npm - create-fluxstack - Versions diffs - 1.0.13 → 1.0.14 - Mend

create-fluxstack 1.0.13 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/.env.example +29 -29
package/app/client/README.md +69 -69
package/app/client/index.html +14 -13
package/app/client/src/App.tsx +157 -524
package/app/client/src/components/ErrorBoundary.tsx +107 -0
package/app/client/src/components/ErrorDisplay.css +365 -0
package/app/client/src/components/ErrorDisplay.tsx +258 -0
package/app/client/src/components/FluxStackConfig.tsx +1321 -0
package/app/client/src/components/HybridLiveCounter.tsx +140 -0
package/app/client/src/components/LiveClock.tsx +286 -0
package/app/client/src/components/MainLayout.tsx +390 -0
package/app/client/src/components/SidebarNavigation.tsx +391 -0
package/app/client/src/components/StateDemo.tsx +178 -0
package/app/client/src/components/SystemMonitor.tsx +1038 -0
package/app/client/src/components/Teste.tsx +104 -0
package/app/client/src/components/UserProfile.tsx +809 -0
package/app/client/src/hooks/useAuth.ts +39 -0
package/app/client/src/hooks/useNotifications.ts +56 -0
package/app/client/src/lib/eden-api.ts +189 -53
package/app/client/src/lib/errors.ts +340 -0
package/app/client/src/lib/hooks/useErrorHandler.ts +258 -0
package/app/client/src/lib/index.ts +45 -0
package/app/client/src/main.tsx +3 -2
package/app/client/src/pages/ApiDocs.tsx +182 -0
package/app/client/src/pages/Demo.tsx +174 -0
package/app/client/src/pages/HybridLive.tsx +263 -0
package/app/client/src/pages/Overview.tsx +155 -0
package/app/client/src/store/README.md +43 -0
package/app/client/src/store/index.ts +16 -0
package/app/client/src/store/slices/uiSlice.ts +151 -0
package/app/client/src/store/slices/userSlice.ts +161 -0
package/app/client/src/test/README.md +257 -0
package/app/client/src/test/setup.ts +70 -0
package/app/client/src/test/types.ts +12 -0
package/app/client/src/vite-env.d.ts +1 -1
package/app/client/tsconfig.app.json +44 -43
package/app/client/tsconfig.json +7 -7
package/app/client/tsconfig.node.json +25 -25
package/app/client/zustand-setup.md +65 -0
package/app/server/controllers/users.controller.ts +68 -68
package/app/server/index.ts +9 -1
package/app/server/live/CounterComponent.ts +191 -0
package/app/server/live/FluxStackConfig.ts +529 -0
package/app/server/live/LiveClockComponent.ts +214 -0
package/app/server/live/SidebarNavigation.ts +156 -0
package/app/server/live/SystemMonitor.ts +594 -0
package/app/server/live/SystemMonitorIntegration.ts +151 -0
package/app/server/live/TesteComponent.ts +87 -0
package/app/server/live/UserProfileComponent.ts +135 -0
package/app/server/live/register-components.ts +28 -0
package/app/server/middleware/auth.ts +136 -0
package/app/server/middleware/errorHandling.ts +250 -0
package/app/server/middleware/index.ts +10 -0
package/app/server/middleware/rateLimit.ts +193 -0
package/app/server/middleware/requestLogging.ts +215 -0
package/app/server/middleware/validation.ts +270 -0
package/app/server/routes/index.ts +14 -2
package/app/server/routes/upload.ts +92 -0
package/app/server/routes/users.routes.ts +2 -9
package/app/server/services/NotificationService.ts +302 -0
package/app/server/services/UserService.ts +222 -0
package/app/server/services/index.ts +46 -0
package/core/cli/commands/plugin-deps.ts +263 -0
package/core/cli/generators/README.md +339 -0
package/core/cli/generators/component.ts +770 -0
package/core/cli/generators/controller.ts +299 -0
package/core/cli/generators/index.ts +144 -0
package/core/cli/generators/interactive.ts +228 -0
package/core/cli/generators/prompts.ts +83 -0
package/core/cli/generators/route.ts +513 -0
package/core/cli/generators/service.ts +465 -0
package/core/cli/generators/template-engine.ts +154 -0
package/core/cli/generators/types.ts +71 -0
package/core/cli/generators/utils.ts +192 -0
package/core/cli/index.ts +69 -0
package/core/cli/plugin-discovery.ts +16 -85
package/core/client/fluxstack.ts +17 -0
package/core/client/hooks/index.ts +7 -0
package/core/client/hooks/state-validator.ts +130 -0
package/core/client/hooks/useAuth.ts +49 -0
package/core/client/hooks/useChunkedUpload.ts +258 -0
package/core/client/hooks/useHybridLiveComponent.ts +967 -0
package/core/client/hooks/useWebSocket.ts +373 -0
package/core/client/index.ts +47 -0
package/core/client/state/createStore.ts +193 -0
package/core/client/state/index.ts +15 -0
package/core/config/env-dynamic.ts +1 -1
package/core/config/env.ts +2 -1
package/core/config/runtime-config.ts +3 -3
package/core/config/schema.ts +84 -49
package/core/framework/server.ts +30 -0
package/core/index.ts +25 -0
package/core/live/ComponentRegistry.ts +399 -0
package/core/live/types.ts +164 -0
package/core/plugins/built-in/live-components/commands/create-live-component.ts +1201 -0
package/core/plugins/built-in/live-components/index.ts +27 -0
package/core/plugins/built-in/logger/index.ts +1 -1
package/core/plugins/built-in/monitoring/index.ts +1 -1
package/core/plugins/built-in/static/index.ts +1 -1
package/core/plugins/built-in/swagger/index.ts +1 -1
package/core/plugins/built-in/vite/index.ts +1 -1
package/core/plugins/dependency-manager.ts +384 -0
package/core/plugins/index.ts +5 -1
package/core/plugins/manager.ts +7 -3
package/core/plugins/registry.ts +88 -10
package/core/plugins/types.ts +11 -11
package/core/server/framework.ts +43 -0
package/core/server/index.ts +11 -1
package/core/server/live/ComponentRegistry.ts +1017 -0
package/core/server/live/FileUploadManager.ts +272 -0
package/core/server/live/LiveComponentPerformanceMonitor.ts +930 -0
package/core/server/live/SingleConnectionManager.ts +0 -0
package/core/server/live/StateSignature.ts +644 -0
package/core/server/live/WebSocketConnectionManager.ts +688 -0
package/core/server/live/websocket-plugin.ts +435 -0
package/core/server/middleware/errorHandling.ts +141 -0
package/core/server/middleware/index.ts +16 -0
package/core/server/plugins/static-files-plugin.ts +232 -0
package/core/server/services/BaseService.ts +95 -0
package/core/server/services/ServiceContainer.ts +144 -0
package/core/server/services/index.ts +9 -0
package/core/templates/create-project.ts +46 -2
package/core/testing/index.ts +10 -0
package/core/testing/setup.ts +74 -0
package/core/types/build.ts +38 -14
package/core/types/types.ts +319 -0
package/core/utils/env-runtime.ts +7 -0
package/core/utils/errors/handlers.ts +264 -39
package/core/utils/errors/index.ts +528 -18
package/core/utils/errors/middleware.ts +114 -0
package/core/utils/logger/formatters.ts +222 -0
package/core/utils/logger/index.ts +167 -48
package/core/utils/logger/middleware.ts +253 -0
package/core/utils/logger/performance.ts +384 -0
package/core/utils/logger/transports.ts +365 -0
package/create-fluxstack.ts +296 -296
package/fluxstack.config.ts +17 -1
package/package-template.json +66 -66
package/package.json +31 -6
package/public/README.md +16 -0
package/vite.config.ts +29 -14
package/.claude/settings.local.json +0 -74
package/.github/workflows/ci-build-tests.yml +0 -480
package/.github/workflows/dependency-management.yml +0 -324
package/.github/workflows/release-validation.yml +0 -355
package/.kiro/specs/fluxstack-architecture-optimization/design.md +0 -700
package/.kiro/specs/fluxstack-architecture-optimization/requirements.md +0 -127
package/.kiro/specs/fluxstack-architecture-optimization/tasks.md +0 -330
package/CLAUDE.md +0 -200
package/Dockerfile +0 -58
package/Dockerfile.backend +0 -52
package/Dockerfile.frontend +0 -54
package/README-Docker.md +0 -85
package/ai-context/00-QUICK-START.md +0 -86
package/ai-context/README.md +0 -88
package/ai-context/development/eden-treaty-guide.md +0 -362
package/ai-context/development/patterns.md +0 -382
package/ai-context/development/plugins-guide.md +0 -572
package/ai-context/examples/crud-complete.md +0 -626
package/ai-context/project/architecture.md +0 -399
package/ai-context/project/overview.md +0 -213
package/ai-context/recent-changes/eden-treaty-refactor.md +0 -281
package/ai-context/recent-changes/type-inference-fix.md +0 -223
package/ai-context/reference/environment-vars.md +0 -384
package/ai-context/reference/troubleshooting.md +0 -407
package/app/client/src/components/TestPage.tsx +0 -453
package/bun.lock +0 -1063
package/bunfig.toml +0 -16
package/core/__tests__/integration.test.ts +0 -227
package/core/build/index.ts +0 -186
package/core/config/__tests__/config-loader.test.ts +0 -554
package/core/config/__tests__/config-merger.test.ts +0 -657
package/core/config/__tests__/env-converter.test.ts +0 -372
package/core/config/__tests__/env-processor.test.ts +0 -431
package/core/config/__tests__/env.test.ts +0 -452
package/core/config/__tests__/integration.test.ts +0 -418
package/core/config/__tests__/loader.test.ts +0 -331
package/core/config/__tests__/schema.test.ts +0 -129
package/core/config/__tests__/validator.test.ts +0 -318
package/core/framework/__tests__/server.test.ts +0 -233
package/core/plugins/__tests__/built-in.test.ts.disabled +0 -366
package/core/plugins/__tests__/manager.test.ts +0 -398
package/core/plugins/__tests__/monitoring.test.ts +0 -401
package/core/plugins/__tests__/registry.test.ts +0 -335
package/core/utils/__tests__/errors.test.ts +0 -139
package/core/utils/__tests__/helpers.test.ts +0 -297
package/core/utils/__tests__/logger.test.ts +0 -141
package/create-test-app.ts +0 -156
package/docker-compose.microservices.yml +0 -75
package/docker-compose.simple.yml +0 -57
package/docker-compose.yml +0 -71
package/eslint.config.js +0 -23
package/flux-cli.ts +0 -214
package/nginx-lb.conf +0 -37
package/publish.sh +0 -63
package/run-clean.ts +0 -26
package/run-env-tests.ts +0 -313
package/tailwind.config.js +0 -34
package/tests/__mocks__/api.ts +0 -56
package/tests/fixtures/users.ts +0 -69
package/tests/integration/api/users.routes.test.ts +0 -221
package/tests/setup.ts +0 -29
package/tests/unit/app/client/App-simple.test.tsx +0 -56
package/tests/unit/app/client/App.test.tsx.skip +0 -237
package/tests/unit/app/client/eden-api.test.ts +0 -186
package/tests/unit/app/client/simple.test.tsx +0 -23
package/tests/unit/app/controllers/users.controller.test.ts +0 -150
package/tests/unit/core/create-project.test.ts.skip +0 -95
package/tests/unit/core/framework.test.ts +0 -144
package/tests/unit/core/plugins/logger.test.ts.skip +0 -268
package/tests/unit/core/plugins/vite.test.ts.disabled +0 -188
package/tests/utils/test-helpers.ts +0 -61
package/vitest.config.ts +0 -50
package/workspace.json +0 -6

package/core/server/live/SingleConnectionManager.ts ADDED Viewed

File without changes

package/core/server/live/StateSignature.ts ADDED Viewed

@@ -0,0 +1,644 @@
+// 🔐 FluxStack Enhanced State Signature System - Advanced cryptographic validation with key rotation and compression
+import { createHmac, randomBytes, createCipheriv, createDecipheriv, scrypt } from 'crypto'
+import { promisify } from 'util'
+import { gzip, gunzip } from 'zlib'
+const scryptAsync = promisify(scrypt)
+const gzipAsync = promisify(gzip)
+const gunzipAsync = promisify(gunzip)
+export interface SignedState<T = any> {
+  data: T
+  signature: string
+  timestamp: number
+  componentId: string
+  version: number
+  keyId?: string // For key rotation
+  compressed?: boolean // For state compression
+  encrypted?: boolean // For sensitive data
+}
+export interface StateValidationResult {
+  valid: boolean
+  error?: string
+  tampered?: boolean
+  expired?: boolean
+  keyRotated?: boolean
+}
+export interface StateBackup<T = any> {
+  componentId: string
+  state: T
+  timestamp: number
+  version: number
+  checksum: string
+}
+export interface KeyRotationConfig {
+  rotationInterval: number // milliseconds
+  maxKeyAge: number // milliseconds
+  keyRetentionCount: number // number of old keys to keep
+}
+export interface CompressionConfig {
+  enabled: boolean
+  threshold: number // bytes - compress if state is larger than this
+  level: number // compression level 1-9
+}
+export class StateSignature {
+  private static instance: StateSignature
+  private currentKey: string
+  private keyHistory: Map<string, { key: string; createdAt: number }> = new Map()
+  private readonly maxAge = 24 * 60 * 60 * 1000 // 24 hours default
+  private keyRotationConfig: KeyRotationConfig
+  private compressionConfig: CompressionConfig
+  private backups = new Map<string, StateBackup[]>() // componentId -> backups
+  private migrationFunctions = new Map<string, (state: any) => any>() // version -> migration function
+  constructor(secretKey?: string, options?: {
+    keyRotation?: Partial<KeyRotationConfig>
+    compression?: Partial<CompressionConfig>
+  }) {
+    this.currentKey = secretKey || this.generateSecretKey()
+    this.keyHistory.set(this.getCurrentKeyId(), {
+      key: this.currentKey,
+      createdAt: Date.now()
+    })
+    this.keyRotationConfig = {
+      rotationInterval: 7 * 24 * 60 * 60 * 1000, // 7 days
+      maxKeyAge: 30 * 24 * 60 * 60 * 1000, // 30 days
+      keyRetentionCount: 5,
+      ...options?.keyRotation
+    }
+    this.compressionConfig = {
+      enabled: true,
+      threshold: 1024, // 1KB
+      level: 6,
+      ...options?.compression
+    }
+    this.setupKeyRotation()
+  }
+  public static getInstance(secretKey?: string, options?: {
+    keyRotation?: Partial<KeyRotationConfig>
+    compression?: Partial<CompressionConfig>
+  }): StateSignature {
+    if (!StateSignature.instance) {
+      StateSignature.instance = new StateSignature(secretKey, options)
+    }
+    return StateSignature.instance
+  }
+  private generateSecretKey(): string {
+    return randomBytes(32).toString('hex')
+  }
+  private getCurrentKeyId(): string {
+    return createHmac('sha256', this.currentKey).update('keyid').digest('hex').substring(0, 8)
+  }
+  private setupKeyRotation(): void {
+    // Rotate keys periodically
+    setInterval(() => {
+      this.rotateKey()
+    }, this.keyRotationConfig.rotationInterval)
+    // Cleanup old keys
+    setInterval(() => {
+      this.cleanupOldKeys()
+    }, 24 * 60 * 60 * 1000) // Daily cleanup
+  }
+  private rotateKey(): void {
+    const oldKeyId = this.getCurrentKeyId()
+    this.currentKey = this.generateSecretKey()
+    const newKeyId = this.getCurrentKeyId()
+    this.keyHistory.set(newKeyId, {
+      key: this.currentKey,
+      createdAt: Date.now()
+    })
+    console.log(`🔄 Key rotated from ${oldKeyId} to ${newKeyId}`)
+  }
+  private cleanupOldKeys(): void {
+    const now = Date.now()
+    const keysToDelete: string[] = []
+    for (const [keyId, keyData] of this.keyHistory) {
+      const keyAge = now - keyData.createdAt
+      if (keyAge > this.keyRotationConfig.maxKeyAge) {
+        keysToDelete.push(keyId)
+      }
+    }
+    // Keep at least the retention count of keys
+    const sortedKeys = Array.from(this.keyHistory.entries())
+      .sort((a, b) => b[1].createdAt - a[1].createdAt)
+    if (sortedKeys.length > this.keyRotationConfig.keyRetentionCount) {
+      const excessKeys = sortedKeys.slice(this.keyRotationConfig.keyRetentionCount)
+      for (const [keyId] of excessKeys) {
+        keysToDelete.push(keyId)
+      }
+    }
+    for (const keyId of keysToDelete) {
+      this.keyHistory.delete(keyId)
+    }
+    if (keysToDelete.length > 0) {
+      console.log(`🧹 Cleaned up ${keysToDelete.length} old keys`)
+    }
+  }
+  private getKeyById(keyId: string): string | null {
+    const keyData = this.keyHistory.get(keyId)
+    return keyData ? keyData.key : null
+  }
+  /**
+   * Sign component state with enhanced security, compression, and encryption
+   */
+  public async signState<T>(
+    componentId: string,
+    data: T,
+    version: number = 1,
+    options?: {
+      compress?: boolean
+      encrypt?: boolean
+      backup?: boolean
+    }
+  ): Promise<SignedState<T>> {
+    const timestamp = Date.now()
+    const keyId = this.getCurrentKeyId()
+    let processedData = data
+    let compressed = false
+    let encrypted = false
+    try {
+      // Serialize data for processing
+      const serializedData = JSON.stringify(data)
+      // Compress if enabled and data is large enough
+      if (this.compressionConfig.enabled &&
+          (options?.compress !== false) &&
+          Buffer.byteLength(serializedData, 'utf8') > this.compressionConfig.threshold) {
+        const compressedBuffer = await gzipAsync(Buffer.from(serializedData, 'utf8'))
+        processedData = compressedBuffer.toString('base64') as any
+        compressed = true
+        console.log(`🗜️ State compressed: ${Buffer.byteLength(serializedData, 'utf8')} -> ${compressedBuffer.length} bytes`)
+      }
+      // Encrypt sensitive data if requested
+      if (options?.encrypt) {
+        const encryptedData = await this.encryptData(processedData)
+        processedData = encryptedData as any
+        encrypted = true
+        console.log('🔒 State encrypted for component:', componentId)
+      }
+      // Create payload for signing
+      const payload = {
+        data: processedData,
+        componentId,
+        timestamp,
+        version,
+        keyId,
+        compressed,
+        encrypted
+      }
+      // Generate signature with current key
+      const signature = this.createSignature(payload)
+      // Create backup if requested
+      if (options?.backup) {
+        await this.createStateBackup(componentId, data, version)
+      }
+      console.log('🔐 State signed:', {
+        componentId,
+        timestamp,
+        version,
+        keyId,
+        compressed,
+        encrypted,
+        signature: signature.substring(0, 16) + '...'
+      })
+      return {
+        data: processedData,
+        signature,
+        timestamp,
+        componentId,
+        version,
+        keyId,
+        compressed,
+        encrypted
+      }
+    } catch (error) {
+      console.error('❌ Failed to sign state:', error)
+      throw new Error(`State signing failed: ${error instanceof Error ? error.message : 'Unknown error'}`)
+    }
+  }
+  /**
+   * Validate signed state integrity with enhanced security checks
+   */
+  public async validateState<T>(signedState: SignedState<T>, maxAge?: number): Promise<StateValidationResult> {
+    const { data, signature, timestamp, componentId, version, keyId, compressed, encrypted } = signedState
+    try {
+      // Check timestamp (prevent replay attacks)
+      const age = Date.now() - timestamp
+      const ageLimit = maxAge || this.maxAge
+      if (age > ageLimit) {
+        return {
+          valid: false,
+          error: 'State signature expired',
+          expired: true
+        }
+      }
+      // Determine which key to use for validation
+      let validationKey = this.currentKey
+      let keyRotated = false
+      if (keyId) {
+        const historicalKey = this.getKeyById(keyId)
+        if (historicalKey) {
+          validationKey = historicalKey
+          keyRotated = keyId !== this.getCurrentKeyId()
+        } else {
+          return {
+            valid: false,
+            error: 'Signing key not found or expired',
+            keyRotated: true
+          }
+        }
+      }
+      // Recreate payload for verification
+      const payload = {
+        data,
+        componentId,
+        timestamp,
+        version,
+        keyId,
+        compressed,
+        encrypted
+      }
+      // Verify signature with appropriate key
+      const expectedSignature = this.createSignature(payload, validationKey)
+      if (!this.constantTimeEquals(signature, expectedSignature)) {
+        console.warn('⚠️ State signature mismatch:', {
+          componentId,
+          expected: expectedSignature.substring(0, 16) + '...',
+          received: signature.substring(0, 16) + '...'
+        })
+        return {
+          valid: false,
+          error: 'State signature invalid - possible tampering',
+          tampered: true
+        }
+      }
+      console.log('✅ State signature valid:', {
+        componentId,
+        age: `${Math.round(age / 1000)}s`,
+        version
+      })
+      return { valid: true }
+    } catch (error: any) {
+      return {
+        valid: false,
+        error: `Validation error: ${error.message}`
+      }
+    }
+  }
+  /**
+   * Create HMAC signature for payload using specified key
+   */
+  private createSignature(payload: any, key?: string): string {
+    // Stringify deterministically (sorted keys)
+    const normalizedPayload = JSON.stringify(payload, Object.keys(payload).sort())
+    return createHmac('sha256', key || this.currentKey)
+      .update(normalizedPayload)
+      .digest('hex')
+  }
+  /**
+   * Encrypt sensitive data
+   */
+  private async encryptData<T>(data: T): Promise<string> {
+    try {
+      const serializedData = JSON.stringify(data)
+      const key = await scryptAsync(this.currentKey, 'salt', 32) as Buffer
+      const iv = randomBytes(16)
+      const cipher = createCipheriv('aes-256-cbc', key, iv)
+      let encrypted = cipher.update(serializedData, 'utf8', 'hex')
+      encrypted += cipher.final('hex')
+      return iv.toString('hex') + ':' + encrypted
+    } catch (error) {
+      throw new Error(`Encryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`)
+    }
+  }
+  /**
+   * Decrypt sensitive data
+   */
+  private async decryptData(encryptedData: string, key?: string): Promise<any> {
+    try {
+      const [ivHex, encrypted] = encryptedData.split(':')
+      const iv = Buffer.from(ivHex, 'hex')
+      const derivedKey = await scryptAsync(key || this.currentKey, 'salt', 32) as Buffer
+      const decipher = createDecipheriv('aes-256-cbc', derivedKey, iv)
+      let decrypted = decipher.update(encrypted, 'hex', 'utf8')
+      decrypted += decipher.final('utf8')
+      return JSON.parse(decrypted)
+    } catch (error) {
+      throw new Error(`Decryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`)
+    }
+  }
+  /**
+   * Decompress state data
+   */
+  private async decompressData(compressedData: string): Promise<any> {
+    try {
+      const compressedBuffer = Buffer.from(compressedData, 'base64')
+      const decompressedBuffer = await gunzipAsync(compressedBuffer)
+      return JSON.parse(decompressedBuffer.toString('utf8'))
+    } catch (error) {
+      throw new Error(`Decompression failed: ${error instanceof Error ? error.message : 'Unknown error'}`)
+    }
+  }
+  /**
+   * Create state backup
+   */
+  private async createStateBackup<T>(componentId: string, state: T, version: number): Promise<void> {
+    try {
+      const backup: StateBackup<T> = {
+        componentId,
+        state,
+        timestamp: Date.now(),
+        version,
+        checksum: createHmac('sha256', this.currentKey).update(JSON.stringify(state)).digest('hex')
+      }
+      let backups = this.backups.get(componentId) || []
+      backups.push(backup)
+      // Keep only last 10 backups per component
+      if (backups.length > 10) {
+        backups = backups.slice(-10)
+      }
+      this.backups.set(componentId, backups)
+      console.log(`💾 State backup created for component ${componentId} v${version}`)
+    } catch (error) {
+      console.error(`❌ Failed to create backup for component ${componentId}:`, error)
+    }
+  }
+  /**
+   * Constant-time string comparison to prevent timing attacks
+   */
+  private constantTimeEquals(a: string, b: string): boolean {
+    if (a.length !== b.length) {
+      return false
+    }
+    let result = 0
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i)
+    }
+    return result === 0
+  }
+  /**
+   * Extract and process signed state data (decompression, decryption)
+   */
+  public async extractData<T>(signedState: SignedState<T>): Promise<T> {
+    let data = signedState.data
+    try {
+      // Decrypt if encrypted
+      if (signedState.encrypted) {
+        const keyToUse = signedState.keyId ? this.getKeyById(signedState.keyId) : this.currentKey
+        if (!keyToUse) {
+          throw new Error('Decryption key not available')
+        }
+        data = await this.decryptData(data as string, keyToUse)
+      }
+      // Decompress if compressed
+      if (signedState.compressed) {
+        data = await this.decompressData(data as string)
+      }
+      return data
+    } catch (error) {
+      console.error('❌ Failed to extract state data:', error)
+      throw error
+    }
+  }
+  /**
+   * Update signature for new state version with enhanced options
+   */
+  public async updateSignature<T>(
+    signedState: SignedState<T>,
+    newData: T,
+    options?: {
+      compress?: boolean
+      encrypt?: boolean
+      backup?: boolean
+    }
+  ): Promise<SignedState<T>> {
+    return this.signState(
+      signedState.componentId,
+      newData,
+      signedState.version + 1,
+      options
+    )
+  }
+  /**
+   * Register state migration function
+   */
+  public registerMigration(fromVersion: string, toVersion: string, migrationFn: (state: any) => any): void {
+    const key = `${fromVersion}->${toVersion}`
+    this.migrationFunctions.set(key, migrationFn)
+    console.log(`📋 Registered migration: ${key}`)
+  }
+  /**
+   * Migrate state to new version
+   */
+  public async migrateState<T>(signedState: SignedState<T>, targetVersion: string): Promise<SignedState<T> | null> {
+    const currentVersion = signedState.version.toString()
+    const migrationKey = `${currentVersion}->${targetVersion}`
+    const migrationFn = this.migrationFunctions.get(migrationKey)
+    if (!migrationFn) {
+      console.warn(`⚠️ No migration function found for ${migrationKey}`)
+      return null
+    }
+    try {
+      // Extract current data
+      const currentData = await this.extractData(signedState)
+      // Apply migration
+      const migratedData = migrationFn(currentData)
+      // Create new signed state
+      const newSignedState = await this.signState(
+        signedState.componentId,
+        migratedData,
+        parseInt(targetVersion),
+        {
+          compress: signedState.compressed,
+          encrypt: signedState.encrypted,
+          backup: true
+        }
+      )
+      console.log(`✅ State migrated from v${currentVersion} to v${targetVersion} for component ${signedState.componentId}`)
+      return newSignedState
+    } catch (error) {
+      console.error(`❌ State migration failed for ${migrationKey}:`, error)
+      return null
+    }
+  }
+  /**
+   * Recover state from backup
+   */
+  public recoverStateFromBackup<T>(componentId: string, version?: number): StateBackup<T> | null {
+    const backups = this.backups.get(componentId)
+    if (!backups || backups.length === 0) {
+      return null
+    }
+    if (version !== undefined) {
+      // Find specific version
+      return backups.find(backup => backup.version === version) || null
+    } else {
+      // Return latest backup
+      return backups[backups.length - 1] || null
+    }
+  }
+  /**
+   * Get all backups for a component
+   */
+  public getComponentBackups(componentId: string): StateBackup[] {
+    return this.backups.get(componentId) || []
+  }
+  /**
+   * Verify backup integrity
+   */
+  public verifyBackup<T>(backup: StateBackup<T>): boolean {
+    try {
+      const expectedChecksum = createHmac('sha256', this.currentKey)
+        .update(JSON.stringify(backup.state))
+        .digest('hex')
+      return this.constantTimeEquals(backup.checksum, expectedChecksum)
+    } catch {
+      return false
+    }
+  }
+  /**
+   * Clean up old backups
+   */
+  public cleanupBackups(maxAge: number = 7 * 24 * 60 * 60 * 1000): void {
+    const now = Date.now()
+    let totalCleaned = 0
+    for (const [componentId, backups] of this.backups) {
+      const validBackups = backups.filter(backup => {
+        const age = now - backup.timestamp
+        return age <= maxAge
+      })
+      const cleaned = backups.length - validBackups.length
+      totalCleaned += cleaned
+      if (validBackups.length === 0) {
+        this.backups.delete(componentId)
+      } else {
+        this.backups.set(componentId, validBackups)
+      }
+    }
+    if (totalCleaned > 0) {
+      console.log(`🧹 Cleaned up ${totalCleaned} old state backups`)
+    }
+  }
+  /**
+   * Get server's signature info for debugging
+   */
+  public getSignatureInfo() {
+    return {
+      algorithm: 'HMAC-SHA256',
+      keyLength: this.currentKey.length,
+      maxAge: this.maxAge,
+      keyPreview: this.currentKey.substring(0, 8) + '...',
+      currentKeyId: this.getCurrentKeyId(),
+      keyHistoryCount: this.keyHistory.size,
+      compressionEnabled: this.compressionConfig.enabled,
+      rotationInterval: this.keyRotationConfig.rotationInterval
+    }
+  }
+}
+// Global instance with enhanced configuration
+export const stateSignature = StateSignature.getInstance(
+  process.env.FLUXSTACK_STATE_SECRET || undefined,
+  {
+    keyRotation: {
+      rotationInterval: parseInt(process.env.FLUXSTACK_KEY_ROTATION_INTERVAL || '604800000'), // 7 days
+      maxKeyAge: parseInt(process.env.FLUXSTACK_MAX_KEY_AGE || '2592000000'), // 30 days
+      keyRetentionCount: parseInt(process.env.FLUXSTACK_KEY_RETENTION_COUNT || '5')
+    },
+    compression: {
+      enabled: process.env.FLUXSTACK_COMPRESSION_ENABLED !== 'false',
+      threshold: parseInt(process.env.FLUXSTACK_COMPRESSION_THRESHOLD || '1024'), // 1KB
+      level: parseInt(process.env.FLUXSTACK_COMPRESSION_LEVEL || '6')
+    }
+  }
+)