tina4js 1.2.4 → 1.2.7

package/TINA4.md

@@ -16,6 +16,7 @@
 | API | `await api.get('/path')`, `.post`, `.put`, `.patch`, `.delete` |
 | PWA | `pwa.register({ name, themeColor, cacheStrategy })` |
 | WebSocket | `ws.connect('wss://...', { reconnect: true })` — signals for status/messages |
+| Storage | `persist(signal('light'), { key: 'theme' })` from `tina4js/storage` — survives a refresh |
 | Debug | `import 'tina4js/debug'` — toggle with Ctrl+Shift+D |
 
 ## File Conventions
@@ -40,6 +41,8 @@
 10. Use `static shadow = false` for light DOM components
 11. `route(pattern, handler)` — pattern is ALWAYS the first argument, handler/config is second
 12. `api.configure()` must be called before any API calls if you need auth or a base URL
+13. `persist()` is for user preferences only — never tokens, passwords, personal data, or any
+    credentials. localStorage is XSS-readable. See `STORAGE.md` for the full dangers list.
 
 ## Signal Patterns
 

package/dist/index.d.ts

@@ -18,4 +18,6 @@ export { ws } from './ws/ws';
 export type { SocketStatus, SocketOptions, ManagedSocket } from './ws/ws';
 export { sse } from './sse/sse';
 export type { StreamStatus, StreamOptions, ManagedStream } from './sse/sse';
+export { persist, clearPersistedKeys } from './storage/persist';
+export type { PersistOptions, PersistSerializer, PersistedSignal } from './storage/persist';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1E,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG1F,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,YAAY,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAG3C,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAC;AAC7B,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAG1E,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1E,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC5D,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,YAAY,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG1F,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,YAAY,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,YAAY,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAG3C,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAC;AAC7B,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAG1E,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG5E,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAChE,YAAY,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/storage/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * tina4js/storage — Persistent signals.
+ *
+ * Read STORAGE.md before using this module. localStorage is XSS-readable;
+ * never put credentials, tokens, personal data, or secrets here.
+ */
+export { persist, clearPersistedKeys } from './persist';
+export type { PersistOptions, PersistSerializer, PersistedSignal } from './persist';
+//# sourceMappingURL=index.d.ts.map

package/dist/storage/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AACxD,YAAY,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC"}

package/dist/storage/persist.d.ts

@@ -0,0 +1,75 @@
+/**
+ * tina4-js/storage — Persistent signals.
+ *
+ * Wrap a signal with persist() to read its initial value from localStorage
+ * (or sessionStorage) and write every change back. The value survives a
+ * page refresh. Opt-in per signal. Zero dependencies.
+ *
+ * SAFE FOR: theme, language, sidebar state, last-used filters, onboarding
+ *           flags, draft text the user expects back, guest cart contents.
+ *
+ * NEVER STORE: auth tokens, JWTs, session IDs, API keys, passwords, personal
+ *              data, payment details, permission flags, secrets, OTP seeds,
+ *              or any server-of-record state. localStorage is XSS-readable.
+ *              See STORAGE.md for the full dangers list.
+ */
+import { type Signal } from '../core/signal';
+export interface PersistSerializer<T> {
+    /** Parse a stored string back into a value. */
+    read(raw: string): T;
+    /** Serialize a value into a string that storage can hold. */
+    write(value: T): string;
+}
+export interface PersistOptions<T> {
+    /** Storage key. Required. */
+    key: string;
+    /** 'local' (default) survives a refresh; 'session' lives until the tab closes. */
+    storage?: 'local' | 'session';
+    /** JSON by default. Provide for Date, Map, Set, or any non-JSON shape. */
+    serializer?: PersistSerializer<T>;
+    /** Stored-shape version. Defaults to 1. */
+    version?: number;
+    /** Convert an older stored value into the current shape. */
+    migrate?: (oldValue: unknown, oldVersion: number | undefined) => T;
+    /** Subscribe to the storage event so other tabs see writes. Opt-in. */
+    syncTabs?: boolean;
+    /**
+     * Silence the credential-shape warning. Use only when you are certain
+     * the key or value is a coincidence (e.g. tokenColor for a UI palette).
+     */
+    silenceCredentialWarning?: boolean;
+}
+export interface PersistedSignal<T> extends Signal<T> {
+    /** Remove the key from storage. The signal keeps its current in-memory value. */
+    clear(): void;
+    /** Stop watching storage events and stop the write effect. */
+    dispose(): void;
+}
+/** @internal Reset the warning cache. Tests only. */
+export declare function _resetWarnedKeys(): void;
+/**
+ * Wrap a signal so its value is read from storage on creation and written
+ * back on every change. Survives a page refresh.
+ *
+ * @param source  - The signal to persist. Its initial value is overwritten
+ *                  by whatever is in storage, if anything.
+ * @param options - Persistence options. `key` is required.
+ *
+ * @example
+ *   const theme = persist(signal('light'), { key: 'theme' });
+ *   theme.value = 'dark';   // survives a refresh
+ */
+export declare function persist<T>(source: Signal<T>, options: PersistOptions<T>): PersistedSignal<T>;
+/**
+ * Remove a list of persisted keys at once. Wire this to your logout handler
+ * so persisted state does not leak to the next user on the device.
+ *
+ * @example
+ *   function logout() {
+ *     api.post('/auth/logout');
+ *     clearPersistedKeys(['cart', 'lastFilter', 'draftReply']);
+ *     window.location.reload();
+ *   }
+ */
+export declare function clearPersistedKeys(keys: string[], kind?: 'local' | 'session'): void;
+//# sourceMappingURL=persist.d.ts.map

package/dist/storage/persist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persist.d.ts","sourceRoot":"","sources":["../../src/storage/persist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAU,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,WAAW,iBAAiB,CAAC,CAAC;IAClC,+CAA+C;IAC/C,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,CAAC,CAAC;IACrB,6DAA6D;IAC7D,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,cAAc,CAAC,CAAC;IAC/B,6BAA6B;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,kFAAkF;IAClF,OAAO,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC;IAC9B,0EAA0E;IAC1E,UAAU,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAClC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,SAAS,KAAK,CAAC,CAAC;IACnE,uEAAuE;IACvE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,CAAE,SAAQ,MAAM,CAAC,CAAC,CAAC;IACnD,iFAAiF;IACjF,KAAK,IAAI,IAAI,CAAC;IACd,8DAA8D;IAC9D,OAAO,IAAI,IAAI,CAAC;CACjB;AAyDD,qDAAqD;AACrD,wBAAgB,gBAAgB,IAAI,IAAI,CAEvC;AAqBD;;;;;;;;;;;GAWG;AACH,wBAAgB,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC,CA+I5F;AAYD;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,GAAE,OAAO,GAAG,SAAmB,GAAG,IAAI,CAW5F"}

package/dist/storage.cjs.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const O=require("./signal.cjs.js"),p={read:t=>JSON.parse(t),write:t=>JSON.stringify(t)},w=/(token|password|passwd|secret|api[_-]?key|apikey|auth(?!or)|credential|jwt|bearer|otp|seed|private[_-]?key|session[_-]?id)/i,T=/^[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}$/,N=/^[A-Za-z0-9+/_=-]{40,}$/,h=new Set;function S(t,r){if(w.test(t))return`key name "${t}" looks like a credential`;if(typeof r=="string"){if(T.test(r))return"value looks like a JWT";if(r.length>=40&&N.test(r))return"value looks like a long base64 / token"}if(r&&typeof r=="object"&&!Array.isArray(r)){for(const e of Object.keys(r))if(w.test(e))return`object contains a credential-shape field "${e}"`}return null}function b(t,r){h.has(r)||(h.add(r),console.warn(`[tina4 persist] ${t} (key: ${JSON.stringify(r)}). localStorage is XSS-readable and never appropriate for credentials, tokens, passwords, personal data, or secrets. See STORAGE.md.`))}function E(t){if(typeof globalThis>"u")return null;try{const r=t==="local"?globalThis.localStorage:globalThis.sessionStorage;return!r||typeof r.getItem!="function"?null:r}catch{return null}}function J(t,r){var k;const{key:e,storage:y="local",serializer:a=p,version:l=1,migrate:u,syncTabs:$=!1,silenceCredentialWarning:v=!1}=r;if(!e||typeof e!="string")throw new Error("[tina4 persist] options.key is required and must be a string");const f=E(y);if(!f)return m(t,()=>{},()=>{});try{const s=f.getItem(e);if(s!==null){let i,o;try{const n=JSON.parse(s);n&&typeof n=="object"&&"value"in n?(i=n.v,o=n.value):o=n}catch{o=a===p?s:a.read(s)}if(i===l||i===void 0){const n=a===p?o:a.read(typeof o=="string"?o:JSON.stringify(o));t.value=n}else if(u)try{t.value=u(o,i)}catch(n){console.warn(`[tina4 persist] migrate() threw for key "${e}":`,n)}else console.warn(`[tina4 persist] stored version ${i} does not match current ${l} for key "${e}", and no migrate() was provided. Discarding the stored value.`)}}catch(s){console.warn(`[tina4 persist] failed to read key "${e}":`,s)}if(!v){const s=S(e,t.peek());s&&b(s,e)}const A=O.effect(()=>{const s=t.value;if(!v){const i=S(e,s);i&&b(i,e)}try{const o=JSON.stringify(a===p?{v:l,value:s}:{v:l,value:a.write(s)});f.setItem(e,o)}catch(i){console.warn(`[tina4 persist] failed to write key "${e}":`,i)}});let g=null;if($&&typeof globalThis<"u"&&"addEventListener"in globalThis){const s=i=>{const o=i;if(o.storageArea===f&&o.key===e&&o.newValue!==null)try{const n=JSON.parse(o.newValue),c=n&&typeof n=="object"&&"v"in n?n.v:void 0,d=c!==void 0?n.value:n;c!==void 0&&c!==l&&u?t.value=u(d,c):(c===l||c===void 0)&&(t.value=a===p?d:a.read(typeof d=="string"?d:JSON.stringify(d)))}catch(n){console.warn(`[tina4 persist] failed to parse storage event for key "${e}":`,n)}};(k=globalThis.addEventListener)==null||k.call(globalThis,"storage",s),g=()=>{var i;(i=globalThis.removeEventListener)==null||i.call(globalThis,"storage",s)}}return m(t,()=>{try{f.removeItem(e)}catch(s){console.warn(`[tina4 persist] failed to clear key "${e}":`,s)}},()=>{A(),g&&g()})}function m(t,r,e){return Object.assign(t,{clear:r,dispose:e})}function _(t,r="local"){const e=E(r);if(e)for(const y of t)try{e.removeItem(y)}catch(a){console.warn(`[tina4 persist] failed to clear key "${y}":`,a)}}exports.clearPersistedKeys=_;exports.persist=J;

package/dist/storage.es.js

@@ -0,0 +1,144 @@
+import { e as O } from "./signal.es.js";
+const p = {
+  read: (t) => JSON.parse(t),
+  write: (t) => JSON.stringify(t)
+}, w = /(token|password|passwd|secret|api[_-]?key|apikey|auth(?!or)|credential|jwt|bearer|otp|seed|private[_-]?key|session[_-]?id)/i, T = /^[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}$/, N = /^[A-Za-z0-9+/_=-]{40,}$/, h = /* @__PURE__ */ new Set();
+function S(t, r) {
+  if (w.test(t))
+    return `key name "${t}" looks like a credential`;
+  if (typeof r == "string") {
+    if (T.test(r)) return "value looks like a JWT";
+    if (r.length >= 40 && N.test(r))
+      return "value looks like a long base64 / token";
+  }
+  if (r && typeof r == "object" && !Array.isArray(r)) {
+    for (const e of Object.keys(r))
+      if (w.test(e))
+        return `object contains a credential-shape field "${e}"`;
+  }
+  return null;
+}
+function b(t, r) {
+  h.has(r) || (h.add(r), console.warn(
+    `[tina4 persist] ${t} (key: ${JSON.stringify(r)}). localStorage is XSS-readable and never appropriate for credentials, tokens, passwords, personal data, or secrets. See STORAGE.md.`
+  ));
+}
+function E(t) {
+  if (typeof globalThis > "u") return null;
+  try {
+    const r = t === "local" ? globalThis.localStorage : globalThis.sessionStorage;
+    return !r || typeof r.getItem != "function" ? null : r;
+  } catch {
+    return null;
+  }
+}
+function _(t, r) {
+  var k;
+  const {
+    key: e,
+    storage: y = "local",
+    serializer: a = p,
+    version: l = 1,
+    migrate: g,
+    syncTabs: $ = !1,
+    silenceCredentialWarning: v = !1
+  } = r;
+  if (!e || typeof e != "string")
+    throw new Error("[tina4 persist] options.key is required and must be a string");
+  const f = E(y);
+  if (!f)
+    return m(t, () => {
+    }, () => {
+    });
+  try {
+    const s = f.getItem(e);
+    if (s !== null) {
+      let o, i;
+      try {
+        const n = JSON.parse(s);
+        n && typeof n == "object" && "value" in n ? (o = n.v, i = n.value) : i = n;
+      } catch {
+        i = a === p ? s : a.read(s);
+      }
+      if (o === l || o === void 0) {
+        const n = a === p ? i : a.read(typeof i == "string" ? i : JSON.stringify(i));
+        t.value = n;
+      } else if (g)
+        try {
+          t.value = g(i, o);
+        } catch (n) {
+          console.warn(`[tina4 persist] migrate() threw for key "${e}":`, n);
+        }
+      else
+        console.warn(
+          `[tina4 persist] stored version ${o} does not match current ${l} for key "${e}", and no migrate() was provided. Discarding the stored value.`
+        );
+    }
+  } catch (s) {
+    console.warn(`[tina4 persist] failed to read key "${e}":`, s);
+  }
+  if (!v) {
+    const s = S(e, t.peek());
+    s && b(s, e);
+  }
+  const A = O(() => {
+    const s = t.value;
+    if (!v) {
+      const o = S(e, s);
+      o && b(o, e);
+    }
+    try {
+      const i = JSON.stringify(a === p ? { v: l, value: s } : { v: l, value: a.write(s) });
+      f.setItem(e, i);
+    } catch (o) {
+      console.warn(`[tina4 persist] failed to write key "${e}":`, o);
+    }
+  });
+  let u = null;
+  if ($ && typeof globalThis < "u" && "addEventListener" in globalThis) {
+    const s = (o) => {
+      const i = o;
+      if (i.storageArea === f && i.key === e && i.newValue !== null)
+        try {
+          const n = JSON.parse(i.newValue), c = n && typeof n == "object" && "v" in n ? n.v : void 0, d = c !== void 0 ? n.value : n;
+          c !== void 0 && c !== l && g ? t.value = g(d, c) : (c === l || c === void 0) && (t.value = a === p ? d : a.read(typeof d == "string" ? d : JSON.stringify(d)));
+        } catch (n) {
+          console.warn(`[tina4 persist] failed to parse storage event for key "${e}":`, n);
+        }
+    };
+    (k = globalThis.addEventListener) == null || k.call(globalThis, "storage", s), u = () => {
+      var o;
+      (o = globalThis.removeEventListener) == null || o.call(globalThis, "storage", s);
+    };
+  }
+  return m(
+    t,
+    () => {
+      try {
+        f.removeItem(e);
+      } catch (s) {
+        console.warn(`[tina4 persist] failed to clear key "${e}":`, s);
+      }
+    },
+    () => {
+      A(), u && u();
+    }
+  );
+}
+function m(t, r, e) {
+  return Object.assign(t, { clear: r, dispose: e });
+}
+function L(t, r = "local") {
+  const e = E(r);
+  if (e)
+    for (const y of t)
+      try {
+        e.removeItem(y);
+      } catch (a) {
+        console.warn(`[tina4 persist] failed to clear key "${y}":`, a);
+      }
+}
+export {
+  L as clearPersistedKeys,
+  _ as persist
+};

package/dist/tina4.cjs.js

@@ -1 +1 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./signal.cjs.js"),r=require("./core.cjs.js"),i=require("./component.cjs.js"),t=require("./index.cjs.js"),s=require("./api.cjs.js"),n=require("./pwa.cjs.js"),o=require("./ws.cjs.js"),a=require("./sse.cjs.js");exports.batch=e.batch;exports.computed=e.computed;exports.effect=e.effect;exports.isSignal=e.isSignal;exports.signal=e.signal;exports.html=r.html;exports.Tina4Element=i.Tina4Element;exports.navigate=t.navigate;exports.route=t.route;exports.router=t.router;exports.api=s.api;exports.pwa=n.pwa;exports.ws=o.ws;exports.sse=a.sse;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./signal.cjs.js"),s=require("./core.cjs.js"),i=require("./component.cjs.js"),r=require("./index.cjs.js"),a=require("./api.cjs.js"),n=require("./pwa.cjs.js"),o=require("./ws.cjs.js"),c=require("./sse.cjs.js"),t=require("./storage.cjs.js");exports.batch=e.batch;exports.computed=e.computed;exports.effect=e.effect;exports.isSignal=e.isSignal;exports.signal=e.signal;exports.html=s.html;exports.Tina4Element=i.Tina4Element;exports.navigate=r.navigate;exports.route=r.route;exports.router=r.router;exports.api=a.api;exports.pwa=n.pwa;exports.ws=o.ws;exports.sse=c.sse;exports.clearPersistedKeys=t.clearPersistedKeys;exports.persist=t.persist;

package/dist/tina4.es.js

@@ -1,24 +1,27 @@
-import { b as a, c as e, e as t, i as s, s as m } from "./signal.es.js";
+import { b as o, c as s, e as a, i as t, s as p } from "./signal.es.js";
 import { html as f } from "./core.es.js";
-import { T as i } from "./component.es.js";
+import { T as x } from "./component.es.js";
 import { n as c, r as l, a as g } from "./index.es.js";
 import { api as b } from "./api.es.js";
-import { pwa as w } from "./pwa.es.js";
-import { ws as d } from "./ws.es.js";
-import { sse as E } from "./sse.es.js";
+import { pwa as h } from "./pwa.es.js";
+import { ws as T } from "./ws.es.js";
+import { sse as y } from "./sse.es.js";
+import { clearPersistedKeys as K, persist as P } from "./storage.es.js";
 export {
-  i as Tina4Element,
+  x as Tina4Element,
   b as api,
-  a as batch,
-  e as computed,
-  t as effect,
+  o as batch,
+  K as clearPersistedKeys,
+  s as computed,
+  a as effect,
   f as html,
-  s as isSignal,
+  t as isSignal,
   c as navigate,
-  w as pwa,
+  P as persist,
+  h as pwa,
   l as route,
   g as router,
-  m as signal,
-  E as sse,
-  d as ws
+  p as signal,
+  y as sse,
+  T as ws
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tina4js",
-  "version": "1.2.4",
+  "version": "1.2.7",
   "description": "1.5KB core gzipped, reactive framework — signals, web components, routing, PWA",
   "type": "module",
   "main": "dist/tina4.cjs.js",
@@ -39,6 +39,10 @@
     "./sse": {
       "import": "./dist/sse.es.js",
       "types": "./dist/sse/index.d.ts"
+    },
+    "./storage": {
+      "import": "./dist/storage.es.js",
+      "types": "./dist/storage/index.d.ts"
     }
   },
   "sideEffects": false,

package/readme.md

@@ -11,7 +11,7 @@
 
 <p align="center">
   <a href="https://www.npmjs.com/package/tina4js"><img src="https://img.shields.io/npm/v/tina4js?color=7b1fa2&label=npm" alt="npm"></a>
-  <img src="https://img.shields.io/badge/tests-265%20passing-brightgreen" alt="Tests">
+  <img src="https://img.shields.io/badge/tests-303%20passing-brightgreen" alt="Tests">
   <img src="https://img.shields.io/badge/core-1.5KB%20gzipped-blue" alt="Core size">
   <img src="https://img.shields.io/badge/dependencies-0-brightgreen" alt="Zero Deps">
   <a href="https://tina4.com/js"><img src="https://img.shields.io/badge/docs-tina4.com%2Fjs-7b1fa2" alt="Docs"></a>
@@ -58,9 +58,11 @@ Every module is built from scratch -- no node_modules bloat, no third-party runt
 | **API** | 1.49 KB | Fetch client with auth (Bearer + formToken + FreshToken rotation), interceptors, per-request headers/params |
 | **WebSocket** | 0.91 KB | Signal-driven status, auto-reconnect with exponential backoff, pipe() to signal, JSON auto-parse |
 | **PWA** | 1.16 KB | Service worker + manifest generation, cache strategies (network-first, cache-first, stale-while-revalidate) |
+| **SSE** | 1.33 KB | Server-Sent Events and NDJSON streaming, dual-mode (EventSource + fetch), reactive status signal |
+| **Storage** | 1.67 KB | `persist()` wrapper for signals — survives a page refresh, opt-in per signal, SSR-safe, with loud warnings on credential-shaped keys |
 | **Debug** | 5.11 KB | Dev overlay (Ctrl+Shift+D) -- signals, components, routes, API panels |
 
-**238 tests across 10 test files. Zero dependencies. Under 3KB for the full core.**
+**303 tests across 14 test files. Zero dependencies. Under 3KB for the full core.**
 
 For full documentation visit **[tina4.com/javascript](https://tina4.com/js)**.