@agentunion/fastaun 0.3.5 → 0.3.6

package/dist/client.d.ts

@@ -411,6 +411,7 @@ export declare class AUNClient {
         skipAutoAck?: boolean;
         gateLocked?: boolean;
         scheduleFollowup?: boolean;
+        force?: boolean;
     }): Promise<Array<Record<string, unknown>>>;
     /** V2 P2P ack，并触发旧 SPK 销毁自检。 */
     ackV2(upToSeq?: number): Promise<unknown>;
@@ -437,6 +438,15 @@ export declare class AUNClient {
     private _attachV2EnvelopeMetadata;
     private _attachV2EnvelopeMetadataFromSource;
     private _extractV2EnvelopeFromSource;
+    private _truthyBool;
+    private _encryptedPushEnvelope;
+    private _isEncryptedPushMessage;
+    private _isEncryptedEnvelopePayload;
+    private _isV2EncryptedEnvelopePayload;
+    private _safeUndecryptablePushEvent;
+    private _decryptEncryptedPushPayload;
+    private _publishEncryptedPushAsUndecryptable;
+    private _publishEncryptedPushMessage;
     private _metadataWithoutAuth;
     private _putMessageThoughtEncryptedV2;
     private _putGroupThoughtEncryptedV2;

package/dist/client.js

@@ -1493,11 +1493,12 @@ export class AUNClient {
             if (method === 'message.pull' || method === 'message.v2.pull') {
                 await this._ensureV2SessionReady('message.pull');
                 const skipAutoAck = p._skip_auto_ack === true || p.skip_auto_ack === true;
+                const force = p.force === true;
                 const afterSeq = Number(p.after_seq ?? 0) || 0;
                 const limit = Number(p.limit ?? 50) || 50;
                 const messages = skipAutoAck
-                    ? await runWithRpcPriority(() => this.pullV2(afterSeq, limit, { skipAutoAck: true, gateLocked: true }))
-                    : await runWithRpcPriority(() => this.pullV2(afterSeq, limit, { gateLocked: true }));
+                    ? await runWithRpcPriority(() => this.pullV2(afterSeq, limit, { skipAutoAck: true, gateLocked: true, force }))
+                    : await runWithRpcPriority(() => this.pullV2(afterSeq, limit, { gateLocked: true, force }));
                 return { messages };
             }
             if (method === 'message.ack' || method === 'message.v2.ack') {
@@ -1762,6 +1763,7 @@ export class AUNClient {
             this._clientLog.debug(`P2P push filtered by instance: message_id=${String(msg.message_id ?? '')}, seq=${String(msg.seq ?? '')}, target_device=${String(msg.device_id ?? '')}, target_slot=${String(msg.slot_id ?? '')}, local_device=${this._deviceId}, local_slot=${this._slotId}`);
             return;
         }
+        const encryptedPush = this._isEncryptedPushMessage(msg);
         // P2P 空洞检测
         const seq = msg.seq;
         if (seq !== undefined && seq !== null && this._aid) {
@@ -1770,7 +1772,9 @@ export class AUNClient {
             if (seq > 0)
                 this._seqTracker.updateMaxSeen(ns, seq);
             const contigBefore = this._seqTracker.getContiguousSeq(ns);
-            const published = await this._publishOrderedMessage('message.received', ns, seq, msg);
+            const published = encryptedPush
+                ? await this._publishEncryptedPushMessage('message.received', 'message.undecryptable', ns, seq, msg, false)
+                : await this._publishOrderedMessage('message.received', ns, seq, msg);
             const contigAfter = this._seqTracker.getContiguousSeq(ns);
             const needPull = Number(seq) > contigAfter && !published;
             if (needPull) {
@@ -1790,8 +1794,14 @@ export class AUNClient {
             // 即时持久化 cursor，异常断连后不回退
             if (contigAfter !== contigBefore)
                 this._saveSeqTrackerState();
+            if (encryptedPush)
+                return;
         }
         else {
+            if (encryptedPush) {
+                await this._publishEncryptedPushMessage('message.received', 'message.undecryptable', '', seq ?? 0, msg, false);
+                return;
+            }
             // V2-only：普通 _raw.message.received 只承载明文；V2 密文由 peer.v2.message_received 通知触发 pull。
             await this._publishAppEvent('message.received', msg, 'push');
         }
@@ -1850,13 +1860,16 @@ export class AUNClient {
             });
             return;
         }
+        const encryptedPush = this._isEncryptedPushMessage(msg);
         if (groupId && seq !== undefined && seq !== null) {
             const ns = `group:${groupId}`;
             // Push 只先更新 maxSeenSeq；contiguous_seq 是已交付游标，必须等应用层发布返回后再推进。
             if (seq > 0)
                 this._seqTracker.updateMaxSeen(ns, seq);
             const contigBefore = this._seqTracker.getContiguousSeq(ns);
-            const published = await this._publishOrderedMessage('group.message_created', ns, seq, msg);
+            const published = encryptedPush
+                ? await this._publishEncryptedPushMessage('group.message_created', 'group.message_undecryptable', ns, seq, msg, true)
+                : await this._publishOrderedMessage('group.message_created', ns, seq, msg);
             const contigAfter = this._seqTracker.getContiguousSeq(ns);
             const needPull = Number(seq) > contigAfter && !published;
             if (needPull) {
@@ -1874,8 +1887,14 @@ export class AUNClient {
             }
             if (contigAfter !== contigBefore)
                 this._saveSeqTrackerState();
+            if (encryptedPush)
+                return;
         }
         else {
+            if (encryptedPush) {
+                await this._publishEncryptedPushMessage('group.message_created', 'group.message_undecryptable', '', seq ?? 0, msg, true);
+                return;
+            }
             // V2-only：普通 group.message_created 只承载明文；V2 密文由 group.v2.message_created 通知触发 pull。
             await this._publishAppEvent('group.message_created', msg, 'group-push');
         }
@@ -3749,6 +3768,27 @@ export class AUNClient {
                 identity = null;
             }
         }
+        if (!identity?.private_key_pem) {
+            // fallback：缓存的 identity 可能被 instanceState 污染，重新从 keystore 加载
+            try {
+                identity = this._keystore.loadIdentity(this._aid);
+                if (identity?.private_key_pem) {
+                    this._identity = identity;
+                    this._clientLog.warn('V2 session init: identity cache was stale, reloaded from keystore');
+                    // 重新持久化 instance_state，清理脏数据
+                    const persistIdentity = this._auth._persistIdentity;
+                    if (typeof persistIdentity === 'function') {
+                        try {
+                            persistIdentity.call(this._auth, identity);
+                        }
+                        catch { /* best-effort */ }
+                    }
+                }
+            }
+            catch {
+                identity = null;
+            }
+        }
         if (!identity?.private_key_pem) {
             this._clientLog.warn('V2 session init skipped: no AID private key');
             return;
@@ -4212,7 +4252,7 @@ export class AUNClient {
         }
         const decrypted = [];
         let totalRawCount = 0;
-        let nextAfterSeq = afterSeq || (ns ? this._seqTracker.getContiguousSeq(ns) : 0);
+        let nextAfterSeq = opts?.force ? afterSeq : (afterSeq || (ns ? this._seqTracker.getContiguousSeq(ns) : 0));
         let pageCount = 0;
         const maxPages = 100;
         while (pageCount < maxPages) {
@@ -4221,6 +4261,7 @@ export class AUNClient {
             const result = await this._callRawV2Rpc('message.v2.pull', {
                 after_seq: nextAfterSeq,
                 limit,
+                ...(opts?.force ? { force: true } : {}),
             });
             const messages = (Array.isArray(result?.messages) ? result.messages : []);
             totalRawCount += messages.length;
@@ -4887,6 +4928,12 @@ export class AUNClient {
             encrypted: true,
             e2ee,
         };
+        const explicitDirection = String(msg.direction ?? '').trim();
+        result.direction = explicitDirection || (fromAid && fromAid === this._aid ? 'outbound_sync' : 'inbound');
+        if (msg.device_id !== undefined)
+            result.device_id = msg.device_id;
+        if (msg.slot_id !== undefined)
+            result.slot_id = msg.slot_id;
         this._attachV2EnvelopeMetadata(result, e2ee);
         this._logMessageDebug('decrypt-ok', 'v2.decrypt', groupIdForKeys ? 'group.message_created' : 'message.received', result);
         return result;
@@ -4953,6 +5000,146 @@ export class AUNClient {
         }
         return null;
     }
+    _truthyBool(value) {
+        if (value === true || value === 1)
+            return true;
+        if (typeof value === 'string') {
+            const normalized = value.trim().toLowerCase();
+            return normalized === 'true' || normalized === '1' || normalized === 'yes' || normalized === 'on';
+        }
+        return false;
+    }
+    _encryptedPushEnvelope(msg) {
+        const payload = msg.payload;
+        if (this._isEncryptedEnvelopePayload(payload))
+            return payload;
+        if (typeof msg.envelope_json === 'string' && msg.envelope_json.trim()) {
+            try {
+                const parsed = JSON.parse(msg.envelope_json);
+                if (this._isEncryptedEnvelopePayload(parsed))
+                    return parsed;
+            }
+            catch {
+                return null;
+            }
+        }
+        return null;
+    }
+    _isEncryptedPushMessage(msg) {
+        if (this._truthyBool(msg.encrypted))
+            return true;
+        return this._encryptedPushEnvelope(msg) !== null;
+    }
+    _isEncryptedEnvelopePayload(payload) {
+        if (!isJsonObject(payload))
+            return false;
+        const envelope = payload;
+        const payloadType = String(envelope.type ?? '').trim();
+        if (payloadType.startsWith('e2ee.'))
+            return true;
+        if (!String(envelope.ciphertext ?? '').trim())
+            return false;
+        return envelope.nonce !== undefined
+            || envelope.tag !== undefined
+            || envelope.recipient !== undefined
+            || envelope.recipients !== undefined
+            || envelope.wrapped_key !== undefined
+            || envelope.recipients_digest !== undefined;
+    }
+    _isV2EncryptedEnvelopePayload(envelope) {
+        if (!envelope)
+            return false;
+        const payloadType = String(envelope.type ?? '').trim();
+        if (payloadType === 'e2ee.p2p_encrypted' || payloadType === 'e2ee.group_encrypted')
+            return true;
+        return String(envelope.version ?? '').trim().toLowerCase() === 'v2' && payloadType.startsWith('e2ee.');
+    }
+    _safeUndecryptablePushEvent(msg, group) {
+        const event = {
+            message_id: msg.message_id,
+            from: msg.from,
+            seq: msg.seq,
+            timestamp: (msg.timestamp ?? msg.t_server),
+            device_id: msg.device_id,
+            slot_id: msg.slot_id,
+            _decrypt_error: 'encrypted push payload is not decryptable on raw push path',
+            _decrypt_stage: 'push_envelope',
+        };
+        if (group) {
+            event.group_id = msg.group_id;
+        }
+        else {
+            event.to = msg.to;
+        }
+        const envelope = this._encryptedPushEnvelope(msg);
+        if (envelope) {
+            event._envelope_type = String(envelope.type ?? '');
+            event._suite = String(envelope.suite ?? '');
+            if (this._isV2EncryptedEnvelopePayload(envelope)) {
+                this._attachV2EnvelopeMetadata(event, this._v2E2eeMeta(envelope));
+            }
+        }
+        return event;
+    }
+    async _decryptEncryptedPushPayload(msg, group) {
+        const envelope = this._encryptedPushEnvelope(msg);
+        if (!this._isV2EncryptedEnvelopePayload(envelope))
+            return null;
+        const aad = isJsonObject(envelope.aad) ? envelope.aad : {};
+        const fromAid = String(msg.from_aid ?? msg.from ?? msg.sender_aid ?? aad.from ?? '').trim();
+        const plaintext = await this._decryptV2EnvelopeForThought({ envelope, fromAid });
+        if (!plaintext)
+            return null;
+        const e2ee = this._v2E2eeMeta(envelope);
+        const result = {
+            message_id: String(msg.message_id ?? ''),
+            from: fromAid,
+            seq: msg.seq,
+            timestamp: (msg.t_server ?? msg.timestamp),
+            payload: plaintext,
+            encrypted: true,
+            e2ee,
+        };
+        result.direction = fromAid && fromAid === this._aid ? 'outbound_sync' : 'inbound';
+        if (msg.t_server !== undefined)
+            result.t_server = msg.t_server;
+        if (msg.device_id !== undefined)
+            result.device_id = msg.device_id;
+        if (msg.slot_id !== undefined)
+            result.slot_id = msg.slot_id;
+        if (group) {
+            result.group_id = (msg.group_id ?? aad.group_id ?? envelope.group_id);
+        }
+        else {
+            result.to = (msg.to ?? this._aid ?? '');
+        }
+        this._attachV2EnvelopeMetadata(result, e2ee);
+        this._logMessageDebug('decrypt-ok', 'push.encrypted', group ? 'group.message_created' : 'message.received', result);
+        return result;
+    }
+    async _publishEncryptedPushAsUndecryptable(event, ns, seq, msg, group) {
+        const safeEvent = this._safeUndecryptablePushEvent(msg, group);
+        this._logMessageDebug('decrypt-fail', 'push.encrypted', event, safeEvent);
+        if (ns) {
+            return await this._publishOrderedMessage(event, ns, seq, safeEvent);
+        }
+        const published = this._publishAppEvent(event, safeEvent, 'push');
+        if (isPromiseLike(published))
+            await published;
+        return true;
+    }
+    async _publishEncryptedPushMessage(normalEvent, undecryptableEvent, ns, seq, msg, group) {
+        const decrypted = await this._decryptEncryptedPushPayload(msg, group);
+        if (decrypted) {
+            if (ns)
+                return await this._publishOrderedMessage(normalEvent, ns, seq, decrypted);
+            const published = this._publishAppEvent(normalEvent, decrypted, 'push');
+            if (isPromiseLike(published))
+                await published;
+            return true;
+        }
+        return await this._publishEncryptedPushAsUndecryptable(undecryptableEvent, ns, seq, msg, group);
+    }
     _metadataWithoutAuth(value) {
         const candidate = value;
         if (!isJsonObject(candidate))