refactor: break up vault services (#2364)

2023-07-24 07:46:20 -05:00
parent f2d089ab24
commit 3281ac9d37
50 changed files with 763 additions and 633 deletions
--- a/packages/services/src/Domain/Contacts/UseCase/HandleKeyPairChange.ts
+++ b/packages/services/src/Domain/Contacts/UseCase/HandleKeyPairChange.ts
@@ -1,6 +1,6 @@
 import { Result, UseCaseInterface } from '@standardnotes/domain-core'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
-import { ReuploadAllInvites } from '../../SharedVaults/UseCase/ReuploadAllInvites'
+import { ReuploadAllInvites } from '../../VaultInvite/UseCase/ReuploadAllInvites'
 import { ResendAllMessages } from '../../AsymmetricMessage/UseCase/ResendAllMessages'

 export class HandleKeyPairChange implements UseCaseInterface<void> {
--- a/packages/services/src/Domain/SharedVaults/SharedVaultService.spec.ts
+++ b/packages/services/src/Domain/SharedVaults/SharedVaultService.spec.ts
@@ -1,24 +1,15 @@
+import { IsVaultAdmin } from './../VaultUser/UseCase/IsVaultAdmin'
 import { EncryptionProviderInterface } from './../Encryption/EncryptionProviderInterface'
-import { GetVaultUsers } from './UseCase/GetVaultUsers'
-import { RemoveVaultMember } from './UseCase/RemoveSharedVaultMember'
 import { DeleteSharedVault } from './UseCase/DeleteSharedVault'
 import { ConvertToSharedVault } from './UseCase/ConvertToSharedVault'
 import { ShareContactWithVault } from './UseCase/ShareContactWithVault'
 import { DeleteThirdPartyVault } from './UseCase/DeleteExternalSharedVault'
-import { LeaveVault } from './UseCase/LeaveSharedVault'
-import { InviteToVault } from './UseCase/InviteToVault'
-import { AcceptVaultInvite } from './UseCase/AcceptVaultInvite'
-import { GetVaultContacts } from './UseCase/GetVaultContacts'
-import { GetAllContacts } from './../Contacts/UseCase/GetAllContacts'
 import { FindContact } from './../Contacts/UseCase/FindContact'
-import { GetUntrustedPayload } from './../AsymmetricMessage/UseCase/GetUntrustedPayload'
-import { GetTrustedPayload } from './../AsymmetricMessage/UseCase/GetTrustedPayload'
 import { SendVaultDataChangedMessage } from './UseCase/SendVaultDataChangedMessage'
 import { NotifyVaultUsersOfKeyRotation } from './UseCase/NotifyVaultUsersOfKeyRotation'
 import { HandleKeyPairChange } from './../Contacts/UseCase/HandleKeyPairChange'
 import { CreateSharedVault } from './UseCase/CreateSharedVault'
 import { GetVault } from './../Vaults/UseCase/GetVault'
-import { SharedVaultInvitesServer } from '@standardnotes/api'
 import { SharedVaultService } from './SharedVaultService'
 import { SyncServiceInterface } from '../Sync/SyncServiceInterface'
 import { ItemManagerInterface } from '../Item/ItemManagerInterface'
@@ -40,56 +31,37 @@ describe('SharedVaultService', () => {
    const encryption = {} as jest.Mocked<EncryptionProviderInterface>
    const session = {} as jest.Mocked<SessionsClientInterface>
    const vaults = {} as jest.Mocked<VaultServiceInterface>
-    const invitesServer = {} as jest.Mocked<SharedVaultInvitesServer>
    const getVault = {} as jest.Mocked<GetVault>
    const createSharedVaultUseCase = {} as jest.Mocked<CreateSharedVault>
    const handleKeyPairChange = {} as jest.Mocked<HandleKeyPairChange>
    const notifyVaultUsersOfKeyRotation = {} as jest.Mocked<NotifyVaultUsersOfKeyRotation>
    const sendVaultDataChangeMessage = {} as jest.Mocked<SendVaultDataChangedMessage>
-    const getTrustedPayload = {} as jest.Mocked<GetTrustedPayload>
-    const getUntrustedPayload = {} as jest.Mocked<GetUntrustedPayload>
    const findContact = {} as jest.Mocked<FindContact>
-    const getAllContacts = {} as jest.Mocked<GetAllContacts>
-    const getVaultContacts = {} as jest.Mocked<GetVaultContacts>
-    const acceptVaultInvite = {} as jest.Mocked<AcceptVaultInvite>
-    const inviteToVault = {} as jest.Mocked<InviteToVault>
-    const leaveVault = {} as jest.Mocked<LeaveVault>
    const deleteThirdPartyVault = {} as jest.Mocked<DeleteThirdPartyVault>
    const shareContactWithVault = {} as jest.Mocked<ShareContactWithVault>
    const convertToSharedVault = {} as jest.Mocked<ConvertToSharedVault>
    const deleteSharedVaultUseCase = {} as jest.Mocked<DeleteSharedVault>
-    const removeVaultMember = {} as jest.Mocked<RemoveVaultMember>
-    const getSharedVaultUsersUseCase = {} as jest.Mocked<GetVaultUsers>
+    const isVaultAdmin = {} as jest.Mocked<IsVaultAdmin>

    const eventBus = {} as jest.Mocked<InternalEventBusInterface>
    eventBus.addEventHandler = jest.fn()

    service = new SharedVaultService(
-      sync,
      items,
      encryption,
      session,
      vaults,
-      invitesServer,
      getVault,
      createSharedVaultUseCase,
      handleKeyPairChange,
      notifyVaultUsersOfKeyRotation,
      sendVaultDataChangeMessage,
-      getTrustedPayload,
-      getUntrustedPayload,
      findContact,
-      getAllContacts,
-      getVaultContacts,
-      acceptVaultInvite,
-      inviteToVault,
-      leaveVault,
      deleteThirdPartyVault,
      shareContactWithVault,
      convertToSharedVault,
      deleteSharedVaultUseCase,
-      removeVaultMember,
-      getSharedVaultUsersUseCase,
+      isVaultAdmin,
      eventBus,
    )
  })
--- a/packages/services/src/Domain/SharedVaults/SharedVaultService.ts
+++ b/packages/services/src/Domain/SharedVaults/SharedVaultService.ts
@@ -1,114 +1,70 @@
 import { UserKeyPairChangedEventData } from './../Session/UserKeyPairChangedEventData'
-import { InviteToVault } from './UseCase/InviteToVault'
-import {
-  ClientDisplayableError,
-  SharedVaultInviteServerHash,
-  isErrorResponse,
-  SharedVaultUserServerHash,
-  isClientDisplayableError,
-  SharedVaultPermission,
-  UserEventType,
-} from '@standardnotes/responses'
-import { SharedVaultInvitesServer } from '@standardnotes/api'
+import { ClientDisplayableError, UserEventType } from '@standardnotes/responses'
 import {
  DecryptedItemInterface,
  PayloadEmitSource,
  TrustedContactInterface,
  SharedVaultListingInterface,
  VaultListingInterface,
-  AsymmetricMessageSharedVaultInvite,
  KeySystemRootKeyStorageMode,
 } from '@standardnotes/models'
 import { SharedVaultServiceInterface } from './SharedVaultServiceInterface'
 import { SharedVaultServiceEvent, SharedVaultServiceEventPayload } from './SharedVaultServiceEvent'
-import { GetVaultUsers } from './UseCase/GetVaultUsers'
-import { RemoveVaultMember } from './UseCase/RemoveSharedVaultMember'
 import { AbstractService } from '../Service/AbstractService'
 import { InternalEventHandlerInterface } from '../Internal/InternalEventHandlerInterface'
-import { SyncServiceInterface } from '../Sync/SyncServiceInterface'
 import { ItemManagerInterface } from '../Item/ItemManagerInterface'
 import { SessionsClientInterface } from '../Session/SessionsClientInterface'
 import { InternalEventBusInterface } from '../Internal/InternalEventBusInterface'
-import { SyncEvent, SyncEventReceivedSharedVaultInvitesData } from '../Event/SyncEvent'
+import { SyncEvent } from '../Event/SyncEvent'
 import { SessionEvent } from '../Session/SessionEvent'
 import { InternalEventInterface } from '../Internal/InternalEventInterface'
-import { LeaveVault } from './UseCase/LeaveSharedVault'
 import { VaultServiceInterface } from '../Vaults/VaultServiceInterface'
 import { UserEventServiceEvent, UserEventServiceEventPayload } from '../UserEvent/UserEventServiceEvent'
 import { DeleteThirdPartyVault } from './UseCase/DeleteExternalSharedVault'
 import { DeleteSharedVault } from './UseCase/DeleteSharedVault'
 import { VaultServiceEvent, VaultServiceEventPayload } from '../Vaults/VaultServiceEvent'
-import { AcceptVaultInvite } from './UseCase/AcceptVaultInvite'
-import { GetTrustedPayload } from '../AsymmetricMessage/UseCase/GetTrustedPayload'
-import { PendingSharedVaultInviteRecord } from './PendingSharedVaultInviteRecord'
-import { GetUntrustedPayload } from '../AsymmetricMessage/UseCase/GetUntrustedPayload'
 import { ShareContactWithVault } from './UseCase/ShareContactWithVault'
-import { GetVaultContacts } from './UseCase/GetVaultContacts'
 import { NotifyVaultUsersOfKeyRotation } from './UseCase/NotifyVaultUsersOfKeyRotation'
 import { CreateSharedVault } from './UseCase/CreateSharedVault'
 import { SendVaultDataChangedMessage } from './UseCase/SendVaultDataChangedMessage'
 import { ConvertToSharedVault } from './UseCase/ConvertToSharedVault'
 import { GetVault } from '../Vaults/UseCase/GetVault'
-import { ContentType, Result } from '@standardnotes/domain-core'
+import { ContentType } from '@standardnotes/domain-core'
 import { HandleKeyPairChange } from '../Contacts/UseCase/HandleKeyPairChange'
 import { FindContact } from '../Contacts/UseCase/FindContact'
-import { GetAllContacts } from '../Contacts/UseCase/GetAllContacts'
 import { EncryptionProviderInterface } from '../Encryption/EncryptionProviderInterface'
+import { IsVaultAdmin } from '../VaultUser/UseCase/IsVaultAdmin'

 export class SharedVaultService
  extends AbstractService<SharedVaultServiceEvent, SharedVaultServiceEventPayload>
  implements SharedVaultServiceInterface, InternalEventHandlerInterface
 {
-  private pendingInvites: Record<string, PendingSharedVaultInviteRecord> = {}
-
  constructor(
-    private sync: SyncServiceInterface,
    private items: ItemManagerInterface,
    private encryption: EncryptionProviderInterface,
    private session: SessionsClientInterface,
    private vaults: VaultServiceInterface,
-    private invitesServer: SharedVaultInvitesServer,
-    private getVault: GetVault,
-    private createSharedVaultUseCase: CreateSharedVault,
-    private handleKeyPairChange: HandleKeyPairChange,
-    private notifyVaultUsersOfKeyRotation: NotifyVaultUsersOfKeyRotation,
-    private sendVaultDataChangeMessage: SendVaultDataChangedMessage,
-    private getTrustedPayload: GetTrustedPayload,
-    private getUntrustedPayload: GetUntrustedPayload,
-    private findContact: FindContact,
-    private getAllContacts: GetAllContacts,
-    private getVaultContacts: GetVaultContacts,
-    private acceptVaultInvite: AcceptVaultInvite,
-    private inviteToVault: InviteToVault,
-    private leaveVault: LeaveVault,
-    private deleteThirdPartyVault: DeleteThirdPartyVault,
-    private shareContactWithVault: ShareContactWithVault,
-    private convertToSharedVault: ConvertToSharedVault,
-    private deleteSharedVaultUseCase: DeleteSharedVault,
-    private removeVaultMember: RemoveVaultMember,
-    private getSharedVaultUsersUseCase: GetVaultUsers,
+    private _getVault: GetVault,
+    private _createSharedVaultUseCase: CreateSharedVault,
+    private _handleKeyPairChange: HandleKeyPairChange,
+    private _notifyVaultUsersOfKeyRotation: NotifyVaultUsersOfKeyRotation,
+    private _sendVaultDataChangeMessage: SendVaultDataChangedMessage,
+    private _findContact: FindContact,
+    private _deleteThirdPartyVault: DeleteThirdPartyVault,
+    private _shareContactWithVault: ShareContactWithVault,
+    private _convertToSharedVault: ConvertToSharedVault,
+    private _deleteSharedVaultUseCase: DeleteSharedVault,
+    private _isVaultAdmin: IsVaultAdmin,
    eventBus: InternalEventBusInterface,
  ) {
    super(eventBus)

-    eventBus.addEventHandler(this, SessionEvent.UserKeyPairChanged)
-    eventBus.addEventHandler(this, UserEventServiceEvent.UserEventReceived)
-    eventBus.addEventHandler(this, VaultServiceEvent.VaultRootKeyRotated)
-
    this.eventDisposers.push(
-      items.addObserver<TrustedContactInterface>(
-        ContentType.TYPES.TrustedContact,
-        async ({ changed, inserted, source }) => {
-          await this.reprocessCachedInvitesTrustStatusAfterTrustedContactsChange()
-
-          if (source === PayloadEmitSource.LocalChanged && inserted.length > 0) {
-            void this.handleCreationOfNewTrustedContacts(inserted)
-          }
-          if (source === PayloadEmitSource.LocalChanged && changed.length > 0) {
-            void this.handleTrustedContactsChange(changed)
-          }
-        },
-      ),
+      items.addObserver<TrustedContactInterface>(ContentType.TYPES.TrustedContact, async ({ changed, source }) => {
+        if (source === PayloadEmitSource.LocalChanged && changed.length > 0) {
+          void this.handleTrustedContactsChange(changed)
+        }
+      }),
    )

    this.eventDisposers.push(
@@ -120,54 +76,88 @@ export class SharedVaultService
    )
  }

+  override deinit(): void {
+    super.deinit()
+    ;(this.items as unknown) = undefined
+    ;(this.encryption as unknown) = undefined
+    ;(this.session as unknown) = undefined
+    ;(this.vaults as unknown) = undefined
+    ;(this._getVault as unknown) = undefined
+    ;(this._createSharedVaultUseCase as unknown) = undefined
+    ;(this._handleKeyPairChange as unknown) = undefined
+    ;(this._notifyVaultUsersOfKeyRotation as unknown) = undefined
+    ;(this._sendVaultDataChangeMessage as unknown) = undefined
+    ;(this._findContact as unknown) = undefined
+    ;(this._deleteThirdPartyVault as unknown) = undefined
+    ;(this._shareContactWithVault as unknown) = undefined
+    ;(this._convertToSharedVault as unknown) = undefined
+    ;(this._deleteSharedVaultUseCase as unknown) = undefined
+    ;(this._isVaultAdmin as unknown) = undefined
+  }
+
  async handleEvent(event: InternalEventInterface): Promise<void> {
-    if (event.type === SessionEvent.UserKeyPairChanged) {
-      void this.invitesServer.deleteAllInboundInvites()
-
-      const eventData = event.payload as UserKeyPairChangedEventData
-
-      void this.handleKeyPairChange.execute({
-        newKeys: eventData.current,
-        previousKeys: eventData.previous,
-      })
-    } else if (event.type === UserEventServiceEvent.UserEventReceived) {
-      await this.handleUserEvent(event.payload as UserEventServiceEventPayload)
-    } else if (event.type === VaultServiceEvent.VaultRootKeyRotated) {
-      const payload = event.payload as VaultServiceEventPayload[VaultServiceEvent.VaultRootKeyRotated]
-      await this.handleVaultRootKeyRotatedEvent(payload.vault)
-    } else if (event.type === SyncEvent.ReceivedSharedVaultInvites) {
-      await this.processInboundInvites(event.payload as SyncEventReceivedSharedVaultInvitesData)
-    } else if (event.type === SyncEvent.ReceivedRemoteSharedVaults) {
-      void this.notifyCollaborationStatusChanged()
+    switch (event.type) {
+      case SessionEvent.UserKeyPairChanged: {
+        const eventData = event.payload as UserKeyPairChangedEventData
+        void this._handleKeyPairChange.execute({
+          newKeys: eventData.current,
+          previousKeys: eventData.previous,
+        })
+        break
+      }
+      case UserEventServiceEvent.UserEventReceived:
+        await this.handleUserEvent(event.payload as UserEventServiceEventPayload)
+        break
+      case VaultServiceEvent.VaultRootKeyRotated: {
+        const payload = event.payload as VaultServiceEventPayload[VaultServiceEvent.VaultRootKeyRotated]
+        await this.handleVaultRootKeyRotatedEvent(payload.vault)
+        break
+      }
+      case SyncEvent.ReceivedRemoteSharedVaults:
+        void this.notifyEventSync(SharedVaultServiceEvent.SharedVaultStatusChanged)
+        break
    }
  }

  private async handleUserEvent(event: UserEventServiceEventPayload): Promise<void> {
-    if (event.eventPayload.eventType === UserEventType.RemovedFromSharedVault) {
-      const vault = this.getVault.execute<SharedVaultListingInterface>({
-        sharedVaultUuid: event.eventPayload.sharedVaultUuid,
-      })
-      if (!vault.isFailed()) {
-        await this.deleteThirdPartyVault.execute(vault.getValue())
+    switch (event.eventPayload.eventType) {
+      case UserEventType.RemovedFromSharedVault: {
+        const vault = this._getVault.execute<SharedVaultListingInterface>({
+          sharedVaultUuid: event.eventPayload.sharedVaultUuid,
+        })
+        if (!vault.isFailed()) {
+          await this._deleteThirdPartyVault.execute(vault.getValue())
+        }
+        break
      }
-    } else if (event.eventPayload.eventType === UserEventType.SharedVaultItemRemoved) {
-      const item = this.items.findItem(event.eventPayload.itemUuid)
-      if (item) {
-        this.items.removeItemsLocally([item])
+      case UserEventType.SharedVaultItemRemoved: {
+        const item = this.items.findItem(event.eventPayload.itemUuid)
+        if (item) {
+          this.items.removeItemsLocally([item])
+        }
+        break
      }
    }
  }

+  private isCurrentUserVaultOwner(sharedVault: SharedVaultListingInterface): boolean {
+    if (!sharedVault.sharing.ownerUserUuid) {
+      throw new Error(`Shared vault ${sharedVault.sharing.sharedVaultUuid} does not have an owner user uuid`)
+    }
+
+    return sharedVault.sharing.ownerUserUuid === this.session.userUuid
+  }
+
  private async handleVaultRootKeyRotatedEvent(vault: VaultListingInterface): Promise<void> {
    if (!vault.isSharedVaultListing()) {
      return
    }

-    if (!this.isCurrentUserSharedVaultOwner(vault)) {
+    if (!this.isCurrentUserVaultOwner(vault)) {
      return
    }

-    await this.notifyVaultUsersOfKeyRotation.execute({
+    await this._notifyVaultUsersOfKeyRotation.execute({
      sharedVault: vault,
      senderUuid: this.session.getSureUser().uuid,
      keys: {
@@ -183,7 +173,7 @@ export class SharedVaultService
    userInputtedPassword: string | undefined
    storagePreference?: KeySystemRootKeyStorageMode
  }): Promise<VaultListingInterface | ClientDisplayableError> {
-    return this.createSharedVaultUseCase.execute({
+    return this._createSharedVaultUseCase.execute({
      vaultName: dto.name,
      vaultDescription: dto.description,
      userInputtedPassword: dto.userInputtedPassword,
@@ -194,11 +184,7 @@ export class SharedVaultService
  async convertVaultToSharedVault(
    vault: VaultListingInterface,
  ): Promise<SharedVaultListingInterface | ClientDisplayableError> {
-    return this.convertToSharedVault.execute({ vault })
-  }
-
-  public getCachedPendingInviteRecords(): PendingSharedVaultInviteRecord[] {
-    return Object.values(this.pendingInvites)
+    return this._convertToSharedVault.execute({ vault })
  }

  private getAllSharedVaults(): SharedVaultListingInterface[] {
@@ -206,38 +192,6 @@ export class SharedVaultService
    return vaults as SharedVaultListingInterface[]
  }

-  private findSharedVault(sharedVaultUuid: string): SharedVaultListingInterface | undefined {
-    const result = this.getVault.execute<SharedVaultListingInterface>({ sharedVaultUuid })
-    if (result.isFailed()) {
-      return undefined
-    }
-
-    return result.getValue()
-  }
-
-  public isCurrentUserSharedVaultAdmin(sharedVault: SharedVaultListingInterface): boolean {
-    if (!sharedVault.sharing.ownerUserUuid) {
-      throw new Error(`Shared vault ${sharedVault.sharing.sharedVaultUuid} does not have an owner user uuid`)
-    }
-    return sharedVault.sharing.ownerUserUuid === this.session.userUuid
-  }
-
-  public isCurrentUserSharedVaultOwner(sharedVault: SharedVaultListingInterface): boolean {
-    if (!sharedVault.sharing.ownerUserUuid) {
-      throw new Error(`Shared vault ${sharedVault.sharing.sharedVaultUuid} does not have an owner user uuid`)
-    }
-    return sharedVault.sharing.ownerUserUuid === this.session.userUuid
-  }
-
-  public isSharedVaultUserSharedVaultOwner(user: SharedVaultUserServerHash): boolean {
-    const vault = this.findSharedVault(user.shared_vault_uuid)
-    return vault != undefined && vault.sharing.ownerUserUuid === user.user_uuid
-  }
-
-  private async handleCreationOfNewTrustedContacts(_contacts: TrustedContactInterface[]): Promise<void> {
-    await this.downloadInboundInvites()
-  }
-
  private async handleTrustedContactsChange(contacts: TrustedContactInterface[]): Promise<void> {
    for (const contact of contacts) {
      if (contact.isMe) {
@@ -254,7 +208,7 @@ export class SharedVaultService
        continue
      }

-      await this.sendVaultDataChangeMessage.execute({
+      await this._sendVaultDataChangeMessage.execute({
        vault,
        senderUuid: this.session.getSureUser().uuid,
        keys: {
@@ -265,220 +219,8 @@ export class SharedVaultService
    }
  }

-  public async downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]> {
-    const response = await this.invitesServer.getInboundUserInvites()
-
-    if (isErrorResponse(response)) {
-      return ClientDisplayableError.FromString(`Failed to get inbound user invites ${response}`)
-    }
-
-    this.pendingInvites = {}
-
-    await this.processInboundInvites(response.data.invites)
-
-    return response.data.invites
-  }
-
-  public async getOutboundInvites(
-    sharedVault?: SharedVaultListingInterface,
-  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError> {
-    const response = await this.invitesServer.getOutboundUserInvites()
-
-    if (isErrorResponse(response)) {
-      return ClientDisplayableError.FromString(`Failed to get outbound user invites ${response}`)
-    }
-
-    if (sharedVault) {
-      return response.data.invites.filter((invite) => invite.shared_vault_uuid === sharedVault.sharing.sharedVaultUuid)
-    }
-
-    return response.data.invites
-  }
-
-  public async deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void> {
-    const response = await this.invitesServer.deleteInvite({
-      sharedVaultUuid: invite.shared_vault_uuid,
-      inviteUuid: invite.uuid,
-    })
-
-    if (isErrorResponse(response)) {
-      return ClientDisplayableError.FromString(`Failed to delete invite ${response}`)
-    }
-
-    delete this.pendingInvites[invite.uuid]
-  }
-
  public async deleteSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void> {
-    return this.deleteSharedVaultUseCase.execute({ sharedVault })
-  }
-
-  private async reprocessCachedInvitesTrustStatusAfterTrustedContactsChange(): Promise<void> {
-    const cachedInvites = this.getCachedPendingInviteRecords().map((record) => record.invite)
-
-    await this.processInboundInvites(cachedInvites)
-  }
-
-  private async processInboundInvites(invites: SharedVaultInviteServerHash[]): Promise<void> {
-    if (invites.length === 0) {
-      return
-    }
-
-    for (const invite of invites) {
-      const sender = this.findContact.execute({ userUuid: invite.sender_uuid })
-      if (!sender.isFailed()) {
-        const trustedMessage = this.getTrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
-          message: invite,
-          privateKey: this.encryption.getKeyPair().privateKey,
-          sender: sender.getValue(),
-        })
-
-        if (!trustedMessage.isFailed()) {
-          this.pendingInvites[invite.uuid] = {
-            invite,
-            message: trustedMessage.getValue(),
-            trusted: true,
-          }
-
-          continue
-        }
-      }
-
-      const untrustedMessage = this.getUntrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
-        message: invite,
-        privateKey: this.encryption.getKeyPair().privateKey,
-      })
-
-      if (!untrustedMessage.isFailed()) {
-        this.pendingInvites[invite.uuid] = {
-          invite,
-          message: untrustedMessage.getValue(),
-          trusted: false,
-        }
-      }
-    }
-
-    await this.notifyCollaborationStatusChanged()
-  }
-
-  private async notifyCollaborationStatusChanged(): Promise<void> {
-    await this.notifyEventSync(SharedVaultServiceEvent.SharedVaultStatusChanged)
-  }
-
-  async acceptPendingSharedVaultInvite(pendingInvite: PendingSharedVaultInviteRecord): Promise<void> {
-    if (!pendingInvite.trusted) {
-      throw new Error('Cannot accept untrusted invite')
-    }
-
-    await this.acceptVaultInvite.execute({ invite: pendingInvite.invite, message: pendingInvite.message })
-
-    delete this.pendingInvites[pendingInvite.invite.uuid]
-
-    void this.sync.sync()
-
-    await this.decryptErroredItemsAfterInviteAccept()
-
-    await this.sync.syncSharedVaultsFromScratch([pendingInvite.invite.shared_vault_uuid])
-  }
-
-  private async decryptErroredItemsAfterInviteAccept(): Promise<void> {
-    await this.encryption.decryptErroredPayloads()
-  }
-
-  public async getInvitableContactsForSharedVault(
-    sharedVault: SharedVaultListingInterface,
-  ): Promise<TrustedContactInterface[]> {
-    const users = await this.getSharedVaultUsers(sharedVault)
-    if (!users) {
-      return []
-    }
-
-    const contacts = this.getAllContacts.execute()
-    if (contacts.isFailed()) {
-      return []
-    }
-    return contacts.getValue().filter((contact) => {
-      const isContactAlreadyInVault = users.some((user) => user.user_uuid === contact.contactUuid)
-      return !isContactAlreadyInVault
-    })
-  }
-
-  private async getSharedVaultContacts(sharedVault: SharedVaultListingInterface): Promise<TrustedContactInterface[]> {
-    const contacts = await this.getVaultContacts.execute(sharedVault.sharing.sharedVaultUuid)
-    if (contacts.isFailed()) {
-      return []
-    }
-
-    return contacts.getValue()
-  }
-
-  async inviteContactToSharedVault(
-    sharedVault: SharedVaultListingInterface,
-    contact: TrustedContactInterface,
-    permissions: SharedVaultPermission,
-  ): Promise<Result<SharedVaultInviteServerHash>> {
-    const sharedVaultContacts = await this.getSharedVaultContacts(sharedVault)
-
-    const result = await this.inviteToVault.execute({
-      keys: {
-        encryption: this.encryption.getKeyPair(),
-        signing: this.encryption.getSigningKeyPair(),
-      },
-      senderUuid: this.session.getSureUser().uuid,
-      sharedVault,
-      recipient: contact,
-      sharedVaultContacts,
-      permissions,
-    })
-
-    void this.notifyCollaborationStatusChanged()
-
-    await this.sync.sync()
-
-    return result
-  }
-
-  async removeUserFromSharedVault(
-    sharedVault: SharedVaultListingInterface,
-    userUuid: string,
-  ): Promise<ClientDisplayableError | void> {
-    if (!this.isCurrentUserSharedVaultAdmin(sharedVault)) {
-      throw new Error('Only vault admins can remove users')
-    }
-
-    if (this.vaults.isVaultLocked(sharedVault)) {
-      throw new Error('Cannot remove user from locked vault')
-    }
-
-    const result = await this.removeVaultMember.execute({
-      sharedVaultUuid: sharedVault.sharing.sharedVaultUuid,
-      userUuid,
-    })
-    if (isClientDisplayableError(result)) {
-      return result
-    }
-
-    void this.notifyCollaborationStatusChanged()
-
-    await this.vaults.rotateVaultRootKey(sharedVault)
-  }
-
-  async leaveSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void> {
-    const result = await this.leaveVault.execute({
-      sharedVault: sharedVault,
-      userUuid: this.session.getSureUser().uuid,
-    })
-
-    if (isClientDisplayableError(result)) {
-      return result
-    }
-
-    void this.notifyCollaborationStatusChanged()
-  }
-
-  async getSharedVaultUsers(
-    sharedVault: SharedVaultListingInterface,
-  ): Promise<SharedVaultUserServerHash[] | undefined> {
-    return this.getSharedVaultUsersUseCase.execute({ sharedVaultUuid: sharedVault.sharing.sharedVaultUuid })
+    return this._deleteSharedVaultUseCase.execute({ sharedVault })
  }

  async shareContactWithVaults(contact: TrustedContactInterface): Promise<void> {
@@ -486,10 +228,17 @@ export class SharedVaultService
      throw new Error('Cannot share self contact')
    }

-    const ownedVaults = this.getAllSharedVaults().filter(this.isCurrentUserSharedVaultAdmin.bind(this))
+    const ownedVaults = this.getAllSharedVaults().filter((vault) => {
+      return this._isVaultAdmin
+        .execute({
+          sharedVault: vault,
+          userUuid: this.session.userUuid,
+        })
+        .getValue()
+    })

    for (const vault of ownedVaults) {
-      await this.shareContactWithVault.execute({
+      await this._shareContactWithVault.execute({
        keys: {
          encryption: this.encryption.getKeyPair(),
          signing: this.encryption.getSigningKeyPair(),
@@ -506,7 +255,7 @@ export class SharedVaultService
      return undefined
    }

-    const contact = this.findContact.execute({ userUuid: item.last_edited_by_uuid })
+    const contact = this._findContact.execute({ userUuid: item.last_edited_by_uuid })

    return contact.isFailed() ? undefined : contact.getValue()
  }
@@ -516,37 +265,8 @@ export class SharedVaultService
      return undefined
    }

-    const contact = this.findContact.execute({ userUuid: item.user_uuid })
+    const contact = this._findContact.execute({ userUuid: item.user_uuid })

    return contact.isFailed() ? undefined : contact.getValue()
  }
-
-  override deinit(): void {
-    super.deinit()
-    ;(this.sync as unknown) = undefined
-    ;(this.items as unknown) = undefined
-    ;(this.encryption as unknown) = undefined
-    ;(this.session as unknown) = undefined
-    ;(this.vaults as unknown) = undefined
-    ;(this.invitesServer as unknown) = undefined
-    ;(this.getVault as unknown) = undefined
-    ;(this.createSharedVaultUseCase as unknown) = undefined
-    ;(this.handleKeyPairChange as unknown) = undefined
-    ;(this.notifyVaultUsersOfKeyRotation as unknown) = undefined
-    ;(this.sendVaultDataChangeMessage as unknown) = undefined
-    ;(this.getTrustedPayload as unknown) = undefined
-    ;(this.getUntrustedPayload as unknown) = undefined
-    ;(this.findContact as unknown) = undefined
-    ;(this.getAllContacts as unknown) = undefined
-    ;(this.getVaultContacts as unknown) = undefined
-    ;(this.acceptVaultInvite as unknown) = undefined
-    ;(this.inviteToVault as unknown) = undefined
-    ;(this.leaveVault as unknown) = undefined
-    ;(this.deleteThirdPartyVault as unknown) = undefined
-    ;(this.shareContactWithVault as unknown) = undefined
-    ;(this.convertToSharedVault as unknown) = undefined
-    ;(this.deleteSharedVaultUseCase as unknown) = undefined
-    ;(this.removeVaultMember as unknown) = undefined
-    ;(this.getSharedVaultUsersUseCase as unknown) = undefined
-  }
 }
--- a/packages/services/src/Domain/SharedVaults/SharedVaultServiceInterface.ts
+++ b/packages/services/src/Domain/SharedVaults/SharedVaultServiceInterface.ts
@@ -1,9 +1,4 @@
-import {
-  ClientDisplayableError,
-  SharedVaultInviteServerHash,
-  SharedVaultUserServerHash,
-  SharedVaultPermission,
-} from '@standardnotes/responses'
+import { ClientDisplayableError } from '@standardnotes/responses'
 import {
  DecryptedItemInterface,
  TrustedContactInterface,
@@ -13,8 +8,6 @@ import {
 } from '@standardnotes/models'
 import { AbstractService } from '../Service/AbstractService'
 import { SharedVaultServiceEvent, SharedVaultServiceEventPayload } from './SharedVaultServiceEvent'
-import { PendingSharedVaultInviteRecord } from './PendingSharedVaultInviteRecord'
-import { Result } from '@standardnotes/domain-core'

 export interface SharedVaultServiceInterface
  extends AbstractService<SharedVaultServiceEvent, SharedVaultServiceEventPayload> {
@@ -25,32 +18,8 @@ export interface SharedVaultServiceInterface
    storagePreference?: KeySystemRootKeyStorageMode
  }): Promise<VaultListingInterface | ClientDisplayableError>
  deleteSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void>
-
  convertVaultToSharedVault(vault: VaultListingInterface): Promise<SharedVaultListingInterface | ClientDisplayableError>

-  inviteContactToSharedVault(
-    sharedVault: SharedVaultListingInterface,
-    contact: TrustedContactInterface,
-    permissions: SharedVaultPermission,
-  ): Promise<Result<SharedVaultInviteServerHash>>
-  removeUserFromSharedVault(
-    sharedVault: SharedVaultListingInterface,
-    userUuid: string,
-  ): Promise<ClientDisplayableError | void>
-  leaveSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void>
-  getSharedVaultUsers(sharedVault: SharedVaultListingInterface): Promise<SharedVaultUserServerHash[] | undefined>
-  isSharedVaultUserSharedVaultOwner(user: SharedVaultUserServerHash): boolean
-  isCurrentUserSharedVaultAdmin(sharedVault: SharedVaultListingInterface): boolean
-
  getItemLastEditedBy(item: DecryptedItemInterface): TrustedContactInterface | undefined
  getItemSharedBy(item: DecryptedItemInterface): TrustedContactInterface | undefined
-
-  downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]>
-  getOutboundInvites(
-    sharedVault?: SharedVaultListingInterface,
-  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError>
-  acceptPendingSharedVaultInvite(pendingInvite: PendingSharedVaultInviteRecord): Promise<void>
-  getCachedPendingInviteRecords(): PendingSharedVaultInviteRecord[]
-  getInvitableContactsForSharedVault(sharedVault: SharedVaultListingInterface): Promise<TrustedContactInterface[]>
-  deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void>
 }
--- a/packages/services/src/Domain/SharedVaults/UseCase/NotifyVaultUsersOfKeyRotation.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/NotifyVaultUsersOfKeyRotation.ts
@@ -4,8 +4,8 @@ import { SharedVaultInviteServerHash, isErrorResponse } from '@standardnotes/res
 import { SendVaultKeyChangedMessage } from './SendVaultKeyChangedMessage'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
 import { Result, UseCaseInterface } from '@standardnotes/domain-core'
-import { InviteToVault } from './InviteToVault'
-import { GetVaultContacts } from './GetVaultContacts'
+import { InviteToVault } from '../../VaultInvite/UseCase/InviteToVault'
+import { GetVaultContacts } from '../../VaultUser/UseCase/GetVaultContacts'
 import { DecryptOwnMessage } from '../../Encryption/UseCase/Asymmetric/DecryptOwnMessage'
 import { FindContact } from '../../Contacts/UseCase/FindContact'

--- a/packages/services/src/Domain/SharedVaults/UseCase/SendVaultDataChangedMessage.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/SendVaultDataChangedMessage.ts
@@ -5,7 +5,7 @@ import {
  TrustedContactInterface,
 } from '@standardnotes/models'
 import { AsymmetricMessageServerHash } from '@standardnotes/responses'
-import { GetVaultUsers } from './GetVaultUsers'
+import { GetVaultUsers } from '../../VaultUser/UseCase/GetVaultUsers'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
 import { SendMessage } from '../../AsymmetricMessage/UseCase/SendMessage'
 import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
--- a/packages/services/src/Domain/SharedVaults/UseCase/SendVaultKeyChangedMessage.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/SendVaultKeyChangedMessage.ts
@@ -5,7 +5,7 @@ import {
  TrustedContactInterface,
 } from '@standardnotes/models'
 import { AsymmetricMessageServerHash } from '@standardnotes/responses'
-import { GetVaultUsers } from './GetVaultUsers'
+import { GetVaultUsers } from '../../VaultUser/UseCase/GetVaultUsers'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
 import { SendMessage } from '../../AsymmetricMessage/UseCase/SendMessage'
 import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
--- a/packages/services/src/Domain/SharedVaults/UseCase/ShareContactWithVault.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/ShareContactWithVault.ts
@@ -8,7 +8,7 @@ import { SendMessage } from '../../AsymmetricMessage/UseCase/SendMessage'
 import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
 import { Result, UseCaseInterface } from '@standardnotes/domain-core'
 import { FindContact } from '../../Contacts/UseCase/FindContact'
-import { GetVaultUsers } from './GetVaultUsers'
+import { GetVaultUsers } from '../../VaultUser/UseCase/GetVaultUsers'

 export class ShareContactWithVault implements UseCaseInterface<void> {
  constructor(
--- a/packages/services/src/Domain/SharedVaults/UseCase/UpdateSharedVaultInvite.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/UpdateSharedVaultInvite.ts
@@ -1,31 +0,0 @@
-import {
-  ClientDisplayableError,
-  SharedVaultInviteServerHash,
-  isErrorResponse,
-  SharedVaultPermission,
-} from '@standardnotes/responses'
-import { SharedVaultInvitesServerInterface } from '@standardnotes/api'
-
-export class UpdateSharedVaultInviteUseCase {
-  constructor(private vaultInvitesServer: SharedVaultInvitesServerInterface) {}
-
-  async execute(params: {
-    sharedVaultUuid: string
-    inviteUuid: string
-    encryptedMessage: string
-    permissions: SharedVaultPermission
-  }): Promise<SharedVaultInviteServerHash | ClientDisplayableError> {
-    const response = await this.vaultInvitesServer.updateInvite({
-      sharedVaultUuid: params.sharedVaultUuid,
-      inviteUuid: params.inviteUuid,
-      encryptedMessage: params.encryptedMessage,
-      permissions: params.permissions,
-    })
-
-    if (isErrorResponse(response)) {
-      return ClientDisplayableError.FromNetworkError(response)
-    }
-
-    return response.data.invite
-  }
-}
--- a/packages/services/src/Domain/SharedVaults/PendingSharedVaultInviteRecord.ts
+++ b/packages/services/src/Domain/SharedVaults/PendingSharedVaultInviteRecord.ts
@@ -1,7 +1,7 @@
 import { AsymmetricMessageSharedVaultInvite } from '@standardnotes/models'
 import { SharedVaultInviteServerHash } from '@standardnotes/responses'

-export type PendingSharedVaultInviteRecord = {
+export type InviteRecord = {
  invite: SharedVaultInviteServerHash
  message: AsymmetricMessageSharedVaultInvite
  trusted: boolean
--- a/packages/services/src/Domain/SharedVaults/UseCase/AcceptVaultInvite.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/AcceptVaultInvite.ts
--- a/packages/services/src/Domain/SharedVaults/UseCase/InviteToVault.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/InviteToVault.ts
@@ -9,7 +9,7 @@ import { SendVaultInvite } from './SendVaultInvite'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
 import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessage'
 import { Result, UseCaseInterface } from '@standardnotes/domain-core'
-import { ShareContactWithVault } from './ShareContactWithVault'
+import { ShareContactWithVault } from '../../SharedVaults/UseCase/ShareContactWithVault'
 import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'

 export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHash> {
--- a/packages/services/src/Domain/SharedVaults/UseCase/ReuploadAllInvites.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/ReuploadAllInvites.ts
--- a/packages/services/src/Domain/SharedVaults/UseCase/ReuploadInvite.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/ReuploadInvite.ts
@@ -1,4 +1,4 @@
-import { DecryptOwnMessage } from './../../Encryption/UseCase/Asymmetric/DecryptOwnMessage'
+import { DecryptOwnMessage } from '../../Encryption/UseCase/Asymmetric/DecryptOwnMessage'
 import { AsymmetricMessageSharedVaultInvite, TrustedContactInterface } from '@standardnotes/models'
 import { SharedVaultInviteServerHash } from '@standardnotes/responses'
 import { PkcKeyPair } from '@standardnotes/sncrypto-common'
--- a/packages/services/src/Domain/SharedVaults/UseCase/ReuploadVaultInvites.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/ReuploadVaultInvites.ts
--- a/packages/services/src/Domain/SharedVaults/UseCase/SendVaultInvite.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/SendVaultInvite.ts
--- a/packages/services/src/Domain/VaultInvite/VaultInviteService.ts
+++ b/packages/services/src/Domain/VaultInvite/VaultInviteService.ts
@@ -0,0 +1,274 @@
+import { AcceptVaultInvite } from './UseCase/AcceptVaultInvite'
+import { SyncEvent, SyncEventReceivedSharedVaultInvitesData } from './../Event/SyncEvent'
+import { SessionEvent } from './../Session/SessionEvent'
+import { InternalEventInterface } from './../Internal/InternalEventInterface'
+import { InternalEventHandlerInterface } from './../Internal/InternalEventHandlerInterface'
+import { ItemManagerInterface } from './../Item/ItemManagerInterface'
+import { FindContact } from './../Contacts/UseCase/FindContact'
+import { GetUntrustedPayload } from './../AsymmetricMessage/UseCase/GetUntrustedPayload'
+import { GetTrustedPayload } from './../AsymmetricMessage/UseCase/GetTrustedPayload'
+import { InviteRecord } from './InviteRecord'
+import { VaultUserServiceInterface } from './../VaultUser/VaultUserServiceInterface'
+import { GetVault } from './../Vaults/UseCase/GetVault'
+import { InviteToVault } from './UseCase/InviteToVault'
+import { GetVaultContacts } from '../VaultUser/UseCase/GetVaultContacts'
+import { SyncServiceInterface } from './../Sync/SyncServiceInterface'
+import { EncryptionProviderInterface } from './../Encryption/EncryptionProviderInterface'
+import { InternalEventBusInterface } from './../Internal/InternalEventBusInterface'
+import { SessionsClientInterface } from './../Session/SessionsClientInterface'
+import { GetAllContacts } from './../Contacts/UseCase/GetAllContacts'
+import {
+  AsymmetricMessageSharedVaultInvite,
+  PayloadEmitSource,
+  SharedVaultListingInterface,
+  TrustedContactInterface,
+} from '@standardnotes/models'
+import { VaultInviteServiceInterface } from './VaultInviteServiceInterface'
+import {
+  ClientDisplayableError,
+  SharedVaultInviteServerHash,
+  SharedVaultPermission,
+  SharedVaultUserServerHash,
+  isErrorResponse,
+} from '@standardnotes/responses'
+import { AbstractService } from './../Service/AbstractService'
+import { VaultInviteServiceEvent } from './VaultInviteServiceEvent'
+import { ContentType, Result } from '@standardnotes/domain-core'
+import { SharedVaultInvitesServer } from '@standardnotes/api'
+
+export class VaultInviteService
+  extends AbstractService<VaultInviteServiceEvent>
+  implements VaultInviteServiceInterface, InternalEventHandlerInterface
+{
+  private pendingInvites: Record<string, InviteRecord> = {}
+
+  constructor(
+    items: ItemManagerInterface,
+    private session: SessionsClientInterface,
+    private vaultUsers: VaultUserServiceInterface,
+    private sync: SyncServiceInterface,
+    private encryption: EncryptionProviderInterface,
+    private invitesServer: SharedVaultInvitesServer,
+    private _getAllContacts: GetAllContacts,
+    private _getVault: GetVault,
+    private _getVaultContacts: GetVaultContacts,
+    private _inviteToVault: InviteToVault,
+    private _getTrustedPayload: GetTrustedPayload,
+    private _getUntrustedPayload: GetUntrustedPayload,
+    private _findContact: FindContact,
+    private _acceptVaultInvite: AcceptVaultInvite,
+    eventBus: InternalEventBusInterface,
+  ) {
+    super(eventBus)
+
+    this.eventDisposers.push(
+      items.addObserver<TrustedContactInterface>(ContentType.TYPES.TrustedContact, async ({ inserted, source }) => {
+        if (source === PayloadEmitSource.LocalChanged && inserted.length > 0) {
+          void this.downloadInboundInvites()
+        }
+
+        await this.reprocessCachedInvitesTrustStatusAfterTrustedContactsChange()
+      }),
+    )
+  }
+
+  override deinit(): void {
+    super.deinit()
+    ;(this.session as unknown) = undefined
+    ;(this.vaultUsers as unknown) = undefined
+    ;(this.sync as unknown) = undefined
+    ;(this.encryption as unknown) = undefined
+    ;(this.invitesServer as unknown) = undefined
+    ;(this._getAllContacts as unknown) = undefined
+    ;(this._getVault as unknown) = undefined
+    ;(this._getVaultContacts as unknown) = undefined
+    ;(this._inviteToVault as unknown) = undefined
+    ;(this._getTrustedPayload as unknown) = undefined
+    ;(this._getUntrustedPayload as unknown) = undefined
+    ;(this._findContact as unknown) = undefined
+    ;(this._acceptVaultInvite as unknown) = undefined
+
+    this.pendingInvites = {}
+  }
+
+  async handleEvent(event: InternalEventInterface): Promise<void> {
+    switch (event.type) {
+      case SessionEvent.UserKeyPairChanged:
+        void this.invitesServer.deleteAllInboundInvites()
+        break
+      case SyncEvent.ReceivedSharedVaultInvites:
+        await this.processInboundInvites(event.payload as SyncEventReceivedSharedVaultInvitesData)
+        break
+    }
+  }
+
+  public getCachedPendingInviteRecords(): InviteRecord[] {
+    return Object.values(this.pendingInvites)
+  }
+
+  public async downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]> {
+    const response = await this.invitesServer.getInboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to get inbound user invites ${response}`)
+    }
+
+    this.pendingInvites = {}
+
+    await this.processInboundInvites(response.data.invites)
+
+    return response.data.invites
+  }
+
+  public async getOutboundInvites(
+    sharedVault?: SharedVaultListingInterface,
+  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError> {
+    const response = await this.invitesServer.getOutboundUserInvites()
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to get outbound user invites ${response}`)
+    }
+
+    if (sharedVault) {
+      return response.data.invites.filter((invite) => invite.shared_vault_uuid === sharedVault.sharing.sharedVaultUuid)
+    }
+
+    return response.data.invites
+  }
+
+  public async acceptInvite(pendingInvite: InviteRecord): Promise<void> {
+    if (!pendingInvite.trusted) {
+      throw new Error('Cannot accept untrusted invite')
+    }
+
+    await this._acceptVaultInvite.execute({ invite: pendingInvite.invite, message: pendingInvite.message })
+
+    delete this.pendingInvites[pendingInvite.invite.uuid]
+
+    void this.sync.sync()
+
+    await this.encryption.decryptErroredPayloads()
+
+    await this.sync.syncSharedVaultsFromScratch([pendingInvite.invite.shared_vault_uuid])
+  }
+
+  public async getInvitableContactsForSharedVault(
+    sharedVault: SharedVaultListingInterface,
+  ): Promise<TrustedContactInterface[]> {
+    const users = await this.vaultUsers.getSharedVaultUsers(sharedVault)
+    if (!users) {
+      return []
+    }
+
+    const contacts = this._getAllContacts.execute()
+    if (contacts.isFailed()) {
+      return []
+    }
+    return contacts.getValue().filter((contact) => {
+      const isContactAlreadyInVault = users.some((user) => user.user_uuid === contact.contactUuid)
+      return !isContactAlreadyInVault
+    })
+  }
+
+  public async inviteContactToSharedVault(
+    sharedVault: SharedVaultListingInterface,
+    contact: TrustedContactInterface,
+    permissions: SharedVaultPermission,
+  ): Promise<Result<SharedVaultInviteServerHash>> {
+    const contactsResult = await this._getVaultContacts.execute(sharedVault.sharing.sharedVaultUuid)
+    if (contactsResult.isFailed()) {
+      return Result.fail(contactsResult.getError())
+    }
+
+    const contacts = contactsResult.getValue()
+
+    const result = await this._inviteToVault.execute({
+      keys: {
+        encryption: this.encryption.getKeyPair(),
+        signing: this.encryption.getSigningKeyPair(),
+      },
+      senderUuid: this.session.getSureUser().uuid,
+      sharedVault,
+      recipient: contact,
+      sharedVaultContacts: contacts,
+      permissions,
+    })
+
+    void this.notifyEvent(VaultInviteServiceEvent.InviteSent)
+
+    await this.sync.sync()
+
+    return result
+  }
+
+  public isVaultUserOwner(user: SharedVaultUserServerHash): boolean {
+    const result = this._getVault.execute<SharedVaultListingInterface>({ sharedVaultUuid: user.shared_vault_uuid })
+    if (result.isFailed()) {
+      return false
+    }
+
+    const vault = result.getValue()
+    return vault != undefined && vault.sharing.ownerUserUuid === user.user_uuid
+  }
+
+  public async deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void> {
+    const response = await this.invitesServer.deleteInvite({
+      sharedVaultUuid: invite.shared_vault_uuid,
+      inviteUuid: invite.uuid,
+    })
+
+    if (isErrorResponse(response)) {
+      return ClientDisplayableError.FromString(`Failed to delete invite ${response}`)
+    }
+
+    delete this.pendingInvites[invite.uuid]
+  }
+
+  private async reprocessCachedInvitesTrustStatusAfterTrustedContactsChange(): Promise<void> {
+    const cachedInvites = this.getCachedPendingInviteRecords().map((record) => record.invite)
+
+    await this.processInboundInvites(cachedInvites)
+  }
+
+  private async processInboundInvites(invites: SharedVaultInviteServerHash[]): Promise<void> {
+    if (invites.length === 0) {
+      return
+    }
+
+    for (const invite of invites) {
+      const sender = this._findContact.execute({ userUuid: invite.sender_uuid })
+      if (!sender.isFailed()) {
+        const trustedMessage = this._getTrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
+          message: invite,
+          privateKey: this.encryption.getKeyPair().privateKey,
+          sender: sender.getValue(),
+        })
+
+        if (!trustedMessage.isFailed()) {
+          this.pendingInvites[invite.uuid] = {
+            invite,
+            message: trustedMessage.getValue(),
+            trusted: true,
+          }
+
+          continue
+        }
+      }
+
+      const untrustedMessage = this._getUntrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
+        message: invite,
+        privateKey: this.encryption.getKeyPair().privateKey,
+      })
+
+      if (!untrustedMessage.isFailed()) {
+        this.pendingInvites[invite.uuid] = {
+          invite,
+          message: untrustedMessage.getValue(),
+          trusted: false,
+        }
+      }
+    }
+
+    void this.notifyEvent(VaultInviteServiceEvent.InvitesReloaded)
+  }
+}
--- a/packages/services/src/Domain/VaultInvite/VaultInviteServiceEvent.ts
+++ b/packages/services/src/Domain/VaultInvite/VaultInviteServiceEvent.ts
@@ -0,0 +1,4 @@
+export enum VaultInviteServiceEvent {
+  InviteSent = 'VaultInviteServiceEvent.InviteSent',
+  InvitesReloaded = 'VaultInviteServiceEvent.InvitesReloaded',
+}
--- a/packages/services/src/Domain/VaultInvite/VaultInviteServiceInterface.ts
+++ b/packages/services/src/Domain/VaultInvite/VaultInviteServiceInterface.ts
@@ -0,0 +1,22 @@
+import { InviteRecord } from './InviteRecord'
+import { ApplicationServiceInterface } from '../Service/ApplicationServiceInterface'
+import { SharedVaultListingInterface, TrustedContactInterface } from '@standardnotes/models'
+import { ClientDisplayableError, SharedVaultInviteServerHash, SharedVaultPermission } from '@standardnotes/responses'
+import { VaultInviteServiceEvent } from './VaultInviteServiceEvent'
+import { Result } from '@standardnotes/domain-core'
+
+export interface VaultInviteServiceInterface extends ApplicationServiceInterface<VaultInviteServiceEvent, unknown> {
+  getInvitableContactsForSharedVault(sharedVault: SharedVaultListingInterface): Promise<TrustedContactInterface[]>
+  inviteContactToSharedVault(
+    sharedVault: SharedVaultListingInterface,
+    contact: TrustedContactInterface,
+    permissions: SharedVaultPermission,
+  ): Promise<Result<SharedVaultInviteServerHash>>
+  getCachedPendingInviteRecords(): InviteRecord[]
+  deleteInvite(invite: SharedVaultInviteServerHash): Promise<ClientDisplayableError | void>
+  downloadInboundInvites(): Promise<ClientDisplayableError | SharedVaultInviteServerHash[]>
+  getOutboundInvites(
+    sharedVault?: SharedVaultListingInterface,
+  ): Promise<SharedVaultInviteServerHash[] | ClientDisplayableError>
+  acceptInvite(pendingInvite: InviteRecord): Promise<void>
+}
--- a/packages/services/src/Domain/SharedVaults/UseCase/GetVaultContacts.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/GetVaultContacts.ts
--- a/packages/services/src/Domain/SharedVaults/UseCase/GetVaultUsers.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/GetVaultUsers.ts
--- a/packages/services/src/Domain/VaultUser/UseCase/IsVaultAdmin.ts
+++ b/packages/services/src/Domain/VaultUser/UseCase/IsVaultAdmin.ts
@@ -0,0 +1,12 @@
+import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
+import { SharedVaultListingInterface } from '@standardnotes/models'
+
+export class IsVaultAdmin implements SyncUseCaseInterface<boolean> {
+  execute(dto: { sharedVault: SharedVaultListingInterface; userUuid: string }): Result<boolean> {
+    if (!dto.sharedVault.sharing.ownerUserUuid) {
+      throw new Error(`Shared vault ${dto.sharedVault.sharing.sharedVaultUuid} does not have an owner user uuid`)
+    }
+
+    return Result.ok(dto.sharedVault.sharing.ownerUserUuid === dto.userUuid)
+  }
+}
--- a/packages/services/src/Domain/SharedVaults/UseCase/LeaveSharedVault.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/LeaveSharedVault.ts
@@ -1,6 +1,6 @@
 import { ClientDisplayableError, isErrorResponse } from '@standardnotes/responses'
 import { SharedVaultUsersServerInterface } from '@standardnotes/api'
-import { DeleteThirdPartyVault } from './DeleteExternalSharedVault'
+import { DeleteThirdPartyVault } from '../../SharedVaults/UseCase/DeleteExternalSharedVault'
 import { ItemManagerInterface } from '../../Item/ItemManagerInterface'
 import { SharedVaultListingInterface } from '@standardnotes/models'

--- a/packages/services/src/Domain/SharedVaults/UseCase/RemoveSharedVaultMember.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/RemoveSharedVaultMember.ts
@@ -1,17 +1,20 @@
-import { ClientDisplayableError, isErrorResponse } from '@standardnotes/responses'
+import { getErrorFromErrorResponse, isErrorResponse } from '@standardnotes/responses'
 import { SharedVaultUsersServerInterface } from '@standardnotes/api'
+import { Result, UseCaseInterface } from '@standardnotes/domain-core'

-export class RemoveVaultMember {
+export class RemoveVaultMember implements UseCaseInterface<void> {
  constructor(private vaultUserServer: SharedVaultUsersServerInterface) {}

-  async execute(params: { sharedVaultUuid: string; userUuid: string }): Promise<ClientDisplayableError | void> {
+  async execute(params: { sharedVaultUuid: string; userUuid: string }): Promise<Result<void>> {
    const response = await this.vaultUserServer.deleteSharedVaultUser({
      sharedVaultUuid: params.sharedVaultUuid,
      userUuid: params.userUuid,
    })

    if (isErrorResponse(response)) {
-      return ClientDisplayableError.FromNetworkError(response)
+      return Result.fail(getErrorFromErrorResponse(response).message)
    }
+
+    return Result.ok()
  }
 }
--- a/packages/services/src/Domain/VaultUser/VaultUserService.ts
+++ b/packages/services/src/Domain/VaultUser/VaultUserService.ts
@@ -0,0 +1,103 @@
+import { LeaveVault } from './UseCase/LeaveSharedVault'
+import { GetVault } from './../Vaults/UseCase/GetVault'
+import { InternalEventBusInterface } from './../Internal/InternalEventBusInterface'
+import { RemoveVaultMember } from './UseCase/RemoveSharedVaultMember'
+import { VaultServiceInterface } from './../Vaults/VaultServiceInterface'
+import { SessionsClientInterface } from './../Session/SessionsClientInterface'
+import { GetVaultUsers } from './UseCase/GetVaultUsers'
+import { SharedVaultListingInterface } from '@standardnotes/models'
+import { VaultUserServiceInterface } from './VaultUserServiceInterface'
+import { ClientDisplayableError, SharedVaultUserServerHash, isClientDisplayableError } from '@standardnotes/responses'
+import { AbstractService } from './../Service/AbstractService'
+import { VaultUserServiceEvent } from './VaultUserServiceEvent'
+import { Result } from '@standardnotes/domain-core'
+import { IsVaultAdmin } from './UseCase/IsVaultAdmin'
+
+export class VaultUserService extends AbstractService<VaultUserServiceEvent> implements VaultUserServiceInterface {
+  constructor(
+    private session: SessionsClientInterface,
+    private vaults: VaultServiceInterface,
+    private _getVaultUsers: GetVaultUsers,
+    private _removeVaultMember: RemoveVaultMember,
+    private _isVaultAdmin: IsVaultAdmin,
+    private _getVault: GetVault,
+    private _leaveVault: LeaveVault,
+    eventBus: InternalEventBusInterface,
+  ) {
+    super(eventBus)
+  }
+
+  override deinit(): void {
+    super.deinit()
+    ;(this.session as unknown) = undefined
+    ;(this.vaults as unknown) = undefined
+    ;(this._getVaultUsers as unknown) = undefined
+    ;(this._removeVaultMember as unknown) = undefined
+    ;(this._isVaultAdmin as unknown) = undefined
+    ;(this._getVault as unknown) = undefined
+    ;(this._leaveVault as unknown) = undefined
+  }
+
+  public async getSharedVaultUsers(
+    sharedVault: SharedVaultListingInterface,
+  ): Promise<SharedVaultUserServerHash[] | undefined> {
+    return this._getVaultUsers.execute({ sharedVaultUuid: sharedVault.sharing.sharedVaultUuid })
+  }
+
+  public isCurrentUserSharedVaultAdmin(sharedVault: SharedVaultListingInterface): boolean {
+    return this._isVaultAdmin
+      .execute({
+        sharedVault,
+        userUuid: this.session.userUuid,
+      })
+      .getValue()
+  }
+
+  async removeUserFromSharedVault(sharedVault: SharedVaultListingInterface, userUuid: string): Promise<Result<void>> {
+    if (!this.isCurrentUserSharedVaultAdmin(sharedVault)) {
+      throw new Error('Only vault admins can remove users')
+    }
+
+    if (this.vaults.isVaultLocked(sharedVault)) {
+      throw new Error('Cannot remove user from locked vault')
+    }
+
+    const result = await this._removeVaultMember.execute({
+      sharedVaultUuid: sharedVault.sharing.sharedVaultUuid,
+      userUuid,
+    })
+
+    if (result.isFailed()) {
+      return result
+    }
+
+    void this.notifyEvent(VaultUserServiceEvent.UsersChanged)
+
+    await this.vaults.rotateVaultRootKey(sharedVault)
+
+    return result
+  }
+
+  public isVaultUserOwner(user: SharedVaultUserServerHash): boolean {
+    const result = this._getVault.execute<SharedVaultListingInterface>({ sharedVaultUuid: user.shared_vault_uuid })
+    if (result.isFailed()) {
+      return false
+    }
+
+    const vault = result.getValue()
+    return vault != undefined && vault.sharing.ownerUserUuid === user.user_uuid
+  }
+
+  async leaveSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void> {
+    const result = await this._leaveVault.execute({
+      sharedVault: sharedVault,
+      userUuid: this.session.getSureUser().uuid,
+    })
+
+    if (isClientDisplayableError(result)) {
+      return result
+    }
+
+    void this.notifyEvent(VaultUserServiceEvent.UsersChanged)
+  }
+}
--- a/packages/services/src/Domain/VaultUser/VaultUserServiceEvent.ts
+++ b/packages/services/src/Domain/VaultUser/VaultUserServiceEvent.ts
@@ -0,0 +1,3 @@
+export enum VaultUserServiceEvent {
+  UsersChanged = 'VaultUserServiceEvent.UsersChanged',
+}
--- a/packages/services/src/Domain/VaultUser/VaultUserServiceInterface.ts
+++ b/packages/services/src/Domain/VaultUser/VaultUserServiceInterface.ts
@@ -0,0 +1,13 @@
+import { ApplicationServiceInterface } from './../Service/ApplicationServiceInterface'
+import { SharedVaultListingInterface } from '@standardnotes/models'
+import { ClientDisplayableError, SharedVaultUserServerHash } from '@standardnotes/responses'
+import { VaultUserServiceEvent } from './VaultUserServiceEvent'
+import { Result } from '@standardnotes/domain-core'
+
+export interface VaultUserServiceInterface extends ApplicationServiceInterface<VaultUserServiceEvent, unknown> {
+  getSharedVaultUsers(sharedVault: SharedVaultListingInterface): Promise<SharedVaultUserServerHash[] | undefined>
+  isCurrentUserSharedVaultAdmin(sharedVault: SharedVaultListingInterface): boolean
+  removeUserFromSharedVault(sharedVault: SharedVaultListingInterface, userUuid: string): Promise<Result<void>>
+  leaveSharedVault(sharedVault: SharedVaultListingInterface): Promise<ClientDisplayableError | void>
+  isVaultUserOwner(user: SharedVaultUserServerHash): boolean
+}
--- a/packages/services/src/Domain/index.ts
+++ b/packages/services/src/Domain/index.ts
@@ -57,15 +57,15 @@ export * from './Device/MobileDeviceInterface'
 export * from './Device/TypeCheck'
 export * from './Device/WebOrDesktopDeviceInterface'
 export * from './Diagnostics/ServiceDiagnostics'
-export * from './Encryption/UseCase/DecryptBackupFile'
-export * from './Encryption/EncryptionService'
 export * from './Encryption/EncryptionProviderInterface'
+export * from './Encryption/EncryptionService'
 export * from './Encryption/EncryptionServiceEvent'
 export * from './Encryption/Functions'
 export * from './Encryption/UseCase/Asymmetric/DecryptMessage'
 export * from './Encryption/UseCase/Asymmetric/DecryptOwnMessage'
 export * from './Encryption/UseCase/Asymmetric/EncryptMessage'
 export * from './Encryption/UseCase/Asymmetric/GetMessageAdditionalData'
+export * from './Encryption/UseCase/DecryptBackupFile'
 export * from './Encryption/UseCase/ItemsKey/CreateNewDefaultItemsKey'
 export * from './Encryption/UseCase/ItemsKey/CreateNewItemsKeyWithRollback'
 export * from './Encryption/UseCase/ItemsKey/FindDefaultItemsKey'
@@ -111,6 +111,7 @@ export * from './Item/ItemRelationshipDirection'
 export * from './Item/ItemsServerInterface'
 export * from './Item/StaticItemCounter'
 export * from './ItemsEncryption/ItemsEncryption'
+export * from './ItemsEncryption/ItemsEncryption'
 export * from './KeySystem/KeySystemKeyManager'
 export * from './Mutator/ImportDataUseCase'
 export * from './Mutator/MutatorClientInterface'
@@ -121,39 +122,25 @@ export * from './Protection/ProtectionClientInterface'
 export * from './Protection/TimingDisplayOption'
 export * from './Revision/RevisionClientInterface'
 export * from './Revision/RevisionManager'
-export * from './RootKeyManager/RootKeyManager'
 export * from './RootKeyManager/KeyMode'
-export * from './ItemsEncryption/ItemsEncryption'
+export * from './RootKeyManager/RootKeyManager'
 export * from './Service/AbstractService'
 export * from './Service/ApplicationServiceInterface'
 export * from './Session/SessionEvent'
 export * from './Session/SessionManagerResponse'
 export * from './Session/SessionsClientInterface'
 export * from './Session/UserKeyPairChangedEventData'
-export * from './SharedVaults/PendingSharedVaultInviteRecord'
 export * from './SharedVaults/SharedVaultService'
 export * from './SharedVaults/SharedVaultServiceEvent'
 export * from './SharedVaults/SharedVaultServiceInterface'
-export * from './SharedVaults/UseCase/AcceptVaultInvite'
 export * from './SharedVaults/UseCase/ConvertToSharedVault'
 export * from './SharedVaults/UseCase/CreateSharedVault'
 export * from './SharedVaults/UseCase/DeleteExternalSharedVault'
 export * from './SharedVaults/UseCase/DeleteSharedVault'
-export * from './SharedVaults/UseCase/GetVaultContacts'
-export * from './SharedVaults/UseCase/GetVaultContacts'
-export * from './SharedVaults/UseCase/GetVaultUsers'
-export * from './SharedVaults/UseCase/InviteToVault'
-export * from './SharedVaults/UseCase/LeaveSharedVault'
 export * from './SharedVaults/UseCase/NotifyVaultUsersOfKeyRotation'
-export * from './SharedVaults/UseCase/RemoveSharedVaultMember'
-export * from './SharedVaults/UseCase/ReuploadAllInvites'
-export * from './SharedVaults/UseCase/ReuploadInvite'
-export * from './SharedVaults/UseCase/ReuploadVaultInvites'
 export * from './SharedVaults/UseCase/SendVaultDataChangedMessage'
-export * from './SharedVaults/UseCase/SendVaultInvite'
 export * from './SharedVaults/UseCase/SendVaultKeyChangedMessage'
 export * from './SharedVaults/UseCase/ShareContactWithVault'
-export * from './SharedVaults/UseCase/UpdateSharedVaultInvite'
 export * from './Singleton/SingletonManagerInterface'
 export * from './Status/StatusService'
 export * from './Status/StatusServiceInterface'
@@ -186,6 +173,16 @@ export * from './User/UserClientInterface'
 export * from './User/UserService'
 export * from './UserEvent/UserEventService'
 export * from './UserEvent/UserEventServiceEvent'
+export * from './VaultInvite/InviteRecord'
+export * from './VaultInvite/UseCase/AcceptVaultInvite'
+export * from './VaultInvite/UseCase/InviteToVault'
+export * from './VaultInvite/UseCase/ReuploadAllInvites'
+export * from './VaultInvite/UseCase/ReuploadInvite'
+export * from './VaultInvite/UseCase/ReuploadVaultInvites'
+export * from './VaultInvite/UseCase/SendVaultInvite'
+export * from './VaultInvite/VaultInviteService'
+export * from './VaultInvite/VaultInviteServiceEvent'
+export * from './VaultInvite/VaultInviteServiceInterface'
 export * from './Vaults/ChangeVaultOptionsDTO'
 export * from './Vaults/UseCase/ChangeVaultKeyOptions'
 export * from './Vaults/UseCase/CreateVault'
@@ -197,3 +194,12 @@ export * from './Vaults/UseCase/RotateVaultKey'
 export * from './Vaults/VaultService'
 export * from './Vaults/VaultServiceEvent'
 export * from './Vaults/VaultServiceInterface'
+export * from './VaultUser/UseCase/GetVaultContacts'
+export * from './VaultUser/UseCase/GetVaultContacts'
+export * from './VaultUser/UseCase/GetVaultUsers'
+export * from './VaultUser/UseCase/IsVaultAdmin'
+export * from './VaultUser/UseCase/LeaveSharedVault'
+export * from './VaultUser/UseCase/RemoveSharedVaultMember'
+export * from './VaultUser/VaultUserService'
+export * from './VaultUser/VaultUserServiceEvent'
+export * from './VaultUser/VaultUserServiceInterface'