lsh-framework 2.0.2 → 2.1.1

package/README.md

@@ -8,21 +8,22 @@
 
 Traditional secret management tools are either too complex, too expensive, or require vendor lock-in. LSH gives you:
 
-- **Encrypted sync** across all your machines using IPFS content-addressed storage
+- **True multi-host sync** via IPFS network (Storacha) - enabled by default in v2.1.0!
+- **Encrypted sync** with AES-256 encryption before upload
 - **Automatic rotation** with built-in daemon scheduling
 - **Team collaboration** with shared encryption keys
 - **Multi-environment** support (dev/staging/prod)
-- **Local-first** - works offline, your data stays on your machine
-- **Free & Open Source** - no per-seat pricing, no cloud dependencies
+- **Local-first** - works offline, graceful fallback to local cache
+- **Free & Open Source** - no per-seat pricing, 5GB free tier on Storacha
 
 **Plus, you get a complete shell automation platform as a bonus.**
 
 ## Quick Start
 
-**New to LSH?** LSH uses IPFS-based local storage - zero configuration needed!
-- **Local-first** - All secrets stored encrypted on your machine at `~/.lsh/secrets-cache/`
-- **No cloud required** - Works completely offline
-- **Team sync** - Share encryption key to sync across team members
+**New to LSH?** Choose your sync method:
+- **Storacha (IPFS network)** - One-time email auth, automatic multi-host sync (NEW in v2.1.0!)
+- **Local storage** - Zero config, works offline, encrypted at `~/.lsh/secrets-cache/`
+- **Supabase** - Team collaboration with audit logs and role-based access
 
 ### Quick Install (Works Immediately!)
 
@@ -196,6 +197,63 @@ lsh sync-history show
 
 See [IPFS Sync Records Documentation](docs/features/IPFS_SYNC_RECORDS.md) for complete details.
 
+### 🌐 Multi-Host IPFS Network Sync (New in v2.1.0!)
+
+**True multi-host sync via Storacha (IPFS network) - enabled by default!**
+
+LSH now syncs secrets across all your machines via the IPFS network with zero configuration after one-time email authentication.
+
+```bash
+# On Host A (MacBook) - One-time setup
+lsh storacha login [email protected]
+# ✅ Email verification → payment plan → space created automatically
+
+# Push secrets (automatic network sync)
+cd ~/repos/my-project
+lsh push --env dev
+# 📤 Uploaded to Storacha: bafkrei...
+#    ☁️  Synced to IPFS network
+
+# On Host B (Linux server) - One-time setup
+lsh storacha login [email protected]
+
+# Pull secrets (automatic network download)
+cd ~/repos/my-project
+lsh pull --env dev
+# 📥 Downloading from Storacha: bafkrei...
+# ✅ Downloaded from IPFS network
+```
+
+**Features:**
+- ✅ **Default enabled** - Works automatically after authentication
+- ✅ **One-time setup** - Just authenticate with email per machine
+- ✅ **Encrypted before upload** - AES-256 encryption (secrets never leave your machine unencrypted)
+- ✅ **Graceful fallback** - Uses local cache if network unavailable
+- ✅ **Content-addressed** - IPFS CIDs ensure tamper-proof integrity
+- ✅ **Free tier** - 5GB storage on Storacha's free plan
+
+**How it works:**
+1. Your secrets are encrypted locally with `LSH_SECRETS_KEY`
+2. Encrypted data is uploaded to IPFS via Storacha
+3. On another machine, LSH downloads from IPFS using the content ID (CID)
+4. Secrets are decrypted locally with the same encryption key
+5. Local cache speeds up offline access
+
+**Check status:**
+```bash
+lsh storacha status
+# 🔐 Authentication: ✅ Authenticated
+# 🌐 Network Sync: ✅ Enabled
+# 📦 Spaces: lsh-secrets (current)
+```
+
+**Disable network sync (local cache only):**
+```bash
+lsh storacha disable
+# Or set environment variable:
+export LSH_STORACHA_ENABLED=false
+```
+
 ### 🔐 Secrets Management
 
 - **AES-256 Encryption** - Military-grade encryption for all secrets

package/dist/cli.js

@@ -12,6 +12,7 @@ import { registerConfigCommands } from './commands/config.js';
 import { registerSyncHistoryCommands } from './commands/sync-history.js';
 import { registerIPFSCommands } from './commands/ipfs.js';
 import { registerMigrateCommand } from './commands/migrate.js';
+import { registerStorachaCommands } from './commands/storacha.js';
 import { init_daemon } from './services/daemon/daemon.js';
 import { init_supabase } from './services/supabase/supabase.js';
 import { init_cron } from './services/cron/cron.js';
@@ -148,6 +149,7 @@ function findSimilarCommands(input, validCommands) {
     registerSyncHistoryCommands(program);
     registerIPFSCommands(program);
     registerMigrateCommand(program);
+    registerStorachaCommands(program);
     // Secrets management (primary feature)
     await init_secrets(program);
     // Supporting services

package/dist/commands/init.js

@@ -18,6 +18,7 @@ export function registerInitCommands(program) {
         .command('init')
         .description('Interactive setup wizard (first-time configuration)')
         .option('--local', 'Use local-only encryption (no cloud sync)')
+        .option('--storacha', 'Use Storacha IPFS network sync (recommended)')
         .option('--supabase', 'Use Supabase cloud storage')
         .option('--postgres', 'Use self-hosted PostgreSQL')
         .option('--skip-test', 'Skip connection testing')
@@ -58,7 +59,10 @@ async function runSetupWizard(options) {
     }
     // Determine storage type
     let storageType;
-    if (options.local) {
+    if (options.storacha) {
+        storageType = 'storacha';
+    }
+    else if (options.local) {
         storageType = 'local';
     }
     else if (options.postgres) {
@@ -76,19 +80,23 @@ async function runSetupWizard(options) {
                 message: 'Choose storage backend:',
                 choices: [
                     {
-                        name: 'Supabase (free, cloud-hosted, recommended)',
+                        name: '🌐 Storacha (IPFS network, zero-config, recommended)',
+                        value: 'storacha',
+                    },
+                    {
+                        name: '☁️  Supabase (cloud-hosted, team collaboration)',
                         value: 'supabase',
                     },
                     {
-                        name: 'Local encryption (file-based, no cloud sync)',
+                        name: '💾 Local encryption (file-based, no cloud sync)',
                         value: 'local',
                     },
                     {
-                        name: 'Self-hosted PostgreSQL',
+                        name: '🐘 Self-hosted PostgreSQL',
                         value: 'postgres',
                     },
                 ],
-                default: 'supabase',
+                default: 'storacha',
             },
         ]);
         storageType = storage;
@@ -98,7 +106,10 @@ async function runSetupWizard(options) {
         encryptionKey: generateEncryptionKey(),
     };
     // Configure based on storage type
-    if (storageType === 'supabase') {
+    if (storageType === 'storacha') {
+        await configureStoracha(config);
+    }
+    else if (storageType === 'supabase') {
         await configureSupabase(config, options.skipTest);
     }
     else if (storageType === 'postgres') {
@@ -195,6 +206,34 @@ async function testSupabaseConnection(url, key) {
         throw new Error(`Could not connect to Supabase: ${err.message}`);
     }
 }
+/**
+ * Configure Storacha IPFS network sync
+ */
+async function configureStoracha(config) {
+    console.log(chalk.cyan('\n🌐 Storacha IPFS Network Sync'));
+    console.log(chalk.gray('Zero-config multi-host secrets sync via IPFS network'));
+    console.log('');
+    const answers = await inquirer.prompt([
+        {
+            type: 'input',
+            name: 'email',
+            message: 'Enter your email for Storacha authentication:',
+            validate: (input) => {
+                if (!input.trim())
+                    return 'Email is required';
+                if (!input.includes('@'))
+                    return 'Must be a valid email address';
+                return true;
+            },
+        },
+    ]);
+    config.storachaEmail = answers.email.trim();
+    console.log('');
+    console.log(chalk.yellow('📧 Please check your email to complete authentication.'));
+    console.log(chalk.gray('   After setup completes, run:'));
+    console.log(chalk.cyan('   lsh storacha login ' + config.storachaEmail));
+    console.log('');
+}
 /**
  * Configure self-hosted PostgreSQL
  */
@@ -270,6 +309,9 @@ async function saveConfiguration(config) {
         if (config.storageType === 'local') {
             updates.LSH_STORAGE_MODE = 'local';
         }
+        if (config.storageType === 'storacha') {
+            updates.LSH_STORACHA_ENABLED = 'true';
+        }
         // Update .env content
         for (const [key, value] of Object.entries(updates)) {
             const regex = new RegExp(`^${key}=.*$`, 'm');
@@ -335,7 +377,10 @@ function showSuccessMessage(config) {
     console.log(chalk.gray('   Share it with your team to sync secrets.'));
     console.log('');
     // Storage info
-    if (config.storageType === 'supabase') {
+    if (config.storageType === 'storacha') {
+        console.log(chalk.cyan('🌐 Using Storacha IPFS network sync'));
+    }
+    else if (config.storageType === 'supabase') {
         console.log(chalk.cyan('☁️  Using Supabase cloud storage'));
     }
     else if (config.storageType === 'postgres') {
@@ -348,21 +393,37 @@ function showSuccessMessage(config) {
     // Next steps
     console.log(chalk.bold('🚀 Next steps:'));
     console.log('');
-    console.log(chalk.gray('   1. Verify your setup:'));
-    console.log(chalk.cyan('      lsh doctor'));
-    console.log('');
-    if (config.storageType !== 'local') {
+    if (config.storageType === 'storacha') {
+        console.log(chalk.gray('   1. Authenticate with Storacha:'));
+        console.log(chalk.cyan(`      lsh storacha login ${config.storachaEmail || 'your@email.com'}`));
+        console.log('');
         console.log(chalk.gray('   2. Push your secrets:'));
         console.log(chalk.cyan('      lsh push --env dev'));
+        console.log(chalk.gray('      (Automatically uploads to IPFS network)'));
         console.log('');
         console.log(chalk.gray('   3. On another machine:'));
-        console.log(chalk.cyan('      lsh init          ') + chalk.gray('# Use the same credentials'));
+        console.log(chalk.cyan('      lsh init --storacha'));
+        console.log(chalk.cyan('      lsh storacha login your@email.com'));
         console.log(chalk.cyan('      lsh pull --env dev'));
+        console.log(chalk.gray('      (Automatically downloads from IPFS network)'));
     }
     else {
-        console.log(chalk.gray('   2. Start managing secrets:'));
-        console.log(chalk.cyan('      lsh set API_KEY myvalue'));
-        console.log(chalk.cyan('      lsh list'));
+        console.log(chalk.gray('   1. Verify your setup:'));
+        console.log(chalk.cyan('      lsh doctor'));
+        console.log('');
+        if (config.storageType !== 'local') {
+            console.log(chalk.gray('   2. Push your secrets:'));
+            console.log(chalk.cyan('      lsh push --env dev'));
+            console.log('');
+            console.log(chalk.gray('   3. On another machine:'));
+            console.log(chalk.cyan('      lsh init          ') + chalk.gray('# Use the same credentials'));
+            console.log(chalk.cyan('      lsh pull --env dev'));
+        }
+        else {
+            console.log(chalk.gray('   2. Start managing secrets:'));
+            console.log(chalk.cyan('      lsh set API_KEY myvalue'));
+            console.log(chalk.cyan('      lsh list'));
+        }
     }
     console.log('');
     console.log(chalk.gray('📖 Documentation: https://github.com/gwicho38/lsh'));

package/dist/commands/storacha.js

@@ -0,0 +1,208 @@
+/**
+ * Storacha Commands
+ * Manage Storacha (IPFS network) authentication and configuration
+ */
+import { getStorachaClient } from '../lib/storacha-client.js';
+export function registerStorachaCommands(program) {
+    const storacha = program
+        .command('storacha')
+        .description('Manage Storacha (IPFS network) sync');
+    // Login command
+    storacha
+        .command('login <email>')
+        .description('Authenticate with Storacha via email')
+        .action(async (email) => {
+        try {
+            const client = getStorachaClient();
+            console.log('\n🔐 Storacha Authentication\n');
+            console.log('━'.repeat(60));
+            console.log('');
+            await client.login(email);
+        }
+        catch (error) {
+            const err = error;
+            console.error('\n❌ Authentication failed:', err.message);
+            console.error('');
+            console.error('💡 Troubleshooting:');
+            console.error('   - Check your email for the verification link');
+            console.error('   - Complete signup at: https://console.storacha.network/');
+            console.error('   - Ensure you have an active internet connection');
+            console.error('');
+            process.exit(1);
+        }
+    });
+    // Status command
+    storacha
+        .command('status')
+        .description('Show Storacha authentication and configuration status')
+        .action(async () => {
+        try {
+            const client = getStorachaClient();
+            const status = await client.getStatus();
+            console.log('\n☁️  Storacha Status\n');
+            console.log('━'.repeat(60));
+            console.log('');
+            // Authentication status
+            console.log('🔐 Authentication:');
+            if (status.authenticated) {
+                console.log(`   Status: ✅ Authenticated`);
+                if (status.email) {
+                    console.log(`   Email: ${status.email}`);
+                }
+            }
+            else {
+                console.log(`   Status: ❌ Not authenticated`);
+                console.log('');
+                console.log('💡 To authenticate:');
+                console.log('   lsh storacha login [email protected]');
+            }
+            console.log('');
+            // Network sync status
+            console.log('🌐 Network Sync:');
+            console.log(`   Enabled: ${status.enabled ? '✅ Yes' : '❌ No'}`);
+            if (!status.enabled) {
+                console.log('');
+                console.log('💡 To enable:');
+                console.log('   export LSH_STORACHA_ENABLED=true');
+                console.log('   # Add to ~/.bashrc or ~/.zshrc for persistence');
+            }
+            console.log('');
+            // Spaces status
+            if (status.authenticated) {
+                console.log('📦 Spaces:');
+                if (status.spaces.length === 0) {
+                    console.log('   No spaces found');
+                    console.log('');
+                    console.log('💡 Create a space:');
+                    console.log('   lsh storacha space create my-space');
+                }
+                else {
+                    console.log(`   Total: ${status.spaces.length}`);
+                    if (status.currentSpace) {
+                        console.log(`   Current: ${status.currentSpace}`);
+                    }
+                    console.log('');
+                    console.log('   Available spaces:');
+                    status.spaces.forEach(space => {
+                        const marker = space.name === status.currentSpace ? '→' : ' ';
+                        console.log(`   ${marker} ${space.name}`);
+                    });
+                }
+                console.log('');
+            }
+            // Quick actions
+            console.log('💡 Quick Actions:');
+            if (!status.authenticated) {
+                console.log('   lsh storacha login [email protected]');
+            }
+            else if (!status.enabled) {
+                console.log('   export LSH_STORACHA_ENABLED=true');
+            }
+            else {
+                console.log('   lsh push    # Will sync to Storacha network');
+                console.log('   lsh pull    # Will download from Storacha if needed');
+            }
+            console.log('');
+            console.log('━'.repeat(60));
+            console.log('');
+        }
+        catch (error) {
+            const err = error;
+            console.error('❌ Failed to get status:', err.message);
+            process.exit(1);
+        }
+    });
+    // Space commands
+    const space = storacha
+        .command('space')
+        .description('Manage Storacha spaces');
+    space
+        .command('create <name>')
+        .description('Create a new space')
+        .action(async (name) => {
+        try {
+            const client = getStorachaClient();
+            const status = await client.getStatus();
+            if (!status.authenticated) {
+                console.error('❌ Not authenticated');
+                console.error('');
+                console.error('💡 First, authenticate:');
+                console.error('   lsh storacha login [email protected]');
+                process.exit(1);
+            }
+            console.log(`\n🆕 Creating space: ${name}...\n`);
+            await client.createSpace(name);
+            console.log('');
+        }
+        catch (error) {
+            const err = error;
+            console.error('\n❌ Failed to create space:', err.message);
+            process.exit(1);
+        }
+    });
+    space
+        .command('list')
+        .description('List all spaces')
+        .action(async () => {
+        try {
+            const client = getStorachaClient();
+            const status = await client.getStatus();
+            if (!status.authenticated) {
+                console.error('❌ Not authenticated');
+                console.error('');
+                console.error('💡 First, authenticate:');
+                console.error('   lsh storacha login [email protected]');
+                process.exit(1);
+            }
+            console.log('\n📦 Storacha Spaces\n');
+            console.log('━'.repeat(60));
+            console.log('');
+            if (status.spaces.length === 0) {
+                console.log('No spaces found');
+                console.log('');
+                console.log('💡 Create a space:');
+                console.log('   lsh storacha space create my-space');
+            }
+            else {
+                status.spaces.forEach((space, index) => {
+                    const marker = space.name === status.currentSpace ? '→' : ' ';
+                    console.log(`${marker} ${index + 1}. ${space.name}`);
+                    console.log(`   DID: ${space.did}`);
+                    console.log(`   Registered: ${space.registered}`);
+                    console.log('');
+                });
+                if (status.currentSpace) {
+                    console.log(`Current space: ${status.currentSpace}`);
+                }
+            }
+            console.log('━'.repeat(60));
+            console.log('');
+        }
+        catch (error) {
+            const err = error;
+            console.error('❌ Failed to list spaces:', err.message);
+            process.exit(1);
+        }
+    });
+    // Enable/disable commands
+    storacha
+        .command('enable')
+        .description('Enable Storacha network sync')
+        .action(() => {
+        const client = getStorachaClient();
+        client.enable();
+        console.log('');
+        console.log('💡 For persistence, add to your shell profile:');
+        console.log('   echo "export LSH_STORACHA_ENABLED=true" >> ~/.bashrc');
+        console.log('   # or ~/.zshrc for zsh');
+        console.log('');
+    });
+    storacha
+        .command('disable')
+        .description('Disable Storacha network sync (local cache only)')
+        .action(() => {
+        const client = getStorachaClient();
+        client.disable();
+        console.log('');
+    });
+}

package/dist/lib/ipfs-secrets-storage.js

@@ -7,6 +7,7 @@ import * as path from 'path';
 import * as os from 'os';
 import * as crypto from 'crypto';
 import { createLogger } from './logger.js';
+import { getStorachaClient } from './storacha-client.js';
 const logger = createLogger('IPFSSecretsStorage');
 /**
  * IPFS Secrets Storage
@@ -63,8 +64,21 @@ export class IPFSSecretsStorage {
             if (gitRepo) {
                 logger.info(`   Repository: ${gitRepo}/${gitBranch || 'main'}`);
             }
-            // TODO: In future, upload to real IPFS network via Storacha
-            // For now, using local storage with IPFS-compatible CIDs
+            // Upload to Storacha network if enabled
+            const storacha = getStorachaClient();
+            if (storacha.isEnabled()) {
+                try {
+                    const filename = `lsh-secrets-${environment}-${cid}.encrypted`;
+                    // encryptedData is already a Buffer, pass it directly
+                    await storacha.upload(Buffer.from(encryptedData), filename);
+                    logger.info(`   ☁️  Synced to Storacha network`);
+                }
+                catch (error) {
+                    const err = error;
+                    logger.warn(`   ⚠️  Storacha upload failed: ${err.message}`);
+                    logger.warn(`   Secrets are still cached locally`);
+                }
+            }
             return cid;
         }
         catch (error) {
@@ -84,9 +98,34 @@ export class IPFSSecretsStorage {
                 throw new Error(`No secrets found for environment: ${environment}`);
             }
             // Try to load from local cache
-            const cachedData = await this.loadLocally(metadata.cid);
+            let cachedData = await this.loadLocally(metadata.cid);
+            // If not in cache, try downloading from Storacha
+            if (!cachedData) {
+                const storacha = getStorachaClient();
+                if (storacha.isEnabled()) {
+                    try {
+                        logger.info(`   ☁️  Downloading from Storacha network...`);
+                        const downloadedData = await storacha.download(metadata.cid);
+                        // Store in local cache for future use
+                        await this.storeLocally(metadata.cid, downloadedData.toString('utf-8'), environment);
+                        cachedData = downloadedData.toString('utf-8');
+                        logger.info(`   ✅ Downloaded and cached from Storacha`);
+                    }
+                    catch (error) {
+                        const err = error;
+                        throw new Error(`Secrets not in cache and Storacha download failed: ${err.message}`);
+                    }
+                }
+                else {
+                    throw new Error(`Secrets not found in cache. CID: ${metadata.cid}\n\n` +
+                        `💡 Tip: Enable Storacha network sync:\n` +
+                        `   export LSH_STORACHA_ENABLED=true\n` +
+                        `   Or set up Supabase: lsh supabase init`);
+                }
+            }
+            // At this point cachedData is guaranteed to be a string
             if (!cachedData) {
-                throw new Error(`Secrets not found in cache. CID: ${metadata.cid}`);
+                throw new Error(`Failed to retrieve secrets for environment: ${environment}`);
             }
             // Decrypt secrets
             const secrets = this.decryptSecrets(cachedData, encryptionKey);

package/dist/lib/storacha-client.js

@@ -0,0 +1,263 @@
+/**
+ * Storacha Client Wrapper
+ * Provides IPFS network sync via Storacha (formerly web3.storage)
+ */
+import * as Storacha from '@storacha/client';
+import * as fs from 'fs';
+import * as path from 'path';
+import { homedir } from 'os';
+import { logger } from './logger.js';
+export class StorachaClient {
+    client = null;
+    configPath;
+    config;
+    constructor() {
+        const lshDir = path.join(homedir(), '.lsh');
+        this.configPath = path.join(lshDir, 'storacha-config.json');
+        // Ensure directory exists
+        if (!fs.existsSync(lshDir)) {
+            fs.mkdirSync(lshDir, { recursive: true });
+        }
+        // Load config
+        this.config = this.loadConfig();
+    }
+    /**
+     * Load Storacha configuration
+     */
+    loadConfig() {
+        try {
+            if (fs.existsSync(this.configPath)) {
+                const data = fs.readFileSync(this.configPath, 'utf-8');
+                return JSON.parse(data);
+            }
+        }
+        catch (_error) {
+            logger.warn('Failed to load Storacha config, using defaults');
+        }
+        // Default to enabled unless explicitly disabled
+        const envDisabled = process.env.LSH_STORACHA_ENABLED === 'false';
+        return {
+            enabled: !envDisabled,
+        };
+    }
+    /**
+     * Save Storacha configuration
+     */
+    saveConfig() {
+        try {
+            fs.writeFileSync(this.configPath, JSON.stringify(this.config, null, 2));
+        }
+        catch (error) {
+            logger.error('Failed to save Storacha config:', error);
+        }
+    }
+    /**
+     * Check if Storacha is enabled
+     * Default: enabled (unless explicitly disabled via LSH_STORACHA_ENABLED=false)
+     */
+    isEnabled() {
+        // Explicitly disabled via env var
+        if (process.env.LSH_STORACHA_ENABLED === 'false') {
+            return false;
+        }
+        // Use config setting (defaults to true)
+        return this.config.enabled;
+    }
+    /**
+     * Get or create Storacha client
+     */
+    async getClient() {
+        if (this.client) {
+            return this.client;
+        }
+        try {
+            // Create client (it will use default store for Node.js)
+            this.client = await Storacha.create();
+            return this.client;
+        }
+        catch (error) {
+            const err = error;
+            throw new Error(`Failed to create Storacha client: ${err.message}`);
+        }
+    }
+    /**
+     * Check if user is authenticated
+     */
+    async isAuthenticated() {
+        try {
+            const client = await this.getClient();
+            const accountsRecord = await client.accounts();
+            // Convert Record to array
+            const accounts = Object.values(accountsRecord);
+            return accounts.length > 0;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Login with email (triggers email verification)
+     */
+    async login(email) {
+        try {
+            const client = await this.getClient();
+            logger.info(`📧 Sending verification email to ${email}...`);
+            logger.info('   Click the link in your email to complete authentication.');
+            // This will wait for email confirmation
+            const account = await client.login(email);
+            logger.info('✅ Email verified!');
+            // Wait for payment plan selection (15 min timeout)
+            logger.info('⏳ Waiting for payment plan selection...');
+            logger.info('   Please complete the signup at: https://console.storacha.network/');
+            await account.plan.wait();
+            logger.info('✅ Payment plan confirmed!');
+            // Save email to config
+            this.config.email = email;
+            this.saveConfig();
+            // Check if space exists, create default if not
+            const spaces = await client.spaces();
+            if (spaces.length === 0) {
+                logger.info('🆕 Creating default space: "lsh-secrets"...');
+                const space = await client.createSpace('lsh-secrets', { account });
+                await client.setCurrentSpace(space.did());
+                this.config.spaceName = 'lsh-secrets';
+                this.saveConfig();
+                logger.info('✅ Default space created and activated!');
+            }
+            else {
+                logger.info(`✅ Found ${spaces.length} existing space(s)`);
+                // Set first space as current if none selected
+                const currentSpace = await client.currentSpace();
+                if (!currentSpace) {
+                    await client.setCurrentSpace(spaces[0].did());
+                    logger.info(`   Activated space: ${spaces[0].name || 'unnamed'}`);
+                }
+            }
+            logger.info('');
+            logger.info('🎉 Storacha setup complete!');
+            logger.info('   Enable network sync: export LSH_STORACHA_ENABLED=true');
+            logger.info('   Or add to ~/.bashrc or ~/.zshrc');
+        }
+        catch (error) {
+            const err = error;
+            throw new Error(`Login failed: ${err.message}`);
+        }
+    }
+    /**
+     * Get current authentication status
+     */
+    async getStatus() {
+        const authenticated = await this.isAuthenticated();
+        if (!authenticated) {
+            return {
+                authenticated: false,
+                spaces: [],
+                enabled: this.isEnabled(),
+            };
+        }
+        const client = await this.getClient();
+        const spacesRecord = await client.spaces();
+        // Convert Record to array
+        const spacesArray = Object.values(spacesRecord);
+        const currentSpace = await client.currentSpace();
+        return {
+            authenticated: true,
+            email: this.config.email,
+            currentSpace: currentSpace?.name || currentSpace?.did(),
+            spaces: spacesArray.map(s => ({
+                did: s.did(),
+                name: s.name || 'unnamed',
+                registered: new Date().toISOString(), // Space doesn't have registered field
+            })),
+            enabled: this.isEnabled(),
+        };
+    }
+    /**
+     * Create a new space
+     */
+    async createSpace(name) {
+        const client = await this.getClient();
+        const accountsRecord = await client.accounts();
+        const accounts = Object.values(accountsRecord);
+        if (accounts.length === 0) {
+            throw new Error('Not authenticated. Run: lsh storacha login <email>');
+        }
+        const space = await client.createSpace(name, { account: accounts[0] });
+        await client.setCurrentSpace(space.did());
+        this.config.spaceName = name;
+        this.saveConfig();
+        logger.info(`✅ Space "${name}" created and activated`);
+    }
+    /**
+     * Upload data to Storacha
+     * Returns CID of uploaded content
+     */
+    async upload(data, filename) {
+        if (!this.isEnabled()) {
+            throw new Error('Storacha is not enabled. Set LSH_STORACHA_ENABLED=true');
+        }
+        if (!await this.isAuthenticated()) {
+            throw new Error('Not authenticated. Run: lsh storacha login <email>');
+        }
+        const client = await this.getClient();
+        // Create File from buffer using Uint8Array view
+        const uint8Array = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+        // TypeScript has issues with ArrayBufferLike vs ArrayBuffer, use type assertion
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const file = new File([uint8Array], filename, { type: 'application/octet-stream' });
+        // Upload file
+        const cid = await client.uploadFile(file);
+        logger.info(`📤 Uploaded to Storacha: ${cid}`);
+        logger.info(`   Gateway: https://${cid}.ipfs.storacha.link`);
+        return cid.toString();
+    }
+    /**
+     * Download data from Storacha via IPFS gateway
+     * Returns data buffer
+     */
+    async download(cid) {
+        const gatewayUrl = `https://${cid}.ipfs.storacha.link`;
+        try {
+            logger.info(`📥 Downloading from Storacha: ${cid}...`);
+            const response = await fetch(gatewayUrl);
+            if (!response.ok) {
+                throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+            }
+            const arrayBuffer = await response.arrayBuffer();
+            const buffer = Buffer.from(arrayBuffer);
+            logger.info(`✅ Downloaded ${buffer.length} bytes from Storacha`);
+            return buffer;
+        }
+        catch (error) {
+            const err = error;
+            throw new Error(`Failed to download from Storacha: ${err.message}`);
+        }
+    }
+    /**
+     * Enable Storacha network sync
+     */
+    enable() {
+        this.config.enabled = true;
+        this.saveConfig();
+        logger.info('✅ Storacha network sync enabled');
+    }
+    /**
+     * Disable Storacha network sync
+     */
+    disable() {
+        this.config.enabled = false;
+        this.saveConfig();
+        logger.info('⏸️  Storacha network sync disabled (using local cache only)');
+    }
+}
+// Singleton instance
+let storachaClient = null;
+/**
+ * Get singleton Storacha client instance
+ */
+export function getStorachaClient() {
+    if (!storachaClient) {
+        storachaClient = new StorachaClient();
+    }
+    return storachaClient;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lsh-framework",
-  "version": "2.0.2",
+  "version": "2.1.1",
   "description": "Simple, cross-platform encrypted secrets manager with automatic sync, IPFS audit logs, and multi-environment support. Just run lsh sync and start managing your secrets.",
   "main": "dist/app.js",
   "bin": {