feat: add blob hash, unlock message, expiration, and access count to seals

- Extend SealRecord and database schema with optional blobHash, unlockMessage, expiresAt, and accessCount fields
- Update createSeal and getSeal operations to handle new fields, including access count increment on retrieval
- Enhance SealService interfaces to support unlock message and expiration days in creation requests
- Improve seal metadata to include new fields for better tracking and user experience

Author: teycir

lib/database.ts

@@ -22,6 +22,10 @@ export interface SealRecord {
   iv: string;
   pulseToken?: string;
   createdAt: number;
+  blobHash?: string;
+  unlockMessage?: string;
+  expiresAt?: number;
+  accessCount?: number;
 }
 
 // Production D1 Database
@@ -39,13 +43,17 @@ export class SealDatabase implements DatabaseProvider {
       iv: String(result.iv || ''),
       pulseToken: result.pulse_token ? String(result.pulse_token) : undefined,
       createdAt: Number(result.created_at || 0),
+      blobHash: result.blob_hash ? String(result.blob_hash) : undefined,
+      unlockMessage: result.unlock_message ? String(result.unlock_message) : undefined,
+      expiresAt: result.expires_at ? Number(result.expires_at) : undefined,
+      accessCount: result.access_count ? Number(result.access_count) : 0,
     };
   }
 
   async createSeal(data: SealRecord): Promise<void> {
     const result = await this.db.prepare(
-      `INSERT INTO seals (id, unlock_time, is_dms, pulse_interval, last_pulse, key_b, iv, pulse_token, created_at)
-       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`
+      `INSERT INTO seals (id, unlock_time, is_dms, pulse_interval, last_pulse, key_b, iv, pulse_token, created_at, blob_hash, unlock_message, expires_at, access_count)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
     ).bind(
       data.id,
       data.unlockTime,
@@ -55,7 +63,11 @@ export class SealDatabase implements DatabaseProvider {
       data.keyB,
       data.iv,
       data.pulseToken || null,
-      data.createdAt
+      data.createdAt,
+      data.blobHash || null,
+      data.unlockMessage || null,
+      data.expiresAt || null,
+      data.accessCount || 0
     ).run();
 
     if (!result.success) {
@@ -69,6 +81,12 @@ export class SealDatabase implements DatabaseProvider {
     ).bind(id).first();
 
     if (!result) return null;
+    
+    // Increment access count
+    await this.db.prepare(
+      'UPDATE seals SET access_count = access_count + 1 WHERE id = ?'
+    ).bind(id).run();
+    
     return this.mapResultToSealRecord(result);
   }
 

lib/sealService.ts

@@ -16,6 +16,8 @@ export interface CreateSealRequest {
   unlockTime: number;
   isDMS?: boolean;
   pulseInterval?: number;
+  unlockMessage?: string;
+  expiresAfterDays?: number;
 }
 
 export interface SealMetadata {
@@ -25,6 +27,9 @@ export interface SealMetadata {
   status: 'locked' | 'unlocked';
   keyB?: string;
   iv?: string;
+  blobHash?: string;
+  unlockMessage?: string;
+  accessCount?: number;
 }
 
 export interface SealReceipt {
@@ -76,6 +81,11 @@ export class SealService {
     // Generate cryptographic receipt
     const blobHash = await this.hashBlob(request.encryptedBlob);
     const receipt = await this.generateReceipt(sealId, blobHash, request.unlockTime, createdAt);
+    
+    // Calculate expiration
+    const expiresAt = request.expiresAfterDays 
+      ? request.unlockTime + (request.expiresAfterDays * 24 * 60 * 60 * 1000)
+      : undefined;
 
     // Create seal record first
     await this.db.createSeal({
@@ -88,6 +98,10 @@ export class SealService {
       iv: request.iv,
       pulseToken,
       createdAt,
+      blobHash,
+      unlockMessage: request.unlockMessage,
+      expiresAt,
+      accessCount: 0,
     });
 
     // Then upload blob (D1BlobStorage needs the row to exist)
@@ -141,6 +155,9 @@ export class SealService {
       status: isUnlocked ? 'unlocked' : 'locked',
       keyB: decryptedKeyB,
       iv: isUnlocked ? seal.iv : undefined,
+      blobHash: seal.blobHash,
+      unlockMessage: isUnlocked ? seal.unlockMessage : undefined,
+      accessCount: seal.accessCount,
     };
   }
 

schema.sql

@@ -9,7 +9,11 @@ CREATE TABLE IF NOT EXISTS seals (
   iv TEXT NOT NULL,
   encrypted_blob TEXT,
   pulse_token TEXT,
-  created_at INTEGER NOT NULL
+  created_at INTEGER NOT NULL,
+  blob_hash TEXT,
+  unlock_message TEXT,
+  expires_at INTEGER,
+  access_count INTEGER DEFAULT 0
 );
 
 CREATE INDEX IF NOT EXISTS idx_seals_unlock_time ON seals(unlock_time);