@tgoliveira/vault-core 0.1.0

package/dist/kdf/params.js

@@ -0,0 +1,8 @@
+export const DEFAULT_ARGON2ID_PARAMS = {
+    memory: 65536,
+    iterations: 3,
+    parallelism: 1,
+    hashLength: 32,
+    saltLength: 16,
+};
+//# sourceMappingURL=params.js.map

package/dist/kdf/params.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"params.js","sourceRoot":"","sources":["../../src/kdf/params.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,MAAM,EAAE,KAAK;IACb,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;IACd,UAAU,EAAE,EAAE;IACd,UAAU,EAAE,EAAE;CACN,CAAC"}

package/dist/keys/user-vault-key.d.ts

@@ -0,0 +1,7 @@
+export type UserVaultKey = CryptoKey;
+export declare function createUserVaultKey(): Promise<CryptoKey>;
+/** @deprecated Use createUserVaultKey */
+export declare const generateUserVaultKey: typeof createUserVaultKey;
+export declare function importUserVaultKey(rawKey: Uint8Array): Promise<CryptoKey>;
+export declare function exportUserVaultKey(key: CryptoKey): Promise<Uint8Array>;
+//# sourceMappingURL=user-vault-key.d.ts.map

package/dist/keys/user-vault-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-vault-key.d.ts","sourceRoot":"","sources":["../../src/keys/user-vault-key.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GAAG,SAAS,CAAC;AAErC,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,SAAS,CAAC,CAE7D;AAED,yCAAyC;AACzC,eAAO,MAAM,oBAAoB,2BAAqB,CAAC;AAEvD,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAG/E;AAED,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAG5E"}

package/dist/keys/user-vault-key.js

@@ -0,0 +1,15 @@
+import { generateAesKey } from "../crypto/aes-gcm.js";
+export async function createUserVaultKey() {
+    return generateAesKey();
+}
+/** @deprecated Use createUserVaultKey */
+export const generateUserVaultKey = createUserVaultKey;
+export async function importUserVaultKey(rawKey) {
+    const { importAesKey } = await import("../crypto/aes-gcm.js");
+    return importAesKey(rawKey);
+}
+export async function exportUserVaultKey(key) {
+    const { exportAesKey } = await import("../crypto/aes-gcm.js");
+    return exportAesKey(key);
+}
+//# sourceMappingURL=user-vault-key.js.map

package/dist/keys/user-vault-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-vault-key.js","sourceRoot":"","sources":["../../src/keys/user-vault-key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,OAAO,cAAc,EAAE,CAAC;AAC1B,CAAC;AAED,yCAAyC;AACzC,MAAM,CAAC,MAAM,oBAAoB,GAAG,kBAAkB,CAAC;AAEvD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAkB;IACzD,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC9D,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAc;IACrD,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC9D,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC"}

package/dist/payload/encrypted-payload.d.ts

@@ -0,0 +1,5 @@
+import type { VaultCryptoProfile, VaultAadScope } from "../profile.js";
+import type { EncryptedVaultPayload } from "../validation/schemas.js";
+export declare function encryptVaultPayload<T>(payload: T, vaultKey: CryptoKey, scope: Pick<VaultAadScope, "userId" | "resourceId">, profile: VaultCryptoProfile): Promise<EncryptedVaultPayload>;
+export declare function decryptVaultPayload<T>(encrypted: EncryptedVaultPayload, vaultKey: CryptoKey): Promise<T>;
+//# sourceMappingURL=encrypted-payload.d.ts.map

package/dist/payload/encrypted-payload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-payload.d.ts","sourceRoot":"","sources":["../../src/payload/encrypted-payload.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEtE,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,OAAO,EAAE,CAAC,EACV,QAAQ,EAAE,SAAS,EACnB,KAAK,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,GAAG,YAAY,CAAC,EACnD,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,qBAAqB,CAAC,CAMhC;AAED,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,SAAS,EAAE,qBAAqB,EAChC,QAAQ,EAAE,SAAS,GAClB,OAAO,CAAC,CAAC,CAAC,CAGZ"}

package/dist/payload/encrypted-payload.js

@@ -0,0 +1,14 @@
+import { encryptField, decryptField } from "../crypto/aes-gcm.js";
+import { parseVaultPayload, serializeVaultPayload } from "../crypto/serialization.js";
+export async function encryptVaultPayload(payload, vaultKey, scope, profile) {
+    return encryptField(serializeVaultPayload(payload), vaultKey, {
+        userId: scope.userId,
+        resourceId: scope.resourceId,
+        field: "vault_payload",
+    }, profile);
+}
+export async function decryptVaultPayload(encrypted, vaultKey) {
+    const json = await decryptField(encrypted, vaultKey);
+    return parseVaultPayload(json);
+}
+//# sourceMappingURL=encrypted-payload.js.map

package/dist/payload/encrypted-payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-payload.js","sourceRoot":"","sources":["../../src/payload/encrypted-payload.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAItF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAU,EACV,QAAmB,EACnB,KAAmD,EACnD,OAA2B;IAE3B,OAAO,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE;QAC5D,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,KAAK,EAAE,eAAe;KACvB,EAAE,OAAO,CAAC,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,SAAgC,EAChC,QAAmB;IAEnB,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACrD,OAAO,iBAAiB,CAAI,IAAI,CAAC,CAAC;AACpC,CAAC"}

package/dist/profile.d.ts

@@ -0,0 +1,21 @@
+export type VaultCryptoVersion = "vault-v1";
+export type VaultCryptoProfile = {
+    cryptoVersion: VaultCryptoVersion;
+    aadContextVault: string;
+    aadContextEnvelope: string;
+};
+export type VaultAadField = "vault_key" | "vault_payload" | "vault_index";
+export type VaultAadScope = {
+    userId: string;
+    resourceId: string;
+    field: VaultAadField;
+    context?: string;
+};
+export type RecoveryPhraseWordCount = 12 | 24;
+export type VaultLockState = "locked" | "unlocked";
+export type VaultUnlockResult<TPayload> = {
+    vaultKey: CryptoKey;
+    payload: TPayload;
+};
+export declare function resolveAadContext(scope: Pick<VaultAadScope, "field" | "context">, profile: VaultCryptoProfile): string;
+//# sourceMappingURL=profile.d.ts.map

package/dist/profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAE5C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE,kBAAkB,CAAC;IAClC,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,WAAW,GAAG,eAAe,GAAG,aAAa,CAAC;AAE1E,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,aAAa,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAC;AAE9C,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEnD,MAAM,MAAM,iBAAiB,CAAC,QAAQ,IAAI;IACxC,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,IAAI,CAAC,aAAa,EAAE,OAAO,GAAG,SAAS,CAAC,EAC/C,OAAO,EAAE,kBAAkB,GAC1B,MAAM,CAOR"}

package/dist/profile.js

@@ -0,0 +1,9 @@
+export function resolveAadContext(scope, profile) {
+    if (scope.context !== undefined) {
+        return scope.context;
+    }
+    return scope.field === "vault_key"
+        ? profile.aadContextEnvelope
+        : profile.aadContextVault;
+}
+//# sourceMappingURL=profile.js.map

package/dist/profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.js","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AA0BA,MAAM,UAAU,iBAAiB,CAC/B,KAA+C,EAC/C,OAA2B;IAE3B,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,OAAO,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,KAAK,WAAW;QAChC,CAAC,CAAC,OAAO,CAAC,kBAAkB;QAC5B,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC;AAC9B,CAAC"}

package/dist/react/index.d.ts

@@ -0,0 +1,6 @@
+export { resolveVaultClientStatus, type VaultClientStatus, type VaultServerStatusSnapshot, } from "./status/resolve-vault-client-status.js";
+export { useVaultClientStatus } from "./status/use-vault-client-status.js";
+export { useVaultUnlocked, useVaultLockState, } from "./session/use-vault-unlocked.js";
+export { useVaultSession, type UseVaultSessionOptions } from "./session/use-vault-session.js";
+export { VaultSessionProvider, type VaultSessionProviderProps, } from "./session/vault-session-provider.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/react/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,EACxB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,GAC/B,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAE9F,OAAO,EACL,oBAAoB,EACpB,KAAK,yBAAyB,GAC/B,MAAM,qCAAqC,CAAC"}

package/dist/react/index.js

@@ -0,0 +1,6 @@
+export { resolveVaultClientStatus, } from "./status/resolve-vault-client-status.js";
+export { useVaultClientStatus } from "./status/use-vault-client-status.js";
+export { useVaultUnlocked, useVaultLockState, } from "./session/use-vault-unlocked.js";
+export { useVaultSession } from "./session/use-vault-session.js";
+export { VaultSessionProvider, } from "./session/vault-session-provider.js";
+//# sourceMappingURL=index.js.map

package/dist/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,GAGzB,MAAM,yCAAyC,CAAC;AAEjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,OAAO,EACL,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AAEzC,OAAO,EAAE,eAAe,EAA+B,MAAM,gCAAgC,CAAC;AAE9F,OAAO,EACL,oBAAoB,GAErB,MAAM,qCAAqC,CAAC"}

package/dist/react/session/use-vault-session.d.ts

@@ -0,0 +1,11 @@
+import { type VaultSessionConfig } from "../../browser.js";
+export type UseVaultSessionOptions = {
+    sessionConfig?: VaultSessionConfig;
+    registerUnloadGuard?: boolean;
+};
+export declare function useVaultSession(options?: UseVaultSessionOptions): {
+    unlocked: boolean;
+    lock: () => void;
+    touch: () => void;
+};
+//# sourceMappingURL=use-vault-session.d.ts.map

package/dist/react/session/use-vault-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-session.d.ts","sourceRoot":"","sources":["../../../src/react/session/use-vault-session.ts"],"names":[],"mappings":"AACA,OAAO,EAKL,KAAK,kBAAkB,EACxB,MAAM,kBAAkB,CAAC;AAG1B,MAAM,MAAM,sBAAsB,GAAG;IACnC,aAAa,CAAC,EAAE,kBAAkB,CAAC;IACnC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAEF,wBAAgB,eAAe,CAAC,OAAO,GAAE,sBAA2B;;;;EA4BnE"}

package/dist/react/session/use-vault-session.js

@@ -0,0 +1,29 @@
+import { useCallback, useEffect } from "react";
+import { configureVaultSession, lockVaultSession, registerVaultUnloadGuard, touchVaultSession, } from "../../browser.js";
+import { useVaultUnlocked } from "./use-vault-unlocked.js";
+export function useVaultSession(options = {}) {
+    const { sessionConfig, registerUnloadGuard = true } = options;
+    const unlocked = useVaultUnlocked();
+    useEffect(() => {
+        if (sessionConfig) {
+            configureVaultSession(sessionConfig);
+        }
+    }, [sessionConfig]);
+    useEffect(() => {
+        if (!registerUnloadGuard)
+            return;
+        return registerVaultUnloadGuard();
+    }, [registerUnloadGuard]);
+    const lock = useCallback(() => {
+        lockVaultSession();
+    }, []);
+    const touch = useCallback(() => {
+        touchVaultSession();
+    }, []);
+    return {
+        unlocked,
+        lock,
+        touch,
+    };
+}
+//# sourceMappingURL=use-vault-session.js.map

package/dist/react/session/use-vault-session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-session.js","sourceRoot":"","sources":["../../../src/react/session/use-vault-session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAC/C,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,EACxB,iBAAiB,GAElB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAO3D,MAAM,UAAU,eAAe,CAAC,UAAkC,EAAE;IAClE,MAAM,EAAE,aAAa,EAAE,mBAAmB,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAC9D,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IAEpC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,aAAa,EAAE,CAAC;YAClB,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACvC,CAAC;IACH,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,mBAAmB;YAAE,OAAO;QACjC,OAAO,wBAAwB,EAAE,CAAC;IACpC,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAE1B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE;QAC5B,gBAAgB,EAAE,CAAC;IACrB,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QAC7B,iBAAiB,EAAE,CAAC;IACtB,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,OAAO;QACL,QAAQ;QACR,IAAI;QACJ,KAAK;KACN,CAAC;AACJ,CAAC"}

package/dist/react/session/use-vault-unlocked.d.ts

@@ -0,0 +1,3 @@
+export declare function useVaultUnlocked(): boolean;
+export declare function useVaultLockState(): "locked" | "unlocked";
+//# sourceMappingURL=use-vault-unlocked.d.ts.map

package/dist/react/session/use-vault-unlocked.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-unlocked.d.ts","sourceRoot":"","sources":["../../../src/react/session/use-vault-unlocked.ts"],"names":[],"mappings":"AAGA,wBAAgB,gBAAgB,IAAI,OAAO,CAM1C;AAED,wBAAgB,iBAAiB,IAAI,QAAQ,GAAG,UAAU,CAEzD"}

package/dist/react/session/use-vault-unlocked.js

@@ -0,0 +1,9 @@
+import { useSyncExternalStore } from "react";
+import { isVaultUnlocked, subscribeVaultSession } from "../../browser.js";
+export function useVaultUnlocked() {
+    return useSyncExternalStore(subscribeVaultSession, () => isVaultUnlocked(), () => false);
+}
+export function useVaultLockState() {
+    return useVaultUnlocked() ? "unlocked" : "locked";
+}
+//# sourceMappingURL=use-vault-unlocked.js.map

package/dist/react/session/use-vault-unlocked.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-unlocked.js","sourceRoot":"","sources":["../../../src/react/session/use-vault-unlocked.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,OAAO,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAE1E,MAAM,UAAU,gBAAgB;IAC9B,OAAO,oBAAoB,CACzB,qBAAqB,EACrB,GAAG,EAAE,CAAC,eAAe,EAAE,EACvB,GAAG,EAAE,CAAC,KAAK,CACZ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,gBAAgB,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;AACpD,CAAC"}

package/dist/react/session/vault-session-provider.d.ts

@@ -0,0 +1,9 @@
+import { type ReactNode } from "react";
+import { type VaultSessionConfig } from "../../browser.js";
+export type VaultSessionProviderProps = {
+    children: ReactNode;
+    sessionConfig?: VaultSessionConfig;
+    registerUnloadGuard?: boolean;
+};
+export declare function VaultSessionProvider({ children, sessionConfig, registerUnloadGuard, }: VaultSessionProviderProps): ReactNode;
+//# sourceMappingURL=vault-session-provider.d.ts.map

package/dist/react/session/vault-session-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-session-provider.d.ts","sourceRoot":"","sources":["../../../src/react/session/vault-session-provider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAa,MAAM,OAAO,CAAC;AAClD,OAAO,EAGL,KAAK,kBAAkB,EACxB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,MAAM,yBAAyB,GAAG;IACtC,QAAQ,EAAE,SAAS,CAAC;IACpB,aAAa,CAAC,EAAE,kBAAkB,CAAC;IACnC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAEF,wBAAgB,oBAAoB,CAAC,EACnC,QAAQ,EACR,aAAa,EACb,mBAA0B,GAC3B,EAAE,yBAAyB,aAa3B"}

package/dist/react/session/vault-session-provider.js

@@ -0,0 +1,16 @@
+import { useEffect } from "react";
+import { configureVaultSession, registerVaultUnloadGuard, } from "../../browser.js";
+export function VaultSessionProvider({ children, sessionConfig, registerUnloadGuard = true, }) {
+    useEffect(() => {
+        if (sessionConfig) {
+            configureVaultSession(sessionConfig);
+        }
+    }, [sessionConfig]);
+    useEffect(() => {
+        if (!registerUnloadGuard)
+            return;
+        return registerVaultUnloadGuard();
+    }, [registerUnloadGuard]);
+    return children;
+}
+//# sourceMappingURL=vault-session-provider.js.map

package/dist/react/session/vault-session-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-session-provider.js","sourceRoot":"","sources":["../../../src/react/session/vault-session-provider.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAkB,SAAS,EAAE,MAAM,OAAO,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,wBAAwB,GAEzB,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,UAAU,oBAAoB,CAAC,EACnC,QAAQ,EACR,aAAa,EACb,mBAAmB,GAAG,IAAI,GACA;IAC1B,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,aAAa,EAAE,CAAC;YAClB,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACvC,CAAC;IACH,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAEpB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,mBAAmB;YAAE,OAAO;QACjC,OAAO,wBAAwB,EAAE,CAAC;IACpC,CAAC,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAE1B,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/react/status/resolve-vault-client-status.d.ts

@@ -0,0 +1,8 @@
+export type VaultClientStatus = "not_setup" | "locked" | "unlocked" | "unsupported_prf" | "error";
+/** Minimal server status fields needed to derive client lock UI state. */
+export type VaultServerStatusSnapshot = {
+    configured: boolean;
+    hasPasskeyPrfEnvelope?: boolean;
+};
+export declare function resolveVaultClientStatus(status: VaultServerStatusSnapshot | null, unlocked: boolean, prfSupported: boolean): VaultClientStatus;
+//# sourceMappingURL=resolve-vault-client-status.d.ts.map

package/dist/react/status/resolve-vault-client-status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-vault-client-status.d.ts","sourceRoot":"","sources":["../../../src/react/status/resolve-vault-client-status.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,QAAQ,GACR,UAAU,GACV,iBAAiB,GACjB,OAAO,CAAC;AAEZ,0EAA0E;AAC1E,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,OAAO,CAAC;IACpB,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC,CAAC;AAEF,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,yBAAyB,GAAG,IAAI,EACxC,QAAQ,EAAE,OAAO,EACjB,YAAY,EAAE,OAAO,GACpB,iBAAiB,CAWnB"}

package/dist/react/status/resolve-vault-client-status.js

@@ -0,0 +1,13 @@
+export function resolveVaultClientStatus(status, unlocked, prfSupported) {
+    if (!status?.configured) {
+        return "not_setup";
+    }
+    if (unlocked) {
+        return "unlocked";
+    }
+    if (!prfSupported && status.hasPasskeyPrfEnvelope) {
+        return "unsupported_prf";
+    }
+    return "locked";
+}
+//# sourceMappingURL=resolve-vault-client-status.js.map

package/dist/react/status/resolve-vault-client-status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-vault-client-status.js","sourceRoot":"","sources":["../../../src/react/status/resolve-vault-client-status.ts"],"names":[],"mappings":"AAaA,MAAM,UAAU,wBAAwB,CACtC,MAAwC,EACxC,QAAiB,EACjB,YAAqB;IAErB,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACrB,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,MAAM,CAAC,qBAAqB,EAAE,CAAC;QAClD,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/react/status/use-vault-client-status.d.ts

@@ -0,0 +1,3 @@
+import { type VaultClientStatus, type VaultServerStatusSnapshot } from "./resolve-vault-client-status.js";
+export declare function useVaultClientStatus(serverStatus: VaultServerStatusSnapshot | null, prfSupported: boolean): VaultClientStatus;
+//# sourceMappingURL=use-vault-client-status.d.ts.map

package/dist/react/status/use-vault-client-status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-client-status.d.ts","sourceRoot":"","sources":["../../../src/react/status/use-vault-client-status.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC/B,MAAM,kCAAkC,CAAC;AAG1C,wBAAgB,oBAAoB,CAClC,YAAY,EAAE,yBAAyB,GAAG,IAAI,EAC9C,YAAY,EAAE,OAAO,GACpB,iBAAiB,CAMnB"}

package/dist/react/status/use-vault-client-status.js

@@ -0,0 +1,8 @@
+import { useMemo } from "react";
+import { resolveVaultClientStatus, } from "./resolve-vault-client-status.js";
+import { useVaultUnlocked } from "../session/use-vault-unlocked.js";
+export function useVaultClientStatus(serverStatus, prfSupported) {
+    const unlocked = useVaultUnlocked();
+    return useMemo(() => resolveVaultClientStatus(serverStatus, unlocked, prfSupported), [serverStatus, unlocked, prfSupported]);
+}
+//# sourceMappingURL=use-vault-client-status.js.map

package/dist/react/status/use-vault-client-status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-vault-client-status.js","sourceRoot":"","sources":["../../../src/react/status/use-vault-client-status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAChC,OAAO,EACL,wBAAwB,GAGzB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAEpE,MAAM,UAAU,oBAAoB,CAClC,YAA8C,EAC9C,YAAqB;IAErB,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,OAAO,OAAO,CACZ,GAAG,EAAE,CAAC,wBAAwB,CAAC,YAAY,EAAE,QAAQ,EAAE,YAAY,CAAC,EACpE,CAAC,YAAY,EAAE,QAAQ,EAAE,YAAY,CAAC,CACvC,CAAC;AACJ,CAAC"}

package/dist/recovery/kit.d.ts

@@ -0,0 +1,16 @@
+import type { RecoveryPhraseWordCount } from "../profile.js";
+export declare function createRecoveryKitText(input: {
+    recoveryPhrase: string;
+    wordCount: RecoveryPhraseWordCount;
+    productName: string;
+    createdAt?: Date;
+    warnings?: string[];
+}): string;
+/** @deprecated Use createRecoveryKitText */
+export declare function buildRecoveryKitContent(recoveryPhrase: string, options: {
+    wordCount: RecoveryPhraseWordCount;
+    productName: string;
+    createdAt?: Date;
+    warnings?: string[];
+}): string;
+//# sourceMappingURL=kit.d.ts.map

package/dist/recovery/kit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kit.d.ts","sourceRoot":"","sources":["../../src/recovery/kit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AAE7D,wBAAgB,qBAAqB,CAAC,KAAK,EAAE;IAC3C,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,uBAAuB,CAAC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,GAAG,MAAM,CAsBT;AAED,4CAA4C;AAC5C,wBAAgB,uBAAuB,CACrC,cAAc,EAAE,MAAM,EACtB,OAAO,EAAE;IAAE,SAAS,EAAE,uBAAuB,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,GAC1G,MAAM,CAQR"}

package/dist/recovery/kit.js

@@ -0,0 +1,33 @@
+export function createRecoveryKitText(input) {
+    const createdAt = input.createdAt ?? new Date();
+    const defaultWarnings = [
+        "Store this offline in a safe place.",
+        `Anyone with this phrase may be able to unlock your ${input.productName} vault.`,
+        `${input.productName} cannot recover your vault if you lose both your vault password and this phrase.`,
+        "This recovery phrase was generated in your browser and should never be shared.",
+    ];
+    const warnings = input.warnings ?? defaultWarnings;
+    return `${input.productName} Vault Recovery Kit
+
+Recovery phrase type: ${input.wordCount}-word recovery phrase
+Created: ${createdAt.toISOString()}
+Product: ${input.productName}
+
+Recovery phrase:
+${input.recoveryPhrase}
+
+Important:
+${warnings.map((line) => `- ${line}`).join("\n")}
+`;
+}
+/** @deprecated Use createRecoveryKitText */
+export function buildRecoveryKitContent(recoveryPhrase, options) {
+    return createRecoveryKitText({
+        recoveryPhrase,
+        wordCount: options.wordCount,
+        productName: options.productName,
+        createdAt: options.createdAt,
+        warnings: options.warnings,
+    });
+}
+//# sourceMappingURL=kit.js.map

package/dist/recovery/kit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kit.js","sourceRoot":"","sources":["../../src/recovery/kit.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC;IAChD,MAAM,eAAe,GAAG;QACtB,qCAAqC;QACrC,sDAAsD,KAAK,CAAC,WAAW,SAAS;QAChF,GAAG,KAAK,CAAC,WAAW,kFAAkF;QACtG,gFAAgF;KACjF,CAAC;IACF,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,eAAe,CAAC;IAEnD,OAAO,GAAG,KAAK,CAAC,WAAW;;wBAEL,KAAK,CAAC,SAAS;WAC5B,SAAS,CAAC,WAAW,EAAE;WACvB,KAAK,CAAC,WAAW;;;EAG1B,KAAK,CAAC,cAAc;;;EAGpB,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;CAC/C,CAAC;AACF,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,uBAAuB,CACrC,cAAsB,EACtB,OAA2G;IAE3G,OAAO,qBAAqB,CAAC;QAC3B,cAAc;QACd,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC,CAAC;AACL,CAAC"}

package/dist/session/auto-lock.d.ts

@@ -0,0 +1,18 @@
+export type VaultSessionConfig = {
+    autoLockMinutes?: number;
+    resolveAutoLockMinutes?: () => number | undefined;
+};
+export declare function configureVaultSession(config: VaultSessionConfig): void;
+export declare function subscribeVaultSession(listener: () => void): () => void;
+export declare function isVaultManuallyLocked(): boolean;
+export declare function clearVaultAutoLockTimer(): void;
+export declare function scheduleVaultAutoLock(): void;
+export declare function touchVaultSession(): void;
+export declare function unlockVaultSession(vaultKey: CryptoKey): void;
+export declare function lockVaultSession(): void;
+export declare function lockVaultSessionManually(): void;
+export declare function resetVaultSessionLockState(): void;
+export declare function registerVaultUnloadGuard(): () => void;
+export declare function getVaultAutoLockRemainingMs(): number | null;
+export { getSessionVaultKey, setSessionVaultKey, lockVault, isVaultUnlocked, clearVaultClientState, } from "./memory-session.js";
+//# sourceMappingURL=auto-lock.d.ts.map

package/dist/session/auto-lock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-lock.d.ts","sourceRoot":"","sources":["../../src/session/auto-lock.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,kBAAkB,GAAG;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sBAAsB,CAAC,EAAE,MAAM,MAAM,GAAG,SAAS,CAAC;CACnD,CAAC;AAQF,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,kBAAkB,GAAG,IAAI,CAEtE;AAmBD,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,MAAM,IAAI,CAGtE;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CAE/C;AAED,wBAAgB,uBAAuB,IAAI,IAAI,CAK9C;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAO5C;AAED,wBAAgB,iBAAiB,IAAI,IAAI,CAIxC;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,SAAS,GAAG,IAAI,CAK5D;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAMvC;AAED,wBAAgB,wBAAwB,IAAI,IAAI,CAE/C;AAED,wBAAgB,0BAA0B,IAAI,IAAI,CAKjD;AAED,wBAAgB,wBAAwB,IAAI,MAAM,IAAI,CAMrD;AAED,wBAAgB,2BAA2B,IAAI,MAAM,GAAG,IAAI,CAG3D;AAED,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,SAAS,EACT,eAAe,EACf,qBAAqB,GACtB,MAAM,qBAAqB,CAAC"}

package/dist/session/auto-lock.js

@@ -0,0 +1,86 @@
+import { DEFAULT_VAULT_AUTO_LOCK_MINUTES } from "../constants.js";
+import { isVaultUnlocked, lockVault, setSessionVaultKey } from "./memory-session.js";
+let sessionConfig = {};
+let inactivityTimer = null;
+let manuallyLocked = false;
+let lastActivityAt = 0;
+const listeners = new Set();
+export function configureVaultSession(config) {
+    sessionConfig = config;
+}
+function getAutoLockTimeoutMs() {
+    const resolved = sessionConfig.resolveAutoLockMinutes?.();
+    const minutes = resolved ??
+        sessionConfig.autoLockMinutes ??
+        DEFAULT_VAULT_AUTO_LOCK_MINUTES;
+    const safeMinutes = Number.isFinite(minutes) && minutes > 0 ? minutes : DEFAULT_VAULT_AUTO_LOCK_MINUTES;
+    return safeMinutes * 60 * 1000;
+}
+function notifyVaultSessionChange() {
+    for (const listener of listeners) {
+        listener();
+    }
+}
+export function subscribeVaultSession(listener) {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+}
+export function isVaultManuallyLocked() {
+    return manuallyLocked;
+}
+export function clearVaultAutoLockTimer() {
+    if (inactivityTimer) {
+        clearTimeout(inactivityTimer);
+        inactivityTimer = null;
+    }
+}
+export function scheduleVaultAutoLock() {
+    if (!isVaultUnlocked() || manuallyLocked)
+        return;
+    clearVaultAutoLockTimer();
+    lastActivityAt = Date.now();
+    inactivityTimer = setTimeout(() => {
+        lockVaultSession();
+    }, getAutoLockTimeoutMs());
+}
+export function touchVaultSession() {
+    if (isVaultUnlocked() && !manuallyLocked) {
+        scheduleVaultAutoLock();
+    }
+}
+export function unlockVaultSession(vaultKey) {
+    manuallyLocked = false;
+    setSessionVaultKey(vaultKey);
+    scheduleVaultAutoLock();
+    notifyVaultSessionChange();
+}
+export function lockVaultSession() {
+    clearVaultAutoLockTimer();
+    lastActivityAt = 0;
+    lockVault();
+    manuallyLocked = true;
+    notifyVaultSessionChange();
+}
+export function lockVaultSessionManually() {
+    lockVaultSession();
+}
+export function resetVaultSessionLockState() {
+    manuallyLocked = false;
+    clearVaultAutoLockTimer();
+    lastActivityAt = 0;
+    notifyVaultSessionChange();
+}
+export function registerVaultUnloadGuard() {
+    if (typeof window === "undefined")
+        return () => undefined;
+    const handler = () => lockVaultSession();
+    window.addEventListener("pagehide", handler);
+    return () => window.removeEventListener("pagehide", handler);
+}
+export function getVaultAutoLockRemainingMs() {
+    if (!isVaultUnlocked() || manuallyLocked || lastActivityAt === 0)
+        return null;
+    return Math.max(0, getAutoLockTimeoutMs() - (Date.now() - lastActivityAt));
+}
+export { getSessionVaultKey, setSessionVaultKey, lockVault, isVaultUnlocked, clearVaultClientState, } from "./memory-session.js";
+//# sourceMappingURL=auto-lock.js.map

package/dist/session/auto-lock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-lock.js","sourceRoot":"","sources":["../../src/session/auto-lock.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,+BAA+B,EAAE,MAAM,iBAAiB,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAOrF,IAAI,aAAa,GAAuB,EAAE,CAAC;AAC3C,IAAI,eAAe,GAAyC,IAAI,CAAC;AACjE,IAAI,cAAc,GAAG,KAAK,CAAC;AAC3B,IAAI,cAAc,GAAG,CAAC,CAAC;AACvB,MAAM,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;AAExC,MAAM,UAAU,qBAAqB,CAAC,MAA0B;IAC9D,aAAa,GAAG,MAAM,CAAC;AACzB,CAAC;AAED,SAAS,oBAAoB;IAC3B,MAAM,QAAQ,GAAG,aAAa,CAAC,sBAAsB,EAAE,EAAE,CAAC;IAC1D,MAAM,OAAO,GACX,QAAQ;QACR,aAAa,CAAC,eAAe;QAC7B,+BAA+B,CAAC;IAClC,MAAM,WAAW,GACf,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,CAAC;IACtF,OAAO,WAAW,GAAG,EAAE,GAAG,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,wBAAwB;IAC/B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,QAAQ,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAoB;IACxD,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxB,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,IAAI,eAAe,EAAE,CAAC;QACpB,YAAY,CAAC,eAAe,CAAC,CAAC;QAC9B,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,IAAI,CAAC,eAAe,EAAE,IAAI,cAAc;QAAE,OAAO;IACjD,uBAAuB,EAAE,CAAC;IAC1B,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,eAAe,GAAG,UAAU,CAAC,GAAG,EAAE;QAChC,gBAAgB,EAAE,CAAC;IACrB,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,eAAe,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;QACzC,qBAAqB,EAAE,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAmB;IACpD,cAAc,GAAG,KAAK,CAAC;IACvB,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC7B,qBAAqB,EAAE,CAAC;IACxB,wBAAwB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,uBAAuB,EAAE,CAAC;IAC1B,cAAc,GAAG,CAAC,CAAC;IACnB,SAAS,EAAE,CAAC;IACZ,cAAc,GAAG,IAAI,CAAC;IACtB,wBAAwB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,gBAAgB,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,cAAc,GAAG,KAAK,CAAC;IACvB,uBAAuB,EAAE,CAAC;IAC1B,cAAc,GAAG,CAAC,CAAC;IACnB,wBAAwB,EAAE,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO,GAAG,EAAE,CAAC,SAAS,CAAC;IAE1D,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACzC,MAAM,CAAC,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC7C,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,IAAI,CAAC,eAAe,EAAE,IAAI,cAAc,IAAI,cAAc,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,SAAS,EACT,eAAe,EACf,qBAAqB,GACtB,MAAM,qBAAqB,CAAC"}

package/dist/session/memory-session.d.ts

@@ -0,0 +1,8 @@
+export declare function getSessionVaultKey(): CryptoKey | null;
+export declare function setSessionVaultKey(key: CryptoKey | null): void;
+export declare function lockVault(): void;
+export declare function isVaultUnlocked(): boolean;
+export declare function clearVaultClientState(): void;
+export type VaultLockState = ReturnType<typeof isVaultUnlocked> extends true ? "unlocked" : "locked";
+export declare function getVaultLockState(): "locked" | "unlocked";
+//# sourceMappingURL=memory-session.d.ts.map

package/dist/session/memory-session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-session.d.ts","sourceRoot":"","sources":["../../src/session/memory-session.ts"],"names":[],"mappings":"AAEA,wBAAgB,kBAAkB,IAAI,SAAS,GAAG,IAAI,CAErD;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,IAAI,GAAG,IAAI,CAE9D;AAED,wBAAgB,SAAS,IAAI,IAAI,CAEhC;AAED,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED,MAAM,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,SAAS,IAAI,GAAG,UAAU,GAAG,QAAQ,CAAC;AAErG,wBAAgB,iBAAiB,IAAI,QAAQ,GAAG,UAAU,CAEzD"}

package/dist/session/memory-session.js

@@ -0,0 +1,20 @@
+let sessionVaultKey = null;
+export function getSessionVaultKey() {
+    return sessionVaultKey;
+}
+export function setSessionVaultKey(key) {
+    sessionVaultKey = key;
+}
+export function lockVault() {
+    sessionVaultKey = null;
+}
+export function isVaultUnlocked() {
+    return sessionVaultKey !== null;
+}
+export function clearVaultClientState() {
+    setSessionVaultKey(null);
+}
+export function getVaultLockState() {
+    return isVaultUnlocked() ? "unlocked" : "locked";
+}
+//# sourceMappingURL=memory-session.js.map

package/dist/session/memory-session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-session.js","sourceRoot":"","sources":["../../src/session/memory-session.ts"],"names":[],"mappings":"AAAA,IAAI,eAAe,GAAqB,IAAI,CAAC;AAE7C,MAAM,UAAU,kBAAkB;IAChC,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAqB;IACtD,eAAe,GAAG,GAAG,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,eAAe,GAAG,IAAI,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,eAAe,KAAK,IAAI,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,kBAAkB,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAID,MAAM,UAAU,iBAAiB;IAC/B,OAAO,eAAe,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;AACnD,CAAC"}

package/dist/testing/fixtures/liqsense-compat.d.ts

@@ -0,0 +1,32 @@
+import type { VaultCryptoProfile } from "../../profile.js";
+/** Frozen LiqSense compatibility profile — must not change. */
+export declare const LIQSENSE_COMPAT_PROFILE: VaultCryptoProfile;
+export declare const LIQSENSE_COMPAT_USER_ID = "00000000-0000-4000-8000-000000000001";
+export declare const LIQSENSE_COMPAT_SCOPE: {
+    userId: string;
+    resourceId: string;
+};
+/** Fixed 32-byte UVK for fixture generation (not a production key). */
+export declare const FIXTURE_UVK_BYTES: Uint8Array<ArrayBuffer>;
+/** Fixed 16-byte Argon2 salt for deterministic envelope fixtures. */
+export declare const FIXTURE_ARGON2_SALT: Uint8Array<ArrayBuffer>;
+export declare const FIXTURE_VAULT_PASSWORD = "SENTINEL_VAULT_PASSWORD_DO_NOT_STORE";
+export declare const FIXTURE_12_WORD_PHRASE = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
+export declare const FIXTURE_24_WORD_PHRASE = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art";
+/** 32-byte PRF output for passkey envelope fixtures. */
+export declare const FIXTURE_PRF_OUTPUT: Uint8Array<ArrayBuffer>;
+export declare const FIXTURE_PAYLOAD_V1: {
+    version: number;
+    createdAt: string;
+    updatedAt: string;
+    profile: {
+        displayName: string;
+    };
+    subscriptions: never[];
+    walletLabels: never[];
+    strategyNotes: never[];
+    privatePreferences: {
+        privateModeDefault: boolean;
+    };
+};
+//# sourceMappingURL=liqsense-compat.d.ts.map

package/dist/testing/fixtures/liqsense-compat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"liqsense-compat.d.ts","sourceRoot":"","sources":["../../../src/testing/fixtures/liqsense-compat.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAE3D,+DAA+D;AAC/D,eAAO,MAAM,uBAAuB,EAAE,kBAIrC,CAAC;AAEF,eAAO,MAAM,uBAAuB,yCAAyC,CAAC;AAE9E,eAAO,MAAM,qBAAqB;;;CAGjC,CAAC;AAEF,uEAAuE;AACvE,eAAO,MAAM,iBAAiB,yBAAmD,CAAC;AAElF,qEAAqE;AACrE,eAAO,MAAM,mBAAmB,yBAAsD,CAAC;AAEvF,eAAO,MAAM,sBAAsB,yCAAyC,CAAC;AAE7E,eAAO,MAAM,sBAAsB,kGAC8D,CAAC;AAElG,eAAO,MAAM,sBAAsB,gMAC4J,CAAC;AAEhM,wDAAwD;AACxD,eAAO,MAAM,kBAAkB,yBAAsD,CAAC;AAEtF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;CAS9B,CAAC"}

package/dist/testing/fixtures/liqsense-compat.js

@@ -0,0 +1,31 @@
+/** Frozen LiqSense compatibility profile — must not change. */
+export const LIQSENSE_COMPAT_PROFILE = {
+    cryptoVersion: "vault-v1",
+    aadContextVault: "liqsense:vault:v1",
+    aadContextEnvelope: "liqsense:vault-envelope:v1",
+};
+export const LIQSENSE_COMPAT_USER_ID = "00000000-0000-4000-8000-000000000001";
+export const LIQSENSE_COMPAT_SCOPE = {
+    userId: LIQSENSE_COMPAT_USER_ID,
+    resourceId: LIQSENSE_COMPAT_USER_ID,
+};
+/** Fixed 32-byte UVK for fixture generation (not a production key). */
+export const FIXTURE_UVK_BYTES = Uint8Array.from({ length: 32 }, (_, i) => i + 1);
+/** Fixed 16-byte Argon2 salt for deterministic envelope fixtures. */
+export const FIXTURE_ARGON2_SALT = Uint8Array.from({ length: 16 }, (_, i) => 0x10 + i);
+export const FIXTURE_VAULT_PASSWORD = "SENTINEL_VAULT_PASSWORD_DO_NOT_STORE";
+export const FIXTURE_12_WORD_PHRASE = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
+export const FIXTURE_24_WORD_PHRASE = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon art";
+/** 32-byte PRF output for passkey envelope fixtures. */
+export const FIXTURE_PRF_OUTPUT = Uint8Array.from({ length: 32 }, (_, i) => 0x20 + i);
+export const FIXTURE_PAYLOAD_V1 = {
+    version: 1,
+    createdAt: "2026-01-01T00:00:00.000Z",
+    updatedAt: "2026-01-01T00:00:00.000Z",
+    profile: { displayName: "fixture-user" },
+    subscriptions: [],
+    walletLabels: [],
+    strategyNotes: [],
+    privatePreferences: { privateModeDefault: true },
+};
+//# sourceMappingURL=liqsense-compat.js.map

package/dist/testing/fixtures/liqsense-compat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"liqsense-compat.js","sourceRoot":"","sources":["../../../src/testing/fixtures/liqsense-compat.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,uBAAuB,GAAuB;IACzD,aAAa,EAAE,UAAU;IACzB,eAAe,EAAE,mBAAmB;IACpC,kBAAkB,EAAE,4BAA4B;CACjD,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG,sCAAsC,CAAC;AAE9E,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,MAAM,EAAE,uBAAuB;IAC/B,UAAU,EAAE,uBAAuB;CACpC,CAAC;AAEF,uEAAuE;AACvE,MAAM,CAAC,MAAM,iBAAiB,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;AAElF,qEAAqE;AACrE,MAAM,CAAC,MAAM,mBAAmB,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;AAEvF,MAAM,CAAC,MAAM,sBAAsB,GAAG,sCAAsC,CAAC;AAE7E,MAAM,CAAC,MAAM,sBAAsB,GACjC,+FAA+F,CAAC;AAElG,MAAM,CAAC,MAAM,sBAAsB,GACjC,6LAA6L,CAAC;AAEhM,wDAAwD;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;AAEtF,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,OAAO,EAAE,CAAC;IACV,SAAS,EAAE,0BAA0B;IACrC,SAAS,EAAE,0BAA0B;IACrC,OAAO,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;IACxC,aAAa,EAAE,EAAE;IACjB,YAAY,EAAE,EAAE;IAChB,aAAa,EAAE,EAAE;IACjB,kBAAkB,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE;CACjD,CAAC"}

package/dist/testing/no-plaintext.d.ts

@@ -0,0 +1,2 @@
+export * from "../validation/plaintext-reject.js";
+//# sourceMappingURL=no-plaintext.d.ts.map

package/dist/testing/no-plaintext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-plaintext.d.ts","sourceRoot":"","sources":["../../src/testing/no-plaintext.ts"],"names":[],"mappings":"AAAA,cAAc,mCAAmC,CAAC"}