holosphere 2.0.0-alpha21 → 2.0.0-alpha23

package/src/index.js

@@ -11,10 +11,12 @@
  * @license MIT
  */
 
+/** @constant {string} version - Package version (keep in sync with package.json) */
+export const version = '2.0.0-alpha23';
+
 import { HoloSphere as HoloSphereCore } from './core/holosphere.js';
 import * as spatial from './spatial/h3-operations.js';
-import * as storage from './storage/unified-storage.js';
-import * as nostrStorage from './storage/nostr-wrapper.js';
+import * as storage from './storage/nostr-wrapper.js';
 import * as nostrAsync from './storage/nostr-async.js';
 import * as globalTables from './storage/global-tables.js';
 import * as schema from './schema/validator.js';
@@ -23,7 +25,6 @@ import * as federation from './federation/hologram.js';
 import * as handshake from './federation/handshake.js';
 import * as holonRegistry from './federation/holon-registry.js';
 import * as registry from './federation/registry.js';
-import * as capabilities from './federation/capabilities.js';
 import * as requestCard from './federation/request-card.js';
 import * as cardStorage from './federation/card-storage.js';
 import * as crypto from './crypto/secp256k1.js';
@@ -78,7 +79,6 @@ class HoloSphereBase extends HoloSphereCore {
    *
    * @param {Object} config - Configuration options
    * @param {string} config.appName - Application namespace for data isolation
-   * @param {string} [config.backend='nostr'] - Storage backend type ('nostr', 'gundb', 'activitypub')
    * @param {string[]} [config.relays] - Nostr relay URLs for distributed storage
    * @param {string} [config.openaiKey] - OpenAI API key for AI services
    * @param {Object} [config.aiOptions] - AI service configuration
@@ -177,6 +177,25 @@ class HoloSphereBase extends HoloSphereCore {
     return isNaN(parsed) ? undefined : parsed;
   }
 
+  /**
+   * Extracts holon ID from a hologram soul path.
+   * Soul paths follow the format: "AppName/Holons/<holonId>/lensName/dataId"
+   *
+   * @private
+   * @param {string|undefined} soul - The soul path from a hologram
+   * @returns {string|null} The extracted holon ID or null if not found
+   */
+  _extractHolonIdFromSoul(soul) {
+    if (!soul || typeof soul !== 'string') return null;
+    // Soul format: "AppName/Holons/<holonId>/lensName/dataId" or "Holons/<holonId>/..."
+    const parts = soul.split('/');
+    const holonsIndex = parts.indexOf('Holons');
+    if (holonsIndex !== -1 && parts.length > holonsIndex + 1) {
+      return parts[holonsIndex + 1];
+    }
+    return null;
+  }
+
   /**
    * Initializes AI services with the provided API key.
    *
@@ -335,17 +354,13 @@ class HoloSphereBase extends HoloSphereCore {
    * @param {string} lensName - Name of the lens (data category)
    * @param {Object} data - Data object to write (must have or will be assigned an id)
    * @param {Object} [options={}] - Write options
-   * @param {string} [options.capabilityToken] - Capability token for authorization
    * @param {boolean} [options.validate=true] - Whether to validate against schema
    * @param {boolean} [options.strict] - Override schema strict mode
-   * @param {boolean} [options.autoPropagate=true] - Whether to propagate to federated holons
-   * @param {Object} [options.propagationOptions] - Options for propagation
    * @param {boolean} [options.blocking=false] - If true, wait for relay confirmation before returning
    * @param {string} [options.signingKey] - Private key to sign with (hex format). If not provided, uses holosphere's default key.
    * @param {boolean} [options.encrypt] - Whether to encrypt this data. Defaults to encryptByDefault config.
    * @returns {Promise<boolean>} True if write succeeded (or queued for optimistic writes)
    * @throws {ValidationError} If holonId, lensName, or data is invalid
-   * @throws {AuthorizationError} If capability token is invalid
    */
   async write(holonId, lensName, data, options = {}) {
     // Auto-convert to strings for convenience
@@ -362,6 +377,19 @@ class HoloSphereBase extends HoloSphereCore {
       throw new ValidationError('ValidationError: data must be an object');
     }
 
+    // HOLOGRAM ROUTING: If writing to a hologram, route to source holon
+    if (data._hologram?.isHologram) {
+      const sourceHolon = data._hologram.sourceHolon || this._extractHolonIdFromSoul(data._hologram.soul);
+      if (sourceHolon && sourceHolon !== holonId) {
+        this._log('DEBUG', '🔀 HOLOGRAM WRITE: Routing to source holon', {
+          requestedHolon: holonId?.slice(0, 12) + '...',
+          sourceHolon: sourceHolon?.slice(0, 12) + '...',
+          lensName
+        });
+        holonId = sourceHolon;
+      }
+    }
+
     // Check write authorization BEFORE optimistic caching
     // Helper function to detect if a string is a pubkey (64-char hex)
     const isPubkeyHolon = typeof holonId === 'string' && /^[0-9a-f]{64}$/i.test(holonId);
@@ -379,78 +407,17 @@ class HoloSphereBase extends HoloSphereCore {
     // For pubkey-based holons, check if it's our own holon (matches effective writer's pubkey)
     // For non-pubkey holons (H3 cells, UUIDs), skip authorization for backwards compatibility
     const isOwnHolon = effectiveWriterPubKey && (holonId === effectiveWriterPubKey || !isPubkeyHolon);
-    const capToken = options.capabilityToken || options.capability;
-    const actingAsHolon = options.actingAs || options.actingAsHolon;
 
+    // SIMPLIFIED: Everyone can write everywhere (Nostr is open-write).
+    // Non-federated writes are simply invisible on read (filtered out).
+    // Only log for debugging; no capability checks needed.
     if (options.externalWriter) {
-      // App-level authorization already validated (e.g., QR capability token).
-      // Skip holosphere-level auth checks entirely.
-      // The data will be visible to the holon owner because read() skips
-      // author filtering for own-holon reads (d-tag path scopes the data).
-      this._log('DEBUG', '✅ External writer — skipping auth', {
+      this._log('DEBUG', '✅ External writer', {
         writerPubKey: effectiveWriterPubKey?.slice(0, 12) + '...',
         holonId: holonId?.slice(0, 12) + '...'
       });
-      // Fall through to actual write below (skip all auth checks)
     } else if (!isOwnHolon) {
-      // Writing to non-own holon - check authorization
-      // Priority: 1. Explicit capability token, 2. Membership-based access
-
-      if (capToken) {
-        // Explicit capability token provided - verify it
-        const authorized = await this.verifyCapability(capToken, 'write', { holonId, lensName });
-        if (!authorized) {
-          this._log('WARN', '🚫 Write denied: Invalid capability token', { holonId, lensName });
-          throw new AuthorizationError(
-            'Invalid capability token for write operation',
-            'write'
-          );
-        }
-        this._log('DEBUG', '✅ Write authorized via capability token', { holonId, lensName });
-      } else {
-        // No capability token - check unified access control
-        // Uses canAccess() which checks: 1. owner, 2. membership, 3. federation grants (unified)
-        const writerPubKey = effectiveWriterPubKey;
-
-        if (!writerPubKey) {
-          this._log('WARN', '🚫 Write denied: No authenticated user', { holonId, lensName });
-          throw new AuthorizationError(
-            'Authentication required for writing to federated holons',
-            'write'
-          );
-        }
-
-        // Check unified access control
-        const accessCheck = await this.canAccess(holonId, lensName, writerPubKey, 'write', { actingAsHolon });
-
-        if (!accessCheck.allowed) {
-          this._log('WARN', '🚫 Write denied: No write access', {
-            holonId,
-            lensName,
-            reason: accessCheck.reason,
-            via: accessCheck.via,
-            writerPubKey: writerPubKey?.slice(0, 12) + '...'
-          });
-          throw new AuthorizationError(
-            `Write access denied: ${accessCheck.reason}`,
-            'write'
-          );
-        }
-
-        this._log('DEBUG', '✅ Write authorized via unified access control', {
-          holonId,
-          lensName,
-          via: accessCheck.via,
-          reason: accessCheck.reason,
-          grant: accessCheck.grant ? 'yes' : 'no'
-        });
-      }
-    } else if (capToken) {
-      // Own holon with explicit token - validate it anyway
-      const authorized = await this.verifyCapability(capToken, 'write', { holonId, lensName });
-      if (!authorized) {
-        throw new AuthorizationError('AuthorizationError: Invalid capability token for write operation', 'write');
-      }
+      this._log('DEBUG', '📝 Writing to non-own holon (open write)', { holonId, lensName });
     }
 
     if (!data.id) {
@@ -578,14 +545,6 @@ class HoloSphereBase extends HoloSphereCore {
       // Clear from write cache after successful sync (optional - keeps cache smaller)
       // this._writeCache.delete(path);
 
-      // Handle propagation in background
-      const { autoPropagate = true } = options;
-      if (autoPropagate && !data.hologram) {
-        this._log('DEBUG', '📤 Starting propagation', { path });
-        this.propagate(holonId, lensName, data, options.propagationOptions || {})
-          .catch(err => this._log('WARN', '⚠️ Propagation failed', { path, error: err.message }));
-      }
-
       return true;
     } catch (error) {
       const duration = Date.now() - startTime;
@@ -645,26 +604,8 @@ class HoloSphereBase extends HoloSphereCore {
     await storage.write(this.client, path, localData);
 
     if (Object.keys(sourceUpdates).length > 0) {
-      // Verify write capability before updating source
-      const capability = existingData.capability;
-      if (!capability) {
-        throw new Error('Hologram missing capability token for source update');
-      }
-
-      const hasWrite = await crypto.verifyCapability(
-        capability,
-        'write',
-        {
-          holonId: existingData.target.holonId,
-          lensName: existingData.target.lensName,
-          dataId: existingData.target.dataId
-        }
-      );
-
-      if (!hasWrite) {
-        throw new Error('Write capability required to update source data through hologram');
-      }
-
+      // SIMPLIFIED: Everyone can write everywhere (Nostr is open-write).
+      // Just update the source directly through the hologram.
       const sourcePath = storage.buildPath(
         existingData.target.appname || this.config.appName,
         existingData.target.holonId,
@@ -703,15 +644,14 @@ class HoloSphereBase extends HoloSphereCore {
   }
 
   /**
-   * Check if we have a stored capability for a given author and scope.
+   * Check if a pubkey is in our federation.
    *
    * @private
-   * @param {string} authorPubKey - Author's public key
-   * @param {Object} scope - Scope to check (holonId, lensName, dataId)
-   * @returns {Promise<Object|null>} Capability entry or null
+   * @param {string} pubKey - Public key to check
+   * @returns {Promise<boolean>} True if federated
    */
-  async _getCapabilityForAuthor(authorPubKey, scope) {
-    return registry.getCapabilityForAuthor(this.client, this.config.appName, authorPubKey, scope);
+  async _isFederatedWith(pubKey) {
+    return registry.isFederated(this.client, this.config.appName, pubKey);
   }
 
   /**
@@ -890,6 +830,9 @@ class HoloSphereBase extends HoloSphereCore {
    * hologram resolution (including capability verification and recursive
    * chain resolution) to federation.resolveHologram().
    *
+   * Lens holograms (lens: true) are expanded separately — they fetch all
+   * items from the source author's lens and merge them into the result set.
+   *
    * @private
    * @param {Object|Array|null} data - Data that may contain holograms
    * @returns {Promise<Object|Array|null>} Resolved data with holograms replaced by source data
@@ -899,16 +842,71 @@ class HoloSphereBase extends HoloSphereCore {
 
     if (Array.isArray(data)) {
       const resolved = [];
+      const lensHolograms = [];
+
+      // First pass: resolve item holograms, collect lens holograms
       for (const item of data) {
+        if (federation.isLensHologram(item)) {
+          lensHolograms.push(item);
+          continue;
+        }
         const resolvedItem = await this._resolveHolograms(item);
         if (resolvedItem !== null) {
           resolved.push(resolvedItem);
         }
       }
+
+      // Second pass: expand lens holograms
+      if (lensHolograms.length > 0) {
+        const existingIds = new Set(resolved.map(r => r.id));
+
+        for (const lh of lensHolograms) {
+          const target = lh.target || {};
+          const sourcePath = storage.buildPath(
+            target.app || this.config.appName,
+            target.holon,
+            target.lens
+          );
+          try {
+            const items = await storage.readAll(this.client, sourcePath, {
+              authors: [target.author],
+            });
+            if (Array.isArray(items)) {
+              for (const sourceItem of items) {
+                // Skip holograms in the source lens (no transitive expansion)
+                if (sourceItem.hologram) continue;
+                // Deduplicate by id — local items take precedence
+                if (sourceItem.id && !existingIds.has(sourceItem.id)) {
+                  existingIds.add(sourceItem.id);
+                  // Tag with hologram metadata so consumers know the provenance
+                  resolved.push({
+                    ...sourceItem,
+                    _hologram: {
+                      isHologram: true,
+                      soul: lh.soul,
+                      sourceHolon: target.holon,
+                      sourcePubKey: target.author,
+                      lensHologram: true,
+                    },
+                  });
+                }
+              }
+            }
+          } catch (err) {
+            this._log('WARN', '⚠️ Failed to expand lens hologram', {
+              soul: lh.soul,
+              error: err.message,
+            });
+          }
+        }
+      }
+
       return resolved;
     }
 
     if (data?.hologram === true && data.target) {
+      // Lens holograms return null from resolveHologram — they're handled in array context
+      if (data.lens === true) return null;
       return federation.resolveHologram(this.client, data, new Set(), [], {
         appname: this.config.appName,
         deleteCircular: false,
@@ -925,11 +923,9 @@ class HoloSphereBase extends HoloSphereCore {
    * @param {string} lensName - Name of the lens (data category)
    * @param {string|null} [dataId=null] - Specific data ID, or null to read all
    * @param {Object} [options={}] - Read options
-   * @param {string} [options.capabilityToken] - Capability token for authorization
    * @param {boolean} [options.resolveHolograms=true] - Whether to resolve hologram references
    * @returns {Promise<Object|Array|null>} Data object, array of objects, or null if not found
    * @throws {ValidationError} If holonId or lensName is invalid
-   * @throws {AuthorizationError} If capability token is invalid
    */
   async read(holonId, lensName, dataId = null, options = {}) {
     // Auto-convert to strings for convenience
@@ -990,40 +986,16 @@ class HoloSphereBase extends HoloSphereCore {
     if (options.forceRelay) readOptions.forceRelay = true;
     if (options.timeout) readOptions.timeout = options.timeout;
 
-    // Explicit capability token takes precedence
-    const capToken = options.capabilityToken || options.capability;
-    if (capToken) {
-      const authorized = await this.verifyCapability(capToken, 'read', { holonId, lensName, dataId });
-      if (!authorized) {
-        throw new AuthorizationError('AuthorizationError: Invalid capability token for read operation', 'read');
-      }
-      // Use target author for reading
-      if (isOtherAuthor) {
-        readOptions.authors = [targetPubkey];
-      }
-    } else if (isOtherAuthor) {
-      // Auto-check capability for other author's data
-      this._log('DEBUG', '🔍 Looking up capability for federated author', {
-        holonId,
-        lensName,
-        dataId: dataId || '*',
-        targetPubkey: targetPubkey?.slice(0, 12) + '...',
-        myPubkey: this.client?.publicKey?.slice(0, 12) + '...'
-      });
-      const capability = await this._getCapabilityForAuthor(targetPubkey, { holonId, lensName, dataId });
-      if (!capability) {
-        this._log('WARN', '❌ No capability found for federated author - returning empty', {
+    if (isOtherAuthor) {
+      // Reading another author's data — check federation membership
+      const federated = await this._isFederatedWith(targetPubkey);
+      if (!federated) {
+        this._log('DEBUG', '🔍 Not federated with author — returning empty', {
           holonId,
-          lensName,
           targetPubkey: targetPubkey?.slice(0, 12) + '...'
         });
         return dataId ? null : [];
       }
-      this._log('DEBUG', '✅ Capability found for federated author', {
-        holonId,
-        lensName,
-        targetPubkey: targetPubkey?.slice(0, 12) + '...'
-      });
       readOptions.authors = [targetPubkey];
     }
 
@@ -1154,13 +1126,11 @@ class HoloSphereBase extends HoloSphereCore {
    * @param {string} dataId - ID of the data to update
    * @param {Object} updates - Object containing fields to update
    * @param {Object} [options={}] - Update options
-   * @param {string} [options.capabilityToken] - Capability token for authorization
    * @param {boolean} [options.validate=true] - Whether to validate against schema
    * @param {boolean} [options.strict] - Override schema strict mode
    * @param {boolean} [options.blocking=false] - If true, wait for relay confirmation before returning
    * @returns {Promise<boolean>} True if update succeeded, false if data not found
    * @throws {ValidationError} If holonId, lensName, dataId, or updates is invalid
-   * @throws {AuthorizationError} If capability token is invalid
    */
   async update(holonId, lensName, dataId, updates, options = {}) {
     if (!holonId || typeof holonId !== 'string') {
@@ -1176,38 +1146,8 @@ class HoloSphereBase extends HoloSphereCore {
       throw new ValidationError('ValidationError: updates must be an object');
     }
 
-    // Check write authorization BEFORE optimistic caching
-    // Helper function to detect if a string is a pubkey (64-char hex)
-    const isPubkeyHolon = typeof holonId === 'string' && /^[0-9a-f]{64}$/i.test(holonId);
-    // For pubkey-based holons, check if it's our own holon (our pubkey)
-    // For non-pubkey holons (H3 cells, UUIDs), skip authorization for backwards compatibility
-    const isOwnHolon = this.client && (holonId === this.client.publicKey || !isPubkeyHolon);
-    const capToken = options.capabilityToken || options.capability;
-
-    if (!isOwnHolon) {
-      // Updating federated holon - require capability token
-      if (!capToken) {
-        this._log('WARN', '🚫 Update denied: No capability token for federated holon', { holonId, lensName, dataId });
-        throw new AuthorizationError(
-          'Capability token required for writing to federated holons',
-          'write'
-        );
-      }
-      const authorized = await this.verifyCapability(capToken, 'write', { holonId, lensName, dataId });
-      if (!authorized) {
-        this._log('WARN', '🚫 Update denied: Invalid capability token', { holonId, lensName, dataId });
-        throw new AuthorizationError(
-          'Invalid capability token for update operation',
-          'write'
-        );
-      }
-    } else if (capToken) {
-      // Own holon with explicit token - validate it anyway
-      const authorized = await this.verifyCapability(capToken, 'write', { holonId, lensName, dataId });
-      if (!authorized) {
-        throw new AuthorizationError('AuthorizationError: Invalid capability token for update operation', 'write');
-      }
-    }
+    // SIMPLIFIED: Everyone can write everywhere (Nostr is open-write).
+    // No capability checks needed — non-federated updates are invisible on read.
 
     const path = storage.buildPath(this.config.appName, holonId, lensName, dataId);
 
@@ -1320,11 +1260,9 @@ class HoloSphereBase extends HoloSphereCore {
    * @param {string} lensName - Name of the lens (data category)
    * @param {string} dataId - ID of the data to delete
    * @param {Object} [options={}] - Delete options
-   * @param {string} [options.capabilityToken] - Capability token for authorization
    * @param {boolean} [options.blocking=false] - If true, wait for relay confirmation before returning
    * @returns {Promise<boolean>} True if deletion succeeded, false if data not found
    * @throws {ValidationError} If holonId, lensName, or dataId is invalid
-   * @throws {AuthorizationError} If not owner and no valid capability token
    */
   async delete(holonId, lensName, dataId, options = {}) {
     // Auto-convert to strings for convenience
@@ -1357,16 +1295,8 @@ class HoloSphereBase extends HoloSphereCore {
     // For pubkey-based holons, check if it's our own holon (matches effective deleter's pubkey)
     // For non-pubkey holons (H3 cells, UUIDs), skip authorization for backwards compatibility
     const isOwnHolon = effectiveDeleterPubKey && (holonId === effectiveDeleterPubKey || !isPubkeyHolon);
-    const capToken = options.capabilityToken || options.capability;
-
-    if (!isOwnHolon && !capToken) {
-      // Deleting from federated holon without capability token - fail fast
-      this._log('WARN', '🚫 Delete denied: No capability token for federated holon', { holonId, lensName, dataId });
-      throw new AuthorizationError(
-        'Capability token required for writing to federated holons',
-        'delete'
-      );
-    }
+    // SIMPLIFIED: Everyone can write/delete everywhere (Nostr is open-write).
+    // Non-federated deletes are effectively invisible on read.
 
     const path = storage.buildPath(this.config.appName, holonId, lensName, dataId);
 
@@ -1376,7 +1306,6 @@ class HoloSphereBase extends HoloSphereCore {
     let dataSource = cached ? 'write-cache' : null;
 
     if (!existingData) {
-      // When signingKey is provided, read using the signer's pubkey as author
       const readOptions = {};
       if (effectiveDeleterPubKey && effectiveDeleterPubKey !== this.client?.publicKey) {
         readOptions.authors = [effectiveDeleterPubKey];
@@ -1385,7 +1314,6 @@ class HoloSphereBase extends HoloSphereCore {
       dataSource = existingData ? 'storage' : null;
     }
 
-    // Return false if data doesn't exist in cache or storage
     if (!existingData) {
       this._log('DEBUG', '🗑️ DELETE: Data not found', { path });
       return false;
@@ -1393,27 +1321,6 @@ class HoloSphereBase extends HoloSphereCore {
 
     this._log('DEBUG', '🗑️ DELETE: Found data', { path, source: dataSource });
 
-    // Check authorization: data owner can delete, others need capability token
-    const dataOwner = existingData.owner || existingData._creator;
-    const isDataOwner = !dataOwner || dataOwner === this.client.publicKey || dataOwner === effectiveDeleterPubKey;
-
-    if (!isDataOwner) {
-      // Non-data-owner must provide a valid capability token
-      if (!capToken) {
-        throw new AuthorizationError('AuthorizationError: Capability token required for delete operation', 'delete');
-      }
-      const authorized = await this.verifyCapability(capToken, 'delete', { holonId, lensName, dataId });
-      if (!authorized) {
-        throw new AuthorizationError('AuthorizationError: Invalid capability token for delete operation', 'delete');
-      }
-    } else if (capToken) {
-      // Data owner provided a token - validate it anyway
-      const authorized = await this.verifyCapability(capToken, 'delete', { holonId, lensName, dataId });
-      if (!authorized) {
-        throw new AuthorizationError('AuthorizationError: Invalid capability token for delete operation', 'delete');
-      }
-    }
-
     // OPTIMISTIC DELETE: Remove from write cache and add to delete cache
     this._writeCache.delete(path);
     this._deleteCache.add(path);
@@ -1779,7 +1686,6 @@ class HoloSphereBase extends HoloSphereCore {
    */
   async createHologram(sourceHolon, lensName, data, targetHolon = null) {
     const target = targetHolon || sourceHolon;
-    // Use createHologramWithCapability which auto-generates capability for self-operations
     return federation.createHologramWithCapability(
       this.client,
       sourceHolon,
@@ -1787,11 +1693,7 @@ class HoloSphereBase extends HoloSphereCore {
       lensName,
       data.id,
       this.config.appName,
-      {
-        sourceAuthorPubKey: this.client.publicKey,
-        targetAuthorPubKey: this.client.publicKey,
-        permissions: ['read'],
-      }
+      { sourceAuthorPubKey: this.client.publicKey }
     );
   }
 
@@ -1867,7 +1769,6 @@ class HoloSphereBase extends HoloSphereCore {
   async propagateData(data, sourceHolon, targetHolon, lensName, options = {}) {
     // Extract mode from options, default to 'reference' for hologram creation
     const mode = options.mode || 'reference';
-    // UNIFIED MODEL: Pass sourceAuthorPubKey for capability-based federation
     return federation.propagateData(
       this.client,
       this.config.appName,
@@ -1878,7 +1779,6 @@ class HoloSphereBase extends HoloSphereCore {
       mode,
       {
         sourceAuthorPubKey: options.sourceAuthorPubKey || this.client.publicKey,
-        capability: options.capability,
       }
     );
   }
@@ -2078,12 +1978,11 @@ class HoloSphereBase extends HoloSphereCore {
    * @param {string[]} [options.lensConfig.inbound] - Lenses for inbound federation
    * @param {string[]} [options.lensConfig.outbound] - Lenses for outbound federation
    * @param {string} [options.partnerName] - Human-readable name for the partner holon
-   * @param {boolean} [options.skipPropagation=false] - Skip propagating existing data
    * @returns {Promise<boolean>} True if federation was established
    * @throws {Error} If trying to federate a holon with itself
    */
   async federateHolon(sourceHolon, targetHolon, options = {}) {
-    const { lensConfig = { inbound: [], outbound: [] }, partnerName = null, skipPropagation = false } = options;
+    const { lensConfig = { inbound: [], outbound: [] }, partnerName = null } = options;
 
     if (sourceHolon === targetHolon) {
       throw new Error('Cannot federate a holon with itself');
@@ -2142,16 +2041,6 @@ class HoloSphereBase extends HoloSphereCore {
     const success = await this.writeGlobal('federation', federationData);
     this.clearCache('federation');
 
-    // Only propagate existing data if skipPropagation is false
-    if (success && !skipPropagation) {
-      for (const lens of (lensConfig.inbound || [])) {
-        await this.federate(targetHolon, sourceHolon, lens, { direction: 'outbound', mode: 'reference' });
-      }
-      for (const lens of (lensConfig.outbound || [])) {
-        await this.federate(sourceHolon, targetHolon, lens, { direction: 'outbound', mode: 'reference' });
-      }
-    }
-
     return success;
   }
 
@@ -2176,9 +2065,15 @@ class HoloSphereBase extends HoloSphereCore {
       delete federationData.lensConfig[targetHolon];
     }
 
+    if (federationData.partnerNames) {
+      delete federationData.partnerNames[targetHolon];
+    }
+
     const success = await this.writeGlobal('federation', federationData);
     this.clearCache('federation');
 
+    await registry.removeFederatedPartner(this.client, this.config.appName, targetHolon);
+
     if (success && lensConfig) {
       for (const lens of (lensConfig.inbound || [])) {
         await this.unfederate(targetHolon, sourceHolon, lens);
@@ -2248,26 +2143,14 @@ class HoloSphereBase extends HoloSphereCore {
         const isPubkeyHolon = typeof holonId === 'string' && /^[0-9a-f]{64}$/i.test(holonId);
         const isOtherAuthor = isPubkeyHolon && holonId !== this.client.publicKey;
 
-        // For other-author subscriptions, do authorization check before creating subscription
+        // For other-author subscriptions, check federation membership
         if (isOtherAuthor) {
-          const capToken = options.capabilityToken || options.capability;
-          if (capToken) {
-            const authorized = await this.verifyCapability(capToken, 'read', { holonId, lensName });
-            if (!authorized) {
-              this._log('WARN', '❌ Subscribe: invalid capability token - skipping', { holonId, lensName });
-              return;
-            }
-          } else {
-            const capability = await this._getCapabilityForAuthor(holonId, { holonId, lensName });
-            if (!capability) {
-              this._log('WARN', '❌ Subscribe: no capability for federated author - skipping', {
-                holonId, lensName, targetPubkey: holonId?.slice(0, 12) + '...'
-              });
-              return;
-            }
-            this._log('DEBUG', '✅ Subscribe: capability found for federated author', {
+          const federated = await this._isFederatedWith(holonId);
+          if (!federated) {
+            this._log('DEBUG', '🔍 Subscribe: not federated with author - skipping', {
               holonId, lensName, targetPubkey: holonId?.slice(0, 12) + '...'
             });
+            return;
           }
         }
 
@@ -2288,6 +2171,7 @@ class HoloSphereBase extends HoloSphereCore {
 
         // Post-setup enhancement: include federated authors
         // Own-data subscription is already active; this adds partner visibility
+        // Create a second subscription for federated author updates
         if (!isOtherAuthor) {
           try {
             const fedAuthorsPromise = registry.getFederatedAuthors(
@@ -2299,7 +2183,17 @@ class HoloSphereBase extends HoloSphereCore {
             );
             const federatedAuthors = await Promise.race([fedAuthorsPromise, fedAuthorsTimeout]);
             if (federatedAuthors.length > 0) {
-              this._log('DEBUG', 'Subscribe: federated authors found post-setup', { count: federatedAuthors.length });
+              this._log('DEBUG', 'Subscribe: creating subscription for federated authors', { count: federatedAuthors.length });
+              // Create additional subscription for federated authors' updates
+              const fedSubscription = await subscriptions.createSubscription(
+                this.client, path, callback, { ...subscriptionOptions, authors: federatedAuthors }
+              );
+              // Store reference so it can be unsubscribed later
+              if (!unsubscribeCalled) {
+                this.subscriptionRegistry.register(`${subscriptionId}-fed`, fedSubscription);
+              } else {
+                fedSubscription.unsubscribe();
+              }
             }
           } catch (err) {
             this._log('WARN', 'Failed to get federated authors for subscription', { error: err.message });
@@ -2316,6 +2210,8 @@ class HoloSphereBase extends HoloSphereCore {
         unsubscribeCalled = true;
         if (innerSubscription) {
           this.subscriptionRegistry.unregister(subscriptionId);
+          // Also unsubscribe federated authors subscription if it exists
+          this.subscriptionRegistry.unregister(`${subscriptionId}-fed`);
         }
       }
     };
@@ -2376,31 +2272,6 @@ class HoloSphereBase extends HoloSphereCore {
     return crypto.verify(content, signature, publicKey);
   }
 
-  /**
-   * Issues a capability token for authorization.
-   *
-   * @param {string[]} permissions - Array of permissions ('read', 'write', 'delete')
-   * @param {Object} scope - Scope of the capability (holonId, lensName, etc.)
-   * @param {string} recipient - Public key of the recipient
-   * @param {Object} [options] - Additional options
-   * @returns {Promise<string>} Signed capability token
-   */
-  async issueCapability(permissions, scope, recipient, options) {
-    return crypto.issueCapability(permissions, scope, recipient, options);
-  }
-
-  /**
-   * Verifies a capability token.
-   *
-   * @param {string} token - Capability token to verify
-   * @param {string} requiredPermission - Required permission to check
-   * @param {Object} scope - Scope to verify against
-   * @returns {Promise<boolean>} True if token is valid and has required permission
-   */
-  async verifyCapability(token, requiredPermission, scope) {
-    return crypto.verifyCapability(token, requiredPermission, scope);
-  }
-
   // === Social Protocol Operations ===
 
   /**
@@ -2435,34 +2306,13 @@ class HoloSphereBase extends HoloSphereCore {
     return true;
   }
 
-  /**
-   * Publishes an ActivityPub object to a holon.
-   *
-   * @param {Object} object - ActivityPub object
-   * @param {string} object.type - ActivityPub type (Note, Article, etc.)
-   * @param {string} [object.actor] - Actor ID (defaults to client public key)
-   * @param {string} holonId - H3 cell ID for the holon
-   * @param {string} [lensName='social'] - Name of the lens
-   * @returns {Promise<boolean>} True if publish succeeded
-   */
-  async publishActivityPub(object, holonId, lensName = 'social') {
-    // Validate ActivityPub object format
-    social.validateActivityPubObject(object, true); // throwOnError=true
-
-    const activity = social.transformActivityPubObject({
-      ...object,
-      actor: object.actor || this.client.publicKey,
-    });
-    return this.write(holonId, lensName, activity);
-  }
-
   /**
    * Queries social protocol data from a holon.
    *
    * @param {string} holonId - H3 cell ID for the holon
    * @param {Object} [options={}] - Query options
    * @param {string} [options.lens='social'] - Name of the lens
-   * @param {string} [options.protocol] - Filter by protocol ('nostr', 'activitypub', 'all')
+   * @param {string} [options.protocol] - Filter by protocol ('nostr' or 'all')
    * @param {string} [options.type] - Filter by content type
    * @param {number} [options.since] - Filter events after this timestamp
    * @param {number} [options.until] - Filter events before this timestamp
@@ -2785,11 +2635,10 @@ export {
 export { spatial, storage, schema, federation, handshake, crypto, nostrUtils, social, subscriptions, hierarchical };
 
 // Re-export federation submodules
-export { capabilities, requestCard, cardStorage, holonRegistry, registry };
+export { requestCard, cardStorage, holonRegistry, registry };
 
 // Re-export specific utilities used in tests
-export { matchScope } from './crypto/secp256k1.js';
-export { createHologram } from './federation/hologram.js';
+export { createHologram, createLensHologram, isLensHologram, sendShare, sendAck } from './federation/hologram.js';
 
 // Re-export lens encryption utilities
 export { LensKeyStore, buildLensPath, parseLensPath } from './crypto/key-store.js';