@stvor/sdk 2.4.1 → 3.0.0

package/dist/facade/crypto-session.d.ts

@@ -0,0 +1,71 @@
+/**
+ * STVOR Crypto Session Manager
+ * Uses ONLY Node.js built-in crypto module — zero external dependencies
+ *
+ * Manages identity keys (IK + SPK), ECDSA signatures,
+ * X3DH session establishment, and Double Ratchet encrypt/decrypt.
+ */
+import { KeyPair } from '../ratchet/index.js';
+export interface IdentityKeys {
+    identityKeyPair: KeyPair;
+    signedPreKeyPair: KeyPair;
+    signedPreKeySignature: Buffer;
+}
+export interface SerializedPublicKeys {
+    identityKey: string;
+    signedPreKey: string;
+    signedPreKeySignature: string;
+    oneTimePreKey: string;
+}
+export interface IIdentityStore {
+    saveIdentityKeys(userId: string, keys: {
+        identityKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeySignature: string;
+    }): Promise<void>;
+    loadIdentityKeys(userId: string): Promise<{
+        identityKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeySignature: string;
+    } | null>;
+}
+export interface ISessionStore {
+    saveSession(userId: string, peerId: string, sessionData: Buffer): Promise<void>;
+    loadSession(userId: string, peerId: string): Promise<Buffer | null>;
+    deleteSession(userId: string, peerId: string): Promise<void>;
+    listSessions(userId: string): Promise<string[]>;
+}
+export declare class CryptoSessionManager {
+    private userId;
+    private identityKeys;
+    private sessions;
+    private initialized;
+    private initPromise;
+    private identityStore;
+    private sessionStore;
+    constructor(userId: string, identityStore?: IIdentityStore, sessionStore?: ISessionStore);
+    initialize(): Promise<void>;
+    private _doInit;
+    getPublicKeys(): SerializedPublicKeys;
+    establishSession(peerId: string, peerPublicKeys: SerializedPublicKeys): Promise<void>;
+    establishSessionWithPeer(peerId: string, pk: SerializedPublicKeys): Promise<void>;
+    hasSession(peerId: string): boolean;
+    encryptForPeer(peerId: string, plaintext: string): {
+        ciphertext: string;
+        header: string;
+    };
+    decryptFromPeer(peerId: string, ciphertext: string, header: string): string;
+    forceRatchet(peerId: string): Promise<void>;
+}

package/dist/facade/crypto-session.js

@@ -0,0 +1,152 @@
+/**
+ * STVOR Crypto Session Manager
+ * Uses ONLY Node.js built-in crypto module — zero external dependencies
+ *
+ * Manages identity keys (IK + SPK), ECDSA signatures,
+ * X3DH session establishment, and Double Ratchet encrypt/decrypt.
+ */
+import { generateKeyPair, encryptMessage as ratchetEncrypt, decryptMessage as ratchetDecrypt, establishSession as ratchetEstablishSession, serializeSession, initializeCrypto, ecSign, ecVerify, } from '../ratchet/index.js';
+/* ================================================================
+ * Helpers
+ * ================================================================ */
+function toB64(buf) { return buf.toString('base64url'); }
+function fromB64(s) { return Buffer.from(s, 'base64url'); }
+/* ================================================================
+ * CryptoSessionManager
+ * ================================================================ */
+export class CryptoSessionManager {
+    constructor(userId, identityStore, sessionStore) {
+        this.identityKeys = null;
+        this.sessions = new Map();
+        this.initialized = false;
+        this.initPromise = null;
+        this.identityStore = null;
+        this.sessionStore = null;
+        this.userId = userId;
+        this.identityStore = identityStore || null;
+        this.sessionStore = sessionStore || null;
+    }
+    /* ---- Initialisation ---- */
+    async initialize() {
+        if (this.initialized && this.identityKeys)
+            return;
+        if (this.initPromise)
+            return this.initPromise;
+        this.initPromise = this._doInit();
+        return this.initPromise;
+    }
+    async _doInit() {
+        await initializeCrypto();
+        if (this.identityStore) {
+            try {
+                const stored = await this.identityStore.loadIdentityKeys(this.userId);
+                if (stored) {
+                    this.identityKeys = {
+                        identityKeyPair: {
+                            publicKey: fromB64(stored.identityKeyPair.publicKey),
+                            privateKey: fromB64(stored.identityKeyPair.privateKey),
+                        },
+                        signedPreKeyPair: {
+                            publicKey: fromB64(stored.signedPreKeyPair.publicKey),
+                            privateKey: fromB64(stored.signedPreKeyPair.privateKey),
+                        },
+                        signedPreKeySignature: fromB64(stored.signedPreKeySignature),
+                    };
+                    this.initialized = true;
+                    return;
+                }
+            }
+            catch (e) {
+                console.warn('Failed to load identity keys:', e);
+            }
+        }
+        const ik = generateKeyPair();
+        const spk = generateKeyPair();
+        const sig = ecSign(spk.publicKey, ik);
+        this.identityKeys = {
+            identityKeyPair: ik,
+            signedPreKeyPair: spk,
+            signedPreKeySignature: sig,
+        };
+        if (this.identityStore) {
+            try {
+                await this.identityStore.saveIdentityKeys(this.userId, {
+                    identityKeyPair: { publicKey: toB64(ik.publicKey), privateKey: toB64(ik.privateKey) },
+                    signedPreKeyPair: { publicKey: toB64(spk.publicKey), privateKey: toB64(spk.privateKey) },
+                    signedPreKeySignature: toB64(sig),
+                });
+            }
+            catch (e) {
+                console.warn('Failed to save identity keys:', e);
+            }
+        }
+        this.initialized = true;
+    }
+    /* ---- Public keys ---- */
+    getPublicKeys() {
+        if (!this.identityKeys)
+            throw new Error('Not initialized');
+        return {
+            identityKey: toB64(this.identityKeys.identityKeyPair.publicKey),
+            signedPreKey: toB64(this.identityKeys.signedPreKeyPair.publicKey),
+            signedPreKeySignature: toB64(this.identityKeys.signedPreKeySignature),
+            oneTimePreKey: '',
+        };
+    }
+    /* ---- Session establishment ---- */
+    async establishSession(peerId, peerPublicKeys) {
+        if (!this.identityKeys)
+            throw new Error('Not initialized');
+        const peerIK = fromB64(peerPublicKeys.identityKey);
+        const peerSPK = fromB64(peerPublicKeys.signedPreKey);
+        const peerSig = peerPublicKeys.signedPreKeySignature
+            ? fromB64(peerPublicKeys.signedPreKeySignature)
+            : Buffer.alloc(0);
+        if (peerSig.length > 0 && !ecVerify(peerSPK, peerSig, peerIK)) {
+            throw new Error('Invalid signed pre-key signature — possible MITM attack');
+        }
+        const session = ratchetEstablishSession(this.identityKeys.identityKeyPair, this.identityKeys.signedPreKeyPair, peerIK, peerSPK);
+        this.sessions.set(peerId, session);
+        if (this.sessionStore) {
+            try {
+                await this.sessionStore.saveSession(this.userId, peerId, serializeSession(session));
+            }
+            catch (e) {
+                console.warn('Failed to save session:', e);
+            }
+        }
+    }
+    async establishSessionWithPeer(peerId, pk) {
+        return this.establishSession(peerId, pk);
+    }
+    hasSession(peerId) {
+        return this.sessions.has(peerId);
+    }
+    /* ---- Encrypt ---- */
+    encryptForPeer(peerId, plaintext) {
+        const session = this.sessions.get(peerId);
+        if (!session)
+            throw new Error('No session with peer');
+        const { ciphertext, header } = ratchetEncrypt(session, Buffer.from(plaintext, 'utf-8'));
+        return { ciphertext: toB64(ciphertext), header: toB64(header) };
+    }
+    /* ---- Decrypt ---- */
+    decryptFromPeer(peerId, ciphertext, header) {
+        const session = this.sessions.get(peerId);
+        if (!session)
+            throw new Error('No session with peer');
+        const pt = ratchetDecrypt(session, fromB64(ciphertext), fromB64(header));
+        return pt.toString('utf-8');
+    }
+    /* ---- Post-compromise ---- */
+    async forceRatchet(peerId) {
+        const session = this.sessions.get(peerId);
+        if (session) {
+            session.myRatchetKeyPair = generateKeyPair();
+            session.sendCount = 0;
+            session.recvCount = 0;
+            session.prevSendCount = 0;
+            session.isPostCompromise = true;
+        }
+    }
+}

package/dist/facade/errors.d.ts

@@ -1,19 +1,36 @@
-export declare const Errors: {
+/**
+ * STVOR DX Facade - Error Handling
+ */
+export declare const ErrorCode: {
+    readonly AUTH_FAILED: "AUTH_FAILED";
     readonly INVALID_APP_TOKEN: "INVALID_APP_TOKEN";
-    readonly INVALID_API_KEY: "INVALID_API_KEY";
     readonly RELAY_UNAVAILABLE: "RELAY_UNAVAILABLE";
-    readonly DELIVERY_FAILED: "DELIVERY_FAILED";
     readonly RECIPIENT_NOT_FOUND: "RECIPIENT_NOT_FOUND";
     readonly RECIPIENT_TIMEOUT: "RECIPIENT_TIMEOUT";
-    readonly MESSAGE_INTEGRITY_FAILED: "MESSAGE_INTEGRITY_FAILED";
-    readonly RECEIVE_TIMEOUT: "RECEIVE_TIMEOUT";
-    readonly RECEIVE_IN_PROGRESS: "RECEIVE_IN_PROGRESS";
-    readonly NOT_CONNECTED: "NOT_CONNECTED";
+    readonly CLIENT_NOT_READY: "CLIENT_NOT_READY";
+    readonly DELIVERY_FAILED: "DELIVERY_FAILED";
+    readonly QUOTA_EXCEEDED: "QUOTA_EXCEEDED";
+    readonly RATE_LIMITED: "RATE_LIMITED";
 };
-export type ErrorCode = (typeof Errors)[keyof typeof Errors];
+export type ErrorCode = typeof ErrorCode[keyof typeof ErrorCode];
 export declare class StvorError extends Error {
-    code: ErrorCode;
-    action?: string | undefined;
-    retryable?: boolean | undefined;
-    constructor(code: ErrorCode, message: string, action?: string | undefined, retryable?: boolean | undefined);
+    code: string;
+    action?: string;
+    retryable?: boolean;
+    constructor(code: string, message: string, action?: string, retryable?: boolean);
 }
+export declare const Errors: {
+    authFailed(): StvorError;
+    invalidAppToken(): StvorError;
+    relayUnavailable(): StvorError;
+    recipientNotFound(userId: string): StvorError;
+    messageIntegrityFailed(): StvorError;
+    keystoreCorrupted(): StvorError;
+    deviceCompromised(): StvorError;
+    protocolMismatch(): StvorError;
+    recipientTimeout(userId: string, timeoutMs: number): StvorError;
+    clientNotReady(): StvorError;
+    deliveryFailed(recipientId: string): StvorError;
+    quotaExceeded: () => StvorError;
+    rateLimited: () => StvorError;
+};

package/dist/facade/errors.js

@@ -1,21 +1,62 @@
-export const Errors = {
+/**
+ * STVOR DX Facade - Error Handling
+ */
+export const ErrorCode = {
+    AUTH_FAILED: 'AUTH_FAILED',
     INVALID_APP_TOKEN: 'INVALID_APP_TOKEN',
-    INVALID_API_KEY: 'INVALID_API_KEY',
     RELAY_UNAVAILABLE: 'RELAY_UNAVAILABLE',
-    DELIVERY_FAILED: 'DELIVERY_FAILED',
     RECIPIENT_NOT_FOUND: 'RECIPIENT_NOT_FOUND',
     RECIPIENT_TIMEOUT: 'RECIPIENT_TIMEOUT',
-    MESSAGE_INTEGRITY_FAILED: 'MESSAGE_INTEGRITY_FAILED',
-    RECEIVE_TIMEOUT: 'RECEIVE_TIMEOUT',
-    RECEIVE_IN_PROGRESS: 'RECEIVE_IN_PROGRESS',
-    NOT_CONNECTED: 'NOT_CONNECTED',
+    CLIENT_NOT_READY: 'CLIENT_NOT_READY',
+    DELIVERY_FAILED: 'DELIVERY_FAILED',
+    QUOTA_EXCEEDED: 'QUOTA_EXCEEDED',
+    RATE_LIMITED: 'RATE_LIMITED',
 };
 export class StvorError extends Error {
     constructor(code, message, action, retryable) {
         super(message);
+        this.name = 'StvorError';
         this.code = code;
         this.action = action;
         this.retryable = retryable;
-        this.name = 'StvorError';
     }
 }
+export const Errors = {
+    authFailed() {
+        return new StvorError(ErrorCode.AUTH_FAILED, 'The AppToken is invalid or has been revoked.', 'Check your dashboard and regenerate a new AppToken.', false);
+    },
+    invalidAppToken() {
+        return new StvorError(ErrorCode.INVALID_APP_TOKEN, 'Invalid AppToken format. AppToken must start with "stvor_".', 'Get your AppToken from the developer dashboard.', false);
+    },
+    relayUnavailable() {
+        return new StvorError(ErrorCode.RELAY_UNAVAILABLE, 'Cannot connect to STVOR relay server.', 'Check your internet connection.', true);
+    },
+    recipientNotFound(userId) {
+        return new StvorError(ErrorCode.RECIPIENT_NOT_FOUND, `User "${userId}" not found. They may not have registered with STVOR.`, 'Ask the recipient to initialize STVOR first, or verify the userId is correct.', false);
+    },
+    messageIntegrityFailed() {
+        return new StvorError(ErrorCode.DELIVERY_FAILED, 'Message integrity check failed or decryption failed.', 'Request the message again from the sender.', false);
+    },
+    keystoreCorrupted() {
+        return new StvorError(ErrorCode.DELIVERY_FAILED, 'Local keystore error (not supported in v0.1).', 'Investigate local storage configuration.', false);
+    },
+    deviceCompromised() {
+        return new StvorError(ErrorCode.DELIVERY_FAILED, 'Device compromise detected (placeholder).', 'Investigate and revoke credentials.', false);
+    },
+    protocolMismatch() {
+        return new StvorError(ErrorCode.DELIVERY_FAILED, 'Protocol version mismatch.', 'Update the SDK to the latest version.', false);
+    },
+    recipientTimeout(userId, timeoutMs) {
+        return new StvorError(ErrorCode.RECIPIENT_TIMEOUT, `Timed out waiting for user "${userId}" after ${timeoutMs}ms. ` +
+            `The user may not have registered with STVOR yet.`, 'Ensure the recipient has called connect() and is online, or increase the timeout.', true);
+    },
+    clientNotReady() {
+        return new StvorError(ErrorCode.CLIENT_NOT_READY, 'Client is not ready. Call connect() first and await it.', 'Make sure to await app.connect() before sending messages.', false);
+    },
+    deliveryFailed(recipientId) {
+        return new StvorError(ErrorCode.DELIVERY_FAILED, `Failed to deliver message to ${recipientId}.`, 'Check that the recipient exists and try again.', true);
+    },
+    quotaExceeded: () => new StvorError(ErrorCode.QUOTA_EXCEEDED, 'Message quota exceeded for this AppToken.', 'UPGRADE_PLAN', false),
+    rateLimited: () => new StvorError(ErrorCode.RATE_LIMITED, 'Rate limit exceeded. Please try again later.', 'WAIT', true),
+    // receive()/timeout APIs are not part of SDK v0.1 facade; use onMessage().
+};

package/dist/facade/index.d.ts

@@ -1,8 +1,27 @@
-export * from './app.js';
-export * from './errors.js';
-export * from './types.js';
-export type { DecryptedMessage, SealedPayload } from './types.js';
-export type { StvorAppConfig, AppToken, UserId, MessageContent } from './types.js';
-export { StvorError } from './errors.js';
-export { StvorApp, StvorFacadeClient, Stvor, init, createApp } from './app.js';
-export { ErrorCode as STVOR_ERRORS } from './errors.js';
+/**
+ * STVOR DX Facade SDK
+ * High-level developer experience layer for STVOR E2E encryption
+ *
+ * Design goals:
+ * - Minimal API surface
+ * - Zero crypto knowledge required
+ * - Secure by default
+ * - Opinionated (no configuration)
+ */
+export type { DecryptedMessage, SealedPayload } from './app';
+export type { StvorAppConfig, AppToken, UserId, MessageContent } from './types';
+export type { ErrorCode } from './errors';
+export type { Metrics, SignedMetrics } from './metrics-engine';
+export { StvorError } from './errors';
+export { StvorApp, StvorFacadeClient, Stvor, init, createApp } from './app';
+export { ErrorCode as STVOR_ERRORS } from './errors';
+export { verifyMetricsSignature, MetricsEngine } from './metrics-engine';
+export { CryptoSessionManager } from './crypto-session';
+export type { IdentityKeys, SerializedPublicKeys, IIdentityStore, ISessionStore } from './crypto-session';
+export { LocalStorageIdentityStore, LocalStorageSessionStore } from './local-storage-identity-store';
+export { isReplay, validateMessage, validateMessageWithNonce, getCacheStats, cleanupExpiredNonces, initializeReplayProtection, startAutoCleanup, stopAutoCleanup, } from './replay-manager';
+export type { IReplayCache } from './replay-manager';
+export { RedisReplayCache } from './redis-replay-cache';
+export type { RedisClient, RedisReplayCacheConfig } from './redis-replay-cache';
+export { generateFingerprint, storeFingerprint, verifyFingerprint, isFingerprintTrusted, getFingerprint, revokeTrust, trustNewFingerprint, listTrustedFingerprints, getFingerprintInfo, initializeTofu, } from './tofu-manager';
+export type { ITofuStore } from './tofu-manager';

package/dist/facade/index.js

@@ -1,5 +1,25 @@
-export * from './app.js';
-export * from './errors.js';
-export * from './types.js';
+/**
+ * STVOR DX Facade SDK
+ * High-level developer experience layer for STVOR E2E encryption
+ *
+ * Design goals:
+ * - Minimal API surface
+ * - Zero crypto knowledge required
+ * - Secure by default
+ * - Opinionated (no configuration)
+ */
 export { StvorError } from './errors.js';
+// Re-export classes and functions
 export { StvorApp, StvorFacadeClient, Stvor, init, createApp } from './app.js';
+export { ErrorCode as STVOR_ERRORS } from './errors.js';
+// Re-export metrics verification for Dashboard
+export { verifyMetricsSignature, MetricsEngine } from './metrics-engine.js';
+// Re-export crypto session management
+export { CryptoSessionManager } from './crypto-session.js';
+export { LocalStorageIdentityStore, LocalStorageSessionStore } from './local-storage-identity-store.js';
+// Re-export replay protection
+export { isReplay, validateMessage, validateMessageWithNonce, getCacheStats, cleanupExpiredNonces, initializeReplayProtection, startAutoCleanup, stopAutoCleanup, } from './replay-manager.js';
+// Re-export Redis replay cache for production
+export { RedisReplayCache } from './redis-replay-cache.js';
+// Re-export TOFU management
+export { generateFingerprint, storeFingerprint, verifyFingerprint, isFingerprintTrusted, getFingerprint, revokeTrust, trustNewFingerprint, listTrustedFingerprints, getFingerprintInfo, initializeTofu, } from './tofu-manager.js';

package/dist/facade/local-storage-identity-store.cjs

@@ -0,0 +1,29 @@
+'use strict';
+
+// Auto-generated CommonJS wrapper for facade/local-storage-identity-store.js
+// This allows `require('@stvor/sdk')` to work alongside ESM `import`.
+
+const mod = require('module');
+const url = require('url');
+
+// Use dynamic import to load the ESM module
+let _cached;
+async function _load() {
+  if (!_cached) {
+    _cached = await import(url.pathToFileURL(__filename.replace(/\.cjs$/, '.js')).href);
+  }
+  return _cached;
+}
+
+// For simple CJS usage, expose a promise-based loader
+module.exports = new Proxy({ load: _load }, {
+  get(target, prop) {
+    if (prop === '__esModule') return true;
+    if (prop === 'then') return undefined; // prevent treating as thenable
+    if (prop === 'load') return _load;
+    if (prop === 'default') {
+      return _load().then(m => m.default);
+    }
+    return _load().then(m => m[prop]);
+  }
+});

package/dist/facade/local-storage-identity-store.d.ts

@@ -0,0 +1,50 @@
+/**
+ * LocalStorage-based Identity Store for browser environments
+ * Implements IIdentityStore for persistent identity key storage
+ */
+import { IIdentityStore } from './crypto-session.js';
+/**
+ * Browser-based identity storage using localStorage
+ * CRITICAL: Keys are stored in base64url — in production, use encrypted storage
+ */
+export declare class LocalStorageIdentityStore implements IIdentityStore {
+    private storageKey;
+    constructor(userId: string, storageKeyPrefix?: string);
+    saveIdentityKeys(userId: string, keys: {
+        identityKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeySignature: string;
+    }): Promise<void>;
+    loadIdentityKeys(userId: string): Promise<{
+        identityKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeyPair: {
+            publicKey: string;
+            privateKey: string;
+        };
+        signedPreKeySignature: string;
+    } | null>;
+    /** Delete stored keys (for logout / account reset) */
+    deleteIdentityKeys(userId: string): Promise<void>;
+}
+/**
+ * Session storage implementation for browser environments
+ */
+export declare class LocalStorageSessionStore {
+    private storageKey;
+    constructor(userId: string, storageKeyPrefix?: string);
+    saveSession(userId: string, peerId: string, _session: unknown): Promise<void>;
+    loadSession(userId: string, peerId: string): Promise<unknown | null>;
+    deleteSession(userId: string, peerId: string): Promise<void>;
+    listSessions(userId: string): Promise<string[]>;
+    private getAllSessions;
+}
+export default LocalStorageIdentityStore;

package/dist/facade/local-storage-identity-store.js

@@ -0,0 +1,100 @@
+/**
+ * LocalStorage-based Identity Store for browser environments
+ * Implements IIdentityStore for persistent identity key storage
+ */
+/**
+ * Browser-based identity storage using localStorage
+ * CRITICAL: Keys are stored in base64url — in production, use encrypted storage
+ */
+export class LocalStorageIdentityStore {
+    constructor(userId, storageKeyPrefix = 'stvor_identity_') {
+        this.storageKey = `${storageKeyPrefix}${userId}`;
+    }
+    async saveIdentityKeys(userId, keys) {
+        try {
+            const data = {
+                identityKeyPair: keys.identityKeyPair,
+                signedPreKeyPair: keys.signedPreKeyPair,
+                signedPreKeySignature: keys.signedPreKeySignature,
+            };
+            localStorage.setItem(this.storageKey, JSON.stringify(data));
+            console.log(`[LocalStorageIdentityStore] Keys saved for user: ${userId}`);
+        }
+        catch (error) {
+            console.error('[LocalStorageIdentityStore] Failed to save keys:', error);
+            throw new Error('Failed to save identity keys to localStorage');
+        }
+    }
+    async loadIdentityKeys(userId) {
+        try {
+            const data = localStorage.getItem(this.storageKey);
+            if (!data) {
+                console.log(`[LocalStorageIdentityStore] No keys found for user: ${userId}`);
+                return null;
+            }
+            const parsed = JSON.parse(data);
+            console.log(`[LocalStorageIdentityStore] Keys loaded for user: ${userId}`);
+            return {
+                identityKeyPair: parsed.identityKeyPair,
+                signedPreKeyPair: parsed.signedPreKeyPair,
+                signedPreKeySignature: parsed.signedPreKeySignature,
+            };
+        }
+        catch (error) {
+            console.error('[LocalStorageIdentityStore] Failed to load keys:', error);
+            return null;
+        }
+    }
+    /** Delete stored keys (for logout / account reset) */
+    async deleteIdentityKeys(userId) {
+        localStorage.removeItem(this.storageKey);
+        console.log(`[LocalStorageIdentityStore] Keys deleted for user: ${userId}`);
+    }
+}
+/**
+ * Session storage implementation for browser environments
+ */
+export class LocalStorageSessionStore {
+    constructor(userId, storageKeyPrefix = 'stvor_session_') {
+        this.storageKey = `${storageKeyPrefix}${userId}`;
+    }
+    async saveSession(userId, peerId, _session) {
+        try {
+            const allSessions = this.getAllSessions();
+            allSessions[peerId] = { savedAt: Date.now() };
+            localStorage.setItem(this.storageKey, JSON.stringify(allSessions));
+        }
+        catch (error) {
+            console.error('[LocalStorageSessionStore] Failed to save session:', error);
+        }
+    }
+    async loadSession(userId, peerId) {
+        try {
+            const allSessions = this.getAllSessions();
+            return allSessions[peerId] || null;
+        }
+        catch (error) {
+            console.error('[LocalStorageSessionStore] Failed to load session:', error);
+            return null;
+        }
+    }
+    async deleteSession(userId, peerId) {
+        try {
+            const allSessions = this.getAllSessions();
+            delete allSessions[peerId];
+            localStorage.setItem(this.storageKey, JSON.stringify(allSessions));
+        }
+        catch (error) {
+            console.error('[LocalStorageSessionStore] Failed to delete session:', error);
+        }
+    }
+    async listSessions(userId) {
+        const allSessions = this.getAllSessions();
+        return Object.keys(allSessions);
+    }
+    getAllSessions() {
+        const data = localStorage.getItem(this.storageKey);
+        return data ? JSON.parse(data) : {};
+    }
+}
+export default LocalStorageIdentityStore;

package/dist/facade/metrics-attestation.cjs

@@ -0,0 +1,29 @@
+'use strict';
+
+// Auto-generated CommonJS wrapper for facade/metrics-attestation.js
+// This allows `require('@stvor/sdk')` to work alongside ESM `import`.
+
+const mod = require('module');
+const url = require('url');
+
+// Use dynamic import to load the ESM module
+let _cached;
+async function _load() {
+  if (!_cached) {
+    _cached = await import(url.pathToFileURL(__filename.replace(/\.cjs$/, '.js')).href);
+  }
+  return _cached;
+}
+
+// For simple CJS usage, expose a promise-based loader
+module.exports = new Proxy({ load: _load }, {
+  get(target, prop) {
+    if (prop === '__esModule') return true;
+    if (prop === 'then') return undefined; // prevent treating as thenable
+    if (prop === 'load') return _load;
+    if (prop === 'default') {
+      return _load().then(m => m.default);
+    }
+    return _load().then(m => m[prop]);
+  }
+});