@agentunion/fastaun-browser 0.2.14 → 0.2.15

package/dist/e2ee.d.ts

@@ -9,6 +9,8 @@ export declare const MODE_LONG_TERM_KEY = "long_term_key";
 export declare const AAD_FIELDS_OFFLINE: readonly ["from", "to", "message_id", "timestamp", "encryption_mode", "suite", "ephemeral_public_key", "recipient_cert_fingerprint", "sender_cert_fingerprint", "prekey_id"];
 /** AAD 匹配字段（解密时校验，不含 timestamp） */
 export declare const AAD_MATCH_FIELDS_OFFLINE: readonly ["from", "to", "message_id", "encryption_mode", "suite", "ephemeral_public_key", "recipient_cert_fingerprint", "sender_cert_fingerprint", "prekey_id"];
+/** 兼容型可选 AAD 字段：存在时才参与 AAD，不为旧消息补 null。 */
+export declare const AAD_OPTIONAL_FIELDS: readonly ["payload_type", "protected_headers", "context_type", "context_id"];
 /** prekey 私钥本地保留时间（秒） */
 export declare const PREKEY_RETENTION_SECONDS: number;
 export declare const PREKEY_MIN_KEEP_COUNT = 7;
@@ -20,6 +22,19 @@ export interface PrekeyMaterial extends JsonObject {
     device_id?: string;
     cert_fingerprint?: string;
 }
+export type ProtectedHeadersInput = ProtectedHeaders | Record<string, unknown> | null | undefined;
+/** 端到端保护的信封元数据，语义接近 HTTP headers。 */
+export declare class ProtectedHeaders {
+    private _items;
+    constructor(values?: Record<string, unknown> | null);
+    private static normalizeKey;
+    set(key: string, value: unknown): this;
+    get(key: string, defaultValue?: string | null): string | null;
+    remove(key: string): this;
+    toObject(): Record<string, string>;
+    toJSON(): Record<string, string>;
+    static from(values?: Record<string, unknown> | null): ProtectedHeaders;
+}
 /** 加密结果信息 */
 export interface EncryptResult {
     encrypted: boolean;
@@ -102,6 +117,10 @@ export declare class E2EEManager {
         prekey?: PrekeyMaterial | null;
         messageId?: string;
         timestamp?: number;
+        protectedHeaders?: ProtectedHeadersInput;
+        protected_headers?: ProtectedHeadersInput;
+        headers?: ProtectedHeadersInput;
+        context?: JsonObject | null;
     }): Promise<[JsonObject, EncryptResult]>;
     /**
      * 加密出站消息：有 prekey → prekey_ecdh_v2（四路 ECDH），无 prekey → long_term_key。
@@ -114,6 +133,10 @@ export declare class E2EEManager {
         prekey?: PrekeyMaterial | null;
         messageId: string;
         timestamp: number;
+        protectedHeaders?: ProtectedHeadersInput;
+        protected_headers?: ProtectedHeadersInput;
+        headers?: ProtectedHeadersInput;
+        context?: JsonObject | null;
     }): Promise<[JsonObject, EncryptResult]>;
     /**
      * 使用对方 prekey 加密（prekey_ecdh_v2 模式，四路 ECDH + 发送方签名）

package/dist/e2ee.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"e2ee.d.ts","sourceRoot":"","sources":["../src/e2ee.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,OAAO,EAAgB,MAAM,YAAY,CAAC;AAEpF,aAAa;AACb,eAAO,MAAM,KAAK,iCAAiC,CAAC;AAEpD,WAAW;AACX,eAAO,MAAM,mBAAmB,mBAAmB,CAAC;AACpD,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAElD,oBAAoB;AACpB,eAAO,MAAM,kBAAkB,8KAKrB,CAAC;AAEX,mCAAmC;AACnC,eAAO,MAAM,wBAAwB,iKAK3B,CAAC;AAEX,yBAAyB;AACzB,eAAO,MAAM,wBAAwB,QAAgB,CAAC;AACtD,eAAO,MAAM,qBAAqB,IAAI,CAAC;AAEvC,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAiCD,aAAa;AACb,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAgDD,sBAAsB;AACtB,iBAAS,WAAW,CAAC,GAAG,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAUxD;AAED,gDAAgD;AAChD,iBAAS,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,QAAQ,SAAK,GAAG,UAAU,CA2B9D;AAED,2BAA2B;AAC3B,iBAAS,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CAWpD;AA8FD,6BAA6B;AAC7B,iBAAe,eAAe,CAAC,SAAS,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAItE;AAED,8BAA8B;AAC9B,iBAAe,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAElE;AAED,8BAA8B;AAC9B,iBAAe,4BAA4B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAK5E;AAQD,mCAAmC;AACnC,iBAAe,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAO3E;AAuCD,iBAAe,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAWpE;AAqBD,uBAAuB;AACvB,iBAAe,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAY5E;AAED,gEAAgE;AAChE,iBAAe,aAAa,CAC1B,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GACzE,OAAO,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CASnC;AAED,iBAAiB;AACjB,iBAAe,aAAa,CAC1B,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAC3F,OAAO,CAAC,UAAU,CAAC,CASrB;AAED,uCAAuC;AACvC,iBAAe,YAAY,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAOxF;AAED,4BAA4B;AAC5B,iBAAe,cAAc,CAC3B,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAC5D,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED,uBAAuB;AACvB,iBAAS,WAAW,IAAI,UAAU,CAIjC;AAED,iBAAiB;AACjB,iBAAS,MAAM,IAAI,MAAM,CAOxB;AAuBD;;;;;;;;GAQG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,YAAY,CAAW;IAC/B,qBAAqB;IACrB,OAAO,CAAC,aAAa,CAAmC;IACxD,OAAO,CAAC,YAAY,CAAS;IAC7B,mDAAmD;IACnD,OAAO,CAAC,YAAY,CAAwE;IAC5F,OAAO,CAAC,eAAe,CAAS;IAChC,sDAAsD;IACtD,OAAO,CAAC,iBAAiB,CAAkC;IAC3D,iBAAiB;IACjB,OAAO,CAAC,oBAAoB,CAAS;gBAEzB,IAAI,EAAE;QAChB,UAAU,EAAE,MAAM,cAAc,CAAC;QACjC,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;QAC1B,QAAQ,EAAE,QAAQ,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B;IAUD,mBAAmB;IACnB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI;IAO1D,8BAA8B;IAC9B,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAUvD,oBAAoB;IACpB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAM5C;;;OAGG;IACG,cAAc,CAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE;QACJ,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;QAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAavC;;;;;OAKG;IACG,eAAe,CACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE;QACJ,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,GACA,OAAO,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAyCvC;;;;;;;;OAQG;YACW,kBAAkB;IA0GhC;;;;;;OAMG;YACW,uBAAuB;IAoErC;;;;;;;OAOG;IACG,cAAc,CAClB,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IA0C1B,sCAAsC;IACtC,OAAO,CAAC,2BAA2B;IAkBnC,aAAa;YACC,uBAAuB;IAwBrC,cAAc;YACA,sBAAsB;IAmCpC,6BAA6B;YACf,cAAc;IAS5B,uCAAuC;YACzB,uBAAuB;IA8ErC,kCAAkC;YACpB,uBAAuB;IAuErC,0BAA0B;IAC1B,OAAO,CAAC,uBAAuB;IAqB/B;;;;OAIG;IACG,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC;IAuD/C,wBAAwB;YACV,sBAAsB;IAWpC,uCAAuC;YACzB,qBAAqB;IAoBnC,OAAO,CAAC,WAAW;IAMnB,OAAO,CAAC,gBAAgB;IAQxB,iCAAiC;YACnB,8BAA8B;IAO5C,oCAAoC;YACtB,+BAA+B;IAO7C,oDAAoD;YACtC,yBAAyB;IA2BvC,iCAAiC;YACnB,2BAA2B;IAOzC,kBAAkB;IAClB,OAAO,CAAC,YAAY;IAUpB,4CAA4C;IAC5C,kBAAkB,IAAI,IAAI;CAS3B;AAgBD,OAAO,EACL,eAAe,IAAI,gBAAgB,EACnC,WAAW,IAAI,YAAY,EAC3B,YAAY,IAAI,aAAa,EAC7B,cAAc,IAAI,eAAe,EACjC,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,aAAa,IAAI,cAAc,EAC/B,WAAW,IAAI,YAAY,EAC3B,MAAM,IAAI,OAAO,EACjB,kBAAkB,IAAI,mBAAmB,EACzC,4BAA4B,IAAI,6BAA6B,EAC7D,eAAe,IAAI,gBAAgB,EACnC,wBAAwB,IAAI,yBAAyB,EACrD,qBAAqB,IAAI,sBAAsB,EAC/C,UAAU,IAAI,WAAW,GAC1B,CAAC"}
+{"version":3,"file":"e2ee.d.ts","sourceRoot":"","sources":["../src/e2ee.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,OAAO,EAAgB,MAAM,YAAY,CAAC;AAEpF,aAAa;AACb,eAAO,MAAM,KAAK,iCAAiC,CAAC;AAEpD,WAAW;AACX,eAAO,MAAM,mBAAmB,mBAAmB,CAAC;AACpD,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAElD,oBAAoB;AACpB,eAAO,MAAM,kBAAkB,8KAKrB,CAAC;AAEX,mCAAmC;AACnC,eAAO,MAAM,wBAAwB,iKAK3B,CAAC;AAEX,2CAA2C;AAC3C,eAAO,MAAM,mBAAmB,8EAEtB,CAAC;AAQX,yBAAyB;AACzB,eAAO,MAAM,wBAAwB,QAAgB,CAAC;AACtD,eAAO,MAAM,qBAAqB,IAAI,CAAC;AAEvC,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAWD,MAAM,MAAM,qBAAqB,GAAG,gBAAgB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC;AAElG,qCAAqC;AACrC,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAA8B;gBAEhC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAQnD,OAAO,CAAC,MAAM,CAAC,YAAY;IAW3B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI;IAKtC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,GAAE,MAAM,GAAG,IAAW,GAAG,MAAM,GAAG,IAAI;IAOnE,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKzB,QAAQ,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAIlC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAIhC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,gBAAgB;CAGvE;AAwBD,aAAa;AACb,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,eAAe,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAgDD,sBAAsB;AACtB,iBAAS,WAAW,CAAC,GAAG,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAUxD;AAED,gDAAgD;AAChD,iBAAS,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,QAAQ,SAAK,GAAG,UAAU,CA2B9D;AA0LD,2BAA2B;AAC3B,iBAAS,eAAe,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CAEpD;AA8FD,6BAA6B;AAC7B,iBAAe,eAAe,CAAC,SAAS,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAItE;AAED,8BAA8B;AAC9B,iBAAe,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAElE;AAED,8BAA8B;AAC9B,iBAAe,4BAA4B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAK5E;AAQD,mCAAmC;AACnC,iBAAe,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAO3E;AAuCD,iBAAe,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAWpE;AAqBD,uBAAuB;AACvB,iBAAe,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAY5E;AAED,gEAAgE;AAChE,iBAAe,aAAa,CAC1B,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GACzE,OAAO,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CASnC;AAED,iBAAiB;AACjB,iBAAe,aAAa,CAC1B,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAC3F,OAAO,CAAC,UAAU,CAAC,CASrB;AAED,uCAAuC;AACvC,iBAAe,YAAY,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAOxF;AAED,4BAA4B;AAC5B,iBAAe,cAAc,CAC3B,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,GAC5D,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED,uBAAuB;AACvB,iBAAS,WAAW,IAAI,UAAU,CAIjC;AAED,iBAAiB;AACjB,iBAAS,MAAM,IAAI,MAAM,CAOxB;AAuBD;;;;;;;;GAQG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,YAAY,CAAW;IAC/B,qBAAqB;IACrB,OAAO,CAAC,aAAa,CAAmC;IACxD,OAAO,CAAC,YAAY,CAAS;IAC7B,mDAAmD;IACnD,OAAO,CAAC,YAAY,CAAwE;IAC5F,OAAO,CAAC,eAAe,CAAS;IAChC,sDAAsD;IACtD,OAAO,CAAC,iBAAiB,CAAkC;IAC3D,iBAAiB;IACjB,OAAO,CAAC,oBAAoB,CAAS;gBAEzB,IAAI,EAAE;QAChB,UAAU,EAAE,MAAM,cAAc,CAAC;QACjC,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;QAC1B,QAAQ,EAAE,QAAQ,CAAC;QACnB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B;IAUD,mBAAmB;IACnB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI;IAO1D,8BAA8B;IAC9B,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAUvD,oBAAoB;IACpB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAM5C;;;OAGG;IACG,cAAc,CAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE;QACJ,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;QAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,qBAAqB,CAAC;QACzC,iBAAiB,CAAC,EAAE,qBAAqB,CAAC;QAC1C,OAAO,CAAC,EAAE,qBAAqB,CAAC;QAChC,OAAO,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;KAC7B,GACA,OAAO,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAevC;;;;;OAKG;IACG,eAAe,CACnB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,IAAI,EAAE;QACJ,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;QAC/B,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,gBAAgB,CAAC,EAAE,qBAAqB,CAAC;QACzC,iBAAiB,CAAC,EAAE,qBAAqB,CAAC;QAC1C,OAAO,CAAC,EAAE,qBAAqB,CAAC;QAChC,OAAO,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;KAC7B,GACA,OAAO,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IA6CvC;;;;;;;;OAQG;YACW,kBAAkB;IAiHhC;;;;;;OAMG;YACW,uBAAuB;IA2ErC;;;;;;;OAOG;IACG,cAAc,CAClB,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IA0C1B,sCAAsC;IACtC,OAAO,CAAC,2BAA2B;IAkBnC,aAAa;YACC,uBAAuB;IAwBrC,cAAc;YACA,sBAAsB;IAmCpC,6BAA6B;YACf,cAAc;IAS5B,uCAAuC;YACzB,uBAAuB;IAyFrC,kCAAkC;YACpB,uBAAuB;IAkFrC,0BAA0B;IAC1B,OAAO,CAAC,uBAAuB;IAqB/B;;;;OAIG;IACG,cAAc,IAAI,OAAO,CAAC,cAAc,CAAC;IAuD/C,wBAAwB;YACV,sBAAsB;IAWpC,uCAAuC;YACzB,qBAAqB;IAoBnC,OAAO,CAAC,WAAW;IAMnB,OAAO,CAAC,gBAAgB;IAQxB,iCAAiC;YACnB,8BAA8B;IAO5C,oCAAoC;YACtB,+BAA+B;IAO7C,oDAAoD;YACtC,yBAAyB;IA2BvC,iCAAiC;YACnB,2BAA2B;IAOzC,kBAAkB;IAClB,OAAO,CAAC,YAAY;IAUpB,4CAA4C;IAC5C,kBAAkB,IAAI,IAAI;CAS3B;AAgBD,OAAO,EACL,eAAe,IAAI,gBAAgB,EACnC,WAAW,IAAI,YAAY,EAC3B,YAAY,IAAI,aAAa,EAC7B,cAAc,IAAI,eAAe,EACjC,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,aAAa,IAAI,cAAc,EAC/B,WAAW,IAAI,YAAY,EAC3B,MAAM,IAAI,OAAO,EACjB,kBAAkB,IAAI,mBAAmB,EACzC,4BAA4B,IAAI,6BAA6B,EAC7D,eAAe,IAAI,gBAAgB,EACnC,wBAAwB,IAAI,yBAAyB,EACrD,qBAAqB,IAAI,sBAAsB,EAC/C,UAAU,IAAI,WAAW,GAC1B,CAAC"}

package/dist/e2ee.js

@@ -21,9 +21,62 @@ export const AAD_MATCH_FIELDS_OFFLINE = [
     'recipient_cert_fingerprint', 'sender_cert_fingerprint',
     'prekey_id',
 ];
+/** 兼容型可选 AAD 字段：存在时才参与 AAD，不为旧消息补 null。 */
+export const AAD_OPTIONAL_FIELDS = [
+    'payload_type', 'protected_headers', 'context_type', 'context_id',
+];
+const METADATA_AUTH_FIELD = '_auth';
+const METADATA_AUTH_ALG = 'HMAC-SHA256';
+const METADATA_KEY_DOMAIN = new TextEncoder().encode('aun-envelope-metadata-key-v1');
+const PROTECTED_HEADERS_DOMAIN = new TextEncoder().encode('aun-protected-headers-v1');
+const PROTECTED_CONTEXT_DOMAIN = new TextEncoder().encode('aun-protected-context-v1');
 /** prekey 私钥本地保留时间（秒） */
 export const PREKEY_RETENTION_SECONDS = 7 * 24 * 3600;
 export const PREKEY_MIN_KEEP_COUNT = 7;
+/** 端到端保护的信封元数据，语义接近 HTTP headers。 */
+export class ProtectedHeaders {
+    _items = {};
+    constructor(values) {
+        if (values) {
+            for (const [key, value] of Object.entries(values)) {
+                this.set(key, value);
+            }
+        }
+    }
+    static normalizeKey(key) {
+        const value = String(key ?? '').trim().toLowerCase();
+        if (!value || !/^[a-z0-9_-]+$/.test(value)) {
+            throw new E2EEError('protected header key must match [a-z0-9_-]+');
+        }
+        if (value === METADATA_AUTH_FIELD) {
+            throw new E2EEError('protected header key is reserved');
+        }
+        return value;
+    }
+    set(key, value) {
+        this._items[ProtectedHeaders.normalizeKey(key)] = value == null ? '' : String(value);
+        return this;
+    }
+    get(key, defaultValue = null) {
+        const normalized = ProtectedHeaders.normalizeKey(key);
+        return Object.prototype.hasOwnProperty.call(this._items, normalized)
+            ? this._items[normalized]
+            : defaultValue;
+    }
+    remove(key) {
+        delete this._items[ProtectedHeaders.normalizeKey(key)];
+        return this;
+    }
+    toObject() {
+        return { ...this._items };
+    }
+    toJSON() {
+        return this.toObject();
+    }
+    static from(values) {
+        return new ProtectedHeaders(values ?? {});
+    }
+}
 function prekeyCreatedMarker(prekeyData) {
     return Number(prekeyData.created_at ?? prekeyData.updated_at ?? prekeyData.expires_at ?? 0);
 }
@@ -109,18 +162,164 @@ function derToP1363(der, coordLen = 32) {
     result.set(sBytes, coordLen * 2 - sBytes.length);
     return result;
 }
-/** AAD 序列化（排序键、紧凑 JSON） */
-function aadBytesOffline(aad) {
+function canonicalStringify(value) {
+    if (value === null || value === undefined)
+        return 'null';
+    if (Array.isArray(value)) {
+        return `[${value.map(item => canonicalStringify(item)).join(',')}]`;
+    }
+    if (typeof value === 'object') {
+        const record = value;
+        const pairs = Object.keys(record)
+            .sort()
+            .map(key => `${JSON.stringify(key)}:${canonicalStringify(record[key])}`);
+        return `{${pairs.join(',')}}`;
+    }
+    return JSON.stringify(value) ?? 'null';
+}
+function hasOwn(obj, key) {
+    return Object.prototype.hasOwnProperty.call(obj, key);
+}
+function normalizeProtectedHeaders(headers) {
+    if (headers == null)
+        return {};
+    if (headers instanceof ProtectedHeaders) {
+        return headers.toObject();
+    }
+    const toObject = headers.toObject;
+    if (typeof toObject === 'function') {
+        return new ProtectedHeaders(toObject.call(headers)).toObject();
+    }
+    if (typeof headers !== 'object' || Array.isArray(headers)) {
+        throw new E2EEError('protected_headers must be an object');
+    }
+    return new ProtectedHeaders(headers).toObject();
+}
+function metadataBody(metadata) {
+    const body = {};
+    for (const [key, value] of Object.entries(metadata)) {
+        if (key !== METADATA_AUTH_FIELD) {
+            body[key] = value;
+        }
+    }
+    return body;
+}
+async function hmacSha256(key, data) {
+    const hmacKey = await crypto.subtle.importKey('raw', toBufferSource(key), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+    const sig = await crypto.subtle.sign('HMAC', hmacKey, toBufferSource(data));
+    return new Uint8Array(sig);
+}
+async function metadataAuthTag(key, domain, body) {
+    const metadataKey = await hmacSha256(key, METADATA_KEY_DOMAIN);
+    return hmacSha256(metadataKey, concatBytes(domain, new Uint8Array([0]), _encoder.encode(canonicalStringify(body))));
+}
+async function withMetadataAuth(metadata, key, domain) {
+    const body = metadataBody(metadata);
+    if (Object.keys(body).length === 0)
+        return {};
+    const tag = await metadataAuthTag(key, domain, body);
+    return {
+        ...body,
+        [METADATA_AUTH_FIELD]: {
+            alg: METADATA_AUTH_ALG,
+            tag: uint8ToBase64(tag),
+        },
+    };
+}
+function timingSafeEqual(a, b) {
+    if (a.byteLength !== b.byteLength)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.byteLength; i++) {
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}
+async function verifyMetadataAuth(metadata, key, domain) {
+    if (metadata == null)
+        return true;
+    if (typeof metadata !== 'object' || Array.isArray(metadata))
+        return false;
+    const record = metadata;
+    const auth = record[METADATA_AUTH_FIELD];
+    if (!auth || typeof auth !== 'object' || Array.isArray(auth))
+        return false;
+    const authObj = auth;
+    if (authObj.alg !== METADATA_AUTH_ALG)
+        return false;
+    if (typeof authObj.tag !== 'string' || !authObj.tag)
+        return false;
+    const body = metadataBody(record);
+    if (Object.keys(body).length === 0)
+        return false;
+    let actual;
+    try {
+        actual = base64ToUint8(authObj.tag);
+    }
+    catch {
+        return false;
+    }
+    const expected = await metadataAuthTag(key, domain, body);
+    return timingSafeEqual(actual, expected);
+}
+async function verifyEnvelopeMetadataAuth(payload, messageKey) {
+    return await verifyMetadataAuth(payload.protected_headers, messageKey, PROTECTED_HEADERS_DOMAIN)
+        && await verifyMetadataAuth(payload.context, messageKey, PROTECTED_CONTEXT_DOMAIN);
+}
+function normalizeContextMetadata(context) {
+    if (!context || typeof context !== 'object' || Array.isArray(context))
+        return {};
+    return metadataBody(context);
+}
+function exposedEnvelopeMetadata(metadata) {
+    if (!metadata || typeof metadata !== 'object' || Array.isArray(metadata))
+        return undefined;
+    const body = metadataBody(metadata);
+    return Object.keys(body).length > 0 ? body : undefined;
+}
+async function copyOptionalEnvelopeMetadata(envelope, messageKey, opts) {
+    const payloadType = String(opts?.payloadType ?? '').trim();
+    const protectedHeaders = normalizeProtectedHeaders(opts?.protectedHeaders);
+    if (payloadType) {
+        protectedHeaders.payload_type = payloadType;
+    }
+    if (Object.keys(protectedHeaders).length > 0) {
+        envelope.protected_headers = await withMetadataAuth(protectedHeaders, messageKey, PROTECTED_HEADERS_DOMAIN);
+    }
+    const contextMetadata = normalizeContextMetadata(opts?.context);
+    if (Object.keys(contextMetadata).length > 0) {
+        envelope.context = await withMetadataAuth(contextMetadata, messageKey, PROTECTED_CONTEXT_DOMAIN);
+    }
+}
+function aadBytesWithOptionalFields(aad, baseFields) {
     const obj = {};
-    for (const field of AAD_FIELDS_OFFLINE) {
+    for (const field of baseFields) {
         obj[field] = aad[field] ?? null;
     }
-    // 按键排序
-    const sorted = {};
-    for (const key of Object.keys(obj).sort()) {
-        sorted[key] = obj[key];
+    return _encoder.encode(canonicalStringify(obj));
+}
+function validateDecryptedEnvelopeMetadata(decoded, payload, message) {
+    if (payload.protected_headers && typeof payload.protected_headers === 'object' && !Array.isArray(payload.protected_headers)) {
+        const headers = metadataBody(payload.protected_headers);
+        if (hasOwn(headers, 'payload_type')) {
+            if (!decoded || typeof decoded !== 'object' || Array.isArray(decoded))
+                return false;
+            if (String(decoded.type ?? '') !== String(headers.payload_type ?? '')) {
+                return false;
+            }
+        }
+    }
+    if (payload.context && typeof payload.context === 'object' && !Array.isArray(payload.context)) {
+        const protectedContext = metadataBody(payload.context);
+        const outerContext = normalizeContextMetadata(message?.context);
+        if (canonicalStringify(outerContext) !== canonicalStringify(protectedContext))
+            return false;
     }
-    return _encoder.encode(JSON.stringify(sorted));
+    return true;
+}
+/** AAD 序列化（排序键、紧凑 JSON） */
+function aadBytesOffline(aad) {
+    return aadBytesWithOptionalFields(aad, AAD_FIELDS_OFFLINE);
 }
 /** AAD 匹配检查（解密时校验） */
 function aadMatchesOffline(expected, actual) {
@@ -415,6 +614,8 @@ export class E2EEManager {
             prekey: opts.prekey ?? null,
             messageId,
             timestamp,
+            protectedHeaders: opts.protectedHeaders ?? opts.protected_headers ?? opts.headers,
+            context: opts.context ?? null,
         });
     }
     // ── 加密 ──────────────────────────────────────────
@@ -435,7 +636,7 @@ export class E2EEManager {
         }
         if (prekey) {
             try {
-                const envelope = await this._encryptWithPrekey(peerAid, payload, prekey, opts.peerCertPem, opts.messageId, opts.timestamp);
+                const envelope = await this._encryptWithPrekey(peerAid, payload, prekey, opts.peerCertPem, opts.messageId, opts.timestamp, opts.protectedHeaders ?? opts.protected_headers ?? opts.headers, opts.context ?? null);
                 return [envelope, {
                         encrypted: true,
                         forward_secrecy: true,
@@ -447,7 +648,7 @@ export class E2EEManager {
                 console.warn('prekey 加密失败，降级到 long_term_key（无前向保密）:', exc);
             }
         }
-        const envelope = await this._encryptWithLongTermKey(peerAid, payload, opts.peerCertPem, opts.messageId, opts.timestamp);
+        const envelope = await this._encryptWithLongTermKey(peerAid, payload, opts.peerCertPem, opts.messageId, opts.timestamp, opts.protectedHeaders ?? opts.protected_headers ?? opts.headers, opts.context ?? null);
         const degraded = prekey !== null; // 有 prekey 但失败了才算降级
         return [envelope, {
                 encrypted: true,
@@ -466,7 +667,7 @@ export class E2EEManager {
      *   DH3 = ECDH(sender_identity, peer_prekey)    ← 绑定发送方身份
      *   DH4 = ECDH(sender_identity, peer_identity)   ← 双方身份互绑
      */
-    async _encryptWithPrekey(peerAid, payload, prekey, peerCertPem, messageId, timestamp) {
+    async _encryptWithPrekey(peerAid, payload, prekey, peerCertPem, messageId, timestamp, protectedHeaders, context) {
         // 导入对方 identity 公钥（ECDSA 用于验签，ECDH 用于密钥交换）
         const peerIdentityEcdsa = await importCertPublicKeyEcdsa(peerCertPem);
         const peerIdentityEcdh = await importCertPublicKeyEcdh(peerCertPem);
@@ -529,8 +730,6 @@ export class E2EEManager {
             sender_cert_fingerprint: senderFingerprint,
             prekey_id: prekeyId,
         };
-        const aadBytes = aadBytesOffline(aad);
-        const [ciphertext, tag] = await aesGcmEncrypt(messageKey, nonce, plaintext, aadBytes);
         const envelope = {
             type: 'e2ee.encrypted',
             version: '1',
@@ -538,11 +737,18 @@ export class E2EEManager {
             suite: SUITE,
             prekey_id: prekeyId,
             ephemeral_public_key: ephPkB64,
-            nonce: uint8ToBase64(nonce),
-            ciphertext: uint8ToBase64(ciphertext),
-            tag: uint8ToBase64(tag),
-            aad,
         };
+        await copyOptionalEnvelopeMetadata(envelope, messageKey, {
+            payloadType: payload.type,
+            protectedHeaders,
+            context,
+        });
+        const aadBytes = aadBytesOffline(aad);
+        const [ciphertext, tag] = await aesGcmEncrypt(messageKey, nonce, plaintext, aadBytes);
+        envelope.nonce = uint8ToBase64(nonce);
+        envelope.ciphertext = uint8ToBase64(ciphertext);
+        envelope.tag = uint8ToBase64(tag);
+        envelope.aad = aad;
         // 发送方签名：对 ciphertext + tag + aad_bytes 签名（不可否认性）
         const signPayload = concatBytes(ciphertext, tag, aadBytes);
         const sig = await ecdsaSignDer(senderSignKey, signPayload);
@@ -557,7 +763,7 @@ export class E2EEManager {
      *   DH1 = ECDH(ephemeral, peer_identity)     ← 前向保密（每消息）
      *   DH2 = ECDH(sender_identity, peer_identity) ← 绑定双方身份
      */
-    async _encryptWithLongTermKey(peerAid, payload, peerCertPem, messageId, timestamp) {
+    async _encryptWithLongTermKey(peerAid, payload, peerCertPem, messageId, timestamp, protectedHeaders, context) {
         const peerIdentityEcdh = await importCertPublicKeyEcdh(peerCertPem);
         const senderIdentityEcdhKey = await this._loadSenderIdentityPrivateEcdh();
         const senderSignKey = await this._loadSenderIdentityPrivateEcdsa();
@@ -587,19 +793,24 @@ export class E2EEManager {
             recipient_cert_fingerprint: recipientFingerprint,
             sender_cert_fingerprint: senderFingerprint,
         };
-        const aadBytes = aadBytesOffline(aad);
-        const [ciphertext, tag] = await aesGcmEncrypt(messageKey, nonce, plaintext, aadBytes);
         const envelope = {
             type: 'e2ee.encrypted',
             version: '1',
             encryption_mode: MODE_LONG_TERM_KEY,
             suite: SUITE,
             ephemeral_public_key: ephPkB64,
-            nonce: uint8ToBase64(nonce),
-            ciphertext: uint8ToBase64(ciphertext),
-            tag: uint8ToBase64(tag),
-            aad,
         };
+        await copyOptionalEnvelopeMetadata(envelope, messageKey, {
+            payloadType: payload.type,
+            protectedHeaders,
+            context,
+        });
+        const aadBytes = aadBytesOffline(aad);
+        const [ciphertext, tag] = await aesGcmEncrypt(messageKey, nonce, plaintext, aadBytes);
+        envelope.nonce = uint8ToBase64(nonce);
+        envelope.ciphertext = uint8ToBase64(ciphertext);
+        envelope.tag = uint8ToBase64(tag);
+        envelope.aad = aad;
         // 发送方签名（不可否认性）
         const signPayload = concatBytes(ciphertext, tag, aadBytes);
         const sig = await ecdsaSignDer(senderSignKey, signPayload);
@@ -783,17 +994,30 @@ export class E2EEManager {
             else {
                 aadBytes = new Uint8Array(0);
             }
+            if (!await verifyEnvelopeMetadataAuth(payload, messageKey)) {
+                throw new E2EEDecryptFailedError('envelope metadata auth failed');
+            }
             const plaintext = await aesGcmDecrypt(messageKey, nonce, ciphertext, tag, aadBytes);
             const decoded = JSON.parse(_decoder.decode(plaintext));
+            if (!validateDecryptedEnvelopeMetadata(decoded, payload, message)) {
+                throw new E2EEDecryptFailedError('envelope metadata mismatch');
+            }
+            const e2ee = {
+                encryption_mode: MODE_PREKEY_ECDH_V2,
+                suite: payload.suite ?? SUITE,
+                prekey_id: prekeyId,
+            };
+            const protectedHeaders = exposedEnvelopeMetadata(payload.protected_headers);
+            if (protectedHeaders)
+                e2ee.protected_headers = protectedHeaders;
+            const context = exposedEnvelopeMetadata(payload.context);
+            if (context)
+                e2ee.context = context;
             return {
                 ...message,
                 payload: decoded,
                 encrypted: true,
-                e2ee: {
-                    encryption_mode: MODE_PREKEY_ECDH_V2,
-                    suite: payload.suite ?? SUITE,
-                    prekey_id: prekeyId,
-                },
+                e2ee,
             };
         }
         catch (exc) {
@@ -849,16 +1073,29 @@ export class E2EEManager {
             else {
                 aadBytes = new Uint8Array(0);
             }
+            if (!await verifyEnvelopeMetadataAuth(payload, messageKey)) {
+                throw new E2EEDecryptFailedError('envelope metadata auth failed');
+            }
             const plaintext = await aesGcmDecrypt(messageKey, nonce, ciphertext, tag, aadBytes);
             const decoded = JSON.parse(_decoder.decode(plaintext));
+            if (!validateDecryptedEnvelopeMetadata(decoded, payload, message)) {
+                throw new E2EEDecryptFailedError('envelope metadata mismatch');
+            }
+            const e2ee = {
+                encryption_mode: MODE_LONG_TERM_KEY,
+                suite: payload.suite,
+            };
+            const protectedHeaders = exposedEnvelopeMetadata(payload.protected_headers);
+            if (protectedHeaders)
+                e2ee.protected_headers = protectedHeaders;
+            const context = exposedEnvelopeMetadata(payload.context);
+            if (context)
+                e2ee.context = context;
             return {
                 ...message,
                 payload: decoded,
                 encrypted: true,
-                e2ee: {
-                    encryption_mode: MODE_LONG_TERM_KEY,
-                    suite: payload.suite,
-                },
+                e2ee,
             };
         }
         catch (exc) {