npm - @agentvault/secure-channel - Versions diffs - 0.6.21 → 0.6.22 - Mend

@agentvault/secure-channel 0.6.21 → 0.6.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/channel.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { EventEmitter } from "node:events";
-import type { SecureChannelConfig, ChannelState, SendOptions, DecisionRequest, DecisionResponse, HeartbeatStatus, StatusAlert } from "./types.js";
+import type { SecureChannelConfig, ChannelState, SendOptions, DecisionRequest, DecisionResponse, HeartbeatStatus, StatusAlert, RoomMemberInfo, RoomConversationInfo, RoomInfo } from "./types.js";
 export declare class SecureChannel extends EventEmitter {
     private config;
     private _state;
@@ -67,6 +67,31 @@ export declare class SecureChannel extends EventEmitter {
      * Optional timeout rejects with an Error.
      */
     waitForDecision(decisionId: string, timeoutMs?: number): Promise<DecisionResponse>;
+    /**
+     * Join a room by performing X3DH key exchange with each member
+     * for the pairwise conversations involving this device.
+     */
+    joinRoom(roomData: {
+        roomId: string;
+        name: string;
+        members: RoomMemberInfo[];
+        conversations: RoomConversationInfo[];
+    }): Promise<void>;
+    /**
+     * Send an encrypted message to all members of a room.
+     * Each pairwise conversation gets the plaintext encrypted independently.
+     */
+    sendToRoom(roomId: string, plaintext: string, opts?: {
+        messageType?: string;
+    }): Promise<void>;
+    /**
+     * Leave a room: remove sessions and persisted room state.
+     */
+    leaveRoom(roomId: string): Promise<void>;
+    /**
+     * Return info for all joined rooms.
+     */
+    getRooms(): RoomInfo[];
     startHeartbeat(intervalSeconds: number, statusCallback: () => HeartbeatStatus): void;
     stopHeartbeat(): Promise<void>;
     sendStatusAlert(alert: StatusAlert): Promise<void>;
@@ -135,6 +160,15 @@ export declare class SecureChannel extends EventEmitter {
      * a new ratchet session.
      */
     private _handleDeviceLinked;
+    /**
+     * Handle an incoming room message. Finds the pairwise conversation
+     * for the sender, decrypts, and emits a room_message event.
+     */
+    private _handleRoomMessage;
+    /**
+     * Find the pairwise conversation ID for a given sender in a room.
+     */
+    private _findConversationForSender;
     /**
      * Sync missed messages across ALL sessions.
      * For each conversation, fetches messages since last sync and decrypts.

package/dist/channel.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../src/channel.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoB3C,OAAO,KAAK,EACV,mBAAmB,EACnB,YAAY,EAMZ,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,WAAW,~~EACZ~~,MAAM,YAAY,CAAC;AAmDpB,qBAAa,aAAc,SAAQ,YAAY;IAkCjC,OAAO,CAAC,MAAM;IAjC1B,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,sBAAsB,CAAc;IAC5C,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,SAAS,CAGH;IACd,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,UAAU,CAA8C;IAChE,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,eAAe,CAA8C;IACrE,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,SAAS,CAA8C;IAC/D,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,kBAAkB,CAA+C;IACzE,OAAO,CAAC,eAAe,CAA+C;IACtE,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,yBAAyB,CAAa;IAC9C,OAAO,CAAC,eAAe,CAA4B;IAInD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAU;IAClD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAU;IACpD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAU;IAC3D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAAU;gBAEnC,MAAM,EAAE,mBAAmB;IAI/C,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,QAAQ,IAAI,MAAM,GAAG,IAAI,CAE5B;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,iEAAiE;IACjE,IAAI,cAAc,IAAI,MAAM,GAAG,IAAI,CAElC;IAED,2CAA2C;IAC3C,IAAI,eAAe,IAAI,MAAM,EAAE,CAE9B;IAED,6CAA6C;IAC7C,IAAI,YAAY,IAAI,MAAM,CAEzB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAsC5B;;OAEG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAsEnE;;;OAGG;IACH,UAAU,IAAI,IAAI;IAYlB;;;;OAIG;IACG,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC;IA6BpE;;;;;;OAMG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;~~IAkClF~~,cAAc,CACZ,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,eAAe,GACpC,IAAI;IAUD,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB9B,eAAe,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBxD,OAAO,CAAC,cAAc;IAkBhB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA6B3B,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IA0DnC,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAsC1F;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;YAiCtE,OAAO;IAgDrB,OAAO,CAAC,KAAK;YAsCC,SAAS;IAyIvB,OAAO,CAAC,QAAQ;~~IAgFhB~~;;;;OAIG;YACW,sBAAsB;IAsJpC;;;OAGG;YACW,6BAA6B;IA6C3C;;;OAGG;YACW,iBAAiB;IAwD/B;;;OAGG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAC7B,OAAO,CAAC,IAAI,CAAC;IA8ChB;;;OAGG;YACW,oBAAoB;IAqClC;;;OAGG;YACW,uBAAuB;IAkCrC;;;;OAIG;YACW,mBAAmB;IAkEjC;;;OAGG;IACH;;;OAGG;YACW,mBAAmB;IA8GjC,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,UAAU;YAMJ,mBAAmB;IAmCjC,OAAO,CAAC,UAAU;IAelB,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,kBAAkB;IAoB1B,OAAO,CAAC,SAAS;IAejB,OAAO,CAAC,kBAAkB;IAiH1B,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,YAAY;IAKpB;;;OAGG;YACW,aAAa;CAc5B"}
1	+ {"version":3,"file":"channel.d.ts","sourceRoot":"","sources":["../src/channel.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAoB3C,OAAO,KAAK,EACV,mBAAmB,EACnB,YAAY,EAMZ,WAAW,EACX,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,cAAc,EACd,oBAAoB,EACpB,QAAQ,EAET,MAAM,YAAY,CAAC;AAmDpB,qBAAa,aAAc,SAAQ,YAAY;IAkCjC,OAAO,CAAC,MAAM;IAjC1B,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,sBAAsB,CAAc;IAC5C,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,SAAS,CAGH;IACd,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,UAAU,CAA8C;IAChE,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,eAAe,CAA8C;IACrE,OAAO,CAAC,UAAU,CAA+C;IACjE,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,SAAS,CAA8C;IAC/D,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAA+B;IACjD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,kBAAkB,CAA+C;IACzE,OAAO,CAAC,eAAe,CAA+C;IACtE,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,yBAAyB,CAAa;IAC9C,OAAO,CAAC,eAAe,CAA4B;IAInD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAU;IAClD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAU;IACpD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAU;IAC3D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAAU;gBAEnC,MAAM,EAAE,mBAAmB;IAI/C,IAAI,KAAK,IAAI,YAAY,CAExB;IAED,IAAI,QAAQ,IAAI,MAAM,GAAG,IAAI,CAE5B;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,iEAAiE;IACjE,IAAI,cAAc,IAAI,MAAM,GAAG,IAAI,CAElC;IAED,2CAA2C;IAC3C,IAAI,eAAe,IAAI,MAAM,EAAE,CAE9B;IAED,6CAA6C;IAC7C,IAAI,YAAY,IAAI,MAAM,CAEzB;IAEK,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAsC5B;;OAEG;IACH,OAAO,CAAC,cAAc;IAuBtB;;;OAGG;IACG,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAsEnE;;;OAGG;IACH,UAAU,IAAI,IAAI;IAYlB;;;;OAIG;IACG,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC;IA6BpE;;;;;;OAMG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAoClF;;;OAGG;IACG,QAAQ,CAAC,QAAQ,EAAE;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,cAAc,EAAE,CAAC;QAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;KACvC,GAAG,OAAO,CAAC,IAAI,CAAC;IA0FjB;;;OAGG;IACG,UAAU,CACd,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAC9B,OAAO,CAAC,IAAI,CAAC;IAqEhB;;OAEG;IACG,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoB9C;;OAEG;IACH,QAAQ,IAAI,QAAQ,EAAE;IAYtB,cAAc,CACZ,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM,eAAe,GACpC,IAAI;IAUD,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAuB9B,eAAe,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBxD,OAAO,CAAC,cAAc;IAkBhB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IA6B3B,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IA0DnC,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAsC1F;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;YAiCtE,OAAO;IAgDrB,OAAO,CAAC,KAAK;YAsCC,SAAS;IAyIvB,OAAO,CAAC,QAAQ;IAwGhB;;;;OAIG;YACW,sBAAsB;IAsJpC;;;OAGG;YACW,6BAA6B;IA6C3C;;;OAGG;YACW,iBAAiB;IAwD/B;;;OAGG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAC7B,OAAO,CAAC,IAAI,CAAC;IA8ChB;;;OAGG;YACW,oBAAoB;IAqClC;;;OAGG;YACW,uBAAuB;IAkCrC;;;;OAIG;YACW,mBAAmB;IAkEjC;;;OAGG;YACW,kBAAkB;IAwEhC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAiBlC;;;OAGG;IACH;;;OAGG;YACW,mBAAmB;IA8GjC,OAAO,CAAC,QAAQ;IAMhB,OAAO,CAAC,UAAU;YAMJ,mBAAmB;IAmCjC,OAAO,CAAC,UAAU;IAelB,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,kBAAkB;IAoB1B,OAAO,CAAC,SAAS;IAejB,OAAO,CAAC,kBAAkB;IAiH1B,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,YAAY;IAKpB;;;OAGG;YACW,aAAa;CAc5B"}

package/dist/cli.js CHANGED Viewed

@@ -45413,6 +45413,168 @@ var init_channel = __esm({
           }
         });
       }
+      // --- Multi-agent room methods ---
+      /**
+       * Join a room by performing X3DH key exchange with each member
+       * for the pairwise conversations involving this device.
+       */
+      async joinRoom(roomData) {
+        if (!this._persisted) {
+          throw new Error("Channel not initialized");
+        }
+        await libsodium_wrappers_default.ready;
+        const identity = this._persisted.identityKeypair;
+        const ephemeral = this._persisted.ephemeralKeypair;
+        const myDeviceId = this._deviceId;
+        const conversationIds = [];
+        for (const conv of roomData.conversations) {
+          if (conv.participantA !== myDeviceId && conv.participantB !== myDeviceId) {
+            continue;
+          }
+          const otherDeviceId = conv.participantA === myDeviceId ? conv.participantB : conv.participantA;
+          const otherMember = roomData.members.find((m2) => m2.deviceId === otherDeviceId);
+          if (!otherMember?.identityPublicKey) {
+            console.warn(
+              `[SecureChannel] No public key for member ${otherDeviceId.slice(0, 8)}..., skipping`
+            );
+            continue;
+          }
+          const isInitiator = myDeviceId < otherDeviceId;
+          const sharedSecret = performX3DH({
+            myIdentityPrivate: hexToBytes(identity.privateKey),
+            myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
+            theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
+            theirEphemeralPublic: hexToBytes(
+              otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
+            ),
+            isInitiator
+          });
+          const ratchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
+            publicKey: hexToBytes(identity.publicKey),
+            privateKey: hexToBytes(identity.privateKey),
+            keyType: "ed25519"
+          }) : DoubleRatchet.initReceiver(sharedSecret, {
+            publicKey: hexToBytes(identity.publicKey),
+            privateKey: hexToBytes(identity.privateKey),
+            keyType: "ed25519"
+          });
+          this._sessions.set(conv.id, {
+            ownerDeviceId: otherDeviceId,
+            ratchet,
+            activated: isInitiator
+            // initiator can send immediately
+          });
+          this._persisted.sessions[conv.id] = {
+            ownerDeviceId: otherDeviceId,
+            ratchetState: ratchet.serialize(),
+            activated: isInitiator
+          };
+          conversationIds.push(conv.id);
+          console.log(
+            `[SecureChannel] Room session initialized: conv ${conv.id.slice(0, 8)}... with ${otherDeviceId.slice(0, 8)}... (initiator=${isInitiator})`
+          );
+        }
+        if (!this._persisted.rooms) {
+          this._persisted.rooms = {};
+        }
+        this._persisted.rooms[roomData.roomId] = {
+          roomId: roomData.roomId,
+          name: roomData.name,
+          conversationIds,
+          members: roomData.members
+        };
+        await this._persistState();
+        this.emit("room_joined", { roomId: roomData.roomId, name: roomData.name });
+      }
+      /**
+       * Send an encrypted message to all members of a room.
+       * Each pairwise conversation gets the plaintext encrypted independently.
+       */
+      async sendToRoom(roomId, plaintext, opts) {
+        if (!this._persisted?.rooms?.[roomId]) {
+          throw new Error(`Room ${roomId} not found`);
+        }
+        const room = this._persisted.rooms[roomId];
+        const messageType = opts?.messageType ?? "text";
+        const recipients = [];
+        for (const convId of room.conversationIds) {
+          const session = this._sessions.get(convId);
+          if (!session) {
+            console.warn(`[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., skipping`);
+            continue;
+          }
+          const encrypted = session.ratchet.encrypt(plaintext);
+          const transport = encryptedMessageToTransport(encrypted);
+          recipients.push({
+            device_id: session.ownerDeviceId,
+            header_blob: transport.header_blob,
+            ciphertext: transport.ciphertext
+          });
+        }
+        if (recipients.length === 0) {
+          throw new Error("No active sessions in room");
+        }
+        if (this._state === "ready" && this._ws) {
+          this._ws.send(
+            JSON.stringify({
+              event: "room_message",
+              room_id: roomId,
+              recipients,
+              message_type: messageType
+            })
+          );
+        } else {
+          try {
+            const res = await fetch(
+              `${this.config.apiUrl}/api/v1/rooms/${roomId}/messages`,
+              {
+                method: "POST",
+                headers: {
+                  "Content-Type": "application/json",
+                  Authorization: `Bearer ${this._deviceJwt}`
+                },
+                body: JSON.stringify({ recipients, message_type: messageType })
+              }
+            );
+            if (!res.ok) {
+              const detail = await res.text();
+              throw new Error(`Room message failed (${res.status}): ${detail}`);
+            }
+          } catch (err) {
+            throw new Error(`Failed to send room message: ${err}`);
+          }
+        }
+        await this._persistState();
+      }
+      /**
+       * Leave a room: remove sessions and persisted room state.
+       */
+      async leaveRoom(roomId) {
+        if (!this._persisted?.rooms?.[roomId]) {
+          return;
+        }
+        const room = this._persisted.rooms[roomId];
+        for (const convId of room.conversationIds) {
+          this._sessions.delete(convId);
+          delete this._persisted.sessions[convId];
+        }
+        delete this._persisted.rooms[roomId];
+        await this._persistState();
+        this.emit("room_left", { roomId });
+      }
+      /**
+       * Return info for all joined rooms.
+       */
+      getRooms() {
+        if (!this._persisted?.rooms) return [];
+        return Object.values(this._persisted.rooms).map((rs) => ({
+          roomId: rs.roomId,
+          name: rs.name,
+          members: rs.members,
+          conversationIds: rs.conversationIds
+        }));
+      }
+      // --- Heartbeat and status methods ---
       startHeartbeat(intervalSeconds, statusCallback) {
         this.stopHeartbeat();
         this._heartbeatCallback = statusCallback;
@@ -45850,6 +46012,28 @@ var init_channel = __esm({
             if (data.event === "message") {
               await this._handleIncomingMessage(data.data);
             }
+            if (data.event === "room_joined") {
+              const d2 = data.data;
+              this.joinRoom({
+                roomId: d2.room_id,
+                name: d2.name,
+                members: (d2.members || []).map((m2) => ({
+                  deviceId: m2.device_id,
+                  entityType: m2.entity_type,
+                  displayName: m2.display_name,
+                  identityPublicKey: m2.identity_public_key,
+                  ephemeralPublicKey: m2.ephemeral_public_key
+                })),
+                conversations: (d2.conversations || []).map((c2) => ({
+                  id: c2.id,
+                  participantA: c2.participant_a,
+                  participantB: c2.participant_b
+                }))
+              }).catch((err) => this.emit("error", err));
+            }
+            if (data.event === "room_message") {
+              await this._handleRoomMessage(data.data);
+            }
           } catch (err) {
             this.emit("error", err);
           }
@@ -46199,6 +46383,70 @@ ${messageText}`;
           this.emit("error", err);
         }
       }
+      /**
+       * Handle an incoming room message. Finds the pairwise conversation
+       * for the sender, decrypts, and emits a room_message event.
+       */
+      async _handleRoomMessage(msgData) {
+        if (msgData.sender_device_id === this._deviceId) return;
+        const convId = msgData.conversation_id ?? this._findConversationForSender(msgData.sender_device_id, msgData.room_id);
+        if (!convId) {
+          console.warn(
+            `[SecureChannel] No conversation found for sender ${msgData.sender_device_id.slice(0, 8)}... in room ${msgData.room_id}`
+          );
+          return;
+        }
+        const session = this._sessions.get(convId);
+        if (!session) {
+          console.warn(
+            `[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., skipping`
+          );
+          return;
+        }
+        const encrypted = transportToEncryptedMessage({
+          header_blob: msgData.header_blob,
+          ciphertext: msgData.ciphertext
+        });
+        const plaintext = session.ratchet.decrypt(encrypted);
+        if (!session.activated) {
+          session.activated = true;
+          console.log(
+            `[SecureChannel] Room session ${convId.slice(0, 8)}... activated by first message`
+          );
+        }
+        if (msgData.message_id) {
+          this._sendAck(msgData.message_id);
+        }
+        await this._persistState();
+        const metadata = {
+          messageId: msgData.message_id ?? "",
+          conversationId: convId,
+          timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
+          messageType: msgData.message_type ?? "text"
+        };
+        this.emit("room_message", {
+          roomId: msgData.room_id,
+          senderDeviceId: msgData.sender_device_id,
+          plaintext,
+          messageType: msgData.message_type ?? "text",
+          timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString()
+        });
+        this.config.onMessage?.(plaintext, metadata);
+      }
+      /**
+       * Find the pairwise conversation ID for a given sender in a room.
+       */
+      _findConversationForSender(senderDeviceId, roomId) {
+        const room = this._persisted?.rooms?.[roomId];
+        if (!room) return null;
+        for (const convId of room.conversationIds) {
+          const session = this._sessions.get(convId);
+          if (session && session.ownerDeviceId === senderDeviceId) {
+            return convId;
+          }
+        }
+        return null;
+      }
       /**
        * Sync missed messages across ALL sessions.
        * For each conversation, fetches messages since last sync and decrypts.