react-native-nitro-storage 0.4.4 → 0.5.0

package/ios/IOSStorageAdapterCpp.mm

@@ -9,6 +9,12 @@ static NSString* const kKeychainService = @"com.nitrostorage.keychain";
 static NSString* const kBiometricKeychainService = @"com.nitrostorage.biometric";
 static NSString* const kDiskSuiteName = @"com.nitrostorage.disk";
 
+static std::runtime_error taggedStorageError(const char* code, const std::string& message) {
+    return std::runtime_error(
+        std::string("[nitro-error:") + code + "] " + message
+    );
+}
+
 static NSUserDefaults* NitroDiskDefaults() {
     static NSUserDefaults* defaults = [[NSUserDefaults alloc] initWithSuiteName:kDiskSuiteName];
     return defaults ?: [NSUserDefaults standardUserDefaults];
@@ -191,7 +197,8 @@ static std::vector<std::string> keychainAccountsForService(NSString* service, NS
     std::vector<std::string> keys;
     OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &result);
     if (status == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
@@ -247,7 +254,8 @@ void IOSStorageAdapterCpp::setSecure(const std::string& key, const std::string&
         const OSStatus addStatus = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
         if (addStatus != errSecSuccess) {
             if (addStatus == errSecInteractionNotAllowed) {
-                throw std::runtime_error(
+                throw taggedStorageError(
+                    "keychain_locked",
                     "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
                     "The item is not accessible until the device is unlocked."
                 );
@@ -261,7 +269,8 @@ void IOSStorageAdapterCpp::setSecure(const std::string& key, const std::string&
     }
 
     if (status == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
@@ -292,7 +301,8 @@ std::optional<std::string> IOSStorageAdapterCpp::getSecure(const std::string& ke
         if (str) return std::string([str UTF8String]);
     }
     if (status == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
@@ -312,7 +322,8 @@ void IOSStorageAdapterCpp::deleteSecure(const std::string& key) {
     NSMutableDictionary* secureQuery = baseKeychainQuery(nsKey, kKeychainService, group);
     OSStatus secureStatus = SecItemDelete((__bridge CFDictionaryRef)secureQuery);
     if (secureStatus == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
@@ -321,7 +332,8 @@ void IOSStorageAdapterCpp::deleteSecure(const std::string& key) {
     NSMutableDictionary* biometricQuery = baseKeychainQuery(nsKey, kBiometricKeychainService, group);
     OSStatus biometricStatus = SecItemDelete((__bridge CFDictionaryRef)biometricQuery);
     if (biometricStatus == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
@@ -427,7 +439,10 @@ void IOSStorageAdapterCpp::clearSecure() {
     OSStatus secStatus = SecItemDelete((__bridge CFDictionaryRef)secureQuery);
     if (secStatus != errSecSuccess && secStatus != errSecItemNotFound) {
         if (secStatus == errSecInteractionNotAllowed) {
-            throw std::runtime_error("NitroStorage: Cannot clear secure storage: keychain is locked (errSecInteractionNotAllowed)");
+            throw taggedStorageError(
+                "keychain_locked",
+                "NitroStorage: Cannot clear secure storage: keychain is locked (errSecInteractionNotAllowed)"
+            );
         }
         throw std::runtime_error(
             std::string("NitroStorage: clearSecure failed with status ") + std::to_string(secStatus));
@@ -443,7 +458,10 @@ void IOSStorageAdapterCpp::clearSecure() {
     OSStatus bioStatus = SecItemDelete((__bridge CFDictionaryRef)biometricQuery);
     if (bioStatus != errSecSuccess && bioStatus != errSecItemNotFound) {
         if (bioStatus == errSecInteractionNotAllowed) {
-            throw std::runtime_error("NitroStorage: Cannot clear biometric storage: keychain is locked (errSecInteractionNotAllowed)");
+            throw taggedStorageError(
+                "keychain_locked",
+                "NitroStorage: Cannot clear biometric storage: keychain is locked (errSecInteractionNotAllowed)"
+            );
         }
         throw std::runtime_error(
             std::string("NitroStorage: clearSecureBiometric failed with status ") + std::to_string(bioStatus));
@@ -533,7 +551,10 @@ void IOSStorageAdapterCpp::setSecureBiometricWithLevel(const std::string& key, c
     if (error || !access) {
         if (access) CFRelease(access);
         if (error) CFRelease(error);
-        throw std::runtime_error("NitroStorage: Failed to create biometric access control");
+        throw taggedStorageError(
+            "biometric_unavailable",
+            "NitroStorage: Failed to create biometric access control"
+        );
     }
 
     NSMutableDictionary* attrs = baseKeychainQuery(nsKey, kBiometricKeychainService, group);
@@ -546,14 +567,16 @@ void IOSStorageAdapterCpp::setSecureBiometricWithLevel(const std::string& key, c
             try {
                 setSecure(key, *backup);
             } catch (const std::exception& restoreEx) {
-                throw std::runtime_error(
+                throw taggedStorageError(
+                    "biometric_unavailable",
                     std::string("NitroStorage: Biometric set failed with status ") +
                     std::to_string(addStatus) +
                     " and previous value restoration also failed: " + restoreEx.what());
             }
         }
         if (addStatus == errSecInteractionNotAllowed) {
-            throw std::runtime_error(
+            throw taggedStorageError(
+                "keychain_locked",
                 "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
                 "The item is not accessible until the device is unlocked."
             );
@@ -586,13 +609,17 @@ std::optional<std::string> IOSStorageAdapterCpp::getSecureBiometric(const std::s
         if (str) return std::string([str UTF8String]);
     }
     if (status == errSecInteractionNotAllowed) {
-        throw std::runtime_error(
+        throw taggedStorageError(
+            "keychain_locked",
             "NitroStorage: Keychain is locked (errSecInteractionNotAllowed). "
             "The item is not accessible until the device is unlocked."
         );
     }
     if (status == errSecUserCanceled || status == errSecAuthFailed) {
-        throw std::runtime_error("NitroStorage: Biometric authentication failed");
+        throw taggedStorageError(
+            "authentication_required",
+            "NitroStorage: Biometric authentication failed"
+        );
     }
     return std::nullopt;
 }
@@ -640,7 +667,10 @@ void IOSStorageAdapterCpp::clearSecureBiometric() {
     OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
     if (status != errSecSuccess && status != errSecItemNotFound) {
         if (status == errSecInteractionNotAllowed) {
-            throw std::runtime_error("NitroStorage: Cannot clear biometric storage: keychain is locked (errSecInteractionNotAllowed)");
+            throw taggedStorageError(
+                "keychain_locked",
+                "NitroStorage: Cannot clear biometric storage: keychain is locked (errSecInteractionNotAllowed)"
+            );
         }
         throw std::runtime_error(
             std::string("NitroStorage: clearSecureBiometric failed with status ") + std::to_string(status));

package/lib/commonjs/index.js

@@ -29,7 +29,15 @@ Object.defineProperty(exports, "createIndexedDBBackend", {
 });
 exports.createSecureAuthStorage = createSecureAuthStorage;
 exports.createStorageItem = createStorageItem;
+exports.flushWebStorageBackends = flushWebStorageBackends;
 exports.getBatch = getBatch;
+Object.defineProperty(exports, "getStorageErrorCode", {
+  enumerable: true,
+  get: function () {
+    return _storageRuntime.getStorageErrorCode;
+  }
+});
+exports.getWebDiskStorageBackend = getWebDiskStorageBackend;
 exports.getWebSecureStorageBackend = getWebSecureStorageBackend;
 exports.isKeychainLockedError = isKeychainLockedError;
 Object.defineProperty(exports, "migrateFromMMKV", {
@@ -43,6 +51,7 @@ exports.registerMigration = registerMigration;
 exports.removeBatch = removeBatch;
 exports.runTransaction = runTransaction;
 exports.setBatch = setBatch;
+exports.setWebDiskStorageBackend = setWebDiskStorageBackend;
 exports.setWebSecureStorageBackend = setWebSecureStorageBackend;
 exports.storage = void 0;
 Object.defineProperty(exports, "useSetStorage", {
@@ -66,6 +75,7 @@ Object.defineProperty(exports, "useStorageSelector", {
 var _reactNativeNitroModules = require("react-native-nitro-modules");
 var _Storage = require("./Storage.types");
 var _internal = require("./internal");
+var _storageRuntime = require("./storage-runtime");
 var _migration = require("./migration");
 var _storageHooks = require("./storage-hooks");
 var _indexeddbBackend = require("./indexeddb-backend");
@@ -82,6 +92,7 @@ const registeredMigrations = new Map();
 const runMicrotask = typeof queueMicrotask === "function" ? queueMicrotask : task => {
   Promise.resolve().then(task);
 };
+const now = typeof performance !== "undefined" && typeof performance.now === "function" ? () => performance.now() : () => Date.now();
 let _storageModule = null;
 function getStorageModule() {
   if (!_storageModule) {
@@ -94,11 +105,15 @@ const memoryListeners = new Map();
 const scopedListeners = new Map([[_Storage.StorageScope.Disk, new Map()], [_Storage.StorageScope.Secure, new Map()]]);
 const scopedUnsubscribers = new Map();
 const scopedRawCache = new Map([[_Storage.StorageScope.Disk, new Map()], [_Storage.StorageScope.Secure, new Map()]]);
+const pendingDiskWrites = new Map();
+let diskFlushScheduled = false;
+let diskWritesAsync = false;
 const pendingSecureWrites = new Map();
 let secureFlushScheduled = false;
 let secureDefaultAccessControl = _Storage.AccessControl.WhenUnlocked;
 let metricsObserver;
 const metricsCounters = new Map();
+const nativeSecureBackend = "platform-secure-storage";
 function recordMetric(operation, scope, durationMs, keysCount = 1) {
   const existing = metricsCounters.get(operation);
   if (!existing) {
@@ -123,11 +138,11 @@ function measureOperation(operation, scope, fn, keysCount = 1) {
   if (!metricsObserver) {
     return fn();
   }
-  const start = Date.now();
+  const start = now();
   try {
     return fn();
   } finally {
-    recordMetric(operation, scope, Date.now() - start, keysCount);
+    recordMetric(operation, scope, now() - start, keysCount);
   }
 }
 function getScopedListeners(scope) {
@@ -184,12 +199,50 @@ function addKeyListener(registry, key, listener) {
 function readPendingSecureWrite(key) {
   return pendingSecureWrites.get(key)?.value;
 }
+function readPendingDiskWrite(key) {
+  return pendingDiskWrites.get(key)?.value;
+}
+function hasPendingDiskWrite(key) {
+  return pendingDiskWrites.has(key);
+}
 function hasPendingSecureWrite(key) {
   return pendingSecureWrites.has(key);
 }
+function clearPendingDiskWrite(key) {
+  pendingDiskWrites.delete(key);
+}
 function clearPendingSecureWrite(key) {
   pendingSecureWrites.delete(key);
 }
+function flushDiskWrites() {
+  diskFlushScheduled = false;
+  if (pendingDiskWrites.size === 0) {
+    return;
+  }
+  const writes = Array.from(pendingDiskWrites.values());
+  pendingDiskWrites.clear();
+  const keysToSet = [];
+  const valuesToSet = [];
+  const keysToRemove = [];
+  writes.forEach(({
+    key,
+    value
+  }) => {
+    if (value === undefined) {
+      keysToRemove.push(key);
+      return;
+    }
+    keysToSet.push(key);
+    valuesToSet.push(value);
+  });
+  const storageModule = getStorageModule();
+  if (keysToSet.length > 0) {
+    storageModule.setBatch(keysToSet, valuesToSet, _Storage.StorageScope.Disk);
+  }
+  if (keysToRemove.length > 0) {
+    storageModule.removeBatch(keysToRemove, _Storage.StorageScope.Disk);
+  }
+}
 function flushSecureWrites() {
   secureFlushScheduled = false;
   if (pendingSecureWrites.size === 0) {
@@ -229,6 +282,17 @@ function flushSecureWrites() {
     storageModule.removeBatch(keysToRemove, _Storage.StorageScope.Secure);
   }
 }
+function scheduleDiskWrite(key, value) {
+  pendingDiskWrites.set(key, {
+    key,
+    value
+  });
+  if (diskFlushScheduled) {
+    return;
+  }
+  diskFlushScheduled = true;
+  runMicrotask(flushDiskWrites);
+}
 function scheduleSecureWrite(key, value, accessControl) {
   const pendingWrite = {
     key,
@@ -249,6 +313,13 @@ function ensureNativeScopeSubscription(scope) {
     return;
   }
   const unsubscribe = getStorageModule().addOnChange(scope, (key, value) => {
+    if (scope === _Storage.StorageScope.Disk) {
+      if (key === "") {
+        pendingDiskWrites.clear();
+      } else {
+        clearPendingDiskWrite(key);
+      }
+    }
     if (scope === _Storage.StorageScope.Secure) {
       if (key === "") {
         pendingSecureWrites.clear();
@@ -284,6 +355,9 @@ function getRawValue(key, scope) {
     const value = memoryStore.get(key);
     return typeof value === "string" ? value : undefined;
   }
+  if (scope === _Storage.StorageScope.Disk && hasPendingDiskWrite(key)) {
+    return readPendingDiskWrite(key);
+  }
   if (scope === _Storage.StorageScope.Secure && hasPendingSecureWrite(key)) {
     return readPendingSecureWrite(key);
   }
@@ -296,6 +370,15 @@ function setRawValue(key, value, scope) {
     notifyKeyListeners(memoryListeners, key);
     return;
   }
+  if (scope === _Storage.StorageScope.Disk) {
+    cacheRawValue(scope, key, value);
+    if (diskWritesAsync) {
+      scheduleDiskWrite(key, value);
+      return;
+    }
+    flushDiskWrites();
+    clearPendingDiskWrite(key);
+  }
   if (scope === _Storage.StorageScope.Secure) {
     flushSecureWrites();
     clearPendingSecureWrite(key);
@@ -311,6 +394,15 @@ function removeRawValue(key, scope) {
     notifyKeyListeners(memoryListeners, key);
     return;
   }
+  if (scope === _Storage.StorageScope.Disk) {
+    cacheRawValue(scope, key, undefined);
+    if (diskWritesAsync) {
+      scheduleDiskWrite(key, undefined);
+      return;
+    }
+    flushDiskWrites();
+    clearPendingDiskWrite(key);
+  }
   if (scope === _Storage.StorageScope.Secure) {
     flushSecureWrites();
     clearPendingSecureWrite(key);
@@ -337,6 +429,10 @@ const storage = exports.storage = {
         notifyAllListeners(memoryListeners);
         return;
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+        pendingDiskWrites.clear();
+      }
       if (scope === _Storage.StorageScope.Secure) {
         flushSecureWrites();
         pendingSecureWrites.clear();
@@ -365,6 +461,9 @@ const storage = exports.storage = {
         return;
       }
       const keyPrefix = (0, _internal.prefixKey)(namespace, "");
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
       if (scope === _Storage.StorageScope.Secure) {
         flushSecureWrites();
       }
@@ -388,6 +487,12 @@ const storage = exports.storage = {
       if (scope === _Storage.StorageScope.Memory) {
         return memoryStore.has(key);
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       return getStorageModule().has(key, scope);
     });
   },
@@ -397,6 +502,12 @@ const storage = exports.storage = {
       if (scope === _Storage.StorageScope.Memory) {
         return Array.from(memoryStore.keys());
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       return getStorageModule().getAllKeys(scope);
     });
   },
@@ -406,6 +517,12 @@ const storage = exports.storage = {
       if (scope === _Storage.StorageScope.Memory) {
         return Array.from(memoryStore.keys()).filter(key => key.startsWith(prefix));
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       return getStorageModule().getKeysByPrefix(prefix, scope);
     });
   },
@@ -425,6 +542,12 @@ const storage = exports.storage = {
         });
         return result;
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       const values = getStorageModule().getBatch(keys, scope);
       keys.forEach((key, idx) => {
         const value = (0, _internal.decodeNativeBatchValue)(values[idx]);
@@ -445,6 +568,12 @@ const storage = exports.storage = {
         });
         return result;
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       const keys = getStorageModule().getAllKeys(scope);
       if (keys.length === 0) return result;
       const values = getStorageModule().getBatch(keys, scope);
@@ -461,6 +590,12 @@ const storage = exports.storage = {
       if (scope === _Storage.StorageScope.Memory) {
         return memoryStore.size;
       }
+      if (scope === _Storage.StorageScope.Disk) {
+        flushDiskWrites();
+      }
+      if (scope === _Storage.StorageScope.Secure) {
+        flushSecureWrites();
+      }
       return getStorageModule().size(scope);
     });
   },
@@ -475,6 +610,19 @@ const storage = exports.storage = {
       getStorageModule().setSecureWritesAsync(enabled);
     });
   },
+  setDiskWritesAsync: enabled => {
+    measureOperation("storage:setDiskWritesAsync", _Storage.StorageScope.Disk, () => {
+      diskWritesAsync = enabled;
+      if (!enabled) {
+        flushDiskWrites();
+      }
+    });
+  },
+  flushDiskWrites: () => {
+    measureOperation("storage:flushDiskWrites", _Storage.StorageScope.Disk, () => {
+      flushDiskWrites();
+    });
+  },
   flushSecureWrites: () => {
     measureOperation("storage:flushSecureWrites", _Storage.StorageScope.Secure, () => {
       flushSecureWrites();
@@ -503,6 +651,67 @@ const storage = exports.storage = {
   resetMetrics: () => {
     metricsCounters.clear();
   },
+  getCapabilities: () => ({
+    platform: "native",
+    backend: {
+      disk: "platform-preferences",
+      secure: nativeSecureBackend
+    },
+    writeBuffering: {
+      disk: true,
+      secure: true
+    },
+    errorClassification: true
+  }),
+  getSecurityCapabilities: () => ({
+    platform: "native",
+    secureStorage: {
+      backend: nativeSecureBackend,
+      encrypted: "available",
+      accessControl: "unknown",
+      keychainAccessGroup: "unknown",
+      hardwareBacked: "unknown"
+    },
+    biometric: {
+      storage: "unknown",
+      prompt: "unknown",
+      biometryOnly: "unknown",
+      biometryOrPasscode: "unknown"
+    },
+    metadata: {
+      perKey: true,
+      listsWithoutValues: true,
+      persistsTimestamps: false
+    }
+  }),
+  getSecureMetadata: key => {
+    return measureOperation("storage:getSecureMetadata", _Storage.StorageScope.Secure, () => {
+      flushSecureWrites();
+      const storageModule = getStorageModule();
+      const biometricProtected = storageModule.hasSecureBiometric(key);
+      const exists = biometricProtected || storageModule.has(key, _Storage.StorageScope.Secure);
+      let kind = "missing";
+      if (exists) {
+        kind = biometricProtected ? "biometric" : "secure";
+      }
+      return {
+        key,
+        exists,
+        kind,
+        backend: nativeSecureBackend,
+        encrypted: "available",
+        hardwareBacked: "unknown",
+        biometricProtected,
+        valueExposed: false
+      };
+    });
+  },
+  getAllSecureMetadata: () => {
+    return measureOperation("storage:getAllSecureMetadata", _Storage.StorageScope.Secure, () => {
+      flushSecureWrites();
+      return getStorageModule().getAllKeys(_Storage.StorageScope.Secure).map(key => storage.getSecureMetadata(key));
+    });
+  },
   getString: (key, scope) => {
     return measureOperation("storage:getString", scope, () => {
       return getRawValue(key, scope);
@@ -546,6 +755,15 @@ function setWebSecureStorageBackend(_backend) {
 function getWebSecureStorageBackend() {
   return undefined;
 }
+function setWebDiskStorageBackend(_backend) {
+  // Native platforms do not use web disk backends.
+}
+function getWebDiskStorageBackend() {
+  return undefined;
+}
+async function flushWebStorageBackends() {
+  // Native platforms do not use web storage backends.
+}
 function canUseRawBatchPath(item) {
   return item._hasExpiration === false && item._hasValidation === false && item._isBiometric !== true && item._secureAccessControl === undefined;
 }
@@ -573,6 +791,7 @@ function createStorageItem(config) {
   const expirationTtlMs = expiration?.ttlMs;
   const memoryExpiration = expiration && isMemory ? new Map() : null;
   const readCache = !isMemory && config.readCache === true;
+  const coalesceDiskWrites = config.scope === _Storage.StorageScope.Disk && config.coalesceDiskWrites === true;
   const coalesceSecureWrites = config.scope === _Storage.StorageScope.Secure && config.coalesceSecureWrites === true && !isBiometric;
   const defaultValue = config.defaultValue;
   const nonMemoryScope = config.scope === _Storage.StorageScope.Disk ? _Storage.StorageScope.Disk : config.scope === _Storage.StorageScope.Secure ? _Storage.StorageScope.Secure : null;
@@ -620,6 +839,12 @@ function createStorageItem(config) {
       }
       return memoryStore.get(storageKey);
     }
+    if (nonMemoryScope === _Storage.StorageScope.Disk) {
+      const pending = pendingDiskWrites.get(storageKey);
+      if (pending !== undefined) {
+        return pending.value;
+      }
+    }
     if (nonMemoryScope === _Storage.StorageScope.Secure && !isBiometric) {
       const pending = pendingSecureWrites.get(storageKey);
       if (pending !== undefined) {
@@ -646,6 +871,13 @@ function createStorageItem(config) {
       return;
     }
     cacheRawValue(nonMemoryScope, storageKey, rawValue);
+    if (nonMemoryScope === _Storage.StorageScope.Disk) {
+      if (coalesceDiskWrites || diskWritesAsync) {
+        scheduleDiskWrite(storageKey, rawValue);
+        return;
+      }
+      clearPendingDiskWrite(storageKey);
+    }
     if (coalesceSecureWrites) {
       scheduleSecureWrite(storageKey, rawValue, secureAccessControl ?? secureDefaultAccessControl);
       return;
@@ -662,6 +894,13 @@ function createStorageItem(config) {
       return;
     }
     cacheRawValue(nonMemoryScope, storageKey, undefined);
+    if (nonMemoryScope === _Storage.StorageScope.Disk) {
+      if (coalesceDiskWrites || diskWritesAsync) {
+        scheduleDiskWrite(storageKey, undefined);
+        return;
+      }
+      clearPendingDiskWrite(storageKey);
+    }
     if (coalesceSecureWrites) {
       scheduleSecureWrite(storageKey, undefined, secureAccessControl ?? secureDefaultAccessControl);
       return;
@@ -822,6 +1061,18 @@ function createStorageItem(config) {
   const hasItem = () => measureOperation("item:has", config.scope, () => {
     if (isMemory) return memoryStore.has(storageKey);
     if (isBiometric) return getStorageModule().hasSecureBiometric(storageKey);
+    if (nonMemoryScope === _Storage.StorageScope.Disk) {
+      const pending = pendingDiskWrites.get(storageKey);
+      if (pending !== undefined) {
+        return pending.value !== undefined;
+      }
+    }
+    if (nonMemoryScope === _Storage.StorageScope.Secure) {
+      const pending = pendingSecureWrites.get(storageKey);
+      if (pending !== undefined) {
+        return pending.value !== undefined;
+      }
+    }
     return getStorageModule().has(storageKey, config.scope);
   });
   const subscribe = callback => {
@@ -882,6 +1133,13 @@ function getBatch(items, scope) {
     const keysToFetch = [];
     const keyIndexes = [];
     items.forEach((item, index) => {
+      if (scope === _Storage.StorageScope.Disk) {
+        const pending = pendingDiskWrites.get(item.key);
+        if (pending !== undefined) {
+          rawValues[index] = pending.value;
+          return;
+        }
+      }
       if (scope === _Storage.StorageScope.Secure) {
         const pending = pendingSecureWrites.get(item.key);
         if (pending !== undefined) {
@@ -1000,6 +1258,7 @@ function setBatch(items, scope) {
       });
       return;
     }
+    flushDiskWrites();
     const useRawBatchPath = items.every(({
       item
     }) => canUseRawBatchPath(asInternal(item)));
@@ -1024,6 +1283,9 @@ function removeBatch(items, scope) {
       return;
     }
     const keys = items.map(item => item.key);
+    if (scope === _Storage.StorageScope.Disk) {
+      flushDiskWrites();
+    }
     if (scope === _Storage.StorageScope.Secure) {
       flushSecureWrites();
     }
@@ -1069,6 +1331,9 @@ function migrateToLatest(scope = _Storage.StorageScope.Disk) {
 function runTransaction(scope, transaction) {
   return measureOperation("transaction:run", scope, () => {
     (0, _internal.assertValidScope)(scope);
+    if (scope === _Storage.StorageScope.Disk) {
+      flushDiskWrites();
+    }
     if (scope === _Storage.StorageScope.Secure) {
       flushSecureWrites();
     }
@@ -1135,6 +1400,9 @@ function runTransaction(scope, transaction) {
             valuesToSet.push(previousValue);
           }
         });
+        if (scope === _Storage.StorageScope.Disk) {
+          flushDiskWrites();
+        }
         if (scope === _Storage.StorageScope.Secure) {
           flushSecureWrites();
         }
@@ -1152,9 +1420,7 @@ function runTransaction(scope, transaction) {
   });
 }
 function isKeychainLockedError(err) {
-  if (!(err instanceof Error)) return false;
-  const msg = err.message;
-  return msg.includes("errSecInteractionNotAllowed") || msg.includes("UserNotAuthenticatedException") || msg.includes("KeyStoreException") || msg.includes("KeyPermanentlyInvalidatedException") || msg.includes("InvalidKeyException") || msg.includes("android.security.keystore");
+  return (0, _storageRuntime.isLockedStorageErrorCode)((0, _storageRuntime.getStorageErrorCode)(err));
 }
 function createSecureAuthStorage(config, options) {
   const ns = options?.namespace ?? "auth";