions, type UseBackupOptions, type UseBackupResult, type UseChatStorageOptions, type UseChatStorageResult, type UseDropboxBackupOptions, type UseDropboxBackupResult, type UseGoogleDriveBackupOptions, type UseGoogleDriveBackupResult, type UseICloudBackupOptions, type UseICloudBackupResult, type UseMemoryStorageOptions, type UseMemoryStorageResult, type UseSettingsOptions, type UseSettingsResult, chatStorageMigrations, chatStorageSchema, clearAllEncryptionKeys, clearAllKeyPairs, clearToken as clearDropboxToken, clearEncryptionKey, clearGoogleDriveToken, clearICloudAuth, clearKeyPair, createMemoryContextSystemMessage, decryptData, decryptDataBytes, decryptField, decryptMemoriesBatch, decryptMemoryFields, encryptData, encryptField, encryptMemoriesBatch, encryptMemoriesBatchInPlace, encryptMemoryFields, exportPublicKey, extractConversationContext, formatMemoriesForChat, generateCompositeKey, generateConversationId, generateUniqueKey, getEncryptionVersion, getGoogleDriveStoredToken, hasDropboxCredentials, hasEncryptedFields, hasEncryptionKey, hasGoogleDriveCredentials, hasICloudCredentials, hasKeyPair, memoryStorageSchema, needsEncryption, requestEncryptionKey, requestKeyPair, sdkMigrations, sdkModelClasses, sdkSchema, settingsStorageSchema, useBackup, useBackupAuth, useChat, useChatStorage, useDropboxAuth, useDropboxBackup, useEncryption, useGoogleDriveAuth, useGoogleDriveBackup, useICloudAuth, useICloudBackup, useImageGeneration, useMemoryStorage, useModels, useOCR, usePdf, useSearch, useSettings };

package/dist/react/index.d.ts

@@ -969,12 +969,14 @@ declare function clearAllEncryptionKeys(): void;
 /**
  * Encrypts data using AES-GCM with the stored encryption key
  * @param plaintext - The data to encrypt (string or Uint8Array)
+ * @param address - The wallet address for encryption
  * @returns Encrypted data as hex string (IV + ciphertext + auth tag)
  */
 declare function encryptData(plaintext: string | Uint8Array, address: string): Promise<string>;
 /**
  * Decrypts data using AES-GCM with the stored encryption key
  * @param encryptedHex - Encrypted data as hex string (IV + ciphertext + auth tag)
+ * @param address - The wallet address for decryption
  * @returns Decrypted data as string
  */
 declare function decryptData(encryptedHex: string, address: string): Promise<string>;
@@ -999,19 +1001,61 @@ type SignMessageFn = (message: string) => Promise<string>;
  * Note: Keys are stored in memory only and do not persist across page reloads.
  * This is a security feature - users must sign once per session to derive their key.
  *
+ * Handles Privy rate limits (429 errors) with automatic retry and exponential backoff.
+ *
  * @param walletAddress - The wallet address to generate the key for
  * @param signMessage - Function to sign a message (returns signature hex string)
  * @returns Promise that resolves when the key is available
  */
 declare function requestEncryptionKey(walletAddress: string, signMessage: SignMessageFn): Promise<void>;
+/**
+ * Requests the user to sign a message to generate an ECDH key pair.
+ * If a key pair already exists in memory for the given wallet, resolves immediately.
+ *
+ * Note: Key pairs are stored in memory only and do not persist across page reloads.
+ * This is a security feature - users must sign once per session to derive their key pair.
+ *
+ * Handles Privy rate limits (429 errors) with automatic retry and exponential backoff.
+ *
+ * @param walletAddress - The wallet address to generate the key pair for
+ * @param signMessage - Function to sign a message (returns signature hex string)
+ * @returns Promise that resolves when the key pair is available
+ */
+declare function requestKeyPair(walletAddress: string, signMessage: SignMessageFn): Promise<void>;
+/**
+ * Exports the public key for a wallet address as SPKI format (base64)
+ * @param address - The wallet address
+ * @param signMessage - Function to sign a message (returns signature hex string)
+ * @returns The public key as base64-encoded SPKI string
+ */
+declare function exportPublicKey(address: string, signMessage: SignMessageFn): Promise<string>;
+/**
+ * Checks if a key pair exists in memory for the given wallet address
+ * @param address - The wallet address
+ * @returns True if key pair exists, false otherwise
+ */
+declare function hasKeyPair(address: string): boolean;
+/**
+ * Clears the key pair for a wallet address from memory
+ * @param address - The wallet address
+ */
+declare function clearKeyPair(address: string): void;
+/**
+ * Clears all key pairs from memory
+ */
+declare function clearAllKeyPairs(): void;
 /**
  * Hook that provides on-demand encryption key management.
  * @param signMessage - Function to sign a message (from Privy's useSignMessage)
- * @returns Functions to request encryption keys
+ * @returns Functions to request encryption keys and manage key pairs
  * @category Hooks
  */
 declare function useEncryption(signMessage: SignMessageFn): {
     requestEncryptionKey: (walletAddress: string) => Promise<void>;
+    requestKeyPair: (walletAddress: string) => Promise<void>;
+    exportPublicKey: (walletAddress: string) => Promise<string>;
+    hasKeyPair: (walletAddress: string) => boolean;
+    clearKeyPair: (walletAddress: string) => void;
 };
 
 declare const chatStorageSchema: Readonly<{
@@ -1075,6 +1119,12 @@ interface BaseUseMemoryStorageOptions {
     onFactsExtracted?: (facts: MemoryExtractionResult) => void;
     getToken?: () => Promise<string | null>;
     baseUrl?: string;
+    /** Wallet address for encryption (optional - encryption disabled if not provided) */
+    walletAddress?: string | null;
+    /** Function to request encryption key (optional - encryption disabled if not provided) */
+    requestEncryptionKey?: (address: string) => Promise<void>;
+    /** Function to sign message for migration (optional - migration disabled if not provided) */
+    signMessage?: (message: string) => Promise<string>;
 }
 interface BaseUseMemoryStorageResult {
     memories: StoredMemory[];
@@ -1209,6 +1259,12 @@ interface BaseUseChatStorageOptions {
     onData?: (chunk: string) => void;
     onFinish?: (response: LlmapiResponseResponse) => void;
     onError?: (error: Error) => void;
+    /** Wallet address for encryption (optional - encryption disabled if not provided) */
+    walletAddress?: string | null;
+    /** Function to request encryption key (optional - encryption disabled if not provided) */
+    requestEncryptionKey?: (address: string) => Promise<void>;
+    /** Function to sign message for migration (optional - required for migrating old encrypted data) */
+    signMessage?: (message: string) => Promise<string>;
 }
 interface BaseSendMessageWithStorageArgs {
     content: string;
@@ -1588,6 +1644,151 @@ type UseMemoryStorageResult = BaseUseMemoryStorageResult;
  */
 declare function useMemoryStorage(options: UseMemoryStorageOptions): UseMemoryStorageResult;
 
+/**
+ * Memory Encryption Utilities
+ *
+ * Encrypts sensitive memory fields at rest while keeping search/index fields unencrypted.
+ * Based on the implementation from ai-memoryless-client.
+ */
+
+/**
+ * Get the encryption version from an encrypted value
+ */
+declare function getEncryptionVersion(value: string): "v1" | "v2" | null;
+/**
+ * Encrypt a single string value using the SDK's encryption.
+ * Returns the encrypted value with a prefix for identification.
+ *
+ * @param value - The plain text value to encrypt
+ * @param address - The user's wallet address (encryption key identifier)
+ * @returns The encrypted value with prefix
+ * @throws {Error} If encryption fails - prevents sensitive data from being stored unencrypted
+ */
+declare function encryptField(value: string, address: string): Promise<string>;
+/**
+ * Placeholder returned when decryption fails.
+ * Allows UI to render a friendly message instead of gibberish.
+ */
+declare const DECRYPTION_FAILED_PLACEHOLDER = "[Decryption Failed]";
+/**
+ * Decrypt a single string value using the SDK's decryption.
+ * Supports both v1 (legacy) and v2 encryption formats.
+ * Automatically migrates old encrypted values to new format.
+ *
+ * @param value - The encrypted value (with prefix)
+ * @param address - The user's wallet address (encryption key identifier)
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param onMigrated - Optional callback when a value is migrated
+ * @returns The decrypted plain text, original value if not encrypted, or placeholder on error
+ */
+declare function decryptField(value: string, address: string, signMessage?: SignMessageFn, onMigrated?: (migratedValue: string) => Promise<void>): Promise<string>;
+/**
+ * Memory data structure with fields that may be encrypted
+ */
+interface MemoryData {
+    value?: string;
+    rawEvidence?: string;
+    key?: string;
+    namespace?: string;
+    [key: string]: unknown;
+}
+/**
+ * Encrypt sensitive fields in a memory object.
+ * Only encrypts the fields defined in ENCRYPTED_FIELDS.
+ * Embeddings and other indexed fields are left unencrypted.
+ *
+ * @param memory - The memory object with plain text fields
+ * @param address - The user's wallet address
+ * @returns A new memory object with sensitive fields encrypted
+ */
+declare function encryptMemoryFields<T extends MemoryData>(memory: T, address: string): Promise<T>;
+/**
+ * Decrypt sensitive fields in a memory object.
+ * Only decrypts the fields defined in ENCRYPTED_FIELDS.
+ * Automatically migrates old encrypted values to new format.
+ * Also encrypts unencrypted fields when found (for users migrating to encryption).
+ *
+ * @param memory - The memory object with encrypted fields
+ * @param address - The user's wallet address
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param updateMemory - Optional function to update memory in storage after migration/encryption
+ * @returns A new memory object with sensitive fields decrypted
+ */
+declare function decryptMemoryFields<T extends MemoryData>(memory: T, address: string, signMessage?: SignMessageFn, updateMemory?: (id: string, data: Partial<T>) => Promise<void>): Promise<T>;
+/**
+ * Batch encrypt multiple memory objects.
+ * Uses parallel processing for performance.
+ *
+ * @param memories - Array of memory objects
+ * @param address - The user's wallet address
+ * @returns Array of memory objects with encrypted fields
+ */
+declare function encryptMemoriesBatch<T extends MemoryData>(memories: T[], address: string): Promise<T[]>;
+/**
+ * Batch decrypt multiple memory objects.
+ * Uses parallel processing for performance.
+ * Automatically migrates old encrypted values to new format.
+ *
+ * @param memories - Array of memory objects
+ * @param address - The user's wallet address
+ * @param signMessage - Optional function to sign message for migration (required if old encryption detected)
+ * @param updateMemory - Optional function to update memory in storage after migration
+ * @returns Array of memory objects with decrypted fields
+ */
+declare function decryptMemoriesBatch<T extends MemoryData>(memories: T[], address: string, signMessage?: SignMessageFn, updateMemory?: (id: string, data: Partial<T>) => Promise<void>): Promise<T[]>;
+/**
+ * Check if a memory has any encrypted fields.
+ * Useful for determining if migration is needed.
+ */
+declare function hasEncryptedFields(memory: MemoryData): boolean;
+/**
+ * Check if a memory needs encryption (has unencrypted sensitive fields).
+ */
+declare function needsEncryption(memory: MemoryData): boolean;
+/**
+ * Memory fields needed for encryption update
+ */
+interface MemoryEncryptionFields extends MemoryData {
+    type: string;
+    namespace: string;
+    key: string;
+    value: string;
+    rawEvidence: string;
+    confidence: number;
+    pii: boolean;
+}
+/**
+ * Memory object with the required fields for batch encryption
+ */
+interface MemoryForBatchEncryption {
+    uniqueId: string;
+    type: string;
+    namespace: string;
+    key: string;
+    value: string;
+    rawEvidence: string;
+    confidence: number;
+    pii: boolean;
+}
+/**
+ * Encrypt a batch of memories in parallel with rate limiting and retry logic.
+ * Tracks failed memories for error reporting.
+ *
+ * @param memories - Array of memories to encrypt
+ * @param address - User's wallet address
+ * @param updateFn - Function to update a memory in storage
+ * @param batchSize - Number of memories to process in parallel (default: 5)
+ * @returns Object with success count and failed memory IDs
+ */
+declare function encryptMemoriesBatchInPlace(memories: MemoryForBatchEncryption[], address: string, updateFn: (id: string, data: MemoryData) => Promise<unknown>, batchSize?: number): Promise<{
+    success: number;
+    failed: string[];
+    errors: Array<{
+        id: string;
+        error: string;
+    }>;
+}>;
+
 declare const settingsStorageSchema: Readonly<{
     version: _nozbe_watermelondb_Schema.SchemaVersion;
     tables: _nozbe_watermelondb_Schema.TableMap;
@@ -2003,6 +2204,7 @@ declare function useDropboxBackup(options: UseDropboxBackupOptions): UseDropboxB
 declare function clearToken(): void;
 /**
  * Check if we have any stored credentials (including refresh token)
+ * Works with both encrypted and unencrypted credentials
  */
 declare function hasDropboxCredentials(): boolean;
 
@@ -2112,6 +2314,7 @@ declare function getGoogleDriveStoredToken(): string | null;
 declare function clearGoogleDriveToken(): void;
 /**
  * Check if we have any stored credentials (including refresh token)
+ * Works with both encrypted and unencrypted credentials
  */
 declare function hasGoogleDriveCredentials(): boolean;
 
@@ -2933,4 +3136,4 @@ interface UseBackupResult {
  */
 declare function useBackup(options: UseBackupOptions): UseBackupResult;
 
-export { DEFAULT_CONVERSATIONS_FOLDER as BACKUP_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as BACKUP_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER as BACKUP_ICLOUD_FOLDER, type BackupAuthContextValue, BackupAuthProvider, type BackupAuthProviderProps, type BackupOperationOptions, Conversation as ChatConversation, Message as ChatMessage, type ChatRole, type CreateConversationOptions, type CreateMemoryOptions, type CreateMessageOptions, type CreateModelPreferenceOptions, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_BACKUP_FOLDER, DEFAULT_CONVERSATIONS_FOLDER as DEFAULT_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as DEFAULT_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_DROPBOX_FOLDER, DEFAULT_BACKUP_FOLDER as DEFAULT_ICLOUD_BACKUP_FOLDER, type DropboxAuthContextValue, DropboxAuthProvider, type DropboxAuthProviderProps, type DropboxExportResult, type DropboxImportResult, type FileMetadata, type GoogleDriveAuthContextValue, GoogleDriveAuthProvider, type GoogleDriveAuthProviderProps, type GoogleDriveExportResult, type GoogleDriveImportResult, type ICloudAuthContextValue, ICloudAuthProvider, type ICloudAuthProviderProps, type ICloudExportResult, type ICloudImportResult, type MemoryItem, type MemoryType, type OCRFile, type PdfFile, type ProgressCallback, type ProviderAuthState, type ProviderBackupState, type SearchMessagesOptions, type SearchSource, type SendMessageWithStorageArgs, type SendMessageWithStorageResult, type SignMessageFn, type ChatCompletionUsage as StoredChatCompletionUsage, type StoredConversation, type StoredMemory, Memory as StoredMemoryModel, type StoredMemoryWithSimilarity, type StoredMessage, type StoredMessageWithSimilarity, type StoredModelPreference, ModelPreference as StoredModelPreferenceModel, type UpdateMemoryOptions, type UpdateModelPreferenceOptions, type UseBackupOptions, type UseBackupResult, type UseChatStorageOptions, type UseChatStorageResult, type UseDropboxBackupOptions, type UseDropboxBackupResult, type UseGoogleDriveBackupOptions, type UseGoogleDriveBackupResult, type UseICloudBackupOptions, type UseICloudBackupResult, type UseMemoryStorageOptions, type UseMemoryStorageResult, type UseSettingsOptions, type UseSettingsResult, chatStorageMigrations, chatStorageSchema, clearAllEncryptionKeys, clearToken as clearDropboxToken, clearEncryptionKey, clearGoogleDriveToken, clearICloudAuth, createMemoryContextSystemMessage, decryptData, decryptDataBytes, encryptData, extractConversationContext, formatMemoriesForChat, generateCompositeKey, generateConversationId, generateUniqueKey, getGoogleDriveStoredToken, hasDropboxCredentials, hasEncryptionKey, hasGoogleDriveCredentials, hasICloudCredentials, memoryStorageSchema, requestEncryptionKey, sdkMigrations, sdkModelClasses, sdkSchema, settingsStorageSchema, useBackup, useBackupAuth, useChat, useChatStorage, useDropboxAuth, useDropboxBackup, useEncryption, useGoogleDriveAuth, useGoogleDriveBackup, useICloudAuth, useICloudBackup, useImageGeneration, useMemoryStorage, useModels, useOCR, usePdf, useSearch, useSettings };
+export { DEFAULT_CONVERSATIONS_FOLDER as BACKUP_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as BACKUP_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER as BACKUP_ICLOUD_FOLDER, type BackupAuthContextValue, BackupAuthProvider, type BackupAuthProviderProps, type BackupOperationOptions, Conversation as ChatConversation, Message as ChatMessage, type ChatRole, type CreateConversationOptions, type CreateMemoryOptions, type CreateMessageOptions, type CreateModelPreferenceOptions, DECRYPTION_FAILED_PLACEHOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_BACKUP_FOLDER, DEFAULT_CONVERSATIONS_FOLDER as DEFAULT_DRIVE_CONVERSATIONS_FOLDER, DEFAULT_ROOT_FOLDER as DEFAULT_DRIVE_ROOT_FOLDER, DEFAULT_BACKUP_FOLDER$1 as DEFAULT_DROPBOX_FOLDER, DEFAULT_BACKUP_FOLDER as DEFAULT_ICLOUD_BACKUP_FOLDER, type DropboxAuthContextValue, DropboxAuthProvider, type DropboxAuthProviderProps, type DropboxExportResult, type DropboxImportResult, type FileMetadata, type GoogleDriveAuthContextValue, GoogleDriveAuthProvider, type GoogleDriveAuthProviderProps, type GoogleDriveExportResult, type GoogleDriveImportResult, type ICloudAuthContextValue, ICloudAuthProvider, type ICloudAuthProviderProps, type ICloudExportResult, type ICloudImportResult, type MemoryData, type MemoryEncryptionFields, type MemoryItem, type MemoryType, type OCRFile, type PdfFile, type ProgressCallback, type ProviderAuthState, type ProviderBackupState, type SearchMessagesOptions, type SearchSource, type SendMessageWithStorageArgs, type SendMessageWithStorageResult, type SignMessageFn, type ChatCompletionUsage as StoredChatCompletionUsage, type StoredConversation, type StoredMemory, Memory as StoredMemoryModel, type StoredMemoryWithSimilarity, type StoredMessage, type StoredMessageWithSimilarity, type StoredModelPreference, ModelPreference as StoredModelPreferenceModel, type UpdateMemoryOptions, type UpdateModelPreferenceOptions, type UseBackupOptions, type UseBackupResult, type UseChatStorageOptions, type UseChatStorageResult, type UseDropboxBackupOptions, type UseDropboxBackupResult, type UseGoogleDriveBackupOptions, type UseGoogleDriveBackupResult, type UseICloudBackupOptions, type UseICloudBackupResult, type UseMemoryStorageOptions, type UseMemoryStorageResult, type UseSettingsOptions, type UseSettingsResult, chatStorageMigrations, chatStorageSchema, clearAllEncryptionKeys, clearAllKeyPairs, clearToken as clearDropboxToken, clearEncryptionKey, clearGoogleDriveToken, clearICloudAuth, clearKeyPair, createMemoryContextSystemMessage, decryptData, decryptDataBytes, decryptField, decryptMemoriesBatch, decryptMemoryFields, encryptData, encryptField, encryptMemoriesBatch, encryptMemoriesBatchInPlace, encryptMemoryFields, exportPublicKey, extractConversationContext, formatMemoriesForChat, generateCompositeKey, generateConversationId, generateUniqueKey, getEncryptionVersion, getGoogleDriveStoredToken, hasDropboxCredentials, hasEncryptedFields, hasEncryptionKey, hasGoogleDriveCredentials, hasICloudCredentials, hasKeyPair, memoryStorageSchema, needsEncryption, requestEncryptionKey, requestKeyPair, sdkMigrations, sdkModelClasses, sdkSchema, settingsStorageSchema, useBackup, useBackupAuth, useChat, useChatStorage, useDropboxAuth, useDropboxBackup, useEncryption, useGoogleDriveAuth, useGoogleDriveBackup, useICloudAuth, useICloudBackup, useImageGeneration, useMemoryStorage, useModels, useOCR, usePdf, useSearch, useSettings };