toiljs 0.0.54 → 0.0.56

package/examples/basic/server/routes/Auth.ts

@@ -1,5 +1,6 @@
 import { Response, RouteContext } from 'toiljs/server/runtime';
 import { DataReader, DataWriter } from 'data';
+import { Record } from 'toildb';
 
 import { encodeSessionUser } from './Session';
 
@@ -15,11 +16,11 @@ import { encodeSessionUser } from './Session';
  * auth). See `server/globals/auth.ts` (the `AuthService` global) and the client
  * half in `toiljs/client` (`Auth.register` / `Auth.login`).
  *
- * STORAGE: backed by the DEV-ONLY `kv.*` host imports (see
- * `src/devserver/kv.ts`) so the register -> login chain spans requests under
- * `toiljs dev`. REMOVE LATER: this is a stand-in; once toildb is implemented,
- * the Accounts/Challenges stores move onto it and this goes away. `kv.*` is not
- * on the production edge.
+ * STORAGE: backed by ToilDB (`@database AuthDb`). Accounts are a `record`
+ * collection keyed by username; login challenges are a `record` consumed exactly
+ * once with `getDelete` (atomic fetch-and-delete). The dev server emulates these
+ * `env.data.*` host imports in process (so register -> login spans requests under
+ * `toiljs dev`); the production edge backs the SAME API with ScyllaDB.
  *
  * Wire: every body/response is binary (`DataWriter`/`DataReader`), never JSON.
  */
@@ -36,19 +37,6 @@ const DEMO_PAR: u32 = 1;
 const CHALLENGE_TTL_SECS: u64 = 120;
 const SESSION_TTL_SECS: u64 = 3600;
 
-function utf8(s: string): Uint8Array {
-    return Uint8Array.wrap(String.UTF8.encode(s));
-}
-
-function toHex(b: Uint8Array): string {
-    let s = '';
-    for (let i = 0; i < b.length; i++) {
-        const v = b[i];
-        s += (v < 16 ? '0' : '') + (<u32>v).toString(16);
-    }
-    return s;
-}
-
 function randomBytes(n: i32): Uint8Array {
     const b = new Uint8Array(n);
     crypto.getRandomValues(b);
@@ -76,45 +64,28 @@ function deriveSalt(username: string): Uint8Array {
     return crypto.sha256Text('toil-demo-salt-v1:' + username).slice(0, 16);
 }
 
+// ToilDB collections (the `kv.*` dev placeholder is gone). The key + value are
+// `@data` types: the binary codec is generated, the host marshals it, and the
+// challenge is consumed exactly once with `getDelete`.
 
-// @ts-ignore: decorator
-@external('env', 'kv.put')
-declare function __kvPut(keyPtr: usize, keyLen: i32, valPtr: usize, valLen: i32): void;
-// @ts-ignore: decorator
-@external('env', 'kv.get')
-declare function __kvGet(keyPtr: usize, keyLen: i32, outPtr: usize, outCap: i32): i32;
-// @ts-ignore: decorator
-@external('env', 'kv.getdel')
-declare function __kvGetDel(keyPtr: usize, keyLen: i32, outPtr: usize, outCap: i32): i32;
-
-const KV_CAP: i32 = 8192; // bounds account (~1.5 KiB) + challenge (~100 B) records
-
-function kvPut(key: Uint8Array, val: Uint8Array): void {
-    __kvPut(key.dataStart, key.length, val.dataStart, val.length);
-}
-function kvGet(key: Uint8Array): Uint8Array | null {
-    const out = new Uint8Array(KV_CAP);
-    const n = __kvGet(key.dataStart, key.length, out.dataStart, KV_CAP);
-    if (n < 0) return null;
-    return out.slice(0, n);
-}
-/** Atomic fetch-and-delete: consumes a login challenge exactly once. */
-function kvGetDel(key: Uint8Array): Uint8Array | null {
-    const out = new Uint8Array(KV_CAP);
-    const n = __kvGetDel(key.dataStart, key.length, out.dataStart, KV_CAP);
-    if (n < 0) return null;
-    return out.slice(0, n);
+@data
+class Username {
+    name: string = '';
+    constructor(name: string = '') {
+        this.name = name;
+    }
 }
 
-function acctKey(username: string): Uint8Array {
-    return utf8('acct:' + username);
-}
-function chalKey(cid: Uint8Array): Uint8Array {
-    return utf8('chal:' + toHex(cid));
+@data
+class ChallengeId {
+    cid: Uint8Array = new Uint8Array(0);
+    constructor(cid: Uint8Array = new Uint8Array(0)) {
+        this.cid = cid;
+    }
 }
 
-
-class Account {
+@data
+class AuthAccount {
     username: string = '';
     salt: Uint8Array = new Uint8Array(0);
     publicKey: Uint8Array = new Uint8Array(0);
@@ -123,30 +94,7 @@ class Account {
     parallelism: u32 = 0;
 }
 
-function putAccount(a: Account): void {
-    const w = new DataWriter();
-    w.writeString(a.username);
-    w.writeBytes(a.salt);
-    w.writeBytes(a.publicKey);
-    w.writeU32(a.memKiB);
-    w.writeU32(a.iterations);
-    w.writeU32(a.parallelism);
-    kvPut(acctKey(a.username), w.toBytes());
-}
-function getAccount(username: string): Account | null {
-    const raw = kvGet(acctKey(username));
-    if (raw == null) return null;
-    const r = new DataReader(raw);
-    const a = new Account();
-    a.username = r.readString();
-    a.salt = r.readBytes();
-    a.publicKey = r.readBytes();
-    a.memKiB = r.readU32();
-    a.iterations = r.readU32();
-    a.parallelism = r.readU32();
-    return r.ok ? a : null;
-}
-
+@data
 class Challenge {
     cid: Uint8Array = new Uint8Array(0);
     username: string = '';
@@ -155,26 +103,10 @@ class Challenge {
     exp: u64 = 0;
 }
 
-function putChallenge(c: Challenge): void {
-    const w = new DataWriter();
-    w.writeBytes(c.cid);
-    w.writeString(c.username);
-    w.writeBytes(c.nonce);
-    w.writeU64(c.iat);
-    w.writeU64(c.exp);
-    kvPut(chalKey(c.cid), w.toBytes());
-}
-function consumeChallenge(cid: Uint8Array): Challenge | null {
-    const raw = kvGetDel(chalKey(cid));
-    if (raw == null) return null;
-    const r = new DataReader(raw);
-    const c = new Challenge();
-    c.cid = r.readBytes();
-    c.username = r.readString();
-    c.nonce = r.readBytes();
-    c.iat = r.readU64();
-    c.exp = r.readU64();
-    return r.ok ? c : null;
+@database
+class AuthDb {
+    @collection accounts!: Record<AuthAccount, Username>;
+    @collection challenges!: Record<Challenge, ChallengeId>;
 }
 
 @rest('auth')
@@ -214,7 +146,7 @@ class Auth {
         if (pk.length != AuthService.PUBLIC_KEY_LEN) return fail();
         // Already registered: a distinguishable status (not the generic 401) so the
         // client can say "username taken, log in instead" rather than a blank error.
-        if (getAccount(username) != null) {
+        if (AuthDb.accounts.exists(new Username(username))) {
             return Response.bytes(new DataWriter().writeU8(1).toBytes());
         }
 
@@ -223,14 +155,17 @@ class Auth {
         const regMsg = AuthService.buildRegisterMessage(username, pk);
         if (!AuthService.verifyRegister(pk, regMsg, proof)) return fail();
 
-        const a = new Account();
+        const a = new AuthAccount();
         a.username = username;
         a.salt = deriveSalt(username);
         a.publicKey = pk;
         a.memKiB = DEMO_MEM_KIB;
         a.iterations = DEMO_ITERS;
         a.parallelism = DEMO_PAR;
-        putAccount(a);
+        // create-if-absent: a racing duplicate registration loses here, not above.
+        if (!AuthDb.accounts.create(new Username(username), a)) {
+            return Response.bytes(new DataWriter().writeU8(1).toBytes());
+        }
         return Response.bytes(new DataWriter().writeU8(0).toBytes());
     }
 
@@ -249,7 +184,7 @@ class Auth {
         const evaluated = AuthService.oprfEvaluate(username, blinded);
         if (evaluated.length != AuthService.OPRF_ELEMENT_LEN) return fail();
 
-        const acct = getAccount(username);
+        const known = AuthDb.accounts.exists(new Username(username));
         const cid = randomBytes(16);
         const nonce = randomBytes(32);
         const iat = nowSecs();
@@ -257,14 +192,14 @@ class Auth {
 
         // Persist only for a real account; the response is identical either way,
         // and login/finish for an unknown user fails generically at consume.
-        if (acct != null) {
+        if (known) {
             const c = new Challenge();
             c.cid = cid;
             c.username = username;
             c.nonce = nonce;
             c.iat = iat;
             c.exp = exp;
-            putChallenge(c);
+            AuthDb.challenges.create(new ChallengeId(cid), c);
         }
 
         const w = new DataWriter();
@@ -292,17 +227,26 @@ class Auth {
         if (!r.ok) return fail();
 
         // 1. CONSUME FIRST: atomic fetch-and-delete. Unknown/used/expired => fail.
-        const ch = consumeChallenge(cid);
+        const ch = AuthDb.challenges.getDelete(new ChallengeId(cid));
         if (ch == null) return fail();
         if (nowSecs() >= ch.exp) return fail();
 
         // 2. Rebuild the message from OUR stored values + the client's ct (and
         //    the bound params + server key id), load the account key, verify.
-        const acct = getAccount(ch.username);
+        const acct = AuthDb.accounts.get(new Username(ch.username));
         if (acct == null) return fail();
         const message = AuthService.buildLoginMessage(
-            ch.username, AUD, cid, ch.nonce, ch.iat, ch.exp,
-            ct, DEMO_MEM_KIB, DEMO_ITERS, DEMO_PAR, AuthService.serverKemKeyId(),
+            ch.username,
+            AUD,
+            cid,
+            ch.nonce,
+            ch.iat,
+            ch.exp,
+            ct,
+            DEMO_MEM_KIB,
+            DEMO_ITERS,
+            DEMO_PAR,
+            AuthService.serverKemKeyId()
         );
         if (!AuthService.verifyLogin(acct.publicKey, message, sig)) return fail();
 

package/examples/basic/server/routes/EnvDemo.ts

@@ -34,9 +34,15 @@ class EnvDemo {
         const apiKeySet = Environment.getSecure('DEMO_API_KEY') != null;
 
         const body =
-            'PUBLIC_GREETING=' + greeting + '\n' +
-            'REGION=' + region + '\n' +
-            'DEMO_API_KEY set=' + (apiKeySet ? 'yes' : 'no') + '\n';
+            'PUBLIC_GREETING=' +
+            greeting +
+            '\n' +
+            'REGION=' +
+            region +
+            '\n' +
+            'DEMO_API_KEY set=' +
+            (apiKeySet ? 'yes' : 'no') +
+            '\n';
         return Response.text(body, 200);
     }
 }

package/examples/basic/server/routes/Guestbook.ts

@@ -0,0 +1,62 @@
+import { Counter, Events } from 'toildb';
+
+import { GuestEntry } from '../models/GuestEntry';
+import { GuestbookView } from '../models/GuestbookView';
+import { NewMessage } from '../models/NewMessage';
+
+/**
+ * A PERSISTENT guestbook, mounted at `/guestbook`, backed by ToilDB.
+ *
+ * The contrast with `Players` (whose comment notes "memory resets next request")
+ * is the whole point: every signature is appended to an `events` stream and
+ * tallied in a `counter`, so the data SURVIVES across requests under `toiljs dev`
+ * (the in-process ToilDB emulator) and runs on ScyllaDB at the edge - same code,
+ * no connection string. On the client:
+ *
+ *   await Server.REST.guestbook.sign({ body: new NewMessage('Ada', 'hi!') });
+ *   const book = await Server.REST.guestbook.list(); // { total, entries: [...] }
+ */
+
+// The guestbook is one global stream; a single fixed key addresses it.
+@data
+class GuestKey {
+    room: string = 'main';
+    constructor(room: string = 'main') {
+        this.room = room;
+    }
+}
+
+@database
+class GuestbookDb {
+    @collection entries!: Events<GuestEntry, GuestKey>;
+    @collection totals!: Counter<GuestKey>;
+}
+
+/** The current total + the 10 newest entries. */
+function snapshot(): GuestbookView {
+    const key = new GuestKey('main');
+    const view = new GuestbookView();
+    view.total = GuestbookDb.totals.get(key);
+    view.entries = GuestbookDb.entries.latest(key, 10);
+    return view;
+}
+
+@rest('guestbook')
+class Guestbook {
+    /** `GET /guestbook` - the running total + the most recent signatures. */
+    @get('/')
+    public list(): GuestbookView {
+        return snapshot();
+    }
+
+    /** `POST /guestbook` - append a signature (PERSISTED) and return the
+     *  updated book. Sign twice and the total keeps climbing across requests. */
+    @post('/')
+    public sign(input: NewMessage): GuestbookView {
+        const key = new GuestKey('main');
+        const at = <u64>(Date.now() / 1000);
+        GuestbookDb.entries.append(key, new GuestEntry(input.author, input.message, at));
+        GuestbookDb.totals.add(key, 1);
+        return snapshot();
+    }
+}

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "toiljs",
     "type": "module",
-    "version": "0.0.54",
+    "version": "0.0.56",
     "author": "Dacely",
     "description": "The modern React framework: a file-based React frontend and a ToilScript-compiled WebAssembly backend.",
     "repository": {
@@ -131,7 +131,7 @@
         "nodemailer": "^9.0.0",
         "picocolors": "^1.1.1",
         "sharp": "^0.35.0",
-        "toilscript": "^0.1.27",
+        "toilscript": "^0.1.28",
         "typescript-eslint": "^8.60.0",
         "vite": "^8.0.14",
         "vite-imagetools": "^10.0.0",

package/server/globals/auth.ts

@@ -10,7 +10,7 @@
 // and the toiljs dev-server mock).
 
 import { DataWriter, DataReader } from 'data';
-import { HmacImportParams, HmacParams, ALG_SHA_256, USAGE_SIGN, USAGE_VERIFY } from 'crypto';
+import { HmacImportParams, HmacParams, ALG_SHA_256, FMT_RAW, USAGE_SIGN, USAGE_VERIFY } from 'crypto';
 
 import {
     Server,
@@ -160,7 +160,7 @@ function __resolveServerKemPk(): Uint8Array {
 // both keyed PRFs over the transcript; the client mirrors this with hash-wasm.
 function __hmacSha256(key: Uint8Array, msg: Uint8Array): Uint8Array {
     const k = crypto.subtle.importKey(
-        'raw',
+        FMT_RAW,
         key,
         new HmacImportParams(ALG_SHA_256),
         false,
@@ -511,7 +511,7 @@ export namespace AuthService {
 
     /** SHA-256 over `data` (ambient Web Crypto), for transcript/confirm hashing. */
     export function sha256(data: Uint8Array): Uint8Array {
-        return crypto.subtle.digest('SHA-256', data);
+        return crypto.subtle.digest(ALG_SHA_256, data);
     }
 
     /** `SHA-256(serverKemPublicKey)` -- the key identity bound into the login

package/server/globals/twofactor.ts

@@ -24,6 +24,7 @@ import {
     HmacImportParams,
     HmacParams,
     ALG_SHA_256,
+    FMT_RAW,
     USAGE_SIGN,
     USAGE_VERIFY,
 } from 'crypto';
@@ -45,7 +46,7 @@ const TWOFA_VERSION: u8 = 1;
 
 function importHmac(key: Uint8Array): CryptoKey {
     return crypto.subtle.importKey(
-        'raw',
+        FMT_RAW,
         key,
         new HmacImportParams(ALG_SHA_256),
         false,

package/server/runtime/http/securecookies.ts

@@ -30,6 +30,7 @@ import {
     HmacParams,
     ALG_AES_GCM,
     ALG_SHA_256,
+    FMT_RAW,
     USAGE_SIGN,
     USAGE_VERIFY,
     USAGE_ENCRYPT,
@@ -104,7 +105,7 @@ export class SecureCookies {
 
     private importHmac(key: Uint8Array): CryptoKey {
         return crypto.subtle.importKey(
-            'raw',
+            FMT_RAW,
             key,
             new HmacImportParams(ALG_SHA_256),
             false,
@@ -114,7 +115,7 @@ export class SecureCookies {
 
     private importAes(key: Uint8Array): CryptoKey {
         return crypto.subtle.importKey(
-            'raw',
+            FMT_RAW,
             key,
             new AesKeyParams(),
             false,

package/src/backend/index.ts

@@ -10,10 +10,10 @@ import fs from 'node:fs';
 import path from 'node:path';
 
 import {
-    Server,
     type MiddlewareNext,
     type Request,
     type Response,
+    Server,
     type Websocket,
 } from '@dacely/hyper-express';
 
@@ -172,7 +172,9 @@ export async function startBackend(options: BackendOptions): Promise<RunningBack
     // default upgrade handler (hyper-express links it to the companion ws route). Same-origin and
     // non-browser clients pass; others get 403.
     app.upgrade(wsPath, (request: Request, response: Response) => {
-        if (!isWsOriginAllowed(request.headers.origin, request.headers.host, options.allowedOrigins)) {
+        if (
+            !isWsOriginAllowed(request.headers.origin, request.headers.host, options.allowedOrigins)
+        ) {
             response.status(403).send();
             return;
         }

package/src/cli/doctor.ts

@@ -10,7 +10,12 @@ import { createRequire } from 'node:module';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 
-import { loadConfig, type ResolvedToilConfig, scanRoutes, TOIL_SERVER_ENV_DTS } from 'toiljs/compiler';
+import {
+    loadConfig,
+    type ResolvedToilConfig,
+    scanRoutes,
+    TOIL_SERVER_ENV_DTS,
+} from 'toiljs/compiler';
 
 import {
     type Check,
@@ -41,8 +46,8 @@ import {
     findRelativeAssets,
     hasFailures,
     type RestFacts,
-    type RpcFacts,
     RPC_TOILSCRIPT_MIN,
+    type RpcFacts,
     satisfiesMin,
     type SourceFile,
     summarize,
@@ -353,7 +358,9 @@ function applyRpcFix(root: string): RpcFixResult {
     const serverToilconfig = readJsonObject(path.join(root, 'toilconfig.json'));
     if (serverToilconfig !== null) {
         const entries = Array.isArray(serverToilconfig.entries)
-            ? (serverToilconfig.entries as unknown[]).filter((e): e is string => typeof e === 'string')
+            ? (serverToilconfig.entries as unknown[]).filter(
+                  (e): e is string => typeof e === 'string',
+              )
             : [];
         const dirs = new Set<string>();
         for (const e of entries) dirs.add(path.dirname(path.resolve(root, e)));

package/src/cli/notify.ts

@@ -13,12 +13,7 @@ import { fileURLToPath } from 'node:url';
 
 import { detectPackageManager } from './update.js';
 import { accent, bold, box, dim, version as cliVersion, warn } from './ui.js';
-import {
-    findOutdated,
-    isCacheFresh,
-    type OutdatedRow,
-    parseCheckCache,
-} from './version-check.js';
+import { findOutdated, isCacheFresh, type OutdatedRow, parseCheckCache } from './version-check.js';
 
 const REGISTRY_URL = 'https://registry.npmjs.org/toiljs/latest';
 const FETCH_TIMEOUT_MS = 2000;

package/src/cli/ui.ts

@@ -118,9 +118,7 @@ function visibleWidth(s: string): number {
 export function box(lines: readonly string[], paint: (s: string) => string = (s) => s): string {
     const width = lines.reduce((w, l) => Math.max(w, visibleWidth(l)), 0);
     const side = paint('│');
-    const body = lines.map(
-        (l) => `  ${side}  ${l}${' '.repeat(width - visibleWidth(l))}  ${side}`,
-    );
+    const body = lines.map((l) => `  ${side}  ${l}${' '.repeat(width - visibleWidth(l))}  ${side}`);
     return [
         '  ' + paint(`╭${'─'.repeat(width + 4)}╮`),
         ...body,
@@ -167,3 +165,5 @@ export function banner(): void {
     const ver = `${dim('  v')}${brand(version())}`;
     process.stdout.write('\n' + lines.join('\n') + '\n\n  ' + tagline() + '   ' + ver + '\n\n');
 }
+
+

package/src/cli/version-check.ts

@@ -29,7 +29,11 @@ export function parseCheckCache(raw: string): CheckCache | null {
 }
 
 /** True when the cached answer is still trustworthy (also stale if the clock went backwards). */
-export function isCacheFresh(cache: CheckCache, now: number, ttlMs: number = CHECK_TTL_MS): boolean {
+export function isCacheFresh(
+    cache: CheckCache,
+    now: number,
+    ttlMs: number = CHECK_TTL_MS,
+): boolean {
     return cache.checkedAt <= now && now - cache.checkedAt < ttlMs;
 }
 

package/src/client/auth.ts

@@ -11,7 +11,7 @@
  * JSON, byte-identical to the server's `AuthService.buildLoginMessage`.
  */
 
-import { argon2id, createSHA256, createHMAC } from 'hash-wasm';
+import { argon2id, createHMAC, createSHA256 } from 'hash-wasm';
 import { ml_dsa44 } from '@dacely/noble-post-quantum/ml-dsa.js';
 import { ml_kem768 } from '@dacely/noble-post-quantum/ml-kem.js';
 import { ristretto255_oprf } from '@noble/curves/ed25519.js';
@@ -45,7 +45,9 @@ function fromHex(hex: string): Uint8Array {
  * decapsulate, so a valid confirmation tag authenticates the server. This is
  * the demo dev key; a real deployment pins its own (and rotates it).
  */
-export const SERVER_KEM_PUBLIC_KEY = fromHex('29d765e8083182891302569b3712a856e564fdd484b0706b0c68568d5ab7edc742cf74459d64595455a60f267973aa55e43c5be61925a3822eafcca445e36dc4655636e31e6fc9bec338b253f94290008ef7f40dbddb49c15c690f6755a23a1b3c85cfd5207e71a607086a6fc6d74a05080f43276901a19cafdb8de7771d58ea07f0f1056b905127b22223d08e75173199f13ab13c5dcd3b51ac784f84e520484a262b845a897c41cf27324ab6ba545c78c9ccab361051e0bba53498af26240fa0d566d1572684f4b42e253e6d052c848650915063c35641e1121ef8d9cfd17b667b351103c56d195007c9376d0c08aa268396814490eab4c364175a94533267a1933862cc4c33bcf0a13d1fa2b9d6c5082eeca1480672f2526cbe013beff14dc908a386e0b633c8761023cbed760deac6709bc328d865ac82e12307b673d96711dbb27a4d939230d25b53d594169a318be0200fa33550e9418e2a3b30e9719edc09d5fc4306f1abfd021eab14637a8a72c5931d25dc9b56db0e6ab677522b10f25307dbb804a6774ce05b87b0976a4b227bfe6caf20a79e64004fbd27b1eea018b3ab8ffa629f2dc87f19278f95168e94e44660a3370c537795678eb2f056260609769740583b51b291862927a1938737c6a37f40b78f00671cccbcb88ac3427b37915ed58782998f84051647707d48995472baad3f64a7cca54e1c0734db08751c614a34f28b84f2c1b5a6817355ab61957c486b7acffbc092bc8a7b46387f33b53ed372f7168d31a71cd008539928b0cdf91e835aa97f6a2be6d327b87a6ae478701d75a59a25179cb14997bb2552853014724170a1c49b82c2bcebc3279024e1fa44c53c7afdc43f0bd22116490f3b74c90e7296be58b9a91168f2fa0c3d378a3bcac959f357825c9976a8c9ee944f29b45e96d7345d9b478431a20cf1c5d3a3227c717fd204619777636c0cb140db5c50d2a3302334461030bee34e4eb1a6f02b733f9ccda4290fa168bc039568373241542728d00030d1f251e83737cb215adbdc1de75978675a0cd0d75b12748abdda7a9852629c63697d145af2c69854b06e03f37c4b064e4c9a4c03f2ad4d081e70180e9547247921918118086b62b4f7727f46b24e3e79ba3f28209f32b5102035bf935856232f83642268c0292ec6bf8e9462382163d30a20b4bcb7b4439310ec9d0a148193907fc07697342967cf1a16c6b3c71558951fa915400736cf699262b54b723abb2ecc27b74b68ee494287595ef818388adb49e883c67bfa5c226c0eef037a0851a29d34675912c1ea1068310b6dfcd017c809c8fbfc2c3ae78dfef07299960eeefba182662a90fa422c1790f356a2ea909012b15623a9b9e450a282cb530589a68368b3583159d9010ac3e52cc974753c342e58279516339dfb691df94b13a223ad97eb6a09c21dafe6304a3642d6d2067b5238497661fe88ad1227ca3557be2a576b6e17c5a7f997ea07929e76407e376aba74c44cd8504804776f39bbb8327624188a63501e83b404d9438cade0b11dc3ac61856447fb072b91761c228878f01b2eb6b4b21ba664c2c75882431603b25a449ffeb8410b910558581777562aa9b2181fd9c04713ad9326462d3e842121c4997f9aa932417c67851625816de66e0d65637434629f39');
+export const SERVER_KEM_PUBLIC_KEY = fromHex(
+    '29d765e8083182891302569b3712a856e564fdd484b0706b0c68568d5ab7edc742cf74459d64595455a60f267973aa55e43c5be61925a3822eafcca445e36dc4655636e31e6fc9bec338b253f94290008ef7f40dbddb49c15c690f6755a23a1b3c85cfd5207e71a607086a6fc6d74a05080f43276901a19cafdb8de7771d58ea07f0f1056b905127b22223d08e75173199f13ab13c5dcd3b51ac784f84e520484a262b845a897c41cf27324ab6ba545c78c9ccab361051e0bba53498af26240fa0d566d1572684f4b42e253e6d052c848650915063c35641e1121ef8d9cfd17b667b351103c56d195007c9376d0c08aa268396814490eab4c364175a94533267a1933862cc4c33bcf0a13d1fa2b9d6c5082eeca1480672f2526cbe013beff14dc908a386e0b633c8761023cbed760deac6709bc328d865ac82e12307b673d96711dbb27a4d939230d25b53d594169a318be0200fa33550e9418e2a3b30e9719edc09d5fc4306f1abfd021eab14637a8a72c5931d25dc9b56db0e6ab677522b10f25307dbb804a6774ce05b87b0976a4b227bfe6caf20a79e64004fbd27b1eea018b3ab8ffa629f2dc87f19278f95168e94e44660a3370c537795678eb2f056260609769740583b51b291862927a1938737c6a37f40b78f00671cccbcb88ac3427b37915ed58782998f84051647707d48995472baad3f64a7cca54e1c0734db08751c614a34f28b84f2c1b5a6817355ab61957c486b7acffbc092bc8a7b46387f33b53ed372f7168d31a71cd008539928b0cdf91e835aa97f6a2be6d327b87a6ae478701d75a59a25179cb14997bb2552853014724170a1c49b82c2bcebc3279024e1fa44c53c7afdc43f0bd22116490f3b74c90e7296be58b9a91168f2fa0c3d378a3bcac959f357825c9976a8c9ee944f29b45e96d7345d9b478431a20cf1c5d3a3227c717fd204619777636c0cb140db5c50d2a3302334461030bee34e4eb1a6f02b733f9ccda4290fa168bc039568373241542728d00030d1f251e83737cb215adbdc1de75978675a0cd0d75b12748abdda7a9852629c63697d145af2c69854b06e03f37c4b064e4c9a4c03f2ad4d081e70180e9547247921918118086b62b4f7727f46b24e3e79ba3f28209f32b5102035bf935856232f83642268c0292ec6bf8e9462382163d30a20b4bcb7b4439310ec9d0a148193907fc07697342967cf1a16c6b3c71558951fa915400736cf699262b54b723abb2ecc27b74b68ee494287595ef818388adb49e883c67bfa5c226c0eef037a0851a29d34675912c1ea1068310b6dfcd017c809c8fbfc2c3ae78dfef07299960eeefba182662a90fa422c1790f356a2ea909012b15623a9b9e450a282cb530589a68368b3583159d9010ac3e52cc974753c342e58279516339dfb691df94b13a223ad97eb6a09c21dafe6304a3642d6d2067b5238497661fe88ad1227ca3557be2a576b6e17c5a7f997ea07929e76407e376aba74c44cd8504804776f39bbb8327624188a63501e83b404d9438cade0b11dc3ac61856447fb072b91761c228878f01b2eb6b4b21ba664c2c75882431603b25a449ffeb8410b910558581777562aa9b2181fd9c04713ad9326462d3e842121c4997f9aa932417c67851625816de66e0d65637434629f39',
+);
 
 export const PUBLIC_KEY_LEN = 1312;
 export const SECRET_KEY_LEN = 2560;
@@ -171,7 +173,6 @@ export function buildRegisterMessage(username: string, publicKey: Uint8Array): U
     return new DataWriter().writeU8(1).writeString(username).writeBytes(publicKey).toBytes();
 }
 
-
 function decodeKdf(r: DataReader): KdfParams {
     return {
         memKiB: r.readU32(),
@@ -181,7 +182,6 @@ function decodeKdf(r: DataReader): KdfParams {
     };
 }
 
-
 async function postBinary(baseUrl: string, path: string, body: Uint8Array): Promise<DataReader> {
     const res = await fetch(baseUrl + path, {
         method: 'POST',
@@ -204,7 +204,11 @@ export interface AuthOptions {
  * stretched with Argon2id into an ML-DSA-44 keypair, and ONLY the public key
  * (plus a proof-of-possession signature) is submitted. Throws on failure.
  */
-export async function register(username: string, password: string, opts: AuthOptions = {}): Promise<void> {
+export async function register(
+    username: string,
+    password: string,
+    opts: AuthOptions = {},
+): Promise<void> {
     const baseUrl = opts.baseUrl ?? '/auth';
     const oprf = ristretto255_oprf.oprf;
     const pw = utf8(password.normalize('NFKC'));
@@ -268,7 +272,11 @@ export async function register(username: string, password: string, opts: AuthOpt
  * The secret key, seed, and shared secret are wiped as soon as they are used.
  * Returns the opaque session token. Throws (one generic message) on any failure.
  */
-export async function login(username: string, password: string, opts: AuthOptions = {}): Promise<Uint8Array> {
+export async function login(
+    username: string,
+    password: string,
+    opts: AuthOptions = {},
+): Promise<Uint8Array> {
     const baseUrl = opts.baseUrl ?? '/auth';
     const oprf = ristretto255_oprf.oprf;
     const pw = utf8(password.normalize('NFKC'));
@@ -299,8 +307,17 @@ export async function login(username: string, password: string, opts: AuthOption
     const { cipherText, sharedSecret } = ml_kem768.encapsulate(SERVER_KEM_PUBLIC_KEY);
     const serverKemKeyId = await sha256Bytes(SERVER_KEM_PUBLIC_KEY);
     const message = buildLoginMessage(
-        username, aud, cid, nonce, iat, exp,
-        cipherText, kdf.memKiB, kdf.iterations, kdf.parallelism, serverKemKeyId,
+        username,
+        aud,
+        cid,
+        nonce,
+        iat,
+        exp,
+        cipherText,
+        kdf.memKiB,
+        kdf.iterations,
+        kdf.parallelism,
+        serverKemKeyId,
     );
     let signature: Uint8Array;
     try {
@@ -333,9 +350,15 @@ export async function login(username: string, password: string, opts: AuthOption
     //    decapsulated correctly derives the same K, so a valid tag proves its
     //    identity. Verify before returning the session.
     const transcriptHash = await sha256Bytes(message);
-    const sessionKey = await hmacSha256(sharedSecret, concatBytes(utf8(SESSION_KEY_LABEL), transcriptHash));
+    const sessionKey = await hmacSha256(
+        sharedSecret,
+        concatBytes(utf8(SESSION_KEY_LABEL), transcriptHash),
+    );
     wipe(sharedSecret);
-    const expected = await hmacSha256(sessionKey, concatBytes(utf8(SERVER_CONFIRM_LABEL), transcriptHash));
+    const expected = await hmacSha256(
+        sessionKey,
+        concatBytes(utf8(SERVER_CONFIRM_LABEL), transcriptHash),
+    );
     if (!bytesEqual(expected, serverConfirm)) throw new Error('auth: server authentication failed');
 
     return session; // session token

package/src/client/components/Form.tsx

@@ -1,6 +1,6 @@
-import { useRef, type ReactNode, type SyntheticEvent } from 'react';
+import { type ReactNode, type SyntheticEvent, useRef } from 'react';
 
-import { useAction, type ActionState, type RevalidateTarget } from '../routing/action.js';
+import { type ActionState, type RevalidateTarget, useAction } from '../routing/action.js';
 
 /** Props for {@link Form}. */
 export interface FormProps {

package/src/client/components/Image.tsx

@@ -1,4 +1,4 @@
-import { useState, type CSSProperties, type ComponentPropsWithRef, type ReactNode } from 'react';
+import { type ComponentPropsWithRef, type CSSProperties, type ReactNode, useState } from 'react';
 
 /**
  * Props for {@link Image}: every standard `<img>` attribute, plus toil's layout/loading controls.

package/src/client/components/Script.tsx

@@ -1,4 +1,4 @@
-import { useEffect, type ReactNode } from 'react';
+import { type ReactNode, useEffect } from 'react';
 
 /**
  * When a {@link Script} is injected, relative to the app becoming interactive:

package/src/client/components/Slot.tsx

@@ -1,4 +1,4 @@
-import { useContext, type ReactNode } from 'react';
+import { type ReactNode, useContext } from 'react';
 
 import { SlotContext } from '../routing/slot-context.js';