@xnetjs/sync 0.0.2

package/dist/index.js

@@ -0,0 +1,3706 @@
+// src/change.ts
+import { hashHex, sign, verify } from "@xnetjs/crypto";
+var CURRENT_PROTOCOL_VERSION = 3;
+function createUnsignedChange(options) {
+  const unsigned = {
+    protocolVersion: CURRENT_PROTOCOL_VERSION,
+    id: options.id,
+    type: options.type,
+    payload: options.payload,
+    parentHash: options.parentHash,
+    authorDID: options.authorDID,
+    wallTime: options.wallTime ?? Date.now(),
+    lamport: options.lamport
+  };
+  if (options.batchId !== void 0) {
+    unsigned.batchId = options.batchId;
+    unsigned.batchIndex = options.batchIndex;
+    unsigned.batchSize = options.batchSize;
+  }
+  return unsigned;
+}
+function createBatchId() {
+  return `batch-${crypto.randomUUID()}`;
+}
+function sortObjectKeys(obj) {
+  if (obj === null || typeof obj !== "object") {
+    return obj;
+  }
+  if (Array.isArray(obj)) {
+    return obj.map(sortObjectKeys);
+  }
+  const sorted = {};
+  for (const key of Object.keys(obj).sort()) {
+    sorted[key] = sortObjectKeys(obj[key]);
+  }
+  return sorted;
+}
+function computeChangeHash(unsigned) {
+  let toHash;
+  if (unsigned.protocolVersion === void 0 || unsigned.protocolVersion === 0) {
+    const legacy = {};
+    for (const [key, value] of Object.entries(unsigned)) {
+      if (key !== "protocolVersion") {
+        legacy[key] = value;
+      }
+    }
+    toHash = legacy;
+  } else {
+    toHash = unsigned;
+  }
+  const canonical = JSON.stringify(sortObjectKeys(toHash));
+  const hashBytes = new TextEncoder().encode(canonical);
+  return `cid:blake3:${hashHex(hashBytes)}`;
+}
+function signChange(unsigned, signingKey) {
+  const hash4 = computeChangeHash(unsigned);
+  const hashBytes = new TextEncoder().encode(hash4);
+  const signature = sign(hashBytes, signingKey);
+  return {
+    ...unsigned,
+    hash: hash4,
+    signature
+  };
+}
+function verifyChange(change, publicKey) {
+  const version = change.protocolVersion ?? 0;
+  if (version > CURRENT_PROTOCOL_VERSION) {
+    console.warn(
+      `[xnet/sync] Change ${change.id} uses protocol version ${version}, but current version is ${CURRENT_PROTOCOL_VERSION}. Consider upgrading xNet for full compatibility.`
+    );
+  }
+  const hashBytes = new TextEncoder().encode(change.hash);
+  return verify(hashBytes, change.signature, publicKey);
+}
+function verifyChangeHash(change) {
+  const unsigned = {
+    id: change.id,
+    type: change.type,
+    payload: change.payload,
+    parentHash: change.parentHash,
+    authorDID: change.authorDID,
+    wallTime: change.wallTime,
+    lamport: change.lamport
+  };
+  if (change.protocolVersion !== void 0) {
+    unsigned.protocolVersion = change.protocolVersion;
+  }
+  if (change.batchId !== void 0) {
+    unsigned.batchId = change.batchId;
+    unsigned.batchIndex = change.batchIndex;
+    unsigned.batchSize = change.batchSize;
+  }
+  const computedHash = computeChangeHash(unsigned);
+  return computedHash === change.hash;
+}
+function createChangeId() {
+  return crypto.randomUUID();
+}
+
+// src/clock.ts
+function createLamportClock(author) {
+  return { time: 0, author };
+}
+function tick(clock) {
+  const newTime = clock.time + 1;
+  const newClock = { ...clock, time: newTime };
+  const timestamp = { time: newTime, author: clock.author };
+  return [newClock, timestamp];
+}
+function receive(clock, receivedTime) {
+  return {
+    ...clock,
+    time: Math.max(clock.time, receivedTime)
+  };
+}
+function compareLamportTimestamps(a, b) {
+  if (a.time < b.time) return -1;
+  if (a.time > b.time) return 1;
+  const authorCmp = a.author.localeCompare(b.author);
+  if (authorCmp < 0) return -1;
+  if (authorCmp > 0) return 1;
+  return 0;
+}
+function isBefore(a, b) {
+  return compareLamportTimestamps(a, b) === -1;
+}
+function isAfter(a, b) {
+  return compareLamportTimestamps(a, b) === 1;
+}
+function serializeTimestamp(ts) {
+  const paddedTime = ts.time.toString().padStart(16, "0");
+  return `${paddedTime}-${ts.author}`;
+}
+function parseTimestamp(serialized) {
+  const dashIndex = serialized.indexOf("-");
+  if (dashIndex === -1) {
+    throw new Error(`Invalid serialized timestamp: ${serialized}`);
+  }
+  const timeStr = serialized.slice(0, dashIndex);
+  const author = serialized.slice(dashIndex + 1);
+  const time = parseInt(timeStr, 10);
+  if (isNaN(time)) {
+    throw new Error(`Invalid time in timestamp: ${timeStr}`);
+  }
+  return { time, author };
+}
+function maxTime(timestamps) {
+  if (timestamps.length === 0) return 0;
+  return Math.max(...timestamps.map((ts) => ts.time));
+}
+
+// src/chain.ts
+function validateChain(changes) {
+  if (changes.length === 0) {
+    return { valid: true };
+  }
+  const byHash = /* @__PURE__ */ new Map();
+  for (const change of changes) {
+    byHash.set(change.hash, change);
+  }
+  for (const change of changes) {
+    if (!verifyChangeHash(change)) {
+      return {
+        valid: false,
+        error: `Change ${change.id} has invalid hash (data may be tampered)`
+      };
+    }
+    if (change.parentHash !== null && !byHash.has(change.parentHash)) {
+    }
+  }
+  const { hasFork, forkPoints } = detectFork(changes);
+  if (hasFork) {
+    return {
+      valid: true,
+      // Forks are valid, just need resolution
+      forkDetected: true,
+      forkPoint: forkPoints[0]
+    };
+  }
+  return { valid: true };
+}
+function detectFork(changes) {
+  const childrenByParent = /* @__PURE__ */ new Map();
+  for (const change of changes) {
+    const children = childrenByParent.get(change.parentHash) || [];
+    children.push(change);
+    childrenByParent.set(change.parentHash, children);
+  }
+  const forkPoints = [];
+  for (const [parent, children] of childrenByParent) {
+    if (children.length > 1 && parent !== null) {
+      forkPoints.push(parent);
+    }
+  }
+  return {
+    hasFork: forkPoints.length > 0,
+    forkPoints
+  };
+}
+function getChainHeads(changes) {
+  const parentHashes = new Set(
+    changes.map((c) => c.parentHash).filter((h) => h !== null)
+  );
+  return changes.filter((c) => !parentHashes.has(c.hash));
+}
+function getChainRoots(changes) {
+  return changes.filter((c) => c.parentHash === null);
+}
+function getAncestry(change, allChanges) {
+  const byHash = /* @__PURE__ */ new Map();
+  for (const c of allChanges) {
+    byHash.set(c.hash, c);
+  }
+  const ancestry = [];
+  let current = change.parentHash;
+  while (current !== null) {
+    const parent = byHash.get(current);
+    if (!parent) break;
+    ancestry.unshift(parent);
+    current = parent.parentHash;
+  }
+  return ancestry;
+}
+function findCommonAncestor(a, b, allChanges) {
+  const ancestryA = /* @__PURE__ */ new Set([a.hash, ...getAncestry(a, allChanges).map((c) => c.hash)]);
+  const byHash = /* @__PURE__ */ new Map();
+  for (const c of allChanges) {
+    byHash.set(c.hash, c);
+  }
+  if (ancestryA.has(b.hash)) {
+    return b;
+  }
+  let current = b.parentHash;
+  while (current !== null) {
+    if (ancestryA.has(current)) {
+      return byHash.get(current) || null;
+    }
+    const parent = byHash.get(current);
+    if (!parent) break;
+    current = parent.parentHash;
+  }
+  return null;
+}
+function getForks(changes) {
+  const { forkPoints } = detectFork(changes);
+  if (forkPoints.length === 0) return [];
+  const byHash = /* @__PURE__ */ new Map();
+  for (const c of changes) {
+    byHash.set(c.hash, c);
+  }
+  const forks = [];
+  for (const forkPoint of forkPoints) {
+    const children = changes.filter((c) => c.parentHash === forkPoint);
+    if (children.length >= 2) {
+      children.sort((a, b) => compareLamportTimestamps(a.lamport, b.lamport));
+      forks.push({
+        commonAncestor: forkPoint,
+        branch1: [children[0]],
+        branch2: children.slice(1)
+      });
+    }
+  }
+  return forks;
+}
+function topologicalSort(changes) {
+  const byHash = /* @__PURE__ */ new Map();
+  for (const c of changes) {
+    byHash.set(c.hash, c);
+  }
+  const sorted = [];
+  const visited = /* @__PURE__ */ new Set();
+  const visiting = /* @__PURE__ */ new Set();
+  function visit(change) {
+    if (visited.has(change.hash)) return;
+    if (visiting.has(change.hash)) {
+      throw new Error("Cycle detected in change chain");
+    }
+    visiting.add(change.hash);
+    if (change.parentHash !== null) {
+      const parent = byHash.get(change.parentHash);
+      if (parent) {
+        visit(parent);
+      }
+    }
+    visiting.delete(change.hash);
+    visited.add(change.hash);
+    sorted.push(change);
+  }
+  const sortedInput = [...changes].sort((a, b) => compareLamportTimestamps(a.lamport, b.lamport));
+  for (const change of sortedInput) {
+    visit(change);
+  }
+  return sorted;
+}
+
+// src/features.ts
+var FEATURES = {
+  // ─── Core Features (always present since v1) ───────────────────────────────
+  /** Basic node change synchronization */
+  "node-changes": {
+    since: 1,
+    required: true,
+    description: "Basic node change synchronization"
+  },
+  /** Yjs CRDT document synchronization */
+  "yjs-updates": {
+    since: 1,
+    required: true,
+    description: "Yjs CRDT document synchronization"
+  },
+  // ─── Protocol v1 Features ──────────────────────────────────────────────────
+  /** Cryptographically signed Yjs update envelopes */
+  "signed-yjs-envelopes": {
+    since: 1,
+    required: false,
+    description: "Cryptographically signed Yjs update envelopes",
+    requires: ["yjs-updates"]
+  },
+  /** Transaction batching for atomic multi-change operations */
+  "batch-changes": {
+    since: 1,
+    required: false,
+    description: "Transaction batching for atomic multi-change operations",
+    requires: ["node-changes"]
+  },
+  /** Lamport clock ordering for conflict resolution */
+  "lamport-ordering": {
+    since: 1,
+    required: false,
+    description: "Lamport clock ordering for conflict resolution"
+  },
+  /** Hash chain integrity verification */
+  "hash-chains": {
+    since: 1,
+    required: false,
+    description: "Hash chain integrity verification",
+    requires: ["node-changes"]
+  },
+  // ─── Protocol v2 Features ──────────────────────────────────────────────────
+  /** Schema versioning with semver */
+  "schema-versioning": {
+    since: 2,
+    required: false,
+    description: "Schema versioning with semver"
+  },
+  /** Peer capability negotiation on connect */
+  "capability-negotiation": {
+    since: 2,
+    required: false,
+    description: "Peer capability negotiation on connect"
+  },
+  /** Reputation-based peer scoring */
+  "peer-scoring": {
+    since: 2,
+    required: false,
+    description: "Reputation-based peer scoring"
+  },
+  /** Schema lens migrations for version transformations */
+  "schema-lenses": {
+    since: 2,
+    required: false,
+    description: "Schema lens migrations for version transformations",
+    requires: ["schema-versioning"]
+  },
+  /** Unknown property preservation (graceful degradation) */
+  "unknown-preservation": {
+    since: 2,
+    required: false,
+    description: "Unknown property preservation for forward compatibility"
+  },
+  // ─── Protocol v3 Features (Future) ─────────────────────────────────────────
+  /** Schema inheritance with property overrides */
+  "schema-inheritance": {
+    since: 3,
+    required: false,
+    description: "Schema inheritance with property overrides",
+    requires: ["schema-versioning"]
+  },
+  /** Cross-document federated queries */
+  "federated-queries": {
+    since: 3,
+    required: false,
+    description: "Cross-document federated queries"
+  },
+  /** Compressed change payloads */
+  "compressed-payloads": {
+    since: 3,
+    required: false,
+    description: "Compressed change payloads for bandwidth efficiency"
+  }
+};
+var ALL_FEATURES = Object.keys(FEATURES);
+function getEnabledFeatures(protocolVersion) {
+  return ALL_FEATURES.filter((name) => {
+    const config = FEATURES[name];
+    return config.since <= protocolVersion;
+  });
+}
+function isFeatureEnabled(feature, enabledFeatures) {
+  return enabledFeatures.includes(feature);
+}
+function getRequiredFeatures(protocolVersion) {
+  return getEnabledFeatures(protocolVersion).filter((name) => FEATURES[name].required);
+}
+function getOptionalFeatures(protocolVersion) {
+  return getEnabledFeatures(protocolVersion).filter((name) => !FEATURES[name].required);
+}
+function getFeatureVersion(feature) {
+  return FEATURES[feature].since;
+}
+function isFeatureAvailable(feature, protocolVersion) {
+  return FEATURES[feature].since <= protocolVersion;
+}
+function getFeatureDependencies(feature) {
+  return FEATURES[feature].requires ?? [];
+}
+function getFeatureConflicts(feature) {
+  return FEATURES[feature].conflicts ?? [];
+}
+function getAllDependencies(feature, visited = /* @__PURE__ */ new Set()) {
+  if (visited.has(feature)) {
+    return [];
+  }
+  visited.add(feature);
+  const direct = getFeatureDependencies(feature);
+  const transitive = [];
+  for (const dep of direct) {
+    transitive.push(dep);
+    transitive.push(...getAllDependencies(dep, visited));
+  }
+  return [...new Set(transitive)];
+}
+function validateFeatureSet(features, protocolVersion = CURRENT_PROTOCOL_VERSION) {
+  const errors = [];
+  const warnings = [];
+  const featureSet = new Set(features);
+  const required = getRequiredFeatures(protocolVersion);
+  for (const req of required) {
+    if (!featureSet.has(req)) {
+      errors.push({
+        type: "missing-required",
+        feature: req,
+        message: `Required feature '${req}' is not in feature set`
+      });
+    }
+  }
+  for (const feature of features) {
+    if (!isFeatureAvailable(feature, protocolVersion)) {
+      errors.push({
+        type: "version-mismatch",
+        feature,
+        message: `Feature '${feature}' requires protocol v${FEATURES[feature].since}, but running v${protocolVersion}`
+      });
+    }
+    const deps = getFeatureDependencies(feature);
+    for (const dep of deps) {
+      if (!featureSet.has(dep)) {
+        errors.push({
+          type: "missing-dependency",
+          feature,
+          relatedFeature: dep,
+          message: `Feature '${feature}' requires '${dep}' which is not enabled`
+        });
+      }
+    }
+    const conflicts = getFeatureConflicts(feature);
+    for (const conflict of conflicts) {
+      if (featureSet.has(conflict)) {
+        errors.push({
+          type: "conflict",
+          feature,
+          relatedFeature: conflict,
+          message: `Feature '${feature}' conflicts with '${conflict}'`
+        });
+      }
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings
+  };
+}
+function intersectFeatures(local, remote) {
+  const remoteSet = new Set(remote);
+  return local.filter((f) => remoteSet.has(f));
+}
+function diffFeatures(a, b) {
+  const bSet = new Set(b);
+  return a.filter((f) => !bSet.has(f));
+}
+function addDependencies(features) {
+  const result = new Set(features);
+  for (const feature of features) {
+    const deps = getAllDependencies(feature);
+    for (const dep of deps) {
+      result.add(dep);
+    }
+  }
+  return [...result];
+}
+
+// src/negotiation.ts
+function createLocalCapabilities(peerId, features, options) {
+  return {
+    peerId,
+    protocolVersion: CURRENT_PROTOCOL_VERSION,
+    minProtocolVersion: options?.minProtocolVersion ?? 1,
+    features: features ?? getEnabledFeatures(CURRENT_PROTOCOL_VERSION),
+    packageVersion: options?.packageVersion ?? "0.0.0",
+    schemas: options?.schemas
+  };
+}
+function parseCapabilities(message) {
+  if (!message || typeof message !== "object") {
+    return null;
+  }
+  const msg = message;
+  if (typeof msg.peerId !== "string" && typeof msg.did !== "string") {
+    return null;
+  }
+  const peerId = msg.peerId ?? msg.did;
+  const protocolVersion = typeof msg.protocolVersion === "number" ? msg.protocolVersion : CURRENT_PROTOCOL_VERSION;
+  const minProtocolVersion = typeof msg.minProtocolVersion === "number" ? msg.minProtocolVersion : 1;
+  const packageVersion = typeof msg.packageVersion === "string" ? msg.packageVersion : "0.0.0";
+  let features = [];
+  if (Array.isArray(msg.features)) {
+    const knownFeatures = getEnabledFeatures(protocolVersion);
+    features = msg.features.filter(
+      (f) => knownFeatures.includes(f)
+    );
+  } else {
+    features = getEnabledFeatures(protocolVersion);
+  }
+  const schemas = Array.isArray(msg.schemas) ? msg.schemas.filter((s) => typeof s === "string") : void 0;
+  return {
+    peerId,
+    protocolVersion,
+    minProtocolVersion,
+    features,
+    packageVersion,
+    schemas
+  };
+}
+var VersionNegotiator = class {
+  /**
+   * Negotiate capabilities between local and remote peers.
+   *
+   * @param local - Local peer's capabilities
+   * @param remote - Remote peer's capabilities
+   * @returns Negotiated session or failure result
+   */
+  negotiate(local, remote) {
+    const maxVersion = Math.min(local.protocolVersion, remote.protocolVersion);
+    const minVersion = Math.max(local.minProtocolVersion, remote.minProtocolVersion);
+    if (maxVersion < minVersion) {
+      return this.createFailure(local, remote, maxVersion, minVersion);
+    }
+    const commonFeatures = intersectFeatures(local.features, remote.features);
+    const required = getRequiredFeatures(maxVersion);
+    const missingRequired = required.filter((f) => !commonFeatures.includes(f));
+    if (missingRequired.length > 0) {
+      return {
+        success: false,
+        error: "missing-required-features",
+        message: `Missing required features: ${missingRequired.join(", ")}`,
+        localVersion: local.protocolVersion,
+        remoteVersion: remote.protocolVersion,
+        suggestion: "contact-support"
+      };
+    }
+    const warnings = this.generateWarnings(local, remote, commonFeatures, maxVersion);
+    return {
+      success: true,
+      peerId: remote.peerId,
+      agreedVersion: maxVersion,
+      commonFeatures,
+      warnings,
+      canUse: (feature) => commonFeatures.includes(feature)
+    };
+  }
+  /**
+   * Validate that a set of capabilities is well-formed.
+   *
+   * @param capabilities - Capabilities to validate
+   * @returns Validation result with errors if any
+   */
+  validateCapabilities(capabilities) {
+    const errors = [];
+    if (!capabilities.peerId) {
+      errors.push("Missing peerId");
+    }
+    if (capabilities.protocolVersion < 1) {
+      errors.push("Protocol version must be at least 1");
+    }
+    if (capabilities.minProtocolVersion > capabilities.protocolVersion) {
+      errors.push("Minimum protocol version cannot exceed protocol version");
+    }
+    const featureResult = validateFeatureSet(capabilities.features, capabilities.protocolVersion);
+    if (!featureResult.valid) {
+      for (const error of featureResult.errors) {
+        errors.push(error.message);
+      }
+    }
+    return {
+      valid: errors.length === 0,
+      errors
+    };
+  }
+  /**
+   * Create a failure result with appropriate suggestion.
+   */
+  createFailure(local, remote, _maxVersion, _minVersion) {
+    let suggestion;
+    if (local.protocolVersion < remote.minProtocolVersion) {
+      suggestion = "upgrade-client";
+    } else if (remote.protocolVersion < local.minProtocolVersion) {
+      suggestion = "upgrade-hub";
+    } else {
+      suggestion = "upgrade-both";
+    }
+    return {
+      success: false,
+      error: "incompatible-versions",
+      message: `Version mismatch: local v${local.protocolVersion} (min ${local.minProtocolVersion}), remote v${remote.protocolVersion} (min ${remote.minProtocolVersion})`,
+      localVersion: local.protocolVersion,
+      remoteVersion: remote.protocolVersion,
+      suggestion
+    };
+  }
+  /**
+   * Generate warnings about degraded functionality.
+   */
+  generateWarnings(local, remote, commonFeatures, agreedVersion) {
+    const warnings = [];
+    if (local.protocolVersion !== remote.protocolVersion) {
+      const olderPeer = local.protocolVersion < remote.protocolVersion ? "local" : "remote";
+      warnings.push({
+        type: "version-mismatch",
+        message: `${olderPeer === "local" ? "Local" : "Remote"} peer using older protocol v${Math.min(local.protocolVersion, remote.protocolVersion)} (agreed on v${agreedVersion})`
+      });
+    }
+    const missingFromRemote = diffFeatures(local.features, remote.features);
+    if (missingFromRemote.length > 0) {
+      warnings.push({
+        type: "degraded-features",
+        message: `Features unavailable with this peer: ${missingFromRemote.join(", ")}`,
+        affectedFeatures: missingFromRemote
+      });
+    }
+    const unknownFromRemote = remote.features.filter(
+      (f) => !local.features.includes(f)
+    );
+    if (unknownFromRemote.length > 0) {
+      warnings.push({
+        type: "unknown-features",
+        message: `Remote advertises unknown features: ${unknownFromRemote.join(", ")}`,
+        affectedFeatures: unknownFromRemote
+      });
+    }
+    return warnings;
+  }
+};
+var defaultNegotiator = new VersionNegotiator();
+
+// src/provider.ts
+var BaseSyncProvider = class {
+  _status = "disconnected";
+  _peers = /* @__PURE__ */ new Map();
+  _listeners = /* @__PURE__ */ new Map();
+  /** Local capabilities for negotiation */
+  _localCapabilities;
+  /** Version negotiator instance */
+  _negotiator;
+  /** Provider options */
+  _options;
+  constructor(options) {
+    this._options = options;
+    this._negotiator = new VersionNegotiator();
+    this._localCapabilities = createLocalCapabilities(
+      options.localDID ?? `anonymous-${Date.now()}`,
+      options.enabledFeatures,
+      {
+        packageVersion: options.packageVersion,
+        minProtocolVersion: options.minProtocolVersion
+      }
+    );
+  }
+  get status() {
+    return this._status;
+  }
+  get peers() {
+    return Array.from(this._peers.keys());
+  }
+  get peerInfo() {
+    return new Map(this._peers);
+  }
+  get localCapabilities() {
+    return this._localCapabilities;
+  }
+  /**
+   * Check if a feature can be used with a specific peer.
+   */
+  canUseFeature(peerId, feature) {
+    const peer = this._peers.get(peerId);
+    if (!peer?.negotiatedSession) {
+      return false;
+    }
+    return peer.negotiatedSession.canUse(feature);
+  }
+  /**
+   * Get the negotiated session for a peer.
+   */
+  getNegotiatedSession(peerId) {
+    return this._peers.get(peerId)?.negotiatedSession;
+  }
+  async requestChangesFromAll(since) {
+    const allChanges = [];
+    const seenHashes = /* @__PURE__ */ new Set();
+    const promises = this.peers.map(
+      (peerId) => this.requestChanges(peerId, since).catch(() => [])
+    );
+    const results = await Promise.all(promises);
+    for (const changes of results) {
+      for (const change of changes) {
+        if (!seenHashes.has(change.hash)) {
+          seenHashes.add(change.hash);
+          allChanges.push(change);
+        }
+      }
+    }
+    return allChanges;
+  }
+  on(event, listener) {
+    const listeners = this._listeners.get(event) || /* @__PURE__ */ new Set();
+    listeners.add(listener);
+    this._listeners.set(event, listeners);
+  }
+  off(event, listener) {
+    const listeners = this._listeners.get(event);
+    if (listeners) {
+      listeners.delete(listener);
+    }
+  }
+  once(event, listener) {
+    const onceListener = ((...args) => {
+      this.off(event, onceListener);
+      listener(...args);
+    });
+    this.on(event, onceListener);
+  }
+  emit(event, ...args) {
+    const listeners = this._listeners.get(event);
+    if (listeners) {
+      for (const listener of listeners) {
+        try {
+          listener(...args);
+        } catch (error) {
+          console.error(`Error in sync provider event listener for ${event}:`, error);
+        }
+      }
+    }
+  }
+  setStatus(status) {
+    if (this._status !== status) {
+      this._status = status;
+      this.emit("status-change", status);
+    }
+  }
+  addPeer(id, name) {
+    const now = Date.now();
+    this._peers.set(id, {
+      id,
+      name,
+      connectedAt: now,
+      lastSeen: now
+    });
+    this.emit("peer-connected", this._peers.get(id));
+  }
+  removePeer(id) {
+    this._peers.delete(id);
+    this.emit("peer-disconnected", id);
+  }
+  updatePeerLastSeen(id) {
+    const peer = this._peers.get(id);
+    if (peer) {
+      peer.lastSeen = Date.now();
+    }
+  }
+  /**
+   * Negotiate capabilities with a peer.
+   * Called when a peer connects and sends their capabilities.
+   *
+   * @param peerId - The peer's ID
+   * @param remoteCapabilities - The peer's advertised capabilities
+   * @returns Negotiation result (success or failure)
+   */
+  negotiateWithPeer(peerId, remoteCapabilities) {
+    const peer = this._peers.get(peerId);
+    if (!peer) {
+      return {
+        success: false,
+        error: "invalid-capabilities",
+        message: `Peer ${peerId} not found`,
+        localVersion: this._localCapabilities.protocolVersion,
+        remoteVersion: remoteCapabilities.protocolVersion,
+        suggestion: "contact-support"
+      };
+    }
+    peer.capabilities = remoteCapabilities;
+    const result = this._negotiator.negotiate(this._localCapabilities, remoteCapabilities);
+    if (result.success) {
+      peer.negotiatedSession = result;
+      this.emit("negotiation-complete", peerId, result);
+      if (result.warnings.length > 0) {
+        const warningMessages = result.warnings.map((w) => w.message);
+        this.emit("capability-degraded", peerId, warningMessages);
+      }
+    } else {
+      this.emit("negotiation-failed", peerId, result.message, result.suggestion);
+      if (this._options.strictVersionCheck) {
+        this.removePeer(peerId);
+      }
+    }
+    return result;
+  }
+  /**
+   * Get features available with all connected peers.
+   * Returns the intersection of all negotiated feature sets.
+   */
+  getCommonFeatures() {
+    const negotiatedPeers = Array.from(this._peers.values()).filter((p) => p.negotiatedSession);
+    if (negotiatedPeers.length === 0) {
+      return this._localCapabilities.features;
+    }
+    let common = new Set(negotiatedPeers[0].negotiatedSession.commonFeatures);
+    for (let i = 1; i < negotiatedPeers.length; i++) {
+      const peerFeatures = new Set(negotiatedPeers[i].negotiatedSession.commonFeatures);
+      common = new Set([...common].filter((f) => peerFeatures.has(f)));
+    }
+    return [...common];
+  }
+  /**
+   * Check if a feature can be used with all connected peers.
+   */
+  canUseFeatureWithAll(feature) {
+    return this.getCommonFeatures().includes(feature);
+  }
+};
+
+// src/yjs-envelope.ts
+import {
+  hash,
+  sign as sign2,
+  verify as verify2,
+  hybridSign,
+  hybridVerify,
+  encodeSignature,
+  decodeSignature,
+  toBase64,
+  fromBase64,
+  DEFAULT_SECURITY_LEVEL
+} from "@xnetjs/crypto";
+import { parseDID } from "@xnetjs/identity";
+function isV2Envelope(envelope) {
+  return "v" in envelope && envelope.v === 2;
+}
+function isV1Envelope(envelope) {
+  return !("v" in envelope);
+}
+function signYjsUpdateV1(update, authorDID, privateKey, clientId) {
+  const updateHash = hash(update, "blake3");
+  const signature = sign2(updateHash, privateKey);
+  return {
+    update,
+    authorDID,
+    signature,
+    timestamp: Date.now(),
+    clientId
+  };
+}
+function verifyYjsEnvelopeV1(envelope) {
+  try {
+    const publicKey = parseDID(envelope.authorDID);
+    const updateHash = hash(envelope.update, "blake3");
+    const valid = verify2(updateHash, envelope.signature, publicKey);
+    if (!valid) {
+      return { valid: false, reason: "invalid_signature" };
+    }
+    return { valid: true };
+  } catch {
+    return { valid: false, reason: "did_resolution_failed" };
+  }
+}
+function signYjsUpdateV2(update, docId, clientId, keyBundle, options = {}) {
+  const { level = DEFAULT_SECURITY_LEVEL } = options;
+  const meta = {
+    authorDID: keyBundle.identity.did,
+    clientId,
+    timestamp: Date.now(),
+    docId
+  };
+  const metaBytes = new TextEncoder().encode(JSON.stringify(meta));
+  const combined = new Uint8Array(update.length + metaBytes.length);
+  combined.set(update, 0);
+  combined.set(metaBytes, update.length);
+  const signingHash = hash(combined, "blake3");
+  const signature = hybridSign(
+    signingHash,
+    {
+      ed25519: keyBundle.signingKey,
+      mlDsa: keyBundle.pqSigningKey
+    },
+    level
+  );
+  return {
+    v: 2,
+    update,
+    meta,
+    signature
+  };
+}
+function signYjsUpdateBatch(updates, docId, clientId, keyBundle, options = {}) {
+  return updates.map((update) => signYjsUpdateV2(update, docId, clientId, keyBundle, options));
+}
+async function verifyYjsEnvelopeV2(envelope, options = {}) {
+  const { registry, expectedDocId, maxAge, minLevel = 0, policy = "strict" } = options;
+  const errors = [];
+  if (expectedDocId && envelope.meta.docId !== expectedDocId) {
+    errors.push(`Document ID mismatch: expected ${expectedDocId}, got ${envelope.meta.docId}`);
+  }
+  if (maxAge) {
+    const age = Date.now() - envelope.meta.timestamp;
+    if (age > maxAge) {
+      errors.push(`Envelope too old: ${age}ms > ${maxAge}ms`);
+    }
+  }
+  if (envelope.signature.level < minLevel) {
+    errors.push(
+      `Security level too low: ${envelope.signature.level} < ${minLevel} (required minimum)`
+    );
+  }
+  let ed25519PublicKey;
+  try {
+    ed25519PublicKey = parseDID(envelope.meta.authorDID);
+  } catch {
+    errors.push("Failed to parse author DID");
+    return {
+      valid: false,
+      level: envelope.signature.level,
+      errors,
+      authorDID: envelope.meta.authorDID,
+      clientId: envelope.meta.clientId
+    };
+  }
+  let pqPublicKey;
+  if (envelope.signature.level >= 1 && registry) {
+    const lookedUp = await registry.lookup(envelope.meta.authorDID);
+    pqPublicKey = lookedUp ?? void 0;
+  }
+  const metaBytes = new TextEncoder().encode(JSON.stringify(envelope.meta));
+  const combined = new Uint8Array(envelope.update.length + metaBytes.length);
+  combined.set(envelope.update, 0);
+  combined.set(metaBytes, envelope.update.length);
+  const signingHash = hash(combined, "blake3");
+  const result = hybridVerify(
+    signingHash,
+    envelope.signature,
+    { ed25519: ed25519PublicKey, mlDsa: pqPublicKey },
+    { minLevel, policy }
+  );
+  if (!result.valid) {
+    if (result.details.ed25519?.error) errors.push(result.details.ed25519.error);
+    if (result.details.mlDsa?.error) errors.push(result.details.mlDsa.error);
+    if (!result.details.ed25519?.error && !result.details.mlDsa?.error) {
+      errors.push("Signature verification failed");
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    level: envelope.signature.level,
+    errors,
+    authorDID: envelope.meta.authorDID,
+    clientId: envelope.meta.clientId
+  };
+}
+async function verifyYjsEnvelopeQuick(envelope, options = {}) {
+  const result = await verifyYjsEnvelopeV2(envelope, options);
+  return result.valid;
+}
+function serializeYjsEnvelope(envelope) {
+  return {
+    v: 2,
+    u: toBase64(envelope.update),
+    m: {
+      a: envelope.meta.authorDID,
+      c: envelope.meta.clientId,
+      t: envelope.meta.timestamp,
+      d: envelope.meta.docId
+    },
+    s: encodeSignature(envelope.signature)
+  };
+}
+function deserializeYjsEnvelope(wire) {
+  if (wire.v !== 2) {
+    throw new Error(`Unsupported envelope version: ${wire.v}. Expected version 2.`);
+  }
+  return {
+    v: 2,
+    update: fromBase64(wire.u),
+    meta: {
+      authorDID: wire.m.a,
+      clientId: wire.m.c,
+      timestamp: wire.m.t,
+      docId: wire.m.d
+    },
+    signature: decodeSignature(wire.s)
+  };
+}
+function envelopeSize(envelope) {
+  let size = envelope.update.length;
+  size += JSON.stringify(envelope.meta).length;
+  if (envelope.signature.ed25519) size += envelope.signature.ed25519.length;
+  if (envelope.signature.mlDsa) size += envelope.signature.mlDsa.length;
+  return size;
+}
+function signYjsUpdate(update, authorDIDOrDocId, privateKeyOrClientId, clientIdOrKeyBundle, options) {
+  if (typeof privateKeyOrClientId === "number") {
+    return signYjsUpdateV2(
+      update,
+      authorDIDOrDocId,
+      privateKeyOrClientId,
+      clientIdOrKeyBundle,
+      options
+    );
+  }
+  return signYjsUpdateV1(
+    update,
+    authorDIDOrDocId,
+    privateKeyOrClientId,
+    clientIdOrKeyBundle
+  );
+}
+function verifyYjsEnvelope(envelope, options) {
+  if (isV2Envelope(envelope)) {
+    return verifyYjsEnvelopeV2(envelope, options);
+  }
+  return verifyYjsEnvelopeV1(envelope);
+}
+function hasSignedEnvelope(msg) {
+  return typeof msg === "object" && msg !== null && "envelope" in msg && typeof msg.envelope === "object" && msg.envelope !== null && "update" in msg.envelope && ("authorDID" in msg.envelope || "meta" in msg.envelope) && ("signature" in msg.envelope || "v" in msg.envelope);
+}
+function isLegacyUpdate(msg) {
+  return typeof msg === "object" && msg !== null && "data" in msg && msg.data instanceof Uint8Array && !("envelope" in msg);
+}
+
+// src/yjs-limits.ts
+var MAX_YJS_UPDATE_SIZE = 1048576;
+var MAX_YJS_UPDATES_PER_SECOND = 30;
+var MAX_YJS_UPDATES_PER_MINUTE = 600;
+var MAX_YJS_DOC_SIZE = 52428800;
+var YJS_SYNC_CHUNK_SIZE = 262144;
+var YJS_RATE_BURST_ALLOWANCE = 10;
+var DEFAULT_RATE_LIMITER_CONFIG = {
+  maxPerSecond: MAX_YJS_UPDATES_PER_SECOND,
+  maxPerMinute: MAX_YJS_UPDATES_PER_MINUTE,
+  burstAllowance: YJS_RATE_BURST_ALLOWANCE
+};
+var YjsRateLimiter = class {
+  secondWindows = /* @__PURE__ */ new Map();
+  minuteWindows = /* @__PURE__ */ new Map();
+  config;
+  cleanupInterval = null;
+  staleThresholdMs;
+  constructor(options = {}) {
+    const { staleThresholdMs, cleanupIntervalMs, ...config } = options;
+    this.config = { ...DEFAULT_RATE_LIMITER_CONFIG, ...config };
+    this.staleThresholdMs = staleThresholdMs ?? 2 * 60 * 1e3;
+    const interval = cleanupIntervalMs ?? 30 * 1e3;
+    if (interval > 0) {
+      this.startCleanup(interval);
+    }
+  }
+  /** Start periodic cleanup of stale entries. */
+  startCleanup(intervalMs = 30 * 1e3) {
+    this.stopCleanup();
+    this.cleanupInterval = setInterval(() => this.cleanupStale(), intervalMs);
+    if (typeof this.cleanupInterval === "object" && "unref" in this.cleanupInterval) {
+      this.cleanupInterval.unref();
+    }
+  }
+  /** Stop periodic cleanup. */
+  stopCleanup() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+  }
+  /** Remove entries whose windows have expired. Returns count removed. */
+  cleanupStale() {
+    const now = Date.now();
+    const threshold = now - this.staleThresholdMs;
+    let removed = 0;
+    for (const [peerId, window] of this.secondWindows) {
+      if (window.resetAt < threshold) {
+        this.secondWindows.delete(peerId);
+        removed++;
+      }
+    }
+    for (const [peerId, window] of this.minuteWindows) {
+      if (window.resetAt < threshold) {
+        this.minuteWindows.delete(peerId);
+        removed++;
+      }
+    }
+    return removed;
+  }
+  /** Get number of tracked peers. */
+  get peerCount() {
+    const peers = /* @__PURE__ */ new Set([...this.secondWindows.keys(), ...this.minuteWindows.keys()]);
+    return peers.size;
+  }
+  /**
+   * Check if a peer can send another update.
+   *
+   * @param peerId - Peer identifier
+   * @returns true if allowed, false if rate-limited
+   */
+  allow(peerId) {
+    const now = Date.now();
+    const sec = this.secondWindows.get(peerId);
+    if (!sec || now >= sec.resetAt) {
+      this.secondWindows.set(peerId, { count: 1, resetAt: now + 1e3 });
+    } else {
+      sec.count++;
+      if (sec.count > this.config.maxPerSecond + this.config.burstAllowance) {
+        return false;
+      }
+    }
+    const min = this.minuteWindows.get(peerId);
+    if (!min || now >= min.resetAt) {
+      this.minuteWindows.set(peerId, { count: 1, resetAt: now + 6e4 });
+    } else {
+      min.count++;
+      if (min.count > this.config.maxPerMinute) {
+        return false;
+      }
+    }
+    return true;
+  }
+  /**
+   * Get current rate info for a peer (for debugging/monitoring).
+   */
+  getInfo(peerId) {
+    const sec = this.secondWindows.get(peerId);
+    const min = this.minuteWindows.get(peerId);
+    if (!sec && !min) return void 0;
+    const now = Date.now();
+    return {
+      perSecond: sec && now < sec.resetAt ? sec.count : 0,
+      perMinute: min && now < min.resetAt ? min.count : 0
+    };
+  }
+  /**
+   * Reset state for a disconnected peer.
+   */
+  remove(peerId) {
+    this.secondWindows.delete(peerId);
+    this.minuteWindows.delete(peerId);
+  }
+  /**
+   * Clear all state.
+   */
+  clear() {
+    this.secondWindows.clear();
+    this.minuteWindows.clear();
+  }
+  /**
+   * Stop cleanup and clear all state.
+   */
+  destroy() {
+    this.stopCleanup();
+    this.clear();
+  }
+};
+function isUpdateTooLarge(update, maxSize = MAX_YJS_UPDATE_SIZE) {
+  return update.length > maxSize;
+}
+function isDocumentTooLarge(state, maxSize = MAX_YJS_DOC_SIZE) {
+  return state.length > maxSize;
+}
+function calculateChunkCount(totalSize, chunkSize = YJS_SYNC_CHUNK_SIZE) {
+  return Math.ceil(totalSize / chunkSize);
+}
+function chunkUpdate(update, chunkSize = YJS_SYNC_CHUNK_SIZE) {
+  const chunks = [];
+  for (let i = 0; i < update.length; i += chunkSize) {
+    chunks.push(update.slice(i, Math.min(i + chunkSize, update.length)));
+  }
+  return chunks;
+}
+function reassembleChunks(chunks) {
+  const totalLength = chunks.reduce((sum, chunk) => sum + chunk.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const chunk of chunks) {
+    result.set(chunk, offset);
+    offset += chunk.length;
+  }
+  return result;
+}
+
+// src/yjs-integrity.ts
+import { hashHex as hashHex2 } from "@xnetjs/crypto";
+function hashYjsState(state) {
+  return hashHex2(state, "blake3");
+}
+function verifyYjsStateIntegrity(state, expectedHash) {
+  return hashYjsState(state) === expectedHash;
+}
+var YjsIntegrityError = class extends Error {
+  constructor(docId, expectedHash, actualHash) {
+    super(
+      `Yjs state corrupted for doc ${docId}: expected ${expectedHash.slice(0, 16)}..., got ${actualHash.slice(0, 16)}...`
+    );
+    this.docId = docId;
+    this.expectedHash = expectedHash;
+    this.actualHash = actualHash;
+    this.name = "YjsIntegrityError";
+  }
+};
+function createPersistedDocState(state, updateCount = 0) {
+  return {
+    state,
+    hash: hashYjsState(state),
+    persistedAt: Date.now(),
+    updateCount
+  };
+}
+function verifyPersistedDocState(docId, record) {
+  const actualHash = hashYjsState(record.state);
+  if (actualHash !== record.hash) {
+    throw new YjsIntegrityError(docId, record.hash, actualHash);
+  }
+}
+function loadVerifiedState(docId, record) {
+  if (!record.hash) {
+    return record.state;
+  }
+  if (!verifyYjsStateIntegrity(record.state, record.hash)) {
+    throw new YjsIntegrityError(docId, record.hash, hashYjsState(record.state));
+  }
+  return record.state;
+}
+var COMPACTION_UPDATE_THRESHOLD = 100;
+var COMPACTION_TIME_THRESHOLD = 36e5;
+function shouldCompact(updateCount, persistedAt) {
+  if (updateCount >= COMPACTION_UPDATE_THRESHOLD) {
+    return true;
+  }
+  if (Date.now() - persistedAt > COMPACTION_TIME_THRESHOLD) {
+    return true;
+  }
+  return false;
+}
+
+// src/yjs-peer-scoring.ts
+var DEFAULT_YJS_SCORING_CONFIG = {
+  penalties: {
+    invalidSignature: 30,
+    oversizedUpdate: 10,
+    rateExceeded: 5,
+    unsignedUpdate: 20,
+    unattestedClientId: 15,
+    unauthorizedUpdate: 20
+  },
+  thresholds: {
+    warn: 50,
+    throttle: 30,
+    block: 10
+  },
+  recoveryRate: 1,
+  instantBlockAfter: 3
+};
+var YjsPeerScorer = class {
+  metrics = /* @__PURE__ */ new Map();
+  scores = /* @__PURE__ */ new Map();
+  config;
+  telemetry;
+  constructor(config) {
+    this.config = {
+      penalties: { ...DEFAULT_YJS_SCORING_CONFIG.penalties, ...config?.penalties },
+      thresholds: { ...DEFAULT_YJS_SCORING_CONFIG.thresholds, ...config?.thresholds },
+      recoveryRate: config?.recoveryRate ?? DEFAULT_YJS_SCORING_CONFIG.recoveryRate,
+      instantBlockAfter: config?.instantBlockAfter ?? DEFAULT_YJS_SCORING_CONFIG.instantBlockAfter,
+      telemetry: config?.telemetry
+    };
+    this.telemetry = config?.telemetry;
+  }
+  /**
+   * Record a violation for a peer.
+   *
+   * @param peerId - Peer identifier
+   * @param reason - Type of violation
+   * @returns Action to take based on new score
+   */
+  penalize(peerId, reason) {
+    const metrics = this.getOrCreateMetrics(peerId);
+    const penalty = this.config.penalties[reason];
+    switch (reason) {
+      case "invalidSignature":
+        metrics.invalidSignatures++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.invalid_signature", "high");
+        if (metrics.invalidSignatures >= this.config.instantBlockAfter) {
+          this.scores.set(peerId, 0);
+          this.telemetry?.reportSecurityEvent("sync.yjs.peer_auto_blocked", "critical");
+          this.telemetry?.reportUsage("sync.yjs.peer_action.block", 1);
+          return "block";
+        }
+        break;
+      case "oversizedUpdate":
+        metrics.oversizedUpdates++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.oversized_update", "medium");
+        break;
+      case "rateExceeded":
+        metrics.rateExceeded++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.rate_exceeded", "medium");
+        break;
+      case "unsignedUpdate":
+        metrics.unsignedUpdates++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.unsigned_update", "high");
+        break;
+      case "unattestedClientId":
+        metrics.unattestedClientIds++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.unattested_client_id", "medium");
+        break;
+      case "unauthorizedUpdate":
+        metrics.unauthorizedUpdates++;
+        this.telemetry?.reportSecurityEvent("sync.yjs.unauthorized_update", "high");
+        break;
+    }
+    metrics.lastViolation = Date.now();
+    const currentScore = this.scores.get(peerId) ?? 100;
+    const newScore = Math.max(0, currentScore - penalty);
+    this.scores.set(peerId, newScore);
+    const action = this.getAction(newScore);
+    if (action !== "allow") {
+      this.telemetry?.reportUsage(`sync.yjs.peer_action.${action}`, 1);
+    }
+    return action;
+  }
+  /**
+   * Record a valid update (for ratio tracking + score recovery consideration).
+   */
+  recordValid(peerId) {
+    const metrics = this.getOrCreateMetrics(peerId);
+    metrics.validUpdates++;
+    this.telemetry?.reportUsage("sync.yjs.valid_update", 1);
+  }
+  /**
+   * Get current score for a peer.
+   * New peers start at 100.
+   */
+  getScore(peerId) {
+    return this.scores.get(peerId) ?? 100;
+  }
+  /**
+   * Get action for a given score.
+   */
+  getAction(score) {
+    if (score <= this.config.thresholds.block) return "block";
+    if (score <= this.config.thresholds.throttle) return "throttle";
+    if (score <= this.config.thresholds.warn) return "warn";
+    return "allow";
+  }
+  /**
+   * Get current action for a peer.
+   */
+  getPeerAction(peerId) {
+    return this.getAction(this.getScore(peerId));
+  }
+  /**
+   * Recover scores over time (called periodically).
+   * Only recovers if no recent violations.
+   *
+   * @param recoveryWindow - Time in ms that must pass without violations (default: 60s)
+   */
+  tick(recoveryWindow = 6e4) {
+    const now = Date.now();
+    for (const [peerId, score] of this.scores) {
+      if (score >= 100) continue;
+      const metrics = this.metrics.get(peerId);
+      if (!metrics) continue;
+      if (now - metrics.lastViolation > recoveryWindow) {
+        const newScore = Math.min(100, score + this.config.recoveryRate);
+        this.scores.set(peerId, newScore);
+      }
+    }
+  }
+  /**
+   * Get metrics for a peer (for debugging/monitoring).
+   */
+  getMetrics(peerId) {
+    return this.metrics.get(peerId);
+  }
+  /**
+   * Get all peer IDs with metrics.
+   */
+  getAllPeerIds() {
+    return Array.from(this.metrics.keys());
+  }
+  /**
+   * Get all metrics (for monitoring endpoint).
+   */
+  getAllMetrics() {
+    return new Map(this.metrics);
+  }
+  /**
+   * Remove all state for a disconnected peer.
+   */
+  remove(peerId) {
+    this.metrics.delete(peerId);
+    this.scores.delete(peerId);
+  }
+  /**
+   * Clear all state.
+   */
+  clear() {
+    this.metrics.clear();
+    this.scores.clear();
+  }
+  /**
+   * Get violation ratio for a peer.
+   * Returns the ratio of violations to total operations.
+   */
+  getViolationRatio(peerId) {
+    const metrics = this.metrics.get(peerId);
+    if (!metrics) return 0;
+    const violations = metrics.invalidSignatures + metrics.oversizedUpdates + metrics.rateExceeded + metrics.unsignedUpdates + metrics.unattestedClientIds + metrics.unauthorizedUpdates;
+    const total = violations + metrics.validUpdates;
+    if (total === 0) return 0;
+    return violations / total;
+  }
+  getOrCreateMetrics(peerId) {
+    let m = this.metrics.get(peerId);
+    if (!m) {
+      m = {
+        invalidSignatures: 0,
+        oversizedUpdates: 0,
+        rateExceeded: 0,
+        unsignedUpdates: 0,
+        unattestedClientIds: 0,
+        unauthorizedUpdates: 0,
+        validUpdates: 0,
+        firstSeen: Date.now(),
+        lastViolation: 0
+      };
+      this.metrics.set(peerId, m);
+    }
+    return m;
+  }
+};
+
+// src/yjs-authorization.ts
+import {
+  base64ToBytes,
+  bytesToBase64,
+  constantTimeEqual,
+  decrypt,
+  encrypt,
+  hash as hash2
+} from "@xnetjs/crypto";
+var YjsStateIntegrityError = class extends Error {
+  constructor(message = "Y.Doc state hash mismatch") {
+    super(message);
+    this.name = "YjsStateIntegrityError";
+  }
+};
+function encryptYjsState(state, nodeId, contentKey, options = {}) {
+  const encrypted = encrypt(state, contentKey);
+  return {
+    nodeId,
+    version: 1,
+    encryptedState: encrypted.ciphertext,
+    nonce: encrypted.nonce,
+    stateVector: options.stateVector ?? new Uint8Array(0),
+    stateHash: hash2(state, "blake3"),
+    checkpointedAt: options.checkpointedAt ?? Date.now(),
+    updatesSinceCheckpoint: options.updatesSinceCheckpoint ?? 0
+  };
+}
+function decryptYjsState(encrypted, contentKey) {
+  let state;
+  try {
+    state = decrypt(
+      {
+        nonce: encrypted.nonce,
+        ciphertext: encrypted.encryptedState
+      },
+      contentKey
+    );
+  } catch {
+    throw new YjsStateIntegrityError("Y.Doc state failed decryption or integrity check");
+  }
+  const computedHash = hash2(state, "blake3");
+  if (!constantTimeEqual(computedHash, encrypted.stateHash)) {
+    throw new YjsStateIntegrityError();
+  }
+  return state;
+}
+function serializeEncryptedYjsState(state) {
+  const payload = {
+    nodeId: state.nodeId,
+    version: 1,
+    encryptedState: bytesToBase64(state.encryptedState),
+    nonce: bytesToBase64(state.nonce),
+    stateVector: bytesToBase64(state.stateVector),
+    stateHash: bytesToBase64(state.stateHash),
+    checkpointedAt: state.checkpointedAt,
+    updatesSinceCheckpoint: state.updatesSinceCheckpoint
+  };
+  return new TextEncoder().encode(JSON.stringify(payload));
+}
+function deserializeEncryptedYjsState(bytes) {
+  const decoded = JSON.parse(new TextDecoder().decode(bytes));
+  if (!decoded || decoded.version !== 1 || typeof decoded.nodeId !== "string" || typeof decoded.encryptedState !== "string" || typeof decoded.nonce !== "string" || typeof decoded.stateVector !== "string" || typeof decoded.stateHash !== "string" || typeof decoded.checkpointedAt !== "number" || typeof decoded.updatesSinceCheckpoint !== "number") {
+    throw new Error("Invalid EncryptedYjsState payload");
+  }
+  return {
+    nodeId: decoded.nodeId,
+    version: 1,
+    encryptedState: base64ToBytes(decoded.encryptedState),
+    nonce: base64ToBytes(decoded.nonce),
+    stateVector: base64ToBytes(decoded.stateVector),
+    stateHash: base64ToBytes(decoded.stateHash),
+    checkpointedAt: decoded.checkpointedAt,
+    updatesSinceCheckpoint: decoded.updatesSinceCheckpoint
+  };
+}
+var YjsAuthGate = class _YjsAuthGate {
+  constructor(evaluator, nodeId, options = {}) {
+    this.evaluator = evaluator;
+    this.nodeId = nodeId;
+    this.cacheTTL = options.cacheTTL ?? _YjsAuthGate.DEFAULT_CACHE_TTL;
+    this.now = options.now ?? Date.now;
+  }
+  static DEFAULT_CACHE_TTL = 3e4;
+  peerAuthCache = /* @__PURE__ */ new Map();
+  cacheTTL;
+  now;
+  async canApplyUpdate(envelope) {
+    const authorDID = envelope.meta.authorDID;
+    const cached = this.peerAuthCache.get(authorDID);
+    if (cached && cached.expiresAt > this.now()) {
+      return { allowed: cached.allowed, authorDID, cached: true };
+    }
+    const input = {
+      subject: authorDID,
+      action: "write",
+      nodeId: this.nodeId
+    };
+    const decision = await this.evaluator.can(input);
+    this.peerAuthCache.set(authorDID, {
+      allowed: decision.allowed,
+      expiresAt: this.now() + this.cacheTTL
+    });
+    return { allowed: decision.allowed, authorDID, cached: false };
+  }
+  invalidatePeer(did) {
+    this.peerAuthCache.delete(did);
+  }
+  invalidateAll() {
+    this.peerAuthCache.clear();
+  }
+};
+var YjsCheckpointer = class {
+  maxUpdates;
+  maxAgeMs;
+  now;
+  constructor(options = {}) {
+    this.maxUpdates = options.maxUpdates ?? 100;
+    this.maxAgeMs = options.maxAgeMs ?? 60 * 60 * 1e3;
+    this.now = options.now ?? Date.now;
+  }
+  shouldCheckpoint(state) {
+    return state.updatesSinceCheckpoint >= this.maxUpdates || this.now() - state.checkpointedAt >= this.maxAgeMs;
+  }
+  checkpoint(input) {
+    return encryptYjsState(input.state, input.nodeId, input.contentKey, {
+      stateVector: input.stateVector,
+      checkpointedAt: this.now(),
+      updatesSinceCheckpoint: 0
+    });
+  }
+};
+function toEncryptedData(state) {
+  return {
+    nonce: state.nonce,
+    ciphertext: state.encryptedState
+  };
+}
+
+// src/yjs-authorized-sync.ts
+import { generateContentKey, wrapKeyForRecipient } from "@xnetjs/crypto";
+var GRANT_SCHEMA_ID = "xnet://xnet.fyi/Grant";
+var AuthorizedSyncManager = class {
+  options;
+  rooms = /* @__PURE__ */ new Map();
+  constructor(options) {
+    this.options = options;
+  }
+  async acquire(nodeId, mode = "write") {
+    const decision = await this.options.evaluator.can({
+      subject: this.options.authorDID,
+      action: mode === "write" ? "write" : "read",
+      nodeId
+    });
+    if (!decision.allowed) {
+      throw new AuthorizedYjsError("PERMISSION_DENIED", decision);
+    }
+    const contentKey = await this.options.keyProvider.getOrUnwrap(nodeId);
+    const doc = this.options.ydoc.createDoc(nodeId);
+    const encryptedBytes = await this.options.adapter.getDocumentContent(nodeId);
+    if (encryptedBytes) {
+      const encrypted = deserializeEncryptedYjsState(encryptedBytes);
+      const state = decryptYjsState(encrypted, contentKey);
+      this.options.ydoc.applyUpdate(doc, state, "bootstrap");
+    }
+    let room;
+    if (mode === "write") {
+      room = this.joinRoom(nodeId, doc, contentKey);
+    }
+    return {
+      doc,
+      nodeId,
+      mode,
+      contentKey,
+      room,
+      release: () => this.release(nodeId)
+    };
+  }
+  release(nodeId) {
+    const room = this.rooms.get(nodeId);
+    if (!room) {
+      return;
+    }
+    room.unsubscribe?.();
+    this.rooms.delete(nodeId);
+  }
+  joinRoom(nodeId, doc, contentKey) {
+    const existing = this.rooms.get(nodeId);
+    if (existing) {
+      return existing;
+    }
+    const room = {
+      nodeId,
+      doc,
+      contentKey,
+      authGate: new YjsAuthGate(this.options.evaluator, nodeId),
+      authorizedPeers: /* @__PURE__ */ new Set([this.options.authorDID])
+    };
+    room.unsubscribe = this.wireRevocationEvents(room);
+    this.rooms.set(nodeId, room);
+    return room;
+  }
+  wireRevocationEvents(room) {
+    return this.options.store.subscribe((event) => {
+      const grantNode = event.node;
+      if (!grantNode || grantNode.schemaId !== GRANT_SCHEMA_ID) {
+        return;
+      }
+      const resource = grantNode.properties?.resource;
+      if (typeof resource !== "string" || resource !== room.nodeId) {
+        return;
+      }
+      const revokedAt = grantNode.properties?.revokedAt;
+      const grantee = grantNode.properties?.grantee;
+      if (typeof revokedAt !== "number" || revokedAt <= 0 || !isDid(grantee)) {
+        return;
+      }
+      room.authGate.invalidatePeer(grantee);
+      if (!room.authorizedPeers.has(grantee)) {
+        return;
+      }
+      void this.handlePeerRevocation(room, grantee);
+    });
+  }
+  async handlePeerRevocation(room, revokedDid) {
+    room.authorizedPeers.delete(revokedDid);
+    room.doc.emit?.("peer:kicked", [revokedDid]);
+    const newContentKey = generateContentKey();
+    const encrypted = encryptYjsState(
+      this.options.ydoc.encodeStateAsUpdate(room.doc),
+      room.nodeId,
+      newContentKey,
+      {
+        stateVector: this.options.ydoc.encodeStateVector(room.doc)
+      }
+    );
+    await this.options.adapter.setDocumentContent(
+      room.nodeId,
+      serializeEncryptedYjsState(encrypted)
+    );
+    const recipients = [...room.authorizedPeers];
+    let wrappedKeys = {};
+    if (this.options.publicKeyResolver && recipients.length > 0) {
+      const publicKeys = await this.options.publicKeyResolver.resolveBatch(recipients);
+      wrappedKeys = {};
+      for (const [did, pubKey] of publicKeys) {
+        wrappedKeys[did] = wrapKeyForRecipient(newContentKey, pubKey);
+      }
+    }
+    await this.options.onRotateContentKey?.({
+      nodeId: room.nodeId,
+      recipients,
+      wrappedKeys,
+      contentKey: newContentKey
+    });
+    room.contentKey = newContentKey;
+    room.doc.emit?.("key:rotated", [room.nodeId]);
+  }
+};
+var AuthorizedYjsSyncProvider = class {
+  nodeId;
+  doc;
+  ydoc;
+  authGate;
+  peerScorer;
+  rateLimiter;
+  verifyEnvelope;
+  onRejected;
+  constructor(options) {
+    this.nodeId = options.nodeId;
+    this.doc = options.doc;
+    this.ydoc = options.ydoc;
+    this.authGate = options.authGate;
+    this.peerScorer = options.peerScorer ?? new YjsPeerScorer();
+    this.rateLimiter = options.rateLimiter;
+    this.verifyEnvelope = options.verifyEnvelope ?? verifyYjsEnvelopeV2;
+    this.onRejected = options.onRejected;
+  }
+  async handleRemoteUpdate(envelope) {
+    const peerId = envelope.meta.authorDID;
+    if (this.rateLimiter && !this.rateLimiter.allow(peerId)) {
+      this.peerScorer.penalize(peerId, "rateExceeded");
+      this.onRejected?.({ peerId, reason: "rate-exceeded" });
+      return false;
+    }
+    const sigResult = await this.verifyEnvelope(envelope);
+    if (!sigResult.valid) {
+      this.peerScorer.penalize(peerId, "invalidSignature");
+      this.onRejected?.({ peerId, reason: "invalid-signature" });
+      return false;
+    }
+    const authResult = await this.authGate.canApplyUpdate(envelope);
+    if (!authResult.allowed) {
+      this.peerScorer.penalize(peerId, "unauthorizedUpdate");
+      this.onRejected?.({ peerId, reason: "unauthorized" });
+      return false;
+    }
+    if (envelope.meta.docId !== this.nodeId) {
+      this.peerScorer.penalize(peerId, "invalidSignature");
+      this.onRejected?.({ peerId, reason: "invalid-signature" });
+      return false;
+    }
+    this.ydoc.applyUpdate(this.doc, envelope.update, "remote");
+    this.peerScorer.recordValid(peerId);
+    return true;
+  }
+};
+var AuthorizedYjsError = class extends Error {
+  code;
+  decision;
+  constructor(code, decision) {
+    super(`Yjs authorization denied for '${decision.action}' on '${decision.resource}'`);
+    this.name = "AuthorizedYjsError";
+    this.code = code;
+    this.decision = decision;
+  }
+};
+function isDid(value) {
+  return typeof value === "string" && value.startsWith("did:key:");
+}
+
+// src/clientid-attestation.ts
+import {
+  hash as hash3,
+  sign as sign3,
+  verify as verify3,
+  hybridSign as hybridSign2,
+  hybridVerify as hybridVerify2,
+  encodeSignature as encodeSignature2,
+  decodeSignature as decodeSignature2,
+  DEFAULT_SECURITY_LEVEL as DEFAULT_SECURITY_LEVEL2
+} from "@xnetjs/crypto";
+import { parseDID as parseDID2 } from "@xnetjs/identity";
+function isV2Attestation(attestation) {
+  return "v" in attestation && attestation.v === 2;
+}
+function isV1Attestation(attestation) {
+  return !("v" in attestation);
+}
+function attestationPayloadV1(clientId, did, room, expiresAt) {
+  const text = `clientid-bind:${clientId}:${did}:${room}:${expiresAt}`;
+  return new TextEncoder().encode(text);
+}
+function createClientIdAttestationV1(clientId, did, privateKey, room, ttlSeconds = 3600) {
+  const expiresAt = Math.floor(Date.now() / 1e3) + ttlSeconds;
+  const payload = attestationPayloadV1(clientId, did, room, expiresAt);
+  const payloadHash = hash3(payload, "blake3");
+  const signature = sign3(payloadHash, privateKey);
+  return { clientId, did, signature, expiresAt, room };
+}
+function verifyClientIdAttestationV1(attestation) {
+  const now = Math.floor(Date.now() / 1e3);
+  if (attestation.expiresAt < now) {
+    return { valid: false, reason: "expired" };
+  }
+  try {
+    const publicKey = parseDID2(attestation.did);
+    const payload = attestationPayloadV1(
+      attestation.clientId,
+      attestation.did,
+      attestation.room,
+      attestation.expiresAt
+    );
+    const payloadHash = hash3(payload, "blake3");
+    const valid = verify3(payloadHash, attestation.signature, publicKey);
+    if (!valid) {
+      return { valid: false, reason: "invalid_signature" };
+    }
+    return { valid: true };
+  } catch {
+    return { valid: false, reason: "did_resolution_failed" };
+  }
+}
+function createClientIdAttestationV2(clientId, room, keyBundle, options = {}) {
+  const { expiresInMs, level = DEFAULT_SECURITY_LEVEL2 } = options;
+  const timestamp = Date.now();
+  const expiresAt = expiresInMs ? timestamp + expiresInMs : void 0;
+  const payload = {
+    v: 2,
+    clientId,
+    did: keyBundle.identity.did,
+    timestamp,
+    expiresAt,
+    room
+  };
+  const payloadBytes = new TextEncoder().encode(JSON.stringify(payload));
+  const payloadHash = hash3(payloadBytes, "blake3");
+  const signature = hybridSign2(
+    payloadHash,
+    {
+      ed25519: keyBundle.signingKey,
+      mlDsa: keyBundle.pqSigningKey
+    },
+    level
+  );
+  return {
+    v: 2,
+    clientId,
+    did: keyBundle.identity.did,
+    timestamp,
+    expiresAt,
+    room,
+    signature
+  };
+}
+async function verifyClientIdAttestationV2(attestation, options = {}) {
+  const { registry, minLevel = 0 } = options;
+  const errors = [];
+  const expired = attestation.expiresAt !== void 0 && Date.now() > attestation.expiresAt;
+  if (expired) {
+    errors.push("Attestation has expired");
+  }
+  if (attestation.signature.level < minLevel) {
+    errors.push(
+      `Security level too low: ${attestation.signature.level} < ${minLevel} (required minimum)`
+    );
+  }
+  let ed25519PublicKey;
+  try {
+    ed25519PublicKey = parseDID2(attestation.did);
+  } catch {
+    errors.push("Failed to parse DID");
+    return {
+      valid: false,
+      expired,
+      level: attestation.signature.level,
+      errors
+    };
+  }
+  let pqPublicKey;
+  if (attestation.signature.level >= 1 && registry) {
+    const lookedUp = await registry.lookup(attestation.did);
+    pqPublicKey = lookedUp ?? void 0;
+  }
+  const payload = {
+    v: 2,
+    clientId: attestation.clientId,
+    did: attestation.did,
+    timestamp: attestation.timestamp,
+    expiresAt: attestation.expiresAt,
+    room: attestation.room
+  };
+  const payloadBytes = new TextEncoder().encode(JSON.stringify(payload));
+  const payloadHash = hash3(payloadBytes, "blake3");
+  const result = hybridVerify2(
+    payloadHash,
+    attestation.signature,
+    { ed25519: ed25519PublicKey, mlDsa: pqPublicKey },
+    { minLevel }
+  );
+  if (!result.valid) {
+    if (result.details.ed25519?.error) errors.push(result.details.ed25519.error);
+    if (result.details.mlDsa?.error) errors.push(result.details.mlDsa.error);
+    if (!result.details.ed25519?.error && !result.details.mlDsa?.error) {
+      errors.push("Signature verification failed");
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    expired,
+    level: attestation.signature.level,
+    errors
+  };
+}
+function serializeClientIdAttestation(attestation) {
+  return {
+    v: 2,
+    c: attestation.clientId,
+    d: attestation.did,
+    t: attestation.timestamp,
+    e: attestation.expiresAt,
+    r: attestation.room,
+    s: encodeSignature2(attestation.signature)
+  };
+}
+function deserializeClientIdAttestation(wire) {
+  if (wire.v !== 2) {
+    throw new Error(`Unsupported attestation version: ${wire.v}. Expected version 2.`);
+  }
+  return {
+    v: 2,
+    clientId: wire.c,
+    did: wire.d,
+    timestamp: wire.t,
+    expiresAt: wire.e,
+    room: wire.r,
+    signature: decodeSignature2(wire.s)
+  };
+}
+function createClientIdAttestation(clientId, didOrRoom, privateKeyOrKeyBundle, roomOrOptions, ttlSeconds) {
+  if (typeof privateKeyOrKeyBundle === "object" && "identity" in privateKeyOrKeyBundle && "signingKey" in privateKeyOrKeyBundle) {
+    return createClientIdAttestationV2(
+      clientId,
+      didOrRoom,
+      // This is room in V2
+      privateKeyOrKeyBundle,
+      roomOrOptions
+    );
+  }
+  return createClientIdAttestationV1(
+    clientId,
+    didOrRoom,
+    // This is did in V1
+    privateKeyOrKeyBundle,
+    roomOrOptions,
+    ttlSeconds
+  );
+}
+function verifyClientIdAttestation(attestation, options) {
+  if (isV2Attestation(attestation)) {
+    return verifyClientIdAttestationV2(attestation, options);
+  }
+  return verifyClientIdAttestationV1(attestation);
+}
+var ClientIdMapImpl = class {
+  byClientId = /* @__PURE__ */ new Map();
+  byDid = /* @__PURE__ */ new Map();
+  getOwner(clientId) {
+    const entry = this.byClientId.get(clientId);
+    if (!entry) return void 0;
+    if (entry.expiresAt < Math.floor(Date.now() / 1e3)) {
+      this.byClientId.delete(clientId);
+      this.byDid.delete(entry.did);
+      return void 0;
+    }
+    return entry.did;
+  }
+  getClientId(did) {
+    const entry = this.byDid.get(did);
+    if (!entry) return void 0;
+    if (entry.expiresAt < Math.floor(Date.now() / 1e3)) {
+      this.byDid.delete(did);
+      this.byClientId.delete(entry.clientId);
+      return void 0;
+    }
+    return entry.clientId;
+  }
+  register(attestation) {
+    const did = isV2Attestation(attestation) ? attestation.did : attestation.did;
+    const expiresAt = isV2Attestation(attestation) ? attestation.expiresAt ? Math.floor(attestation.expiresAt / 1e3) : Math.floor(Date.now() / 1e3) + 3600 : attestation.expiresAt;
+    const prev = this.byDid.get(did);
+    if (prev) {
+      this.byClientId.delete(prev.clientId);
+    }
+    const prevDid = this.byClientId.get(attestation.clientId);
+    if (prevDid) {
+      this.byDid.delete(prevDid.did);
+    }
+    this.byClientId.set(attestation.clientId, { did, expiresAt });
+    this.byDid.set(did, { clientId: attestation.clientId, expiresAt });
+  }
+  cleanup() {
+    const now = Math.floor(Date.now() / 1e3);
+    for (const [clientId, entry] of this.byClientId) {
+      if (entry.expiresAt < now) {
+        this.byClientId.delete(clientId);
+        this.byDid.delete(entry.did);
+      }
+    }
+  }
+  getAll() {
+    const now = Math.floor(Date.now() / 1e3);
+    return Array.from(this.byClientId.entries()).filter(([_, entry]) => entry.expiresAt > now).map(([clientId, entry]) => ({
+      clientId,
+      did: entry.did,
+      expiresAt: entry.expiresAt
+    }));
+  }
+  has(clientId) {
+    return this.getOwner(clientId) !== void 0;
+  }
+  size() {
+    return this.byClientId.size;
+  }
+  /**
+   * Get the count of non-expired entries without mutating state.
+   * This is useful for accurate counts but slower than size().
+   */
+  activeCount() {
+    const now = Date.now();
+    let count = 0;
+    for (const entry of this.byClientId.values()) {
+      if (entry.expiresAt > now) {
+        count++;
+      }
+    }
+    return count;
+  }
+  /**
+   * Clear all bindings.
+   */
+  clear() {
+    this.byClientId.clear();
+    this.byDid.clear();
+  }
+};
+function validateClientIdOwnership(clientId, authorDID, map) {
+  const owner = map.getOwner(clientId);
+  if (owner === void 0) {
+    return true;
+  }
+  return owner === authorDID;
+}
+
+// src/yjs-change.ts
+var YJS_CHANGE_TYPE = "yjs-update";
+function createUnsignedYjsChange(options) {
+  const payload = {
+    nodeId: options.nodeId,
+    update: options.update,
+    clientId: options.clientId,
+    updateCount: options.updateCount
+  };
+  return createUnsignedChange({
+    id: createChangeId(),
+    type: YJS_CHANGE_TYPE,
+    payload,
+    parentHash: options.parentHash,
+    authorDID: options.authorDID,
+    lamport: options.lamport,
+    wallTime: options.wallTime
+  });
+}
+function createYjsChange(options) {
+  const unsigned = createUnsignedYjsChange(options);
+  return signChange(unsigned, options.privateKey);
+}
+function isYjsChange(change) {
+  return change.type === YJS_CHANGE_TYPE && typeof change.payload === "object" && change.payload !== null && "update" in change.payload && "clientId" in change.payload && "nodeId" in change.payload;
+}
+function isNodeChange(change) {
+  return change.type !== YJS_CHANGE_TYPE && typeof change.payload === "object" && change.payload !== null && "nodeId" in change.payload && !("update" in change.payload);
+}
+function getChangeNodeId(change) {
+  if (typeof change.payload === "object" && change.payload !== null && "nodeId" in change.payload) {
+    return change.payload.nodeId;
+  }
+  return void 0;
+}
+
+// src/yjs-batcher.ts
+var DEFAULT_BATCHER_CONFIG = {
+  batchWindowMs: 2e3,
+  maxBatchSize: 50,
+  flushOnParagraph: true
+};
+function throwMergeNotProvided() {
+  throw new Error(
+    "[YjsBatcher] mergeUpdates function is required. Pass Y.mergeUpdates from the yjs package."
+  );
+}
+var YjsBatcher = class {
+  pendingUpdates = [];
+  flushTimer = null;
+  config;
+  onFlush;
+  mergeUpdates;
+  destroyed = false;
+  /**
+   * Create a new YjsBatcher.
+   *
+   * @param onFlush - Callback invoked when a batch is flushed
+   * @param config - Optional configuration overrides
+   * @param mergeUpdates - Function to merge updates (required - use Y.mergeUpdates from yjs)
+   */
+  constructor(onFlush, config, mergeUpdates) {
+    this.onFlush = onFlush;
+    this.config = {
+      ...DEFAULT_BATCHER_CONFIG,
+      ...config
+    };
+    this.mergeUpdates = mergeUpdates ?? throwMergeNotProvided;
+  }
+  /**
+   * Add an update to the current batch.
+   *
+   * @param update - The Yjs update bytes
+   * @param isParagraphBreak - Whether this update is a paragraph break (Enter key)
+   */
+  add(update, isParagraphBreak = false) {
+    if (this.destroyed) {
+      console.warn("[YjsBatcher] Attempted to add update after destroy");
+      return;
+    }
+    this.pendingUpdates.push(update);
+    if (this.pendingUpdates.length >= this.config.maxBatchSize) {
+      this.flush();
+      return;
+    }
+    if (isParagraphBreak && this.config.flushOnParagraph) {
+      this.flush();
+      return;
+    }
+    this.resetTimer();
+  }
+  /**
+   * Force flush the current batch.
+   * Safe to call even if there are no pending updates.
+   */
+  flush() {
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+      this.flushTimer = null;
+    }
+    if (this.pendingUpdates.length === 0) {
+      return;
+    }
+    const merged = this.mergeUpdates(this.pendingUpdates);
+    const updateCount = this.pendingUpdates.length;
+    this.pendingUpdates = [];
+    try {
+      this.onFlush(merged, updateCount);
+    } catch (err) {
+      console.error("[YjsBatcher] Error in flush callback:", err);
+    }
+  }
+  /**
+   * Check if there are pending updates.
+   */
+  hasPending() {
+    return this.pendingUpdates.length > 0;
+  }
+  /**
+   * Get the number of pending updates.
+   */
+  pendingCount() {
+    return this.pendingUpdates.length;
+  }
+  /**
+   * Destroy the batcher. Flushes any remaining updates.
+   * After destroy, add() calls will be ignored.
+   */
+  destroy() {
+    if (this.destroyed) return;
+    this.destroyed = true;
+    this.flush();
+  }
+  /**
+   * Check if the batcher has been destroyed.
+   */
+  isDestroyed() {
+    return this.destroyed;
+  }
+  /**
+   * Reset or start the flush timer.
+   */
+  resetTimer() {
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+    }
+    this.flushTimer = setTimeout(() => {
+      this.flushTimer = null;
+      this.flush();
+    }, this.config.batchWindowMs);
+  }
+};
+
+// src/serializers/v1.ts
+function encodeBase64(data) {
+  if (typeof btoa === "function") {
+    let binary = "";
+    for (let i = 0; i < data.length; i++) {
+      binary += String.fromCharCode(data[i]);
+    }
+    return btoa(binary);
+  }
+  return Buffer.from(data).toString("base64");
+}
+function decodeBase64(str) {
+  if (typeof atob === "function") {
+    const binary = atob(str);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+  }
+  return new Uint8Array(Buffer.from(str, "base64"));
+}
+var V1Serializer = class {
+  version = 1;
+  name = "V1 JSON Serializer";
+  serialize(change) {
+    const wire = {
+      id: change.id,
+      type: change.type,
+      payload: change.payload,
+      hash: change.hash,
+      parentHash: change.parentHash,
+      authorDID: change.authorDID,
+      signature: encodeBase64(change.signature),
+      wallTime: change.wallTime,
+      lamport: { time: change.lamport.time, author: change.lamport.author }
+    };
+    if (change.protocolVersion !== void 0) {
+      wire.protocolVersion = change.protocolVersion;
+    }
+    if (change.batchId !== void 0) {
+      wire.batchId = change.batchId;
+      wire.batchIndex = change.batchIndex;
+      wire.batchSize = change.batchSize;
+    }
+    return wire;
+  }
+  deserialize(data) {
+    try {
+      let wire;
+      if (data instanceof Uint8Array) {
+        const json = new TextDecoder().decode(data);
+        wire = JSON.parse(json);
+      } else {
+        wire = data;
+      }
+      if (!wire.id || !wire.type || !wire.hash || !wire.authorDID || !wire.signature) {
+        return {
+          success: false,
+          error: "Missing required fields in V1 change",
+          rawData: data
+        };
+      }
+      if (!wire.lamport || typeof wire.lamport.time !== "number" || !wire.lamport.author) {
+        return {
+          success: false,
+          error: "Invalid or missing lamport timestamp",
+          rawData: data
+        };
+      }
+      const change = {
+        id: wire.id,
+        type: wire.type,
+        payload: wire.payload,
+        hash: wire.hash,
+        parentHash: wire.parentHash,
+        authorDID: wire.authorDID,
+        signature: decodeBase64(wire.signature),
+        wallTime: wire.wallTime,
+        lamport: {
+          time: wire.lamport.time,
+          author: wire.lamport.author
+        }
+      };
+      if (wire.protocolVersion !== void 0) {
+        change.protocolVersion = wire.protocolVersion;
+      }
+      if (wire.batchId !== void 0) {
+        change.batchId = wire.batchId;
+        change.batchIndex = wire.batchIndex;
+        change.batchSize = wire.batchSize;
+      }
+      return { success: true, change };
+    } catch (err) {
+      return {
+        success: false,
+        error: err instanceof Error ? err.message : String(err),
+        rawData: data
+      };
+    }
+  }
+  canDeserialize(data) {
+    if (!data || typeof data !== "object") {
+      return false;
+    }
+    const obj = data;
+    if (obj.protocolVersion !== void 0 && obj.protocolVersion !== 1) {
+      return false;
+    }
+    return typeof obj.id === "string" && typeof obj.type === "string" && typeof obj.hash === "string" && typeof obj.signature === "string";
+  }
+};
+var v1Serializer = new V1Serializer();
+
+// src/serializers/v2.ts
+function encodeBase642(data) {
+  if (typeof btoa === "function") {
+    let binary = "";
+    for (let i = 0; i < data.length; i++) {
+      binary += String.fromCharCode(data[i]);
+    }
+    return btoa(binary);
+  }
+  return Buffer.from(data).toString("base64");
+}
+function decodeBase642(str) {
+  if (typeof atob === "function") {
+    const binary = atob(str);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+  }
+  return new Uint8Array(Buffer.from(str, "base64"));
+}
+var V2Serializer = class {
+  version = 2;
+  name = "V2 Compact Serializer";
+  serialize(change) {
+    const wire = {
+      v: 2,
+      i: change.id,
+      t: change.type,
+      p: change.payload,
+      h: change.hash,
+      ph: change.parentHash,
+      a: change.authorDID,
+      s: encodeBase642(change.signature),
+      w: change.wallTime,
+      l: { t: change.lamport.time, a: change.lamport.author }
+    };
+    if (change.batchId !== void 0) {
+      wire.bi = change.batchId;
+      wire.bx = change.batchIndex;
+      wire.bs = change.batchSize;
+    }
+    return wire;
+  }
+  deserialize(data) {
+    try {
+      let wire;
+      if (data instanceof Uint8Array) {
+        const json = new TextDecoder().decode(data);
+        wire = JSON.parse(json);
+      } else {
+        wire = data;
+      }
+      if (wire.v !== 2) {
+        return {
+          success: false,
+          error: `Expected v2 format, got v${wire.v}`,
+          rawData: data
+        };
+      }
+      if (!wire.i || !wire.t || !wire.h || !wire.a || !wire.s) {
+        return {
+          success: false,
+          error: "Missing required fields in V2 change",
+          rawData: data
+        };
+      }
+      if (!wire.l || typeof wire.l.t !== "number" || !wire.l.a) {
+        return {
+          success: false,
+          error: "Invalid or missing lamport timestamp",
+          rawData: data
+        };
+      }
+      const change = {
+        protocolVersion: 2,
+        id: wire.i,
+        type: wire.t,
+        payload: wire.p,
+        hash: wire.h,
+        parentHash: wire.ph,
+        authorDID: wire.a,
+        signature: decodeBase642(wire.s),
+        wallTime: wire.w,
+        lamport: {
+          time: wire.l.t,
+          author: wire.l.a
+        }
+      };
+      if (wire.bi !== void 0) {
+        change.batchId = wire.bi;
+        change.batchIndex = wire.bx;
+        change.batchSize = wire.bs;
+      }
+      return { success: true, change };
+    } catch (err) {
+      return {
+        success: false,
+        error: err instanceof Error ? err.message : String(err),
+        rawData: data
+      };
+    }
+  }
+  canDeserialize(data) {
+    if (!data || typeof data !== "object") {
+      return false;
+    }
+    const obj = data;
+    return obj.v === 2 && typeof obj.i === "string" && typeof obj.t === "string";
+  }
+  /**
+   * Add schema version to a payload.
+   * Used when serializing node changes with schema versioning.
+   */
+  static addSchemaVersion(payload, schemaVersion) {
+    return { ...payload, _sv: schemaVersion };
+  }
+  /**
+   * Extract schema version from a payload.
+   */
+  static getSchemaVersion(payload) {
+    if (payload && typeof payload === "object") {
+      const p = payload;
+      return p._sv;
+    }
+    return void 0;
+  }
+};
+var v2Serializer = new V2Serializer();
+
+// src/serializers/v3.ts
+import {
+  encodeSignature as encodeSignature3,
+  decodeSignature as decodeSignature3
+} from "@xnetjs/crypto";
+function isUnifiedSignature(sig) {
+  if (!sig || typeof sig !== "object") return false;
+  const s = sig;
+  if (typeof s.level !== "number") return false;
+  if (s.level < 0 || s.level > 2) return false;
+  return true;
+}
+function legacyToUnifiedSignature(sig) {
+  return {
+    level: 0,
+    ed25519: sig
+  };
+}
+var V3Serializer = class {
+  version = 3;
+  name = "V3 Multi-Level Crypto Serializer";
+  serialize(change) {
+    let sig;
+    if (isUnifiedSignature(change.signature)) {
+      sig = encodeSignature3(change.signature);
+    } else if (change.signature instanceof Uint8Array) {
+      sig = encodeSignature3(legacyToUnifiedSignature(change.signature));
+    } else {
+      throw new Error("Invalid signature type in change");
+    }
+    const wire = {
+      v: 3,
+      i: change.id,
+      t: change.type,
+      p: change.payload,
+      h: change.hash,
+      ph: change.parentHash,
+      a: change.authorDID,
+      sig,
+      w: change.wallTime,
+      l: { t: change.lamport.time, a: change.lamport.author }
+    };
+    if (change.batchId !== void 0) {
+      wire.bi = change.batchId;
+      wire.bx = change.batchIndex;
+      wire.bs = change.batchSize;
+    }
+    return wire;
+  }
+  deserialize(data) {
+    try {
+      let wire;
+      if (data instanceof Uint8Array) {
+        const json = new TextDecoder().decode(data);
+        wire = JSON.parse(json);
+      } else {
+        wire = data;
+      }
+      if (wire.v !== 3) {
+        return {
+          success: false,
+          error: `Expected v3 format, got v${wire.v}. Clear your database and start fresh.`,
+          rawData: data
+        };
+      }
+      if (!wire.i || !wire.t || !wire.h || !wire.a || !wire.sig) {
+        return {
+          success: false,
+          error: "Missing required fields in V3 change",
+          rawData: data
+        };
+      }
+      if (typeof wire.sig !== "object" || typeof wire.sig.l !== "number") {
+        return {
+          success: false,
+          error: "Invalid signature format in V3 change",
+          rawData: data
+        };
+      }
+      if (!wire.l || typeof wire.l.t !== "number" || !wire.l.a) {
+        return {
+          success: false,
+          error: "Invalid or missing lamport timestamp",
+          rawData: data
+        };
+      }
+      const signature = decodeSignature3(wire.sig);
+      const change = {
+        protocolVersion: 3,
+        id: wire.i,
+        type: wire.t,
+        payload: wire.p,
+        hash: wire.h,
+        parentHash: wire.ph,
+        authorDID: wire.a,
+        signature,
+        // Type cast for compatibility
+        wallTime: wire.w,
+        lamport: {
+          time: wire.l.t,
+          author: wire.l.a
+        }
+      };
+      if (wire.bi !== void 0) {
+        change.batchId = wire.bi;
+        change.batchIndex = wire.bx;
+        change.batchSize = wire.bs;
+      }
+      return { success: true, change };
+    } catch (err) {
+      return {
+        success: false,
+        error: err instanceof Error ? err.message : String(err),
+        rawData: data
+      };
+    }
+  }
+  canDeserialize(data) {
+    if (!data || typeof data !== "object") {
+      return false;
+    }
+    const obj = data;
+    return obj.v === 3 && typeof obj.i === "string" && typeof obj.t === "string" && typeof obj.sig === "object" && obj.sig !== null;
+  }
+  /**
+   * Add schema version to a payload.
+   */
+  static addSchemaVersion(payload, schemaVersion) {
+    return { ...payload, _sv: schemaVersion };
+  }
+  /**
+   * Extract schema version from a payload.
+   */
+  static getSchemaVersion(payload) {
+    if (payload && typeof payload === "object") {
+      const p = payload;
+      return p._sv;
+    }
+    return void 0;
+  }
+  /**
+   * Get the security level of a serialized change.
+   */
+  static getSecurityLevel(wire) {
+    return wire.sig.l;
+  }
+};
+var v3Serializer = new V3Serializer();
+
+// src/serializers/index.ts
+var DefaultSerializerRegistry = class {
+  serializers = /* @__PURE__ */ new Map();
+  defaultVersion;
+  constructor(defaultVersion = CURRENT_PROTOCOL_VERSION) {
+    this.defaultVersion = defaultVersion;
+    this.register(v1Serializer);
+    this.register(v2Serializer);
+    this.register(v3Serializer);
+  }
+  get(version) {
+    return this.serializers.get(version);
+  }
+  getDefault() {
+    const serializer = this.serializers.get(this.defaultVersion);
+    if (!serializer) {
+      throw new Error(`No serializer registered for default version ${this.defaultVersion}`);
+    }
+    return serializer;
+  }
+  register(serializer) {
+    this.serializers.set(serializer.version, serializer);
+  }
+  getVersions() {
+    return [...this.serializers.keys()].sort((a, b) => a - b);
+  }
+  detect(data) {
+    const versions = this.getVersions().reverse();
+    for (const version of versions) {
+      const serializer = this.serializers.get(version);
+      if (serializer.canDeserialize(data)) {
+        return serializer;
+      }
+    }
+    return void 0;
+  }
+};
+var serializerRegistry = new DefaultSerializerRegistry();
+function getSerializer(version) {
+  return serializerRegistry.get(version);
+}
+function getDefaultSerializer() {
+  return serializerRegistry.getDefault();
+}
+function autoDeserialize(data) {
+  const serializer = serializerRegistry.detect(data);
+  if (!serializer) {
+    return {
+      success: false,
+      error: "Unable to detect serializer format",
+      rawData: data
+    };
+  }
+  return serializer.deserialize(data);
+}
+function autoSerialize(change) {
+  const version = change.protocolVersion ?? 1;
+  const serializer = serializerRegistry.get(version) ?? serializerRegistry.getDefault();
+  return serializer.serialize(change);
+}
+function createSerializerRegistry(defaultVersion = CURRENT_PROTOCOL_VERSION, serializers) {
+  const registry = new DefaultSerializerRegistry(defaultVersion);
+  if (serializers) {
+    for (const serializer of serializers) {
+      registry.register(serializer);
+    }
+  }
+  return registry;
+}
+
+// src/handlers/index.ts
+var ChangeHandlerRegistry = class {
+  handlers = /* @__PURE__ */ new Map();
+  unknownTypeListeners = [];
+  invalidChangeListeners = [];
+  /**
+   * Register a handler for a change type and version range.
+   */
+  register(handler) {
+    const existing = this.handlers.get(handler.type) ?? [];
+    existing.push(handler);
+    existing.sort((a, b) => b.maxVersion - a.maxVersion);
+    this.handlers.set(handler.type, existing);
+  }
+  /**
+   * Unregister all handlers for a type.
+   */
+  unregister(type) {
+    return this.handlers.delete(type);
+  }
+  /**
+   * Get the appropriate handler for a change.
+   * Returns null if no handler can process this change.
+   */
+  getHandler(change) {
+    const handlers = this.handlers.get(change.type);
+    if (!handlers || handlers.length === 0) {
+      return null;
+    }
+    const version = change.protocolVersion ?? 0;
+    for (const handler of handlers) {
+      if (version >= handler.minVersion && version <= handler.maxVersion) {
+        if (handler.canHandle(change)) {
+          return handler;
+        }
+      }
+    }
+    for (const handler of handlers) {
+      if (handler.maxVersion === Infinity && handler.minVersion <= version) {
+        if (handler.canHandle(change)) {
+          return handler;
+        }
+      }
+    }
+    return null;
+  }
+  /**
+   * Check if any handler can process this change.
+   */
+  canProcess(change) {
+    return this.getHandler(change) !== null;
+  }
+  /**
+   * Process a change using the appropriate handler.
+   */
+  async process(change, context) {
+    const handler = this.getHandler(change);
+    if (!handler) {
+      await context.storeUnknown(change);
+      context.emit("unknownChangeType", { change });
+      this.notifyUnknownType(change);
+      return;
+    }
+    const validation = handler.validate(change);
+    if (!validation.valid) {
+      context.emit("invalidChange", { change, errors: validation.errors });
+      this.notifyInvalidChange(change, validation.errors);
+      return;
+    }
+    await handler.process(change, context);
+  }
+  /**
+   * Get all registered handler types.
+   */
+  getTypes() {
+    return Array.from(this.handlers.keys());
+  }
+  /**
+   * Get handlers for a specific type.
+   */
+  getHandlersForType(type) {
+    return this.handlers.get(type) ?? [];
+  }
+  /**
+   * Subscribe to unknown change type events.
+   */
+  onUnknownType(listener) {
+    this.unknownTypeListeners.push(listener);
+    return () => {
+      const idx = this.unknownTypeListeners.indexOf(listener);
+      if (idx !== -1) this.unknownTypeListeners.splice(idx, 1);
+    };
+  }
+  /**
+   * Subscribe to invalid change events.
+   */
+  onInvalidChange(listener) {
+    this.invalidChangeListeners.push(listener);
+    return () => {
+      const idx = this.invalidChangeListeners.indexOf(listener);
+      if (idx !== -1) this.invalidChangeListeners.splice(idx, 1);
+    };
+  }
+  /**
+   * Clear all registered handlers.
+   */
+  clear() {
+    this.handlers.clear();
+  }
+  // ─── Private Methods ─────────────────────────────────────────────────────
+  notifyUnknownType(change) {
+    for (const listener of this.unknownTypeListeners) {
+      try {
+        listener(change);
+      } catch (err) {
+        console.error("[ChangeHandlerRegistry] Error in unknownType listener:", err);
+      }
+    }
+  }
+  notifyInvalidChange(change, errors) {
+    for (const listener of this.invalidChangeListeners) {
+      try {
+        listener(change, errors);
+      } catch (err) {
+        console.error("[ChangeHandlerRegistry] Error in invalidChange listener:", err);
+      }
+    }
+  }
+};
+var changeHandlerRegistry = new ChangeHandlerRegistry();
+function createHandler(type, process, validate) {
+  return {
+    type,
+    minVersion: 0,
+    maxVersion: Infinity,
+    canHandle: () => true,
+    process,
+    validate: validate ?? (() => ({ valid: true, errors: [] }))
+  };
+}
+function createVersionedHandler(type, minVersion, maxVersion, process, validate) {
+  return {
+    type,
+    minVersion,
+    maxVersion,
+    canHandle: () => true,
+    process,
+    validate: validate ?? (() => ({ valid: true, errors: [] }))
+  };
+}
+function createTestContext(overrides) {
+  return {
+    storeUnknown: async () => {
+    },
+    emit: () => {
+    },
+    authorDID: "did:key:test",
+    ...overrides
+  };
+}
+
+// src/integrity.ts
+async function verifyIntegrity(changes, options = {}) {
+  const startTime = Date.now();
+  const issues = [];
+  let valid = 0;
+  const changeById = /* @__PURE__ */ new Map();
+  const changeByHash = /* @__PURE__ */ new Map();
+  const duplicateIds = /* @__PURE__ */ new Set();
+  for (const change of changes) {
+    if (changeById.has(change.id)) {
+      duplicateIds.add(change.id);
+    } else {
+      changeById.set(change.id, change);
+    }
+    changeByHash.set(change.hash, change);
+  }
+  for (const id of duplicateIds) {
+    issues.push({
+      changeId: id,
+      type: "duplicate-id",
+      details: `Duplicate change ID found: ${id}`,
+      severity: "error",
+      repairAction: {
+        type: "remove-duplicate",
+        description: "Remove duplicate changes, keeping the most recent",
+        automatic: false
+      }
+    });
+  }
+  const now = Date.now();
+  const maxFuture = options.maxFutureTimestamp ?? 6e4;
+  for (let i = 0; i < changes.length; i++) {
+    const change = changes[i];
+    if (options.onProgress) {
+      options.onProgress(i + 1, changes.length);
+    }
+    let hasIssue = false;
+    if (duplicateIds.has(change.id)) {
+      continue;
+    }
+    if (!options.skipHashes) {
+      const hashValid = verifyChangeHash(change);
+      if (!hashValid) {
+        issues.push({
+          changeId: change.id,
+          type: "hash-mismatch",
+          details: `Hash mismatch: stored hash does not match computed hash`,
+          severity: "error",
+          repairAction: {
+            type: "recompute-hash",
+            description: "Recompute and update the hash",
+            automatic: true
+          }
+        });
+        hasIssue = true;
+      }
+    }
+    if (!options.skipSignatures && !hasIssue) {
+      if (!change.signature || change.signature.length === 0) {
+        issues.push({
+          changeId: change.id,
+          type: "signature-invalid",
+          details: "Signature is missing or empty",
+          severity: "error"
+          // No automatic repair - would need original signing key
+        });
+        hasIssue = true;
+      }
+    }
+    if (!options.skipChain && change.parentHash !== null) {
+      if (!changeByHash.has(change.parentHash)) {
+        issues.push({
+          changeId: change.id,
+          type: "missing-parent",
+          details: `Parent hash ${change.parentHash} not found`,
+          severity: "warning",
+          repairAction: {
+            type: "request-from-peers",
+            description: "Request the missing parent from connected peers",
+            automatic: true
+          }
+        });
+        hasIssue = true;
+      }
+    }
+    if (change.lamport.time < 0) {
+      issues.push({
+        changeId: change.id,
+        type: "invalid-lamport",
+        details: `Invalid Lamport time: ${change.lamport.time}`,
+        severity: "error"
+      });
+      hasIssue = true;
+    }
+    if (change.wallTime > now + maxFuture) {
+      issues.push({
+        changeId: change.id,
+        type: "future-timestamp",
+        details: `Wall time is in the future: ${new Date(change.wallTime).toISOString()}`,
+        severity: "warning"
+      });
+      hasIssue = true;
+    }
+    if (!hasIssue) {
+      valid++;
+    }
+  }
+  const byType = {
+    "hash-mismatch": 0,
+    "signature-invalid": 0,
+    "chain-broken": 0,
+    "missing-parent": 0,
+    "duplicate-id": 0,
+    "invalid-lamport": 0,
+    "future-timestamp": 0
+  };
+  let errors = 0;
+  let warnings = 0;
+  for (const issue of issues) {
+    byType[issue.type]++;
+    if (issue.severity === "error") {
+      errors++;
+    } else {
+      warnings++;
+    }
+  }
+  const repairable = issues.every(
+    (issue) => issue.repairAction !== void 0 && issue.repairAction.type !== "none"
+  );
+  return {
+    checked: changes.length,
+    valid,
+    issues,
+    repairable,
+    summary: {
+      errors,
+      warnings,
+      byType
+    },
+    durationMs: Date.now() - startTime
+  };
+}
+async function quickIntegrityCheck(changes) {
+  return verifyIntegrity(changes, {
+    skipSignatures: true,
+    skipChain: false
+  });
+}
+async function verifySingleChange(change, options = {}) {
+  const report = await verifyIntegrity([change], options);
+  return {
+    valid: report.valid === 1,
+    issues: report.issues
+  };
+}
+function findOrphans(changes) {
+  const hashSet = new Set(changes.map((c) => c.hash));
+  return changes.filter((c) => c.parentHash !== null && !hashSet.has(c.parentHash));
+}
+function findRoots(changes) {
+  return changes.filter((c) => c.parentHash === null);
+}
+function findHeads(changes) {
+  const parentHashes = new Set(
+    changes.filter((c) => c.parentHash !== null).map((c) => c.parentHash)
+  );
+  return changes.filter((c) => !parentHashes.has(c.hash));
+}
+function getChainDepth(changes) {
+  if (changes.length === 0) return 0;
+  const childMap = /* @__PURE__ */ new Map();
+  for (const change of changes) {
+    const children = childMap.get(change.parentHash) ?? [];
+    children.push(change);
+    childMap.set(change.parentHash, children);
+  }
+  function getDepth(parentHash) {
+    const children = childMap.get(parentHash) ?? [];
+    if (children.length === 0) return 0;
+    return 1 + Math.max(...children.map((c) => getDepth(c.hash)));
+  }
+  return getDepth(null);
+}
+async function attemptRepair(changes, issues) {
+  const changeMap = new Map(changes.map((c) => [c.id, { ...c }]));
+  const remainingIssues = [];
+  let repairCount = 0;
+  for (const issue of issues) {
+    if (!issue.repairAction?.automatic) {
+      remainingIssues.push(issue);
+      continue;
+    }
+    const change = changeMap.get(issue.changeId);
+    if (!change) {
+      remainingIssues.push(issue);
+      continue;
+    }
+    switch (issue.repairAction.type) {
+      case "recompute-hash":
+        change.hash = await computeChangeHash(change);
+        repairCount++;
+        break;
+      case "mark-orphan":
+        repairCount++;
+        break;
+      default:
+        remainingIssues.push(issue);
+    }
+  }
+  return {
+    repaired: Array.from(changeMap.values()),
+    remainingIssues,
+    repairCount
+  };
+}
+function formatIntegrityReport(report) {
+  const lines = [];
+  lines.push(`Integrity Report`);
+  lines.push(`================`);
+  lines.push(`Checked: ${report.checked} changes`);
+  lines.push(`Valid: ${report.valid} (${Math.round(report.valid / report.checked * 100)}%)`);
+  lines.push(`Duration: ${report.durationMs}ms`);
+  lines.push("");
+  if (report.issues.length === 0) {
+    lines.push("No issues found.");
+  } else {
+    lines.push(
+      `Issues: ${report.issues.length} (${report.summary.errors} errors, ${report.summary.warnings} warnings)`
+    );
+    lines.push("");
+    for (const [type, count] of Object.entries(report.summary.byType)) {
+      if (count > 0) {
+        lines.push(`  ${type}: ${count}`);
+      }
+    }
+    lines.push("");
+    lines.push(`Repairable: ${report.repairable ? "Yes" : "No"}`);
+  }
+  return lines.join("\n");
+}
+
+// src/deprecation.ts
+var DEPRECATIONS = [
+  // Protocol deprecations
+  {
+    type: "protocol",
+    subject: "Protocol v0 (unsigned changes)",
+    description: "Protocol v0 changes without signatures are deprecated",
+    deprecatedIn: "0.5.0",
+    removedIn: "1.0.0",
+    alternative: "Protocol v1 with signed changes",
+    migrationGuide: "/docs/migrations/protocol-v0-to-v1",
+    deprecatedDate: "2026-01-15"
+  },
+  {
+    type: "protocol",
+    subject: "Legacy Yjs updates",
+    description: "Unsigned Yjs updates are deprecated",
+    deprecatedIn: "0.5.0",
+    removedIn: "1.0.0",
+    alternative: "Signed Yjs envelopes",
+    migrationGuide: "/docs/migrations/yjs-signed-envelopes"
+  }
+  // Schema deprecations (examples for future use)
+  // {
+  //   type: 'schema',
+  //   subject: 'xnet://xnet.fyi/Task@1.0.0',
+  //   description: 'Task v1.0.0 schema is deprecated',
+  //   deprecatedIn: '0.6.0',
+  //   alternative: 'xnet://xnet.fyi/Task@2.0.0',
+  //   migrationGuide: '/docs/migrations/task-v1-to-v2'
+  // },
+  // Feature deprecations (examples for future use)
+  // {
+  //   type: 'feature',
+  //   subject: 'legacy-auth',
+  //   description: 'Legacy authentication method is deprecated',
+  //   deprecatedIn: '0.7.0',
+  //   removedIn: '1.0.0',
+  //   alternative: 'did-auth',
+  //   migrationGuide: '/docs/migrations/legacy-auth-to-did'
+  // }
+];
+function checkDeprecations(context) {
+  const warnings = [];
+  const now = /* @__PURE__ */ new Date();
+  for (const notice of DEPRECATIONS) {
+    let triggered = false;
+    if (notice.type === "protocol") {
+      if (notice.subject.includes("v0") && (context.protocolVersion ?? 0) < 1) {
+        triggered = true;
+      }
+      if (notice.subject.includes("Legacy Yjs") && (context.protocolVersion ?? 0) < 1) {
+        triggered = true;
+      }
+    }
+    if (notice.type === "schema" && context.schemas) {
+      if (context.schemas.includes(notice.subject)) {
+        triggered = true;
+      }
+    }
+    if (notice.type === "feature" && context.features) {
+      if (context.features.includes(notice.subject)) {
+        triggered = true;
+      }
+    }
+    if (triggered) {
+      const warning = createWarning(notice, now);
+      warnings.push(warning);
+    }
+  }
+  return warnings;
+}
+function createWarning(notice, now) {
+  let daysUntilRemoval;
+  if (notice.sunsetDate) {
+    const sunset = new Date(notice.sunsetDate);
+    const diff = sunset.getTime() - now.getTime();
+    daysUntilRemoval = Math.ceil(diff / (1e3 * 60 * 60 * 24));
+  }
+  const isPastRemoval = notice.removedIn !== void 0 && daysUntilRemoval !== void 0 && daysUntilRemoval < 0;
+  const message = isPastRemoval ? `REMOVED: ${notice.subject} was removed in v${notice.removedIn}.` : `DEPRECATED: ${notice.subject} is deprecated since v${notice.deprecatedIn}.`;
+  let action = "";
+  if (notice.alternative) {
+    action = `Migrate to ${notice.alternative}.`;
+  }
+  if (notice.removedIn && !isPastRemoval) {
+    action += ` Will be removed in v${notice.removedIn}.`;
+  }
+  if (notice.migrationGuide) {
+    action += ` See ${notice.migrationGuide}`;
+  }
+  return {
+    notice,
+    message,
+    action: action.trim(),
+    severity: isPastRemoval ? "error" : "warning",
+    daysUntilRemoval: daysUntilRemoval !== void 0 && daysUntilRemoval >= 0 ? daysUntilRemoval : void 0
+  };
+}
+var DEPRECATION_POLICY = {
+  /** Minimum time between deprecation and removal */
+  minimumDeprecationPeriodDays: 180,
+  /** Whether to log warnings to console */
+  logWarnings: true,
+  /** Whether to throw errors for removed functionality */
+  strictMode: false,
+  /** Console logger for warnings */
+  logger: console.warn
+};
+function configureDeprecationPolicy(options) {
+  Object.assign(DEPRECATION_POLICY, options);
+}
+var loggedDeprecations = /* @__PURE__ */ new Set();
+function logDeprecation(warning) {
+  if (!DEPRECATION_POLICY.logWarnings) return;
+  const key = `${warning.notice.type}:${warning.notice.subject}`;
+  if (loggedDeprecations.has(key)) return;
+  loggedDeprecations.add(key);
+  const prefix = warning.severity === "error" ? "[REMOVED]" : "[DEPRECATED]";
+  DEPRECATION_POLICY.logger(`${prefix} ${warning.message} ${warning.action}`);
+}
+function checkAndLogDeprecations(context) {
+  const warnings = checkDeprecations(context);
+  for (const warning of warnings) {
+    logDeprecation(warning);
+    if (DEPRECATION_POLICY.strictMode && warning.severity === "error") {
+      throw new DeprecationError(warning);
+    }
+  }
+  return warnings;
+}
+function clearLoggedDeprecations() {
+  loggedDeprecations.clear();
+}
+function getDeprecationsByType(type) {
+  return DEPRECATIONS.filter((d) => d.type === type);
+}
+function getDeprecation(subject) {
+  return DEPRECATIONS.find((d) => d.subject === subject);
+}
+function isDeprecated(subject) {
+  return DEPRECATIONS.some((d) => d.subject === subject);
+}
+function isRemoved(subject) {
+  const notice = getDeprecation(subject);
+  if (!notice?.removedIn) return false;
+  return true;
+}
+function registerDeprecation(notice) {
+  const existing = DEPRECATIONS.findIndex((d) => d.subject === notice.subject);
+  if (existing >= 0) {
+    DEPRECATIONS[existing] = notice;
+  } else {
+    DEPRECATIONS.push(notice);
+  }
+}
+var DeprecationError = class extends Error {
+  constructor(warning) {
+    super(`${warning.message} ${warning.action}`);
+    this.warning = warning;
+    this.name = "DeprecationError";
+  }
+};
+function formatDeprecationReport(warnings) {
+  if (warnings.length === 0) {
+    return "No deprecation warnings.";
+  }
+  const lines = ["Deprecation Report", "==================", ""];
+  const errors = warnings.filter((w) => w.severity === "error");
+  const warns = warnings.filter((w) => w.severity === "warning");
+  if (errors.length > 0) {
+    lines.push("REMOVED (require immediate action):");
+    for (const w of errors) {
+      lines.push(`  - ${w.notice.subject}`);
+      lines.push(`    ${w.action}`);
+    }
+    lines.push("");
+  }
+  if (warns.length > 0) {
+    lines.push("DEPRECATED (plan to migrate):");
+    for (const w of warns) {
+      lines.push(`  - ${w.notice.subject}`);
+      lines.push(`    ${w.action}`);
+      if (w.daysUntilRemoval !== void 0) {
+        lines.push(`    ${w.daysUntilRemoval} days until removal`);
+      }
+    }
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+
+// src/integrity-monitor.ts
+var DEFAULT_INTERVAL_MS = 5 * 60 * 1e3;
+var DEFAULT_MIN_CHANGES = 10;
+function createIntegrityMonitor(config) {
+  let currentConfig = { ...config };
+  let intervalId = null;
+  let isRunning = false;
+  let isChecking = false;
+  const stats = {
+    checksPerformed: 0,
+    totalIssuesFound: 0,
+    lastCheckAt: null,
+    lastCheckDurationMs: 0,
+    lastReport: null,
+    isRunning: false,
+    isChecking: false
+  };
+  const log = (message) => {
+    if (currentConfig.debug) {
+      console.log(`[IntegrityMonitor] ${message}`);
+    }
+  };
+  const runCheck = async () => {
+    if (isChecking) {
+      log("Check already in progress, skipping");
+      return stats.lastReport ?? createEmptyReport();
+    }
+    isChecking = true;
+    stats.isChecking = true;
+    try {
+      log("Starting integrity check");
+      const startTime = Date.now();
+      const changes = await Promise.resolve(currentConfig.getChanges());
+      const minChanges = currentConfig.minChangesForCheck ?? DEFAULT_MIN_CHANGES;
+      if (changes.length < minChanges) {
+        log(`Skipping check: only ${changes.length} changes (min: ${minChanges})`);
+        return createEmptyReport();
+      }
+      const report = currentConfig.quickCheck ? await quickIntegrityCheck(changes) : await verifyIntegrity(changes, currentConfig.verifyOptions);
+      stats.checksPerformed++;
+      stats.lastCheckAt = /* @__PURE__ */ new Date();
+      stats.lastCheckDurationMs = Date.now() - startTime;
+      stats.lastReport = report;
+      stats.totalIssuesFound += report.issues.length;
+      log(`Check complete: ${report.valid}/${report.checked} valid, ${report.issues.length} issues`);
+      currentConfig.onCheck?.(report);
+      if (report.issues.length > 0) {
+        currentConfig.onIssues?.(report);
+      }
+      return report;
+    } catch (error) {
+      const err = error instanceof Error ? error : new Error(String(error));
+      log(`Check failed: ${err.message}`);
+      currentConfig.onError?.(err);
+      throw err;
+    } finally {
+      isChecking = false;
+      stats.isChecking = false;
+    }
+  };
+  const start = () => {
+    if (isRunning) {
+      log("Already running");
+      return;
+    }
+    const intervalMs = currentConfig.intervalMs ?? DEFAULT_INTERVAL_MS;
+    log(`Starting with interval ${intervalMs}ms`);
+    isRunning = true;
+    stats.isRunning = true;
+    if (currentConfig.checkOnStart) {
+      runCheck().catch(() => {
+      });
+    }
+    intervalId = setInterval(() => {
+      runCheck().catch(() => {
+      });
+    }, intervalMs);
+  };
+  const stop = () => {
+    if (!isRunning) {
+      log("Not running");
+      return;
+    }
+    log("Stopping");
+    if (intervalId !== null) {
+      clearInterval(intervalId);
+      intervalId = null;
+    }
+    isRunning = false;
+    stats.isRunning = false;
+  };
+  const checkNow = async () => {
+    return runCheck();
+  };
+  const getStats = () => {
+    return { ...stats };
+  };
+  const configure = (newConfig) => {
+    const wasRunning = isRunning;
+    if (wasRunning) {
+      stop();
+    }
+    currentConfig = { ...currentConfig, ...newConfig };
+    if (wasRunning) {
+      start();
+    }
+  };
+  return {
+    start,
+    stop,
+    checkNow,
+    getStats,
+    isRunning: () => isRunning,
+    configure
+  };
+}
+function createEmptyReport() {
+  return {
+    checked: 0,
+    valid: 0,
+    issues: [],
+    repairable: true,
+    summary: {
+      errors: 0,
+      warnings: 0,
+      byType: {
+        "hash-mismatch": 0,
+        "signature-invalid": 0,
+        "chain-broken": 0,
+        "missing-parent": 0,
+        "duplicate-id": 0,
+        "invalid-lamport": 0,
+        "future-timestamp": 0
+      }
+    },
+    durationMs: 0
+  };
+}
+function createReactIntegrityMonitor(options) {
+  const { onStateChange, ...config } = options;
+  const monitor = createIntegrityMonitor({
+    ...config,
+    onCheck: (report) => {
+      config.onCheck?.(report);
+      onStateChange?.(monitor.getStats());
+    },
+    onError: (error) => {
+      config.onError?.(error);
+      onStateChange?.(monitor.getStats());
+    }
+  });
+  const originalStart = monitor.start.bind(monitor);
+  const originalStop = monitor.stop.bind(monitor);
+  monitor.start = () => {
+    originalStart();
+    onStateChange?.(monitor.getStats());
+  };
+  monitor.stop = () => {
+    originalStop();
+    onStateChange?.(monitor.getStats());
+  };
+  return monitor;
+}
+
+// src/security-policy.ts
+import { DEFAULT_SECURITY_LEVEL as DEFAULT_SECURITY_LEVEL3 } from "@xnetjs/crypto";
+var DEFAULT_SECURITY_POLICY = {
+  default: DEFAULT_SECURITY_LEVEL3,
+  overrides: {
+    // High-frequency, ephemeral operations - fast Ed25519
+    "cursor-update": 0,
+    "presence-update": 0,
+    "typing-indicator": 0,
+    "viewport-update": 0,
+    "awareness-update": 0
+    // Regular operations - use default (currently Level 0)
+    // When we upgrade to Level 1 default, these will automatically use hybrid
+    // 'node-create': 1,
+    // 'node-update': 1,
+    // 'node-delete': 1,
+    // Critical operations - can be upgraded to Level 1/2 when PQ is enabled
+    // 'key-rotation': 2,
+    // 'permission-grant': 1,
+    // 'permission-revoke': 2,
+    // 'identity-recovery': 2,
+  }
+};
+var HYBRID_SECURITY_POLICY = {
+  default: 1,
+  overrides: {
+    // High-frequency, ephemeral operations - fast Ed25519
+    "cursor-update": 0,
+    "presence-update": 0,
+    "typing-indicator": 0,
+    "viewport-update": 0,
+    "awareness-update": 0,
+    // Regular operations - hybrid signatures
+    "node-create": 1,
+    "node-update": 1,
+    "node-delete": 1,
+    "yjs-update": 1,
+    "comment-add": 1,
+    // Critical operations - maximum security
+    "key-rotation": 2,
+    "permission-grant": 1,
+    "permission-revoke": 2,
+    "identity-recovery": 2,
+    "share-create": 1
+  }
+};
+var MAX_SECURITY_POLICY = {
+  default: 2,
+  overrides: {
+    // High-frequency, ephemeral operations - still fast
+    "cursor-update": 0,
+    "presence-update": 0,
+    "typing-indicator": 0,
+    "viewport-update": 0,
+    "awareness-update": 0
+  }
+};
+function getSecurityLevel(operationType, policy = DEFAULT_SECURITY_POLICY) {
+  const override = policy.overrides[operationType];
+  return override !== void 0 ? override : policy.default;
+}
+function isEphemeralOperation(operationType) {
+  const ephemeralOps = [
+    "cursor-update",
+    "presence-update",
+    "typing-indicator",
+    "viewport-update",
+    "awareness-update"
+  ];
+  return ephemeralOps.includes(operationType);
+}
+function isCriticalOperation(operationType) {
+  const criticalOps = ["key-rotation", "permission-revoke", "identity-recovery"];
+  return criticalOps.includes(operationType);
+}
+function createSecurityPolicy(options = {}) {
+  return {
+    default: options.default ?? DEFAULT_SECURITY_LEVEL3,
+    overrides: {
+      ...DEFAULT_SECURITY_POLICY.overrides,
+      ...options.overrides
+    }
+  };
+}
+function mergeSecurityPolicies(...policies) {
+  const merged = {
+    default: DEFAULT_SECURITY_LEVEL3,
+    overrides: {}
+  };
+  for (const policy of policies) {
+    if (policy.default !== void 0) {
+      merged.default = policy.default;
+    }
+    if (policy.overrides) {
+      merged.overrides = { ...merged.overrides, ...policy.overrides };
+    }
+  }
+  return merged;
+}
+export {
+  ALL_FEATURES,
+  AuthorizedSyncManager,
+  AuthorizedYjsError,
+  AuthorizedYjsSyncProvider,
+  BaseSyncProvider,
+  COMPACTION_TIME_THRESHOLD,
+  COMPACTION_UPDATE_THRESHOLD,
+  CURRENT_PROTOCOL_VERSION,
+  ChangeHandlerRegistry,
+  ClientIdMapImpl,
+  DEFAULT_BATCHER_CONFIG,
+  DEFAULT_RATE_LIMITER_CONFIG,
+  DEFAULT_SECURITY_POLICY,
+  DEFAULT_YJS_SCORING_CONFIG,
+  DEPRECATIONS,
+  DEPRECATION_POLICY,
+  DeprecationError,
+  FEATURES,
+  HYBRID_SECURITY_POLICY,
+  MAX_SECURITY_POLICY,
+  MAX_YJS_DOC_SIZE,
+  MAX_YJS_UPDATES_PER_MINUTE,
+  MAX_YJS_UPDATES_PER_SECOND,
+  MAX_YJS_UPDATE_SIZE,
+  V1Serializer,
+  V2Serializer,
+  VersionNegotiator,
+  YJS_CHANGE_TYPE,
+  YJS_RATE_BURST_ALLOWANCE,
+  YJS_SYNC_CHUNK_SIZE,
+  YjsAuthGate,
+  YjsBatcher,
+  YjsCheckpointer,
+  YjsIntegrityError,
+  YjsPeerScorer,
+  YjsRateLimiter,
+  YjsStateIntegrityError,
+  addDependencies,
+  attemptRepair,
+  autoDeserialize,
+  autoSerialize,
+  calculateChunkCount,
+  changeHandlerRegistry,
+  checkAndLogDeprecations,
+  checkDeprecations,
+  chunkUpdate,
+  clearLoggedDeprecations,
+  compareLamportTimestamps,
+  computeChangeHash,
+  configureDeprecationPolicy,
+  createBatchId,
+  createChangeId,
+  createClientIdAttestation,
+  createClientIdAttestationV1,
+  createClientIdAttestationV2,
+  createHandler,
+  createIntegrityMonitor,
+  createLamportClock,
+  createLocalCapabilities,
+  createPersistedDocState,
+  createReactIntegrityMonitor,
+  createSecurityPolicy,
+  createSerializerRegistry,
+  createTestContext,
+  createUnsignedChange,
+  createUnsignedYjsChange,
+  createVersionedHandler,
+  createYjsChange,
+  decryptYjsState,
+  defaultNegotiator,
+  deserializeClientIdAttestation,
+  deserializeEncryptedYjsState,
+  deserializeYjsEnvelope,
+  detectFork,
+  diffFeatures,
+  encryptYjsState,
+  envelopeSize,
+  findCommonAncestor,
+  findHeads,
+  findOrphans,
+  findRoots,
+  formatDeprecationReport,
+  formatIntegrityReport,
+  getAllDependencies,
+  getAncestry,
+  getChainDepth,
+  getChainHeads,
+  getChainRoots,
+  getChangeNodeId,
+  getDefaultSerializer,
+  getDeprecation,
+  getDeprecationsByType,
+  getEnabledFeatures,
+  getFeatureConflicts,
+  getFeatureDependencies,
+  getFeatureVersion,
+  getForks,
+  getOptionalFeatures,
+  getRequiredFeatures,
+  getSecurityLevel,
+  getSerializer,
+  hasSignedEnvelope,
+  hashYjsState,
+  intersectFeatures,
+  isAfter,
+  isBefore,
+  isCriticalOperation,
+  isDeprecated,
+  isDocumentTooLarge,
+  isEphemeralOperation,
+  isFeatureAvailable,
+  isFeatureEnabled,
+  isLegacyUpdate,
+  isNodeChange,
+  isRemoved,
+  isUpdateTooLarge,
+  isV1Attestation,
+  isV1Envelope,
+  isV2Attestation,
+  isV2Envelope,
+  isYjsChange,
+  loadVerifiedState,
+  logDeprecation,
+  maxTime,
+  mergeSecurityPolicies,
+  parseCapabilities,
+  parseTimestamp,
+  quickIntegrityCheck,
+  reassembleChunks,
+  receive,
+  registerDeprecation,
+  serializeClientIdAttestation,
+  serializeEncryptedYjsState,
+  serializeTimestamp,
+  serializeYjsEnvelope,
+  serializerRegistry,
+  shouldCompact,
+  signChange,
+  signYjsUpdate,
+  signYjsUpdateBatch,
+  signYjsUpdateV1,
+  signYjsUpdateV2,
+  tick,
+  toEncryptedData,
+  topologicalSort,
+  v1Serializer,
+  v2Serializer,
+  validateChain,
+  validateClientIdOwnership,
+  validateFeatureSet,
+  verifyChange,
+  verifyChangeHash,
+  verifyClientIdAttestation,
+  verifyClientIdAttestationV1,
+  verifyClientIdAttestationV2,
+  verifyIntegrity,
+  verifyPersistedDocState,
+  verifySingleChange,
+  verifyYjsEnvelope,
+  verifyYjsEnvelopeQuick,
+  verifyYjsEnvelopeV1,
+  verifyYjsEnvelopeV2,
+  verifyYjsStateIntegrity
+};