From 2c110df3959caa859680932574d55a5122a8f5bf Mon Sep 17 00:00:00 2001
From: Mark Nadal <mark@accelsor.com>
Date: Sun, 6 Jan 2019 01:26:26 -0800
Subject: [PATCH 1/5] initial tests for SEA corrections

---
 sea.js              |  232 +++++----
 test/mocha.html     |    2 +
 test/sea/sea.js     | 1132 ++++++-------------------------------------
 test/sea/sea2.js    |   61 ---
 test/sea/sea_old.js | 1009 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 1274 insertions(+), 1162 deletions(-)
 delete mode 100644 test/sea/sea2.js
 create mode 100644 test/sea/sea_old.js

diff --git a/sea.js b/sea.js
index 73f8f8ad..2384fbbb 100644
--- a/sea.js
+++ b/sea.js
@@ -190,71 +190,51 @@
   })(USE, './shim');
 
   ;USE(function(module){
-    const SEA = USE('./root');
-    const Buffer = USE('./buffer')
-    const settings = {}
-    // Encryption parameters
-    const pbkdf2 = { hash: 'SHA-256', iter: 100000, ks: 64 }
+    var SEA = USE('./root');
+    var Buffer = USE('./buffer');
+    var s = {};
+    s.pbkdf2 = {hash: 'SHA-256', iter: 100000, ks: 64};
+    s.ecdsa = {
+      pair: {name: 'ECDSA', namedCurve: 'P-256'},
+      sign: {name: 'ECDSA', hash: {name: 'SHA-256'}}
+    };
+    s.ecdh = {name: 'ECDH', namedCurve: 'P-256'};
 
-    const ecdsaSignProps = { name: 'ECDSA', hash: { name: 'SHA-256' } }
-    const ecdsaKeyProps = { name: 'ECDSA', namedCurve: 'P-256' }
-    const ecdhKeyProps = { name: 'ECDH', namedCurve: 'P-256' }
-
-    const _initial_authsettings = {
-      validity: 12 * 60 * 60, // internally in seconds : 12 hours
-      hook: (props) => props  // { iat, exp, alias, remember }
-      // or return new Promise((resolve, reject) => resolve(props)
-    }
-    // These are used to persist user's authentication "session"
-    const authsettings = Object.assign({}, _initial_authsettings)
     // This creates Web Cryptography API compliant JWK for sign/verify purposes
-    const keysToEcdsaJwk = (pub, d) => {  // d === priv
-      //const [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
-      const [ x, y ] = pub.split('.') // new
-      var jwk = { kty: "EC", crv: "P-256", x: x, y: y, ext: true }
+    s.jwk = function(pub, d){  // d === priv
+      pub = pub.split('.');
+      var x = pub[0], y = pub[1];
+      var jwk = {kty: "EC", crv: "P-256", x: x, y: y, ext: true};
       jwk.key_ops = d ? ['sign'] : ['verify'];
       if(d){ jwk.d = d }
       return jwk;
-    }
+    };
+    s.recall = {
+      validity: 12 * 60 * 60, // internally in seconds : 12 hours
+      hook: function(props){ return props } // { iat, exp, alias, remember } // or return new Promise((resolve, reject) => resolve(props)
+    };
 
-    Object.assign(settings, {
-      pbkdf2: pbkdf2,
-      ecdsa: {
-        pair: ecdsaKeyProps,
-        sign: ecdsaSignProps
-      },
-      ecdh: ecdhKeyProps,
-      jwk: keysToEcdsaJwk,
-      recall: authsettings
-    })
-    SEA.opt = settings;
-    module.exports = settings
+    SEA.opt = s;
+    module.exports = s
   })(USE, './settings');
 
   ;USE(function(module){
-    module.exports = (props) => {
-      try {
-        if(props.slice && 'SEA{' === props.slice(0,4)){
-          props = props.slice(3);
-        }
-        return props.slice ? JSON.parse(props) : props
+    module.exports = function p(t){ try {
+      var yes = (typeof t == 'string');
+      if(yes && 'SEA{' === t.slice(0,4)){ t = t.slice(3) }
+      return yes ? JSON.parse(t) : t;
       } catch (e) {}  //eslint-disable-line no-empty
-      return props
+      return t;
     }
   })(USE, './parse');
 
   ;USE(function(module){
-    const shim = USE('./shim');
-    const Buffer = USE('./buffer')
-    const parse = USE('./parse')
-    const { pbkdf2 } = USE('./settings')
-    // This internal func returns SHA-256 hashed data for signing
-    const sha256hash = async (mm) => {
-      const m = parse(mm)
-      const hash = await shim.subtle.digest({name: pbkdf2.hash}, new shim.TextEncoder().encode(m))
-      return Buffer.from(hash)
+    var shim = USE('./shim');
+    module.exports = async function(d, o){
+      var t = (typeof d == 'string')? d : JSON.stringify(d);
+      var hash = await shim.subtle.digest({name: o||'SHA-256'}, new shim.TextEncoder().encode(t));
+      return shim.Buffer.from(hash);
     }
-    module.exports = sha256hash
   })(USE, './sha256');
 
   ;USE(function(module){
@@ -281,25 +261,25 @@
         salt = u;
       }
       salt = salt || shim.random(9);
-      if('SHA-256' === opt.name){
-        var rsha = shim.Buffer.from(await sha(data), 'binary').toString(opt.encode || 'base64')
+      data = (typeof data == 'string')? data : JSON.stringify(data);
+      if('sha' === (opt.name||'').toLowerCase().slice(0,3)){
+        var rsha = shim.Buffer.from(await sha(data, opt.name), 'binary').toString(opt.encode || 'base64')
         if(cb){ try{ cb(rsha) }catch(e){console.log(e)} }
         return rsha;
       }
-      const key = await (shim.ossl || shim.subtle).importKey(
-        'raw', new shim.TextEncoder().encode(data), { name: opt.name || 'PBKDF2' }, false, ['deriveBits']
-      )
-      const result = await (shim.ossl || shim.subtle).deriveBits({
+      var key = await (shim.ossl || shim.subtle).importKey('raw', new shim.TextEncoder().encode(data), {name: opt.name || 'PBKDF2'}, false, ['deriveBits']);
+      var work = await (shim.ossl || shim.subtle).deriveBits({
         name: opt.name || 'PBKDF2',
         iterations: opt.iterations || S.pbkdf2.iter,
         salt: new shim.TextEncoder().encode(opt.salt || salt),
         hash: opt.hash || S.pbkdf2.hash,
       }, key, opt.length || (S.pbkdf2.ks * 8))
       data = shim.random(data.length)  // Erase data in case of passphrase
-      const r = shim.Buffer.from(result, 'binary').toString(opt.encode || 'base64')
+      var r = shim.Buffer.from(work, 'binary').toString(opt.encode || 'base64')
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
@@ -313,7 +293,6 @@
     var SEA = USE('./root');
     var shim = USE('./shim');
     var S = USE('./settings');
-    var Buff = (typeof Buffer !== 'undefined')? Buffer : shim.Buffer;
 
     SEA.name = SEA.name || (async (cb, opt) => { try {
       if(cb){ try{ cb() }catch(e){console.log(e)} }
@@ -329,17 +308,17 @@
     //SEA.pair = async (data, proof, cb) => { try {
     SEA.pair = SEA.pair || (async (cb, opt) => { try {
 
-      const ecdhSubtle = shim.ossl || shim.subtle
+      var ecdhSubtle = shim.ossl || shim.subtle;
       // First: ECDSA keys for signing/verifying...
       var sa = await shim.subtle.generateKey(S.ecdsa.pair, true, [ 'sign', 'verify' ])
       .then(async (keys) => {
         // privateKey scope doesn't leak out from here!
         //const { d: priv } = await shim.subtle.exportKey('jwk', keys.privateKey)
-        const key = {};
+        var key = {};
         key.priv = (await shim.subtle.exportKey('jwk', keys.privateKey)).d;
-        const pub = await shim.subtle.exportKey('jwk', keys.publicKey)
+        var pub = await shim.subtle.exportKey('jwk', keys.publicKey);
         //const pub = Buff.from([ x, y ].join(':')).toString('base64') // old
-        key.pub = pub.x+'.'+pub.y // new
+        key.pub = pub.x+'.'+pub.y; // new
         // x and y are already base64
         // pub is UTF8 but filename/URL safe (https://www.ietf.org/rfc/rfc3986.txt)
         // but split on a non-base64 letter.
@@ -354,11 +333,11 @@
       var dh = await ecdhSubtle.generateKey(S.ecdh, true, ['deriveKey'])
       .then(async (keys) => {
         // privateKey scope doesn't leak out from here!
-        const key = {};
+        var key = {};
         key.epriv = (await ecdhSubtle.exportKey('jwk', keys.privateKey)).d;
-        const pub = await ecdhSubtle.exportKey('jwk', keys.publicKey)
+        var pub = await ecdhSubtle.exportKey('jwk', keys.publicKey);
         //const epub = Buff.from([ ex, ey ].join(':')).toString('base64') // old
-        key.epub = pub.x+'.'+pub.y // new
+        key.epub = pub.x+'.'+pub.y; // new
         // ex and ey are already base64
         // epub is UTF8 but filename/URL safe (https://www.ietf.org/rfc/rfc3986.txt)
         // but split on a non-base64 letter.
@@ -370,7 +349,7 @@
         else { throw e }
       } dh = dh || {};
 
-      const r = { pub: sa.pub, priv: sa.priv, /* pubId, */ epub: dh.epub, epriv: dh.epriv }
+      var r = { pub: sa.pub, priv: sa.priv, /* pubId, */ epub: dh.epub, epriv: dh.epriv }
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) {
@@ -388,7 +367,8 @@
     var SEA = USE('./root');
     var shim = USE('./shim');
     var S = USE('./settings');
-    var sha256hash = USE('./sha256');
+    var sha = USE('./sha256');
+    var parse = USE('./parse');
     var u;
 
     SEA.sign = SEA.sign || (async (data, pair, cb, opt) => { try {
@@ -396,13 +376,15 @@
       if(!(pair||opt).priv){
         pair = await SEA.I(null, {what: data, how: 'sign', why: opt.why});
       }
-      const pub = pair.pub
-      const priv = pair.priv
-      const jwk = S.jwk(pub, priv)
-      const hash = await sha256hash(JSON.stringify(data))
-      const sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
+      if(u === data){ throw '`undefined` not allowed.' }
+      data = parse(data);
+      var pub = pair.pub;
+      var priv = pair.priv;
+      var jwk = S.jwk(pub, priv);
+      var hash = await sha(data);
+      var sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
       .then((key) => (shim.ossl || shim.subtle).sign(S.ecdsa.sign, key, new Uint8Array(hash))) // privateKey scope doesn't leak out from here!
-      const r = 'SEA'+JSON.stringify({m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')});
+      var r = 'SEA'+JSON.stringify({m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')});
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -421,14 +403,22 @@
     var SEA = USE('./root');
     var shim = USE('./shim');
     var S = USE('./settings');
-    var sha256hash = USE('./sha256');
+    var sha = USE('./sha256');
     var parse = USE('./parse');
     var u;
 
+    var knownKeys = {};
+    var keyForPair = pair => {
+      if (knownKeys[pair]) return knownKeys[pair];
+      var jwk = S.jwk(pair);
+      knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, S.ecdsa.pair, false, ["verify"]);
+      return knownKeys[pair];
+    };
+
     SEA.verify = SEA.verify || (async (data, pair, cb, opt) => { try {
-      const json = parse(data)
+      var json = parse(data);
       if(false === pair){ // don't verify!
-        const raw = (json !== data)?
+        var raw = (json !== data)?
           (json.s && json.m)? parse(json.m) : data
         : json;
         if(cb){ try{ cb(raw) }catch(e){console.log(e)} }
@@ -436,23 +426,21 @@
       }
       opt = opt || {};
       // SEA.I // verify is free! Requires no user permission.
-      if(json === data){ throw "No signature on data." }
-      const pub = pair.pub || pair
-      const jwk = S.jwk(pub)
-      const key = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['verify'])
-      const hash = await sha256hash(json.m)
+      var pub = pair.pub || pair;
+      var key = await keyForPair(pub);
+      var hash = await sha(json.m);
       var buf; var sig; var check; try{
-        buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
-        sig = new Uint8Array(buf)
-        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
+        sig = new Uint8Array(buf);
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash));
         if(!check){ throw "Signature did not match." }
       }catch(e){
-        buf = shim.Buffer.from(json.s, 'utf8') // AUTO BACKWARD OLD UTF8 DATA!
-        sig = new Uint8Array(buf)
-        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        buf = shim.Buffer.from(json.s, 'utf8'); // AUTO BACKWARD OLD UTF8 DATA!
+        sig = new Uint8Array(buf);
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash));
         if(!check){ throw "Signature did not match." }
       }
-      const r = check? parse(json.m) : u;
+      var r = check? parse(json.m) : u;
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -486,21 +474,22 @@
     var shim = USE('./shim');
     var S = USE('./settings');
     var aeskey = USE('./aeskey');
+    var u;
 
     SEA.encrypt = SEA.encrypt || (async (data, pair, cb, opt) => { try {
       opt = opt || {};
       var key = (pair||opt).epriv || pair;
+      if(u === data){ throw '`undefined` not allowed.' }
       if(!key){
         pair = await SEA.I(null, {what: data, how: 'encrypt', why: opt.why});
         key = pair.epriv || pair;
       }
-      const msg = JSON.stringify(data)
-      const rand = {s: shim.random(8), iv: shim.random(16)};
-      const ct = await aeskey(key, rand.s, opt)
-      .then((aes) => (/*shim.ossl ||*/ shim.subtle).encrypt({ // Keeping the AES key scope as private as possible...
+      var msg = (typeof data == 'string')? data : JSON.stringify(data);
+      var rand = {s: shim.random(8), iv: shim.random(16)};
+      var ct = await aeskey(key, rand.s, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).encrypt({ // Keeping the AES key scope as private as possible...
         name: opt.name || 'AES-GCM', iv: new Uint8Array(rand.iv)
-      }, aes, new shim.TextEncoder().encode(msg)))
-      const r = 'SEA'+JSON.stringify({
+      }, aes, new shim.TextEncoder().encode(msg)));
+      var r = 'SEA'+JSON.stringify({
         ct: shim.Buffer.from(ct, 'binary').toString(opt.encode || 'base64'),
         iv: rand.iv.toString(opt.encode || 'base64'),
         s: rand.s.toString(opt.encode || 'base64')
@@ -509,6 +498,7 @@
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
@@ -532,23 +522,23 @@
         pair = await SEA.I(null, {what: data, how: 'decrypt', why: opt.why});
         key = pair.epriv || pair;
       }
-      const json = parse(data)
+      var json = parse(data);
 
-      var buf; try{buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
+      var buf; try{buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
       }catch(e){buf = shim.Buffer.from(json.s, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufiv; try{bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64') // NEW DEFAULT!
+      var bufiv; try{bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64'); // NEW DEFAULT!
       }catch(e){bufiv = shim.Buffer.from(json.iv, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufct; try{bufct = shim.Buffer.from(json.ct, opt.encode || 'base64') // NEW DEFAULT!
+      var bufct; try{bufct = shim.Buffer.from(json.ct, opt.encode || 'base64'); // NEW DEFAULT!
       }catch(e){bufct = shim.Buffer.from(json.ct, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
 
-      const ct = await aeskey(key, buf, opt)
-      .then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
+      var ct = await aeskey(key, buf, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
         name: opt.name || 'AES-GCM', iv: new Uint8Array(bufiv)
-      }, aes, new Uint8Array(bufct)))
-      const r = parse(new shim.TextDecoder('utf8').decode(ct))
+      }, aes, new Uint8Array(bufct)));
+      var r = parse(new shim.TextDecoder('utf8').decode(ct));
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
@@ -568,36 +558,34 @@
       if(!pair || !pair.epriv || !pair.epub){
         pair = await SEA.I(null, {what: key, how: 'secret', why: opt.why});
       }
-      const pub = key.epub || key
-      const epub = pair.epub
-      const epriv = pair.epriv
-      const ecdhSubtle = shim.ossl || shim.subtle
-      const pubKeyData = keysToEcdhJwk(pub)
-      const props = Object.assign(
-        S.ecdh,
-        { public: await ecdhSubtle.importKey(...pubKeyData, true, []) }
-      )
-      const privKeyData = keysToEcdhJwk(epub, epriv)
-      const derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveKey'])
-      .then(async (privKey) => {
+      var pub = key.epub || key;
+      var epub = pair.epub;
+      var epriv = pair.epriv;
+      var ecdhSubtle = shim.ossl || shim.subtle;
+      var pubKeyData = keysToEcdhJwk(pub);
+      var props = Object.assign(S.ecdh, { public: await ecdhSubtle.importKey(...pubKeyData, true, []) });
+      var privKeyData = keysToEcdhJwk(epub, epriv);
+      var derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveKey']).then(async (privKey) => {
         // privateKey scope doesn't leak out from here!
-        const derivedKey = await ecdhSubtle.deriveKey(props, privKey, { name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ])
-        return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k)
+        var derivedKey = await ecdhSubtle.deriveKey(props, privKey, { name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ]);
+        return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k);
       })
-      const r = derived;
+      var r = derived;
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
-    } catch(e) { 
+    } catch(e) {
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
       return;
     }});
 
-    const keysToEcdhJwk = (pub, d) => { // d === priv
-      //const [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
-      const [ x, y ] = pub.split('.') // new
-      const jwk = d ? { d: d } : {}
+    // can this be replaced with settings.jwk?
+    var keysToEcdhJwk = (pub, d) => { // d === priv
+      //var [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
+      var [ x, y ] = pub.split('.') // new
+      var jwk = d ? { d: d } : {}
       return [  // Use with spread returned value...
         'jwk',
         Object.assign(
diff --git a/test/mocha.html b/test/mocha.html
index 86e4d79e..13aee439 100644
--- a/test/mocha.html
+++ b/test/mocha.html
@@ -17,7 +17,9 @@
 		<script src="./expect.js"></script>
 		<script></script>
 		<script src="../gun.js"></script>
+		<script src="../sea.js"></script>
 		<script src="./common.js"></script>
+		<script src="./sea/sea.js"></script>
 		<script>
 		if(location.search){
 			Gun.debug = true;
diff --git a/test/sea/sea.js b/test/sea/sea.js
index 7d86a5fb..e569cb79 100644
--- a/test/sea/sea.js
+++ b/test/sea/sea.js
@@ -1,1009 +1,183 @@
-/* global Gun,describe,expect,it,beforeEach */
-/*eslint max-len: ["error", 95, { "ignoreComments": true }]*/
-/*eslint semi: ["error", "always", { "omitLastInOneLineBlock": true}]*/
-/*eslint object-curly-spacing: ["error", "never"]*/
-/*eslint node/no-deprecated-api: [error, {ignoreModuleItems: ["new buffer.Buffer()"]}] */
-
 var root;
+var Gun;
 (function(env){
   root = env.window ? env.window : global;
-  env.window && root.localStorage && root.localStorage.clear();
+  try{ env.window && root.localStorage && root.localStorage.clear() }catch(e){}
   try{ require('fs').unlinkSync('data.json') }catch(e){}
   //root.Gun = root.Gun || require('../gun');
   if(root.Gun){
-    root.Gun = root.Gun;
+    //Gun = root.Gun = root.Gun;
   } else {
-    var expect = global.expect = require("./expect");
-    root.Gun = require('../gun');
-    Gun.serve = require('../lib/serve');
+    var expect = global.expect = require("../expect");
+    root.Gun = require('../../gun');
+    //Gun.serve = require('../../lib/serve');
     //require('./s3');
     //require('./uws');
     //require('./wsp/server');
-    require('../lib/file');
-    require('../sea');
+    require('../../lib/file');
+    require('../../sea.js');
   }
 }(this));
 
 ;(function(){
-
-const SEA = Gun.SEA
+Gun = root.Gun
+var SEA = Gun.SEA
 
 if(!SEA){ return }
 
-const { Buffer, EasyIndexedDB } = SEA
+describe.only('SEA', function(){
+  var user;
+  var gun;
+  describe('Utility', function(){
 
-const seaIndexedDb = new SEA.EasyIndexedDB('SEA', 'GunDB', 1)
-
-const checkIndexedDB = (key, prop, resolve_) => {
-  const doIt = (resolve, reject) => seaIndexedDb.get(key, prop)
-  .then(resolve).catch(reject)
-
-  if (resolve_) {
-    doIt(resolve_, (e) => { throw e })
-  } else {
-    return new Promise(doIt)
-  }
-}
-
-const setIndexedDB = (key, auth, resolve_) => {
-  const doIt = (resolve, reject) => seaIndexedDb.put(key, { auth })
-  .then(resolve).catch(reject)
-
-  if (resolve_) {
-    doIt(resolve_, (e) => { throw e })
-  } else {
-    return new Promise(doIt)
-  }
-}
-
-SEA && describe('SEA', function(){
-  console.log('TODO: SEA! THIS IS AN EARLY ALPHA!!!');
-  var alias = 'dude';
-  var pass = 'my secret password';
-  var userKeys = ['pub', 'priv'];
-  var clearText = 'My precious secret!';
-  var encKeys = ['ct', 'iv', 's'];
-
-  const type = 'Promise'  // TODO: this is leftover...
-  it('proof', function(done){
-    var check = function(proof){
-      expect(proof).to.not.be(undefined);
-      expect(proof).to.not.be('');
+    it('quickstart', async function(done){
+      var pair = await SEA.pair();
+      var enc = await SEA.encrypt('hello self', pair);
+      var data = await SEA.sign(enc, pair);
+      var msg = await SEA.verify(data, pair.pub);
+      var dec = await SEA.decrypt(msg, pair);
+      expect(dec).to.be('hello self');
+      var proof = await SEA.work(dec, pair);
+      var check = await SEA.work('hello self', pair);
+      expect(proof).to.be(check);
+      var alice = await SEA.pair();
+      var bob = await SEA.pair();
+      var enc = await SEA.encrypt('shared data', await SEA.secret(bob.epub, alice));
+      var dec = await SEA.decrypt(enc, await SEA.secret(alice.epub, bob));
+      expect(dec).to.be('shared data');
       done();
-    };
-    // proof - generates PBKDF2 hash from user's alias and password
-    // which is then used to decrypt user's auth record
-    SEA.proof(pass, Gun.text.random(64)).then(check).catch(done);
-  });
+    })
 
-  it('pair', function(done){
-    var check = function(key){
-      expect(key).to.not.be(undefined);
-      expect(key).to.not.be('');
-      expect(key).to.have.keys(userKeys);
-      userKeys.map(function(fld){
-        expect(key[fld]).to.not.be(undefined);
-        expect(key[fld]).to.not.be('');
-      });
+    it('quickwrong', async function(done){
+      var alice = await SEA.pair();
+      var bob = await SEA.pair();
+      var data = await SEA.sign('asdf', alice);
+      var msg = await SEA.verify(data, bob.pub);
+      expect(msg).to.be(undefined);
+      var msg = await SEA.verify(data+1, alice.pub);
+      expect(msg).to.be(undefined);
+
+      var enc = await SEA.encrypt('secret', alice);
+      var dec = await SEA.decrypt(enc, bob);
+      expect(dec).to.be(undefined);
+      var dec = await SEA.decrypt(enc+1, alice);
+      expect(dec).to.be(undefined);
       done();
-    };
-    // pair - generates ECDH key pair (for new user when created)
-    SEA.pair().then(check).catch(done);
+    })
+
+    it('types', async function(done){
+      var pair = await SEA.pair(), s, v;
+      s = await SEA.sign(null, pair);
+      v = await SEA.verify(s, pair);
+      expect(null).to.be(v);
+      s = await SEA.sign(true, pair);
+      v = await SEA.verify(s, pair);
+      expect(true).to.be(v);
+      s = await SEA.sign(false, pair);
+      v = await SEA.verify(s, pair);
+      expect(false).to.be(v);
+      s = await SEA.sign(0, pair);
+      v = await SEA.verify(s, pair);
+      expect(0).to.be(v);
+      s = await SEA.sign(1, pair);
+      v = await SEA.verify(s, pair);
+      expect(1).to.be(v);
+      s = await SEA.sign(1.01, pair);
+      v = await SEA.verify(s, pair);
+      expect(1.01).to.be(v);
+      s = await SEA.sign('', pair);
+      v = await SEA.verify(s, pair);
+      expect('').to.be(v);
+      s = await SEA.sign('a', pair);
+      v = await SEA.verify(s, pair);
+      expect('a').to.be(v);
+      s = await SEA.sign([], pair);
+      v = await SEA.verify(s, pair);
+      expect([]).to.eql(v);
+      s = await SEA.sign([1], pair);
+      v = await SEA.verify(s, pair);
+      expect([1]).to.eql(v);
+      s = await SEA.sign({}, pair);
+      v = await SEA.verify(s, pair);
+      expect({}).to.eql(v);
+      s = await SEA.sign({a:1}, pair);
+      v = await SEA.verify(s, pair);
+      expect({a:1}).to.eql(v);
+      s = await SEA.sign(JSON.stringify({a:1}), pair);
+      v = await SEA.verify(s, pair);
+      expect({a:1}).to.eql(v);
+      done();
+    })
+
+    it('atypes', async function(done){
+      var pair = await SEA.pair(), s, v;
+      s = await SEA.encrypt(null, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(null).to.be(v);
+      s = await SEA.encrypt(true, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(true).to.be(v);
+      s = await SEA.encrypt(false, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(false).to.be(v);
+      s = await SEA.encrypt(0, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(0).to.be(v);
+      s = await SEA.encrypt(1, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(1).to.be(v);
+      s = await SEA.encrypt(1.01, pair);
+      v = await SEA.decrypt(s, pair);
+      expect(1.01).to.be(v);
+      s = await SEA.encrypt('', pair);
+      v = await SEA.decrypt(s, pair);
+      expect('').to.be(v);
+      s = await SEA.encrypt('a', pair);
+      v = await SEA.decrypt(s, pair);
+      expect('a').to.be(v);
+      s = await SEA.encrypt([], pair);
+      v = await SEA.decrypt(s, pair);
+      expect([]).to.eql(v);
+      s = await SEA.encrypt([1], pair);
+      v = await SEA.decrypt(s, pair);
+      expect([1]).to.eql(v);
+      s = await SEA.encrypt({}, pair);
+      v = await SEA.decrypt(s, pair);
+      expect({}).to.eql(v);
+      s = await SEA.encrypt({a:1}, pair);
+      v = await SEA.decrypt(s, pair);
+      expect({a:1}).to.eql(v);
+      s = await SEA.encrypt(JSON.stringify({a:1}), pair);
+      v = await SEA.decrypt(s, pair);
+      expect({a:1}).to.eql(v);
+      done();
+    })
+    
   });
 
-  it('keyid', function(done){
-    SEA.pair().then(function(key){
-      var check = function(keyid){
-        expect(keyid).to.not.be(undefined);
-        expect(keyid).to.not.be('');
-        expect(keyid.length).to.eql(16);
-        done();
-      };
-      // keyid - creates 8 byte KeyID from public key
-      SEA.keyid(key.pub).then(check);
-    }).catch(function(e){done(e)});
-  });
-
-  it('enc', function(done){
-    SEA.pair().then(function(key){
-      var check = function(jsonSecret){
-        expect(jsonSecret).to.not.be(undefined);
-        expect(jsonSecret).to.not.be('');
-        expect(jsonSecret).to.not.eql(clearText);
-        var objSecret = JSON.parse(jsonSecret);
-        expect(objSecret).to.have.keys(encKeys);
-        encKeys.map(function(key){
-          expect(objSecret[key]).to.not.be(undefined);
-          expect(objSecret[key]).to.not.be('');
-        });
-        done();
-      };
-      // en - encrypts JSON data using user's private or derived ECDH key
-      SEA.enc(clearText, key.priv).then(check);
-    }).catch(function(e){done(e)});
-  });
-
-  it('sign', function(done){
-    SEA.pair().then(function(key){
-      var check = function(signature){
-        expect(signature).to.not.be(undefined);
-        expect(signature).to.not.be('');
-        expect(signature).to.not.eql(key.pub);
-        done();
-      };
-      // sign - calculates signature for data using user's private ECDH key
-      SEA.sign(key.pub, key).then(check);
-    }).catch(function(e){done(e)});
-  });
-
-  it('verify', function(done){
-    SEA.pair().then(function(key){
-      var check = function(ok){
-        expect(ok).to.not.be(undefined);
-        expect(ok).to.not.be('');
-        expect(ok).to.be(true);
-        done();
-      };
-      // sign - calculates signature for data using user's private ECDH key
-      SEA.sign(key.pub, key).then(function(signature){
-        SEA.verify(key.pub, key.pub, signature).then(check);
-      });
-    }).catch(function(e){done(e)});
-  });
-
-  it('dec', function(done){
-    SEA.pair().then(function(key){
-      var check = function(decText){
-        expect(decText).to.not.be(undefined);
-        expect(decText).to.not.be('');
-        expect(decText).to.be.eql(clearText);
-        done();
-      };
-      SEA.enc(clearText, key.priv).then(function(jsonSecret){
-        // de - decrypts JSON data using user's private or derived ECDH key
-        SEA.dec(jsonSecret, key.priv).then(check);
-      });
-    }).catch(function(e){done(e)});
-  });
-
-  it('derive', function(done){
-    SEA.pair().then(function(txKey){
-      return SEA.pair().then(function(rxKey){
-        return {tx: txKey, rx: rxKey};
-      });
-    }).then(function(keys){
-      var check = function(shared){
-        expect(shared).to.not.be(undefined);
-        expect(shared).to.not.be('');
-        [keys.rx.pub, keys.rx.priv, keys.tx.pub, keys.tx.priv]
-        .map(function(val){
-          expect(shared).to.not.eql(val);
-        });
-        done();
-      };
-      // derive - provides shared secret for both receiver and sender
-      // which can be used to encrypt or sign data
-      SEA.derive(keys.rx.pub, keys.tx).then(check);
-    }).catch(function(e){done(e)});
-  });
-
-  it('write', function(done){
-    SEA.pair().then(function(key){
-      SEA.sign(key.pub, key).then(function(signature){
-        var check = function(result){
-          var parts;
-          try{
-            expect(result).to.not.be(undefined);
-            expect(result).to.not.be('');
-            expect(result.slice(0, 4)).to.eql('SEA[');
-            parts = JSON.parse(result.slice(3));
-            expect(parts).to.not.be(undefined);
-            expect(parts[0]).to.be.eql(key.pub);
-            // expect(parts[1]).to.be.eql(signature);
-          }catch(e){ return done(e) }
-          SEA.verify(key.pub, key.pub, parts[1]).then(function(flag){
-            expect(flag).to.be.true;
-            done();
-          });
-        };
-        // write - wraps data to 'SEA["data","signature"]'
-        SEA.write(key.pub, key).then(check);
-      });
-    }).catch(function(e){done(e)});
-  });
-
-  it('read', function(done){
-    SEA.pair().then(function(key){
-      var check = function(result){
-        expect(result).to.not.be(undefined);
-        expect(result).to.not.be('');
-        expect(result).to.be.equal(key.pub);
-        done();
-      };
-      SEA.sign(key.pub, key).then(function(signature){
-        SEA.write(key.pub, key).then(function(signed){
-          // read - unwraps data from 'SEA["data","signature"]'
-          SEA.read(signed, key.pub).then(check);
-        });
-      });
-    }).catch(function(e){done(e)});
-  });
-});
-
-Gun().user && describe('Gun', function(){
   describe('User', function(){
-    console.log('TODO: User! THIS IS AN EARLY ALPHA!!!');
-    var alias = 'dude';
-    var pass = 'my secret password';
-    var gun = Gun();
-    var user = gun.user();
-    Gun.log.off = true;  // Supress all console logging
 
-    const throwOutUser = (wipeStorageData, done) => {
-      // Get rid of authenticated Gun user
-      var user = gun.back(-1)._.user;
-      // TODO: is this correct way to 'logout' user from Gun.User ?
-      [ 'alias', 'sea', 'pub' ].forEach(function(key){
-        delete user._[key];
-      });
-      user._.is = user.is = {};
+    it('is instantiable', function(done){
+      gun = Gun();
+      user = gun.user();
+      done();
+    })
 
-      if(wipeStorageData){
-        // ... and persisted session
-        sessionStorage.removeItem('remember');
-        sessionStorage.removeItem('alias');
-        if (typeof done === 'function') {
-          seaIndexedDb.wipe().then(done)
-          return
-        } else {
-          return seaIndexedDb.wipe()
-        }
-      }
-      return Promise.resolve()
-    }
-
-    const type = 'Promise'  // TODO: this is leftover...
-    // Simulate browser reload
-    beforeEach((done) => { throwOutUser(true, done) })
-
-    describe('create', function(){
-
-      it('new', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.keys([ 'ok', 'pub' ]);
-          }catch(e){ done(e); return }
-          done();
-        };
-        // Gun.user.create - creates new user
-        user.create(alias+type, pass).then(check).catch(done);
-      });
-
-      it('conflict', function(done){
-        Gun.log.off = true;  // Supress all console logging
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.key('err');
-            expect(ack.err).not.to.be(undefined);
-            expect(ack.err).not.to.be('');
-            expect(ack.err.toLowerCase().indexOf('already created')).not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        // Gun.user.create - fails to create existing user
-        user.create(alias+type, pass).then(function(ack){
-          done('Failed to decline creating existing user!');
-        }).catch(check);
-      });
-    });
-
-    describe('auth', function(){
-      const checkStorage = (done, notStored) => () => {
-        const checkValue = (data, val) => {
-          if (notStored) {
-            expect(typeof data !== 'undefined' && data !== null && data !== '')
-            .to.not.eql(true)
-          } else {
-            expect(data).to.not.be(undefined)
-            expect(data).to.not.be('')
-            if (val) {
-              expect(data).to.eql(val)
-            }
-          }
-        }
-        const alias = root.sessionStorage.getItem('user')
-        checkValue(alias)
-        checkValue(root.sessionStorage.getItem('remember'))
-        if (alias) {
-          checkIndexedDB(alias, 'auth').then((auth) => {
-            checkValue(auth)
-            done()
-          }).catch(done)
-        } else {
-          done()
-        }
-      }
-
-      it('login', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-          }catch(e){ done(e); return }
-          done();
-        };
-        // Gun.user.auth - authenticates existing user
-        user.auth(alias+type, pass).then(check).catch(done);
-      });
-
-      it('wrong password', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.key('err');
-            expect(ack.err).to.not.be(undefined);
-            expect(ack.err).to.not.be('');
-            expect(ack.err.toLowerCase().indexOf('failed to decrypt secret'))
-            .not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        user.auth(alias+type, pass+'not').then(function(ack){
-          done('Unexpected login success!');
-        }).catch(check);
-      });
-
-      it('unknown alias', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.key('err');
-            expect(ack.err).to.not.be(undefined);
-            expect(ack.err).to.not.be('');
-            expect(ack.err.toLowerCase().indexOf('no user')).not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        user.auth(alias+type+'not', pass).then(function(ack){
-          done('Unexpected login success!');
-        }).catch(check);
-      });
-
-      it('new password', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-          }catch(e){ done(e); return }
-          done();
-        };
-        // Gun.user.auth - with newpass props sets new password
-        user.auth(alias+type, pass, {newpass: pass+' new'}).then(check)
-        .catch(done);
-      });
-
-      it('failed new password', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.key('err');
-            expect(ack.err).to.not.be(undefined);
-            expect(ack.err).to.not.be('');
-            expect(ack.err.toLowerCase().indexOf('failed to decrypt secret'))
-            .not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        user.auth(alias+type, pass+'not', {newpass: pass+' new'})
-        .then(function(ack){
-          done('Unexpected password change success!');
-        }).catch(check);
-      });
-
-      it('without PIN auth session stored', function(done){
-        user.auth(alias+type, pass+' new').then(checkStorage(done)).catch(done);
-      });
-
-      it('with PIN auth session stored', function(done){
-        user.auth(alias+type, pass+' new', { pin: 'PIN' })
-        .then(checkStorage(done)).catch(done)
+    it('register users', function(done){
+      user.create('bob', 'test123', function(ack){
+        expect(ack.err).to.not.be.ok();
+        setTimeout(done, 30)
       })
+    })
 
-      it('without PIN and zero validity no auth session storing', function(done){
-        user.recall(0).then(function(){
-          user.auth(alias+type, pass+' new')
-          .then(checkStorage(done, true)).catch(done);
-        });
-      });
-
-      it('with PIN and zero validity no auth session storing', function(done){
-        user.recall(0).then(function(){
-          user.auth(alias+type, pass+' new', {pin: 'PIN'})
-          .then(checkStorage(done, true)).catch(done);
-        });
-      });
-    });
-
-    describe('leave', function(){
-      it('valid session', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-            expect(ack).to.have.key('ok');
-            expect(gun.back(-1)._.user._).to.not.have.keys([ 'sea', 'pub' ]);
-            // expect(gun.back(-1)._.user).to.not.be.ok();
-          }catch(e){ done(e); return }
-          done();
-        };
-        var usr = alias+type+'leave';
-        user.create(usr, pass).then(function(ack){
-          expect(ack).to.not.be(undefined);
-          expect(ack).to.not.be('');
-          expect(ack).to.have.keys([ 'ok', 'pub' ]);
-          user.auth(usr, pass).then(function(usr){
-            try{
-              expect(usr).to.not.be(undefined);
-              expect(usr).to.not.be('');
-              expect(usr).to.not.have.key('err');
-              expect(usr).to.have.key('put');
-            }catch(e){ done(e); return }
-            // Gun.user.leave - performs logout for authenticated user
-            user.leave().then(check).catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('no session', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-            expect(ack).to.have.key('ok');
-          }catch(e){ done(e); return }
-          done();
-        };
-        expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-        user.leave().then(check).catch(done);
-      });
-    });
-
-    describe('delete', function(){
-      var usr = alias+type+'del';
-
-      var createUser = function(a, p){
-        return user.create(a, p).then(function(ack){
-          expect(ack).to.not.be(undefined);
-          expect(ack).to.not.be('');
-          expect(ack).to.have.keys([ 'ok', 'pub' ]);
-          return ack;
-        });
-      };
-      var check = function(done){
-        return function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-            expect(ack).to.have.key('ok');
-            expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-          }catch(e){ done(e); return }
-          done();
-        };
-      };
-
-      it('existing authenticated user', function(done){
-        createUser(usr, pass).then(function(){
-          user.auth(usr, pass).then(function(ack){
-            try{
-              expect(ack).to.not.be(undefined);
-              expect(ack).to.not.be('');
-              expect(ack).to.not.have.key('err');
-              expect(ack).to.have.key('put');
-            }catch(e){ done(e); return }
-            // Gun.user.delete - deletes existing user account
-            user.delete(usr, pass).then(check(done)).catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('unauthenticated existing user', function(done){
-        createUser(usr, pass).catch(function(){})
-        .then(function(){
-          user.delete(usr, pass).then(check(done)).catch(done);
-        });
-      });
-
-      it('non-existing user', function(done){
-        var notFound = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('put');
-            expect(ack).to.have.key('err');
-            expect(ack.err.toLowerCase().indexOf('no user')).not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        user.delete('someone', 'password guess').then(function(){
-          done('Unexpectedly deleted guessed user!');
-        }).catch(notFound);
-      });
-    });
-
-    describe('recall (from IndexedDB)', function(){
-      var doCheck = function(done, hasPin, wantAck){
-        expect(typeof done).to.be('function');
-        return function(ack){
-          var user = root.sessionStorage.getItem('user');
-          var sRemember = root.sessionStorage.getItem('remember');
-          expect(user).to.not.be(undefined);
-          expect(user).to.not.be('');
-          expect(sRemember).to.not.be(undefined);
-          expect(sRemember).to.not.be('');
-
-          var ret;
-          if(wantAck && ack){
-            ['err', 'pub', 'sea', 'alias', 'put'].forEach(function(key){
-              if(typeof ack[key] !== 'undefined'){
-                (ret = ret || {})[key] = ack[key];
-              }
-            });
-          }
-          // NOTE: done can be Promise returning function
-          return !hasPin || !wantAck || !ack ? done(ret)
-          : new Promise(function(resolve){
-            checkIndexedDB(ack.alias, 'auth', function(auth){
-              expect(auth).to.not.be(undefined);
-              expect(auth).to.not.be('');
-              resolve(done(wantAck && Object.assign(ret || {}, {auth: auth})));
-            });
-          });
-        };
-      };
-      // This re-constructs 'remember-me' data modified by manipulate func
-      var manipulateStorage = function(manipulate, pin){
-        expect(typeof manipulate).to.be('function');
-        // We'll use Gun internal User data
-        var usr = gun.back(-1)._.user;
-        expect(usr).to.not.be(undefined);
-        expect(usr).to.have.key('_');
-        expect(usr._).to.have.keys(['pub', 'sea']);
-        // ... to validate 'remember' data
-        pin = pin && Buffer.from(pin, 'utf8').toString('base64');
-        return !pin ? Promise.resolve(sessionStorage.getItem('remember'))
-        : new Promise(function(resolve){
-          checkIndexedDB(usr._.alias, 'auth', resolve);
-        }).then(function(remember){
-          return SEA.read(remember, usr._.pub).then(function(props){
-            return !pin ? props
-            : SEA.dec(props, pin);
-          });
-        }).then(function(props){
-          try{ props && (props = JSON.parse(props)) }catch(e){} //eslint-disable-line no-empty
-          return props;
-        }).then(manipulate).then(function(props){
-          expect(props).to.not.be(undefined);
-          expect(props).to.not.be('');
-          var keys = {pub: usr._.pub, priv: usr._.sea.priv};
-          return SEA.write(JSON.stringify(props), keys)
-          .then(function(remember){
-            return !pin ? sessionStorage.setItem('remember', remember)
-            : SEA.enc(remember, pin).then(function(encauth){
-              return new Promise(function(resolve){
-                setIndexedDB(usr._.alias, encauth, resolve);
-              });
-            });
-          });
-        });
-      };
-
-      it('with PIN auth session stores', function(done){
-        var doAction = function(){
-          user.auth(alias+type, pass+' new', {pin: 'PIN'})
-          .then(doCheck(done, true)).catch(done);
-        };
-        user.recall().then(doAction).catch(done);
-      });
-
-      it('without PIN auth session stores', function(done){
-        var doAction = function(){
-          user.auth(alias+type, pass+' new').then(doCheck(done));
-        };
-        user.leave().then(function(){
-          user.recall().then(doAction).catch(done);
-        }).catch(done);
-      });
-
-      it('no validity no session storing', function(done){
-        var doAction = function(){
-          user.auth(alias+type, pass+' new').then(doCheck(done)).catch(done);
-        };
-        user.recall(0).then(doAction).catch(done);
-      });
-
-      it('with validity but no PIN stores using random PIN', function(done){
-        var doAction = function(){
-          user.auth(alias+type, pass+' new').then(doCheck(done)).catch(done);
-        };
-        user.recall(12 * 60).then(doAction)
-        .catch(done);
-      });
-
-      it('validity and auth with PIN but storage empty', function(done){
-        user.auth(alias+type, pass+' new').then(function(usr){
-          var sUser;
-          var sRemember;
-          try{
-            expect(usr).to.not.be(undefined);
-            expect(usr).to.not.be('');
-            expect(usr).to.not.have.key('err');
-            expect(usr).to.have.key('put');
-
-            sUser = root.sessionStorage.getItem('user');
-            expect(sUser).to.be(alias+type);
-
-            sRemember = root.sessionStorage.getItem('remember');
-            expect(sRemember).to.not.be(undefined);
-            expect(sRemember).to.not.be('');
-          }catch(e){ done(e); return }
-          user.leave().then(function(ack){
-            try{
-              expect(ack).to.have.key('ok');
-              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
-              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
-            }catch(e){ done(e); return }
-            // Restore but leave IndexedDB empty
-            root.sessionStorage.setItem('user', sUser);
-            root.sessionStorage.setItem('remember', sRemember);
-
-            user.recall(12 * 60).then(
-              doCheck(function(ack){
-                expect(ack).to.have.key('err');
-                expect(ack.err.toLowerCase().indexOf('no session')).to.not.be(-1);
-                  checkIndexedDB(alias+type, 'auth', function(auth){
-                    expect((typeof auth !== 'undefined' && auth !== null && auth !== ''))
-                    .to.not.eql(true);
-                    done();
-                  });
-              }, false, true))
-            .catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('valid session bootstrap', function(done){
-        var sUser;
-        var sRemember;
-        var iAuth;
-        user.auth(alias+type, pass+' new', {pin: 'PIN'}).then(function(usr){
-          try{
-            expect(usr).to.not.be(undefined);
-            expect(usr).to.not.be('');
-            expect(usr).to.not.have.key('err');
-            expect(usr).to.have.key('put');
-            expect(root.sessionStorage.getItem('user')).to.be(alias+type);
-            expect(root.sessionStorage.getItem('remember')).to.not.be(undefined);
-            expect(root.sessionStorage.getItem('remember')).to.not.be('');
-
-            sUser = root.sessionStorage.getItem('user');
-            sRemember = root.sessionStorage.getItem('remember');
-          }catch(e){ done(e); return }
-
-          return new Promise(function(resolve){
-            checkIndexedDB(sUser, 'auth', function(auth){ resolve(iAuth = auth) });
-          });
-        }).then(function(){
-          return user.leave().then(function(ack){
-            try{
-              expect(ack).to.have.key('ok');
-              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
-              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
-            }catch(e){ done(e); return }
-
-            return new Promise(function(resolve){
-              checkIndexedDB(sUser, 'auth', function(auth){
-                expect(auth).to.not.be(iAuth);
-                resolve();
-              });
-            });
-          }).then(function(){
-            root.sessionStorage.setItem('user', sUser);
-            root.sessionStorage.setItem('remember', sRemember);
-
-            return new Promise(function(resolve){
-              setIndexedDB(sUser, iAuth, resolve);
-            });
-          }).then(function(){
-            user.recall(12 * 60).then(doCheck(done))
-            .catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('valid session bootstrap using alias & PIN', function(done){
-        let sRemember
-        user.recall(12 * 60).then(function(){
-          return user.auth(alias+type, pass+' new', {pin: 'PIN'});
-        }).then(doCheck(function(ack){
-          // Let's save remember props
-          var sUser = root.sessionStorage.getItem('user');
-          sRemember = root.sessionStorage.getItem('remember')
-          var iAuth = ack.auth;
-          return new Promise(function(resolve){
-            checkIndexedDB(sUser, 'auth', function(auth){
-              iAuth = auth;
-              resolve(user.leave());  // Then logout user
-            });
-          }).then(function(ack){
-            try{
-              expect(ack).to.have.key('ok');
-              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
-              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
-            }catch(e){ done(e); return }
-            return new Promise(function(resolve){
-              checkIndexedDB(sUser, 'auth', function(auth){
-                try{ expect(auth).to.not.be(iAuth) }catch(e){ done(e) }
-                // Then restore IndexedDB but skip sessionStorage remember
-                setIndexedDB(sUser, iAuth, function(){
-                  root.sessionStorage.setItem('user', sUser);
-                  resolve(ack);
-                });
-              });
-            });
-          });
-        }, true, true)).then(function(){
-          // Then try to recall authentication
-          return user.recall(12 * 60).then(function(props){
-            try{
-              expect(props).to.not.be(undefined);
-              expect(props).to.not.be('');
-              expect(props).to.have.key('err');
-              // Which fails to missing PIN
-              expect(props.err.toLowerCase()
-              .indexOf('missing pin')).not.to.be(-1);
-            }catch(e){ done(e); return }
-            root.sessionStorage.setItem('remember', sRemember)
-            // Ok, time to try auth with alias & PIN
-            return user.auth(alias+type, undefined, {pin: 'PIN'});
-          });
-        }).then(doCheck(function(usr){
-          try{
-            expect(usr).to.not.be(undefined);
-            expect(usr).to.not.be('');
-            expect(usr).to.not.have.key('err');
-            expect(usr).to.have.key('put');
-          }catch(e){ done(e); return }
-          // We've recalled authenticated session using alias & PIN!
-          done();
-        }, true, true)).catch(done);
-      });
-
-      it('valid session fails to bootstrap with alias & wrong PIN',
-      function(done){
-        user.recall(12 * 60).then(function(){
-          return user.auth(alias+type, pass+' new', {pin: 'PIN'});
-        }).then(doCheck(function(ack){
-          var sUser = root.sessionStorage.getItem('user');
-          var sRemember = root.sessionStorage.getItem('remember');
-          var iAuth = ack.auth;
-          return new Promise(function(resolve){
-            checkIndexedDB(sUser, 'auth', function(auth){
-              iAuth = auth;
-              resolve(user.leave());  // Then logout user
-            });
-          }).then(function(ack){
-            try{
-              expect(ack).to.have.key('ok');
-              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
-              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
-              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
-            }catch(e){ done(e); return }
-            return new Promise(function(resolve){
-              checkIndexedDB(sUser, 'auth', function(auth){
-                try{ expect(auth).to.not.be(iAuth) }catch(e){ done(e) }
-                // Then restore IndexedDB auth data, skip sessionStorage
-                setIndexedDB(sUser, iAuth, function(){
-                  root.sessionStorage.setItem('user', sUser);
-                  resolve(ack);
-                });
-              });
-            });
-          });
-        }, true, true)).then(function(){
-            // Ok, time to try auth with alias & PIN
-            return user.auth(alias+type, undefined, {pin: 'PiN'});
-        }).then(function(){
-          done('Unexpected login success!');
-        }).catch(function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.have.key('err');
-            expect(ack.err.toLowerCase()
-            .indexOf('no session data for alias & pin')).not.to.be(-1);
-          }catch(e){ done(e); return }
-          // We've recalled authenticated session using alias & PIN!
-          done();
-        });
-      });
-
-      it('expired session fails to bootstrap', function(done){
-        var pin = 'PIN';
-        user.recall(60).then(function(){
-          return user.auth(alias+type, pass+' new', {pin: pin});
-        }).then(doCheck(function(){
-          // Storage data OK, let's back up time of auth to exp + 65 seconds
-          return manipulateStorage(function(props){
-            var ret = Object.assign({}, props, {iat: props.iat - 65 - props.exp});
-            return ret;
-          }, pin);
-        })).then(() => throwOutUser(false)) // Simulate browser reload
-        .then(() => user.recall(60).then((ack) => {
-          expect(ack).to.not.be(undefined)
-          expect(ack).to.not.be('')
-          expect(ack).to.not.have.keys([ 'pub', 'sea' ])
-          expect(ack).to.have.key('err')
-          expect(ack.err).to.not.be(undefined)
-          expect(ack.err).to.not.be('')
-          expect(ack.err.toLowerCase()
-          .indexOf('no session')).not.to.be(-1)
-          done()
-        })).catch(done)
-      });
-
-      it('changed password', function(done){
-        var pin = 'PIN';
-        var sUser;
-        var sRemember;
-        var iAuth;
-        user.recall(60).then(function(){
-          return user.auth(alias+type, pass+' new', {pin: pin});
-        }).then(function(usr){
-          try{
-            expect(usr).to.not.be(undefined);
-            expect(usr).to.not.be('');
-            expect(usr).to.not.have.key('err');
-            expect(usr).to.have.key('put');
-
-            sUser = root.sessionStorage.getItem('user');
-            expect(sUser).to.be(alias+type);
-
-            sRemember = root.sessionStorage.getItem('remember');
-            expect(sRemember).to.not.be(undefined);
-            expect(sRemember).to.not.be('');
-          }catch(e){ done(e); return }
-
-          return new Promise(function(resolve){
-            checkIndexedDB(sUser, 'auth', function(auth){ resolve(iAuth = auth) });
-          });
-        }).then(function(){
-          return user.leave().then(function(ack){
-            try{ expect(ack).to.have.key('ok') }catch(e){ done(e); return }
-
-            return user.auth(alias+type, pass+' new', {newpass: pass, pin: pin})
-            .then(function(usr){ expect(usr).to.not.have.key('err') });
-          }).then(() => user.leave().then((ack) => {
-            try {
-              expect(ack).to.have.key('ok')
-            } catch (e) { done(e); return }
-            return throwOutUser(false)
-          })).then(function(){
-            // Simulate browser reload
-            // Call back pre-update remember...
-            root.sessionStorage.setItem('user', sUser);
-            root.sessionStorage.setItem('remember', sRemember);
-            // ... and IndexedDB auth
-            return new Promise(function(resolve){
-              setIndexedDB(sUser, iAuth, resolve);
-            });
-          }).then(function(){
-            user.recall(60).then(function(props){
-              expect(props).to.not.be(undefined);
-              expect(props).to.not.be('');
-              expect(props).to.have.key('err');
-              expect(props.err).to.not.be(undefined);
-              expect(props.err).to.not.be('');
-              expect(props.err.toLowerCase()
-              .indexOf('failed to decrypt')).not.to.be(-1);
-              done();
-            }).catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('recall hook session manipulation', function(done){
-        var pin = 'PIN';
-        var exp;
-        var hookFunc = function(props){
-          exp = props.exp * 2;  // Doubles session expiration time
-          var ret = Object.assign({}, props, {exp: exp});
-          return new Promise(function(resolve){
-            resolve(ret); // Both callback & Promise methods here
-          });
-        };
-        user.recall(60, {hook: hookFunc}).then(function(){
-          return user.auth(alias+type, pass, {pin: pin});
-        }).then(function(){
-          return manipulateStorage(function(props){
-            expect(props).to.not.be(undefined);
-            expect(props).to.have.key('exp');
-            expect(props.exp).to.be(exp);
-            return props;
-          }, pin);
-        }).then(done).catch(done);
-      });
-    });
-
-    describe('alive', function(){
-      it('valid session', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.key('err');
-            expect(ack).to.have.keys([ 'sea', 'pub' ]);
-          }catch(e){ done(e); return }
-          done();
-        };
-        var aliveUser = alias+type+'alive';
-        user.create(aliveUser, pass).then(function(ack){
-          expect(ack).to.not.be(undefined);
-          expect(ack).to.not.be('');
-          expect(ack).to.have.keys([ 'ok', 'pub' ]);
-          user.auth(aliveUser, pass, {pin: 'PIN'}).then(function(usr){
-            try{
-              expect(usr).to.not.be(undefined);
-              expect(usr).to.not.be('');
-              expect(usr).to.not.have.key('err');
-              expect(usr).to.have.key('put');
-            }catch(e){ done(e); return }
-            // Gun.user.alive - keeps/checks User authentiation state
-            user.alive().then(check).catch(done);
-          }).catch(done);
-        }).catch(done);
-      });
-
-      it('expired session', function(done){
-        var check = function(ack){
-          try{
-            expect(ack).to.not.be(undefined);
-            expect(ack).to.not.be('');
-            expect(ack).to.not.have.keys([ 'sea', 'pub' ]);
-            expect(ack).to.have.key('err');
-            expect(ack.err.toLowerCase().indexOf('no session')).not.to.be(-1);
-          }catch(e){ done(e); return }
-          done();
-        };
-        user.leave().catch(function(){}).then(function(){
-          user.alive().then(function(){
-            done('Unexpected alive session!');
-          }).catch(check);
-        }).catch(done);
-      });
-    });
-
-    process.env.SEA_CHANNEL && describe('User channel', function(){
-      it.skip('create');
-      it.skip('add member');
-    });
-
-    Gun.log.off = false;
+    it('login users', function(done){
+      user.auth('bob', 'test123', function(ack){
+        expect(ack.err).to.not.be.ok();
+        done()
+      })
+    })
   });
-});
 
-}());
+})
+
+})()
\ No newline at end of file
diff --git a/test/sea/sea2.js b/test/sea/sea2.js
deleted file mode 100644
index 6a7cbdfa..00000000
--- a/test/sea/sea2.js
+++ /dev/null
@@ -1,61 +0,0 @@
-/* global Gun,describe,expect,it,beforeEach */
-/*eslint max-len: ["error", 95, { "ignoreComments": true }]*/
-/*eslint semi: ["error", "always", { "omitLastInOneLineBlock": true}]*/
-/*eslint object-curly-spacing: ["error", "never"]*/
-/*eslint node/no-deprecated-api: [error, {ignoreModuleItems: ["new buffer.Buffer()"]}] */
-
-var root;
-var Gun;
-(function(env){
-  root = env.window ? env.window : global;
-  env.window && root.localStorage && root.localStorage.clear();
-  try{ require('fs').unlinkSync('data.json') }catch(e){}
-  //root.Gun = root.Gun || require('../gun');
-  if(root.Gun){
-    //Gun = root.Gun = root.Gun;
-  } else {
-    var expect = global.expect = require("../expect");
-    root.Gun = require('../../gun');
-    //Gun.serve = require('../../lib/serve');
-    //require('./s3');
-    //require('./uws');
-    //require('./wsp/server');
-    require('../../lib/file');
-    require('../../sea.js');
-  }
-}(this));
-
-;(function(){
-Gun = root.Gun
-const SEA = Gun.SEA
-
-if(!SEA){ return }
-
-describe('SEA', function(){
-  var user;
-  var gun;
-  it('is instantiable', done => {
-    gun = Gun({ localStorage: true, radisk: false })
-    user = gun.user()
-    done()
-  })
-
-  it('register users', async done => {
-    user.create('bob', 'test123', ack => {
-      expect(ack.err).to.not.be.ok();
-      setTimeout(done, 30)
-    })
-  })
-
-  it('login users', async done => {
-    console.log("------------------");
-    user.auth('bob', 'test123', ack => {
-      console.log("?????", ack, SEA.err);
-      expect(ack.err).to.not.be.ok();
-      done()
-    })
-  })
-
-})
-
-})()
diff --git a/test/sea/sea_old.js b/test/sea/sea_old.js
new file mode 100644
index 00000000..7d86a5fb
--- /dev/null
+++ b/test/sea/sea_old.js
@@ -0,0 +1,1009 @@
+/* global Gun,describe,expect,it,beforeEach */
+/*eslint max-len: ["error", 95, { "ignoreComments": true }]*/
+/*eslint semi: ["error", "always", { "omitLastInOneLineBlock": true}]*/
+/*eslint object-curly-spacing: ["error", "never"]*/
+/*eslint node/no-deprecated-api: [error, {ignoreModuleItems: ["new buffer.Buffer()"]}] */
+
+var root;
+(function(env){
+  root = env.window ? env.window : global;
+  env.window && root.localStorage && root.localStorage.clear();
+  try{ require('fs').unlinkSync('data.json') }catch(e){}
+  //root.Gun = root.Gun || require('../gun');
+  if(root.Gun){
+    root.Gun = root.Gun;
+  } else {
+    var expect = global.expect = require("./expect");
+    root.Gun = require('../gun');
+    Gun.serve = require('../lib/serve');
+    //require('./s3');
+    //require('./uws');
+    //require('./wsp/server');
+    require('../lib/file');
+    require('../sea');
+  }
+}(this));
+
+;(function(){
+
+const SEA = Gun.SEA
+
+if(!SEA){ return }
+
+const { Buffer, EasyIndexedDB } = SEA
+
+const seaIndexedDb = new SEA.EasyIndexedDB('SEA', 'GunDB', 1)
+
+const checkIndexedDB = (key, prop, resolve_) => {
+  const doIt = (resolve, reject) => seaIndexedDb.get(key, prop)
+  .then(resolve).catch(reject)
+
+  if (resolve_) {
+    doIt(resolve_, (e) => { throw e })
+  } else {
+    return new Promise(doIt)
+  }
+}
+
+const setIndexedDB = (key, auth, resolve_) => {
+  const doIt = (resolve, reject) => seaIndexedDb.put(key, { auth })
+  .then(resolve).catch(reject)
+
+  if (resolve_) {
+    doIt(resolve_, (e) => { throw e })
+  } else {
+    return new Promise(doIt)
+  }
+}
+
+SEA && describe('SEA', function(){
+  console.log('TODO: SEA! THIS IS AN EARLY ALPHA!!!');
+  var alias = 'dude';
+  var pass = 'my secret password';
+  var userKeys = ['pub', 'priv'];
+  var clearText = 'My precious secret!';
+  var encKeys = ['ct', 'iv', 's'];
+
+  const type = 'Promise'  // TODO: this is leftover...
+  it('proof', function(done){
+    var check = function(proof){
+      expect(proof).to.not.be(undefined);
+      expect(proof).to.not.be('');
+      done();
+    };
+    // proof - generates PBKDF2 hash from user's alias and password
+    // which is then used to decrypt user's auth record
+    SEA.proof(pass, Gun.text.random(64)).then(check).catch(done);
+  });
+
+  it('pair', function(done){
+    var check = function(key){
+      expect(key).to.not.be(undefined);
+      expect(key).to.not.be('');
+      expect(key).to.have.keys(userKeys);
+      userKeys.map(function(fld){
+        expect(key[fld]).to.not.be(undefined);
+        expect(key[fld]).to.not.be('');
+      });
+      done();
+    };
+    // pair - generates ECDH key pair (for new user when created)
+    SEA.pair().then(check).catch(done);
+  });
+
+  it('keyid', function(done){
+    SEA.pair().then(function(key){
+      var check = function(keyid){
+        expect(keyid).to.not.be(undefined);
+        expect(keyid).to.not.be('');
+        expect(keyid.length).to.eql(16);
+        done();
+      };
+      // keyid - creates 8 byte KeyID from public key
+      SEA.keyid(key.pub).then(check);
+    }).catch(function(e){done(e)});
+  });
+
+  it('enc', function(done){
+    SEA.pair().then(function(key){
+      var check = function(jsonSecret){
+        expect(jsonSecret).to.not.be(undefined);
+        expect(jsonSecret).to.not.be('');
+        expect(jsonSecret).to.not.eql(clearText);
+        var objSecret = JSON.parse(jsonSecret);
+        expect(objSecret).to.have.keys(encKeys);
+        encKeys.map(function(key){
+          expect(objSecret[key]).to.not.be(undefined);
+          expect(objSecret[key]).to.not.be('');
+        });
+        done();
+      };
+      // en - encrypts JSON data using user's private or derived ECDH key
+      SEA.enc(clearText, key.priv).then(check);
+    }).catch(function(e){done(e)});
+  });
+
+  it('sign', function(done){
+    SEA.pair().then(function(key){
+      var check = function(signature){
+        expect(signature).to.not.be(undefined);
+        expect(signature).to.not.be('');
+        expect(signature).to.not.eql(key.pub);
+        done();
+      };
+      // sign - calculates signature for data using user's private ECDH key
+      SEA.sign(key.pub, key).then(check);
+    }).catch(function(e){done(e)});
+  });
+
+  it('verify', function(done){
+    SEA.pair().then(function(key){
+      var check = function(ok){
+        expect(ok).to.not.be(undefined);
+        expect(ok).to.not.be('');
+        expect(ok).to.be(true);
+        done();
+      };
+      // sign - calculates signature for data using user's private ECDH key
+      SEA.sign(key.pub, key).then(function(signature){
+        SEA.verify(key.pub, key.pub, signature).then(check);
+      });
+    }).catch(function(e){done(e)});
+  });
+
+  it('dec', function(done){
+    SEA.pair().then(function(key){
+      var check = function(decText){
+        expect(decText).to.not.be(undefined);
+        expect(decText).to.not.be('');
+        expect(decText).to.be.eql(clearText);
+        done();
+      };
+      SEA.enc(clearText, key.priv).then(function(jsonSecret){
+        // de - decrypts JSON data using user's private or derived ECDH key
+        SEA.dec(jsonSecret, key.priv).then(check);
+      });
+    }).catch(function(e){done(e)});
+  });
+
+  it('derive', function(done){
+    SEA.pair().then(function(txKey){
+      return SEA.pair().then(function(rxKey){
+        return {tx: txKey, rx: rxKey};
+      });
+    }).then(function(keys){
+      var check = function(shared){
+        expect(shared).to.not.be(undefined);
+        expect(shared).to.not.be('');
+        [keys.rx.pub, keys.rx.priv, keys.tx.pub, keys.tx.priv]
+        .map(function(val){
+          expect(shared).to.not.eql(val);
+        });
+        done();
+      };
+      // derive - provides shared secret for both receiver and sender
+      // which can be used to encrypt or sign data
+      SEA.derive(keys.rx.pub, keys.tx).then(check);
+    }).catch(function(e){done(e)});
+  });
+
+  it('write', function(done){
+    SEA.pair().then(function(key){
+      SEA.sign(key.pub, key).then(function(signature){
+        var check = function(result){
+          var parts;
+          try{
+            expect(result).to.not.be(undefined);
+            expect(result).to.not.be('');
+            expect(result.slice(0, 4)).to.eql('SEA[');
+            parts = JSON.parse(result.slice(3));
+            expect(parts).to.not.be(undefined);
+            expect(parts[0]).to.be.eql(key.pub);
+            // expect(parts[1]).to.be.eql(signature);
+          }catch(e){ return done(e) }
+          SEA.verify(key.pub, key.pub, parts[1]).then(function(flag){
+            expect(flag).to.be.true;
+            done();
+          });
+        };
+        // write - wraps data to 'SEA["data","signature"]'
+        SEA.write(key.pub, key).then(check);
+      });
+    }).catch(function(e){done(e)});
+  });
+
+  it('read', function(done){
+    SEA.pair().then(function(key){
+      var check = function(result){
+        expect(result).to.not.be(undefined);
+        expect(result).to.not.be('');
+        expect(result).to.be.equal(key.pub);
+        done();
+      };
+      SEA.sign(key.pub, key).then(function(signature){
+        SEA.write(key.pub, key).then(function(signed){
+          // read - unwraps data from 'SEA["data","signature"]'
+          SEA.read(signed, key.pub).then(check);
+        });
+      });
+    }).catch(function(e){done(e)});
+  });
+});
+
+Gun().user && describe('Gun', function(){
+  describe('User', function(){
+    console.log('TODO: User! THIS IS AN EARLY ALPHA!!!');
+    var alias = 'dude';
+    var pass = 'my secret password';
+    var gun = Gun();
+    var user = gun.user();
+    Gun.log.off = true;  // Supress all console logging
+
+    const throwOutUser = (wipeStorageData, done) => {
+      // Get rid of authenticated Gun user
+      var user = gun.back(-1)._.user;
+      // TODO: is this correct way to 'logout' user from Gun.User ?
+      [ 'alias', 'sea', 'pub' ].forEach(function(key){
+        delete user._[key];
+      });
+      user._.is = user.is = {};
+
+      if(wipeStorageData){
+        // ... and persisted session
+        sessionStorage.removeItem('remember');
+        sessionStorage.removeItem('alias');
+        if (typeof done === 'function') {
+          seaIndexedDb.wipe().then(done)
+          return
+        } else {
+          return seaIndexedDb.wipe()
+        }
+      }
+      return Promise.resolve()
+    }
+
+    const type = 'Promise'  // TODO: this is leftover...
+    // Simulate browser reload
+    beforeEach((done) => { throwOutUser(true, done) })
+
+    describe('create', function(){
+
+      it('new', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.keys([ 'ok', 'pub' ]);
+          }catch(e){ done(e); return }
+          done();
+        };
+        // Gun.user.create - creates new user
+        user.create(alias+type, pass).then(check).catch(done);
+      });
+
+      it('conflict', function(done){
+        Gun.log.off = true;  // Supress all console logging
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.key('err');
+            expect(ack.err).not.to.be(undefined);
+            expect(ack.err).not.to.be('');
+            expect(ack.err.toLowerCase().indexOf('already created')).not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        // Gun.user.create - fails to create existing user
+        user.create(alias+type, pass).then(function(ack){
+          done('Failed to decline creating existing user!');
+        }).catch(check);
+      });
+    });
+
+    describe('auth', function(){
+      const checkStorage = (done, notStored) => () => {
+        const checkValue = (data, val) => {
+          if (notStored) {
+            expect(typeof data !== 'undefined' && data !== null && data !== '')
+            .to.not.eql(true)
+          } else {
+            expect(data).to.not.be(undefined)
+            expect(data).to.not.be('')
+            if (val) {
+              expect(data).to.eql(val)
+            }
+          }
+        }
+        const alias = root.sessionStorage.getItem('user')
+        checkValue(alias)
+        checkValue(root.sessionStorage.getItem('remember'))
+        if (alias) {
+          checkIndexedDB(alias, 'auth').then((auth) => {
+            checkValue(auth)
+            done()
+          }).catch(done)
+        } else {
+          done()
+        }
+      }
+
+      it('login', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+          }catch(e){ done(e); return }
+          done();
+        };
+        // Gun.user.auth - authenticates existing user
+        user.auth(alias+type, pass).then(check).catch(done);
+      });
+
+      it('wrong password', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.key('err');
+            expect(ack.err).to.not.be(undefined);
+            expect(ack.err).to.not.be('');
+            expect(ack.err.toLowerCase().indexOf('failed to decrypt secret'))
+            .not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        user.auth(alias+type, pass+'not').then(function(ack){
+          done('Unexpected login success!');
+        }).catch(check);
+      });
+
+      it('unknown alias', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.key('err');
+            expect(ack.err).to.not.be(undefined);
+            expect(ack.err).to.not.be('');
+            expect(ack.err.toLowerCase().indexOf('no user')).not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        user.auth(alias+type+'not', pass).then(function(ack){
+          done('Unexpected login success!');
+        }).catch(check);
+      });
+
+      it('new password', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+          }catch(e){ done(e); return }
+          done();
+        };
+        // Gun.user.auth - with newpass props sets new password
+        user.auth(alias+type, pass, {newpass: pass+' new'}).then(check)
+        .catch(done);
+      });
+
+      it('failed new password', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.key('err');
+            expect(ack.err).to.not.be(undefined);
+            expect(ack.err).to.not.be('');
+            expect(ack.err.toLowerCase().indexOf('failed to decrypt secret'))
+            .not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        user.auth(alias+type, pass+'not', {newpass: pass+' new'})
+        .then(function(ack){
+          done('Unexpected password change success!');
+        }).catch(check);
+      });
+
+      it('without PIN auth session stored', function(done){
+        user.auth(alias+type, pass+' new').then(checkStorage(done)).catch(done);
+      });
+
+      it('with PIN auth session stored', function(done){
+        user.auth(alias+type, pass+' new', { pin: 'PIN' })
+        .then(checkStorage(done)).catch(done)
+      })
+
+      it('without PIN and zero validity no auth session storing', function(done){
+        user.recall(0).then(function(){
+          user.auth(alias+type, pass+' new')
+          .then(checkStorage(done, true)).catch(done);
+        });
+      });
+
+      it('with PIN and zero validity no auth session storing', function(done){
+        user.recall(0).then(function(){
+          user.auth(alias+type, pass+' new', {pin: 'PIN'})
+          .then(checkStorage(done, true)).catch(done);
+        });
+      });
+    });
+
+    describe('leave', function(){
+      it('valid session', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+            expect(ack).to.have.key('ok');
+            expect(gun.back(-1)._.user._).to.not.have.keys([ 'sea', 'pub' ]);
+            // expect(gun.back(-1)._.user).to.not.be.ok();
+          }catch(e){ done(e); return }
+          done();
+        };
+        var usr = alias+type+'leave';
+        user.create(usr, pass).then(function(ack){
+          expect(ack).to.not.be(undefined);
+          expect(ack).to.not.be('');
+          expect(ack).to.have.keys([ 'ok', 'pub' ]);
+          user.auth(usr, pass).then(function(usr){
+            try{
+              expect(usr).to.not.be(undefined);
+              expect(usr).to.not.be('');
+              expect(usr).to.not.have.key('err');
+              expect(usr).to.have.key('put');
+            }catch(e){ done(e); return }
+            // Gun.user.leave - performs logout for authenticated user
+            user.leave().then(check).catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('no session', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+            expect(ack).to.have.key('ok');
+          }catch(e){ done(e); return }
+          done();
+        };
+        expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+        user.leave().then(check).catch(done);
+      });
+    });
+
+    describe('delete', function(){
+      var usr = alias+type+'del';
+
+      var createUser = function(a, p){
+        return user.create(a, p).then(function(ack){
+          expect(ack).to.not.be(undefined);
+          expect(ack).to.not.be('');
+          expect(ack).to.have.keys([ 'ok', 'pub' ]);
+          return ack;
+        });
+      };
+      var check = function(done){
+        return function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+            expect(ack).to.have.key('ok');
+            expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+          }catch(e){ done(e); return }
+          done();
+        };
+      };
+
+      it('existing authenticated user', function(done){
+        createUser(usr, pass).then(function(){
+          user.auth(usr, pass).then(function(ack){
+            try{
+              expect(ack).to.not.be(undefined);
+              expect(ack).to.not.be('');
+              expect(ack).to.not.have.key('err');
+              expect(ack).to.have.key('put');
+            }catch(e){ done(e); return }
+            // Gun.user.delete - deletes existing user account
+            user.delete(usr, pass).then(check(done)).catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('unauthenticated existing user', function(done){
+        createUser(usr, pass).catch(function(){})
+        .then(function(){
+          user.delete(usr, pass).then(check(done)).catch(done);
+        });
+      });
+
+      it('non-existing user', function(done){
+        var notFound = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('put');
+            expect(ack).to.have.key('err');
+            expect(ack.err.toLowerCase().indexOf('no user')).not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        user.delete('someone', 'password guess').then(function(){
+          done('Unexpectedly deleted guessed user!');
+        }).catch(notFound);
+      });
+    });
+
+    describe('recall (from IndexedDB)', function(){
+      var doCheck = function(done, hasPin, wantAck){
+        expect(typeof done).to.be('function');
+        return function(ack){
+          var user = root.sessionStorage.getItem('user');
+          var sRemember = root.sessionStorage.getItem('remember');
+          expect(user).to.not.be(undefined);
+          expect(user).to.not.be('');
+          expect(sRemember).to.not.be(undefined);
+          expect(sRemember).to.not.be('');
+
+          var ret;
+          if(wantAck && ack){
+            ['err', 'pub', 'sea', 'alias', 'put'].forEach(function(key){
+              if(typeof ack[key] !== 'undefined'){
+                (ret = ret || {})[key] = ack[key];
+              }
+            });
+          }
+          // NOTE: done can be Promise returning function
+          return !hasPin || !wantAck || !ack ? done(ret)
+          : new Promise(function(resolve){
+            checkIndexedDB(ack.alias, 'auth', function(auth){
+              expect(auth).to.not.be(undefined);
+              expect(auth).to.not.be('');
+              resolve(done(wantAck && Object.assign(ret || {}, {auth: auth})));
+            });
+          });
+        };
+      };
+      // This re-constructs 'remember-me' data modified by manipulate func
+      var manipulateStorage = function(manipulate, pin){
+        expect(typeof manipulate).to.be('function');
+        // We'll use Gun internal User data
+        var usr = gun.back(-1)._.user;
+        expect(usr).to.not.be(undefined);
+        expect(usr).to.have.key('_');
+        expect(usr._).to.have.keys(['pub', 'sea']);
+        // ... to validate 'remember' data
+        pin = pin && Buffer.from(pin, 'utf8').toString('base64');
+        return !pin ? Promise.resolve(sessionStorage.getItem('remember'))
+        : new Promise(function(resolve){
+          checkIndexedDB(usr._.alias, 'auth', resolve);
+        }).then(function(remember){
+          return SEA.read(remember, usr._.pub).then(function(props){
+            return !pin ? props
+            : SEA.dec(props, pin);
+          });
+        }).then(function(props){
+          try{ props && (props = JSON.parse(props)) }catch(e){} //eslint-disable-line no-empty
+          return props;
+        }).then(manipulate).then(function(props){
+          expect(props).to.not.be(undefined);
+          expect(props).to.not.be('');
+          var keys = {pub: usr._.pub, priv: usr._.sea.priv};
+          return SEA.write(JSON.stringify(props), keys)
+          .then(function(remember){
+            return !pin ? sessionStorage.setItem('remember', remember)
+            : SEA.enc(remember, pin).then(function(encauth){
+              return new Promise(function(resolve){
+                setIndexedDB(usr._.alias, encauth, resolve);
+              });
+            });
+          });
+        });
+      };
+
+      it('with PIN auth session stores', function(done){
+        var doAction = function(){
+          user.auth(alias+type, pass+' new', {pin: 'PIN'})
+          .then(doCheck(done, true)).catch(done);
+        };
+        user.recall().then(doAction).catch(done);
+      });
+
+      it('without PIN auth session stores', function(done){
+        var doAction = function(){
+          user.auth(alias+type, pass+' new').then(doCheck(done));
+        };
+        user.leave().then(function(){
+          user.recall().then(doAction).catch(done);
+        }).catch(done);
+      });
+
+      it('no validity no session storing', function(done){
+        var doAction = function(){
+          user.auth(alias+type, pass+' new').then(doCheck(done)).catch(done);
+        };
+        user.recall(0).then(doAction).catch(done);
+      });
+
+      it('with validity but no PIN stores using random PIN', function(done){
+        var doAction = function(){
+          user.auth(alias+type, pass+' new').then(doCheck(done)).catch(done);
+        };
+        user.recall(12 * 60).then(doAction)
+        .catch(done);
+      });
+
+      it('validity and auth with PIN but storage empty', function(done){
+        user.auth(alias+type, pass+' new').then(function(usr){
+          var sUser;
+          var sRemember;
+          try{
+            expect(usr).to.not.be(undefined);
+            expect(usr).to.not.be('');
+            expect(usr).to.not.have.key('err');
+            expect(usr).to.have.key('put');
+
+            sUser = root.sessionStorage.getItem('user');
+            expect(sUser).to.be(alias+type);
+
+            sRemember = root.sessionStorage.getItem('remember');
+            expect(sRemember).to.not.be(undefined);
+            expect(sRemember).to.not.be('');
+          }catch(e){ done(e); return }
+          user.leave().then(function(ack){
+            try{
+              expect(ack).to.have.key('ok');
+              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
+              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
+            }catch(e){ done(e); return }
+            // Restore but leave IndexedDB empty
+            root.sessionStorage.setItem('user', sUser);
+            root.sessionStorage.setItem('remember', sRemember);
+
+            user.recall(12 * 60).then(
+              doCheck(function(ack){
+                expect(ack).to.have.key('err');
+                expect(ack.err.toLowerCase().indexOf('no session')).to.not.be(-1);
+                  checkIndexedDB(alias+type, 'auth', function(auth){
+                    expect((typeof auth !== 'undefined' && auth !== null && auth !== ''))
+                    .to.not.eql(true);
+                    done();
+                  });
+              }, false, true))
+            .catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('valid session bootstrap', function(done){
+        var sUser;
+        var sRemember;
+        var iAuth;
+        user.auth(alias+type, pass+' new', {pin: 'PIN'}).then(function(usr){
+          try{
+            expect(usr).to.not.be(undefined);
+            expect(usr).to.not.be('');
+            expect(usr).to.not.have.key('err');
+            expect(usr).to.have.key('put');
+            expect(root.sessionStorage.getItem('user')).to.be(alias+type);
+            expect(root.sessionStorage.getItem('remember')).to.not.be(undefined);
+            expect(root.sessionStorage.getItem('remember')).to.not.be('');
+
+            sUser = root.sessionStorage.getItem('user');
+            sRemember = root.sessionStorage.getItem('remember');
+          }catch(e){ done(e); return }
+
+          return new Promise(function(resolve){
+            checkIndexedDB(sUser, 'auth', function(auth){ resolve(iAuth = auth) });
+          });
+        }).then(function(){
+          return user.leave().then(function(ack){
+            try{
+              expect(ack).to.have.key('ok');
+              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
+              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
+            }catch(e){ done(e); return }
+
+            return new Promise(function(resolve){
+              checkIndexedDB(sUser, 'auth', function(auth){
+                expect(auth).to.not.be(iAuth);
+                resolve();
+              });
+            });
+          }).then(function(){
+            root.sessionStorage.setItem('user', sUser);
+            root.sessionStorage.setItem('remember', sRemember);
+
+            return new Promise(function(resolve){
+              setIndexedDB(sUser, iAuth, resolve);
+            });
+          }).then(function(){
+            user.recall(12 * 60).then(doCheck(done))
+            .catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('valid session bootstrap using alias & PIN', function(done){
+        let sRemember
+        user.recall(12 * 60).then(function(){
+          return user.auth(alias+type, pass+' new', {pin: 'PIN'});
+        }).then(doCheck(function(ack){
+          // Let's save remember props
+          var sUser = root.sessionStorage.getItem('user');
+          sRemember = root.sessionStorage.getItem('remember')
+          var iAuth = ack.auth;
+          return new Promise(function(resolve){
+            checkIndexedDB(sUser, 'auth', function(auth){
+              iAuth = auth;
+              resolve(user.leave());  // Then logout user
+            });
+          }).then(function(ack){
+            try{
+              expect(ack).to.have.key('ok');
+              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
+              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
+            }catch(e){ done(e); return }
+            return new Promise(function(resolve){
+              checkIndexedDB(sUser, 'auth', function(auth){
+                try{ expect(auth).to.not.be(iAuth) }catch(e){ done(e) }
+                // Then restore IndexedDB but skip sessionStorage remember
+                setIndexedDB(sUser, iAuth, function(){
+                  root.sessionStorage.setItem('user', sUser);
+                  resolve(ack);
+                });
+              });
+            });
+          });
+        }, true, true)).then(function(){
+          // Then try to recall authentication
+          return user.recall(12 * 60).then(function(props){
+            try{
+              expect(props).to.not.be(undefined);
+              expect(props).to.not.be('');
+              expect(props).to.have.key('err');
+              // Which fails to missing PIN
+              expect(props.err.toLowerCase()
+              .indexOf('missing pin')).not.to.be(-1);
+            }catch(e){ done(e); return }
+            root.sessionStorage.setItem('remember', sRemember)
+            // Ok, time to try auth with alias & PIN
+            return user.auth(alias+type, undefined, {pin: 'PIN'});
+          });
+        }).then(doCheck(function(usr){
+          try{
+            expect(usr).to.not.be(undefined);
+            expect(usr).to.not.be('');
+            expect(usr).to.not.have.key('err');
+            expect(usr).to.have.key('put');
+          }catch(e){ done(e); return }
+          // We've recalled authenticated session using alias & PIN!
+          done();
+        }, true, true)).catch(done);
+      });
+
+      it('valid session fails to bootstrap with alias & wrong PIN',
+      function(done){
+        user.recall(12 * 60).then(function(){
+          return user.auth(alias+type, pass+' new', {pin: 'PIN'});
+        }).then(doCheck(function(ack){
+          var sUser = root.sessionStorage.getItem('user');
+          var sRemember = root.sessionStorage.getItem('remember');
+          var iAuth = ack.auth;
+          return new Promise(function(resolve){
+            checkIndexedDB(sUser, 'auth', function(auth){
+              iAuth = auth;
+              resolve(user.leave());  // Then logout user
+            });
+          }).then(function(ack){
+            try{
+              expect(ack).to.have.key('ok');
+              expect(gun.back(-1)._.user).to.not.have.keys([ 'sea', 'pub' ]);
+              expect(root.sessionStorage.getItem('user')).to.not.be(sUser);
+              expect(root.sessionStorage.getItem('remember')).to.not.be(sRemember);
+            }catch(e){ done(e); return }
+            return new Promise(function(resolve){
+              checkIndexedDB(sUser, 'auth', function(auth){
+                try{ expect(auth).to.not.be(iAuth) }catch(e){ done(e) }
+                // Then restore IndexedDB auth data, skip sessionStorage
+                setIndexedDB(sUser, iAuth, function(){
+                  root.sessionStorage.setItem('user', sUser);
+                  resolve(ack);
+                });
+              });
+            });
+          });
+        }, true, true)).then(function(){
+            // Ok, time to try auth with alias & PIN
+            return user.auth(alias+type, undefined, {pin: 'PiN'});
+        }).then(function(){
+          done('Unexpected login success!');
+        }).catch(function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.have.key('err');
+            expect(ack.err.toLowerCase()
+            .indexOf('no session data for alias & pin')).not.to.be(-1);
+          }catch(e){ done(e); return }
+          // We've recalled authenticated session using alias & PIN!
+          done();
+        });
+      });
+
+      it('expired session fails to bootstrap', function(done){
+        var pin = 'PIN';
+        user.recall(60).then(function(){
+          return user.auth(alias+type, pass+' new', {pin: pin});
+        }).then(doCheck(function(){
+          // Storage data OK, let's back up time of auth to exp + 65 seconds
+          return manipulateStorage(function(props){
+            var ret = Object.assign({}, props, {iat: props.iat - 65 - props.exp});
+            return ret;
+          }, pin);
+        })).then(() => throwOutUser(false)) // Simulate browser reload
+        .then(() => user.recall(60).then((ack) => {
+          expect(ack).to.not.be(undefined)
+          expect(ack).to.not.be('')
+          expect(ack).to.not.have.keys([ 'pub', 'sea' ])
+          expect(ack).to.have.key('err')
+          expect(ack.err).to.not.be(undefined)
+          expect(ack.err).to.not.be('')
+          expect(ack.err.toLowerCase()
+          .indexOf('no session')).not.to.be(-1)
+          done()
+        })).catch(done)
+      });
+
+      it('changed password', function(done){
+        var pin = 'PIN';
+        var sUser;
+        var sRemember;
+        var iAuth;
+        user.recall(60).then(function(){
+          return user.auth(alias+type, pass+' new', {pin: pin});
+        }).then(function(usr){
+          try{
+            expect(usr).to.not.be(undefined);
+            expect(usr).to.not.be('');
+            expect(usr).to.not.have.key('err');
+            expect(usr).to.have.key('put');
+
+            sUser = root.sessionStorage.getItem('user');
+            expect(sUser).to.be(alias+type);
+
+            sRemember = root.sessionStorage.getItem('remember');
+            expect(sRemember).to.not.be(undefined);
+            expect(sRemember).to.not.be('');
+          }catch(e){ done(e); return }
+
+          return new Promise(function(resolve){
+            checkIndexedDB(sUser, 'auth', function(auth){ resolve(iAuth = auth) });
+          });
+        }).then(function(){
+          return user.leave().then(function(ack){
+            try{ expect(ack).to.have.key('ok') }catch(e){ done(e); return }
+
+            return user.auth(alias+type, pass+' new', {newpass: pass, pin: pin})
+            .then(function(usr){ expect(usr).to.not.have.key('err') });
+          }).then(() => user.leave().then((ack) => {
+            try {
+              expect(ack).to.have.key('ok')
+            } catch (e) { done(e); return }
+            return throwOutUser(false)
+          })).then(function(){
+            // Simulate browser reload
+            // Call back pre-update remember...
+            root.sessionStorage.setItem('user', sUser);
+            root.sessionStorage.setItem('remember', sRemember);
+            // ... and IndexedDB auth
+            return new Promise(function(resolve){
+              setIndexedDB(sUser, iAuth, resolve);
+            });
+          }).then(function(){
+            user.recall(60).then(function(props){
+              expect(props).to.not.be(undefined);
+              expect(props).to.not.be('');
+              expect(props).to.have.key('err');
+              expect(props.err).to.not.be(undefined);
+              expect(props.err).to.not.be('');
+              expect(props.err.toLowerCase()
+              .indexOf('failed to decrypt')).not.to.be(-1);
+              done();
+            }).catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('recall hook session manipulation', function(done){
+        var pin = 'PIN';
+        var exp;
+        var hookFunc = function(props){
+          exp = props.exp * 2;  // Doubles session expiration time
+          var ret = Object.assign({}, props, {exp: exp});
+          return new Promise(function(resolve){
+            resolve(ret); // Both callback & Promise methods here
+          });
+        };
+        user.recall(60, {hook: hookFunc}).then(function(){
+          return user.auth(alias+type, pass, {pin: pin});
+        }).then(function(){
+          return manipulateStorage(function(props){
+            expect(props).to.not.be(undefined);
+            expect(props).to.have.key('exp');
+            expect(props.exp).to.be(exp);
+            return props;
+          }, pin);
+        }).then(done).catch(done);
+      });
+    });
+
+    describe('alive', function(){
+      it('valid session', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.key('err');
+            expect(ack).to.have.keys([ 'sea', 'pub' ]);
+          }catch(e){ done(e); return }
+          done();
+        };
+        var aliveUser = alias+type+'alive';
+        user.create(aliveUser, pass).then(function(ack){
+          expect(ack).to.not.be(undefined);
+          expect(ack).to.not.be('');
+          expect(ack).to.have.keys([ 'ok', 'pub' ]);
+          user.auth(aliveUser, pass, {pin: 'PIN'}).then(function(usr){
+            try{
+              expect(usr).to.not.be(undefined);
+              expect(usr).to.not.be('');
+              expect(usr).to.not.have.key('err');
+              expect(usr).to.have.key('put');
+            }catch(e){ done(e); return }
+            // Gun.user.alive - keeps/checks User authentiation state
+            user.alive().then(check).catch(done);
+          }).catch(done);
+        }).catch(done);
+      });
+
+      it('expired session', function(done){
+        var check = function(ack){
+          try{
+            expect(ack).to.not.be(undefined);
+            expect(ack).to.not.be('');
+            expect(ack).to.not.have.keys([ 'sea', 'pub' ]);
+            expect(ack).to.have.key('err');
+            expect(ack.err.toLowerCase().indexOf('no session')).not.to.be(-1);
+          }catch(e){ done(e); return }
+          done();
+        };
+        user.leave().catch(function(){}).then(function(){
+          user.alive().then(function(){
+            done('Unexpected alive session!');
+          }).catch(check);
+        }).catch(done);
+      });
+    });
+
+    process.env.SEA_CHANNEL && describe('User channel', function(){
+      it.skip('create');
+      it.skip('add member');
+    });
+
+    Gun.log.off = false;
+  });
+});
+
+}());

From 04d46e00adec5d0a9ac1c7b937c2dae8193e2a06 Mon Sep 17 00:00:00 2001
From: Mark Nadal <mark@accelsor.com>
Date: Sun, 6 Jan 2019 22:01:40 -0800
Subject: [PATCH 2/5] legacy

---
 sea.js          | 70 +++++++++++++++++++++++++++++++++----------------
 test/mocha.html |  8 +++++-
 test/sea/sea.js | 40 +++++++++++++++++++++++++---
 3 files changed, 90 insertions(+), 28 deletions(-)

diff --git a/sea.js b/sea.js
index 2384fbbb..7c8fc7bd 100644
--- a/sea.js
+++ b/sea.js
@@ -384,7 +384,8 @@
       var hash = await sha(data);
       var sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
       .then((key) => (shim.ossl || shim.subtle).sign(S.ecdsa.sign, key, new Uint8Array(hash))) // privateKey scope doesn't leak out from here!
-      var r = 'SEA'+JSON.stringify({m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')});
+      var r = {m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')}
+      if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -407,14 +408,6 @@
     var parse = USE('./parse');
     var u;
 
-    var knownKeys = {};
-    var keyForPair = pair => {
-      if (knownKeys[pair]) return knownKeys[pair];
-      var jwk = S.jwk(pair);
-      knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, S.ecdsa.pair, false, ["verify"]);
-      return knownKeys[pair];
-    };
-
     SEA.verify = SEA.verify || (async (data, pair, cb, opt) => { try {
       var json = parse(data);
       if(false === pair){ // don't verify!
@@ -427,18 +420,17 @@
       opt = opt || {};
       // SEA.I // verify is free! Requires no user permission.
       var pub = pair.pub || pair;
-      var key = await keyForPair(pub);
+      var key = SEA.opt.slow_leak? await SEA.opt.slow_leak(pub) : await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['verify']);
       var hash = await sha(json.m);
-      var buf; var sig; var check; try{
+      var buf, sig, check, tmp; try{
         buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
         sig = new Uint8Array(buf);
         check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash));
         if(!check){ throw "Signature did not match." }
       }catch(e){
-        buf = shim.Buffer.from(json.s, 'utf8'); // AUTO BACKWARD OLD UTF8 DATA!
-        sig = new Uint8Array(buf);
-        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash));
-        if(!check){ throw "Signature did not match." }
+        if(SEA.opt.fallback){
+          return await SEA.opt.fall_verify(data, pair, cb, opt);
+        }
       }
       var r = check? parse(json.m) : u;
 
@@ -453,6 +445,38 @@
     }});
 
     module.exports = SEA.verify;
+    // legacy & ossl leak mitigation:
+
+    var knownKeys = {};
+    var keyForPair = SEA.opt.slow_leak = pair => {
+      if (knownKeys[pair]) return knownKeys[pair];
+      var jwk = S.jwk(pair);
+      knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, S.ecdsa.pair, false, ["verify"]);
+      return knownKeys[pair];
+    };
+
+
+    SEA.opt.fall_verify = async function(data, pair, cb, opt, f){
+      if(f === SEA.opt.fallback){ throw "Signature did not match" } f = f || 1;
+      var json = parse(data), pub = pair.pub || pair, key = await SEA.opt.slow_leak(pub);
+      var hash = (f <= SEA.opt.fallback)? shim.Buffer.from(await shim.subtle.digest({name: 'SHA-256'}, new shim.TextEncoder().encode(parse(json.m)))) : await sha(json.m); // this line is old bad buggy code but necessary for old compatibility.
+      var buf; var sig; var check; try{
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
+        sig = new Uint8Array(buf)
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        if(!check){ throw "Signature did not match." }
+      }catch(e){
+        buf = shim.Buffer.from(json.s, 'utf8') // AUTO BACKWARD OLD UTF8 DATA!
+        sig = new Uint8Array(buf)
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        if(!check){ throw "Signature did not match." }
+      }
+      var r = check? parse(json.m) : u;
+      if(cb){ try{ cb(r) }catch(e){console.log(e)} }
+      return r;
+    }
+    SEA.opt.fallback = 2;
+
   })(USE, './verify');
 
   ;USE(function(module){
@@ -745,19 +769,19 @@
         }
         // the user's public key doesn't need to be signed. But everything else needs to be signed with it! // we have now automated it! clean up these extra steps now!
         act.data = {pub: pair.pub};
-        SEA.sign(alias, pair, act.d); 
+        act.d(); //SEA.sign(alias, pair, act.d); 
       }
-      act.d = function(sig){
-        act.data.alias = alias || sig;
-        SEA.sign(act.pair.epub, act.pair, act.e);
+      act.d = function(){
+        act.data.alias = alias;
+        act.e(); //SEA.sign(act.pair.epub, act.pair, act.e);
       }
-      act.e = function(epub){
-        act.data.epub = act.pair.epub || epub; 
+      act.e = function(){
+        act.data.epub = act.pair.epub; 
         SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, act.proof, act.f); // to keep the private key safe, we AES encrypt it with the proof of work!
       }
       act.f = function(auth){
         act.data.auth = JSON.stringify({ek: auth, s: act.salt}); 
-        SEA.sign({ek: auth, s: act.salt}, act.pair, act.g);
+        act.g(act.data.auth); //SEA.sign({ek: auth, s: act.salt}, act.pair, act.g);
       }
       act.g = function(auth){ var tmp;
         act.data.auth = act.data.auth || auth;
@@ -1063,7 +1087,7 @@
       // WE DO NOT NEED TO RE-VERIFY AGAIN, JUST TRANSFORM IT TO PLAINTEXT.
       var to = this.to, vertex = (msg.$._).put, c = 0, d;
       Gun.node.is(msg.put, function(val, key, node){ c++; // for each property on the node
-        // TODO: consider async/await use here...
+        // only process if SEA formatted?
         SEA.verify(val, false, function(data){ c--; // false just extracts the plain data.
           var tmp = data;
           data = SEA.opt.unpack(data, key, node);
diff --git a/test/mocha.html b/test/mocha.html
index 13aee439..ac1e3e17 100644
--- a/test/mocha.html
+++ b/test/mocha.html
@@ -17,7 +17,12 @@
 		<script src="./expect.js"></script>
 		<script></script>
 		<script src="../gun.js"></script>
-		<script src="../sea.js"></script>
+		<!-- script
+			src="https://cdn.jsdelivr.net/npm/gun@0.9.99999/sea.js">
+		</script -->
+		<script 
+			src="../sea.js">
+		</script>
 		<script src="./common.js"></script>
 		<script src="./sea/sea.js"></script>
 		<script>
@@ -26,6 +31,7 @@
 			console.log('async?', Gun.debug);
 		}
 		mocha.run(function(a,b,c){
+			//document.body.prepend("MARK! REMEMBER TO REMOVE RETURN!");return;
 			var yes = confirm("REFRESH BROWSER FOR ASYNC TESTS?");
 			if(yes){
 				if(location.search){
diff --git a/test/sea/sea.js b/test/sea/sea.js
index e569cb79..297270a6 100644
--- a/test/sea/sea.js
+++ b/test/sea/sea.js
@@ -25,7 +25,7 @@ var SEA = Gun.SEA
 
 if(!SEA){ return }
 
-describe.only('SEA', function(){
+describe('SEA', function(){
   var user;
   var gun;
   describe('Utility', function(){
@@ -153,25 +153,57 @@ describe.only('SEA', function(){
       done();
     })
     
+    it('legacy', async function(done){
+      var pw = 'test123';
+      // https://cdn.jsdelivr.net/npm/gun@0.9.99999/sea.js !
+      var old = JSON.parse(atob("eyJfIjp7IiMiOiJ+TkJhdDdKeUk0REw1ZDlPMEZNbWVFN0RacVZRZUVPblhKcldycDVUUGlyMC5PckV6WVIwc3h0NHRtV0tiajFQdHRaeW1HUmdyc1FVVDNHaTk1UE9vMUdBIiwiPiI6eyJwdWIiOjEsImFsaWFzIjoxLCJlcHViIjoxLCJhdXRoIjoxfX0sInB1YiI6Ik5CYXQ3SnlJNERMNWQ5TzBGTW1lRTdEWnFWUWVFT25YSnJXcnA1VFBpcjAuT3JFellSMHN4dDR0bVdLYmoxUHR0WnltR1JncnNRVVQzR2k5NVBPbzFHQSIsImFsaWFzIjoiU0VBe1wibVwiOlwiXFxcImJvYlxcXCJcIixcInNcIjpcIt4uXFx1MDAwNCpbcECT/sxe83eYe/M+bmBF+q5dQr7eYELndMJkXFx1MDAwYlxcbtFu6HNWUKh6XFxyfrWqwcRcXHUwMDE1e3BMv2poWlxcYktcXHUwMDEzZ5H/Z5VcIn0iLCJlcHViIjoiU0VBe1wibVwiOlwiXFxcIkdJUGY2dl8zeV9DZUpQMWtFZkt2OWpmZ3QwT2ZGeDRycHBKS01wSE9MLVEuTmM2dElDUlpwbGwxMG45V2NsRzhXNC1tdDFXZnI2cmh3c0JyN1pRTlduY1xcXCJcIixcInNcIjpcIlxcdTAwMTZcXHUwMDAwzVxcdTAwMGahrvVcXHUwMDBm9y77iP1V3IhkWOajKMxcXHUwMDEy/VxcdTAwMDHN+VxcbozxNWRcXHUwMDA1Zej5XFx1MDAwMpSOXFx1MDAwNny4IclB+lxcdTAwMWTgoXnR8S1OyuZcXHUwMDAx9PqwXFxiXFx1MDAwMFF3XCJ9IiwiYXV0aCI6IlNFQXtcIm1cIjpcIntcXFwiZWtcXFwiOlxcXCJTRUF7XFxcXFxcXCJjdFxcXFxcXFwiOlxcXFxcXFwiXFxcXFxcXFx1MDAwMGvAI6W0L03DwFxcXFxcXFxcdTAwMDZcXFxcXFxcXHUwMDA0ZibqQdE0XFxcXFxcXFx1MDAxY4VvtTZcXFxcXFxcXG7xXfBcXFxcXFxcXHUwMDAzo5xcXFxcXFxcXHUwMDE3XFxcXFxcXFx1MDAwMf9PXFxcXFxcXFx1MDAxMJhnXFxcXFxcXFx1MDAwNccti2pifouBhtu7qcw4/mPs1SHS4uyBTo1RTuReXFxcXFxcXFx1MDAxMK9W4clcXFxcXFxcXHUwMDBmYt1oSIRcXFxcXFxcXHUwMDE4PF5gxoRS2UYtV/1LwHn1SlxcXFxcXFxcXFxcXFxcXFyYuFU3cUVf09/AXFxcXFxcXFx1MDAwZlxcXFxcXFxcdTAwMDRQN8RlXFxcXFxcXFx1MDAwNlxcXFxcXFxcdTAwMGXM4G3fXFxcXFxcXFx1MDAxZt+eRoV9XFxcXFxcXCIsXFxcXFxcXCJpdlxcXFxcXFwiOlxcXFxcXFwiVU5Lv+Zko1xcXFxcXFxcdTAwMDOt1ET2JHhcXFxcXFxcXHUwMDE1/1xcXFxcXFwiLFxcXFxcXFwic1xcXFxcXFwiOlxcXFxcXFwiz0VOO9GwaJlcXFxcXFxcIn1cXFwiLFxcXCJzXFxcIjpcXFwiZ0F4TFJpa2dEakIzbXJDNGpucUFRak5NNEZXemF0a1Eyb2xDR2Z5TTc2amg3azNEUzAyRlp1MEV1eWg2RGFITlxcXCJ9XCIsXCJzXCI6XCKze+BcXHUwMDBilPlcXHUwMDA2z1srodVcXHUwMDA0P1xcXCJcXFwib2rndUadtqJcXHUwMDE2bFtf0PSvJNdcXHUwMDE2Y71nnlxcdTAwMWOZXFx1MDAwN1xcdTAwMTlcXHUwMDE36NZcXHUwMDA0Uk7DQK/y/oixrIr1XFx1MDAxZnVcXHUwMDE3oCBhXCJ9In0="));
+      var okey = {"pub":"NBat7JyI4DL5d9O0FMmeE7DZqVQeEOnXJrWrp5TPir0.OrEzYR0sxt4tmWKbj1PttZymGRgrsQUT3Gi95POo1GA","epub":"GIPf6v_3y_CeJP1kEfKv9jfgt0OfFx4rppJKMpHOL-Q.Nc6tICRZpll10n9WclG8W4-mt1Wfr6rhwsBr7ZQNWnc","priv":"leIA-BOFLECsOOdT_B8B0s1Ii0VHZZGlHz8q_dK-xLs","epriv":"1BTJpYdwSLesrtuB7pYQdsrFHsxKSJ-d9PXt2qp6NyQ"}
+      var auth = await SEA.verify(old.auth, old.pub);
+      var proof = await SEA.work(pw, auth.s, null, {encode: 'utf8'});
+      var dec = await SEA.decrypt(auth.ek, proof);
+      expect(dec.priv).to.be(okey.priv);
+      expect(dec.epriv).to.be(okey.epriv);
+
+      var gun = Gun(), tmp = Gun.node.soul(old);
+      var graph = {};
+      graph[tmp] = old;
+      var alias = await SEA.verify(old.alias, false);
+      expect(alias).to.be('bob');
+      alias = Gun.state.ify({}, tmp, 1, Gun.val.rel.ify(tmp), tmp = '~@'+alias);
+      graph[tmp] = alias;
+      gun.on('put', {$: gun, put: graph});
+      var use = gun.user();
+      use.auth('bob', 'test123', function(ack){
+        expect(ack.err).to.not.be.ok();
+        done();
+      });
+      console.log("+", gun._);
+    })
   });
 
   describe('User', function(){
 
     it('is instantiable', function(done){
       gun = Gun();
-      user = gun.user();
+      user = window.user = gun.user();
       done();
     })
 
     it('register users', function(done){
-      user.create('bob', 'test123', function(ack){
+      /*var p = SEA.pair;
+      SEA.pair = async function(a,b,c,d){
+        var r = await p(a,b,c,d);
+        console.log("++++++++++++", r);
+        return r;
+      }*/
+      user.create('alice', 'test123', function(ack){
         expect(ack.err).to.not.be.ok();
         setTimeout(done, 30)
       })
     })
 
     it('login users', function(done){
-      user.auth('bob', 'test123', function(ack){
+      user.auth('alice', 'test123', function(ack){
         expect(ack.err).to.not.be.ok();
         done()
       })

From 52028247216259fade8c7bd4d78fc3363a7e7537 Mon Sep 17 00:00:00 2001
From: Mark Nadal <mark@accelsor.com>
Date: Wed, 9 Jan 2019 17:18:19 -0800
Subject: [PATCH 3/5] HUGE LEAP into THE SEA

---
 .travis.yml       |   2 -
 lib/radisk.js     |   4 +-
 lib/store.js      |  10 +-
 package-lock.json | 116 ++++++++---------
 package.json      |   9 +-
 sea.js            | 224 +++++++++++++++++----------------
 test/common.js    | 277 +++++++++++++++++++++--------------------
 test/mocha.html   |   2 +-
 test/sea/sea.js   | 311 +++++++++++++++++++++++++++++++---------------
 9 files changed, 532 insertions(+), 423 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 93f7a625..4cf6f163 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,8 +3,6 @@ branches:
   except:
     - debug
 node_js:
-  - 4
-  - 6
   - 8
   - 10
 cache:
diff --git a/lib/radisk.js b/lib/radisk.js
index 9b43c852..9906e249 100644
--- a/lib/radisk.js
+++ b/lib/radisk.js
@@ -144,7 +144,7 @@
 			f.each = function(val, key, k, pre){
 				if(u !== val){ f.count++ }
 				if(opt.pack <= (val||'').length){ return cb("Record too big!"), true }
-				var enc = Radisk.encode(pre.length) +'#'+ Radisk.encode(k) + (u === val? '' : '='+ Radisk.encode(val)) +'\n';
+				var enc = Radisk.encode(pre.length) +'#'+ Radisk.encode(k) + (u === val? '' : ':'+ Radisk.encode(val)) +'\n';
 				if((opt.chunk < f.text.length + enc.length) && (1 < f.count) && !force){
 					f.text = '';
 					f.limit = Math.ceil(f.count/2);
@@ -270,7 +270,7 @@
 						}
 						tmp = p.split(tmp[2])||'';
 						if('\n' == tmp[0]){ continue }
-						if('=' == tmp[0]){ v = tmp[1] }
+						if('=' == tmp[0] || ':' == tmp[0]){ v = tmp[1] }
 						if(u !== k && u !== v){ p.disk(pre.join(''), v) }
 						tmp = p.split(tmp[2]);
 					}
diff --git a/lib/store.js b/lib/store.js
index 319419b7..c694a6ab 100644
--- a/lib/store.js
+++ b/lib/store.js
@@ -41,8 +41,14 @@ Gun.on('create', function(root){
 		var id = msg['#'], soul = msg.get['#'], key = msg.get['.']||'', tmp = soul+'.'+key, node;
 		rad(tmp, function(err, val){
 			if(val){
-				if(val && typeof val !== 'string'){ Radix.map(val, each) }
-				if(!node){ each(val, key) }
+				if(val && typeof val !== 'string'){
+					if(key){
+						val = u;
+					} else {
+						Radix.map(val, each) 
+					}
+				}
+				if(!node && val){ each(val, key) }
 			}
 			root.on('in', {'@': id, put: Gun.graph.node(node), err: err? err : u, rad: Radix});
 		});
diff --git a/package-lock.json b/package-lock.json
index f9174d3c..02555167 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "gun",
-  "version": "0.9.99996",
+  "version": "0.9.999997",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -8,7 +8,6 @@
       "version": "0.3.4",
       "resolved": "https://registry.npmjs.org/@trust/keyto/-/keyto-0.3.4.tgz",
       "integrity": "sha512-OAqKvuSEPIu2zCnIHzBthvGnV8nKmpv7cBlRMngLzJZzZI9CanyuSfnEI1xC4sH4TwqA0XJR7Mb0oX4bwymXIw==",
-      "dev": true,
       "requires": {
         "asn1.js": "^4.9.1",
         "base64url": "^3.0.0",
@@ -19,13 +18,19 @@
       "version": "0.9.2",
       "resolved": "https://registry.npmjs.org/@trust/webcrypto/-/webcrypto-0.9.2.tgz",
       "integrity": "sha512-5iMAVcGYKhqLJGjefB1nzuQSqUJTru0nG4CytpBT/GGp1Piz/MVnj2jORdYf4JBYzggCIa8WZUr2rchP2Ngn/w==",
-      "dev": true,
       "requires": {
         "@trust/keyto": "^0.3.4",
         "base64url": "^3.0.0",
         "elliptic": "^6.4.0",
         "node-rsa": "^0.4.0",
         "text-encoding": "^0.6.1"
+      },
+      "dependencies": {
+        "text-encoding": {
+          "version": "0.6.4",
+          "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
+          "integrity": "sha1-45mpgiV6J22uQou5KEXLcb3CbRk="
+        }
       }
     },
     "accepts": {
@@ -59,14 +64,12 @@
     "asn1": {
       "version": "0.2.3",
       "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y=",
-      "dev": true
+      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
     },
     "asn1.js": {
       "version": "4.10.1",
       "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz",
       "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==",
-      "dev": true,
       "requires": {
         "bn.js": "^4.0.0",
         "inherits": "^2.0.1",
@@ -129,8 +132,7 @@
     "base64url": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.0.tgz",
-      "integrity": "sha512-LIVmqIrIWuiqTvn4RzcrwCOuHo2DD6tKmKBPXXlr4p4n4l6BZBkwFTIa3zu1XkX5MbZgro4a6BvPi+n2Mns5Gg==",
-      "dev": true
+      "integrity": "sha512-LIVmqIrIWuiqTvn4RzcrwCOuHo2DD6tKmKBPXXlr4p4n4l6BZBkwFTIa3zu1XkX5MbZgro4a6BvPi+n2Mns5Gg=="
     },
     "better-assert": {
       "version": "1.0.2",
@@ -156,8 +158,7 @@
     "bn.js": {
       "version": "4.11.8",
       "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.8.tgz",
-      "integrity": "sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==",
-      "dev": true
+      "integrity": "sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA=="
     },
     "body-parser": {
       "version": "1.18.2",
@@ -190,8 +191,7 @@
     "brorand": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz",
-      "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=",
-      "dev": true
+      "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8="
     },
     "browser-stdout": {
       "version": "1.3.1",
@@ -223,9 +223,9 @@
       "dev": true
     },
     "commander": {
-      "version": "2.11.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.11.0.tgz",
-      "integrity": "sha512-b0553uYA5YAEGgyYIGYROzKQ7X5RAqedkfjiZxwi0kL1g3bOaBNNZfYkzt/CL0umgD5wc9Jec2FbB98CjkMRvQ==",
+      "version": "2.15.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
+      "integrity": "sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==",
       "dev": true
     },
     "component-bind": {
@@ -313,7 +313,6 @@
       "version": "6.4.1",
       "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.1.tgz",
       "integrity": "sha512-BsXLz5sqX8OHcsh7CqBMztyXARmGQ3LWPtGjJi6DiJHq5C/qvi9P3OqgswKSDftbu8+IoI/QDTAm2fFnQ9SZSQ==",
-      "dev": true,
       "requires": {
         "bn.js": "^4.4.0",
         "brorand": "^1.0.1",
@@ -572,9 +571,9 @@
       }
     },
     "growl": {
-      "version": "1.10.3",
-      "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.3.tgz",
-      "integrity": "sha512-hKlsbA5Vu3xsh1Cg3J7jSmX/WaW6A5oBeqzM88oNbCRQFz+zUaXm6yxS4RVytp1scBoJzSYl4YAEOQIt6O8V1Q==",
+      "version": "1.10.5",
+      "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz",
+      "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==",
       "dev": true
     },
     "has-binary": {
@@ -601,16 +600,15 @@
       "dev": true
     },
     "has-flag": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-2.0.0.tgz",
-      "integrity": "sha1-6CB68cx7MNRGzHC3NLXovhj4jVE=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
       "dev": true
     },
     "hash.js": {
       "version": "1.1.5",
       "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.5.tgz",
       "integrity": "sha512-eWI5HG9Np+eHV1KQhisXWwM+4EPPYe5dFX1UZZH7k/E3JzDEazVH+VGlZi6R94ZqImq+A3D1mCEtrFIfg/E7sA==",
-      "dev": true,
       "requires": {
         "inherits": "^2.0.3",
         "minimalistic-assert": "^1.0.1"
@@ -626,7 +624,6 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
       "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=",
-      "dev": true,
       "requires": {
         "hash.js": "^1.0.3",
         "minimalistic-assert": "^1.0.0",
@@ -676,8 +673,7 @@
     "inherits": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
-      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
-      "dev": true
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
     },
     "ip": {
       "version": "1.1.5",
@@ -763,14 +759,12 @@
     "minimalistic-assert": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
-      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==",
-      "dev": true
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
     },
     "minimalistic-crypto-utils": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz",
-      "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=",
-      "dev": true
+      "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo="
     },
     "minimatch": {
       "version": "3.0.4",
@@ -784,35 +778,33 @@
     "minimist": {
       "version": "0.0.8",
       "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-      "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
-      "dev": true
+      "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
     },
     "mkdirp": {
       "version": "0.5.1",
       "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
       "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
-      "dev": true,
       "requires": {
         "minimist": "0.0.8"
       }
     },
     "mocha": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-5.1.1.tgz",
-      "integrity": "sha512-kKKs/H1KrMMQIEsWNxGmb4/BGsmj0dkeyotEvbrAuQ01FcWRLssUNXCEUZk6SZtyJBi6EE7SL0zDDtItw1rGhw==",
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-5.2.0.tgz",
+      "integrity": "sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ==",
       "dev": true,
       "requires": {
         "browser-stdout": "1.3.1",
-        "commander": "2.11.0",
+        "commander": "2.15.1",
         "debug": "3.1.0",
         "diff": "3.5.0",
         "escape-string-regexp": "1.0.5",
         "glob": "7.1.2",
-        "growl": "1.10.3",
+        "growl": "1.10.5",
         "he": "1.1.1",
         "minimatch": "3.0.4",
         "mkdirp": "0.5.1",
-        "supports-color": "4.4.0"
+        "supports-color": "5.4.0"
       },
       "dependencies": {
         "debug": {
@@ -833,10 +825,9 @@
       "dev": true
     },
     "nan": {
-      "version": "2.11.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.11.0.tgz",
-      "integrity": "sha512-F4miItu2rGnV2ySkXOQoA8FKz/SR2Q2sWP0sbTxNxz/tuokeC8WxOhPMcwi0qIyGtVn/rrSeLbvVkznqCdwYnw==",
-      "dev": true
+      "version": "2.12.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.12.1.tgz",
+      "integrity": "sha512-JY7V6lRkStKcKTvHO5NVSQRv+RV+FIL5pvDoLiAtSL9pKlC5x9PKQcZDsq7m4FO4d57mkhC6Z+QhAh3Jdk5JFw=="
     },
     "negotiator": {
       "version": "0.6.1",
@@ -848,21 +839,19 @@
       "version": "0.4.2",
       "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-0.4.2.tgz",
       "integrity": "sha1-1jkXKewWqDDtWjgEKzFX0tXXJTA=",
-      "dev": true,
       "requires": {
         "asn1": "0.2.3"
       }
     },
     "node-webcrypto-ossl": {
-      "version": "1.0.38",
-      "resolved": "https://registry.npmjs.org/node-webcrypto-ossl/-/node-webcrypto-ossl-1.0.38.tgz",
-      "integrity": "sha512-UiQcDiBDNzaZbP0WVgz4QvVTVI4uR4jrFAtOtFsKbDDNOMFWc9+3mVeiF1hVvdLlv3ILC0ODgs8Wp/hp7SMoLA==",
-      "dev": true,
+      "version": "1.0.39",
+      "resolved": "https://registry.npmjs.org/node-webcrypto-ossl/-/node-webcrypto-ossl-1.0.39.tgz",
+      "integrity": "sha512-cEq67y6GJ5jcKdANi5XqejqMvM/eIGxuOOE8F+c0XS950jSpvOcjUNHLmIe3/dN/UKyUkb+dri0BU4OgmCJd2g==",
       "requires": {
         "mkdirp": "^0.5.1",
-        "nan": "^2.10.0",
-        "tslib": "^1.9.0",
-        "webcrypto-core": "^0.1.22"
+        "nan": "^2.11.1",
+        "tslib": "^1.9.3",
+        "webcrypto-core": "^0.1.25"
       }
     },
     "object-assign": {
@@ -1261,19 +1250,18 @@
       "dev": true
     },
     "supports-color": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-4.4.0.tgz",
-      "integrity": "sha512-rKC3+DyXWgK0ZLKwmRsrkyHVZAjNkfzeehuFWdGGcqGDTZFH73+RH6S/RDAAxl9GusSjZSUWYLmT9N5pzXFOXQ==",
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz",
+      "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==",
       "dev": true,
       "requires": {
-        "has-flag": "^2.0.0"
+        "has-flag": "^3.0.0"
       }
     },
     "text-encoding": {
-      "version": "0.6.4",
-      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
-      "integrity": "sha1-45mpgiV6J22uQou5KEXLcb3CbRk=",
-      "dev": true
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.7.0.tgz",
+      "integrity": "sha512-oJQ3f1hrOnbRLOcwKz0Liq2IcrvDeZRHXhd9RgLrsT+DjWY/nty1Hi7v3dtkaEYbPYe0mUoOfzRrMwfXXwgPUA=="
     },
     "to-array": {
       "version": "0.1.4",
@@ -1284,8 +1272,7 @@
     "tslib": {
       "version": "1.9.3",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.9.3.tgz",
-      "integrity": "sha512-4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ==",
-      "dev": true
+      "integrity": "sha512-4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ=="
     },
     "type-is": {
       "version": "1.6.16",
@@ -1350,10 +1337,9 @@
       "dev": true
     },
     "webcrypto-core": {
-      "version": "0.1.22",
-      "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-0.1.22.tgz",
-      "integrity": "sha512-UoNP+/3I74foiQLe1m4ToxoN3oloWnH3Na0TPWNzu/ALhDl1MbhgS0QEezdNNQbkj/6i9cf59k7LeOAAvd0hzg==",
-      "dev": true,
+      "version": "0.1.26",
+      "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-0.1.26.tgz",
+      "integrity": "sha512-BZVgJZkkHyuz8loKvsaOKiBDXDpmMZf5xG4QAOlSeYdXlFUl9c1FRrVnAXcOdb4fTHMG+TRu81odJwwSfKnWTA==",
       "requires": {
         "tslib": "^1.7.1"
       }
diff --git a/package.json b/package.json
index 397f2712..d851b46e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "gun",
-  "version": "0.9.999996",
+  "version": "0.9.999997",
   "description": "A realtime, decentralized, offline-first, graph data synchronization engine.",
   "main": "index.js",
   "browser": "gun.min.js",
@@ -48,9 +48,8 @@
     "node": ">=0.8.4"
   },
   "dependencies": {
-    "@trust/webcrypto": "^0.9.2",
-    "text-encoding": "^0.6.4",
-    "node-webcrypto-ossl": "^1.0.38",
+    "text-encoding": "^0.7.0",
+    "node-webcrypto-ossl": "^1.0.39",
     "ws": "~>5.2.0"
   },
   "devDependencies": {
@@ -58,7 +57,7 @@
     "concat-map": "^0.0.1",
     "express": ">=4.15.2",
     "ip": "^1.1.5",
-    "mocha": ">=3.2.0",
+    "mocha": "^5.2.0",
     "panic-manager": "^1.2.0",
     "panic-server": "^1.1.1",
     "uglify-js": ">=2.8.22"
diff --git a/sea.js b/sea.js
index 7c8fc7bd..fc2a3f9f 100644
--- a/sea.js
+++ b/sea.js
@@ -165,25 +165,23 @@
     }
     if(!api.crypto){try{
       var crypto = USE('crypto', 1);
-      const { subtle } = USE('@trust/webcrypto', 1)             // All but ECDH
       const { TextEncoder, TextDecoder } = USE('text-encoding', 1)
       Object.assign(api, {
         crypto,
-        subtle,
+        //subtle,
         TextEncoder,
         TextDecoder,
         random: (len) => Buffer.from(crypto.randomBytes(len))
       });
       //try{
-        const WebCrypto = USE('node-webcrypto-ossl', 1)
-        api.ossl = new WebCrypto({directory: 'ossl'}).subtle // ECDH
+        const WebCrypto = USE('node-webcrypto-ossl', 1);
+        api.ossl = api.subtle = new WebCrypto({directory: 'ossl'}).subtle // ECDH
       //}catch(e){
         //console.log("node-webcrypto-ossl is optionally needed for ECDH, please install if needed.");
       //}
     }catch(e){
-      console.log("@trust/webcrypto and text-encoding are not included by default, you must add it to your package.json!");
-      console.log("node-webcrypto-ossl is temporarily needed for ECDSA signature verification, and optionally needed for ECDH, please install if needed (currently necessary so add them to your package.json for now).");
-      TRUST_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED;
+      console.log("node-webcrypto-ossl and text-encoding may not be included by default, please add it to your package.json!");
+      OSSL_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED;
     }}
 
     module.exports = api
@@ -214,19 +212,18 @@
       hook: function(props){ return props } // { iat, exp, alias, remember } // or return new Promise((resolve, reject) => resolve(props)
     };
 
-    SEA.opt = s;
-    module.exports = s
-  })(USE, './settings');
-
-  ;USE(function(module){
-    module.exports = function p(t){ try {
+    s.check = function(t){ return (typeof t == 'string') && ('SEA{' === t.slice(0,4)) }
+    s.parse = function p(t){ try {
       var yes = (typeof t == 'string');
       if(yes && 'SEA{' === t.slice(0,4)){ t = t.slice(3) }
       return yes ? JSON.parse(t) : t;
-      } catch (e) {}  //eslint-disable-line no-empty
+      } catch (e) {}
       return t;
     }
-  })(USE, './parse');
+
+    SEA.opt = s;
+    module.exports = s
+  })(USE, './settings');
 
   ;USE(function(module){
     var shim = USE('./shim');
@@ -368,7 +365,6 @@
     var shim = USE('./shim');
     var S = USE('./settings');
     var sha = USE('./sha256');
-    var parse = USE('./parse');
     var u;
 
     SEA.sign = SEA.sign || (async (data, pair, cb, opt) => { try {
@@ -377,14 +373,22 @@
         pair = await SEA.I(null, {what: data, how: 'sign', why: opt.why});
       }
       if(u === data){ throw '`undefined` not allowed.' }
-      data = parse(data);
+      var json = S.parse(data);
+      var check = opt.check = opt.check || json;
+      if(SEA.verify && (SEA.opt.check(check) || (check && check.s && check.m))
+      && u !== await SEA.verify(check, pair)){ // don't sign if we already signed it.
+        var r = S.parse(check);
+        if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
+        if(cb){ try{ cb(r) }catch(e){console.log(e)} }
+        return r;
+      }
       var pub = pair.pub;
       var priv = pair.priv;
       var jwk = S.jwk(pub, priv);
-      var hash = await sha(data);
+      var hash = await sha(json);
       var sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
       .then((key) => (shim.ossl || shim.subtle).sign(S.ecdsa.sign, key, new Uint8Array(hash))) // privateKey scope doesn't leak out from here!
-      var r = {m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')}
+      var r = {m: json, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')}
       if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
@@ -405,15 +409,12 @@
     var shim = USE('./shim');
     var S = USE('./settings');
     var sha = USE('./sha256');
-    var parse = USE('./parse');
     var u;
 
     SEA.verify = SEA.verify || (async (data, pair, cb, opt) => { try {
-      var json = parse(data);
+      var json = S.parse(data);
       if(false === pair){ // don't verify!
-        var raw = (json !== data)?
-          (json.s && json.m)? parse(json.m) : data
-        : json;
+        var raw = S.parse(json.m);
         if(cb){ try{ cb(raw) }catch(e){console.log(e)} }
         return raw;
       }
@@ -432,7 +433,7 @@
           return await SEA.opt.fall_verify(data, pair, cb, opt);
         }
       }
-      var r = check? parse(json.m) : u;
+      var r = check? S.parse(json.m) : u;
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -458,8 +459,8 @@
 
     SEA.opt.fall_verify = async function(data, pair, cb, opt, f){
       if(f === SEA.opt.fallback){ throw "Signature did not match" } f = f || 1;
-      var json = parse(data), pub = pair.pub || pair, key = await SEA.opt.slow_leak(pub);
-      var hash = (f <= SEA.opt.fallback)? shim.Buffer.from(await shim.subtle.digest({name: 'SHA-256'}, new shim.TextEncoder().encode(parse(json.m)))) : await sha(json.m); // this line is old bad buggy code but necessary for old compatibility.
+      var json = S.parse(data), pub = pair.pub || pair, key = await SEA.opt.slow_leak(pub);
+      var hash = (f <= SEA.opt.fallback)? shim.Buffer.from(await shim.subtle.digest({name: 'SHA-256'}, new shim.TextEncoder().encode(S.parse(json.m)))) : await sha(json.m); // this line is old bad buggy code but necessary for old compatibility.
       var buf; var sig; var check; try{
         buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
         sig = new Uint8Array(buf)
@@ -471,7 +472,7 @@
         check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
         if(!check){ throw "Signature did not match." }
       }
-      var r = check? parse(json.m) : u;
+      var r = check? S.parse(json.m) : u;
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     }
@@ -513,11 +514,12 @@
       var ct = await aeskey(key, rand.s, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).encrypt({ // Keeping the AES key scope as private as possible...
         name: opt.name || 'AES-GCM', iv: new Uint8Array(rand.iv)
       }, aes, new shim.TextEncoder().encode(msg)));
-      var r = 'SEA'+JSON.stringify({
+      var r = {
         ct: shim.Buffer.from(ct, 'binary').toString(opt.encode || 'base64'),
         iv: rand.iv.toString(opt.encode || 'base64'),
         s: rand.s.toString(opt.encode || 'base64')
-      });
+      }
+      if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -537,7 +539,6 @@
     var shim = USE('./shim');
     var S = USE('./settings');
     var aeskey = USE('./aeskey');
-    var parse = USE('./parse');
 
     SEA.decrypt = SEA.decrypt || (async (data, pair, cb, opt) => { try {
       opt = opt || {};
@@ -546,19 +547,22 @@
         pair = await SEA.I(null, {what: data, how: 'decrypt', why: opt.why});
         key = pair.epriv || pair;
       }
-      var json = parse(data);
-
-      var buf; try{buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
-      }catch(e){buf = shim.Buffer.from(json.s, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufiv; try{bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64'); // NEW DEFAULT!
-      }catch(e){bufiv = shim.Buffer.from(json.iv, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufct; try{bufct = shim.Buffer.from(json.ct, opt.encode || 'base64'); // NEW DEFAULT!
-      }catch(e){bufct = shim.Buffer.from(json.ct, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-
-      var ct = await aeskey(key, buf, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
-        name: opt.name || 'AES-GCM', iv: new Uint8Array(bufiv)
-      }, aes, new Uint8Array(bufct)));
-      var r = parse(new shim.TextDecoder('utf8').decode(ct));
+      var json = S.parse(data);
+      var buf, bufiv, bufct; try{
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64');
+        bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64');
+        bufct = shim.Buffer.from(json.ct, opt.encode || 'base64');
+        var ct = await aeskey(key, buf, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
+          name: opt.name || 'AES-GCM', iv: new Uint8Array(bufiv)
+        }, aes, new Uint8Array(bufct)));
+      }catch(e){
+        if('utf8' === opt.encode){ throw "Could not decrypt" }
+        if(SEA.opt.fallback){
+          opt.encode = 'utf8';
+          return await SEA.decrypt(data, pair, cb, opt);
+        }
+      }
+      var r = S.parse(new shim.TextDecoder('utf8').decode(ct));
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
@@ -769,19 +773,19 @@
         }
         // the user's public key doesn't need to be signed. But everything else needs to be signed with it! // we have now automated it! clean up these extra steps now!
         act.data = {pub: pair.pub};
-        act.d(); //SEA.sign(alias, pair, act.d); 
+        act.d();
       }
       act.d = function(){
         act.data.alias = alias;
-        act.e(); //SEA.sign(act.pair.epub, act.pair, act.e);
+        act.e();
       }
       act.e = function(){
         act.data.epub = act.pair.epub; 
-        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, act.proof, act.f); // to keep the private key safe, we AES encrypt it with the proof of work!
+        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, act.proof, act.f, {raw:1}); // to keep the private key safe, we AES encrypt it with the proof of work!
       }
       act.f = function(auth){
         act.data.auth = JSON.stringify({ek: auth, s: act.salt}); 
-        act.g(act.data.auth); //SEA.sign({ek: auth, s: act.salt}, act.pair, act.g);
+        act.g(act.data.auth);
       }
       act.g = function(auth){ var tmp;
         act.data.auth = act.data.auth || auth;
@@ -828,7 +832,7 @@
       }
       act.c = function(auth){
         if(u === auth){ return act.b() }
-        if(Gun.text.is(auth)){ return act.c(Gun.obj.ify(auth)) } // new format
+        if(Gun.text.is(auth)){ return act.c(Gun.obj.ify(auth)) } // in case of legacy
         SEA.work(pass, (act.auth = auth).s, act.d, act.enc); // the proof of work is evidence that we've spent some time/effort trying to log in, this slows brute force.
       }
       act.d = function(proof){
@@ -861,7 +865,7 @@
         user.is = {pub: pair.pub, epub: pair.epub, alias: alias};
         at.sea = act.pair;
         cat.ing = false;
-        if(pass && !Gun.text.is(act.data.auth)){ opt.shuffle = opt.change = pass; } // migrate UTF8 + Shuffle! Test against NAB alias test_sea_shuffle + passw0rd
+        try{if(pass && !Gun.obj.has(Gun.obj.ify(cat.root.graph['~'+pair.pub].auth), ':')){ opt.shuffle = opt.change = pass; } }catch(e){} // migrate UTF8 & Shuffle!
         opt.change? act.z() : cb(at);
         if(SEA.window && ((gun.back('user')._).opt||opt).remember){
           // TODO: this needs to be modular.
@@ -885,18 +889,17 @@
         SEA.work(opt.change, act.salt, act.y);
       }
       act.y = function(proof){
-        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, proof, act.x);
+        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, proof, act.x, {raw:1});
       }
       act.x = function(auth){
         act.w(JSON.stringify({ek: auth, s: act.salt}));
-        //SEA.sign({ek: auth, s: act.salt}, act.pair, act.w);
       }
       act.w = function(auth){
         if(opt.shuffle){ // delete in future!
+          console.log('migrate core account from UTF8 & shuffle');
           var tmp = Gun.obj.to(act.data);
           Gun.obj.del(tmp, '_');
           tmp.auth = auth;
-          console.log('migrate core account from UTF8 & shuffle', tmp);
           root.get('~'+act.pair.pub).put(tmp);
         } // end delete
         root.get('~'+act.pair.pub).get('auth').put(auth, cb);
@@ -1086,18 +1089,21 @@
       // NOTE: THE SECURITY FUNCTION HAS ALREADY VERIFIED THE DATA!!!
       // WE DO NOT NEED TO RE-VERIFY AGAIN, JUST TRANSFORM IT TO PLAINTEXT.
       var to = this.to, vertex = (msg.$._).put, c = 0, d;
-      Gun.node.is(msg.put, function(val, key, node){ c++; // for each property on the node
+      Gun.node.is(msg.put, function(val, key, node){
         // only process if SEA formatted?
+        var tmp = Gun.obj.ify(val) || noop;
+        if(u !== tmp[':']){
+          node[key] = SEA.opt.unpack(tmp);
+          return;
+        }
+        if(!SEA.opt.check(val)){ return }
+        c++; // for each property on the node
         SEA.verify(val, false, function(data){ c--; // false just extracts the plain data.
-          var tmp = data;
-          data = SEA.opt.unpack(data, key, node);
-          node[key] = val = data; // transform to plain value.
+          node[key] = SEA.opt.unpack(data, key, node);; // transform to plain value.
           if(d && !c && (c = -1)){ to.next(msg) }
         });
       });
-      d = true;
-      if(d && !c){ to.next(msg) }
-      return;
+      if((d = true) && !c){ to.next(msg) }
     }
 
     // signature handles data output, it is a proxy to the security function.
@@ -1162,55 +1168,44 @@
           if(key === Gun.val.link.is(val)){ return check['pubs'+soul+key] = 0 } // and the ID must be EXACTLY equal to its property
           each.end({err: "Alias must match!"}); // that way nobody can tamper with the list of public keys.
         };
-        each.pub = function(val, key, node, soul, pub, user){ // Example: {_:#~asdf, hello:SEA{'world',fdsa}}
+        each.pub = function(val, key, node, soul, pub, user){ var tmp; // Example: {_:#~asdf, hello:'world'~fdsa}}
           if('pub' === key){
             if(val === pub){ return (check['pub'+soul+key] = 0) } // the account MUST match `pub` property that equals the ID of the public key.
             return each.end({err: "Account must match!"});
           }
           check['user'+soul+key] = 1;
-          if(user && user.is && pub === user.is.pub){
-            //var id = Gun.text.random(3);
-            SEA.sign([soul, key, val, Gun.state.is(node, key)], (user._).sea, function(data){ var rel;
+          if(msg.I && user && user.is && pub === user.is.pub){
+            SEA.sign(SEA.opt.prep(tmp = SEA.opt.parse(val), key, node, soul), (user._).sea, function(data){ var rel;
               if(u === data){ return each.end({err: SEA.err || 'Pub signature fail.'}) }
               if(rel = Gun.val.link.is(val)){
                 (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
               }
-              node[key] = data;
+              node[key] = JSON.stringify({':': SEA.opt.unpack(data.m), '~': data.s});
               check['user'+soul+key] = 0;
               each.end({ok: 1});
-            });
-            // TODO: Handle error!!!!
+            }, {check: SEA.opt.pack(tmp, key, node, soul), raw: 1});
             return;
           }
-          SEA.verify(val, pub, function(data){ var rel, tmp;
+          SEA.verify(SEA.opt.pack(val,key,node,soul), pub, function(data){ var rel, tmp;
             data = SEA.opt.unpack(data, key, node);
             if(u === data){ // make sure the signature matches the account it claims to be on.
               return each.end({err: "Unverified data."}); // reject any updates that are signed with a mismatched account.
             }
-            if((rel = Gun.val.link.is(data)) && pub === relpub(rel)){
+            if((rel = Gun.val.link.is(data)) && pub === SEA.opt.pub(rel)){
               (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
             }
             check['user'+soul+key] = 0;
             each.end({ok: 1});
           });
         };
-        function relpub(s){
-          if(!s){ return }
-          s = s.split('~');
-          if(!s || !(s = s[1])){ return }
-          s = s.split('.');
-          if(!s || 2 > s.length){ return }
-          s = s.slice(0,2).join('.');
-          return s;
-        }
         each.any = function(val, key, node, soul, user){ var tmp, pub;
           if(!user || !user.is){
-            if(tmp = relpub(soul)){
+            if(tmp = SEA.opt.pub(soul)){
               check['any'+soul+key] = 1;
-              SEA.verify(val, pub = tmp, function(data){ var rel;
+              SEA.verify(SEA.opt.pack(val,key,node,soul), pub = tmp, function(data){ var rel;
                 data = SEA.opt.unpack(data, key, node);
                 if(u === data){ return each.end({err: "Mismatched owner on '" + key + "'."}) } // thanks @rogowski !
-                if((rel = Gun.val.link.is(data)) && pub === relpub(rel)){
+                if((rel = Gun.val.link.is(data)) && pub === SEA.opt.pub(rel)){
                   (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
                 }
                 check['any'+soul+key] = 0;
@@ -1227,26 +1222,21 @@
             //each.end({err: "Data cannot be modified."});
             return;
           }
-          if(!(tmp = relpub(soul))){
+          if(!(tmp = SEA.opt.pub(soul))){
             if(at.opt.secure){
               each.end({err: "Soul is missing public key at '" + key + "'."});
               return;
             }
-            if(val && val.slice && 'SEA{' === (val).slice(0,4)){
-              check['any'+soul+key] = 0;
-              each.end({ok: 1});
-              return;
-            }
-            //check['any'+soul+key] = 1;
-            //SEA.sign(val, user, function(data){
-             // if(u === data){ return each.end({err: 'Any signature failed.'}) }
-            //  node[key] = data;
-              check['any'+soul+key] = 0;
-              each.end({ok: 1});
-            //});
+            // TODO: Ask community if should auto-sign non user-graph data.
+            check['any'+soul+key] = 0;
+            each.end({ok: 1});
             return;
           }
-          if(!msg.I || (pub = tmp) !== (user.is||noop).pub){
+          if(!msg.I){ // only sign data put out from this instance.
+            each.any(val, key, node, soul);
+            return;
+          }
+          if((pub = tmp) !== (user.is||noop).pub){
             each.any(val, key, node, soul);
             return;
           }
@@ -1258,12 +1248,12 @@
             return;
           }*/
           check['any'+soul+key] = 1;
-          SEA.sign([soul, key, val, Gun.state.is(node, key)], (user._).sea, function(data){
+          SEA.sign(SEA.opt.prep(tmp = SEA.opt.parse(val), key, node, soul), (user._).sea, function(data){
             if(u === data){ return each.end({err: 'My signature fail.'}) }
-            node[key] = data;
+            node[key] = JSON.stringify({':': SEA.opt.unpack(data.m), '~': data.s});
             check['any'+soul+key] = 0;
             each.end({ok: 1});
-          });
+          }, {check: SEA.opt.pack(tmp, key, node, soul), raw: 1});
         }
         each.end = function(ctx){ // TODO: Can't you just switch this to each.end = cb?
           if(each.err){ return }
@@ -1275,6 +1265,7 @@
           if(Gun.obj.map(check, function(no){
             if(no){ return true }
           })){ return }
+          msg.user = at.user; // already been through firewall, does not need to again on out.
           to.next(msg);
         };
         Gun.obj.map(msg.put, each.node);
@@ -1283,16 +1274,35 @@
       }
       to.next(msg); // pass forward any data we do not know how to handle or process (this allows custom security protocols).
     }
-    SEA.opt.unpack = function(data, key, node){
-      if(u === data){ return }
-      if(data === node[key]){ return data }
-      if(data && data['#'] && rel_is(data) === rel_is(node[key])){ return data }
-      var tmp = data, soul = Gun.node.soul(node), s = Gun.state.is(node, key);
-      if(tmp && 4 === tmp.length && soul === tmp[0] && key === tmp[1] && fl(s) === fl(tmp[3])){
-        return tmp[2];
+    SEA.opt.pub = function(s){
+      if(!s){ return }
+      s = s.split('~');
+      if(!s || !(s = s[1])){ return }
+      s = s.split('.');
+      if(!s || 2 > s.length){ return }
+      s = s.slice(0,2).join('.');
+      return s;
+    }
+    SEA.opt.prep = function(d,k, n,s){ // prep for signing
+      return {'#':s,'.':k,':':SEA.opt.parse(d),'>':Gun.state.is(n, k)};
+    }
+    SEA.opt.pack = function(d,k, n,s){ // pack for verifying
+      if(SEA.opt.check(d)){ return d }
+      var meta = (Gun.obj.ify(d)||noop), sig = meta['~'];
+      return sig? {m: {'#':s,'.':k,':':meta[':'],'>':Gun.state.is(n, k)}, s: sig} : d;
+    }
+    SEA.opt.unpack = function(d, k, n){ var tmp;
+      if(u === d){ return }
+      if(d && (u !== (tmp = d[':']))){ return tmp }
+      if(!k || !n){ return }
+      if(d === n[k]){ return d }
+      if(!SEA.opt.check(n[k])){ return d }
+      var soul = Gun.node.soul(n), s = Gun.state.is(n, k);
+      if(d && 4 === d.length && soul === d[0] && k === d[1] && fl(s) === fl(d[3])){
+        return d[2];
       }
       if(s < SEA.opt.shuffle_attack){
-        return data;
+        return d;
       }
     }
     SEA.opt.shuffle_attack = 1546329600000; // Jan 1, 2019
@@ -1302,4 +1312,4 @@
     // TODO: Potential bug? If pub/priv key starts with `-`? IDK how possible.
 
   })(USE, './index');
-}());
+}());
\ No newline at end of file
diff --git a/test/common.js b/test/common.js
index 30b97063..fd4a9d53 100644
--- a/test/common.js
+++ b/test/common.js
@@ -19,6 +19,7 @@ describe('Gun', function(){
 			//require('../lib/file');
 			require('../lib/store');
 			require('../lib/rfs');
+			require('./sea/sea.js');
 		}
 	}(this));
 	//Gun.log.squelch = true;
@@ -2835,7 +2836,7 @@ describe('Gun', function(){
 			cat.slave = bob;
 			gun.on('put', {$: gun, put: Gun.graph.ify(user, s)});
 			//console.debug.i=1;console.log("-------------");
-			gun.get(s.soul).get('bob').get('pet').get('slave').val(function(data){
+			gun.get(s.soul).get('bob').get('pet').get('slave').once(function(data){
 				//clearTimeout(done.to);
 				//setTimeout(function(){
 					//console.log("*****************", data);return;
@@ -2879,7 +2880,7 @@ describe('Gun', function(){
 		it('empty val followed', function(done){
 			var gun = Gun();
 
-			gun.get('val/follow').val(function(data){
+			gun.get('val/follow').once(function(data){
 				//console.log("val", data);
 			}).get(function(at){
 				//console.log("?????", at);
@@ -2928,7 +2929,7 @@ describe('Gun', function(){
 			list.set(gun.get('dave').put({name: "Dave", group: "awesome", married: true}));
 
 			var check = {}, count = {};
-			list.map().val(function(data, id){
+			list.map().once(function(data, id){
 				//console.log("***************", id, data);
 				check[id] = data;
 				count[id] = (count[id] || 0) + 1;
@@ -3050,7 +3051,7 @@ describe('Gun', function(){
 			setTimeout(function(){
 				var gun2 = Gun();
 				//console.log(require('fs').readFileSync('./radata/!').toString());
-				gun2.get('stef').get('address').val(function(data){ // Object {_: Object, country: "Netherlands", zip: "1766KP"} "adress"
+				gun2.get('stef').get('address').once(function(data){ // Object {_: Object, country: "Netherlands", zip: "1766KP"} "adress"
 					//console.log("******", data);
 					done.a = true;
 					expect(data.country).to.be('Netherlands');
@@ -3059,7 +3060,7 @@ describe('Gun', function(){
 					if(done.c){ return } done.c = 1;
 					done();
 				});
-				gun2.get('stef').val(function(data){ //Object {_: Object, address: Object} "stef"
+				gun2.get('stef').once(function(data){ //Object {_: Object, address: Object} "stef"
 					//console.log("**************", data);
 					//return;
 					done.s = true;
@@ -3237,14 +3238,14 @@ describe('Gun', function(){
 
 			var check = {A: {}, B: {}};
 			setTimeout(function(){
-				gun.get('usersMM').map().map().val(function(data){
+				gun.get('usersMM').map().map().once(function(data){
 					//console.log('A', data);
 					check.A[data.pub] = true;
 				})
 			}, 900);
 
 			setTimeout(function(){
-				gun.get('usersMM').map().map().val(function(data){
+				gun.get('usersMM').map().map().once(function(data){
 					//console.log('B', data, check);
 					check.B[data.pub] = true;
 					if(check.A['asdf'] && check.A['fdsa'] && check.B['asdf'] && check.B['fdsa']){
@@ -3302,7 +3303,7 @@ describe('Gun', function(){
 			var app = gun.get(s.soul);
 			
 			//console.debug.i=1;console.log("===================");
-			app.get('alias').get('mark').map().val(function(alias){
+			app.get('alias').get('mark').map().once(function(alias){
 				//console.log("***", alias);
 				done.alias = alias;
 			});
@@ -3480,19 +3481,19 @@ describe('Gun', function(){
 		it('val should now get called if no data is found', function(done){
 			var gun = Gun();
 
-			gun.get('nv/foo').get('bar').get('baz').val(function(val, key){
+			gun.get('nv/foo').get('bar').get('baz').once(function(val, key){
 				//console.log('*******', key, val);
 				expect(val).to.be(undefined);
 				done.fbb = true;
 			});
 
-			gun.get('nv/totesnothing').val(function(val, key){
+			gun.get('nv/totesnothing').once(function(val, key){
 				//console.log('***********', key, val);
 				expect(val).to.be(undefined);
 				done.t = true;
 			});
 
-			gun.get('nv/bz').get('lul').val(function(val, key){
+			gun.get('nv/bz').get('lul').once(function(val, key){
 				//console.log('*****************', key, val);
 				expect(val).to.be(undefined);
 				done.bzl = true;
@@ -3514,7 +3515,7 @@ describe('Gun', function(){
 				data.b = 2;
 			});
 			
-			gun.get('ds/safe').val(function(data){
+			gun.get('ds/safe').once(function(data){
 				expect(gun.back(-1)._.graph['ds/safe'].b).to.not.be.ok();
 				if(done.c){ return } done.c = 1;
 				done();
@@ -3588,7 +3589,7 @@ describe('Gun', function(){
 			setTimeout(function(){
 				a.get('profile').get('said').get('asdf').put('yes');
 				setTimeout(function(){
-					a.val(function(data){
+					a.once(function(data){
 						expect(data.profile).to.be.eql({'#': 'sabnbprofile'});
 						if(done.c){ return } done.c = 1;
 						done();
@@ -3784,7 +3785,7 @@ describe('Gun', function(){
 			  var chain = this.chain();
 			  var context = this;
 			  var _tags;
-			  context.val(function(obj, key){
+			  context.once(function(obj, key){
 			    if(!obj.tags){
 			      console.warn('Not tagged to anything!');
 			      context._.valid = false;
@@ -3822,7 +3823,7 @@ describe('Gun', function(){
 			gun.get('fake1')//.map()
 			      .filter(['a','b'])  // Gun.chain.filter = function(tags){ .... }
 			      .get(function(no){console.log("NO!", no)})
-			      .val(function(yes){console.log("YES!", yes)})
+			      .once(function(yes){console.log("YES!", yes)})
 		});
 
 		it.only('Check that events are called with multiple instances', function(done){
@@ -4670,7 +4671,7 @@ describe('Gun', function(){
 			var gun = Gun().put({foo:'lol', extra: 'yes'}).key('key/path/put');
 			var data = gun.get('key/path/put');
 			data.path('foo').put('epic');
-			data.val(function(val, field){
+			data.once(function(val, field){
 				expect(val.foo).to.be('epic');
 				expect(Gun.node.soul(val)).to.be('key/path/put');
 				done();
@@ -4794,7 +4795,7 @@ describe('Gun', function(){
 			var get = gun.get('shallow/path');
 			var path = get.path('one');
 			var put = path.put('good');
-			put.val(function(val, field){
+			put.once(function(val, field){
 				expect(val).to.be('good');
 				expect(field).to.be('one');
 				done();
@@ -4806,7 +4807,7 @@ describe('Gun', function(){
 			var get = gun.get('slightly/shallow/path');
 			var path = get.path('one');
 			var put = path.put({you: 'are', here: 1});
-			put.val(function(val, field){
+			put.once(function(val, field){
 				//console.log('***********', field, val);
 				expect(val.you).to.be('are');
 				expect(val.here).to.be(1);
@@ -4862,7 +4863,7 @@ describe('Gun', function(){
 			},100);
 		});
 
-		it('any any not', function(done){
+		it('get get not', function(done){
 			var s = Gun.state.map();
 			s.soul = 'a';
 			Gun.on('put', {$: gun, put: Gun.graph.ify({b: 1, c: 2}, s)});
@@ -4882,9 +4883,9 @@ describe('Gun', function(){
 					done();
 				}
 			}
-			gun.get('a').path('b').any(cb);//.err(cb).not(cb).on(cb).val(cb);
-			gun.get('a').path('c').any(cb);//.err(cb).not(cb).on(cb).val(cb);
-			gun.get('a').path('d').any(cb);//.err(cb).not(cb).on(cb).val(cb);
+			gun.get('a').path('b').get(cb);//.err(cb).not(cb).on(cb).once(cb);
+			gun.get('a').path('c').get(cb);//.err(cb).not(cb).on(cb).once(cb);
+			gun.get('a').path('d').get(cb);//.err(cb).not(cb).on(cb).once(cb);
 		});
 
 		it('any not any not any not', function(done){
@@ -4902,16 +4903,16 @@ describe('Gun', function(){
 					done();
 				}
 			}
-			gun.get('x').path('b').any(cb);//.err(cb).not(cb).on(cb).val(cb);
-			gun.get('x').path('c').any(cb);//.err(cb).not(cb).on(cb).val(cb);
-			gun.get('x').path('d').any(cb);//.err(cb).not(cb).on(cb).val(cb);
+			gun.get('x').path('b').any(cb);//.err(cb).not(cb).on(cb).once(cb);
+			gun.get('x').path('c').any(cb);//.err(cb).not(cb).on(cb).once(cb);
+			gun.get('x').path('d').any(cb);//.err(cb).not(cb).on(cb).once(cb);
 		});
 
 		it('get put, put deep', function(done){
 			var gun = Gun();
 			var get = gun.get('put/deep/ish');
 			get.put({});
-			get.val(function(data){ // TODO: API CHANGE! Empty objects should react.
+			get.once(function(data){ // TODO: API CHANGE! Empty objects should react.
 				//console.log("...1", data);
 				expect(Gun.obj.empty(data, '_')).to.be.ok(); // API CHANGED,
 				//expect(Gun.val.link.is(data.very)).to.be.ok();
@@ -4926,12 +4927,12 @@ describe('Gun', function(){
 						}
 					}
 				});
-				get.val(function(data){
+				get.once(function(data){
 					//console.log("...2", data);
 					expect(Gun.val.link.is(data.very)).to.be.ok();
 				});
 				setTimeout(function(){
-					put.val(function(data){
+					put.once(function(data){
 						//console.log("...3", data);
 						expect(Gun.val.link.is(data.very)).to.be.ok();
 						done.val = true;
@@ -4939,7 +4940,7 @@ describe('Gun', function(){
 					var p = put.path('very');
 					p.put({we: 'have gone!'});
 					setTimeout(function(){
-						p.val(function(data){
+						p.once(function(data){
 							//console.log("...4", data);
 							expect(data.we).to.be('have gone!');
 							expect(Gun.val.link.is(data.deep)).to.be.ok();
@@ -4959,7 +4960,7 @@ describe('Gun', function(){
 			var get = gun.get('slightly/shallow/path/swoop');
 			var path = get.path('one.two');
 			var put = path.put({oh: 'okay'});
-			put.val(function(val, field){
+			put.once(function(val, field){
 				//console.log("****", field, val);
 				expect(val.oh).to.be('okay');
 				expect(field).to.be('two');
@@ -4973,13 +4974,13 @@ describe('Gun', function(){
 			var path = get.path('one.two');
 			var path3 = path.path('three');
 			var put = path3.put({you: 'found', the: 'bottom!'});
-			put.val(function(val, field){
+			put.once(function(val, field){
 				//console.log("********1********", field, val);
 				expect(val.you).to.be('found');
 				expect(val.the).to.be('bottom!');
 				expect(field).to.be('three');
 			});
-			gun.get('deep/path').path('one.two.three.you').put('are').val(function(val, field){
+			gun.get('deep/path').path('one.two.three.you').put('are').once(function(val, field){
 				//console.log("********2*********", field, val);return;
 				expect(val).to.be('are');
 				expect(field).to.be('you');
@@ -5099,13 +5100,13 @@ describe('Gun', function(){
 			mark.path('wife').put(amber, function(err){
 				expect(err).to.not.be.ok();
 			});
-			mark.path('wife.name').val(function(val){
+			mark.path('wife.name').once(function(val){
 				expect(val).to.be("Amber Nadal");
 			});
 		});
 
 		it('put val', function(done){
-			gun.put({hello: "world"}).val(function(val){
+			gun.put({hello: "world"}).once(function(val){
 				expect(val.hello).to.be('world');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5117,7 +5118,7 @@ describe('Gun', function(){
 		});
 
 		it('put key val', function(done){
-			gun.put({hello: "world"}).key('hello/world').val(function(val, field){
+			gun.put({hello: "world"}).key('hello/world').once(function(val, field){
 				if(done.c){ return }
 				expect(val.hello).to.be('world');
 				expect(done.c).to.not.be.ok();
@@ -5130,7 +5131,7 @@ describe('Gun', function(){
 		});
 
 		it('get val', function(done){
-			gun.get('hello/world').val(function(val, field){
+			gun.get('hello/world').once(function(val, field){
 				expect(val.hello).to.be('world');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5142,7 +5143,7 @@ describe('Gun', function(){
 		});
 
 		it('get path', function(done){
-			gun.get('hello/world').path('hello').val(function(val){
+			gun.get('hello/world').path('hello').once(function(val){
 				//console.log("**************", val);
 				expect(val).to.be('world');
 				expect(done.c).to.not.be.ok();
@@ -5155,7 +5156,7 @@ describe('Gun', function(){
 		});
 
 		it('get put path', function(done){
-			gun.get('hello/world').put({hello: 'Mark'}).path('hello').val(function(val, field){
+			gun.get('hello/world').put({hello: 'Mark'}).path('hello').once(function(val, field){
 				expect(val).to.be('Mark');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5167,7 +5168,7 @@ describe('Gun', function(){
 		});
 
 		it('get path put', function(done){
-			gun.get('hello/world').path('hello').put('World').val(function(val){
+			gun.get('hello/world').path('hello').put('World').once(function(val){
 				expect(val).to.be('World');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5195,7 +5196,7 @@ describe('Gun', function(){
 
 		it('get path empty put val', function(done){
 			var gun = Gun({init: true}).put({hello: "Mark"}).key('hello/world/not');
-			gun.get('hello/world/not').path('earth').put('mars').val(function(val){
+			gun.get('hello/world/not').path('earth').put('mars').once(function(val){
 				done.c = 1;
 			});
 			setTimeout(function(){
@@ -5208,7 +5209,7 @@ describe('Gun', function(){
 			var gun = Gun();
 			var get = gun.get('hello/imp/world');
 			var put = get.put({planet: 'the earth'});
-			put.val(function(val){
+			put.once(function(val){
 				expect(val.planet).to.be('the earth');
 				done();
 			});
@@ -5219,7 +5220,7 @@ describe('Gun', function(){
 			var get = gun.get('hello/imp/where');
 			var path = get.path('where');
 			var put = path.put('the mars');
-			var val = put.val(function(val, field){
+			var val = put.once(function(val, field){
 				expect(field).to.be('where');
 				expect(val).to.be('the mars');
 				done();
@@ -5227,7 +5228,7 @@ describe('Gun', function(){
 		});
 
 		it('get path empty put val implicit', function(done){
-			gun.get('hello/world').path('earth').put('mars').val(function(val, field){
+			gun.get('hello/world').path('earth').put('mars').once(function(val, field){
 				expect(val).to.be('mars');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5241,7 +5242,7 @@ describe('Gun', function(){
 		it('get path val', function(done){
 			var gun = Gun({init: true}).put({hello: "Mark"}).key('hello/world/not');
 			gun.get('hello/world').path('earth').put('mars');
-			gun.get('hello/world/not').path('earth').val(function(val){
+			gun.get('hello/world/not').path('earth').once(function(val){
 				expect(val).to.be('mars');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5253,7 +5254,7 @@ describe('Gun', function(){
 		});
 
 		it('get path val implicit', function(done){
-			gun.get('hello/world').path('earth').val(function(val){
+			gun.get('hello/world').path('earth').once(function(val){
 				expect(val).to.be('mars');
 				expect(done.c).to.not.be.ok();
 				done.c = 1;
@@ -5268,7 +5269,7 @@ describe('Gun', function(){
 			it('get not kick val', function(done){
 				gun.get("some/empty/thing").not(function(key, kick){ // that if you call not first
 					this.put({now: 'exists'}).key(key); // you can put stuff
-				}).val(function(val){ // and THEN still retrieve it.
+				}).once(function(val){ // and THEN still retrieve it.
 					expect(val.now).to.be('exists');
 					done();
 				});
@@ -5280,7 +5281,7 @@ describe('Gun', function(){
 				foo.not(function(key, kick){
 					done.not = true;
 					this.put({now: 'THIS SHOULD NOT HAPPEN'}).key(key);
-				}).val(function(val){
+				}).once(function(val){
 					expect(val.now).to.be('exists');
 					expect(done.not).to.not.be.ok();
 					done();
@@ -5289,7 +5290,7 @@ describe('Gun', function(){
 		});
 
 		it('put path val sub', function(done){
-			gun.put({last: {some: 'object'}}).path('last').val(function(val){
+			gun.put({last: {some: 'object'}}).path('last').once(function(val){
 				expect(val.some).to.be('object');
 				done();
 			});
@@ -5326,11 +5327,11 @@ describe('Gun', function(){
 		});
 
 		it('get put null', function(done){
-			gun.put({last: {some: 'object'}}).path('last').val(function(val, field){
+			gun.put({last: {some: 'object'}}).path('last').once(function(val, field){
 				//console.log("**", field, val);
 				expect(field).to.be('last');
 				expect(val.some).to.be('object');
-			}).put(null).val(function(val, field){
+			}).put(null).once(function(val, field){
 				//console.log("******", field, val);
 				expect(field).to.be('last');
 				expect(val).to.be(null);
@@ -5340,11 +5341,11 @@ describe('Gun', function(){
 
 		it('Gun get put null', function(done){ // flip flop bug
 			var gun = Gun();
-			gun.put({last: {some: 'object'}}).path('last').val(function(val, field){
+			gun.put({last: {some: 'object'}}).path('last').once(function(val, field){
 				//console.log("**", field, val);
 				done.some = true;
 				expect(val.some).to.be('object');
-			}).put(null).val(function(val, field){
+			}).put(null).once(function(val, field){
 				//console.log("********", field, val);
 				expect(val).to.be(null);
 				expect(done.some).to.be.ok();
@@ -5356,7 +5357,7 @@ describe('Gun', function(){
 			var foo = gun.put({foo: 'bar'}).key('foo/bar');
 			foo.path('hello.world.nowhere'); // this should become a sub-context, that doesn't alter the original
 			setTimeout(function(){
-				foo.path('foo').val(function(val){ // and then the original should be able to be reused later
+				foo.path('foo').once(function(val){ // and then the original should be able to be reused later
 					expect(val).to.be('bar'); // this should work
 					done();
 				});
@@ -5367,7 +5368,7 @@ describe('Gun', function(){
 			var foo = gun.get('foo/bar');
 			foo.path('hello.world.nowhere'); // this should become a sub-context, that doesn't alter the original
 			setTimeout(function(){
-				foo.path('foo').val(function(val){ // and then the original should be able to be reused later
+				foo.path('foo').once(function(val){ // and then the original should be able to be reused later
 					expect(val).to.be('bar'); // this should work
 					done();
 				});
@@ -5381,10 +5382,10 @@ describe('Gun', function(){
 					title: 'awesome title',
 					todos: {}
 				}).key(key);
-			}).val(function(data){
+			}).once(function(data){
 				expect(data.id).to.be('foobar');
-			//}).path('todos').val(function(todos, field){
-			}).path('todos').val(function(todos, field){
+			//}).path('todos').once(function(todos, field){
+			}).path('todos').once(function(todos, field){
 				expect(field).to.be('todos');
 				expect(todos).to.not.have.property('id');
 				done();
@@ -5400,7 +5401,7 @@ describe('Gun', function(){
 			data.b.parent = data.a;
 			gun.put(data, function(err, ok){
 				expect(err).to.not.be.ok();
-			}).val(function(val){
+			}).once(function(val){
 				setTimeout(function(){ // TODO: Is this cheating? I don't think so cause we are using things outside of the API!
 					var a = gun.back(-1)._.graph[Gun.val.link.is(val.a)];
 					var b = gun.back(-1)._.graph[Gun.val.link.is(val.b)];
@@ -5464,7 +5465,7 @@ describe('Gun', function(){
 						lol: true
 					}
 				}
-			}).path('foo.bar.lol').val(function(val){
+			}).path('foo.bar.lol').once(function(val){
 				expect(val).to.be(true);
 				done();
 			});
@@ -5477,7 +5478,7 @@ describe('Gun', function(){
 						lol: {ok: true}
 					}
 				}
-			}).path('foo.bar.lol').val(function(val){
+			}).path('foo.bar.lol').once(function(val){
 				expect(val.ok).to.be(true);
 				done();
 			});
@@ -5506,15 +5507,15 @@ describe('Gun', function(){
 			//console.debug.i=1;console.log("------------");
 			gun.put(mark, function(err, ok){
 				expect(err).to.not.be.ok();
-			}).val(function(val){
+			}).once(function(val){
 				expect(val.age).to.be(23);
 				expect(val.name).to.be("Mark Nadal");
 				expect(Gun.val.link.is(val.wife)).to.be.ok();
 				expect(Gun.val.link.is(val.pet)).to.be.ok();
-			}).path('wife.pet.name').val(function(val){
+			}).path('wife.pet.name').once(function(val){
 				//console.debug(1, "*****************", val);
 				expect(val).to.be('Hobbes');
-			}).back().path('pet.master').val(function(val){
+			}).back().path('pet.master').once(function(val){
 				//console.log("*****************", val);
 				expect(val.name).to.be("Amber Nadal");
 				expect(val.phd).to.be.ok();
@@ -5536,14 +5537,14 @@ describe('Gun', function(){
 
 		it('put partial sub merge', function(done){
 			var gun = Gun();
-			var mark = gun.put({name: "Mark", wife: { name: "Amber" }}).key('person/mark').val(function(mark){
+			var mark = gun.put({name: "Mark", wife: { name: "Amber" }}).key('person/mark').once(function(mark){
 				//console.log("VAL1", mark);
 				done.marksoul = Gun.node.soul(mark);
 				expect(mark.name).to.be("Mark");
 			});
 			mark.put({age: 23, wife: {age: 23}});
 			setTimeout(function(){
-				mark.put({citizen: "USA", wife: {citizen: "USA"}}).val(function(mark){
+				mark.put({citizen: "USA", wife: {citizen: "USA"}}).once(function(mark){
 					//console.log("VAL2", mark, gun);
 					expect(mark.name).to.be("Mark");
 					expect(mark.age).to.be(23);
@@ -5563,10 +5564,10 @@ describe('Gun', function(){
 
 		it('path path', function(done){
 			var deep = gun.put({some: {deeply: {nested: 'value'}}});
-			deep.path('some.deeply.nested').val(function(val){
+			deep.path('some.deeply.nested').once(function(val){
 				expect(val).to.be('value');
 			});
-			deep.path('some').path('deeply').path('nested').val(function(val){
+			deep.path('some').path('deeply').path('nested').once(function(val){
 				expect(val).to.be('value');
 				done();
 			});
@@ -5584,7 +5585,7 @@ describe('Gun', function(){
 			var gun = Gun();
 			var fo = gun.put({fo: 'bar'});
 			Gun.log.ba = 1;
-			fo.put({ba: {}}).val(function(obj, field){
+			fo.put({ba: {}}).once(function(obj, field){
 				c += 1;
 				expect(c).to.be(1);
 				done();
@@ -5597,7 +5598,7 @@ describe('Gun', function(){
 		describe('random', function(){
 			var foo;
 			it('context null put node', function(done){
-				foo = gun.put({foo: 'bar'}).val(function(obj){
+				foo = gun.put({foo: 'bar'}).once(function(obj){
 					expect(obj.foo).to.be('bar');
 					done(); //setTimeout(function(){ done() },1);
 				});
@@ -5613,7 +5614,7 @@ describe('Gun', function(){
 
 			it('context node put node', function(done){
 				// EFFECTIVELY a TIMEOUT from the previous test. NO LONGER!
-				foo.put({bar: {zoo: 'who'}}).val(function(obj, field){
+				foo.put({bar: {zoo: 'who'}}).once(function(obj, field){
 					//console.log("terribly terrilby unpleasant", field, obj);
 					expect(obj.foo).to.be('bar');
 					expect(Gun.val.link.is(obj.bar)).to.ok();
@@ -5626,7 +5627,7 @@ describe('Gun', function(){
 				// EFFECTIVELY a TIMEOUT from the previous test. NO LONGER!
 				bar = foo.path('bar');
 				expect(gleak.check()).to.not.be.ok();
-				bar.put({combo: 'double'}).val(function(obj, field){
+				bar.put({combo: 'double'}).once(function(obj, field){
 					//expect(obj.zoo).to.be('who');
 					expect(obj.combo).to.be('double');
 					done(); //setTimeout(function(){ done() },1);
@@ -5636,7 +5637,7 @@ describe('Gun', function(){
 			it('context node and field put value', function(done){
 				// EFFECTIVELY a TIMEOUT from the previous test. NO LONGER!
 				var tar = foo.path('tar');
-				tar.put('zebra').val(function(val){
+				tar.put('zebra').once(function(val){
 					expect(val).to.be('zebra');
 					done(); //setTimeout(function(){ done() },1);
 				});
@@ -5644,10 +5645,10 @@ describe('Gun', function(){
 
 			it('context node and field, put node', function(done){
 				// EFFECTIVELY a TIMEOUT from the previous test. NO LONGER!
-				bar.path('combo').put({another: 'node'}).val(function(obj){
+				bar.path('combo').put({another: 'node'}).once(function(obj){
 					expect(obj.another).to.be('node');
 					// double .vals here also RELATED to the #"context no double emit" but because of a faulty .not or .init system.
-					bar.val(function(node){
+					bar.once(function(node){
 						expect(Gun.val.link.is(node.combo)).to.be.ok();
 						expect(Gun.val.link.is(node.combo)).to.be(Gun.node.soul(obj));
 						done(); //setTimeout(function(){ done() },1);
@@ -5662,10 +5663,10 @@ describe('Gun', function(){
 			var al = gun.put({gender:'m', age:30, name:'alfred'}).key('user/alfred');
 			var beth = gun.put({gender:'f', age:22, name:'beth'}).key('user/beth');
 
-			al.val(function(a){
+			al.once(function(a){
 				beth.put({friend: a}, function(err, ok){
 					expect(err).to.not.be.ok();
-				}).path('friend').val(function(aa){
+				}).path('friend').once(function(aa){
 					expect(Gun.node.soul(a)).to.be(Gun.node.soul(aa));
 					done();
 				});
@@ -5682,7 +5683,7 @@ describe('Gun', function(){
 			gun.put({gender:'m', age:30, name:'alfred'}).key('user/alfred');
 			gun.put({gender:'f', age:22, name:'beth'  }).key('user/beth');
 			//gun.get('user/beth').path('friend').put(gun.get('user/alfred')); // ideal format which we have a future test for.
-			gun.get('user/alfred').val(function(a){
+			gun.get('user/alfred').once(function(a){
 				//console.log("*****", a);
 				//expect(a['_']['key']).to.be.ok();
 				gun.get('user/beth').put({friend: a}, function(err, ok){ // b - friend_of -> a
@@ -5691,13 +5692,13 @@ describe('Gun', function(){
 					var c = soulnode(gun, keynode), soul = c[0];
 					expect(c.length).to.be(1);
 				});
-				gun.get('user/beth').val(function(b){
+				gun.get('user/beth').once(function(b){
 					//console.log("beth", b);
-					gun.get('user/alfred').put({friend: b}).val(function(al){ // a - friend_of -> b
+					gun.get('user/alfred').put({friend: b}).once(function(al){ // a - friend_of -> b
 						//console.log("al again", al);
-						gun.get('user/beth').put({cat: {name: "fluffy", age: 3, coat: "tabby"}}).val(function(bet){
+						gun.get('user/beth').put({cat: {name: "fluffy", age: 3, coat: "tabby"}}).once(function(bet){
 							gun.get('user/alfred').path('friend.cat').key('the/cat');
-							gun.get('the/cat').val(function(c){
+							gun.get('the/cat').once(function(c){
 								//console.log("cat!!!", c);
 								expect(c.name).to.be('fluffy');
 								expect(c.age).to.be(3);
@@ -5761,7 +5762,7 @@ describe('Gun', function(){
 			}}}), soul = Gun.text.random();
 			gun.get(soul).not(function(err, ok){
 				done.fail = true;
-			}).val(function(val){
+			}).once(function(val){
 				setTimeout(function(){
 					expect(val.a).to.be('b');
 					expect(val.c).to.be('d');
@@ -5792,7 +5793,7 @@ describe('Gun', function(){
 
 			gun.get('me', function(err, data){
 
-			}).val(function(val){
+			}).once(function(val){
 				done.count = (done.count || 0) + 1;
 				setTimeout(function(){
 					expect(val.a).to.be('b');
@@ -5820,7 +5821,7 @@ describe('Gun', function(){
 				cb(null, n);
 			}}}), soul = Gun.text.random();
 
-			gun.get(soul).path('a').val(function(val){
+			gun.get(soul).path('a').once(function(val){
 				done.count = (done.count || 0) + 1;
 				setTimeout(function(){
 					expect(val).to.be('b');
@@ -5838,7 +5839,7 @@ describe('Gun', function(){
 			setTimeout(function(){
 				gun.not(function(){
 					done.not = true;
-				}).val(function(){
+				}).once(function(){
 					expect(done.not).to.not.be.ok();
 					done();
 				}, {empty: true});
@@ -5960,7 +5961,7 @@ describe('Gun', function(){
 			});
 
 			it('instance.val', function(done){
-				Gun().val();
+				Gun().once();
 				done();
 			});
 		});
@@ -6123,7 +6124,7 @@ describe('Gun', function(){
 		it('set', function(done){
 			done.c = 0;
 			var u, gun = Gun();
-			gun.get('set').set().set().val(function(val){
+			gun.get('set').set().set().once(function(val){
 				var keynode = gun.__.graph['set'];
 				expect(Gun.node.soul.ify(keynode, '.')).to.be.ok();
 				Gun.is.node(keynode, function(rel, soul){
@@ -6149,7 +6150,7 @@ describe('Gun', function(){
 		// TODO: BUG! We need 2 more tests... without .set()... and multiple paths on the same node.
 		it('set multiple', function(done){ // kinda related to flip flop?
 			var gun = Gun().get('sets').set(), i = 0;
-			gun.val(function(val){
+			gun.once(function(val){
 				console.log("TEST 1", val);
 				expect(Gun.obj.empty(val, Gun._.meta)).to.be.ok();
 				expect(Gun.node.soul(val)).to.be('sets');
@@ -6158,7 +6159,7 @@ describe('Gun', function(){
 			});
 			gun.set(1); //.set(2).set(3).set(4); // if you set an object you'd have to do a `.back`
 			gun.map(function(val, field){
-			//gun.map().val(function(val, field){ // TODO: SEAN! DON'T LET ME FORGET!
+			//gun.map().once(function(val, field){ // TODO: SEAN! DON'T LET ME FORGET!
 				console.log("\n TEST 2+", field, val);
 				return;
 				i += 1;
@@ -6182,7 +6183,7 @@ describe('Gun', function(){
 			users.path(Gun.text.random()).put('bob');
 			users.path(Gun.text.random()).put('sam');
 			setTimeout(function(){
-				users.val(function(v){
+				users.once(function(v){
 					expect(Gun.val.link.is(v)).to.not.be.ok();
 					expect(Object.keys(v).length).to.be(3);
 					done();
@@ -6217,7 +6218,7 @@ describe('Gun', function(){
 			gun.put({a: 1, z: -1}).key('pseudo');
 			gun.put({b: 2, z: 0}).key('pseudo');
 
-			gun.get('pseudo').val(function(val){
+			gun.get('pseudo').once(function(val){
 				expect(val.a).to.be(1);
 				expect(val.b).to.be(2);
 				expect(val.z).to.be(0);
@@ -6275,14 +6276,14 @@ describe('Gun', function(){
 			var connect, gun1 = Gun({alice: true}).get('pseudo/merge').put({hello: 'world!'})/*.not(function(key){
 				this.put({hello: "world!"}).key(key);
 			})*/, gun2;
-			gun1.val(function(val){
+			gun1.once(function(val){
 				expect(val.hello).to.be('world!');
 			});
 			setTimeout(function(){
 				gun2 = Gun({bob: true}).get('pseudo/merge').put({hi: 'mars!'})/*.not(function(key){
 					this.put({hi: "mars!"}).key(key);
 				});*/
-				gun2.val(function(val){
+				gun2.once(function(val){
 					expect(val.hi).to.be('mars!');
 				});
 				setTimeout(function(){
@@ -6293,13 +6294,13 @@ describe('Gun', function(){
 					//gun1.get('pseudo/merge', null, {force: true}); // fake a browser refersh, in real world we should auto-reconnect
 					//gun2.get('pseudo/merge', null, {force: true}); // fake a browser refersh, in real world we should auto-reconnect
 					setTimeout(function(){
-						gun1.val(function(val){
+						gun1.once(function(val){
 							expect(val.hello).to.be('world!');
 							expect(val.hi).to.be('mars!');
 							done.g1 = true;
 						});
 						//return;
-						gun2.val(function(val){
+						gun2.once(function(val){
 							expect(val.hello).to.be('world!');
 							expect(val.hi).to.be('mars!');
 							expect(done.g1).to.be.ok();
@@ -6325,8 +6326,8 @@ describe('Gun', function(){
 				}}).key(key);
 			}); // this is now a list of passengers that we will map over.
 			var ctx = {n: 0, d: 0, l: 0};
-			passengers.map().val(function(passenger, id){
-				this.map().val(function(change, field){
+			passengers.map().once(function(passenger, id){
+				this.map().once(function(change, field){
 					if('name' == field){ expect(change).to.be(passenger.name); ctx.n++ }
 					if('direction' == field){ expect(change).to.be(passenger.direction); ctx.d++ }
 					if('location' == field){
@@ -6367,7 +6368,7 @@ describe('Gun', function(){
 			list.put({a: {x:1}, b: {y: 1}});
 			list.path('a').path('w').put(2);
 			var check = {};
-			list.map().val(function(v,f){
+			list.map().once(function(v,f){
 				check[f] = v;
 				console.log("*************************", f,v);
 				if(check.a && check.b){
@@ -6383,7 +6384,7 @@ describe('Gun', function(){
 			var g = Gun();
 			var list = gun.get('map/sub/val/after');
 			var check = {};
-			list.map().val(function(v,f){
+			list.map().once(function(v,f){
 				check[f] = v;
 				if(check.a && check.b){
 					setTimeout(function(){
@@ -6405,7 +6406,7 @@ describe('Gun', function(){
 			var g = Gun();
 			var list = gun.get('map/sub/val/after/to');
 			var check = {};
-			list.map().val(function(v,f){
+			list.map().once(function(v,f){
 				//console.log("*************", f,v);return;
 				check[f] = v;
 				if(check.a && check.b){
@@ -6426,7 +6427,7 @@ describe('Gun', function(){
 			var g = Gun();
 			var list = gun.get('map/simple/after');
 			var check = {};
-			list.map().val(function(v,f){
+			list.map().once(function(v,f){
 				check[f] = v;
 				if(check.a && check.b){
 					setTimeout(function(){
@@ -6445,7 +6446,7 @@ describe('Gun', function(){
 			var g = Gun();
 			var list = gun.get('map/simple/after/to');
 			var check = {};
-			list.map().val(function(v,f){
+			list.map().once(function(v,f){
 				check[f] = v;
 				if(check.a && check.b){
 					setTimeout(function(){
@@ -6502,7 +6503,7 @@ describe('Gun', function(){
 				}}).key(key);
 			}); // this is now a list of passengers that we will map over.
 			var ctx = {n: 0, d: 0, l: 0};
-			passengers.map().map().val(function(val, field){
+			passengers.map().map().once(function(val, field){
 				if('name' == field){ expect(val).to.be(!ctx.n? 'Bob' : 'Fred'); ctx.n++ }
 				if('direction' == field){ expect(val).to.be(!ctx.d? '128.2' : 'f128.2'); ctx.d++ }
 				if('location' == field){
@@ -6537,7 +6538,7 @@ describe('Gun', function(){
 				}).key('n/b/l/a/c');
 			});
 			var check = {a:{},b:{}}, F = 'a';
-			g.map().map().val(function(v,f){
+			g.map().map().once(function(v,f){
 				var c = check[F];
 				c[f] = v;
 				if(check.b && check.b.x && check.b.y){
@@ -6566,7 +6567,7 @@ describe('Gun', function(){
 				}).key('n/b/l/a');
 			});
 			var check = {};
-			g.map().map().val(function(v,f){
+			g.map().map().once(function(v,f){
 				check[f] = v;
 				if(check.x && check.y && check.w && check.u){
 					expect(check.x).to.be(1);
@@ -6586,7 +6587,7 @@ describe('Gun', function(){
 			var g = gun.get('b/l/a');
 			g.put({a: {x:1,y:1}});
 			var check = {};
-			g.map().map().val(function(v,f){
+			g.map().map().once(function(v,f){
 				check[f] = v;
 				if(check.x && check.y && check.w && check.u && check.z){
 					expect(check.x).to.be(1);
@@ -6607,7 +6608,7 @@ describe('Gun', function(){
 			var g = gun.get('b/d/l/a');
 			g.put({a: {x:1,y:1}});
 			var check = {};
-			g.map().map().val(function(v,f){
+			g.map().map().once(function(v,f){
 				check[f] = v;
 				if(check.x && check.y && check.w && check.u){
 					expect(check.x).to.be(1);
@@ -6647,7 +6648,7 @@ describe('Gun', function(){
 				}
 			});
 			var check = {};
-			g.map().map().map().map().val(function(v,f){
+			g.map().map().map().map().once(function(v,f){
 				check[f] = (check[f] || 0) + 1;
 				if(check.d === 2 && check.e === 2 && check.f === 2){
 					done();
@@ -6824,7 +6825,7 @@ describe('Gun', function(){
 					direction: '128.2'
 				}}).key(key);
 			});
-			passengers.map().path('location.lng').val(function(val, field){
+			passengers.map().path('location.lng').once(function(val, field){
 			//passengers.map().path('location.lng').on(function(val, field){
 				console.log("******", field, val);
 				expect(field).to.be('lng');
@@ -6902,9 +6903,9 @@ describe('Gun', function(){
 
 		it("put path deep val -> path val", function(done){ // Terje's bug
 			var gun = Gun();
-			gun.put({you: {have: {got: {to: {be: {kidding: "me!"}}}}}}).path('you.have.got.to.be').val(function(val, field){
+			gun.put({you: {have: {got: {to: {be: {kidding: "me!"}}}}}}).path('you.have.got.to.be').once(function(val, field){
 				expect(val.kidding).to.be('me!');
-				this.path('kidding').val(function(val){
+				this.path('kidding').once(function(val){
 					expect(val).to.be('me!');
 					done();
 				});
@@ -6918,10 +6919,10 @@ describe('Gun', function(){
 			passengers = passengers.put({randombob: {name: 'Bob', direction: {}}});
 			passengers.path('randombob.direction', function(err, ok, field){
 			}).put({lol: {just: 'kidding', dude: '!'}});
-			passengers.map().path('direction.lol').val(function(val){
-				this.path('just').val(function(val){
+			passengers.map().path('direction.lol').once(function(val){
+				this.path('just').once(function(val){
 					expect(val).to.be('kidding');
-				}).back().path('dude').val(function(val){
+				}).back().path('dude').once(function(val){
 					expect(val).to.be('!');
 					done();
 				});
@@ -7218,7 +7219,7 @@ describe('Gun', function(){
 					if(call[hash]){ return }
 					gun.__.meta($.soul).put = true;
 					call[hash] = true;
-					if(Gun.is.val(obj)){
+					if(Gun.is.once(obj)){
 						if($.from && $.at){
 							$.soul = $.from;
 							$.field = $.at;
@@ -7434,7 +7435,7 @@ describe('Gun', function(){
 				}
 			}, function(err,ok){
 				expect(done.c++).to.be(0);
-			}).val(function(p){
+			}).once(function(p){
 				done.p = Gun.node.soul(p);
 				done.m = Gun.val.link.is(p[0]);
 				expect(Gun.val.link.is(p[0])).to.be.ok();
@@ -7480,7 +7481,7 @@ describe('Gun', function(){
 			var u;
 			var gun = Gun(gopt);
 			var game = gun.get('game1/players');
-			var me = game.path('player1').val(function(val){
+			var me = game.path('player1').once(function(val){
 				if(!done.c){ done.fail = true }
 				expect(val).to.not.be(u);
 				expect(val.x).to.be(0);
@@ -7532,7 +7533,7 @@ describe('Gun', function(){
 			var u;
 			var gun = Gun(gopt).opt({init: true});
 			var game = gun.get('game4/players').init();
-			var me = game.path('player4').init().path('alias').init().put({oh: 'awesome'}).val(function(val, field){
+			var me = game.path('player4').init().path('alias').init().put({oh: 'awesome'}).once(function(val, field){
 				expect(val.oh).to.be('awesome');
 				expect(field).to.be('alias');
 				done();
@@ -7559,7 +7560,7 @@ describe('Gun', function(){
 			var chat = gun.get('example/chat/data/graph/field').not(function(key){
 				gun.put({1: {who: 'Welcome', what: "to the chat app!", when: 1}}).key(key);
 			});
-			chat.map().val(function renderToDo(val, field){
+			chat.map().once(function renderToDo(val, field){
 				expect(field).to.be.ok();
 				expect(val.who).to.be.ok();
 				expect(val.when).to.be.ok();
@@ -7670,7 +7671,7 @@ describe('Gun', function(){
 			var chat = gun.get('example/chat/data/graph/field').not(function(key){
 				gun.put({1: {who: 'Welcome', what: "to the chat app!", when: 1}}).key(key);
 			});
-			chat.map().val(function renderToDo(val, field){
+			chat.map().once(function renderToDo(val, field){
 				//console.log("ALICE", field, val);
 				expect(field).to.be.ok();
 				expect(val.who).to.be.ok();
@@ -7684,7 +7685,7 @@ describe('Gun', function(){
 					//console.log("BOB's key", key);
 					gun2.put({1: {who: 'Welcome', what: "to the chat app!", when: 1}}).key(key);
 				});
-				chat2.map().val(function renderToDo(val, field){
+				chat2.map().once(function renderToDo(val, field){
 					//console.log("BOB", field, val);
 					expect(field).to.be.ok();
 					expect(val.who).to.be.ok();
@@ -7712,7 +7713,7 @@ describe('Gun', function(){
 
 			// Test set with new object
 			var alan = users.set({name: 'alan', birth: Math.random()}).key('person/alan');
-			alan.val(function(alan) {
+			alan.once(function(alan) {
 				// Test set with node
 				dave.path('friends').set(alan);
 			});
@@ -7734,7 +7735,7 @@ describe('Gun', function(){
 			alice.path('team').put(team);
 			bob.path('team').put(team);
 
-			dave.path('friends').map().path('team.members').map().val(function(member){
+			dave.path('friends').map().path('team.members').map().once(function(member){
 				//console.log("Dave's friend is on a team that has", member.name, "on it.");
 				if('alice' === member.name){
 					done.alice = true;
@@ -7775,14 +7776,14 @@ describe('Gun', function(){
 		it("get context", function(done){ // TODO: HUH?????? This was randomly causing errors?
 			var gun = Gun();
 			var ref = gun.get('ctx/lol').get('ctx/foo').put({hello: 'world'});
-			gun.get('ctx/lol').val(function(implicit){
+			gun.get('ctx/lol').once(function(implicit){
 				done.fail = true;
 				expect(implicit).to.not.be.ok();
 			});
 			gun.get('ctx/lol').not(function(){
 				done.please = true;
 			});
-			gun.get('ctx/foo').val(function(data){
+			gun.get('ctx/foo').once(function(data){
 				expect(data.hello).to.be('world');
 				expect(done.fail).to.not.be.ok();
 				expect(done.please).to.be.ok();
@@ -7794,7 +7795,7 @@ describe('Gun', function(){
 			var gun = Gun();
 			gun.get('users/cv').set(gun.put({name: 'alice'}));
 			gun.get('users/cv').set(gun.put({name: 'bob'}));;
-			gun.get('users/cv').val().map(function(person){
+			gun.get('users/cv').once().map(function(person){
 				if(person.name === 'alice'){
 					done.alice = true;
 				}
@@ -7861,12 +7862,12 @@ describe('Gun', function(){
         });
         setTimeout(function(){
 
-	        //list.path('next').val('wat');
+	        //list.path('next').once('wat');
 
 	        //console.log("!!!!!!", gun.__.graph);
 
 	        // try to read the third item
-	        list.path('next.to').val(function () { // TODO: BUG! If this is 'next.next' as with the data, then it fails.
+	        list.path('next.to').once(function () { // TODO: BUG! If this is 'next.next' as with the data, then it fails.
 	            done();
 	        });
       	},100);
@@ -7920,7 +7921,7 @@ describe('Gun', function(){
 				BSMI.path(path).put({status:false});
 			});
 			setTimeout(function(){
-				BSMI.path(allPaths[0]).val(function(a,b,c){
+				BSMI.path(allPaths[0]).once(function(a,b,c){
 					expect(a.a).to.be(1);
 					expect(a.b).to.be(2);
 					expect(a.c).to.be(3);
@@ -7950,7 +7951,7 @@ describe('Gun', function(){
     it("Don't put on parents", function(done){ // TODO: ADD TO 0.5 BRANCH! // Another Stefdv find.
 			var test = gun.get('test');
 			test.path('try.this.at.lvl4').put({msg:'hoi'})
-			test.val(function(node,b){
+			test.once(function(node,b){
 				delete node._;
 				expect(Gun.obj.empty(node, 'try')).to.be.ok();
 				node = Gun.obj.copy(gun.__.graph[Gun.val.link.is(node.try)]);
@@ -7986,7 +7987,7 @@ describe('Gun', function(){
         var world = 0;
         player.path("id").put(id);
         player.path("world_id").put(world);
-	    }).val(function(data){
+	    }).once(function(data){
         //console.log("we have value!", data);
         expect(done.not).to.be.ok();
         expect(data).to.be('fluffy');
@@ -8010,7 +8011,7 @@ describe('Gun', function(){
 		// 3: bacon
 		// 9: `.not`
 
-		depp.path('spouse.pet.name').val().on(log);
+		depp.path('spouse.pet.name').once().on(log);
 		// 0: fluffy
 		// 1: fluff
 		*/
@@ -8051,7 +8052,7 @@ describe('Gun', function(){
 				ctx.length = i;
 			}
 			ctx.get.fake = Gun.is.node.ify(ctx.get.fake, 'big');
-			var big = peer.put(ctx.get.fake).val(function(val){
+			var big = peer.put(ctx.get.fake).once(function(val){
 				ref = val;
 				ctx.get({'#': 'big'}, function(err, graph){
 					if(Gun.obj.empty(graph)){ done() }
@@ -8062,7 +8063,7 @@ describe('Gun', function(){
 
 		it('map chain', function(done){
 			var set = gun.put({a: {here: 'you'}, b: {go: 'dear'}, c: {sir: '!'} });
-			set.map().val(function(obj, field){
+			set.map().once(function(obj, field){
 				if(obj.here){
 					done.a = obj.here;
 					expect(obj.here).to.be('you');
@@ -8091,7 +8092,7 @@ describe('Gun', function(){
 					pet: {coat: "tux", name: "Casper"}
 				}
 			});
-			set.map().path('pet').val(function(obj, field){
+			set.map().path('pet').once(function(obj, field){
 				if(obj.name === 'Hobbes'){
 					done.hobbes = obj.name;
 					expect(obj.name).to.be('Hobbes');
@@ -8154,7 +8155,7 @@ describe('Gun', function(){
 
 		it('get val', function(done){
 			this.timeout(ctx.gen * ctx.extra);
-			g().get('big').val(function(obj){
+			g().get('big').once(function(obj){
 				delete obj._;
 				expect(obj.f1).to.be(1);
 				expect(obj['f' + ctx.length]).to.be(ctx.length);
@@ -8169,7 +8170,7 @@ describe('Gun', function(){
 		it('get big map val', function(done){
 			this.timeout(ctx.gen * ctx.extra);
 			var test = {c: 0, seen: {}};
-			g().get('big').map().val(function(val, field){
+			g().get('big').map().once(function(val, field){
 				if(test.seen[field]){ return }
 				test.seen[field] = true;
 				delete val._;
@@ -8192,7 +8193,7 @@ describe('Gun', function(){
 			chat.put({random5: {who: 'mark', what: "5", when: 5}});
 			var seen = {1: false, 2: false, 3: false, 4: false, 5: false}
 			setTimeout(function(){
-				chat.map(function(m){ }).val(function(msg, field){
+				chat.map(function(m){ }).once(function(msg, field){
 					var msg = Gun.obj.copy(msg);
 					if(msg.what){
 						expect(msg.what).to.be.ok();
diff --git a/test/mocha.html b/test/mocha.html
index ac1e3e17..db231f5a 100644
--- a/test/mocha.html
+++ b/test/mocha.html
@@ -18,7 +18,7 @@
 		<script></script>
 		<script src="../gun.js"></script>
 		<!-- script
-			src="https://cdn.jsdelivr.net/npm/gun@0.9.99999/sea.js">
+			src="https://cdn.jsdelivr.net/npm/gun/sea.js">
 		</script -->
 		<script 
 			src="../sea.js">
diff --git a/test/sea/sea.js b/test/sea/sea.js
index 297270a6..4a6836f7 100644
--- a/test/sea/sea.js
+++ b/test/sea/sea.js
@@ -1,20 +1,28 @@
 var root;
 var Gun;
-(function(env){
-  root = env.window ? env.window : global;
+(function(){
+  var env;
+  if(typeof global !== 'undefined'){ env = global }
+  if(typeof window !== 'undefined'){ env = window }
+  root = env.window? env.window : global;
   try{ env.window && root.localStorage && root.localStorage.clear() }catch(e){}
   try{ require('fs').unlinkSync('data.json') }catch(e){}
   //root.Gun = root.Gun || require('../gun');
   if(root.Gun){
+    root.Gun = root.Gun;
+    root.Gun.TESTING = true;
+  } else {
+    root.Gun = require('../../gun');
+    root.Gun.TESTING = true;
+    //require('../lib/file');
+    require('../lib/store');
+    require('../lib/rfs');
+  }
+
+  if(root.Gun.SEA){
     //Gun = root.Gun = root.Gun;
   } else {
     var expect = global.expect = require("../expect");
-    root.Gun = require('../../gun');
-    //Gun.serve = require('../../lib/serve');
-    //require('./s3');
-    //require('./uws');
-    //require('./wsp/server');
-    require('../../lib/file');
     require('../../sea.js');
   }
 }(this));
@@ -22,145 +30,153 @@ var Gun;
 ;(function(){
 Gun = root.Gun
 var SEA = Gun.SEA
-
 if(!SEA){ return }
 
 describe('SEA', function(){
   var user;
   var gun;
+  var pub;
   describe('Utility', function(){
 
-    it('quickstart', async function(done){
-      var pair = await SEA.pair();
-      var enc = await SEA.encrypt('hello self', pair);
-      var data = await SEA.sign(enc, pair);
-      var msg = await SEA.verify(data, pair.pub);
-      var dec = await SEA.decrypt(msg, pair);
+    it('quickstart', function(done){
+      SEA.pair(function(pair){
+      SEA.encrypt('hello self', pair, function(enc){
+      SEA.sign(enc, pair, function(data){
+      SEA.verify(data, pair.pub, function(msg){
+      SEA.decrypt(msg, pair, function(dec){
       expect(dec).to.be('hello self');
-      var proof = await SEA.work(dec, pair);
-      var check = await SEA.work('hello self', pair);
+      SEA.work(dec, pair, function(proof){
+      SEA.work('hello self', pair, function(check){
       expect(proof).to.be(check);
-      var alice = await SEA.pair();
-      var bob = await SEA.pair();
-      var enc = await SEA.encrypt('shared data', await SEA.secret(bob.epub, alice));
-      var dec = await SEA.decrypt(enc, await SEA.secret(alice.epub, bob));
+      SEA.pair(function(alice){
+      SEA.pair(function(bob){
+      SEA.secret(bob.epub, alice, function(aes){
+      SEA.encrypt('shared data', aes, function(enc){
+      SEA.secret(alice.epub, bob, function(aes){
+      SEA.decrypt(enc, aes, function(dec){
       expect(dec).to.be('shared data');
       done();
+      });});});});});});});});});});});});});
     })
 
-    it('quickwrong', async function(done){
-      var alice = await SEA.pair();
-      var bob = await SEA.pair();
-      var data = await SEA.sign('asdf', alice);
-      var msg = await SEA.verify(data, bob.pub);
+    it('quickwrong', function(done){
+      SEA.pair(function(alice){
+      SEA.pair(function(bob){
+      SEA.sign('asdf', alice, function(data){
+      SEA.verify(data, bob.pub, function(msg){
       expect(msg).to.be(undefined);
-      var msg = await SEA.verify(data+1, alice.pub);
+      SEA.verify(data+1, alice.pub, function(msg){
       expect(msg).to.be(undefined);
 
-      var enc = await SEA.encrypt('secret', alice);
-      var dec = await SEA.decrypt(enc, bob);
+      SEA.encrypt('secret', alice, function(enc){
+      SEA.decrypt(enc, bob, function(dec){
       expect(dec).to.be(undefined);
-      var dec = await SEA.decrypt(enc+1, alice);
+      SEA.decrypt(enc+1, alice, function(dec){
       expect(dec).to.be(undefined);
       done();
+      });});});});});});});});
     })
 
-    it('types', async function(done){
-      var pair = await SEA.pair(), s, v;
-      s = await SEA.sign(null, pair);
-      v = await SEA.verify(s, pair);
+    it('types', function(done){
+      var pair, s, v;
+      SEA.pair(function(pair){
+      SEA.sign(null, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(null).to.be(v);
-      s = await SEA.sign(true, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(true, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(true).to.be(v);
-      s = await SEA.sign(false, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(false, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(false).to.be(v);
-      s = await SEA.sign(0, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(0, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(0).to.be(v);
-      s = await SEA.sign(1, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(1, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(1).to.be(v);
-      s = await SEA.sign(1.01, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(1.01, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect(1.01).to.be(v);
-      s = await SEA.sign('', pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign('', pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect('').to.be(v);
-      s = await SEA.sign('a', pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign('a', pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect('a').to.be(v);
-      s = await SEA.sign([], pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign([], pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect([]).to.eql(v);
-      s = await SEA.sign([1], pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign([1], pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect([1]).to.eql(v);
-      s = await SEA.sign({}, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign({}, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect({}).to.eql(v);
-      s = await SEA.sign({a:1}, pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign({a:1}, pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect({a:1}).to.eql(v);
-      s = await SEA.sign(JSON.stringify({a:1}), pair);
-      v = await SEA.verify(s, pair);
+      SEA.sign(JSON.stringify({a:1}), pair, function(s){
+      SEA.verify(s, pair, function(v){
       expect({a:1}).to.eql(v);
       done();
+      });});});});});});});});});});});});});});});});});});});});});});});});});});});
     })
 
-    it('atypes', async function(done){
-      var pair = await SEA.pair(), s, v;
-      s = await SEA.encrypt(null, pair);
-      v = await SEA.decrypt(s, pair);
+    it('atypes', function(done){
+      var pair, s, v;
+      SEA.pair(function(pair){
+      SEA.encrypt(null, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(null).to.be(v);
-      s = await SEA.encrypt(true, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(true, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(true).to.be(v);
-      s = await SEA.encrypt(false, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(false, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(false).to.be(v);
-      s = await SEA.encrypt(0, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(0, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(0).to.be(v);
-      s = await SEA.encrypt(1, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(1, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(1).to.be(v);
-      s = await SEA.encrypt(1.01, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(1.01, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect(1.01).to.be(v);
-      s = await SEA.encrypt('', pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt('', pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect('').to.be(v);
-      s = await SEA.encrypt('a', pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt('a', pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect('a').to.be(v);
-      s = await SEA.encrypt([], pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt([], pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect([]).to.eql(v);
-      s = await SEA.encrypt([1], pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt([1], pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect([1]).to.eql(v);
-      s = await SEA.encrypt({}, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt({}, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect({}).to.eql(v);
-      s = await SEA.encrypt({a:1}, pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt({a:1}, pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect({a:1}).to.eql(v);
-      s = await SEA.encrypt(JSON.stringify({a:1}), pair);
-      v = await SEA.decrypt(s, pair);
+      SEA.encrypt(JSON.stringify({a:1}), pair, function(s){
+      SEA.decrypt(s, pair, function(v){
       expect({a:1}).to.eql(v);
       done();
+      });});});});});});});});});});});});});});});});});});});});});});});});});});});
     })
     
-    it('legacy', async function(done){
+    it('legacy', function(done){ (async function(){
       var pw = 'test123';
       // https://cdn.jsdelivr.net/npm/gun@0.9.99999/sea.js !
       var old = JSON.parse(atob("eyJfIjp7IiMiOiJ+TkJhdDdKeUk0REw1ZDlPMEZNbWVFN0RacVZRZUVPblhKcldycDVUUGlyMC5PckV6WVIwc3h0NHRtV0tiajFQdHRaeW1HUmdyc1FVVDNHaTk1UE9vMUdBIiwiPiI6eyJwdWIiOjEsImFsaWFzIjoxLCJlcHViIjoxLCJhdXRoIjoxfX0sInB1YiI6Ik5CYXQ3SnlJNERMNWQ5TzBGTW1lRTdEWnFWUWVFT25YSnJXcnA1VFBpcjAuT3JFellSMHN4dDR0bVdLYmoxUHR0WnltR1JncnNRVVQzR2k5NVBPbzFHQSIsImFsaWFzIjoiU0VBe1wibVwiOlwiXFxcImJvYlxcXCJcIixcInNcIjpcIt4uXFx1MDAwNCpbcECT/sxe83eYe/M+bmBF+q5dQr7eYELndMJkXFx1MDAwYlxcbtFu6HNWUKh6XFxyfrWqwcRcXHUwMDE1e3BMv2poWlxcYktcXHUwMDEzZ5H/Z5VcIn0iLCJlcHViIjoiU0VBe1wibVwiOlwiXFxcIkdJUGY2dl8zeV9DZUpQMWtFZkt2OWpmZ3QwT2ZGeDRycHBKS01wSE9MLVEuTmM2dElDUlpwbGwxMG45V2NsRzhXNC1tdDFXZnI2cmh3c0JyN1pRTlduY1xcXCJcIixcInNcIjpcIlxcdTAwMTZcXHUwMDAwzVxcdTAwMGahrvVcXHUwMDBm9y77iP1V3IhkWOajKMxcXHUwMDEy/VxcdTAwMDHN+VxcbozxNWRcXHUwMDA1Zej5XFx1MDAwMpSOXFx1MDAwNny4IclB+lxcdTAwMWTgoXnR8S1OyuZcXHUwMDAx9PqwXFxiXFx1MDAwMFF3XCJ9IiwiYXV0aCI6IlNFQXtcIm1cIjpcIntcXFwiZWtcXFwiOlxcXCJTRUF7XFxcXFxcXCJjdFxcXFxcXFwiOlxcXFxcXFwiXFxcXFxcXFx1MDAwMGvAI6W0L03DwFxcXFxcXFxcdTAwMDZcXFxcXFxcXHUwMDA0ZibqQdE0XFxcXFxcXFx1MDAxY4VvtTZcXFxcXFxcXG7xXfBcXFxcXFxcXHUwMDAzo5xcXFxcXFxcXHUwMDE3XFxcXFxcXFx1MDAwMf9PXFxcXFxcXFx1MDAxMJhnXFxcXFxcXFx1MDAwNccti2pifouBhtu7qcw4/mPs1SHS4uyBTo1RTuReXFxcXFxcXFx1MDAxMK9W4clcXFxcXFxcXHUwMDBmYt1oSIRcXFxcXFxcXHUwMDE4PF5gxoRS2UYtV/1LwHn1SlxcXFxcXFxcXFxcXFxcXFyYuFU3cUVf09/AXFxcXFxcXFx1MDAwZlxcXFxcXFxcdTAwMDRQN8RlXFxcXFxcXFx1MDAwNlxcXFxcXFxcdTAwMGXM4G3fXFxcXFxcXFx1MDAxZt+eRoV9XFxcXFxcXCIsXFxcXFxcXCJpdlxcXFxcXFwiOlxcXFxcXFwiVU5Lv+Zko1xcXFxcXFxcdTAwMDOt1ET2JHhcXFxcXFxcXHUwMDE1/1xcXFxcXFwiLFxcXFxcXFwic1xcXFxcXFwiOlxcXFxcXFwiz0VOO9GwaJlcXFxcXFxcIn1cXFwiLFxcXCJzXFxcIjpcXFwiZ0F4TFJpa2dEakIzbXJDNGpucUFRak5NNEZXemF0a1Eyb2xDR2Z5TTc2amg3azNEUzAyRlp1MEV1eWg2RGFITlxcXCJ9XCIsXCJzXCI6XCKze+BcXHUwMDBilPlcXHUwMDA2z1srodVcXHUwMDA0P1xcXCJcXFwib2rndUadtqJcXHUwMDE2bFtf0PSvJNdcXHUwMDE2Y71nnlxcdTAwMWOZXFx1MDAwN1xcdTAwMTlcXHUwMDE36NZcXHUwMDA0Uk7DQK/y/oixrIr1XFx1MDAxZnVcXHUwMDE3oCBhXCJ9In0="));
       var okey = {"pub":"NBat7JyI4DL5d9O0FMmeE7DZqVQeEOnXJrWrp5TPir0.OrEzYR0sxt4tmWKbj1PttZymGRgrsQUT3Gi95POo1GA","epub":"GIPf6v_3y_CeJP1kEfKv9jfgt0OfFx4rppJKMpHOL-Q.Nc6tICRZpll10n9WclG8W4-mt1Wfr6rhwsBr7ZQNWnc","priv":"leIA-BOFLECsOOdT_B8B0s1Ii0VHZZGlHz8q_dK-xLs","epriv":"1BTJpYdwSLesrtuB7pYQdsrFHsxKSJ-d9PXt2qp6NyQ"}
       var auth = await SEA.verify(old.auth, old.pub);
       var proof = await SEA.work(pw, auth.s, null, {encode: 'utf8'});
-      var dec = await SEA.decrypt(auth.ek, proof);
+      var dec = await SEA.decrypt(auth.ek, proof, null);
       expect(dec.priv).to.be(okey.priv);
       expect(dec.epriv).to.be(okey.epriv);
 
@@ -177,37 +193,130 @@ describe('SEA', function(){
         expect(ack.err).to.not.be.ok();
         done();
       });
-      console.log("+", gun._);
-    })
+    }())})
+    
+    it('legacy []', function(done){ (async function(){
+      var pw = 'test123';
+      // https://cdn.jsdelivr.net/npm/gun@0.9.99999/sea.js !
+      var old = JSON.parse(atob("eyJfIjp7IiMiOiJ+VThkS0dySFJhX01sMFZ1YlR5OUZBYTlQS1ZlYlh0eTFjS05zWWxnYjduNC5QeVd5cUVVb0ZpYVduUElOV0Nad0xBbzFobjN1MldPWTU3SzZHZnpsNjhVIiwiPiI6eyJwdWIiOjE1NDY5MDI1MDQ5NzksImFsaWFzIjoxNTQ2OTAyNTA0OTc5LCJlcHViIjoxNTQ2OTAyNTA0OTc5LCJhdXRoIjoxNTQ2OTAyNTA0OTc5fX0sInB1YiI6IlU4ZEtHckhSYV9NbDBWdWJUeTlGQWE5UEtWZWJYdHkxY0tOc1lsZ2I3bjQuUHlXeXFFVW9GaWFXblBJTldDWndMQW8xaG4zdTJXT1k1N0s2R2Z6bDY4VSIsImFsaWFzIjoiU0VBe1wibVwiOltcIn5VOGRLR3JIUmFfTWwwVnViVHk5RkFhOVBLVmViWHR5MWNLTnNZbGdiN240LlB5V3lxRVVvRmlhV25QSU5XQ1p3TEFvMWhuM3UyV09ZNTdLNkdmemw2OFVcIixcImFsaWFzXCIsXCJhbGljZVwiLDE1NDY5MDI1MDQ5NzldLFwic1wiOlwienpuaGtIZjhZdFpZM2lGd3FVd0lJUldMTjhZMmlHbmNkcnVTaStGNDNmU1BLYWpSZlI0VzhXVHM4bElSMDBndGJmTWJxS0NjQkpGN3VNSkdGRC9WV2c9PVwifSIsImVwdWIiOiJTRUF7XCJtXCI6W1wiflU4ZEtHckhSYV9NbDBWdWJUeTlGQWE5UEtWZWJYdHkxY0tOc1lsZ2I3bjQuUHlXeXFFVW9GaWFXblBJTldDWndMQW8xaG4zdTJXT1k1N0s2R2Z6bDY4VVwiLFwiZXB1YlwiLFwiRkRzM1VvNTNFZEp6eFNocEpDaVctRGZPQ3lUS0M2U3cxeS1PZVJxam5ZRS5xVGdyYTlFQk1maEpNdVlMVmNaejRZYklLRm85enNBMHpMcV82dEVPMHI0XCIsMTU0NjkwMjUwNDk3OV0sXCJzXCI6XCJPZzRVVjY4OTluSjE4dC9ybWVnV0lkdnNqN01KaEpFc29ranZYQmdteVVRUXVNVjFTdnh4cXJqOFoyV1o2Q25XSkZnTlVDbEVYYWxuMURjUFE3M1R6UT09XCJ9IiwiYXV0aCI6IlNFQXtcIm1cIjpbXCJ+VThkS0dySFJhX01sMFZ1YlR5OUZBYTlQS1ZlYlh0eTFjS05zWWxnYjduNC5QeVd5cUVVb0ZpYVduUElOV0Nad0xBbzFobjN1MldPWTU3SzZHZnpsNjhVXCIsXCJhdXRoXCIsXCJ7XFxcImVrXFxcIjpcXFwiU0VBe1xcXFxcXFwiY3RcXFxcXFxcIjpcXFxcXFxcIi94ZnNPdVNkQUtrNkJiR00zbUV6MnVlSjI3Y0tJNThYMEtUL1FsaExSZXpWcjRkNzVZb2M5QlZNRjkzejl4QXI4N080S2FDNjJUWGVoeERQN0FFa2V4N1paaEpYL2hsVm9kK1FIcVFaaUZMK2lVQzFvL2hpUEJGWElBZmtINGRrcklGOFdqcEVaU3NIVmRSOVRhY2ZzbTB3aHN5NGJXN1ZLSEUySGc9PVxcXFxcXFwiLFxcXFxcXFwiaXZcXFxcXFxcIjpcXFxcXFxcIjhWekduTStEc1lTUktIU3Z4cSszTGc9PVxcXFxcXFwiLFxcXFxcXFwic1xcXFxcXFwiOlxcXFxcXFwibVVSSlJ4TzUvdXM9XFxcXFxcXCJ9XFxcIixcXFwic1xcXCI6XFxcImE1SlA3VFpuVE9jYjEwMGJOejlscEU4dnpqcUE3TWl0NHcwN3pjQTdIOFV0bml1WnVHSmdpZnNNQlFNSGdRdE5cXFwifVwiLDE1NDY5MDI1MDQ5NzldLFwic1wiOlwiSGFzMytJaHFEZTYyN016cElXZVE1cVFrZ2NOMlk3WHRpNGw0TFU3T2JyaktxSlBnSllrVWE2bk9YdlRmQkFzV1BPVzVnemh4Q2RPVGNFQm5icWlpWXc9PVwifSJ9"));
+      var okey = {"pub":"U8dKGrHRa_Ml0VubTy9FAa9PKVebXty1cKNsYlgb7n4.PyWyqEUoFiaWnPINWCZwLAo1hn3u2WOY57K6Gfzl68U","epub":"FDs3Uo53EdJzxShpJCiW-DfOCyTKC6Sw1y-OeRqjnYE.qTgra9EBMfhJMuYLVcZz4YbIKFo9zsA0zLq_6tEO0r4","priv":"jMy7WfcldJ4esZEijAj4LTb99smtY_H0yKJLemJl2HI","epriv":"1DszMh-85pGTPLYtRunG-Q-xB78AE4k07PPkbedYYwk"}
+
+      var gun = Gun(), tmp = Gun.node.soul(old);
+      var graph = {};
+      graph[tmp] = old;
+      var alias = SEA.opt.unpack(await SEA.verify(old.alias, false), 'alias', old);
+      expect(alias).to.be('alice');
+      alias = Gun.state.ify({}, tmp, 1, Gun.val.rel.ify(tmp), tmp = '~@'+alias);
+      graph[tmp] = alias;
+      gun.on('put', {$: gun, put: graph});
+      var use = gun.user();
+      use.auth('alice', 'test123', function(ack){
+        expect(ack.err).to.not.be.ok();
+        done();
+      });
+    }())})
+
+    it('JSON escape', function(done){
+      var plain = "hello world";
+      var json = JSON.stringify({hello:'world'});
+
+      var n1 = Gun.state.ify({}, 'key', 1, plain, 'soul');
+      var n2 = Gun.state.ify({}, 'key', 1, json, 'soul');
+      var tmp = SEA.opt.prep(plain, 'key', n1, 'soul');
+      expect(tmp[':']).to.be("hello world");
+      tmp = SEA.opt.prep(json, 'key', n2, 'soul');
+      expect(tmp[':'].hello).to.be("world");
+      tmp = SEA.opt.unpack(tmp);
+      expect(tmp.hello).to.be("world");
+      done();
+    });
+
+    it('double sign', function(done){ (async function(){
+      var pair = await SEA.pair();
+      var sig = await SEA.sign('hello world', pair);
+      var dup = await SEA.sign(sig, pair);
+      expect(dup).to.be(sig);
+
+      var json = JSON.stringify({hello:'world'});
+      var n1 = Gun.state.ify({}, 'key', 1, json, 'soul');
+      var sig = await SEA.sign(SEA.opt.prep(json, 'key', n1, 'soul'), pair, null, {raw:1 , check: SEA.opt.pack(json, 'key', n1, 'soul')});
+      var dup = await SEA.sign(SEA.opt.prep(sig, 'key', n1, 'soul'), pair, null, {raw:1 , check: SEA.opt.pack(sig, 'key', n1, 'soul')});
+      expect(dup).to.be.eql(sig);
+
+      var json = JSON.stringify({hello:'world'});
+      var n1 = Gun.state.ify({}, 'key', 1, json, 'soul');
+      var bob = await SEA.pair();
+      var sig = await SEA.sign(SEA.opt.prep(json, 'key', n1, 'soul'), bob, null, {raw:1 , check: SEA.opt.pack(json, 'key', n1, 'soul')});
+      var dup = await SEA.sign(SEA.opt.prep(sig, 'key', n1, 'soul'), pair, null, {raw:1 , check: SEA.opt.pack(sig, 'key', n1, 'soul')});
+      expect(dup).to.not.be.eql(sig);
+
+      var json = JSON.stringify({hello:'world'});
+      var bob = await SEA.pair();
+      var sig = await SEA.sign(json, bob);
+      var dup = await SEA.sign(sig, pair);
+      expect(dup).to.not.be.eql(sig);
+      done();
+    }())})
   });
 
   describe('User', function(){
-
     it('is instantiable', function(done){
       gun = Gun();
-      user = window.user = gun.user();
+      user = gun.user();
       done();
     })
 
     it('register users', function(done){
-      /*var p = SEA.pair;
-      SEA.pair = async function(a,b,c,d){
-        var r = await p(a,b,c,d);
-        console.log("++++++++++++", r);
-        return r;
-      }*/
-      user.create('alice', 'test123', function(ack){
+      user.create('carl', 'test123', function(ack){
+        pub = '~'+ack.pub;
         expect(ack.err).to.not.be.ok();
-        setTimeout(done, 30)
+        done();
       })
     })
 
     it('login users', function(done){
-      user.auth('alice', 'test123', function(ack){
+      user.auth('carl', 'test123', function(ack){
         expect(ack.err).to.not.be.ok();
         done()
       })
     })
+
+    it('save data', function(done){
+      user.get('a').get('b').put(0, function(ack){
+        expect(ack.err).to.not.be.ok();
+        done();
+      });
+    })
+
+    it('read data', function(done){
+      user.get('a').get('b').once(function(data){
+        expect(data).to.be(0);
+        done();
+      });
+    })
+
+    it('refresh login', function(done){
+      gun = Gun();
+      user = gun.user();
+      user.auth('carl', 'test123', function(ack){
+        expect(ack.err).to.not.be.ok();
+        done()
+      })
+    })
+
+    it('gun put JSON', function(done){
+      gun.get('x').get('y').put(JSON.stringify({hello:'world'}), function(ack){
+        expect(ack.err).to.not.be.ok();
+        done();
+      });
+    })
+
+    it('gun get JSON', function(done){
+      gun.get('x').get('y').once(function(data){
+        expect(data).to.be(JSON.stringify({hello:'world'}));
+        done();
+      });
+    })
   });
 
 })

From 8b7c963463252d1e3c94fd211fb083017596e986 Mon Sep 17 00:00:00 2001
From: Mark Nadal <mark@accelsor.com>
Date: Wed, 9 Jan 2019 17:34:10 -0800
Subject: [PATCH 4/5] HUGE LEAP into THE SEA

---
 sea/create.js   |  25 +++++------
 sea/decrypt.js  |  32 +++++++-------
 sea/encrypt.js  |  17 ++++---
 sea/index.js    | 115 +++++++++++++++++++++++++-----------------------
 sea/pair.js     |  17 ++++---
 sea/parse.js    |  11 -----
 sea/secret.js   |  38 ++++++++--------
 sea/settings.js |  60 ++++++++++++-------------
 sea/sha256.js   |  15 +++----
 sea/shim.js     |  12 +++--
 sea/sign.js     |  25 ++++++++---
 sea/verify.js   |  76 ++++++++++++++++++++------------
 sea/work.js     |  14 +++---
 13 files changed, 236 insertions(+), 221 deletions(-)
 delete mode 100644 sea/parse.js

diff --git a/sea/create.js b/sea/create.js
index 44a6a524..e0946b40 100644
--- a/sea/create.js
+++ b/sea/create.js
@@ -45,19 +45,19 @@
         }
         // the user's public key doesn't need to be signed. But everything else needs to be signed with it! // we have now automated it! clean up these extra steps now!
         act.data = {pub: pair.pub};
-        SEA.sign(alias, pair, act.d); 
+        act.d();
       }
-      act.d = function(sig){
-        act.data.alias = alias || sig;
-        SEA.sign(act.pair.epub, act.pair, act.e);
+      act.d = function(){
+        act.data.alias = alias;
+        act.e();
       }
-      act.e = function(epub){
-        act.data.epub = act.pair.epub || epub; 
-        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, act.proof, act.f); // to keep the private key safe, we AES encrypt it with the proof of work!
+      act.e = function(){
+        act.data.epub = act.pair.epub; 
+        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, act.proof, act.f, {raw:1}); // to keep the private key safe, we AES encrypt it with the proof of work!
       }
       act.f = function(auth){
         act.data.auth = JSON.stringify({ek: auth, s: act.salt}); 
-        SEA.sign({ek: auth, s: act.salt}, act.pair, act.g);
+        act.g(act.data.auth);
       }
       act.g = function(auth){ var tmp;
         act.data.auth = act.data.auth || auth;
@@ -104,7 +104,7 @@
       }
       act.c = function(auth){
         if(u === auth){ return act.b() }
-        if(Gun.text.is(auth)){ return act.c(Gun.obj.ify(auth)) } // new format
+        if(Gun.text.is(auth)){ return act.c(Gun.obj.ify(auth)) } // in case of legacy
         SEA.work(pass, (act.auth = auth).s, act.d, act.enc); // the proof of work is evidence that we've spent some time/effort trying to log in, this slows brute force.
       }
       act.d = function(proof){
@@ -137,7 +137,7 @@
         user.is = {pub: pair.pub, epub: pair.epub, alias: alias};
         at.sea = act.pair;
         cat.ing = false;
-        if(pass && !Gun.text.is(act.data.auth)){ opt.shuffle = opt.change = pass; } // migrate UTF8 + Shuffle! Test against NAB alias test_sea_shuffle + passw0rd
+        try{if(pass && !Gun.obj.has(Gun.obj.ify(cat.root.graph['~'+pair.pub].auth), ':')){ opt.shuffle = opt.change = pass; } }catch(e){} // migrate UTF8 & Shuffle!
         opt.change? act.z() : cb(at);
         if(SEA.window && ((gun.back('user')._).opt||opt).remember){
           // TODO: this needs to be modular.
@@ -161,18 +161,17 @@
         SEA.work(opt.change, act.salt, act.y);
       }
       act.y = function(proof){
-        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, proof, act.x);
+        SEA.encrypt({priv: act.pair.priv, epriv: act.pair.epriv}, proof, act.x, {raw:1});
       }
       act.x = function(auth){
         act.w(JSON.stringify({ek: auth, s: act.salt}));
-        //SEA.sign({ek: auth, s: act.salt}, act.pair, act.w);
       }
       act.w = function(auth){
         if(opt.shuffle){ // delete in future!
+          console.log('migrate core account from UTF8 & shuffle');
           var tmp = Gun.obj.to(act.data);
           Gun.obj.del(tmp, '_');
           tmp.auth = auth;
-          console.log('migrate core account from UTF8 & shuffle', tmp);
           root.get('~'+act.pair.pub).put(tmp);
         } // end delete
         root.get('~'+act.pair.pub).get('auth').put(auth, cb);
diff --git a/sea/decrypt.js b/sea/decrypt.js
index c815e3d3..736fd4cc 100644
--- a/sea/decrypt.js
+++ b/sea/decrypt.js
@@ -3,7 +3,6 @@
     var shim = require('./shim');
     var S = require('./settings');
     var aeskey = require('./aeskey');
-    var parse = require('./parse');
 
     SEA.decrypt = SEA.decrypt || (async (data, pair, cb, opt) => { try {
       opt = opt || {};
@@ -12,23 +11,26 @@
         pair = await SEA.I(null, {what: data, how: 'decrypt', why: opt.why});
         key = pair.epriv || pair;
       }
-      const json = parse(data)
-
-      var buf; try{buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
-      }catch(e){buf = shim.Buffer.from(json.s, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufiv; try{bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64') // NEW DEFAULT!
-      }catch(e){bufiv = shim.Buffer.from(json.iv, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-      var bufct; try{bufct = shim.Buffer.from(json.ct, opt.encode || 'base64') // NEW DEFAULT!
-      }catch(e){bufct = shim.Buffer.from(json.ct, 'utf8')} // AUTO BACKWARD OLD UTF8 DATA!
-
-      const ct = await aeskey(key, buf, opt)
-      .then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
-        name: opt.name || 'AES-GCM', iv: new Uint8Array(bufiv)
-      }, aes, new Uint8Array(bufct)))
-      const r = parse(new shim.TextDecoder('utf8').decode(ct))
+      var json = S.parse(data);
+      var buf, bufiv, bufct; try{
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64');
+        bufiv = shim.Buffer.from(json.iv, opt.encode || 'base64');
+        bufct = shim.Buffer.from(json.ct, opt.encode || 'base64');
+        var ct = await aeskey(key, buf, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).decrypt({  // Keeping aesKey scope as private as possible...
+          name: opt.name || 'AES-GCM', iv: new Uint8Array(bufiv)
+        }, aes, new Uint8Array(bufct)));
+      }catch(e){
+        if('utf8' === opt.encode){ throw "Could not decrypt" }
+        if(SEA.opt.fallback){
+          opt.encode = 'utf8';
+          return await SEA.decrypt(data, pair, cb, opt);
+        }
+      }
+      var r = S.parse(new shim.TextDecoder('utf8').decode(ct));
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
diff --git a/sea/encrypt.js b/sea/encrypt.js
index 0977f02f..dc31cc04 100644
--- a/sea/encrypt.js
+++ b/sea/encrypt.js
@@ -3,29 +3,32 @@
     var shim = require('./shim');
     var S = require('./settings');
     var aeskey = require('./aeskey');
+    var u;
 
     SEA.encrypt = SEA.encrypt || (async (data, pair, cb, opt) => { try {
       opt = opt || {};
       var key = (pair||opt).epriv || pair;
+      if(u === data){ throw '`undefined` not allowed.' }
       if(!key){
         pair = await SEA.I(null, {what: data, how: 'encrypt', why: opt.why});
         key = pair.epriv || pair;
       }
-      const msg = JSON.stringify(data)
-      const rand = {s: shim.random(8), iv: shim.random(16)};
-      const ct = await aeskey(key, rand.s, opt)
-      .then((aes) => (/*shim.ossl ||*/ shim.subtle).encrypt({ // Keeping the AES key scope as private as possible...
+      var msg = (typeof data == 'string')? data : JSON.stringify(data);
+      var rand = {s: shim.random(8), iv: shim.random(16)};
+      var ct = await aeskey(key, rand.s, opt).then((aes) => (/*shim.ossl ||*/ shim.subtle).encrypt({ // Keeping the AES key scope as private as possible...
         name: opt.name || 'AES-GCM', iv: new Uint8Array(rand.iv)
-      }, aes, new shim.TextEncoder().encode(msg)))
-      const r = 'SEA'+JSON.stringify({
+      }, aes, new shim.TextEncoder().encode(msg)));
+      var r = {
         ct: shim.Buffer.from(ct, 'binary').toString(opt.encode || 'base64'),
         iv: rand.iv.toString(opt.encode || 'base64'),
         s: rand.s.toString(opt.encode || 'base64')
-      });
+      }
+      if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
diff --git a/sea/index.js b/sea/index.js
index cf3cb07a..7478eca4 100644
--- a/sea/index.js
+++ b/sea/index.js
@@ -31,18 +31,21 @@
       // NOTE: THE SECURITY FUNCTION HAS ALREADY VERIFIED THE DATA!!!
       // WE DO NOT NEED TO RE-VERIFY AGAIN, JUST TRANSFORM IT TO PLAINTEXT.
       var to = this.to, vertex = (msg.$._).put, c = 0, d;
-      Gun.node.is(msg.put, function(val, key, node){ c++; // for each property on the node
-        // TODO: consider async/await use here...
+      Gun.node.is(msg.put, function(val, key, node){
+        // only process if SEA formatted?
+        var tmp = Gun.obj.ify(val) || noop;
+        if(u !== tmp[':']){
+          node[key] = SEA.opt.unpack(tmp);
+          return;
+        }
+        if(!SEA.opt.check(val)){ return }
+        c++; // for each property on the node
         SEA.verify(val, false, function(data){ c--; // false just extracts the plain data.
-          var tmp = data;
-          data = SEA.opt.unpack(data, key, node);
-          node[key] = val = data; // transform to plain value.
+          node[key] = SEA.opt.unpack(data, key, node);; // transform to plain value.
           if(d && !c && (c = -1)){ to.next(msg) }
         });
       });
-      d = true;
-      if(d && !c){ to.next(msg) }
-      return;
+      if((d = true) && !c){ to.next(msg) }
     }
 
     // signature handles data output, it is a proxy to the security function.
@@ -107,55 +110,44 @@
           if(key === Gun.val.link.is(val)){ return check['pubs'+soul+key] = 0 } // and the ID must be EXACTLY equal to its property
           each.end({err: "Alias must match!"}); // that way nobody can tamper with the list of public keys.
         };
-        each.pub = function(val, key, node, soul, pub, user){ // Example: {_:#~asdf, hello:SEA{'world',fdsa}}
+        each.pub = function(val, key, node, soul, pub, user){ var tmp; // Example: {_:#~asdf, hello:'world'~fdsa}}
           if('pub' === key){
             if(val === pub){ return (check['pub'+soul+key] = 0) } // the account MUST match `pub` property that equals the ID of the public key.
             return each.end({err: "Account must match!"});
           }
           check['user'+soul+key] = 1;
-          if(user && user.is && pub === user.is.pub){
-            //var id = Gun.text.random(3);
-            SEA.sign([soul, key, val, Gun.state.is(node, key)], (user._).sea, function(data){ var rel;
+          if(msg.I && user && user.is && pub === user.is.pub){
+            SEA.sign(SEA.opt.prep(tmp = SEA.opt.parse(val), key, node, soul), (user._).sea, function(data){ var rel;
               if(u === data){ return each.end({err: SEA.err || 'Pub signature fail.'}) }
               if(rel = Gun.val.link.is(val)){
                 (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
               }
-              node[key] = data;
+              node[key] = JSON.stringify({':': SEA.opt.unpack(data.m), '~': data.s});
               check['user'+soul+key] = 0;
               each.end({ok: 1});
-            });
-            // TODO: Handle error!!!!
+            }, {check: SEA.opt.pack(tmp, key, node, soul), raw: 1});
             return;
           }
-          SEA.verify(val, pub, function(data){ var rel, tmp;
+          SEA.verify(SEA.opt.pack(val,key,node,soul), pub, function(data){ var rel, tmp;
             data = SEA.opt.unpack(data, key, node);
             if(u === data){ // make sure the signature matches the account it claims to be on.
               return each.end({err: "Unverified data."}); // reject any updates that are signed with a mismatched account.
             }
-            if((rel = Gun.val.link.is(data)) && pub === relpub(rel)){
+            if((rel = Gun.val.link.is(data)) && pub === SEA.opt.pub(rel)){
               (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
             }
             check['user'+soul+key] = 0;
             each.end({ok: 1});
           });
         };
-        function relpub(s){
-          if(!s){ return }
-          s = s.split('~');
-          if(!s || !(s = s[1])){ return }
-          s = s.split('.');
-          if(!s || 2 > s.length){ return }
-          s = s.slice(0,2).join('.');
-          return s;
-        }
         each.any = function(val, key, node, soul, user){ var tmp, pub;
           if(!user || !user.is){
-            if(tmp = relpub(soul)){
+            if(tmp = SEA.opt.pub(soul)){
               check['any'+soul+key] = 1;
-              SEA.verify(val, pub = tmp, function(data){ var rel;
+              SEA.verify(SEA.opt.pack(val,key,node,soul), pub = tmp, function(data){ var rel;
                 data = SEA.opt.unpack(data, key, node);
                 if(u === data){ return each.end({err: "Mismatched owner on '" + key + "'."}) } // thanks @rogowski !
-                if((rel = Gun.val.link.is(data)) && pub === relpub(rel)){
+                if((rel = Gun.val.link.is(data)) && pub === SEA.opt.pub(rel)){
                   (at.sea.own[rel] = at.sea.own[rel] || {})[pub] = true;
                 }
                 check['any'+soul+key] = 0;
@@ -172,26 +164,21 @@
             //each.end({err: "Data cannot be modified."});
             return;
           }
-          if(!(tmp = relpub(soul))){
+          if(!(tmp = SEA.opt.pub(soul))){
             if(at.opt.secure){
               each.end({err: "Soul is missing public key at '" + key + "'."});
               return;
             }
-            if(val && val.slice && 'SEA{' === (val).slice(0,4)){
-              check['any'+soul+key] = 0;
-              each.end({ok: 1});
-              return;
-            }
-            //check['any'+soul+key] = 1;
-            //SEA.sign(val, user, function(data){
-             // if(u === data){ return each.end({err: 'Any signature failed.'}) }
-            //  node[key] = data;
-              check['any'+soul+key] = 0;
-              each.end({ok: 1});
-            //});
+            // TODO: Ask community if should auto-sign non user-graph data.
+            check['any'+soul+key] = 0;
+            each.end({ok: 1});
             return;
           }
-          if(!msg.I || (pub = tmp) !== (user.is||noop).pub){
+          if(!msg.I){ // only sign data put out from this instance.
+            each.any(val, key, node, soul);
+            return;
+          }
+          if((pub = tmp) !== (user.is||noop).pub){
             each.any(val, key, node, soul);
             return;
           }
@@ -203,12 +190,12 @@
             return;
           }*/
           check['any'+soul+key] = 1;
-          SEA.sign([soul, key, val, Gun.state.is(node, key)], (user._).sea, function(data){
+          SEA.sign(SEA.opt.prep(tmp = SEA.opt.parse(val), key, node, soul), (user._).sea, function(data){
             if(u === data){ return each.end({err: 'My signature fail.'}) }
-            node[key] = data;
+            node[key] = JSON.stringify({':': SEA.opt.unpack(data.m), '~': data.s});
             check['any'+soul+key] = 0;
             each.end({ok: 1});
-          });
+          }, {check: SEA.opt.pack(tmp, key, node, soul), raw: 1});
         }
         each.end = function(ctx){ // TODO: Can't you just switch this to each.end = cb?
           if(each.err){ return }
@@ -220,6 +207,7 @@
           if(Gun.obj.map(check, function(no){
             if(no){ return true }
           })){ return }
+          msg.user = at.user; // already been through firewall, does not need to again on out.
           to.next(msg);
         };
         Gun.obj.map(msg.put, each.node);
@@ -228,16 +216,35 @@
       }
       to.next(msg); // pass forward any data we do not know how to handle or process (this allows custom security protocols).
     }
-    SEA.opt.unpack = function(data, key, node){
-      if(u === data){ return }
-      if(data === node[key]){ return data }
-      if(data && data['#'] && rel_is(data) === rel_is(node[key])){ return data }
-      var tmp = data, soul = Gun.node.soul(node), s = Gun.state.is(node, key);
-      if(tmp && 4 === tmp.length && soul === tmp[0] && key === tmp[1] && fl(s) === fl(tmp[3])){
-        return tmp[2];
+    SEA.opt.pub = function(s){
+      if(!s){ return }
+      s = s.split('~');
+      if(!s || !(s = s[1])){ return }
+      s = s.split('.');
+      if(!s || 2 > s.length){ return }
+      s = s.slice(0,2).join('.');
+      return s;
+    }
+    SEA.opt.prep = function(d,k, n,s){ // prep for signing
+      return {'#':s,'.':k,':':SEA.opt.parse(d),'>':Gun.state.is(n, k)};
+    }
+    SEA.opt.pack = function(d,k, n,s){ // pack for verifying
+      if(SEA.opt.check(d)){ return d }
+      var meta = (Gun.obj.ify(d)||noop), sig = meta['~'];
+      return sig? {m: {'#':s,'.':k,':':meta[':'],'>':Gun.state.is(n, k)}, s: sig} : d;
+    }
+    SEA.opt.unpack = function(d, k, n){ var tmp;
+      if(u === d){ return }
+      if(d && (u !== (tmp = d[':']))){ return tmp }
+      if(!k || !n){ return }
+      if(d === n[k]){ return d }
+      if(!SEA.opt.check(n[k])){ return d }
+      var soul = Gun.node.soul(n), s = Gun.state.is(n, k);
+      if(d && 4 === d.length && soul === d[0] && k === d[1] && fl(s) === fl(d[3])){
+        return d[2];
       }
       if(s < SEA.opt.shuffle_attack){
-        return data;
+        return d;
       }
     }
     SEA.opt.shuffle_attack = 1546329600000; // Jan 1, 2019
diff --git a/sea/pair.js b/sea/pair.js
index 0005db4a..3a59e177 100644
--- a/sea/pair.js
+++ b/sea/pair.js
@@ -2,7 +2,6 @@
     var SEA = require('./root');
     var shim = require('./shim');
     var S = require('./settings');
-    var Buff = (typeof Buffer !== 'undefined')? Buffer : shim.Buffer;
 
     SEA.name = SEA.name || (async (cb, opt) => { try {
       if(cb){ try{ cb() }catch(e){console.log(e)} }
@@ -18,17 +17,17 @@
     //SEA.pair = async (data, proof, cb) => { try {
     SEA.pair = SEA.pair || (async (cb, opt) => { try {
 
-      const ecdhSubtle = shim.ossl || shim.subtle
+      var ecdhSubtle = shim.ossl || shim.subtle;
       // First: ECDSA keys for signing/verifying...
       var sa = await shim.subtle.generateKey(S.ecdsa.pair, true, [ 'sign', 'verify' ])
       .then(async (keys) => {
         // privateKey scope doesn't leak out from here!
         //const { d: priv } = await shim.subtle.exportKey('jwk', keys.privateKey)
-        const key = {};
+        var key = {};
         key.priv = (await shim.subtle.exportKey('jwk', keys.privateKey)).d;
-        const pub = await shim.subtle.exportKey('jwk', keys.publicKey)
+        var pub = await shim.subtle.exportKey('jwk', keys.publicKey);
         //const pub = Buff.from([ x, y ].join(':')).toString('base64') // old
-        key.pub = pub.x+'.'+pub.y // new
+        key.pub = pub.x+'.'+pub.y; // new
         // x and y are already base64
         // pub is UTF8 but filename/URL safe (https://www.ietf.org/rfc/rfc3986.txt)
         // but split on a non-base64 letter.
@@ -43,11 +42,11 @@
       var dh = await ecdhSubtle.generateKey(S.ecdh, true, ['deriveKey'])
       .then(async (keys) => {
         // privateKey scope doesn't leak out from here!
-        const key = {};
+        var key = {};
         key.epriv = (await ecdhSubtle.exportKey('jwk', keys.privateKey)).d;
-        const pub = await ecdhSubtle.exportKey('jwk', keys.publicKey)
+        var pub = await ecdhSubtle.exportKey('jwk', keys.publicKey);
         //const epub = Buff.from([ ex, ey ].join(':')).toString('base64') // old
-        key.epub = pub.x+'.'+pub.y // new
+        key.epub = pub.x+'.'+pub.y; // new
         // ex and ey are already base64
         // epub is UTF8 but filename/URL safe (https://www.ietf.org/rfc/rfc3986.txt)
         // but split on a non-base64 letter.
@@ -59,7 +58,7 @@
         else { throw e }
       } dh = dh || {};
 
-      const r = { pub: sa.pub, priv: sa.priv, /* pubId, */ epub: dh.epub, epriv: dh.epriv }
+      var r = { pub: sa.pub, priv: sa.priv, /* pubId, */ epub: dh.epub, epriv: dh.epriv }
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) {
diff --git a/sea/parse.js b/sea/parse.js
deleted file mode 100644
index 7372bc1f..00000000
--- a/sea/parse.js
+++ /dev/null
@@ -1,11 +0,0 @@
-
-    module.exports = (props) => {
-      try {
-        if(props.slice && 'SEA{' === props.slice(0,4)){
-          props = props.slice(3);
-        }
-        return props.slice ? JSON.parse(props) : props
-      } catch (e) {}  //eslint-disable-line no-empty
-      return props
-    }
-  
\ No newline at end of file
diff --git a/sea/secret.js b/sea/secret.js
index 787ccecb..4009ee31 100644
--- a/sea/secret.js
+++ b/sea/secret.js
@@ -8,36 +8,34 @@
       if(!pair || !pair.epriv || !pair.epub){
         pair = await SEA.I(null, {what: key, how: 'secret', why: opt.why});
       }
-      const pub = key.epub || key
-      const epub = pair.epub
-      const epriv = pair.epriv
-      const ecdhSubtle = shim.ossl || shim.subtle
-      const pubKeyData = keysToEcdhJwk(pub)
-      const props = Object.assign(
-        S.ecdh,
-        { public: await ecdhSubtle.importKey(...pubKeyData, true, []) }
-      )
-      const privKeyData = keysToEcdhJwk(epub, epriv)
-      const derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveKey'])
-      .then(async (privKey) => {
+      var pub = key.epub || key;
+      var epub = pair.epub;
+      var epriv = pair.epriv;
+      var ecdhSubtle = shim.ossl || shim.subtle;
+      var pubKeyData = keysToEcdhJwk(pub);
+      var props = Object.assign(S.ecdh, { public: await ecdhSubtle.importKey(...pubKeyData, true, []) });
+      var privKeyData = keysToEcdhJwk(epub, epriv);
+      var derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveKey']).then(async (privKey) => {
         // privateKey scope doesn't leak out from here!
-        const derivedKey = await ecdhSubtle.deriveKey(props, privKey, { name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ])
-        return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k)
+        var derivedKey = await ecdhSubtle.deriveKey(props, privKey, { name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ]);
+        return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k);
       })
-      const r = derived;
+      var r = derived;
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
-    } catch(e) { 
+    } catch(e) {
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }
       return;
     }});
 
-    const keysToEcdhJwk = (pub, d) => { // d === priv
-      //const [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
-      const [ x, y ] = pub.split('.') // new
-      const jwk = d ? { d: d } : {}
+    // can this be replaced with settings.jwk?
+    var keysToEcdhJwk = (pub, d) => { // d === priv
+      //var [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
+      var [ x, y ] = pub.split('.') // new
+      var jwk = d ? { d: d } : {}
       return [  // Use with spread returned value...
         'jwk',
         Object.assign(
diff --git a/sea/settings.js b/sea/settings.js
index ac32f729..8e68e8c5 100644
--- a/sea/settings.js
+++ b/sea/settings.js
@@ -1,41 +1,37 @@
 
-    const SEA = require('./root');
-    const Buffer = require('./buffer')
-    const settings = {}
-    // Encryption parameters
-    const pbkdf2 = { hash: 'SHA-256', iter: 100000, ks: 64 }
+    var SEA = require('./root');
+    var Buffer = require('./buffer');
+    var s = {};
+    s.pbkdf2 = {hash: 'SHA-256', iter: 100000, ks: 64};
+    s.ecdsa = {
+      pair: {name: 'ECDSA', namedCurve: 'P-256'},
+      sign: {name: 'ECDSA', hash: {name: 'SHA-256'}}
+    };
+    s.ecdh = {name: 'ECDH', namedCurve: 'P-256'};
 
-    const ecdsaSignProps = { name: 'ECDSA', hash: { name: 'SHA-256' } }
-    const ecdsaKeyProps = { name: 'ECDSA', namedCurve: 'P-256' }
-    const ecdhKeyProps = { name: 'ECDH', namedCurve: 'P-256' }
-
-    const _initial_authsettings = {
-      validity: 12 * 60 * 60, // internally in seconds : 12 hours
-      hook: (props) => props  // { iat, exp, alias, remember }
-      // or return new Promise((resolve, reject) => resolve(props)
-    }
-    // These are used to persist user's authentication "session"
-    const authsettings = Object.assign({}, _initial_authsettings)
     // This creates Web Cryptography API compliant JWK for sign/verify purposes
-    const keysToEcdsaJwk = (pub, d) => {  // d === priv
-      //const [ x, y ] = Buffer.from(pub, 'base64').toString('utf8').split(':') // old
-      const [ x, y ] = pub.split('.') // new
-      var jwk = { kty: "EC", crv: "P-256", x: x, y: y, ext: true }
+    s.jwk = function(pub, d){  // d === priv
+      pub = pub.split('.');
+      var x = pub[0], y = pub[1];
+      var jwk = {kty: "EC", crv: "P-256", x: x, y: y, ext: true};
       jwk.key_ops = d ? ['sign'] : ['verify'];
       if(d){ jwk.d = d }
       return jwk;
+    };
+    s.recall = {
+      validity: 12 * 60 * 60, // internally in seconds : 12 hours
+      hook: function(props){ return props } // { iat, exp, alias, remember } // or return new Promise((resolve, reject) => resolve(props)
+    };
+
+    s.check = function(t){ return (typeof t == 'string') && ('SEA{' === t.slice(0,4)) }
+    s.parse = function p(t){ try {
+      var yes = (typeof t == 'string');
+      if(yes && 'SEA{' === t.slice(0,4)){ t = t.slice(3) }
+      return yes ? JSON.parse(t) : t;
+      } catch (e) {}
+      return t;
     }
 
-    Object.assign(settings, {
-      pbkdf2: pbkdf2,
-      ecdsa: {
-        pair: ecdsaKeyProps,
-        sign: ecdsaSignProps
-      },
-      ecdh: ecdhKeyProps,
-      jwk: keysToEcdsaJwk,
-      recall: authsettings
-    })
-    SEA.opt = settings;
-    module.exports = settings
+    SEA.opt = s;
+    module.exports = s
   
\ No newline at end of file
diff --git a/sea/sha256.js b/sea/sha256.js
index a3ff728a..c3182317 100644
--- a/sea/sha256.js
+++ b/sea/sha256.js
@@ -1,13 +1,8 @@
 
-    const shim = require('./shim');
-    const Buffer = require('./buffer')
-    const parse = require('./parse')
-    const { pbkdf2 } = require('./settings')
-    // This internal func returns SHA-256 hashed data for signing
-    const sha256hash = async (mm) => {
-      const m = parse(mm)
-      const hash = await shim.subtle.digest({name: pbkdf2.hash}, new shim.TextEncoder().encode(m))
-      return Buffer.from(hash)
+    var shim = require('./shim');
+    module.exports = async function(d, o){
+      var t = (typeof d == 'string')? d : JSON.stringify(d);
+      var hash = await shim.subtle.digest({name: o||'SHA-256'}, new shim.TextEncoder().encode(t));
+      return shim.Buffer.from(hash);
     }
-    module.exports = sha256hash
   
\ No newline at end of file
diff --git a/sea/shim.js b/sea/shim.js
index 28594a8b..b6026e8c 100644
--- a/sea/shim.js
+++ b/sea/shim.js
@@ -13,25 +13,23 @@
     }
     if(!api.crypto){try{
       var crypto = require('crypto', 1);
-      const { subtle } = require('@trust/webcrypto', 1)             // All but ECDH
       const { TextEncoder, TextDecoder } = require('text-encoding', 1)
       Object.assign(api, {
         crypto,
-        subtle,
+        //subtle,
         TextEncoder,
         TextDecoder,
         random: (len) => Buffer.from(crypto.randomBytes(len))
       });
       //try{
-        const WebCrypto = require('node-webcrypto-ossl', 1)
-        api.ossl = new WebCrypto({directory: 'ossl'}).subtle // ECDH
+        const WebCrypto = require('node-webcrypto-ossl', 1);
+        api.ossl = api.subtle = new WebCrypto({directory: 'ossl'}).subtle // ECDH
       //}catch(e){
         //console.log("node-webcrypto-ossl is optionally needed for ECDH, please install if needed.");
       //}
     }catch(e){
-      console.log("@trust/webcrypto and text-encoding are not included by default, you must add it to your package.json!");
-      console.log("node-webcrypto-ossl is temporarily needed for ECDSA signature verification, and optionally needed for ECDH, please install if needed (currently necessary so add them to your package.json for now).");
-      TRUST_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED;
+      console.log("node-webcrypto-ossl and text-encoding may not be included by default, please add it to your package.json!");
+      OSSL_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED;
     }}
 
     module.exports = api
diff --git a/sea/sign.js b/sea/sign.js
index f8ca43f1..4efd2e5f 100644
--- a/sea/sign.js
+++ b/sea/sign.js
@@ -2,7 +2,7 @@
     var SEA = require('./root');
     var shim = require('./shim');
     var S = require('./settings');
-    var sha256hash = require('./sha256');
+    var sha = require('./sha256');
     var u;
 
     SEA.sign = SEA.sign || (async (data, pair, cb, opt) => { try {
@@ -10,13 +10,24 @@
       if(!(pair||opt).priv){
         pair = await SEA.I(null, {what: data, how: 'sign', why: opt.why});
       }
-      const pub = pair.pub
-      const priv = pair.priv
-      const jwk = S.jwk(pub, priv)
-      const hash = await sha256hash(JSON.stringify(data))
-      const sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
+      if(u === data){ throw '`undefined` not allowed.' }
+      var json = S.parse(data);
+      var check = opt.check = opt.check || json;
+      if(SEA.verify && (SEA.opt.check(check) || (check && check.s && check.m))
+      && u !== await SEA.verify(check, pair)){ // don't sign if we already signed it.
+        var r = S.parse(check);
+        if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
+        if(cb){ try{ cb(r) }catch(e){console.log(e)} }
+        return r;
+      }
+      var pub = pair.pub;
+      var priv = pair.priv;
+      var jwk = S.jwk(pub, priv);
+      var hash = await sha(json);
+      var sig = await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['sign'])
       .then((key) => (shim.ossl || shim.subtle).sign(S.ecdsa.sign, key, new Uint8Array(hash))) // privateKey scope doesn't leak out from here!
-      const r = 'SEA'+JSON.stringify({m: data, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')});
+      var r = {m: json, s: shim.Buffer.from(sig, 'binary').toString(opt.encode || 'base64')}
+      if(!opt.raw){ r = 'SEA'+JSON.stringify(r) }
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
diff --git a/sea/verify.js b/sea/verify.js
index 849161e4..06286e8c 100644
--- a/sea/verify.js
+++ b/sea/verify.js
@@ -2,46 +2,32 @@
     var SEA = require('./root');
     var shim = require('./shim');
     var S = require('./settings');
-    var sha256hash = require('./sha256');
-    var parse = require('./parse');
+    var sha = require('./sha256');
     var u;
 
-
-    var knownKeys = {};
-    var keyForPair = pair => {
-      if (knownKeys[pair]) return knownKeys[pair];
-      const jwk = S.jwk(pair);
-      knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, S.ecdsa.pair, false, ["verify"]);
-      return knownKeys[pair];
-    };
-
     SEA.verify = SEA.verify || (async (data, pair, cb, opt) => { try {
-      const json = parse(data)
+      var json = S.parse(data);
       if(false === pair){ // don't verify!
-        const raw = (json !== data)?
-          (json.s && json.m)? parse(json.m) : data
-        : json;
+        var raw = S.parse(json.m);
         if(cb){ try{ cb(raw) }catch(e){console.log(e)} }
         return raw;
       }
       opt = opt || {};
       // SEA.I // verify is free! Requires no user permission.
-      if(json === data){ throw "No signature on data." }
-      const pub = pair.pub || pair;
-      const key = await keyForPair(pub);
-      const hash = await sha256hash(json.m)
-      var buf; var sig; var check; try{
-        buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
-        sig = new Uint8Array(buf)
-        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+      var pub = pair.pub || pair;
+      var key = SEA.opt.slow_leak? await SEA.opt.slow_leak(pub) : await (shim.ossl || shim.subtle).importKey('jwk', jwk, S.ecdsa.pair, false, ['verify']);
+      var hash = await sha(json.m);
+      var buf, sig, check, tmp; try{
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64'); // NEW DEFAULT!
+        sig = new Uint8Array(buf);
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash));
         if(!check){ throw "Signature did not match." }
       }catch(e){
-        buf = shim.Buffer.from(json.s, 'utf8') // AUTO BACKWARD OLD UTF8 DATA!
-        sig = new Uint8Array(buf)
-        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
-        if(!check){ throw "Signature did not match." }
+        if(SEA.opt.fallback){
+          return await SEA.opt.fall_verify(data, pair, cb, opt);
+        }
       }
-      const r = check? parse(json.m) : u;
+      var r = check? S.parse(json.m) : u;
 
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
@@ -54,4 +40,36 @@
     }});
 
     module.exports = SEA.verify;
-  
+    // legacy & ossl leak mitigation:
+
+    var knownKeys = {};
+    var keyForPair = SEA.opt.slow_leak = pair => {
+      if (knownKeys[pair]) return knownKeys[pair];
+      var jwk = S.jwk(pair);
+      knownKeys[pair] = (shim.ossl || shim.subtle).importKey("jwk", jwk, S.ecdsa.pair, false, ["verify"]);
+      return knownKeys[pair];
+    };
+
+
+    SEA.opt.fall_verify = async function(data, pair, cb, opt, f){
+      if(f === SEA.opt.fallback){ throw "Signature did not match" } f = f || 1;
+      var json = S.parse(data), pub = pair.pub || pair, key = await SEA.opt.slow_leak(pub);
+      var hash = (f <= SEA.opt.fallback)? shim.Buffer.from(await shim.subtle.digest({name: 'SHA-256'}, new shim.TextEncoder().encode(S.parse(json.m)))) : await sha(json.m); // this line is old bad buggy code but necessary for old compatibility.
+      var buf; var sig; var check; try{
+        buf = shim.Buffer.from(json.s, opt.encode || 'base64') // NEW DEFAULT!
+        sig = new Uint8Array(buf)
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        if(!check){ throw "Signature did not match." }
+      }catch(e){
+        buf = shim.Buffer.from(json.s, 'utf8') // AUTO BACKWARD OLD UTF8 DATA!
+        sig = new Uint8Array(buf)
+        check = await (shim.ossl || shim.subtle).verify(S.ecdsa.sign, key, sig, new Uint8Array(hash))
+        if(!check){ throw "Signature did not match." }
+      }
+      var r = check? S.parse(json.m) : u;
+      if(cb){ try{ cb(r) }catch(e){console.log(e)} }
+      return r;
+    }
+    SEA.opt.fallback = 2;
+
+  
\ No newline at end of file
diff --git a/sea/work.js b/sea/work.js
index b3be649a..37a6c043 100644
--- a/sea/work.js
+++ b/sea/work.js
@@ -13,25 +13,25 @@
         salt = u;
       }
       salt = salt || shim.random(9);
-      if('SHA-256' === opt.name){
-        var rsha = shim.Buffer.from(await sha(data), 'binary').toString(opt.encode || 'base64')
+      data = (typeof data == 'string')? data : JSON.stringify(data);
+      if('sha' === (opt.name||'').toLowerCase().slice(0,3)){
+        var rsha = shim.Buffer.from(await sha(data, opt.name), 'binary').toString(opt.encode || 'base64')
         if(cb){ try{ cb(rsha) }catch(e){console.log(e)} }
         return rsha;
       }
-      const key = await (shim.ossl || shim.subtle).importKey(
-        'raw', new shim.TextEncoder().encode(data), { name: opt.name || 'PBKDF2' }, false, ['deriveBits']
-      )
-      const result = await (shim.ossl || shim.subtle).deriveBits({
+      var key = await (shim.ossl || shim.subtle).importKey('raw', new shim.TextEncoder().encode(data), {name: opt.name || 'PBKDF2'}, false, ['deriveBits']);
+      var work = await (shim.ossl || shim.subtle).deriveBits({
         name: opt.name || 'PBKDF2',
         iterations: opt.iterations || S.pbkdf2.iter,
         salt: new shim.TextEncoder().encode(opt.salt || salt),
         hash: opt.hash || S.pbkdf2.hash,
       }, key, opt.length || (S.pbkdf2.ks * 8))
       data = shim.random(data.length)  // Erase data in case of passphrase
-      const r = shim.Buffer.from(result, 'binary').toString(opt.encode || 'base64')
+      var r = shim.Buffer.from(work, 'binary').toString(opt.encode || 'base64')
       if(cb){ try{ cb(r) }catch(e){console.log(e)} }
       return r;
     } catch(e) { 
+      console.log(e);
       SEA.err = e;
       if(SEA.throw){ throw e }
       if(cb){ cb() }

From 80153d9d9b37f91d31fd7c051827edcf673ac0cf Mon Sep 17 00:00:00 2001
From: Mark Nadal <mark@accelsor.com>
Date: Wed, 9 Jan 2019 17:35:57 -0800
Subject: [PATCH 5/5] HUGE LEAP into THE SEA

---
 package-lock.json | 113 +---------------------------------------------
 1 file changed, 2 insertions(+), 111 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 02555167..f8dd58d5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,35 +4,6 @@
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
-    "@trust/keyto": {
-      "version": "0.3.4",
-      "resolved": "https://registry.npmjs.org/@trust/keyto/-/keyto-0.3.4.tgz",
-      "integrity": "sha512-OAqKvuSEPIu2zCnIHzBthvGnV8nKmpv7cBlRMngLzJZzZI9CanyuSfnEI1xC4sH4TwqA0XJR7Mb0oX4bwymXIw==",
-      "requires": {
-        "asn1.js": "^4.9.1",
-        "base64url": "^3.0.0",
-        "elliptic": "^6.4.0"
-      }
-    },
-    "@trust/webcrypto": {
-      "version": "0.9.2",
-      "resolved": "https://registry.npmjs.org/@trust/webcrypto/-/webcrypto-0.9.2.tgz",
-      "integrity": "sha512-5iMAVcGYKhqLJGjefB1nzuQSqUJTru0nG4CytpBT/GGp1Piz/MVnj2jORdYf4JBYzggCIa8WZUr2rchP2Ngn/w==",
-      "requires": {
-        "@trust/keyto": "^0.3.4",
-        "base64url": "^3.0.0",
-        "elliptic": "^6.4.0",
-        "node-rsa": "^0.4.0",
-        "text-encoding": "^0.6.1"
-      },
-      "dependencies": {
-        "text-encoding": {
-          "version": "0.6.4",
-          "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
-          "integrity": "sha1-45mpgiV6J22uQou5KEXLcb3CbRk="
-        }
-      }
-    },
     "accepts": {
       "version": "1.3.5",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.5.tgz",
@@ -61,21 +32,6 @@
       "integrity": "sha1-8zshWfBTKj8xB6JywMz70a0peco=",
       "dev": true
     },
-    "asn1": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
-    },
-    "asn1.js": {
-      "version": "4.10.1",
-      "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.1.tgz",
-      "integrity": "sha512-p32cOF5q0Zqs9uBiONKYLm6BClCoBCM5O9JfeUSlnQLBTxYdTK+pW+nXflm8UkKd2UYlEbYz5qEi0JuZR9ckSw==",
-      "requires": {
-        "bn.js": "^4.0.0",
-        "inherits": "^2.0.1",
-        "minimalistic-assert": "^1.0.0"
-      }
-    },
     "async-limiter": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.0.tgz",
@@ -129,11 +85,6 @@
       "integrity": "sha1-R2iMuZu2gE8OBtPnY7HDLlfY5rY=",
       "dev": true
     },
-    "base64url": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.0.tgz",
-      "integrity": "sha512-LIVmqIrIWuiqTvn4RzcrwCOuHo2DD6tKmKBPXXlr4p4n4l6BZBkwFTIa3zu1XkX5MbZgro4a6BvPi+n2Mns5Gg=="
-    },
     "better-assert": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz",
@@ -155,11 +106,6 @@
       "integrity": "sha512-MKiLiV+I1AA596t9w1sQJ8jkiSr5+ZKi0WKrYGUn6d1Fx+Ij4tIj+m2WMQSGczs5jZVxV339chE8iwk6F64wjA==",
       "dev": true
     },
-    "bn.js": {
-      "version": "4.11.8",
-      "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.8.tgz",
-      "integrity": "sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA=="
-    },
     "body-parser": {
       "version": "1.18.2",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.18.2.tgz",
@@ -188,11 +134,6 @@
         "concat-map": "0.0.1"
       }
     },
-    "brorand": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz",
-      "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8="
-    },
     "browser-stdout": {
       "version": "1.3.1",
       "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz",
@@ -309,20 +250,6 @@
       "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=",
       "dev": true
     },
-    "elliptic": {
-      "version": "6.4.1",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.4.1.tgz",
-      "integrity": "sha512-BsXLz5sqX8OHcsh7CqBMztyXARmGQ3LWPtGjJi6DiJHq5C/qvi9P3OqgswKSDftbu8+IoI/QDTAm2fFnQ9SZSQ==",
-      "requires": {
-        "bn.js": "^4.4.0",
-        "brorand": "^1.0.1",
-        "hash.js": "^1.0.0",
-        "hmac-drbg": "^1.0.0",
-        "inherits": "^2.0.1",
-        "minimalistic-assert": "^1.0.0",
-        "minimalistic-crypto-utils": "^1.0.0"
-      }
-    },
     "encodeurl": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
@@ -605,31 +532,12 @@
       "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
       "dev": true
     },
-    "hash.js": {
-      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.5.tgz",
-      "integrity": "sha512-eWI5HG9Np+eHV1KQhisXWwM+4EPPYe5dFX1UZZH7k/E3JzDEazVH+VGlZi6R94ZqImq+A3D1mCEtrFIfg/E7sA==",
-      "requires": {
-        "inherits": "^2.0.3",
-        "minimalistic-assert": "^1.0.1"
-      }
-    },
     "he": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/he/-/he-1.1.1.tgz",
       "integrity": "sha1-k0EP0hsAlzUVH4howvJx80J+I/0=",
       "dev": true
     },
-    "hmac-drbg": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
-      "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=",
-      "requires": {
-        "hash.js": "^1.0.3",
-        "minimalistic-assert": "^1.0.0",
-        "minimalistic-crypto-utils": "^1.0.1"
-      }
-    },
     "http-errors": {
       "version": "1.6.3",
       "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
@@ -673,7 +581,8 @@
     "inherits": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
-      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
+      "dev": true
     },
     "ip": {
       "version": "1.1.5",
@@ -756,16 +665,6 @@
         "mime-db": "~1.33.0"
       }
     },
-    "minimalistic-assert": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
-      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
-    },
-    "minimalistic-crypto-utils": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz",
-      "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo="
-    },
     "minimatch": {
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
@@ -835,14 +734,6 @@
       "integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk=",
       "dev": true
     },
-    "node-rsa": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-0.4.2.tgz",
-      "integrity": "sha1-1jkXKewWqDDtWjgEKzFX0tXXJTA=",
-      "requires": {
-        "asn1": "0.2.3"
-      }
-    },
     "node-webcrypto-ossl": {
       "version": "1.0.39",
       "resolved": "https://registry.npmjs.org/node-webcrypto-ossl/-/node-webcrypto-ossl-1.0.39.tgz",