backpack-viewer 0.7.14 → 0.7.15

package/dist/extensions/share/src/index.js

@@ -1,25 +1,25 @@
-const L = "https://app.backpackontology.com";
-let f = L, T = `${f}/.well-known/oauth-authorization-server`;
-const P = new Uint8Array([66, 80, 65, 75]), R = 1;
+const R = "https://app.backpackontology.com";
+let g = R, L = `${g}/.well-known/oauth-authorization-server`;
+const $ = new Uint8Array([66, 80, 65, 75]), I = 1;
 let m = null;
-async function M(t) {
+async function q(t) {
   const e = await t.settings.get("relay_url");
-  e && (f = e, T = `${f}/.well-known/oauth-authorization-server`), t.registerTaskbarIcon({
+  e && (g = e, L = `${g}/.well-known/oauth-authorization-server`), t.registerTaskbarIcon({
     label: "Share",
     iconText: "↗",
     position: "bottom-center",
-    onClick: () => $(t)
+    onClick: () => B(t)
   });
 }
-function $(t) {
+function B(t) {
   if (m && m.isVisible()) {
     m.setVisible(!1);
     return;
   }
   const e = t.getGraphName();
   if (!e) return;
-  const a = document.createElement("div");
-  a.className = "share-panel-body", m ? (m.element.replaceChildren(), m.element.appendChild(a), m.setTitle(`Share "${e}"`), m.setVisible(!0), m.bringToFront()) : (a.textContent = "Loading...", m = t.mountPanel(a, {
+  const s = document.createElement("div");
+  s.className = "share-panel-body", m ? (m.element.replaceChildren(), m.element.appendChild(s), m.setTitle(`Share "${e}"`), m.setVisible(!0), m.bringToFront()) : (s.textContent = "Loading...", m = t.mountPanel(s, {
     title: `Share "${e}"`,
     defaultPosition: { left: Math.max(100, (window.innerWidth - 380) / 2), top: Math.max(80, (window.innerHeight - 400) / 2) },
     persistKey: "share-v2",
@@ -27,122 +27,122 @@ function $(t) {
     onClose: () => {
       m = null;
     }
-  })), C(t, a);
+  })), C(t, s);
 }
 async function C(t, e) {
-  const a = await t.settings.get("relay_token");
-  e.replaceChildren(), a ? D(t, e, a) : I(t, e);
+  const s = await t.settings.get("relay_token");
+  e.replaceChildren(), s ? V(t, e, s) : O(t, e);
 }
-function I(t, e) {
-  const a = document.createElement("div");
-  a.className = "share-upsell";
+function O(t, e) {
+  const s = document.createElement("div");
+  s.className = "share-upsell";
   const n = document.createElement("h4");
-  n.textContent = "Share this graph with anyone", a.appendChild(n);
-  const s = document.createElement("p");
-  s.textContent = "Encrypt your graph and get a shareable link. Recipients open it in their browser — no install needed.", a.appendChild(s);
+  n.textContent = "Share this graph with anyone", s.appendChild(n);
+  const r = document.createElement("p");
+  r.textContent = "Encrypt your graph and get a shareable link. Recipients open it in their browser — no install needed.", s.appendChild(r);
   const o = document.createElement("button");
-  o.className = "share-cta-btn", o.textContent = "Sign in to share", o.addEventListener("click", () => Y(t, e)), a.appendChild(o);
-  const r = document.createElement("button");
-  r.className = "share-token-link", r.textContent = "Or paste an API token", r.addEventListener("click", () => B(t, e)), a.appendChild(r);
+  o.className = "share-cta-btn", o.textContent = "Sign in to share", o.addEventListener("click", () => G(t, e)), s.appendChild(o);
+  const a = document.createElement("button");
+  a.className = "share-token-link", a.textContent = "Or paste an API token", a.addEventListener("click", () => D(t, e)), s.appendChild(a);
   const c = document.createElement("p");
-  c.className = "share-trust", c.textContent = "Free account. Your graph is encrypted before upload — we can’t read it.", a.appendChild(c), e.replaceChildren(a);
+  c.className = "share-trust", c.textContent = "Free account. Your graph is encrypted before upload — we can’t read it.", s.appendChild(c), e.replaceChildren(s);
 }
-function B(t, e) {
-  const a = document.createElement("div");
-  a.className = "share-token-input";
+function D(t, e) {
+  const s = document.createElement("div");
+  s.className = "share-token-input";
   const n = document.createElement("p");
-  n.textContent = "Paste your API token from your account settings:", a.appendChild(n);
-  const s = document.createElement("input");
-  s.type = "password", s.placeholder = "Token", s.className = "share-input", a.appendChild(s);
+  n.textContent = "Paste your API token from your account settings:", s.appendChild(n);
+  const r = document.createElement("input");
+  r.type = "password", r.placeholder = "Token", r.className = "share-input", s.appendChild(r);
   const o = document.createElement("div");
   o.className = "share-btn-row";
-  const r = document.createElement("button");
-  r.className = "share-btn-primary", r.textContent = "Save", r.addEventListener("click", async () => {
-    const i = s.value.trim();
+  const a = document.createElement("button");
+  a.className = "share-btn-primary", a.textContent = "Save", a.addEventListener("click", async () => {
+    const i = r.value.trim();
     i && (await t.settings.set("relay_token", i), C(t, e));
-  }), o.appendChild(r);
+  }), o.appendChild(a);
   const c = document.createElement("button");
-  c.className = "share-btn-secondary", c.textContent = "Back", c.addEventListener("click", () => C(t, e)), o.appendChild(c), a.appendChild(o), e.replaceChildren(a);
+  c.className = "share-btn-secondary", c.textContent = "Back", c.addEventListener("click", () => C(t, e)), o.appendChild(c), s.appendChild(o), e.replaceChildren(s);
 }
-async function O(t) {
+async function F(t) {
   try {
-    const e = await fetch(`${f}/api/graphs`, {
+    const e = await fetch(`${g}/api/graphs`, {
       headers: { Authorization: `Bearer ${t}` }
     });
     if (e.status === 401) return { graphs: [], error: "unauthorized" };
     if (!e.ok) return { graphs: [], error: `status ${e.status}` };
-    const a = await e.json();
-    return { graphs: Array.isArray(a) ? a : [] };
+    const s = await e.json();
+    return { graphs: Array.isArray(s) ? s : [] };
   } catch (e) {
     return { graphs: [], error: e.message };
   }
 }
-async function D(t, e, a) {
-  const n = t.getGraphName(), s = document.createElement("div");
-  s.className = "share-loading", s.textContent = "Checking account…", e.replaceChildren(s);
-  const o = await O(a);
+async function V(t, e, s) {
+  const n = t.getGraphName(), r = document.createElement("div");
+  r.className = "share-loading", r.textContent = "Checking account…", e.replaceChildren(r);
+  const o = await F(s);
   if (o.error === "unauthorized") {
     await t.settings.remove("relay_token"), C(t, e);
     return;
   }
   e.replaceChildren();
-  const r = o.graphs.find((c) => c.name === n);
-  r ? F(t, e, a, r) : V(t, e, a);
+  const a = o.graphs.find((c) => c.name === n);
+  a ? z(t, e, s, a) : Y(t, e, s);
 }
-function F(t, e, a, n) {
-  const s = document.createElement("div");
-  s.className = "share-synced";
+function z(t, e, s, n) {
+  const r = document.createElement("div");
+  r.className = "share-synced";
   const o = document.createElement("h4");
-  if (o.textContent = "Synced to your account", s.appendChild(o), n.syncedAt) {
+  if (o.textContent = "Synced to your account", r.appendChild(o), n.syncedAt) {
     const d = document.createElement("p");
-    d.className = "share-note", d.textContent = `Last synced: ${new Date(n.syncedAt).toLocaleString()}`, s.appendChild(d);
+    d.className = "share-note", d.textContent = `Last synced: ${new Date(n.syncedAt).toLocaleString()}`, r.appendChild(d);
   }
-  const r = document.createElement("p");
-  r.className = "share-note", r.textContent = n.encrypted ? "Encrypted — server cannot read your data." : "Public — stored unencrypted.", s.appendChild(r);
+  const a = document.createElement("p");
+  a.className = "share-note", a.textContent = n.encrypted ? "Encrypted — server cannot read your data." : "Public — stored unencrypted.", r.appendChild(a);
   const c = document.createElement("button");
   c.className = "share-cta-btn", c.textContent = "Update & Share", c.addEventListener("click", async () => {
     c.disabled = !0, c.textContent = n.encrypted ? "Encrypting…" : "Syncing…";
     try {
-      await x(t, e, a, n.encrypted);
+      await A(t, e, s, n.encrypted);
     } catch (d) {
-      c.disabled = !1, c.textContent = "Update & Share", S(s), b(s, d.message);
+      c.disabled = !1, c.textContent = "Update & Share", N(r), E(r, d.message);
     }
-  }), s.appendChild(c);
+  }), r.appendChild(c);
   const i = document.createElement("a");
-  i.href = f, i.target = "_blank", i.rel = "noopener", i.className = "share-token-link", i.textContent = "Open dashboard", s.appendChild(i), _(t, e, s);
+  i.href = g, i.target = "_blank", i.rel = "noopener", i.className = "share-token-link", i.textContent = "Open dashboard", r.appendChild(i), x(t, e, r);
 }
-function V(t, e, a) {
+function Y(t, e, s) {
   const n = document.createElement("div");
   n.className = "share-form";
-  const s = document.createElement("p");
-  s.className = "share-description", s.textContent = "Your graph will be encrypted and synced to your Backpack account. You’ll get a shareable link.", n.appendChild(s);
+  const r = document.createElement("p");
+  r.className = "share-description", r.textContent = "Your graph will be encrypted and synced to your Backpack account. You’ll get a shareable link.", n.appendChild(r);
   const o = document.createElement("button");
   o.className = "share-cta-btn", o.textContent = "Sync & Share", o.addEventListener("click", async () => {
     o.disabled = !0, o.textContent = "Encrypting…";
     try {
-      await x(t, e, a, !0);
+      await A(t, e, s, !0);
     } catch (c) {
       o.disabled = !1, o.textContent = "Sync & Share";
       const i = c.message;
       if (i.includes("encrypted") && i.includes("limit")) {
-        z(t, e, a);
+        j(t, e, s);
         return;
       }
-      S(n), b(n, i);
+      N(n), E(n, i);
     }
   }), n.appendChild(o);
-  const r = document.createElement("p");
-  r.className = "share-trust", r.textContent = "Your first encrypted graph is free. Data is encrypted before upload — we can’t read it.", n.appendChild(r), _(t, e, n);
+  const a = document.createElement("p");
+  a.className = "share-trust", a.textContent = "Your first encrypted graph is free. Data is encrypted before upload — we can’t read it.", n.appendChild(a), x(t, e, n);
 }
-function z(t, e, a) {
+function j(t, e, s) {
   const n = document.createElement("div");
   n.className = "share-quota";
-  const s = document.createElement("h4");
-  s.textContent = "Encrypted limit reached", n.appendChild(s);
+  const r = document.createElement("h4");
+  r.textContent = "Encrypted limit reached", n.appendChild(r);
   const o = document.createElement("p");
   o.className = "share-description", o.textContent = "Your free account includes one encrypted graph, which is already in use.", n.appendChild(o);
-  const r = document.createElement("a");
-  r.href = `${f}/settings`, r.target = "_blank", r.rel = "noopener", r.className = "share-cta-btn share-btn-link", r.textContent = "Upgrade for unlimited encryption", n.appendChild(r);
+  const a = document.createElement("a");
+  a.href = `${g}/settings`, a.target = "_blank", a.rel = "noopener", a.className = "share-cta-btn share-btn-link", a.textContent = "Upgrade for unlimited encryption", n.appendChild(a);
   const c = document.createElement("div");
   c.className = "share-divider", n.appendChild(c);
   const i = document.createElement("p");
@@ -161,70 +161,73 @@ function z(t, e, a) {
   }), h.addEventListener("click", async () => {
     h.disabled = !0, h.textContent = "Syncing…";
     try {
-      await x(t, e, a, !1, "public");
-    } catch (w) {
-      h.disabled = !1, h.textContent = "Share as public graph", S(n), b(n, w.message);
+      await A(t, e, s, !1, "public");
+    } catch (f) {
+      h.disabled = !1, h.textContent = "Share as public graph", N(n), E(n, f.message);
     }
-  }), n.appendChild(h), _(t, e, n);
+  }), n.appendChild(h), x(t, e, n);
 }
-function _(t, e, a) {
+function x(t, e, s) {
   const n = document.createElement("div");
   n.className = "share-footer";
-  const s = document.createElement("button");
-  s.className = "share-token-link", s.textContent = "Sign out", s.addEventListener("click", async () => {
+  const r = document.createElement("button");
+  r.className = "share-token-link", r.textContent = "Sign out", r.addEventListener("click", async () => {
     await t.settings.remove("relay_token"), C(t, e);
-  }), n.appendChild(s), a.appendChild(n), e.replaceChildren(a);
+  }), n.appendChild(r), s.appendChild(n), e.replaceChildren(s);
 }
-function S(t) {
+function N(t) {
   for (const e of t.querySelectorAll(".share-error")) e.remove();
 }
-function b(t, e) {
-  const a = document.createElement("p");
-  a.className = "share-error", a.textContent = e, t.appendChild(a);
+function E(t, e) {
+  const s = document.createElement("p");
+  s.className = "share-error", s.textContent = e, t.appendChild(s);
 }
-async function Y(t, e) {
+async function G(t, e) {
   try {
-    const n = await (await fetch(T)).json(), o = await (await fetch(n.registration_endpoint, { method: "POST" })).json(), r = K(), c = await H(r), i = window.location.origin + "/oauth/callback", d = crypto.randomUUID(), l = new URL(n.authorization_endpoint);
-    l.searchParams.set("client_id", o.client_id), l.searchParams.set("redirect_uri", i), l.searchParams.set("response_type", "code"), l.searchParams.set("code_challenge", c), l.searchParams.set("code_challenge_method", "S256"), l.searchParams.set("state", d), l.searchParams.has("scope") || l.searchParams.set("scope", "openid email profile offline_access"), sessionStorage.setItem("share_oauth_state", d), sessionStorage.setItem("share_oauth_token_endpoint", n.token_endpoint), sessionStorage.setItem("share_oauth_client_id", o.client_id), sessionStorage.setItem("share_oauth_code_verifier", r), sessionStorage.setItem("share_oauth_redirect_uri", i);
+    const n = await (await fetch(L)).json(), o = await (await fetch(n.registration_endpoint, { method: "POST" })).json(), a = M(), c = await J(a), i = window.location.origin + "/oauth/callback", d = crypto.randomUUID(), l = new URL(n.authorization_endpoint);
+    l.searchParams.set("client_id", o.client_id), l.searchParams.set("redirect_uri", i), l.searchParams.set("response_type", "code"), l.searchParams.set("code_challenge", c), l.searchParams.set("code_challenge_method", "S256"), l.searchParams.set("state", d), l.searchParams.has("scope") || l.searchParams.set("scope", "openid email profile offline_access"), sessionStorage.setItem("share_oauth_state", d), sessionStorage.setItem("share_oauth_token_endpoint", n.token_endpoint), sessionStorage.setItem("share_oauth_client_id", o.client_id), sessionStorage.setItem("share_oauth_code_verifier", a), sessionStorage.setItem("share_oauth_redirect_uri", i);
     const u = window.open(l.toString(), "backpack-share-auth", "width=500,height=700"), p = async (h) => {
-      var k;
-      if (((k = h.data) == null ? void 0 : k.type) !== "backpack-oauth-callback") return;
+      var w;
+      if (((w = h.data) == null ? void 0 : w.type) !== "backpack-oauth-callback") return;
       window.removeEventListener("message", p);
-      const { code: w, returnedState: E } = h.data;
-      if (E === d) {
-        G();
+      const { code: f, returnedState: _ } = h.data;
+      if (_ === d) {
+        H();
         try {
-          const g = await (await fetch(n.token_endpoint, {
+          const y = await (await fetch(n.token_endpoint, {
             method: "POST",
             headers: { "Content-Type": "application/x-www-form-urlencoded" },
-            body: new URLSearchParams({ grant_type: "authorization_code", code: w, redirect_uri: i, client_id: o.client_id, code_verifier: r }).toString()
+            body: new URLSearchParams({ grant_type: "authorization_code", code: f, redirect_uri: i, client_id: o.client_id, code_verifier: a }).toString()
           })).json();
-          if (!g.access_token) {
-            b(e, "Token exchange failed: no access token returned.");
+          if (!y.access_token) {
+            E(e, "Token exchange failed: no access token returned.");
             return;
           }
-          await t.settings.set("relay_token", g.access_token), C(t, e);
-        } catch (y) {
-          b(e, `Token exchange failed: ${y.message}`);
+          await t.settings.set("relay_token", y.access_token), C(t, e);
+        } catch (S) {
+          E(e, `Token exchange failed: ${S.message}`);
         }
       }
     };
     window.addEventListener("message", p), (!u || u.closed) && (window.location.href = l.toString());
-  } catch (a) {
-    b(e, `Auth failed: ${a.message}`);
+  } catch (s) {
+    E(e, `Auth failed: ${s.message}`);
   }
 }
-async function x(t, e, a, n, s = "private") {
-  const o = t.getGraph(), r = t.getGraphName();
-  if (!o || !r) throw new Error("No graph loaded");
+async function A(t, e, s, n, r = "private") {
+  const o = t.getGraph(), a = t.getGraphName();
+  if (!o || !a) throw new Error("No graph loaded");
   const c = new TextEncoder().encode(JSON.stringify(o));
   let i, d, l = "";
   if (n) {
-    const y = await import("../index-B8_hkT8R.js"), g = await y.generateX25519Identity(), U = await y.identityToRecipient(g), N = new y.Encrypter();
-    N.addRecipient(U), i = await N.encrypt(c), d = "age-v1", l = btoa(g).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    const y = await import("../index-B8_hkT8R.js"), b = await t.settings.get("keys") || {};
+    let k = b[a];
+    k || (k = await y.generateX25519Identity(), b[a] = k, await t.settings.set("keys", b));
+    const P = await y.identityToRecipient(k), v = new y.Encrypter();
+    v.addRecipient(P), i = await v.encrypt(c), d = "age-v1", l = btoa(k).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
   } else
     i = c, d = "plaintext";
-  const u = await j(r, i, d, o), p = `${f}/api/graphs/${encodeURIComponent(r)}/sync${s === "public" ? "?visibility=public" : ""}`, h = await v(a, p, {
+  const u = await K(a, i, d, o), p = `${g}/api/graphs/${encodeURIComponent(a)}/sync${r === "public" ? "?visibility=public" : ""}`, h = await T(s, p, {
     method: "PUT",
     headers: { "Content-Type": "application/octet-stream" },
     body: u
@@ -234,35 +237,37 @@ async function x(t, e, a, n, s = "private") {
       throw await t.settings.remove("relay_token"), C(t, e), new Error("Session expired. Please sign in again.");
     let y = `Sync failed (${h.status})`;
     try {
-      const g = await h.json();
-      g.error && (y = g.error);
+      const b = await h.json();
+      b.error && (y = b.error);
     } catch {
     }
     throw new Error(y);
   }
-  const w = await v(a, `${f}/api/graphs/${encodeURIComponent(r)}/share`, {
+  const f = await t.settings.get("synced") || {};
+  f[a] || (f[a] = !0, await t.settings.set("synced", f));
+  const _ = await T(s, `${g}/api/graphs/${encodeURIComponent(a)}/share`, {
     method: "POST"
   });
-  if (!w.ok) {
-    A(e, null, n, void 0);
+  if (!_.ok) {
+    U(e, null, n, void 0);
     return;
   }
-  const E = await w.json(), k = l ? `${E.url}#k=${l}` : E.url;
-  A(e, k, n, E.expires_at);
+  const w = await _.json(), S = l ? `${w.url}#k=${l}` : w.url;
+  U(e, S, n, w.expires_at);
 }
-async function v(t, e, a = {}) {
-  const n = new Headers(a.headers);
-  return n.set("Authorization", `Bearer ${t}`), fetch(e, { ...a, headers: n });
+async function T(t, e, s = {}) {
+  const n = new Headers(s.headers);
+  return n.set("Authorization", `Bearer ${t}`), fetch(e, { ...s, headers: n });
 }
-async function j(t, e, a, n) {
-  const s = new Uint8Array(e).buffer, o = await crypto.subtle.digest("SHA-256", s), r = "sha256:" + Array.from(new Uint8Array(o)).map((h) => h.toString(16).padStart(2, "0")).join(""), c = /* @__PURE__ */ new Set();
+async function K(t, e, s, n) {
+  const r = new Uint8Array(e).buffer, o = await crypto.subtle.digest("SHA-256", r), a = "sha256:" + Array.from(new Uint8Array(o)).map((h) => h.toString(16).padStart(2, "0")).join(""), c = /* @__PURE__ */ new Set();
   for (const h of n.nodes) c.add(h.type);
   const i = JSON.stringify({
-    format: a,
+    format: s,
     created_at: (/* @__PURE__ */ new Date()).toISOString(),
     backpack_name: t,
     graph_count: 1,
-    checksum: r,
+    checksum: a,
     node_count: n.nodes.length,
     edge_count: n.edges.length,
     node_types: Array.from(c)
@@ -270,17 +275,17 @@ async function j(t, e, a, n) {
   new DataView(l).setUint32(0, d.length, !1);
   const u = new Uint8Array(9 + d.length + e.length);
   let p = 0;
-  return u.set(P, p), p += 4, u[p] = R, p += 1, u.set(new Uint8Array(l), p), p += 4, u.set(d, p), p += d.length, u.set(e, p), u;
+  return u.set($, p), p += 4, u[p] = I, p += 1, u.set(new Uint8Array(l), p), p += 4, u.set(d, p), p += d.length, u.set(e, p), u;
 }
-function A(t, e, a, n) {
-  const s = document.createElement("div");
-  s.className = "share-success";
+function U(t, e, s, n) {
+  const r = document.createElement("div");
+  r.className = "share-success";
   const o = document.createElement("h4");
-  if (o.textContent = e ? "Synced & shared!" : "Synced!", s.appendChild(o), e) {
-    const r = document.createElement("div");
-    r.className = "share-link-row";
+  if (o.textContent = e ? "Synced & shared!" : "Synced!", r.appendChild(o), e) {
+    const a = document.createElement("div");
+    a.className = "share-link-row";
     const c = document.createElement("input");
-    c.type = "text", c.readOnly = !0, c.value = e, c.className = "share-link-input", r.appendChild(c);
+    c.type = "text", c.readOnly = !0, c.value = e, c.className = "share-link-input", a.appendChild(c);
     const i = document.createElement("button");
     i.className = "share-btn-primary", i.textContent = "Copy", i.addEventListener("click", () => {
       navigator.clipboard.writeText(e).then(() => {
@@ -292,32 +297,32 @@ function A(t, e, a, n) {
           i.textContent = "Copy";
         }, 2e3);
       });
-    }), r.appendChild(i), s.appendChild(r);
+    }), a.appendChild(i), r.appendChild(a);
   }
-  if (a) {
-    const r = document.createElement("p");
-    r.className = "share-note", r.textContent = "The decryption key is embedded in the link. Share the complete link — if the #k= part is removed, recipients won’t be able to decrypt. The server cannot read your data.", s.appendChild(r);
+  if (s) {
+    const a = document.createElement("p");
+    a.className = "share-note", a.textContent = "The decryption key is embedded in the link. Share the complete link — if the #k= part is removed, recipients won’t be able to decrypt. The server cannot read your data.", r.appendChild(a);
   } else {
-    const r = document.createElement("p");
-    r.className = "share-note", r.textContent = "This graph is stored unencrypted. Anyone with the link can view it.", s.appendChild(r);
+    const a = document.createElement("p");
+    a.className = "share-note", a.textContent = "This graph is stored unencrypted. Anyone with the link can view it.", r.appendChild(a);
   }
   if (n) {
-    const r = document.createElement("p");
-    r.className = "share-note", r.textContent = `Expires: ${new Date(n).toLocaleDateString()}`, s.appendChild(r);
+    const a = document.createElement("p");
+    a.className = "share-note", a.textContent = `Expires: ${new Date(n).toLocaleDateString()}`, r.appendChild(a);
   }
-  t.replaceChildren(s);
+  t.replaceChildren(r);
 }
-function G() {
+function H() {
   sessionStorage.removeItem("share_oauth_state"), sessionStorage.removeItem("share_oauth_token_endpoint"), sessionStorage.removeItem("share_oauth_client_id"), sessionStorage.removeItem("share_oauth_code_verifier"), sessionStorage.removeItem("share_oauth_redirect_uri");
 }
-function K() {
+function M() {
   const t = new Uint8Array(32);
   return crypto.getRandomValues(t), btoa(String.fromCharCode(...t)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function H(t) {
-  const e = new TextEncoder().encode(t), a = new Uint8Array(e).buffer, n = await crypto.subtle.digest("SHA-256", a);
+async function J(t) {
+  const e = new TextEncoder().encode(t), s = new Uint8Array(e).buffer, n = await crypto.subtle.digest("SHA-256", s);
   return btoa(String.fromCharCode(...new Uint8Array(n))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
 export {
-  M as activate
+  q as activate
 };

package/dist/server-api-routes.js

@@ -1,4 +1,5 @@
 import { listBackpacks, getActiveBackpack, setActiveBackpack, registerBackpack, unregisterBackpack, } from "backpack-ontology";
+import { readExtensionSettings } from "./server-extensions.js";
 // --- Small HTTP helpers (used only inside this module) ---
 function readBody(req) {
     return new Promise((resolve, reject) => {
@@ -375,6 +376,24 @@ export async function handleApiRequest(req, res, ctx) {
             }
             return true;
         }
+        // --- /api/sync-status ---
+        if (url === "/api/sync-status" && method === "GET") {
+            try {
+                const settings = await readExtensionSettings("share");
+                const syncedMap = settings.synced;
+                const synced = [];
+                if (syncedMap && typeof syncedMap === "object" && !Array.isArray(syncedMap)) {
+                    for (const name of Object.keys(syncedMap)) {
+                        synced.push(name);
+                    }
+                }
+                sendJson(res, 200, { synced });
+            }
+            catch {
+                sendJson(res, 200, { synced: [] });
+            }
+            return true;
+        }
         // --- /api/ontologies/* ---
         if (url === "/api/ontologies" && method === "GET") {
             try {

package/dist/sidebar.js

@@ -254,6 +254,10 @@ export function initSidebar(container, onSelectOrCallbacks) {
             const lockBatchPromise = fetch("/api/locks")
                 .then((r) => r.json())
                 .catch(() => ({}));
+            const syncStatusPromise = fetch("/api/sync-status")
+                .then((r) => r.json())
+                .then((d) => new Set(d.synced))
+                .catch(() => new Set());
             items = summaries.map((s) => {
                 const li = document.createElement("li");
                 li.className = "ontology-item";
@@ -273,8 +277,6 @@ export function initSidebar(container, onSelectOrCallbacks) {
                 lockBadge.className = "sidebar-lock-badge";
                 lockBadge.dataset.graph = s.name;
                 lockBatchPromise.then((locks) => {
-                    // Bail if this badge has been detached from the DOM (sidebar
-                    // re-rendered before the batch resolved)
                     if (!lockBadge.isConnected)
                         return;
                     const lock = locks[s.name];
@@ -284,9 +286,23 @@ export function initSidebar(container, onSelectOrCallbacks) {
                         lockBadge.classList.add("active");
                     }
                 });
+                // Sync badge — shows a cloud icon for graphs that have been synced
+                const syncBadge = document.createElement("span");
+                syncBadge.className = "sidebar-sync-badge";
+                syncBadge.dataset.graph = s.name;
+                syncStatusPromise.then((syncedSet) => {
+                    if (!syncBadge.isConnected)
+                        return;
+                    if (syncedSet.has(s.name)) {
+                        syncBadge.textContent = "synced";
+                        syncBadge.title = "This graph has been synced";
+                        syncBadge.classList.add("active");
+                    }
+                });
                 li.appendChild(nameSpan);
                 li.appendChild(statsSpan);
                 li.appendChild(lockBadge);
+                li.appendChild(syncBadge);
                 li.appendChild(branchSpan);
                 if (cbs.onRename) {
                     const editBtn = document.createElement("button");

package/dist/style.css

@@ -506,6 +506,22 @@ body {
   color: #c08c00;
 }
 
+.sidebar-sync-badge {
+  font-size: 10px;
+  color: #5a9fd4;
+  display: none;
+  margin-top: 2px;
+}
+
+.sidebar-sync-badge.active {
+  display: block;
+}
+
+.sidebar-sync-badge.active::before {
+  content: "☁ ";
+  color: #5a9fd4;
+}
+
 .branch-picker {
   background: var(--bg-surface);
   border: 1px solid var(--border);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backpack-viewer",
-  "version": "0.7.14",
+  "version": "0.7.15",
   "description": "Web-based graph visualizer for backpack-ontology — Canvas 2D, force-directed layout, live reload",
   "license": "Apache-2.0",
   "author": "Noah Irzinger",