@secrecy/lib 1.73.6 → 1.74.0-feat-groups-identity.1

package/dist/lib/client/index.js

@@ -11,7 +11,9 @@ import { SecrecyPseudonymClient } from './SecrecyPseudonymClient.js';
 import { decryptAnonymous } from '../crypto/index.js';
 import { SecrecyOrganizationClient } from './SecrecyOrganizationClient.js';
 export class SecrecyClient extends BaseClient {
-    #keys;
+    #groupIdentities;
+    #uaIdentity;
+    #keyPairs;
     cloud;
     mail;
     app;
@@ -36,22 +38,53 @@ export class SecrecyClient extends BaseClient {
                 }
             },
         });
-        this.#keys = opts.uaKeys;
-        this.cloud = new SecrecyCloudClient(this, this.#keys, this.client);
-        this.mail = new SecrecyMailClient(this, this.#keys, this.client);
-        this.app = new SecrecyAppClient(opts.uaJwt, this, this.#keys, this.client);
-        this.db = new SecrecyDbClient(this, this.#keys, this.client);
-        this.organization = new SecrecyOrganizationClient(this, this.#keys, this.client);
+        this.#keyPairs = opts.keyPairs;
+        this.#groupIdentities = opts.identities.filter((i) => i.kind === 'GROUP');
+        const uaIdentities = opts.identities.filter((i) => i.kind === 'USER_APP');
+        if (uaIdentities.length !== 1) {
+            throw new Error('One USER_APP identity is required');
+        }
+        this.#uaIdentity = uaIdentities[0];
+        this.cloud = new SecrecyCloudClient(this);
+        this.mail = new SecrecyMailClient(this);
+        this.app = new SecrecyAppClient(opts.uaJwt, this);
+        this.db = new SecrecyDbClient(this);
+        this.organization = new SecrecyOrganizationClient(this);
         this.wallet = new SecrecyWalletClient(this);
-        this.pay = new SecrecyPayClient(this, this.#keys, this.client);
-        this.user = new SecrecyUserClient(this, this.#keys, this.client);
-        this.pseudonym = new SecrecyPseudonymClient(this, this.#keys, this.client);
+        this.pay = new SecrecyPayClient(this);
+        this.user = new SecrecyUserClient(this);
+        this.pseudonym = new SecrecyPseudonymClient(this);
     }
     get publicKey() {
-        return this.#keys.publicKey;
+        return this.#uaIdentity.identityPubKey;
+    }
+    get apiClient() {
+        return this.client;
+    }
+    get keyPairs() {
+        return this.#keyPairs;
+    }
+    getPrivateKey(pubKey) {
+        const privateKey = this.#keyPairs[pubKey];
+        if (privateKey === undefined) {
+            throw new Error(`Missing private key for public key ${pubKey}`);
+        }
+        return privateKey;
+    }
+    get uaPrivateKey() {
+        return this.getPrivateKey(this.#uaIdentity.identityPubKey);
+    }
+    get groupIdentities() {
+        return this.#groupIdentities;
+    }
+    get uaIdentity() {
+        return this.#uaIdentity;
     }
     decryptAnonymous(data) {
-        return decryptAnonymous(data, this.#keys);
+        return decryptAnonymous(data, {
+            publicKey: this.#uaIdentity.identityPubKey,
+            privateKey: this.uaPrivateKey,
+        });
     }
     async logout(sessionId) {
         nodesCache.clear();

package/dist/lib/client/storage.js

@@ -1,7 +1,8 @@
 import { storeBuddy } from '../utils/store-buddy.js';
 export function getStorage(session) {
     const userAppSession = storeBuddy(`secrecy.user_app_session`, session).init(null);
-    const userAppKeys = storeBuddy(`secrecy.user_app_keys`, session).init(null);
+    const identities = storeBuddy(`secrecy.identities`, session).init(null);
+    const keyPairs = storeBuddy(`secrecy.key_pairs`, session).init(null);
     const jwt = storeBuddy(`secrecy.jwt`, session).init(null);
-    return { userAppKeys, userAppSession, jwt };
+    return { identities, keyPairs, userAppSession, jwt };
 }

package/dist/lib/client/types/identity.js

@@ -0,0 +1,18 @@
+import { z } from 'zod/v4';
+export const userAppSchema = z.object({
+    kind: z.literal('USER_APP'),
+    identityPubKey: z.string(),
+    userId: z.string(),
+    appId: z.string(),
+});
+export const groupSchema = z.object({
+    kind: z.literal('GROUP'),
+    identityPubKey: z.string(),
+    groupId: z.string(),
+    sharedByPubKey: z.string(),
+    groupOwnerPubKey: z.string(),
+});
+export const accessIdentitySchema = z.discriminatedUnion('kind', [
+    userAppSchema,
+    groupSchema,
+]);

package/dist/lib/client/types/index.js

@@ -1,13 +1,9 @@
 import { z } from 'zod';
-const keyPair = z
-    .object({
-    publicKey: z.string(),
-    privateKey: z.string(),
-})
-    .strict();
+import { accessIdentitySchema } from './identity.js';
 export const secrecyUserApp = z
     .object({
-    keys: keyPair,
+    identities: accessIdentitySchema.array(),
+    keyPairs: z.record(z.string(), z.string()),
     jwt: z.string(),
     uaSession: z.string(),
 })

package/dist/lib/index.js

@@ -1,6 +1,7 @@
 export * from './client/index.js';
 export * from './crypto/index.js';
 export { BaseClient } from './base-client.js';
+export * from './client/types/identity.js';
 export * from './client/helpers.js';
 export * from './sodium.js';
 export * from './utils/store-buddy.js';

package/dist/types/client/SecrecyAppClient.d.ts

@@ -1,12 +1,11 @@
 import type { SecrecyClient, UserAppNotifications, UserAppSettings } from '../index.js';
 import type { JwtPayload } from 'jsonwebtoken';
-import { type RouterOutputs, type ApiClient, type RouterInputs } from '../client.js';
-import { type KeyPair } from './types/index.js';
+import { type RouterOutputs, type RouterInputs } from '../client.js';
 export declare class SecrecyAppClient {
     #private;
     jwt: string;
     jwtDecoded: JwtPayload;
-    constructor(uaJwt: string, _client: SecrecyClient, _keys: KeyPair, apiClient: ApiClient);
+    constructor(uaJwt: string, client: SecrecyClient);
     get userId(): string;
     get appId(): string;
     getJwt(): Promise<string>;

package/dist/types/client/SecrecyCloudClient.d.ts

@@ -1,11 +1,11 @@
 import type { ProgressCallback, SecrecyClient } from '../index.js';
-import type { DataMetadata, DataStorageType, KeyPair, LocalData, Node, NodeFull, NodeType } from './types/index.js';
-import { type RouterInputs, type ApiClient, type RouterOutputs } from '../client.js';
+import type { DataMetadata, DataStorageType, LocalData, Node, NodeFull, NodeType } from './types/index.js';
+import { type RouterInputs, type RouterOutputs } from '../client.js';
 import { type Progress } from '../types.js';
 import { FileTypeResult } from 'file-type';
 export declare class SecrecyCloudClient {
     #private;
-    constructor(client: SecrecyClient, keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     addDataToHistory({ dataId, nodeId, }: {
         dataId: string;
         nodeId: string;
@@ -31,9 +31,9 @@ export declare class SecrecyCloudClient {
     deletedNodes(): Promise<Node[]>;
     sharedNodes(): Promise<Node[]>;
     nodesSharedWithMe(type?: NodeType): Promise<Node[]>;
-    deleteNodeSharing({ nodeId, userId, }: {
+    deleteNodeSharing({ nodeId, destPubKey, }: {
         nodeId: string;
-        userId: string;
+        destPubKey: string;
     }): Promise<boolean>;
     duplicateNode({ nodeId, folderId, name, }: {
         nodeId: string;
@@ -54,7 +54,7 @@ export declare class SecrecyCloudClient {
     dataMetadata({ id }: {
         id: string;
     }): Promise<DataMetadata>;
-    shareNode(input: RouterInputs['cloud']['shareNode'], progress?: ProgressCallback): Promise<RouterOutputs['cloud']['shareNodeFinish']>;
+    shareNode(accesses: RouterInputs['cloud']['shareNode']['accesses'], progress?: ProgressCallback): Promise<RouterOutputs['cloud']['shareNodeFinish']>;
     updateNode({ nodeId, name, isFavorite, deletedAt, }: {
         nodeId: string;
         name?: string | null | undefined;
@@ -96,7 +96,7 @@ export declare class SecrecyCloudClient {
         name: string;
         nodeId?: string;
     }): Promise<NodeFull>;
-    private readonly encryptNodesForUsers;
+    private readonly encryptNodesForIdentities;
     reportData({ id, reasons, }: Omit<RouterInputs['cloud']['reportData'], 'encryptedDataKey'>): Promise<RouterOutputs['cloud']['reportData']>;
     updateDataStorageType(input: RouterInputs['cloud']['moveToStorageType']): Promise<{
         isMoved: boolean;
@@ -129,32 +129,32 @@ export declare class SecrecyCloudClient {
         isMatching: false;
         details: {
             missingNodeAccesses: {
-                userId: string;
+                pubKey: string;
                 nodeId: string;
             }[];
             missingDataAccesses: {
-                userId: string;
+                pubKey: string;
                 nodeId: string;
                 dataId: string;
             }[];
             invalidRightsAccesses: {
-                userId: string;
+                pubKey: string;
                 nodeId: string;
                 expect: {
                     rights: "delete" | "read" | "write";
                 } & {
-                    addAccess?: "delete" | "read" | "write" | null | undefined;
-                    sharingAddAccess?: "delete" | "read" | "write" | null | undefined;
-                    delAccess?: "delete" | "read" | "write" | null | undefined;
-                    sharingDelAccess?: "delete" | "read" | "write" | null | undefined;
+                    addAccess: "delete" | "read" | "write" | null;
+                    sharingAddAccess: "delete" | "read" | "write" | null;
+                    delAccess: "delete" | "read" | "write" | null;
+                    sharingDelAccess: "delete" | "read" | "write" | null;
                 };
                 current: {
                     rights: "delete" | "read" | "write";
                 } & {
-                    addAccess?: "delete" | "read" | "write" | null | undefined;
-                    sharingAddAccess?: "delete" | "read" | "write" | null | undefined;
-                    delAccess?: "delete" | "read" | "write" | null | undefined;
-                    sharingDelAccess?: "delete" | "read" | "write" | null | undefined;
+                    addAccess: "delete" | "read" | "write" | null;
+                    sharingAddAccess: "delete" | "read" | "write" | null;
+                    delAccess: "delete" | "read" | "write" | null;
+                    sharingDelAccess: "delete" | "read" | "write" | null;
                 };
             }[];
         };

package/dist/types/client/SecrecyDbClient.d.ts

@@ -1,7 +1,5 @@
-import { type ApiClient } from '../client.js';
 import type { SecrecyClient } from '../index.js';
-import { type KeyPair } from './types/index.js';
 export declare class SecrecyDbClient {
     #private;
-    constructor(_client: SecrecyClient, _keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
 }

package/dist/types/client/SecrecyMailClient.d.ts

@@ -1,10 +1,9 @@
-import { type ApiClient, type RouterInputs } from '../client.js';
+import { type RouterInputs } from '../client.js';
 import type { DraftMail, Mail, NewMail, ReceivedMail, SecrecyClient, SentMail, WaitingReceivedMail } from '../index.js';
-import { type KeyPair } from './types/index.js';
 import { type ApiMail } from './types/mail.js';
 export declare class SecrecyMailClient {
     #private;
-    constructor(client: SecrecyClient, keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     get({ id }: {
         id: string;
     }): Promise<Mail>;

package/dist/types/client/SecrecyOrganizationClient.d.ts

@@ -1,9 +1,8 @@
-import { RouterInputs, RouterOutputs, type ApiClient } from '../client.js';
+import { RouterInputs, RouterOutputs } from '../client.js';
 import type { SecrecyClient } from '../index.js';
-import { type KeyPair } from './types/index.js';
 export declare class SecrecyOrganizationClient {
     #private;
-    constructor(_client: SecrecyClient, _keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     create(input: RouterInputs['org']['create']): Promise<RouterOutputs['org']['create']>;
     update(input: Omit<RouterInputs['org']['update'], 'billingProfileStripeCustomerId'>): Promise<RouterOutputs['org']['update']>;
     addMember(input: RouterInputs['org']['addMember']): Promise<RouterOutputs['org']['addMember']>;

package/dist/types/client/SecrecyPayClient.d.ts

@@ -1,6 +1,4 @@
 import type { SecrecyClient } from '../index.js';
-import { type ApiClient } from '../client.js';
-import { type KeyPair } from './types/index.js';
 interface SuccessPayResponse<T> {
     success: true;
     data: T;
@@ -12,7 +10,7 @@ interface ErrorPayResponse {
 export type SecrecyPayResponse<T> = SuccessPayResponse<T> | ErrorPayResponse;
 export declare class SecrecyPayClient {
     #private;
-    constructor(client: SecrecyClient, _keys: KeyPair, _apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     confirmPaymentIntent({ paymentIntentId, secrecyIdWhoCreatedPaymentIntent, secrecyIdWhoNeedToConfirmPaymentIntent, amount, currency, }: {
         paymentIntentId: string;
         secrecyIdWhoCreatedPaymentIntent: string;

package/dist/types/client/SecrecyPseudonymClient.d.ts

@@ -1,9 +1,8 @@
-import { type RouterInputs, type RouterOutputs, type ApiClient } from '../client.js';
+import { type RouterInputs, type RouterOutputs } from '../client.js';
 import type { SecrecyClient } from '../index.js';
-import { type KeyPair } from './types/index.js';
 export declare class SecrecyPseudonymClient {
     #private;
-    constructor(client: SecrecyClient, keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     askForLabel(input: RouterInputs['pseudonym']['askForLabel']): Promise<RouterOutputs['pseudonym']['askForLabel']>;
     askForUser(input: RouterInputs['pseudonym']['askForUser']): Promise<RouterOutputs['pseudonym']['askForUser']>;
     cross(input: RouterInputs['pseudonym']['cross']): Promise<RouterOutputs['pseudonym']['cross']>;

package/dist/types/client/SecrecyUserClient.d.ts

@@ -1,9 +1,8 @@
-import type { RouterInputs, ApiClient, RouterOutputs } from '../client.js';
+import type { RouterInputs, RouterOutputs } from '../client.js';
 import type { SecrecyClient } from '../index.js';
-import type { KeyPair } from './types/index.js';
 export declare class SecrecyUserClient {
     #private;
-    constructor(_client: SecrecyClient, _keys: KeyPair, apiClient: ApiClient);
+    constructor(client: SecrecyClient);
     answerInvitation(input: RouterInputs['contacts']['answerInvitation']): Promise<RouterOutputs['contacts']['answerInvitation']>;
     cancelInvitation(input: RouterInputs['contacts']['cancelInvitation']): Promise<RouterOutputs['contacts']['cancelInvitation']>;
     createInvitation(input: RouterInputs['contacts']['createInvitation']): Promise<RouterOutputs['contacts']['createInvitation']>;

package/dist/types/client/convert/data.d.ts

@@ -1,4 +1,4 @@
-import type { ApiData, InternalData, DataMetadata, KeyPair } from '../types/index.js';
-export declare function apiDataToInternal(apiData: ApiData, keyPair: KeyPair): InternalData;
+import type { ApiData, InternalData, DataMetadata } from '../types/index.js';
+export declare function apiDataToInternal(apiData: ApiData, keyPairs: Record<string, string>): InternalData;
 export declare function internalDataToExternalData(internal: InternalData): DataMetadata;
-export declare function apiDataToExternal(apiData: ApiData, keyPair: KeyPair): DataMetadata;
+export declare function apiDataToExternal(apiData: ApiData, keyPairs: Record<string, string>): DataMetadata;

package/dist/types/client/convert/mail.d.ts

@@ -1,8 +1,6 @@
-import { type Mail, type SecrecyClient } from '../../index.js';
-import { type KeyPair } from '../types/index.js';
+import { type Mail } from '../../index.js';
 import { type ApiMail } from '../types/mail.js';
-export declare function convertInternalMailToExternal({ client, mail, keyPair, }: {
+export declare function convertInternalMailToExternal({ mail, keyPairs, }: {
     mail: ApiMail;
-    client: SecrecyClient;
-    keyPair: KeyPair;
+    keyPairs: Record<string, string>;
 }): Promise<Mail>;

package/dist/types/client/convert/node.d.ts

@@ -1,6 +1,6 @@
-import type { Node, ApiNode, ApiNodeFull, InternalNodeFull, NodeFull, KeyPair, ApiNodeParent, ApiNodeForEncryption, InternalMinimalNodeForEncryption } from '../types/index.js';
-export declare function apiNodeFullToInternalFull(apiNodeFull: ApiNodeFull, keyPair: KeyPair): Promise<InternalNodeFull>;
+import type { Node, ApiNode, ApiNodeFull, InternalNodeFull, NodeFull, ApiNodeParent, ApiNodeForEncryption, InternalMinimalNodeForEncryption } from '../types/index.js';
+export declare function apiNodeFullToInternalFull(apiNodeFull: ApiNodeFull, keyPairs: Record<string, string>): Promise<InternalNodeFull>;
 export declare function internalNodeFullToNodeFull(internal: InternalNodeFull): NodeFull;
-export declare function apiNodeToExternalNodeFull(apiNodeFull: ApiNodeFull, keyPair: KeyPair): Promise<NodeFull>;
-export declare function apiNodeToExternal(apiNode: ApiNode | ApiNodeParent, keyPair: KeyPair): Promise<Node>;
-export declare function apiNodeForEncryptionToInternal(apiNode: ApiNodeForEncryption, keyPair: KeyPair): Promise<InternalMinimalNodeForEncryption>;
+export declare function apiNodeToExternalNodeFull(apiNodeFull: ApiNodeFull, keyPairs: Record<string, string>): Promise<NodeFull>;
+export declare function apiNodeToExternal(apiNode: ApiNode | ApiNodeParent, keyPairs: Record<string, string>): Promise<Node>;
+export declare function apiNodeForEncryptionToInternal(apiNode: ApiNodeForEncryption, keyPairs: Record<string, string>): Promise<InternalMinimalNodeForEncryption>;

package/dist/types/client/index.d.ts

@@ -7,15 +7,16 @@ import { SecrecyDbClient } from './SecrecyDbClient.js';
 import { SecrecyWalletClient } from './SecrecyWalletClient.js';
 import { SecrecyPayClient } from './SecrecyPayClient.js';
 import { ApiClient, type RouterInputs } from '../client.js';
-import { type KeyPair } from './types/index.js';
 import { SecrecyUserClient } from './SecrecyUserClient.js';
 import { SecrecyPseudonymClient } from './SecrecyPseudonymClient.js';
 import { SecrecyOrganizationClient } from './SecrecyOrganizationClient.js';
+import type { AccessIdentity, GroupIdentity, UserAppIdentity } from './types/identity.js';
 export type NewMail = Pick<RouterInputs['mail']['createDraft'], 'body' | 'subject' | 'senderFiles' | 'recipients' | 'replyToId'>;
 export type ProgressCallback = (progress: SecretStreamProgress) => Promise<void>;
 export interface SecrecyClientOptions {
     uaSession: string;
-    uaKeys: KeyPair;
+    identities: AccessIdentity[];
+    keyPairs: Record<string, string>;
     uaJwt: string;
     apiClient?: ApiClient;
     secrecyUrls?: Partial<SecrecyUrls>;
@@ -33,6 +34,12 @@ export declare class SecrecyClient extends BaseClient {
     pseudonym: SecrecyPseudonymClient;
     constructor(opts: SecrecyClientOptions);
     get publicKey(): string;
+    get apiClient(): Readonly<ApiClient>;
+    get keyPairs(): Readonly<Record<string, string>>;
+    getPrivateKey(pubKey: string): string;
+    get uaPrivateKey(): string;
+    get groupIdentities(): ReadonlyArray<Readonly<GroupIdentity>>;
+    get uaIdentity(): Readonly<UserAppIdentity>;
     decryptAnonymous(data: Uint8Array): Uint8Array;
     logout(sessionId?: string | null | undefined): Promise<void>;
 }

package/dist/types/client/storage.d.ts

@@ -1,7 +1,8 @@
 import type { StoreBuddy } from '../utils/store-buddy.js';
-import { type KeyPair } from './types/index.js';
+import type { AccessIdentity } from './types/identity.js';
 export declare function getStorage(session?: boolean | undefined): {
-    userAppKeys: StoreBuddy<KeyPair | null>;
+    identities: StoreBuddy<AccessIdentity[] | null>;
+    keyPairs: StoreBuddy<Record<string, string> | null>;
     userAppSession: StoreBuddy<string | null>;
     jwt: StoreBuddy<string | null>;
 };

package/dist/types/client/types/identity.d.ts

@@ -0,0 +1,29 @@
+import { z } from 'zod/v4';
+export declare const userAppSchema: z.ZodObject<{
+    kind: z.ZodLiteral<"USER_APP">;
+    identityPubKey: z.ZodString;
+    userId: z.ZodString;
+    appId: z.ZodString;
+}, z.core.$strip>;
+export declare const groupSchema: z.ZodObject<{
+    kind: z.ZodLiteral<"GROUP">;
+    identityPubKey: z.ZodString;
+    groupId: z.ZodString;
+    sharedByPubKey: z.ZodString;
+    groupOwnerPubKey: z.ZodString;
+}, z.core.$strip>;
+export declare const accessIdentitySchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    kind: z.ZodLiteral<"USER_APP">;
+    identityPubKey: z.ZodString;
+    userId: z.ZodString;
+    appId: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    kind: z.ZodLiteral<"GROUP">;
+    identityPubKey: z.ZodString;
+    groupId: z.ZodString;
+    sharedByPubKey: z.ZodString;
+    groupOwnerPubKey: z.ZodString;
+}, z.core.$strip>], "kind">;
+export type AccessIdentity = z.infer<typeof accessIdentitySchema>;
+export type UserAppIdentity = z.infer<typeof userAppSchema>;
+export type GroupIdentity = z.infer<typeof groupSchema>;

package/dist/types/client/types/index.d.ts

@@ -4,16 +4,20 @@ export type * from './data.js';
 export type * from './node.js';
 export type * from './mail.js';
 export type * from './user.js';
-declare const keyPair: z.ZodObject<{
-    publicKey: z.ZodString;
-    privateKey: z.ZodString;
-}, z.core.$strict>;
-export type KeyPair = z.infer<typeof keyPair>;
 export declare const secrecyUserApp: z.ZodReadonly<z.ZodObject<{
-    keys: z.ZodObject<{
-        publicKey: z.ZodString;
-        privateKey: z.ZodString;
-    }, z.core.$strict>;
+    identities: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
+        kind: z.ZodLiteral<"USER_APP">;
+        identityPubKey: z.ZodString;
+        userId: z.ZodString;
+        appId: z.ZodString;
+    }, z.core.$strip>, z.ZodObject<{
+        kind: z.ZodLiteral<"GROUP">;
+        identityPubKey: z.ZodString;
+        groupId: z.ZodString;
+        sharedByPubKey: z.ZodString;
+        groupOwnerPubKey: z.ZodString;
+    }, z.core.$strip>], "kind">>;
+    keyPairs: z.ZodRecord<z.ZodString, z.ZodString>;
     jwt: z.ZodString;
     uaSession: z.ZodString;
 }, z.core.$strict>>;

package/dist/types/client/types/mail.d.ts

@@ -13,7 +13,7 @@ export interface BaseMail {
     deletedAt: Date | null;
     openedAt: Date | null;
     isAltered: boolean;
-    recipients: Array<Omit<PublicUser, 'publicKey'>>;
+    recipients: Array<PublicUser>;
     temporaryRecipients: TemporaryMailUser[];
     attachments: Array<{
         id: string;
@@ -24,6 +24,7 @@ export interface BaseMail {
 export interface ReceivedMail extends BaseMail {
     type: 'received';
     sender: PublicUser;
+    senderPublicKey: string;
 }
 export interface InternalSentMail {
     user: {

package/dist/types/client/types/node.d.ts

@@ -1,17 +1,19 @@
 import { type RouterOutputs } from '../../client.js';
-import type { DataMetadata, InternalData, PublicUser } from './index.js';
-export type Permissions = ApiNode['users'][number][1];
+import type { DataMetadata, InternalData, UserAppOrg } from './index.js';
+export type Permissions = ApiNode['identities'][number];
 export type Rights = Permissions['rights'];
 export type NodeAccess<T extends Record<string, unknown> = Record<string, unknown>> = T & Permissions & {
     isRoot: boolean;
     sharedByPubKey: string;
+    identityPubKey: string;
 };
 export interface NodeBreadcrumbItem {
     id: string;
     name: string;
 }
 export interface NodeBreadcrumbItemWithPubKey extends NodeBreadcrumbItem {
-    pubKey: string;
+    sharedByPubKey: string;
+    identityPubKey: string;
 }
 export interface NodeSize {
     size: bigint;
@@ -31,9 +33,10 @@ export interface Node<T extends NodeBreadcrumbItem = NodeBreadcrumbItem, U exten
     sizes: NodeSize;
     name: string;
     breadcrumb: T[];
-    owner: PublicUser;
-    access: NodeAccess<U>;
-    users: Array<[PublicUser, Permissions]>;
+    owner: UserAppOrg;
+    accesses: NodeAccess<U>[];
+    permissions: Permissions;
+    identities: Record<string, Permissions>;
     currentDataId: string | null;
     parentId: string | null;
 }
@@ -72,16 +75,16 @@ export type EncryptedNodeInfos = {
 };
 export type ShareNodeDetails = {
     missingNodeAccesses: {
-        userId: string;
+        pubKey: string;
         nodeId: string;
     }[];
     missingDataAccesses: {
-        userId: string;
+        pubKey: string;
         dataId: string;
         nodeId: string;
     }[];
     invalidRightsAccesses: {
-        userId: string;
+        pubKey: string;
         current: Permissions;
         nodeId: string;
         expect: Permissions;

package/dist/types/client/types/user.d.ts

@@ -1,3 +1,18 @@
 import { type RouterOutputs } from '../../client.js';
 export type SelfUser = RouterOutputs['user']['self'];
 export type PublicUser = RouterOutputs['user']['byId'];
+export type UserAppOrg = RouterOutputs['cloud']['nodeById']['owner'];
+export type AccessIdentity = RouterOutputs['identity']['list']['identities'][number];
+export type PublicAccessIdentity = RouterOutputs['identity']['get']['identity'];
+export type PublicUserAppIdentity = Extract<PublicAccessIdentity, {
+    kind: 'USER_APP';
+}>;
+export type PublicGroupIdentity = Extract<PublicAccessIdentity, {
+    kind: 'GROUP';
+}>;
+export type UserAppIdentity = Extract<AccessIdentity, {
+    kind: 'USER_APP';
+}>;
+export type GroupIdentity = Extract<AccessIdentity, {
+    kind: 'GROUP';
+}>;