kaiwen-core-js 0.1.0

package/README.md

@@ -0,0 +1,108 @@
+# Kaiwen Core JS (kaiwen-core-js)
+
+The official TypeScript/JavaScript SDK for the Kaiwen Ecosystem. This library provides a zero-knowledge, end-to-end encrypted architecture for modern web, Node.js, and React Native applications.
+
+It is 100% interoperable with the Python `kaiwen-core` SDK, allowing seamless, cross-platform synchronization between devices.
+
+## Features
+
+- **Zero-Knowledge Encryption**: All payloads and media assets are encrypted locally on the device before they even touch the network.
+- **Cross-Platform Cryptography**: PBKDF2 (200k iterations) and HKDF derivations for master and app-isolated keys. Fully compatible with Python's `cryptography.hazmat` stack.
+- **AES-256-GCM**: Military-grade authenticated encryption.
+- **Logical Clock Conflict Resolution**: Decentralized, timestamp-agnostic conflict resolution across devices.
+- **Chunked Asset Engine**: Securely encrypt and decrypt massive media files (videos, photos) in 1MB chunks without running out of RAM.
+- **Dependency Inversion**: Easily inject your own Storage Adapters (e.g., SQLite, AsyncStorage, IndexedDB).
+- **TypeScript First**: 100% strictly typed.
+
+---
+
+## Installation
+
+```bash
+npm install kaiwen-core-js
+```
+*(Requires Node.js v18+ or a modern browser environment. WebCrypto API is required.)*
+
+---
+
+## Usage
+
+### 1. Initialization and Login
+
+Initialize the SDK by providing an App ID, the API URL of the Kaiwen Server, and your storage adapter.
+
+```typescript
+import { KaiwenApp, MemoryStorage } from "kaiwen-core-js";
+
+// Initialize the Facade
+const storage = new MemoryStorage(); // Or implement IKWStorage for SQLite/IndexedDB
+const app = new KaiwenApp(
+  "core.kaiwen.notes",          // App ID (Isolated Encryption Domain)
+  "https://api.kaiwen.cloud",   // Kaiwen API Server
+  "your_api_key_here",          // Server API Key
+  storage
+);
+
+// Login (Derives master key and isolated app key using PBKDF2 + HKDF)
+await app.login("apple banana cherry date elderberry fig grape hazelnut ice juice kiwi lemon");
+```
+
+### 2. Saving Encrypted Records
+
+Data is encrypted *before* it is saved to the local database queue.
+
+```typescript
+// Save an end-to-end encrypted note
+const record = await app.saveRecord("user_123", { 
+  title: "My Secret Plan",
+  content: "This is fully encrypted using AES-256-GCM." 
+});
+
+console.log("Locally saved record ID:", record.id);
+```
+
+### 3. Pushing to the Cloud
+
+Once records are saved locally, push the pending queue to the Kaiwen Server.
+
+```typescript
+const pushedCount = await app.pushSync();
+console.log(`Successfully synced ${pushedCount} records to the cloud.`);
+```
+
+### 4. Pulling from the Cloud
+
+Pull changes made by other devices (e.g., a Python desktop app or an iOS device). The SDK will automatically handle decryption and logical clock conflict resolution.
+
+```typescript
+const pulledCount = await app.pullSync();
+console.log(`Fetched ${pulledCount} new or updated records.`);
+
+// Decrypt and read the latest state
+const allRecords = await storage.getAllRecords();
+for (const r of allRecords) {
+    const decryptedPayload = await app.getDecryptedRecord(r.id);
+    console.log("Decrypted Data:", decryptedPayload);
+}
+```
+
+---
+
+## The Kaiwen Ecosystem Architecture
+
+This library implements the precise directory mapping and modularity of the Python `kaiwen-core` SDK:
+
+- `/core`: Exceptions and pipeline flows.
+- `/crypto`: Cryptographic engine (WebCrypto API).
+- `/models`: Database schemas, enums, and migration engines.
+- `/storage`: Vault (Key Management), Interfaces, and Chunked Asset Engine.
+- `/sync`: Network dispatchers.
+- `/utils`: Logging and telemetry.
+
+## Security Notice
+
+- **Never hardcode mnemonics.**
+- **Ensure TLS (HTTPS)** is used when communicating with the `kaiwen_server` to protect metadata (even though payloads are E2E encrypted).
+
+---
+© 2026 Kaiwen Ecosystem. All rights reserved.

package/dist/app.d.ts

@@ -0,0 +1,20 @@
+import { KWVault } from "./storage/vault";
+import { KWMigrationEngine } from "./models/migration";
+import { KWAssetEngine } from "./storage/assets";
+import { KWPipeline } from "./core/pipeline";
+import { IKWStorage } from "./storage/db";
+import { KWRecord } from "./models/record";
+export declare class KaiwenApp {
+    private appId;
+    private storage;
+    vault: KWVault;
+    assetEngine: KWAssetEngine;
+    pipeline: KWPipeline;
+    migration: KWMigrationEngine;
+    constructor(appId: string, apiUrl: string, apiKey: string, storage?: IKWStorage);
+    login(mnemonic: string): Promise<void>;
+    saveRecord(userId: string, payload: any): Promise<KWRecord>;
+    getDecryptedRecord(id: string): Promise<any>;
+    pushSync(): Promise<number>;
+    pullSync(): Promise<number>;
+}

package/dist/app.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KaiwenApp = void 0;
+const vault_1 = require("./storage/vault");
+const engine_1 = require("./crypto/engine");
+const migration_1 = require("./models/migration");
+const assets_1 = require("./storage/assets");
+const pipeline_1 = require("./core/pipeline");
+const db_1 = require("./storage/db");
+const record_1 = require("./models/record");
+const validator_1 = require("./utils/validator");
+class KaiwenApp {
+    constructor(appId, apiUrl, apiKey, storage = new db_1.MemoryStorage()) {
+        this.appId = appId;
+        this.storage = storage;
+        this.vault = new vault_1.KWVault();
+        this.assetEngine = new assets_1.KWAssetEngine(this.vault);
+        this.pipeline = new pipeline_1.KWPipeline(this.vault, storage, apiUrl, apiKey);
+        this.migration = new migration_1.KWMigrationEngine(storage, 1);
+    }
+    async login(mnemonic) {
+        await this.vault.login(mnemonic, this.appId);
+        await this.migration.migrateAll();
+    }
+    async saveRecord(userId, payload) {
+        validator_1.KWValidator.validatePayload(payload);
+        const encrypted = await engine_1.KWCryptoEngine.encryptPayload(payload, this.vault.getKey());
+        const generateId = () => typeof crypto !== 'undefined' && crypto.randomUUID ? crypto.randomUUID() : Math.random().toString(36).substring(2);
+        const record = new record_1.KWRecord(generateId(), this.appId, userId, encrypted, Date.now() / 1000, 0, 1, 1);
+        await this.storage.saveRecord(record.id, record);
+        return record;
+    }
+    async getDecryptedRecord(id) {
+        const record = await this.storage.getRecord(id);
+        if (!record)
+            return null;
+        return await engine_1.KWCryptoEngine.decryptPayload(record.payload, this.vault.getKey());
+    }
+    async pushSync() {
+        return await this.pipeline.pushSync(this.appId);
+    }
+    async pullSync() {
+        return await this.pipeline.pullSync(this.appId);
+    }
+}
+exports.KaiwenApp = KaiwenApp;

package/dist/core/exceptions.d.ts

@@ -0,0 +1,9 @@
+export declare class KWException extends Error {
+    constructor(message: string);
+}
+export declare class VaultLockedException extends KWException {
+    constructor();
+}
+export declare class SyncFailedException extends KWException {
+    constructor(message: string);
+}

package/dist/core/exceptions.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SyncFailedException = exports.VaultLockedException = exports.KWException = void 0;
+class KWException extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "KWException";
+    }
+}
+exports.KWException = KWException;
+class VaultLockedException extends KWException {
+    constructor() {
+        super("Vault is locked. User not authenticated.");
+        this.name = "VaultLockedException";
+    }
+}
+exports.VaultLockedException = VaultLockedException;
+class SyncFailedException extends KWException {
+    constructor(message) {
+        super(`Sync failed: ${message}`);
+        this.name = "SyncFailedException";
+    }
+}
+exports.SyncFailedException = SyncFailedException;

package/dist/core/pipeline.d.ts

@@ -0,0 +1,10 @@
+import { KWVault } from "../storage/vault";
+import { IKWStorage } from "../storage/db";
+export declare class KWPipeline {
+    private vault;
+    private storage;
+    private network;
+    constructor(vault: KWVault, storage: IKWStorage, apiUrl: string, apiKey: string);
+    pushSync(appId: string): Promise<number>;
+    pullSync(appId: string): Promise<number>;
+}

package/dist/core/pipeline.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWPipeline = void 0;
+const network_1 = require("../sync/network");
+const record_1 = require("../models/record");
+const logger_1 = require("../utils/logger");
+class KWPipeline {
+    constructor(vault, storage, apiUrl, apiKey) {
+        this.vault = vault;
+        this.storage = storage;
+        this.network = new network_1.KWNetwork(apiUrl, apiKey);
+    }
+    async pushSync(appId) {
+        logger_1.KWLogger.info("Starting pushSync...");
+        const allRecords = await this.storage.getAllRecords();
+        const pending = allRecords.filter(r => r.is_synced === 0);
+        if (pending.length === 0)
+            return 0;
+        const syncedCount = await this.network.push(pending);
+        for (const r of pending) {
+            r.is_synced = 1;
+            await this.storage.saveRecord(r.id, r);
+        }
+        return syncedCount;
+    }
+    async pullSync(appId) {
+        logger_1.KWLogger.info("Starting pullSync...");
+        const allRecords = await this.storage.getAllRecords();
+        let latestUpdate = 0;
+        allRecords.forEach(r => {
+            if (r.updated_at > latestUpdate)
+                latestUpdate = r.updated_at;
+        });
+        const incomingRecords = await this.network.pull(appId, latestUpdate);
+        let mergedCount = 0;
+        for (const remoteObj of incomingRecords) {
+            const remote = record_1.KWRecord.fromObject(remoteObj);
+            const local = await this.storage.getRecord(remote.id);
+            if (!local || remote.logical_clock > local.logical_clock) {
+                remote.is_synced = 1;
+                await this.storage.saveRecord(remote.id, remote);
+                mergedCount++;
+            }
+        }
+        return mergedCount;
+    }
+}
+exports.KWPipeline = KWPipeline;

package/dist/crypto/engine.d.ts

@@ -0,0 +1,10 @@
+export declare class KWCryptoEngine {
+    private static getSubtleCrypto;
+    private static bufferToBase64;
+    private static base64ToBuffer;
+    static deriveAppKeyFromMnemonic(mnemonic: string, appId: string): Promise<CryptoKey>;
+    static encryptPayload(payload: any, appKey: CryptoKey): Promise<string>;
+    static decryptPayload(encryptedPayloadBase64: string, appKey: CryptoKey): Promise<any>;
+    static encryptAssetChunk(data: Uint8Array, appKey: CryptoKey): Promise<string>;
+    static decryptAssetChunk(encryptedBase64: string, appKey: CryptoKey): Promise<Uint8Array>;
+}

package/dist/crypto/engine.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWCryptoEngine = void 0;
+class KWCryptoEngine {
+    static getSubtleCrypto() {
+        if (typeof crypto !== "undefined" && crypto.subtle) {
+            return crypto.subtle; // Modern Browsers & Deno
+        }
+        // Node.js fallback or RN polyfill
+        if (typeof globalThis !== "undefined" && globalThis.crypto && globalThis.crypto.subtle) {
+            return globalThis.crypto.subtle;
+        }
+        throw new Error("Web Crypto API (crypto.subtle) is not available in this environment.");
+    }
+    static bufferToBase64(buffer) {
+        let binary = '';
+        const len = buffer.byteLength;
+        for (let i = 0; i < len; i++) {
+            binary += String.fromCharCode(buffer[i]);
+        }
+        return btoa(binary);
+    }
+    static base64ToBuffer(base64) {
+        const binary = atob(base64);
+        const len = binary.length;
+        const bytes = new Uint8Array(len);
+        for (let i = 0; i < len; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    static async deriveAppKeyFromMnemonic(mnemonic, appId) {
+        const subtle = this.getSubtleCrypto();
+        const encoder = new TextEncoder();
+        // 1. PBKDF2 Master Key Derivation (matches Python)
+        const pbkdf2KeyMaterial = await subtle.importKey("raw", encoder.encode(mnemonic), { name: "PBKDF2" }, false, ["deriveBits"]);
+        const pbkdf2Salt = encoder.encode("visuality_global_salt");
+        const masterKeyRaw = await subtle.deriveBits({ name: "PBKDF2", salt: pbkdf2Salt, iterations: 200000, hash: "SHA-256" }, pbkdf2KeyMaterial, 256);
+        // 2. HKDF App Key Derivation (matches Python)
+        const hkdfKeyMaterial = await subtle.importKey("raw", masterKeyRaw, { name: "HKDF" }, false, ["deriveKey"]);
+        return await subtle.deriveKey({ name: "HKDF", hash: "SHA-256", salt: new Uint8Array(32), info: encoder.encode(appId) }, hkdfKeyMaterial, { name: "AES-GCM", length: 256 }, false, ["encrypt", "decrypt"]);
+    }
+    static async encryptPayload(payload, appKey) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(JSON.stringify(payload));
+        return this.encryptAssetChunk(data, appKey);
+    }
+    static async decryptPayload(encryptedPayloadBase64, appKey) {
+        const decoder = new TextDecoder();
+        const decryptedBuffer = await this.decryptAssetChunk(encryptedPayloadBase64, appKey);
+        return JSON.parse(decoder.decode(decryptedBuffer));
+    }
+    // Raw Uint8Array Encryption for Asset Engine
+    static async encryptAssetChunk(data, appKey) {
+        const subtle = this.getSubtleCrypto();
+        const iv = new Uint8Array(12);
+        if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+            crypto.getRandomValues(iv);
+        }
+        else {
+            for (let i = 0; i < 12; i++)
+                iv[i] = Math.floor(Math.random() * 256);
+        }
+        const encryptedBuffer = await subtle.encrypt({ name: "AES-GCM", iv: iv }, appKey, data);
+        const encryptedArray = new Uint8Array(encryptedBuffer);
+        const combined = new Uint8Array(iv.length + encryptedArray.length);
+        combined.set(iv, 0);
+        combined.set(encryptedArray, iv.length);
+        return this.bufferToBase64(combined);
+    }
+    static async decryptAssetChunk(encryptedBase64, appKey) {
+        const subtle = this.getSubtleCrypto();
+        const combined = this.base64ToBuffer(encryptedBase64);
+        const iv = combined.slice(0, 12);
+        const ciphertext = combined.slice(12);
+        const decryptedBuffer = await subtle.decrypt({ name: "AES-GCM", iv: iv }, appKey, ciphertext);
+        return new Uint8Array(decryptedBuffer);
+    }
+}
+exports.KWCryptoEngine = KWCryptoEngine;

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { KaiwenApp } from "./app";
+export { IKWStorage, MemoryStorage } from "./storage/db";
+export { KWRecord } from "./models/record";
+export { KWVault } from "./storage/vault";
+export { KWAssetEngine, KWAssetManifest } from "./storage/assets";
+export { KWMigrationEngine } from "./models/migration";
+export { KWCryptoEngine } from "./crypto/engine";
+export { KWPipeline } from "./core/pipeline";
+export { KWSyncStatus, KWRecordType } from "./models/enums";
+export { KWException, VaultLockedException, SyncFailedException } from "./core/exceptions";
+export { KWLogger } from "./utils/logger";
+export { KWTracer } from "./utils/tracer";
+export { KWValidator } from "./utils/validator";
+export { KWNetwork } from "./sync/network";

package/dist/index.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWNetwork = exports.KWValidator = exports.KWTracer = exports.KWLogger = exports.SyncFailedException = exports.VaultLockedException = exports.KWException = exports.KWRecordType = exports.KWSyncStatus = exports.KWPipeline = exports.KWCryptoEngine = exports.KWMigrationEngine = exports.KWAssetEngine = exports.KWVault = exports.KWRecord = exports.MemoryStorage = exports.KaiwenApp = void 0;
+var app_1 = require("./app");
+Object.defineProperty(exports, "KaiwenApp", { enumerable: true, get: function () { return app_1.KaiwenApp; } });
+var db_1 = require("./storage/db");
+Object.defineProperty(exports, "MemoryStorage", { enumerable: true, get: function () { return db_1.MemoryStorage; } });
+var record_1 = require("./models/record");
+Object.defineProperty(exports, "KWRecord", { enumerable: true, get: function () { return record_1.KWRecord; } });
+var vault_1 = require("./storage/vault");
+Object.defineProperty(exports, "KWVault", { enumerable: true, get: function () { return vault_1.KWVault; } });
+var assets_1 = require("./storage/assets");
+Object.defineProperty(exports, "KWAssetEngine", { enumerable: true, get: function () { return assets_1.KWAssetEngine; } });
+var migration_1 = require("./models/migration");
+Object.defineProperty(exports, "KWMigrationEngine", { enumerable: true, get: function () { return migration_1.KWMigrationEngine; } });
+var engine_1 = require("./crypto/engine");
+Object.defineProperty(exports, "KWCryptoEngine", { enumerable: true, get: function () { return engine_1.KWCryptoEngine; } });
+var pipeline_1 = require("./core/pipeline");
+Object.defineProperty(exports, "KWPipeline", { enumerable: true, get: function () { return pipeline_1.KWPipeline; } });
+var enums_1 = require("./models/enums");
+Object.defineProperty(exports, "KWSyncStatus", { enumerable: true, get: function () { return enums_1.KWSyncStatus; } });
+Object.defineProperty(exports, "KWRecordType", { enumerable: true, get: function () { return enums_1.KWRecordType; } });
+var exceptions_1 = require("./core/exceptions");
+Object.defineProperty(exports, "KWException", { enumerable: true, get: function () { return exceptions_1.KWException; } });
+Object.defineProperty(exports, "VaultLockedException", { enumerable: true, get: function () { return exceptions_1.VaultLockedException; } });
+Object.defineProperty(exports, "SyncFailedException", { enumerable: true, get: function () { return exceptions_1.SyncFailedException; } });
+var logger_1 = require("./utils/logger");
+Object.defineProperty(exports, "KWLogger", { enumerable: true, get: function () { return logger_1.KWLogger; } });
+var tracer_1 = require("./utils/tracer");
+Object.defineProperty(exports, "KWTracer", { enumerable: true, get: function () { return tracer_1.KWTracer; } });
+var validator_1 = require("./utils/validator");
+Object.defineProperty(exports, "KWValidator", { enumerable: true, get: function () { return validator_1.KWValidator; } });
+var network_1 = require("./sync/network");
+Object.defineProperty(exports, "KWNetwork", { enumerable: true, get: function () { return network_1.KWNetwork; } });

package/dist/models/enums.d.ts

@@ -0,0 +1,8 @@
+export declare enum KWSyncStatus {
+    PENDING = 0,
+    SYNCED = 1
+}
+export declare enum KWRecordType {
+    TEXT = "text",
+    ASSET = "asset"
+}

package/dist/models/enums.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWRecordType = exports.KWSyncStatus = void 0;
+var KWSyncStatus;
+(function (KWSyncStatus) {
+    KWSyncStatus[KWSyncStatus["PENDING"] = 0] = "PENDING";
+    KWSyncStatus[KWSyncStatus["SYNCED"] = 1] = "SYNCED";
+})(KWSyncStatus || (exports.KWSyncStatus = KWSyncStatus = {}));
+var KWRecordType;
+(function (KWRecordType) {
+    KWRecordType["TEXT"] = "text";
+    KWRecordType["ASSET"] = "asset";
+})(KWRecordType || (exports.KWRecordType = KWRecordType = {}));

package/dist/models/migration.d.ts

@@ -0,0 +1,7 @@
+import { IKWStorage } from "../storage/db";
+export declare class KWMigrationEngine {
+    private storage;
+    private currentSchemaVersion;
+    constructor(storage: IKWStorage, currentSchemaVersion: number);
+    migrateAll(): Promise<void>;
+}

package/dist/models/migration.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWMigrationEngine = void 0;
+class KWMigrationEngine {
+    constructor(storage, currentSchemaVersion) {
+        this.storage = storage;
+        this.currentSchemaVersion = currentSchemaVersion;
+    }
+    async migrateAll() {
+        const records = await this.storage.getAllRecords();
+        for (const record of records) {
+            if (record.schema_version < this.currentSchemaVersion) {
+                record.schema_version = this.currentSchemaVersion;
+                record.updated_at = Date.now() / 1000;
+                record.logical_clock += 1;
+                record.is_synced = 0;
+                await this.storage.saveRecord(record.id, record);
+            }
+        }
+    }
+}
+exports.KWMigrationEngine = KWMigrationEngine;

package/dist/models/record.d.ts

@@ -0,0 +1,12 @@
+export declare class KWRecord {
+    id: string;
+    app_id: string;
+    user_id: string;
+    payload: string;
+    updated_at: number;
+    is_synced: number;
+    schema_version: number;
+    logical_clock: number;
+    constructor(id: string, app_id: string, user_id: string, payload: string, updated_at: number, is_synced?: number, schema_version?: number, logical_clock?: number);
+    static fromObject(obj: any): KWRecord;
+}

package/dist/models/record.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWRecord = void 0;
+class KWRecord {
+    constructor(id, app_id, user_id, payload, updated_at, is_synced = 0, schema_version = 1, logical_clock = 1) {
+        this.id = id;
+        this.app_id = app_id;
+        this.user_id = user_id;
+        this.payload = payload;
+        this.updated_at = updated_at;
+        this.is_synced = is_synced;
+        this.schema_version = schema_version;
+        this.logical_clock = logical_clock;
+    }
+    static fromObject(obj) {
+        return new KWRecord(obj.id, obj.app_id, obj.user_id, obj.payload, obj.updated_at, obj.is_synced, obj.schema_version, obj.logical_clock);
+    }
+}
+exports.KWRecord = KWRecord;

package/dist/models/tracer.d.ts

@@ -0,0 +1,4 @@
+export declare class KWTracerContext {
+    traceId: string;
+    constructor();
+}

package/dist/models/tracer.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWTracerContext = void 0;
+class KWTracerContext {
+    constructor() {
+        this.traceId = typeof crypto !== 'undefined' && crypto.randomUUID ? crypto.randomUUID() : Math.random().toString(36).substring(2);
+    }
+}
+exports.KWTracerContext = KWTracerContext;

package/dist/storage/assets.d.ts

@@ -0,0 +1,17 @@
+import { KWVault } from "./vault";
+export interface KWAssetManifest {
+    assetId: string;
+    totalChunks: number;
+    mimeType: string;
+    size: number;
+}
+export declare class KWAssetEngine {
+    private vault;
+    private readonly CHUNK_SIZE;
+    constructor(vault: KWVault);
+    encryptAsset(fileBuffer: Uint8Array, mimeType: string): Promise<{
+        manifest: KWAssetManifest;
+        encryptedChunks: string[];
+    }>;
+    decryptAsset(encryptedChunks: string[], mimeType: string): Promise<Uint8Array>;
+}

package/dist/storage/assets.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWAssetEngine = void 0;
+const engine_1 = require("../crypto/engine");
+class KWAssetEngine {
+    constructor(vault) {
+        this.vault = vault;
+        this.CHUNK_SIZE = 1024 * 1024; // 1MB
+    }
+    async encryptAsset(fileBuffer, mimeType) {
+        if (!this.vault.isUnlocked())
+            throw new Error("Vault locked");
+        const key = this.vault.getKey();
+        const chunks = [];
+        const generateId = () => typeof crypto !== 'undefined' && crypto.randomUUID ? crypto.randomUUID() : Math.random().toString(36).substring(2);
+        const assetId = generateId();
+        for (let i = 0; i < fileBuffer.length; i += this.CHUNK_SIZE) {
+            const chunk = fileBuffer.slice(i, i + this.CHUNK_SIZE);
+            const encryptedChunk = await engine_1.KWCryptoEngine.encryptAssetChunk(chunk, key);
+            chunks.push(encryptedChunk);
+        }
+        return {
+            manifest: {
+                assetId,
+                totalChunks: chunks.length,
+                mimeType,
+                size: fileBuffer.length
+            },
+            encryptedChunks: chunks
+        };
+    }
+    async decryptAsset(encryptedChunks, mimeType) {
+        if (!this.vault.isUnlocked())
+            throw new Error("Vault locked");
+        const key = this.vault.getKey();
+        let totalLength = 0;
+        const decryptedChunks = [];
+        for (const chunk64 of encryptedChunks) {
+            const decrypted = await engine_1.KWCryptoEngine.decryptAssetChunk(chunk64, key);
+            decryptedChunks.push(decrypted);
+            totalLength += decrypted.length;
+        }
+        const result = new Uint8Array(totalLength);
+        let offset = 0;
+        for (const chunk of decryptedChunks) {
+            result.set(chunk, offset);
+            offset += chunk.length;
+        }
+        return result;
+    }
+}
+exports.KWAssetEngine = KWAssetEngine;

package/dist/storage/db.d.ts

@@ -0,0 +1,12 @@
+import { KWRecord } from "../models/record";
+export interface IKWStorage {
+    saveRecord(id: string, data: KWRecord): Promise<boolean>;
+    getRecord(id: string): Promise<KWRecord | null>;
+    getAllRecords(): Promise<KWRecord[]>;
+}
+export declare class MemoryStorage implements IKWStorage {
+    private store;
+    saveRecord(id: string, data: KWRecord): Promise<boolean>;
+    getRecord(id: string): Promise<KWRecord | null>;
+    getAllRecords(): Promise<KWRecord[]>;
+}

package/dist/storage/db.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryStorage = void 0;
+class MemoryStorage {
+    constructor() {
+        this.store = new Map();
+    }
+    async saveRecord(id, data) {
+        this.store.set(id, data);
+        return true;
+    }
+    async getRecord(id) {
+        return this.store.get(id) || null;
+    }
+    async getAllRecords() {
+        return Array.from(this.store.values());
+    }
+}
+exports.MemoryStorage = MemoryStorage;

package/dist/storage/vault.d.ts

@@ -0,0 +1,7 @@
+export declare class KWVault {
+    private appKey;
+    login(mnemonic: string, appId: string): Promise<void>;
+    isUnlocked(): boolean;
+    getKey(): CryptoKey;
+    lock(): void;
+}

package/dist/storage/vault.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWVault = void 0;
+const engine_1 = require("../crypto/engine");
+const exceptions_1 = require("../core/exceptions");
+class KWVault {
+    constructor() {
+        this.appKey = null;
+    }
+    async login(mnemonic, appId) {
+        this.appKey = await engine_1.KWCryptoEngine.deriveAppKeyFromMnemonic(mnemonic, appId);
+    }
+    isUnlocked() {
+        return this.appKey !== null;
+    }
+    getKey() {
+        if (!this.appKey)
+            throw new exceptions_1.VaultLockedException();
+        return this.appKey;
+    }
+    lock() {
+        this.appKey = null;
+    }
+}
+exports.KWVault = KWVault;