@tinycloud/node-sdk 1.6.0 → 2.0.0

package/dist/index.js

@@ -17027,13 +17027,63 @@ var require_utils2 = __commonJS({
   }
 });
 
-// src/index.ts
-import { TinyCloud as TinyCloud2 } from "@tinycloud/sdk-core";
+// src/NodeWasmBindings.ts
+import {
+  invoke,
+  prepareSession,
+  completeSessionSetup,
+  ensureEip55,
+  makeSpaceId,
+  createDelegation,
+  generateHostSIWEMessage,
+  siweToDelegationHeaders,
+  protocolVersion,
+  TCWSessionManager,
+  initPanicHook,
+  vault_encrypt,
+  vault_decrypt,
+  vault_derive_key,
+  vault_x25519_from_seed,
+  vault_x25519_dh,
+  vault_random_bytes,
+  vault_sha256
+} from "@tinycloud/node-sdk-wasm";
+var _NodeWasmBindings = class _NodeWasmBindings {
+  constructor() {
+    this.invoke = invoke;
+    this.prepareSession = prepareSession;
+    this.completeSessionSetup = completeSessionSetup;
+    this.ensureEip55 = ensureEip55;
+    this.makeSpaceId = makeSpaceId;
+    this.createDelegation = createDelegation;
+    this.generateHostSIWEMessage = generateHostSIWEMessage;
+    this.siweToDelegationHeaders = siweToDelegationHeaders;
+    this.protocolVersion = protocolVersion;
+    // Vault crypto
+    this.vault_encrypt = vault_encrypt;
+    this.vault_decrypt = vault_decrypt;
+    this.vault_derive_key = vault_derive_key;
+    this.vault_x25519_from_seed = vault_x25519_from_seed;
+    this.vault_x25519_dh = vault_x25519_dh;
+    this.vault_random_bytes = vault_random_bytes;
+    this.vault_sha256 = vault_sha256;
+    if (!_NodeWasmBindings.panicHookInitialized) {
+      initPanicHook();
+      _NodeWasmBindings.panicHookInitialized = true;
+    }
+  }
+  createSessionManager() {
+    return new TCWSessionManager();
+  }
+  // No ensureInitialized needed — Node WASM is synchronous
+};
+_NodeWasmBindings.panicHookInitialized = false;
+var NodeWasmBindings = _NodeWasmBindings;
 
 // src/signers/PrivateKeySigner.ts
 import {
   signEthereumMessage,
-  ensureEip55
+  ensureEip55 as ensureEip552
 } from "@tinycloud/node-sdk-wasm";
 var PrivateKeySigner = class {
   /**
@@ -17072,7 +17122,7 @@ var PrivateKeySigner = class {
       const pubKeyWithoutPrefix = publicKey.slice(4);
       const hash3 = keccak2563("0x" + pubKeyWithoutPrefix);
       const address = "0x" + hash3.slice(-40);
-      return ensureEip55(address);
+      return ensureEip552(address);
     } catch {
       return "0x" + this.privateKeyHex.slice(0, 40);
     }
@@ -17096,6 +17146,37 @@ var PrivateKeySigner = class {
   }
 };
 
+// src/TinyCloudNode.ts
+import {
+  TinyCloud,
+  activateSessionWithHost as activateSessionWithHost2,
+  KVService as KVService2,
+  SQLService as SQLService2,
+  DuckDbService as DuckDbService2,
+  DataVaultService,
+  createVaultCrypto,
+  ServiceContext as ServiceContext2,
+  SilentNotificationHandler,
+  DelegationManager,
+  SpaceService,
+  CapabilityKeyRegistry,
+  SharingService,
+  UnsupportedFeatureError,
+  makePublicSpaceId
+} from "@tinycloud/sdk-core";
+
+// src/authorization/NodeUserAuthorization.ts
+import {
+  fetchPeerId,
+  submitHostDelegation,
+  activateSessionWithHost,
+  checkNodeInfo,
+  AutoApproveSpaceCreationHandler
+} from "@tinycloud/sdk-core";
+
+// src/authorization/strategies.ts
+var defaultSignStrategy = { type: "auto-sign" };
+
 // src/storage/MemorySessionStorage.ts
 var MemorySessionStorage = class {
   constructor() {
@@ -17167,157 +17248,12 @@ var MemorySessionStorage = class {
   }
 };
 
-// src/storage/FileSessionStorage.ts
-import { validatePersistedSessionData } from "@tinycloud/sdk-core";
-import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync } from "fs";
-import { join } from "path";
-var FileSessionStorage = class {
-  /**
-   * Create a new FileSessionStorage.
-   *
-   * @param baseDir - Directory to store session files (default: ~/.tinycloud/sessions)
-   */
-  constructor(baseDir) {
-    this.baseDir = baseDir || this.getDefaultDir();
-    this.ensureDirectoryExists();
-  }
-  /**
-   * Get the default session storage directory.
-   */
-  getDefaultDir() {
-    const home = process.env.HOME || process.env.USERPROFILE || "/tmp";
-    return join(home, ".tinycloud", "sessions");
-  }
-  /**
-   * Ensure the storage directory exists.
-   */
-  ensureDirectoryExists() {
-    if (!existsSync(this.baseDir)) {
-      mkdirSync(this.baseDir, { recursive: true });
-    }
-  }
-  /**
-   * Get the file path for an address.
-   */
-  getFilePath(address) {
-    const normalizedAddress = address.toLowerCase();
-    const filename = `${normalizedAddress.replace("0x", "")}.json`;
-    return join(this.baseDir, filename);
-  }
-  /**
-   * Save a session for an address.
-   */
-  async save(address, session) {
-    const filePath = this.getFilePath(address);
-    const data = JSON.stringify(session, null, 2);
-    writeFileSync(filePath, data, "utf-8");
-  }
-  /**
-   * Load a session for an address.
-   */
-  async load(address) {
-    const filePath = this.getFilePath(address);
-    if (!existsSync(filePath)) {
-      return null;
-    }
-    try {
-      const data = readFileSync(filePath, "utf-8");
-      const parsed = JSON.parse(data);
-      const validation = validatePersistedSessionData(parsed);
-      if (!validation.ok) {
-        console.warn(`Invalid session data for ${address}:`, validation.error.message);
-        unlinkSync(filePath);
-        return null;
-      }
-      const session = validation.data;
-      const expiresAt = new Date(session.expiresAt);
-      if (expiresAt < /* @__PURE__ */ new Date()) {
-        unlinkSync(filePath);
-        return null;
-      }
-      return session;
-    } catch (error) {
-      try {
-        unlinkSync(filePath);
-      } catch {
-      }
-      return null;
-    }
-  }
-  /**
-   * Clear a session for an address.
-   */
-  async clear(address) {
-    const filePath = this.getFilePath(address);
-    if (existsSync(filePath)) {
-      unlinkSync(filePath);
-    }
-  }
-  /**
-   * Check if a session exists for an address.
-   */
-  exists(address) {
-    const filePath = this.getFilePath(address);
-    if (!existsSync(filePath)) {
-      return false;
-    }
-    try {
-      const data = readFileSync(filePath, "utf-8");
-      const session = JSON.parse(data);
-      const expiresAt = new Date(session.expiresAt);
-      if (expiresAt < /* @__PURE__ */ new Date()) {
-        unlinkSync(filePath);
-        return false;
-      }
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  /**
-   * Check if file system storage is available.
-   */
-  isAvailable() {
-    try {
-      this.ensureDirectoryExists();
-      return existsSync(this.baseDir);
-    } catch {
-      return false;
-    }
-  }
-};
-
-// src/authorization/NodeUserAuthorization.ts
-import {
-  fetchPeerId,
-  submitHostDelegation,
-  activateSessionWithHost,
-  checkNodeVersion
-} from "@tinycloud/sdk-core";
-import {
-  TCWSessionManager as SessionManager,
-  prepareSession,
-  completeSessionSetup,
-  ensureEip55 as ensureEip552,
-  makeSpaceId,
-  initPanicHook,
-  generateHostSIWEMessage,
-  siweToDelegationHeaders,
-  protocolVersion
-} from "@tinycloud/node-sdk-wasm";
-
-// src/authorization/strategies.ts
-var defaultSignStrategy = { type: "auto-sign" };
-
 // src/authorization/NodeUserAuthorization.ts
-var _NodeUserAuthorization = class _NodeUserAuthorization {
+var NodeUserAuthorization = class {
   constructor(config) {
     this.extensions = [];
     this._nodeFeatures = [];
-    if (!_NodeUserAuthorization.wasmInitialized) {
-      initPanicHook();
-      _NodeUserAuthorization.wasmInitialized = true;
-    }
+    this.wasm = config.wasmBindings;
     this.signer = config.signer;
     this.signStrategy = config.signStrategy ?? defaultSignStrategy;
     this.sessionStorage = config.sessionStorage ?? new MemorySessionStorage();
@@ -17360,9 +17296,10 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     };
     this.sessionExpirationMs = config.sessionExpirationMs ?? 60 * 60 * 1e3;
     this.autoCreateSpace = config.autoCreateSpace ?? false;
+    this.spaceCreationHandler = config.spaceCreationHandler;
     this.tinycloudHosts = config.tinycloudHosts ?? ["https://node.tinycloud.xyz"];
     this.enablePublicSpace = config.enablePublicSpace ?? true;
-    this.sessionManager = new SessionManager();
+    this.sessionManager = this.wasm.createSessionManager();
   }
   /**
    * The current active session (web-core compatible).
@@ -17403,7 +17340,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     const host = this.tinycloudHosts[0];
     const spaceId = targetSpaceId ?? this._tinyCloudSession.spaceId;
     const peerId = await fetchPeerId(host, spaceId);
-    const siwe = generateHostSIWEMessage({
+    const siwe = this.wasm.generateHostSIWEMessage({
       address: this._address,
       chainId: this._chainId,
       domain: this.domain,
@@ -17412,7 +17349,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       peerId
     });
     const signature2 = await this.signMessage(siwe);
-    const headers = siweToDelegationHeaders({ siwe, signature: signature2 });
+    const headers = this.wasm.siweToDelegationHeaders({ siwe, signature: signature2 });
     const result = await submitHostDelegation(host, headers);
     return result.success;
   }
@@ -17441,17 +17378,35 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       host,
       this._tinyCloudSession.delegationHeader
     );
+    const handler = this.spaceCreationHandler ?? (this.autoCreateSpace ? new AutoApproveSpaceCreationHandler() : void 0);
+    const creationContext = {
+      spaceId: primarySpaceId,
+      address: this._address,
+      chainId: this._chainId,
+      host
+    };
     if (result.success) {
       const primarySkipped = result.skipped?.includes(primarySpaceId);
       if (!primarySkipped) {
         return;
       }
-      if (!this.autoCreateSpace) {
+      if (!handler) {
         return;
       }
-      const created = await this.hostSpace();
-      if (!created) {
-        throw new Error(`Failed to create space: ${primarySpaceId}`);
+      const confirmed = await handler.confirmSpaceCreation(creationContext);
+      if (!confirmed) {
+        return;
+      }
+      try {
+        const created = await this.hostSpace();
+        if (!created) {
+          const err = new Error(`Failed to create space: ${primarySpaceId}`);
+          handler.onSpaceCreationFailed?.(creationContext, err);
+          throw err;
+        }
+      } catch (error) {
+        handler.onSpaceCreationFailed?.(creationContext, error instanceof Error ? error : new Error(String(error)));
+        throw error;
       }
       await new Promise((resolve) => setTimeout(resolve, 100));
       const retryResult = await activateSessionWithHost(
@@ -17459,19 +17414,33 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
         this._tinyCloudSession.delegationHeader
       );
       if (!retryResult.success) {
-        throw new Error(
+        const err = new Error(
           `Failed to activate session after creating space: ${retryResult.error}`
         );
+        handler.onSpaceCreationFailed?.(creationContext, err);
+        throw err;
       }
+      handler.onSpaceCreated?.(creationContext);
       return;
     }
     if (result.status === 404) {
-      if (!this.autoCreateSpace) {
+      if (!handler) {
         return;
       }
-      const created = await this.hostSpace();
-      if (!created) {
-        throw new Error(`Failed to create space: ${primarySpaceId}`);
+      const confirmed = await handler.confirmSpaceCreation(creationContext);
+      if (!confirmed) {
+        return;
+      }
+      try {
+        const created = await this.hostSpace();
+        if (!created) {
+          const err = new Error(`Failed to create space: ${primarySpaceId}`);
+          handler.onSpaceCreationFailed?.(creationContext, err);
+          throw err;
+        }
+      } catch (error) {
+        handler.onSpaceCreationFailed?.(creationContext, error instanceof Error ? error : new Error(String(error)));
+        throw error;
       }
       await new Promise((resolve) => setTimeout(resolve, 100));
       const retryResult = await activateSessionWithHost(
@@ -17479,10 +17448,13 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
         this._tinyCloudSession.delegationHeader
       );
       if (!retryResult.success) {
-        throw new Error(
+        const err = new Error(
           `Failed to activate session after creating space: ${retryResult.error}`
         );
+        handler.onSpaceCreationFailed?.(creationContext, err);
+        throw err;
       }
+      handler.onSpaceCreated?.(creationContext);
       return;
     }
     throw new Error(`Failed to activate session: ${result.error}`);
@@ -17499,7 +17471,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
   async signIn() {
     this._address = await this.signer.getAddress();
     this._chainId = await this.signer.getChainId();
-    const address = ensureEip552(this._address);
+    const address = this.wasm.ensureEip55(this._address);
     const chainId = this._chainId;
     const keyId = `session-${Date.now()}`;
     this.sessionManager.renameSessionKeyId("default", keyId);
@@ -17508,10 +17480,10 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       throw new Error("Failed to create session key");
     }
     const jwk = JSON.parse(jwkString);
-    const spaceId = makeSpaceId(address, chainId, this.spacePrefix);
+    const spaceId = this.wasm.makeSpaceId(address, chainId, this.spacePrefix);
     const now = /* @__PURE__ */ new Date();
     const expirationTime = new Date(now.getTime() + this.sessionExpirationMs);
-    const prepared = prepareSession({
+    const prepared = this.wasm.prepareSession({
       abilities: this.defaultActions,
       address,
       chainId,
@@ -17527,7 +17499,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       message: prepared.siwe,
       type: "siwe"
     });
-    const session = completeSessionSetup({
+    const session = this.wasm.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
@@ -17539,7 +17511,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       siwe: prepared.siwe,
       signature: signature2
     };
-    const spacesMetadata = this.enablePublicSpace ? { public: makeSpaceId(address, chainId, "public") } : void 0;
+    const spacesMetadata = this.enablePublicSpace ? { public: this.wasm.makeSpaceId(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
@@ -17575,7 +17547,8 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     this._tinyCloudSession = tinyCloudSession;
     this._address = address;
     this._chainId = chainId;
-    this._nodeFeatures = await checkNodeVersion(this.tinycloudHosts[0], protocolVersion());
+    const nodeInfo = await checkNodeInfo(this.tinycloudHosts[0], this.wasm.protocolVersion());
+    this._nodeFeatures = nodeInfo.features;
     for (const ext of this.extensions) {
       if (ext.afterSignIn) {
         await ext.afterSignIn(clientSession);
@@ -17637,7 +17610,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
    * ```
    */
   async prepareSessionForSigning() {
-    const address = ensureEip552(await this.signer.getAddress());
+    const address = this.wasm.ensureEip55(await this.signer.getAddress());
     const chainId = await this.signer.getChainId();
     const keyId = `session-${Date.now()}`;
     this.sessionManager.renameSessionKeyId("default", keyId);
@@ -17646,10 +17619,10 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       throw new Error("Failed to create session key");
     }
     const jwk = JSON.parse(jwkString);
-    const spaceId = makeSpaceId(address, chainId, this.spacePrefix);
+    const spaceId = this.wasm.makeSpaceId(address, chainId, this.spacePrefix);
     const now = /* @__PURE__ */ new Date();
     const expirationTime = new Date(now.getTime() + this.sessionExpirationMs);
-    const prepared = prepareSession({
+    const prepared = this.wasm.prepareSession({
       abilities: this.defaultActions,
       address,
       chainId,
@@ -17679,11 +17652,11 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
    * @param jwk - The JWK from `prepareSessionForSigning()`
    */
   async signInWithPreparedSession(prepared, signature2, keyId, jwk) {
-    const session = completeSessionSetup({
+    const session = this.wasm.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
-    const address = ensureEip552(await this.signer.getAddress());
+    const address = this.wasm.ensureEip55(await this.signer.getAddress());
     const chainId = await this.signer.getChainId();
     const clientSession = {
       address,
@@ -17693,7 +17666,7 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
       siwe: prepared.siwe,
       signature: signature2
     };
-    const spacesMetadata = this.enablePublicSpace ? { public: makeSpaceId(address, chainId, "public") } : void 0;
+    const spacesMetadata = this.enablePublicSpace ? { public: this.wasm.makeSpaceId(address, chainId, "public") } : void 0;
     const tinyCloudSession = {
       address,
       chainId,
@@ -17733,7 +17706,8 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     this._tinyCloudSession = tinyCloudSession;
     this._address = address;
     this._chainId = chainId;
-    this._nodeFeatures = await checkNodeVersion(this.tinycloudHosts[0], protocolVersion());
+    const nodeInfo = await checkNodeInfo(this.tinycloudHosts[0], this.wasm.protocolVersion());
+    this._nodeFeatures = nodeInfo.features;
     for (const ext of this.extensions) {
       if (ext.afterSignIn) {
         await ext.afterSignIn(clientSession);
@@ -17809,42 +17783,6 @@ var _NodeUserAuthorization = class _NodeUserAuthorization {
     });
   }
 };
-/** Flag to ensure WASM panic hook is only initialized once */
-_NodeUserAuthorization.wasmInitialized = false;
-var NodeUserAuthorization = _NodeUserAuthorization;
-
-// src/TinyCloudNode.ts
-import {
-  TinyCloud,
-  activateSessionWithHost as activateSessionWithHost2,
-  KVService as KVService2,
-  SQLService as SQLService2,
-  DuckDbService as DuckDbService2,
-  DataVaultService,
-  createVaultCrypto,
-  ServiceContext as ServiceContext2,
-  DelegationManager,
-  SpaceService,
-  CapabilityKeyRegistry,
-  SharingService,
-  UnsupportedFeatureError
-} from "@tinycloud/sdk-core";
-import {
-  TCWSessionManager as SessionManager2,
-  prepareSession as prepareSession2,
-  completeSessionSetup as completeSessionSetup2,
-  ensureEip55 as ensureEip553,
-  invoke as invoke2,
-  initPanicHook as initPanicHook2,
-  createDelegation,
-  vault_encrypt,
-  vault_decrypt,
-  vault_derive_key,
-  vault_x25519_from_seed,
-  vault_x25519_dh,
-  vault_random_bytes,
-  vault_sha256
-} from "@tinycloud/node-sdk-wasm";
 
 // src/DelegatedAccess.ts
 import {
@@ -17853,14 +17791,13 @@ import {
   DuckDbService,
   ServiceContext
 } from "@tinycloud/sdk-core";
-import { invoke } from "@tinycloud/node-sdk-wasm";
 var DelegatedAccess = class {
-  constructor(session, delegation, host) {
+  constructor(session, delegation, host, invoke2) {
     this.session = session;
     this._delegation = delegation;
     this.host = host;
     this._serviceContext = new ServiceContext({
-      invoke,
+      invoke: invoke2,
       fetch: globalThis.fetch.bind(globalThis),
       hosts: [host]
     });
@@ -17978,7 +17915,7 @@ var WasmKeyProvider = class {
    * @returns Array of key IDs
    */
   listKeys() {
-    const keys = this.sessionManager.listSessionKeys();
+    const keys = this.sessionManager.listSessionKeys?.();
     return Array.isArray(keys) ? keys : [];
   }
   /**
@@ -17998,7 +17935,7 @@ function createWasmKeyProvider(sessionManager) {
 
 // src/TinyCloudNode.ts
 var DEFAULT_HOST = "https://node.tinycloud.xyz";
-var _TinyCloudNode = class _TinyCloudNode {
+var TinyCloudNode = class _TinyCloudNode {
   /**
    * Create a new TinyCloudNode instance.
    *
@@ -18027,15 +17964,20 @@ var _TinyCloudNode = class _TinyCloudNode {
     this.auth = null;
     this.tc = null;
     this._chainId = 1;
-    if (!_TinyCloudNode.wasmInitialized) {
-      initPanicHook2();
-      _TinyCloudNode.wasmInitialized = true;
-    }
     this.config = {
       ...config,
       host: config.host ?? DEFAULT_HOST
     };
-    this.sessionManager = new SessionManager2();
+    if (config.wasmBindings) {
+      this.wasmBindings = config.wasmBindings;
+    } else if (_TinyCloudNode.nodeDefaults) {
+      this.wasmBindings = _TinyCloudNode.nodeDefaults.createWasmBindings();
+    } else {
+      throw new Error(
+        "wasmBindings must be provided in config. Import from '@tinycloud/node-sdk' (not '/core') for automatic Node.js defaults."
+      );
+    }
+    this.sessionManager = this.wasmBindings.createSessionManager();
     const defaultKeyId = "default";
     let jwkStr = this.sessionManager.jwk(defaultKeyId);
     if (jwkStr) {
@@ -18052,10 +17994,11 @@ var _TinyCloudNode = class _TinyCloudNode {
     this._keyProvider = new WasmKeyProvider({
       sessionManager: this.sessionManager
     });
+    this.notificationHandler = config.notificationHandler ?? new SilentNotificationHandler();
     this._sharingService = new SharingService({
       hosts: [this.config.host],
       // session: undefined - not needed for receive()
-      invoke: invoke2,
+      invoke: this.wasmBindings.invoke,
       fetch: globalThis.fetch.bind(globalThis),
       keyProvider: this._keyProvider,
       registry: this._capabilityRegistry,
@@ -18073,27 +18016,48 @@ var _TinyCloudNode = class _TinyCloudNode {
         return kvService;
       }
     });
-    if (config.privateKey) {
-      this.signer = new PrivateKeySigner(config.privateKey, this._chainId);
-      const host = this.config.host;
-      const domain = config.domain ?? new URL(host).hostname;
-      this.auth = new NodeUserAuthorization({
-        signer: this.signer,
-        signStrategy: { type: "auto-sign" },
-        sessionStorage: config.sessionStorage ?? new MemorySessionStorage(),
-        domain,
-        spacePrefix: config.prefix,
-        sessionExpirationMs: config.sessionExpirationMs ?? 60 * 60 * 1e3,
-        tinycloudHosts: [host],
-        autoCreateSpace: config.autoCreateSpace,
-        enablePublicSpace: config.enablePublicSpace ?? true
-      });
-      this.tc = new TinyCloud(this.auth);
+    if (config.signer) {
+      this.signer = config.signer;
+      this.setupAuth(config);
+    } else if (config.privateKey) {
+      if (!_TinyCloudNode.nodeDefaults) {
+        throw new Error(
+          "privateKey requires PrivateKeySigner. Either provide a signer in config, or import from '@tinycloud/node-sdk' (not '/core') for automatic Node.js defaults."
+        );
+      }
+      this.signer = _TinyCloudNode.nodeDefaults.createSigner(config.privateKey, this._chainId);
+      this.setupAuth(config);
     }
   }
+  /** @internal Register Node.js-specific defaults (NodeWasmBindings, PrivateKeySigner) */
+  static registerNodeDefaults(defaults) {
+    _TinyCloudNode.nodeDefaults = defaults;
+  }
   get nodeFeatures() {
     return this.auth?.nodeFeatures ?? [];
   }
+  /**
+   * Set up authorization handler and TinyCloud instance.
+   * @internal
+   */
+  setupAuth(config) {
+    const host = this.config.host;
+    const domain = config.domain ?? new URL(host).hostname;
+    this.auth = new NodeUserAuthorization({
+      signer: this.signer,
+      signStrategy: { type: "auto-sign" },
+      wasmBindings: this.wasmBindings,
+      sessionStorage: config.sessionStorage ?? new MemorySessionStorage(),
+      domain,
+      spacePrefix: config.prefix,
+      sessionExpirationMs: config.sessionExpirationMs ?? 60 * 60 * 1e3,
+      tinycloudHosts: [host],
+      autoCreateSpace: config.autoCreateSpace,
+      enablePublicSpace: config.enablePublicSpace ?? true,
+      spaceCreationHandler: config.spaceCreationHandler
+    });
+    this.tc = new TinyCloud(this.auth);
+  }
   /**
    * Get the primary identity DID for this user.
    * - If wallet connected and signed in: returns PKH DID (did:pkh:eip155:{chainId}:{address})
@@ -18155,6 +18119,7 @@ var _TinyCloudNode = class _TinyCloudNode {
         "Cannot signIn() in session-only mode. Provide a privateKey in config to create your own space."
       );
     }
+    await this.wasmBindings.ensureInitialized?.();
     this._address = await this.signer.getAddress();
     this._chainId = await this.signer.getChainId();
     this._kv = void 0;
@@ -18163,6 +18128,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     this._serviceContext = void 0;
     await this.tc.signIn();
     this.initializeServices();
+    this.notificationHandler.success("Successfully signed in");
   }
   /**
    * Restore a previously established session from stored delegation data.
@@ -18174,6 +18140,7 @@ var _TinyCloudNode = class _TinyCloudNode {
    * @param sessionData - The stored delegation data from the browser flow
    */
   async restoreSession(sessionData) {
+    await this.wasmBindings.ensureInitialized?.();
     this._kv = void 0;
     this._sql = void 0;
     this._duckdb = void 0;
@@ -18185,7 +18152,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       this._chainId = sessionData.chainId;
     }
     this._serviceContext = new ServiceContext2({
-      invoke: invoke2,
+      invoke: this.wasmBindings.invoke,
       fetch: globalThis.fetch.bind(globalThis),
       hosts: [this.config.host]
     });
@@ -18206,6 +18173,43 @@ var _TinyCloudNode = class _TinyCloudNode {
       jwk: sessionData.jwk
     };
     this._serviceContext.setSession(serviceSession);
+    const wasm = this.wasmBindings;
+    const vaultCrypto = createVaultCrypto({
+      vault_encrypt: wasm.vault_encrypt,
+      vault_decrypt: wasm.vault_decrypt,
+      vault_derive_key: wasm.vault_derive_key,
+      vault_x25519_from_seed: wasm.vault_x25519_from_seed,
+      vault_x25519_dh: wasm.vault_x25519_dh,
+      vault_random_bytes: wasm.vault_random_bytes,
+      vault_sha256: wasm.vault_sha256
+    });
+    const self2 = this;
+    this._vault = new DataVaultService({
+      spaceId: sessionData.spaceId,
+      crypto: vaultCrypto,
+      tc: {
+        kv: this._kv,
+        ensurePublicSpace: async () => {
+          try {
+            await self2.ensurePublicSpace();
+            return { ok: true, data: void 0 };
+          } catch (error) {
+            return { ok: false, error: { code: "STORAGE_ERROR", message: error instanceof Error ? error.message : String(error), service: "vault" } };
+          }
+        },
+        get publicKV() {
+          return self2._publicKV ?? self2.tc.publicKV;
+        },
+        readPublicSpace: (host, spaceId, key2) => TinyCloud.readPublicSpace(host, spaceId, key2),
+        makePublicSpaceId: TinyCloud.makePublicSpaceId,
+        did: this.did,
+        address: sessionData.address ?? this._address ?? "",
+        chainId: sessionData.chainId ?? this._chainId,
+        hosts: [this.config.host]
+      }
+    });
+    this._vault.initialize(this._serviceContext);
+    this._serviceContext.registerService("vault", this._vault);
     this.initializeV2Services(serviceSession);
   }
   /**
@@ -18240,17 +18244,61 @@ var _TinyCloudNode = class _TinyCloudNode {
     const prefix = options?.prefix ?? "default";
     const host = this.config.host;
     const domain = new URL(host).hostname;
-    this.signer = new PrivateKeySigner(privateKey);
+    if (!_TinyCloudNode.nodeDefaults) {
+      throw new Error(
+        "connectWallet() requires PrivateKeySigner. Use connectSigner() instead, or import from '@tinycloud/node-sdk' (not '/core') for automatic Node.js defaults."
+      );
+    }
+    this.signer = _TinyCloudNode.nodeDefaults.createSigner(privateKey);
+    this.auth = new NodeUserAuthorization({
+      signer: this.signer,
+      signStrategy: { type: "auto-sign" },
+      wasmBindings: this.wasmBindings,
+      sessionStorage: options?.sessionStorage ?? this.config.sessionStorage ?? new MemorySessionStorage(),
+      domain,
+      spacePrefix: prefix,
+      sessionExpirationMs: this.config.sessionExpirationMs ?? 60 * 60 * 1e3,
+      tinycloudHosts: [host],
+      autoCreateSpace: this.config.autoCreateSpace,
+      enablePublicSpace: this.config.enablePublicSpace ?? true,
+      spaceCreationHandler: this.config.spaceCreationHandler
+    });
+    this.tc = new TinyCloud(this.auth);
+    this.config.prefix = prefix;
+  }
+  /**
+   * Connect any ISigner to upgrade from session-only mode to wallet mode.
+   *
+   * Same as connectWallet() but accepts any ISigner implementation instead
+   * of a raw private key string. Use this for browser wallets, hardware wallets,
+   * or custom signing backends.
+   *
+   * Note: This does NOT automatically sign in. Call signIn() after connecting.
+   *
+   * @param signer - Any ISigner implementation
+   * @param options - Optional configuration
+   * @param options.prefix - Space name prefix (defaults to "default")
+   */
+  connectSigner(signer, options) {
+    if (this.signer) {
+      throw new Error("Signer already connected. Cannot connect another signer.");
+    }
+    const prefix = options?.prefix ?? "default";
+    const host = this.config.host;
+    const domain = new URL(host).hostname;
+    this.signer = signer;
     this.auth = new NodeUserAuthorization({
       signer: this.signer,
       signStrategy: { type: "auto-sign" },
+      wasmBindings: this.wasmBindings,
       sessionStorage: options?.sessionStorage ?? this.config.sessionStorage ?? new MemorySessionStorage(),
       domain,
       spacePrefix: prefix,
       sessionExpirationMs: this.config.sessionExpirationMs ?? 60 * 60 * 1e3,
       tinycloudHosts: [host],
       autoCreateSpace: this.config.autoCreateSpace,
-      enablePublicSpace: this.config.enablePublicSpace ?? true
+      enablePublicSpace: this.config.enablePublicSpace ?? true,
+      spaceCreationHandler: this.config.spaceCreationHandler
     });
     this.tc = new TinyCloud(this.auth);
     this.config.prefix = prefix;
@@ -18264,9 +18312,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (!session) {
       return;
     }
-    this.tc.initializeServices(invoke2, [this.config.host]);
+    this.tc.initializeServices(this.wasmBindings.invoke, [this.config.host]);
     this._serviceContext = new ServiceContext2({
-      invoke: invoke2,
+      invoke: this.wasmBindings.invoke,
       fetch: globalThis.fetch.bind(globalThis),
       hosts: [this.config.host]
     });
@@ -18293,14 +18341,15 @@ var _TinyCloudNode = class _TinyCloudNode {
     };
     this._serviceContext.setSession(serviceSession);
     this.tc.serviceContext.setSession(serviceSession);
+    const wasm = this.wasmBindings;
     const vaultCrypto = createVaultCrypto({
-      vault_encrypt,
-      vault_decrypt,
-      vault_derive_key,
-      vault_x25519_from_seed,
-      vault_x25519_dh,
-      vault_random_bytes,
-      vault_sha256
+      vault_encrypt: wasm.vault_encrypt,
+      vault_decrypt: wasm.vault_decrypt,
+      vault_derive_key: wasm.vault_derive_key,
+      vault_x25519_from_seed: wasm.vault_x25519_from_seed,
+      vault_x25519_dh: wasm.vault_x25519_dh,
+      vault_random_bytes: wasm.vault_random_bytes,
+      vault_sha256: wasm.vault_sha256
     });
     const self2 = this;
     this._vault = new DataVaultService({
@@ -18413,13 +18462,13 @@ var _TinyCloudNode = class _TinyCloudNode {
     this._delegationManager = new DelegationManager({
       hosts: [this.config.host],
       session: serviceSession,
-      invoke: invoke2,
+      invoke: this.wasmBindings.invoke,
       fetch: globalThis.fetch.bind(globalThis)
     });
     this._spaceService = new SpaceService({
       hosts: [this.config.host],
       session: serviceSession,
-      invoke: invoke2,
+      invoke: this.wasmBindings.invoke,
       fetch: globalThis.fetch.bind(globalThis),
       capabilityRegistry: this._capabilityRegistry,
       userDid: this.did,
@@ -18480,7 +18529,10 @@ var _TinyCloudNode = class _TinyCloudNode {
       delegationManager: this._delegationManager,
       sessionExpiry: this.getSessionExpiry(),
       // WASM-based delegation creation (preferred - no server roundtrip)
-      createDelegationWasm: (params) => this.createDelegationWrapper(params)
+      createDelegationWasm: (params) => this.createDelegationWrapper(params),
+      // Root delegation for long-lived share links (bypasses session expiry)
+      // In node-sdk we have direct signer access, so no popup needed
+      onRootDelegationNeeded: this.signer ? async (params) => this.createRootDelegationForSharing(params) : void 0
     });
     this._spaceService.updateConfig({
       sharingService: this._sharingService
@@ -18507,7 +18559,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       spaceId: params.session.spaceId,
       verificationMethod: params.session.verificationMethod
     };
-    const result = createDelegation(
+    const result = this.wasmBindings.createDelegation(
       wasmSession,
       params.delegateDID,
       params.spaceId,
@@ -18525,6 +18577,67 @@ var _TinyCloudNode = class _TinyCloudNode {
       expiry: new Date(result.expiry * 1e3)
     };
   }
+  /**
+   * Create a direct root delegation from the wallet to a share key.
+   * This bypasses the session delegation chain, allowing share links
+   * with expiry longer than the current session.
+   * @internal
+   */
+  async createRootDelegationForSharing(params) {
+    if (!this.signer) {
+      return void 0;
+    }
+    const session = this.auth?.tinyCloudSession;
+    if (!session) {
+      return void 0;
+    }
+    try {
+      const host = this.config.host;
+      const now = /* @__PURE__ */ new Date();
+      const abilities = {
+        kv: {
+          [params.path]: params.actions
+        }
+      };
+      const prepared = this.wasmBindings.prepareSession({
+        abilities,
+        address: this.wasmBindings.ensureEip55(session.address),
+        chainId: session.chainId,
+        domain: new URL(host).hostname,
+        issuedAt: now.toISOString(),
+        expirationTime: params.requestedExpiry.toISOString(),
+        spaceId: params.spaceId,
+        delegateUri: params.shareKeyDID
+      });
+      const signature2 = await this.signer.signMessage(prepared.siwe);
+      const delegationSession = this.wasmBindings.completeSessionSetup({
+        ...prepared,
+        signature: signature2
+      });
+      const activateResult = await activateSessionWithHost2(
+        host,
+        delegationSession.delegationHeader
+      );
+      if (!activateResult.success) {
+        return void 0;
+      }
+      return {
+        cid: delegationSession.delegationCid,
+        delegateDID: params.shareKeyDID,
+        delegatorDID: `did:pkh:eip155:${session.chainId}:${session.address}`,
+        spaceId: params.spaceId,
+        path: params.path,
+        actions: params.actions,
+        expiry: params.requestedExpiry,
+        isRevoked: false,
+        allowSubDelegation: true,
+        createdAt: now,
+        authHeader: delegationSession.delegationHeader.Authorization
+      };
+    } catch {
+      return void 0;
+    }
+  }
   /**
    * Track a received delegation in the capability registry.
    * @internal
@@ -18795,9 +18908,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     const now = /* @__PURE__ */ new Date();
     const expiryMs = 60 * 60 * 1e3;
     const expirationTime = new Date(now.getTime() + expiryMs);
-    const prepared = prepareSession2({
+    const prepared = this.wasmBindings.prepareSession({
       abilities,
-      address: ensureEip553(this.session.address),
+      address: this.wasmBindings.ensureEip55(this.session.address),
       chainId: this.session.chainId,
       domain: new URL(this.config.host).hostname,
       issuedAt: now.toISOString(),
@@ -18807,7 +18920,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       parents: [this.session.delegationCid]
     });
     const signature2 = await this.signer.signMessage(prepared.siwe);
-    const delegationSession = completeSessionSetup2({
+    const delegationSession = this.wasmBindings.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
@@ -18840,7 +18953,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (this._serviceContext) {
       const publicKV = new KVService2({ prefix: "" });
       const publicContext = new ServiceContext2({
-        invoke: invoke2,
+        invoke: this.wasmBindings.invoke,
         fetch: this._serviceContext.fetch,
         hosts: this._serviceContext.hosts
       });
@@ -18941,6 +19054,11 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (!session) {
       throw new Error("Not signed in. Call signIn() first.");
     }
+    if (params.delegateDID.endsWith(".eth") && this.config.ensResolver) {
+      const address = await this.config.ensResolver.resolveAddress(params.delegateDID);
+      if (!address) throw new Error(`Could not resolve ENS name: ${params.delegateDID}`);
+      params = { ...params, delegateDID: `did:pkh:eip155:1:${address}` };
+    }
     const abilities = {};
     const kvActions = params.actions.filter((a) => a.startsWith("tinycloud.kv/"));
     const sqlActions = params.actions.filter((a) => a.startsWith("tinycloud.sql/"));
@@ -18957,9 +19075,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     const now = /* @__PURE__ */ new Date();
     const expiryMs = params.expiryMs ?? 60 * 60 * 1e3;
     const expirationTime = new Date(now.getTime() + expiryMs);
-    const prepared = prepareSession2({
+    const prepared = this.wasmBindings.prepareSession({
       abilities,
-      address: ensureEip553(session.address),
+      address: this.wasmBindings.ensureEip55(session.address),
       chainId: session.chainId,
       domain: new URL(this.config.host).hostname,
       issuedAt: now.toISOString(),
@@ -18969,7 +19087,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       parents: [session.delegationCid]
     });
     const signature2 = await this.signer.signMessage(prepared.siwe);
-    const delegationSession = completeSessionSetup2({
+    const delegationSession = this.wasmBindings.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
@@ -18980,7 +19098,7 @@ var _TinyCloudNode = class _TinyCloudNode {
     if (!activateResult.success) {
       throw new Error(`Failed to activate delegation: ${activateResult.error}`);
     }
-    return {
+    const result = {
       cid: delegationSession.delegationCid,
       delegationHeader: delegationSession.delegationHeader,
       spaceId: params.spaceIdOverride ?? session.spaceId,
@@ -18993,6 +19111,52 @@ var _TinyCloudNode = class _TinyCloudNode {
       chainId: session.chainId,
       host: this.config.host
     };
+    const hasKvActions = params.actions.some((a) => a.startsWith("tinycloud.kv/"));
+    if (hasKvActions && params.includePublicSpace !== false) {
+      const publicSpaceId = makePublicSpaceId(
+        this.wasmBindings.ensureEip55(session.address),
+        session.chainId
+      );
+      const publicAbilities = {
+        kv: { "": ["tinycloud.kv/get", "tinycloud.kv/put", "tinycloud.kv/metadata"] }
+      };
+      const publicPrepared = this.wasmBindings.prepareSession({
+        abilities: publicAbilities,
+        address: this.wasmBindings.ensureEip55(session.address),
+        chainId: session.chainId,
+        domain: new URL(this.config.host).hostname,
+        issuedAt: now.toISOString(),
+        expirationTime: expirationTime.toISOString(),
+        spaceId: publicSpaceId,
+        delegateUri: params.delegateDID,
+        parents: [session.delegationCid]
+      });
+      const publicSignature = await this.signer.signMessage(publicPrepared.siwe);
+      const publicSession = this.wasmBindings.completeSessionSetup({
+        ...publicPrepared,
+        signature: publicSignature
+      });
+      const publicActivateResult = await activateSessionWithHost2(
+        this.config.host,
+        publicSession.delegationHeader
+      );
+      if (publicActivateResult.success) {
+        result.publicDelegation = {
+          cid: publicSession.delegationCid,
+          delegationHeader: publicSession.delegationHeader,
+          spaceId: publicSpaceId,
+          path: "",
+          actions: ["tinycloud.kv/get", "tinycloud.kv/put", "tinycloud.kv/metadata"],
+          disableSubDelegation: params.disableSubDelegation ?? false,
+          expiry: expirationTime,
+          delegateDID: params.delegateDID,
+          ownerAddress: session.address,
+          chainId: session.chainId,
+          host: this.config.host
+        };
+      }
+    }
+    return result;
   }
   /**
    * Use a delegation received from another user.
@@ -19032,7 +19196,7 @@ var _TinyCloudNode = class _TinyCloudNode {
         // Not used in session-only mode
       };
       this.trackReceivedDelegation(delegation, this.sessionKeyJwk);
-      return new DelegatedAccess(session2, delegation, targetHost);
+      return new DelegatedAccess(session2, delegation, targetHost, this.wasmBindings.invoke);
     }
     const mySession = this.auth?.tinyCloudSession;
     if (!mySession) {
@@ -19055,9 +19219,9 @@ var _TinyCloudNode = class _TinyCloudNode {
     const now = /* @__PURE__ */ new Date();
     const maxExpiry = new Date(now.getTime() + 60 * 60 * 1e3);
     const expirationTime = delegation.expiry < maxExpiry ? delegation.expiry : maxExpiry;
-    const prepared = prepareSession2({
+    const prepared = this.wasmBindings.prepareSession({
       abilities,
-      address: ensureEip553(mySession.address),
+      address: this.wasmBindings.ensureEip55(mySession.address),
       chainId: mySession.chainId,
       domain: new URL(targetHost).hostname,
       issuedAt: now.toISOString(),
@@ -19067,7 +19231,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       parents: [delegation.cid]
     });
     const signature2 = await this.signer.signMessage(prepared.siwe);
-    const invokerSession = completeSessionSetup2({
+    const invokerSession = this.wasmBindings.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
@@ -19091,7 +19255,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       signature: signature2
     };
     this.trackReceivedDelegation(delegation, jwk);
-    return new DelegatedAccess(session, delegation, targetHost);
+    return new DelegatedAccess(session, delegation, targetHost, this.wasmBindings.invoke);
   }
   /**
    * Create a sub-delegation from a received delegation.
@@ -19144,9 +19308,9 @@ var _TinyCloudNode = class _TinyCloudNode {
       abilities.duckdb = { [params.path]: duckdbActions };
     }
     const targetHost = parentDelegation.host ?? this.config.host;
-    const prepared = prepareSession2({
+    const prepared = this.wasmBindings.prepareSession({
       abilities,
-      address: ensureEip553(this._address),
+      address: this.wasmBindings.ensureEip55(this._address),
       chainId: this._chainId,
       domain: new URL(targetHost).hostname,
       issuedAt: now.toISOString(),
@@ -19156,7 +19320,7 @@ var _TinyCloudNode = class _TinyCloudNode {
       parents: [parentDelegation.cid]
     });
     const signature2 = await this.signer.signMessage(prepared.siwe);
-    const subDelegationSession = completeSessionSetup2({
+    const subDelegationSession = this.wasmBindings.completeSessionSetup({
       ...prepared,
       signature: signature2
     });
@@ -19182,9 +19346,140 @@ var _TinyCloudNode = class _TinyCloudNode {
     };
   }
 };
-/** Flag to ensure WASM panic hook is only initialized once */
-_TinyCloudNode.wasmInitialized = false;
-var TinyCloudNode = _TinyCloudNode;
+
+// src/nodeDefaults.ts
+TinyCloudNode.registerNodeDefaults({
+  createWasmBindings: () => new NodeWasmBindings(),
+  createSigner: (privateKey, chainId) => new PrivateKeySigner(privateKey, chainId)
+});
+
+// src/index.ts
+import { TinyCloud as TinyCloud2 } from "@tinycloud/sdk-core";
+import {
+  SilentNotificationHandler as SilentNotificationHandler2,
+  AutoApproveSpaceCreationHandler as AutoApproveSpaceCreationHandler2,
+  defaultSpaceCreationHandler
+} from "@tinycloud/sdk-core";
+
+// src/storage/FileSessionStorage.ts
+import { validatePersistedSessionData } from "@tinycloud/sdk-core";
+import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync } from "fs";
+import { join } from "path";
+var FileSessionStorage = class {
+  /**
+   * Create a new FileSessionStorage.
+   *
+   * @param baseDir - Directory to store session files (default: ~/.tinycloud/sessions)
+   */
+  constructor(baseDir) {
+    this.baseDir = baseDir || this.getDefaultDir();
+    this.ensureDirectoryExists();
+  }
+  /**
+   * Get the default session storage directory.
+   */
+  getDefaultDir() {
+    const home = process.env.HOME || process.env.USERPROFILE || "/tmp";
+    return join(home, ".tinycloud", "sessions");
+  }
+  /**
+   * Ensure the storage directory exists.
+   */
+  ensureDirectoryExists() {
+    if (!existsSync(this.baseDir)) {
+      mkdirSync(this.baseDir, { recursive: true });
+    }
+  }
+  /**
+   * Get the file path for an address.
+   */
+  getFilePath(address) {
+    const normalizedAddress = address.toLowerCase();
+    const filename = `${normalizedAddress.replace("0x", "")}.json`;
+    return join(this.baseDir, filename);
+  }
+  /**
+   * Save a session for an address.
+   */
+  async save(address, session) {
+    const filePath = this.getFilePath(address);
+    const data = JSON.stringify(session, null, 2);
+    writeFileSync(filePath, data, "utf-8");
+  }
+  /**
+   * Load a session for an address.
+   */
+  async load(address) {
+    const filePath = this.getFilePath(address);
+    if (!existsSync(filePath)) {
+      return null;
+    }
+    try {
+      const data = readFileSync(filePath, "utf-8");
+      const parsed = JSON.parse(data);
+      const validation = validatePersistedSessionData(parsed);
+      if (!validation.ok) {
+        console.warn(`Invalid session data for ${address}:`, validation.error.message);
+        unlinkSync(filePath);
+        return null;
+      }
+      const session = validation.data;
+      const expiresAt = new Date(session.expiresAt);
+      if (expiresAt < /* @__PURE__ */ new Date()) {
+        unlinkSync(filePath);
+        return null;
+      }
+      return session;
+    } catch (error) {
+      try {
+        unlinkSync(filePath);
+      } catch {
+      }
+      return null;
+    }
+  }
+  /**
+   * Clear a session for an address.
+   */
+  async clear(address) {
+    const filePath = this.getFilePath(address);
+    if (existsSync(filePath)) {
+      unlinkSync(filePath);
+    }
+  }
+  /**
+   * Check if a session exists for an address.
+   */
+  exists(address) {
+    const filePath = this.getFilePath(address);
+    if (!existsSync(filePath)) {
+      return false;
+    }
+    try {
+      const data = readFileSync(filePath, "utf-8");
+      const session = JSON.parse(data);
+      const expiresAt = new Date(session.expiresAt);
+      if (expiresAt < /* @__PURE__ */ new Date()) {
+        unlinkSync(filePath);
+        return false;
+      }
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Check if file system storage is available.
+   */
+  isAvailable() {
+    try {
+      this.ensureDirectoryExists();
+      return existsSync(this.baseDir);
+    } catch {
+      return false;
+    }
+  }
+};
 
 // src/delegation.ts
 function serializeDelegation(delegation) {
@@ -19206,7 +19501,7 @@ function deserializeDelegation(data) {
 import { KVService as KVService3, PrefixedKVService } from "@tinycloud/sdk-core";
 import { SQLService as SQLService3, SQLAction, DatabaseHandle } from "@tinycloud/sdk-core";
 import { DuckDbService as DuckDbService3, DuckDbDatabaseHandle, DuckDbAction } from "@tinycloud/sdk-core";
-import { DataVaultService as DataVaultService2, VaultAction, VaultHeaders, createVaultCrypto as createVaultCrypto2 } from "@tinycloud/sdk-core";
+import { DataVaultService as DataVaultService2, VaultHeaders, VaultPublicSpaceKVActions, createVaultCrypto as createVaultCrypto2 } from "@tinycloud/sdk-core";
 import {
   DelegationManager as DelegationManager2,
   SharingService as SharingService2,
@@ -19224,17 +19519,18 @@ import {
   createSpaceService,
   parseSpaceUri,
   buildSpaceUri,
-  makePublicSpaceId,
+  makePublicSpaceId as makePublicSpaceId2,
   Space
 } from "@tinycloud/sdk-core";
 import {
   ProtocolMismatchError,
   VersionCheckError,
   UnsupportedFeatureError as UnsupportedFeatureError2,
-  checkNodeVersion as checkNodeVersion2
+  checkNodeInfo as checkNodeInfo2
 } from "@tinycloud/sdk-core";
 import { ServiceContext as ServiceContext3 } from "@tinycloud/sdk-core";
 export {
+  AutoApproveSpaceCreationHandler2 as AutoApproveSpaceCreationHandler,
   CapabilityKeyRegistry2 as CapabilityKeyRegistry,
   CapabilityKeyRegistryErrorCodes,
   DataVaultService2 as DataVaultService,
@@ -19249,6 +19545,7 @@ export {
   KVService3 as KVService,
   MemorySessionStorage,
   NodeUserAuthorization,
+  NodeWasmBindings,
   PrefixedKVService,
   PrivateKeySigner,
   ProtocolMismatchError,
@@ -19256,26 +19553,28 @@ export {
   SQLService3 as SQLService,
   ServiceContext3 as ServiceContext,
   SharingService2 as SharingService,
+  SilentNotificationHandler2 as SilentNotificationHandler,
   Space,
   SpaceErrorCodes,
   SpaceService2 as SpaceService,
   TinyCloud2 as TinyCloud,
   TinyCloudNode,
   UnsupportedFeatureError2 as UnsupportedFeatureError,
-  VaultAction,
   VaultHeaders,
+  VaultPublicSpaceKVActions,
   VersionCheckError,
   WasmKeyProvider,
   buildSpaceUri,
-  checkNodeVersion2 as checkNodeVersion,
+  checkNodeInfo2 as checkNodeInfo,
   createCapabilityKeyRegistry,
   createSharingService,
   createSpaceService,
   createVaultCrypto2 as createVaultCrypto,
   createWasmKeyProvider,
   defaultSignStrategy,
+  defaultSpaceCreationHandler,
   deserializeDelegation,
-  makePublicSpaceId,
+  makePublicSpaceId2 as makePublicSpaceId,
   parseSpaceUri,
   serializeDelegation
 };