@agora-sdk/secure-chat-core 0.1.0 → 0.2.0

package/dist/cjs/context/secure-chat-context.d.ts

@@ -1,18 +1,26 @@
 import React from "react";
-import { SecureChatCrypto } from "@agora-sdk/secure-chat-crypto";
-import { SecureChatRestClient } from "../transport/rest";
-import { SecureChatSocketClient } from "../transport/socket";
+import { SecureChatCrypto, GroupHandle } from "@agora-sdk/secure-chat-crypto";
+import { SecureChatRestClient } from "../transport/rest.js";
+import { SecureChatSocketClient } from "../transport/socket.js";
+import { SecureChatStore } from "../persistence/store.js";
+import { SecureChatRepository } from "../persistence/repository.js";
 /**
- * The value exposed by {@link useSecureChat}: the shared transport clients, the injected crypto,
- * and the active project id. The hooks build everything else on top of these.
+ * The value exposed by {@link useSecureChat}: shared transport clients, the injected crypto, the
+ * persistence repository, the group-handle resolver, and the active project id.
  */
 export interface SecureChatContextValue {
     /** REST client for the blind Delivery Service endpoints. */
     rest: SecureChatRestClient;
     /** Realtime client for the `/secure` socket.io namespace. */
     socket: SecureChatSocketClient;
-    /** The injected MLS crypto implementation (mock, or platform ts-mls/native). */
+    /** The injected MLS crypto implementation. */
     crypto: SecureChatCrypto;
+    /** Typed persistence over the injected store. */
+    repo: SecureChatRepository;
+    /** Resolve a conversation's MLS group handle (cache → store → importGroupState), or `null`. */
+    resolveGroup: (conversationId: string) => Promise<GroupHandle | null>;
+    /** Cache + persist a conversation's group handle (after createGroup / processWelcome). */
+    rememberGroup: (conversationId: string, handle: GroupHandle) => Promise<void>;
     /** The Agora project id these clients are scoped to. */
     projectId: string;
 }
@@ -22,6 +30,8 @@ export interface SecureChatProviderProps {
     crypto: SecureChatCrypto;
     /** Agora project id (path-scoped on every endpoint). */
     projectId: string;
+    /** Persistence store. Defaults to a non-persistent in-memory store when omitted. */
+    store?: SecureChatStore;
     /** Current access token. Re-pass on refresh; read lazily per request. */
     accessToken?: string;
     /** Override token resolution (takes precedence over `accessToken`). */
@@ -33,28 +43,24 @@ export interface SecureChatProviderProps {
     children: React.ReactNode;
 }
 /**
- * Provides the secure-chat transport + crypto to the `useSecure*` hooks. Render it inside a
- * `ReplykeProvider`: by default it inherits the API base URL and socket origin from
- * `@agora-sdk/core`'s runtime, and disconnects the socket on unmount.
+ * Provides secure-chat transport, crypto, and persistence to the `useSecure*` hooks. Render inside a
+ * `ReplykeProvider`; disconnects the socket on unmount.
  *
- * @param props - {@link SecureChatProviderProps} — the injected crypto, project id, token, and
- *   optional base/socket URL overrides.
+ * @param props - {@link SecureChatProviderProps}.
  * @returns A context provider wrapping `children`.
  *
  * @example
  * ```tsx
- * <ReplykeProvider projectId={projectId} baseUrl={baseUrl}>
- *   <SecureChatProvider crypto={crypto} projectId={projectId} accessToken={token}>
- *     <Chat />
- *   </SecureChatProvider>
- * </ReplykeProvider>
+ * <SecureChatProvider crypto={crypto} projectId={projectId} store={createIndexedDBStore()} accessToken={token}>
+ *   <Chat />
+ * </SecureChatProvider>
  * ```
  */
-export declare function SecureChatProvider({ crypto, projectId, accessToken, getAccessToken, baseUrl, socketUrl, children, }: SecureChatProviderProps): React.JSX.Element;
+export declare function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, children, }: SecureChatProviderProps): React.JSX.Element;
 /**
  * Access the nearest {@link SecureChatContextValue}.
  *
- * @returns The shared rest/socket/crypto/projectId for this provider subtree.
+ * @returns The shared rest/socket/crypto/repo/resolveGroup/projectId for this provider subtree.
  * @throws {Error} When called outside a `<SecureChatProvider>`.
  */
 export declare function useSecureChat(): SecureChatContextValue;

package/dist/cjs/context/secure-chat-context.js

@@ -3,61 +3,80 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SecureChatProvider = SecureChatProvider;
 exports.useSecureChat = useSecureChat;
 const jsx_runtime_1 = require("react/jsx-runtime");
-// SecureChatProvider — wires the transport + crypto for the secure-chat hooks.
+// SecureChatProvider — wires transport + crypto + persistence for the secure-chat hooks.
 //
 // Sits INSIDE a ReplykeProvider: by default it resolves the API base URL and socket origin from
-// @agora-sdk/core's runtime singletons (getApiBaseUrl / getSocketUrl), so whatever `baseUrl` the
-// app set on ReplykeProvider is honored here too. Crypto is injected (a `SecureChatCrypto`), keeping
-// core platform- and library-agnostic — the web/native packages supply the concrete MLS impl.
+// @agora-sdk/core's runtime singletons (getApiBaseUrl / getSocketUrl). Crypto AND the persistence
+// store are injected, keeping core platform- and library-agnostic. The provider builds a typed
+// SecureChatRepository over the store plus a cached resolveGroup/rememberGroup so the hooks become
+// self-sufficient (no need to thread a GroupHandle in by hand).
 const react_1 = require("react");
 const core_1 = require("@agora-sdk/core");
-const rest_1 = require("../transport/rest");
-const socket_1 = require("../transport/socket");
+const rest_js_1 = require("../transport/rest.js");
+const socket_js_1 = require("../transport/socket.js");
+const memory_store_js_1 = require("../persistence/memory-store.js");
+const repository_js_1 = require("../persistence/repository.js");
 const SecureChatContext = (0, react_1.createContext)(null);
 /**
- * Provides the secure-chat transport + crypto to the `useSecure*` hooks. Render it inside a
- * `ReplykeProvider`: by default it inherits the API base URL and socket origin from
- * `@agora-sdk/core`'s runtime, and disconnects the socket on unmount.
+ * Provides secure-chat transport, crypto, and persistence to the `useSecure*` hooks. Render inside a
+ * `ReplykeProvider`; disconnects the socket on unmount.
  *
- * @param props - {@link SecureChatProviderProps} — the injected crypto, project id, token, and
- *   optional base/socket URL overrides.
+ * @param props - {@link SecureChatProviderProps}.
  * @returns A context provider wrapping `children`.
  *
  * @example
  * ```tsx
- * <ReplykeProvider projectId={projectId} baseUrl={baseUrl}>
- *   <SecureChatProvider crypto={crypto} projectId={projectId} accessToken={token}>
- *     <Chat />
- *   </SecureChatProvider>
- * </ReplykeProvider>
+ * <SecureChatProvider crypto={crypto} projectId={projectId} store={createIndexedDBStore()} accessToken={token}>
+ *   <Chat />
+ * </SecureChatProvider>
  * ```
  */
-function SecureChatProvider({ crypto, projectId, accessToken, getAccessToken, baseUrl, socketUrl, children, }) {
-    // Keep the latest token in a ref so the per-request resolver always returns the current value
-    // without rebuilding the transport clients on every token change.
+function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, children, }) {
     const tokenRef = (0, react_1.useRef)(accessToken);
     tokenRef.current = accessToken;
     const resolveToken = (0, react_1.useMemo)(() => getAccessToken ?? (() => tokenRef.current), [getAccessToken]);
-    const rest = (0, react_1.useMemo)(() => new rest_1.SecureChatRestClient({
+    const rest = (0, react_1.useMemo)(() => new rest_js_1.SecureChatRestClient({
         projectId,
         getAccessToken: resolveToken,
         getBaseUrl: () => baseUrl ?? (0, core_1.getApiBaseUrl)(),
     }), [projectId, resolveToken, baseUrl]);
-    const socket = (0, react_1.useMemo)(() => new socket_1.SecureChatSocketClient({
+    const socket = (0, react_1.useMemo)(() => new socket_js_1.SecureChatSocketClient({
         projectId,
         getAccessToken: resolveToken,
         getSocketUrl: () => socketUrl ?? (0, core_1.getSocketUrl)(),
     }), [projectId, resolveToken, socketUrl]);
+    const resolvedStore = (0, react_1.useMemo)(() => store ?? new memory_store_js_1.MemoryStore(), [store]);
+    const repo = (0, react_1.useMemo)(() => new repository_js_1.SecureChatRepository(resolvedStore), [resolvedStore]);
+    // In-memory GroupHandle cache, keyed by conversationId. Survives re-renders via the ref.
+    // NOTE: not cleared on a `store` prop swap — a store change in practice means a new provider
+    // instance (fresh cache), not a live prop change on the same mounted provider.
+    const groupCache = (0, react_1.useRef)(new Map());
+    const resolveGroup = (0, react_1.useCallback)(async (conversationId) => {
+        const cached = groupCache.current.get(conversationId);
+        if (cached)
+            return cached;
+        const bytes = await repo.loadGroupState(conversationId);
+        if (!bytes)
+            return null;
+        const handle = await crypto.importGroupState(bytes);
+        groupCache.current.set(conversationId, handle);
+        return handle;
+    }, [repo, crypto]);
+    const rememberGroup = (0, react_1.useCallback)(async (conversationId, handle) => {
+        groupCache.current.set(conversationId, handle);
+        const bytes = await crypto.exportGroupState(handle);
+        await repo.saveGroupState(conversationId, bytes);
+    }, [repo, crypto]);
     (0, react_1.useEffect)(() => {
         return () => socket.disconnect();
     }, [socket]);
-    const value = (0, react_1.useMemo)(() => ({ rest, socket, crypto, projectId }), [rest, socket, crypto, projectId]);
+    const value = (0, react_1.useMemo)(() => ({ rest, socket, crypto, repo, resolveGroup, rememberGroup, projectId }), [rest, socket, crypto, repo, resolveGroup, rememberGroup, projectId]);
     return (0, jsx_runtime_1.jsx)(SecureChatContext.Provider, { value: value, children: children });
 }
 /**
  * Access the nearest {@link SecureChatContextValue}.
  *
- * @returns The shared rest/socket/crypto/projectId for this provider subtree.
+ * @returns The shared rest/socket/crypto/repo/resolveGroup/projectId for this provider subtree.
  * @throws {Error} When called outside a `<SecureChatProvider>`.
  */
 function useSecureChat() {

package/dist/cjs/context/secure-chat-context.js.map

@@ -1 +1 @@
-{"version":3,"file":"secure-chat-context.js","sourceRoot":"","sources":["../../../src/context/secure-chat-context.tsx"],"names":[],"mappings":";;AAkEA,gDAiDC;AAQD,sCAMC;;AAjID,+EAA+E;AAC/E,EAAE;AACF,gGAAgG;AAChG,iGAAiG;AACjG,qGAAqG;AACrG,8FAA8F;AAE9F,iCAAqF;AACrF,0CAA8D;AAG9D,4CAAyD;AACzD,gDAA6D;AAiB7D,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAgC,IAAI,CAAC,CAAC;AAmB7E;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,kBAAkB,CAAC,EACjC,MAAM,EACN,SAAS,EACT,WAAW,EACX,cAAc,EACd,OAAO,EACP,SAAS,EACT,QAAQ,GACgB;IACxB,8FAA8F;IAC9F,kEAAkE;IAClE,MAAM,QAAQ,GAAG,IAAA,cAAM,EAAqB,WAAW,CAAC,CAAC;IACzD,QAAQ,CAAC,OAAO,GAAG,WAAW,CAAC;IAE/B,MAAM,YAAY,GAAG,IAAA,eAAO,EAC1B,GAAG,EAAE,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAChD,CAAC,cAAc,CAAC,CACjB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAA,eAAO,EAClB,GAAG,EAAE,CACH,IAAI,2BAAoB,CAAC;QACvB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,IAAA,oBAAa,GAAE;KAC7C,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CACnC,CAAC;IAEF,MAAM,MAAM,GAAG,IAAA,eAAO,EACpB,GAAG,EAAE,CACH,IAAI,+BAAsB,CAAC;QACzB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS,IAAI,IAAA,mBAAY,GAAE;KAChD,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,CAAC,CACrC,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACnC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,EAC3C,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAClC,CAAC;IAEF,OAAO,uBAAC,iBAAiB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA8B,CAAC;AAC3F,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa;IAC3B,MAAM,GAAG,GAAG,IAAA,kBAAU,EAAC,iBAAiB,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"secure-chat-context.js","sourceRoot":"","sources":["../../../src/context/secure-chat-context.tsx"],"names":[],"mappings":";;AA0EA,gDA8EC;AAQD,sCAMC;;AAtKD,yFAAyF;AACzF,EAAE;AACF,gGAAgG;AAChG,kGAAkG;AAClG,+FAA+F;AAC/F,mGAAmG;AACnG,gEAAgE;AAEhE,iCAAkG;AAClG,0CAA8D;AAG9D,kDAA4D;AAC5D,sDAAgE;AAEhE,oEAA6D;AAC7D,gEAAoE;AAuBpE,MAAM,iBAAiB,GAAG,IAAA,qBAAa,EAAgC,IAAI,CAAC,CAAC;AAqB7E;;;;;;;;;;;;;GAaG;AACH,SAAgB,kBAAkB,CAAC,EACjC,MAAM,EACN,SAAS,EACT,KAAK,EACL,WAAW,EACX,cAAc,EACd,OAAO,EACP,SAAS,EACT,QAAQ,GACgB;IACxB,MAAM,QAAQ,GAAG,IAAA,cAAM,EAAqB,WAAW,CAAC,CAAC;IACzD,QAAQ,CAAC,OAAO,GAAG,WAAW,CAAC;IAE/B,MAAM,YAAY,GAAG,IAAA,eAAO,EAC1B,GAAG,EAAE,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,EAChD,CAAC,cAAc,CAAC,CACjB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAA,eAAO,EAClB,GAAG,EAAE,CACH,IAAI,8BAAoB,CAAC;QACvB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC,OAAO,IAAI,IAAA,oBAAa,GAAE;KAC7C,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,CACnC,CAAC;IAEF,MAAM,MAAM,GAAG,IAAA,eAAO,EACpB,GAAG,EAAE,CACH,IAAI,kCAAsB,CAAC;QACzB,SAAS;QACT,cAAc,EAAE,YAAY;QAC5B,YAAY,EAAE,GAAG,EAAE,CAAC,SAAS,IAAI,IAAA,mBAAY,GAAE;KAChD,CAAC,EACJ,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,CAAC,CACrC,CAAC;IAEF,MAAM,aAAa,GAAG,IAAA,eAAO,EAAC,GAAG,EAAE,CAAC,KAAK,IAAI,IAAI,6BAAW,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,IAAA,eAAO,EAAC,GAAG,EAAE,CAAC,IAAI,oCAAoB,CAAC,aAAa,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;IAErF,yFAAyF;IACzF,6FAA6F;IAC7F,+EAA+E;IAC/E,MAAM,UAAU,GAAG,IAAA,cAAM,EAAC,IAAI,GAAG,EAAuB,CAAC,CAAC;IAE1D,MAAM,YAAY,GAAG,IAAA,mBAAW,EAC9B,KAAK,EAAE,cAAsB,EAA+B,EAAE;QAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACtD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QACxD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACpD,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,OAAO,MAAM,CAAC;IAChB,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,aAAa,GAAG,IAAA,mBAAW,EAC/B,KAAK,EAAE,cAAsB,EAAE,MAAmB,EAAiB,EAAE;QACnE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACnC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEb,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC,EAC9E,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,CAAC,CACrE,CAAC;IAEF,OAAO,uBAAC,iBAAiB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA8B,CAAC;AAC3F,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa;IAC3B,MAAM,GAAG,GAAG,IAAA,kBAAU,EAAC,iBAAiB,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/cjs/contract/index.js

@@ -1,12 +1,12 @@
 "use strict";
-// Secure-chat wire contract — stand-in for @agora/contract (the Apache-2.0 server contract).
+// Secure-chat wire contract — stand-in for @agora-server/contract (the Apache-2.0 server contract).
 //
 // Mirrors the response models + request bodies of agora-server's
 // `packages/contract/src/secure-chat.ts`. That package is the source of truth (zod + TS); the
 // client only needs the TypeScript shapes, so this copy is types-only.
 //
 // ⚠️ Keep this byte-faithful to the server contract. The arrow is SDK → contract: once
-// `@agora/contract` is published, DELETE this file and `import type { ... } from "@agora/contract"`.
+// `@agora-server/contract` is published, DELETE this file and `import type { ... } from "@agora-server/contract"`.
 // Do NOT publish a separate `@agora-sdk/secure-chat-contract` (that would invert the dependency —
 // see STATUS.md). Do not let this copy drift in the meantime.
 //

package/dist/cjs/contract/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":";AAAA,6FAA6F;AAC7F,EAAE;AACF,iEAAiE;AACjE,8FAA8F;AAC9F,uEAAuE;AACvE,EAAE;AACF,uFAAuF;AACvF,qGAAqG;AACrG,kGAAkG;AAClG,8DAA8D;AAC9D,EAAE;AACF,gGAAgG;AAChG,0FAA0F"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":";AAAA,oGAAoG;AACpG,EAAE;AACF,iEAAiE;AACjE,8FAA8F;AAC9F,uEAAuE;AACvE,EAAE;AACF,uFAAuF;AACvF,mHAAmH;AACnH,kGAAkG;AAClG,8DAA8D;AAC9D,EAAE;AACF,gGAAgG;AAChG,0FAA0F"}

package/dist/cjs/hooks/useSecureConversations.d.ts

@@ -1,4 +1,4 @@
-import { SecureConversationModel } from "../contract";
+import { SecureConversationModel } from "../contract/index.js";
 /** The state and actions returned by {@link useSecureConversations}. */
 export interface UseSecureConversationsValues {
     /** The loaded conversations, newest activity first. */

package/dist/cjs/hooks/useSecureConversations.js

@@ -7,8 +7,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useSecureConversations = useSecureConversations;
 const react_1 = require("react");
-const base64_1 = require("../util/base64");
-const secure_chat_context_1 = require("../context/secure-chat-context");
+const base64_js_1 = require("../util/base64.js");
+const secure_chat_context_js_1 = require("../context/secure-chat-context.js");
 /**
  * List the caller's secure conversations and start new direct messages.
  *
@@ -26,7 +26,7 @@ const secure_chat_context_1 = require("../context/secure-chat-context");
  * ```
  */
 function useSecureConversations() {
-    const { rest, crypto, socket } = (0, secure_chat_context_1.useSecureChat)();
+    const { rest, crypto, socket, rememberGroup } = (0, secure_chat_context_js_1.useSecureChat)();
     const [conversations, setConversations] = (0, react_1.useState)([]);
     const [cursor, setCursor] = (0, react_1.useState)(undefined);
     const [hasMore, setHasMore] = (0, react_1.useState)(true);
@@ -69,24 +69,26 @@ function useSecureConversations() {
         }
         const initialMembers = await Promise.all(peerDevices.map(async (d) => {
             const claim = await rest.claimKeyPackage(d.id);
-            return { deviceId: d.id, keyPackage: (0, base64_1.fromBase64)(claim.keyPackage) };
+            return { deviceId: d.id, keyPackage: (0, base64_js_1.fromBase64)(claim.keyPackage) };
         }));
         // 2. Create the MLS group locally; the crypto layer holds the secrets.
         const { group, welcomes } = await crypto.createGroup({ initialMembers });
         // 3. Register the conversation on the blind DS, relaying the targeted Welcomes.
         const conversation = await rest.createConversation({
             type: "dm",
-            mlsGroupId: (0, base64_1.toBase64)(group.mlsGroupId),
+            mlsGroupId: (0, base64_js_1.toBase64)(group.mlsGroupId),
             memberUserIds: [peerUserId],
             welcomes: welcomes.map((w) => ({
                 targetDeviceId: w.targetDeviceId,
-                payload: (0, base64_1.toBase64)(w.payload),
+                payload: (0, base64_js_1.toBase64)(w.payload),
                 epoch: group.epoch.toString(),
             })),
         });
+        // Persist + cache the creator's MLS group handle so messages resolve after a reload.
+        await rememberGroup(conversation.id, group);
         setConversations((prev) => [conversation, ...prev.filter((c) => c.id !== conversation.id)]);
         return conversation;
-    }, [rest, crypto]);
+    }, [rest, crypto, rememberGroup]);
     (0, react_1.useEffect)(() => {
         refresh();
         // eslint-disable-next-line react-hooks/exhaustive-deps

package/dist/cjs/hooks/useSecureConversations.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSecureConversations.js","sourceRoot":"","sources":["../../../src/hooks/useSecureConversations.tsx"],"names":[],"mappings":";AAAA,qFAAqF;AACrF,EAAE;AACF,iGAAiG;AACjG,oGAAoG;AACpG,0DAA0D;;AAyC1D,wDAgGC;AAvID,iCAAyD;AAEzD,2CAAsD;AACtD,wEAA+D;AAoB/D;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,sBAAsB;IACpC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,mCAAa,GAAE,CAAC;IAEjD,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,IAAA,gBAAQ,EAA4B,EAAE,CAAC,CAAC;IAClF,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAAqB,SAAS,CAAC,CAAC;IACpE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAElD,MAAM,IAAI,GAAG,IAAA,mBAAW,EACtB,KAAK,EAAE,KAAc,EAAE,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC;gBACxC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBAClC,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC/D,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAChE,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC9F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,SAAS,CAAC,SAAS,CAAC,CAAC;QACrB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEX,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,wBAAwB,GAAG,IAAA,mBAAW,EAC1C,KAAK,EAAE,UAAkB,EAAoC,EAAE;QAC7D,6EAA6E;QAC7E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/C,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,UAAU,EAAE,IAAA,mBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QACtE,CAAC,CAAC,CACH,CAAC;QAEF,uEAAuE;QACvE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QAEzE,gFAAgF;QAChF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACjD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAA,iBAAQ,EAAC,KAAK,CAAC,UAAU,CAAC;YACtC,aAAa,EAAE,CAAC,UAAU,CAAC;YAC3B,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC7B,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,IAAA,iBAAQ,EAAC,CAAC,CAAC,OAAO,CAAC;gBAC5B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;aAC9B,CAAC,CAAC;SACJ,CAAC,CAAC;QAEH,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5F,OAAO,YAAY,CAAC;IACtB,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QACV,uDAAuD;IACzD,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,wEAAwE;IACxE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YACvD,OAAO,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YACnD,OAAO,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,SAAS,EAAE,CAAC;YACZ,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEtB,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AACjG,CAAC"}
+{"version":3,"file":"useSecureConversations.js","sourceRoot":"","sources":["../../../src/hooks/useSecureConversations.tsx"],"names":[],"mappings":";AAAA,qFAAqF;AACrF,EAAE;AACF,iGAAiG;AACjG,oGAAoG;AACpG,0DAA0D;;AAyC1D,wDAmGC;AA1ID,iCAAyD;AAEzD,iDAAyD;AACzD,8EAAkE;AAoBlE;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,sBAAsB;IACpC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,IAAA,sCAAa,GAAE,CAAC;IAEhE,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC,GAAG,IAAA,gBAAQ,EAA4B,EAAE,CAAC,CAAC;IAClF,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAAqB,SAAS,CAAC,CAAC;IACpE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAElD,MAAM,IAAI,GAAG,IAAA,mBAAW,EACtB,KAAK,EAAE,KAAc,EAAE,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC;gBACxC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBAClC,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC/D,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAChE,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC9F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,CAAC,CACf,CAAC;IAEF,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,SAAS,CAAC,SAAS,CAAC,CAAC;QACrB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEX,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,wBAAwB,GAAG,IAAA,mBAAW,EAC1C,KAAK,EAAE,UAAkB,EAAoC,EAAE;QAC7D,6EAA6E;QAC7E,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/C,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,UAAU,EAAE,IAAA,sBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QACtE,CAAC,CAAC,CACH,CAAC;QAEF,uEAAuE;QACvE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;QAEzE,gFAAgF;QAChF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;YACjD,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAA,oBAAQ,EAAC,KAAK,CAAC,UAAU,CAAC;YACtC,aAAa,EAAE,CAAC,UAAU,CAAC;YAC3B,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC7B,cAAc,EAAE,CAAC,CAAC,cAAc;gBAChC,OAAO,EAAE,IAAA,oBAAQ,EAAC,CAAC,CAAC,OAAO,CAAC;gBAC5B,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;aAC9B,CAAC,CAAC;SACJ,CAAC,CAAC;QAEH,qFAAqF;QACrF,MAAM,aAAa,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAE5C,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5F,OAAO,YAAY,CAAC;IACtB,CAAC,EACD,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,CAAC,CAC9B,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QACV,uDAAuD;IACzD,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,wEAAwE;IACxE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YACvD,OAAO,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YACnD,OAAO,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,SAAS,EAAE,CAAC;YACZ,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEtB,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;AACjG,CAAC"}

package/dist/cjs/hooks/useSecureDevice.d.ts

@@ -1,7 +1,8 @@
-import { SecureDeviceModel } from "../contract";
+import { SecureDeviceModel } from "../contract/index.js";
 /** Options for {@link useSecureDevice}. */
 export interface UseSecureDeviceOptions {
-    /** Stable, persisted client device id. Generated if omitted (persist it in the platform layer). */
+    /** Stable, persisted client device id. Generated (and persisted) if omitted. A previously
+     *  persisted device's id takes precedence over this value when one exists on mount. */
     deviceId?: string;
     /** MLS ciphersuite to register under. Defaults to the crypto implementation's preferred suite. */
     ciphersuite?: number;
@@ -14,13 +15,15 @@ export interface UseSecureDeviceOptions {
 export interface UseSecureDeviceValues {
     /** The registered device row (its `.id` is the uuid used as targetDeviceId everywhere). */
     device: SecureDeviceModel | null;
+    /** True until the initial persisted-device load settles. */
+    loading: boolean;
     /** True while {@link UseSecureDeviceValues.register} is in flight. */
     registering: boolean;
-    /** The last error thrown by registration or replenishment, or `null`. */
+    /** The last error thrown by load, registration, or replenishment, or `null`. */
     error: unknown;
     /** Last known count of unconsumed KeyPackages, or `null` until refreshed. */
     keyPackagesAvailable: number | null;
-    /** Generate identity + register (idempotent server-side on (userId, deviceId)). */
+    /** Generate identity + register (idempotent server-side on (userId, deviceId)) and persist it. */
     register: () => Promise<SecureDeviceModel>;
     /** Generate + publish `count` fresh KeyPackages (default = keyPackageTarget). */
     publishKeyPackages: (count?: number) => Promise<number>;
@@ -28,20 +31,18 @@ export interface UseSecureDeviceValues {
     refreshKeyPackageCount: () => Promise<number>;
 }
 /**
- * Register this client as an MLS device (one device = one leaf) and keep its KeyPackages stocked.
+ * Register this client as an MLS device, persist its identity, and keep KeyPackages stocked.
  *
- * On {@link UseSecureDeviceValues.register} it generates a device identity, POSTs it to `/devices`,
- * and (when `autoReplenish` is on) republishes KeyPackages whenever the server emits
- * `secure:key-packages-low` for this device. The device's private key material must be persisted by
- * the platform layer — this hook only handles registration and relay.
+ * On mount it loads any persisted device and re-hydrates the crypto identity (stable id, no
+ * re-register). When none exists, await {@link UseSecureDeviceValues.register}.
  *
- * @param options - {@link UseSecureDeviceOptions} — device id, ciphersuite, and replenishment tuning.
- * @returns {@link UseSecureDeviceValues} — the device row, status flags, and register/publish actions.
+ * @param options - {@link UseSecureDeviceOptions}.
+ * @returns {@link UseSecureDeviceValues}.
  *
  * @example
  * ```tsx
- * const { device, register } = useSecureDevice({ keyPackageTarget: 20 });
- * useEffect(() => { register(); }, []);
+ * const { device, loading, register } = useSecureDevice();
+ * useEffect(() => { if (!loading && !device) register(); }, [loading, device, register]);
  * ```
  */
 export declare function useSecureDevice(options?: UseSecureDeviceOptions): UseSecureDeviceValues;

package/dist/cjs/hooks/useSecureDevice.js

@@ -1,20 +1,18 @@
 "use strict";
-// useSecureDevice — register this client as an MLS device (leaf) and keep its KeyPackages topped up.
+// useSecureDevice — register this client as an MLS device (leaf), persist its identity, and keep its
+// KeyPackages topped up.
 //
-// Flow (server spec §14): generateDeviceIdentity → POST /devices → publish a batch of KeyPackages;
-// replenish on the `secure:key-packages-low` realtime signal or via the count endpoint.
-//
-// NOTE: the device's PRIVATE state (`privateState` from generateDeviceIdentity, and MLS group
-// state) must be persisted by the platform layer (IndexedDB on web, keystore on native — Phase 2/3).
-// Core only performs registration + relay; it does not persist secrets.
+// On mount it re-hydrates a persisted device (stable deviceId + private state via
+// crypto.importDeviceState) so a reload does NOT mint a new identity. register() generates, registers
+// on the server, and persists. Replenishes on the `secure:key-packages-low` realtime signal.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useSecureDevice = useSecureDevice;
 const react_1 = require("react");
-const base64_1 = require("../util/base64");
-const secure_chat_context_1 = require("../context/secure-chat-context");
+const base64_js_1 = require("../util/base64.js");
+const secure_chat_context_js_1 = require("../context/secure-chat-context.js");
 /**
  * Mint a device id when the caller doesn't supply one — `crypto.randomUUID()` when available, else a
- * non-cryptographic timestamp+random fallback. The platform layer should supply a persisted id.
+ * non-cryptographic timestamp+random fallback.
  *
  * @returns A fresh device id string.
  */
@@ -22,34 +20,64 @@ function newDeviceId() {
     const g = globalThis.crypto;
     if (g?.randomUUID)
         return g.randomUUID();
-    // Platform layer should supply a persisted, stable device id; this is a non-crypto fallback.
     return `dev-${Date.now().toString(36)}-${Math.floor(Math.random() * 1e9).toString(36)}`;
 }
 /**
- * Register this client as an MLS device (one device = one leaf) and keep its KeyPackages stocked.
+ * Register this client as an MLS device, persist its identity, and keep KeyPackages stocked.
  *
- * On {@link UseSecureDeviceValues.register} it generates a device identity, POSTs it to `/devices`,
- * and (when `autoReplenish` is on) republishes KeyPackages whenever the server emits
- * `secure:key-packages-low` for this device. The device's private key material must be persisted by
- * the platform layer — this hook only handles registration and relay.
+ * On mount it loads any persisted device and re-hydrates the crypto identity (stable id, no
+ * re-register). When none exists, await {@link UseSecureDeviceValues.register}.
  *
- * @param options - {@link UseSecureDeviceOptions} — device id, ciphersuite, and replenishment tuning.
- * @returns {@link UseSecureDeviceValues} — the device row, status flags, and register/publish actions.
+ * @param options - {@link UseSecureDeviceOptions}.
+ * @returns {@link UseSecureDeviceValues}.
  *
  * @example
  * ```tsx
- * const { device, register } = useSecureDevice({ keyPackageTarget: 20 });
- * useEffect(() => { register(); }, []);
+ * const { device, loading, register } = useSecureDevice();
+ * useEffect(() => { if (!loading && !device) register(); }, [loading, device, register]);
  * ```
  */
 function useSecureDevice(options = {}) {
-    const { crypto, rest, socket } = (0, secure_chat_context_1.useSecureChat)();
+    const { crypto, rest, socket, repo } = (0, secure_chat_context_js_1.useSecureChat)();
     const { ciphersuite, keyPackageTarget = 20, autoReplenish = true } = options;
     const [device, setDevice] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(true);
     const [registering, setRegistering] = (0, react_1.useState)(false);
     const [error, setError] = (0, react_1.useState)(null);
     const [keyPackagesAvailable, setKeyPackagesAvailable] = (0, react_1.useState)(null);
     const deviceIdRef = (0, react_1.useRef)(options.deviceId ?? newDeviceId());
+    const registerStartedRef = (0, react_1.useRef)(false);
+    // On mount: re-hydrate a persisted device (stable id + private state). No persisted device ⇒
+    // first-run; the app calls register().
+    (0, react_1.useEffect)(() => {
+        let alive = true;
+        (async () => {
+            const persisted = await repo.loadDevice();
+            if (!alive || registerStartedRef.current) {
+                setLoading(false);
+                return;
+            }
+            if (persisted) {
+                await crypto.importDeviceState(persisted.deviceState);
+                // register() may have started during the await — don't overwrite its identity.
+                if (!alive || registerStartedRef.current) {
+                    setLoading(false);
+                    return;
+                }
+                deviceIdRef.current = persisted.deviceId;
+                setDevice(persisted.device);
+            }
+            setLoading(false);
+        })().catch((err) => {
+            if (!alive)
+                return;
+            setError(err);
+            setLoading(false);
+        });
+        return () => {
+            alive = false;
+        };
+    }, [repo, crypto]);
     const publishKeyPackages = (0, react_1.useCallback)(async (count = keyPackageTarget) => {
         if (!device)
             throw new Error("Register the device before publishing KeyPackages.");
@@ -57,7 +85,7 @@ function useSecureDevice(options = {}) {
         const published = await rest.publishKeyPackages(device.id, {
             keyPackages: bundles.map((b) => ({
                 keyPackageRef: b.keyPackageRef,
-                keyPackage: (0, base64_1.toBase64)(b.keyPackage),
+                keyPackage: (0, base64_js_1.toBase64)(b.keyPackage),
                 ciphersuite: b.ciphersuite,
                 expiresAt: b.expiresAt,
             })),
@@ -72,6 +100,7 @@ function useSecureDevice(options = {}) {
         return available;
     }, [rest, device]);
     const register = (0, react_1.useCallback)(async () => {
+        registerStartedRef.current = true;
         setRegistering(true);
         setError(null);
         try {
@@ -81,10 +110,13 @@ function useSecureDevice(options = {}) {
             });
             const registered = await rest.registerDevice({
                 deviceId: identity.deviceId,
-                signaturePublicKey: (0, base64_1.toBase64)(identity.signaturePublicKey),
-                credential: (0, base64_1.toBase64)(identity.credential),
+                signaturePublicKey: (0, base64_js_1.toBase64)(identity.signaturePublicKey),
+                credential: (0, base64_js_1.toBase64)(identity.credential),
                 ciphersuite: identity.ciphersuite,
             });
+            const deviceState = await crypto.exportDeviceState();
+            await repo.saveDevice({ deviceId: identity.deviceId, deviceState, device: registered });
+            deviceIdRef.current = identity.deviceId;
             setDevice(registered);
             return registered;
         }
@@ -95,7 +127,7 @@ function useSecureDevice(options = {}) {
         finally {
             setRegistering(false);
         }
-    }, [crypto, rest, ciphersuite]);
+    }, [crypto, rest, repo, ciphersuite]);
     // Auto-replenish on the server's low-water signal for this device.
     (0, react_1.useEffect)(() => {
         if (!autoReplenish || !device)
@@ -109,6 +141,7 @@ function useSecureDevice(options = {}) {
     }, [autoReplenish, device, socket, publishKeyPackages]);
     return {
         device,
+        loading,
         registering,
         error,
         keyPackagesAvailable,

package/dist/cjs/hooks/useSecureDevice.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSecureDevice.js","sourceRoot":"","sources":["../../../src/hooks/useSecureDevice.tsx"],"names":[],"mappings":";AAAA,qGAAqG;AACrG,EAAE;AACF,mGAAmG;AACnG,wFAAwF;AACxF,EAAE;AACF,8FAA8F;AAC9F,qGAAqG;AACrG,wEAAwE;;AAmExE,0CA8EC;AA/ID,iCAAiE;AAEjE,2CAA0C;AAC1C,wEAA+D;AAE/D;;;;;GAKG;AACH,SAAS,WAAW;IAClB,MAAM,CAAC,GAAI,UAAyD,CAAC,MAAM,CAAC;IAC5E,IAAI,CAAC,EAAE,UAAU;QAAE,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC;IACzC,6FAA6F;IAC7F,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AAC1F,CAAC;AAgCD;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,eAAe,CAAC,UAAkC,EAAE;IAClE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAA,mCAAa,GAAE,CAAC;IACjD,MAAM,EAAE,WAAW,EAAE,gBAAgB,GAAG,EAAE,EAAE,aAAa,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE7E,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAA2B,IAAI,CAAC,CAAC;IACrE,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACtD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAEtF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAS,OAAO,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC,CAAC;IAEtE,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EACpC,KAAK,EAAE,QAAgB,gBAAgB,EAAmB,EAAE;QAC1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACzD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,UAAU,EAAE,IAAA,iBAAQ,EAAC,CAAC,CAAC,UAAU,CAAC;gBAClC,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACzC,CAAC;IAEF,MAAM,sBAAsB,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAqB,EAAE;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAgC,EAAE;QAClE,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC;gBACvD,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,WAAW;aACZ,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,kBAAkB,EAAE,IAAA,iBAAQ,EAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzD,UAAU,EAAE,IAAA,iBAAQ,EAAC,QAAQ,CAAC,UAAU,CAAC;gBACzC,WAAW,EAAE,QAAQ,CAAC,WAAW;aAClC,CAAC,CAAC;YACH,SAAS,CAAC,UAAU,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAEhC,mEAAmE;IACnE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM;YAAE,OAAO;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,yBAAyB,EAAE,CAAC,MAAM,EAAE,EAAE;YAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE;gBAAE,OAAO;YAC1C,kBAAkB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAExD,OAAO;QACL,MAAM;QACN,WAAW;QACX,KAAK;QACL,oBAAoB;QACpB,QAAQ;QACR,kBAAkB;QAClB,sBAAsB;KACvB,CAAC;AACJ,CAAC"}
+{"version":3,"file":"useSecureDevice.js","sourceRoot":"","sources":["../../../src/hooks/useSecureDevice.tsx"],"names":[],"mappings":";AAAA,qGAAqG;AACrG,yBAAyB;AACzB,EAAE;AACF,kFAAkF;AAClF,sGAAsG;AACtG,6FAA6F;;AAmE7F,0CAoHC;AArLD,iCAAiE;AAEjE,iDAA6C;AAC7C,8EAAkE;AAElE;;;;;GAKG;AACH,SAAS,WAAW;IAClB,MAAM,CAAC,GAAI,UAAyD,CAAC,MAAM,CAAC;IAC5E,IAAI,CAAC,EAAE,UAAU;QAAE,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC;IACzC,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;AAC1F,CAAC;AAmCD;;;;;;;;;;;;;;GAcG;AACH,SAAgB,eAAe,CAAC,UAAkC,EAAE;IAClE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,sCAAa,GAAE,CAAC;IACvD,MAAM,EAAE,WAAW,EAAE,gBAAgB,GAAG,EAAE,EAAE,aAAa,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE7E,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAA2B,IAAI,CAAC,CAAC;IACrE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IACtD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,GAAG,IAAA,gBAAQ,EAAgB,IAAI,CAAC,CAAC;IAEtF,MAAM,WAAW,GAAG,IAAA,cAAM,EAAS,OAAO,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC,CAAC;IACtE,MAAM,kBAAkB,GAAG,IAAA,cAAM,EAAC,KAAK,CAAC,CAAC;IAEzC,6FAA6F;IAC7F,uCAAuC;IACvC,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,CAAC,KAAK,IAAI,EAAE;YACV,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;gBAClB,OAAO;YACT,CAAC;YACD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBACtD,+EAA+E;gBAC/E,IAAI,CAAC,KAAK,IAAI,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBACzC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAClB,OAAO;gBACT,CAAC;gBACD,WAAW,CAAC,OAAO,GAAG,SAAS,CAAC,QAAQ,CAAC;gBACzC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAC9B,CAAC;YACD,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,IAAI,CAAC,KAAK;gBAAE,OAAO;YACnB,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EACpC,KAAK,EAAE,QAAgB,gBAAgB,EAAmB,EAAE;QAC1D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACnF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACzD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,aAAa,EAAE,CAAC,CAAC,aAAa;gBAC9B,UAAU,EAAE,IAAA,oBAAQ,EAAC,CAAC,CAAC,UAAU,CAAC;gBAClC,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;aACvB,CAAC,CAAC;SACJ,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,CAAC,CACzC,CAAC;IAEF,MAAM,sBAAsB,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAqB,EAAE;QACrE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACtF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,uBAAuB,CAAC,SAAS,CAAC,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAgC,EAAE;QAClE,kBAAkB,CAAC,OAAO,GAAG,IAAI,CAAC;QAClC,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC;gBACvD,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,WAAW;aACZ,CAAC,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBAC3C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,kBAAkB,EAAE,IAAA,oBAAQ,EAAC,QAAQ,CAAC,kBAAkB,CAAC;gBACzD,UAAU,EAAE,IAAA,oBAAQ,EAAC,QAAQ,CAAC,UAAU,CAAC;gBACzC,WAAW,EAAE,QAAQ,CAAC,WAAW;aAClC,CAAC,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACrD,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YACxF,WAAW,CAAC,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACxC,SAAS,CAAC,UAAU,CAAC,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;YACd,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,cAAc,CAAC,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;IAEtC,mEAAmE;IACnE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,aAAa,IAAI,CAAC,MAAM;YAAE,OAAO;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,yBAAyB,EAAE,CAAC,MAAM,EAAE,EAAE;YAC1D,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE;gBAAE,OAAO;YAC1C,kBAAkB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAExD,OAAO;QACL,MAAM;QACN,OAAO;QACP,WAAW;QACX,KAAK;QACL,oBAAoB;QACpB,QAAQ;QACR,kBAAkB;QAClB,sBAAsB;KACvB,CAAC;AACJ,CAAC"}

package/dist/cjs/hooks/useSecureMessages.d.ts

@@ -1,4 +1,4 @@
-import { SecureMessageModel } from "../contract";
+import { SecureMessageModel } from "../contract/index.js";
 import { GroupHandle } from "@agora-sdk/secure-chat-crypto";
 /** A stored message paired with its decrypted text (when a group handle is available). */
 export interface DecryptedSecureMessage {
@@ -9,9 +9,9 @@ export interface DecryptedSecureMessage {
 }
 /** Options for {@link useSecureMessages}. */
 export interface UseSecureMessagesOptions {
-    /** The MLS group handle for this conversation (from the platform persistence layer). */
+    /** Override the MLS group handle. Defaults to the persisted handle via `resolveGroup`. */
     group?: GroupHandle;
-    /** The caller's device row id — required to send (the server verifies it belongs to the caller). */
+    /** Override the sender device row id. Defaults to the persisted device's `.id`. */
     senderDeviceId?: string;
 }
 /** The state and actions returned by {@link useSecureMessages}. */
@@ -28,24 +28,23 @@ export interface UseSecureMessagesValues {
     loadMore: () => Promise<void>;
     /** Reload from the newest message, replacing the current list. */
     refresh: () => Promise<void>;
-    /** Encrypt + send a text message. Requires `group` + `senderDeviceId`. */
+    /** Encrypt + send a text message. Requires a resolvable group + sender device. */
     sendMessage: (text: string) => Promise<void>;
 }
 /**
  * Load, decrypt, send, and live-receive messages in one secure conversation.
  *
- * Decryption runs through the injected `SecureChatCrypto` against the conversation's MLS
- * `GroupHandle`. Without a `group` in `options`, ciphertext is still listed and received (as
- * `plaintext: null`) and sending is disabled — letting the transport work ahead of the crypto
- * wiring. Joins the conversation's socket room to receive `secure:message` events live.
+ * Auto-resolves the MLS group handle (via `resolveGroup`) and the sender device id (from the
+ * persisted device) unless overridden in `options`. Joins the conversation socket room for live
+ * `secure:message` events.
  *
  * @param conversationId - The conversation to read and send within.
- * @param options - {@link UseSecureMessagesOptions} — the MLS `group` handle and `senderDeviceId`.
- * @returns {@link UseSecureMessagesValues} — the message list, paging state, and `sendMessage`.
+ * @param options - {@link UseSecureMessagesOptions}.
+ * @returns {@link UseSecureMessagesValues}.
  *
  * @example
  * ```tsx
- * const { messages, sendMessage } = useSecureMessages(conversationId, { group, senderDeviceId });
+ * const { messages, sendMessage } = useSecureMessages(conversationId);
  * await sendMessage("hello 💜");
  * ```
  */