@web_of_trust/core 0.2.2

package/dist/adapters/messaging/OutboxMessagingAdapter.d.ts

@@ -0,0 +1,61 @@
+import { MessagingAdapter } from '../interfaces/MessagingAdapter';
+import { OutboxStore } from '../interfaces/OutboxStore';
+import { MessageEnvelope, DeliveryReceipt, MessagingState, MessageType } from '../../types/messaging';
+/**
+ * Offline-first wrapper for any MessagingAdapter.
+ *
+ * Decorator pattern (like OfflineFirstDiscoveryAdapter):
+ * - Wraps an inner MessagingAdapter
+ * - Persists unsent messages in an OutboxStore
+ * - Retries on reconnect via flushOutbox()
+ * - send() never throws for queued message types
+ *
+ * Usage:
+ *   const ws = new WebSocketMessagingAdapter(url)
+ *   const outboxStore = new EvoluOutboxStore(evolu)
+ *   const messaging = new OutboxMessagingAdapter(ws, outboxStore)
+ */
+export declare class OutboxMessagingAdapter implements MessagingAdapter {
+    private inner;
+    private outbox;
+    private flushing;
+    private skipTypes;
+    private sendTimeoutMs;
+    private reconnectIntervalMs;
+    private maxRetries;
+    private isOnline;
+    private reconnectTimer;
+    private myDid;
+    private unsubscribeStateChange;
+    constructor(inner: MessagingAdapter, outbox: OutboxStore, options?: {
+        skipTypes?: MessageType[];
+        sendTimeoutMs?: number;
+        /** Auto-reconnect interval in ms. Set to 0 to disable. Default: 10000 (10s). */
+        reconnectIntervalMs?: number;
+        /** Max retries before dropping a message. Default: 50. */
+        maxRetries?: number;
+        /** Optional online check. Default: always true. */
+        isOnline?: () => boolean;
+    });
+    connect(myDid: string): Promise<void>;
+    disconnect(): Promise<void>;
+    getState(): MessagingState;
+    send(envelope: MessageEnvelope): Promise<DeliveryReceipt>;
+    onMessage(callback: (envelope: MessageEnvelope) => void | Promise<void>): () => void;
+    onReceipt(callback: (receipt: DeliveryReceipt) => void): () => void;
+    registerTransport(did: string, transportAddress: string): Promise<void>;
+    resolveTransport(did: string): Promise<string | null>;
+    onStateChange(callback: (state: MessagingState) => void): () => void;
+    /**
+     * Retry all pending outbox messages.
+     * Called automatically on connect(). Can also be called manually.
+     * FIFO order. Individual failures don't abort the flush.
+     */
+    flushOutbox(): Promise<void>;
+    /** Expose outbox store for UI (pending count badge). */
+    getOutboxStore(): OutboxStore;
+    private _startAutoReconnect;
+    private _stopAutoReconnect;
+    private sendWithTimeout;
+}
+//# sourceMappingURL=OutboxMessagingAdapter.d.ts.map

package/dist/adapters/messaging/OutboxMessagingAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OutboxMessagingAdapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/messaging/OutboxMessagingAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,cAAc,EACd,WAAW,EACZ,MAAM,uBAAuB,CAAA;AAE9B;;;;;;;;;;;;;GAaG;AACH,qBAAa,sBAAuB,YAAW,gBAAgB;IAY3D,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,MAAM;IAZhB,OAAO,CAAC,QAAQ,CAAQ;IACxB,OAAO,CAAC,SAAS,CAAkB;IACnC,OAAO,CAAC,aAAa,CAAQ;IAC7B,OAAO,CAAC,mBAAmB,CAAQ;IACnC,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,cAAc,CAA8C;IACpE,OAAO,CAAC,KAAK,CAAsB;IACnC,OAAO,CAAC,sBAAsB,CAA4B;gBAGhD,KAAK,EAAE,gBAAgB,EACvB,MAAM,EAAE,WAAW,EAC3B,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,WAAW,EAAE,CAAA;QACzB,aAAa,CAAC,EAAE,MAAM,CAAA;QACtB,gFAAgF;QAChF,mBAAmB,CAAC,EAAE,MAAM,CAAA;QAC5B,0DAA0D;QAC1D,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,mDAAmD;QACnD,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAA;KACzB;IAWG,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC,QAAQ,IAAI,cAAc;IAMpB,IAAI,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IAkC/D,SAAS,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI;IAIpF,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,GAAG,MAAM,IAAI;IAM7D,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAM3D,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,GAAG,MAAM,IAAI;IASpE;;;;OAIG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IA4BlC,wDAAwD;IACxD,cAAc,IAAI,WAAW;IAM7B,OAAO,CAAC,mBAAmB;IAuB3B,OAAO,CAAC,kBAAkB;IAW1B,OAAO,CAAC,eAAe;CAgBxB"}

package/dist/adapters/messaging/TracedOutboxMessagingAdapter.d.ts

@@ -0,0 +1,20 @@
+import { MessagingAdapter } from '../interfaces/MessagingAdapter';
+import { MessageEnvelope, DeliveryReceipt, MessagingState } from '../../types/messaging';
+import { OutboxStore } from '../interfaces/OutboxStore';
+import { OutboxMessagingAdapter } from './OutboxMessagingAdapter';
+export declare class TracedOutboxMessagingAdapter implements MessagingAdapter {
+    private inner;
+    constructor(inner: OutboxMessagingAdapter);
+    connect(myDid: string): Promise<void>;
+    disconnect(): Promise<void>;
+    getState(): MessagingState;
+    onStateChange(callback: (state: MessagingState) => void): () => void;
+    send(envelope: MessageEnvelope): Promise<DeliveryReceipt>;
+    onMessage(callback: (envelope: MessageEnvelope) => void | Promise<void>): () => void;
+    onReceipt(callback: (receipt: DeliveryReceipt) => void): () => void;
+    registerTransport(did: string, transportAddress: string): Promise<void>;
+    resolveTransport(did: string): Promise<string | null>;
+    flushOutbox(): Promise<void>;
+    getOutboxStore(): OutboxStore;
+}
+//# sourceMappingURL=TracedOutboxMessagingAdapter.d.ts.map

package/dist/adapters/messaging/TracedOutboxMessagingAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TracedOutboxMessagingAdapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/messaging/TracedOutboxMessagingAdapter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,cAAc,EACf,MAAM,uBAAuB,CAAA;AAC9B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAA;AAkBtE,qBAAa,4BAA6B,YAAW,gBAAgB;IACvD,OAAO,CAAC,KAAK;gBAAL,KAAK,EAAE,sBAAsB;IAE3C,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC,QAAQ,IAAI,cAAc;IAI1B,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,GAAG,MAAM,IAAI;IAoB9D,IAAI,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IAgC/D,SAAS,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI;IAcpF,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,GAAG,MAAM,IAAI;IAI7D,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAMrD,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;IA+BlC,cAAc,IAAI,WAAW;CAG9B"}

package/dist/adapters/messaging/WebSocketMessagingAdapter.d.ts

@@ -0,0 +1,63 @@
+import { MessagingAdapter } from '../interfaces/MessagingAdapter';
+import { MessageEnvelope, DeliveryReceipt, MessagingState } from '../../types/messaging';
+/**
+ * Function that signs a challenge nonce to prove DID ownership.
+ * Returns base64url-encoded Ed25519 signature.
+ */
+export type SignChallengeFn = (nonce: string) => Promise<string>;
+/**
+ * WebSocket-based messaging adapter that connects to a relay server.
+ *
+ * Uses the browser-native WebSocket API (no `ws` dependency needed).
+ * The relay is blind — it only forwards envelopes without inspecting payloads.
+ *
+ * Protocol (with challenge-response auth):
+ * 1. Client → { type: 'register', did }
+ * 2. Relay  → { type: 'challenge', nonce }
+ * 3. Client → { type: 'challenge-response', did, nonce, signature }
+ * 4. Relay  → { type: 'registered', did, peers }
+ */
+export declare class WebSocketMessagingAdapter implements MessagingAdapter {
+    private relayUrl;
+    private ws;
+    private state;
+    private messageCallbacks;
+    private receiptCallbacks;
+    private stateCallbacks;
+    private transportMap;
+    private pendingReceipts;
+    /** Buffer for messages that arrive before any onMessage handler is registered */
+    private earlyMessageBuffer;
+    private heartbeatInterval;
+    private heartbeatTimeout;
+    private readonly HEARTBEAT_INTERVAL_MS;
+    private readonly HEARTBEAT_TIMEOUT_MS;
+    private readonly SEND_TIMEOUT_MS;
+    private signChallenge;
+    constructor(relayUrl: string, options?: {
+        sendTimeoutMs?: number;
+        signChallenge?: SignChallengeFn;
+    });
+    private setState;
+    onStateChange(callback: (state: MessagingState) => void): () => void;
+    private connectedDid;
+    private peerCount;
+    connect(myDid: string): Promise<void>;
+    disconnect(): Promise<void>;
+    getState(): MessagingState;
+    getPeerCount(): number;
+    private startHeartbeat;
+    private stopHeartbeat;
+    /**
+     * Process incoming message: await all callbacks, then ACK.
+     * If no handlers are registered yet, buffer the message for later delivery.
+     */
+    private handleIncomingMessage;
+    private handlePong;
+    send(envelope: MessageEnvelope): Promise<DeliveryReceipt>;
+    onMessage(callback: (envelope: MessageEnvelope) => void | Promise<void>): () => void;
+    onReceipt(callback: (receipt: DeliveryReceipt) => void): () => void;
+    registerTransport(did: string, transportAddress: string): Promise<void>;
+    resolveTransport(did: string): Promise<string | null>;
+}
+//# sourceMappingURL=WebSocketMessagingAdapter.d.ts.map

package/dist/adapters/messaging/WebSocketMessagingAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"WebSocketMessagingAdapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/messaging/WebSocketMessagingAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAA;AACtE,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,cAAc,EACf,MAAM,uBAAuB,CAAA;AAE9B;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;AAEhE;;;;;;;;;;;GAWG;AACH,qBAAa,yBAA0B,YAAW,gBAAgB;IAkBpD,OAAO,CAAC,QAAQ;IAjB5B,OAAO,CAAC,EAAE,CAAyB;IACnC,OAAO,CAAC,KAAK,CAAiC;IAC9C,OAAO,CAAC,gBAAgB,CAAiE;IACzF,OAAO,CAAC,gBAAgB,CAAgD;IACxE,OAAO,CAAC,cAAc,CAA6C;IACnE,OAAO,CAAC,YAAY,CAA4B;IAChD,OAAO,CAAC,eAAe,CAAwD;IAC/E,iFAAiF;IACjF,OAAO,CAAC,kBAAkB,CAAwB;IAClD,OAAO,CAAC,iBAAiB,CAA8C;IACvE,OAAO,CAAC,gBAAgB,CAA6C;IACrE,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAQ;IAC7C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAQ;IAExC,OAAO,CAAC,aAAa,CAAwB;gBAEzB,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,aAAa,CAAC,EAAE,eAAe,CAAA;KAAE;IAK3G,OAAO,CAAC,QAAQ;IAOhB,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,GAAG,MAAM,IAAI;IAKpE,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,SAAS,CAAI;IAEf,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqHrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAWjC,QAAQ,IAAI,cAAc;IAI1B,YAAY,IAAI,MAAM;IAItB,OAAO,CAAC,cAAc;IAsBtB,OAAO,CAAC,aAAa;IAWrB;;;OAGG;YACW,qBAAqB;IAsBnC,OAAO,CAAC,UAAU;IAQZ,IAAI,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;IA8B/D,SAAS,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,eAAe,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI;IAgBpF,SAAS,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,GAAG,MAAM,IAAI;IAO7D,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAG5D"}

package/dist/adapters/messaging/index.d.ts

@@ -0,0 +1,3 @@
+export { InMemoryMessagingAdapter } from './InMemoryMessagingAdapter';
+export { WebSocketMessagingAdapter } from './WebSocketMessagingAdapter';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/messaging/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/adapters/messaging/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AACrE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA"}

package/dist/adapters/storage/AutomergeSpaceMetadataStorage.d.ts

@@ -0,0 +1,22 @@
+import { SpaceMetadataStorage, PersistedSpaceMetadata, PersistedGroupKey } from '../interfaces/SpaceMetadataStorage';
+export interface SpaceMetadataDocFunctions {
+    getPersonalDoc: () => any;
+    changePersonalDoc: (fn: (doc: any) => void, options?: {
+        background?: boolean;
+    }) => any;
+}
+export declare class PersonalDocSpaceMetadataStorage implements SpaceMetadataStorage {
+    private getPersonalDoc;
+    private changePersonalDoc;
+    constructor(fns: SpaceMetadataDocFunctions);
+    saveSpaceMetadata(meta: PersistedSpaceMetadata): Promise<void>;
+    loadSpaceMetadata(spaceId: string): Promise<PersistedSpaceMetadata | null>;
+    loadAllSpaceMetadata(): Promise<PersistedSpaceMetadata[]>;
+    deleteSpaceMetadata(spaceId: string): Promise<void>;
+    saveGroupKey(key: PersistedGroupKey): Promise<void>;
+    loadGroupKeys(spaceId: string): Promise<PersistedGroupKey[]>;
+    deleteGroupKeys(spaceId: string): Promise<void>;
+    clearAll(): Promise<void>;
+    private deserialize;
+}
+//# sourceMappingURL=AutomergeSpaceMetadataStorage.d.ts.map

package/dist/adapters/storage/AutomergeSpaceMetadataStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AutomergeSpaceMetadataStorage.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/AutomergeSpaceMetadataStorage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,KAAK,EACV,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EAClB,MAAM,oCAAoC,CAAA;AAE3C,MAAM,WAAW,yBAAyB;IACxC,cAAc,EAAE,MAAM,GAAG,CAAA;IACzB,iBAAiB,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,GAAG,CAAA;CACvF;AAMD,qBAAa,+BAAgC,YAAW,oBAAoB;IAC1E,OAAO,CAAC,cAAc,CAAW;IACjC,OAAO,CAAC,iBAAiB,CAAqE;gBAElF,GAAG,EAAE,yBAAyB;IAKpC,iBAAiB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAwB9D,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAO1E,oBAAoB,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAKzD,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnD,YAAY,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWnD,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAW5D,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/C,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAW/B,OAAO,CAAC,WAAW;CAyBpB"}

package/dist/adapters/storage/InMemoryCompactStore.d.ts

@@ -0,0 +1,18 @@
+/**
+ * In-memory implementation of CompactStorageManager for testing.
+ * Same interface as CompactStorageManager but without IndexedDB.
+ */
+export declare class InMemoryCompactStore {
+    private data;
+    open(): Promise<void>;
+    save(docId: string, binary: Uint8Array): Promise<void>;
+    load(docId: string): Promise<Uint8Array | null>;
+    delete(docId: string): Promise<void>;
+    list(): Promise<string[]>;
+    close(): void;
+    /** Test helper: check if a snapshot exists */
+    has(docId: string): boolean;
+    /** Test helper: get snapshot size */
+    size(docId: string): number;
+}
+//# sourceMappingURL=InMemoryCompactStore.d.ts.map

package/dist/adapters/storage/InMemoryCompactStore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemoryCompactStore.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/InMemoryCompactStore.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,IAAI,CAAgC;IAEtC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAItD,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI/C,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAI/B,KAAK,IAAI,IAAI;IAIb,8CAA8C;IAC9C,GAAG,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI3B,qCAAqC;IACrC,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;CAG5B"}

package/dist/adapters/storage/InMemorySpaceMetadataStorage.d.ts

@@ -0,0 +1,17 @@
+import { SpaceMetadataStorage, PersistedSpaceMetadata, PersistedGroupKey } from '../interfaces/SpaceMetadataStorage';
+/**
+ * In-memory implementation of SpaceMetadataStorage for testing.
+ */
+export declare class InMemorySpaceMetadataStorage implements SpaceMetadataStorage {
+    private spaces;
+    private groupKeys;
+    saveSpaceMetadata(meta: PersistedSpaceMetadata): Promise<void>;
+    loadSpaceMetadata(spaceId: string): Promise<PersistedSpaceMetadata | null>;
+    loadAllSpaceMetadata(): Promise<PersistedSpaceMetadata[]>;
+    deleteSpaceMetadata(spaceId: string): Promise<void>;
+    saveGroupKey(key: PersistedGroupKey): Promise<void>;
+    loadGroupKeys(spaceId: string): Promise<PersistedGroupKey[]>;
+    deleteGroupKeys(spaceId: string): Promise<void>;
+    clearAll(): Promise<void>;
+}
+//# sourceMappingURL=InMemorySpaceMetadataStorage.d.ts.map

package/dist/adapters/storage/InMemorySpaceMetadataStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InMemorySpaceMetadataStorage.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/InMemorySpaceMetadataStorage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EAClB,MAAM,oCAAoC,CAAA;AAE3C;;GAEG;AACH,qBAAa,4BAA6B,YAAW,oBAAoB;IACvE,OAAO,CAAC,MAAM,CAA4C;IAC1D,OAAO,CAAC,SAAS,CAAyC;IAEpD,iBAAiB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9D,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAI1E,oBAAoB,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAIzD,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,YAAY,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWnD,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAI5D,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAIhC"}

package/dist/adapters/storage/IndexedDBSpaceMetadataStorage.d.ts

@@ -0,0 +1,15 @@
+import { SpaceMetadataStorage, PersistedSpaceMetadata, PersistedGroupKey } from '../interfaces/SpaceMetadataStorage';
+export declare class IndexedDBSpaceMetadataStorage implements SpaceMetadataStorage {
+    private dbPromise;
+    constructor(dbName?: string);
+    saveSpaceMetadata(meta: PersistedSpaceMetadata): Promise<void>;
+    loadSpaceMetadata(spaceId: string): Promise<PersistedSpaceMetadata | null>;
+    loadAllSpaceMetadata(): Promise<PersistedSpaceMetadata[]>;
+    deleteSpaceMetadata(spaceId: string): Promise<void>;
+    saveGroupKey(key: PersistedGroupKey): Promise<void>;
+    loadGroupKeys(spaceId: string): Promise<PersistedGroupKey[]>;
+    deleteGroupKeys(spaceId: string): Promise<void>;
+    clearAll(): Promise<void>;
+    private deserialize;
+}
+//# sourceMappingURL=IndexedDBSpaceMetadataStorage.d.ts.map

package/dist/adapters/storage/IndexedDBSpaceMetadataStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"IndexedDBSpaceMetadataStorage.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/IndexedDBSpaceMetadataStorage.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,oBAAoB,EACpB,sBAAsB,EACtB,iBAAiB,EAClB,MAAM,oCAAoC,CAAA;AA2B3C,qBAAa,6BAA8B,YAAW,oBAAoB;IACxE,OAAO,CAAC,SAAS,CAAuB;gBAE5B,MAAM,GAAE,MAAgB;IAc9B,iBAAiB,CAAC,IAAI,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAe9D,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAO1E,oBAAoB,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAMzD,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKnD,YAAY,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWnD,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAU5D,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAU/C,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ/B,OAAO,CAAC,WAAW;CAYpB"}

package/dist/adapters/storage/LocalStorageAdapter.d.ts

@@ -0,0 +1,26 @@
+import { StorageAdapter } from '../interfaces/StorageAdapter';
+import { Identity, Profile, Contact, Verification, Attestation, AttestationMetadata } from '../../types';
+export declare class LocalStorageAdapter implements StorageAdapter {
+    private db;
+    init(): Promise<void>;
+    private ensureDb;
+    createIdentity(did: string, profile: Profile): Promise<Identity>;
+    getIdentity(): Promise<Identity | null>;
+    updateIdentity(identity: Identity): Promise<void>;
+    addContact(contact: Contact): Promise<void>;
+    getContacts(): Promise<Contact[]>;
+    getContact(did: string): Promise<Contact | null>;
+    updateContact(contact: Contact): Promise<void>;
+    removeContact(did: string): Promise<void>;
+    saveVerification(verification: Verification): Promise<void>;
+    getReceivedVerifications(): Promise<Verification[]>;
+    getAllVerifications(): Promise<Verification[]>;
+    getVerification(id: string): Promise<Verification | null>;
+    saveAttestation(attestation: Attestation): Promise<void>;
+    getReceivedAttestations(): Promise<Attestation[]>;
+    getAttestation(id: string): Promise<Attestation | null>;
+    getAttestationMetadata(attestationId: string): Promise<AttestationMetadata | null>;
+    setAttestationAccepted(attestationId: string, accepted: boolean): Promise<void>;
+    clear(): Promise<void>;
+}
+//# sourceMappingURL=LocalStorageAdapter.d.ts.map

package/dist/adapters/storage/LocalStorageAdapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"LocalStorageAdapter.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/LocalStorageAdapter.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAClE,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AA+B7G,qBAAa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,EAAE,CAAmC;IAEvC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAkC3B,OAAO,CAAC,QAAQ;IAQV,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAahE,WAAW,IAAI,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAMvC,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAOjD,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK3C,WAAW,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAKjC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAKhD,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9C,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMzC,gBAAgB,CAAC,YAAY,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAY3D,wBAAwB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAKnD,mBAAmB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAK9C,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAMzD,eAAe,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAaxD,uBAAuB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAKjD,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAMvD,sBAAsB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAKlF,sBAAsB,CAAC,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAW/E,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAU7B"}

package/dist/adapters/storage/index.d.ts

@@ -0,0 +1,2 @@
+export * from './LocalStorageAdapter';
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/adapters/storage/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA"}

package/dist/crypto/capabilities.d.ts

@@ -0,0 +1,80 @@
+import { ResourceRef } from '../types/resource-ref';
+export type Permission = 'read' | 'write' | 'delete' | 'delegate';
+export interface Capability {
+    id: string;
+    issuer: string;
+    audience: string;
+    resource: ResourceRef;
+    permissions: Permission[];
+    expiration: string;
+    proof?: string;
+}
+/** A capability encoded as JWS (signed by the issuer) */
+export type CapabilityJws = string;
+export interface VerifiedCapability {
+    valid: true;
+    capability: Capability;
+    chain: Capability[];
+}
+export interface CapabilityError {
+    valid: false;
+    error: string;
+}
+export type CapabilityVerificationResult = VerifiedCapability | CapabilityError;
+/**
+ * Sign function — signs a payload and returns JWS compact serialization.
+ * Typically provided by WotIdentity.signJws.bind(identity).
+ */
+export type SignFn = (payload: unknown) => Promise<string>;
+/**
+ * Create and sign a capability token.
+ *
+ * @param params - Capability parameters
+ * @param sign - Sign function (e.g. identity.signJws.bind(identity))
+ * @returns Signed capability as JWS string
+ */
+export declare function createCapability(params: {
+    issuer: string;
+    audience: string;
+    resource: ResourceRef;
+    permissions: Permission[];
+    expiration: string;
+}, sign: SignFn): Promise<CapabilityJws>;
+/**
+ * Verify a capability JWS: signature, expiration, and delegation chain.
+ *
+ * Verification checks:
+ * 1. JWS signature is valid (issuer's Ed25519 key from did:key)
+ * 2. Capability has not expired
+ * 3. If delegated (has proof): parent chain is valid and permissions are attenuated
+ *
+ * @param capabilityJws - The signed capability token
+ * @param now - Current time for expiration check (default: new Date())
+ * @returns Verification result with decoded capability or error
+ */
+export declare function verifyCapability(capabilityJws: CapabilityJws, now?: Date): Promise<CapabilityVerificationResult>;
+/**
+ * Extract a capability from a JWS without verifying the signature.
+ * Useful for inspecting tokens or debugging.
+ */
+export declare function extractCapability(capabilityJws: CapabilityJws): Capability | null;
+/**
+ * Create a delegated capability with attenuated permissions.
+ *
+ * The new capability:
+ * - Has the delegator as issuer (= audience of parent)
+ * - Can only have a subset of the parent's permissions
+ * - Cannot expire later than the parent
+ * - Carries the parent JWS as proof
+ *
+ * @param parentCapabilityJws - The parent capability (must include 'delegate' permission)
+ * @param params - Delegation parameters
+ * @param sign - Sign function of the delegator (audience of parent)
+ * @returns Signed delegated capability as JWS
+ */
+export declare function delegateCapability(parentCapabilityJws: CapabilityJws, params: {
+    audience: string;
+    permissions: Permission[];
+    expiration: string;
+}, sign: SignFn): Promise<CapabilityJws>;
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/crypto/capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../src/crypto/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIxD,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEjE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,WAAW,CAAA;IACrB,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,yDAAyD;AACzD,MAAM,MAAM,aAAa,GAAG,MAAM,CAAA;AAElC,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,IAAI,CAAA;IACX,UAAU,EAAE,UAAU,CAAA;IACtB,KAAK,EAAE,UAAU,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,KAAK,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,MAAM,4BAA4B,GAAG,kBAAkB,GAAG,eAAe,CAAA;AAE/E;;;GAGG;AACH,MAAM,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;AAI1D;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE;IACN,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,WAAW,CAAA;IACrB,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;CACnB,EACD,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,aAAa,CAAC,CAWxB;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CACpC,aAAa,EAAE,aAAa,EAC5B,GAAG,CAAC,EAAE,IAAI,GACT,OAAO,CAAC,4BAA4B,CAAC,CAwGvC;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,aAAa,GAAG,UAAU,GAAG,IAAI,CAIjF;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAsB,kBAAkB,CACtC,mBAAmB,EAAE,aAAa,EAClC,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;CACnB,EACD,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,aAAa,CAAC,CAsCxB"}

package/dist/crypto/did.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Create a did:key from Ed25519 public key bytes
+ * Format: did:key:z<base58btc-encoded-multicodec-pubkey>
+ */
+export declare function createDid(publicKeyBytes: Uint8Array): string;
+/**
+ * Extract Ed25519 public key bytes from did:key
+ */
+export declare function didToPublicKeyBytes(did: string): Uint8Array;
+/**
+ * Validate did:key format
+ */
+export declare function isValidDid(did: string): boolean;
+/**
+ * Generate a short display name from a DID
+ * Format: "User-{6chars}" from the end of the DID
+ */
+export declare function getDefaultDisplayName(did: string): string;
+//# sourceMappingURL=did.d.ts.map

package/dist/crypto/did.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.d.ts","sourceRoot":"","sources":["../../src/crypto/did.ts"],"names":[],"mappings":"AAKA;;;GAGG;AACH,wBAAgB,SAAS,CAAC,cAAc,EAAE,UAAU,GAAG,MAAM,CAU5D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAc3D;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAQ/C;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAIzD"}

package/dist/crypto/encoding.d.ts

@@ -0,0 +1,7 @@
+export declare function encodeBase58(bytes: Uint8Array): string;
+export declare function decodeBase58(str: string): Uint8Array;
+export declare function encodeBase64Url(bytes: Uint8Array): string;
+export declare function decodeBase64Url(str: string): Uint8Array;
+/** Convert Uint8Array to ArrayBuffer slice (workaround for TypeScript strict mode with Web Crypto). */
+export declare function toBuffer(arr: Uint8Array): ArrayBuffer;
+//# sourceMappingURL=encoding.d.ts.map

package/dist/crypto/encoding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding.d.ts","sourceRoot":"","sources":["../../src/crypto/encoding.ts"],"names":[],"mappings":"AAGA,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAyBtD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAsBpD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAQzD;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAMvD;AAED,uGAAuG;AACvG,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,WAAW,CAErD"}

package/dist/crypto/envelope-auth.d.ts

@@ -0,0 +1,30 @@
+import { MessageEnvelope } from '../types/messaging';
+/**
+ * Create the canonical string to sign for a MessageEnvelope.
+ * Fields are pipe-separated in a fixed order — deterministic and unambiguous.
+ */
+export declare function canonicalSigningInput(envelope: MessageEnvelope): string;
+/**
+ * Sign function type — matches WotIdentity.sign() signature.
+ * Takes a string, returns base64url-encoded Ed25519 signature.
+ */
+export type EnvelopeSignFn = (data: string) => Promise<string>;
+/**
+ * Sign a MessageEnvelope.
+ * Mutates the envelope's `signature` field in-place and returns it.
+ *
+ * @param envelope - The envelope to sign
+ * @param sign - Signing function (e.g., identity.sign.bind(identity))
+ */
+export declare function signEnvelope(envelope: MessageEnvelope, sign: EnvelopeSignFn): Promise<MessageEnvelope>;
+/**
+ * Verify a MessageEnvelope's signature against fromDid.
+ *
+ * Extracts the Ed25519 public key from envelope.fromDid (did:key),
+ * then verifies the signature over the canonical fields.
+ *
+ * Returns true if signature is valid, false otherwise.
+ * Never throws — returns false on any error.
+ */
+export declare function verifyEnvelope(envelope: MessageEnvelope): Promise<boolean>;
+//# sourceMappingURL=envelope-auth.d.ts.map

package/dist/crypto/envelope-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envelope-auth.d.ts","sourceRoot":"","sources":["../../src/crypto/envelope-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAIzD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,eAAe,GAAG,MAAM,CAEvE;AAED;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;AAE9D;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,QAAQ,EAAE,eAAe,EACzB,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,eAAe,CAAC,CAI1B;AAED;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAiChF"}

package/dist/crypto/index.d.ts

@@ -0,0 +1,4 @@
+export * from './encoding';
+export * from './did';
+export * from './jws';
+//# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAA;AAC1B,cAAc,OAAO,CAAA;AACrB,cAAc,OAAO,CAAA"}

package/dist/crypto/jws.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Sign data and return JWS compact serialization
+ *
+ * @param payload - The data to sign (will be JSON stringified)
+ * @param privateKey - CryptoKey for signing (Ed25519)
+ * @returns JWS compact serialization string (header.payload.signature)
+ */
+export declare function signJws(payload: unknown, privateKey: CryptoKey): Promise<string>;
+/**
+ * Verify a JWS signature
+ *
+ * @param jws - JWS compact serialization string
+ * @param publicKey - CryptoKey for verification (Ed25519)
+ * @returns Object with verification result and decoded payload
+ */
+export declare function verifyJws(jws: string, publicKey: CryptoKey): Promise<{
+    valid: boolean;
+    payload?: unknown;
+    error?: string;
+}>;
+/**
+ * Extract payload from JWS without verifying signature
+ * Useful for debugging or when signature verification happens separately
+ */
+export declare function extractJwsPayload(jws: string): unknown | null;
+//# sourceMappingURL=jws.d.ts.map

package/dist/crypto/jws.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jws.d.ts","sourceRoot":"","sources":["../../src/crypto/jws.ts"],"names":[],"mappings":"AAsBA;;;;;;GAMG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,SAAS,GACpB,OAAO,CAAC,MAAM,CAAC,CAgCjB;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA6ChE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CAU7D"}

package/dist/identity/SeedStorage.d.ts

@@ -0,0 +1,64 @@
+/**
+ * SeedStorage - Encrypted storage for master seed
+ *
+ * Security:
+ * - Master seed encrypted with PBKDF2(passphrase) + AES-GCM
+ * - Stored in IndexedDB
+ * - Never stored unencrypted
+ * - Session cache: non-extractable CryptoKey in IndexedDB with TTL
+ */
+export declare class SeedStorage {
+    private static readonly DB_NAME;
+    private static readonly STORE_NAME;
+    private static readonly SESSION_STORE_NAME;
+    private static readonly PBKDF2_ITERATIONS;
+    private static readonly DEFAULT_SESSION_TTL;
+    private db;
+    /**
+     * Initialize IndexedDB
+     */
+    init(): Promise<void>;
+    /**
+     * Store encrypted seed
+     *
+     * @param seed - Master seed (32 bytes)
+     * @param passphrase - User's passphrase
+     */
+    storeSeed(seed: Uint8Array, passphrase: string): Promise<void>;
+    /**
+     * Load and decrypt seed using passphrase.
+     * On success, caches the derived CryptoKey as session key.
+     *
+     * @param passphrase - User's passphrase
+     * @returns Decrypted seed or null if not found
+     */
+    loadSeed(passphrase: string): Promise<Uint8Array | null>;
+    /**
+     * Load and decrypt seed using cached session key (no passphrase needed).
+     * Returns null if no session key, session expired, or decryption fails.
+     */
+    loadSeedWithSessionKey(): Promise<Uint8Array | null>;
+    /**
+     * Check if a valid (non-expired) session key exists
+     */
+    hasActiveSession(): Promise<boolean>;
+    /**
+     * Check if seed exists in storage
+     */
+    hasSeed(): Promise<boolean>;
+    /**
+     * Delete stored seed and session key
+     */
+    deleteSeed(): Promise<void>;
+    /**
+     * Clear the cached session key
+     */
+    clearSessionKey(): Promise<void>;
+    private storeSessionKey;
+    private getSessionEntry;
+    private getEncryptedSeed;
+    private deriveEncryptionKey;
+    private arrayBufferToBase64Url;
+    private base64UrlToArrayBuffer;
+}
+//# sourceMappingURL=SeedStorage.d.ts.map

package/dist/identity/SeedStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SeedStorage.d.ts","sourceRoot":"","sources":["../../src/identity/SeedStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAiB;IAChD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAU;IAC5C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAY;IACtD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAClD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAiB;IAC5D,OAAO,CAAC,EAAE,CAA2B;IAErC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAsB3B;;;;;OAKG;IACG,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAsCpE;;;;;;OAMG;IACG,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAoC9D;;;OAGG;IACG,sBAAsB,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IA4C1D;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC;IAkB1C;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC;IAQjC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAiBjC;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;YAiBxB,eAAe;YAmBf,eAAe;YAWf,gBAAgB;YAWhB,mBAAmB;IA8BjC,OAAO,CAAC,sBAAsB;IAY9B,OAAO,CAAC,sBAAsB;CAQ/B"}