npm - @agentvault/agentvault - Versions diffs - 0.19.57 → 0.19.59 - Mend

@agentvault/agentvault 0.19.57 → 0.19.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/dist/_cp.d.ts +10 -0
package/dist/_cp.d.ts.map +1 -0
package/dist/account-config.d.ts +20 -0
package/dist/account-config.d.ts.map +1 -0
package/dist/channel.d.ts +389 -0
package/dist/channel.d.ts.map +1 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +47 -416
package/dist/cli.js.map +2 -2
package/dist/create-agent.d.ts +28 -0
package/dist/create-agent.d.ts.map +1 -0
package/dist/credential-store.d.ts +62 -0
package/dist/credential-store.d.ts.map +1 -0
package/dist/crypto-helpers.d.ts +2 -0
package/dist/crypto-helpers.d.ts.map +1 -0
package/dist/doctor.d.ts +41 -0
package/dist/doctor.d.ts.map +1 -0
package/dist/fetch-interceptor.d.ts +32 -0
package/dist/fetch-interceptor.d.ts.map +1 -0
package/dist/gateway-send.d.ts +98 -0
package/dist/gateway-send.d.ts.map +1 -0
package/dist/http-handlers.d.ts +53 -0
package/dist/http-handlers.d.ts.map +1 -0
package/dist/index.d.ts +27 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +47 -416
package/dist/index.js.map +2 -2
package/dist/mcp-handlers.d.ts +26 -0
package/dist/mcp-handlers.d.ts.map +1 -0
package/dist/mcp-proxy-helpers.d.ts +9 -0
package/dist/mcp-proxy-helpers.d.ts.map +1 -0
package/dist/mcp-server.d.ts +91 -0
package/dist/mcp-server.d.ts.map +1 -0
package/dist/mls-state.d.ts +16 -0
package/dist/mls-state.d.ts.map +1 -0
package/dist/openclaw-compat.d.ts +33 -0
package/dist/openclaw-compat.d.ts.map +1 -0
package/dist/openclaw-entry.d.ts +32 -0
package/dist/openclaw-entry.d.ts.map +1 -0
package/dist/openclaw-plugin.d.ts +102 -0
package/dist/openclaw-plugin.d.ts.map +1 -0
package/dist/openclaw-types.d.ts +186 -0
package/dist/openclaw-types.d.ts.map +1 -0
package/dist/policy-enforcer.d.ts +78 -0
package/dist/policy-enforcer.d.ts.map +1 -0
package/dist/setup.d.ts +27 -0
package/dist/setup.d.ts.map +1 -0
package/dist/skill-invoker.d.ts +30 -0
package/dist/skill-invoker.d.ts.map +1 -0
package/dist/skill-manifest.d.ts +30 -0
package/dist/skill-manifest.d.ts.map +1 -0
package/dist/skill-telemetry.d.ts +36 -0
package/dist/skill-telemetry.d.ts.map +1 -0
package/dist/skills-publish.d.ts +8 -0
package/dist/skills-publish.d.ts.map +1 -0
package/dist/state.d.ts +32 -0
package/dist/state.d.ts.map +1 -0
package/dist/transport.d.ts +24 -0
package/dist/transport.d.ts.map +1 -0
package/dist/types.d.ts +421 -0
package/dist/types.d.ts.map +1 -0
package/dist/workspace-handlers.d.ts +62 -0
package/dist/workspace-handlers.d.ts.map +1 -0
package/openclaw.plugin.json +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -62647,6 +62647,24 @@ var init_channel = __esm({
           if (this._persisted.seenA2AMessageIds) {
             this._a2aSeenMessageIds = new Set(this._persisted.seenA2AMessageIds.slice(-_SecureChannel.A2A_SEEN_MAX));
           }
+          if (this._persisted?.rooms) {
+            const roomConvIds = /* @__PURE__ */ new Set();
+            for (const room of Object.values(this._persisted.rooms)) {
+              for (const cid of room.conversationIds || []) {
+                roomConvIds.add(cid);
+              }
+            }
+            let cleanedCount = 0;
+            for (const cid of roomConvIds) {
+              if (this._persisted.sessions[cid]) {
+                delete this._persisted.sessions[cid];
+                cleanedCount++;
+              }
+            }
+            if (cleanedCount > 0) {
+              console.log(`[SecureChannel] Cleaned ${cleanedCount} stale DR room sessions`);
+            }
+          }
           for (const [convId, sessionData] of Object.entries(
             this._persisted.sessions
           )) {
@@ -63019,98 +63037,34 @@ var init_channel = __esm({
       }
       // --- Multi-agent room methods ---
       /**
-       * Join a room by performing X3DH key exchange with each member
-       * for the pairwise conversations involving this device.
+       * Join a room by collecting pairwise conversation IDs involving this device.
+       * Encryption is handled by MLS group operations, not per-member DR sessions.
        */
       async joinRoom(roomData) {
         if (!this._persisted) {
           throw new Error("Channel not initialized");
         }
         await libsodium_wrappers_default.ready;
-        if (roomData.forceRekey) {
-          let cleared = 0;
-          const existingRoom = this._persisted.rooms?.[roomData.roomId];
-          if (existingRoom) {
-            for (const convId of existingRoom.conversationIds) {
-              if (this._sessions.has(convId)) {
-                this._sessions.delete(convId);
-                cleared++;
-              }
-              delete this._persisted.sessions[convId];
-            }
-          }
-          if (this._persisted) {
-            this._persisted.lastMessageTimestamp = (/* @__PURE__ */ new Date()).toISOString();
-          }
-          console.log(
-            `[SecureChannel] Force rekey: cleared ${cleared} sessions for room ${roomData.roomId.slice(0, 8)}...`
-          );
-        }
-        const identity = this._persisted.identityKeypair;
-        const ephemeral = this._persisted.ephemeralKeypair;
         const myDeviceId = this._deviceId;
         const conversationIds = [];
         for (const conv of roomData.conversations) {
           if (conv.participantA !== myDeviceId && conv.participantB !== myDeviceId) {
             continue;
           }
-          if (this._sessions.has(conv.id)) {
-            conversationIds.push(conv.id);
-            continue;
-          }
-          const otherDeviceId = conv.participantA === myDeviceId ? conv.participantB : conv.participantA;
-          const otherMember = roomData.members.find((m2) => m2.deviceId === otherDeviceId);
-          if (!otherMember?.identityPublicKey) {
-            console.warn(
-              `[SecureChannel] No public key for member ${otherDeviceId.slice(0, 8)}..., skipping`
-            );
-            continue;
-          }
-          const isInitiator = myDeviceId < otherDeviceId;
-          const theirEphKey = otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey;
-          const sharedSecret = performX3DH({
-            myIdentityPrivate: hexToBytes(identity.privateKey),
-            myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
-            theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
-            theirEphemeralPublic: hexToBytes(theirEphKey),
-            isInitiator
-          });
-          const peerIdentityPub = hexToBytes(otherMember.identityPublicKey);
-          const ratchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
-            publicKey: hexToBytes(identity.publicKey),
-            privateKey: hexToBytes(identity.privateKey),
-            keyType: "ed25519"
-          }, peerIdentityPub) : DoubleRatchet.initReceiver(sharedSecret, {
-            publicKey: hexToBytes(identity.publicKey),
-            privateKey: hexToBytes(identity.privateKey),
-            keyType: "ed25519"
-          }, peerIdentityPub);
-          this._sessions.set(conv.id, {
-            ownerDeviceId: otherDeviceId,
-            ratchet,
-            activated: isInitiator,
-            // initiator can send immediately
-            epoch: 1
-          });
-          this._persisted.sessions[conv.id] = {
-            ownerDeviceId: otherDeviceId,
-            ratchetState: ratchet.serialize(),
-            activated: isInitiator,
-            epoch: 1
-          };
           conversationIds.push(conv.id);
-          console.log(
-            `[SecureChannel] Room session initialized: conv ${conv.id.slice(0, 8)}... with ${otherDeviceId.slice(0, 8)}... (initiator=${isInitiator})`
-          );
         }
         if (!this._persisted.rooms) {
           this._persisted.rooms = {};
         }
+        const existingMlsGroupId = this._persisted.rooms[roomData.roomId]?.mlsGroupId;
+        const existingMlsTs = this._persisted.rooms[roomData.roomId]?.lastMlsMessageTs;
         this._persisted.rooms[roomData.roomId] = {
           roomId: roomData.roomId,
           name: roomData.name,
           conversationIds,
-          members: roomData.members
+          members: roomData.members,
+          ...existingMlsGroupId && { mlsGroupId: existingMlsGroupId },
+          ...existingMlsTs && { lastMlsMessageTs: existingMlsTs }
         };
         const mlsRoom = this._persisted.rooms[roomData.roomId];
         if (mlsRoom.mlsGroupId && !roomData.forceRekey) {
@@ -63193,68 +63147,15 @@ var init_channel = __esm({
               }
               return;
             } catch (mlsErr) {
-              console.warn(`[SecureChannel] MLS encrypt failed for room ${roomId.slice(0, 8)}, falling through to legacy:`, mlsErr);
-            }
-          }
-        }
-        const recipients = [];
-        for (const convId of room.conversationIds) {
-          const session = this._sessions.get(convId);
-          if (!session) {
-            console.warn(`[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., skipping`);
-            continue;
-          }
-          const encrypted = session.ratchet.encrypt(plaintext);
-          const transport = encryptedMessageToTransport(encrypted);
-          recipients.push({
-            device_id: session.ownerDeviceId,
-            header_blob: transport.header_blob,
-            ciphertext: transport.ciphertext
-          });
-        }
-        if (recipients.length === 0) {
-          throw new Error("No active sessions in room");
-        }
-        await this._persistState();
-        if (this._state === "ready" && this._ws) {
-          this._ws.send(
-            JSON.stringify({
-              event: "room_message",
-              data: {
-                room_id: roomId,
-                recipients,
-                message_type: messageType,
-                priority: opts?.priority ?? "normal",
-                metadata: opts?.metadata
-              }
-            })
-          );
-        } else {
-          try {
-            const res = await fetch(
-              `${this.config.apiUrl}/api/v1/rooms/${roomId}/messages`,
-              {
-                method: "POST",
-                headers: {
-                  "Content-Type": "application/json",
-                  Authorization: `Bearer ${this._deviceJwt}`
-                },
-                body: JSON.stringify({
-                  recipients,
-                  message_type: messageType,
-                  priority: opts?.priority ?? "normal",
-                  metadata: opts?.metadata
-                })
-              }
-            );
-            if (!res.ok) {
-              const detail = await res.text();
-              throw new Error(`Room message failed (${res.status}): ${detail}`);
+              throw new Error(
+                `MLS encrypt failed for room ${roomId.slice(0, 8)}... \u2014 MLS group must be initialized before sending. Error: ${mlsErr}`
+              );
             }
-          } catch (err) {
-            throw new Error(`Failed to send room message: ${err}`);
           }
         }
+        throw new Error(
+          `Room ${roomId.slice(0, 8)}... has no initialized MLS group. MLS initialization must complete before messages can be sent.`
+        );
       }
       /**
        * Leave a room: remove sessions and persisted room state.
@@ -65414,250 +65315,8 @@ ${messageText}`;
           this.emit("error", err);
         }
       }
-      /**
-       * Send a resync_request for a room conversation if the cooldown has elapsed.
-       * Shared by all room ratchet failure paths to avoid code duplication.
-       */
-      _sendRoomResyncIfCooled(convId, reason, session) {
-        const RESYNC_COOLDOWN_MS = 5 * 60 * 1e3;
-        const lastResync = this._lastResyncRequest.get(convId) ?? 0;
-        if (Date.now() - lastResync > RESYNC_COOLDOWN_MS && this._ws && this._persisted) {
-          this._lastResyncRequest.set(convId, Date.now());
-          this._ws.send(
-            JSON.stringify({
-              event: "resync_request",
-              data: {
-                conversation_id: convId,
-                reason,
-                identity_public_key: this._persisted.identityKeypair.publicKey,
-                ephemeral_public_key: this._persisted.ephemeralKeypair.publicKey,
-                epoch: session?.epoch
-              }
-            })
-          );
-          console.log(
-            `[SecureChannel] Room resync requested for conv ${convId.slice(0, 8)} (${reason})`
-          );
-        }
-      }
-      /**
-       * Handle an incoming room message (pairwise path — used by sync replay and pairwise room fallback).
-       * Finds the pairwise conversation for the sender, decrypts, and emits a room_message event.
-       */
-      async _handleRoomMessage(msgData) {
-        if (msgData.sender_device_id === this._deviceId) return;
-        this._lastInboundRoomId = msgData.room_id;
-        const convId = msgData.conversation_id ?? this._findConversationForSender(msgData.sender_device_id, msgData.room_id);
-        if (!convId) {
-          console.warn(
-            `[SecureChannel] No conversation found for sender ${msgData.sender_device_id.slice(0, 8)}... in room ${msgData.room_id}`
-          );
-          return;
-        }
-        let session = this._sessions.get(convId);
-        if (!session) {
-          console.warn(
-            `[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., fetching room data`
-          );
-          try {
-            const roomRes = await fetch(
-              `${this.config.apiUrl}/api/v1/rooms/${msgData.room_id}`,
-              {
-                headers: {
-                  Authorization: `Bearer ${this._persisted.deviceJwt}`
-                }
-              }
-            );
-            if (roomRes.ok) {
-              const roomData = await roomRes.json();
-              await this.joinRoom({
-                roomId: roomData.id,
-                name: roomData.name,
-                members: (roomData.members || []).map((m2) => ({
-                  deviceId: m2.device_id,
-                  entityType: m2.entity_type,
-                  displayName: m2.display_name,
-                  identityPublicKey: m2.identity_public_key,
-                  ephemeralPublicKey: m2.ephemeral_public_key
-                })),
-                conversations: (roomData.conversations || []).map((c2) => ({
-                  id: c2.id,
-                  participantA: c2.participant_a,
-                  participantB: c2.participant_b
-                }))
-              });
-              session = this._sessions.get(convId);
-            }
-          } catch (fetchErr) {
-            console.error(
-              `[SecureChannel] Failed to fetch room data for ${msgData.room_id}:`,
-              fetchErr
-            );
-          }
-          if (!session) {
-            console.warn(
-              `[SecureChannel] Still no session for room conv ${convId.slice(0, 8)}... after refresh, skipping`
-            );
-            return;
-          }
-        }
-        const encrypted = transportToEncryptedMessage({
-          header_blob: msgData.header_blob,
-          ciphertext: msgData.ciphertext
-        });
-        let plaintext;
-        const ratchetSnapshot = session.ratchet.serialize();
-        try {
-          plaintext = session.ratchet.decrypt(encrypted);
-        } catch (decryptErr) {
-          try {
-            session.ratchet = DoubleRatchet.deserialize(ratchetSnapshot);
-          } catch {
-          }
-          console.warn(
-            `[SecureChannel] Room decrypt failed for conv ${convId.slice(0, 8)}...: ${String(decryptErr)}, re-initializing ratchet`
-          );
-          try {
-            const roomEntry = this._persisted?.rooms ? Object.values(this._persisted.rooms).find(
-              (r2) => r2.conversationIds.includes(convId)
-            ) : null;
-            if (!roomEntry) throw new Error("Room not found for conversation");
-            const otherMember = roomEntry.members.find(
-              (m2) => m2.deviceId === msgData.sender_device_id
-            );
-            if (!otherMember?.identityPublicKey) throw new Error("No key for sender");
-            const isInitiator = this._deviceId < msgData.sender_device_id;
-            const identity = this._persisted.identityKeypair;
-            const ephemeral = this._persisted.ephemeralKeypair;
-            const sharedSecret = performX3DH({
-              myIdentityPrivate: hexToBytes(identity.privateKey),
-              myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
-              theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
-              theirEphemeralPublic: hexToBytes(
-                otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
-              ),
-              isInitiator
-            });
-            const peerIdPub = hexToBytes(otherMember.identityPublicKey);
-            const newRatchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
-              publicKey: hexToBytes(identity.publicKey),
-              privateKey: hexToBytes(identity.privateKey),
-              keyType: "ed25519"
-            }, peerIdPub) : DoubleRatchet.initReceiver(sharedSecret, {
-              publicKey: hexToBytes(identity.publicKey),
-              privateKey: hexToBytes(identity.privateKey),
-              keyType: "ed25519"
-            }, peerIdPub);
-            session.ratchet = newRatchet;
-            session.activated = false;
-            this._persisted.sessions[convId] = {
-              ownerDeviceId: session.ownerDeviceId,
-              ratchetState: newRatchet.serialize(),
-              activated: false
-            };
-            await this._persistState();
-            console.log(
-              `[SecureChannel] Room ratchet re-initialized for conv ${convId.slice(0, 8)}...`
-            );
-            const incomingMsgNum = encrypted.header.messageNumber;
-            if (incomingMsgNum <= 5) {
-              try {
-                plaintext = session.ratchet.decrypt(encrypted);
-                session.activated = true;
-                if (this._persisted.sessions[convId]) {
-                  this._persisted.sessions[convId].activated = true;
-                }
-                await this._persistState();
-                console.log(
-                  `[SecureChannel] Room session ${convId.slice(0, 8)}... re-activated after ratchet re-init`
-                );
-              } catch (retryErr) {
-                console.warn(
-                  `[SecureChannel] Room re-init retry failed for conv ${convId.slice(0, 8)} (msgNum=${incomingMsgNum}):`,
-                  retryErr
-                );
-                this._sendRoomResyncIfCooled(convId, "room_reinit_retry_failed", session);
-                return;
-              }
-            } else {
-              console.log(
-                `[SecureChannel] Room re-init: skipping message with msgNum=${incomingMsgNum} for conv ${convId.slice(0, 8)} (too far ahead for fresh ratchet)`
-              );
-              this._sendRoomResyncIfCooled(convId, "room_message_skip");
-              return;
-            }
-          } catch (reinitErr) {
-            console.error(
-              `[SecureChannel] Room ratchet re-init failed for conv ${convId.slice(0, 8)}...:`,
-              reinitErr
-            );
-            this._sendRoomResyncIfCooled(convId, "room_reinit_failed");
-            return;
-          }
-        }
-        let messageText;
-        let messageType;
-        try {
-          const parsed = JSON.parse(plaintext);
-          messageType = parsed.type || "message";
-          messageText = parsed.text || plaintext;
-        } catch {
-          messageType = "message";
-          messageText = plaintext;
-        }
-        if (CREDENTIAL_MESSAGE_TYPES.has(messageType)) {
-          this._handleCredentialMessage(msgData.room_id, messageType, messageText, msgData.message_id);
-          if (msgData.created_at && this._persisted) {
-            this._persisted.lastMessageTimestamp = msgData.created_at;
-          }
-          await this._persistState();
-          return;
-        }
-        if (!ROOM_AGENT_TYPES.has(messageType)) {
-          return;
-        }
-        if (!session.activated) {
-          session.activated = true;
-          console.log(
-            `[SecureChannel] Room session ${convId.slice(0, 8)}... activated by first message`
-          );
-        }
-        if (msgData.message_id) {
-          this._sendAck(msgData.message_id);
-        }
-        if (msgData.created_at && this._persisted) {
-          this._persisted.lastMessageTimestamp = msgData.created_at;
-        }
-        await this._persistState();
-        const legacyRoomMembers = this._persisted?.rooms?.[msgData.room_id]?.members ?? [];
-        const legacySenderMember = legacyRoomMembers.find((m2) => m2.deviceId === msgData.sender_device_id);
-        const legacySenderIsAgent = legacySenderMember?.entityType === "agent";
-        const legacySenderLabel = legacySenderMember?.displayName || "someone";
-        const metadata = {
-          messageId: msgData.message_id ?? "",
-          conversationId: convId,
-          timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
-          messageType,
-          roomId: msgData.room_id,
-          senderDeviceId: msgData.sender_device_id,
-          senderIsAgent: legacySenderIsAgent,
-          senderName: legacySenderLabel,
-          roomName: this._persisted?.rooms?.[msgData.room_id]?.name
-        };
-        this._appendHistory("owner", messageText, `room:${msgData.room_id}`);
-        this.emit("room_message", {
-          roomId: msgData.room_id,
-          senderDeviceId: msgData.sender_device_id,
-          senderName: legacySenderLabel,
-          plaintext: messageText,
-          messageType,
-          timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString()
-        });
-        const legacyContextualMessage = legacySenderIsAgent ? messageText : `[${legacySenderLabel}]: ${messageText}`;
-        Promise.resolve(this.config.onMessage?.(legacyContextualMessage, metadata)).catch((err) => {
-          console.error("[SecureChannel] onMessage callback error:", err);
-        });
-      }
+      // _sendRoomResyncIfCooled removed — rooms are MLS-only now
+      // _handleRoomMessage removed — rooms are MLS-only now
       /**
        * Handle credential protocol messages (grant, revoke, request).
        * These are intercepted before reaching the agent's onMessage callback.
@@ -65746,20 +65405,7 @@ ${messageText}`;
       purgeRoomCredentials(roomId) {
         this._credentialStore.purgeForRoom(roomId);
       }
-      /**
-       * Find the pairwise conversation ID for a given sender in a room.
-       */
-      _findConversationForSender(senderDeviceId, roomId) {
-        const room = this._persisted?.rooms?.[roomId];
-        if (!room) return null;
-        for (const convId of room.conversationIds) {
-          const session = this._sessions.get(convId);
-          if (session && session.ownerDeviceId === senderDeviceId) {
-            return convId;
-          }
-        }
-        return null;
-      }
+      // _findConversationForSender removed — rooms are MLS-only now
       // ---------------------------------------------------------------------------
       // MLS room message handlers
       // ---------------------------------------------------------------------------
@@ -65783,11 +65429,12 @@ ${messageText}`;
             return;
           }
         }
-        this._lastInboundRoomId = roomId;
-        const mlsGroup = this._mlsGroups.get(roomId);
-        console.log(`[SecureChannel] MLS decrypt attempt room=${roomId.slice(0, 8)} group=${groupId?.slice(0, 8)} loaded=${!!mlsGroup} init=${mlsGroup?.isInitialized} mlsGroupsKeys=[${Array.from(this._mlsGroups.keys()).join(",")}]`);
+        const resolvedRoomId = roomId;
+        this._lastInboundRoomId = resolvedRoomId;
+        const mlsGroup = this._mlsGroups.get(resolvedRoomId);
+        console.log(`[SecureChannel] MLS decrypt attempt room=${resolvedRoomId.slice(0, 8)} group=${groupId?.slice(0, 8)} loaded=${!!mlsGroup} init=${mlsGroup?.isInitialized} mlsGroupsKeys=[${Array.from(this._mlsGroups.keys()).join(",")}]`);
         if (!mlsGroup?.isInitialized) {
-          console.warn(`[SecureChannel] MLS group not loaded for room ${roomId.slice(0, 8)}`);
+          console.warn(`[SecureChannel] MLS group not loaded for room ${resolvedRoomId.slice(0, 8)}`);
           return;
         }
         try {
@@ -65809,7 +65456,7 @@ ${messageText}`;
             messageText = rawPlaintext;
           }
           if (CREDENTIAL_MESSAGE_TYPES.has(messageType)) {
-            this._handleCredentialMessage(roomId, messageType, messageText, data.message_id);
+            this._handleCredentialMessage(resolvedRoomId, messageType, messageText, data.message_id);
             if (data.created_at && this._persisted) {
               this._persisted.lastMessageTimestamp = data.created_at;
             }
@@ -65824,13 +65471,13 @@ ${messageText}`;
           }
           if (data.created_at && this._persisted) {
             this._persisted.lastMessageTimestamp = data.created_at;
-            const roomState = this._persisted.rooms?.[roomId];
+            const roomState = this._persisted.rooms?.[resolvedRoomId];
             if (roomState) {
               roomState.lastMlsMessageTs = data.created_at;
             }
           }
           await this._persistState();
-          const roomMembers = this._persisted?.rooms?.[roomId]?.members ?? [];
+          const roomMembers = this._persisted?.rooms?.[resolvedRoomId]?.members ?? [];
           const senderMember = roomMembers.find((m2) => m2.deviceId === senderDeviceId);
           const senderIsAgent = senderMember?.entityType === "agent";
           const metadata = {
@@ -65838,16 +65485,16 @@ ${messageText}`;
             conversationId: "",
             timestamp: data.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
             messageType,
-            roomId,
+            roomId: resolvedRoomId,
             senderDeviceId,
             senderIsAgent,
             senderName: senderMember?.displayName || "unknown",
-            roomName: this._persisted?.rooms?.[roomId]?.name
+            roomName: this._persisted?.rooms?.[resolvedRoomId]?.name
           };
           const senderLabel = senderMember?.displayName || "someone";
-          this._appendHistory("owner", messageText, `room:${roomId}`);
+          this._appendHistory("owner", messageText, `room:${resolvedRoomId}`);
           this.emit("room_message", {
-            roomId,
+            roomId: resolvedRoomId,
             senderDeviceId,
             senderName: senderLabel,
             plaintext: messageText,
@@ -65859,7 +65506,7 @@ ${messageText}`;
             console.error("[SecureChannel] onMessage callback error (MLS):", err);
           });
         } catch (err) {
-          console.error(`[SecureChannel] MLS room decrypt failed for ${roomId.slice(0, 8)}:`, err);
+          console.error(`[SecureChannel] MLS room decrypt failed for ${resolvedRoomId.slice(0, 8)}:`, err);
         }
       }
       async _handleMlsCommit(data) {
@@ -66186,22 +65833,6 @@ ${messageText}`;
                 }
               }
               if (roomId) {
-                try {
-                  await this._handleRoomMessage({
-                    room_id: roomId,
-                    sender_device_id: msg.sender_device_id,
-                    conversation_id: msg.conversation_id,
-                    header_blob: msg.header_blob,
-                    ciphertext: msg.ciphertext,
-                    message_id: msg.id,
-                    created_at: msg.created_at
-                  });
-                } catch (roomErr) {
-                  console.warn(
-                    `[SecureChannel] Sync room message failed for ${msg.conversation_id.slice(0, 8)}...:`,
-                    roomErr
-                  );
-                }
                 this._persisted.lastMessageTimestamp = msg.created_at;
                 since = msg.created_at;
                 continue;