@imweapp/openclaw-imwe 2026.4.12-alpha.1

package/src/e2ee/service.ts

@@ -0,0 +1,1273 @@
+/**
+ * e2ee/service.ts — E2EE Service 编排层
+ *
+ * 对应设计：design.md §3.1；requirements R15。
+ *
+ * 职责：
+ *   - 组合 VodozemacBinding + E2eeStore + E2eeApi + ContactSingleFlight
+ *   - 暴露 E2eeService 接口（ensureLocalDevice / encryptSingle / decryptSingle 等）
+ *   - dispose() 释放 WASM handle
+ *
+ * 本文件首期仅搭建骨架与依赖注入；各方法的具体实现由后续任务（8.2~8.9）逐步落地。
+ */
+
+import { randomUUID } from 'node:crypto';
+
+import { createE2eeApi, type E2eeApi, type CreateDeviceRequest } from './api.js';
+import { E2eeEncryptFailedError, SingleNoAvailableRecipientOrSession } from './errors.js';
+import { createE2eeStore, type E2eeStore } from './store.js';
+import {
+  E2EE_DEVICE_STATUS,
+  type PreKeyBatch,
+  type PreKeyEntry,
+  type Session as SessionEntry,
+} from './types.js';
+import {
+  createVodozemacBinding,
+  type VodozemacBinding,
+  type AccountHandle,
+  type SessionHandle,
+} from './vodozemac.js';
+import { getRegistry } from '../proto/registry.js';
+import {
+  buildDecryptErrorEnvelopeBytes,
+  encodeSingleChatReqPacket,
+  genClientMsgId,
+} from '../proto/send.codec.js';
+import { postProto } from '../api-client.js';
+import { resolveQuotedMessage } from '../recent-message-cache.js';
+import type { DecodedChatOperationEnvelope } from '../proto/proto-types.js';
+
+// ─── Logger 类型（与项目既有风格一致） ───────────────────────────────────────
+
+type Logger = {
+  info?: (...args: unknown[]) => void;
+  warn?: (...args: unknown[]) => void;
+  error?: (...args: unknown[]) => void;
+};
+
+// ─── ContactSingleFlight ────────────────────────────────────────────────────
+
+/**
+ * per-contact 并发去重工具。
+ *
+ * 同一 contactId 的并发调用共享同一次执行结果（single-flight 语义）；
+ * 不同 contactId 之间互不阻塞。错误不阻塞后续排队。
+ */
+class ContactSingleFlight {
+  private map = new Map<string, Promise<unknown>>();
+
+  async run<T>(contactId: string, fn: () => Promise<T>): Promise<T> {
+    const prev = this.map.get(contactId);
+    const next = (async () => {
+      if (prev) await prev.catch(() => {});
+      return fn();
+    })();
+    this.map.set(contactId, next);
+    try {
+      return await next;
+    } finally {
+      if (this.map.get(contactId) === next) this.map.delete(contactId);
+    }
+  }
+}
+
+// ─── E2eeService 接口 ───────────────────────────────────────────────────────
+
+/** bootstrap 所需的机器人信息 */
+export interface BotInfo {
+  botAcctId: string;
+  e2eeEnabled?: boolean;
+}
+
+/** E2EE Service 公共接口 */
+export interface E2eeService {
+  /**
+   * 幂等的本地设备 bootstrap。
+   * - 无 local → create 路径
+   * - 有 local 且与服务端 active 匹配但缺 OTK → replenish
+   * - 有 local 但服务端 active 不匹配 → 重置后 create（切设备语义）
+   * - 启动恢复：扫 preKeyBatches 把 uploading 回退 pending 并续传原 uploadId
+   */
+  ensureLocalDevice(botInfo: BotInfo): Promise<void>;
+
+  /**
+   * 出站加密。对 `to` 的活跃设备加密，返回可直接塞进
+   * PbSingleChatMsgReqBody.envelope 的 PbSingleChatMsgRecipients bytes。
+   *
+   * - 缺 session 时走 getPreKeyBundle（按设备单目标）
+   * - 发送前 peer-must-exist 校验
+   * - per-contact single-flight
+   */
+  encryptSingle(params: {
+    to: string;
+    plainBytes: Uint8Array;
+  }): Promise<{ recipientsBytes: Uint8Array; senderE2eeId: string }>;
+
+  /**
+   * 入站解密。由 inbound.codec 注入回调调用。
+   * 解不开返回 null（上层丢弃，不投递给 agent）。
+   * 解密失败路径内部会尝试发送 decryptError 信令给对端（尽力而为，失败仅 WARN）。
+   */
+  decryptSingle(params: {
+    fromId: string;
+    fromE2eeId: string;
+    toE2eeId: string;
+    e2eeSid: string;
+    encryptedBody: Uint8Array;
+    clientMsgId: string;
+    envelopeType: number;
+  }): Promise<Uint8Array | null>;
+
+  /**
+   * DEVICE_NOT_MATCH 修正。调用后上层单次重试 encryptSingle + send。
+   */
+  handleDeviceNotMatch(data: {
+    extraDevices?: Array<{ imAcctId: string; e2eeId: string }>;
+    missDevices?: Array<{ imAcctId: string; e2eeId: string }>;
+    extraImAcctIds?: string[];
+    missImAcctIds?: string[];
+  }): Promise<void>;
+
+  /**
+   * 分发入站 envelopeType=2 操作消息。
+   * - decryptError → 内部调 handleRemoteDecryptError
+   * - botThinking  → 既有 typing 路径
+   * - 其它 case    → 首期不处理，返回 skip
+   */
+  dispatchOperation(params: {
+    fromId: string;
+    fromE2eeId: string;
+    plainBytes: Uint8Array;
+  }): Promise<void>;
+
+  /**
+   * 收到对端 decryptError 信令后的处理。
+   * - 校验 content.otherE2eeId == local.e2eeId，否则忽略
+   * - 清对应 peerE2eeId 的 recipient + session
+   * - recent-message-cache 命中文本 → 用新 clientMsgId 调 sendImweText 重发
+   * - 非文本或缓存未命中 → WARN 不重发
+   */
+  handleRemoteDecryptError(params: {
+    peerImAcctId: string;
+    content: {
+      clientMsgId: string;
+      e2eeId: string;
+      otherE2eeId: string;
+    };
+  }): Promise<void>;
+
+  /** 清理单个对端的 recipient + sessions（运维接口，首期不主动调用）。 */
+  clearPeer(peerImAcctId: string): Promise<void>;
+
+  /** 释放 WASM handle（stopAccount 调用）。 */
+  dispose(): Promise<void>;
+}
+
+// ─── createE2eeService 工厂 ─────────────────────────────────────────────────
+
+export function createE2eeService(opts: {
+  accountId: string;
+  botAcctId: string;
+  apiBaseUrl: string;
+  auth: { apiKey: string; apiSecret: string };
+  stateDir: string;
+  log?: Logger;
+}): E2eeService {
+  const { accountId, botAcctId, apiBaseUrl, auth, stateDir, log } = opts;
+
+  // 组合内部依赖
+  const binding: VodozemacBinding = createVodozemacBinding();
+  const store: E2eeStore = createE2eeStore({ accountId, botAcctId, stateDir, log });
+  const api: E2eeApi = createE2eeApi({ apiBaseUrl, auth });
+  const singleFlight = new ContactSingleFlight();
+
+  // 当前活跃的 AccountHandle（bootstrap 后赋值，dispose 时清空）
+  let accountHandle: AccountHandle | null = null;
+
+  /** 启动抖动保护窗口：60 秒 */
+  const JITTER_PROTECTION_WINDOW_MS = 60_000;
+
+  /** OTK 首批生成数量 */
+  const INITIAL_OTK_COUNT = 50;
+
+  // ── 内部辅助：上传一个 pending 批次 ──────────────────────────────────────
+
+  /**
+   * 上传单个 preKeyBatch（create 或 replenish），并在成功后
+   * 同一事务内 markKeysAsPublished + 批次 synced + 新 accountPickle。
+   */
+  async function uploadBatch(
+    e2eeId: string,
+    identityKey: string,
+    uploadId: string,
+    mode: 'create' | 'replenish',
+    keys: PreKeyEntry[],
+  ): Promise<void> {
+    const prefix = `[e2ee][${accountId}]`;
+
+    // 标记为 uploading
+    await store.update((prev) => {
+      const batch = prev.preKeyBatches[uploadId];
+      if (!batch) return { next: prev, result: undefined };
+      return {
+        next: {
+          ...prev,
+          preKeyBatches: {
+            ...prev.preKeyBatches,
+            [uploadId]: { ...batch, state: 'uploading' as const, updatedAt: Date.now() },
+          },
+        },
+        result: undefined,
+      };
+    });
+
+    // 构造请求参数
+    const oneTimeKeys = keys.filter((k) => k.keyType === 'otk').map((k) => k.publicKey);
+    const fallbackKeys = keys.filter((k) => k.keyType === 'fallback').map((k) => k.publicKey);
+    const params: CreateDeviceRequest = {
+      imAcctId: botAcctId,
+      e2eeId,
+      identityKey,
+      oneTimeKeys,
+      fallbackKeys,
+    };
+
+    log?.info?.(`${prefix}: uploadBatch mode=${mode}, params=${JSON.stringify(params)}`);
+
+    // 发起 HTTP 请求
+    if (mode === 'create') {
+      await api.createDevice(params);
+    } else {
+      await api.replenish(params);
+    }
+
+    log?.info?.(`${prefix}: uploadBatch 成功: mode=${mode}, uploadId=${uploadId}`);
+
+    // 成功后：markKeysAsPublished + 批次 synced + 新 accountPickle
+    await store.update((prev) => {
+      if (!prev.local) return { next: prev, result: undefined };
+
+      // 恢复 account 以 markKeysAsPublished
+      const handle = binding.restoreAccount(prev.local.e2eeId, prev.local.accountPickle);
+      handle.markKeysAsPublished();
+      const newPickle = handle.pickle();
+      handle.dispose();
+
+      // 更新 accountHandle 引用
+      accountHandle?.dispose();
+      accountHandle = binding.restoreAccount(prev.local.e2eeId, newPickle);
+
+      return {
+        next: {
+          ...prev,
+          local: { ...prev.local, accountPickle: newPickle, updatedAt: Date.now() },
+          preKeyBatches: {
+            ...prev.preKeyBatches,
+            [uploadId]: {
+              ...prev.preKeyBatches[uploadId]!,
+              state: 'synced' as const,
+              updatedAt: Date.now(),
+            },
+          },
+        },
+        result: undefined,
+      };
+    });
+  }
+
+  // ── 内部辅助：create 路径 ─────────────────────────────────────────────────
+
+  async function doCreate(): Promise<void> {
+    const prefix = `[e2ee][${accountId}]`;
+    log?.info?.(`${prefix}: doCreate 开始`);
+
+    // 1. newAccount → 归一化
+    await binding.ready();
+    const handle = binding.newAccount();
+    const e2eeId = handle.e2eeId;
+    const identityKey = handle.identityKey();
+
+    // 2. 生成 OTK + FBK
+    const { created: otkList } = handle.generateOneTimeKeysWithInfo(INITIAL_OTK_COUNT);
+    const fbkInfo = handle.generateFallbackKey();
+    log?.info?.(
+      `${prefix}: doCreate: 生成密钥完成, otkCount=${otkList.length}, fbkKeyId=${fbkInfo.keyId}`,
+    );
+
+    // 3. pickle
+    const accountPickle = handle.pickle();
+
+    // 4. 构造 preKeyBatch keys
+    const keys: PreKeyEntry[] = [
+      ...otkList.map((k) => ({
+        keyType: 'otk' as const,
+        keyId: k.keyId,
+        publicKey: k.publicKey,
+      })),
+      { keyType: 'fallback' as const, keyId: fbkInfo.keyId, publicKey: fbkInfo.publicKey },
+    ];
+
+    const uploadId = randomUUID();
+    const now = Date.now();
+
+    // 5. 写 local + preKeyBatches[uploadId]=pending
+    await store.update((prev) => ({
+      next: {
+        ...prev,
+        local: {
+          e2eeId,
+          identityKey,
+          accountPickle,
+          createdAt: now,
+          updatedAt: now,
+        },
+        preKeyBatches: {
+          ...prev.preKeyBatches,
+          [uploadId]: {
+            uploadId,
+            mode: 'create' as const,
+            state: 'pending' as const,
+            keys,
+            retryCount: 0,
+            createdAt: now,
+            updatedAt: now,
+          },
+        },
+      },
+      result: undefined,
+    }));
+    log?.info?.(`${prefix}: doCreate: 已写入 local state, e2eeId=${e2eeId}, uploadId=${uploadId}`);
+
+    // 6. 上传（内部会 markKeysAsPublished + synced + 新 accountPickle）
+    await uploadBatch(e2eeId, identityKey, uploadId, 'create', keys);
+
+    // 7. 设置 accountHandle
+    accountHandle?.dispose();
+    const finalState = await store.snapshot();
+    if (finalState.local) {
+      accountHandle = binding.restoreAccount(
+        finalState.local.e2eeId,
+        finalState.local.accountPickle,
+      );
+    }
+
+    handle.dispose();
+    log?.info?.(`${prefix}: create 完成: e2eeId=${e2eeId}`);
+  }
+
+  // ── 内部辅助：replenish 路径 ──────────────────────────────────────────────
+
+  async function doReplenish(
+    e2eeId: string,
+    currentPickle: string,
+    requireNum: number,
+  ): Promise<void> {
+    const prefix = `[e2ee][${accountId}]`;
+    log?.info?.(`${prefix}: doReplenish 开始, e2eeId=${e2eeId}, requireNum=${requireNum}`);
+
+    // 恢复 account
+    await binding.ready();
+    const handle = binding.restoreAccount(e2eeId, currentPickle);
+
+    // 生成补充的 OTK（至少补 requireNum 个，但不少于 1）
+    const otkCount = Math.max(requireNum, 1);
+    const { created: otkList } = handle.generateOneTimeKeysWithInfo(otkCount);
+    const fbkInfo = handle.generateFallbackKey();
+    log?.info?.(
+      `${prefix}: doReplenish: 生成密钥完成, otkCount=${otkList.length}, fbkKeyId=${fbkInfo.keyId}`,
+    );
+
+    // pickle
+    const accountPickle = handle.pickle();
+
+    // 构造 keys
+    const keys: PreKeyEntry[] = [
+      ...otkList.map((k) => ({
+        keyType: 'otk' as const,
+        keyId: k.keyId,
+        publicKey: k.publicKey,
+      })),
+      { keyType: 'fallback' as const, keyId: fbkInfo.keyId, publicKey: fbkInfo.publicKey },
+    ];
+
+    const uploadId = randomUUID();
+    const now = Date.now();
+
+    // 写 preKeyBatches + 更新 accountPickle
+    await store.update((prev) => ({
+      next: {
+        ...prev,
+        local: prev.local ? { ...prev.local, accountPickle, updatedAt: now } : undefined,
+        preKeyBatches: {
+          ...prev.preKeyBatches,
+          [uploadId]: {
+            uploadId,
+            mode: 'replenish' as const,
+            state: 'pending' as const,
+            keys,
+            retryCount: 0,
+            createdAt: now,
+            updatedAt: now,
+          },
+        },
+      },
+      result: undefined,
+    }));
+
+    // 上传
+    await uploadBatch(e2eeId, e2eeId, uploadId, 'replenish', keys);
+
+    // 更新 accountHandle
+    accountHandle?.dispose();
+    const finalState = await store.snapshot();
+    if (finalState.local) {
+      accountHandle = binding.restoreAccount(
+        finalState.local.e2eeId,
+        finalState.local.accountPickle,
+      );
+    }
+
+    handle.dispose();
+    log?.info?.(`${prefix}: replenish 完成: e2eeId=${e2eeId}, 补充 ${otkCount} OTK`);
+  }
+
+  const service: E2eeService = {
+    async ensureLocalDevice(_botInfo: BotInfo): Promise<void> {
+      const prefix = `[e2ee][${accountId}]`;
+      log?.info?.(`${prefix}: ensureLocalDevice 开始`);
+      if (_botInfo.e2eeEnabled === false) {
+        throw new Error(`${prefix} Bot 未启用 E2EE`);
+      }
+
+      // ── 启动恢复：uploading → pending ──────────────────────────────────
+      let recoveredBatchCount = 0;
+      await store.update((prev) => {
+        let changed = false;
+        const nextBatches: Record<string, PreKeyBatch> = { ...prev.preKeyBatches };
+        for (const id of Object.keys(nextBatches)) {
+          const batch = nextBatches[id]!;
+          if (batch.state === 'uploading') {
+            nextBatches[id] = { ...batch, state: 'pending' as const, updatedAt: Date.now() };
+            changed = true;
+          }
+        }
+        if (!changed) return { next: prev, result: undefined };
+        recoveredBatchCount = Object.keys(nextBatches).filter(
+          (id) =>
+            nextBatches[id]!.state === 'pending' && prev.preKeyBatches[id]?.state === 'uploading',
+        ).length;
+        return { next: { ...prev, preKeyBatches: nextBatches }, result: undefined };
+      });
+      if (recoveredBatchCount > 0) {
+        log?.info?.(
+          `${prefix}: ensureLocalDevice: 恢复 ${recoveredBatchCount} 个 uploading→pending 批次`,
+        );
+      }
+
+      // ── 续传所有 pending 批次（以原 uploadId 幂等重投） ─────────────────
+      const snap = await store.snapshot();
+      for (const batchId of Object.keys(snap.preKeyBatches)) {
+        const batch = snap.preKeyBatches[batchId]!;
+        if (batch.state !== 'pending') continue;
+        if (!snap.local) continue; // 无 local 时 pending 批次无法续传，后续 create 会重建
+        log?.info?.(
+          `${prefix}: ensureLocalDevice: 续传 pending 批次, uploadId=${batch.uploadId}, mode=${batch.mode}`,
+        );
+        await uploadBatch(
+          snap.local.e2eeId,
+          snap.local.identityKey,
+          batch.uploadId,
+          batch.mode,
+          batch.keys,
+        );
+      }
+
+      // ── 判断三支路 ─────────────────────────────────────────────────────
+      const state = await store.snapshot();
+
+      if (!state.local) {
+        // 分支 A：无 local → create
+        log?.info?.(`${prefix}: bootstrap: 无 local，进入 create 路径`);
+        await doCreate();
+        log?.info?.(`${prefix}: ensureLocalDevice 完成`);
+        return;
+      }
+
+      // 有 local，查服务端密钥状态；querySupplement 是新 open-bot 接口的主入口。
+      const supplement = await api.querySupplement(state.local.e2eeId);
+      if (supplement.status === E2EE_DEVICE_STATUS.NORMAL) {
+        log?.info?.(`${prefix}: bootstrap: ready`);
+        accountHandle?.dispose();
+        accountHandle = binding.restoreAccount(state.local.e2eeId, state.local.accountPickle);
+        log?.info?.(`${prefix}: ensureLocalDevice 完成`);
+        return;
+      }
+
+      if (supplement.status === E2EE_DEVICE_STATUS.NEEDS_SUPPLEMENT) {
+        const requireNum =
+          (supplement.oneTimeKeyRequireNum ?? 0) + (supplement.fallbackKeyRequireNum ?? 0);
+        log?.info?.(`${prefix}: bootstrap: 需补充 ${requireNum} 个密钥，进入 replenish 路径`);
+        await doReplenish(state.local.e2eeId, state.local.accountPickle, requireNum);
+        log?.info?.(`${prefix}: ensureLocalDevice 完成`);
+        return;
+      }
+
+      // UNINITIALIZED 表示服务端占位密钥或本地 e2eeId 已不匹配 → 重建设备。
+      const now = Date.now();
+      const lastBootstrap = state.local.createdAt;
+      if (now - lastBootstrap < JITTER_PROTECTION_WINDOW_MS) {
+        throw new Error(
+          `${prefix} 启动抖动保护：服务端 E2EE 设备未初始化或与本地不一致，` +
+            `距上次 create 不足 ${Math.floor(JITTER_PROTECTION_WINDOW_MS / 1000)}s，中止 bootstrap`,
+        );
+      }
+
+      log?.info?.(`${prefix}: bootstrap: 服务端 UNINITIALIZED 且超过抖动窗口，进入 create 路径`);
+      await doCreate();
+      log?.info?.(`${prefix}: ensureLocalDevice 完成`);
+    },
+
+    async encryptSingle(params: {
+      to: string;
+      plainBytes: Uint8Array;
+    }): Promise<{ recipientsBytes: Uint8Array; senderE2eeId: string }> {
+      const { to, plainBytes } = params;
+      const prefix = `[e2ee][${accountId}]`;
+      log?.info?.(
+        `${prefix}: encryptSingle 开始, to=${to}, plainBytes.length=${plainBytes.length}`,
+      );
+
+      return singleFlight.run(to, async () => {
+        if (!accountHandle) {
+          throw new Error(
+            `${prefix} encryptSingle: accountHandle 未初始化，请先调用 ensureLocalDevice`,
+          );
+        }
+        const localE2eeId = accountHandle.e2eeId;
+
+        // ── 检查是否已有活跃 session，缺则按设备走 getPreKeyBundle ───────
+        let snap = await store.snapshot();
+        const findActiveSessions = (state: typeof snap): SessionEntry[] => {
+          const deviceIds = state.recipients[to]?.deviceIds ?? [];
+          return (Object.values(state.sessions) as SessionEntry[]).filter(
+            (s) =>
+              s.contactId === to &&
+              !s.staleAt &&
+              (deviceIds.length === 0 || deviceIds.includes(s.peerE2eeId)),
+          );
+        };
+
+        let activeSessions = findActiveSessions(snap);
+        const missingSessionDeviceIds = (state: typeof snap): string[] => {
+          const deviceIds = state.recipients[to]?.deviceIds ?? [];
+          if (deviceIds.length === 0) return activeSessions.length === 0 ? [''] : [];
+          const activeDeviceIds = new Set(findActiveSessions(state).map((s) => s.peerE2eeId));
+          return deviceIds.filter((deviceId) => !activeDeviceIds.has(deviceId));
+        };
+
+        const missingDeviceIds = missingSessionDeviceIds(snap);
+        for (const missingDeviceId of missingDeviceIds) {
+          // 调 getPreKeyBundle 单目标申请；otherE2eeId 为空时由服务端按账号选择设备。
+          log?.info?.(
+            `${prefix}: encryptSingle: 缺 session，向 ${to}/${missingDeviceId || '<auto>'} 申请 PreKeyBundle`,
+          );
+          const secret = await api.getPreKeyBundle({
+            otherImAcctId: to,
+            otherE2eeId: missingDeviceId,
+          });
+          log?.info?.(
+            `${prefix}: encryptSingle: getPreKeyBundle 成功, e2eeId=${secret.e2eeId}, identityKey=${secret.identityKey.slice(0, 8)}...`,
+          );
+
+          // createOutboundSession 并在一次 update 事务内写 session + recipients
+          const sessionHandle = accountHandle.createOutboundSession(
+            secret.identityKey,
+            secret.oneTimeKey,
+          );
+          log?.info?.(
+            `${prefix}: encryptSingle: createOutboundSession 成功, sessionId=${sessionHandle.sessionId}`,
+          );
+
+          const now = Date.now();
+          const sessionKey = `${to}:${secret.e2eeId}:${sessionHandle.sessionId}`;
+
+          await store.update((prev) => {
+            const existingRecipient = prev.recipients[to];
+            const deviceIds = existingRecipient?.deviceIds ?? [];
+            const nextDeviceIds = deviceIds.includes(secret.e2eeId)
+              ? deviceIds
+              : [...deviceIds, secret.e2eeId];
+
+            return {
+              next: {
+                ...prev,
+                recipients: {
+                  ...prev.recipients,
+                  [to]: {
+                    contactId: to,
+                    deviceIds: nextDeviceIds,
+                    updatedAt: now,
+                  },
+                },
+                sessions: {
+                  ...prev.sessions,
+                  [sessionKey]: {
+                    contactId: to,
+                    peerE2eeId: secret.e2eeId,
+                    sessionId: sessionHandle.sessionId,
+                    sessionPickle: sessionHandle.pickle(),
+                    isActive: true,
+                    createdAt: now,
+                    updatedAt: now,
+                  },
+                },
+              },
+              result: undefined,
+            };
+          });
+
+          sessionHandle.dispose();
+        }
+
+        // ── peer-must-exist 校验 ─────────────────────────────────────────
+        snap = await store.snapshot();
+        activeSessions = findActiveSessions(snap);
+
+        if (activeSessions.length === 0) {
+          throw new SingleNoAvailableRecipientOrSession(
+            `${prefix} encryptSingle: 协商后仍无活跃 session (to=${to})`,
+            to,
+          );
+        }
+
+        // ── 对每个活跃 session 加密 ─────────────────────────────────────
+        const deviceMsgs: Array<{ toE2eeId: string; e2eeSid: string; envelope: Uint8Array }> = [];
+        const failedSessionKeys: string[] = [];
+
+        for (const sess of activeSessions) {
+          let handle: SessionHandle | null = null;
+          log?.info?.(
+            `${prefix}: encryptSingle: 加密 session, peerE2eeId=${sess.peerE2eeId}, sessionId=${sess.sessionId}`,
+          );
+          try {
+            handle = binding.restoreSession(sess.sessionId, sess.sessionPickle);
+            const encrypted = handle.encrypt(plainBytes);
+            deviceMsgs.push({
+              toE2eeId: sess.peerE2eeId,
+              e2eeSid: sess.sessionId,
+              envelope: encrypted.body,
+            });
+
+            // 加密成功后回写新 pickle
+            const newPickle = handle.pickle();
+            const sessionKey = `${sess.contactId}:${sess.peerE2eeId}:${sess.sessionId}`;
+            await store.update((prev) => {
+              const existing = prev.sessions[sessionKey];
+              if (!existing) return { next: prev, result: undefined };
+              return {
+                next: {
+                  ...prev,
+                  sessions: {
+                    ...prev.sessions,
+                    [sessionKey]: { ...existing, sessionPickle: newPickle, updatedAt: Date.now() },
+                  },
+                },
+                result: undefined,
+              };
+            });
+          } catch {
+            // encrypt 抛错 → 标 staleAt
+            const sessionKey = `${sess.contactId}:${sess.peerE2eeId}:${sess.sessionId}`;
+            failedSessionKeys.push(sessionKey);
+            log?.warn?.(
+              `${prefix}: encryptSingle: session ${sess.sessionId} encrypt 失败，标记 stale`,
+            );
+          } finally {
+            handle?.dispose();
+          }
+        }
+
+        // 标记失败的 session 为 stale
+        if (failedSessionKeys.length > 0) {
+          await store.update((prev) => {
+            const nextSessions = { ...prev.sessions };
+            const now = Date.now();
+            for (const key of failedSessionKeys) {
+              const s = nextSessions[key];
+              if (s) {
+                nextSessions[key] = { ...s, staleAt: now, updatedAt: now };
+              }
+            }
+            return { next: { ...prev, sessions: nextSessions }, result: undefined };
+          });
+        }
+
+        // 全部失败 → 抛 E2eeEncryptFailedError
+        if (deviceMsgs.length === 0) {
+          log?.error?.(`${prefix}: encryptSingle: 所有活跃 session encrypt 均失败, to=${to}`);
+          throw new E2eeEncryptFailedError(
+            `${prefix} encryptSingle: 所有活跃 session encrypt 均失败 (to=${to})`,
+            to,
+          );
+        }
+        log?.info?.(
+          `${prefix}: encryptSingle: 加密结果汇总, 成功=${deviceMsgs.length}, 失败=${failedSessionKeys.length}`,
+        );
+
+        // ── 编码 PbSingleChatMsgRecipients bytes ─────────────────────────
+        const registry = await getRegistry();
+        const recipientsPayload = {
+          recipients: [
+            {
+              acctId: to,
+              msgs: deviceMsgs,
+            },
+          ],
+        };
+        const errMsg = registry.PbSingleChatMsgRecipients.verify(recipientsPayload);
+        if (errMsg) {
+          throw new Error(`${prefix} encryptSingle: proto verify 失败: ${errMsg}`);
+        }
+        const message = registry.PbSingleChatMsgRecipients.create(recipientsPayload);
+        const recipientsBytes = registry.PbSingleChatMsgRecipients.encode(message).finish();
+        log?.info?.(
+          `${prefix}: encryptSingle 完成, recipientsBytes.length=${recipientsBytes.length}, senderE2eeId=${localE2eeId}`,
+        );
+
+        return { recipientsBytes, senderE2eeId: localE2eeId };
+      });
+    },
+
+    async decryptSingle(params: {
+      fromId: string;
+      fromE2eeId: string;
+      toE2eeId: string;
+      e2eeSid: string;
+      encryptedBody: Uint8Array;
+      clientMsgId: string;
+      envelopeType: number;
+    }): Promise<Uint8Array | null> {
+      const prefix = `[e2ee][${accountId}]`;
+      const { fromId, fromE2eeId, toE2eeId, e2eeSid, encryptedBody } = params;
+      log?.info?.(
+        `${prefix}: decryptSingle 开始, fromId=${fromId}, fromE2eeId=${fromE2eeId}, toE2eeId=${toE2eeId}, e2eeSid=${e2eeSid}`,
+      );
+
+      // 1. 校验 toE2eeId == local.e2eeId，不匹配则返回 null（非本设备消息）
+      const snap = await store.snapshot();
+      if (!snap.local || toE2eeId !== snap.local.e2eeId) {
+        log?.warn?.(`${prefix}: decryptSingle: toE2eeId 不匹配，忽略`);
+        return null;
+      }
+
+      const msg = { body: encryptedBody };
+
+      // 2. 尝试命中已有 session（按 e2eeSid 查找）
+      const sessionKey = Object.keys(snap.sessions).find((k) => {
+        const s = snap.sessions[k]!;
+        return s.sessionId === e2eeSid && s.contactId === fromId && s.peerE2eeId === fromE2eeId;
+      });
+
+      if (sessionKey) {
+        // ── 路径 A：命中 sessionPickle ──────────────────────────────────
+        log?.info?.(`${prefix}: decryptSingle: 路径A 命中已有 session, sessionKey=${sessionKey}`);
+        const sessionEntry = snap.sessions[sessionKey]!;
+        try {
+          const sessionHandle = binding.restoreSession(
+            sessionEntry.sessionId,
+            sessionEntry.sessionPickle,
+          );
+          const plaintext = sessionHandle.decrypt(msg);
+          const newPickle = sessionHandle.pickle();
+          sessionHandle.dispose();
+          log?.info?.(
+            `${prefix}: decryptSingle: 路径A 解密成功, plaintext.length=${plaintext.length}`,
+          );
+
+          // 一次 update 写新 pickle + isActive=true
+          await store.update((prev) => ({
+            next: {
+              ...prev,
+              sessions: {
+                ...prev.sessions,
+                [sessionKey]: {
+                  ...prev.sessions[sessionKey]!,
+                  sessionPickle: newPickle,
+                  isActive: true,
+                  updatedAt: Date.now(),
+                },
+              },
+            },
+            result: undefined,
+          }));
+
+          return plaintext;
+        } catch {
+          // 解密失败 → 标 staleAt + 发 decryptError 信令
+          log?.warn?.(`${prefix}: decryptSingle: session 命中但解密失败, sessionId=${e2eeSid}`);
+          await store.update((prev) => {
+            if (!prev.sessions[sessionKey]) return { next: prev, result: undefined };
+            return {
+              next: {
+                ...prev,
+                sessions: {
+                  ...prev.sessions,
+                  [sessionKey]: {
+                    ...prev.sessions[sessionKey]!,
+                    staleAt: Date.now(),
+                    updatedAt: Date.now(),
+                  },
+                },
+              },
+              result: undefined,
+            };
+          });
+          // 尽力发送 decryptError 信令（失败仅 WARN，不阻塞主路径）
+          await sendDecryptErrorSignaling({ fromId, fromE2eeId, clientMsgId: params.clientMsgId });
+          return null;
+        }
+      }
+
+      // ── 路径 B：未命中，尝试 PreKey 新建 inbound session ────────────────
+      log?.info?.(`${prefix}: decryptSingle: 路径B 尝试 PreKey 新建 inbound session`);
+      try {
+        const acctHandle = binding.restoreAccount(snap.local.e2eeId, snap.local.accountPickle);
+        const { session: newSession, plaintext, oneTimeKey } = acctHandle.createInboundSession(msg);
+        log?.info?.(
+          `${prefix}: decryptSingle: 路径B createInboundSession 成功, newSessionId=${newSession.sessionId}, plaintext.length=${plaintext.length}`,
+        );
+
+        // 隐式确认：检查 oneTimeKey 是否仍未发布 → markKeysAsPublished
+        const unpublished = acctHandle.unpublishedOneTimeKeyCount();
+        if (unpublished > 0) {
+          // 检查返回的 oneTimeKey 是否在未发布列表中
+          const unpublishedKeys = acctHandle.oneTimeKeysWithInfo();
+          const stillUnpublished = unpublishedKeys.some((k) => k.publicKey === oneTimeKey);
+          if (stillUnpublished) {
+            acctHandle.markKeysAsPublished();
+            log?.info?.(
+              `${prefix}: decryptSingle: 路径B OTK 确认, oneTimeKey=${oneTimeKey.slice(0, 8)}..., markKeysAsPublished`,
+            );
+          }
+        }
+
+        // 重新 pickle account
+        const newAccountPickle = acctHandle.pickle();
+        acctHandle.dispose();
+
+        // pickle 新 session
+        const newSessionId = newSession.sessionId;
+        const newSessionPickle = newSession.pickle();
+        newSession.dispose();
+
+        // 查 preKeyBatches：oneTimeKey 命中某 pending/uploading 批次 → 标 synced
+        // 陌生 OTK 不制造幽灵批次
+        const now = Date.now();
+
+        // 同一 update 事务内写 account + session + recipients + preKeyBatches
+        await store.update((prev) => {
+          if (!prev.local) return { next: prev, result: undefined };
+
+          // 更新 preKeyBatches：查找含该 oneTimeKey 的 pending/uploading 批次
+          const nextBatches = { ...prev.preKeyBatches };
+          for (const batchId of Object.keys(nextBatches)) {
+            const batch = nextBatches[batchId]!;
+            if (batch.state !== 'pending' && batch.state !== 'uploading') continue;
+            const hasKey = batch.keys.some(
+              (k) => k.keyType === 'otk' && k.publicKey === oneTimeKey,
+            );
+            if (hasKey) {
+              nextBatches[batchId] = { ...batch, state: 'synced' as const, updatedAt: now };
+            }
+          }
+
+          // 新 session key
+          const sessKey = `${fromId}:${fromE2eeId}:${newSessionId}`;
+
+          // 更新 recipients
+          const existingRecipient = prev.recipients[fromId];
+          const deviceIds = existingRecipient?.deviceIds ?? [];
+          const updatedDeviceIds = deviceIds.includes(fromE2eeId)
+            ? deviceIds
+            : [...deviceIds, fromE2eeId];
+          return {
+            next: {
+              ...prev,
+              local: { ...prev.local, accountPickle: newAccountPickle, updatedAt: now },
+              sessions: {
+                ...prev.sessions,
+                [sessKey]: {
+                  contactId: fromId,
+                  peerE2eeId: fromE2eeId,
+                  sessionId: newSessionId,
+                  sessionPickle: newSessionPickle,
+                  isActive: true,
+                  createdAt: now,
+                  updatedAt: now,
+                },
+              },
+              recipients: {
+                ...prev.recipients,
+                [fromId]: {
+                  contactId: fromId,
+                  deviceIds: updatedDeviceIds,
+                  updatedAt: now,
+                },
+              },
+              preKeyBatches: nextBatches,
+            },
+            result: undefined,
+          };
+        });
+
+        // 更新内存中的 accountHandle
+        accountHandle?.dispose();
+        accountHandle = binding.restoreAccount(snap.local.e2eeId, newAccountPickle);
+
+        log?.info?.(
+          `${prefix}: decryptSingle: 路径B 返回明文, plaintext.length=${plaintext.length}`,
+        );
+        return plaintext;
+      } catch {
+        // createInboundSession 失败 → 发 decryptError 信令
+        log?.warn?.(
+          `${prefix}: decryptSingle: createInboundSession 失败, fromE2eeId=${fromE2eeId}`,
+        );
+        // 尽力发送 decryptError 信令（失败仅 WARN，不阻塞主路径）
+        await sendDecryptErrorSignaling({ fromId, fromE2eeId, clientMsgId: params.clientMsgId });
+        return null;
+      }
+    },
+
+    async handleDeviceNotMatch(data: {
+      extraDevices?: Array<{ imAcctId: string; e2eeId: string }>;
+      missDevices?: Array<{ imAcctId: string; e2eeId: string }>;
+      extraImAcctIds?: string[];
+      missImAcctIds?: string[];
+    }): Promise<void> {
+      const prefix = `[e2ee][${accountId}]`;
+      const { extraDevices = [], missDevices = [] } = data;
+      // 单聊场景忽略账号级 extraImAcctIds / missImAcctIds
+      log?.info?.(
+        `${prefix}: handleDeviceNotMatch 开始, extraDevices=[${extraDevices.map((d) => `${d.imAcctId}:${d.e2eeId}`).join(',')}], missDevices=[${missDevices.map((d) => `${d.imAcctId}:${d.e2eeId}`).join(',')}]`,
+      );
+
+      if (extraDevices.length === 0 && missDevices.length === 0) {
+        log?.info?.(`${prefix}: handleDeviceNotMatch: 无 device 级变更，跳过`);
+        return;
+      }
+
+      await store.update((prev) => {
+        const now = Date.now();
+        const nextRecipients = { ...prev.recipients };
+        const nextSessions = { ...prev.sessions };
+
+        // 按 imAcctId 分组处理
+        const contactIds = new Set([
+          ...extraDevices.map((d) => d.imAcctId),
+          ...missDevices.map((d) => d.imAcctId),
+        ]);
+
+        for (const contactId of contactIds) {
+          const oldDeviceIds = new Set(nextRecipients[contactId]?.deviceIds ?? []);
+          const missForContact = missDevices
+            .filter((d) => d.imAcctId === contactId)
+            .map((d) => d.e2eeId);
+          const extraForContact = extraDevices
+            .filter((d) => d.imAcctId === contactId)
+            .map((d) => d.e2eeId);
+
+          // (old ∪ miss) \ extra
+          for (const id of missForContact) oldDeviceIds.add(id);
+          for (const id of extraForContact) oldDeviceIds.delete(id);
+
+          // 更新 recipients
+          const newDeviceIds = [...oldDeviceIds];
+          log?.info?.(
+            `${prefix}: handleDeviceNotMatch: contactId=${contactId}, 变更前deviceIds=[${nextRecipients[contactId]?.deviceIds?.join(',') ?? ''}], 变更后deviceIds=[${newDeviceIds.join(',')}]`,
+          );
+          if (newDeviceIds.length > 0) {
+            nextRecipients[contactId] = {
+              ...(nextRecipients[contactId] ?? { contactId, updatedAt: now }),
+              contactId,
+              deviceIds: newDeviceIds,
+              updatedAt: now,
+            };
+          } else {
+            delete nextRecipients[contactId];
+          }
+
+          // extra 对应 sessions 标 staleAt
+          const extraE2eeIds = new Set(extraForContact);
+          for (const sessionKey of Object.keys(nextSessions)) {
+            const session = nextSessions[sessionKey]!;
+            if (session.contactId === contactId && extraE2eeIds.has(session.peerE2eeId)) {
+              nextSessions[sessionKey] = { ...session, staleAt: now, updatedAt: now };
+            }
+          }
+        }
+
+        return {
+          next: { ...prev, recipients: nextRecipients, sessions: nextSessions },
+          result: undefined,
+        };
+      });
+
+      log?.info?.(
+        `${prefix}: handleDeviceNotMatch 完成: extra=${extraDevices.length}, miss=${missDevices.length}`,
+      );
+    },
+
+    async dispatchOperation(params: {
+      fromId: string;
+      fromE2eeId: string;
+      plainBytes: Uint8Array;
+    }): Promise<void> {
+      const prefix = `[e2ee][${accountId}]`;
+      const { fromId, plainBytes } = params;
+      log?.info?.(
+        `${prefix}: dispatchOperation 开始, fromId=${fromId}, plainBytes.length=${plainBytes.length}`,
+      );
+
+      // 解码 PbChatOperationEnvelope
+      const registry = await getRegistry();
+      let envelope: DecodedChatOperationEnvelope;
+      try {
+        const decoded = registry.PbChatOperationEnvelope.decode(plainBytes);
+        envelope = decoded as unknown as DecodedChatOperationEnvelope;
+        log?.info?.(
+          `${prefix}: dispatchOperation: 解码成功, oneof case=${envelope.decryptError ? 'decryptError' : envelope.botThinking ? 'botThinking' : envelope.msgRead ? 'msgRead' : 'unknown'}`,
+        );
+      } catch (err) {
+        log?.warn?.(`${prefix}: dispatchOperation: PbChatOperationEnvelope 解码失败: ${err}`);
+        return;
+      }
+
+      // 按 oneof case 分发
+      if (envelope.decryptError) {
+        // decryptError → handleRemoteDecryptError
+        const content = envelope.decryptError;
+        await this.handleRemoteDecryptError({
+          peerImAcctId: fromId,
+          content: {
+            clientMsgId: content.clientMsgId,
+            e2eeId: content.e2eeId,
+            otherE2eeId: content.otherE2eeId,
+          },
+        });
+      } else if (envelope.botThinking) {
+        // botThinking → 首期仅日志，复用既有 typing 路径由上层处理
+        log?.info?.(
+          `${prefix}: dispatchOperation: 收到 botThinking 信号, status=${envelope.botThinking.status}`,
+        );
+      } else if (envelope.msgRead) {
+        log?.info?.(
+          `${prefix}: dispatchOperation: 收到 msgRead, clientMsgIds=${(envelope.msgRead as { clientMsgIds?: string[] }).clientMsgIds?.join(',')}`,
+        );
+      } else {
+        log?.warn?.(`${prefix}: dispatchOperation: 未知操作类型，忽略`);
+      }
+    },
+
+    async handleRemoteDecryptError(params: {
+      peerImAcctId: string;
+      content: {
+        clientMsgId: string;
+        e2eeId: string;
+        otherE2eeId: string;
+      };
+    }): Promise<void> {
+      const prefix = `[e2ee][${accountId}]`;
+      const { peerImAcctId, content } = params;
+      log?.info?.(
+        `${prefix}: handleRemoteDecryptError 开始, peerImAcctId=${peerImAcctId}, clientMsgId=${content.clientMsgId}, e2eeId=${content.e2eeId}, otherE2eeId=${content.otherE2eeId}`,
+      );
+
+      // 方向校验：content.otherE2eeId 应等于本地 e2eeId
+      const snap = await store.snapshot();
+      if (!snap.local) {
+        log?.warn?.(`${prefix}: handleRemoteDecryptError: local 未初始化，忽略`);
+        return;
+      }
+      if (content.otherE2eeId !== snap.local.e2eeId) {
+        log?.info?.(
+          `${prefix}: handleRemoteDecryptError: 方向校验失败 otherE2eeId=${content.otherE2eeId} != local.e2eeId=${snap.local.e2eeId}，忽略`,
+        );
+        return;
+      }
+
+      // 在一次 update 事务内：标 staleAt + 移除 recipient deviceId
+      await store.update((prev) => {
+        const now = Date.now();
+        const nextSessions = { ...prev.sessions };
+        const nextRecipients = { ...prev.recipients };
+
+        // 把 sessions["${peerImAcctId}:${content.e2eeId}:*"] 标 staleAt
+        for (const sessionKey of Object.keys(nextSessions)) {
+          if (sessionKey.startsWith(`${peerImAcctId}:${content.e2eeId}:`)) {
+            const session = nextSessions[sessionKey]!;
+            nextSessions[sessionKey] = { ...session, staleAt: now, updatedAt: now };
+          }
+        }
+
+        // 把 recipients[peerImAcctId].deviceIds 中对应 content.e2eeId 移除
+        const recipient = nextRecipients[peerImAcctId];
+        if (recipient) {
+          const nextDeviceIds = recipient.deviceIds.filter((id) => id !== content.e2eeId);
+          if (nextDeviceIds.length > 0) {
+            nextRecipients[peerImAcctId] = {
+              ...recipient,
+              deviceIds: nextDeviceIds,
+              updatedAt: now,
+            };
+          } else {
+            delete nextRecipients[peerImAcctId];
+          }
+        }
+
+        return {
+          next: { ...prev, sessions: nextSessions, recipients: nextRecipients },
+          result: undefined,
+        };
+      });
+
+      log?.info?.(
+        `${prefix}: handleRemoteDecryptError: 已清理 peer=${peerImAcctId} e2eeId=${content.e2eeId} 的 session/recipient`,
+      );
+
+      // 查 recent-message-cache 命中原文本 → 重发
+      const cached = resolveQuotedMessage(peerImAcctId, content.clientMsgId);
+      if (!cached) {
+        log?.warn?.(
+          `${prefix}: handleRemoteDecryptError: 缓存未命中 clientMsgId=${content.clientMsgId}，不重发`,
+        );
+        return;
+      }
+
+      // 仅文本消息重发；非文本（如 [media]、[markdown]）不重发
+      if (
+        cached.body.startsWith('[') &&
+        (cached.body === '[media]' || cached.body === '[markdown]')
+      ) {
+        log?.warn?.(
+          `${prefix}: handleRemoteDecryptError: 原消息非文本(body=${cached.body})，不重发`,
+        );
+        return;
+      }
+
+      // 用新 clientMsgId 调 sendTextToPeer 重发（动态导入避免循环依赖）
+      const newClientMsgId = randomUUID();
+      log?.info?.(
+        `${prefix}: handleRemoteDecryptError: 开始重发, peer=${peerImAcctId}, oldClientMsgId=${content.clientMsgId}, newClientMsgId=${newClientMsgId}`,
+      );
+      try {
+        const { sendTextToPeer } = await import('../send.js');
+        await sendTextToPeer(
+          { apiBaseUrl, auth, accountId, fromId: botAcctId, e2eeService: service, log },
+          { to: peerImAcctId, text: cached.body, clientMsgId: newClientMsgId },
+        );
+        log?.info?.(
+          `${prefix}: handleRemoteDecryptError: 重发成功 peer=${peerImAcctId} newClientMsgId=${newClientMsgId}`,
+        );
+      } catch (err) {
+        log?.warn?.(
+          `${prefix}: handleRemoteDecryptError: 重发失败 peer=${peerImAcctId} clientMsgId=${content.clientMsgId}, err: ${err}`,
+        );
+      }
+    },
+
+    async clearPeer(peerImAcctId: string): Promise<void> {
+      const prefix = `[e2ee][${accountId}]`;
+
+      await store.update((prev) => {
+        const now = Date.now();
+        const nextRecipients = { ...prev.recipients };
+        const nextSessions = { ...prev.sessions };
+
+        // 删除 recipients[peerImAcctId]
+        delete nextRecipients[peerImAcctId];
+
+        // 删除所有 key 以 `${peerImAcctId}:` 开头的 session
+        for (const sessionKey of Object.keys(nextSessions)) {
+          if (sessionKey.startsWith(`${peerImAcctId}:`)) {
+            delete nextSessions[sessionKey];
+          }
+        }
+
+        return {
+          next: { ...prev, recipients: nextRecipients, sessions: nextSessions },
+          result: undefined,
+        };
+      });
+
+      log?.info?.(`${prefix}: clearPeer 完成: peer=${peerImAcctId}`);
+    },
+
+    async dispose(): Promise<void> {
+      // 释放 WASM handle
+      if (accountHandle) {
+        accountHandle.dispose();
+        accountHandle = null;
+      }
+    },
+  };
+
+  // ── 内部辅助：解密失败后发送 decryptError 信令（尽力而为） ────────────────
+
+  /**
+   * 解密失败后向原发送方回发 decryptError 信令（明文，不经过 session 加密）。
+   * 整个流程 try/catch 包裹：失败仅 WARN，不重试，不阻塞主路径。
+   *
+   * 与 iOS 对齐：decryptError 信令走明文通道（createGroupSignalPlainMsgReqBody），
+   * 因为解密失败时 session 可能已损坏，无法再用于加密。
+   */
+  async function sendDecryptErrorSignaling(params: {
+    fromId: string;
+    fromE2eeId: string;
+    clientMsgId: string;
+  }): Promise<void> {
+    const prefix = `[e2ee][${accountId}]`;
+    try {
+      const snap = await store.snapshot();
+      if (!snap.local) return;
+
+      log?.info?.(
+        `${prefix}: sendDecryptErrorSignaling: 发送前, fromId=${params.fromId}, clientMsgId=${params.clientMsgId}`,
+      );
+
+      // 1. 构造 PbMessageDecryptErrorSendContent
+      const content = {
+        clientMsgId: params.clientMsgId,
+        e2eeId: snap.local.e2eeId,
+        otherE2eeId: params.fromE2eeId,
+      };
+
+      // 2. 构造 PbChatOperationEnvelope(decryptError) bytes
+      const opEnvelopeBytes = await buildDecryptErrorEnvelopeBytes(content);
+
+      // 3. 明文发送：直接把 opEnvelopeBytes 作为 envelope，不经过 encryptSingle
+      const signalingClientMsgId = genClientMsgId();
+      const packetBytes = await encodeSingleChatReqPacket({
+        fromId: botAcctId,
+        to: params.fromId,
+        clientMsgId: signalingClientMsgId,
+        envelopeBytes: opEnvelopeBytes,
+        e2eeFlag: true,
+        fromE2eeId: snap.local.e2eeId,
+        envelopeType: 2,
+      });
+
+      await postProto(apiBaseUrl, '/api/im/open/bot/sendMessage', packetBytes, auth);
+      log?.info?.(
+        `${prefix}: sendDecryptErrorSignaling: 发送成功, fromId=${params.fromId}, clientMsgId=${params.clientMsgId}`,
+      );
+    } catch (err) {
+      log?.warn?.(
+        `${prefix}: decryptError 信令发送失败 (peerImAcctId=${params.fromId}, clientMsgId=${params.clientMsgId}): ${err}`,
+      );
+    }
+  }
+
+  return service;
+}