@agentvault/secure-channel 0.6.21 → 0.6.23

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { SecureChannel } from "./channel.js";
-export type { SecureChannelConfig, ChannelState, MessageMetadata, AttachmentData, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, SendOptions, DecisionOption, DecisionRequest, DecisionResponse, ContextRef, HeartbeatStatus, StatusAlert, } from "./types.js";
+export type { SecureChannelConfig, ChannelState, MessageMetadata, AttachmentData, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, SendOptions, DecisionOption, DecisionRequest, DecisionResponse, ContextRef, HeartbeatStatus, StatusAlert, RoomInfo, RoomMemberInfo, RoomConversationInfo, RoomState, } from "./types.js";
 export { agentVaultPlugin, setOcRuntime, getActiveChannel } from "./openclaw-plugin.js";
 export declare const VERSION = "0.6.13";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,GACZ,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExF,eAAO,MAAM,OAAO,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,SAAS,GACV,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExF,eAAO,MAAM,OAAO,WAAW,CAAC"}

package/dist/index.js

@@ -45344,6 +45344,168 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       }
     });
   }
+  // --- Multi-agent room methods ---
+  /**
+   * Join a room by performing X3DH key exchange with each member
+   * for the pairwise conversations involving this device.
+   */
+  async joinRoom(roomData) {
+    if (!this._persisted) {
+      throw new Error("Channel not initialized");
+    }
+    await libsodium_wrappers_default.ready;
+    const identity = this._persisted.identityKeypair;
+    const ephemeral = this._persisted.ephemeralKeypair;
+    const myDeviceId = this._deviceId;
+    const conversationIds = [];
+    for (const conv of roomData.conversations) {
+      if (conv.participantA !== myDeviceId && conv.participantB !== myDeviceId) {
+        continue;
+      }
+      const otherDeviceId = conv.participantA === myDeviceId ? conv.participantB : conv.participantA;
+      const otherMember = roomData.members.find((m2) => m2.deviceId === otherDeviceId);
+      if (!otherMember?.identityPublicKey) {
+        console.warn(
+          `[SecureChannel] No public key for member ${otherDeviceId.slice(0, 8)}..., skipping`
+        );
+        continue;
+      }
+      const isInitiator = myDeviceId < otherDeviceId;
+      const sharedSecret = performX3DH({
+        myIdentityPrivate: hexToBytes(identity.privateKey),
+        myEphemeralPrivate: hexToBytes(ephemeral.privateKey),
+        theirIdentityPublic: hexToBytes(otherMember.identityPublicKey),
+        theirEphemeralPublic: hexToBytes(
+          otherMember.ephemeralPublicKey ?? otherMember.identityPublicKey
+        ),
+        isInitiator
+      });
+      const ratchet = isInitiator ? DoubleRatchet.initSender(sharedSecret, {
+        publicKey: hexToBytes(identity.publicKey),
+        privateKey: hexToBytes(identity.privateKey),
+        keyType: "ed25519"
+      }) : DoubleRatchet.initReceiver(sharedSecret, {
+        publicKey: hexToBytes(identity.publicKey),
+        privateKey: hexToBytes(identity.privateKey),
+        keyType: "ed25519"
+      });
+      this._sessions.set(conv.id, {
+        ownerDeviceId: otherDeviceId,
+        ratchet,
+        activated: isInitiator
+        // initiator can send immediately
+      });
+      this._persisted.sessions[conv.id] = {
+        ownerDeviceId: otherDeviceId,
+        ratchetState: ratchet.serialize(),
+        activated: isInitiator
+      };
+      conversationIds.push(conv.id);
+      console.log(
+        `[SecureChannel] Room session initialized: conv ${conv.id.slice(0, 8)}... with ${otherDeviceId.slice(0, 8)}... (initiator=${isInitiator})`
+      );
+    }
+    if (!this._persisted.rooms) {
+      this._persisted.rooms = {};
+    }
+    this._persisted.rooms[roomData.roomId] = {
+      roomId: roomData.roomId,
+      name: roomData.name,
+      conversationIds,
+      members: roomData.members
+    };
+    await this._persistState();
+    this.emit("room_joined", { roomId: roomData.roomId, name: roomData.name });
+  }
+  /**
+   * Send an encrypted message to all members of a room.
+   * Each pairwise conversation gets the plaintext encrypted independently.
+   */
+  async sendToRoom(roomId, plaintext, opts) {
+    if (!this._persisted?.rooms?.[roomId]) {
+      throw new Error(`Room ${roomId} not found`);
+    }
+    const room = this._persisted.rooms[roomId];
+    const messageType = opts?.messageType ?? "text";
+    const recipients = [];
+    for (const convId of room.conversationIds) {
+      const session = this._sessions.get(convId);
+      if (!session) {
+        console.warn(`[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., skipping`);
+        continue;
+      }
+      const encrypted = session.ratchet.encrypt(plaintext);
+      const transport = encryptedMessageToTransport(encrypted);
+      recipients.push({
+        device_id: session.ownerDeviceId,
+        header_blob: transport.header_blob,
+        ciphertext: transport.ciphertext
+      });
+    }
+    if (recipients.length === 0) {
+      throw new Error("No active sessions in room");
+    }
+    if (this._state === "ready" && this._ws) {
+      this._ws.send(
+        JSON.stringify({
+          event: "room_message",
+          room_id: roomId,
+          recipients,
+          message_type: messageType
+        })
+      );
+    } else {
+      try {
+        const res = await fetch(
+          `${this.config.apiUrl}/api/v1/rooms/${roomId}/messages`,
+          {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              Authorization: `Bearer ${this._deviceJwt}`
+            },
+            body: JSON.stringify({ recipients, message_type: messageType })
+          }
+        );
+        if (!res.ok) {
+          const detail = await res.text();
+          throw new Error(`Room message failed (${res.status}): ${detail}`);
+        }
+      } catch (err) {
+        throw new Error(`Failed to send room message: ${err}`);
+      }
+    }
+    await this._persistState();
+  }
+  /**
+   * Leave a room: remove sessions and persisted room state.
+   */
+  async leaveRoom(roomId) {
+    if (!this._persisted?.rooms?.[roomId]) {
+      return;
+    }
+    const room = this._persisted.rooms[roomId];
+    for (const convId of room.conversationIds) {
+      this._sessions.delete(convId);
+      delete this._persisted.sessions[convId];
+    }
+    delete this._persisted.rooms[roomId];
+    await this._persistState();
+    this.emit("room_left", { roomId });
+  }
+  /**
+   * Return info for all joined rooms.
+   */
+  getRooms() {
+    if (!this._persisted?.rooms) return [];
+    return Object.values(this._persisted.rooms).map((rs) => ({
+      roomId: rs.roomId,
+      name: rs.name,
+      members: rs.members,
+      conversationIds: rs.conversationIds
+    }));
+  }
+  // --- Heartbeat and status methods ---
   startHeartbeat(intervalSeconds, statusCallback) {
     this.stopHeartbeat();
     this._heartbeatCallback = statusCallback;
@@ -45378,13 +45540,17 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
   }
   async sendStatusAlert(alert) {
     const priority = alert.severity === "error" || alert.severity === "critical" ? "high" : "normal";
+    const envelope = {
+      title: alert.title,
+      message: alert.message,
+      severity: alert.severity,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (alert.detail !== void 0) envelope.detail = alert.detail;
+    if (alert.detailFormat !== void 0) envelope.detail_format = alert.detailFormat;
+    if (alert.category !== void 0) envelope.category = alert.category;
     await this.send(
-      JSON.stringify({
-        title: alert.title,
-        message: alert.message,
-        severity: alert.severity,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      }),
+      JSON.stringify(envelope),
       {
         messageType: "status_alert",
         priority,
@@ -45392,6 +45558,57 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
       }
     );
   }
+  async sendArtifact(artifact) {
+    if (this._state !== "ready" || this._sessions.size === 0 || !this._ws) {
+      throw new Error("Channel is not ready");
+    }
+    const attachMeta = await this._uploadAttachment(artifact.filePath, this._primaryConversationId);
+    const envelope = JSON.stringify({
+      type: "artifact",
+      blob_id: attachMeta.blobId,
+      blob_url: attachMeta.blobUrl,
+      filename: artifact.filename,
+      mime_type: artifact.mimeType,
+      size_bytes: attachMeta.size,
+      description: artifact.description,
+      attachment: attachMeta
+    });
+    const messageGroupId = randomUUID();
+    for (const [convId, session] of this._sessions) {
+      if (!session.activated) continue;
+      const encrypted = session.ratchet.encrypt(envelope);
+      const transport = encryptedMessageToTransport(encrypted);
+      this._ws.send(
+        JSON.stringify({
+          event: "message",
+          data: {
+            conversation_id: convId,
+            header_blob: transport.header_blob,
+            ciphertext: transport.ciphertext,
+            message_group_id: messageGroupId,
+            message_type: "artifact_share"
+          }
+        })
+      );
+    }
+    await this._persistState();
+  }
+  async sendActionConfirmation(confirmation) {
+    const envelope = {
+      type: "action_confirmation",
+      action: confirmation.action,
+      status: confirmation.status
+    };
+    if (confirmation.decisionId !== void 0) envelope.decision_id = confirmation.decisionId;
+    if (confirmation.detail !== void 0) envelope.detail = confirmation.detail;
+    await this.send(
+      JSON.stringify(envelope),
+      {
+        messageType: "action_confirmation",
+        metadata: { status: confirmation.status }
+      }
+    );
+  }
   _sendHeartbeat() {
     if (this._state !== "ready" || !this._heartbeatCallback) return;
     const status = this._heartbeatCallback();
@@ -45781,6 +45998,28 @@ var SecureChannel = class _SecureChannel extends EventEmitter {
         if (data.event === "message") {
           await this._handleIncomingMessage(data.data);
         }
+        if (data.event === "room_joined") {
+          const d2 = data.data;
+          this.joinRoom({
+            roomId: d2.room_id,
+            name: d2.name,
+            members: (d2.members || []).map((m2) => ({
+              deviceId: m2.device_id,
+              entityType: m2.entity_type,
+              displayName: m2.display_name,
+              identityPublicKey: m2.identity_public_key,
+              ephemeralPublicKey: m2.ephemeral_public_key
+            })),
+            conversations: (d2.conversations || []).map((c2) => ({
+              id: c2.id,
+              participantA: c2.participant_a,
+              participantB: c2.participant_b
+            }))
+          }).catch((err) => this.emit("error", err));
+        }
+        if (data.event === "room_message") {
+          await this._handleRoomMessage(data.data);
+        }
       } catch (err) {
         this.emit("error", err);
       }
@@ -46130,6 +46369,70 @@ ${messageText}`;
       this.emit("error", err);
     }
   }
+  /**
+   * Handle an incoming room message. Finds the pairwise conversation
+   * for the sender, decrypts, and emits a room_message event.
+   */
+  async _handleRoomMessage(msgData) {
+    if (msgData.sender_device_id === this._deviceId) return;
+    const convId = msgData.conversation_id ?? this._findConversationForSender(msgData.sender_device_id, msgData.room_id);
+    if (!convId) {
+      console.warn(
+        `[SecureChannel] No conversation found for sender ${msgData.sender_device_id.slice(0, 8)}... in room ${msgData.room_id}`
+      );
+      return;
+    }
+    const session = this._sessions.get(convId);
+    if (!session) {
+      console.warn(
+        `[SecureChannel] No session for room conv ${convId.slice(0, 8)}..., skipping`
+      );
+      return;
+    }
+    const encrypted = transportToEncryptedMessage({
+      header_blob: msgData.header_blob,
+      ciphertext: msgData.ciphertext
+    });
+    const plaintext = session.ratchet.decrypt(encrypted);
+    if (!session.activated) {
+      session.activated = true;
+      console.log(
+        `[SecureChannel] Room session ${convId.slice(0, 8)}... activated by first message`
+      );
+    }
+    if (msgData.message_id) {
+      this._sendAck(msgData.message_id);
+    }
+    await this._persistState();
+    const metadata = {
+      messageId: msgData.message_id ?? "",
+      conversationId: convId,
+      timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString(),
+      messageType: msgData.message_type ?? "text"
+    };
+    this.emit("room_message", {
+      roomId: msgData.room_id,
+      senderDeviceId: msgData.sender_device_id,
+      plaintext,
+      messageType: msgData.message_type ?? "text",
+      timestamp: msgData.created_at ?? (/* @__PURE__ */ new Date()).toISOString()
+    });
+    this.config.onMessage?.(plaintext, metadata);
+  }
+  /**
+   * Find the pairwise conversation ID for a given sender in a room.
+   */
+  _findConversationForSender(senderDeviceId, roomId) {
+    const room = this._persisted?.rooms?.[roomId];
+    if (!room) return null;
+    for (const convId of room.conversationIds) {
+      const session = this._sessions.get(convId);
+      if (session && session.ownerDeviceId === senderDeviceId) {
+        return convId;
+      }
+    }
+    return null;
+  }
   /**
    * Sync missed messages across ALL sessions.
    * For each conversation, fetches messages since last sync and decrypts.