@kraki/tentacle 0.15.4 → 0.16.1

package/dist/mcp/tools/show-image.js

@@ -0,0 +1,98 @@
+import { existsSync, readFileSync, statSync } from 'node:fs';
+import { extname } from 'node:path';
+/** Hard cap on a single image's raw bytes. Stays well under the relay 10 MB
+ *  frame cap once base64 + JSON wrapping + RSA-OAEP per-recipient keys are
+ *  added by the broadcast path. */
+export const SHOW_IMAGE_MAX_BYTES = 8 * 1024 * 1024;
+/** Allowed image MIME types, keyed by lowercase file extension. */
+export const SHOW_IMAGE_MIME_BY_EXT = {
+    '.png': 'image/png',
+    '.jpg': 'image/jpeg',
+    '.jpeg': 'image/jpeg',
+    '.webp': 'image/webp',
+    '.gif': 'image/gif',
+};
+export const SHOW_IMAGE_TOOL_NAME = 'show_image';
+const DESCRIPTION = 'Display an image to the user in the Kraki chat. Use this when you want to ' +
+    'visually present something to the user — a screenshot, diagram, chart, or ' +
+    'generated graphic. For images you only need to inspect for your own ' +
+    'reasoning, use the standard view/read tools instead; those appear as ' +
+    'collapsible attachments rather than inline displays.';
+export const showImageHandler = async (args, _ctx) => {
+    const path = args.path;
+    if (typeof path !== 'string' || path.length === 0) {
+        return errorResult('Argument "path" is required and must be a non-empty string.');
+    }
+    if (!path.startsWith('/')) {
+        return errorResult('Argument "path" must be an absolute path (start with "/").');
+    }
+    if (!existsSync(path)) {
+        return errorResult(`File not found: ${path}`);
+    }
+    let stat;
+    try {
+        stat = statSync(path);
+    }
+    catch (err) {
+        return errorResult(`Could not stat file: ${err.message}`);
+    }
+    if (!stat.isFile()) {
+        return errorResult(`Not a regular file: ${path}`);
+    }
+    if (stat.size > SHOW_IMAGE_MAX_BYTES) {
+        return errorResult(`Image too large: ${stat.size} bytes (max ${SHOW_IMAGE_MAX_BYTES}). ` +
+            `Resize or compress before calling show_image.`);
+    }
+    const ext = extname(path).toLowerCase();
+    const mimeType = SHOW_IMAGE_MIME_BY_EXT[ext];
+    if (!mimeType) {
+        return errorResult(`Unsupported image type "${ext || '(no extension)'}". ` +
+            `Supported: ${Object.keys(SHOW_IMAGE_MIME_BY_EXT).join(', ')}`);
+    }
+    let bytes;
+    try {
+        bytes = readFileSync(path);
+    }
+    catch (err) {
+        return errorResult(`Failed to read file: ${err.message}`);
+    }
+    const caption = typeof args.caption === 'string' ? args.caption.trim() : '';
+    const text = caption
+        ? `Image displayed to user. Caption: ${caption}`
+        : 'Image displayed to user.';
+    return {
+        content: [
+            { type: 'image', mimeType, data: bytes.toString('base64') },
+            { type: 'text', text },
+        ],
+    };
+};
+function errorResult(message) {
+    return {
+        content: [{ type: 'text', text: message }],
+        isError: true,
+    };
+}
+export const showImageTool = {
+    definition: {
+        name: SHOW_IMAGE_TOOL_NAME,
+        description: DESCRIPTION,
+        inputSchema: {
+            type: 'object',
+            properties: {
+                path: {
+                    type: 'string',
+                    description: 'Absolute path to the image file on disk. Supported formats: PNG, JPEG, WebP, GIF (non-animated).',
+                },
+                caption: {
+                    type: 'string',
+                    description: 'Optional caption shown alongside the image.',
+                },
+            },
+            required: ['path'],
+            additionalProperties: false,
+        },
+    },
+    handler: showImageHandler,
+};
+//# sourceMappingURL=show-image.js.map

package/dist/mcp/tools/show-image.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"show-image.js","sourceRoot":"","sources":["../../../src/mcp/tools/show-image.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC;;mCAEmC;AACnC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAEpD,mEAAmE;AACnE,MAAM,CAAC,MAAM,sBAAsB,GAAqC;IACtE,MAAM,EAAE,WAAW;IACnB,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,YAAY;IACrB,OAAO,EAAE,YAAY;IACrB,MAAM,EAAE,WAAW;CACpB,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAEjD,MAAM,WAAW,GACf,4EAA4E;IAC5E,4EAA4E;IAC5E,sEAAsE;IACtE,uEAAuE;IACvE,sDAAsD,CAAC;AAEzD,MAAM,CAAC,MAAM,gBAAgB,GAAgB,KAAK,EAAE,IAAI,EAAE,IAAI,EAA0B,EAAE;IACxF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACvB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,OAAO,WAAW,CAAC,6DAA6D,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,WAAW,CAAC,4DAA4D,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,WAAW,CAAC,mBAAmB,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,wBAAyB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QACnB,OAAO,WAAW,CAAC,uBAAuB,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,GAAG,oBAAoB,EAAE,CAAC;QACrC,OAAO,WAAW,CAChB,oBAAoB,IAAI,CAAC,IAAI,eAAe,oBAAoB,KAAK;YACnE,+CAA+C,CAClD,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,WAAW,CAChB,2BAA2B,GAAG,IAAI,gBAAgB,KAAK;YACrD,cAAc,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjE,CAAC;IACJ,CAAC;IAED,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,wBAAyB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5E,MAAM,IAAI,GAAG,OAAO;QAClB,CAAC,CAAC,qCAAqC,OAAO,EAAE;QAChD,CAAC,CAAC,0BAA0B,CAAC;IAE/B,OAAO;QACL,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;YAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;SACvB;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC1C,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,aAAa,GAAmB;IAC3C,UAAU,EAAE;QACV,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EACT,kGAAkG;iBACrG;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;YAClB,oBAAoB,EAAE,KAAK;SAC5B;KACF;IACD,OAAO,EAAE,gBAAgB;CAC1B,CAAC"}

package/dist/relay-client.d.ts

@@ -62,13 +62,26 @@ export declare class RelayClient {
     private static readonly STALE_THRESHOLD;
     /** How often to check for stale connection (ms) */
     private static readonly STALE_CHECK_INTERVAL;
+    /** Highest relaySeq received from head on this connection. Echoed back as
+     *  `ack` in outbound messages so head can prune its in-flight buffer. */
+    private lastReceivedRelaySeq;
+    /** Recent relaySeqs already processed — used to silently drop duplicate
+     *  retries from head. Bounded; cleared on reconnect. */
+    private seenRelaySeqs;
+    private static readonly RELAY_SEQ_DEDUP_WINDOW;
     /** Called when relay state changes */
     onStateChange: ((state: RelayClientState) => void) | null;
     /** Called on auth success */
     onAuthenticated: ((info: AuthOkMessage) => void) | null;
     /** Called on fatal error (won't reconnect) */
     onFatalError: ((message: string) => void) | null;
-    constructor(adapter: AgentAdapter, sessionManager: SessionManager, options: RelayClientOptions, keyManager?: KeyManager | null);
+    constructor(adapter: AgentAdapter, sessionManager: SessionManager, options: RelayClientOptions, keyManager?: KeyManager | null, attachmentStore?: import('./attachment-store.js').AttachmentStore);
+    private readonly attachmentStore?;
+    /** Track attachment ids already broadcast per session — prevents double-push
+     *  if the agent calls show_image twice with the same image bytes. The
+     *  receiving devices still see the ref each time (so the chat history is
+     *  correct); they just don't get a redundant byte broadcast. */
+    private broadcastedAttachmentIds;
     /**
      * Connect to the relay. Auto-reconnects on disconnect.
      */
@@ -112,11 +125,33 @@ export declare class RelayClient {
      * Handle a per-session replay request from a reconnecting app.
      */
     private handleSessionReplay;
+    /** Plaintext chunk budget for `attachment_data` envelopes.
+     *  Stays under the relay's 10 MB frame cap after base64 + envelope. */
+    private static readonly ATTACHMENT_CHUNK_BYTES;
+    /**
+     * Stream an attachment's bytes to all connected consumers as
+     * `attachment_data` chunks. Called immediately after the producer fires
+     * a `tool_complete` carrying the matching `AttachmentRef`. Skipped if
+     * we've already broadcast this id within the session.
+     */
+    private broadcastAttachmentBytes;
+    /**
+     * Serve a `request_attachment` from a consumer device. Reads from the
+     * AttachmentStore, encrypts chunked unicasts to the requester only.
+     */
+    private handleRequestAttachment;
+    private unicastAttachmentError;
     /**
      * Write web app debug logs to a local file.
      */
     private handleClientLog;
     private send;
+    /** Inject cumulative ack into an outbound envelope. Piggybacks delivery
+     *  acknowledgments on existing traffic — no dedicated ack message. */
+    private withAck;
+    /** Update inbound relaySeq tracking. Returns true if this is a duplicate
+     *  retry from head and should be silently dropped. */
+    private trackInboundRelaySeq;
     /**
      * Encrypt and send a message to the relay as a BroadcastEnvelope.
      */

package/dist/relay-client.js

@@ -41,6 +41,9 @@ export class RelayClient {
         'session_model_set',
         'session_pinned',
         'session_read',
+        // attachment_data carries raw bytes and is regeneratable from the
+        // AttachmentStore — never persisted into messages.jsonl.
+        'attachment_data',
     ]);
     /** Global seq counter for envelope ordering (not used for replay — per-session seq handles that). */
     seqCounter = 0;
@@ -61,19 +64,34 @@ export class RelayClient {
     static STALE_THRESHOLD = 60_000;
     /** How often to check for stale connection (ms) */
     static STALE_CHECK_INTERVAL = 10_000;
+    // ── Delivery assurance state (per-connection) ──────────────
+    /** Highest relaySeq received from head on this connection. Echoed back as
+     *  `ack` in outbound messages so head can prune its in-flight buffer. */
+    lastReceivedRelaySeq = 0;
+    /** Recent relaySeqs already processed — used to silently drop duplicate
+     *  retries from head. Bounded; cleared on reconnect. */
+    seenRelaySeqs = new Set();
+    static RELAY_SEQ_DEDUP_WINDOW = 200;
     /** Called when relay state changes */
     onStateChange = null;
     /** Called on auth success */
     onAuthenticated = null;
     /** Called on fatal error (won't reconnect) */
     onFatalError = null;
-    constructor(adapter, sessionManager, options, keyManager) {
+    constructor(adapter, sessionManager, options, keyManager, attachmentStore) {
         this.adapter = adapter;
         this.sessionManager = sessionManager;
         this.options = options;
         this.keyManager = keyManager ?? null;
+        this.attachmentStore = attachmentStore;
         this.wireAdapterEvents();
     }
+    attachmentStore;
+    /** Track attachment ids already broadcast per session — prevents double-push
+     *  if the agent calls show_image twice with the same image bytes. The
+     *  receiving devices still see the ref each time (so the chat history is
+     *  correct); they just don't get a redundant byte broadcast. */
+    broadcastedAttachmentIds = new Map();
     /**
      * Connect to the relay. Auto-reconnects on disconnect.
      */
@@ -82,6 +100,9 @@ export class RelayClient {
             return;
         this.intentionalDisconnect = false;
         this.setState('connecting');
+        // Reset delivery-assurance state — relaySeq is per-connection.
+        this.lastReceivedRelaySeq = 0;
+        this.seenRelaySeqs.clear();
         const ws = new WebSocket(this.options.relayUrl);
         this.ws = ws;
         ws.on('open', () => {
@@ -100,6 +121,9 @@ export class RelayClient {
             this.lastActivityAt = Date.now();
             try {
                 const msg = JSON.parse(data.toString());
+                // Dedup duplicate retries from head silently.
+                if (this.trackInboundRelaySeq(msg))
+                    return;
                 this.handleMessage(msg);
             }
             catch {
@@ -208,7 +232,10 @@ export class RelayClient {
         }
         if (msg.type === 'ping') {
             if (this.ws?.readyState === WebSocket.OPEN) {
-                this.ws.send(JSON.stringify({ type: 'pong' }));
+                const pong = { type: 'pong' };
+                if (this.lastReceivedRelaySeq > 0)
+                    pong.ack = this.lastReceivedRelaySeq;
+                this.ws.send(JSON.stringify(pong));
             }
             return;
         }
@@ -328,6 +355,12 @@ export class RelayClient {
             this.handleImportSession(msg);
             return;
         }
+        if (msg.type === 'request_attachment') {
+            this.handleRequestAttachment(msg).catch((err) => {
+                logger.warn({ err, attachmentId: msg.payload?.id }, 'request_attachment failed');
+            });
+            return;
+        }
         const sessionId = msg.sessionId;
         if (!sessionId)
             return;
@@ -863,6 +896,17 @@ export class RelayClient {
                 },
             });
         };
+        this.adapter.onAttachmentBytes = (sessionId, event) => {
+            // Fire-and-forget — chunks are streamed from disk and pushed via the
+            // normal broadcast queue. We deliberately don't block onToolComplete
+            // on chunk delivery; both events ride the same WS queue so ordering
+            // (ref-first, chunks-after) is preserved naturally.
+            for (const ref of event.refs) {
+                this.broadcastAttachmentBytes(sessionId, ref).catch((err) => {
+                    logger.warn({ err, sessionId, attachmentId: ref.id }, 'failed to broadcast attachment bytes');
+                });
+            }
+        };
         this.adapter.onIdle = (sessionId) => {
             this.sessionManager.markIdle(sessionId);
             const usage = this.adapter.getSessionUsage(sessionId) ?? undefined;
@@ -1011,6 +1055,111 @@ export class RelayClient {
         };
         this.sendUnicastTo(requesterDeviceId, requesterKey, batchMsg);
     }
+    // ── Attachment bytes ────────────────────────────────
+    /** Plaintext chunk budget for `attachment_data` envelopes.
+     *  Stays under the relay's 10 MB frame cap after base64 + envelope. */
+    static ATTACHMENT_CHUNK_BYTES = 2 * 1024 * 1024;
+    /**
+     * Stream an attachment's bytes to all connected consumers as
+     * `attachment_data` chunks. Called immediately after the producer fires
+     * a `tool_complete` carrying the matching `AttachmentRef`. Skipped if
+     * we've already broadcast this id within the session.
+     */
+    async broadcastAttachmentBytes(sessionId, ref) {
+        if (!this.attachmentStore) {
+            logger.warn({ sessionId, attachmentId: ref.id }, 'no attachment store — skipping broadcast');
+            return;
+        }
+        let seen = this.broadcastedAttachmentIds.get(sessionId);
+        if (!seen) {
+            seen = new Set();
+            this.broadcastedAttachmentIds.set(sessionId, seen);
+        }
+        if (seen.has(ref.id))
+            return;
+        seen.add(ref.id);
+        const total = Math.max(1, Math.ceil(ref.size / RelayClient.ATTACHMENT_CHUNK_BYTES));
+        let index = 0;
+        for (const chunk of this.attachmentStore.stream(sessionId, ref.id, RelayClient.ATTACHMENT_CHUNK_BYTES)) {
+            this.send({
+                type: 'attachment_data',
+                sessionId,
+                payload: {
+                    id: ref.id,
+                    index,
+                    total,
+                    mimeType: ref.mimeType,
+                    data: chunk.toString('base64'),
+                },
+            });
+            index += 1;
+        }
+        if (index === 0) {
+            // The ref was emitted but bytes are no longer on disk — odd state, but
+            // notify consumers with a structured error so they don't sit on a
+            // pending placeholder forever.
+            logger.warn({ sessionId, attachmentId: ref.id }, 'no bytes on disk for ref, sending error chunk');
+            this.send({
+                type: 'attachment_data',
+                sessionId,
+                payload: { id: ref.id, index: 0, total: 0, mimeType: ref.mimeType, data: '', error: 'not_found' },
+            });
+        }
+    }
+    /**
+     * Serve a `request_attachment` from a consumer device. Reads from the
+     * AttachmentStore, encrypts chunked unicasts to the requester only.
+     */
+    async handleRequestAttachment(msg) {
+        if (msg.type !== 'request_attachment')
+            return;
+        const { id, sessionId } = msg.payload;
+        const requesterDeviceId = msg.deviceId;
+        const requesterKey = this.consumerKeys.get(requesterDeviceId);
+        if (!requesterKey) {
+            logger.warn({ requesterDeviceId }, 'request_attachment: no key for requester');
+            return;
+        }
+        if (!this.attachmentStore) {
+            this.unicastAttachmentError(requesterDeviceId, requesterKey, sessionId, id, 'not_found');
+            return;
+        }
+        const got = this.attachmentStore.read(sessionId, id);
+        if (!got) {
+            this.unicastAttachmentError(requesterDeviceId, requesterKey, sessionId, id, 'not_found');
+            return;
+        }
+        const total = Math.max(1, Math.ceil(got.bytes.length / RelayClient.ATTACHMENT_CHUNK_BYTES));
+        for (let i = 0; i < total; i++) {
+            const slice = got.bytes.subarray(i * RelayClient.ATTACHMENT_CHUNK_BYTES, Math.min((i + 1) * RelayClient.ATTACHMENT_CHUNK_BYTES, got.bytes.length));
+            const chunkMsg = {
+                type: 'attachment_data',
+                deviceId: this.authInfo?.deviceId ?? '',
+                sessionId,
+                seq: ++this.seqCounter,
+                timestamp: new Date().toISOString(),
+                payload: {
+                    id,
+                    index: i,
+                    total,
+                    mimeType: got.meta.mimeType,
+                    data: slice.toString('base64'),
+                },
+            };
+            this.sendUnicastTo(requesterDeviceId, requesterKey, chunkMsg);
+        }
+    }
+    unicastAttachmentError(requesterDeviceId, requesterKey, sessionId, id, error) {
+        const errorMsg = {
+            type: 'attachment_data',
+            deviceId: this.authInfo?.deviceId ?? '',
+            sessionId,
+            seq: ++this.seqCounter,
+            timestamp: new Date().toISOString(),
+            payload: { id, index: 0, total: 0, mimeType: '', data: '', error },
+        };
+        this.sendUnicastTo(requesterDeviceId, requesterKey, errorMsg);
+    }
     // ── Client log shipping ─────────────────────────────
     /**
      * Write web app debug logs to a local file.
@@ -1074,12 +1223,41 @@ export class RelayClient {
             return;
         }
         try {
-            this.ws.send(JSON.stringify(msg));
+            this.ws.send(JSON.stringify(this.withAck(msg)));
         }
         catch (err) {
             logger.error({ err }, 'ws.send failed');
         }
     }
+    /** Inject cumulative ack into an outbound envelope. Piggybacks delivery
+     *  acknowledgments on existing traffic — no dedicated ack message. */
+    withAck(msg) {
+        if (this.lastReceivedRelaySeq <= 0)
+            return msg;
+        return { ...msg, ack: this.lastReceivedRelaySeq };
+    }
+    /** Update inbound relaySeq tracking. Returns true if this is a duplicate
+     *  retry from head and should be silently dropped. */
+    trackInboundRelaySeq(msg) {
+        if (!('relaySeq' in msg))
+            return false;
+        const seq = msg.relaySeq;
+        if (typeof seq !== 'number' || !Number.isFinite(seq) || seq <= 0)
+            return false;
+        if (this.seenRelaySeqs.has(seq)) {
+            return true;
+        }
+        if (this.seenRelaySeqs.size >= RelayClient.RELAY_SEQ_DEDUP_WINDOW) {
+            const iter = this.seenRelaySeqs.values().next();
+            if (!iter.done)
+                this.seenRelaySeqs.delete(iter.value);
+        }
+        this.seenRelaySeqs.add(seq);
+        if (seq > this.lastReceivedRelaySeq) {
+            this.lastReceivedRelaySeq = seq;
+        }
+        return false;
+    }
     /**
      * Encrypt and send a message to the relay as a BroadcastEnvelope.
      */
@@ -1127,7 +1305,7 @@ export class RelayClient {
                 const previewBlob = encryptToBlob(preview, recipients);
                 envelope.pushPreview = { blob: previewBlob.blob, keys: previewBlob.keys };
             }
-            this.ws.send(JSON.stringify(envelope));
+            this.ws.send(JSON.stringify(this.withAck(envelope)));
         }
         catch (err) {
             logger.error({ err }, 'Encrypted broadcast failed');
@@ -1151,7 +1329,7 @@ export class RelayClient {
                 blob,
                 keys,
             };
-            this.ws.send(JSON.stringify(envelope));
+            this.ws.send(JSON.stringify(this.withAck(envelope)));
         }
         catch (err) {
             logger.error({ err, targetDeviceId }, 'Encrypted unicast failed');