react-native-nitro-storage 0.5.7 → 0.5.8

package/lib/module/index.web.js

@@ -1,93 +1,20 @@
 "use strict";
 
-import { StorageScope, AccessControl, BiometricLevel } from "./Storage.types";
-import { MIGRATION_VERSION_KEY, isStoredEnvelope, assertBatchScope, assertValidScope, serializeWithPrimitiveFastPath, deserializeWithPrimitiveFastPath, toVersionToken, prefixKey, isNamespaced } from "./internal";
+import { assertAccessControlLevel, assertBiometricLevel, notifyAllListeners, notifyKeyListeners } from "./shared";
+import { StorageScope, BiometricLevel } from "./Storage.types";
 import { createLocalStorageWebBackend } from "./web-storage-backend";
-import { getStorageErrorCode, isLockedStorageErrorCode } from "./storage-runtime";
-import { StorageEventRegistry } from "./storage-events";
+import { createStorageCore } from "./storage-core";
+export { isKeychainLockedError } from "./shared";
 export { StorageScope, AccessControl, BiometricLevel } from "./Storage.types";
 export { migrateFromMMKV } from "./migration";
 export { getStorageErrorCode } from "./storage-runtime";
-function asInternal(item) {
-  return item;
-}
-function isUpdater(valueOrFn) {
-  return typeof valueOrFn === "function";
-}
-function typedKeys(record) {
-  return Object.keys(record);
-}
-function assertEnumInteger(value, min, max, label) {
-  if (!Number.isFinite(value) || value < min || value > max) {
-    throw new Error(`NitroStorage: Invalid ${label}`);
-  }
-  if (value !== Math.trunc(value)) {
-    throw new Error(`NitroStorage: Invalid ${label}`);
-  }
-}
-function assertAccessControlLevel(level) {
-  assertEnumInteger(level, 0, 4, "access control level");
-}
-function assertBiometricLevel(level) {
-  assertEnumInteger(level, 0, 2, "biometric level");
-}
-const registeredMigrations = new Map();
-const runMicrotask = typeof queueMicrotask === "function" ? queueMicrotask : task => {
-  Promise.resolve().then(task);
-};
-const now = typeof performance !== "undefined" && typeof performance.now === "function" ? () => performance.now() : () => Date.now();
-const memoryStore = new Map();
-const memoryListeners = new Map();
-const webScopeListeners = new Map([[StorageScope.Disk, new Map()], [StorageScope.Secure, new Map()]]);
-const scopedRawCache = new Map([[StorageScope.Disk, new Map()], [StorageScope.Secure, new Map()]]);
 const webScopeKeyIndex = new Map([[StorageScope.Disk, new Set()], [StorageScope.Secure, new Set()]]);
 const hydratedWebScopeKeyIndex = new Set();
-const pendingDiskWrites = new Map();
-let diskFlushScheduled = false;
-let diskWritesAsync = false;
-const pendingSecureWrites = new Map();
-let secureFlushScheduled = false;
-let secureDefaultAccessControl = AccessControl.WhenUnlocked;
 const SECURE_WEB_PREFIX = "__secure_";
 const BIOMETRIC_WEB_PREFIX = "__bio_";
 let hasWarnedAboutWebBiometricFallback = false;
 let hasWindowStorageEventSubscription = false;
-let metricsObserver;
-let eventObserver;
-let eventObserverRedactSecureValues = true;
-const metricsCounters = new Map();
-const storageEvents = new StorageEventRegistry();
-function recordMetric(operation, scope, durationMs, keysCount = 1) {
-  const existing = metricsCounters.get(operation);
-  if (!existing) {
-    metricsCounters.set(operation, {
-      count: 1,
-      totalDurationMs: durationMs,
-      maxDurationMs: durationMs
-    });
-  } else {
-    existing.count += 1;
-    existing.totalDurationMs += durationMs;
-    existing.maxDurationMs = Math.max(existing.maxDurationMs, durationMs);
-  }
-  metricsObserver?.({
-    operation,
-    scope,
-    durationMs,
-    keysCount
-  });
-}
-function measureOperation(operation, scope, fn, keysCount = 1) {
-  if (!metricsObserver) {
-    return fn();
-  }
-  const start = now();
-  try {
-    return fn();
-  } finally {
-    recordMetric(operation, scope, now() - start, keysCount);
-  }
-}
+let internals;
 function createDefaultDiskBackend() {
   return createLocalStorageWebBackend({
     name: "localStorage:disk",
@@ -174,51 +101,51 @@ function ensureWebScopeKeyIndex(scope) {
 }
 function applyExternalChangeEvent(scope, key, newValue) {
   if (key === null) {
-    clearScopeRawCache(scope);
+    internals.clearScopeRawCache(scope);
     ensureWebScopeKeyIndex(scope).clear();
-    notifyAllListeners(getScopedListeners(scope));
+    notifyAllListeners(internals.getScopedListeners(scope));
     return;
   }
   if (scope === StorageScope.Secure && key.startsWith(SECURE_WEB_PREFIX)) {
     const plainKey = fromSecureStorageKey(key);
-    const oldValue = readCachedRawValue(StorageScope.Secure, plainKey);
+    const oldValue = internals.readCachedRawValue(StorageScope.Secure, plainKey);
     if (newValue === null) {
       ensureWebScopeKeyIndex(StorageScope.Secure).delete(plainKey);
-      cacheRawValue(StorageScope.Secure, plainKey, undefined);
+      internals.cacheRawValue(StorageScope.Secure, plainKey, undefined);
     } else {
       ensureWebScopeKeyIndex(StorageScope.Secure).add(plainKey);
-      cacheRawValue(StorageScope.Secure, plainKey, newValue);
+      internals.cacheRawValue(StorageScope.Secure, plainKey, newValue);
     }
-    notifyKeyListeners(getScopedListeners(StorageScope.Secure), plainKey);
-    emitKeyChange(StorageScope.Secure, plainKey, oldValue, newValue ?? undefined, "external", "external");
+    notifyKeyListeners(internals.getScopedListeners(StorageScope.Secure), plainKey);
+    internals.emitKeyChange(StorageScope.Secure, plainKey, oldValue, newValue ?? undefined, "external", "external");
     return;
   }
   if (scope === StorageScope.Secure && key.startsWith(BIOMETRIC_WEB_PREFIX)) {
     const plainKey = fromBiometricStorageKey(key);
-    const oldValue = readCachedRawValue(StorageScope.Secure, plainKey);
+    const oldValue = internals.readCachedRawValue(StorageScope.Secure, plainKey);
     if (newValue === null) {
       if (withWebBackendOperation(StorageScope.Secure, "external-sync:getItem", backend => backend.getItem(toSecureStorageKey(plainKey))) === null) {
         ensureWebScopeKeyIndex(StorageScope.Secure).delete(plainKey);
       }
-      cacheRawValue(StorageScope.Secure, plainKey, undefined);
+      internals.cacheRawValue(StorageScope.Secure, plainKey, undefined);
     } else {
       ensureWebScopeKeyIndex(StorageScope.Secure).add(plainKey);
-      cacheRawValue(StorageScope.Secure, plainKey, newValue);
+      internals.cacheRawValue(StorageScope.Secure, plainKey, newValue);
     }
-    notifyKeyListeners(getScopedListeners(StorageScope.Secure), plainKey);
-    emitKeyChange(StorageScope.Secure, plainKey, oldValue, newValue ?? undefined, "external", "external");
+    notifyKeyListeners(internals.getScopedListeners(StorageScope.Secure), plainKey);
+    internals.emitKeyChange(StorageScope.Secure, plainKey, oldValue, newValue ?? undefined, "external", "external");
     return;
   }
-  const oldValue = readCachedRawValue(scope, key);
+  const oldValue = internals.readCachedRawValue(scope, key);
   if (newValue === null) {
     ensureWebScopeKeyIndex(scope).delete(key);
-    cacheRawValue(scope, key, undefined);
+    internals.cacheRawValue(scope, key, undefined);
   } else {
     ensureWebScopeKeyIndex(scope).add(key);
-    cacheRawValue(scope, key, newValue);
+    internals.cacheRawValue(scope, key, newValue);
   }
-  notifyKeyListeners(getScopedListeners(scope), key);
-  emitKeyChange(scope, key, oldValue, newValue ?? undefined, "external", "external");
+  notifyKeyListeners(internals.getScopedListeners(scope), key);
+  internals.emitKeyChange(scope, key, oldValue, newValue ?? undefined, "external", "external");
 }
 function handleWebStorageEvent(event) {
   const key = event.key;
@@ -268,239 +195,6 @@ function ensureExternalSyncSubscriptions() {
   subscribeToBackendChanges(StorageScope.Disk);
   subscribeToBackendChanges(StorageScope.Secure);
 }
-function getScopedListeners(scope) {
-  return webScopeListeners.get(scope);
-}
-function getScopeRawCache(scope) {
-  return scopedRawCache.get(scope);
-}
-function cacheRawValue(scope, key, value) {
-  getScopeRawCache(scope).set(key, value);
-}
-function readCachedRawValue(scope, key) {
-  return getScopeRawCache(scope).get(key);
-}
-function hasCachedRawValue(scope, key) {
-  return getScopeRawCache(scope).has(key);
-}
-function clearScopeRawCache(scope) {
-  getScopeRawCache(scope).clear();
-}
-function notifyKeyListeners(registry, key) {
-  const listeners = registry.get(key);
-  if (listeners) {
-    for (const listener of listeners) {
-      listener();
-    }
-  }
-}
-function notifyAllListeners(registry) {
-  for (const listeners of registry.values()) {
-    for (const listener of listeners) {
-      listener();
-    }
-  }
-}
-function addKeyListener(registry, key, listener) {
-  let listeners = registry.get(key);
-  if (!listeners) {
-    listeners = new Set();
-    registry.set(key, listeners);
-  }
-  listeners.add(listener);
-  return () => {
-    const scopedListeners = registry.get(key);
-    if (!scopedListeners) {
-      return;
-    }
-    scopedListeners.delete(listener);
-    if (scopedListeners.size === 0) {
-      registry.delete(key);
-    }
-  };
-}
-function getEventRawValue(scope, key) {
-  if (scope === StorageScope.Memory) {
-    const value = memoryStore.get(key);
-    return typeof value === "string" ? value : undefined;
-  }
-  return getRawValue(key, scope);
-}
-function createKeyChange(scope, key, oldValue, newValue, operation, source) {
-  return {
-    type: "key",
-    scope,
-    key,
-    oldValue,
-    newValue,
-    operation,
-    source
-  };
-}
-function hasStorageChangeObservers(scope) {
-  return storageEvents.hasListeners(scope) || eventObserver !== undefined;
-}
-function shouldReadPreviousEventValues(scope) {
-  if (storageEvents.hasListeners(scope)) {
-    return true;
-  }
-  if (!eventObserver) {
-    return false;
-  }
-  return scope !== StorageScope.Secure || !eventObserverRedactSecureValues;
-}
-const SECURE_EVENT_REDACTED_VALUE = "[secure]";
-function redactSecureKeyChange(event) {
-  if (event.scope !== StorageScope.Secure) {
-    return event;
-  }
-  return {
-    ...event,
-    oldValue: event.oldValue === undefined ? undefined : SECURE_EVENT_REDACTED_VALUE,
-    newValue: event.newValue === undefined ? undefined : SECURE_EVENT_REDACTED_VALUE
-  };
-}
-function eventForGlobalObserver(event) {
-  if (!eventObserverRedactSecureValues || event.scope !== StorageScope.Secure) {
-    return event;
-  }
-  if (event.type === "key") {
-    return redactSecureKeyChange(event);
-  }
-  return {
-    ...event,
-    changes: event.changes.map(redactSecureKeyChange)
-  };
-}
-function emitKeyChange(scope, key, oldValue, newValue, operation, source) {
-  const event = createKeyChange(scope, key, oldValue, newValue, operation, source);
-  storageEvents.emitKey(event);
-  eventObserver?.(eventForGlobalObserver(event));
-}
-function emitBatchChange(scope, operation, source, changes) {
-  if (changes.length === 0) {
-    return;
-  }
-  const event = {
-    type: "batch",
-    scope,
-    operation,
-    source,
-    changes
-  };
-  storageEvents.emitBatch(event);
-  eventObserver?.(eventForGlobalObserver(event));
-}
-function readPendingSecureWrite(key) {
-  return pendingSecureWrites.get(key)?.value;
-}
-function readPendingDiskWrite(key) {
-  return pendingDiskWrites.get(key)?.value;
-}
-function hasPendingDiskWrite(key) {
-  return pendingDiskWrites.has(key);
-}
-function hasPendingSecureWrite(key) {
-  return pendingSecureWrites.has(key);
-}
-function clearPendingDiskWrite(key) {
-  pendingDiskWrites.delete(key);
-}
-function clearPendingSecureWrite(key) {
-  pendingSecureWrites.delete(key);
-}
-function flushDiskWrites() {
-  diskFlushScheduled = false;
-  if (pendingDiskWrites.size === 0) {
-    return;
-  }
-  const writes = Array.from(pendingDiskWrites.values());
-  pendingDiskWrites.clear();
-  const keysToSet = [];
-  const valuesToSet = [];
-  const keysToRemove = [];
-  writes.forEach(({
-    key,
-    value
-  }) => {
-    if (value === undefined) {
-      keysToRemove.push(key);
-      return;
-    }
-    keysToSet.push(key);
-    valuesToSet.push(value);
-  });
-  if (keysToSet.length > 0) {
-    WebStorage.setBatch(keysToSet, valuesToSet, StorageScope.Disk);
-  }
-  if (keysToRemove.length > 0) {
-    WebStorage.removeBatch(keysToRemove, StorageScope.Disk);
-  }
-}
-function flushSecureWrites() {
-  secureFlushScheduled = false;
-  if (pendingSecureWrites.size === 0) {
-    return;
-  }
-  const writes = Array.from(pendingSecureWrites.values());
-  pendingSecureWrites.clear();
-  const groupedSetWrites = new Map();
-  const keysToRemove = [];
-  writes.forEach(({
-    key,
-    value,
-    accessControl
-  }) => {
-    if (value === undefined) {
-      keysToRemove.push(key);
-    } else {
-      const resolvedAccessControl = accessControl ?? secureDefaultAccessControl;
-      const existingGroup = groupedSetWrites.get(resolvedAccessControl);
-      const group = existingGroup ?? {
-        keys: [],
-        values: []
-      };
-      group.keys.push(key);
-      group.values.push(value);
-      if (!existingGroup) {
-        groupedSetWrites.set(resolvedAccessControl, group);
-      }
-    }
-  });
-  groupedSetWrites.forEach((group, accessControl) => {
-    WebStorage.setSecureAccessControl(accessControl);
-    WebStorage.setBatch(group.keys, group.values, StorageScope.Secure);
-  });
-  if (keysToRemove.length > 0) {
-    WebStorage.removeBatch(keysToRemove, StorageScope.Secure);
-  }
-}
-function scheduleDiskWrite(key, value) {
-  pendingDiskWrites.set(key, {
-    key,
-    value
-  });
-  if (diskFlushScheduled) {
-    return;
-  }
-  diskFlushScheduled = true;
-  runMicrotask(flushDiskWrites);
-}
-function scheduleSecureWrite(key, value, accessControl) {
-  const pendingWrite = {
-    key,
-    value
-  };
-  if (accessControl !== undefined) {
-    pendingWrite.accessControl = accessControl;
-  }
-  pendingSecureWrites.set(key, pendingWrite);
-  if (secureFlushScheduled) {
-    return;
-  }
-  secureFlushScheduled = true;
-  runMicrotask(flushSecureWrites);
-}
 const WebStorage = {
   name: "Storage",
   equals: other => other === WebStorage,
@@ -514,7 +208,7 @@ const WebStorage = {
       backend.setItem(storageKey, value);
     });
     ensureWebScopeKeyIndex(scope).add(key);
-    notifyKeyListeners(getScopedListeners(scope), key);
+    notifyKeyListeners(internals.getScopedListeners(scope), key);
   },
   get: (key, scope) => {
     if (scope !== StorageScope.Disk && scope !== StorageScope.Secure) {
@@ -543,7 +237,7 @@ const WebStorage = {
       });
     }
     ensureWebScopeKeyIndex(scope).delete(key);
-    notifyKeyListeners(getScopedListeners(scope), key);
+    notifyKeyListeners(internals.getScopedListeners(scope), key);
   },
   clear: scope => {
     if (scope !== StorageScope.Disk && scope !== StorageScope.Secure) {
@@ -553,7 +247,7 @@ const WebStorage = {
       backend.clear();
     });
     ensureWebScopeKeyIndex(scope).clear();
-    notifyAllListeners(getScopedListeners(scope));
+    notifyAllListeners(internals.getScopedListeners(scope));
   },
   setBatch: (keys, values, scope) => {
     if (scope !== StorageScope.Disk && scope !== StorageScope.Secure) {
@@ -581,7 +275,7 @@ const WebStorage = {
     });
     const keyIndex = ensureWebScopeKeyIndex(scope);
     entries.forEach(([storageKey]) => keyIndex.add(scope === StorageScope.Secure ? storageKey.slice(SECURE_WEB_PREFIX.length) : storageKey));
-    const listeners = getScopedListeners(scope);
+    const listeners = internals.getScopedListeners(scope);
     keys.forEach(key => notifyKeyListeners(listeners, key));
   },
   getBatch: (keys, scope) => {
@@ -625,7 +319,7 @@ const WebStorage = {
     }
     const keyIndex = ensureWebScopeKeyIndex(scope);
     keys.forEach(key => keyIndex.delete(key));
-    const listeners = getScopedListeners(scope);
+    const listeners = internals.getScopedListeners(scope);
     keys.forEach(key => notifyKeyListeners(listeners, key));
   },
   removeByPrefix: (prefix, scope) => {
@@ -682,7 +376,7 @@ const WebStorage = {
         backend.setItem(toSecureStorageKey(key), value);
       });
       ensureWebScopeKeyIndex(StorageScope.Secure).add(key);
-      notifyKeyListeners(getScopedListeners(StorageScope.Secure), key);
+      notifyKeyListeners(internals.getScopedListeners(StorageScope.Secure), key);
       return;
     }
     if (typeof __DEV__ !== "undefined" && __DEV__ && !hasWarnedAboutWebBiometricFallback) {
@@ -691,7 +385,7 @@ const WebStorage = {
     }
     withWebBackendOperation(StorageScope.Secure, "setSecureBiometric", backend => backend.setItem(toBiometricStorageKey(key), value));
     ensureWebScopeKeyIndex(StorageScope.Secure).add(key);
-    notifyKeyListeners(getScopedListeners(StorageScope.Secure), key);
+    notifyKeyListeners(internals.getScopedListeners(StorageScope.Secure), key);
   },
   getSecureBiometric: key => {
     const value = withWebBackendOperation(StorageScope.Secure, "getSecureBiometric", backend => backend.getItem(toBiometricStorageKey(key)));
@@ -702,7 +396,7 @@ const WebStorage = {
     if (withWebBackendOperation(StorageScope.Secure, "deleteSecureBiometric:getItem", backend => backend.getItem(toSecureStorageKey(key))) === null) {
       ensureWebScopeKeyIndex(StorageScope.Secure).delete(key);
     }
-    notifyKeyListeners(getScopedListeners(StorageScope.Secure), key);
+    notifyKeyListeners(internals.getScopedListeners(StorageScope.Secure), key);
   },
   hasSecureBiometric: key => {
     return withWebBackendOperation(StorageScope.Secure, "hasSecureBiometric", backend => backend.getItem(toBiometricStorageKey(key))) !== null;
@@ -729,364 +423,42 @@ const WebStorage = {
         keyIndex.delete(key);
       }
     });
-    const listeners = getScopedListeners(StorageScope.Secure);
+    const listeners = internals.getScopedListeners(StorageScope.Secure);
     keysToNotify.forEach(key => notifyKeyListeners(listeners, key));
   }
 };
-function getRawValue(key, scope) {
-  assertValidScope(scope);
-  if (scope === StorageScope.Memory) {
-    const value = memoryStore.get(key);
-    return typeof value === "string" ? value : undefined;
-  }
-  if (scope === StorageScope.Disk && hasPendingDiskWrite(key)) {
-    return readPendingDiskWrite(key);
-  }
-  if (scope === StorageScope.Secure && hasPendingSecureWrite(key)) {
-    return readPendingSecureWrite(key);
-  }
-  return WebStorage.get(key, scope);
-}
-function setRawValue(key, value, scope) {
-  assertValidScope(scope);
-  const oldValue = scope === StorageScope.Memory ? getEventRawValue(scope, key) : undefined;
-  if (scope === StorageScope.Memory) {
-    memoryStore.set(key, value);
-    notifyKeyListeners(memoryListeners, key);
-    emitKeyChange(scope, key, oldValue, value, "set", "memory");
-    return;
-  }
-  if (scope === StorageScope.Disk) {
-    cacheRawValue(scope, key, value);
-    if (diskWritesAsync) {
-      scheduleDiskWrite(key, value);
-      emitKeyChange(scope, key, oldValue, value, "set", "web");
-      return;
-    }
-    flushDiskWrites();
-    clearPendingDiskWrite(key);
-  }
-  if (scope === StorageScope.Secure) {
-    flushSecureWrites();
-    clearPendingSecureWrite(key);
-  }
-  WebStorage.set(key, value, scope);
-  cacheRawValue(scope, key, value);
-  emitKeyChange(scope, key, oldValue, value, "set", "web");
-}
-function removeRawValue(key, scope) {
-  assertValidScope(scope);
-  const oldValue = getEventRawValue(scope, key);
-  if (scope === StorageScope.Memory) {
-    memoryStore.delete(key);
-    notifyKeyListeners(memoryListeners, key);
-    emitKeyChange(scope, key, oldValue, undefined, "remove", "memory");
-    return;
-  }
-  if (scope === StorageScope.Disk) {
-    cacheRawValue(scope, key, undefined);
-    if (diskWritesAsync) {
-      scheduleDiskWrite(key, undefined);
-      emitKeyChange(scope, key, oldValue, undefined, "remove", "web");
-      return;
-    }
-    flushDiskWrites();
-    clearPendingDiskWrite(key);
-  }
-  if (scope === StorageScope.Secure) {
-    flushSecureWrites();
-    clearPendingSecureWrite(key);
-  }
-  WebStorage.remove(key, scope);
-  cacheRawValue(scope, key, undefined);
-  emitKeyChange(scope, key, oldValue, undefined, "remove", "web");
-}
-function readMigrationVersion(scope) {
-  const raw = getRawValue(MIGRATION_VERSION_KEY, scope);
-  if (raw === undefined) {
-    return 0;
-  }
-  const parsed = Number.parseInt(raw, 10);
-  return Number.isFinite(parsed) && parsed > 0 ? parsed : 0;
-}
-function writeMigrationVersion(scope, version) {
-  setRawValue(MIGRATION_VERSION_KEY, String(version), scope);
+function buildWebAdapter(coreInternals) {
+  internals = coreInternals;
+  return {
+    backend: WebStorage,
+    changeSource: "web",
+    applyAccessControlOnSecureRawWrite: false,
+    flushDiskWritesOnImport: true,
+    ensureScopeSubscription: () => {
+      ensureExternalSyncSubscriptions();
+    },
+    maybeCleanupScopeSubscription: () => {},
+    onWillEmitChanges: () => {},
+    getSecureMetadataProfile: () => ({
+      backend: getBackendName(StorageScope.Secure, webSecureStorageBackend),
+      encrypted: getWebSecureEncryptionStatus(webSecureStorageBackend),
+      hardwareBacked: "unavailable"
+    })
+  };
 }
+const core = createStorageCore(buildWebAdapter);
 export const storage = {
-  subscribe: (scope, listener) => {
-    assertValidScope(scope);
-    if (scope !== StorageScope.Memory) {
-      ensureExternalSyncSubscriptions();
-    }
-    return storageEvents.subscribe(scope, listener);
-  },
-  subscribeKey: (scope, key, listener) => {
-    assertValidScope(scope);
-    if (scope !== StorageScope.Memory) {
-      ensureExternalSyncSubscriptions();
-    }
-    return storageEvents.subscribeKey(scope, key, listener);
-  },
-  subscribePrefix: (scope, prefix, listener) => {
-    assertValidScope(scope);
-    if (scope !== StorageScope.Memory) {
-      ensureExternalSyncSubscriptions();
-    }
-    return storageEvents.subscribePrefix(scope, prefix, listener);
-  },
-  subscribeNamespace: (namespace, scope, listener) => {
-    return storage.subscribePrefix(scope, prefixKey(namespace, ""), listener);
-  },
-  setEventObserver: (observer, options = {}) => {
-    eventObserver = observer;
-    eventObserverRedactSecureValues = options.redactSecureValues !== false;
-    if (observer) {
-      ensureExternalSyncSubscriptions();
-    }
-  },
-  clear: scope => {
-    measureOperation("storage:clear", scope, () => {
-      const previousValues = shouldReadPreviousEventValues(scope) ? storage.getAll(scope) : {};
-      if (scope === StorageScope.Memory) {
-        memoryStore.clear();
-        notifyAllListeners(memoryListeners);
-        emitBatchChange(scope, "clear", "memory", Object.keys(previousValues).map(key => createKeyChange(scope, key, previousValues[key], undefined, "clear", "memory")));
-        return;
-      }
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-        pendingDiskWrites.clear();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-        pendingSecureWrites.clear();
-      }
-      clearScopeRawCache(scope);
-      WebStorage.clear(scope);
-      emitBatchChange(scope, "clear", "web", Object.keys(previousValues).map(key => createKeyChange(scope, key, previousValues[key], undefined, "clear", "web")));
-    });
-  },
-  clearAll: () => {
-    measureOperation("storage:clearAll", StorageScope.Memory, () => {
-      storage.clear(StorageScope.Memory);
-      storage.clear(StorageScope.Disk);
-      storage.clear(StorageScope.Secure);
-    }, 3);
-  },
-  clearNamespace: (namespace, scope) => {
-    measureOperation("storage:clearNamespace", scope, () => {
-      assertValidScope(scope);
-      if (scope === StorageScope.Memory) {
-        const affectedKeys = Array.from(memoryStore.keys()).filter(key => isNamespaced(key, namespace));
-        const previousValues = affectedKeys.map(key => ({
-          key,
-          value: getEventRawValue(scope, key)
-        }));
-        if (affectedKeys.length === 0) {
-          return;
-        }
-        affectedKeys.forEach(key => {
-          memoryStore.delete(key);
-        });
-        affectedKeys.forEach(key => notifyKeyListeners(memoryListeners, key));
-        emitBatchChange(scope, "clearNamespace", "memory", previousValues.map(({
-          key,
-          value
-        }) => createKeyChange(scope, key, value, undefined, "clearNamespace", "memory")));
-        return;
-      }
-      const keyPrefix = prefixKey(namespace, "");
-      const previousValues = shouldReadPreviousEventValues(scope) ? storage.getByPrefix(keyPrefix, scope) : {};
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      const scopeCache = getScopeRawCache(scope);
-      for (const key of scopeCache.keys()) {
-        if (isNamespaced(key, namespace)) {
-          scopeCache.delete(key);
-        }
-      }
-      WebStorage.removeByPrefix(keyPrefix, scope);
-      emitBatchChange(scope, "clearNamespace", "web", Object.keys(previousValues).map(key => createKeyChange(scope, key, previousValues[key], undefined, "clearNamespace", "web")));
-    });
-  },
-  clearBiometric: () => {
-    measureOperation("storage:clearBiometric", StorageScope.Secure, () => {
-      WebStorage.clearSecureBiometric();
-    });
-  },
-  has: (key, scope) => {
-    return measureOperation("storage:has", scope, () => {
-      assertValidScope(scope);
-      if (scope === StorageScope.Memory) return memoryStore.has(key);
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      return WebStorage.has(key, scope);
-    });
-  },
-  getAllKeys: scope => {
-    return measureOperation("storage:getAllKeys", scope, () => {
-      assertValidScope(scope);
-      if (scope === StorageScope.Memory) return Array.from(memoryStore.keys());
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      return WebStorage.getAllKeys(scope);
-    });
-  },
-  getKeysByPrefix: (prefix, scope) => {
-    return measureOperation("storage:getKeysByPrefix", scope, () => {
-      assertValidScope(scope);
-      if (scope === StorageScope.Memory) {
-        return Array.from(memoryStore.keys()).filter(key => key.startsWith(prefix));
-      }
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      return WebStorage.getKeysByPrefix(prefix, scope);
-    });
-  },
-  getByPrefix: (prefix, scope) => {
-    return measureOperation("storage:getByPrefix", scope, () => {
-      const result = {};
-      const keys = storage.getKeysByPrefix(prefix, scope);
-      if (keys.length === 0) {
-        return result;
-      }
-      if (scope === StorageScope.Memory) {
-        keys.forEach(key => {
-          const value = memoryStore.get(key);
-          if (typeof value === "string") {
-            result[key] = value;
-          }
-        });
-        return result;
-      }
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      const values = WebStorage.getBatch(keys, scope);
-      keys.forEach((key, index) => {
-        const value = values[index];
-        if (value !== undefined) {
-          result[key] = value;
-        }
-      });
-      return result;
-    });
-  },
-  getAll: scope => {
-    return measureOperation("storage:getAll", scope, () => {
-      assertValidScope(scope);
-      const result = {};
-      if (scope === StorageScope.Memory) {
-        memoryStore.forEach((value, key) => {
-          if (typeof value === "string") result[key] = value;
-        });
-        return result;
-      }
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      const keys = WebStorage.getAllKeys(scope);
-      if (keys.length === 0) return {};
-      const values = WebStorage.getBatch(keys, scope);
-      keys.forEach((key, index) => {
-        const val = values[index];
-        if (val !== undefined && val !== null) {
-          result[key] = val;
-        }
-      });
-      return result;
-    });
-  },
-  export: (scope, options = {}) => {
-    if (scope === StorageScope.Secure && options.includeSecureValues !== true) {
-      throw new Error("NitroStorage: exporting Secure scope exposes raw secret values. Pass { includeSecureValues: true } or use exportSecureUnsafe().");
-    }
-    return measureOperation("storage:export", scope, () => storage.getAll(scope));
-  },
-  exportSecureUnsafe: () => {
-    return measureOperation("storage:exportSecureUnsafe", StorageScope.Secure, () => storage.getAll(StorageScope.Secure));
-  },
-  size: scope => {
-    return measureOperation("storage:size", scope, () => {
-      assertValidScope(scope);
-      if (scope === StorageScope.Memory) return memoryStore.size;
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-      }
-      return WebStorage.size(scope);
-    });
-  },
+  ...core.storage,
   setAccessControl: level => {
     assertAccessControlLevel(level);
-    secureDefaultAccessControl = level;
-    recordMetric("storage:setAccessControl", StorageScope.Secure, 0);
+    internals.setSecureDefaultAccessControl(level);
+    internals.recordMetric("storage:setAccessControl", StorageScope.Secure, 0);
   },
   setSecureWritesAsync: _enabled => {
-    recordMetric("storage:setSecureWritesAsync", StorageScope.Secure, 0);
-  },
-  setDiskWritesAsync: enabled => {
-    measureOperation("storage:setDiskWritesAsync", StorageScope.Disk, () => {
-      diskWritesAsync = enabled;
-      if (!enabled) {
-        flushDiskWrites();
-      }
-    });
-  },
-  flushDiskWrites: () => {
-    measureOperation("storage:flushDiskWrites", StorageScope.Disk, () => {
-      flushDiskWrites();
-    });
-  },
-  flushSecureWrites: () => {
-    measureOperation("storage:flushSecureWrites", StorageScope.Secure, () => {
-      flushSecureWrites();
-    });
+    internals.recordMetric("storage:setSecureWritesAsync", StorageScope.Secure, 0);
   },
   setKeychainAccessGroup: _group => {
-    recordMetric("storage:setKeychainAccessGroup", StorageScope.Secure, 0);
-  },
-  setMetricsObserver: observer => {
-    metricsObserver = observer;
-  },
-  getMetricsSnapshot: () => {
-    const snapshot = {};
-    metricsCounters.forEach((value, key) => {
-      snapshot[key] = {
-        count: value.count,
-        totalDurationMs: value.totalDurationMs,
-        avgDurationMs: value.count === 0 ? 0 : value.totalDurationMs / value.count,
-        maxDurationMs: value.maxDurationMs
-      };
-    });
-    return snapshot;
-  },
-  resetMetrics: () => {
-    metricsCounters.clear();
+    internals.recordMetric("storage:setKeychainAccessGroup", StorageScope.Secure, 0);
   },
   getCapabilities: () => ({
     platform: "web",
@@ -1123,85 +495,24 @@ export const storage = {
         persistsTimestamps: false
       }
     };
-  },
-  getSecureMetadata: key => {
-    return measureOperation("storage:getSecureMetadata", StorageScope.Secure, () => {
-      flushSecureWrites();
-      const biometricProtected = WebStorage.hasSecureBiometric(key);
-      const exists = biometricProtected || WebStorage.has(key, StorageScope.Secure);
-      let kind = "missing";
-      if (exists) {
-        kind = biometricProtected ? "biometric" : "secure";
-      }
-      return {
-        key,
-        exists,
-        kind,
-        backend: getBackendName(StorageScope.Secure, webSecureStorageBackend),
-        encrypted: getWebSecureEncryptionStatus(webSecureStorageBackend),
-        hardwareBacked: "unavailable",
-        biometricProtected,
-        valueExposed: false
-      };
-    });
-  },
-  getAllSecureMetadata: () => {
-    return measureOperation("storage:getAllSecureMetadata", StorageScope.Secure, () => {
-      flushSecureWrites();
-      return WebStorage.getAllKeys(StorageScope.Secure).map(key => storage.getSecureMetadata(key));
-    });
-  },
-  getString: (key, scope) => {
-    return measureOperation("storage:getString", scope, () => {
-      return getRawValue(key, scope);
-    });
-  },
-  setString: (key, value, scope) => {
-    measureOperation("storage:setString", scope, () => {
-      setRawValue(key, value, scope);
-    });
-  },
-  deleteString: (key, scope) => {
-    measureOperation("storage:deleteString", scope, () => {
-      removeRawValue(key, scope);
-    });
-  },
-  import: (data, scope) => {
-    const keys = Object.keys(data);
-    measureOperation("storage:import", scope, () => {
-      assertValidScope(scope);
-      if (keys.length === 0) return;
-      const values = keys.map(k => data[k]);
-      const changes = keys.map((key, index) => createKeyChange(scope, key, getEventRawValue(scope, key), values[index], "import", scope === StorageScope.Memory ? "memory" : "web"));
-      if (scope === StorageScope.Memory) {
-        keys.forEach((key, index) => {
-          memoryStore.set(key, values[index]);
-        });
-        keys.forEach(key => notifyKeyListeners(memoryListeners, key));
-        emitBatchChange(scope, "import", "memory", changes);
-        return;
-      }
-      if (scope === StorageScope.Secure) {
-        flushSecureWrites();
-        WebStorage.setSecureAccessControl(secureDefaultAccessControl);
-      }
-      if (scope === StorageScope.Disk) {
-        flushDiskWrites();
-      }
-      WebStorage.setBatch(keys, values, scope);
-      keys.forEach((key, index) => cacheRawValue(scope, key, values[index]));
-      emitBatchChange(scope, "import", "web", changes);
-    }, keys.length);
   }
 };
+export const createStorageItem = core.createStorageItem;
+export const getBatch = core.getBatch;
+export const setBatch = core.setBatch;
+export const removeBatch = core.removeBatch;
+export const registerMigration = core.registerMigration;
+export const migrateToLatest = core.migrateToLatest;
+export const runTransaction = core.runTransaction;
+export const createSecureAuthStorage = core.createSecureAuthStorage;
 export function setWebSecureStorageBackend(backend) {
   const previousBackend = webSecureStorageBackend;
   const nextBackend = backend ?? createDefaultSecureBackend();
-  pendingSecureWrites.clear();
+  internals.clearAllPendingSecureWrites();
   resetBackendChangeSubscription(StorageScope.Secure);
   webSecureStorageBackend = nextBackend;
   hydratedWebScopeKeyIndex.delete(StorageScope.Secure);
-  clearScopeRawCache(StorageScope.Secure);
+  internals.clearScopeRawCache(StorageScope.Secure);
   ensureExternalSyncSubscriptions();
   if (previousBackend !== nextBackend) {
     closeWebBackend(StorageScope.Secure, previousBackend);
@@ -1213,11 +524,11 @@ export function getWebSecureStorageBackend() {
 export function setWebDiskStorageBackend(backend) {
   const previousBackend = webDiskStorageBackend;
   const nextBackend = backend ?? createDefaultDiskBackend();
-  pendingDiskWrites.clear();
+  internals.clearAllPendingDiskWrites();
   resetBackendChangeSubscription(StorageScope.Disk);
   webDiskStorageBackend = nextBackend;
   hydratedWebScopeKeyIndex.delete(StorageScope.Disk);
-  clearScopeRawCache(StorageScope.Disk);
+  internals.clearScopeRawCache(StorageScope.Disk);
   ensureExternalSyncSubscriptions();
   if (previousBackend !== nextBackend) {
     closeWebBackend(StorageScope.Disk, previousBackend);
@@ -1227,8 +538,8 @@ export function getWebDiskStorageBackend() {
   return webDiskStorageBackend;
 }
 export async function flushWebStorageBackends() {
-  flushDiskWrites();
-  flushSecureWrites();
+  internals.flushDiskWrites();
+  internals.flushSecureWrites();
   const flushes = [];
   const diskFlush = webDiskStorageBackend?.flush;
   const secureFlush = webSecureStorageBackend?.flush;
@@ -1240,784 +551,6 @@ export async function flushWebStorageBackends() {
   }
   await Promise.all(flushes);
 }
-function canUseRawBatchPath(item) {
-  return item._hasExpiration === false && item._hasValidation === false && item._isBiometric !== true && item._secureAccessControl === undefined;
-}
-function canUseSecureRawBatchPath(item) {
-  return item._hasExpiration === false && item._hasValidation === false && item._isBiometric !== true;
-}
-function defaultSerialize(value) {
-  return serializeWithPrimitiveFastPath(value);
-}
-function defaultDeserialize(value) {
-  return deserializeWithPrimitiveFastPath(value);
-}
-export function createStorageItem(config) {
-  const storageKey = prefixKey(config.namespace, config.key);
-  const serialize = config.serialize ?? defaultSerialize;
-  const deserialize = config.deserialize ?? defaultDeserialize;
-  const isMemory = config.scope === StorageScope.Memory;
-  const resolvedBiometricLevel = config.scope === StorageScope.Secure ? config.biometricLevel ?? (config.biometric === true ? BiometricLevel.BiometryOnly : BiometricLevel.None) : BiometricLevel.None;
-  const isBiometric = resolvedBiometricLevel !== BiometricLevel.None;
-  const secureAccessControl = config.accessControl;
-  const validate = config.validate;
-  const onValidationError = config.onValidationError;
-  const expiration = config.expiration;
-  const onExpired = config.onExpired;
-  const expirationTtlMs = expiration?.ttlMs;
-  const memoryExpiration = expiration && isMemory ? new Map() : null;
-  const readCache = !isMemory && config.readCache === true;
-  const coalesceDiskWrites = config.scope === StorageScope.Disk && config.coalesceDiskWrites === true;
-  const coalesceSecureWrites = config.scope === StorageScope.Secure && config.coalesceSecureWrites === true && !isBiometric;
-  const defaultValue = config.defaultValue;
-  const nonMemoryScope = config.scope === StorageScope.Disk ? StorageScope.Disk : config.scope === StorageScope.Secure ? StorageScope.Secure : null;
-  if (expiration && expiration.ttlMs <= 0) {
-    throw new Error("expiration.ttlMs must be greater than 0.");
-  }
-  if (config.scope === StorageScope.Secure) {
-    assertBiometricLevel(resolvedBiometricLevel);
-    if (secureAccessControl !== undefined) {
-      assertAccessControlLevel(secureAccessControl);
-    }
-  }
-  const listeners = new Set();
-  let unsubscribe = null;
-  let lastRaw = undefined;
-  let lastValue;
-  let hasLastValue = false;
-  let lastExpiresAt = undefined;
-  const invalidateParsedCache = () => {
-    lastRaw = undefined;
-    lastValue = undefined;
-    hasLastValue = false;
-    lastExpiresAt = undefined;
-  };
-  const ensureSubscription = () => {
-    if (unsubscribe) {
-      return;
-    }
-    const listener = () => {
-      invalidateParsedCache();
-      listeners.forEach(callback => callback());
-    };
-    if (isMemory) {
-      unsubscribe = addKeyListener(memoryListeners, storageKey, listener);
-      return;
-    }
-    ensureExternalSyncSubscriptions();
-    unsubscribe = addKeyListener(getScopedListeners(nonMemoryScope), storageKey, listener);
-  };
-  const readStoredRaw = () => {
-    if (isMemory) {
-      if (memoryExpiration) {
-        const expiresAt = memoryExpiration.get(storageKey);
-        if (expiresAt !== undefined && expiresAt <= Date.now()) {
-          memoryExpiration.delete(storageKey);
-          memoryStore.delete(storageKey);
-          notifyKeyListeners(memoryListeners, storageKey);
-          onExpired?.(storageKey);
-          return undefined;
-        }
-      }
-      return memoryStore.get(storageKey);
-    }
-    if (nonMemoryScope === StorageScope.Disk) {
-      const pending = pendingDiskWrites.get(storageKey);
-      if (pending !== undefined) {
-        return pending.value;
-      }
-    }
-    if (nonMemoryScope === StorageScope.Secure && !isBiometric) {
-      const pending = pendingSecureWrites.get(storageKey);
-      if (pending !== undefined) {
-        return pending.value;
-      }
-    }
-    if (readCache) {
-      const cache = getScopeRawCache(nonMemoryScope);
-      const cached = cache.get(storageKey);
-      if (cached !== undefined || cache.has(storageKey)) {
-        return cached;
-      }
-    }
-    if (isBiometric) {
-      return WebStorage.getSecureBiometric(storageKey);
-    }
-    const raw = WebStorage.get(storageKey, config.scope);
-    cacheRawValue(nonMemoryScope, storageKey, raw);
-    return raw;
-  };
-  const writeStoredRaw = rawValue => {
-    const oldValue = config.scope === StorageScope.Memory ? getEventRawValue(config.scope, storageKey) : undefined;
-    if (isBiometric) {
-      WebStorage.setSecureBiometricWithLevel(storageKey, rawValue, resolvedBiometricLevel);
-      emitKeyChange(config.scope, storageKey, oldValue, rawValue, "set", "web");
-      return;
-    }
-    cacheRawValue(nonMemoryScope, storageKey, rawValue);
-    if (nonMemoryScope === StorageScope.Disk) {
-      if (coalesceDiskWrites || diskWritesAsync) {
-        scheduleDiskWrite(storageKey, rawValue);
-        emitKeyChange(config.scope, storageKey, oldValue, rawValue, "set", "web");
-        return;
-      }
-      clearPendingDiskWrite(storageKey);
-    }
-    if (coalesceSecureWrites) {
-      scheduleSecureWrite(storageKey, rawValue, secureAccessControl ?? secureDefaultAccessControl);
-      emitKeyChange(config.scope, storageKey, oldValue, rawValue, "set", "web");
-      return;
-    }
-    if (nonMemoryScope === StorageScope.Secure) {
-      clearPendingSecureWrite(storageKey);
-    }
-    WebStorage.set(storageKey, rawValue, config.scope);
-    emitKeyChange(config.scope, storageKey, oldValue, rawValue, "set", "web");
-  };
-  const removeStoredRaw = () => {
-    const oldValue = getEventRawValue(config.scope, storageKey);
-    if (isBiometric) {
-      WebStorage.deleteSecureBiometric(storageKey);
-      emitKeyChange(config.scope, storageKey, oldValue, undefined, "remove", "web");
-      return;
-    }
-    cacheRawValue(nonMemoryScope, storageKey, undefined);
-    if (nonMemoryScope === StorageScope.Disk) {
-      if (coalesceDiskWrites || diskWritesAsync) {
-        scheduleDiskWrite(storageKey, undefined);
-        emitKeyChange(config.scope, storageKey, oldValue, undefined, "remove", "web");
-        return;
-      }
-      clearPendingDiskWrite(storageKey);
-    }
-    if (coalesceSecureWrites) {
-      scheduleSecureWrite(storageKey, undefined, secureAccessControl ?? secureDefaultAccessControl);
-      emitKeyChange(config.scope, storageKey, oldValue, undefined, "remove", "web");
-      return;
-    }
-    if (nonMemoryScope === StorageScope.Secure) {
-      clearPendingSecureWrite(storageKey);
-    }
-    WebStorage.remove(storageKey, config.scope);
-    emitKeyChange(config.scope, storageKey, oldValue, undefined, "remove", "web");
-  };
-  const writeValueWithoutValidation = value => {
-    if (isMemory) {
-      const oldValue = getEventRawValue(config.scope, storageKey);
-      if (memoryExpiration) {
-        memoryExpiration.set(storageKey, Date.now() + (expirationTtlMs ?? 0));
-      }
-      memoryStore.set(storageKey, value);
-      notifyKeyListeners(memoryListeners, storageKey);
-      emitKeyChange(config.scope, storageKey, oldValue, typeof value === "string" ? value : undefined, "set", "memory");
-      return;
-    }
-    const serialized = serialize(value);
-    if (expiration) {
-      const envelope = {
-        __nitroStorageEnvelope: true,
-        expiresAt: Date.now() + expiration.ttlMs,
-        payload: serialized
-      };
-      writeStoredRaw(JSON.stringify(envelope));
-      return;
-    }
-    writeStoredRaw(serialized);
-  };
-  const resolveInvalidValue = invalidValue => {
-    if (onValidationError) {
-      return onValidationError(invalidValue);
-    }
-    return defaultValue;
-  };
-  const ensureValidatedValue = (candidate, hadStoredValue) => {
-    if (!validate || validate(candidate)) {
-      return candidate;
-    }
-    const resolved = resolveInvalidValue(candidate);
-    if (validate && !validate(resolved)) {
-      return defaultValue;
-    }
-    if (hadStoredValue) {
-      writeValueWithoutValidation(resolved);
-    }
-    return resolved;
-  };
-  const getInternal = () => {
-    const raw = readStoredRaw();
-    if (!memoryExpiration && raw === lastRaw && hasLastValue) {
-      if (!expiration || lastExpiresAt === null) {
-        return lastValue;
-      }
-      if (typeof lastExpiresAt === "number") {
-        if (lastExpiresAt > Date.now()) {
-          return lastValue;
-        }
-        removeStoredRaw();
-        invalidateParsedCache();
-        onExpired?.(storageKey);
-        lastValue = ensureValidatedValue(defaultValue, false);
-        hasLastValue = true;
-        listeners.forEach(cb => cb());
-        return lastValue;
-      }
-    }
-    lastRaw = raw;
-    if (raw === undefined) {
-      lastExpiresAt = undefined;
-      lastValue = ensureValidatedValue(defaultValue, false);
-      hasLastValue = true;
-      return lastValue;
-    }
-    if (isMemory) {
-      lastExpiresAt = undefined;
-      lastValue = ensureValidatedValue(raw, true);
-      hasLastValue = true;
-      return lastValue;
-    }
-    if (typeof raw !== "string") {
-      lastExpiresAt = undefined;
-      lastValue = ensureValidatedValue(defaultValue, false);
-      hasLastValue = true;
-      return lastValue;
-    }
-    let deserializableRaw = raw;
-    if (expiration) {
-      let envelopeExpiresAt = null;
-      try {
-        const parsed = JSON.parse(raw);
-        if (isStoredEnvelope(parsed)) {
-          envelopeExpiresAt = parsed.expiresAt;
-          if (parsed.expiresAt <= Date.now()) {
-            removeStoredRaw();
-            invalidateParsedCache();
-            onExpired?.(storageKey);
-            lastValue = ensureValidatedValue(defaultValue, false);
-            hasLastValue = true;
-            listeners.forEach(cb => cb());
-            return lastValue;
-          }
-          deserializableRaw = parsed.payload;
-        }
-      } catch {
-        // Keep backward compatibility with legacy raw values.
-      }
-      lastExpiresAt = envelopeExpiresAt;
-    } else {
-      lastExpiresAt = undefined;
-    }
-    lastValue = ensureValidatedValue(deserialize(deserializableRaw), true);
-    hasLastValue = true;
-    return lastValue;
-  };
-  const getCurrentVersion = () => {
-    const raw = readStoredRaw();
-    return toVersionToken(raw);
-  };
-  const get = () => measureOperation("item:get", config.scope, () => getInternal());
-  const getWithVersion = () => measureOperation("item:getWithVersion", config.scope, () => ({
-    value: getInternal(),
-    version: getCurrentVersion()
-  }));
-  const set = valueOrFn => {
-    measureOperation("item:set", config.scope, () => {
-      const newValue = isUpdater(valueOrFn) ? valueOrFn(getInternal()) : valueOrFn;
-      if (validate && !validate(newValue)) {
-        throw new Error(`Validation failed for key "${storageKey}" in scope "${StorageScope[config.scope]}".`);
-      }
-      invalidateParsedCache();
-      writeValueWithoutValidation(newValue);
-    });
-  };
-  const setIfVersion = (version, valueOrFn) => measureOperation("item:setIfVersion", config.scope, () => {
-    const currentVersion = getCurrentVersion();
-    if (currentVersion !== version) {
-      return false;
-    }
-    set(valueOrFn);
-    return true;
-  });
-  const deleteItem = () => {
-    measureOperation("item:delete", config.scope, () => {
-      invalidateParsedCache();
-      if (isMemory) {
-        const oldValue = getEventRawValue(config.scope, storageKey);
-        if (memoryExpiration) {
-          memoryExpiration.delete(storageKey);
-        }
-        memoryStore.delete(storageKey);
-        notifyKeyListeners(memoryListeners, storageKey);
-        emitKeyChange(config.scope, storageKey, oldValue, undefined, "remove", "memory");
-        return;
-      }
-      removeStoredRaw();
-    });
-  };
-  const hasItem = () => measureOperation("item:has", config.scope, () => {
-    if (isMemory) return memoryStore.has(storageKey);
-    if (isBiometric) return WebStorage.hasSecureBiometric(storageKey);
-    if (nonMemoryScope === StorageScope.Disk) {
-      const pending = pendingDiskWrites.get(storageKey);
-      if (pending !== undefined) {
-        return pending.value !== undefined;
-      }
-    }
-    if (nonMemoryScope === StorageScope.Secure) {
-      const pending = pendingSecureWrites.get(storageKey);
-      if (pending !== undefined) {
-        return pending.value !== undefined;
-      }
-    }
-    return WebStorage.has(storageKey, config.scope);
-  });
-  const subscribe = callback => {
-    ensureSubscription();
-    listeners.add(callback);
-    return () => {
-      listeners.delete(callback);
-      if (listeners.size === 0 && unsubscribe) {
-        unsubscribe();
-        unsubscribe = null;
-      }
-    };
-  };
-  const subscribeSelector = (selector, listener, options = {}) => {
-    const isEqual = options.isEqual ?? Object.is;
-    let currentValue = selector(getInternal());
-    if (options.fireImmediately === true) {
-      listener(currentValue, currentValue);
-    }
-    return subscribe(() => {
-      const nextValue = selector(getInternal());
-      if (isEqual(currentValue, nextValue)) {
-        return;
-      }
-      const previousValue = currentValue;
-      currentValue = nextValue;
-      listener(nextValue, previousValue);
-    });
-  };
-  const storageItem = {
-    get,
-    getWithVersion,
-    set,
-    setIfVersion,
-    delete: deleteItem,
-    has: hasItem,
-    subscribe,
-    subscribeSelector,
-    serialize,
-    deserialize,
-    _triggerListeners: () => {
-      invalidateParsedCache();
-      listeners.forEach(listener => listener());
-    },
-    _invalidateParsedCacheOnly: () => {
-      invalidateParsedCache();
-    },
-    _hasValidation: validate !== undefined,
-    _hasExpiration: expiration !== undefined,
-    _readCacheEnabled: readCache,
-    _isBiometric: isBiometric,
-    _biometricLevel: resolvedBiometricLevel,
-    _defaultValue: defaultValue,
-    ...(secureAccessControl !== undefined ? {
-      _secureAccessControl: secureAccessControl
-    } : {}),
-    scope: config.scope,
-    key: storageKey
-  };
-  return storageItem;
-}
 export { useStorage, useStorageSelector, useSetStorage } from "./storage-hooks";
 export { createIndexedDBBackend } from "./indexeddb-backend";
-export function getBatch(items, scope) {
-  return measureOperation("batch:get", scope, () => {
-    assertBatchScope(items, scope);
-    if (scope === StorageScope.Memory) {
-      return items.map(item => item.get());
-    }
-    const useRawBatchPath = items.every(item => scope === StorageScope.Secure ? canUseSecureRawBatchPath(item) : canUseRawBatchPath(item));
-    if (!useRawBatchPath) {
-      return items.map(item => item.get());
-    }
-    const rawValues = new Array(items.length);
-    const keysToFetch = [];
-    const keyIndexes = [];
-    items.forEach((item, index) => {
-      if (scope === StorageScope.Disk) {
-        const pending = pendingDiskWrites.get(item.key);
-        if (pending !== undefined) {
-          rawValues[index] = pending.value;
-          return;
-        }
-      }
-      if (scope === StorageScope.Secure) {
-        const pending = pendingSecureWrites.get(item.key);
-        if (pending !== undefined) {
-          rawValues[index] = pending.value;
-          return;
-        }
-      }
-      if (item._readCacheEnabled === true) {
-        const cache = getScopeRawCache(scope);
-        const cached = cache.get(item.key);
-        if (cached !== undefined || cache.has(item.key)) {
-          rawValues[index] = cached;
-          return;
-        }
-      }
-      keysToFetch.push(item.key);
-      keyIndexes.push(index);
-    });
-    if (keysToFetch.length > 0) {
-      const fetchedValues = WebStorage.getBatch(keysToFetch, scope);
-      fetchedValues.forEach((value, index) => {
-        const key = keysToFetch[index];
-        const targetIndex = keyIndexes[index];
-        if (key === undefined || targetIndex === undefined) {
-          return;
-        }
-        rawValues[targetIndex] = value;
-        cacheRawValue(scope, key, value);
-      });
-    }
-    return items.map((item, index) => {
-      const raw = rawValues[index];
-      if (raw === undefined) {
-        return asInternal(item)._defaultValue;
-      }
-      return item.deserialize(raw);
-    });
-  }, items.length);
-}
-export function setBatch(items, scope) {
-  measureOperation("batch:set", scope, () => {
-    assertBatchScope(items.map(batchEntry => batchEntry.item), scope);
-    if (scope === StorageScope.Memory) {
-      // Determine if any item needs per-item handling (validation or TTL)
-      const needsIndividualSets = items.some(({
-        item
-      }) => {
-        const internal = asInternal(item);
-        return internal._hasValidation || internal._hasExpiration;
-      });
-      if (needsIndividualSets) {
-        items.forEach(({
-          item,
-          value
-        }) => item.set(value));
-        return;
-      }
-      const changes = items.map(({
-        item,
-        value
-      }) => createKeyChange(scope, item.key, getEventRawValue(scope, item.key), typeof value === "string" ? value : undefined, "setBatch", "memory"));
-
-      // Atomic write: update all values in memoryStore, invalidate caches, then batch-notify
-      items.forEach(({
-        item,
-        value
-      }) => {
-        memoryStore.set(item.key, value);
-        asInternal(item)._invalidateParsedCacheOnly();
-      });
-      items.forEach(({
-        item
-      }) => notifyKeyListeners(memoryListeners, item.key));
-      emitBatchChange(scope, "setBatch", "memory", changes);
-      return;
-    }
-    if (scope === StorageScope.Secure) {
-      const secureEntries = items.map(({
-        item,
-        value
-      }) => ({
-        item,
-        value,
-        internal: asInternal(item)
-      }));
-      const canUseSecureBatchPath = secureEntries.every(({
-        internal
-      }) => canUseSecureRawBatchPath(internal));
-      if (!canUseSecureBatchPath) {
-        items.forEach(({
-          item,
-          value
-        }) => item.set(value));
-        return;
-      }
-      flushSecureWrites();
-      const keys = secureEntries.map(({
-        item
-      }) => item.key);
-      const oldValues = shouldReadPreviousEventValues(scope) ? WebStorage.getBatch(keys, scope) : [];
-      const groupedByAccessControl = new Map();
-      secureEntries.forEach(({
-        item,
-        value,
-        internal
-      }) => {
-        const accessControl = internal._secureAccessControl ?? secureDefaultAccessControl;
-        const existingGroup = groupedByAccessControl.get(accessControl);
-        const group = existingGroup ?? {
-          keys: [],
-          values: []
-        };
-        group.keys.push(item.key);
-        group.values.push(item.serialize(value));
-        if (!existingGroup) {
-          groupedByAccessControl.set(accessControl, group);
-        }
-      });
-      groupedByAccessControl.forEach((group, accessControl) => {
-        WebStorage.setSecureAccessControl(accessControl);
-        WebStorage.setBatch(group.keys, group.values, scope);
-        group.keys.forEach((key, index) => cacheRawValue(scope, key, group.values[index]));
-      });
-      emitBatchChange(scope, "setBatch", "web", secureEntries.map(({
-        item,
-        value
-      }, index) => createKeyChange(scope, item.key, oldValues[index], item.serialize(value), "setBatch", "web")));
-      return;
-    }
-    flushDiskWrites();
-    const useRawBatchPath = items.every(({
-      item
-    }) => canUseRawBatchPath(asInternal(item)));
-    if (!useRawBatchPath) {
-      items.forEach(({
-        item,
-        value
-      }) => item.set(value));
-      return;
-    }
-    const keys = items.map(entry => entry.item.key);
-    const values = items.map(entry => entry.item.serialize(entry.value));
-    const oldValues = shouldReadPreviousEventValues(scope) ? WebStorage.getBatch(keys, scope) : [];
-    WebStorage.setBatch(keys, values, scope);
-    keys.forEach((key, index) => cacheRawValue(scope, key, values[index]));
-    emitBatchChange(scope, "setBatch", "web", keys.map((key, index) => createKeyChange(scope, key, oldValues[index], values[index], "setBatch", "web")));
-  }, items.length);
-}
-export function removeBatch(items, scope) {
-  measureOperation("batch:remove", scope, () => {
-    assertBatchScope(items, scope);
-    if (scope === StorageScope.Memory) {
-      const changes = items.map(item => createKeyChange(scope, item.key, getEventRawValue(scope, item.key), undefined, "removeBatch", "memory"));
-      items.forEach(item => item.delete());
-      emitBatchChange(scope, "removeBatch", "memory", changes);
-      return;
-    }
-    const keys = items.map(item => item.key);
-    if (scope === StorageScope.Disk) {
-      flushDiskWrites();
-    }
-    if (scope === StorageScope.Secure) {
-      flushSecureWrites();
-    }
-    const oldValues = shouldReadPreviousEventValues(scope) ? WebStorage.getBatch(keys, scope) : [];
-    WebStorage.removeBatch(keys, scope);
-    keys.forEach(key => cacheRawValue(scope, key, undefined));
-    emitBatchChange(scope, "removeBatch", "web", keys.map((key, index) => createKeyChange(scope, key, oldValues[index], undefined, "removeBatch", "web")));
-  }, items.length);
-}
-export function registerMigration(version, migration) {
-  if (!Number.isInteger(version) || version <= 0) {
-    throw new Error("Migration version must be a positive integer.");
-  }
-  if (registeredMigrations.has(version)) {
-    throw new Error(`Migration version ${version} is already registered.`);
-  }
-  registeredMigrations.set(version, migration);
-}
-export function migrateToLatest(scope = StorageScope.Disk) {
-  return measureOperation("migration:run", scope, () => {
-    assertValidScope(scope);
-    const currentVersion = readMigrationVersion(scope);
-    const versions = Array.from(registeredMigrations.keys()).filter(version => version > currentVersion).sort((a, b) => a - b);
-    let appliedVersion = currentVersion;
-    const context = {
-      scope,
-      getRaw: key => getRawValue(key, scope),
-      setRaw: (key, value) => setRawValue(key, value, scope),
-      removeRaw: key => removeRawValue(key, scope)
-    };
-    versions.forEach(version => {
-      const migration = registeredMigrations.get(version);
-      if (!migration) {
-        return;
-      }
-      migration(context);
-      appliedVersion = version;
-    });
-    if (appliedVersion !== currentVersion) {
-      writeMigrationVersion(scope, appliedVersion);
-    }
-    return appliedVersion;
-  });
-}
-export function runTransaction(scope, transaction) {
-  return measureOperation("transaction:run", scope, () => {
-    assertValidScope(scope);
-    if (scope === StorageScope.Disk) {
-      flushDiskWrites();
-    }
-    if (scope === StorageScope.Secure) {
-      flushSecureWrites();
-    }
-    const NOT_SET = Symbol();
-    const rollback = new Map();
-    const rememberRollback = (key, item) => {
-      if (rollback.has(key)) {
-        return;
-      }
-      if (scope === StorageScope.Memory) {
-        rollback.set(key, {
-          kind: "memory",
-          value: memoryStore.has(key) ? memoryStore.get(key) : NOT_SET
-        });
-      } else {
-        const internal = item ? item : undefined;
-        if (scope === StorageScope.Secure && internal?._isBiometric === true) {
-          rollback.set(key, {
-            kind: "biometric",
-            value: WebStorage.getSecureBiometric(key),
-            level: internal._biometricLevel
-          });
-          return;
-        }
-        rollback.set(key, {
-          kind: "raw",
-          value: getRawValue(key, scope),
-          ...(scope === StorageScope.Secure && internal?._secureAccessControl !== undefined ? {
-            accessControl: internal._secureAccessControl
-          } : {})
-        });
-      }
-    };
-    const tx = {
-      scope,
-      getRaw: key => getRawValue(key, scope),
-      setRaw: (key, value) => {
-        rememberRollback(key);
-        setRawValue(key, value, scope);
-      },
-      removeRaw: key => {
-        rememberRollback(key);
-        removeRawValue(key, scope);
-      },
-      getItem: item => {
-        assertBatchScope([item], scope);
-        return item.get();
-      },
-      setItem: (item, value) => {
-        assertBatchScope([item], scope);
-        rememberRollback(item.key, item);
-        item.set(value);
-      },
-      removeItem: item => {
-        assertBatchScope([item], scope);
-        rememberRollback(item.key, item);
-        item.delete();
-      }
-    };
-    try {
-      return transaction(tx);
-    } catch (error) {
-      const rollbackEntries = Array.from(rollback.entries()).reverse();
-      if (scope === StorageScope.Memory) {
-        rollbackEntries.forEach(([key, record]) => {
-          if (record.value === NOT_SET) {
-            memoryStore.delete(key);
-          } else {
-            memoryStore.set(key, record.value);
-          }
-          notifyKeyListeners(memoryListeners, key);
-        });
-      } else {
-        const groupedKeysToSet = new Map();
-        const keysToRemove = [];
-        rollbackEntries.forEach(([key, record]) => {
-          if (record.kind === "biometric") {
-            if (record.value === undefined) {
-              WebStorage.deleteSecureBiometric(key);
-            } else {
-              WebStorage.setSecureBiometricWithLevel(key, record.value, record.level);
-            }
-            return;
-          }
-          if (record.kind !== "raw") {
-            return;
-          }
-          if (record.value === undefined) {
-            keysToRemove.push(key);
-          } else {
-            const accessControl = record.accessControl ?? secureDefaultAccessControl;
-            const existingGroup = groupedKeysToSet.get(accessControl);
-            const group = existingGroup ?? {
-              keys: [],
-              values: []
-            };
-            group.keys.push(key);
-            group.values.push(record.value);
-            if (!existingGroup) {
-              groupedKeysToSet.set(accessControl, group);
-            }
-          }
-        });
-        if (scope === StorageScope.Disk) {
-          flushDiskWrites();
-        }
-        if (scope === StorageScope.Secure) {
-          flushSecureWrites();
-        }
-        groupedKeysToSet.forEach((group, accessControl) => {
-          if (scope === StorageScope.Secure) {
-            WebStorage.setSecureAccessControl(accessControl);
-          }
-          WebStorage.setBatch(group.keys, group.values, scope);
-          group.keys.forEach((key, index) => cacheRawValue(scope, key, group.values[index]));
-        });
-        if (keysToRemove.length > 0) {
-          WebStorage.removeBatch(keysToRemove, scope);
-          keysToRemove.forEach(key => cacheRawValue(scope, key, undefined));
-        }
-      }
-      throw error;
-    }
-  });
-}
-export function createSecureAuthStorage(config, options) {
-  const ns = options?.namespace ?? "auth";
-  const result = {};
-  for (const key of typedKeys(config)) {
-    const itemConfig = config[key];
-    const expirationConfig = itemConfig.ttlMs !== undefined ? {
-      ttlMs: itemConfig.ttlMs
-    } : undefined;
-    result[key] = createStorageItem({
-      key,
-      scope: StorageScope.Secure,
-      defaultValue: "",
-      namespace: ns,
-      ...(itemConfig.biometric !== undefined ? {
-        biometric: itemConfig.biometric
-      } : {}),
-      ...(itemConfig.biometricLevel !== undefined ? {
-        biometricLevel: itemConfig.biometricLevel
-      } : {}),
-      ...(itemConfig.accessControl !== undefined ? {
-        accessControl: itemConfig.accessControl
-      } : {}),
-      ...(expirationConfig !== undefined ? {
-        expiration: expirationConfig
-      } : {})
-    });
-  }
-  return result;
-}
-export function isKeychainLockedError(err) {
-  return isLockedStorageErrorCode(getStorageErrorCode(err));
-}
 //# sourceMappingURL=index.web.js.map