fix: remove todo app

Author: marcus-pousette

README.md

@@ -1,22 +1,18 @@
-# PowerSync E2EE Monorepo
+# PowerSync E2EE Chat Monorepo
 
-This repo contains demo applications and shared libraries for building end-to-end encrypted experiences on top of PowerSync and Supabase.
+This repository focuses on the end-to-end encrypted chat demo plus the shared crypto libraries it depends on. Use it as a reference implementation for building client-encrypted PowerSync projects backed by Supabase.
 
-## Applications
+## Application
 
 - [packages/e2ee-chat](packages/e2ee-chat) — End-to-end encrypted group chat with guest access, room invites, and local vault unlock flows. See the package README for setup instructions and an in-depth encryption/privacy overview.
 
 ![Screenshot of E2EE Chat](packages/e2ee-chat/screenshot.png)
 
-- [packages/todo-raw-table](packages/todo-raw-table) — Todo list app showcasing encrypted raw-table storage paired with decrypted mirrors for UI queries.
-
-![Screenshot of Todo (raw-table + encrypted mirrors)](packages/todo-raw-table/screenshot.png)
-
 ## Crypto packages
 
 - [packages/crypto/interface](packages/crypto/interface) — Shared types and helpers (`CipherEnvelope`, base64 helpers, etc.) used by crypto providers.
 - [packages/crypto/encrypted-sqlite](packages/crypto/encrypted-sqlite) — Encrypted↔mirror runtime for SQLite/PowerSync: pair configs, `ensurePairsDDL`, mirror orchestration, and CRUD helpers.
 - [packages/crypto/password](packages/crypto/password) — Password-based crypto provider (PBKDF2 by default) implementing the `CryptoProvider` interface for wrapping/unwrapping DEKs.
 - [packages/crypto/webauthn](packages/crypto/webauthn) — WebAuthn-based crypto provider using PRF/hmac-secret extensions to derive a stable secret per credential (wrap/unwrap DEKs using passkeys).
 
-Each application consumes these packages to keep ciphertext opaque to the PowerSync backend while presenting decrypted mirrors locally for the user interface.
+Each module keeps ciphertext opaque to the PowerSync backend while presenting decrypted mirrors locally for the user interface.

package.json

@@ -1,9 +1,8 @@
 {
-  "name": "powersync-apps-e2ee",
+  "name": "powersync-e2ee-chat",
   "private": true,
   "workspaces": [
     "packages/crypto/*",
-    "packages/todo-raw-table/frontend",
     "packages/e2ee-chat/frontend"
   ],
   "scripts": {

packages/crypto/encrypted-sqlite/README.md

@@ -43,23 +43,23 @@ Mirror table has: `id`, `user_id`, `bucket_id`, `updated_at`, plus your declared
 ```ts
 import type { EncryptedPairConfig } from "@crypto/sqlite";
 
-const TODOS_PAIR: EncryptedPairConfig<{ text: string; completed: boolean }> = {
-  name: "todos",
-  encryptedTable: "raw_items",
-  mirrorTable: "raw_items_plain",
+const CHAT_MESSAGES_PAIR: EncryptedPairConfig<{ content: string; isEdited: boolean }> = {
+  name: "chat_messages",
+  encryptedTable: "chat_messages_cipher",
+  mirrorTable: "chat_messages_plain",
   mirrorColumns: [
-    { name: "text", type: "TEXT", notNull: true, defaultExpr: "''" },
-    { name: "completed", type: "INTEGER", notNull: true, defaultExpr: "0" }
+    { name: "content", type: "TEXT", notNull: true, defaultExpr: "''" },
+    { name: "is_edited", type: "INTEGER", notNull: true, defaultExpr: "0" }
   ],
   // Convert decrypted bytes -> mirror columns
   parsePlain: ({ plaintext }) => {
     const obj = JSON.parse(new TextDecoder().decode(plaintext));
-    return { text: obj.text ?? "", completed: obj.completed ? 1 : 0 };
+    return { content: obj.content ?? "", is_edited: obj.isEdited ? 1 : 0 };
   },
   // Optional: serialize domain object -> bytes (defaults to JSON if omitted)
   serializePlain: (obj) => ({
     plaintext: new TextEncoder().encode(JSON.stringify(obj)),
-    aad: "todo-v1"
+    aad: "chat-message-v1"
   })
 };
 ```
@@ -69,7 +69,7 @@ const TODOS_PAIR: EncryptedPairConfig<{ text: string; completed: boolean }> = {
 ```ts
 import { ensurePairsDDL } from "@crypto/sqlite";
 
-await ensurePairsDDL(db, [TODOS_PAIR]);
+await ensurePairsDDL(db, [CHAT_MESSAGES_PAIR]);
 ```
 
 This creates both the encrypted and mirror tables and installs triggers that write to `powersync_crud` on insert/update/delete.
@@ -79,15 +79,15 @@ This creates both the encrypted and mirror tables and installs triggers that wri
 ```ts
 import { installPairsOnSchema } from "@crypto/sqlite";
 
-installPairsOnSchema(schema, [TODOS_PAIR]);
+installPairsOnSchema(schema, [CHAT_MESSAGES_PAIR]);
 ```
 
 ### 4) Start the mirror replicator
 
 ```ts
 import { startEncryptedMirrors } from "@crypto/sqlite";
 
-const stop = startEncryptedMirrors({ db, userId, crypto }, [TODOS_PAIR], { throttleMs: 150 });
+const stop = startEncryptedMirrors({ db, userId, crypto }, [CHAT_MESSAGES_PAIR], { throttleMs: 150 });
 // call stop() to dispose
 ```
 
@@ -100,17 +100,17 @@ import { insertEncrypted, updateEncrypted, deleteEncrypted } from "@crypto/sqlit
 
 await insertEncrypted(
   { db, userId, crypto },
-  TODOS_PAIR,
-  { id: "a1", bucketId: null, object: { text: "Buy milk", completed: false } }
+  CHAT_MESSAGES_PAIR,
+  { id: "m1", bucketId: "room-1", object: { content: "Hello", isEdited: false } }
 );
 
 await updateEncrypted(
   { db, userId, crypto },
-  TODOS_PAIR,
-  { id: "a1", object: { text: "Buy oat milk", completed: true } }
+  CHAT_MESSAGES_PAIR,
+  { id: "m1", bucketId: "room-1", object: { content: "Hello again", isEdited: true } }
 );
 
-await deleteEncrypted({ db, userId, crypto }, TODOS_PAIR, { id: "a1" });
+await deleteEncrypted({ db, userId, crypto }, CHAT_MESSAGES_PAIR, { id: "m1" });
 ```
 
 ### 6) Query from React
@@ -120,13 +120,13 @@ import { useQuery } from "@powersync/react";
 
 const { data, isLoading, error } = useQuery(
   `
-  SELECT id, user_id, bucket_id, updated_at, text, completed
-    FROM raw_items_plain
+  SELECT id, user_id, bucket_id, updated_at, content, is_edited
+    FROM chat_messages_plain
    WHERE user_id = ?
-     AND bucket_id IS NULL
+     AND bucket_id = ?
    ORDER BY updated_at DESC
   `,
-  [userId]
+  [userId, roomId]
 );
 ```
 

packages/crypto/encrypted-sqlite/src/__tests__/mutations.spec.ts

@@ -2,19 +2,18 @@ import { describe, it, expect } from "vitest";
 import { insertEncrypted, updateEncrypted, deleteEncrypted } from "../mutations.js";
 import { FakeDB, MockCrypto } from "./fakes";
 
-const PAIR = {
-  name: "todos",
-  encryptedTable: "raw_items",
-  mirrorTable: "raw_items_plain",
+const CHAT_MESSAGES_PAIR = {
+  name: "chat_messages",
+  encryptedTable: "chat_messages_cipher",
+  mirrorTable: "chat_messages_plain",
   mirrorColumns: [
-    { name: "text", type: "TEXT" },
-    { name: "completed", type: "INTEGER" }
+    { name: "content", type: "TEXT" },
+    { name: "is_edited", type: "INTEGER" }
   ],
   parsePlain: () => ({}),
-  // Serialize domain object -> bytes (JSON as example)
   serializePlain: (obj: any) => {
     const bytes = new TextEncoder().encode(JSON.stringify(obj));
-    return { plaintext: bytes, aad: "todo-v1" };
+    return { plaintext: bytes, aad: "chat-message-v1" };
   }
 };
 
@@ -23,32 +22,33 @@ describe("mutations", () => {
     const db = new FakeDB();
     const runtime = { db, userId: "u1", crypto: MockCrypto as any };
 
-    await insertEncrypted(runtime as any, PAIR, {
-      id: "a1",
-      bucketId: null,
-      object: { text: "X", completed: false }
+    await insertEncrypted(runtime as any, CHAT_MESSAGES_PAIR, {
+      id: "m1",
+      bucketId: "room-1",
+      object: { content: "Hello", isEdited: false }
     });
 
-    let call = db.execCalls.find(c => (c.sql as string).startsWith("INSERT INTO raw_items"));
+    let call = db.execCalls.find(c => (c.sql as string).startsWith("INSERT INTO chat_messages_cipher"));
     expect(call).toBeTruthy();
-    expect(call!.params![0]).toBe("a1");
+    expect(call!.params![0]).toBe("m1");
     expect(call!.params![1]).toBe("u1");
-    expect(call!.params![3]).toBe("test/raw"); // alg
-    expect(typeof call!.params![6]).toBe("string"); // cipher_b64
+    expect(call!.params![2]).toBe("room-1");
+    expect(call!.params![3]).toBe("test/raw");
+    expect(typeof call!.params![6]).toBe("string");
 
-    await updateEncrypted(runtime as any, PAIR, {
-      id: "a1",
-      bucketId: null,
-      object: { text: "Y", completed: true }
+    await updateEncrypted(runtime as any, CHAT_MESSAGES_PAIR, {
+      id: "m1",
+      bucketId: "room-1",
+      object: { content: "Hello again", isEdited: true }
     });
-    call = db.execCalls.find(c => (c.sql as string).startsWith("UPDATE raw_items"));
+    call = db.execCalls.find(c => (c.sql as string).startsWith("UPDATE chat_messages_cipher"));
     expect(call).toBeTruthy();
     expect(call!.params![0]).toBe("test/raw");
 
-    await deleteEncrypted(runtime as any, PAIR, { id: "a1" });
-    call = db.execCalls.find(c => (c.sql as string).startsWith("DELETE FROM raw_items"));
+    await deleteEncrypted(runtime as any, CHAT_MESSAGES_PAIR, { id: "m1" });
+    call = db.execCalls.find(c => (c.sql as string).startsWith("DELETE FROM chat_messages_cipher"));
     expect(call).toBeTruthy();
-    expect(call!.params![0]).toBe("a1");
+    expect(call!.params![0]).toBe("m1");
     expect(call!.params![1]).toBe("u1");
   });
-});
+});

packages/crypto/encrypted-sqlite/src/__tests__/pairs.spec.ts

@@ -8,24 +8,24 @@ describe("ensurePairsDDL", () => {
 
     await ensurePairsDDL(db as any, [
       {
-        name: "todos",
-        encryptedTable: "raw_items",
-        mirrorTable: "raw_items_plain",
+        name: "chat_messages",
+        encryptedTable: "chat_messages_cipher",
+        mirrorTable: "chat_messages_plain",
         mirrorColumns: [
-          { name: "text", type: "TEXT", notNull: true, defaultExpr: "''" },
-          { name: "completed", type: "INTEGER", notNull: true, defaultExpr: "0" }
+          { name: "content", type: "TEXT", notNull: true, defaultExpr: "''" },
+          { name: "is_edited", type: "INTEGER", notNull: true, defaultExpr: "0" }
         ],
         parsePlain: () => ({})
       }
     ]);
 
     const ddl = db.execCalls.map(c => c.sql).join("\n---\n");
-    expect(ddl).toContain("CREATE TABLE IF NOT EXISTS raw_items (");
-    expect(ddl).toContain("CREATE TABLE IF NOT EXISTS raw_items_plain (");
-    expect(ddl).toContain("text TEXT NOT NULL DEFAULT ''");
-    expect(ddl).toContain("completed INTEGER NOT NULL DEFAULT 0");
-    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS raw_items_insert");
-    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS raw_items_update");
-    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS raw_items_delete");
+    expect(ddl).toContain("CREATE TABLE IF NOT EXISTS chat_messages_cipher (");
+    expect(ddl).toContain("CREATE TABLE IF NOT EXISTS chat_messages_plain (");
+    expect(ddl).toContain("content TEXT NOT NULL DEFAULT ''");
+    expect(ddl).toContain("is_edited INTEGER NOT NULL DEFAULT 0");
+    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS chat_messages_cipher_insert");
+    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS chat_messages_cipher_update");
+    expect(ddl).toContain("CREATE TRIGGER IF NOT EXISTS chat_messages_cipher_delete");
   });
-});
+});

packages/crypto/encrypted-sqlite/src/__tests__/replicator.spec.ts

@@ -2,83 +2,87 @@ import { describe, it, expect } from "vitest";
 import { startEncryptedMirrors } from "../replicator.js";
 import { FakeDB, MockCrypto } from "./fakes.js";
 
-const PAIR = {
-  name: "todos",
-  encryptedTable: "raw_items",
-  mirrorTable: "raw_items_plain",
+const CHAT_MESSAGES_PAIR = {
+  name: "chat_messages",
+  encryptedTable: "chat_messages_cipher",
+  mirrorTable: "chat_messages_plain",
   mirrorColumns: [
-    { name: "text", type: "TEXT", notNull: true, defaultExpr: "''" },
-    { name: "completed", type: "INTEGER", notNull: true, defaultExpr: "0" }
+    { name: "content", type: "TEXT", notNull: true, defaultExpr: "''" },
+    { name: "is_edited", type: "INTEGER", notNull: true, defaultExpr: "0" }
   ],
   parsePlain: ({ plaintext }: any) => {
     const obj = JSON.parse(new TextDecoder().decode(plaintext));
-    return { text: obj.text ?? "", completed: obj.completed ? 1 : 0 };
+    return { content: obj.content ?? "", is_edited: obj.isEdited ? 1 : 0 };
   }
 };
 
 describe("replicator", () => {
   it("decrypts, parses, and upserts into mirror columns", async () => {
-    const db = new FakeDB() ;
+    const db = new FakeDB();
 
     const stop = startEncryptedMirrors(
       { db: db as any, userId: "u1", crypto: MockCrypto as any },
-      [PAIR],
+      [CHAT_MESSAGES_PAIR],
       { throttleMs: 0 }
     );
 
-    const reg = db.queries.find(q => q.sql.includes("FROM raw_items"));
+    const reg = db.queries.find(q => q.sql.includes("FROM chat_messages_cipher"));
     expect(reg).toBeTruthy();
 
-    // added
     await reg!.instance.emit({
       added: [{
-        id: "a1",
+        id: "m1",
         user_id: "u1",
-        bucket_id: null,
+        bucket_id: "room-1",
         alg: "test/raw",
         aad: null,
         nonce_b64: "N",
-        cipher_b64: Buffer.from(JSON.stringify({ text: "A", completed: false }), "utf8").toString("base64"),
+        cipher_b64: Buffer.from(
+          JSON.stringify({ content: "Hello", isEdited: false }),
+          "utf8"
+        ).toString("base64"),
         kdf_salt_b64: "",
         updated_at: "2025-01-01T00:00:00.000Z"
       }]
     });
 
-    const ins = db.lastTx!.calls.find(c => (c.sql as string).includes(`INSERT INTO ${PAIR.mirrorTable}`));
+    const ins = db.lastTx!.calls.find(c => (c.sql as string).includes(`INSERT INTO ${CHAT_MESSAGES_PAIR.mirrorTable}`));
     expect(ins).toBeTruthy();
-    // order: id,user_id,bucket_id,updated_at,text,completed
-    expect(ins!.params![0]).toBe("a1");
-    expect(ins!.params![4]).toBe("A");
+    expect(ins!.params![0]).toBe("m1");
+    expect(ins!.params![1]).toBe("u1");
+    expect(ins!.params![2]).toBe("room-1");
+    expect(ins!.params![4]).toBe("Hello");
     expect(ins!.params![5]).toBe(0);
 
-    // updated
     db.lastTx = null;
     await reg!.instance.emit({
       updated: [{
-        id: "a1",
+        id: "m1",
         user_id: "u1",
-        bucket_id: null,
+        bucket_id: "room-1",
         alg: "test/raw",
         aad: null,
         nonce_b64: "N",
-        cipher_b64: Buffer.from(JSON.stringify({ text: "A+", completed: true }), "utf8").toString("base64"),
+        cipher_b64: Buffer.from(
+          JSON.stringify({ content: "Hello again", isEdited: true }),
+          "utf8"
+        ).toString("base64"),
         kdf_salt_b64: "",
         updated_at: "2025-01-01T01:00:00.000Z"
       }]
     });
-    const updDelete = db.lastTx!.calls.find(c => (c.sql as string).startsWith(`DELETE FROM ${PAIR.mirrorTable}`));
-    const updInsert = db.lastTx!.calls.find(c => (c.sql as string).includes(`INSERT INTO ${PAIR.mirrorTable}`));
+    const updDelete = db.lastTx!.calls.find(c => (c.sql as string).startsWith(`DELETE FROM ${CHAT_MESSAGES_PAIR.mirrorTable}`));
+    const updInsert = db.lastTx!.calls.find(c => (c.sql as string).includes(`INSERT INTO ${CHAT_MESSAGES_PAIR.mirrorTable}`));
     expect(updDelete).toBeTruthy();
     expect(updInsert).toBeTruthy();
-    expect(updInsert!.params![4]).toBe("A+");
+    expect(updInsert!.params![4]).toBe("Hello again");
     expect(updInsert!.params![5]).toBe(1);
 
-    // removed
     db.lastTx = null;
-    await reg!.instance.emit({ removed: [{ id: "a1" }] });
-    const del = db.lastTx!.calls.find(c => (c.sql as string).startsWith(`DELETE FROM ${PAIR.mirrorTable}`));
+    await reg!.instance.emit({ removed: [{ id: "m1" }] });
+    const del = db.lastTx!.calls.find(c => (c.sql as string).startsWith(`DELETE FROM ${CHAT_MESSAGES_PAIR.mirrorTable}`));
     expect(del).toBeTruthy();
 
     stop();
   });
-});
+});

packages/crypto/password/tests/roundtrip.spec.ts

@@ -5,7 +5,7 @@ describe('password crypto roundtrip', () => {
   it('encrypts and decrypts', async () => {
     const crypto = createPasswordCrypto({ password: 'correct horse battery staple' });
     const msg = new TextEncoder().encode('hello secret world');
-    const env = await crypto.encrypt(msg, 'todo-v1');
+    const env = await crypto.encrypt(msg, 'chat-message-v1');
     const out = await crypto.decrypt(env);
     expect(new TextDecoder().decode(out)).toBe('hello secret world');
   });