@twin.org/synchronised-storage-service 0.0.1-next.3 → 0.0.1-next.5

package/dist/cjs/index.cjs

@@ -3,13 +3,15 @@
 var entity = require('@twin.org/entity');
 var core = require('@twin.org/core');
 var web = require('@twin.org/web');
+var blobStorageModels = require('@twin.org/blob-storage-models');
 var entityStorageModels = require('@twin.org/entity-storage-models');
 var identityModels = require('@twin.org/identity-models');
 var loggingModels = require('@twin.org/logging-models');
+var standardsW3cDid = require('@twin.org/standards-w3c-did');
 var synchronisedStorageModels = require('@twin.org/synchronised-storage-models');
+var vaultModels = require('@twin.org/vault-models');
 var verifiableStorageModels = require('@twin.org/verifiable-storage-models');
-var blobStorageModels = require('@twin.org/blob-storage-models');
-var standardsW3cDid = require('@twin.org/standards-w3c-did');
+var crypto = require('@twin.org/crypto');
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -21,6 +23,10 @@ exports.SyncSnapshotEntry = class SyncSnapshotEntry {
      * The id for the snapshot.
      */
     id;
+    /**
+     * The version for the snapshot.
+     */
+    version;
     /**
      * The storage key for the snapshot i.e. which entity is being synchronized.
      */
@@ -34,9 +40,13 @@ exports.SyncSnapshotEntry = class SyncSnapshotEntry {
      */
     dateModified;
     /**
-     * The flag to determine if this is the current local snapshot containing changes for this node.
+     * The flag to determine if this is the snapshot is the local one containing changes for this node.
+     */
+    isLocal;
+    /**
+     * The flag to determine if this is a consolidated snapshot.
      */
-    isLocalSnapshot;
+    isConsolidated;
     /**
      * The ids of the storage for the change sets in the snapshot, if this is not a local snapshot.
      */
@@ -50,6 +60,10 @@ __decorate([
     entity.property({ type: "string", isPrimary: true }),
     __metadata("design:type", String)
 ], exports.SyncSnapshotEntry.prototype, "id", void 0);
+__decorate([
+    entity.property({ type: "string" }),
+    __metadata("design:type", String)
+], exports.SyncSnapshotEntry.prototype, "version", void 0);
 __decorate([
     entity.property({ type: "string", isSecondary: true }),
     __metadata("design:type", String)
@@ -59,13 +73,17 @@ __decorate([
     __metadata("design:type", String)
 ], exports.SyncSnapshotEntry.prototype, "dateCreated", void 0);
 __decorate([
-    entity.property({ type: "string", optional: true }),
+    entity.property({ type: "string" }),
     __metadata("design:type", String)
 ], exports.SyncSnapshotEntry.prototype, "dateModified", void 0);
 __decorate([
-    entity.property({ type: "boolean", optional: true }),
+    entity.property({ type: "boolean" }),
+    __metadata("design:type", Boolean)
+], exports.SyncSnapshotEntry.prototype, "isLocal", void 0);
+__decorate([
+    entity.property({ type: "boolean" }),
     __metadata("design:type", Boolean)
-], exports.SyncSnapshotEntry.prototype, "isLocalSnapshot", void 0);
+], exports.SyncSnapshotEntry.prototype, "isConsolidated", void 0);
 __decorate([
     entity.property({ type: "array", itemType: "string", optional: true }),
     __metadata("design:type", Array)
@@ -102,8 +120,8 @@ function generateRestRoutesSynchronisedStorage(baseRouteName, componentName) {
         operationId: "synchronisedStorageSyncChangeSetRequest",
         summary: "Request that the node perform a sync request for a changeset.",
         tag: tagsSynchronisedStorage[0].name,
-        method: "GET",
-        path: `${baseRouteName}/`,
+        method: "POST",
+        path: `${baseRouteName}/sync-changeset`,
         handler: async (httpRequestContext, request) => synchronisedStorageSyncChangeSetRequest(httpRequestContext, componentName, request),
         requestType: {
             type: "ISyncChangeSetRequest",
@@ -111,8 +129,30 @@ function generateRestRoutesSynchronisedStorage(baseRouteName, componentName) {
                 {
                     id: "synchronisedStorageSyncChangeSetRequestExample",
                     request: {
-                        query: {
-                            changeSetStorageId: "12345"
+                        body: {
+                            id: "0909090909090909090909090909090909090909090909090909090909090909",
+                            dateCreated: "2025-05-29T01:00:00.000Z",
+                            dateModified: "2025-05-29T01:00:00.000Z",
+                            nodeIdentity: "did:entity-storage:0xd2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2",
+                            changes: [
+                                {
+                                    entity: {
+                                        dateModified: "2025-01-01T00:00:00.000Z"
+                                    },
+                                    id: "test-id-1",
+                                    operation: "set"
+                                }
+                            ],
+                            proof: {
+                                "@context": "https://www.w3.org/ns/credentials/v2",
+                                created: "2025-05-29T01:00:00.000Z",
+                                cryptosuite: "eddsa-jcs-2022",
+                                proofPurpose: "assertionMethod",
+                                proofValue: "z5efBErQs3YBLZoH7jgKMQaRc9YjAxA5XSYKmW3FmTBDw9WionT2NS2x1SMvcRyBvw53cSSoaCT1xQH9tkWngGCX3",
+                                type: "DataIntegrityProof",
+                                verificationMethod: "did:entity-storage:0xd0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0#synchronised-storage-assertion"
+                            },
+                            storageKey: "test-type"
                         }
                     }
                 }
@@ -122,9 +162,61 @@ function generateRestRoutesSynchronisedStorage(baseRouteName, componentName) {
             {
                 type: "INoContentResponse"
             }
-        ]
+        ],
+        // Authentication is provided by the proof in the request body.
+        skipAuth: true
     };
-    return [syncChangeSetRoute];
+    const getDecryptionKeyRoute = {
+        operationId: "synchronisedStorageGetDecryptionKeyRequest",
+        summary: "Request the decryption key.",
+        tag: tagsSynchronisedStorage[0].name,
+        method: "POST",
+        path: `${baseRouteName}/decryption-key`,
+        handler: async (httpRequestContext, request) => synchronisedStorageGetDecryptionKeyRequest(httpRequestContext, componentName, request),
+        requestType: {
+            type: "ISyncChangeSetRequest",
+            examples: [
+                {
+                    id: "synchronisedStorageSyncGetDecryptionKeyRequestExample",
+                    request: {
+                        body: {
+                            nodeIdentity: "did:entity-storage:0xd2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2",
+                            proof: {
+                                "@context": "https://www.w3.org/ns/credentials/v2",
+                                created: "2025-05-29T01:00:00.000Z",
+                                cryptosuite: "eddsa-jcs-2022",
+                                proofPurpose: "assertionMethod",
+                                proofValue: "z5efBErQs3YBLZoH7jgKMQaRc9YjAxA5XSYKmW3FmTBDw9WionT2NS2x1SMvcRyBvw53cSSoaCT1xQH9tkWngGCX3",
+                                type: "DataIntegrityProof",
+                                verificationMethod: "did:entity-storage:0xd0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0#synchronised-storage-assertion"
+                            }
+                        }
+                    }
+                }
+            ]
+        },
+        responseType: [
+            {
+                type: "ISyncDecryptionKeyResponse",
+                examples: [
+                    {
+                        id: "synchronisedStorageSyncGetDecryptionKeyResponseExample",
+                        response: {
+                            body: {
+                                decryptionKey: "z5efBErQs3YBLZoH7jgKMQaRc9YjAxA5XSYKmW3FmTBDw9WionT2NS2x1SMvcRyBvw53cSSoaCT1xQH9tkWngGCX3"
+                            }
+                        }
+                    }
+                ]
+            },
+            {
+                type: "IUnauthorizedResponse"
+            }
+        ],
+        // Authentication is provided by the proof in the request body.
+        skipAuth: true
+    };
+    return [syncChangeSetRoute, getDecryptionKeyRoute];
 }
 /**
  * Perform the sync change set operation.
@@ -135,13 +227,31 @@ function generateRestRoutesSynchronisedStorage(baseRouteName, componentName) {
  */
 async function synchronisedStorageSyncChangeSetRequest(httpRequestContext, componentName, request) {
     core.Guards.object(ROUTES_SOURCE, "request", request);
-    core.Guards.object(ROUTES_SOURCE, "request.query", request.query);
+    core.Guards.object(ROUTES_SOURCE, "request.body", request.body);
     const component = core.ComponentFactory.get(componentName);
-    await component.syncChangeSet(request.query.changeSetStorageId);
+    await component.syncChangeSet(request.body);
     return {
         statusCode: web.HttpStatusCode.noContent
     };
 }
+/**
+ * Request the decryption key.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+async function synchronisedStorageGetDecryptionKeyRequest(httpRequestContext, componentName, request) {
+    core.Guards.object(ROUTES_SOURCE, "request", request);
+    core.Guards.object(ROUTES_SOURCE, "request.body", request.body);
+    const component = core.ComponentFactory.get(componentName);
+    const key = await component.getDecryptionKey(request.body.nodeIdentity, request.body.proof);
+    return {
+        body: {
+            decryptionKey: key
+        }
+    };
+}
 
 const restEntryPoints = [
     {
@@ -161,6 +271,208 @@ function initSchema() {
     entity.EntitySchemaFactory.register("SyncSnapshotEntry", () => entity.EntitySchemaHelper.getSchema(exports.SyncSnapshotEntry));
 }
 
+var mainnet = "";
+var testnet = "";
+var devnet = "";
+var verifiableStorageKeys = {
+	mainnet: mainnet,
+	testnet: testnet,
+	devnet: devnet
+};
+
+/**
+ * Class for performing blob storage operations.
+ */
+class BlobStorageHelper {
+    /**
+     * Runtime name for the class.
+     */
+    CLASS_NAME = "BlobStorageHelper";
+    /**
+     * The logging connector to use for logging.
+     * @internal
+     */
+    _logging;
+    /**
+     * The vault connector.
+     * @internal
+     */
+    _vaultConnector;
+    /**
+     * The blob storage connector to use.
+     * @internal
+     */
+    _blobStorageConnector;
+    /**
+     * The id of the vault key to use for encrypting/decrypting blobs.
+     * @internal
+     */
+    _blobStorageEncryptionKeyId;
+    /**
+     * Is this a trusted node.
+     * @internal
+     */
+    _isTrustedNode;
+    /**
+     * Create a new instance of BlobStorageHelper.
+     * @param logging The logging connector to use for logging.
+     * @param vaultConnector The vault connector to use for for the encryption key.
+     * @param blobStorageConnector The blob storage component to use.
+     * @param blobStorageEncryptionKeyId The id of the vault key to use for encrypting/decrypting blobs.
+     * @param isTrustedNode Is this a trusted node.
+     */
+    constructor(logging, vaultConnector, blobStorageConnector, blobStorageEncryptionKeyId, isTrustedNode) {
+        this._logging = logging;
+        this._vaultConnector = vaultConnector;
+        this._blobStorageConnector = blobStorageConnector;
+        this._blobStorageEncryptionKeyId = blobStorageEncryptionKeyId;
+        this._isTrustedNode = isTrustedNode;
+    }
+    /**
+     * Load a blob from storage.
+     * @param blobId The id of the blob to apply.
+     * @returns The blob.
+     */
+    async loadBlob(blobId) {
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "loadBlob",
+            data: {
+                blobId
+            }
+        });
+        try {
+            const encryptedBlob = await this._blobStorageConnector.get(blobId);
+            if (core.Is.uint8Array(encryptedBlob)) {
+                let compressedBlob;
+                // If this is a trusted node, we can decrypt the blob using the vault
+                if (this._isTrustedNode) {
+                    compressedBlob = await this._vaultConnector.decrypt(this._blobStorageEncryptionKeyId, vaultModels.VaultEncryptionType.Rsa2048, encryptedBlob);
+                }
+                else {
+                    // Otherwise we need the public key stored as a secret in the vault
+                    const key = await this._vaultConnector.getSecret(this._blobStorageEncryptionKeyId);
+                    const rsa = new crypto.RSA(core.Converter.base64ToBytes(key));
+                    compressedBlob = rsa.decrypt(encryptedBlob);
+                }
+                const decompressedBlob = await core.Compression.decompress(compressedBlob, core.CompressionType.Gzip);
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "loadedBlob",
+                    data: {
+                        blobId
+                    }
+                });
+                return core.ObjectHelper.fromBytes(decompressedBlob);
+            }
+        }
+        catch (error) {
+            await this._logging?.log({
+                level: "error",
+                source: this.CLASS_NAME,
+                message: "loadBlobFailed",
+                data: {
+                    blobId
+                },
+                error: core.BaseError.fromError(error)
+            });
+        }
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "loadBlobEmpty",
+            data: {
+                blobId
+            }
+        });
+    }
+    /**
+     * Save a blob.
+     * @param blob The blob to save.
+     * @returns The id of the blob.
+     */
+    async saveBlob(blob) {
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "saveBlob"
+        });
+        if (!this._isTrustedNode) {
+            throw new core.GeneralError(this.CLASS_NAME, "notTrustedNode");
+        }
+        const compressedBlob = await core.Compression.compress(core.ObjectHelper.toBytes(blob), core.CompressionType.Gzip);
+        const encryptedBlob = await this._vaultConnector.encrypt(this._blobStorageEncryptionKeyId, vaultModels.VaultEncryptionType.Rsa2048, compressedBlob);
+        try {
+            const blobId = await this._blobStorageConnector.set(encryptedBlob);
+            await this._logging?.log({
+                level: "info",
+                source: this.CLASS_NAME,
+                message: "savedBlob",
+                data: {
+                    blobId
+                }
+            });
+            return blobId;
+        }
+        catch (error) {
+            await this._logging?.log({
+                level: "error",
+                source: this.CLASS_NAME,
+                message: "saveBlobFailed",
+                error: core.BaseError.fromError(error)
+            });
+            throw error;
+        }
+    }
+    /**
+     * Remove a blob from storage.
+     * @param blobId The id of the blob to remove.
+     * @returns Nothing.
+     */
+    async removeBlob(blobId) {
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "removeBlob",
+            data: {
+                blobId
+            }
+        });
+        try {
+            await this._blobStorageConnector.remove(blobId);
+            await this._logging?.log({
+                level: "info",
+                source: this.CLASS_NAME,
+                message: "removedBlob",
+                data: {
+                    blobId
+                }
+            });
+        }
+        catch (error) {
+            await this._logging?.log({
+                level: "error",
+                source: this.CLASS_NAME,
+                message: "removeBlobFailed",
+                data: {
+                    blobId
+                },
+                error: core.BaseError.fromError(error)
+            });
+        }
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "removeBlobEmpty",
+            data: {
+                blobId
+            }
+        });
+    }
+}
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -182,10 +494,10 @@ class ChangeSetHelper {
      */
     _eventBusComponent;
     /**
-     * The blob storage component to use for remote sync states.
+     * The blob storage helper to use for remote sync states.
      * @internal
      */
-    _blobStorageComponent;
+    _blobStorageHelper;
     /**
      * The identity connector to use for signing/verifying changesets.
      * @internal
@@ -196,37 +508,73 @@ class ChangeSetHelper {
      * @internal
      */
     _decentralisedStorageMethodId;
+    /**
+     * The identity of the node that is performing the update.
+     * @internal
+     */
+    _nodeIdentity;
     /**
      * Create a new instance of ChangeSetHelper.
      * @param logging The logging connector to use for logging.
      * @param eventBusComponent The event bus component to use for events.
-     * @param blobStorageComponent The blob storage component to use for remote sync states.
      * @param identityConnector The identity connector to use for signing/verifying changesets.
+     * @param blobStorageHelper The blob storage component to use for remote sync states.
      * @param decentralisedStorageMethodId The id of the identity method to use when signing/verifying changesets.
      */
-    constructor(logging, eventBusComponent, blobStorageComponent, identityConnector, decentralisedStorageMethodId) {
+    constructor(logging, eventBusComponent, identityConnector, blobStorageHelper, decentralisedStorageMethodId) {
         this._logging = logging;
         this._eventBusComponent = eventBusComponent;
         this._decentralisedStorageMethodId = decentralisedStorageMethodId;
-        this._blobStorageComponent = blobStorageComponent;
+        this._blobStorageHelper = blobStorageHelper;
         this._identityConnector = identityConnector;
     }
+    /**
+     * Set the node identity to use for signing changesets.
+     * @param nodeIdentity The identity of the node that is performing the update.
+     */
+    setNodeIdentity(nodeIdentity) {
+        this._nodeIdentity = nodeIdentity;
+    }
     /**
      * Get and verify a changeset.
      * @param changeSetStorageId The id of the sync changeset to apply.
      * @returns The changeset if it was verified.
      */
     async getAndVerifyChangeset(changeSetStorageId) {
-        // Changesets are not encrypted as they are signed with the node identity
-        // and they are publicly accessible so that other nodes can retrieve them.
-        const blobEntry = await this._blobStorageComponent.get(changeSetStorageId, {
-            includeContent: true
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "getChangeSet",
+            data: {
+                changeSetStorageId
+            }
         });
-        if (core.Is.stringBase64(blobEntry.blob)) {
-            const syncChangeset = core.ObjectHelper.fromBytes(core.Converter.base64ToBytes(blobEntry.blob));
-            const verified = await this.verifyChangesetProof(syncChangeset);
-            return verified ? syncChangeset : undefined;
+        try {
+            const syncChangeSet = await this._blobStorageHelper.loadBlob(changeSetStorageId);
+            if (core.Is.object(syncChangeSet)) {
+                const verified = await this.verifyChangesetProof(syncChangeSet);
+                return verified ? syncChangeSet : undefined;
+            }
+        }
+        catch (error) {
+            await this._logging?.log({
+                level: "warn",
+                source: this.CLASS_NAME,
+                message: "getChangeSetError",
+                data: {
+                    changeSetStorageId
+                },
+                error: core.BaseError.fromError(error)
+            });
         }
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "getChangeSetEmpty",
+            data: {
+                changeSetStorageId
+            }
+        });
     }
     /**
      * Apply a sync changeset.
@@ -235,7 +583,9 @@ class ChangeSetHelper {
      */
     async getAndApplyChangeset(changeSetStorageId) {
         const syncChangeset = await this.getAndVerifyChangeset(changeSetStorageId);
-        if (!core.Is.empty(syncChangeset)) {
+        // Only apply changesets from other nodes, we don't want to overwrite
+        // any changes we have made to local entity storage
+        if (!core.Is.empty(syncChangeset) && syncChangeset.nodeIdentity !== this._nodeIdentity) {
             await this.applyChangeset(syncChangeset);
         }
         return syncChangeset;
@@ -260,13 +610,18 @@ class ChangeSetHelper {
                 switch (change.operation) {
                     case synchronisedStorageModels.SyncChangeOperation.Set:
                         if (!core.Is.empty(change.entity)) {
-                            // The node identity was stripped when stored in the changeset
+                            // The id was stripped from the entity as it is part of the operation
+                            // we make sure we reinstate it in the publish
+                            // Also the node identity was stripped when stored in the changeset
                             // as the changeset is signed with the node identity.
                             // so we need to restore it here.
-                            change.entity.nodeIdentity = syncChangeset.nodeIdentity;
                             await this._eventBusComponent.publish(synchronisedStorageModels.SynchronisedStorageTopics.RemoteItemSet, {
                                 storageKey: syncChangeset.storageKey,
-                                entity: change.entity
+                                entity: {
+                                    ...change.entity,
+                                    id: change.id,
+                                    nodeIdentity: syncChangeset.nodeIdentity
+                                }
                             });
                         }
                         break;
@@ -274,7 +629,8 @@ class ChangeSetHelper {
                         if (!core.Is.empty(change.id)) {
                             await this._eventBusComponent.publish(synchronisedStorageModels.SynchronisedStorageTopics.RemoteItemRemove, {
                                 storageKey: syncChangeset.storageKey,
-                                id: change.id
+                                id: change.id,
+                                nodeIdentity: syncChangeset.nodeIdentity
                             });
                         }
                         break;
@@ -285,10 +641,9 @@ class ChangeSetHelper {
     /**
      * Store the changeset.
      * @param syncChangeSet The sync change set to store.
-     * @param nodeIdentity The node identity to use for the changeset.
      * @returns The id of the change set.
      */
-    async storeChangeSet(syncChangeSet, nodeIdentity) {
+    async storeChangeSet(syncChangeSet) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
@@ -297,12 +652,7 @@ class ChangeSetHelper {
                 id: syncChangeSet.id
             }
         });
-        // We don't want to encrypt the sync state as no other nodes would be able to read it
-        // the blob storage also needs to be publicly accessible so that other nodes can retrieve it
-        return this._blobStorageComponent.create(core.Converter.bytesToBase64(core.ObjectHelper.toBytes(syncChangeSet)), undefined, undefined, undefined, {
-            disableEncryption: true,
-            compress: blobStorageModels.BlobStorageCompressionType.Gzip
-        }, undefined, nodeIdentity);
+        return this._blobStorageHelper.saveBlob(syncChangeSet);
     }
     /**
      * Verify the proof of a sync changeset.
@@ -321,6 +671,32 @@ class ChangeSetHelper {
             });
             return false;
         }
+        // If the proof or verification method is missing, the proof is invalid
+        const verificationMethod = syncChangeset.proof?.verificationMethod;
+        if (!core.Is.stringValue(verificationMethod)) {
+            await this._logging?.log({
+                level: "error",
+                source: this.CLASS_NAME,
+                message: "verifyChangeSetProofMissing",
+                data: {
+                    id: syncChangeset.id
+                }
+            });
+        }
+        // Parse the verification method and extract the node identity
+        // this should match the node identity of the changeset
+        // otherwise you could sign a changeset for another node
+        const changeSetNodeIdentity = identityModels.DocumentHelper.parseId(verificationMethod ?? "");
+        if (changeSetNodeIdentity.id !== syncChangeset.nodeIdentity) {
+            await this._logging?.log({
+                level: "error",
+                source: this.CLASS_NAME,
+                message: "verifyChangeSetProofNodeIdentityMismatch",
+                data: {
+                    id: syncChangeset.id
+                }
+            });
+        }
         const changeSetWithoutProof = core.ObjectHelper.clone(syncChangeset);
         delete changeSetWithoutProof.proof;
         const isValid = await this._identityConnector.verifyProof(changeSetWithoutProof, syncChangeset.proof);
@@ -352,9 +728,10 @@ class ChangeSetHelper {
      * @returns The proof.
      */
     async createChangeSetProof(syncChangeset) {
+        core.Guards.stringValue(this.CLASS_NAME, "nodeIdentity", this._nodeIdentity);
         const changeSetWithoutProof = core.ObjectHelper.clone(syncChangeset);
         delete changeSetWithoutProof.proof;
-        const proof = await this._identityConnector.createProof(syncChangeset.nodeIdentity, identityModels.DocumentHelper.joinId(syncChangeset.nodeIdentity, this._decentralisedStorageMethodId), standardsW3cDid.ProofTypes.DataIntegrityProof, changeSetWithoutProof);
+        const proof = await this._identityConnector.createProof(this._nodeIdentity, identityModels.DocumentHelper.joinId(this._nodeIdentity, this._decentralisedStorageMethodId), standardsW3cDid.ProofTypes.DataIntegrityProof, changeSetWithoutProof);
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
@@ -366,8 +743,65 @@ class ChangeSetHelper {
         });
         return proof;
     }
+    /**
+     * Copy a change set.
+     * @param syncChangeSet The sync changeset to copy.
+     * @returns The id of the updated change set.
+     */
+    async copyChangeset(syncChangeSet) {
+        if (core.Is.stringValue(this._nodeIdentity)) {
+            const verified = await this.verifyChangesetProof(syncChangeSet);
+            if (verified) {
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "copyChangeSet",
+                    data: {
+                        changeSetStorageId: syncChangeSet.id
+                    }
+                });
+                // Allocate a new id to the changeset copy and re-create a proof using this nodes identity
+                const copy = core.ObjectHelper.clone(syncChangeSet);
+                copy.id = core.Converter.bytesToHex(core.RandomHelper.generate(32));
+                copy.proof = await this.createChangeSetProof(copy);
+                // Store the copy
+                return {
+                    syncChangeSet: copy,
+                    changeSetStorageId: await this.storeChangeSet(copy)
+                };
+            }
+        }
+    }
+    /**
+     * Reset the storage for a given storage key.
+     * @param storageKey The key of the storage to reset.
+     * @param resetMode The reset mode, this will use the nodeIdentity in the entities to determine which are local/remote.
+     * @returns Nothing.
+     */
+    async reset(storageKey, resetMode) {
+        // If we are applying a consolidation we need to reset the local db
+        // but keep any entries from the local node, as they might have been updated
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "storageReset",
+            data: {
+                storageKey
+            }
+        });
+        await this._eventBusComponent.publish(synchronisedStorageModels.SynchronisedStorageTopics.Reset, {
+            storageKey,
+            resetMode
+        });
+    }
 }
 
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+const SYNC_STATE_VERSION = "1";
+const SYNC_POINTER_STORE_VERSION = "1";
+const SYNC_SNAPSHOT_VERSION = "1";
+
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -387,7 +821,7 @@ class LocalSyncStateHelper {
      * The storage connector for the sync snapshot entries.
      * @internal
      */
-    _localSyncSnapshotEntryEntityStorage;
+    _snapshotEntryEntityStorage;
     /**
      * The change set helper to use for applying changesets.
      * @internal
@@ -396,12 +830,12 @@ class LocalSyncStateHelper {
     /**
      * Create a new instance of LocalSyncStateHelper.
      * @param logging The logging connector to use for logging.
-     * @param localSyncSnapshotEntryEntityStorage The storage connector for the local sync snapshot entries.
+     * @param snapshotEntryEntityStorage The storage connector for the sync snapshot entries.
      * @param changeSetHelper The change set helper to use for applying changesets.
      */
-    constructor(logging, localSyncSnapshotEntryEntityStorage, changeSetHelper) {
+    constructor(logging, snapshotEntryEntityStorage, changeSetHelper) {
         this._logging = logging;
-        this._localSyncSnapshotEntryEntityStorage = localSyncSnapshotEntryEntityStorage;
+        this._snapshotEntryEntityStorage = snapshotEntryEntityStorage;
         this._changeSetHelper = changeSetHelper;
     }
     /**
@@ -422,40 +856,44 @@ class LocalSyncStateHelper {
                 id
             }
         });
-        const localChangeSnapshot = await this.getLocalChangeSnapshot(storageKey);
-        localChangeSnapshot.changes ??= [];
-        // If we already have a change for this id we are
-        // about to supersede it, we remove the previous change
-        // to avoid having multiple changes for the same id
-        const previousChangeIndex = localChangeSnapshot.changes.findIndex(change => change.id === id);
-        if (previousChangeIndex !== -1) {
-            localChangeSnapshot.changes.splice(previousChangeIndex, 1);
-        }
-        if (localChangeSnapshot.changes.length > 0) {
-            localChangeSnapshot.dateModified = new Date(Date.now()).toISOString();
+        const localChangeSnapshots = await this.getSnapshots(storageKey, true);
+        if (localChangeSnapshots.length > 0) {
+            const localChangeSnapshot = localChangeSnapshots[0];
+            localChangeSnapshot.changes ??= [];
+            // If we already have a change for this id we are
+            // about to supersede it, we remove the previous change
+            // to avoid having multiple changes for the same id
+            const previousChangeIndex = localChangeSnapshot.changes.findIndex(change => change.id === id);
+            if (previousChangeIndex !== -1) {
+                localChangeSnapshot.changes.splice(previousChangeIndex, 1);
+            }
+            if (localChangeSnapshot.changes.length > 0) {
+                localChangeSnapshot.dateModified = new Date(Date.now()).toISOString();
+            }
+            localChangeSnapshot.changes.push({ operation, id });
+            await this.setLocalChangeSnapshot(localChangeSnapshot);
         }
-        localChangeSnapshot.changes.push({ operation, id });
-        await this.setLocalChangeSnapshot(localChangeSnapshot);
     }
     /**
-     * Get the current local snapshot.
+     * Get the snapshot which contains just the changes for this node.
      * @param storageKey The storage key of the snapshot to get.
+     * @param isLocal Whether to get the local snapshot or not.
      * @returns The local snapshot entry.
      */
-    async getLocalChangeSnapshot(storageKey) {
+    async getSnapshots(storageKey, isLocal) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "getLocalChangeSnapshot",
+            message: "getSnapshots",
             data: {
                 storageKey
             }
         });
-        const queryResult = await this._localSyncSnapshotEntryEntityStorage.query({
+        const queryResult = await this._snapshotEntryEntityStorage.query({
             conditions: [
                 {
-                    property: "isLocalSnapshot",
-                    value: true,
+                    property: "isLocal",
+                    value: isLocal,
                     comparison: entity.ComparisonOperator.Equals
                 },
                 {
@@ -469,31 +907,37 @@ class LocalSyncStateHelper {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "localChangeSnapshotExists",
+                message: "getSnapshotsExists",
                 data: {
                     storageKey
                 }
             });
-            return queryResult.entities[0];
+            return queryResult.entities;
         }
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "localChangeSnapshotDoesNotExist",
+            message: "getSnapshotsDoesNotExist",
             data: {
                 storageKey
             }
         });
-        return {
-            id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
-            storageKey,
-            dateCreated: new Date(Date.now()).toISOString(),
-            changeSetStorageIds: [],
-            isLocalSnapshot: true
-        };
+        const now = new Date(Date.now()).toISOString();
+        return [
+            {
+                version: SYNC_SNAPSHOT_VERSION,
+                id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
+                storageKey,
+                dateCreated: now,
+                dateModified: now,
+                changeSetStorageIds: [],
+                isLocal,
+                isConsolidated: false
+            }
+        ];
     }
     /**
-     * Set the current local snapshot.
+     * Set the current local snapshot with changes for this node.
      * @param localChangeSnapshot The local change snapshot to set.
      * @returns Nothing.
      */
@@ -506,10 +950,10 @@ class LocalSyncStateHelper {
                 storageKey: localChangeSnapshot.storageKey
             }
         });
-        await this._localSyncSnapshotEntryEntityStorage.set(localChangeSnapshot);
+        await this._snapshotEntryEntityStorage.set(localChangeSnapshot);
     }
     /**
-     * Get the current local snapshot.
+     * Get the current local snapshot with the changes for this node.
      * @param localChangeSnapshot The local change snapshot to remove.
      * @returns Nothing.
      */
@@ -522,85 +966,155 @@ class LocalSyncStateHelper {
                 snapshotId: localChangeSnapshot.id
             }
         });
-        await this._localSyncSnapshotEntryEntityStorage.remove(localChangeSnapshot.id);
+        await this._snapshotEntryEntityStorage.remove(localChangeSnapshot.id);
     }
     /**
-     * Sync local data using a remote sync state.
+     * Apply a sync state to the local node.
      * @param storageKey The storage key of the snapshot to sync with.
-     * @param remoteSyncState The sync state to sync with.
+     * @param syncState The sync state to sync with.
      * @returns Nothing.
      */
-    async syncFromRemote(storageKey, remoteSyncState) {
+    async applySyncState(storageKey, syncState) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "remoteSyncSynchronisation",
+            message: "applySyncState",
             data: {
-                snapshotCount: remoteSyncState.snapshots.length
+                snapshotCount: syncState.snapshots.length
             }
         });
+        // Get all the existing snapshots that we have processed previously
+        const existingRemoteSnapshots = await this.getSnapshots(storageKey, false);
         // Sort from newest to oldest
-        const sortedRemoteSnapshots = remoteSyncState.snapshots.sort((a, b) => new Date(b.dateCreated).getTime() - new Date(a.dateCreated).getTime());
-        const newSnapshots = [];
-        const modifiedSnapshots = [];
-        for (const remoteSnapshot of sortedRemoteSnapshots) {
+        const sortedSnapshots = syncState.snapshots.sort((a, b) => new Date(b.dateCreated).getTime() - new Date(a.dateCreated).getTime());
+        // If we have no existing snapshots we can't have yet synced
+        // in this case we need to find the most recent consolidation
+        // and use that to build a complete DB table
+        if (existingRemoteSnapshots.length === 0) {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "remoteSyncSnapshotProcessing",
+                message: "applySnapshotNoExisting",
                 data: {
-                    snapshotId: remoteSnapshot.id,
-                    dateCreated: new Date(remoteSnapshot.dateCreated).toISOString()
+                    storageKey
                 }
             });
-            const localSnapshot = await this._localSyncSnapshotEntryEntityStorage.get(remoteSnapshot.id);
-            const remoteSnapshotWithContext = {
-                ...remoteSnapshot,
-                storageKey
-            };
-            if (core.Is.empty(localSnapshot)) {
-                // We don't have the snapshot locally, so we need to process it
-                newSnapshots.push(remoteSnapshotWithContext);
-            }
-            else if (localSnapshot.dateModified !== remoteSnapshot.dateModified) {
-                // If the local snapshot has a different dateModified, we need to update it
-                modifiedSnapshots.push({
-                    localSnapshot,
-                    remoteSnapshot: remoteSnapshotWithContext
+            const firstConsolidated = sortedSnapshots.find(snapshot => snapshot.isConsolidated);
+            if (firstConsolidated) {
+                // We found a consolidated snapshot, we can use it
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "applySnapshotFoundConsolidated",
+                    data: {
+                        storageKey,
+                        snapshotId: firstConsolidated.id
+                    }
                 });
+                // We need to reset the entity storage and remove all the remote items
+                // so that we use just the ones from the consolidation
+                await this._changeSetHelper.reset(storageKey, synchronisedStorageModels.SyncNodeIdentityMode.Remote);
+                await this.processNewSnapshots([
+                    {
+                        ...firstConsolidated,
+                        storageKey,
+                        isLocal: false
+                    }
+                ]);
             }
             else {
-                // we sorted the snapshots from newest to oldest, so if we found a local snapshot
-                // with the same dateModified as the remote snapshot, we can stop processing further
-                break;
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "applySnapshotNoConsolidated",
+                    data: {
+                        storageKey
+                    }
+                });
+            }
+        }
+        else {
+            // Create a lookup map for the existing snapshots
+            const existingSnapshots = {};
+            for (const snapshot of existingRemoteSnapshots) {
+                existingSnapshots[snapshot.id] = snapshot;
+            }
+            const newSnapshots = [];
+            const modifiedSnapshots = [];
+            const referencedExistingSnapshots = Object.keys(existingSnapshots);
+            for (const snapshot of sortedSnapshots) {
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "applySnapshot",
+                    data: {
+                        snapshotId: snapshot.id,
+                        dateCreated: new Date(snapshot.dateCreated).toISOString()
+                    }
+                });
+                // See if we have the local snapshot
+                const currentSnapshot = existingSnapshots[snapshot.id];
+                // As we are referencing an existing snapshot, we need to remove it from the list
+                // to allow us to cleanup any unreferenced snapshots later
+                const idx = referencedExistingSnapshots.indexOf(snapshot.id);
+                if (idx !== -1) {
+                    referencedExistingSnapshots.splice(idx, 1);
+                }
+                const updatedSnapshot = {
+                    ...snapshot,
+                    storageKey,
+                    isLocal: false
+                };
+                if (core.Is.empty(currentSnapshot)) {
+                    // We don't have the snapshot locally, so we need to process it
+                    newSnapshots.push(updatedSnapshot);
+                }
+                else if (currentSnapshot.dateModified !== snapshot.dateModified) {
+                    // If the local snapshot has a different dateModified, we need to update it
+                    modifiedSnapshots.push({
+                        currentSnapshot,
+                        updatedSnapshot
+                    });
+                }
+                else {
+                    // we sorted the snapshots from newest to oldest, so if we found a local snapshot
+                    // with the same dateModified as the remote snapshot, we can stop processing further
+                    break;
+                }
+            }
+            // We reverse the order of the snapshots to process them from oldest to newest
+            // because we want to apply the changes in the order they were created
+            await this.processModifiedSnapshots(modifiedSnapshots.reverse());
+            await this.processNewSnapshots(newSnapshots.reverse());
+            // Any ids remaining in this list are no longer referenced in the global state
+            // so we should remove them from the local storage as they will never be updated again
+            for (const referencedSnapshotId of referencedExistingSnapshots) {
+                await this._snapshotEntryEntityStorage.remove(referencedSnapshotId);
             }
         }
-        // We reverse the order of the snapshots to process them from oldest to newest
-        // because we want to apply the changes in the order they were created
-        await this.processModifiedSnapshots(modifiedSnapshots.reverse());
-        await this.processNewSnapshots(newSnapshots.reverse());
     }
     /**
      * Process the modified snapshots and store them in the local storage.
      * @param modifiedSnapshots The modified snapshots to process.
      * @returns Nothing.
+     * @internal
      */
     async processModifiedSnapshots(modifiedSnapshots) {
         for (const modifiedSnapshot of modifiedSnapshots) {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "remoteSyncSnapshotModified",
+                message: "processModifiedSnapshot",
                 data: {
-                    snapshotId: modifiedSnapshot.remoteSnapshot.id,
-                    localModified: new Date(modifiedSnapshot.localSnapshot.dateModified ??
-                        modifiedSnapshot.localSnapshot.dateCreated).toISOString(),
-                    remoteModified: new Date(modifiedSnapshot.remoteSnapshot.dateModified ??
-                        modifiedSnapshot.remoteSnapshot.dateCreated).toISOString()
+                    snapshotId: modifiedSnapshot.updatedSnapshot.id,
+                    localModified: new Date(modifiedSnapshot.currentSnapshot.dateModified ??
+                        modifiedSnapshot.currentSnapshot.dateCreated).toISOString(),
+                    remoteModified: new Date(modifiedSnapshot.updatedSnapshot.dateModified ??
+                        modifiedSnapshot.updatedSnapshot.dateCreated).toISOString()
                 }
             });
-            const remoteChangeSetStorageIds = modifiedSnapshot.remoteSnapshot.changeSetStorageIds;
-            const localChangeSetStorageIds = modifiedSnapshot.localSnapshot.changeSetStorageIds ?? [];
+            const remoteChangeSetStorageIds = modifiedSnapshot.updatedSnapshot.changeSetStorageIds;
+            const localChangeSetStorageIds = modifiedSnapshot.currentSnapshot.changeSetStorageIds ?? [];
             if (core.Is.arrayValue(remoteChangeSetStorageIds)) {
                 for (const storageId of remoteChangeSetStorageIds) {
                     // Check if the local snapshot does not have the storageId
@@ -609,23 +1123,24 @@ class LocalSyncStateHelper {
                     }
                 }
             }
-            await this._localSyncSnapshotEntryEntityStorage.set(modifiedSnapshot.remoteSnapshot);
+            await this._snapshotEntryEntityStorage.set(modifiedSnapshot.updatedSnapshot);
         }
     }
     /**
      * Process the new snapshots and store them in the local storage.
      * @param newSnapshots The new snapshots to process.
      * @returns Nothing.
+     * @internal
      */
     async processNewSnapshots(newSnapshots) {
         for (const newSnapshot of newSnapshots) {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "remoteSyncSnapshotNew",
+                message: "processNewSnapshot",
                 data: {
                     snapshotId: newSnapshot.id,
-                    localModified: new Date(newSnapshot.dateCreated).toISOString()
+                    dateCreated: newSnapshot.dateCreated
                 }
             });
             const newSnapshotChangeSetStorageIds = newSnapshot.changeSetStorageIds ?? [];
@@ -634,7 +1149,7 @@ class LocalSyncStateHelper {
                     await this._changeSetHelper.getAndApplyChangeset(storageId);
                 }
             }
-            await this._localSyncSnapshotEntryEntityStorage.set(newSnapshot);
+            await this._snapshotEntryEntityStorage.set(newSnapshot);
         }
     }
 }
@@ -660,10 +1175,10 @@ class RemoteSyncStateHelper {
      */
     _eventBusComponent;
     /**
-     * The blob storage component to use for remote sync states.
+     * The blob storage helper.
      * @internal
      */
-    _blobStorageComponent;
+    _blobStorageHelper;
     /**
      * The verifiable storage connector to use for storing sync pointers.
      * @internal
@@ -694,22 +1209,34 @@ class RemoteSyncStateHelper {
      * @internal
      */
     _nodeIdentity;
+    /**
+     * Whether the node is trusted or not.
+     * @internal
+     */
+    _isTrustedNode;
+    /**
+     * Maximum number of consolidations to keep in storage.
+     * @internal
+     */
+    _maxConsolidations;
     /**
      * Create a new instance of DecentralisedEntityStorageConnector.
      * @param logging The logging connector to use for logging.
      * @param eventBusComponent The event bus component to use for events.
-     * @param blobStorageComponent The blob storage component to use for remote sync states.
      * @param verifiableSyncPointerStorageConnector The verifiable storage connector to use for storing sync pointers.
+     * @param blobStorageHelper The blob storage helper to use for remote sync states.
      * @param changeSetHelper The change set helper to use for managing changesets.
-     * @param synchronisedStorageKey The synchronised storage key to use for verified storage operations.
+     * @param isTrustedNode Whether the node is trusted or not.
+     * @param maxConsolidations The maximum number of consolidations to keep in storage.
      */
-    constructor(logging, eventBusComponent, blobStorageComponent, verifiableSyncPointerStorageConnector, changeSetHelper, synchronisedStorageKey) {
+    constructor(logging, eventBusComponent, verifiableSyncPointerStorageConnector, blobStorageHelper, changeSetHelper, isTrustedNode, maxConsolidations) {
         this._logging = logging;
         this._eventBusComponent = eventBusComponent;
-        this._blobStorageComponent = blobStorageComponent;
         this._verifiableSyncPointerStorageConnector = verifiableSyncPointerStorageConnector;
         this._changeSetHelper = changeSetHelper;
-        this._synchronisedStorageKey = synchronisedStorageKey;
+        this._blobStorageHelper = blobStorageHelper;
+        this._isTrustedNode = isTrustedNode;
+        this._maxConsolidations = maxConsolidations;
         this._batchResponseStorageIds = {};
         this._populateFullChanges = {};
         this._eventBusComponent.subscribe(synchronisedStorageModels.SynchronisedStorageTopics.BatchResponse, async (response) => {
@@ -727,17 +1254,24 @@ class RemoteSyncStateHelper {
         this._nodeIdentity = nodeIdentity;
     }
     /**
-     * Create and store a change set.
+     * Set the synchronised storage key.
+     * @param synchronisedStorageKey The synchronised storage key to use.
+     */
+    setSynchronisedStorageKey(synchronisedStorageKey) {
+        this._synchronisedStorageKey = synchronisedStorageKey;
+    }
+    /**
+     * Build a changeset.
      * @param storageKey The storage key of the change set.
      * @param changes The changes to apply.
      * @param completeCallback The callback to call when the changeset is created and stored.
      * @returns The storage id of the change set if created.
      */
-    async createAndStoreChangeSet(storageKey, changes, completeCallback) {
+    async buildChangeSet(storageKey, changes, completeCallback) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "createAndStoreChangeSet",
+            message: "buildingChangeSet",
             data: {
                 storageKey,
                 changeCount: changes.length
@@ -796,15 +1330,19 @@ class RemoteSyncStateHelper {
             for (const change of changes) {
                 change.entity = this._populateFullChanges[storageKey].entities[change.id] ?? change.entity;
                 if (change.operation === synchronisedStorageModels.SyncChangeOperation.Set && core.Is.objectValue(change.entity)) {
+                    // Remove the id from the entity as this is stored in the operation
+                    // and will be reinstated when the changeset is reconstituted
+                    core.ObjectHelper.propertyDelete(change.entity, "id");
                     // Remove the node identity as the changeset has this stored at the top level
                     // and we do not want to store it in the change itself to reduce redundancy
                     core.ObjectHelper.propertyDelete(change.entity, "nodeIdentity");
                 }
             }
-            // Add the changeset to the current snapshot
+            const now = new Date(Date.now()).toISOString();
             const syncChangeSet = {
                 id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
-                dateCreated: new Date(Date.now()).toISOString(),
+                dateCreated: now,
+                dateModified: now,
                 storageKey,
                 changes,
                 nodeIdentity: this._nodeIdentity
@@ -812,9 +1350,12 @@ class RemoteSyncStateHelper {
             try {
                 // And sign it with the node identity
                 syncChangeSet.proof = await this._changeSetHelper.createChangeSetProof(syncChangeSet);
-                // Store the changeset in the blob storage
-                const changeSetStorageId = await this._changeSetHelper.storeChangeSet(syncChangeSet, this._nodeIdentity);
-                await completeCallback(changeSetStorageId);
+                // If this is a trusted node, we also store the changeset
+                let changeSetStorageId;
+                if (this._isTrustedNode) {
+                    changeSetStorageId = await this._changeSetHelper.storeChangeSet(syncChangeSet);
+                }
+                await completeCallback(syncChangeSet, changeSetStorageId);
             }
             catch (err) {
                 await this._logging?.log({
@@ -853,27 +1394,33 @@ class RemoteSyncStateHelper {
         const syncPointerStore = await this.getVerifiableSyncPointerStore();
         let syncState;
         if (!core.Is.empty(syncPointerStore.syncPointers[storageKey])) {
-            syncState = await this.getRemoteSyncState(syncPointerStore.syncPointers[storageKey]);
+            syncState = await this.getSyncState(syncPointerStore.syncPointers[storageKey]);
         }
         // No current sync state, so we create a new one
         if (core.Is.empty(syncState)) {
-            syncState = { snapshots: [] };
+            syncState = { version: SYNC_STATE_VERSION, storageKey, snapshots: [] };
         }
         // Sort the snapshots so the newest snapshot is last in the array
         const sortedSnapshots = syncState.snapshots.sort((a, b) => a.dateCreated.localeCompare(b.dateCreated));
         // Get the current snapshot, if it does not exist we create a new one
         let currentSnapshot = sortedSnapshots[sortedSnapshots.length - 1];
-        if (core.Is.empty(currentSnapshot)) {
+        const now = new Date(Date.now()).toISOString();
+        // If there is no snapshot or the current one is a consolidation
+        // we start a new snapshot
+        if (core.Is.empty(currentSnapshot) || currentSnapshot.isConsolidated) {
             currentSnapshot = {
+                version: SYNC_SNAPSHOT_VERSION,
                 id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
-                dateCreated: new Date(Date.now()).toISOString(),
+                dateCreated: now,
+                dateModified: now,
+                isConsolidated: false,
                 changeSetStorageIds: []
             };
             syncState.snapshots.push(currentSnapshot);
         }
         else {
             // Snapshot exists, we update the dateModified
-            currentSnapshot.dateModified = new Date(Date.now()).toISOString();
+            currentSnapshot.dateModified = now;
         }
         // Add the changeset storage id to the current snapshot
         currentSnapshot.changeSetStorageIds.push(changeSetStorageId);
@@ -888,57 +1435,61 @@ class RemoteSyncStateHelper {
      * @param batchSize The batch size to use for consolidation.
      * @returns Nothing.
      */
-    async consolidateFromLocal(storageKey, batchSize) {
+    async consolidationStart(storageKey, batchSize) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
             message: "consolidationStarting"
         });
-        await this._eventBusComponent.publish(synchronisedStorageModels.SynchronisedStorageTopics.BatchRequest, { storageKey, batchSize });
+        // Perform a batch request to start the consolidation
+        await this._eventBusComponent.publish(synchronisedStorageModels.SynchronisedStorageTopics.BatchRequest, { storageKey, batchSize, requestMode: synchronisedStorageModels.SyncNodeIdentityMode.All });
     }
     /**
      * Get the sync pointer store.
      * @returns The sync pointer store.
      */
     async getVerifiableSyncPointerStore() {
-        try {
-            await this._logging?.log({
-                level: "info",
-                source: this.CLASS_NAME,
-                message: "verifiableSyncPointerStoreRetrieving",
-                data: {
-                    key: this._synchronisedStorageKey
-                }
-            });
-            const syncPointerStore = await this._verifiableSyncPointerStorageConnector.get(this._synchronisedStorageKey, { includeData: true });
-            if (core.Is.uint8Array(syncPointerStore.data)) {
-                const syncPointer = core.ObjectHelper.fromBytes(syncPointerStore.data);
+        if (core.Is.stringValue(this._synchronisedStorageKey)) {
+            try {
                 await this._logging?.log({
                     level: "info",
                     source: this.CLASS_NAME,
-                    message: "verifiableSyncPointerStoreRetrieved",
+                    message: "verifiableSyncPointerStoreRetrieving",
                     data: {
                         key: this._synchronisedStorageKey
                     }
                 });
-                return syncPointer;
+                const syncPointerStore = await this._verifiableSyncPointerStorageConnector.get(this._synchronisedStorageKey, { includeData: true });
+                if (core.Is.uint8Array(syncPointerStore.data)) {
+                    const syncPointer = core.ObjectHelper.fromBytes(syncPointerStore.data);
+                    await this._logging?.log({
+                        level: "info",
+                        source: this.CLASS_NAME,
+                        message: "verifiableSyncPointerStoreRetrieved",
+                        data: {
+                            key: this._synchronisedStorageKey
+                        }
+                    });
+                    return syncPointer;
+                }
             }
-        }
-        catch (err) {
-            if (!core.BaseError.someErrorName(err, core.NotFoundError.CLASS_NAME)) {
-                throw err;
+            catch (err) {
+                if (!core.BaseError.someErrorName(err, core.NotFoundError.CLASS_NAME)) {
+                    throw err;
+                }
             }
+            await this._logging?.log({
+                level: "info",
+                source: this.CLASS_NAME,
+                message: "verifiableSyncPointerStoreNotFound",
+                data: {
+                    key: this._synchronisedStorageKey
+                }
+            });
         }
-        await this._logging?.log({
-            level: "info",
-            source: this.CLASS_NAME,
-            message: "verifiableSyncPointerStoreNotFound",
-            data: {
-                key: this._synchronisedStorageKey
-            }
-        });
         // If no sync pointer store exists, we return an empty one
         return {
+            version: SYNC_POINTER_STORE_VERSION,
             syncPointers: {}
         };
     }
@@ -948,7 +1499,7 @@ class RemoteSyncStateHelper {
      * @returns Nothing.
      */
     async storeVerifiableSyncPointerStore(syncPointerStore) {
-        if (this._nodeIdentity) {
+        if (core.Is.stringValue(this._nodeIdentity) && core.Is.stringValue(this._synchronisedStorageKey)) {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
@@ -970,39 +1521,55 @@ class RemoteSyncStateHelper {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "remoteSyncStateStoring",
+            message: "syncStateStoring",
             data: {
                 snapshotCount: syncState.snapshots.length
             }
         });
-        // We don't want to encrypt the sync state as no other nodes would be able to read it
-        // the blob storage also needs to be publicly accessible so that other nodes can retrieve it
-        return this._blobStorageComponent.create(core.Converter.bytesToBase64(core.ObjectHelper.toBytes(syncState)), undefined, undefined, undefined, { disableEncryption: true, compress: blobStorageModels.BlobStorageCompressionType.Gzip }, undefined, this._nodeIdentity);
+        // Limits the number of consolidations in the list so that we can shrink decentralised
+        // storage requirements, sort from newest to oldest so that we can easily find the
+        // oldest snapshots to remove.
+        const snapshots = syncState.snapshots.sort((a, b) => new Date(a.dateCreated).getTime() - new Date(b.dateCreated).getTime());
+        // Find all the consolidation indexes
+        const consolidationIndexes = [];
+        for (let i = 0; i < snapshots.length; i++) {
+            const snapshot = snapshots[i];
+            if (snapshot.isConsolidated) {
+                consolidationIndexes.push(i);
+            }
+        }
+        if (consolidationIndexes.length > this._maxConsolidations) {
+            // Once we have reached the max for consolidations we need to remove
+            // all the snapshots, including non consolidated ones, beyond this point
+            const toRemove = snapshots.slice(consolidationIndexes[this._maxConsolidations - 1] + 1);
+            syncState.snapshots = snapshots.slice(0, consolidationIndexes[this._maxConsolidations - 1] + 1);
+            for (const snapshot of toRemove) {
+                await this._blobStorageHelper.removeBlob(snapshot.id);
+            }
+        }
+        return this._blobStorageHelper.saveBlob(syncState);
     }
     /**
      * Get the remote sync state.
      * @param syncPointerId The id of the sync pointer to retrieve the state for.
      * @returns The remote sync state.
      */
-    async getRemoteSyncState(syncPointerId) {
+    async getSyncState(syncPointerId) {
         try {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "remoteSyncStateRetrieving",
+                message: "syncStateRetrieving",
                 data: {
                     syncPointerId
                 }
             });
-            const blobEntry = await this._blobStorageComponent.get(syncPointerId, {
-                includeContent: true
-            }, undefined, this._nodeIdentity);
-            if (core.Is.stringBase64(blobEntry.blob)) {
-                const syncState = core.ObjectHelper.fromBytes(core.Converter.base64ToBytes(blobEntry.blob));
+            const syncState = await this._blobStorageHelper.loadBlob(syncPointerId);
+            if (core.Is.object(syncState)) {
                 await this._logging?.log({
                     level: "info",
                     source: this.CLASS_NAME,
-                    message: "remoteSyncStateRetrieved",
+                    message: "syncStateRetrieved",
                     data: {
                         syncPointerId,
                         snapshotCount: syncState.snapshots.length
@@ -1011,33 +1578,41 @@ class RemoteSyncStateHelper {
                 return syncState;
             }
         }
-        catch (err) {
-            if (!core.BaseError.someErrorName(err, core.NotFoundError.CLASS_NAME)) {
-                throw err;
-            }
+        catch (error) {
+            await this._logging?.log({
+                level: "warn",
+                source: this.CLASS_NAME,
+                message: "getSyncStateError",
+                data: {
+                    syncPointerId
+                },
+                error: core.BaseError.fromError(error)
+            });
         }
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "remoteSyncStateNotFound",
+            message: "syncStateNotFound",
             data: {
                 syncPointerId
             }
         });
     }
     /**
-     * Handle the batch response.
+     * Handle the batch response which is triggered from a consolidation request.
      * @param response The batch response to handle.
      */
     async handleBatchResponse(response) {
         if (core.Is.stringValue(this._nodeIdentity)) {
+            const now = new Date(Date.now()).toISOString();
             // Create a new snapshot entry for the current batch
             const syncChangeSet = {
                 id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
-                dateCreated: new Date(Date.now()).toISOString(),
+                dateCreated: now,
+                dateModified: now,
                 changes: response.entities.map(change => ({
                     operation: synchronisedStorageModels.SyncChangeOperation.Set,
-                    id: change[response.primaryKey]
+                    id: change.id
                 })),
                 storageKey: response.storageKey,
                 nodeIdentity: this._nodeIdentity
@@ -1045,25 +1620,42 @@ class RemoteSyncStateHelper {
             // And sign it with the node identity
             syncChangeSet.proof = await this._changeSetHelper.createChangeSetProof(syncChangeSet);
             // Store the changeset in the blob storage
-            const changeSetStorageId = await this._changeSetHelper.storeChangeSet(syncChangeSet, this._nodeIdentity);
+            const changeSetStorageId = await this._changeSetHelper.storeChangeSet(syncChangeSet);
             // Add the changeset storage id to the snapshot ids
             this._batchResponseStorageIds[response.storageKey] ??= [];
             this._batchResponseStorageIds[response.storageKey].push(changeSetStorageId);
+            // If this is the last entry in the batch response, we can create the consolidated snapshot
             if (response.lastEntry) {
-                const syncState = { snapshots: [] };
+                // Get the current sync pointer store
+                const syncPointerStore = await this.getVerifiableSyncPointerStore();
+                let syncState;
+                if (core.Is.stringValue(syncPointerStore.syncPointers[response.storageKey])) {
+                    // If the sync pointer exists, we load the current sync state
+                    syncState = await this.getSyncState(syncPointerStore.syncPointers[response.storageKey]);
+                }
+                // If the sync state does not exist, we create a new one
+                syncState ??= {
+                    version: SYNC_STATE_VERSION,
+                    storageKey: response.storageKey,
+                    snapshots: []
+                };
                 const batchSnapshot = {
+                    version: SYNC_SNAPSHOT_VERSION,
                     id: core.Converter.bytesToHex(core.RandomHelper.generate(32)),
-                    dateCreated: new Date(Date.now()).toISOString(),
+                    dateCreated: now,
+                    dateModified: now,
+                    isConsolidated: true,
                     changeSetStorageIds: this._batchResponseStorageIds[response.storageKey]
                 };
                 syncState.snapshots.push(batchSnapshot);
-                // Store the sync state in the blob storage
+                // Store the updated sync state
                 const syncStateId = await this.storeRemoteSyncState(syncState);
-                // Get the current sync pointer store
-                const syncPointerStore = await this.getVerifiableSyncPointerStore();
                 syncPointerStore.syncPointers[response.storageKey] = syncStateId;
                 // Store the verifiable sync pointer in the verifiable storage
                 await this.storeVerifiableSyncPointerStore(syncPointerStore);
+                // Remove the batch response storage ids for the storage key
+                // as we have consolidated the changes
+                delete this._batchResponseStorageIds[response.storageKey];
                 await this._logging?.log({
                     level: "info",
                     source: this.CLASS_NAME,
@@ -1086,11 +1678,14 @@ class RemoteSyncStateHelper {
                 id: response.id
             }
         });
+        // We have received a response to an item request, find the right storage
+        // for the request id
         if (!core.Is.empty(this._populateFullChanges[response.storageKey])) {
             const idx = this._populateFullChanges[response.storageKey].requestIds.indexOf(response.id);
             if (idx !== -1) {
                 this._populateFullChanges[response.storageKey].requestIds.splice(idx, 1);
                 this._populateFullChanges[response.storageKey].entities[response.id] = response.entity;
+                // If there are no request ids remaining we can complete the population
                 if (this._populateFullChanges[response.storageKey].requestIds.length === 0) {
                     await this._populateFullChanges[response.storageKey].completeCallback();
                 }
@@ -1118,6 +1713,11 @@ class SynchronisedStorageService {
      * @internal
      */
     static _DEFAULT_CONSOLIDATION_BATCH_SIZE = 100;
+    /**
+     * The default max number of consolidations to keep in storage.
+     * @internal
+     */
+    static _DEFAULT_MAX_CONSOLIDATIONS = 5;
     /**
      * Runtime name for the class.
      */
@@ -1132,16 +1732,21 @@ class SynchronisedStorageService {
      * @internal
      */
     _eventBusComponent;
+    /**
+     * The vault connector.
+     * @internal
+     */
+    _vaultConnector;
     /**
      * The storage connector for the sync snapshot entries.
      * @internal
      */
     _localSyncSnapshotEntryEntityStorage;
     /**
-     * The blob storage component to use for remote sync states.
+     * The blob storage connector to use for remote sync states.
      * @internal
      */
-    _blobStorageComponent;
+    _blobStorageConnector;
     /**
      * The verifiable storage connector to use for storing sync pointers.
      * @internal
@@ -1162,6 +1767,11 @@ class SynchronisedStorageService {
      * @internal
      */
     _trustedSynchronisedStorageComponent;
+    /**
+     * The blob storage helper.
+     * @internal
+     */
+    _blobStorageHelper;
     /**
      * The change set helper.
      * @internal
@@ -1182,6 +1792,11 @@ class SynchronisedStorageService {
      * @internal
      */
     _config;
+    /**
+     * The synchronised storage key to use for the remote synchronised storage.
+     * @internal
+     */
+    _synchronisedStorageKey;
     /**
      * The flag to determine if the service has been started.
      * @internal
@@ -1206,13 +1821,13 @@ class SynchronisedStorageService {
         core.Guards.object(this.CLASS_NAME, "options.config", options.config);
         this._eventBusComponent = core.ComponentFactory.get(options.eventBusComponentType ?? "event-bus");
         this._logging = loggingModels.LoggingConnectorFactory.getIfExists(options.loggingConnectorType ?? "logging");
+        this._vaultConnector = vaultModels.VaultConnectorFactory.get(options.vaultConnectorType ?? "vault");
         this._localSyncSnapshotEntryEntityStorage = entityStorageModels.EntityStorageConnectorFactory.get(options.syncSnapshotStorageConnectorType ?? "sync-snapshot-entry");
         this._verifiableSyncPointerStorageConnector = verifiableStorageModels.VerifiableStorageConnectorFactory.get(options.verifiableStorageConnectorType ?? "verifiable-storage");
-        this._blobStorageComponent = core.ComponentFactory.get(options.blobStorageComponentType ?? "blob-storage");
+        this._blobStorageConnector = blobStorageModels.BlobStorageConnectorFactory.get(options.blobStorageConnectorType ?? "blob-storage");
         this._identityConnector = identityModels.IdentityConnectorFactory.get(options.identityConnectorType ?? "identity");
         this._taskSchedulerComponent = core.ComponentFactory.get(options.taskSchedulerComponentType ?? "task-scheduler");
         this._config = {
-            synchronisedStorageKey: options.config.synchronisedStorageKey,
             synchronisedStorageMethodId: options.config.synchronisedStorageMethodId ?? "synchronised-storage-assertion",
             entityUpdateIntervalMinutes: options.config.entityUpdateIntervalMinutes ??
                 SynchronisedStorageService._DEFAULT_ENTITY_UPDATE_INTERVAL_MINUTES,
@@ -1220,8 +1835,13 @@ class SynchronisedStorageService {
             consolidationIntervalMinutes: options.config.consolidationIntervalMinutes ??
                 SynchronisedStorageService._DEFAULT_CONSOLIDATION_INTERVAL_MINUTES,
             consolidationBatchSize: options.config.consolidationBatchSize ??
-                SynchronisedStorageService._DEFAULT_CONSOLIDATION_BATCH_SIZE
+                SynchronisedStorageService._DEFAULT_CONSOLIDATION_BATCH_SIZE,
+            maxConsolidations: options.config.maxConsolidations ?? SynchronisedStorageService._DEFAULT_MAX_CONSOLIDATIONS,
+            blobStorageEncryptionKeyId: options.config.blobStorageEncryptionKeyId ?? "synchronised-storage-blob-encryption-key",
+            verifiableStorageKeyId: options.config.verifiableStorageKeyId
         };
+        this._synchronisedStorageKey =
+            verifiableStorageKeys[options.config.verifiableStorageKeyId] ?? options.config.verifiableStorageKeyId;
         // If this is not a trusted node, we need to use a synchronised storage service
         // to synchronise with a trusted node.
         if (!this._config.isTrustedNode) {
@@ -1229,13 +1849,19 @@ class SynchronisedStorageService {
             this._trustedSynchronisedStorageComponent =
                 core.ComponentFactory.get(options.trustedSynchronisedStorageComponentType);
         }
-        this._changeSetHelper = new ChangeSetHelper(this._logging, this._eventBusComponent, this._blobStorageComponent, this._identityConnector, this._config.synchronisedStorageMethodId);
+        this._blobStorageHelper = new BlobStorageHelper(this._logging, this._vaultConnector, this._blobStorageConnector, this._config.blobStorageEncryptionKeyId, this._config.isTrustedNode);
+        this._changeSetHelper = new ChangeSetHelper(this._logging, this._eventBusComponent, this._identityConnector, this._blobStorageHelper, this._config.synchronisedStorageMethodId);
         this._localSyncStateHelper = new LocalSyncStateHelper(this._logging, this._localSyncSnapshotEntryEntityStorage, this._changeSetHelper);
-        this._remoteSyncStateHelper = new RemoteSyncStateHelper(this._logging, this._eventBusComponent, this._blobStorageComponent, this._verifiableSyncPointerStorageConnector, this._changeSetHelper, this._config.synchronisedStorageKey);
+        this._remoteSyncStateHelper = new RemoteSyncStateHelper(this._logging, this._eventBusComponent, this._verifiableSyncPointerStorageConnector, this._blobStorageHelper, this._changeSetHelper, this._config.isTrustedNode, this._config.maxConsolidations);
         this._serviceStarted = false;
         this._activeStorageKeys = {};
-        this._eventBusComponent.subscribe(synchronisedStorageModels.SynchronisedStorageTopics.RegisterStorageKey, async (event) => this.registerType(event.data));
-        this._eventBusComponent.subscribe(synchronisedStorageModels.SynchronisedStorageTopics.LocalItemChange, async (event) => this._localSyncStateHelper.addLocalChange(event.data.storageKey, event.data.operation, event.data.id));
+        this._eventBusComponent.subscribe(synchronisedStorageModels.SynchronisedStorageTopics.RegisterStorageKey, async (event) => this.registerStorageKey(event.data));
+        this._eventBusComponent.subscribe(synchronisedStorageModels.SynchronisedStorageTopics.LocalItemChange, async (event) => {
+            // Make sure the change event is from this node
+            if (core.Is.stringValue(this._nodeIdentity) && this._nodeIdentity === event.data.nodeIdentity) {
+                await this._localSyncStateHelper.addLocalChange(event.data.storageKey, event.data.operation, event.data.id);
+            }
+        });
     }
     /**
      * The component needs to be started when the node is initialized.
@@ -1247,7 +1873,16 @@ class SynchronisedStorageService {
     async start(nodeIdentity, nodeLoggingConnectorType, componentState) {
         this._nodeIdentity = nodeIdentity;
         this._remoteSyncStateHelper.setNodeIdentity(nodeIdentity);
+        this._changeSetHelper.setNodeIdentity(nodeIdentity);
+        this._remoteSyncStateHelper.setSynchronisedStorageKey(this._synchronisedStorageKey);
         this._serviceStarted = true;
+        // If this is not a trusted node we need to request the decryption key from a trusted node
+        if (!this._config.isTrustedNode && !core.Is.empty(this._trustedSynchronisedStorageComponent)) {
+            const proof = await this._identityConnector.createProof(this._nodeIdentity, identityModels.DocumentHelper.joinId(this._nodeIdentity, this._config.synchronisedStorageMethodId), standardsW3cDid.ProofTypes.DataIntegrityProof, { nodeIdentity });
+            const decryptionKey = await this._trustedSynchronisedStorageComponent.getDecryptionKey(this._nodeIdentity, proof);
+            // We don't have the private key so instead we store the key as a secret in the vault
+            await this._vaultConnector.setSecret(this._config.blobStorageEncryptionKeyId, decryptionKey);
+        }
         // If there are already storage keys registered, we need to activate them
         for (const storageKey in this._activeStorageKeys) {
             await this.activateStorageKey(storageKey);
@@ -1268,24 +1903,59 @@ class SynchronisedStorageService {
         }
     }
     /**
-     * Synchronise a complete set of changes, assumes this is a trusted node.
-     * @param changeSetStorageId The id of the change set to synchronise in blob storage.
+     * Get the decryption key for the synchronised storage.
+     * This is used to decrypt the data stored in the synchronised storage.
+     * @param nodeIdentity The identity of the node requesting the decryption key.
+     * @param proof The proof of the request so we know the request is from the specified node.
+     * @returns The decryption key.
+     */
+    async getDecryptionKey(nodeIdentity, proof) {
+        if (!this._config.isTrustedNode) {
+            throw new core.GeneralError(this.CLASS_NAME, "notTrustedNode");
+        }
+        core.Guards.stringValue(this.CLASS_NAME, "nodeIdentity", nodeIdentity);
+        core.Guards.object(this.CLASS_NAME, "proof", proof);
+        const isValid = await this._identityConnector.verifyProof({ nodeIdentity }, proof);
+        if (!isValid) {
+            throw new core.UnauthorizedError(this.CLASS_NAME, "invalidProof");
+        }
+        // TODO: We need to check if the node has permissions to access the decryption key
+        // using rights-management
+        const key = await this._vaultConnector.getKey(this._config.blobStorageEncryptionKeyId);
+        if (core.Is.undefined(key.publicKey)) {
+            throw new core.UnauthorizedError(this.CLASS_NAME, "decryptionKeyNotFound");
+        }
+        return core.Converter.bytesToBase64(key.publicKey);
+    }
+    /**
+     * Synchronise a set of changes from an untrusted node, assumes this is a trusted node.
+     * @param syncChangeSet The change set to synchronise.
      * @returns Nothing.
      */
-    async syncChangeSet(changeSetStorageId) {
+    async syncChangeSet(syncChangeSet) {
         if (!this._config.isTrustedNode) {
             throw new core.GeneralError(this.CLASS_NAME, "notTrustedNode");
         }
-        // This method is called by non trusted nodes to synchronise changes
-        core.Guards.stringValue(this.CLASS_NAME, "changeSetStorageId", changeSetStorageId);
+        core.Guards.object(this.CLASS_NAME, "syncChangeSet", syncChangeSet);
+        await this._logging?.log({
+            level: "info",
+            source: this.CLASS_NAME,
+            message: "syncChangeSetForRemoteNode",
+            data: {
+                changeSetStorageId: syncChangeSet.id
+            }
+        });
         // TODO: The change set has a proof signed by the originating node identity
         // The proof is verified that the change set is valid and has not been tampered with.
         // but we also need to check that the originating node has permissions
         // to store the change set in the synchronised storage.
         // This will be performed using rights-management
-        const changeSet = await this._changeSetHelper.getAndApplyChangeset(changeSetStorageId);
-        if (!core.Is.empty(changeSet)) {
-            await this._remoteSyncStateHelper.addChangeSetToSyncState(changeSet.storageKey, changeSetStorageId);
+        const copy = await this._changeSetHelper.copyChangeset(syncChangeSet);
+        if (!core.Is.empty(copy)) {
+            // Apply the changes to this node
+            await this._changeSetHelper.applyChangeset(copy.syncChangeSet);
+            // And update the sync state with the latest changes
+            await this._remoteSyncStateHelper.addChangeSetToSyncState(copy.syncChangeSet.storageKey, copy.changeSetStorageId);
         }
     }
     /**
@@ -1338,10 +2008,10 @@ class SynchronisedStorageService {
         if (!core.Is.empty(verifiableSyncPointerStore.syncPointers[storageKey])) {
             // Load the sync state from the remote blob storage using the sync pointer
             // to load the sync state
-            const remoteSyncState = await this._remoteSyncStateHelper.getRemoteSyncState(verifiableSyncPointerStore.syncPointers[storageKey]);
+            const remoteSyncState = await this._remoteSyncStateHelper.getSyncState(verifiableSyncPointerStore.syncPointers[storageKey]);
             // If we got the sync state we can try and sync from it
             if (!core.Is.undefined(remoteSyncState)) {
-                await this._localSyncStateHelper.syncFromRemote(storageKey, remoteSyncState);
+                await this._localSyncStateHelper.applySyncState(storageKey, remoteSyncState);
             }
         }
     }
@@ -1359,51 +2029,67 @@ class SynchronisedStorageService {
                 storageKey
             }
         });
-        const localChangeSnapshot = await this._localSyncStateHelper.getLocalChangeSnapshot(storageKey);
-        if (core.Is.arrayValue(localChangeSnapshot.changes)) {
-            await this._remoteSyncStateHelper.createAndStoreChangeSet(storageKey, localChangeSnapshot.changes, async (changeSetStorageId) => {
-                if (core.Is.stringValue(changeSetStorageId)) {
-                    await this._logging?.log({
-                        level: "info",
-                        source: this.CLASS_NAME,
-                        message: "createdStorageChangeSet",
-                        data: {
-                            storageKey,
-                            changeSetStorageId
+        const localChangeSnapshots = await this._localSyncStateHelper.getSnapshots(storageKey, true);
+        if (localChangeSnapshots.length > 0) {
+            const localChangeSnapshot = localChangeSnapshots[0];
+            if (core.Is.arrayValue(localChangeSnapshot.changes)) {
+                await this._remoteSyncStateHelper.buildChangeSet(storageKey, localChangeSnapshot.changes, async (syncChangeSet, changeSetStorageId) => {
+                    if (core.Is.empty(syncChangeSet) && core.Is.empty(changeSetStorageId)) {
+                        await this._logging?.log({
+                            level: "info",
+                            source: this.CLASS_NAME,
+                            message: "builtStorageChangeSetNone",
+                            data: {
+                                storageKey
+                            }
+                        });
+                    }
+                    else {
+                        await this._logging?.log({
+                            level: "info",
+                            source: this.CLASS_NAME,
+                            message: "builtStorageChangeSet",
+                            data: {
+                                storageKey,
+                                changeSetStorageId
+                            }
+                        });
+                        // Send the local changes to the remote storage if we are a trusted node
+                        if (this._config.isTrustedNode && core.Is.stringValue(changeSetStorageId)) {
+                            // If we are a trusted node, we can add the change set to the sync state
+                            // and remove the local change snapshot
+                            await this._remoteSyncStateHelper.addChangeSetToSyncState(storageKey, changeSetStorageId);
+                            await this._localSyncStateHelper.removeLocalChangeSnapshot(localChangeSnapshot);
+                        }
+                        else if (!core.Is.empty(this._trustedSynchronisedStorageComponent) &&
+                            core.Is.object(syncChangeSet)) {
+                            // If we are not a trusted node, we need to send the changes to the trusted node
+                            // and then remove the local change snapshot
+                            await this._logging?.log({
+                                level: "info",
+                                source: this.CLASS_NAME,
+                                message: "sendingChangeSetToTrustedNode",
+                                data: {
+                                    storageKey,
+                                    changeSetStorageId
+                                }
+                            });
+                            await this._trustedSynchronisedStorageComponent.syncChangeSet(syncChangeSet);
+                            await this._localSyncStateHelper.removeLocalChangeSnapshot(localChangeSnapshot);
                         }
-                    });
-                    // Send the local changes to the remote storage if we are a trusted node
-                    if (this._config.isTrustedNode) {
-                        await this._remoteSyncStateHelper.addChangeSetToSyncState(storageKey, changeSetStorageId);
-                        await this._localSyncStateHelper.removeLocalChangeSnapshot(localChangeSnapshot);
                     }
-                    else if (!core.Is.empty(this._trustedSynchronisedStorageComponent)) {
-                        // If we are not a trusted node, we need to send the changes to the trusted node
-                        await this._trustedSynchronisedStorageComponent.syncChangeSet(changeSetStorageId);
-                        await this._localSyncStateHelper.removeLocalChangeSnapshot(localChangeSnapshot);
+                });
+            }
+            else {
+                await this._logging?.log({
+                    level: "info",
+                    source: this.CLASS_NAME,
+                    message: "updateFromLocalSyncStateNoChanges",
+                    data: {
+                        storageKey
                     }
-                }
-                else {
-                    await this._logging?.log({
-                        level: "info",
-                        source: this.CLASS_NAME,
-                        message: "createdStorageChangeSetNone",
-                        data: {
-                            storageKey
-                        }
-                    });
-                }
-            });
-        }
-        else {
-            await this._logging?.log({
-                level: "info",
-                source: this.CLASS_NAME,
-                message: "updateFromLocalSyncStateNoChanges",
-                data: {
-                    storageKey
-                }
-            });
+                });
+            }
         }
     }
     /**
@@ -1415,17 +2101,17 @@ class SynchronisedStorageService {
     async startConsolidationSync(storageKey) {
         let localChangeSnapshot;
         try {
-            // If we are performing a consolidation, we can remove the local changes
-            await this._localSyncStateHelper.getLocalChangeSnapshot(storageKey);
+            // If we are performing a consolidation, we can remove the local change snapshot
+            // as we are going to create a complete changeset from the DB
+            const localChangeSnapshots = await this._localSyncStateHelper.getSnapshots(storageKey, true);
+            localChangeSnapshot = localChangeSnapshots[0];
             if (!core.Is.empty(localChangeSnapshot)) {
                 await this._localSyncStateHelper.removeLocalChangeSnapshot(localChangeSnapshot);
             }
-            if (core.Is.stringValue(this._nodeIdentity)) {
-                await this._remoteSyncStateHelper.consolidateFromLocal(storageKey, this._config.consolidationBatchSize ??
-                    SynchronisedStorageService._DEFAULT_CONSOLIDATION_BATCH_SIZE);
-                // The consolidation was successful, so we can remove the local change snapshot permanently
-                localChangeSnapshot = undefined;
-            }
+            await this._remoteSyncStateHelper.consolidationStart(storageKey, this._config.consolidationBatchSize ??
+                SynchronisedStorageService._DEFAULT_CONSOLIDATION_BATCH_SIZE);
+            // The consolidation was successful, so we can remove the local change snapshot permanently
+            localChangeSnapshot = undefined;
         }
         catch (error) {
             if (localChangeSnapshot) {
@@ -1442,22 +2128,22 @@ class SynchronisedStorageService {
     }
     /**
      * Register a new sync type.
-     * @param syncRegisterType The sync register type to register.
+     * @param syncRegisterStorageKey The sync register type to register.
      * @internal
      */
-    async registerType(syncRegisterType) {
+    async registerStorageKey(syncRegisterStorageKey) {
         await this._logging?.log({
             level: "info",
             source: this.CLASS_NAME,
-            message: "registerType",
+            message: "registerStorageKey",
             data: {
-                storageKey: syncRegisterType.storageKey
+                storageKey: syncRegisterStorageKey.storageKey
             }
         });
-        if (core.Is.empty(this._activeStorageKeys[syncRegisterType.storageKey])) {
-            this._activeStorageKeys[syncRegisterType.storageKey] = false;
+        if (core.Is.empty(this._activeStorageKeys[syncRegisterStorageKey.storageKey])) {
+            this._activeStorageKeys[syncRegisterStorageKey.storageKey] = false;
             if (this._serviceStarted) {
-                await this.activateStorageKey(syncRegisterType.storageKey);
+                await this.activateStorageKey(syncRegisterStorageKey.storageKey);
             }
         }
     }
@@ -1471,7 +2157,7 @@ class SynchronisedStorageService {
             await this._logging?.log({
                 level: "info",
                 source: this.CLASS_NAME,
-                message: "activateType",
+                message: "activateStorageKey",
                 data: {
                     storageKey
                 }
@@ -1501,5 +2187,6 @@ exports.SynchronisedStorageService = SynchronisedStorageService;
 exports.generateRestRoutesSynchronisedStorage = generateRestRoutesSynchronisedStorage;
 exports.initSchema = initSchema;
 exports.restEntryPoints = restEntryPoints;
+exports.synchronisedStorageGetDecryptionKeyRequest = synchronisedStorageGetDecryptionKeyRequest;
 exports.synchronisedStorageSyncChangeSetRequest = synchronisedStorageSyncChangeSetRequest;
 exports.tagsSynchronisedStorage = tagsSynchronisedStorage;