react-native-nitro-storage 0.3.1 → 0.4.0

package/README.md

@@ -14,11 +14,37 @@ Synchronous Memory, Disk, and Secure storage in one unified API — powered by [
 - **Biometric storage** — hardware-backed biometric protection on iOS & Android
 - **Auth storage factory** — `createSecureAuthStorage` for multi-token auth flows
 - **Batch operations** — atomic multi-key get/set/remove via native batch APIs
+- **Prefix queries** — fast key/value scans with `storage.getKeysByPrefix` and `storage.getByPrefix`
+- **Versioned writes** — optimistic concurrency with `item.getWithVersion()` and `item.setIfVersion(...)`
+- **Performance metrics** — observe operation timings and aggregate snapshots
+- **Web secure backend override** — plug custom secure storage backend on web
 - **Transactions** — grouped writes with automatic rollback on error
 - **Migrations** — versioned data migrations with `registerMigration` / `migrateToLatest`
 - **MMKV migration** — drop-in `migrateFromMMKV` for painless migration from MMKV
 - **Cross-platform** — iOS, Android, and web (`localStorage` fallback)
 
+## Feature Coverage
+
+Every feature in this package is documented with at least one runnable example in this README:
+
+- Core item API (`createStorageItem`, `get/set/delete/has/subscribe`) — see Quick Start and Low-level subscription use case
+- Hooks (`useStorage`, `useStorageSelector`, `useSetStorage`) — see Quick Start and Persisted User Preferences
+- Scopes (`Memory`, `Disk`, `Secure`) — see Storage Scopes and multiple use cases
+- Namespaces — see Multi-Tenant / Namespaced Storage
+- TTL expiration + callbacks — see OTP / Temporary Codes
+- Validation + recovery — see Feature Flags with Validation
+- Biometric + access control — see Biometric-protected Secrets
+- Global storage utilities (`clear*`, `has`, `getAll*`, `size`, secure write settings) — see Global utility examples and Storage Snapshots and Cleanup
+- Prefix utilities (`getKeysByPrefix`, `getByPrefix`) — see Prefix Queries and Namespace Inspection
+- Versioned item API (`getWithVersion`, `setIfVersion`) — see Optimistic Versioned Writes
+- Metrics API (`setMetricsObserver`, `getMetricsSnapshot`, `resetMetrics`) — see Storage Metrics Instrumentation
+- Web secure backend override (`setWebSecureStorageBackend`, `getWebSecureStorageBackend`) — see Custom Web Secure Backend
+- Batch APIs (`getBatch`, `setBatch`, `removeBatch`) — see Batch Operations and Bulk Bootstrap with Batch APIs
+- Transactions — see Transactions and Atomic Balance Transfer
+- Migrations (`registerMigration`, `migrateToLatest`) — see Migrations
+- MMKV migration (`migrateFromMMKV`) — see MMKV Migration and Migrating From MMKV
+- Auth storage factory (`createSecureAuthStorage`) — see Auth Token Management
+
 ## Requirements
 
 | Dependency                   | Version     |
@@ -167,21 +193,35 @@ function createStorageItem<T = undefined>(
 | `coalesceSecureWrites` | `boolean`                        | `false`        | Batch same-tick Secure writes per key                          |
 | `namespace`            | `string`                         | —              | Prefix key as `namespace:key` for isolation                    |
 | `biometric`            | `boolean`                        | `false`        | Require biometric auth (Secure scope only)                     |
+| `biometricLevel`       | `BiometricLevel`                 | `None`         | Biometric policy (`BiometryOrPasscode` / `BiometryOnly`)       |
 | `accessControl`        | `AccessControl`                  | —              | Keychain access control level (native only)                    |
 
 **Returned `StorageItem<T>`:**
 
-| Method / Property | Type                                     | Description                                        |
-| ----------------- | ---------------------------------------- | -------------------------------------------------- |
-| `get()`           | `() => T`                                | Read current value (synchronous)                   |
-| `set(value)`      | `(value: T \| ((prev: T) => T)) => void` | Write a value or updater function                  |
-| `delete()`        | `() => void`                             | Remove the stored value (resets to `defaultValue`) |
-| `has()`           | `() => boolean`                          | Check if a value exists in storage                 |
-| `subscribe(cb)`   | `(cb: () => void) => () => void`         | Listen for changes, returns unsubscribe            |
-| `serialize`       | `(v: T) => string`                       | The item's serializer                              |
-| `deserialize`     | `(v: string) => T`                       | The item's deserializer                            |
-| `scope`           | `StorageScope`                           | The item's scope                                   |
-| `key`             | `string`                                 | The resolved key (includes namespace prefix)       |
+| Method / Property   | Type                                                                 | Description                                            |
+| ------------------- | -------------------------------------------------------------------- | ------------------------------------------------------ |
+| `get()`             | `() => T`                                                            | Read current value (synchronous)                       |
+| `getWithVersion()`  | `() => { value: T; version: StorageVersion }`                        | Read value plus current storage version token          |
+| `set(value)`        | `(value: T \| ((prev: T) => T)) => void`                             | Write a value or updater function                      |
+| `setIfVersion(...)` | `(version: StorageVersion, value: T \| ((prev: T) => T)) => boolean` | Write only if version matches (optimistic concurrency) |
+| `delete()`          | `() => void`                                                         | Remove the stored value (resets to `defaultValue`)     |
+| `has()`             | `() => boolean`                                                      | Check if a value exists in storage                     |
+| `subscribe(cb)`     | `(cb: () => void) => () => void`                                     | Listen for changes, returns unsubscribe                |
+| `serialize`         | `(v: T) => string`                                                   | The item's serializer                                  |
+| `deserialize`       | `(v: string) => T`                                                   | The item's deserializer                                |
+| `scope`             | `StorageScope`                                                       | The item's scope                                       |
+| `key`               | `string`                                                             | The resolved key (includes namespace prefix)           |
+
+**Non-React subscription example:**
+
+```ts
+const unsubscribe = sessionItem.subscribe(() => {
+  console.log("session changed:", sessionItem.get());
+});
+
+sessionItem.set("next-session");
+unsubscribe();
+```
 
 ---
 
@@ -220,21 +260,93 @@ setToken("new-token");
 import { storage, StorageScope } from "react-native-nitro-storage";
 ```
 
-| Method                                  | Description                                                                  |
-| --------------------------------------- | ---------------------------------------------------------------------------- |
-| `storage.clear(scope)`                  | Clear all keys in a scope (`Secure` also clears biometric entries)           |
-| `storage.clearAll()`                    | Clear Memory + Disk + Secure                                                 |
-| `storage.clearNamespace(ns, scope)`     | Remove only keys matching a namespace                                        |
-| `storage.clearBiometric()`              | Remove all biometric-prefixed keys                                           |
-| `storage.has(key, scope)`               | Check if a key exists                                                        |
-| `storage.getAllKeys(scope)`             | Get all key names                                                            |
-| `storage.getAll(scope)`                 | Get all key-value pairs as `Record<string, string>`                          |
-| `storage.size(scope)`                   | Number of stored keys                                                        |
-| `storage.setAccessControl(level)`       | Set default secure access control for subsequent secure writes (native only) |
-| `storage.setKeychainAccessGroup(group)` | Set keychain access group for app sharing (native only)                      |
+| Method                                   | Description                                                                  |
+| ---------------------------------------- | ---------------------------------------------------------------------------- |
+| `storage.clear(scope)`                   | Clear all keys in a scope (`Secure` also clears biometric entries)           |
+| `storage.clearAll()`                     | Clear Memory + Disk + Secure                                                 |
+| `storage.clearNamespace(ns, scope)`      | Remove only keys matching a namespace                                        |
+| `storage.clearBiometric()`               | Remove all biometric-prefixed keys                                           |
+| `storage.has(key, scope)`                | Check if a key exists                                                        |
+| `storage.getAllKeys(scope)`              | Get all key names                                                            |
+| `storage.getKeysByPrefix(prefix, scope)` | Get keys that start with a prefix                                            |
+| `storage.getByPrefix(prefix, scope)`     | Get raw key-value pairs for keys matching a prefix                           |
+| `storage.getAll(scope)`                  | Get all key-value pairs as `Record<string, string>`                          |
+| `storage.size(scope)`                    | Number of stored keys                                                        |
+| `storage.setAccessControl(level)`        | Set default secure access control for subsequent secure writes (native only) |
+| `storage.setSecureWritesAsync(enabled)`  | Toggle async secure writes on Android (`false` by default)                   |
+| `storage.flushSecureWrites()`            | Force flush of queued secure writes when coalescing is enabled               |
+| `storage.setKeychainAccessGroup(group)`  | Set keychain access group for app sharing (native only)                      |
+| `storage.setMetricsObserver(observer?)`  | Subscribe to per-operation timing events                                     |
+| `storage.getMetricsSnapshot()`           | Get aggregate counters/latency stats keyed by operation                      |
+| `storage.resetMetrics()`                 | Reset in-memory metrics counters                                             |
 
 > `storage.getAll(StorageScope.Secure)` returns regular secure entries. Biometric-protected values are not included in this snapshot API.
 
+#### Global utility examples
+
+```ts
+import {
+  AccessControl,
+  storage,
+  StorageScope,
+} from "react-native-nitro-storage";
+
+storage.has("session", StorageScope.Disk);
+storage.getAllKeys(StorageScope.Disk);
+storage.getKeysByPrefix("user-42:", StorageScope.Disk);
+storage.getByPrefix("user-42:", StorageScope.Disk);
+storage.getAll(StorageScope.Disk);
+storage.size(StorageScope.Disk);
+
+storage.clearNamespace("user-42", StorageScope.Disk);
+storage.clearBiometric();
+
+storage.setAccessControl(AccessControl.WhenUnlockedThisDeviceOnly);
+storage.setKeychainAccessGroup("group.com.example.shared");
+
+storage.clear(StorageScope.Memory);
+storage.clearAll();
+```
+
+#### Android secure write mode
+
+`storage.setSecureWritesAsync(true)` switches secure writes from synchronous `commit()` to asynchronous `apply()` on Android.  
+Use this for non-critical secure writes when lower latency matters more than immediate durability.
+
+Call `storage.flushSecureWrites()` when you need deterministic persistence boundaries (for example before namespace clears, process handoff, or strict test assertions).
+
+```ts
+import { storage } from "react-native-nitro-storage";
+
+storage.setSecureWritesAsync(true);
+
+// ...multiple secure writes happen (including coalesced item writes)
+
+storage.flushSecureWrites(); // deterministic durability boundary
+```
+
+#### Custom web secure backend
+
+By default, web Secure scope uses `localStorage` with `__secure_` key prefixing. You can replace it with a custom backend (for example encrypted IndexedDB adapter).
+
+```ts
+import {
+  getWebSecureStorageBackend,
+  setWebSecureStorageBackend,
+} from "react-native-nitro-storage";
+
+setWebSecureStorageBackend({
+  getItem: (key) => encryptedStore.get(key) ?? null,
+  setItem: (key, value) => encryptedStore.set(key, value),
+  removeItem: (key) => encryptedStore.delete(key),
+  clear: () => encryptedStore.clear(),
+  getAllKeys: () => encryptedStore.keys(),
+});
+
+const backend = getWebSecureStorageBackend();
+console.log("custom backend active:", backend !== undefined);
+```
+
 ---
 
 ### `createSecureAuthStorage<K>(config, options?)`
@@ -250,7 +362,7 @@ function createSecureAuthStorage<K extends string>(
 
 - Default namespace: `"auth"`
 - Each key is a separate `StorageItem<string>` with `StorageScope.Secure`
-- Supports per-key TTL, biometric, and access control
+- Supports per-key TTL, biometric level policy, and access control
 
 ---
 
@@ -398,11 +510,11 @@ enum BiometricLevel {
 ### Persisted User Preferences
 
 ```ts
-interface UserPreferences {
+type UserPreferences = {
   theme: "light" | "dark" | "system";
   language: string;
   notifications: boolean;
-}
+};
 
 const prefsItem = createStorageItem<UserPreferences>({
   key: "prefs",
@@ -446,21 +558,29 @@ storage.clearNamespace("myapp-auth", StorageScope.Secure);
 ### Feature Flags with Validation
 
 ```ts
-interface FeatureFlags {
+type FeatureFlags = {
   darkMode: boolean;
   betaFeature: boolean;
   maxUploadMb: number;
-}
+};
+
+const isRecord = (value: unknown): value is Record<string, unknown> =>
+  typeof value === "object" && value !== null;
+
+const isFeatureFlags = (value: unknown): value is FeatureFlags => {
+  if (!isRecord(value)) return false;
+  return (
+    typeof value.darkMode === "boolean" &&
+    typeof value.betaFeature === "boolean" &&
+    typeof value.maxUploadMb === "number"
+  );
+};
 
 const flagsItem = createStorageItem<FeatureFlags>({
   key: "feature-flags",
   scope: StorageScope.Disk,
   defaultValue: { darkMode: false, betaFeature: false, maxUploadMb: 10 },
-  validate: (v): v is FeatureFlags =>
-    typeof v === "object" &&
-    v !== null &&
-    typeof (v as any).darkMode === "boolean" &&
-    typeof (v as any).maxUploadMb === "number",
+  validate: isFeatureFlags,
   onValidationError: () => ({
     darkMode: false,
     betaFeature: false,
@@ -471,6 +591,29 @@ const flagsItem = createStorageItem<FeatureFlags>({
 });
 ```
 
+### Biometric-protected Secrets
+
+```ts
+import {
+  AccessControl,
+  BiometricLevel,
+  createStorageItem,
+  StorageScope,
+} from "react-native-nitro-storage";
+
+const paymentPin = createStorageItem<string>({
+  key: "payment-pin",
+  scope: StorageScope.Secure,
+  defaultValue: "",
+  biometricLevel: BiometricLevel.BiometryOnly,
+  accessControl: AccessControl.WhenPasscodeSetThisDeviceOnly,
+});
+
+paymentPin.set("4829");
+const pin = paymentPin.get();
+paymentPin.delete();
+```
+
 ### Multi-Tenant / Namespaced Storage
 
 ```ts
@@ -515,6 +658,40 @@ otpItem.set("482917");
 const code = otpItem.get();
 ```
 
+### Bulk Bootstrap with Batch APIs
+
+```ts
+import {
+  createStorageItem,
+  getBatch,
+  removeBatch,
+  setBatch,
+  StorageScope,
+} from "react-native-nitro-storage";
+
+const firstName = createStorageItem({
+  key: "first-name",
+  scope: StorageScope.Disk,
+  defaultValue: "",
+});
+const lastName = createStorageItem({
+  key: "last-name",
+  scope: StorageScope.Disk,
+  defaultValue: "",
+});
+
+setBatch(
+  [
+    { item: firstName, value: "Ada" },
+    { item: lastName, value: "Lovelace" },
+  ],
+  StorageScope.Disk,
+);
+
+const [first, last] = getBatch([firstName, lastName], StorageScope.Disk);
+removeBatch([firstName, lastName], StorageScope.Disk);
+```
+
 ### Atomic Balance Transfer
 
 ```ts
@@ -555,6 +732,116 @@ const compactItem = createStorageItem<{ id: number; active: boolean }>({
 });
 ```
 
+### Coalesced Secure Writes with Deterministic Flush
+
+```ts
+import {
+  createStorageItem,
+  storage,
+  StorageScope,
+} from "react-native-nitro-storage";
+
+const sessionToken = createStorageItem<string>({
+  key: "session-token",
+  scope: StorageScope.Secure,
+  defaultValue: "",
+  coalesceSecureWrites: true,
+});
+
+sessionToken.set("token-v1");
+sessionToken.set("token-v2");
+
+// force pending secure writes to native persistence
+storage.flushSecureWrites();
+```
+
+### Storage Snapshots and Cleanup
+
+```ts
+import { storage, StorageScope } from "react-native-nitro-storage";
+
+const diskKeys = storage.getAllKeys(StorageScope.Disk);
+const diskValues = storage.getAll(StorageScope.Disk);
+const secureCount = storage.size(StorageScope.Secure);
+
+if (storage.has("legacy-flag", StorageScope.Disk)) {
+  storage.clearNamespace("legacy", StorageScope.Disk);
+}
+
+storage.clearBiometric();
+```
+
+### Prefix Queries and Namespace Inspection
+
+```ts
+import { storage, StorageScope } from "react-native-nitro-storage";
+
+const userKeys = storage.getKeysByPrefix("user-42:", StorageScope.Disk);
+const userRawEntries = storage.getByPrefix("user-42:", StorageScope.Disk);
+
+console.log(userKeys);
+console.log(userRawEntries);
+```
+
+### Optimistic Versioned Writes
+
+```ts
+import { createStorageItem, StorageScope } from "react-native-nitro-storage";
+
+const profileItem = createStorageItem({
+  key: "profile",
+  scope: StorageScope.Disk,
+  defaultValue: { name: "Guest" },
+});
+
+const snapshot = profileItem.getWithVersion();
+const didWrite = profileItem.setIfVersion(snapshot.version, {
+  ...snapshot.value,
+  name: "Ada",
+});
+
+if (!didWrite) {
+  // value changed since snapshot; reload and retry
+}
+```
+
+### Storage Metrics Instrumentation
+
+```ts
+import { storage } from "react-native-nitro-storage";
+
+storage.setMetricsObserver((event) => {
+  console.log(
+    `[nitro-storage] ${event.operation} scope=${event.scope} duration=${event.durationMs}ms keys=${event.keysCount}`,
+  );
+});
+
+const metrics = storage.getMetricsSnapshot();
+console.log(metrics["item:get"]?.avgDurationMs);
+
+storage.resetMetrics();
+storage.setMetricsObserver(undefined);
+```
+
+### Low-level Subscription (outside React)
+
+```ts
+import { createStorageItem, StorageScope } from "react-native-nitro-storage";
+
+const notificationsItem = createStorageItem<boolean>({
+  key: "notifications-enabled",
+  scope: StorageScope.Disk,
+  defaultValue: true,
+});
+
+const unsubscribe = notificationsItem.subscribe(() => {
+  console.log("notifications changed:", notificationsItem.get());
+});
+
+notificationsItem.set(false);
+unsubscribe();
+```
+
 ### Migrating From MMKV
 
 ```ts
@@ -587,6 +874,12 @@ import type {
   MigrationContext,
   Migration,
   TransactionContext,
+  StorageVersion,
+  VersionedValue,
+  StorageMetricsEvent,
+  StorageMetricsObserver,
+  StorageMetricSummary,
+  WebSecureStorageBackend,
   MMKVLike,
   SecureAuthStorageConfig,
 } from "react-native-nitro-storage";
@@ -600,7 +893,11 @@ From repository root:
 
 ```bash
 bun run test -- --filter=react-native-nitro-storage
+bun run lint -- --filter=react-native-nitro-storage
+bun run format:check -- --filter=react-native-nitro-storage
 bun run typecheck -- --filter=react-native-nitro-storage
+bun run test:types -- --filter=react-native-nitro-storage
+bun run test:cpp -- --filter=react-native-nitro-storage
 bun run build -- --filter=react-native-nitro-storage
 ```
 
@@ -612,7 +909,10 @@ bun run test:coverage   # run tests with coverage
 bun run lint            # eslint (expo-magic rules)
 bun run format:check    # prettier check
 bun run typecheck       # tsc --noEmit
-bun run build           # tsup build
+bun run test:types      # public type-level API tests
+bun run test:cpp        # C++ binding/core tests
+bun run check:pack      # npm pack content guard
+bun run build           # bob build
 bun run benchmark       # performance benchmarks
 ```
 

package/android/CMakeLists.txt

@@ -11,6 +11,8 @@ file(GLOB SOURCES
   "../cpp/core/*.cpp"
   "./src/main/cpp/*.cpp"
 )
+# Unit/integration C++ tests define `main()` and must never be linked into the Android shared library.
+list(FILTER SOURCES EXCLUDE REGEX ".*/[^/]*Test\\.cpp$")
 
 # 2. Create the library target
 add_library(

package/android/src/main/cpp/AndroidStorageAdapterCpp.cpp

@@ -90,6 +90,14 @@ std::vector<std::string> AndroidStorageAdapterCpp::getAllKeysDisk() {
     return fromJavaStringArray(keys);
 }
 
+std::vector<std::string> AndroidStorageAdapterCpp::getKeysByPrefixDisk(const std::string& prefix) {
+    static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<
+        local_ref<JavaStringArray>(std::string)
+    >("getKeysByPrefixDisk");
+    auto keys = method(AndroidStorageAdapterJava::javaClassStatic(), prefix);
+    return fromJavaStringArray(keys);
+}
+
 size_t AndroidStorageAdapterCpp::sizeDisk() {
     static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<jint()>("sizeDisk");
     return static_cast<size_t>(method(AndroidStorageAdapterJava::javaClassStatic()));
@@ -166,6 +174,14 @@ std::vector<std::string> AndroidStorageAdapterCpp::getAllKeysSecure() {
     return fromJavaStringArray(keys);
 }
 
+std::vector<std::string> AndroidStorageAdapterCpp::getKeysByPrefixSecure(const std::string& prefix) {
+    static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<
+        local_ref<JavaStringArray>(std::string)
+    >("getKeysByPrefixSecure");
+    auto keys = method(AndroidStorageAdapterJava::javaClassStatic(), prefix);
+    return fromJavaStringArray(keys);
+}
+
 size_t AndroidStorageAdapterCpp::sizeSecure() {
     static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<jint()>("sizeSecure");
     return static_cast<size_t>(method(AndroidStorageAdapterJava::javaClassStatic()));
@@ -213,13 +229,21 @@ void AndroidStorageAdapterCpp::clearSecure() {
 // --- Config (no-ops on Android; access control / groups are iOS-specific) ---
 
 void AndroidStorageAdapterCpp::setSecureAccessControl(int /*level*/) {}
+void AndroidStorageAdapterCpp::setSecureWritesAsync(bool enabled) {
+    static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<void(jboolean)>("setSecureWritesAsync");
+    method(AndroidStorageAdapterJava::javaClassStatic(), enabled);
+}
 void AndroidStorageAdapterCpp::setKeychainAccessGroup(const std::string& /*group*/) {}
 
 // --- Biometric ---
 
 void AndroidStorageAdapterCpp::setSecureBiometric(const std::string& key, const std::string& value) {
-    static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<void(std::string, std::string)>("setSecureBiometric");
-    method(AndroidStorageAdapterJava::javaClassStatic(), key, value);
+    setSecureBiometricWithLevel(key, value, 2);
+}
+
+void AndroidStorageAdapterCpp::setSecureBiometricWithLevel(const std::string& key, const std::string& value, int level) {
+    static auto method = AndroidStorageAdapterJava::javaClassStatic()->getStaticMethod<void(std::string, std::string, jint)>("setSecureBiometricWithLevel");
+    method(AndroidStorageAdapterJava::javaClassStatic(), key, value, level);
 }
 
 std::optional<std::string> AndroidStorageAdapterCpp::getSecureBiometric(const std::string& key) {

package/android/src/main/cpp/AndroidStorageAdapterCpp.hpp

@@ -30,6 +30,7 @@ public:
     void deleteDisk(const std::string& key) override;
     bool hasDisk(const std::string& key) override;
     std::vector<std::string> getAllKeysDisk() override;
+    std::vector<std::string> getKeysByPrefixDisk(const std::string& prefix) override;
     size_t sizeDisk() override;
     void setDiskBatch(const std::vector<std::string>& keys, const std::vector<std::string>& values) override;
     std::vector<std::optional<std::string>> getDiskBatch(const std::vector<std::string>& keys) override;
@@ -40,6 +41,7 @@ public:
     void deleteSecure(const std::string& key) override;
     bool hasSecure(const std::string& key) override;
     std::vector<std::string> getAllKeysSecure() override;
+    std::vector<std::string> getKeysByPrefixSecure(const std::string& prefix) override;
     size_t sizeSecure() override;
     void setSecureBatch(const std::vector<std::string>& keys, const std::vector<std::string>& values) override;
     std::vector<std::optional<std::string>> getSecureBatch(const std::vector<std::string>& keys) override;
@@ -49,9 +51,11 @@ public:
     void clearSecure() override;
 
     void setSecureAccessControl(int level) override;
+    void setSecureWritesAsync(bool enabled) override;
     void setKeychainAccessGroup(const std::string& group) override;
 
     void setSecureBiometric(const std::string& key, const std::string& value) override;
+    void setSecureBiometricWithLevel(const std::string& key, const std::string& value, int level) override;
     std::optional<std::string> getSecureBiometric(const std::string& key) override;
     void deleteSecureBiometric(const std::string& key) override;
     bool hasSecureBiometric(const std::string& key) override;