holosphere 2.0.0-alpha12 → 2.0.0-alpha13

package/dist/{index-TDDyakLc.js → index-BN_uoxQK.js}

@@ -18010,12 +18010,12 @@ async function createPersistentStorage(namespace, options = {}) {
   const isBrowser = typeof window !== "undefined" && typeof window.indexedDB !== "undefined";
   typeof process !== "undefined" && process.versions && void 0;
   if (isBrowser) {
-    const { IndexedDBStorage } = await import("./indexeddb-storage-CXhjqwhA.js");
+    const { IndexedDBStorage } = await import("./indexeddb-storage-bpA01pAU.js");
     const storage = new IndexedDBStorage();
     await storage.init(namespace);
     return storage;
   } else {
-    const { MemoryStorage } = await import("./memory-storage-DkewsdcM.js");
+    const { MemoryStorage } = await import("./memory-storage-BqhmytP_.js");
     const storage = new MemoryStorage();
     await storage.init(namespace);
     return storage;
@@ -18028,7 +18028,7 @@ async function loadNDKCacheAdapter() {
   ndkCacheAdapterLoaded = true;
   if (typeof window !== "undefined" && typeof indexedDB !== "undefined") {
     try {
-      const module2 = await import("./index-lbSQUoRz.js");
+      const module2 = await import("./index-Z5TstN1e.js");
       NDKCacheAdapterDexie = module2.default || module2.NDKCacheAdapterDexie;
     } catch (e) {
       console.debug("[nostr] NDK cache adapter not available, using LRU cache");
@@ -18197,13 +18197,20 @@ class NostrClient {
     const CacheAdapter = await loadNDKCacheAdapter();
     let cacheAdapter = null;
     if (CacheAdapter && this.config.appName) {
+      const dbName = `holosphere_ndk_${this.config.appName}`;
+      await this._clearIncompatibleNDKCache(dbName);
       try {
-        cacheAdapter = new CacheAdapter({
-          dbName: `holosphere_${this.config.appName}`
-        });
+        cacheAdapter = new CacheAdapter({ dbName });
         this._useNDKCache = true;
       } catch (e) {
         console.warn("[nostr] Failed to initialize NDK cache adapter:", e.message);
+        await this._deleteDexieDatabase(dbName);
+        try {
+          cacheAdapter = new CacheAdapter({ dbName });
+          this._useNDKCache = true;
+        } catch (retryError) {
+          console.warn("[nostr] Failed to initialize NDK cache adapter after reset:", retryError.message);
+        }
       }
     }
     if (this.relays.length > 0) {
@@ -18312,6 +18319,67 @@ class NostrClient {
       }
     }
   }
+  /**
+   * Check if NDK cache database exists with potentially incompatible schema.
+   * NDK cache adapter uses Dexie which can't handle primary key changes.
+   * We detect this by checking if the database exists and clearing it if needed.
+   * @param {string} dbName - The database name to check
+   * @returns {Promise<void>}
+   * @private
+   */
+  async _clearIncompatibleNDKCache(dbName) {
+    if (typeof indexedDB === "undefined") return;
+    const databases = await indexedDB.databases?.() || [];
+    const existingDb = databases.find((db) => db.name === dbName);
+    if (existingDb) {
+      try {
+        await new Promise((resolve, reject) => {
+          const request = indexedDB.open(dbName);
+          request.onsuccess = () => {
+            const db = request.result;
+            const storeNames = Array.from(db.objectStoreNames);
+            db.close();
+            const requiredStores = ["events", "eventTags"];
+            const hasRequiredStores = requiredStores.every((name2) => storeNames.includes(name2));
+            if (!hasRequiredStores && storeNames.length > 0) {
+              console.warn(`[nostr] NDK cache database ${dbName} has incompatible schema, clearing...`);
+              this._deleteDexieDatabase(dbName).then(resolve).catch(resolve);
+            } else {
+              resolve();
+            }
+          };
+          request.onerror = () => resolve();
+          request.onblocked = () => resolve();
+        });
+      } catch {
+      }
+    }
+  }
+  /**
+   * Delete a Dexie database by name.
+   * Used to recover from schema upgrade errors.
+   * @param {string} dbName - The database name to delete
+   * @returns {Promise<void>}
+   * @private
+   */
+  async _deleteDexieDatabase(dbName) {
+    if (typeof indexedDB === "undefined") return;
+    return new Promise((resolve) => {
+      const request = indexedDB.deleteDatabase(dbName);
+      request.onsuccess = () => {
+        console.log(`[nostr] Deleted incompatible database: ${dbName}`);
+        resolve();
+      };
+      request.onerror = () => {
+        console.warn(`[nostr] Failed to delete database: ${dbName}`);
+        resolve();
+      };
+      request.onblocked = () => {
+        console.warn(`[nostr] Database deletion blocked: ${dbName}`);
+        resolve();
+      };
+    });
+  }
   /**
    * Load events from persistent storage into cache
    * @private
@@ -18412,6 +18480,7 @@ class NostrClient {
    * @param {Object} [options={}] - Publish options
    * @param {boolean} [options.waitForRelays=false] - Wait for relay confirmation
    * @param {boolean} [options.debounce=true] - Debounce rapid writes to same d-tag
+   * @param {string} [options.signingKey] - Private key to sign with (hex format). If not provided, uses client's default key.
    * @returns {Promise<Object>} Signed event with relay publish results
    * @example
    * const result = await client.publish({
@@ -18459,7 +18528,7 @@ class NostrClient {
         }
       }, WRITE_DEBOUNCE_MS);
       pendingWrites.set(dTagPath, { event, timer, resolve, reject });
-      const signedEvent = this._createSignedEvent(event);
+      const signedEvent = this._createSignedEvent(event, options.signingKey);
       this._cacheEvent(signedEvent);
     });
   }
@@ -18467,9 +18536,12 @@ class NostrClient {
    * Create a signed event using NDK or nostr-tools fallback.
    * @private
    * @param {Object} event - Unsigned event
+   * @param {string} [signingKey] - Optional private key to sign with (hex format)
    * @returns {Object} Signed event
    */
-  _createSignedEvent(event) {
+  _createSignedEvent(event, signingKey = null) {
+    const keyToUse = signingKey || this.privateKey;
+    const pubkeyToUse = signingKey ? getPublicKey$2(hexToBytes$2(signingKey)) : this.publicKey;
     if (this.ndk) {
       const ndkEvent = new NDKEvent(this.ndk);
       ndkEvent.kind = event.kind;
@@ -18481,7 +18553,7 @@ class NostrClient {
         content: ndkEvent.content,
         tags: ndkEvent.tags,
         created_at: ndkEvent.created_at,
-        pubkey: this.publicKey,
+        pubkey: pubkeyToUse,
         id: "",
         // Will be set during actual publish
         sig: ""
@@ -18489,11 +18561,11 @@ class NostrClient {
       };
     }
     try {
-      return finalizeEvent(event, hexToBytes$2(this.privateKey));
+      return finalizeEvent(event, hexToBytes$2(keyToUse));
     } catch (e) {
       return {
         ...event,
-        pubkey: this.publicKey,
+        pubkey: pubkeyToUse,
         id: Math.random().toString(16).slice(2).padStart(64, "0"),
         sig: "mock-signature",
         created_at: event.created_at || Math.floor(Date.now() / 1e3)
@@ -18506,6 +18578,7 @@ class NostrClient {
    */
   async _doPublish(event, options = {}) {
     const waitForRelays = options.waitForRelays || false;
+    const signingKey = options.signingKey || null;
     let signedEvent;
     if (event.id && event.sig) {
       signedEvent = event;
@@ -18515,10 +18588,15 @@ class NostrClient {
       ndkEvent.content = event.content;
       ndkEvent.tags = event.tags || [];
       ndkEvent.created_at = event.created_at || Math.floor(Date.now() / 1e3);
-      await ndkEvent.sign(this.signer);
+      if (signingKey) {
+        const tempSigner = new NDKPrivateKeySigner(signingKey);
+        await ndkEvent.sign(tempSigner);
+      } else {
+        await ndkEvent.sign(this.signer);
+      }
       signedEvent = ndkEvent.rawEvent();
     } else {
-      signedEvent = this._createSignedEvent(event);
+      signedEvent = this._createSignedEvent(event, signingKey);
     }
     await this._cacheEvent(signedEvent);
     if (this.outboxQueue) {
@@ -20885,7 +20963,7 @@ class GunSchemaValidator {
       return true;
     }
     try {
-      const AjvModule = await import("./2019-DQdDE6DG.js").then((n2) => n2._);
+      const AjvModule = await import("./2019-CLMqIAfQ.js").then((n2) => n2._);
       this.Ajv = AjvModule.default || AjvModule;
       this.validator = new this.Ajv({
         allErrors: true,
@@ -21106,7 +21184,7 @@ class GunDBBackend extends StorageBackend {
     let Gun;
     try {
       console.log("[gundb-backend] Importing Gun...");
-      const gunModule = await import("./browser-CckFyRI9.js").then((n2) => n2.b);
+      const gunModule = await import("./browser-nUQt1cnB.js").then((n2) => n2.b);
       Gun = gunModule.default || gunModule;
       console.log("[gundb-backend] Gun imported:", typeof Gun);
     } catch (error) {
@@ -22506,7 +22584,9 @@ const globalSubscriptions = /* @__PURE__ */ new Map();
 const singlePathSubscriptions = /* @__PURE__ */ new Map();
 const pendingQueries = /* @__PURE__ */ new Map();
 const QUERY_DEDUP_WINDOW = 2e3;
-async function nostrPut(client, path, data, kind2 = 3e4) {
+async function nostrPut(client, path, data, kindOrOptions = 3e4) {
+  const options = typeof kindOrOptions === "number" ? { kind: kindOrOptions } : kindOrOptions;
+  const kind2 = options.kind || 3e4;
   const dataEvent = {
     kind: kind2,
     created_at: Math.floor(Date.now() / 1e3),
@@ -22516,7 +22596,8 @@ async function nostrPut(client, path, data, kind2 = 3e4) {
     ],
     content: JSON.stringify(data)
   };
-  const result = await client.publish(dataEvent);
+  const publishOptions = options.signingKey ? { signingKey: options.signingKey } : {};
+  const result = await client.publish(dataEvent, publishOptions);
   return result;
 }
 async function nostrGet(client, path, kind2 = 3e4, options = {}) {
@@ -23057,9 +23138,10 @@ function buildPath$1(appname, holon, lens, key = null) {
 function encodePathComponent(component) {
   return encodeURIComponent(component).replace(/%2F/g, "/");
 }
-async function write$1(client, path, data) {
+async function write$1(client, path, data, options = {}) {
   try {
-    const result = await nostrPut(client, path, data);
+    const putOptions = options.signingKey ? { signingKey: options.signingKey } : {};
+    const result = await nostrPut(client, path, data, putOptions);
     const success = result.results.length === 0 ? true : result.results.some((r) => r.status === "fulfilled");
     return success;
   } catch (error) {
@@ -23782,28 +23864,72 @@ async function issueSelfCapability(permissions, scope, authorPubKey, options = {
 async function verifyCapability$1(token, requiredPermission, scope) {
   try {
     let tokenObj;
+    if (token && typeof token === "object" && token.token) {
+      token = token.token;
+    }
     if (typeof token === "string") {
-      const parts = token.split(".");
-      const payload = parts[0];
-      const decoded = Buffer.from ? Buffer.from(payload, "base64").toString("utf8") : atob(payload);
-      tokenObj = JSON.parse(decoded);
-    } else {
+      if (token.startsWith("ey") || !token.includes(".") && !token.startsWith("{")) {
+        try {
+          const payload = token.includes(".") ? token.split(".")[0] : token;
+          const decoded = Buffer.from ? Buffer.from(payload, "base64").toString("utf8") : atob(payload);
+          tokenObj = JSON.parse(decoded);
+        } catch (e) {
+          console.log("[verifyCapability] ❌ Token is not valid base64 JSON:", {
+            preview: token.substring(0, 50),
+            error: e.message
+          });
+          return false;
+        }
+      } else if (token.startsWith("{")) {
+        try {
+          tokenObj = JSON.parse(token);
+        } catch (e) {
+          console.log("[verifyCapability] ❌ Token is not valid JSON:", {
+            preview: token.substring(0, 50),
+            error: e.message
+          });
+          return false;
+        }
+      } else {
+        console.log("[verifyCapability] ❌ Unknown token format:", token.substring(0, 50));
+        return false;
+      }
+    } else if (token && typeof token === "object") {
       tokenObj = token;
+    } else {
+      console.log("[verifyCapability] ❌ Invalid token:", typeof token);
+      return false;
     }
     if (!tokenObj || tokenObj.type !== "capability") {
+      console.log("[verifyCapability] ❌ Invalid token type:", { type: tokenObj?.type, tokenObj });
       return false;
     }
     if (Date.now() > tokenObj.expires) {
+      console.log("[verifyCapability] ❌ Token expired:", {
+        expires: tokenObj.expires,
+        now: Date.now(),
+        expiredAgo: `${(Date.now() - tokenObj.expires) / 1e3}s ago`
+      });
       return false;
     }
     if (!matchScope(tokenObj.scope, scope)) {
+      console.log("[verifyCapability] ❌ Scope mismatch:", {
+        tokenScope: tokenObj.scope,
+        requestedScope: scope
+      });
       return false;
     }
     if (!tokenObj.permissions.includes(requiredPermission)) {
+      console.log("[verifyCapability] ❌ Permission denied:", {
+        required: requiredPermission,
+        has: tokenObj.permissions
+      });
       return false;
     }
+    console.log("[verifyCapability] ✅ Capability valid");
     return true;
   } catch (error) {
+    console.log("[verifyCapability] ❌ Error:", error.message);
     return false;
   }
 }
@@ -23889,21 +24015,60 @@ async function getFederatedPartner(client, appname, partnerPubKey) {
 }
 async function getCapabilityForAuthor(client, appname, authorPubKey, scope) {
   const registry2 = await getFederationRegistry(client, appname);
+  console.log("[Registry] 🔍 getCapabilityForAuthor called:", {
+    authorPubKey: authorPubKey?.slice(0, 12) + "...",
+    scope,
+    federatedWithCount: registry2.federatedWith?.length || 0,
+    federatedPartners: registry2.federatedWith?.map((p) => p.pubKey?.slice(0, 12) + "...") || []
+  });
   const partner = registry2.federatedWith.find((p) => p.pubKey === authorPubKey);
-  if (!partner || !partner.inboundCapabilities) {
+  if (!partner) {
+    console.log("[Registry] ❌ Partner not found in federatedWith");
+    return null;
+  }
+  if (!partner.inboundCapabilities || partner.inboundCapabilities.length === 0) {
+    console.log("[Registry] ❌ Partner has no inboundCapabilities:", {
+      partnerPubKey: authorPubKey?.slice(0, 12) + "...",
+      hasInboundCaps: !!partner.inboundCapabilities,
+      inboundCapsLength: partner.inboundCapabilities?.length || 0
+    });
     return null;
   }
-  return partner.inboundCapabilities.find((cap) => {
+  console.log("[Registry] Partner found with inboundCapabilities:", {
+    partnerPubKey: authorPubKey?.slice(0, 12) + "...",
+    capsCount: partner.inboundCapabilities.length,
+    capScopes: partner.inboundCapabilities.map((c) => c.scope)
+  });
+  const result = partner.inboundCapabilities.find((cap) => {
     if (cap.expires && cap.expires < Date.now()) {
+      console.log("[Registry] Capability expired:", { expires: cap.expires, now: Date.now() });
       return false;
     }
-    return matchScope(cap.scope, scope);
+    const matches = matchScope(cap.scope, scope);
+    console.log("[Registry] Scope match check:", {
+      capScope: cap.scope,
+      requestedScope: scope,
+      matches
+    });
+    return matches;
   }) || null;
+  if (result) {
+    console.log("[Registry] ✅ Matching capability found");
+  } else {
+    console.log("[Registry] ❌ No matching capability found");
+  }
+  return result;
 }
 async function storeInboundCapability(client, appname, partnerPubKey, capabilityInfo) {
+  console.log("[Registry] 📥 storeInboundCapability called:", {
+    partnerPubKey: partnerPubKey?.slice(0, 12) + "...",
+    scope: capabilityInfo?.scope,
+    hasToken: !!capabilityInfo?.token
+  });
   const registry2 = await getFederationRegistry(client, appname);
   const partner = registry2.federatedWith.find((p) => p.pubKey === partnerPubKey);
   if (!partner) {
+    console.log("[Registry] Partner not in registry, auto-adding with capability");
     return addFederatedPartner(client, appname, partnerPubKey, {
       addedVia: "capability_received",
       inboundCapabilities: [capabilityInfo]
@@ -23916,17 +24081,21 @@ async function storeInboundCapability(client, appname, partnerPubKey, capability
     (cap) => JSON.stringify(cap.scope) === JSON.stringify(capabilityInfo.scope)
   );
   if (existingIndex >= 0) {
+    console.log("[Registry] Updating existing capability at index:", existingIndex);
     partner.inboundCapabilities[existingIndex] = {
       ...capabilityInfo,
       updatedAt: Date.now()
     };
   } else {
+    console.log("[Registry] Adding new capability, total will be:", partner.inboundCapabilities.length + 1);
     partner.inboundCapabilities.push({
       ...capabilityInfo,
       receivedAt: Date.now()
     });
   }
-  return saveFederationRegistry(client, appname, registry2);
+  const result = await saveFederationRegistry(client, appname, registry2);
+  console.log("[Registry] ✅ Capability stored, registry saved:", result);
+  return result;
 }
 async function storeOutboundCapability(client, appname, partnerPubKey, capabilityInfo) {
   const registry2 = await getFederationRegistry(client, appname);
@@ -24137,13 +24306,17 @@ async function wouldCreateCircularHologram(client, appname, sourceHolon, targetH
   return { isCircular: true, chain, reason: "max_depth_exceeded" };
 }
 function createHologram(sourceHolon, targetHolon, lensName, dataId, appname, options = {}) {
-  const { authorPubKey, capability } = options;
+  const { authorPubKey } = options;
+  let { capability } = options;
   if (!authorPubKey) {
     throw new Error("authorPubKey is required for hologram creation (unified model)");
   }
   if (!capability) {
     throw new Error("capability is required for hologram creation (unified model)");
   }
+  if (typeof capability === "object" && capability.token) {
+    capability = capability.token;
+  }
   const soul = buildPath(appname, sourceHolon, lensName, dataId);
   const hologram2 = {
     id: dataId,
@@ -24158,7 +24331,7 @@ function createHologram(sourceHolon, targetHolon, lensName, dataId, appname, opt
       // Always present in unified model
     },
     capability,
-    // Always present in unified model
+    // Always the token string (normalized above)
     _meta: {
       created: Date.now(),
       sourceHolon,
@@ -24246,6 +24419,9 @@ async function resolveHologram(client, hologram2, visited = /* @__PURE__ */ new
   let sourceData;
   let capability = hologram2.capability;
   const authorPubKey = target.authorPubKey;
+  if (capability && typeof capability === "object" && capability.token) {
+    capability = capability.token;
+  }
   if (!capability && options.appname && authorPubKey) {
     const capEntry = await getCapabilityForAuthor(
       client,
@@ -24258,7 +24434,7 @@ async function resolveHologram(client, hologram2, visited = /* @__PURE__ */ new
       }
     );
     if (capEntry) {
-      capability = capEntry.token;
+      capability = capEntry.token || capEntry;
     }
   }
   if (!skipCapabilityVerification) {
@@ -24458,6 +24634,15 @@ async function propagateData(client, appname, data, sourceHolon, targetHolon, le
       return false;
     }
     const sourceAuthorPubKey = options.sourceAuthorPubKey || client.publicKey;
+    const isPubkey2 = typeof targetHolon === "string" && /^[0-9a-f]{64}$/i.test(targetHolon);
+    const targetAuthorPubKey = options.targetAuthorPubKey || (isPubkey2 ? targetHolon : client.publicKey);
+    console.log("[propagateData] Creating hologram with capability:", {
+      sourceHolon: sourceHolon?.slice(0, 12) + "...",
+      targetHolon: targetHolon?.slice(0, 12) + "...",
+      sourceAuthorPubKey: sourceAuthorPubKey?.slice(0, 12) + "...",
+      targetAuthorPubKey: targetAuthorPubKey?.slice(0, 12) + "...",
+      hasProvidedCapability: !!options.capability
+    });
     const hologram2 = await createHologramWithCapability(
       client,
       sourceHolon,
@@ -24467,6 +24652,7 @@ async function propagateData(client, appname, data, sourceHolon, targetHolon, le
       appname,
       {
         sourceAuthorPubKey,
+        targetAuthorPubKey,
         capability: options.capability,
         permissions: ["read"]
       }
@@ -25055,6 +25241,108 @@ const nostrUtils = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.definePr
   signEvent,
   verifyEvent
 }, Symbol.toStringTag, { value: "Module" }));
+const HOLON_REGISTRY_TABLE = "_holon-registry";
+function isPubkey(str2) {
+  return typeof str2 === "string" && /^[0-9a-f]{64}$/i.test(str2);
+}
+async function registerHolon(client, appname, holonId, publicKey, options = {}) {
+  if (!isPubkey(publicKey)) {
+    throw new Error(`Invalid public key format: ${publicKey}`);
+  }
+  if (isPubkey(holonId)) {
+    console.log("[HolonRegistry] registerHolon: holonId is already a pubkey, skipping registration");
+    return true;
+  }
+  const entry = {
+    id: holonId,
+    holonId,
+    publicKey,
+    alias: options.alias || null,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+    createdBy: client.publicKey
+  };
+  console.log("[HolonRegistry] 📝 registerHolon:", {
+    holonId,
+    publicKey: publicKey?.slice(0, 12) + "...",
+    alias: options.alias
+  });
+  const result = await writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
+  console.log("[HolonRegistry] registerHolon result:", result);
+  return result;
+}
+async function lookupHolon(client, appname, holonId) {
+  if (isPubkey(holonId)) {
+    return {
+      holonId,
+      publicKey: holonId,
+      isDirect: true
+    };
+  }
+  return readGlobal(client, appname, HOLON_REGISTRY_TABLE, holonId);
+}
+async function resolveHolonToPubkey(client, appname, holonId) {
+  if (isPubkey(holonId)) {
+    console.log("[HolonRegistry] resolveHolonToPubkey: holonId is already a pubkey:", holonId?.slice(0, 12) + "...");
+    return holonId;
+  }
+  const entry = await lookupHolon(client, appname, holonId);
+  if (entry?.publicKey) {
+    console.log("[HolonRegistry] ✅ resolveHolonToPubkey: Found mapping", {
+      holonId,
+      publicKey: entry.publicKey?.slice(0, 12) + "...",
+      alias: entry.alias
+    });
+  } else {
+    console.log("[HolonRegistry] ❌ resolveHolonToPubkey: No mapping found for holonId:", holonId);
+  }
+  return entry?.publicKey || null;
+}
+async function unregisterHolon(client, appname, holonId) {
+  if (isPubkey(holonId)) {
+    return false;
+  }
+  const entry = {
+    id: holonId,
+    holonId,
+    publicKey: null,
+    _deleted: true,
+    deletedAt: Date.now(),
+    deletedBy: client.publicKey
+  };
+  return writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
+}
+async function updateHolon(client, appname, holonId, updates = {}) {
+  const existing = await lookupHolon(client, appname, holonId);
+  if (!existing || existing.isDirect) {
+    return false;
+  }
+  const entry = {
+    ...existing,
+    ...updates,
+    updatedAt: Date.now()
+  };
+  return writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
+}
+async function listRegisteredHolons(client, appname) {
+  const entries = await getAllGlobal(client, appname, HOLON_REGISTRY_TABLE);
+  return (entries || []).filter((e) => !e._deleted);
+}
+async function findHolonsByPubkey(client, appname, publicKey) {
+  const all = await listRegisteredHolons(client, appname);
+  return all.filter((e) => e.publicKey === publicKey);
+}
+const holonRegistry = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  findHolonsByPubkey,
+  isPubkey,
+  listRegisteredHolons,
+  lookupHolon,
+  registerHolon,
+  resolveHolonToPubkey,
+  unregisterHolon,
+  updateHolon
+}, Symbol.toStringTag, { value: "Module" }));
 async function issueCapability(client, targetPubKey, scope, permissions, options = {}) {
   const {
     expiresIn = 36e5,
@@ -25362,6 +25650,8 @@ const requestCard$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defin
 const FEDERATION_CARDS_TABLE = "_federation-cards";
 const DISMISSED_REQUESTS_TABLE = "_dismissed-federation-requests";
 const PROCESSED_RESPONSES_TABLE = "_processed-federation-responses";
+const DM_STATE_TABLE = "_federation-dm-state";
+const PROCESSED_DMS_TABLE = "_processed-federation-dms";
 async function saveCard(client, appname, card) {
   const serialized = serializeCard(card);
   serialized.id = card.id;
@@ -25484,6 +25774,32 @@ async function cleanupOldEntries(client, appname, maxAge = 30 * 24 * 60 * 60 * 1
   }
   return result;
 }
+async function getLastDMFetchTime(client, appname) {
+  const entry = await readGlobal(client, appname, DM_STATE_TABLE, "lastFetch");
+  return entry?.timestamp || 0;
+}
+async function setLastDMFetchTime(client, appname, timestamp) {
+  return writeGlobal(client, appname, DM_STATE_TABLE, {
+    id: "lastFetch",
+    timestamp,
+    updatedAt: Date.now()
+  });
+}
+async function markDMProcessed(client, appname, eventId, type2 = "unknown") {
+  return writeGlobal(client, appname, PROCESSED_DMS_TABLE, {
+    id: eventId,
+    type: type2,
+    processedAt: Date.now()
+  });
+}
+async function isDMProcessed(client, appname, eventId) {
+  const entry = await readGlobal(client, appname, PROCESSED_DMS_TABLE, eventId);
+  return !!entry;
+}
+async function getProcessedDMIds(client, appname) {
+  const entries = await getAllGlobal(client, appname, PROCESSED_DMS_TABLE);
+  return new Set((entries || []).map((e) => e.id));
+}
 const cardStorage = {
   saveCard,
   getCard,
@@ -25500,7 +25816,12 @@ const cardStorage = {
   getProcessedResponseIds,
   updateCardStatus,
   findPendingCardsForPartner,
-  cleanupOldEntries
+  cleanupOldEntries,
+  getLastDMFetchTime,
+  setLastDMFetchTime,
+  markDMProcessed,
+  isDMProcessed,
+  getProcessedDMIds
 };
 const cardStorage$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
@@ -25515,11 +25836,16 @@ const cardStorage$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defin
   getCardByPartner,
   getDismissedRequestIds,
   getDisplayableCards,
+  getLastDMFetchTime,
+  getProcessedDMIds,
   getProcessedResponseIds,
+  isDMProcessed,
   isRequestDismissed,
   isResponseProcessed,
+  markDMProcessed,
   markResponseProcessed,
   saveCard,
+  setLastDMFetchTime,
   updateCardStatus
 }, Symbol.toStringTag, { value: "Module" }));
 function createFederationRequest({
@@ -25604,17 +25930,22 @@ async function sendFederationResponse(client, privateKey, recipientPubKey, respo
   }
 }
 function subscribeToFederationDMs(client, privateKey, publicKey, handlers, options = {}) {
-  const { onRequest, onResponse } = handlers;
+  const { onRequest, onResponse, onUpdate, onUpdateResponse } = handlers;
   const { appname } = options;
   let isActive = true;
   const processedEventIds = /* @__PURE__ */ new Set();
+  let processedDMIds = /* @__PURE__ */ new Set();
   let processedResponseIds = /* @__PURE__ */ new Set();
-  const loadProcessedResponses = async () => {
+  let lastFetchTime = 0;
+  const loadPersistedState = async () => {
     if (appname && client?.client) {
       try {
+        processedDMIds = await getProcessedDMIds(client.client, appname);
         processedResponseIds = await getProcessedResponseIds(client.client, appname);
+        lastFetchTime = await getLastDMFetchTime(client.client, appname);
+        console.log("[Handshake] Loaded persisted state - last fetch:", lastFetchTime, "processed DMs:", processedDMIds.size);
       } catch (err) {
-        console.warn("[Handshake] Could not load processed responses:", err.message);
+        console.warn("[Handshake] Could not load persisted state:", err.message);
       }
     }
   };
@@ -25622,6 +25953,9 @@ function subscribeToFederationDMs(client, privateKey, publicKey, handlers, optio
     if (!isActive) return;
     if (processedEventIds.has(event.id)) return;
     processedEventIds.add(event.id);
+    if (processedDMIds.has(event.id)) {
+      return;
+    }
     if (event.kind !== 4) return;
     const pTag = event.tags?.find((t) => t[0] === "p");
     if (!pTag || pTag[1] !== publicKey) return;
@@ -25638,9 +25972,15 @@ function subscribeToFederationDMs(client, privateKey, publicKey, handlers, optio
           const isDismissed = await isRequestDismissed(client.client, appname, payload.requestId);
           if (isDismissed) {
             console.log("[Handshake] Skipping dismissed request:", payload.requestId);
+            await markDMProcessed(client.client, appname, event.id, "request");
+            processedDMIds.add(event.id);
             return;
           }
         }
+        if (appname && client?.client) {
+          await markDMProcessed(client.client, appname, event.id, "request");
+          processedDMIds.add(event.id);
+        }
         console.log("[Handshake] Received federation request from:", event.pubkey.substring(0, 8) + "...");
         onRequest?.(payload, event.pubkey);
       } else if (payload.type === "federation_response" && payload.version === "1.0") {
@@ -25651,31 +25991,68 @@ function subscribeToFederationDMs(client, privateKey, publicKey, handlers, optio
         }
         if (appname && client?.client) {
           await markResponseProcessed(client.client, appname, payload.requestId, event.pubkey);
+          await markDMProcessed(client.client, appname, event.id, "response");
           processedResponseIds.add(responseKey);
+          processedDMIds.add(event.id);
         }
         console.log("[Handshake] Received federation response from:", event.pubkey.substring(0, 8) + "...");
         onResponse?.(payload, event.pubkey);
+      } else if (payload.type === "federation_update" && payload.version === "1.0") {
+        if (appname && client?.client) {
+          const isDismissed = await isRequestDismissed(client.client, appname, payload.updateId);
+          if (isDismissed) {
+            console.log("[Handshake] Skipping dismissed update:", payload.updateId);
+            await markDMProcessed(client.client, appname, event.id, "update");
+            processedDMIds.add(event.id);
+            return;
+          }
+        }
+        if (appname && client?.client) {
+          await markDMProcessed(client.client, appname, event.id, "update");
+          processedDMIds.add(event.id);
+        }
+        console.log("[Handshake] Received federation update from:", event.pubkey.substring(0, 8) + "...");
+        onUpdate?.(payload, event.pubkey);
+      } else if (payload.type === "federation_update_response" && payload.version === "1.0") {
+        const responseKey = `update_${payload.updateId}_${event.pubkey}`;
+        if (processedResponseIds.has(responseKey)) {
+          console.log("[Handshake] Skipping already processed update response:", responseKey);
+          return;
+        }
+        if (appname && client?.client) {
+          await markResponseProcessed(client.client, appname, payload.updateId, event.pubkey);
+          await markDMProcessed(client.client, appname, event.id, "update_response");
+          processedResponseIds.add(responseKey);
+          processedDMIds.add(event.id);
+        }
+        console.log("[Handshake] Received federation update response from:", event.pubkey.substring(0, 8) + "...");
+        onUpdateResponse?.(payload, event.pubkey);
       }
     } catch (error) {
     }
   };
   let subscription = null;
   const startSubscription = async () => {
-    await loadProcessedResponses();
+    await loadPersistedState();
     const nostrClient = client?.client;
     if (!nostrClient?.subscribe) {
       console.warn("[Handshake] No NostrClient subscribe method available");
       return;
     }
+    const sinceTime = lastFetchTime || 0;
+    console.log("[Handshake] Fetching DMs since:", sinceTime ? new Date(sinceTime * 1e3).toISOString() : "beginning of time");
     const filter = {
       kinds: [4],
       "#p": [publicKey],
-      since: Math.floor(Date.now() / 1e3) - 86400
-      // Last 24 hours
+      since: sinceTime
     };
     try {
       subscription = await nostrClient.subscribe(filter, handleEvent, {});
       console.log("[Handshake] Federation DM subscription started");
+      if (appname && client?.client) {
+        const now = Math.floor(Date.now() / 1e3);
+        await setLastDMFetchTime(client.client, appname, now);
+      }
     } catch (error) {
       console.error("[Handshake] Failed to subscribe:", error);
     }
@@ -25768,6 +26145,15 @@ async function acceptFederationRequest$1(holosphere, privateKey, params) {
           await storeInboundCapability(holosphere.client, holosphere.config.appName, senderPubKey, cap);
         }
       }
+      if (request.senderHolonId) {
+        await registerHolon(holosphere.client, holosphere.config.appName, request.senderHolonId, senderPubKey, {
+          alias: request.senderHolonName
+        });
+        console.log("[Handshake] Registered partner holon:", {
+          holonId: request.senderHolonId,
+          pubKey: senderPubKey?.slice(0, 12) + "..."
+        });
+      }
     }
     await holosphere.federateHolon(holonId, senderPubKey, {
       lensConfig,
@@ -25877,6 +26263,15 @@ async function processFederationResponse(holosphere, response, responderPubKey,
       alias: response.responderHolonName,
       addedVia: "handshake_accepted"
     });
+    if (response.responderHolonId) {
+      await registerHolon(holosphere.client, holosphere.config.appName, response.responderHolonId, responderPubKey, {
+        alias: response.responderHolonName
+      });
+      console.log("[Handshake] Registered partner holon from response:", {
+        holonId: response.responderHolonId,
+        pubKey: responderPubKey?.slice(0, 12) + "..."
+      });
+    }
   }
   const receivedHolograms = {};
   const responderHolonId = response.responderHolonId;
@@ -25907,103 +26302,152 @@ function isFederationRequest(payload) {
 function isFederationResponse(payload) {
   return payload?.type === "federation_response" && payload?.version === "1.0";
 }
-const handshake = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
-  __proto__: null,
-  acceptFederationRequest: acceptFederationRequest$1,
-  createFederationRequest,
-  createFederationResponse,
-  initiateFederationHandshake,
-  isFederationRequest,
-  isFederationResponse,
-  processFederationResponse,
-  rejectFederationRequest,
-  sendFederationRequest: sendFederationRequest$1,
-  sendFederationResponse,
-  subscribeToFederationDMs
-}, Symbol.toStringTag, { value: "Module" }));
-const HOLON_REGISTRY_TABLE = "_holon-registry";
-function isPubkey(str2) {
-  return typeof str2 === "string" && /^[0-9a-f]{64}$/i.test(str2);
+function createFederationUpdate({
+  senderHolonId,
+  senderHolonName,
+  senderPubKey,
+  newLensConfig,
+  message
+}) {
+  return {
+    type: "federation_update",
+    version: "1.0",
+    updateId: generateNonce(),
+    timestamp: Date.now(),
+    senderHolonId,
+    senderHolonName,
+    senderNpub: hexToNpub(senderPubKey),
+    newLensConfig,
+    message
+  };
 }
-async function registerHolon(client, appname, holonId, publicKey, options = {}) {
-  if (!isPubkey(publicKey)) {
-    throw new Error(`Invalid public key format: ${publicKey}`);
-  }
-  if (isPubkey(holonId)) {
-    return true;
-  }
-  const entry = {
-    id: holonId,
-    holonId,
-    publicKey,
-    alias: options.alias || null,
-    createdAt: Date.now(),
-    updatedAt: Date.now(),
-    createdBy: client.publicKey
+function createFederationUpdateResponse({
+  updateId,
+  status,
+  message
+}) {
+  return {
+    type: "federation_update_response",
+    version: "1.0",
+    updateId,
+    timestamp: Date.now(),
+    status,
+    message
   };
-  return writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
 }
-async function lookupHolon(client, appname, holonId) {
-  if (isPubkey(holonId)) {
-    return {
-      holonId,
-      publicKey: holonId,
-      isDirect: true
-    };
+async function sendFederationUpdate(client, privateKey, recipientPubKey, update2) {
+  try {
+    const content = JSON.stringify(update2);
+    const encrypted = encryptNIP44(privateKey, recipientPubKey, content);
+    const event = createDMEvent(recipientPubKey, encrypted, privateKey);
+    if (client?.publish) {
+      await client.publish(event);
+      console.log("[Handshake] Federation update sent to:", recipientPubKey.substring(0, 8) + "...");
+      return true;
+    }
+    return false;
+  } catch (error) {
+    console.error("[Handshake] Failed to send federation update:", error);
+    return false;
   }
-  return readGlobal(client, appname, HOLON_REGISTRY_TABLE, holonId);
 }
-async function resolveHolonToPubkey(client, appname, holonId) {
-  if (isPubkey(holonId)) {
-    return holonId;
+async function sendFederationUpdateResponse(client, privateKey, recipientPubKey, response) {
+  try {
+    const content = JSON.stringify(response);
+    const encrypted = encryptNIP44(privateKey, recipientPubKey, content);
+    const event = createDMEvent(recipientPubKey, encrypted, privateKey);
+    if (client?.publish) {
+      await client.publish(event);
+      console.log("[Handshake] Federation update response sent to:", recipientPubKey.substring(0, 8) + "...");
+      return true;
+    }
+    return false;
+  } catch (error) {
+    console.error("[Handshake] Failed to send federation update response:", error);
+    return false;
   }
-  const entry = await lookupHolon(client, appname, holonId);
-  return entry?.publicKey || null;
 }
-async function unregisterHolon(client, appname, holonId) {
-  if (isPubkey(holonId)) {
-    return false;
+async function requestFederationUpdate(holosphere, privateKey, params) {
+  const { partnerPubKey, holonId, holonName, newLensConfig, message } = params;
+  try {
+    const senderPubKey = getPublicKey(privateKey);
+    const update2 = createFederationUpdate({
+      senderHolonId: holonId,
+      senderHolonName: holonName,
+      senderPubKey,
+      newLensConfig,
+      message
+    });
+    const sent = await sendFederationUpdate(holosphere.client, privateKey, partnerPubKey, update2);
+    if (sent) {
+      return { success: true, updateId: update2.updateId };
+    }
+    return { success: false, error: "Failed to send update DM" };
+  } catch (error) {
+    return { success: false, error: error.message };
   }
-  const entry = {
-    id: holonId,
-    holonId,
-    publicKey: null,
-    _deleted: true,
-    deletedAt: Date.now(),
-    deletedBy: client.publicKey
-  };
-  return writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
 }
-async function updateHolon(client, appname, holonId, updates = {}) {
-  const existing = await lookupHolon(client, appname, holonId);
-  if (!existing || existing.isDirect) {
-    return false;
+async function acceptFederationUpdate(holosphere, privateKey, params) {
+  const { updateId, senderPubKey, holonId, newLensConfig, message } = params;
+  try {
+    if (holosphere.federateHolon) {
+      await holosphere.federateHolon(holonId, senderPubKey, {
+        lensConfig: newLensConfig
+      });
+    }
+    const response = createFederationUpdateResponse({
+      updateId,
+      status: "accepted",
+      message
+    });
+    const sent = await sendFederationUpdateResponse(holosphere.client, privateKey, senderPubKey, response);
+    return { success: sent, error: sent ? void 0 : "Failed to send response" };
+  } catch (error) {
+    return { success: false, error: error.message };
   }
-  const entry = {
-    ...existing,
-    ...updates,
-    updatedAt: Date.now()
-  };
-  return writeGlobal(client, appname, HOLON_REGISTRY_TABLE, entry);
 }
-async function listRegisteredHolons(client, appname) {
-  const entries = await getAllGlobal(client, appname, HOLON_REGISTRY_TABLE);
-  return (entries || []).filter((e) => !e._deleted);
+async function rejectFederationUpdate(holosphere, privateKey, params) {
+  const { updateId, senderPubKey, message } = params;
+  try {
+    const response = createFederationUpdateResponse({
+      updateId,
+      status: "rejected",
+      message
+    });
+    const sent = await sendFederationUpdateResponse(holosphere.client, privateKey, senderPubKey, response);
+    return { success: sent, error: sent ? void 0 : "Failed to send response" };
+  } catch (error) {
+    return { success: false, error: error.message };
+  }
 }
-async function findHolonsByPubkey(client, appname, publicKey) {
-  const all = await listRegisteredHolons(client, appname);
-  return all.filter((e) => e.publicKey === publicKey);
+function isFederationUpdate(payload) {
+  return payload?.type === "federation_update" && payload?.version === "1.0";
 }
-const holonRegistry = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+function isFederationUpdateResponse(payload) {
+  return payload?.type === "federation_update_response" && payload?.version === "1.0";
+}
+const handshake = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
-  findHolonsByPubkey,
-  isPubkey,
-  listRegisteredHolons,
-  lookupHolon,
-  registerHolon,
-  resolveHolonToPubkey,
-  unregisterHolon,
-  updateHolon
+  acceptFederationRequest: acceptFederationRequest$1,
+  acceptFederationUpdate,
+  createFederationRequest,
+  createFederationResponse,
+  createFederationUpdate,
+  createFederationUpdateResponse,
+  initiateFederationHandshake,
+  isFederationRequest,
+  isFederationResponse,
+  isFederationUpdate,
+  isFederationUpdateResponse,
+  processFederationResponse,
+  rejectFederationRequest,
+  rejectFederationUpdate,
+  requestFederationUpdate,
+  sendFederationRequest: sendFederationRequest$1,
+  sendFederationResponse,
+  sendFederationUpdate,
+  sendFederationUpdateResponse,
+  subscribeToFederationDMs
 }, Symbol.toStringTag, { value: "Module" }));
 function validateNostrEvent(event, partial = true, throwOnError = false) {
   if (!event || typeof event !== "object") {
@@ -36395,7 +36839,7 @@ class ChainManager {
    */
   async _loadEthers() {
     if (!this.ethers) {
-      const ethersModule = await import("./index-DrYM1LOY.js");
+      const ethersModule = await import("./index-CoAjtqsD.js");
       this.ethers = ethersModule;
     }
     return this.ethers;
@@ -45186,7 +45630,7 @@ class ContractDeployer {
    */
   async _loadEthers() {
     if (!this.ethers) {
-      this.ethers = await import("./index-DrYM1LOY.js");
+      this.ethers = await import("./index-CoAjtqsD.js");
     }
     return this.ethers;
   }
@@ -45572,7 +46016,7 @@ class ContractOperations {
    */
   async _loadEthers() {
     if (!this.ethers) {
-      this.ethers = await import("./index-DrYM1LOY.js");
+      this.ethers = await import("./index-CoAjtqsD.js");
     }
     return this.ethers;
   }
@@ -57524,6 +57968,7 @@ class HoloSphereBase extends HoloSphere$1 {
    * @param {boolean} [options.autoPropagate=true] - Whether to propagate to federated holons
    * @param {Object} [options.propagationOptions] - Options for propagation
    * @param {boolean} [options.blocking=false] - If true, wait for relay confirmation before returning
+   * @param {string} [options.signingKey] - Private key to sign with (hex format). If not provided, uses holosphere's default key.
    * @returns {Promise<boolean>} True if write succeeded (or queued for optimistic writes)
    * @throws {ValidationError} If holonId, lensName, or data is invalid
    * @throws {AuthorizationError} If capability token is invalid
@@ -57605,7 +58050,8 @@ class HoloSphereBase extends HoloSphere$1 {
         this._log("DEBUG", "🔗 Syncing hologram write", { path, target: existingData.target });
         return this._syncHologramWrite(existingData, data, path, lensName, options);
       }
-      await write(this.client, path, data);
+      const writeOptions = options.signingKey ? { signingKey: options.signingKey } : {};
+      await write(this.client, path, data, writeOptions);
       const endTime = Date.now();
       const duration = endTime - startTime;
       this._metrics.writes++;
@@ -57826,6 +58272,26 @@ class HoloSphereBase extends HoloSphere$1 {
     if (!lensName) {
       throw new ValidationError$1("ValidationError: lensName must be a non-empty string");
     }
+    if (dataId) {
+      const earlyPath = buildPath(this.config.appName, holonId, lensName, dataId);
+      if (this._deleteCache.has(earlyPath)) {
+        this._log("DEBUG", "🗑️ EARLY CACHE: Deleted item", { path: earlyPath });
+        return null;
+      }
+      const cached = this._writeCache.get(earlyPath);
+      if (cached) {
+        const cacheAge = Date.now() - cached.timestamp;
+        this._log("DEBUG", "⚡ EARLY CACHE HIT: Write cache", {
+          path: earlyPath,
+          cacheAge: `${cacheAge}ms`
+        });
+        const { resolveHolograms: resolveHolograms2 = true } = options;
+        if (resolveHolograms2 && cached.data) {
+          return this._resolveHolograms(cached.data);
+        }
+        return cached.data;
+      }
+    }
     const targetPubkey = await this._resolveHolonToPubkey(holonId);
     const isOtherAuthor = targetPubkey && targetPubkey !== this.client.publicKey;
     let readOptions = {};
@@ -57839,11 +58305,27 @@ class HoloSphereBase extends HoloSphere$1 {
         readOptions.authors = [targetPubkey];
       }
     } else if (isOtherAuthor) {
+      this._log("DEBUG", "🔍 Looking up capability for federated author", {
+        holonId,
+        lensName,
+        dataId: dataId || "*",
+        targetPubkey: targetPubkey?.slice(0, 12) + "...",
+        myPubkey: this.client?.publicKey?.slice(0, 12) + "..."
+      });
       const capability = await this._getCapabilityForAuthor(targetPubkey, { holonId, lensName, dataId });
       if (!capability) {
-        this._log("DEBUG", "No capability for author", { holonId, targetPubkey });
+        this._log("WARN", "❌ No capability found for federated author - returning empty", {
+          holonId,
+          lensName,
+          targetPubkey: targetPubkey?.slice(0, 12) + "..."
+        });
         return dataId ? null : [];
       }
+      this._log("DEBUG", "✅ Capability found for federated author", {
+        holonId,
+        lensName,
+        targetPubkey: targetPubkey?.slice(0, 12) + "..."
+      });
       readOptions.authors = [targetPubkey];
     }
     if (!isOtherAuthor) {
@@ -57875,7 +58357,7 @@ class HoloSphereBase extends HoloSphere$1 {
         });
         result = null;
       } else {
-        const cached = !isOtherAuthor ? this._writeCache.get(path) : null;
+        const cached = this._writeCache.get(path);
         if (cached) {
           const cacheAge = Date.now() - cached.timestamp;
           this._log("DEBUG", "⚡ CACHE HIT: Write cache", {
@@ -59378,4 +59860,4 @@ export {
   concatBytes as y,
   dataLength as z
 };
-//# sourceMappingURL=index-TDDyakLc.js.map
+//# sourceMappingURL=index-BN_uoxQK.js.map