@howler/cli 0.2.3 → 0.2.4

package/dist/bin.js

@@ -841,6 +841,28 @@ import {
   SessionCipher,
   SignalProtocolAddress
 } from "@privacyresearch/libsignal-protocol-typescript";
+async function withDecryptSessionLock(sessionKey, work) {
+  const previous = decryptSessionLocks.get(sessionKey) ?? Promise.resolve();
+  let release;
+  const current = new Promise((resolve) => {
+    release = resolve;
+  });
+  decryptSessionLocks.set(sessionKey, previous.then(() => current));
+  await previous;
+  try {
+    return await work();
+  } finally {
+    release();
+    const active = decryptSessionLocks.get(sessionKey);
+    if (active) {
+      void active.finally(() => {
+        if (decryptSessionLocks.get(sessionKey) === active) {
+          decryptSessionLocks.delete(sessionKey);
+        }
+      });
+    }
+  }
+}
 async function getOrCreateSession(recipientUserId, deviceId = 1) {
   const address = new SignalProtocolAddress(recipientUserId, deviceId);
   const addressKey = `${recipientUserId}.${deviceId}`;
@@ -899,35 +921,37 @@ async function encryptForRecipient(data, recipientUserId, deviceId = 1) {
 async function decryptFromSender(ciphertext, senderUserId, deviceId = 1) {
   const address = new SignalProtocolAddress(senderUserId, deviceId);
   const addressKey = `${senderUserId}.${deviceId}`;
-  const existingSession = await signalStore.loadSession(addressKey);
-  if (define_import_meta_env_default.DEV) console.log(`[Signal] Decrypting from ${senderUserId.slice(0, 8)}.${deviceId}, type: ${ciphertext.type}, hasSession: ${!!existingSession}`);
-  const sessionCipher = new SessionCipher(signalStore, address);
-  const binaryBody = base64ToBinaryString(ciphertext.body);
-  let plaintext;
-  try {
-    if (ciphertext.type === 3) {
-      if (define_import_meta_env_default.DEV) console.log("[Signal] Decrypting PreKeyWhisperMessage (type 3) - will establish session");
-      plaintext = await sessionCipher.decryptPreKeyWhisperMessage(binaryBody, "binary");
-    } else {
-      if (!existingSession) {
-        console.error("[Signal] No existing session for WhisperMessage (type 1) - this will fail");
+  return withDecryptSessionLock(addressKey, async () => {
+    const existingSession = await signalStore.loadSession(addressKey);
+    if (define_import_meta_env_default.DEV) console.log(`[Signal] Decrypting from ${senderUserId.slice(0, 8)}.${deviceId}, type: ${ciphertext.type}, hasSession: ${!!existingSession}`);
+    const sessionCipher = new SessionCipher(signalStore, address);
+    const binaryBody = base64ToBinaryString(ciphertext.body);
+    let plaintext;
+    try {
+      if (ciphertext.type === 3) {
+        if (define_import_meta_env_default.DEV) console.log("[Signal] Decrypting PreKeyWhisperMessage (type 3) - will establish session");
+        plaintext = await sessionCipher.decryptPreKeyWhisperMessage(binaryBody, "binary");
+      } else {
+        if (!existingSession) {
+          console.error("[Signal] No existing session for WhisperMessage (type 1) - this will fail");
+        }
+        plaintext = await sessionCipher.decryptWhisperMessage(binaryBody, "binary");
       }
-      plaintext = await sessionCipher.decryptWhisperMessage(binaryBody, "binary");
-    }
-  } catch (err) {
-    const errorMsg = err instanceof Error ? err.message : String(err);
-    console.error(`[Signal] Decryption failed:`, {
-      error: errorMsg,
-      sender: `${senderUserId.slice(0, 8)}.${deviceId}`,
-      messageType: ciphertext.type,
-      hadSession: !!existingSession
-    });
-    if (errorMsg.includes("Bad MAC") && existingSession) {
-      console.error("[Signal] Bad MAC with existing session - session may be corrupted");
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : String(err);
+      console.error(`[Signal] Decryption failed:`, {
+        error: errorMsg,
+        sender: `${senderUserId.slice(0, 8)}.${deviceId}`,
+        messageType: ciphertext.type,
+        hadSession: !!existingSession
+      });
+      if (errorMsg.includes("Bad MAC") && existingSession) {
+        console.error("[Signal] Bad MAC with existing session - session may be corrupted");
+      }
+      throw err;
     }
-    throw err;
-  }
-  return plaintext;
+    return plaintext;
+  });
 }
 async function encryptMessage(message, recipientUserId) {
   const encoder = new TextEncoder();
@@ -949,12 +973,14 @@ async function resetSessionWith(userId) {
   await signalStore.removeAllSessions(userId);
   if (define_import_meta_env_default.DEV) console.log("[Signal] Session reset complete");
 }
+var decryptSessionLocks;
 var init_crypto = __esm({
   "../../packages/core/src/lib/signal/crypto.ts"() {
     "use strict";
     init_define_import_meta_env();
     init_store();
     init_supabaseKeys();
+    decryptSessionLocks = /* @__PURE__ */ new Map();
   }
 });
 
@@ -2244,6 +2270,7 @@ __export(messages_exports, {
   clearDecryptedAudioCache: () => clearDecryptedAudioCache,
   connectHowlerToParent: () => connectHowlerToParent,
   decryptTextOnlyTranscript: () => decryptTextOnlyTranscript,
+  decryptTextOnlyTranscriptBatch: () => decryptTextOnlyTranscriptBatch,
   getBlobUrlCount: () => getBlobUrlCount,
   getConversation: () => getConversation,
   getConversations: () => getConversations,
@@ -2824,41 +2851,45 @@ async function getDecryptedTranscript(howlerId) {
   const { getTranscriptCacheProvider: getTranscriptCacheProvider2 } = await Promise.resolve().then(() => (init_cache(), cache_exports));
   return getTranscriptCacheProvider2().getCachedTranscript(howlerId);
 }
-async function decryptTextOnlyTranscript(howlerId) {
-  const { getTranscriptCacheProvider: getTranscriptCacheProvider2 } = await Promise.resolve().then(() => (init_cache(), cache_exports));
-  const provider = getTranscriptCacheProvider2();
-  const cached = await provider.getCachedTranscript(howlerId);
-  if (cached) return cached;
-  const { data: howler, error } = await db.from("howlers").select("id, sender_id, transcript, encryption_metadata").eq("id", howlerId).single();
-  if (error || !howler) return null;
-  const meta = parseEncryptionMetadata(howler.encryption_metadata);
-  if (!meta?.transcriptEncrypted || !meta.transcriptIv) return null;
-  if (!howler.transcript || typeof howler.transcript !== "string") return null;
-  const { data: { user } } = await db.auth.getUser();
-  if (!user) return null;
-  const { getLocalDeviceId: getLocalDeviceId2 } = await Promise.resolve().then(() => (init_device(), device_exports));
-  const myDeviceId = getLocalDeviceId2();
-  if (!myDeviceId) return null;
+function resolveTranscriptDecryptionTarget(howler, meta, currentUserId, myDeviceId) {
   let keyToDecrypt = meta.encryptedKey;
   let sessionUserId = howler.sender_id;
   const sessionDeviceId = meta.senderDeviceId ?? 1;
   if (meta.encryptedKeys && meta.encryptedKeys.length > 0) {
     const myKey = meta.encryptedKeys.find(
-      (k) => k.userId === user.id && k.deviceId === myDeviceId
+      (k) => k.userId === currentUserId && k.deviceId === myDeviceId
     );
     if (!myKey) {
       const deviceList = meta.encryptedKeys.map(
         (k) => `${k.userId.slice(0, 8)}.${k.deviceId}`
       ).join(", ");
-      console.warn(`[E2E] No key for device ${myDeviceId} in [${deviceList}] \u2014 message ${howlerId.slice(0, 8)}`);
+      console.warn(`[E2E] No key for device ${myDeviceId} in [${deviceList}] \u2014 message ${howler.id.slice(0, 8)}`);
       return null;
     }
     keyToDecrypt = { type: myKey.type, body: myKey.body, registrationId: myKey.registrationId };
-    sessionUserId = user.id === howler.sender_id ? user.id : howler.sender_id;
+    sessionUserId = currentUserId === howler.sender_id ? currentUserId : howler.sender_id;
   }
+  return {
+    encryptedKey: keyToDecrypt,
+    sessionUserId,
+    sessionDeviceId
+  };
+}
+async function decryptTextOnlyTranscriptRow(howler, currentUserId, myDeviceId, provider) {
+  const cached = await provider.getCachedTranscript(howler.id);
+  if (cached) return cached;
+  const meta = parseEncryptionMetadata(howler.encryption_metadata);
+  if (!meta?.transcriptEncrypted || !meta.transcriptIv) return null;
+  if (!howler.transcript || typeof howler.transcript !== "string") return null;
+  const decryptionTarget = resolveTranscriptDecryptionTarget(howler, meta, currentUserId, myDeviceId);
+  if (!decryptionTarget) return null;
   try {
     const { decryptFromSender: decryptFromSender2, base64ToArrayBuffer: base64ToArrayBuffer5, decryptWithAES: decryptWithAES2 } = await Promise.resolve().then(() => (init_signal(), signal_exports));
-    const keyBytes = await decryptFromSender2(keyToDecrypt, sessionUserId, sessionDeviceId);
+    const keyBytes = await decryptFromSender2(
+      decryptionTarget.encryptedKey,
+      decryptionTarget.sessionUserId,
+      decryptionTarget.sessionDeviceId
+    );
     const aesKey = await crypto.subtle.importKey(
       "raw",
       keyBytes,
@@ -2871,14 +2902,46 @@ async function decryptTextOnlyTranscript(howlerId) {
     const plaintext = await decryptWithAES2(ciphertext, aesKey, iv);
     const json = new TextDecoder().decode(plaintext);
     const transcript = JSON.parse(json);
-    await provider.cacheTranscript(howlerId, transcript);
-    console.log("[E2E] Decrypted text-only transcript:", howlerId);
+    await provider.cacheTranscript(howler.id, transcript);
+    console.log("[E2E] Decrypted text-only transcript:", howler.id);
     return transcript;
   } catch (err) {
-    console.error("[E2E] Failed to decrypt text-only transcript:", howlerId, err);
+    console.error("[E2E] Failed to decrypt text-only transcript:", howler.id, err);
     return null;
   }
 }
+async function decryptTextOnlyTranscriptBatch(messages) {
+  if (messages.length === 0) return /* @__PURE__ */ new Map();
+  const { getTranscriptCacheProvider: getTranscriptCacheProvider2 } = await Promise.resolve().then(() => (init_cache(), cache_exports));
+  const provider = getTranscriptCacheProvider2();
+  const { data: { user } } = await db.auth.getUser();
+  if (!user) return /* @__PURE__ */ new Map();
+  const { getLocalDeviceId: getLocalDeviceId2 } = await Promise.resolve().then(() => (init_device(), device_exports));
+  const myDeviceId = getLocalDeviceId2();
+  if (!myDeviceId) return /* @__PURE__ */ new Map();
+  const decrypted = /* @__PURE__ */ new Map();
+  for (const message of messages) {
+    const transcript = await decryptTextOnlyTranscriptRow(
+      message,
+      user.id,
+      myDeviceId,
+      provider
+    );
+    if (transcript) {
+      decrypted.set(message.id, transcript);
+    }
+  }
+  return decrypted;
+}
+async function decryptTextOnlyTranscript(howlerId) {
+  const { getTranscriptCacheProvider: getTranscriptCacheProvider2 } = await Promise.resolve().then(() => (init_cache(), cache_exports));
+  const cached = await getTranscriptCacheProvider2().getCachedTranscript(howlerId);
+  if (cached) return cached;
+  const { data: howler, error } = await db.from("howlers").select("id, sender_id, transcript, encryption_metadata").eq("id", howlerId).single();
+  if (error || !howler) return null;
+  const batch = await decryptTextOnlyTranscriptBatch([howler]);
+  return batch.get(howlerId) ?? null;
+}
 var db, PUBLIC_USER_COLUMNS, blobUrlCache, blobUrlCount;
 var init_messages = __esm({
   "../../packages/core/src/lib/messages/index.ts"() {
@@ -29637,21 +29700,6 @@ async function getGroupMessages(groupId, limit = 50, beforeTimestamp) {
   const trimmed = messages.slice(0, limit).reverse();
   return { messages: trimmed, hasMore };
 }
-async function tryDecrypt(msg) {
-  if (!msg.isEncrypted || msg.recording_url === "text://plain") return msg;
-  try {
-    const transcript = await decryptTextOnlyTranscript(msg.id);
-    if (transcript && transcript.length > 0) {
-      return {
-        ...msg,
-        transcript: JSON.stringify(transcript)
-      };
-    }
-  } catch (err) {
-    console.error("[TUI] Decrypt failed:", msg.id, err);
-  }
-  return msg;
-}
 function isCacheableTranscriptJson(transcript) {
   if (!transcript) return false;
   try {
@@ -29661,16 +29709,88 @@ function isCacheableTranscriptJson(transcript) {
     return false;
   }
 }
+function shouldResolveTranscript(msg) {
+  return msg.isEncrypted && msg.recording_url !== "text://plain";
+}
 function useMessages(conversation, currentUserId) {
   const [messages, setMessages] = useState3([]);
   const [loading, setLoading] = useState3(!!conversation);
   const [error, setError] = useState3(null);
   const [hasMore, setHasMore] = useState3(false);
-  const decryptedIds = useRef3(/* @__PURE__ */ new Set());
+  const resolvedIds = useRef3(/* @__PURE__ */ new Set());
+  const inFlightIds = useRef3(/* @__PURE__ */ new Set());
+  const activeConversationId = useRef3(conversation?.id ?? null);
   const transcriptCache = useRef3(/* @__PURE__ */ new Map());
   const rememberResolvedTranscript = useCallback2((msg) => {
-    if (!isCacheableTranscriptJson(msg.transcript)) return;
+    if (!isCacheableTranscriptJson(msg.transcript)) return false;
     transcriptCache.current.set(msg.id, msg.transcript);
+    resolvedIds.current.add(msg.id);
+    inFlightIds.current.delete(msg.id);
+    return true;
+  }, []);
+  const applyCachedTranscripts = useCallback2((nextMessages) => {
+    return nextMessages.map((message) => {
+      const cached = transcriptCache.current.get(message.id);
+      return cached ? { ...message, transcript: cached } : message;
+    });
+  }, []);
+  const prewarmTranscriptCache = useCallback2(async (nextMessages) => {
+    const messagesToCheck = nextMessages.filter(
+      (message) => shouldResolveTranscript(message) && !transcriptCache.current.has(message.id)
+    );
+    if (messagesToCheck.length === 0) return;
+    const cachedEntries = await Promise.all(
+      messagesToCheck.map(async (message) => {
+        const transcript = await getDecryptedTranscript(message.id);
+        return { id: message.id, transcript };
+      })
+    );
+    for (const entry of cachedEntries) {
+      if (!entry.transcript) continue;
+      transcriptCache.current.set(entry.id, JSON.stringify(entry.transcript));
+      resolvedIds.current.add(entry.id);
+    }
+  }, []);
+  const resolveMessagesInBackground = useCallback2((nextMessages) => {
+    const targetConversationId = activeConversationId.current;
+    const messagesToResolve = nextMessages.filter(
+      (message) => shouldResolveTranscript(message) && !transcriptCache.current.has(message.id) && !resolvedIds.current.has(message.id) && !inFlightIds.current.has(message.id)
+    );
+    if (messagesToResolve.length === 0) return;
+    for (const message of messagesToResolve) {
+      inFlightIds.current.add(message.id);
+    }
+    void decryptTextOnlyTranscriptBatch(
+      messagesToResolve.map((message) => ({
+        id: message.id,
+        sender_id: message.sender_id,
+        transcript: message.transcript,
+        encryption_metadata: message.encryption_metadata
+      }))
+    ).then((decrypted) => {
+      const updatedTranscripts = /* @__PURE__ */ new Map();
+      for (const message of messagesToResolve) {
+        inFlightIds.current.delete(message.id);
+        const transcript = decrypted.get(message.id);
+        if (!transcript) continue;
+        const json = JSON.stringify(transcript);
+        transcriptCache.current.set(message.id, json);
+        resolvedIds.current.add(message.id);
+        updatedTranscripts.set(message.id, json);
+      }
+      if (updatedTranscripts.size === 0 || targetConversationId !== activeConversationId.current) return;
+      setMessages(
+        (prev) => prev.map((message) => {
+          const transcript = updatedTranscripts.get(message.id);
+          return transcript ? { ...message, transcript } : message;
+        })
+      );
+    }).catch((err) => {
+      for (const message of messagesToResolve) {
+        inFlightIds.current.delete(message.id);
+      }
+      console.error("[TUI] Background transcript decrypt failed:", err);
+    });
   }, []);
   const fetchMessages = useCallback2(
     (beforeTimestamp) => {
@@ -29689,7 +29809,7 @@ function useMessages(conversation, currentUserId) {
         isGroup ? "(group path)" : "(1:1 path)"
       );
       const promise = isGroup ? getGroupMessages(conversation.id, 50, beforeTimestamp) : getConversation(conversation.id, 50, beforeTimestamp);
-      promise.then((result) => {
+      promise.then(async (result) => {
         console.error(
           "[TUI] Fetched",
           result.messages.length,
@@ -29697,10 +29817,9 @@ function useMessages(conversation, currentUserId) {
           conversation.name,
           "hasMore=" + result.hasMore
         );
-        const withCached = result.messages.map((m) => {
-          const cached = transcriptCache.current.get(m.id);
-          return cached ? { ...m, transcript: cached } : m;
-        });
+        await prewarmTranscriptCache(result.messages);
+        if (activeConversationId.current !== conversation.id) return;
+        const withCached = applyCachedTranscripts(result.messages);
         if (beforeTimestamp) {
           setMessages((prev) => {
             const ids = new Set(prev.map((m) => m.id));
@@ -29714,37 +29833,22 @@ function useMessages(conversation, currentUserId) {
         }
         setHasMore(result.hasMore);
         setLoading(false);
-        const encrypted = result.messages.filter(
-          (m) => m.isEncrypted && !decryptedIds.current.has(m.id)
-        );
-        const needsDecrypt = encrypted.filter(
-          (m) => !transcriptCache.current.has(m.id)
-        );
-        if (needsDecrypt.length > 0) {
-          Promise.all(needsDecrypt.map(tryDecrypt)).then((decrypted) => {
-            const decryptedMap = /* @__PURE__ */ new Map();
-            for (const msg of decrypted) {
-              decryptedIds.current.add(msg.id);
-              rememberResolvedTranscript(msg);
-              decryptedMap.set(msg.id, msg);
-            }
-            setMessages(
-              (prev) => prev.map((m) => decryptedMap.get(m.id) ?? m)
-            );
-          });
-        }
+        resolveMessagesInBackground(result.messages);
       }).catch((err) => {
+        if (activeConversationId.current !== conversation.id) return;
         const message = err instanceof Error ? err.message : String(err);
         console.error("[TUI] Message fetch failed:", conversation?.name, message);
         setError(message);
         setLoading(false);
       });
     },
-    [conversation]
+    [applyCachedTranscripts, conversation, prewarmTranscriptCache, resolveMessagesInBackground]
   );
   useEffect3(() => {
+    activeConversationId.current = conversation?.id ?? null;
     if (conversation) {
-      decryptedIds.current.clear();
+      resolvedIds.current.clear();
+      inFlightIds.current.clear();
       fetchMessages();
     } else {
       setMessages([]);
@@ -29753,45 +29857,37 @@ function useMessages(conversation, currentUserId) {
     }
   }, [conversation, fetchMessages]);
   const handleNewMessage = useCallback2((msg) => {
-    if (msg.isEncrypted && !decryptedIds.current.has(msg.id)) {
-      decryptedIds.current.add(msg.id);
-      tryDecrypt(msg).then((processed) => {
-        rememberResolvedTranscript(processed);
-        setMessages((prev) => {
-          if (prev.some((m) => m.id === processed.id)) return prev;
-          return [...prev, processed];
-        });
+    if (shouldResolveTranscript(msg) && rememberResolvedTranscript(msg)) {
+      setMessages((prev) => {
+        if (prev.some((m) => m.id === msg.id)) return prev;
+        return [...prev, msg];
       });
       return;
     }
+    const cachedTranscript = transcriptCache.current.get(msg.id);
+    const withCachedTranscript = cachedTranscript ? { ...msg, transcript: cachedTranscript } : msg;
     setMessages((prev) => {
-      if (prev.some((m) => m.id === msg.id)) return prev;
-      return [...prev, msg];
+      if (prev.some((m) => m.id === withCachedTranscript.id)) return prev;
+      return [...prev, withCachedTranscript];
     });
-  }, [rememberResolvedTranscript]);
+    resolveMessagesInBackground([msg]);
+  }, [rememberResolvedTranscript, resolveMessagesInBackground]);
   const handleUpdateMessage = useCallback2(
     (id, updates) => {
+      const existing = messages.find((message) => message.id === id);
+      const updatedMessage = existing ? { ...existing, ...updates } : null;
       setMessages(
         (prev) => prev.map((m) => m.id === id ? { ...m, ...updates } : m)
       );
-      if (updates.transcript && typeof updates.transcript === "string") {
-        setMessages((prev) => {
-          const msg = prev.find((m) => m.id === id);
-          if (!msg || !msg.isEncrypted || msg.recording_url === "text://plain") return prev;
-          decryptedIds.current.delete(id);
-          decryptedIds.current.add(id);
-          transcriptCache.current.delete(id);
-          tryDecrypt(msg).then((processed) => {
-            rememberResolvedTranscript(processed);
-            setMessages(
-              (p) => p.map((m) => m.id === id ? processed : m)
-            );
-          });
-          return prev;
-        });
+      if (updatedMessage && typeof updates.transcript === "string" && shouldResolveTranscript(updatedMessage)) {
+        transcriptCache.current.delete(id);
+        resolvedIds.current.delete(id);
+        inFlightIds.current.delete(id);
+        if (rememberResolvedTranscript(updatedMessage)) return;
+        resolveMessagesInBackground([updatedMessage]);
       }
     },
-    [rememberResolvedTranscript]
+    [messages, rememberResolvedTranscript, resolveMessagesInBackground]
   );
   useRealtimeMessages(
     conversation,
@@ -29810,8 +29906,7 @@ function useMessages(conversation, currentUserId) {
     fetchMessages();
   }, [fetchMessages]);
   const addMessage = useCallback2((msg) => {
-    if (msg.isEncrypted && msg.recording_url !== "text://plain" && isCacheableTranscriptJson(msg.transcript)) {
-      decryptedIds.current.add(msg.id);
+    if (shouldResolveTranscript(msg) && isCacheableTranscriptJson(msg.transcript)) {
       rememberResolvedTranscript(msg);
     }
     setMessages((prev) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@howler/cli",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "type": "module",
   "description": "Howler TUI — encrypted messaging from your terminal",
   "bin": {