@agora-sdk/secure-chat-core 0.1.0 → 0.2.0

package/dist/cjs/hooks/useSecureMessages.js

@@ -1,48 +1,95 @@
 "use strict";
 // useSecureMessages — load, decrypt, send, and live-receive messages in a secure conversation.
 //
-// Encryption/decryption runs through the injected `SecureChatCrypto` against the conversation's MLS
-// `GroupHandle`. Resolving conversationId → GroupHandle is owned by the platform persistence layer
-// (Phase 2: IndexedDB group state via processWelcome/importGroupState), so the caller passes the
-// handle in. Without it, ciphertext is still listed/received but left undecrypted (`plaintext: null`)
-// and sending is disabled — keeping the transport usable ahead of the crypto wiring.
+// Self-sufficient once a store is wired: the MLS GroupHandle is auto-resolved from persistence via
+// resolveGroup, and senderDeviceId is read from the persisted device. Both stay overridable through
+// options for advanced use. Without a resolvable handle, ciphertext is still listed/received
+// (plaintext: null) and sending is disabled.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useSecureMessages = useSecureMessages;
 const react_1 = require("react");
-const base64_1 = require("../util/base64");
-const secure_chat_context_1 = require("../context/secure-chat-context");
+const base64_js_1 = require("../util/base64.js");
+const secure_chat_context_js_1 = require("../context/secure-chat-context.js");
 /**
  * Load, decrypt, send, and live-receive messages in one secure conversation.
  *
- * Decryption runs through the injected `SecureChatCrypto` against the conversation's MLS
- * `GroupHandle`. Without a `group` in `options`, ciphertext is still listed and received (as
- * `plaintext: null`) and sending is disabled — letting the transport work ahead of the crypto
- * wiring. Joins the conversation's socket room to receive `secure:message` events live.
+ * Auto-resolves the MLS group handle (via `resolveGroup`) and the sender device id (from the
+ * persisted device) unless overridden in `options`. Joins the conversation socket room for live
+ * `secure:message` events.
  *
  * @param conversationId - The conversation to read and send within.
- * @param options - {@link UseSecureMessagesOptions} — the MLS `group` handle and `senderDeviceId`.
- * @returns {@link UseSecureMessagesValues} — the message list, paging state, and `sendMessage`.
+ * @param options - {@link UseSecureMessagesOptions}.
+ * @returns {@link UseSecureMessagesValues}.
  *
  * @example
  * ```tsx
- * const { messages, sendMessage } = useSecureMessages(conversationId, { group, senderDeviceId });
+ * const { messages, sendMessage } = useSecureMessages(conversationId);
  * await sendMessage("hello 💜");
  * ```
  */
 function useSecureMessages(conversationId, options = {}) {
-    const { rest, crypto, socket } = (0, secure_chat_context_1.useSecureChat)();
-    const { group, senderDeviceId } = options;
+    const { rest, crypto, socket, repo, resolveGroup } = (0, secure_chat_context_js_1.useSecureChat)();
     const [messages, setMessages] = (0, react_1.useState)([]);
     const [before, setBefore] = (0, react_1.useState)(undefined);
     const [hasMore, setHasMore] = (0, react_1.useState)(true);
     const [loading, setLoading] = (0, react_1.useState)(false);
     const [error, setError] = (0, react_1.useState)(null);
+    const [group, setGroup] = (0, react_1.useState)(options.group ?? null);
+    const [senderDeviceId, setSenderDeviceId] = (0, react_1.useState)(options.senderDeviceId);
+    // Latest messages, read by the "decrypt history once the group resolves" effect below without
+    // making `messages` one of its deps (which would loop).
+    const messagesRef = (0, react_1.useRef)(messages);
+    messagesRef.current = messages;
+    // Resolve the group handle: explicit override, else persisted state.
+    (0, react_1.useEffect)(() => {
+        if (options.group) {
+            setGroup(options.group);
+            return;
+        }
+        // Clear any stale handle from the previous conversation before re-resolving, so live messages
+        // for the new conversation never decrypt against the old group during the async window.
+        setGroup(null);
+        let alive = true;
+        resolveGroup(conversationId)
+            .then((g) => {
+            if (alive)
+                setGroup(g);
+        })
+            .catch(() => {
+            if (alive)
+                setGroup(null);
+        });
+        return () => {
+            alive = false;
+        };
+    }, [options.group, conversationId, resolveGroup]);
+    // Resolve the sender device id: explicit override, else persisted device row.
+    (0, react_1.useEffect)(() => {
+        if (options.senderDeviceId) {
+            setSenderDeviceId(options.senderDeviceId);
+            return;
+        }
+        let alive = true;
+        repo
+            .loadDevice()
+            .then((d) => {
+            if (alive)
+                setSenderDeviceId(d?.device?.id ?? undefined);
+        })
+            .catch(() => {
+            if (alive)
+                setSenderDeviceId(undefined);
+        });
+        return () => {
+            alive = false;
+        };
+    }, [options.senderDeviceId, repo]);
     const decrypt = (0, react_1.useCallback)(async (model) => {
         if (!group)
             return { model, plaintext: null };
         try {
-            const { plaintext } = await crypto.decryptMessage(group, (0, base64_1.fromBase64)(model.ciphertext));
-            return { model, plaintext: (0, base64_1.bytesToUtf8)(plaintext) };
+            const { plaintext } = await crypto.decryptMessage(group, (0, base64_js_1.fromBase64)(model.ciphertext));
+            return { model, plaintext: (0, base64_js_1.bytesToUtf8)(plaintext) };
         }
         catch {
             // Buffer/skip: epoch not yet reached, or undecryptable. Surface ciphertext without text.
@@ -81,13 +128,16 @@ function useSecureMessages(conversationId, options = {}) {
         await load(false);
     }, [hasMore, loading, load]);
     const sendMessage = (0, react_1.useCallback)(async (text) => {
+        // Assumes the crypto identity is already hydrated (mount `useSecureDevice` under the same
+        // provider): the crypto layer tags the sender from the restored device identity, so after a
+        // reload the first send must wait for useSecureDevice's importDeviceState to complete.
         if (!group)
             throw new Error("Cannot send: no MLS group handle for this conversation.");
         if (!senderDeviceId)
             throw new Error("Cannot send: senderDeviceId is required.");
-        const { ciphertext, epoch } = await crypto.encryptMessage(group, (0, base64_1.utf8ToBytes)(text));
+        const { ciphertext, epoch } = await crypto.encryptMessage(group, (0, base64_js_1.utf8ToBytes)(text));
         const sent = await rest.sendMessage(conversationId, {
-            ciphertext: (0, base64_1.toBase64)(ciphertext),
+            ciphertext: (0, base64_js_1.toBase64)(ciphertext),
             epoch: epoch.toString(),
             senderDeviceId,
         });
@@ -98,13 +148,31 @@ function useSecureMessages(conversationId, options = {}) {
         refresh();
         // eslint-disable-next-line react-hooks/exhaustive-deps
     }, [conversationId]);
+    // Decrypt history that was listed before the group handle resolved. On reload, the first page loads
+    // while resolveGroup is still in flight, so those rows come back `plaintext: null`; once the handle
+    // arrives (decrypt is recreated with it), re-decrypt the still-undecrypted rows in place — no
+    // re-fetch, scroll/pagination preserved.
+    (0, react_1.useEffect)(() => {
+        if (!group)
+            return;
+        if (!messagesRef.current.some((m) => m.plaintext === null))
+            return;
+        let alive = true;
+        Promise.all(messagesRef.current.map((m) => (m.plaintext === null ? decrypt(m.model) : Promise.resolve(m)))).then((next) => {
+            if (alive)
+                setMessages(next);
+        });
+        return () => {
+            alive = false;
+        };
+    }, [group, decrypt]);
     // Live receive: join the conversation room and decrypt inbound ciphertext.
     (0, react_1.useEffect)(() => {
         socket.joinConversation(conversationId);
         const off = socket.on("secure:message", (model) => {
             if (model.conversationId !== conversationId)
                 return;
-            decrypt(model).then((m) => setMessages((prev) => prev.some((p) => p.model.id === m.model.id) ? prev : [m, ...prev]));
+            decrypt(model).then((m) => setMessages((prev) => (prev.some((p) => p.model.id === m.model.id) ? prev : [m, ...prev])));
         });
         return off;
     }, [socket, conversationId, decrypt]);

package/dist/cjs/hooks/useSecureMessages.js.map

@@ -1 +1 @@
-{"version":3,"file":"useSecureMessages.js","sourceRoot":"","sources":["../../../src/hooks/useSecureMessages.tsx"],"names":[],"mappings":";AAAA,+FAA+F;AAC/F,EAAE;AACF,oGAAoG;AACpG,mGAAmG;AACnG,iGAAiG;AACjG,sGAAsG;AACtG,qFAAqF;;AA4DrF,8CAiGC;AA3JD,iCAAyD;AAGzD,2CAAgF;AAChF,wEAA+D;AAoC/D;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,iBAAiB,CAC/B,cAAsB,EACtB,UAAoC,EAAE;IAEtC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,mCAAa,GAAE,CAAC;IACjD,MAAM,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE1C,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAA,gBAAQ,EAA2B,EAAE,CAAC,CAAC;IACvE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAAqB,SAAS,CAAC,CAAC;IACpE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAElD,MAAM,OAAO,GAAG,IAAA,mBAAW,EACzB,KAAK,EAAE,KAAyB,EAAmC,EAAE;QACnE,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,IAAA,mBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;YACvF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAA,oBAAW,EAAC,SAAS,CAAC,EAAE,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,yFAAyF;YACzF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QACpC,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,KAAK,CAAC,CAChB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAA,mBAAW,EACtB,KAAK,EAAE,KAAc,EAAE,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE;gBACnD,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBAClC,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACvD,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9C,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,8DAA8D;YAC9D,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,CAAC,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,CACxC,CAAC;IAEF,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,SAAS,CAAC,SAAS,CAAC,CAAC;QACrB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEX,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,WAAW,GAAG,IAAA,mBAAW,EAC7B,KAAK,EAAE,IAAY,EAAiB,EAAE;QACpC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACvF,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QACjF,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC,CAAC;QACpF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE;YAClD,UAAU,EAAE,IAAA,iBAAQ,EAAC,UAAU,CAAC;YAChC,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE;YACvB,cAAc;SACf,CAAC,CAAC;QACH,8EAA8E;QAC9E,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,CAAC,CACtD,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QACV,uDAAuD;IACzD,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC;IAErB,2EAA2E;IAC3E,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,EAAE;YAChD,IAAI,KAAK,CAAC,cAAc,KAAK,cAAc;gBAAE,OAAO;YACpD,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACxB,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CACnB,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,CAClE,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;IAEtC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;AAC/E,CAAC"}
+{"version":3,"file":"useSecureMessages.js","sourceRoot":"","sources":["../../../src/hooks/useSecureMessages.tsx"],"names":[],"mappings":";AAAA,+FAA+F;AAC/F,EAAE;AACF,mGAAmG;AACnG,oGAAoG;AACpG,6FAA6F;AAC7F,6CAA6C;;AA2D7C,8CAoKC;AA7ND,iCAAiE;AAGjE,iDAAmF;AACnF,8EAAkE;AAoClE;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,iBAAiB,CAC/B,cAAsB,EACtB,UAAoC,EAAE;IAEtC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,sCAAa,GAAE,CAAC;IAErE,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAA,gBAAQ,EAA2B,EAAE,CAAC,CAAC;IACvE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAAqB,SAAS,CAAC,CAAC;IACpE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAU,IAAI,CAAC,CAAC;IAClD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAqB,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;IAC9E,MAAM,CAAC,cAAc,EAAE,iBAAiB,CAAC,GAAG,IAAA,gBAAQ,EAAqB,OAAO,CAAC,cAAc,CAAC,CAAC;IAEjG,8FAA8F;IAC9F,wDAAwD;IACxD,MAAM,WAAW,GAAG,IAAA,cAAM,EAA2B,QAAQ,CAAC,CAAC;IAC/D,WAAW,CAAC,OAAO,GAAG,QAAQ,CAAC;IAE/B,qEAAqE;IACrE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACxB,OAAO;QACT,CAAC;QACD,8FAA8F;QAC9F,wFAAwF;QACxF,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,YAAY,CAAC,cAAc,CAAC;aACzB,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACV,IAAI,KAAK;gBAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,EAAE;YACV,IAAI,KAAK;gBAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACL,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC,CAAC;IAElD,8EAA8E;IAC9E,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,iBAAiB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QACD,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,IAAI;aACD,UAAU,EAAE;aACZ,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACV,IAAI,KAAK;gBAAE,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,IAAI,SAAS,CAAC,CAAC;QAC3D,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,EAAE;YACV,IAAI,KAAK;gBAAE,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACL,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,IAAA,mBAAW,EACzB,KAAK,EAAE,KAAyB,EAAmC,EAAE;QACnE,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,IAAA,sBAAU,EAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;YACvF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAA,uBAAW,EAAC,SAAS,CAAC,EAAE,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,yFAAyF;YACzF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QACpC,CAAC;IACH,CAAC,EACD,CAAC,MAAM,EAAE,KAAK,CAAC,CAChB,CAAC;IAEF,MAAM,IAAI,GAAG,IAAA,mBAAW,EACtB,KAAK,EAAE,KAAc,EAAE,EAAE;QACvB,UAAU,CAAC,IAAI,CAAC,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE;gBACnD,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBAClC,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACvD,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9C,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,8DAA8D;YAC9D,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,EACD,CAAC,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,CACxC,CAAC;IAEF,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,SAAS,CAAC,SAAS,CAAC,CAAC;QACrB,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEX,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACtC,IAAI,CAAC,OAAO,IAAI,OAAO;YAAE,OAAO;QAChC,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,WAAW,GAAG,IAAA,mBAAW,EAC7B,KAAK,EAAE,IAAY,EAAiB,EAAE;QACpC,0FAA0F;QAC1F,4FAA4F;QAC5F,uFAAuF;QACvF,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACvF,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QACjF,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,IAAA,uBAAW,EAAC,IAAI,CAAC,CAAC,CAAC;QACpF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE;YAClD,UAAU,EAAE,IAAA,oBAAQ,EAAC,UAAU,CAAC;YAChC,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE;YACvB,cAAc;SACf,CAAC,CAAC;QACH,8EAA8E;QAC9E,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACrE,CAAC,EACD,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,cAAc,CAAC,CACtD,CAAC;IAEF,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAC;QACV,uDAAuD;IACzD,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC;IAErB,oGAAoG;IACpG,oGAAoG;IACpG,8FAA8F;IAC9F,yCAAyC;IACzC,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,KAAK;YAAE,OAAO;QACnB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC;YAAE,OAAO;QACnE,IAAI,KAAK,GAAG,IAAI,CAAC;QACjB,OAAO,CAAC,GAAG,CACT,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAC/F,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;YACd,IAAI,KAAK;gBAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,EAAE;YACV,KAAK,GAAG,KAAK,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAErB,2EAA2E;IAC3E,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,KAAK,EAAE,EAAE;YAChD,IAAI,KAAK,CAAC,cAAc,KAAK,cAAc;gBAAE,OAAO;YACpD,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACxB,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAC3F,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;IAEtC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;AAC/E,CAAC"}

package/dist/cjs/index.d.ts

@@ -1,15 +1,19 @@
-export { SecureChatProvider, useSecureChat } from "./context/secure-chat-context";
-export type { SecureChatProviderProps, SecureChatContextValue, } from "./context/secure-chat-context";
-export { useSecureDevice } from "./hooks/useSecureDevice";
-export type { UseSecureDeviceOptions, UseSecureDeviceValues } from "./hooks/useSecureDevice";
-export { useSecureConversations } from "./hooks/useSecureConversations";
-export type { UseSecureConversationsValues } from "./hooks/useSecureConversations";
-export { useSecureMessages } from "./hooks/useSecureMessages";
-export type { UseSecureMessagesOptions, UseSecureMessagesValues, DecryptedSecureMessage, } from "./hooks/useSecureMessages";
-export { SecureChatRestClient } from "./transport/rest";
-export type { SecureChatRestConfig } from "./transport/rest";
-export { SecureChatSocketClient } from "./transport/socket";
-export type { SecureSocket, SecureServerEvents, SecureClientEvents, SecureChatSocketConfig, } from "./transport/socket";
+export { SecureChatProvider, useSecureChat } from "./context/secure-chat-context.js";
+export type { SecureChatProviderProps, SecureChatContextValue, } from "./context/secure-chat-context.js";
+export { useSecureDevice } from "./hooks/useSecureDevice.js";
+export type { UseSecureDeviceOptions, UseSecureDeviceValues } from "./hooks/useSecureDevice.js";
+export { useSecureConversations } from "./hooks/useSecureConversations.js";
+export type { UseSecureConversationsValues } from "./hooks/useSecureConversations.js";
+export { useSecureMessages } from "./hooks/useSecureMessages.js";
+export type { UseSecureMessagesOptions, UseSecureMessagesValues, DecryptedSecureMessage, } from "./hooks/useSecureMessages.js";
+export { SecureChatRestClient } from "./transport/rest.js";
+export type { SecureChatRestConfig } from "./transport/rest.js";
+export { SecureChatSocketClient } from "./transport/socket.js";
+export type { SecureSocket, SecureServerEvents, SecureClientEvents, SecureChatSocketConfig, } from "./transport/socket.js";
 export type { SecureChatCrypto, DeviceIdentity, KeyPackageBundle, GroupHandle, TargetedWelcome, CommitResult, PassphraseBackup, } from "@agora-sdk/secure-chat-crypto";
-export type * from "./contract";
-export { toBase64, fromBase64, utf8ToBytes, bytesToUtf8 } from "./util/base64";
+export type * from "./contract/index.js";
+export type { SecureChatStore } from "./persistence/store.js";
+export { MemoryStore } from "./persistence/memory-store.js";
+export { SecureChatRepository } from "./persistence/repository.js";
+export type { PersistedDevice } from "./persistence/repository.js";
+export { toBase64, fromBase64, utf8ToBytes, bytesToUtf8 } from "./util/base64.js";

package/dist/cjs/index.js

@@ -5,27 +5,31 @@
 // injection of a `SecureChatCrypto`. Platform packages (@agora-sdk/secure-chat-react-js, etc.)
 // re-export this and add the concrete crypto + persistence.
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bytesToUtf8 = exports.utf8ToBytes = exports.fromBase64 = exports.toBase64 = exports.SecureChatSocketClient = exports.SecureChatRestClient = exports.useSecureMessages = exports.useSecureConversations = exports.useSecureDevice = exports.useSecureChat = exports.SecureChatProvider = void 0;
+exports.bytesToUtf8 = exports.utf8ToBytes = exports.fromBase64 = exports.toBase64 = exports.SecureChatRepository = exports.MemoryStore = exports.SecureChatSocketClient = exports.SecureChatRestClient = exports.useSecureMessages = exports.useSecureConversations = exports.useSecureDevice = exports.useSecureChat = exports.SecureChatProvider = void 0;
 // ── context / provider ──────────────────────────────────────────────────────
-var secure_chat_context_1 = require("./context/secure-chat-context");
-Object.defineProperty(exports, "SecureChatProvider", { enumerable: true, get: function () { return secure_chat_context_1.SecureChatProvider; } });
-Object.defineProperty(exports, "useSecureChat", { enumerable: true, get: function () { return secure_chat_context_1.useSecureChat; } });
+var secure_chat_context_js_1 = require("./context/secure-chat-context.js");
+Object.defineProperty(exports, "SecureChatProvider", { enumerable: true, get: function () { return secure_chat_context_js_1.SecureChatProvider; } });
+Object.defineProperty(exports, "useSecureChat", { enumerable: true, get: function () { return secure_chat_context_js_1.useSecureChat; } });
 // ── hooks ────────────────────────────────────────────────────────────────────
-var useSecureDevice_1 = require("./hooks/useSecureDevice");
-Object.defineProperty(exports, "useSecureDevice", { enumerable: true, get: function () { return useSecureDevice_1.useSecureDevice; } });
-var useSecureConversations_1 = require("./hooks/useSecureConversations");
-Object.defineProperty(exports, "useSecureConversations", { enumerable: true, get: function () { return useSecureConversations_1.useSecureConversations; } });
-var useSecureMessages_1 = require("./hooks/useSecureMessages");
-Object.defineProperty(exports, "useSecureMessages", { enumerable: true, get: function () { return useSecureMessages_1.useSecureMessages; } });
+var useSecureDevice_js_1 = require("./hooks/useSecureDevice.js");
+Object.defineProperty(exports, "useSecureDevice", { enumerable: true, get: function () { return useSecureDevice_js_1.useSecureDevice; } });
+var useSecureConversations_js_1 = require("./hooks/useSecureConversations.js");
+Object.defineProperty(exports, "useSecureConversations", { enumerable: true, get: function () { return useSecureConversations_js_1.useSecureConversations; } });
+var useSecureMessages_js_1 = require("./hooks/useSecureMessages.js");
+Object.defineProperty(exports, "useSecureMessages", { enumerable: true, get: function () { return useSecureMessages_js_1.useSecureMessages; } });
 // ── transport (for advanced / non-React use) ─────────────────────────────────
-var rest_1 = require("./transport/rest");
-Object.defineProperty(exports, "SecureChatRestClient", { enumerable: true, get: function () { return rest_1.SecureChatRestClient; } });
-var socket_1 = require("./transport/socket");
-Object.defineProperty(exports, "SecureChatSocketClient", { enumerable: true, get: function () { return socket_1.SecureChatSocketClient; } });
+var rest_js_1 = require("./transport/rest.js");
+Object.defineProperty(exports, "SecureChatRestClient", { enumerable: true, get: function () { return rest_js_1.SecureChatRestClient; } });
+var socket_js_1 = require("./transport/socket.js");
+Object.defineProperty(exports, "SecureChatSocketClient", { enumerable: true, get: function () { return socket_js_1.SecureChatSocketClient; } });
+var memory_store_js_1 = require("./persistence/memory-store.js");
+Object.defineProperty(exports, "MemoryStore", { enumerable: true, get: function () { return memory_store_js_1.MemoryStore; } });
+var repository_js_1 = require("./persistence/repository.js");
+Object.defineProperty(exports, "SecureChatRepository", { enumerable: true, get: function () { return repository_js_1.SecureChatRepository; } });
 // ── utils ────────────────────────────────────────────────────────────────────
-var base64_1 = require("./util/base64");
-Object.defineProperty(exports, "toBase64", { enumerable: true, get: function () { return base64_1.toBase64; } });
-Object.defineProperty(exports, "fromBase64", { enumerable: true, get: function () { return base64_1.fromBase64; } });
-Object.defineProperty(exports, "utf8ToBytes", { enumerable: true, get: function () { return base64_1.utf8ToBytes; } });
-Object.defineProperty(exports, "bytesToUtf8", { enumerable: true, get: function () { return base64_1.bytesToUtf8; } });
+var base64_js_1 = require("./util/base64.js");
+Object.defineProperty(exports, "toBase64", { enumerable: true, get: function () { return base64_js_1.toBase64; } });
+Object.defineProperty(exports, "fromBase64", { enumerable: true, get: function () { return base64_js_1.fromBase64; } });
+Object.defineProperty(exports, "utf8ToBytes", { enumerable: true, get: function () { return base64_js_1.utf8ToBytes; } });
+Object.defineProperty(exports, "bytesToUtf8", { enumerable: true, get: function () { return base64_js_1.bytesToUtf8; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA,8FAA8F;AAC9F,EAAE;AACF,6FAA6F;AAC7F,+FAA+F;AAC/F,4DAA4D;;;AAE5D,+EAA+E;AAC/E,qEAAkF;AAAzE,yHAAA,kBAAkB,OAAA;AAAE,oHAAA,aAAa,OAAA;AAM1C,gFAAgF;AAChF,2DAA0D;AAAjD,kHAAA,eAAe,OAAA;AAExB,yEAAwE;AAA/D,gIAAA,sBAAsB,OAAA;AAE/B,+DAA8D;AAArD,sHAAA,iBAAiB,OAAA;AAO1B,gFAAgF;AAChF,yCAAwD;AAA/C,4GAAA,oBAAoB,OAAA;AAE7B,6CAA4D;AAAnD,gHAAA,sBAAsB,OAAA;AAsB/B,gFAAgF;AAChF,wCAA+E;AAAtE,kGAAA,QAAQ,OAAA;AAAE,oGAAA,UAAU,OAAA;AAAE,qGAAA,WAAW,OAAA;AAAE,qGAAA,WAAW,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA,8FAA8F;AAC9F,EAAE;AACF,6FAA6F;AAC7F,+FAA+F;AAC/F,4DAA4D;;;AAE5D,+EAA+E;AAC/E,2EAAqF;AAA5E,4HAAA,kBAAkB,OAAA;AAAE,uHAAA,aAAa,OAAA;AAM1C,gFAAgF;AAChF,iEAA6D;AAApD,qHAAA,eAAe,OAAA;AAExB,+EAA2E;AAAlE,mIAAA,sBAAsB,OAAA;AAE/B,qEAAiE;AAAxD,yHAAA,iBAAiB,OAAA;AAO1B,gFAAgF;AAChF,+CAA2D;AAAlD,+GAAA,oBAAoB,OAAA;AAE7B,mDAA+D;AAAtD,mHAAA,sBAAsB,OAAA;AAwB/B,iEAA4D;AAAnD,8GAAA,WAAW,OAAA;AACpB,6DAAmE;AAA1D,qHAAA,oBAAoB,OAAA;AAG7B,gFAAgF;AAChF,8CAAkF;AAAzE,qGAAA,QAAQ,OAAA;AAAE,uGAAA,UAAU,OAAA;AAAE,wGAAA,WAAW,OAAA;AAAE,wGAAA,WAAW,OAAA"}

package/dist/cjs/package.json

@@ -0,0 +1 @@
+{"type":"commonjs"}

package/dist/cjs/persistence/memory-store.d.ts

@@ -0,0 +1,9 @@
+import type { SecureChatStore } from "./store.js";
+/** A `Map`-backed {@link SecureChatStore}. Non-persistent; the default when no store is injected. */
+export declare class MemoryStore implements SecureChatStore {
+    private readonly map;
+    get(key: string): Promise<Uint8Array | null>;
+    set(key: string, value: Uint8Array): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(prefix: string): Promise<string[]>;
+}

package/dist/cjs/persistence/memory-store.js

@@ -0,0 +1,27 @@
+"use strict";
+// In-memory SecureChatStore — the provider default and the unit-test backing store.
+//
+// Not persistent: state is lost on reload. Platforms inject a durable store (IndexedDB on web) for
+// real persistence; this keeps core usable in tests and SSR without one.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemoryStore = void 0;
+/** A `Map`-backed {@link SecureChatStore}. Non-persistent; the default when no store is injected. */
+class MemoryStore {
+    constructor() {
+        this.map = new Map();
+    }
+    async get(key) {
+        return this.map.get(key) ?? null;
+    }
+    async set(key, value) {
+        this.map.set(key, value);
+    }
+    async delete(key) {
+        this.map.delete(key);
+    }
+    async list(prefix) {
+        return [...this.map.keys()].filter((k) => k.startsWith(prefix));
+    }
+}
+exports.MemoryStore = MemoryStore;
+//# sourceMappingURL=memory-store.js.map

package/dist/cjs/persistence/memory-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-store.js","sourceRoot":"","sources":["../../../src/persistence/memory-store.ts"],"names":[],"mappings":";AAAA,oFAAoF;AACpF,EAAE;AACF,mGAAmG;AACnG,yEAAyE;;;AAIzE,qGAAqG;AACrG,MAAa,WAAW;IAAxB;QACmB,QAAG,GAAG,IAAI,GAAG,EAAsB,CAAC;IAiBvD,CAAC;IAfC,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAiB;QACtC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAc;QACvB,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClE,CAAC;CACF;AAlBD,kCAkBC"}

package/dist/cjs/persistence/repository.d.ts

@@ -0,0 +1,36 @@
+import type { SecureDeviceModel } from "../contract/index.js";
+import type { SecureChatStore } from "./store.js";
+/** The persisted device record: stable id, opaque crypto device-state, and the server row. */
+export interface PersistedDevice {
+    /** Stable MLS device id; survives reload. */
+    deviceId: string;
+    /** Opaque bytes from `crypto.exportDeviceState()`. */
+    deviceState: Uint8Array;
+    /** The registered server row (rehydrates UI without a refetch), or `null` if not yet registered. */
+    device: SecureDeviceModel | null;
+}
+/** Typed persistence for device identity, per-conversation group state, and the handshake cursor. */
+export declare class SecureChatRepository {
+    private readonly store;
+    constructor(store: SecureChatStore);
+    /** Load the persisted device record, or `null` if none saved (first run / evicted). */
+    loadDevice(): Promise<PersistedDevice | null>;
+    /** Persist (replace) the device record. */
+    saveDevice(d: PersistedDevice): Promise<void>;
+    /** Remove the persisted device record. */
+    clearDevice(): Promise<void>;
+    /** Load opaque MLS group state for a conversation, or `null` if none. */
+    loadGroupState(conversationId: string): Promise<Uint8Array | null>;
+    /** Persist opaque MLS group state for a conversation. */
+    saveGroupState(conversationId: string, state: Uint8Array): Promise<void>;
+    /** Remove persisted group state for a conversation. */
+    deleteGroupState(conversationId: string): Promise<void>;
+    /** List the conversation ids that have persisted group state. */
+    listGroupConversationIds(): Promise<string[]>;
+    /** Load the persisted handshake delivery cursor (`seq`), or `null`. */
+    loadHandshakeCursor(): Promise<string | null>;
+    /** Persist the handshake delivery cursor (`seq`). */
+    saveHandshakeCursor(seq: string): Promise<void>;
+    /** Wipe all persisted secure-chat state (sign-out / device revoke). */
+    clearAll(): Promise<void>;
+}

package/dist/cjs/persistence/repository.js

@@ -0,0 +1,72 @@
+"use strict";
+// SecureChatRepository — typed façade over a SecureChatStore.
+//
+// The ONLY place in the SDK that knows the persistence key strings and how each record is
+// serialized. Binary fields are base64-wrapped inside JSON; opaque crypto blobs (group/device
+// state) are stored as-is. Built by SecureChatProvider over the injected store.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecureChatRepository = void 0;
+const base64_js_1 = require("../util/base64.js");
+const DEVICE_KEY = "device";
+const GROUP_PREFIX = "group:";
+const CURSOR_KEY = "handshake:cursor";
+/** Typed persistence for device identity, per-conversation group state, and the handshake cursor. */
+class SecureChatRepository {
+    constructor(store) {
+        this.store = store;
+    }
+    /** Load the persisted device record, or `null` if none saved (first run / evicted). */
+    async loadDevice() {
+        const bytes = await this.store.get(DEVICE_KEY);
+        if (!bytes)
+            return null;
+        const rec = JSON.parse((0, base64_js_1.bytesToUtf8)(bytes));
+        return { deviceId: rec.deviceId, deviceState: (0, base64_js_1.fromBase64)(rec.deviceState), device: rec.device };
+    }
+    /** Persist (replace) the device record. */
+    async saveDevice(d) {
+        const rec = {
+            deviceId: d.deviceId,
+            deviceState: (0, base64_js_1.toBase64)(d.deviceState),
+            device: d.device,
+        };
+        await this.store.set(DEVICE_KEY, (0, base64_js_1.utf8ToBytes)(JSON.stringify(rec)));
+    }
+    /** Remove the persisted device record. */
+    async clearDevice() {
+        await this.store.delete(DEVICE_KEY);
+    }
+    /** Load opaque MLS group state for a conversation, or `null` if none. */
+    async loadGroupState(conversationId) {
+        return this.store.get(GROUP_PREFIX + conversationId);
+    }
+    /** Persist opaque MLS group state for a conversation. */
+    async saveGroupState(conversationId, state) {
+        await this.store.set(GROUP_PREFIX + conversationId, state);
+    }
+    /** Remove persisted group state for a conversation. */
+    async deleteGroupState(conversationId) {
+        await this.store.delete(GROUP_PREFIX + conversationId);
+    }
+    /** List the conversation ids that have persisted group state. */
+    async listGroupConversationIds() {
+        const keys = await this.store.list(GROUP_PREFIX);
+        return keys.map((k) => k.slice(GROUP_PREFIX.length));
+    }
+    /** Load the persisted handshake delivery cursor (`seq`), or `null`. */
+    async loadHandshakeCursor() {
+        const bytes = await this.store.get(CURSOR_KEY);
+        return bytes ? (0, base64_js_1.bytesToUtf8)(bytes) : null;
+    }
+    /** Persist the handshake delivery cursor (`seq`). */
+    async saveHandshakeCursor(seq) {
+        await this.store.set(CURSOR_KEY, (0, base64_js_1.utf8ToBytes)(seq));
+    }
+    /** Wipe all persisted secure-chat state (sign-out / device revoke). */
+    async clearAll() {
+        const keys = await this.store.list("");
+        await Promise.all(keys.map((k) => this.store.delete(k)));
+    }
+}
+exports.SecureChatRepository = SecureChatRepository;
+//# sourceMappingURL=repository.js.map

package/dist/cjs/persistence/repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository.js","sourceRoot":"","sources":["../../../src/persistence/repository.ts"],"names":[],"mappings":";AAAA,8DAA8D;AAC9D,EAAE;AACF,0FAA0F;AAC1F,8FAA8F;AAC9F,gFAAgF;;;AAIhF,iDAAmF;AAEnF,MAAM,UAAU,GAAG,QAAQ,CAAC;AAC5B,MAAM,YAAY,GAAG,QAAQ,CAAC;AAC9B,MAAM,UAAU,GAAG,kBAAkB,CAAC;AAkBtC,qGAAqG;AACrG,MAAa,oBAAoB;IAC/B,YAA6B,KAAsB;QAAtB,UAAK,GAAL,KAAK,CAAiB;IAAG,CAAC;IAEvD,uFAAuF;IACvF,KAAK,CAAC,UAAU;QACd,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,uBAAW,EAAC,KAAK,CAAC,CAAiB,CAAC;QAC3D,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,IAAA,sBAAU,EAAC,GAAG,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC;IAClG,CAAC;IAED,2CAA2C;IAC3C,KAAK,CAAC,UAAU,CAAC,CAAkB;QACjC,MAAM,GAAG,GAAiB;YACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,WAAW,EAAE,IAAA,oBAAQ,EAAC,CAAC,CAAC,WAAW,CAAC;YACpC,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC;QACF,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,IAAA,uBAAW,EAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACtC,CAAC;IAED,yEAAyE;IACzE,KAAK,CAAC,cAAc,CAAC,cAAsB;QACzC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,GAAG,cAAc,CAAC,CAAC;IACvD,CAAC;IAED,yDAAyD;IACzD,KAAK,CAAC,cAAc,CAAC,cAAsB,EAAE,KAAiB;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,GAAG,cAAc,EAAE,KAAK,CAAC,CAAC;IAC7D,CAAC;IAED,uDAAuD;IACvD,KAAK,CAAC,gBAAgB,CAAC,cAAsB;QAC3C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,GAAG,cAAc,CAAC,CAAC;IACzD,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,wBAAwB;QAC5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,mBAAmB;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC/C,OAAO,KAAK,CAAC,CAAC,CAAC,IAAA,uBAAW,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,qDAAqD;IACrD,KAAK,CAAC,mBAAmB,CAAC,GAAW;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,IAAA,uBAAW,EAAC,GAAG,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,QAAQ;QACZ,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvC,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;CACF;AA/DD,oDA+DC"}

package/dist/cjs/persistence/store.d.ts

@@ -0,0 +1,11 @@
+/** A platform-agnostic async key→blob store. Implementations: `MemoryStore`, `createIndexedDBStore`. */
+export interface SecureChatStore {
+    /** Read the bytes at `key`, or `null` if absent. */
+    get(key: string): Promise<Uint8Array | null>;
+    /** Write `value` at `key`, overwriting any existing value. */
+    set(key: string, value: Uint8Array): Promise<void>;
+    /** Remove `key` if present (no-op when absent). */
+    delete(key: string): Promise<void>;
+    /** Return all keys that start with `prefix` (use `""` for every key). */
+    list(prefix: string): Promise<string[]>;
+}

package/dist/cjs/persistence/store.js

@@ -0,0 +1,8 @@
+"use strict";
+// The persistence seam — a dumb, async key→blob store.
+//
+// This is ALL a platform must implement: web ships an IndexedDB-backed store, native swaps a
+// keystore later. The SDK owns the key schema and (de)serialization on top of this (see
+// ./repository.ts); the store itself never interprets keys or values. Values are opaque bytes.
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=store.js.map

package/dist/cjs/persistence/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../../src/persistence/store.ts"],"names":[],"mappings":";AAAA,uDAAuD;AACvD,EAAE;AACF,6FAA6F;AAC7F,wFAAwF;AACxF,+FAA+F"}

package/dist/cjs/transport/rest.d.ts

@@ -1,4 +1,4 @@
-import { AddSecureMemberBody, CreateSecureConversationBody, PublishKeyPackagesBody, RegisterDeviceBody, RemoveSecureMemberBody, SecureConversationMemberModel, SecureConversationModel, SecureDeviceModel, SecureHandshakeModel, SecureKeyBackupModel, SecureKeyPackageClaim, SecureMessageModel, SendSecureMessageBody, UploadKeyBackupBody } from "../contract";
+import { AddSecureMemberBody, CreateSecureConversationBody, PublishKeyPackagesBody, RegisterDeviceBody, RemoveSecureMemberBody, SecureConversationMemberModel, SecureConversationModel, SecureDeviceModel, SecureHandshakeModel, SecureKeyBackupModel, SecureKeyPackageClaim, SecureMessageModel, SendSecureMessageBody, UploadKeyBackupBody } from "../contract/index.js";
 /**
  * Configuration for {@link SecureChatRestClient}. The base URL and access token are read through
  * resolver callbacks rather than captured once, so a late-set `baseUrl` or a refreshed token take

package/dist/cjs/transport/socket.d.ts

@@ -1,5 +1,5 @@
 import { Socket } from "socket.io-client";
-import { SecureHandshakeModel, SecureMessageModel } from "../contract";
+import { SecureHandshakeModel, SecureMessageModel } from "../contract/index.js";
 /** Server → client events on the `/secure` namespace (§10). */
 export interface SecureServerEvents {
     "secure:message": (message: SecureMessageModel) => void;

package/dist/esm/context/secure-chat-context.d.ts

@@ -1,18 +1,26 @@
 import React from "react";
-import { SecureChatCrypto } from "@agora-sdk/secure-chat-crypto";
-import { SecureChatRestClient } from "../transport/rest";
-import { SecureChatSocketClient } from "../transport/socket";
+import { SecureChatCrypto, GroupHandle } from "@agora-sdk/secure-chat-crypto";
+import { SecureChatRestClient } from "../transport/rest.js";
+import { SecureChatSocketClient } from "../transport/socket.js";
+import { SecureChatStore } from "../persistence/store.js";
+import { SecureChatRepository } from "../persistence/repository.js";
 /**
- * The value exposed by {@link useSecureChat}: the shared transport clients, the injected crypto,
- * and the active project id. The hooks build everything else on top of these.
+ * The value exposed by {@link useSecureChat}: shared transport clients, the injected crypto, the
+ * persistence repository, the group-handle resolver, and the active project id.
  */
 export interface SecureChatContextValue {
     /** REST client for the blind Delivery Service endpoints. */
     rest: SecureChatRestClient;
     /** Realtime client for the `/secure` socket.io namespace. */
     socket: SecureChatSocketClient;
-    /** The injected MLS crypto implementation (mock, or platform ts-mls/native). */
+    /** The injected MLS crypto implementation. */
     crypto: SecureChatCrypto;
+    /** Typed persistence over the injected store. */
+    repo: SecureChatRepository;
+    /** Resolve a conversation's MLS group handle (cache → store → importGroupState), or `null`. */
+    resolveGroup: (conversationId: string) => Promise<GroupHandle | null>;
+    /** Cache + persist a conversation's group handle (after createGroup / processWelcome). */
+    rememberGroup: (conversationId: string, handle: GroupHandle) => Promise<void>;
     /** The Agora project id these clients are scoped to. */
     projectId: string;
 }
@@ -22,6 +30,8 @@ export interface SecureChatProviderProps {
     crypto: SecureChatCrypto;
     /** Agora project id (path-scoped on every endpoint). */
     projectId: string;
+    /** Persistence store. Defaults to a non-persistent in-memory store when omitted. */
+    store?: SecureChatStore;
     /** Current access token. Re-pass on refresh; read lazily per request. */
     accessToken?: string;
     /** Override token resolution (takes precedence over `accessToken`). */
@@ -33,28 +43,24 @@ export interface SecureChatProviderProps {
     children: React.ReactNode;
 }
 /**
- * Provides the secure-chat transport + crypto to the `useSecure*` hooks. Render it inside a
- * `ReplykeProvider`: by default it inherits the API base URL and socket origin from
- * `@agora-sdk/core`'s runtime, and disconnects the socket on unmount.
+ * Provides secure-chat transport, crypto, and persistence to the `useSecure*` hooks. Render inside a
+ * `ReplykeProvider`; disconnects the socket on unmount.
  *
- * @param props - {@link SecureChatProviderProps} — the injected crypto, project id, token, and
- *   optional base/socket URL overrides.
+ * @param props - {@link SecureChatProviderProps}.
  * @returns A context provider wrapping `children`.
  *
  * @example
  * ```tsx
- * <ReplykeProvider projectId={projectId} baseUrl={baseUrl}>
- *   <SecureChatProvider crypto={crypto} projectId={projectId} accessToken={token}>
- *     <Chat />
- *   </SecureChatProvider>
- * </ReplykeProvider>
+ * <SecureChatProvider crypto={crypto} projectId={projectId} store={createIndexedDBStore()} accessToken={token}>
+ *   <Chat />
+ * </SecureChatProvider>
  * ```
  */
-export declare function SecureChatProvider({ crypto, projectId, accessToken, getAccessToken, baseUrl, socketUrl, children, }: SecureChatProviderProps): React.JSX.Element;
+export declare function SecureChatProvider({ crypto, projectId, store, accessToken, getAccessToken, baseUrl, socketUrl, children, }: SecureChatProviderProps): React.JSX.Element;
 /**
  * Access the nearest {@link SecureChatContextValue}.
  *
- * @returns The shared rest/socket/crypto/projectId for this provider subtree.
+ * @returns The shared rest/socket/crypto/repo/resolveGroup/projectId for this provider subtree.
  * @throws {Error} When called outside a `<SecureChatProvider>`.
  */
 export declare function useSecureChat(): SecureChatContextValue;