@agentvault/agentvault 0.9.0 → 0.9.2

package/dist/index.js

@@ -45421,9 +45421,18 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       scanStatus = scanResult.status;
     }
     this._appendHistory("agent", plaintext, topicId);
+    const roomConvIds = /* @__PURE__ */ new Set();
+    if (this._persisted?.rooms) {
+      for (const room of Object.values(this._persisted.rooms)) {
+        for (const cid of room.conversationIds) {
+          roomConvIds.add(cid);
+        }
+      }
+    }
     const messageGroupId = randomUUID();
     for (const [convId, session] of this._sessions) {
       if (!session.activated) continue;
+      if (roomConvIds.has(convId)) continue;
       const encrypted = session.ratchet.encrypt(plaintext);
       const transport = encryptedMessageToTransport(encrypted);
       const msg = {
@@ -45569,6 +45578,10 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       if (conv.participantA !== myDeviceId && conv.participantB !== myDeviceId) {
         continue;
       }
+      if (this._sessions.has(conv.id)) {
+        conversationIds.push(conv.id);
+        continue;
+      }
       const otherDeviceId = conv.participantA === myDeviceId ? conv.participantB : conv.participantA;
       const otherMember = roomData.members.find((m2) => m2.deviceId === otherDeviceId);
       if (!otherMember?.identityPublicKey) {
@@ -45578,13 +45591,12 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
         continue;
       }
       const isInitiator = myDeviceId < otherDeviceId;
+      const theirEphKey = otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey;
       const sharedSecret = performX3DH({
         myIdentityPrivate: hexToBytes(identity.privateKey),
         myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
         theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
-        theirEphemeralPublic: hexToBytes(
-          otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
-        ),
+        theirEphemeralPublic: hexToBytes(theirEphKey),
         isInitiator
       });
       const ratchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
@@ -45656,9 +45668,11 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       this._ws.send(
         JSON.stringify({
           event: "room_message",
-          room_id: roomId,
-          recipients,
-          message_type: messageType
+          data: {
+            room_id: roomId,
+            recipients,
+            message_type: messageType
+          }
         })
       );
     } else {
@@ -46084,6 +46098,23 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       if (this._persisted.hubAddress) {
         payload2.hub_address = this._persisted.hubAddress;
       }
+      if (channelEntry.observerSession?.ratchetState) {
+        try {
+          const obsRatchet = DoubleRatchet.deserialize(channelEntry.observerSession.ratchetState);
+          const obsEncrypted = obsRatchet.encrypt(text);
+          const obsHeaderObj = {
+            dhPublicKey: bytesToHex(obsEncrypted.header.dhPublicKey),
+            previousChainLength: obsEncrypted.header.previousChainLength,
+            messageNumber: obsEncrypted.header.messageNumber
+          };
+          payload2.observer_header_blob = Buffer.from(JSON.stringify(obsHeaderObj)).toString("hex");
+          payload2.observer_ciphertext = bytesToHex(obsEncrypted.ciphertext);
+          payload2.observer_nonce = bytesToHex(obsEncrypted.nonce);
+          channelEntry.observerSession.ratchetState = obsRatchet.serialize();
+        } catch (obsErr) {
+          console.error("[SecureChannel] Observer encryption failed (sending without observer copy):", obsErr);
+        }
+      }
       channelEntry.session.ratchetState = ratchet.serialize();
       await this._persistState();
       this._ws.send(
@@ -46380,13 +46411,20 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
           return;
         }
         if (data.event === "message") {
-          await this._handleIncomingMessage(data.data);
+          try {
+            await this._handleIncomingMessage(data.data);
+          } catch (msgErr) {
+            console.error(
+              `[SecureChannel] Message handler failed for conv ${data.data?.conversation_id?.slice(0, 8) ?? "?"}...:`,
+              msgErr
+            );
+          }
         }
         if (data.event === "room_joined") {
           const d2 = data.data;
           this.joinRoom({
             roomId: d2.room_id,
-            name: d2.name,
+            name: d2.room_name ?? d2.name ?? "Room",
             members: (d2.members || []).map((m2) => ({
               deviceId: m2.device_id,
               entityType: m2.entity_type,
@@ -46402,7 +46440,14 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
           }).catch((err) => this.emit("error", err));
         }
         if (data.event === "room_message") {
-          await this._handleRoomMessage(data.data);
+          try {
+            await this._handleRoomMessage(data.data);
+          } catch (rmErr) {
+            console.error(
+              `[SecureChannel] Room message handler failed:`,
+              rmErr
+            );
+          }
         }
         if (data.event === "room_participant_added") {
           const p2 = data.data;
@@ -46539,6 +46584,74 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
           }
           this.emit("a2a_channel_activated", actData);
         }
+        if (data.event === "a2a_observer_enabled") {
+          const obsData = data.data || data;
+          const obsChannelId = obsData.channel_id;
+          const obsChannelEntry = this._persisted?.a2aChannels?.[obsChannelId];
+          if (obsChannelEntry && this._persisted && this._ws) {
+            try {
+              const obsEphemeral = await generateEphemeralKeypair();
+              const obsEphPubHex = bytesToHex(obsEphemeral.publicKey);
+              const obsEphPrivHex = bytesToHex(obsEphemeral.privateKey);
+              obsChannelEntry.pendingObserverEphemeralPrivateKey = obsEphPrivHex;
+              await this._persistState();
+              this._ws.send(
+                JSON.stringify({
+                  event: "a2a_observer_key_submit",
+                  data: {
+                    channel_id: obsChannelId,
+                    ephemeral_key: obsEphPubHex,
+                    side: obsChannelEntry.role || "initiator"
+                  }
+                })
+              );
+              console.log(
+                `[SecureChannel] Observer key submitted for channel ${obsChannelId.slice(0, 8)}... (side=${obsChannelEntry.role})`
+              );
+            } catch (err) {
+              console.error("[SecureChannel] Observer key submission failed:", err);
+            }
+          }
+        }
+        if (data.event === "a2a_observer_key_accepted") {
+          const obsAccData = data.data || data;
+          const obsAccChannelId = obsAccData.channel_id;
+          const observerIdentityHex = obsAccData.observer_identity_key;
+          const obsAccSide = obsAccData.side;
+          const obsAccEntry = this._persisted?.a2aChannels?.[obsAccChannelId];
+          if (obsAccEntry && obsAccEntry.pendingObserverEphemeralPrivateKey && this._persisted) {
+            try {
+              const myIdentityPrivate = hexToBytes(this._persisted.identityKeypair.privateKey);
+              const myIdentityPublic = hexToBytes(this._persisted.identityKeypair.publicKey);
+              const myObsEphemeralPrivate = hexToBytes(obsAccEntry.pendingObserverEphemeralPrivateKey);
+              const ownerIdentityPublic = hexToBytes(observerIdentityHex);
+              const obsSharedSecret = performX3DH({
+                myIdentityPrivate,
+                myEphemeralPrivate: myObsEphemeralPrivate,
+                theirIdentityPublic: ownerIdentityPublic,
+                theirEphemeralPublic: ownerIdentityPublic,
+                // owner uses identity as ephemeral
+                isInitiator: true
+              });
+              const identityKp = {
+                publicKey: myIdentityPublic,
+                privateKey: myIdentityPrivate,
+                keyType: "ed25519"
+              };
+              const obsRatchet = DoubleRatchet.initSender(obsSharedSecret, identityKp);
+              obsAccEntry.observerSession = {
+                ratchetState: obsRatchet.serialize()
+              };
+              delete obsAccEntry.pendingObserverEphemeralPrivateKey;
+              await this._persistState();
+              console.log(
+                `[SecureChannel] Observer ratchet initialized for channel ${obsAccChannelId.slice(0, 8)}... (side=${obsAccSide})`
+              );
+            } catch (err) {
+              console.error("[SecureChannel] Observer ratchet init failed:", err);
+            }
+          }
+        }
         if (data.event === "a2a_channel_rejected") {
           this.emit("a2a_channel_rejected", data.data || data);
         }
@@ -47009,7 +47122,73 @@ ${messageText}`;
       header_blob: msgData.header_blob,
       ciphertext: msgData.ciphertext
     });
-    const plaintext = session.ratchet.decrypt(encrypted);
+    let plaintext;
+    try {
+      plaintext = session.ratchet.decrypt(encrypted);
+    } catch (decryptErr) {
+      console.warn(
+        `[SecureChannel] Room decrypt failed for conv ${convId.slice(0, 8)}...: ${String(decryptErr)}, re-initializing ratchet`
+      );
+      try {
+        const roomEntry = this._persisted?.rooms ? Object.values(this._persisted.rooms).find(
+          (r2) => r2.conversationIds.includes(convId)
+        ) : null;
+        if (!roomEntry) throw new Error("Room not found for conversation");
+        const otherMember = roomEntry.members.find(
+          (m2) => m2.deviceId === msgData.sender_device_id
+        );
+        if (!otherMember?.identityPublicKey) throw new Error("No key for sender");
+        const isInitiator = this._deviceId < msgData.sender_device_id;
+        const identity = this._persisted.identityKeypair;
+        const ephemeral = this._persisted.ephemeralKeypair;
+        const sharedSecret = performX3DH({
+          myIdentityPrivate: hexToBytes(identity.privateKey),
+          myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
+          theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
+          theirEphemeralPublic: hexToBytes(
+            otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
+          ),
+          isInitiator
+        });
+        const newRatchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
+          publicKey: hexToBytes(identity.publicKey),
+          privateKey: hexToBytes(identity.privateKey),
+          keyType: "ed25519"
+        }) : DoubleRatchet.initReceiver(sharedSecret, {
+          publicKey: hexToBytes(identity.publicKey),
+          privateKey: hexToBytes(identity.privateKey),
+          keyType: "ed25519"
+        });
+        session.ratchet = newRatchet;
+        session.activated = false;
+        this._persisted.sessions[convId] = {
+          ownerDeviceId: session.ownerDeviceId,
+          ratchetState: newRatchet.serialize(),
+          activated: false
+        };
+        await this._persistState();
+        console.log(
+          `[SecureChannel] Room ratchet re-initialized for conv ${convId.slice(0, 8)}...`
+        );
+        plaintext = session.ratchet.decrypt(encrypted);
+      } catch (reinitErr) {
+        console.error(
+          `[SecureChannel] Room ratchet re-init failed for conv ${convId.slice(0, 8)}...:`,
+          reinitErr
+        );
+        return;
+      }
+    }
+    let messageText;
+    let messageType;
+    try {
+      const parsed = JSON.parse(plaintext);
+      messageType = parsed.type || "message";
+      messageText = parsed.text || plaintext;
+    } catch {
+      messageType = "message";
+      messageText = plaintext;
+    }
     if (!session.activated) {
       session.activated = true;
       console.log(
@@ -47024,16 +47203,17 @@ ${messageText}`;
       messageId: msgData.message_id ?? "",
       conversationId: convId,
       timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
-      messageType: msgData.message_type ?? "text"
+      messageType,
+      roomId: msgData.room_id
     };
     this.emit("room_message", {
       roomId: msgData.room_id,
       senderDeviceId: msgData.sender_device_id,
-      plaintext,
-      messageType: msgData.message_type ?? "text",
+      plaintext: messageText,
+      messageType,
       timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString()
     });
-    this.config.onMessage?.(plaintext, metadata);
+    this.config.onMessage?.(messageText, metadata);
   }
   /**
    * Find the pairwise conversation ID for a given sender in a room.
@@ -47121,8 +47301,12 @@ ${messageText}`;
             since = msg.created_at;
             totalProcessed++;
           } catch (err) {
-            this.emit("error", err);
-            break;
+            console.warn(
+              `[SecureChannel] Sync decrypt failed for msg ${msg.id.slice(0, 8)}... in conv ${msg.conversation_id.slice(0, 8)}...: ${String(err)}`
+            );
+            this._persisted.lastMessageTimestamp = msg.created_at;
+            since = msg.created_at;
+            continue;
           }
         }
         await this._persistState();