@enbox/agent 0.6.1 → 0.6.3

package/dist/types/sync-messages.d.ts

@@ -13,9 +13,13 @@ export type SyncMessageEntry = {
  * 202: message was successfully written to the remote DWN
  * 204: an initial write message was written without any data
  * 409: message was already present on the remote DWN
- * RecordsDelete + 404: the initial write was not found or already deleted
+ *
+ * When the *pushed* message is known (e.g. during push-sync), pass it as the
+ * second argument so that RecordsDelete + 404 ("initial write was not found or
+ * already deleted") can be detected.  The DWN's 404 reply omits `entry`, so
+ * checking `reply.entry` alone is insufficient.
  */
-export declare function syncMessageReplyIsSuccessful(reply: UnionMessageReply): boolean;
+export declare function syncMessageReplyIsSuccessful(reply: UnionMessageReply, pushedMessage?: GenericMessage): boolean;
 /**
  * Determines whether a failed push reply represents a permanent failure that
  * should NOT be retried. Permanent failures include protocol violations (400),

package/dist/types/sync-messages.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sync-messages.d.ts","sourceRoot":"","sources":["../../src/sync-messages.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAqB,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAErH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAwB,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAWxE,kFAAkF;AAClF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACxC,8FAA8F;IAC9F,YAAY,CAAC,EAAE,UAAU,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAS9E;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAIxE;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAM5E;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IACzH,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,gGAAgG;IAChG,UAAU,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACrC,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4FpB;AA4DD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IACpH,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAoE9B;AAED;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC7G,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,UAAU,CAAC,CA2DtB;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC1G,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAmCxC"}
+{"version":3,"file":"sync-messages.d.ts","sourceRoot":"","sources":["../../src/sync-messages.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAqB,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAErH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,KAAK,EAAwB,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAWxE,kFAAkF;AAClF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IACxC,8FAA8F;IAC9F,YAAY,CAAC,EAAE,UAAU,CAAC;CAC3B,CAAC;AAEF;;;;;;;;;GASG;AACH,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,cAAc,GAAG,OAAO,CAoB9G;AAED;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAIxE;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAM5E;AAED;;;;;;;;GAQG;AACH,wBAAsB,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IACzH,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,gGAAgG;IAChG,UAAU,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACrC,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA4FpB;AA4DD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IACpH,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAoE9B;AAED;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC7G,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,UAAU,CAAC,CA2DtB;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE;IAC1G,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,kBAAkB,CAAC;IAC1B,cAAc,EAAE,cAAc,CAAC;CAChC,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAmCxC"}

package/dist/types/types/identity-vault.d.ts

@@ -111,6 +111,26 @@ export interface IdentityVault<T extends Record<string, any> = {
     unlock(params: {
         password: string;
     }): Promise<void>;
+    /**
+     * Encrypts arbitrary data using the vault's content encryption key.
+     * The vault must be unlocked.
+     *
+     * @returns A compact JWE string that can be safely stored in untrusted storage.
+     * @throws An error if the vault is locked.
+     */
+    encryptData(params: {
+        plaintext: Uint8Array;
+    }): Promise<string>;
+    /**
+     * Decrypts data that was previously encrypted with {@link encryptData}.
+     * The vault must be unlocked.
+     *
+     * @returns The original plaintext bytes.
+     * @throws An error if the vault is locked or the JWE is invalid.
+     */
+    decryptData(params: {
+        jwe: string;
+    }): Promise<Uint8Array>;
 }
 export type IdentityVaultStatus = {
     /**

package/dist/types/types/identity-vault.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identity-vault.d.ts","sourceRoot":"","sources":["../../../src/types/identity-vault.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IAEb,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,yEAAyE;IACzE,GAAG,EAAE,MAAM,CAAC;IAEZ,mFAAmF;IACnF,oBAAoB,EAAE,MAAM,CAAC;IAE7B,qFAAqF;IACrF,MAAM,EAAE,mBAAmB,CAAC;CAC7B,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAEjC,+FAA+F;IAC/F,KAAK,CAAC,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC,CAAC;AAEF,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG;IAAE,gBAAgB,EAAE,GAAG,CAAA;CAAE;IACtF;;;;;OAKG;IACH,MAAM,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC;;;;;;;OAOG;IACH,cAAc,CAAC,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,SAAS,CAAC,CAAA;IAE5B;;;OAGG;IACH,SAAS,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAEzC;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAEzE;;OAEG;IACH,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAElC;;OAEG;IACH,QAAQ,IAAI,OAAO,CAAC;IAEpB;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB;;;;;OAKG;IACH,OAAO,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,mBAAmB,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElF;;;;OAIG;IACH,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC"}
+{"version":3,"file":"identity-vault.d.ts","sourceRoot":"","sources":["../../../src/types/identity-vault.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;IAEpB,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IAEb,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,yEAAyE;IACzE,GAAG,EAAE,MAAM,CAAC;IAEZ,mFAAmF;IACnF,oBAAoB,EAAE,MAAM,CAAC;IAE7B,qFAAqF;IACrF,MAAM,EAAE,mBAAmB,CAAC;CAC7B,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC;;;OAGG;IACH,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAEjC,+FAA+F;IAC/F,KAAK,CAAC,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACpC,CAAC;AAEF,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG;IAAE,gBAAgB,EAAE,GAAG,CAAA;CAAE;IACtF;;;;;OAKG;IACH,MAAM,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAEvC;;;;;;;OAOG;IACH,cAAc,CAAC,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,MAAM,IAAI,OAAO,CAAC,SAAS,CAAC,CAAA;IAE5B;;;OAGG;IACH,SAAS,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAEzC;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAEzE;;OAEG;IACH,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAElC;;OAEG;IACH,QAAQ,IAAI,OAAO,CAAC;IAEpB;;OAEG;IACH,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB;;;;;OAKG;IACH,OAAO,CAAC,MAAM,EAAE;QAAE,MAAM,EAAE,mBAAmB,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElF;;;;OAIG;IACH,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpD;;;;;;OAMG;IACH,WAAW,CAAC,MAAM,EAAE;QAAE,SAAS,EAAE,UAAU,CAAA;KAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEhE;;;;;;OAMG;IACH,WAAW,CAAC,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CAC3D;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC;;OAEG;IACH,WAAW,EAAE,OAAO,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enbox/agent",
-  "version": "0.6.1",
+  "version": "0.6.3",
   "type": "module",
   "main": "./dist/esm/index.js",
   "module": "./dist/esm/index.js",

package/src/hd-identity-vault.ts

@@ -792,6 +792,56 @@ export class HdIdentityVault implements IdentityVault<{ InitializeResult: string
     }
   }
 
+  /**
+   * Encrypts arbitrary data using the vault's content encryption key (CEK).
+   *
+   * The vault must be unlocked. The returned compact JWE string can be safely
+   * stored in untrusted storage (e.g. `localStorage`). Only the vault password
+   * can decrypt the data.
+   *
+   * @param params.plaintext - The data to encrypt.
+   * @returns A compact JWE string.
+   * @throws If the vault is locked.
+   */
+  public async encryptData({ plaintext }: { plaintext: Uint8Array }): Promise<string> {
+    if (this.isLocked() || !this._contentEncryptionKey) {
+      throw new Error('HdIdentityVault: Cannot encrypt data — vault is locked.');
+    }
+
+    return CompactJwe.encrypt({
+      key             : this._contentEncryptionKey,
+      plaintext,
+      protectedHeader : { alg: 'dir', enc: 'A256GCM' },
+      crypto          : this.crypto,
+      keyManager      : new LocalKeyManager(),
+    });
+  }
+
+  /**
+   * Decrypts data that was previously encrypted with {@link encryptData}.
+   *
+   * The vault must be unlocked.
+   *
+   * @param params.jwe - The compact JWE string to decrypt.
+   * @returns The original plaintext bytes.
+   * @throws If the vault is locked or the JWE is invalid.
+   */
+  public async decryptData({ jwe }: { jwe: string }): Promise<Uint8Array> {
+    if (this.isLocked() || !this._contentEncryptionKey) {
+      throw new Error('HdIdentityVault: Cannot decrypt data — vault is locked.');
+    }
+
+    const { plaintext } = await CompactJwe.decrypt({
+      jwe,
+      key        : this._contentEncryptionKey,
+      crypto     : this.crypto,
+      keyManager : new LocalKeyManager(),
+      options    : { minP2cCount: 1 },
+    });
+
+    return plaintext;
+  }
+
   /**
    * Retrieves the Decentralized Identifier (DID) associated with the identity vault from the vault
    * store.

package/src/index.ts

@@ -41,3 +41,4 @@ export * from './test-harness.js';
 export * from './utils.js';
 export * from './enbox-connect-protocol.js';
 export * from './enbox-user-agent.js';
+export { KeyDeliveryProtocolDefinition } from './store-data-protocols.js';

package/src/store-data.ts

@@ -291,7 +291,13 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
 
     // Read the record from the store. If encryption is active for this tenant,
     // the agent's auto-decryption pipeline handles ECIES key unwrapping and AES decryption.
-    const encryptionActive = this.isEncryptionActive(tenantDid);
+    //
+    // When the protocol definition declares `encryptionRequired: true`, always
+    // request decryption — even if `initialize()` has not been called for this
+    // tenant yet. This covers delegate sessions where key records arrive via
+    // sync (`processRawMessage`) rather than `set()`, leaving the per-tenant
+    // `_tenantEncryptionActive` cache cold after an agent restart.
+    const encryptionActive = this.encryptionRequired || this.isEncryptionActive(tenantDid);
     const { reply: readReply } = await agent.dwn.processRequest({
       author        : tenantDid,
       target        : tenantDid,

package/src/sync-closure-resolver.ts

@@ -200,6 +200,7 @@ function getRuleSetAtProtocolPath(
 function extractProtocolAwareDeps(
   message: GenericMessage,
   protocolDef: any,
+  isDelegateSession?: boolean,
 ): ClosureDependencyEdge[] {
   const desc = message.descriptor as Record<string, unknown>;
   if (desc.interface !== 'Records') { return []; }
@@ -246,15 +247,39 @@ function extractProtocolAwareDeps(
         identifierType  : 'protocol',
       });
 
-      // Level 2: key-delivery protocol record.
-      // The key-delivery protocol must be installed locally.
-      const keyDeliveryProtocol = 'https://identity.foundation/protocols/key-delivery';
-      edges.push({
-        dependencyClass : 5,
-        label           : 'keyDeliveryProtocol',
-        identifier      : keyDeliveryProtocol,
-        identifierType  : 'protocol',
-      });
+      // Determine whether this record uses multi-party (ProtocolContext)
+      // encryption before emitting key-delivery edges.
+      const contextId = (message as any).contextId as string | undefined;
+      let isMultiParty = false;
+      if (contextId) {
+        const rootProtocolPath = protocolPath.split('/')[0];
+        isMultiParty = isMultiPartyContext(protocolDef, rootProtocolPath);
+      }
+
+      // Level 2: key-delivery protocol ProtocolsConfigure.
+      //
+      // For **owner** sessions this is always emitted — the DWN needs the
+      // protocol installed to authorize contextKey record access.
+      //
+      // For **delegate** sessions:
+      //  - Single-party: the delegate decrypts via pre-derived
+      //    `delegateDecryptionKeys` (ProtocolPath keys).  No key-delivery
+      //    records are involved.  Edge is suppressed.
+      //  - Multi-party: on in-memory cache miss the runtime falls back to
+      //    `fetchCrossDeviceContextKey()` (dwn-encryption.ts:453,
+      //    dwn-key-delivery.ts:268) which does a local RecordsQuery +
+      //    RecordsRead against the owner's tenant.  That authorization path
+      //    requires the key-delivery ProtocolsConfigure.  Edge is emitted.
+      const suppressKeyDelivery = isDelegateSession && !isMultiParty;
+      if (!suppressKeyDelivery) {
+        const keyDeliveryProtocol = 'https://identity.foundation/protocols/key-delivery';
+        edges.push({
+          dependencyClass : 5,
+          label           : 'keyDeliveryProtocol',
+          identifier      : keyDeliveryProtocol,
+          identifierType  : 'protocol',
+        });
+      }
 
       // Level 3: Context key enforcement for multi-party contexts.
       // Uses isMultiPartyContext() from protocol-utils to determine whether the
@@ -264,21 +289,20 @@ function extractProtocolAwareDeps(
       //
       // Single-party contexts use ProtocolPath encryption (owner-only) and do
       // NOT need a context key — the edge is skipped entirely.
-      const contextId = (message as any).contextId as string | undefined;
-      if (contextId) {
-        const rootProtocolPath = protocolPath.split('/')[0];
-        const multiParty = isMultiPartyContext(protocolDef, rootProtocolPath);
-        if (multiParty) {
-          const rootContextId = contextId.split('/')[0];
-          // Separator is '|' (not ':') because protocol URIs contain '://'
-          // which would break indexOf(':') parsing in resolveDependency.
-          edges.push({
-            dependencyClass : 5,
-            label           : 'contextKeyRecord',
-            identifier      : `${desc.protocol}|${rootContextId}`,
-            identifierType  : 'messageCid',
-          });
-        }
+      //
+      // For delegates this edge is always emitted when applicable: the
+      // runtime's cross-device fallback still needs the contextKey record
+      // locally (on cache miss).
+      if (isMultiParty && contextId) {
+        const rootContextId = contextId.split('/')[0];
+        // Separator is '|' (not ':') because protocol URIs contain '://'
+        // which would break indexOf(':') parsing in resolveDependency.
+        edges.push({
+          dependencyClass : 5,
+          label           : 'contextKeyRecord',
+          identifier      : `${desc.protocol}|${rootContextId}`,
+          identifierType  : 'messageCid',
+        });
       }
     }
   }
@@ -496,7 +520,7 @@ export async function evaluateClosure(
         const cachedProtocolMsg = context.protocolCache.get(currentProtocol);
         const protocolDef = (cachedProtocolMsg?.descriptor as any)?.definition;
         if (protocolDef) {
-          const protoAwareEdges = extractProtocolAwareDeps(current, protocolDef);
+          const protoAwareEdges = extractProtocolAwareDeps(current, protocolDef, context.isDelegateSession);
           const protoResult = await resolveEdges(
             protoAwareEdges, allEdges, messageStore, context, visited, queue, rootCid, currentDepth
           );

package/src/sync-closure-types.ts

@@ -122,19 +122,42 @@ export type ClosureEvaluationContext = {
   missingDeps: Set<string>;
   /** Maximum traversal depth. Default 32. */
   maxDepth: number;
+
+  /**
+   * When `true`, the sync link is operating as a delegated session.
+   *
+   * Affects class 5 (encryption) dependency extraction:
+   *
+   * - **Single-party** protocols: the delegate decrypts via pre-derived
+   *   `delegateDecryptionKeys` (ProtocolPath keys).  No key-delivery
+   *   records are involved, so the `keyDeliveryProtocol` edge is
+   *   suppressed entirely in `extractProtocolAwareDeps()`.
+   *
+   * - **Multi-party** protocols: on in-memory cache miss the runtime
+   *   falls back to `fetchCrossDeviceContextKey()` (see
+   *   `dwn-encryption.ts:453`, `dwn-key-delivery.ts:268`) which queries
+   *   the local DWN.  Both `keyDeliveryProtocol` and `contextKeyRecord`
+   *   are emitted and resolved normally.
+   */
+  isDelegateSession?: boolean;
 };
 
 /**
  * Create a fresh evaluation context for a batch of closure evaluations.
  */
-export function createClosureContext(tenantDid: string, maxDepth?: number): ClosureEvaluationContext {
+export function createClosureContext(
+  tenantDid: string,
+  maxDepth?: number,
+  options?: { isDelegateSession?: boolean },
+): ClosureEvaluationContext {
   return {
     tenantDid,
-    protocolCache : new Map(),
-    grantCache    : new Map(),
-    satisfiedDeps : new Set(),
-    missingDeps   : new Set(),
-    maxDepth      : maxDepth ?? 32,
+    protocolCache     : new Map(),
+    grantCache        : new Map(),
+    satisfiedDeps     : new Set(),
+    missingDeps       : new Set(),
+    maxDepth          : maxDepth ?? 32,
+    isDelegateSession : options?.isDelegateSession,
   };
 }
 

package/src/sync-engine-level.ts

@@ -1476,7 +1476,9 @@ export class SyncEngineLevel implements SyncEngine {
             const messageStore = this.agent.dwn.node.storage.messageStore;
             let closureCtx = this._closureContexts.get(did);
             if (!closureCtx) {
-              closureCtx = createClosureContext(did);
+              closureCtx = createClosureContext(did, undefined, {
+                isDelegateSession: !!delegateDid,
+              });
               this._closureContexts.set(did, closureCtx);
             }
 

package/src/sync-messages.ts

@@ -25,17 +25,32 @@ export type SyncMessageEntry = {
  * 202: message was successfully written to the remote DWN
  * 204: an initial write message was written without any data
  * 409: message was already present on the remote DWN
- * RecordsDelete + 404: the initial write was not found or already deleted
+ *
+ * When the *pushed* message is known (e.g. during push-sync), pass it as the
+ * second argument so that RecordsDelete + 404 ("initial write was not found or
+ * already deleted") can be detected.  The DWN's 404 reply omits `entry`, so
+ * checking `reply.entry` alone is insufficient.
  */
-export function syncMessageReplyIsSuccessful(reply: UnionMessageReply): boolean {
-  return reply.status.code === 202 ||
-    reply.status.code === 204 ||
-    reply.status.code === 409 ||
-    (
-      reply.entry?.message.descriptor.interface === DwnInterfaceName.Records &&
-      reply.entry?.message.descriptor.method === DwnMethodName.Delete &&
-      reply.status.code === 404
-    );
+export function syncMessageReplyIsSuccessful(reply: UnionMessageReply, pushedMessage?: GenericMessage): boolean {
+  if (reply.status.code === 202 || reply.status.code === 204 || reply.status.code === 409) {
+    return true;
+  }
+
+  if (reply.status.code === 404) {
+    // Check the pushed message first (always available during push-sync).
+    if (pushedMessage?.descriptor.interface === DwnInterfaceName.Records &&
+        pushedMessage?.descriptor.method === DwnMethodName.Delete) {
+      return true;
+    }
+
+    // Fallback: check the reply entry (for callers that don't pass the pushed message).
+    if (reply.entry?.message.descriptor.interface === DwnInterfaceName.Records &&
+        reply.entry?.message.descriptor.method === DwnMethodName.Delete) {
+      return true;
+    }
+  }
+
+  return false;
 }
 
 /**
@@ -364,7 +379,7 @@ export async function pushMessages({ did, dwnUrl, delegateDid, protocol, message
         message   : entry.message
       });
 
-      if (syncMessageReplyIsSuccessful(reply)) {
+      if (syncMessageReplyIsSuccessful(reply, entry.message)) {
         succeeded.push(cid);
       } else if (isPermanentPushFailure(reply)) {
         // Permanent failures (400/401/403) will never succeed — do NOT retry.

package/src/types/identity-vault.ts

@@ -117,6 +117,24 @@ export interface IdentityVault<T extends Record<string, any> = { InitializeResul
    * @throws An error if the password is incorrect.
    */
   unlock(params: { password: string }): Promise<void>;
+
+  /**
+   * Encrypts arbitrary data using the vault's content encryption key.
+   * The vault must be unlocked.
+   *
+   * @returns A compact JWE string that can be safely stored in untrusted storage.
+   * @throws An error if the vault is locked.
+   */
+  encryptData(params: { plaintext: Uint8Array }): Promise<string>;
+
+  /**
+   * Decrypts data that was previously encrypted with {@link encryptData}.
+   * The vault must be unlocked.
+   *
+   * @returns The original plaintext bytes.
+   * @throws An error if the vault is locked or the JWE is invalid.
+   */
+  decryptData(params: { jwe: string }): Promise<Uint8Array>;
 }
 
 export type IdentityVaultStatus = {