@stvor/sdk 2.0.4 → 2.0.9

package/dist/facade/app.d.ts

@@ -1,46 +1,27 @@
-/**
- * STVOR DX Facade - Main Application Classes
- */
-import { StvorAppConfig, UserId, MessageContent } from './types';
-import { DecryptedMessage, SealedPayload } from './types';
-import { Errors, StvorError, ErrorCode } from './errors';
-export type { DecryptedMessage, SealedPayload, ErrorCode };
-export { StvorError, Errors };
-import { RelayClient } from './relay-client';
-export declare class StvorApp {
-    private relay;
-    private config;
-    private connectedClients;
-    constructor(config: Required<StvorAppConfig>);
-    isReady(): boolean;
-    connect(userId: UserId): Promise<StvorFacadeClient>;
-    disconnect(userId?: UserId): Promise<void>;
-    private initClient;
-}
+import type { StvorAppConfig, UserId, MessageContent } from './types.js';
+import { RelayClient } from './relay-client.js';
+type MessageHandler = (from: UserId, msg: string | Uint8Array) => void;
 export declare class StvorFacadeClient {
-    private userId;
-    private relay;
-    private initialized;
-    private sessionKeyPair;
-    private messageQueue;
-    private messageHandlers;
-    private isReceiving;
+    readonly userId: UserId;
+    private readonly relay;
+    private crypto;
+    private handlers;
+    private knownPubKeys;
     constructor(userId: UserId, relay: RelayClient);
+    private handleRelayMessage;
     internalInitialize(): Promise<void>;
-    private initialize;
     send(recipientId: UserId, content: MessageContent): Promise<void>;
-    receive(): Promise<DecryptedMessage>;
-    seal(data: MessageContent, recipientId: UserId): Promise<SealedPayload>;
-    open(sealed: SealedPayload): Promise<Uint8Array>;
-    onMessage(handler: (msg: DecryptedMessage) => void): () => void;
-    getUserId(): UserId;
-    disconnect(): Promise<void>;
-    private deriveSharedKey;
-    private fetchAndDecryptMessageWithTimeout;
-    private decryptMessage;
-    private startMessagePolling;
+    onMessage(handler: MessageHandler): () => void;
+}
+export declare class StvorApp {
+    private readonly config;
+    private clients;
+    constructor(config: StvorAppConfig);
+    connect(userId: UserId): Promise<StvorFacadeClient>;
+    disconnect(userId?: UserId): Promise<void>;
 }
 export declare function init(config: StvorAppConfig): Promise<StvorApp>;
 export declare const Stvor: {
     init: typeof init;
 };
+export {};

package/dist/facade/app.js

@@ -1,247 +1,88 @@
-/**
- * STVOR DX Facade - Main Application Classes
- */
-import { Errors, StvorError } from './errors';
-export { StvorError, Errors };
-import { RelayClient } from './relay-client';
-export class StvorApp {
-    constructor(config) {
-        this.connectedClients = new Map();
-        this.config = config;
-        this.relay = new RelayClient(config.relayUrl, config.appToken, config.timeout);
-    }
-    isReady() {
-        return this.relay.isConnected();
-    }
-    async connect(userId) {
-        const existingClient = this.connectedClients.get(userId);
-        if (existingClient) {
-            console.warn(`[STVOR] Warning: User "${userId}" is already connected. Returning cached client.`);
-            return existingClient;
-        }
-        const client = new StvorFacadeClient(userId, this.relay);
-        await this.initClient(client);
-        this.connectedClients.set(userId, client);
-        return client;
-    }
-    async disconnect(userId) {
-        if (userId) {
-            const client = this.connectedClients.get(userId);
-            if (client) {
-                await client.disconnect();
-                this.connectedClients.delete(userId);
-            }
-        }
-        else {
-            for (const client of this.connectedClients.values()) {
-                await client.disconnect();
-            }
-            this.connectedClients.clear();
-            this.relay.disconnect();
-        }
-    }
-    async initClient(client) {
-        await client.internalInitialize();
-    }
-}
+import { Errors, StvorError } from './errors.js';
+import { RelayClient } from './relay-client.js';
+import { CryptoSession } from './crypto.js';
 export class StvorFacadeClient {
     constructor(userId, relay) {
-        this.initialized = false;
-        this.sessionKeyPair = null;
-        this.messageQueue = [];
-        this.messageHandlers = new Map();
-        this.isReceiving = false;
         this.userId = userId;
         this.relay = relay;
-    }
-    async internalInitialize() {
-        await this.initialize();
-    }
-    async initialize() {
-        if (this.initialized)
+        this.handlers = [];
+        this.knownPubKeys = new Map();
+        this.crypto = new CryptoSession();
+        // listen relay messages
+        this.relay.onMessage((m) => this.handleRelayMessage(m));
+        // announce our public key
+        this.relay.send({ type: 'announce', user: this.userId, pub: this.crypto.exportPublic() });
+    }
+    async handleRelayMessage(m) {
+        if (!m || typeof m !== 'object')
+            return;
+        if (m.type === 'announce' && m.user && m.pub) {
+            this.knownPubKeys.set(m.user, m.pub);
             return;
-        this.sessionKeyPair = await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: 'X25519' }, true, ['deriveKey', 'deriveBits']);
-        const publicKeyJwk = await crypto.subtle.exportKey('jwk', this.sessionKeyPair.publicKey);
-        await this.relay.register(this.userId, publicKeyJwk);
-        this.initialized = true;
-        this.startMessagePolling();
-    }
-    async send(recipientId, content) {
-        if (!this.initialized) {
-            throw Errors.clientNotReady();
-        }
-        const contentBytes = typeof content === 'string'
-            ? new TextEncoder().encode(content)
-            : content;
-        const recipientKey = await this.relay.getPublicKey(recipientId);
-        if (!recipientKey) {
-            throw Errors.recipientNotFound(recipientId);
-        }
-        const sharedKey = await this.deriveSharedKey(recipientKey);
-        const iv = crypto.getRandomValues(new Uint8Array(12));
-        const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, contentBytes.buffer);
-        await this.relay.send({
-            to: recipientId,
-            from: this.userId,
-            ciphertext: new Uint8Array(encrypted),
-            nonce: iv,
-        });
-    }
-    async receive() {
-        if (!this.initialized) {
-            throw Errors.clientNotReady();
-        }
-        if (this.isReceiving) {
-            throw Errors.receiveInProgress();
-        }
-        if (this.messageQueue.length > 0) {
-            return this.messageQueue.shift();
-        }
-        this.isReceiving = true;
-        try {
-            return await this.fetchAndDecryptMessageWithTimeout(30000);
         }
-        finally {
-            this.isReceiving = false;
+        if (m.type === 'message' && m.to === this.userId && m.payload) {
+            const payload = m.payload;
+            const sender = m.from;
+            try {
+                const plain = this.crypto.decrypt(payload, payload.senderPub);
+                const text = new TextDecoder().decode(plain);
+                for (const h of this.handlers)
+                    h(sender, text);
+            }
+            catch (e) {
+                // ignore decryption errors
+            }
         }
     }
-    async seal(data, recipientId) {
-        if (!this.initialized) {
-            throw Errors.clientNotReady();
-        }
-        const contentBytes = typeof data === 'string'
-            ? new TextEncoder().encode(data)
-            : data;
-        const recipientKey = await this.relay.getPublicKey(recipientId);
-        if (!recipientKey) {
-            throw Errors.recipientNotFound(recipientId);
-        }
-        const sharedKey = await this.deriveSharedKey(recipientKey);
-        const iv = crypto.getRandomValues(new Uint8Array(12));
-        const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, contentBytes.buffer);
-        return {
-            ciphertext: new Uint8Array(encrypted),
-            nonce: iv,
-            recipientId,
-        };
+    async internalInitialize() {
+        // nothing for now; announce already sent in constructor
     }
-    async open(sealed) {
-        if (!this.initialized) {
-            throw Errors.clientNotReady();
-        }
-        const senderKey = await this.relay.getPublicKey(sealed.recipientId);
-        if (!senderKey) {
-            throw Errors.recipientNotFound(sealed.recipientId);
+    async send(recipientId, content) {
+        const recipientPub = this.knownPubKeys.get(recipientId);
+        if (!recipientPub) {
+            throw new StvorError(Errors.RECIPIENT_NOT_FOUND, 'Recipient public key unknown');
         }
-        const sharedKey = await this.deriveSharedKey(senderKey);
-        const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: sealed.nonce }, sharedKey, sealed.ciphertext.buffer);
-        return new Uint8Array(decrypted);
+        const plain = typeof content === 'string' ? new TextEncoder().encode(content) : content;
+        const payload = this.crypto.encrypt(plain, recipientPub);
+        const msg = { type: 'message', to: recipientId, from: this.userId, payload };
+        this.relay.send(msg);
     }
     onMessage(handler) {
-        const id = crypto.randomUUID();
-        this.messageHandlers.set(id, handler);
+        this.handlers.push(handler);
         return () => {
-            this.messageHandlers.delete(id);
+            const i = this.handlers.indexOf(handler);
+            if (i >= 0)
+                this.handlers.splice(i, 1);
         };
     }
-    getUserId() {
-        return this.userId;
-    }
-    async disconnect() {
-        this.messageHandlers.clear();
-        this.initialized = false;
-        this.sessionKeyPair = null;
-        this.messageQueue = [];
-        this.isReceiving = false;
-    }
-    async deriveSharedKey(peerPublicKey) {
-        return await crypto.subtle.deriveKey({ name: 'ECDH', public: peerPublicKey }, this.sessionKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+}
+export class StvorApp {
+    constructor(config) {
+        this.config = config;
+        this.clients = new Map();
     }
-    async fetchAndDecryptMessageWithTimeout(timeoutMs) {
-        const pollInterval = 1000;
-        let waited = 0;
-        while (waited < timeoutMs) {
-            try {
-                const messages = await this.relay.fetchMessages(this.userId);
-                if (messages.length > 0) {
-                    return await this.decryptMessage(messages[0]);
-                }
-            }
-            catch {
-                // Silent error on poll
-            }
-            waited += pollInterval;
-            await new Promise(resolve => setTimeout(resolve, pollInterval));
-        }
-        throw Errors.receiveTimeout();
+    async connect(userId) {
+        const existing = this.clients.get(userId);
+        if (existing)
+            return existing;
+        const relay = new RelayClient(this.config.relayUrl ?? 'wss://stvor.xyz/relay', this.config.appToken, this.config.timeout ?? 10000);
+        const client = new StvorFacadeClient(userId, relay);
+        await client.internalInitialize();
+        this.clients.set(userId, client);
+        return client;
     }
-    async decryptMessage(msg) {
-        const senderKey = await this.relay.getPublicKey(msg.from);
-        if (!senderKey) {
-            throw Errors.recipientNotFound(msg.from);
-        }
-        const sharedKey = await this.deriveSharedKey(senderKey);
-        try {
-            const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: new Uint8Array(msg.nonce) }, sharedKey, new Uint8Array(msg.ciphertext).buffer);
-            return {
-                id: msg.id || crypto.randomUUID(),
-                senderId: msg.from,
-                content: new TextDecoder().decode(decrypted),
-                timestamp: new Date(msg.timestamp),
-            };
-        }
-        catch {
-            throw Errors.messageIntegrityFailed();
+    async disconnect(userId) {
+        if (userId) {
+            this.clients.delete(userId);
+            return;
         }
-    }
-    startMessagePolling() {
-        const poll = async () => {
-            try {
-                const messages = await this.relay.fetchMessages(this.userId);
-                if (messages.length > 0) {
-                    const msg = await this.decryptMessage(messages[0]);
-                    this.messageQueue.push(msg);
-                    for (const handler of this.messageHandlers.values()) {
-                        try {
-                            handler(msg);
-                        }
-                        catch {
-                            // Handler error does not break other handlers
-                        }
-                    }
-                }
-            }
-            catch {
-                // Silent error on poll
-            }
-            if (this.initialized) {
-                setTimeout(poll, 1000);
-            }
-        };
-        poll();
+        this.clients.clear();
     }
 }
 export async function init(config) {
-    const relayUrl = config.relayUrl || 'https://relay.stvor.io';
-    const timeout = config.timeout || 10000;
-    if (!config.appToken || !config.appToken.startsWith('stvor_')) {
-        throw Errors.invalidAppToken();
-    }
-    const appConfig = {
-        appToken: config.appToken,
-        relayUrl,
-        timeout,
-    };
-    const app = new StvorApp(appConfig);
-    try {
-        const relay = new RelayClient(relayUrl, config.appToken, timeout);
-        await relay.healthCheck();
-    }
-    catch {
-        throw Errors.relayUnavailable();
+    if (!config.appToken.startsWith('stvor_')) {
+        throw new StvorError(Errors.INVALID_APP_TOKEN, 'Invalid app token');
     }
-    return app;
+    return new StvorApp(config);
 }
-export const Stvor = {
-    init,
-};
+export const Stvor = { init };

package/dist/facade/crypto.d.ts

@@ -0,0 +1,19 @@
+import crypto from 'crypto';
+export type EncryptedMessage = {
+    version: number;
+    senderPub: string;
+    nonce: string;
+    ciphertext: string;
+    tag: string;
+};
+export declare class CryptoSession {
+    privateKey: crypto.KeyObject;
+    publicKey: crypto.KeyObject;
+    readonly publicKeyBase64: string;
+    constructor();
+    exportPublic(): string;
+    private deriveShared;
+    encrypt(plaintext: Uint8Array, remotePubBase64: string): EncryptedMessage;
+    decrypt(msg: EncryptedMessage, remotePubBase64: string): Uint8Array;
+}
+export default CryptoSession;

package/dist/facade/crypto.js

@@ -0,0 +1,46 @@
+import crypto from 'crypto';
+export class CryptoSession {
+    constructor() {
+        const { publicKey, privateKey } = crypto.generateKeyPairSync('x25519');
+        this.privateKey = privateKey;
+        this.publicKey = publicKey;
+        const spki = publicKey.export({ type: 'spki', format: 'der' });
+        this.publicKeyBase64 = spki.toString('base64');
+    }
+    exportPublic() {
+        return this.publicKeyBase64;
+    }
+    deriveShared(remotePubBase64) {
+        const remoteDer = Buffer.from(remotePubBase64, 'base64');
+        const remoteKey = crypto.createPublicKey({ key: remoteDer, type: 'spki', format: 'der' });
+        const shared = crypto.diffieHellman({ privateKey: this.privateKey, publicKey: remoteKey });
+        // HKDF-SHA256 to 32 bytes
+        const key = crypto.hkdfSync('sha256', shared, Buffer.alloc(0), Buffer.from('stvor v0.1'), 32);
+        return Buffer.from(key);
+    }
+    encrypt(plaintext, remotePubBase64) {
+        const key = this.deriveShared(remotePubBase64);
+        const nonce = crypto.randomBytes(12);
+        const cipher = crypto.createCipheriv('aes-256-gcm', key, nonce);
+        const ct = Buffer.concat([cipher.update(Buffer.from(plaintext)), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return {
+            version: 1,
+            senderPub: this.publicKeyBase64,
+            nonce: nonce.toString('base64'),
+            ciphertext: ct.toString('base64'),
+            tag: tag.toString('base64'),
+        };
+    }
+    decrypt(msg, remotePubBase64) {
+        const key = this.deriveShared(remotePubBase64);
+        const nonce = Buffer.from(msg.nonce, 'base64');
+        const ct = Buffer.from(msg.ciphertext, 'base64');
+        const tag = Buffer.from(msg.tag, 'base64');
+        const decipher = crypto.createDecipheriv('aes-256-gcm', key, nonce);
+        decipher.setAuthTag(tag);
+        const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
+        return new Uint8Array(pt);
+    }
+}
+export default CryptoSession;

package/dist/facade/errors.d.ts

@@ -1,38 +1,16 @@
-/**
- * STVOR DX Facade - Error Handling
- */
-export declare const ErrorCode: {
-    readonly AUTH_FAILED: "AUTH_FAILED";
+export declare const Errors: {
     readonly INVALID_APP_TOKEN: "INVALID_APP_TOKEN";
     readonly RELAY_UNAVAILABLE: "RELAY_UNAVAILABLE";
+    readonly DELIVERY_FAILED: "DELIVERY_FAILED";
     readonly RECIPIENT_NOT_FOUND: "RECIPIENT_NOT_FOUND";
     readonly MESSAGE_INTEGRITY_FAILED: "MESSAGE_INTEGRITY_FAILED";
-    readonly KEYSTORE_CORRUPTED: "KEYSTORE_CORRUPTED";
-    readonly DEVICE_COMPROMISED: "DEVICE_COMPROMISED";
-    readonly PROTOCOL_VERSION_MISMATCH: "PROTOCOL_VERSION_MISMATCH";
-    readonly CLIENT_NOT_READY: "CLIENT_NOT_READY";
-    readonly DELIVERY_FAILED: "DELIVERY_FAILED";
     readonly RECEIVE_TIMEOUT: "RECEIVE_TIMEOUT";
     readonly RECEIVE_IN_PROGRESS: "RECEIVE_IN_PROGRESS";
 };
-export type ErrorCode = typeof ErrorCode[keyof typeof ErrorCode];
+export type ErrorCode = (typeof Errors)[keyof typeof Errors];
 export declare class StvorError extends Error {
-    code: string;
-    action?: string;
-    retryable?: boolean;
-    constructor(code: string, message: string, action?: string, retryable?: boolean);
+    code: ErrorCode;
+    action?: string | undefined;
+    retryable?: boolean | undefined;
+    constructor(code: ErrorCode, message: string, action?: string | undefined, retryable?: boolean | undefined);
 }
-export declare const Errors: {
-    authFailed(): StvorError;
-    invalidAppToken(): StvorError;
-    relayUnavailable(): StvorError;
-    recipientNotFound(userId: string): StvorError;
-    messageIntegrityFailed(): StvorError;
-    keystoreCorrupted(): StvorError;
-    deviceCompromised(): StvorError;
-    protocolMismatch(): StvorError;
-    clientNotReady(): StvorError;
-    deliveryFailed(recipientId: string): StvorError;
-    receiveTimeout(): StvorError;
-    receiveInProgress(): StvorError;
-};

package/dist/facade/errors.js

@@ -1,64 +1,17 @@
-/**
- * STVOR DX Facade - Error Handling
- */
-export const ErrorCode = {
-    AUTH_FAILED: 'AUTH_FAILED',
+export const Errors = {
     INVALID_APP_TOKEN: 'INVALID_APP_TOKEN',
     RELAY_UNAVAILABLE: 'RELAY_UNAVAILABLE',
+    DELIVERY_FAILED: 'DELIVERY_FAILED',
     RECIPIENT_NOT_FOUND: 'RECIPIENT_NOT_FOUND',
     MESSAGE_INTEGRITY_FAILED: 'MESSAGE_INTEGRITY_FAILED',
-    KEYSTORE_CORRUPTED: 'KEYSTORE_CORRUPTED',
-    DEVICE_COMPROMISED: 'DEVICE_COMPROMISED',
-    PROTOCOL_VERSION_MISMATCH: 'PROTOCOL_VERSION_MISMATCH',
-    CLIENT_NOT_READY: 'CLIENT_NOT_READY',
-    DELIVERY_FAILED: 'DELIVERY_FAILED',
     RECEIVE_TIMEOUT: 'RECEIVE_TIMEOUT',
     RECEIVE_IN_PROGRESS: 'RECEIVE_IN_PROGRESS',
 };
 export class StvorError extends Error {
     constructor(code, message, action, retryable) {
         super(message);
-        this.name = 'StvorError';
         this.code = code;
         this.action = action;
         this.retryable = retryable;
     }
 }
-export const Errors = {
-    authFailed() {
-        return new StvorError(ErrorCode.AUTH_FAILED, 'The AppToken is invalid or has been revoked.', 'Check your dashboard and regenerate a new AppToken.', false);
-    },
-    invalidAppToken() {
-        return new StvorError(ErrorCode.INVALID_APP_TOKEN, 'Invalid AppToken format. AppToken must start with "stvor_".', 'Get your AppToken from the developer dashboard.', false);
-    },
-    relayUnavailable() {
-        return new StvorError(ErrorCode.RELAY_UNAVAILABLE, 'Cannot connect to STVOR relay server.', 'Check your internet connection.', true);
-    },
-    recipientNotFound(userId) {
-        return new StvorError(ErrorCode.RECIPIENT_NOT_FOUND, `User "${userId}" not found. They may not have registered with STVOR.`, 'Ask the recipient to initialize STVOR first, or verify the userId is correct.', false);
-    },
-    messageIntegrityFailed() {
-        return new StvorError(ErrorCode.MESSAGE_INTEGRITY_FAILED, 'Message integrity check failed. The message may be corrupted or tampered with.', 'Request the message again from the sender.', false);
-    },
-    keystoreCorrupted() {
-        return new StvorError(ErrorCode.KEYSTORE_CORRUPTED, 'Local keystore is corrupted. All local keys have been wiped.', 'The user will need to re-register this device.', false);
-    },
-    deviceCompromised() {
-        return new StvorError(ErrorCode.DEVICE_COMPROMISED, 'Security violation detected. This device has been flagged.', 'Immediately log out the user and investigate.', false);
-    },
-    protocolMismatch() {
-        return new StvorError(ErrorCode.PROTOCOL_VERSION_MISMATCH, 'This app version uses an older protocol version.', 'Update the SDK to the latest version.', false);
-    },
-    clientNotReady() {
-        return new StvorError(ErrorCode.CLIENT_NOT_READY, 'Client is not ready. Call connect() first and await it.', 'Make sure to await app.connect() before sending messages.', false);
-    },
-    deliveryFailed(recipientId) {
-        return new StvorError(ErrorCode.DELIVERY_FAILED, `Failed to deliver message to ${recipientId}.`, 'Check that the recipient exists and try again.', true);
-    },
-    receiveTimeout() {
-        return new StvorError(ErrorCode.RECEIVE_TIMEOUT, 'No messages received within 30 second timeout.', 'Use onMessage() subscription for real-time updates.', true);
-    },
-    receiveInProgress() {
-        return new StvorError(ErrorCode.RECEIVE_IN_PROGRESS, 'A receive() call is already in progress.', 'Wait for the current receive() to complete before calling again.', true);
-    },
-};

package/dist/facade/index.d.ts

@@ -1,17 +1,8 @@
-/**
- * STVOR DX Facade SDK
- * High-level developer experience layer for STVOR E2E encryption
- *
- * Design goals:
- * - Minimal API surface
- * - Zero crypto knowledge required
- * - Secure by default
- * - Opinionated (no configuration)
- */
-export type { DecryptedMessage, SealedPayload } from './app';
-export type { StvorAppConfig, AppToken, UserId, MessageContent } from './types';
-export type { ErrorCode } from './errors';
-export { StvorError } from './errors';
-export { StvorApp, StvorFacadeClient } from './app';
-export { Stvor, init } from './app';
-export { ErrorCode as STVOR_ERRORS } from './errors';
+export * from './app.js';
+export * from './errors.js';
+export * from './types.js';
+export type { DecryptedMessage, SealedPayload } from './types.js';
+export type { StvorAppConfig, AppToken, UserId, MessageContent } from './types.js';
+export { StvorError } from './errors.js';
+export { StvorApp, StvorFacadeClient, Stvor, init } from './app.js';
+export { ErrorCode as STVOR_ERRORS } from './errors.js';

package/dist/facade/index.js

@@ -1,15 +1,5 @@
-/**
- * STVOR DX Facade SDK
- * High-level developer experience layer for STVOR E2E encryption
- *
- * Design goals:
- * - Minimal API surface
- * - Zero crypto knowledge required
- * - Secure by default
- * - Opinionated (no configuration)
- */
-export { StvorError } from './errors';
-// Re-export classes and functions
-export { StvorApp, StvorFacadeClient } from './app';
-export { Stvor, init } from './app';
-export { ErrorCode as STVOR_ERRORS } from './errors';
+export * from './app.js';
+export * from './errors.js';
+export * from './types.js';
+export { StvorError } from './errors.js';
+export { StvorApp, StvorFacadeClient, Stvor, init } from './app.js';

package/dist/facade/relay-client.d.ts

@@ -1,32 +1,24 @@
 /**
  * STVOR DX Facade - Relay Client
  */
-interface OutgoingMessage {
-    to: string;
-    from: string;
-    ciphertext: Uint8Array;
-    nonce: Uint8Array;
-}
-interface IncomingMessage {
-    id?: string;
-    from: string;
-    ciphertext: number[];
-    nonce: number[];
-    timestamp: string;
-}
+type JSONable = Record<string, any>;
+export type RelayHandler = (msg: JSONable) => void;
 export declare class RelayClient {
     private relayUrl;
     private timeout;
     private appToken;
+    private ws?;
     private connected;
+    private backoff;
+    private queue;
+    private handlers;
+    private reconnecting;
     constructor(relayUrl: string, appToken: string, timeout?: number);
     private getAuthHeaders;
-    healthCheck(): Promise<void>;
+    private connect;
+    private scheduleReconnect;
+    send(obj: JSONable): void;
+    onMessage(h: RelayHandler): void;
     isConnected(): boolean;
-    register(userId: string, publicKey: JsonWebKey): Promise<void>;
-    getPublicKey(userId: string): Promise<CryptoKey | null>;
-    send(message: OutgoingMessage): Promise<void>;
-    fetchMessages(userId: string): Promise<IncomingMessage[]>;
-    disconnect(): void;
 }
 export {};

package/dist/facade/relay-client.js

@@ -1,128 +1,82 @@
 /**
  * STVOR DX Facade - Relay Client
  */
-import { Errors } from './errors';
+import * as WS from 'ws';
 export class RelayClient {
     constructor(relayUrl, appToken, timeout = 10000) {
         this.connected = false;
-        this.relayUrl = relayUrl;
+        this.backoff = 1000;
+        this.queue = [];
+        this.handlers = [];
+        this.reconnecting = false;
+        this.relayUrl = relayUrl.replace(/^http/, 'ws');
         this.appToken = appToken;
         this.timeout = timeout;
+        this.connect();
     }
     getAuthHeaders() {
         return {
-            'Authorization': `Bearer ${this.appToken}`,
-            'Content-Type': 'application/json',
+            Authorization: `Bearer ${this.appToken}`,
         };
     }
-    async healthCheck() {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            const res = await fetch(`${this.relayUrl}/health`, {
-                method: 'GET',
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                throw Errors.relayUnavailable();
-            }
-        }
-        finally {
-            clearTimeout(timeoutId);
-        }
-    }
-    isConnected() {
-        return this.connected;
-    }
-    async register(userId, publicKey) {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            const res = await fetch(`${this.relayUrl}/register`, {
-                method: 'POST',
-                headers: this.getAuthHeaders(),
-                body: JSON.stringify({ user_id: userId, publicKey }),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                const error = await res.json().catch(() => ({}));
-                if (error.code === 'AUTH_FAILED') {
-                    throw Errors.authFailed();
-                }
-                throw Errors.relayUnavailable();
-            }
+    connect() {
+        if (this.ws)
+            return;
+        const WSClass = WS.default ?? WS;
+        this.ws = new WSClass(this.relayUrl, { headers: this.getAuthHeaders() });
+        this.ws.on('open', () => {
             this.connected = true;
-        }
-        finally {
-            clearTimeout(timeoutId);
-        }
-    }
-    async getPublicKey(userId) {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            const res = await fetch(`${this.relayUrl}/public-key/${userId}`, {
-                method: 'GET',
-                headers: this.getAuthHeaders(),
-                signal: controller.signal,
-            });
-            if (res.status === 404) {
-                return null;
+            this.backoff = 1000;
+            // flush queue
+            while (this.queue.length) {
+                const m = this.queue.shift();
+                this.send(m);
             }
-            if (!res.ok) {
-                throw Errors.relayUnavailable();
+        });
+        this.ws.on('message', (data) => {
+            try {
+                const json = JSON.parse(data.toString());
+                for (const h of this.handlers)
+                    h(json);
             }
-            const data = await res.json();
-            const jwk = data.publicKey;
-            return await crypto.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: 'X25519' }, false, []);
-        }
-        finally {
-            clearTimeout(timeoutId);
-        }
-    }
-    async send(message) {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            const res = await fetch(`${this.relayUrl}/message`, {
-                method: 'POST',
-                headers: this.getAuthHeaders(),
-                body: JSON.stringify({
-                    to: message.to,
-                    from: message.from,
-                    ciphertext: Array.from(message.ciphertext),
-                    nonce: Array.from(message.nonce),
-                }),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                throw Errors.deliveryFailed(message.to);
+            catch (e) {
+                // ignore
             }
-        }
-        finally {
-            clearTimeout(timeoutId);
-        }
+        });
+        this.ws.on('close', () => {
+            this.connected = false;
+            this.ws = undefined;
+            this.scheduleReconnect();
+        });
+        this.ws.on('error', () => {
+            this.connected = false;
+            this.ws = undefined;
+            this.scheduleReconnect();
+        });
     }
-    async fetchMessages(userId) {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-        try {
-            const res = await fetch(`${this.relayUrl}/messages/${userId}`, {
-                method: 'GET',
-                headers: this.getAuthHeaders(),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                throw Errors.relayUnavailable();
-            }
-            const data = await res.json();
-            return data.messages || [];
+    scheduleReconnect() {
+        if (this.reconnecting)
+            return;
+        this.reconnecting = true;
+        setTimeout(() => {
+            this.reconnecting = false;
+            this.connect();
+            this.backoff = Math.min(this.backoff * 2, 30000);
+        }, this.backoff);
+    }
+    send(obj) {
+        const data = JSON.stringify(obj);
+        if (this.connected && this.ws) {
+            this.ws.send(data);
         }
-        finally {
-            clearTimeout(timeoutId);
+        else {
+            this.queue.push(obj);
         }
     }
-    disconnect() {
-        this.connected = false;
+    onMessage(h) {
+        this.handlers.push(h);
+    }
+    isConnected() {
+        return this.connected;
     }
 }

package/dist/facade/types.d.ts

@@ -47,6 +47,4 @@ export interface SealedPayload {
     ciphertext: Uint8Array;
     /** Nonce used for encryption */
     nonce: Uint8Array;
-    /** Recipient user ID this was sealed for */
-    recipientId: UserId;
 }

package/dist/index.d.ts

@@ -1,5 +1,2 @@
-/**
- * STVOR SDK - Main exports
- */
-export * from './legacy';
-export * from './facade';
+export * from './legacy.js';
+export * from './facade/index.js';

package/dist/index.js

@@ -1,5 +1,2 @@
-/**
- * STVOR SDK - Main exports
- */
 export * from './legacy.js';
 export * from './facade/index.js';

package/dist/legacy.d.ts

@@ -1,31 +1 @@
-/**
- * STVOR SDK - Legacy Core API
- * Kept for backwards compatibility
- */
-export interface StvorConfig {
-    apiKey: string;
-    serverUrl?: string;
-}
-export interface Peer {
-    id: string;
-    publicKey: any;
-}
-export interface EncryptedMessage {
-    ciphertext: string;
-    nonce: string;
-    from: string;
-}
-export declare class StvorClient {
-    private config;
-    private myKeyPair;
-    private myId;
-    private peers;
-    constructor(config: StvorConfig);
-    ready(): Promise<void>;
-    createPeer(name: string): Promise<Peer>;
-    send({ to, message }: {
-        to: string;
-        message: string;
-    }): Promise<EncryptedMessage>;
-    receive(encrypted: EncryptedMessage): Promise<string>;
-}
+export {};

package/dist/legacy.js

@@ -1,90 +1,2 @@
-/**
- * STVOR SDK - Legacy Core API
- * Kept for backwards compatibility
- */
-export class StvorClient {
-    constructor(config) {
-        this.myKeyPair = null;
-        this.myId = '';
-        this.peers = new Map();
-        this.config = {
-            serverUrl: 'http://localhost:3001',
-            ...config,
-        };
-    }
-    async ready() {
-        if (!this.config.apiKey) {
-            throw new Error('API key is required');
-        }
-        this.myKeyPair = await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveKey', 'deriveBits']);
-        this.myId = this.config.apiKey.substring(0, 8);
-    }
-    async createPeer(name) {
-        if (!this.myKeyPair)
-            throw new Error('Call ready() first');
-        const publicKey = await crypto.subtle.exportKey('jwk', this.myKeyPair.publicKey);
-        const res = await fetch(`${this.config.serverUrl}/register`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ user_id: name, publicKey }),
-        });
-        if (!res.ok) {
-            const err = await res.json();
-            throw new Error(`Registration failed: ${JSON.stringify(err)}`);
-        }
-        return { id: name, publicKey };
-    }
-    async send({ to, message }) {
-        if (!this.myKeyPair)
-            throw new Error('Call ready() first');
-        let recipientKey = this.peers.get(to);
-        if (!recipientKey) {
-            const res = await fetch(`${this.config.serverUrl}/public-key/${to}`);
-            if (!res.ok)
-                throw new Error(`Peer ${to} not found`);
-            const { publicKey } = await res.json();
-            recipientKey = await crypto.subtle.importKey('jwk', publicKey, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
-            this.peers.set(to, recipientKey);
-        }
-        const sharedKey = await crypto.subtle.deriveKey({ name: 'ECDH', public: recipientKey }, this.myKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
-        const iv = crypto.getRandomValues(new Uint8Array(12));
-        const encoder = new TextEncoder();
-        const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, encoder.encode(message));
-        const sendRes = await fetch(`${this.config.serverUrl}/message`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                from: this.myId,
-                to,
-                ciphertext: Buffer.from(encrypted).toString('base64'),
-                nonce: Buffer.from(iv).toString('base64'),
-            }),
-        });
-        if (!sendRes.ok) {
-            throw new Error('Failed to send message');
-        }
-        return {
-            ciphertext: Buffer.from(encrypted).toString('base64'),
-            nonce: Buffer.from(iv).toString('base64'),
-            from: this.myId
-        };
-    }
-    async receive(encrypted) {
-        if (!this.myKeyPair)
-            throw new Error('Call ready() first');
-        let senderKey = this.peers.get(encrypted.from);
-        if (!senderKey) {
-            const res = await fetch(`${this.config.serverUrl}/public-key/${encrypted.from}`);
-            if (!res.ok)
-                throw new Error(`Sender ${encrypted.from} not found`);
-            const { publicKey } = await res.json();
-            senderKey = await crypto.subtle.importKey('jwk', publicKey, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
-            this.peers.set(encrypted.from, senderKey);
-        }
-        const sharedKey = await crypto.subtle.deriveKey({ name: 'ECDH', public: senderKey }, this.myKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
-        const iv = Buffer.from(encrypted.nonce, 'base64');
-        const ciphertext = Buffer.from(encrypted.ciphertext, 'base64');
-        const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, sharedKey, ciphertext);
-        return new TextDecoder().decode(decrypted);
-    }
-}
+export {};
+// ...existing code from packages/sdk/legacy.ts...

package/package.json

@@ -1,11 +1,15 @@
 {
   "name": "@stvor/sdk",
-  "version": "2.0.4",
+  "version": "2.0.9",
   "description": "STVOR DX Facade - Simple E2EE SDK for client-side encryption",
   "type": "module",
   "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "exports": {
-    ".": "./dist/index.js"
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
   },
   "files": [
     "dist"
@@ -15,18 +19,33 @@
     "encryption",
     "security",
     "cryptography",
-    "end-to-end"
+    "end-to-end",
+    "x3dh",
+    "double-ratchet",
+    "libsodium"
   ],
   "author": "Stvor",
   "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/izahii/stvor-api.git"
+  },
   "engines": {
     "node": ">=18.0.0"
   },
   "bugs": {
-    "url": "https://github.com/stvor/sdk/issues"
+    "url": "https://github.com/izahii/stvor-api/issues"
   },
   "homepage": "https://stvor.xyz",
   "scripts": {
-    "build": "tsc"
+    "build": "tsc",
+    "prepublishOnly": "npm run build",
+    "test": "echo \"No tests yet\" && exit 0"
+  },
+  "dependencies": {
+    "ws": "^8.13.0"
+  },
+  "peerDependencies": {
+    "libsodium-wrappers": "^0.7.13"
   }
 }

package/dist/example.d.ts

@@ -1,9 +0,0 @@
-/**
- * STVOR DX Facade - Quick Start Example
- *
- * Copy-paste ready example for getting started.
- *
- * IMPORTANT: This is a DX facade. The actual security guarantees
- * depend on the STVOR core implementation.
- */
-export {};

package/dist/example.js

@@ -1,57 +0,0 @@
-/**
- * STVOR DX Facade - Quick Start Example
- *
- * Copy-paste ready example for getting started.
- *
- * IMPORTANT: This is a DX facade. The actual security guarantees
- * depend on the STVOR core implementation.
- */
-import { Stvor, StvorError } from './index.js';
-/**
- * Basic messaging example with proper error handling
- */
-async function main() {
-    try {
-        // 1. Initialize SDK with AppToken from environment
-        const app = await Stvor.init({
-            appToken: process.env.STVOR_APP_TOKEN || 'stvor_demo_abc123...'
-        });
-        console.log('SDK initialized');
-        // 2. Connect as a user
-        const alice = await app.connect('alice@example.com');
-        console.log(`Connected as ${alice.getUserId()}`);
-        // 3. Subscribe to incoming messages (recommended for production)
-        const unsubscribe = alice.onMessage((msg) => {
-            console.log(`[Push] ${msg.senderId}: ${msg.content}`);
-        });
-        // 4. Send encrypted message
-        await alice.send('bob@example.com', 'Hello Bob!');
-        // 5. Cleanup
-        await app.disconnect();
-        unsubscribe();
-    }
-    catch (error) {
-        if (error instanceof StvorError) {
-            console.error(`[${error.code}] ${error.message}`);
-            console.error(`Action: ${error.action}`);
-            console.error(`Retryable: ${error.retryable}`);
-        }
-        else {
-            console.error('Unknown error:', error);
-        }
-    }
-}
-/**
- * Note on security guarantees:
- *
- * The facade provides a convenient API, but actual security
- * (E2EE, PFS, post-quantum resistance) depends on the STVOR core.
- *
- * For production use, verify:
- * 1. Core implements Double Ratchet for PFS
- * 2. Core implements ML-KEM for post-quantum resistance
- * 3. Keys are stored securely (not in plain memory)
- * 4. Relay is trusted or verified
- */
-// Run example
-main();