npm - @snaha/swarm-id - Versions diffs - 0.0.1 - Mend

@snaha/swarm-id 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/README.md +431 -0
package/dist/chunk/bmt.d.ts +17 -0
package/dist/chunk/bmt.d.ts.map +1 -0
package/dist/chunk/cac.d.ts +18 -0
package/dist/chunk/cac.d.ts.map +1 -0
package/dist/chunk/constants.d.ts +10 -0
package/dist/chunk/constants.d.ts.map +1 -0
package/dist/chunk/encrypted-cac.d.ts +48 -0
package/dist/chunk/encrypted-cac.d.ts.map +1 -0
package/dist/chunk/encryption.d.ts +86 -0
package/dist/chunk/encryption.d.ts.map +1 -0
package/dist/chunk/index.d.ts +6 -0
package/dist/chunk/index.d.ts.map +1 -0
package/dist/index.d.ts +46 -0
package/dist/index.d.ts.map +1 -0
package/dist/proxy/act/act.d.ts +78 -0
package/dist/proxy/act/act.d.ts.map +1 -0
package/dist/proxy/act/crypto.d.ts +44 -0
package/dist/proxy/act/crypto.d.ts.map +1 -0
package/dist/proxy/act/grantee-list.d.ts +82 -0
package/dist/proxy/act/grantee-list.d.ts.map +1 -0
package/dist/proxy/act/history.d.ts +183 -0
package/dist/proxy/act/history.d.ts.map +1 -0
package/dist/proxy/act/index.d.ts +104 -0
package/dist/proxy/act/index.d.ts.map +1 -0
package/dist/proxy/chunking-encrypted.d.ts +14 -0
package/dist/proxy/chunking-encrypted.d.ts.map +1 -0
package/dist/proxy/chunking.d.ts +15 -0
package/dist/proxy/chunking.d.ts.map +1 -0
package/dist/proxy/download-data.d.ts +16 -0
package/dist/proxy/download-data.d.ts.map +1 -0
package/dist/proxy/feed-manifest.d.ts +62 -0
package/dist/proxy/feed-manifest.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/async-finder.d.ts +77 -0
package/dist/proxy/feeds/epochs/async-finder.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/epoch.d.ts +88 -0
package/dist/proxy/feeds/epochs/epoch.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/finder.d.ts +67 -0
package/dist/proxy/feeds/epochs/finder.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/index.d.ts +35 -0
package/dist/proxy/feeds/epochs/index.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/test-utils.d.ts +93 -0
package/dist/proxy/feeds/epochs/test-utils.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/types.d.ts +109 -0
package/dist/proxy/feeds/epochs/types.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/updater.d.ts +68 -0
package/dist/proxy/feeds/epochs/updater.d.ts.map +1 -0
package/dist/proxy/feeds/epochs/utils.d.ts +22 -0
package/dist/proxy/feeds/epochs/utils.d.ts.map +1 -0
package/dist/proxy/feeds/index.d.ts +5 -0
package/dist/proxy/feeds/index.d.ts.map +1 -0
package/dist/proxy/feeds/sequence/async-finder.d.ts +14 -0
package/dist/proxy/feeds/sequence/async-finder.d.ts.map +1 -0
package/dist/proxy/feeds/sequence/finder.d.ts +17 -0
package/dist/proxy/feeds/sequence/finder.d.ts.map +1 -0
package/dist/proxy/feeds/sequence/index.d.ts +23 -0
package/dist/proxy/feeds/sequence/index.d.ts.map +1 -0
package/dist/proxy/feeds/sequence/types.d.ts +80 -0
package/dist/proxy/feeds/sequence/types.d.ts.map +1 -0
package/dist/proxy/feeds/sequence/updater.d.ts +26 -0
package/dist/proxy/feeds/sequence/updater.d.ts.map +1 -0
package/dist/proxy/index.d.ts +6 -0
package/dist/proxy/index.d.ts.map +1 -0
package/dist/proxy/manifest-builder.d.ts +183 -0
package/dist/proxy/manifest-builder.d.ts.map +1 -0
package/dist/proxy/mantaray-encrypted.d.ts +27 -0
package/dist/proxy/mantaray-encrypted.d.ts.map +1 -0
package/dist/proxy/mantaray.d.ts +26 -0
package/dist/proxy/mantaray.d.ts.map +1 -0
package/dist/proxy/types.d.ts +29 -0
package/dist/proxy/types.d.ts.map +1 -0
package/dist/proxy/upload-data.d.ts +17 -0
package/dist/proxy/upload-data.d.ts.map +1 -0
package/dist/proxy/upload-encrypted-data.d.ts +103 -0
package/dist/proxy/upload-encrypted-data.d.ts.map +1 -0
package/dist/schemas.d.ts +240 -0
package/dist/schemas.d.ts.map +1 -0
package/dist/storage/debounced-uploader.d.ts +62 -0
package/dist/storage/debounced-uploader.d.ts.map +1 -0
package/dist/storage/utilization-store.d.ts +108 -0
package/dist/storage/utilization-store.d.ts.map +1 -0
package/dist/swarm-id-auth.d.ts +74 -0
package/dist/swarm-id-auth.d.ts.map +1 -0
package/dist/swarm-id-auth.js +2 -0
package/dist/swarm-id-auth.js.map +1 -0
package/dist/swarm-id-client.d.ts +878 -0
package/dist/swarm-id-client.d.ts.map +1 -0
package/dist/swarm-id-client.js +2 -0
package/dist/swarm-id-client.js.map +1 -0
package/dist/swarm-id-proxy.d.ts +236 -0
package/dist/swarm-id-proxy.d.ts.map +1 -0
package/dist/swarm-id-proxy.js +2 -0
package/dist/swarm-id-proxy.js.map +1 -0
package/dist/swarm-id.esm.js +2 -0
package/dist/swarm-id.esm.js.map +1 -0
package/dist/swarm-id.umd.js +2 -0
package/dist/swarm-id.umd.js.map +1 -0
package/dist/sync/index.d.ts +9 -0
package/dist/sync/index.d.ts.map +1 -0
package/dist/sync/key-derivation.d.ts +25 -0
package/dist/sync/key-derivation.d.ts.map +1 -0
package/dist/sync/restore-account.d.ts +28 -0
package/dist/sync/restore-account.d.ts.map +1 -0
package/dist/sync/serialization.d.ts +16 -0
package/dist/sync/serialization.d.ts.map +1 -0
package/dist/sync/store-interfaces.d.ts +53 -0
package/dist/sync/store-interfaces.d.ts.map +1 -0
package/dist/sync/sync-account.d.ts +44 -0
package/dist/sync/sync-account.d.ts.map +1 -0
package/dist/sync/types.d.ts +13 -0
package/dist/sync/types.d.ts.map +1 -0
package/dist/test-fixtures.d.ts +17 -0
package/dist/test-fixtures.d.ts.map +1 -0
package/dist/types-BD_VkNn0.js +2 -0
package/dist/types-BD_VkNn0.js.map +1 -0
package/dist/types-lJCaT-50.js +2 -0
package/dist/types-lJCaT-50.js.map +1 -0
package/dist/types.d.ts +2157 -0
package/dist/types.d.ts.map +1 -0
package/dist/utils/account-payload.d.ts +94 -0
package/dist/utils/account-payload.d.ts.map +1 -0
package/dist/utils/account-state-snapshot.d.ts +38 -0
package/dist/utils/account-state-snapshot.d.ts.map +1 -0
package/dist/utils/backup-encryption.d.ts +127 -0
package/dist/utils/backup-encryption.d.ts.map +1 -0
package/dist/utils/batch-utilization.d.ts +432 -0
package/dist/utils/batch-utilization.d.ts.map +1 -0
package/dist/utils/constants.d.ts +11 -0
package/dist/utils/constants.d.ts.map +1 -0
package/dist/utils/hex.d.ts +17 -0
package/dist/utils/hex.d.ts.map +1 -0
package/dist/utils/key-derivation.d.ts +92 -0
package/dist/utils/key-derivation.d.ts.map +1 -0
package/dist/utils/storage-managers.d.ts +65 -0
package/dist/utils/storage-managers.d.ts.map +1 -0
package/dist/utils/swarm-id-export.d.ts +24 -0
package/dist/utils/swarm-id-export.d.ts.map +1 -0
package/dist/utils/ttl.d.ts +49 -0
package/dist/utils/ttl.d.ts.map +1 -0
package/dist/utils/url.d.ts +41 -0
package/dist/utils/url.d.ts.map +1 -0
package/dist/utils/versioned-storage.d.ts +131 -0
package/dist/utils/versioned-storage.d.ts.map +1 -0
package/package.json +78 -0
package/src/chunk/bmt.test.ts +217 -0
package/src/chunk/bmt.ts +57 -0
package/src/chunk/cac.test.ts +214 -0
package/src/chunk/cac.ts +65 -0
package/src/chunk/constants.ts +18 -0
package/src/chunk/encrypted-cac.test.ts +385 -0
package/src/chunk/encrypted-cac.ts +131 -0
package/src/chunk/encryption.test.ts +352 -0
package/src/chunk/encryption.ts +300 -0
package/src/chunk/index.ts +47 -0
package/src/index.ts +430 -0
package/src/proxy/act/act.test.ts +278 -0
package/src/proxy/act/act.ts +158 -0
package/src/proxy/act/bee-compat.test.ts +948 -0
package/src/proxy/act/crypto.test.ts +436 -0
package/src/proxy/act/crypto.ts +376 -0
package/src/proxy/act/grantee-list.test.ts +393 -0
package/src/proxy/act/grantee-list.ts +239 -0
package/src/proxy/act/history.test.ts +360 -0
package/src/proxy/act/history.ts +413 -0
package/src/proxy/act/index.test.ts +748 -0
package/src/proxy/act/index.ts +853 -0
package/src/proxy/chunking-encrypted.ts +95 -0
package/src/proxy/chunking.ts +65 -0
package/src/proxy/download-data.ts +448 -0
package/src/proxy/feed-manifest.ts +174 -0
package/src/proxy/feeds/epochs/async-finder.ts +372 -0
package/src/proxy/feeds/epochs/epoch.test.ts +249 -0
package/src/proxy/feeds/epochs/epoch.ts +181 -0
package/src/proxy/feeds/epochs/finder.ts +282 -0
package/src/proxy/feeds/epochs/index.ts +73 -0
package/src/proxy/feeds/epochs/integration.test.ts +1336 -0
package/src/proxy/feeds/epochs/test-utils.ts +274 -0
package/src/proxy/feeds/epochs/types.ts +128 -0
package/src/proxy/feeds/epochs/updater.ts +192 -0
package/src/proxy/feeds/epochs/utils.ts +62 -0
package/src/proxy/feeds/index.ts +5 -0
package/src/proxy/feeds/sequence/async-finder.ts +31 -0
package/src/proxy/feeds/sequence/finder.ts +73 -0
package/src/proxy/feeds/sequence/index.ts +54 -0
package/src/proxy/feeds/sequence/integration.test.ts +966 -0
package/src/proxy/feeds/sequence/types.ts +103 -0
package/src/proxy/feeds/sequence/updater.ts +71 -0
package/src/proxy/index.ts +5 -0
package/src/proxy/manifest-builder.test.ts +427 -0
package/src/proxy/manifest-builder.ts +679 -0
package/src/proxy/mantaray-encrypted.ts +78 -0
package/src/proxy/mantaray.ts +104 -0
package/src/proxy/types.ts +32 -0
package/src/proxy/upload-data.ts +189 -0
package/src/proxy/upload-encrypted-data.ts +658 -0
package/src/schemas.ts +299 -0
package/src/storage/debounced-uploader.ts +192 -0
package/src/storage/utilization-store.ts +397 -0
package/src/swarm-id-client.test.ts +99 -0
package/src/swarm-id-client.ts +3095 -0
package/src/swarm-id-proxy.ts +3891 -0
package/src/sync/index.ts +28 -0
package/src/sync/restore-account.ts +90 -0
package/src/sync/serialization.ts +39 -0
package/src/sync/store-interfaces.ts +62 -0
package/src/sync/sync-account.test.ts +302 -0
package/src/sync/sync-account.ts +396 -0
package/src/sync/types.ts +11 -0
package/src/test-fixtures.ts +109 -0
package/src/types.ts +1651 -0
package/src/utils/account-state-snapshot.test.ts +595 -0
package/src/utils/account-state-snapshot.ts +94 -0
package/src/utils/backup-encryption.test.ts +442 -0
package/src/utils/backup-encryption.ts +352 -0
package/src/utils/batch-utilization.ts +1309 -0
package/src/utils/constants.ts +20 -0
package/src/utils/hex.ts +27 -0
package/src/utils/key-derivation.ts +197 -0
package/src/utils/storage-managers.ts +365 -0
package/src/utils/ttl.ts +129 -0
package/src/utils/url.test.ts +136 -0
package/src/utils/url.ts +71 -0
package/src/utils/versioned-storage.ts +323 -0

package/src/utils/constants.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Time and Session Constants
+ *
+ * Centralized constants for time units and default session durations.
+ */
+// ============================================================================
+// Time Units (in milliseconds)
+// ============================================================================
+export const SECOND = 1_000
+export const MINUTE = 60 * SECOND
+export const HOUR = 60 * MINUTE
+export const DAY = 24 * HOUR
+// ============================================================================
+// Session Defaults
+// ============================================================================
+export const DEFAULT_SESSION_DURATION = 30 * DAY

package/src/utils/hex.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Hex utilities
+ *
+ * Re-exports hex conversion functions from key-derivation
+ */
+import type { Address } from "../schemas"
+export { hexToUint8Array, uint8ArrayToHex } from "./key-derivation"
+/**
+ * Create a validated hex address string (40 lowercase hex chars).
+ * Accepts optional 0x prefix and any case.
+ *
+ * @param input - Ethereum address string (with or without 0x prefix)
+ * @returns Normalized 40-character lowercase hex string
+ * @throws {Error} If the input is not a valid 40-char hex address
+ */
+export function hexAddress(input: string): Address {
+  const clean = input.replace(/^0x/i, "").toLowerCase()
+  if (!/^[0-9a-f]{40}$/.test(clean)) {
+    throw new Error(
+      `Invalid hex address: expected 40 hex characters (with optional 0x prefix), got "${input}"`,
+    )
+  }
+  return clean
+}

package/src/utils/key-derivation.ts ADDED Viewed

@@ -0,0 +1,197 @@
+/**
+ * Swarm Identity - Key Derivation Utilities
+ *
+ * Provides cryptographic functions for deriving app-specific secrets
+ * from a master identity key.
+ */
+import { PrivateKey } from "@ethersphere/bee-js"
+/**
+ * Derive an app-specific secret from a master key and app origin
+ *
+ * Uses HMAC-SHA256 to create a deterministic, unique secret for each app.
+ * The same master key + app origin will always produce the same secret.
+ *
+ * @param masterKey - The master identity key (hex string)
+ * @param appOrigin - The app's origin (e.g., "https://swarm-app.local:8080")
+ * @returns The derived secret as a hex string
+ */
+export async function deriveSecret(
+  masterKey: string,
+  appOrigin: string,
+): Promise<string> {
+  const encoder = new TextEncoder()
+  // Convert master key from hex string to Uint8Array
+  const keyData = hexToUint8Array(masterKey)
+  const message = encoder.encode(appOrigin)
+  // Import the master key for HMAC
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    keyData,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
+  )
+  // Sign the app origin with the master key
+  const signature = await crypto.subtle.sign("HMAC", cryptoKey, message)
+  // Convert to hex string
+  const secretHex = uint8ArrayToHex(new Uint8Array(signature))
+  return secretHex
+}
+/**
+ * Generate a random master key for testing/demo purposes
+ *
+ * In production, this would be derived from a user's mnemonic or
+ * imported from an existing identity.
+ *
+ * @returns A random 32-byte key as a hex string
+ */
+export async function generateMasterKey(): Promise<string> {
+  const randomBytes = new Uint8Array(32)
+  crypto.getRandomValues(randomBytes)
+  const masterKey = uint8ArrayToHex(randomBytes)
+  return masterKey
+}
+/**
+ * Convert a hex string to Uint8Array
+ *
+ * @param hexString - Hex string (e.g., "deadbeef")
+ * @returns Uint8Array
+ */
+export function hexToUint8Array(hexString: string): Uint8Array {
+  // Remove any whitespace and ensure even length
+  const hex = hexString.replace(/\s/g, "")
+  if (hex.length % 2 !== 0) {
+    throw new Error("Invalid hex string: length must be even")
+  }
+  const bytes = new Uint8Array(hex.length / 2)
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16)
+  }
+  return bytes
+}
+/**
+ * Convert a Uint8Array to hex string
+ *
+ * @param bytes - Uint8Array to convert
+ * @returns Hex string (e.g., "deadbeef")
+ */
+export function uint8ArrayToHex(bytes: Uint8Array): string {
+  return Array.from(bytes)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("")
+}
+/**
+ * Verify that a derived secret matches the expected value
+ *
+ * Useful for testing.
+ *
+ * @param masterKey - Master key hex string
+ * @param appOrigin - App origin
+ * @param expectedSecret - Expected secret hex string
+ * @returns true if the derived secret matches the expected secret
+ */
+export async function verifySecret(
+  masterKey: string,
+  appOrigin: string,
+  expectedSecret: string,
+): Promise<boolean> {
+  const derived = await deriveSecret(masterKey, appOrigin)
+  return derived === expectedSecret
+}
+/**
+ * Derive an identity-specific master key from account master key and identity ID
+ *
+ * Uses HMAC-SHA256 to create a deterministic, unique key for each identity.
+ * This enables hierarchical key derivation: Account → Identity → App.
+ * The same account master key + identity ID will always produce the same identity key.
+ *
+ * @param accountMasterKey - The account's master key (hex string)
+ * @param identityId - The identity's unique identifier
+ * @returns The derived identity master key as a hex string
+ */
+export async function deriveIdentityKey(
+  accountMasterKey: string,
+  identityId: string,
+): Promise<string> {
+  const encoder = new TextEncoder()
+  // Convert account master key to Uint8Array
+  const keyData = hexToUint8Array(accountMasterKey)
+  const message = encoder.encode(identityId)
+  // Import the account master key for HMAC
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    keyData,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
+  )
+  // Sign the identity ID with the account master key
+  const signature = await crypto.subtle.sign("HMAC", cryptoKey, message)
+  // Convert to hex string
+  const identityKeyHex = uint8ArrayToHex(new Uint8Array(signature))
+  return identityKeyHex
+}
+/**
+ * Derive account backup key from account master key
+ *
+ * Used for signing account feed updates
+ *
+ * @param accountMasterKey - Account master key (hex string)
+ * @param accountId - Account ID (EthAddress hex string)
+ * @returns 32-byte account backup key (as hex string)
+ */
+export async function deriveAccountBackupKey(
+  accountMasterKey: string,
+  accountId: string,
+): Promise<string> {
+  return deriveSecret(accountMasterKey, `account:${accountId}`)
+}
+/**
+ * Derive account Swarm encryption key from account master key
+ *
+ * Used for encrypting account snapshot data before upload to Swarm
+ *
+ * @param accountMasterKey - Account master key (hex string)
+ * @returns 32-byte encryption key (as hex string)
+ */
+export async function deriveAccountSwarmEncryptionKey(
+  accountMasterKey: string,
+): Promise<string> {
+  return deriveSecret(accountMasterKey, `swarm-encryption`)
+}
+/**
+ * Convert backup key to PrivateKey for feed signing
+ */
+export function backupKeyToPrivateKey(backupKeyHex: string): PrivateKey {
+  return new PrivateKey(backupKeyHex)
+}
+// Export utility functions for testing
+export const utils = {
+  hexToUint8Array,
+  uint8ArrayToHex,
+}

package/src/utils/storage-managers.ts ADDED Viewed

@@ -0,0 +1,365 @@
+/**
+ * Pre-configured Storage Managers for Entity Types
+ *
+ * Provides ready-to-use storage managers for accounts, identities,
+ * connected apps, and postage stamps with versioning support.
+ */
+import { z } from "zod"
+import {
+  VersionedStorageManager,
+  createLocalStorageManager,
+  type VersionParser,
+} from "./versioned-storage"
+import type { Account, Identity, ConnectedApp, PostageStamp } from "../types"
+import {
+  STORAGE_KEY_ACCOUNTS,
+  STORAGE_KEY_IDENTITIES,
+  STORAGE_KEY_CONNECTED_APPS,
+  STORAGE_KEY_POSTAGE_STAMPS,
+  STORAGE_KEY_NETWORK_SETTINGS,
+} from "../types"
+import {
+  AccountSchemaV1,
+  IdentitySchemaV1,
+  ConnectedAppSchemaV1,
+  PostageStampSchemaV1,
+  NetworkSettingsSchemaV1,
+  type NetworkSettings,
+} from "../schemas"
+// ============================================================================
+// Parsers (Zod transforms handle primitive → bee-js conversion)
+// ============================================================================
+/**
+ * Parse accounts - Zod transforms handle type conversion
+ */
+const parseAccountsV1: VersionParser<Account> = (data: unknown) => {
+  const result = z.array(AccountSchemaV1).safeParse(data)
+  if (!result.success) {
+    console.error("Parse failed:", result.error.format())
+    return []
+  }
+  return result.data
+}
+/**
+ * Parse identities - Zod transforms handle type conversion
+ */
+const parseIdentitiesV1: VersionParser<Identity> = (data: unknown) => {
+  const result = z.array(IdentitySchemaV1).safeParse(data)
+  if (!result.success) {
+    console.error("Parse failed:", result.error.format())
+    return []
+  }
+  return result.data
+}
+/**
+ * Parse connected apps
+ */
+const parseConnectedAppsV1: VersionParser<ConnectedApp> = (data: unknown) => {
+  const result = z.array(ConnectedAppSchemaV1).safeParse(data)
+  if (!result.success) {
+    console.error("Parse failed:", result.error.format())
+    return []
+  }
+  return result.data
+}
+/**
+ * Parse postage stamps - Zod transforms handle type conversion
+ */
+const parsePostageStampsV1: VersionParser<PostageStamp> = (data: unknown) => {
+  const result = z.array(PostageStampSchemaV1).safeParse(data)
+  if (!result.success) {
+    console.error("Parse failed:", result.error.format())
+    return []
+  }
+  return result.data
+}
+// ============================================================================
+// Serializers
+// ============================================================================
+/**
+ * Serialize Account for storage
+ */
+export function serializeAccount(account: Account): Record<string, unknown> {
+  if (account.type === "passkey") {
+    return {
+      id: account.id.toString(),
+      name: account.name,
+      createdAt: account.createdAt,
+      type: account.type,
+      credentialId: account.credentialId,
+      swarmEncryptionKey: account.swarmEncryptionKey,
+      defaultPostageStampBatchID:
+        account.defaultPostageStampBatchID?.toString(),
+    }
+  } else if (account.type === "agent") {
+    return {
+      id: account.id.toString(),
+      name: account.name,
+      createdAt: account.createdAt,
+      type: account.type,
+      swarmEncryptionKey: account.swarmEncryptionKey,
+      defaultPostageStampBatchID:
+        account.defaultPostageStampBatchID?.toString(),
+    }
+  } else {
+    return {
+      id: account.id.toString(),
+      name: account.name,
+      createdAt: account.createdAt,
+      type: account.type,
+      ethereumAddress: account.ethereumAddress.toString(),
+      encryptedMasterKey: Array.from(account.encryptedMasterKey.toUint8Array()),
+      encryptionSalt: Array.from(account.encryptionSalt.toUint8Array()),
+      encryptedSecretSeed: Array.from(
+        account.encryptedSecretSeed.toUint8Array(),
+      ),
+      swarmEncryptionKey: account.swarmEncryptionKey,
+      defaultPostageStampBatchID:
+        account.defaultPostageStampBatchID?.toString(),
+    }
+  }
+}
+/**
+ * Serialize Identity for storage
+ */
+export function serializeIdentity(identity: Identity): Record<string, unknown> {
+  return {
+    id: identity.id,
+    accountId: identity.accountId.toString(),
+    name: identity.name,
+    defaultPostageStampBatchID: identity.defaultPostageStampBatchID?.toString(),
+    createdAt: identity.createdAt,
+    settings: identity.settings,
+  }
+}
+/**
+ * Serialize ConnectedApp for storage
+ */
+export function serializeConnectedApp(
+  app: ConnectedApp,
+): Record<string, unknown> {
+  return {
+    appUrl: app.appUrl,
+    appName: app.appName,
+    lastConnectedAt: app.lastConnectedAt,
+    identityId: app.identityId,
+    appIcon: app.appIcon,
+    appDescription: app.appDescription,
+    connectedUntil: app.connectedUntil,
+    appSecret: app.appSecret,
+  }
+}
+/**
+ * Serialize PostageStamp for storage
+ */
+export function serializePostageStamp(
+  stamp: PostageStamp,
+): Record<string, unknown> {
+  return {
+    accountId: stamp.accountId,
+    batchID: stamp.batchID.toString(),
+    signerKey: stamp.signerKey.toString(),
+    utilization: stamp.utilization,
+    usable: stamp.usable,
+    depth: stamp.depth,
+    amount: stamp.amount.toString(), // Convert bigint to string for JSON
+    bucketDepth: stamp.bucketDepth,
+    blockNumber: stamp.blockNumber,
+    immutableFlag: stamp.immutableFlag,
+    exists: stamp.exists,
+    batchTTL: stamp.batchTTL,
+    createdAt: stamp.createdAt,
+  }
+}
+// ============================================================================
+// Storage Manager Factories
+// ============================================================================
+/**
+ * Create storage manager for accounts
+ */
+export function createAccountsStorageManager(): VersionedStorageManager<Account> {
+  return createLocalStorageManager<Account>({
+    key: STORAGE_KEY_ACCOUNTS,
+    currentVersion: 1,
+    parsers: {
+      1: parseAccountsV1,
+    },
+    serializer: serializeAccount,
+    loggerName: "AccountsStorage",
+  })
+}
+/**
+ * Create storage manager for identities
+ */
+export function createIdentitiesStorageManager(): VersionedStorageManager<Identity> {
+  return createLocalStorageManager<Identity>({
+    key: STORAGE_KEY_IDENTITIES,
+    currentVersion: 1,
+    parsers: {
+      1: parseIdentitiesV1,
+    },
+    serializer: serializeIdentity,
+    loggerName: "IdentitiesStorage",
+  })
+}
+/**
+ * Create storage manager for connected apps
+ */
+export function createConnectedAppsStorageManager(): VersionedStorageManager<ConnectedApp> {
+  return createLocalStorageManager<ConnectedApp>({
+    key: STORAGE_KEY_CONNECTED_APPS,
+    currentVersion: 1,
+    parsers: {
+      1: parseConnectedAppsV1,
+    },
+    serializer: serializeConnectedApp,
+    loggerName: "ConnectedAppsStorage",
+  })
+}
+/**
+ * Invalidate all connected app entries for a given app URL.
+ * Sets lastConnectedAt to 0 and connectedUntil to undefined so
+ * isConnectionValid() returns false and reconnect won't happen on refresh.
+ */
+export function disconnectApp(appUrl: string): void {
+  const manager = createConnectedAppsStorageManager()
+  const apps = manager.load()
+  const updated = apps.map((app) =>
+    app.appUrl === appUrl
+      ? { ...app, lastConnectedAt: 0, connectedUntil: undefined }
+      : app,
+  )
+  manager.save(updated)
+}
+/**
+ * Create storage manager for postage stamps
+ */
+export function createPostageStampsStorageManager(): VersionedStorageManager<PostageStamp> {
+  return createLocalStorageManager<PostageStamp>({
+    key: STORAGE_KEY_POSTAGE_STAMPS,
+    currentVersion: 1,
+    parsers: {
+      1: parsePostageStampsV1,
+    },
+    serializer: serializePostageStamp,
+    loggerName: "PostageStampsStorage",
+  })
+}
+// ============================================================================
+// Network Settings Storage (Singleton)
+// ============================================================================
+/**
+ * Parse network settings - Zod validates URL format
+ */
+function parseNetworkSettingsV1(data: unknown): NetworkSettings | undefined {
+  const result = NetworkSettingsSchemaV1.safeParse(data)
+  if (!result.success) {
+    console.error(
+      "[NetworkSettingsStorage] Parse failed:",
+      result.error.format(),
+    )
+    return undefined
+  }
+  return result.data
+}
+/**
+ * Serialize NetworkSettings for storage
+ */
+export function serializeNetworkSettings(
+  settings: NetworkSettings,
+): Record<string, unknown> {
+  return {
+    beeNodeUrl: settings.beeNodeUrl,
+    gnosisRpcUrl: settings.gnosisRpcUrl,
+  }
+}
+/**
+ * Singleton storage manager interface for network settings
+ */
+export interface NetworkSettingsStorageManager {
+  load(): NetworkSettings | undefined
+  save(settings: NetworkSettings): void
+  clear(): void
+}
+/**
+ * Create storage manager for network settings (singleton)
+ * Unlike other storage managers, this stores a single object, not an array
+ */
+export function createNetworkSettingsStorageManager(): NetworkSettingsStorageManager {
+  return {
+    load(): NetworkSettings | undefined {
+      if (typeof localStorage === "undefined") {
+        return undefined
+      }
+      const raw = localStorage.getItem(STORAGE_KEY_NETWORK_SETTINGS)
+      if (!raw) {
+        return undefined
+      }
+      try {
+        const parsed = JSON.parse(raw)
+        return parseNetworkSettingsV1(parsed)
+      } catch (e) {
+        console.error(
+          "[NetworkSettingsStorage] Failed to parse stored data:",
+          e,
+        )
+        return undefined
+      }
+    },
+    save(settings: NetworkSettings): void {
+      if (typeof localStorage === "undefined") {
+        console.warn("[NetworkSettingsStorage] localStorage not available")
+        return
+      }
+      const serialized = serializeNetworkSettings(settings)
+      localStorage.setItem(
+        STORAGE_KEY_NETWORK_SETTINGS,
+        JSON.stringify(serialized),
+      )
+    },
+    clear(): void {
+      if (typeof localStorage === "undefined") {
+        return
+      }
+      localStorage.removeItem(STORAGE_KEY_NETWORK_SETTINGS)
+    },
+  }
+}