@shhhum/xftp-web 0.3.0 → 0.5.0

package/dist-web/index.html

@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="Content-Security-Policy"
+    content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://xftp1.simplex.im:443 https://xftp2.simplex.im:443 https://xftp3.simplex.im:443 https://xftp4.simplex.im:443 https://xftp5.simplex.im:443 https://xftp6.simplex.im:443 https://xftp1.simplexonflux.com:443 https://xftp2.simplexonflux.com:443 https://xftp3.simplexonflux.com:443 https://xftp4.simplexonflux.com:443 https://xftp5.simplexonflux.com:443 https://xftp6.simplexonflux.com:443;">
+  <title>SimpleX File Transfer</title>
+  <script type="module" crossorigin src="/assets/index.js"></script>
+  <link rel="stylesheet" crossorigin href="/assets/index.css">
+</head>
+<body>
+  <div id="app"></div>
+</body>
+</html>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shhhum/xftp-web",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "XFTP file transfer protocol client for web/browser environments",
   "license": "AGPL-3.0-only",
   "repository": {
@@ -9,14 +9,13 @@
     "directory": "xftp-web"
   },
   "type": "module",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "files": ["dist", "src"],
+  "main": "dist-web/index.html",
+  "files": ["src", "web", "dist", "dist-web"],
   "publishConfig": {
     "access": "public"
   },
   "scripts": {
-    "prepublishOnly": "npm run build",
+    "prepublishOnly": "npm run build && npm run build:prod",
     "pretest": "ln -sf ../../../libsodium-sumo/dist/modules-sumo-esm/libsodium-sumo.mjs node_modules/libsodium-wrappers-sumo/dist/modules-sumo-esm/libsodium-sumo.mjs && npx playwright install chromium",
     "build": "tsc",
     "test": "vitest",

package/src/agent.ts

@@ -15,12 +15,10 @@ import {
 } from "./protocol/description.js"
 import type {FileInfo} from "./protocol/commands.js"
 import {
-  createXFTPChunk, addXFTPRecipients, uploadXFTPChunk, downloadXFTPChunk, downloadXFTPChunkRaw,
-  deleteXFTPChunk, ackXFTPChunk, type XFTPClientAgent
+  createXFTPChunk, uploadXFTPChunk, downloadXFTPChunk, downloadXFTPChunkRaw,
+  deleteXFTPChunk, type XFTPClientAgent
 } from "./client.js"
-export {newXFTPAgent, closeXFTPAgent, type XFTPClientAgent, type TransportConfig,
-  XFTPRetriableError, XFTPPermanentError, isRetriable, categorizeError, humanReadableMessage,
-  ackXFTPChunk, addXFTPRecipients} from "./client.js"
+export {newXFTPAgent, closeXFTPAgent, type XFTPClientAgent, type TransportConfig} from "./client.js"
 import {processDownloadedFile, decryptReceivedChunk} from "./download.js"
 import type {XFTPServer} from "./protocol/address.js"
 import {formatXFTPServer, parseXFTPServer} from "./protocol/address.js"
@@ -32,7 +30,8 @@ interface SentChunk {
   chunkNo: number
   senderId: Uint8Array
   senderKey: Uint8Array      // 64B libsodium Ed25519 private key
-  recipients: {recipientId: Uint8Array, recipientKey: Uint8Array}[]
+  recipientId: Uint8Array
+  recipientKey: Uint8Array   // 64B libsodium Ed25519 private key
   chunkSize: number
   digest: Uint8Array         // SHA-256
   server: XFTPServer
@@ -50,7 +49,7 @@ export interface EncryptedFileInfo extends EncryptedFileMetadata {
 }
 
 export interface UploadResult {
-  rcvDescriptions: FileDescription[]
+  rcvDescription: FileDescription
   sndDescription: FileDescription
   uri: string                 // base64url-encoded compressed YAML (no leading #)
 }
@@ -96,24 +95,20 @@ export function encryptFileForUpload(source: Uint8Array, fileName: string): Encr
 }
 
 const DEFAULT_REDIRECT_THRESHOLD = 400
-const MAX_RECIPIENTS_PER_REQUEST = 200
 
 export interface UploadOptions {
   onProgress?: (uploaded: number, total: number) => void
   redirectThreshold?: number
   readChunk?: (offset: number, size: number) => Promise<Uint8Array>
-  auth?: Uint8Array
-  numRecipients?: number
 }
 
 export async function uploadFile(
   agent: XFTPClientAgent,
-  servers: XFTPServer[],
+  server: XFTPServer,
   encrypted: EncryptedFileMetadata,
   options?: UploadOptions
 ): Promise<UploadResult> {
-  if (servers.length === 0) throw new Error("uploadFile: servers list is empty")
-  const {onProgress, redirectThreshold, readChunk: readChunkOpt, auth, numRecipients = 1} = options ?? {}
+  const {onProgress, redirectThreshold, readChunk: readChunkOpt} = options ?? {}
   const readChunk: (offset: number, size: number) => Promise<Uint8Array> = readChunkOpt
     ? readChunkOpt
     : ('encData' in encrypted
@@ -121,81 +116,48 @@ export async function uploadFile(
         : () => { throw new Error("uploadFile: readChunk required when encData is absent") })
   const total = encrypted.chunkSizes.reduce((a, b) => a + b, 0)
   const specs = prepareChunkSpecs(encrypted.chunkSizes)
-
-  // Pre-assign servers and group by server (matching Haskell groupAllOn)
-  const chunkJobs = specs.map((spec, i) => ({
-    index: i,
-    spec,
-    server: servers[Math.floor(Math.random() * servers.length)]
-  }))
-  const byServer = new Map<string, typeof chunkJobs>()
-  for (const job of chunkJobs) {
-    const key = formatXFTPServer(job.server)
-    if (!byServer.has(key)) byServer.set(key, [])
-    byServer.get(key)!.push(job)
-  }
-
-  // Upload groups in parallel, sequential within each group
-  const sentChunks: SentChunk[] = new Array(specs.length)
+  const sentChunks: SentChunk[] = []
   let uploaded = 0
-  await Promise.all([...byServer.values()].map(async (jobs) => {
-    for (const {index, spec, server} of jobs) {
-      const chunkNo = index + 1
-      const sndKp = generateEd25519KeyPair()
-      const rcvKps = Array.from({length: numRecipients}, () => generateEd25519KeyPair())
-      const chunkData = await readChunk(spec.chunkOffset, spec.chunkSize)
-      const chunkDigest = getChunkDigest(chunkData)
-      console.log(`[AGENT-DBG] upload chunk=${chunkNo} offset=${spec.chunkOffset} size=${spec.chunkSize} digest=${_dbgHex(chunkDigest, 32)} data[0..8]=${_dbgHex(chunkData)} data[-8..]=${_dbgHex(chunkData.slice(-8))}`)
-      const fileInfo: FileInfo = {
-        sndKey: encodePubKeyEd25519(sndKp.publicKey),
-        size: spec.chunkSize,
-        digest: chunkDigest
-      }
-      const firstBatch = Math.min(numRecipients, MAX_RECIPIENTS_PER_REQUEST)
-      const firstBatchKeys = rcvKps.slice(0, firstBatch).map(kp => encodePubKeyEd25519(kp.publicKey))
-      const {senderId, recipientIds: firstIds} = await createXFTPChunk(
-        agent, server, sndKp.privateKey, fileInfo, firstBatchKeys, auth ?? null
-      )
-      const allRecipientIds = [...firstIds]
-      let added = firstBatch
-      while (added < numRecipients) {
-        const batchSize = Math.min(numRecipients - added, MAX_RECIPIENTS_PER_REQUEST)
-        const batchKeys = rcvKps.slice(added, added + batchSize).map(kp => encodePubKeyEd25519(kp.publicKey))
-        const moreIds = await addXFTPRecipients(agent, server, sndKp.privateKey, senderId, batchKeys)
-        allRecipientIds.push(...moreIds)
-        added += batchSize
-      }
-      await uploadXFTPChunk(agent, server, sndKp.privateKey, senderId, chunkData)
-      sentChunks[index] = {
-        chunkNo, senderId, senderKey: sndKp.privateKey,
-        recipients: allRecipientIds.map((rid, ri) => ({
-          recipientId: rid, recipientKey: rcvKps[ri].privateKey
-        })),
-        chunkSize: spec.chunkSize, digest: chunkDigest, server
-      }
-      uploaded += spec.chunkSize
-      onProgress?.(uploaded, total)
+  for (let i = 0; i < specs.length; i++) {
+    const spec = specs[i]
+    const chunkNo = i + 1
+    const sndKp = generateEd25519KeyPair()
+    const rcvKp = generateEd25519KeyPair()
+    const chunkData = await readChunk(spec.chunkOffset, spec.chunkSize)
+    const chunkDigest = getChunkDigest(chunkData)
+    console.log(`[AGENT-DBG] upload chunk=${chunkNo} offset=${spec.chunkOffset} size=${spec.chunkSize} digest=${_dbgHex(chunkDigest, 32)} data[0..8]=${_dbgHex(chunkData)} data[-8..]=${_dbgHex(chunkData.slice(-8))}`)
+    const fileInfo: FileInfo = {
+      sndKey: encodePubKeyEd25519(sndKp.publicKey),
+      size: spec.chunkSize,
+      digest: chunkDigest
     }
-  }))
-
-  const rcvDescriptions = Array.from({length: numRecipients}, (_, ri) =>
-    buildDescription("recipient", ri, encrypted, sentChunks)
-  )
-  const sndDescription = buildDescription("sender", 0, encrypted, sentChunks)
-  let uri = encodeDescriptionURI(rcvDescriptions[0])
-  let finalRcvDescriptions = rcvDescriptions
+    const rcvKeysForChunk = [encodePubKeyEd25519(rcvKp.publicKey)]
+    const {senderId, recipientIds} = await createXFTPChunk(
+      agent, server, sndKp.privateKey, fileInfo, rcvKeysForChunk
+    )
+    await uploadXFTPChunk(agent, server, sndKp.privateKey, senderId, chunkData)
+    sentChunks.push({
+      chunkNo, senderId, senderKey: sndKp.privateKey,
+      recipientId: recipientIds[0], recipientKey: rcvKp.privateKey,
+      chunkSize: spec.chunkSize, digest: chunkDigest, server
+    })
+    uploaded += spec.chunkSize
+    onProgress?.(uploaded, total)
+  }
+  const rcvDescription = buildDescription("recipient", encrypted, sentChunks)
+  const sndDescription = buildDescription("sender", encrypted, sentChunks)
+  let uri = encodeDescriptionURI(rcvDescription)
+  let finalRcvDescription = rcvDescription
   const threshold = redirectThreshold ?? DEFAULT_REDIRECT_THRESHOLD
   if (uri.length > threshold && sentChunks.length > 1) {
-    const redirected = await uploadRedirectDescription(agent, servers, rcvDescriptions[0], auth)
-    finalRcvDescriptions = [redirected, ...rcvDescriptions.slice(1)]
-    uri = encodeDescriptionURI(redirected)
+    finalRcvDescription = await uploadRedirectDescription(agent, server, rcvDescription)
+    uri = encodeDescriptionURI(finalRcvDescription)
   }
-  return {rcvDescriptions: finalRcvDescriptions, sndDescription, uri}
+  return {rcvDescription: finalRcvDescription, sndDescription, uri}
 }
 
 function buildDescription(
   party: "recipient" | "sender",
-  recipientIndex: number,
   enc: EncryptedFileMetadata,
   chunks: SentChunk[]
 ): FileDescription {
@@ -213,8 +175,8 @@ function buildDescription(
       digest: c.digest,
       replicas: [{
         server: formatXFTPServer(c.server),
-        replicaId: party === "recipient" ? c.recipients[recipientIndex].recipientId : c.senderId,
-        replicaKey: encodePrivKeyEd25519(party === "recipient" ? c.recipients[recipientIndex].recipientKey : c.senderKey)
+        replicaId: party === "recipient" ? c.recipientId : c.senderId,
+        replicaKey: encodePrivKeyEd25519(party === "recipient" ? c.recipientKey : c.senderKey)
       }]
     })),
     redirect: null
@@ -223,53 +185,37 @@ function buildDescription(
 
 async function uploadRedirectDescription(
   agent: XFTPClientAgent,
-  servers: XFTPServer[],
-  innerFd: FileDescription,
-  auth?: Uint8Array
+  server: XFTPServer,
+  innerFd: FileDescription
 ): Promise<FileDescription> {
   const yaml = encodeFileDescription(innerFd)
   const yamlBytes = new TextEncoder().encode(yaml)
   const enc = encryptFileForUpload(yamlBytes, "")
   const specs = prepareChunkSpecs(enc.chunkSizes)
-
-  const chunkJobs = specs.map((spec, i) => ({
-    index: i,
-    spec,
-    server: servers[Math.floor(Math.random() * servers.length)]
-  }))
-  const byServer = new Map<string, typeof chunkJobs>()
-  for (const job of chunkJobs) {
-    const key = formatXFTPServer(job.server)
-    if (!byServer.has(key)) byServer.set(key, [])
-    byServer.get(key)!.push(job)
-  }
-
-  const sentChunks: SentChunk[] = new Array(specs.length)
-  await Promise.all([...byServer.values()].map(async (jobs) => {
-    for (const {index, spec, server} of jobs) {
-      const chunkNo = index + 1
-      const sndKp = generateEd25519KeyPair()
-      const rcvKp = generateEd25519KeyPair()
-      const chunkData = enc.encData.subarray(spec.chunkOffset, spec.chunkOffset + spec.chunkSize)
-      const chunkDigest = getChunkDigest(chunkData)
-      const fileInfo: FileInfo = {
-        sndKey: encodePubKeyEd25519(sndKp.publicKey),
-        size: spec.chunkSize,
-        digest: chunkDigest
-      }
-      const rcvKeysForChunk = [encodePubKeyEd25519(rcvKp.publicKey)]
-      const {senderId, recipientIds} = await createXFTPChunk(
-        agent, server, sndKp.privateKey, fileInfo, rcvKeysForChunk, auth ?? null
-      )
-      await uploadXFTPChunk(agent, server, sndKp.privateKey, senderId, chunkData)
-      sentChunks[index] = {
-        chunkNo, senderId, senderKey: sndKp.privateKey,
-        recipients: [{recipientId: recipientIds[0], recipientKey: rcvKp.privateKey}],
-        chunkSize: spec.chunkSize, digest: chunkDigest, server
-      }
+  const sentChunks: SentChunk[] = []
+  for (let i = 0; i < specs.length; i++) {
+    const spec = specs[i]
+    const chunkNo = i + 1
+    const sndKp = generateEd25519KeyPair()
+    const rcvKp = generateEd25519KeyPair()
+    const chunkData = enc.encData.subarray(spec.chunkOffset, spec.chunkOffset + spec.chunkSize)
+    const chunkDigest = getChunkDigest(chunkData)
+    const fileInfo: FileInfo = {
+      sndKey: encodePubKeyEd25519(sndKp.publicKey),
+      size: spec.chunkSize,
+      digest: chunkDigest
     }
-  }))
-
+    const rcvKeysForChunk = [encodePubKeyEd25519(rcvKp.publicKey)]
+    const {senderId, recipientIds} = await createXFTPChunk(
+      agent, server, sndKp.privateKey, fileInfo, rcvKeysForChunk
+    )
+    await uploadXFTPChunk(agent, server, sndKp.privateKey, senderId, chunkData)
+    sentChunks.push({
+      chunkNo, senderId, senderKey: sndKp.privateKey,
+      recipientId: recipientIds[0], recipientKey: rcvKp.privateKey,
+      chunkSize: spec.chunkSize, digest: chunkDigest, server
+    })
+  }
   return {
     party: "recipient",
     size: enc.chunkSizes.reduce((a, b) => a + b, 0),
@@ -283,8 +229,8 @@ async function uploadRedirectDescription(
       digest: c.digest,
       replicas: [{
         server: formatXFTPServer(c.server),
-        replicaId: c.recipients[0].recipientId,
-        replicaKey: encodePrivKeyEd25519(c.recipients[0].recipientKey)
+        replicaId: c.recipientId,
+        replicaKey: encodePrivKeyEd25519(c.recipientKey)
       }]
     })),
     redirect: {size: innerFd.size, digest: innerFd.digest}
@@ -303,6 +249,7 @@ export interface RawDownloadedChunk {
 
 export interface DownloadRawOptions {
   onProgress?: (downloaded: number, total: number) => void
+  concurrency?: number
 }
 
 export async function downloadFileRaw(
@@ -313,7 +260,7 @@ export async function downloadFileRaw(
 ): Promise<FileDescription> {
   const err = validateFileDescription(fd)
   if (err) throw new Error("downloadFileRaw: " + err)
-  const {onProgress} = options ?? {}
+  const {onProgress, concurrency = 1} = options ?? {}
   // Resolve redirect on main thread (redirect data is small)
   if (fd.redirect !== null) {
     console.log(`[AGENT-DBG] resolving redirect: outer size=${fd.size} chunks=${fd.chunks.length}`)
@@ -345,7 +292,6 @@ export async function downloadFileRaw(
         body: raw.body,
         digest: chunk.digest
       })
-      await ackXFTPChunk(agent, server, kp.privateKey, replica.replicaId)
       downloaded += chunk.chunkSize
       onProgress?.(downloaded, resolvedFd.size)
     }
@@ -376,24 +322,15 @@ async function resolveRedirect(
   fd: FileDescription
 ): Promise<FileDescription> {
   const plaintextChunks: Uint8Array[] = new Array(fd.chunks.length)
-  const byServer = new Map<string, typeof fd.chunks>()
   for (const chunk of fd.chunks) {
-    const srv = chunk.replicas[0]?.server ?? ""
-    if (!byServer.has(srv)) byServer.set(srv, [])
-    byServer.get(srv)!.push(chunk)
+    const replica = chunk.replicas[0]
+    if (!replica) throw new Error("resolveRedirect: chunk has no replicas")
+    const server = parseXFTPServer(replica.server)
+    const seed = decodePrivKeyEd25519(replica.replicaKey)
+    const kp = ed25519KeyPairFromSeed(seed)
+    const data = await downloadXFTPChunk(agent, server, kp.privateKey, replica.replicaId, chunk.digest)
+    plaintextChunks[chunk.chunkNo - 1] = data
   }
-  await Promise.all([...byServer.entries()].map(async ([srv, chunks]) => {
-    const server = parseXFTPServer(srv)
-    for (const chunk of chunks) {
-      const replica = chunk.replicas[0]
-      if (!replica) throw new Error("resolveRedirect: chunk has no replicas")
-      const seed = decodePrivKeyEd25519(replica.replicaKey)
-      const kp = ed25519KeyPairFromSeed(seed)
-      const data = await downloadXFTPChunk(agent, server, kp.privateKey, replica.replicaId, chunk.digest)
-      plaintextChunks[chunk.chunkNo - 1] = data
-      await ackXFTPChunk(agent, server, kp.privateKey, replica.replicaId)
-    }
-  }))
   const totalSize = plaintextChunks.reduce((s, c) => s + c.length, 0)
   if (totalSize !== fd.size) throw new Error("resolveRedirect: redirect file size mismatch")
   const digest = sha512Streaming(plaintextChunks)
@@ -411,22 +348,14 @@ async function resolveRedirect(
 // -- Delete
 
 export async function deleteFile(agent: XFTPClientAgent, sndDescription: FileDescription): Promise<void> {
-  const byServer = new Map<string, typeof sndDescription.chunks>()
   for (const chunk of sndDescription.chunks) {
-    const srv = chunk.replicas[0]?.server ?? ""
-    if (!byServer.has(srv)) byServer.set(srv, [])
-    byServer.get(srv)!.push(chunk)
+    const replica = chunk.replicas[0]
+    if (!replica) throw new Error("deleteFile: chunk has no replicas")
+    const server = parseXFTPServer(replica.server)
+    const seed = decodePrivKeyEd25519(replica.replicaKey)
+    const kp = ed25519KeyPairFromSeed(seed)
+    await deleteXFTPChunk(agent, server, kp.privateKey, replica.replicaId)
   }
-  await Promise.all([...byServer.entries()].map(async ([srv, chunks]) => {
-    const server = parseXFTPServer(srv)
-    for (const chunk of chunks) {
-      const replica = chunk.replicas[0]
-      if (!replica) throw new Error("deleteFile: chunk has no replicas")
-      const seed = decodePrivKeyEd25519(replica.replicaKey)
-      const kp = ed25519KeyPairFromSeed(seed)
-      await deleteXFTPChunk(agent, server, kp.privateKey, replica.replicaId)
-    }
-  }))
 }
 
 // -- Internal

package/src/client.ts

@@ -16,7 +16,7 @@ import {
 import {verifyIdentityProof} from "./crypto/identity.js"
 import {generateX25519KeyPair, encodePubKeyX25519, dh} from "./crypto/keys.js"
 import {
-  encodeFNEW, encodeFADD, encodeFPUT, encodeFGET, encodeFACK, encodeFDEL, encodePING,
+  encodeFNEW, encodeFADD, encodeFPUT, encodeFGET, encodeFDEL, encodePING,
   decodeResponse, type FileResponse, type FileInfo, type XFTPErrorType
 } from "./protocol/commands.js"
 import {decryptReceivedChunk} from "./download.js"
@@ -430,13 +430,6 @@ export async function deleteXFTPChunk(
   if (response.type !== "FROk") throw new Error("unexpected response: " + response.type)
 }
 
-export async function ackXFTPChunk(
-  agent: XFTPClientAgent, server: XFTPServer, rpKey: Uint8Array, rId: Uint8Array
-): Promise<void> {
-  const {response} = await sendXFTPCommand(agent, server, rpKey, rId, encodeFACK())
-  if (response.type !== "FROk") throw new Error("unexpected response: " + response.type)
-}
-
 export async function pingXFTP(agent: XFTPClientAgent, server: XFTPServer): Promise<void> {
   const client = await getXFTPServerClient(agent, server)
   const corrId = new Uint8Array(0)

package/src/crypto/digest.ts

@@ -1,6 +1,6 @@
 // Cryptographic hash functions matching Simplex.Messaging.Crypto (sha256Hash, sha512Hash).
 
-import sodium, {type StateAddress} from "libsodium-wrappers-sumo"
+import sodium from "libsodium-wrappers-sumo"
 
 // SHA-256 digest (32 bytes) -- Crypto.hs:1006
 export function sha256(data: Uint8Array): Uint8Array {
@@ -16,7 +16,7 @@ export function sha512(data: Uint8Array): Uint8Array {
 // Internally segments chunks larger than 4MB to limit peak WASM memory usage.
 export function sha512Streaming(chunks: Iterable<Uint8Array>): Uint8Array {
   const SEG = 4 * 1024 * 1024
-  const state = sodium.crypto_hash_sha512_init() as unknown as StateAddress
+  const state = sodium.crypto_hash_sha512_init() as unknown as sodium.StateAddress
   for (const chunk of chunks) {
     for (let off = 0; off < chunk.length; off += SEG) {
       sodium.crypto_hash_sha512_update(state, chunk.subarray(off, Math.min(off + SEG, chunk.length)))

package/src/crypto/keys.ts

@@ -1,7 +1,6 @@
 // Key generation, signing, DH -- Simplex.Messaging.Crypto (Ed25519/X25519/Ed448 functions).
 
 import sodium from "libsodium-wrappers-sumo"
-await sodium.ready
 import {ed448} from "@noble/curves/ed448"
 import {sha256} from "./digest.js"
 import {concatBytes} from "../protocol/encoding.js"

package/src/protocol/commands.ts

@@ -22,18 +22,11 @@ export interface FileInfo {
 
 export type CommandError = "UNKNOWN" | "SYNTAX" | "PROHIBITED" | "NO_AUTH" | "HAS_AUTH" | "NO_ENTITY"
 
-export type BlockingReason = "spam" | "content"
-
-export interface BlockingInfo {
-  reason: BlockingReason
-  notice: {ttl: number | null} | null
-}
-
 export type XFTPErrorType =
   | {type: "BLOCK"} | {type: "SESSION"} | {type: "HANDSHAKE"}
   | {type: "CMD", cmdErr: CommandError}
   | {type: "AUTH"}
-  | {type: "BLOCKED", blockInfo: BlockingInfo}
+  | {type: "BLOCKED", blockInfo: string}
   | {type: "SIZE"} | {type: "QUOTA"} | {type: "DIGEST"} | {type: "CRYPTO"}
   | {type: "NO_FILE"} | {type: "HAS_FILE"} | {type: "FILE_IO"}
   | {type: "TIMEOUT"} | {type: "INTERNAL"}
@@ -80,8 +73,6 @@ export function encodeFPUT(): Uint8Array { return ascii("FPUT") }
 
 export function encodeFDEL(): Uint8Array { return ascii("FDEL") }
 
-export function encodeFACK(): Uint8Array { return ascii("FACK") }
-
 export function encodeFGET(rcvDhKey: Uint8Array): Uint8Array {
   return concatBytes(ascii("FGET"), SPACE, encodeBytes(rcvDhKey))
 }
@@ -111,17 +102,6 @@ function decodeCommandError(s: string): CommandError {
   throw new Error("bad CommandError: " + s)
 }
 
-function decodeBlockingInfo(s: string): BlockingInfo {
-  const noticeIdx = s.indexOf(",notice=")
-  const reasonPart = noticeIdx >= 0 ? s.slice(0, noticeIdx) : s
-  const reason: BlockingReason = reasonPart === "reason=spam" ? "spam" : "content"
-  let notice: {ttl: number | null} | null = null
-  if (noticeIdx >= 0) {
-    try { notice = JSON.parse(s.slice(noticeIdx + 8)) } catch {}
-  }
-  return {reason, notice}
-}
-
 export function decodeXFTPError(d: Decoder): XFTPErrorType {
   const s = readTag(d)
   switch (s) {
@@ -135,7 +115,7 @@ export function decodeXFTPError(d: Decoder): XFTPErrorType {
       const rest = d.takeAll()
       let info = ""
       for (let i = 0; i < rest.length; i++) info += String.fromCharCode(rest[i])
-      return {type: "BLOCKED", blockInfo: decodeBlockingInfo(info)}
+      return {type: "BLOCKED", blockInfo: info}
     }
     case "SIZE": return {type: "SIZE"}
     case "QUOTA": return {type: "QUOTA"}

package/web/crypto-backend.ts

@@ -0,0 +1,122 @@
+import type {FileHeader} from '../src/crypto/file.js'
+
+export interface CryptoBackend {
+  encrypt(data: Uint8Array, fileName: string,
+          onProgress?: (done: number, total: number) => void
+  ): Promise<EncryptResult>
+  readChunk(offset: number, size: number): Promise<Uint8Array>
+  decryptAndStoreChunk(
+    dhSecret: Uint8Array, nonce: Uint8Array,
+    body: Uint8Array, digest: Uint8Array, chunkNo: number
+  ): Promise<void>
+  verifyAndDecrypt(params: {size: number, digest: Uint8Array, key: Uint8Array, nonce: Uint8Array}
+  ): Promise<{header: FileHeader, content: Uint8Array}>
+  cleanup(): Promise<void>
+}
+
+export interface EncryptResult {
+  digest: Uint8Array
+  key: Uint8Array
+  nonce: Uint8Array
+  chunkSizes: number[]
+}
+
+type PendingRequest = {resolve: (value: any) => void, reject: (reason: any) => void}
+
+class WorkerBackend implements CryptoBackend {
+  private worker: Worker
+  private pending = new Map<number, PendingRequest>()
+  private nextId = 1
+  private progressCb: ((done: number, total: number) => void) | null = null
+
+  constructor() {
+    this.worker = new Worker(new URL('./crypto.worker.ts', import.meta.url), {type: 'module'})
+    this.worker.onmessage = (e) => this.handleMessage(e.data)
+  }
+
+  private handleMessage(msg: {id: number, type: string, [k: string]: any}) {
+    if (msg.type === 'progress') {
+      this.progressCb?.(msg.done, msg.total)
+      return
+    }
+    const p = this.pending.get(msg.id)
+    if (!p) return
+    this.pending.delete(msg.id)
+    if (msg.type === 'error') {
+      p.reject(new Error(msg.message))
+    } else {
+      p.resolve(msg)
+    }
+  }
+
+  private send(msg: Record<string, any>, transfer?: Transferable[]): Promise<any> {
+    const id = this.nextId++
+    return new Promise((resolve, reject) => {
+      this.pending.set(id, {resolve, reject})
+      this.worker.postMessage({...msg, id}, transfer ?? [])
+    })
+  }
+
+  private toTransferable(data: Uint8Array): ArrayBuffer {
+    if (data.byteOffset !== 0 || data.byteLength !== data.buffer.byteLength) {
+      return data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength) as ArrayBuffer
+    }
+    return data.buffer as ArrayBuffer
+  }
+
+  async encrypt(data: Uint8Array, fileName: string,
+                onProgress?: (done: number, total: number) => void): Promise<EncryptResult> {
+    this.progressCb = onProgress ?? null
+    const buf = this.toTransferable(data)
+    const resp = await this.send({type: 'encrypt', data: buf, fileName}, [buf])
+    this.progressCb = null
+    return {digest: resp.digest, key: resp.key, nonce: resp.nonce, chunkSizes: resp.chunkSizes}
+  }
+
+  async readChunk(offset: number, size: number): Promise<Uint8Array> {
+    const resp = await this.send({type: 'readChunk', offset, size})
+    return new Uint8Array(resp.data)
+  }
+
+  async decryptAndStoreChunk(
+    dhSecret: Uint8Array, nonce: Uint8Array,
+    body: Uint8Array, digest: Uint8Array, chunkNo: number
+  ): Promise<void> {
+    // Copy arrays to ensure clean ArrayBuffer separation before worker transfer
+    // nonce/dhSecret may be subarrays sharing buffer with body
+    const dhSecretCopy = new Uint8Array(dhSecret)
+    const nonceCopy = new Uint8Array(nonce)
+    const digestCopy = new Uint8Array(digest)
+    const buf = this.toTransferable(body)
+    const hex = (b: Uint8Array | ArrayBuffer, n = 8) => {
+      const u = b instanceof ArrayBuffer ? new Uint8Array(b) : b
+      return Array.from(u.slice(0, n)).map(x => x.toString(16).padStart(2, '0')).join('')
+    }
+    console.log(`[BACKEND-DBG] chunk=${chunkNo} body.len=${body.length} body.byteOff=${body.byteOffset} buf.byteLen=${buf.byteLength} nonce=${hex(nonceCopy, 24)} dhSecret=${hex(dhSecretCopy)} digest=${hex(digestCopy, 32)} buf[0..8]=${hex(buf)} body[-8..]=${hex(body.slice(-8))}`)
+    await this.send(
+      {type: 'decryptAndStoreChunk', dhSecret: dhSecretCopy, nonce: nonceCopy, body: buf, chunkDigest: digestCopy, chunkNo},
+      [buf]
+    )
+  }
+
+  async verifyAndDecrypt(params: {size: number, digest: Uint8Array, key: Uint8Array, nonce: Uint8Array}
+  ): Promise<{header: FileHeader, content: Uint8Array}> {
+    const resp = await this.send({
+      type: 'verifyAndDecrypt',
+      size: params.size, digest: params.digest, key: params.key, nonce: params.nonce
+    })
+    return {header: resp.header, content: new Uint8Array(resp.content)}
+  }
+
+  async cleanup(): Promise<void> {
+    await this.send({type: 'cleanup'})
+    this.worker.terminate()
+  }
+}
+
+export function createCryptoBackend(): CryptoBackend {
+  if (typeof Worker === 'undefined') {
+    throw new Error('Web Workers required — update your browser')
+  }
+  return new WorkerBackend()
+}