@agora-sdk/secure-chat-core 0.3.0 → 0.4.0

package/dist/cjs/contract/index.d.ts

@@ -1,150 +1,2 @@
-export type SecureConversationType = "dm" | "group" | "channel";
-export type SecureMemberRole = "admin" | "member";
-export type SecureHandshakeKind = "welcome" | "commit" | "proposal";
-/** A Welcome targeted at the ONE device whose claimed KeyPackage was consumed. */
-export interface WelcomeEnvelope {
-    targetDeviceId: string;
-    payload: string;
-    epoch: string;
-}
-/** A Commit/Proposal broadcast to the whole group (no target device). */
-export interface HandshakeBlob {
-    payload: string;
-    epoch: string;
-}
-export interface RegisterDeviceBody {
-    deviceId: string;
-    displayName?: string | null;
-    signaturePublicKey: string;
-    credential: string;
-    ciphersuite: number;
-}
-export interface PublishKeyPackagesBody {
-    keyPackages: {
-        keyPackageRef: string;
-        keyPackage: string;
-        ciphersuite: number;
-        expiresAt?: string | null;
-    }[];
-}
-export interface CreateSecureConversationBody {
-    type: SecureConversationType;
-    mlsGroupId: string;
-    spaceId?: string | null;
-    name?: string | null;
-    memberUserIds?: string[];
-    welcomes?: WelcomeEnvelope[];
-}
-export interface AddSecureMemberBody {
-    userId: string;
-    commit: HandshakeBlob;
-    welcomes: WelcomeEnvelope[];
-}
-export interface RemoveSecureMemberBody {
-    commit: HandshakeBlob;
-}
-export interface SendSecureMessageBody {
-    ciphertext: string;
-    epoch: string;
-    senderDeviceId: string;
-    contentType?: string | null;
-}
-export interface UploadKeyBackupBody {
-    deviceId?: string | null;
-    blob: string;
-    nonce: string;
-    kdf: "argon2id" | "pbkdf2";
-    kdfParams: Record<string, unknown>;
-    cipher: "xchacha20poly1305" | "aes-256-gcm";
-    version: number;
-}
-export interface SecureDeviceModel {
-    id: string;
-    projectId: string;
-    userId: string;
-    deviceId: string;
-    displayName: string | null;
-    signaturePublicKey: string;
-    credential: string;
-    ciphersuite: number;
-    revokedAt: string | null;
-    lastSeenAt: string | null;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureKeyPackageClaim {
-    deviceId: string;
-    keyPackageRef: string;
-    keyPackage: string;
-    ciphersuite: number;
-}
-export interface SecureConversationMemberModel {
-    id: string;
-    projectId: string;
-    conversationId: string;
-    userId: string;
-    role: SecureMemberRole;
-    isActive: boolean;
-    joinedAtEpoch: string | null;
-    lastReadAt: string | null;
-    leftAt: string | null;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureConversationModel {
-    id: string;
-    projectId: string;
-    type: SecureConversationType;
-    mlsGroupId: string;
-    spaceId: string | null;
-    currentEpoch: string;
-    name: string | null;
-    createdById: string | null;
-    lastMessageAt: string | null;
-    memberCount?: number;
-    unreadCount?: number;
-    currentMember?: SecureConversationMemberModel;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureMessageModel {
-    id: string;
-    projectId: string;
-    conversationId: string;
-    senderUserId: string | null;
-    senderDeviceId: string | null;
-    epoch: string;
-    ciphertext: string;
-    contentType: string;
-    createdAt: string;
-}
-export interface SecureHandshakeModel {
-    id: string;
-    seq: string;
-    kind: SecureHandshakeKind;
-    conversationId: string;
-    epoch: string;
-    payload: string;
-    senderDeviceId: string | null;
-    targetDeviceId: string | null;
-}
-export interface SecureKeyBackupModel {
-    id: string;
-    projectId: string;
-    userId: string;
-    deviceId: string | null;
-    blob: string;
-    nonce: string;
-    kdf: string;
-    kdfParams: Record<string, unknown>;
-    cipher: string;
-    version: number;
-    createdAt: string;
-    updatedAt: string;
-}
-/** Standard error envelope: `{ error, code, field? }` with `secure-chat/*` codes. */
-export interface SecureChatErrorBody {
-    error: string;
-    code: string;
-    field?: string;
-}
+export type { SecureDeviceModel, SecureKeyPackageClaim, SecureConversationMemberModel, SecureConversationModel, SecureMessageModel, SecureHandshakeModel, SecureKeyBackupModel, } from "@agora-server/contract";
+export type { RegisterDeviceBody, PublishKeyPackagesBody, CreateSecureConversationBody, AddSecureMemberBody, RemoveSecureMemberBody, SendSecureMessageBody, UploadKeyBackupBody, WelcomeEnvelope, HandshakeBlob, } from "@agora-server/contract";

package/dist/cjs/contract/index.js

@@ -1,16 +1,17 @@
 "use strict";
-// Secure-chat wire contract — stand-in for @agora-server/contract (the Apache-2.0 server contract).
+// Secure-chat wire types — re-exported from the published `@agora-server/contract` (Apache-2.0).
 //
-// Mirrors the response models + request bodies of agora-server's
-// `packages/contract/src/secure-chat.ts`. That package is the source of truth (zod + TS); the
-// client only needs the TypeScript shapes, so this copy is types-only.
+// The dependency arrow is **SDK → contract**: agora-server owns the wire contract, this SDK depends
+// on it. This module used to hold a byte-faithful *copy* of the types (a stand-in until the contract
+// published); now that `@agora-server/contract` is published, it is a thin **type-only re-export** so
+// there is exactly one source of truth and zero drift. The internal import path
+// (`../contract/index.js`) is kept stable so call sites don't churn, and the re-export is scoped to
+// the secure-chat surface (not the contract's reactions/pagination/etc.).
 //
-// ⚠️ Keep this byte-faithful to the server contract. The arrow is SDK → contract: once
-// `@agora-server/contract` is published, DELETE this file and `import type { ... } from "@agora-server/contract"`.
-// Do NOT publish a separate `@agora-sdk/secure-chat-contract` (that would invert the dependency —
-// see STATUS.md). Do not let this copy drift in the meantime.
+// Type-only on purpose: `@agora-server/contract` is ESM-only, but these `export type` re-exports are
+// erased from the emitted JS, so core's dual ESM/CJS build never `require()`s it at runtime.
 //
-// Wire conventions: every binary value is **base64** (the server stores/relays opaque blobs and
-// never parses them); MLS epochs are **decimal strings** (u64 exceeds JS safe-int range).
+// Wire conventions (owned by the contract): every binary value is **base64**; MLS epochs are
+// **decimal strings** (u64 exceeds JS safe-int range).
 Object.defineProperty(exports, "__esModule", { value: true });
 //# sourceMappingURL=index.js.map

package/dist/cjs/contract/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":";AAAA,oGAAoG;AACpG,EAAE;AACF,iEAAiE;AACjE,8FAA8F;AAC9F,uEAAuE;AACvE,EAAE;AACF,uFAAuF;AACvF,mHAAmH;AACnH,kGAAkG;AAClG,8DAA8D;AAC9D,EAAE;AACF,gGAAgG;AAChG,0FAA0F"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":";AAAA,iGAAiG;AACjG,EAAE;AACF,oGAAoG;AACpG,qGAAqG;AACrG,sGAAsG;AACtG,gFAAgF;AAChF,oGAAoG;AACpG,0EAA0E;AAC1E,EAAE;AACF,qGAAqG;AACrG,6FAA6F;AAC7F,EAAE;AACF,6FAA6F;AAC7F,uDAAuD"}

package/dist/cjs/transport/socket.d.ts

@@ -26,10 +26,22 @@ export interface SecureServerEvents {
         userId: string;
     }) => void;
 }
-/** Client → server events. */
+/**
+ * Client → server events.
+ *
+ * @remarks
+ * Payloads are **objects**, not bare ids — the server destructures `{ conversationId }` /
+ * `{ deviceId }` off the first argument (agora-server `realtime/secure-socket.ts`). Emitting a bare
+ * string lands as `undefined` after destructuring (and, on a `null` payload, throws server-side), so
+ * the join silently fails. Keep these shapes in lockstep with the server's `SecureClientToServerEvents`.
+ */
 export interface SecureClientEvents {
-    "join:secure-conversation": (conversationId: string) => void;
-    "join:secure-device": (deviceId: string) => void;
+    "join:secure-conversation": (payload: {
+        conversationId: string;
+    }) => void;
+    "join:secure-device": (payload: {
+        deviceId: string;
+    }) => void;
 }
 /** A socket.io `Socket` typed with the secure-chat event maps in both directions. */
 export type SecureSocket = Socket<SecureServerEvents, SecureClientEvents>;

package/dist/cjs/transport/socket.js

@@ -46,11 +46,13 @@ class SecureChatSocketClient {
     }
     /** Join a conversation room (membership-gated server-side) to receive its broadcasts. */
     joinConversation(conversationId) {
-        this.connect().emit("join:secure-conversation", conversationId);
+        // Object payload — the server destructures `{ conversationId }`; a bare string would arrive as
+        // `undefined` and the join would silently no-op (see SecureClientEvents).
+        this.connect().emit("join:secure-conversation", { conversationId });
     }
     /** Explicitly join a device room (ownership-verified). Owned devices auto-join on connect. */
     joinDevice(deviceId) {
-        this.connect().emit("join:secure-device", deviceId);
+        this.connect().emit("join:secure-device", { deviceId });
     }
     /**
      * Subscribe to a server → client event, auto-connecting if needed.

package/dist/cjs/transport/socket.js.map

@@ -1 +1 @@
-{"version":3,"file":"socket.js","sourceRoot":"","sources":["../../../src/transport/socket.ts"],"names":[],"mappings":";AAAA,8FAA8F;AAC9F,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8FAA8F;AAC9F,kCAAkC;;;AAElC,uDAA8C;AAqC9C;;;;GAIG;AACH,MAAa,sBAAsB;IAGjC,YAA6B,MAA8B;QAA9B,WAAM,GAAN,MAAM,CAAwB;QAFnD,WAAM,GAAwB,IAAI,CAAC;IAEmB,CAAC;IAE/D;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,EAAE,SAAS;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,IAAA,qBAAE,EAAC,GAAG,MAAM,SAAS,EAAE;YACnC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE;YAC7C,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,WAAW,CAAC;YACzB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,UAAU;QACR,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,yFAAyF;IACzF,gBAAgB,CAAC,cAAsB;QACrC,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC;IAClE,CAAC;IAED,8FAA8F;IAC9F,UAAU,CAAC,QAAgB;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED;;;;;;OAMG;IACH,EAAE,CAAqC,KAAQ,EAAE,OAA8B;QAC7E,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,4FAA4F;QAC5F,CAAC,CAAC,EAAE,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;QACvC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;IACvD,CAAC;CACF;AAxDD,wDAwDC"}
+{"version":3,"file":"socket.js","sourceRoot":"","sources":["../../../src/transport/socket.ts"],"names":[],"mappings":";AAAA,8FAA8F;AAC9F,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8FAA8F;AAC9F,kCAAkC;;;AAElC,uDAA8C;AA6C9C;;;;GAIG;AACH,MAAa,sBAAsB;IAGjC,YAA6B,MAA8B;QAA9B,WAAM,GAAN,MAAM,CAAwB;QAFnD,WAAM,GAAwB,IAAI,CAAC;IAEmB,CAAC;IAE/D;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,EAAE,SAAS;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,IAAA,qBAAE,EAAC,GAAG,MAAM,SAAS,EAAE;YACnC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE;YAC7C,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,WAAW,CAAC;YACzB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,UAAU;QACR,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,yFAAyF;IACzF,gBAAgB,CAAC,cAAsB;QACrC,+FAA+F;QAC/F,0EAA0E;QAC1E,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,8FAA8F;IAC9F,UAAU,CAAC,QAAgB;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;OAMG;IACH,EAAE,CAAqC,KAAQ,EAAE,OAA8B;QAC7E,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,4FAA4F;QAC5F,CAAC,CAAC,EAAE,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;QACvC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;IACvD,CAAC;CACF;AA1DD,wDA0DC"}

package/dist/esm/contract/index.d.ts

@@ -1,150 +1,2 @@
-export type SecureConversationType = "dm" | "group" | "channel";
-export type SecureMemberRole = "admin" | "member";
-export type SecureHandshakeKind = "welcome" | "commit" | "proposal";
-/** A Welcome targeted at the ONE device whose claimed KeyPackage was consumed. */
-export interface WelcomeEnvelope {
-    targetDeviceId: string;
-    payload: string;
-    epoch: string;
-}
-/** A Commit/Proposal broadcast to the whole group (no target device). */
-export interface HandshakeBlob {
-    payload: string;
-    epoch: string;
-}
-export interface RegisterDeviceBody {
-    deviceId: string;
-    displayName?: string | null;
-    signaturePublicKey: string;
-    credential: string;
-    ciphersuite: number;
-}
-export interface PublishKeyPackagesBody {
-    keyPackages: {
-        keyPackageRef: string;
-        keyPackage: string;
-        ciphersuite: number;
-        expiresAt?: string | null;
-    }[];
-}
-export interface CreateSecureConversationBody {
-    type: SecureConversationType;
-    mlsGroupId: string;
-    spaceId?: string | null;
-    name?: string | null;
-    memberUserIds?: string[];
-    welcomes?: WelcomeEnvelope[];
-}
-export interface AddSecureMemberBody {
-    userId: string;
-    commit: HandshakeBlob;
-    welcomes: WelcomeEnvelope[];
-}
-export interface RemoveSecureMemberBody {
-    commit: HandshakeBlob;
-}
-export interface SendSecureMessageBody {
-    ciphertext: string;
-    epoch: string;
-    senderDeviceId: string;
-    contentType?: string | null;
-}
-export interface UploadKeyBackupBody {
-    deviceId?: string | null;
-    blob: string;
-    nonce: string;
-    kdf: "argon2id" | "pbkdf2";
-    kdfParams: Record<string, unknown>;
-    cipher: "xchacha20poly1305" | "aes-256-gcm";
-    version: number;
-}
-export interface SecureDeviceModel {
-    id: string;
-    projectId: string;
-    userId: string;
-    deviceId: string;
-    displayName: string | null;
-    signaturePublicKey: string;
-    credential: string;
-    ciphersuite: number;
-    revokedAt: string | null;
-    lastSeenAt: string | null;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureKeyPackageClaim {
-    deviceId: string;
-    keyPackageRef: string;
-    keyPackage: string;
-    ciphersuite: number;
-}
-export interface SecureConversationMemberModel {
-    id: string;
-    projectId: string;
-    conversationId: string;
-    userId: string;
-    role: SecureMemberRole;
-    isActive: boolean;
-    joinedAtEpoch: string | null;
-    lastReadAt: string | null;
-    leftAt: string | null;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureConversationModel {
-    id: string;
-    projectId: string;
-    type: SecureConversationType;
-    mlsGroupId: string;
-    spaceId: string | null;
-    currentEpoch: string;
-    name: string | null;
-    createdById: string | null;
-    lastMessageAt: string | null;
-    memberCount?: number;
-    unreadCount?: number;
-    currentMember?: SecureConversationMemberModel;
-    createdAt: string;
-    updatedAt: string;
-}
-export interface SecureMessageModel {
-    id: string;
-    projectId: string;
-    conversationId: string;
-    senderUserId: string | null;
-    senderDeviceId: string | null;
-    epoch: string;
-    ciphertext: string;
-    contentType: string;
-    createdAt: string;
-}
-export interface SecureHandshakeModel {
-    id: string;
-    seq: string;
-    kind: SecureHandshakeKind;
-    conversationId: string;
-    epoch: string;
-    payload: string;
-    senderDeviceId: string | null;
-    targetDeviceId: string | null;
-}
-export interface SecureKeyBackupModel {
-    id: string;
-    projectId: string;
-    userId: string;
-    deviceId: string | null;
-    blob: string;
-    nonce: string;
-    kdf: string;
-    kdfParams: Record<string, unknown>;
-    cipher: string;
-    version: number;
-    createdAt: string;
-    updatedAt: string;
-}
-/** Standard error envelope: `{ error, code, field? }` with `secure-chat/*` codes. */
-export interface SecureChatErrorBody {
-    error: string;
-    code: string;
-    field?: string;
-}
+export type { SecureDeviceModel, SecureKeyPackageClaim, SecureConversationMemberModel, SecureConversationModel, SecureMessageModel, SecureHandshakeModel, SecureKeyBackupModel, } from "@agora-server/contract";
+export type { RegisterDeviceBody, PublishKeyPackagesBody, CreateSecureConversationBody, AddSecureMemberBody, RemoveSecureMemberBody, SendSecureMessageBody, UploadKeyBackupBody, WelcomeEnvelope, HandshakeBlob, } from "@agora-server/contract";

package/dist/esm/contract/index.js

@@ -1,15 +1,16 @@
-// Secure-chat wire contract — stand-in for @agora-server/contract (the Apache-2.0 server contract).
+// Secure-chat wire types — re-exported from the published `@agora-server/contract` (Apache-2.0).
 //
-// Mirrors the response models + request bodies of agora-server's
-// `packages/contract/src/secure-chat.ts`. That package is the source of truth (zod + TS); the
-// client only needs the TypeScript shapes, so this copy is types-only.
+// The dependency arrow is **SDK → contract**: agora-server owns the wire contract, this SDK depends
+// on it. This module used to hold a byte-faithful *copy* of the types (a stand-in until the contract
+// published); now that `@agora-server/contract` is published, it is a thin **type-only re-export** so
+// there is exactly one source of truth and zero drift. The internal import path
+// (`../contract/index.js`) is kept stable so call sites don't churn, and the re-export is scoped to
+// the secure-chat surface (not the contract's reactions/pagination/etc.).
 //
-// ⚠️ Keep this byte-faithful to the server contract. The arrow is SDK → contract: once
-// `@agora-server/contract` is published, DELETE this file and `import type { ... } from "@agora-server/contract"`.
-// Do NOT publish a separate `@agora-sdk/secure-chat-contract` (that would invert the dependency —
-// see STATUS.md). Do not let this copy drift in the meantime.
+// Type-only on purpose: `@agora-server/contract` is ESM-only, but these `export type` re-exports are
+// erased from the emitted JS, so core's dual ESM/CJS build never `require()`s it at runtime.
 //
-// Wire conventions: every binary value is **base64** (the server stores/relays opaque blobs and
-// never parses them); MLS epochs are **decimal strings** (u64 exceeds JS safe-int range).
+// Wire conventions (owned by the contract): every binary value is **base64**; MLS epochs are
+// **decimal strings** (u64 exceeds JS safe-int range).
 export {};
 //# sourceMappingURL=index.js.map

package/dist/esm/contract/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":"AAAA,oGAAoG;AACpG,EAAE;AACF,iEAAiE;AACjE,8FAA8F;AAC9F,uEAAuE;AACvE,EAAE;AACF,uFAAuF;AACvF,mHAAmH;AACnH,kGAAkG;AAClG,8DAA8D;AAC9D,EAAE;AACF,gGAAgG;AAChG,0FAA0F"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/contract/index.ts"],"names":[],"mappings":"AAAA,iGAAiG;AACjG,EAAE;AACF,oGAAoG;AACpG,qGAAqG;AACrG,sGAAsG;AACtG,gFAAgF;AAChF,oGAAoG;AACpG,0EAA0E;AAC1E,EAAE;AACF,qGAAqG;AACrG,6FAA6F;AAC7F,EAAE;AACF,6FAA6F;AAC7F,uDAAuD"}

package/dist/esm/transport/socket.d.ts

@@ -26,10 +26,22 @@ export interface SecureServerEvents {
         userId: string;
     }) => void;
 }
-/** Client → server events. */
+/**
+ * Client → server events.
+ *
+ * @remarks
+ * Payloads are **objects**, not bare ids — the server destructures `{ conversationId }` /
+ * `{ deviceId }` off the first argument (agora-server `realtime/secure-socket.ts`). Emitting a bare
+ * string lands as `undefined` after destructuring (and, on a `null` payload, throws server-side), so
+ * the join silently fails. Keep these shapes in lockstep with the server's `SecureClientToServerEvents`.
+ */
 export interface SecureClientEvents {
-    "join:secure-conversation": (conversationId: string) => void;
-    "join:secure-device": (deviceId: string) => void;
+    "join:secure-conversation": (payload: {
+        conversationId: string;
+    }) => void;
+    "join:secure-device": (payload: {
+        deviceId: string;
+    }) => void;
 }
 /** A socket.io `Socket` typed with the secure-chat event maps in both directions. */
 export type SecureSocket = Socket<SecureServerEvents, SecureClientEvents>;

package/dist/esm/transport/socket.js

@@ -43,11 +43,13 @@ export class SecureChatSocketClient {
     }
     /** Join a conversation room (membership-gated server-side) to receive its broadcasts. */
     joinConversation(conversationId) {
-        this.connect().emit("join:secure-conversation", conversationId);
+        // Object payload — the server destructures `{ conversationId }`; a bare string would arrive as
+        // `undefined` and the join would silently no-op (see SecureClientEvents).
+        this.connect().emit("join:secure-conversation", { conversationId });
     }
     /** Explicitly join a device room (ownership-verified). Owned devices auto-join on connect. */
     joinDevice(deviceId) {
-        this.connect().emit("join:secure-device", deviceId);
+        this.connect().emit("join:secure-device", { deviceId });
     }
     /**
      * Subscribe to a server → client event, auto-connecting if needed.

package/dist/esm/transport/socket.js.map

@@ -1 +1 @@
-{"version":3,"file":"socket.js","sourceRoot":"","sources":["../../../src/transport/socket.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAC9F,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8FAA8F;AAC9F,kCAAkC;AAElC,OAAO,EAAE,EAAE,EAAU,MAAM,kBAAkB,CAAC;AAqC9C;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAGjC,YAA6B,MAA8B;QAA9B,WAAM,GAAN,MAAM,CAAwB;QAFnD,WAAM,GAAwB,IAAI,CAAC;IAEmB,CAAC;IAE/D;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,EAAE,SAAS;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,GAAG,MAAM,SAAS,EAAE;YACnC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE;YAC7C,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,WAAW,CAAC;YACzB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,UAAU;QACR,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,yFAAyF;IACzF,gBAAgB,CAAC,cAAsB;QACrC,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC;IAClE,CAAC;IAED,8FAA8F;IAC9F,UAAU,CAAC,QAAgB;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED;;;;;;OAMG;IACH,EAAE,CAAqC,KAAQ,EAAE,OAA8B;QAC7E,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,4FAA4F;QAC5F,CAAC,CAAC,EAAE,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;QACvC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;IACvD,CAAC;CACF"}
+{"version":3,"file":"socket.js","sourceRoot":"","sources":["../../../src/transport/socket.ts"],"names":[],"mappings":"AAAA,8FAA8F;AAC9F,EAAE;AACF,iGAAiG;AACjG,kGAAkG;AAClG,8FAA8F;AAC9F,kCAAkC;AAElC,OAAO,EAAE,EAAE,EAAU,MAAM,kBAAkB,CAAC;AA6C9C;;;;GAIG;AACH,MAAM,OAAO,sBAAsB;IAGjC,YAA6B,MAA8B;QAA9B,WAAM,GAAN,MAAM,CAAwB;QAFnD,WAAM,GAAwB,IAAI,CAAC;IAEmB,CAAC;IAE/D;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,EAAE,SAAS;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,GAAG,MAAM,SAAS,EAAE;YACnC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE;YAC7C,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,WAAW,CAAC;YACzB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,UAAU;QACR,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,kGAAkG;IAClG,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,yFAAyF;IACzF,gBAAgB,CAAC,cAAsB;QACrC,+FAA+F;QAC/F,0EAA0E;QAC1E,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,8FAA8F;IAC9F,UAAU,CAAC,QAAgB;QACzB,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;OAMG;IACH,EAAE,CAAqC,KAAQ,EAAE,OAA8B;QAC7E,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACzB,4FAA4F;QAC5F,CAAC,CAAC,EAAE,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;QACvC,OAAO,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAc,EAAE,OAAgB,CAAC,CAAC;IACvD,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agora-sdk/secure-chat-core",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "private": false,
   "license": "Apache-2.0",
   "author": "Agora SDK Plus, maintained by Jenova Marie",
@@ -35,9 +35,10 @@
     "dist"
   ],
   "dependencies": {
+    "@agora-server/contract": "^0.9.3",
     "axios": "^1.4.0",
     "socket.io-client": "^4.8.1",
-    "@agora-sdk/secure-chat-crypto": "0.3.0"
+    "@agora-sdk/secure-chat-crypto": "0.4.0"
   },
   "peerDependencies": {
     "@agora-sdk/core": "^1.2.2",