@lazyneoaz/testfca 1.0.5 → 1.0.6

package/index.js

@@ -1,2 +1,9 @@
 "use strict";
+
+// Inject Node's Mozilla CA bundle into SSL_CERT_FILE *before* any module loads
+// the Go native binary (meta-messenger.js / messagix.so). Go reads SSL_CERT_FILE
+// lazily on the first TLS dial — setting it here, at library entry, guarantees
+// it is always in place in every hosting environment (Railway, Docker, Render …).
+require('./src/utils/goCerts').ensureGoCerts();
+
 module.exports = require('./src/engine/client');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lazyneoaz/testfca",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "type": "commonjs",
   "description": "Advanced Facebook Chat API client for building Messenger bots — supports real-time messaging, thread management, MQTT, session stability, anti-automation protection, and real E2EE via Signal Protocol.",
   "main": "index.js",

package/scripts/postinstall.js

@@ -1,24 +1,24 @@
 "use strict";
 
 /**
- * Postinstall: replace meta-messenger.js's binary with our TLS-fixed build.
+ * Postinstall: ensure meta-messenger.js has a working native binary.
  *
- * WHY this is needed:
- *   The meta-messenger.js binary lacks InsecureTLS=true in its messagix HTTP
- *   client.  In sandboxed/containerised environments (Replit, Docker, CI) the
- *   Go runtime cannot locate system CA certificates, so every prekey-bundle
- *   HTTPS request to Facebook fails silently.  Without prekeys, Signal sessions
- *   are never established and sendE2EEMessage always times out.
+ * meta-messenger.js's own postinstall runs first (npm guarantees dependency
+ * scripts run before the dependent's postinstall). It places the binary via:
+ *   1. A prebuilt shipped in its npm tarball (if present)
+ *   2. A download from GitHub Releases
+ *   3. A local `go build` (if MESSAGIX_BUILD_FROM_SOURCE=true)
  *
- *   Our prebuilt/ ships the same binary compiled with InsecureTLS=true.
+ * This script validates that a binary was placed. If for any reason it was
+ * not (e.g. the GitHub release download failed, npm ci --ignore-scripts was
+ * used), we copy the prebuilt binary we ship in prebuilt/ as a fallback.
  *
- * INSTALL ORDER (guaranteed by npm):
- *   1. meta-messenger.js postinstall runs first (copies/downloads their binary)
- *   2. Our postinstall runs second and overwrites it with ours.
- *
- * PATH RESOLUTION:
- *   Uses require.resolve() so the path is correct whether meta-messenger.js is
- *   at the project root node_modules/ or nested — works in all npm versions.
+ * TLS NOTE:
+ *   TLS certificate errors in containerized environments (Railway, Docker, etc.)
+ *   are fixed at runtime by src/utils/goCerts.js — not by a patched binary.
+ *   Go reads SSL_CERT_FILE lazily on the first TLS dial. We set it to Node's
+ *   built-in Mozilla CA bundle before any connection is attempted.
+ *   No binary modification is required for this fix.
  */
 
 const fs   = require('fs');
@@ -35,7 +35,7 @@ function platformKey() {
     return null;
 }
 
-function ext() {
+function binaryExt() {
     if (process.platform === 'win32')  return '.dll';
     if (process.platform === 'darwin') return '.dylib';
     return '.so';
@@ -43,7 +43,6 @@ function ext() {
 
 function findMetaMessengerBuildDir() {
     try {
-        // resolve() finds the package regardless of hoisting depth
         const pkgJson = require.resolve('meta-messenger.js/package.json');
         return path.join(path.dirname(pkgJson), 'build');
     } catch (_) {
@@ -59,39 +58,43 @@ function main() {
 
     const key = platformKey();
     if (!key) {
-        console.log('[nkxfca] postinstall: unsupported platform (' + process.platform + '/' + process.arch + '), skipping binary patch.');
+        console.log('[nkxfca] postinstall: unsupported platform (' + process.platform + '/' + process.arch + '), skipping.');
         return;
     }
 
-    const binaryExt = ext();
-    const ourBin    = path.join(__dirname, '..', 'prebuilt', key, 'messagix' + binaryExt);
+    const ext   = binaryExt();
+    const mmBuildDir = findMetaMessengerBuildDir();
 
-    if (!fs.existsSync(ourBin)) {
-        console.log('[nkxfca] postinstall: no prebuilt for ' + key + ', skipping binary patch.');
+    if (!mmBuildDir) {
+        console.log('[nkxfca] postinstall: meta-messenger.js not found — skipping binary check.');
         return;
     }
 
-    const mmBuildDir = findMetaMessengerBuildDir();
-    if (!mmBuildDir) {
-        console.log('[nkxfca] postinstall: meta-messenger.js not found via require.resolve, skipping patch.');
+    const mmBin = path.join(mmBuildDir, 'messagix' + ext);
+
+    // Happy path: meta-messenger.js's own postinstall already placed the binary
+    if (fs.existsSync(mmBin) && fs.statSync(mmBin).size > 0) {
+        console.log('[nkxfca] postinstall: meta-messenger.js binary present — OK.');
         return;
     }
 
-    const mmBin = path.join(mmBuildDir, 'messagix' + binaryExt);
+    // Fallback: meta-messenger.js postinstall failed (download error, no internet, etc.)
+    // Use the prebuilt we ship as insurance.
+    const ourBin = path.join(__dirname, '..', 'prebuilt', key, 'messagix' + ext);
+    if (!fs.existsSync(ourBin)) {
+        console.warn('[nkxfca] postinstall: no prebuilt for ' + key + ' and meta-messenger.js binary is missing.');
+        console.warn('[nkxfca] E2EE will not work. Try: MESSAGIX_BUILD_FROM_SOURCE=true npm install');
+        return;
+    }
 
-    // Ensure the build directory exists (meta-messenger.js postinstall creates it,
-    // but guard against edge cases where it hasn't run yet)
     try {
         fs.mkdirSync(mmBuildDir, { recursive: true });
-    } catch (_) {}
-
-    try {
         fs.copyFileSync(ourBin, mmBin);
-        console.log('[nkxfca] postinstall: patched meta-messenger.js binary with TLS-fixed build (' + key + ')');
+        fs.chmodSync(mmBin, 0o755);
+        console.log('[nkxfca] postinstall: installed fallback prebuilt binary for ' + key);
     } catch (err) {
-        // Non-fatal: warn but don't fail the install
-        console.warn('[nkxfca] postinstall: could not patch binary: ' + err.message);
-        console.warn('[nkxfca] E2EE messaging may not work in sandboxed environments.');
+        console.warn('[nkxfca] postinstall: could not copy fallback binary: ' + err.message);
+        console.warn('[nkxfca] E2EE may not work. Try reinstalling meta-messenger.js manually.');
     }
 }
 

package/src/e2ee/bridge.js

@@ -3,95 +3,39 @@
 /**
  * Lightweight E2EE bridge — delegates to the `meta-messenger.js` npm package.
  *
- * Our postinstall replaces meta-messenger.js's binary with our TLS-fixed build
- * so that prekey HTTPS requests succeed in sandboxed environments (Replit, Docker,
- * Railway, etc.).  We also patch at runtime (ensureTlsFixedBinary) so the fix
- * applies even when postinstall was skipped (npm ci --ignore-scripts, Railway
- * production installs, etc.).
+ * meta-messenger.js ships a native Go shared library (messagix.so) compiled
+ * from bridge-go/ Go source.  The library uses Go's standard TLS stack
+ * (x509.SystemCertPool) which requires OS CA certificates to verify Facebook's
+ * TLS chain.  Many hosting environments (Railway, Docker Alpine, Render, etc.)
+ * ship no CA bundle, causing every outbound TLS connection to fail with:
+ *   "x509: certificate signed by unknown authority"
+ *
+ * THE FIX — SSL_CERT_FILE (see src/utils/goCerts.js):
+ *   We set SSL_CERT_FILE to a temp file containing Node's built-in Mozilla CA
+ *   bundle BEFORE the Go binary is ever loaded.  ensureGoCerts() is called from
+ *   index.js (library entry point) so it fires on the very first require().
+ *   It is also called here at module evaluation time as a second guarantee.
  *
  * Key design decisions:
  *  - enableE2EE: false  → we call connectE2EE() explicitly; no auto-start race
- *  - e2eeMemoryOnly: false → Signal sessions are persisted to devicePath on disk
+ *  - e2eeMemoryOnly: false → Signal sessions persisted to devicePath on disk
  *  - devicePath defaults to ".nkxfca_e2ee_device.json" in cwd when not provided
  */
 
 const fs   = require('fs');
 const path = require('path');
 
-// ── Runtime binary patcher ────────────────────────────────────────────────────
-// Ensures the TLS-fixed binary is in place before meta-messenger.js is loaded.
-// Runs once; safe to call multiple times.
-
-let _patchDone = false;
-
-function _platformKey() {
-    const p = process.platform;
-    const a = process.arch;
-    if (p === 'linux'  && a === 'x64')   return 'linux-x64-gnu';
-    if (p === 'linux'  && a === 'arm64') return 'linux-arm64-gnu';
-    if (p === 'darwin' && a === 'x64')   return 'darwin-x64';
-    if (p === 'darwin' && a === 'arm64') return 'darwin-arm64';
-    if (p === 'win32'  && a === 'x64')   return 'win32-x64-msvc';
-    return null;
-}
-
-function _binaryExt() {
-    if (process.platform === 'win32')  return '.dll';
-    if (process.platform === 'darwin') return '.dylib';
-    return '.so';
-}
-
-function ensureTlsFixedBinary() {
-    if (_patchDone) return;
-    _patchDone = true;
-
-    if (process.env.NKXFCA_SKIP_POSTINSTALL === 'true') return;
-
-    const key = _platformKey();
-    if (!key) return;
-
-    const ext    = _binaryExt();
-    // bridge.js lives at src/e2ee/bridge.js → prebuilt/ is two levels up
-    const ourBin = path.join(__dirname, '..', '..', 'prebuilt', key, 'messagix' + ext);
-    if (!fs.existsSync(ourBin)) return;
-
-    try {
-        const pkgJson  = require.resolve('meta-messenger.js/package.json');
-        const buildDir = path.join(path.dirname(pkgJson), 'build');
-        const mmBin    = path.join(buildDir, 'messagix' + ext);
-
-        fs.mkdirSync(buildDir, { recursive: true });
-
-        // Only copy if sizes differ (avoids unnecessary writes on every boot)
-        let needsCopy = true;
-        if (fs.existsSync(mmBin)) {
-            needsCopy = fs.statSync(ourBin).size !== fs.statSync(mmBin).size;
-        }
-
-        if (needsCopy) {
-            fs.copyFileSync(ourBin, mmBin);
-            fs.chmodSync(mmBin, 0o755);
-            console.log('[nkxfca] runtime patch: applied TLS-fixed binary (' + key + ')');
-        }
-    } catch (err) {
-        // Non-fatal — warn so the user knows why E2EE may not work
-        console.warn('[nkxfca] runtime patch failed (' + err.message + '). E2EE TLS errors may occur in sandboxed environments.');
-    }
-}
+// Ensure Go TLS certs are ready — second guarantee (index.js is the primary)
+require('../utils/goCerts').ensureGoCerts();
 
 // ─────────────────────────────────────────────────────────────────────────────
 
-let _Client = null;
+let _Client    = null;
 let _loadError = null;
 
 function loadClient() {
     if (_Client) return _Client;
     if (_loadError) throw _loadError;
-
-    // Patch binary BEFORE the first require('meta-messenger.js') so the
-    // TLS-fixed .so/.dylib/.dll is loaded by Node rather than the original.
-    ensureTlsFixedBinary();
-
     try {
         const mm = require('meta-messenger.js');
         _Client = mm.Client || mm.default?.Client;
@@ -123,9 +67,9 @@ function newClient(cfg) {
     const cookies = cfg.cookies || {};
 
     const opts = {
-        platform:     cfg.platform || 'facebook',
-        logLevel:     cfg.logLevel || 'warn',
-        enableE2EE:   false,          // we call connectE2EE() explicitly
+        platform:      cfg.platform || 'facebook',
+        logLevel:      cfg.logLevel || 'warn',
+        enableE2EE:    false,         // we call connectE2EE() explicitly
         e2eeMemoryOnly: false,        // always persist sessions to disk
         autoReconnect: cfg.autoReconnect !== false,
     };
@@ -139,7 +83,7 @@ function newClient(cfg) {
 
     const client = new Client(cookies, opts);
     const handle = String(seq++);
-    const entry = { client, eventBuffer: [], resolveWaiter: null, lastDeviceData: null };
+    const entry  = { client, eventBuffer: [], resolveWaiter: null, lastDeviceData: null };
 
     for (const type of EVENT_TYPES) {
         client.on(type, (data) => {
@@ -228,7 +172,7 @@ function toBigInt(val) {
     return BigInt(String(val).split('@')[0]);
 }
 
-// ── E2EE operations ────────────────────────────────────────────────────────────
+// ── E2EE operations ───────────────────────────────────────────────────────────
 
 async function sendE2EEMessage(handle, chatJid, text, replyToId, replyToSenderJid) {
     const opts = replyToId ? { replyToId, replyToSenderJid } : undefined;
@@ -292,7 +236,7 @@ async function uploadMedia(handle, options) {
 async function sendImage(handle, options) {
     const { chatJid, data, filename, caption, replyToId } = options;
     const opts = {};
-    if (caption) opts.caption = caption;
+    if (caption)   opts.caption   = caption;
     if (replyToId) opts.replyToId = replyToId;
     return getEntry(handle).client.sendImage(
         toBigInt(chatJid), toBuffer(data), filename || 'image.jpg', Object.keys(opts).length ? opts : undefined
@@ -302,7 +246,7 @@ async function sendImage(handle, options) {
 async function sendVideo(handle, options) {
     const { chatJid, data, filename, caption, replyToId } = options;
     const opts = {};
-    if (caption) opts.caption = caption;
+    if (caption)   opts.caption   = caption;
     if (replyToId) opts.replyToId = replyToId;
     return getEntry(handle).client.sendVideo(
         toBigInt(chatJid), toBuffer(data), filename || 'video.mp4', Object.keys(opts).length ? opts : undefined
@@ -320,7 +264,7 @@ async function sendVoice(handle, options) {
 async function sendFile(handle, options) {
     const { chatJid, data, filename, mimeType, caption, replyToId } = options;
     const opts = {};
-    if (caption) opts.caption = caption;
+    if (caption)   opts.caption   = caption;
     if (replyToId) opts.replyToId = replyToId;
     return getEntry(handle).client.sendFile(
         toBigInt(chatJid), toBuffer(data), filename || 'file', mimeType || 'application/octet-stream',
@@ -361,7 +305,7 @@ function unload() {
         try { entry.client.disconnect(); } catch (_) {}
     }
     registry.clear();
-    _Client = null;
+    _Client    = null;
     _loadError = null;
 }
 

package/src/utils/goCerts.js

@@ -0,0 +1,68 @@
+"use strict";
+
+/**
+ * ensureGoCerts — inject Node's built-in Mozilla CA bundle into the process
+ * environment so that the Go binary inside meta-messenger.js can verify TLS
+ * certificates in any hosting environment.
+ *
+ * WHY this is needed:
+ *   The Go binary (messagix.so) uses Go's standard TLS stack, which calls
+ *   x509.SystemCertPool() to verify server certificates. In many hosting
+ *   environments — Railway, Render, Docker Alpine, Heroku, etc. — the OS
+ *   ships no CA certificate bundle (no /etc/ssl/certs), so SystemCertPool()
+ *   returns an empty pool. Every outbound TLS connection the binary makes
+ *   (Facebook's E2EE WebSocket, prekey HTTPS requests) then fails with:
+ *     "x509: certificate signed by unknown authority"
+ *
+ * THE FIX:
+ *   Go reads the SSL_CERT_FILE environment variable when calling
+ *   x509.SystemCertPool(). If we set it to a valid PEM file before the first
+ *   TLS connection, Go finds a full CA bundle. Node.js ships Mozilla's CA
+ *   bundle as tls.rootCertificates — we write that to a temp file and point
+ *   SSL_CERT_FILE at it. DigiCert (Facebook), Let's Encrypt, and all major
+ *   CAs are included.
+ *
+ * TIMING:
+ *   Must run before any TLS dial in the Go binary. We call it from index.js
+ *   (library entry point) so it fires the moment anyone requires nkxfca,
+ *   long before the Go binary is loaded or any connection is attempted.
+ *
+ * IDEMPOTENT:
+ *   Safe to call multiple times — exits immediately on subsequent calls or
+ *   when the host already provides SSL_CERT_FILE / SSL_CERT_DIR.
+ */
+
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+
+let _done = false;
+
+function ensureGoCerts() {
+    if (_done) return;
+
+    // Respect host-provided cert configuration — don't override it
+    if (process.env.SSL_CERT_FILE || process.env.SSL_CERT_DIR) {
+        _done = true;
+        return;
+    }
+
+    try {
+        const { rootCertificates } = require('tls');
+        if (!rootCertificates || !rootCertificates.length) return;
+
+        const certFile = path.join(os.tmpdir(), '.nkxfca-cacert.pem');
+
+        // Write the bundle once per container/OS session (not per process start)
+        if (!fs.existsSync(certFile) || fs.statSync(certFile).size === 0) {
+            fs.writeFileSync(certFile, rootCertificates.join('\n'), 'utf8');
+        }
+
+        process.env.SSL_CERT_FILE = certFile;
+        _done = true;
+    } catch (_) {
+        // Never crash — worst case, Go falls back to the system cert store
+    }
+}
+
+module.exports = { ensureGoCerts };

package/scripts/build-go.mjs

@@ -1,61 +0,0 @@
-import { spawnSync } from "node:child_process";
-import { existsSync, mkdirSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
-
-import { detectPlatform } from "./detect-platform.mjs";
-import { packageJson } from "./package.mjs";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const { ext } = detectPlatform();
-const { name } = packageJson;
-const bridgeDir = join(__dirname, "..", "bridge-e2ee", "bridge-go");
-const vendorDir = join(bridgeDir, "vendor");
-const hasVendor = existsSync(vendorDir);
-
-function runGo(args) {
-    const res = spawnSync(process.env.GO_BIN || "go", args, {
-        cwd: bridgeDir,
-        stdio: "inherit",
-        env: {
-            ...process.env,
-            CGO_ENABLED: "1",
-            // Prevent Go from downloading a newer toolchain when go.mod specifies
-            // a version higher than what is locally installed. The local compiler
-            // should always be used in sandboxed / offline environments.
-            GOTOOLCHAIN: "local",
-        },
-    });
-    if (res.error) {
-        console.error(`[${name}] Failed to spawn Go: ${res.error.message}`);
-        process.exit(1);
-    }
-    if (res.status !== 0) process.exit(res.status || 1);
-}
-
-const buildDir = join(__dirname, "..", "build");
-if (!existsSync(buildDir)) mkdirSync(buildDir, { recursive: true });
-
-// Skip mod tidy when vendor directory is present — tidy can break vendor/go.mod consistency
-// and would overwrite the patched prekeys.go with the unpatched upstream version.
-if (!hasVendor) {
-    console.log(`[${name}] Tidying Go modules...`);
-    runGo(["mod", "tidy"]);
-} else {
-    console.log(`[${name}] Vendor directory present — skipping mod tidy to preserve patches.`);
-}
-
-const buildArgs = [
-    "build",
-    ...(hasVendor ? ["-mod=vendor"] : []),
-    "-buildmode=c-shared",
-    "-ldflags=-s -w",
-    "-o",
-    join("..", "..", "build", `messagix.${ext}`),
-    ".",
-];
-
-console.log(`[${name}] Building native library (release mode)...`);
-runGo(buildArgs);
-
-console.log(`[${name}] Built native: build/messagix.${ext}`);

package/scripts/detect-platform.mjs

@@ -1,36 +0,0 @@
-import { execSync } from "node:child_process";
-
-export function detectPlatform() {
-    const { platform } = process;
-    const { arch } = process;
-    const isMusl = detectMusl();
-
-    const libc = platform === "linux" ? (isMusl ? "musl" : "gnu") : "";
-    const triplet = platform === "linux" ? `${platform}-${arch}-${libc}` : `${platform}-${arch}`;
-
-    const ext = platform === "win32" ? "dll" : platform === "darwin" ? "dylib" : "so";
-
-    return { platform, arch, libc, triplet, ext };
-}
-
-function detectMusl() {
-    try {
-        if (process.platform !== "linux") return false;
-        if (process.report && typeof process.report.getReport === "function") {
-            const rep = process.report.getReport();
-            const glibc = rep.header && rep.header.glibcVersionRuntime;
-            return !glibc;
-        }
-    } catch {
-        //
-    }
-    try {
-        const out = execSync("ldd --version 2>&1 || true", { encoding: "utf8" });
-        return /musl/i.test(out);
-    } catch {
-        //
-    }
-    return false;
-}
-
-export default detectPlatform;

package/scripts/download-prebuilt.mjs

@@ -1,108 +0,0 @@
-import { createWriteStream } from "node:fs";
-import { mkdir, rename, unlink } from "node:fs/promises";
-import https from "node:https";
-import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
-
-import { detectPlatform } from "./detect-platform.mjs";
-import { packageJson as pkg } from "./package.mjs";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-
-function buildBaseURL() {
-    // yumi-team/meta-messenger.js hosts prebuilt messagix binaries for all
-    // platforms except linux-x64-gnu, which ships directly in this package's
-    // prebuilt/ directory and is therefore never fetched from here.
-    const repo = "yumi-team/meta-messenger.js";
-    const tag  = "v1.1.3";
-    return `https://github.com/${repo}/releases/download/${tag}`;
-}
-
-function httpGet(url, redirectCount = 0) {
-    console.log(`[${pkg.name}] HTTP GET: ${url}${redirectCount > 0 ? ` (redirect #${redirectCount})` : ""}`);
-    const reqStart = Date.now();
-    return new Promise((resolve, reject) => {
-        https
-            .get(url, res => {
-                console.log(`[${pkg.name}] Response: HTTP ${res.statusCode} in ${Date.now() - reqStart}ms`);
-                if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                    console.log(`[${pkg.name}] Following redirect to: ${res.headers.location}`);
-                    return resolve(httpGet(res.headers.location, redirectCount + 1));
-                }
-                if (res.statusCode !== 200) {
-                    return reject(new Error(`HTTP ${res.statusCode} for ${url}`));
-                }
-                resolve(res);
-            })
-            .on("error", err => {
-                console.log(`[${pkg.name}] HTTP error after ${Date.now() - reqStart}ms:`, err?.message);
-                reject(err);
-            });
-    });
-}
-
-async function downloadTo(url, dstPath) {
-    console.log(`[${pkg.name}] Downloading to: ${dstPath}`);
-    await mkdir(dirname(dstPath), { recursive: true });
-    const tmp = `${dstPath}.download`;
-    try {
-        await unlink(tmp);
-    } catch {
-        //
-    }
-    const res = await httpGet(url);
-    console.log(`[${pkg.name}] Starting file write...`);
-    const writeStart = Date.now();
-    let bytesWritten = 0;
-    await new Promise((resolve, reject) => {
-        const out = createWriteStream(tmp);
-        res.on("data", chunk => {
-            bytesWritten += chunk.length;
-        });
-        res.pipe(out);
-        res.on("error", reject);
-        out.on("error", reject);
-        out.on("finish", () => {
-            console.log(`[${pkg.name}] File write completed: ${bytesWritten} bytes in ${Date.now() - writeStart}ms`);
-            res.destroy();
-            resolve();
-        });
-    });
-    await rename(tmp, dstPath);
-    console.log(`[${pkg.name}] File renamed to final destination`);
-}
-
-export async function downloadPrebuilt() {
-    console.log(`[${pkg.name}] downloadPrebuilt() started`);
-    const { triplet, ext } = detectPlatform();
-    const baseURL = buildBaseURL();
-    const filename = `messagix-${triplet}.${ext}`;
-    const url = `${baseURL}/${filename}`;
-    console.log(`[${pkg.name}] Target URL: ${url}`);
-
-    const out = join(__dirname, "..", "build", `messagix.${ext}`);
-    const totalStart = Date.now();
-    try {
-        await downloadTo(url, out);
-        console.log(`[${pkg.name}] Downloaded prebuilt from ${url} in ${Date.now() - totalStart}ms`);
-        return true;
-    } catch (err) {
-        console.warn(
-            `[${pkg.name}] No remote prebuilt found at ${url} (after ${Date.now() - totalStart}ms):`,
-            err?.message || String(err),
-        );
-        return false;
-    }
-}
-
-const isMain = process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1];
-if (isMain) {
-    downloadPrebuilt()
-        .then(ok => {
-            if (!ok) process.exit(1);
-        })
-        .catch(err => {
-            console.error(`[${pkg.name}] download-prebuilt failed:`, err?.message || String(err));
-            process.exit(1);
-        });
-}

package/scripts/package.mjs

@@ -1,6 +0,0 @@
-import { readFileSync } from "node:fs";
-import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-export const packageJson = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf-8"));

package/scripts/postinstall.mjs

@@ -1,95 +0,0 @@
-import { existsSync } from "node:fs";
-import { copyFile, mkdir } from "node:fs/promises";
-import { dirname, join } from "node:path";
-import { fileURLToPath } from "node:url";
-
-import { detectPlatform } from "./detect-platform.mjs";
-import { downloadPrebuilt } from "./download-prebuilt.mjs";
-import { packageJson as pkg } from "./package.mjs";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-
-async function copyIfExists(src, dst) {
-    try {
-        await mkdir(dirname(dst), { recursive: true });
-        await copyFile(src, dst);
-        return true;
-    } catch (err) {
-        if (err?.code === "ENOENT") return false;
-        throw err;
-    }
-}
-
-async function run() {
-    console.log(`[${pkg.name}] postinstall started`);
-    const startTime = Date.now();
-
-    if (process.env.MESSAGIX_SKIP_POSTINSTALL === "true") {
-        console.log(`[${pkg.name}] Skipping postinstall (MESSAGIX_SKIP_POSTINSTALL=true)`);
-        return;
-    }
-
-    console.log(`[${pkg.name}] Detecting platform...`);
-    const { triplet, ext } = detectPlatform();
-    console.log(`[${pkg.name}] Platform: ${triplet}, ext: ${ext}`);
-
-    const buildOut = join(__dirname, "..", "build", `messagix.${ext}`);
-    console.log(`[${pkg.name}] Build output path: ${buildOut}`);
-
-    if (existsSync(buildOut)) {
-        console.log(`[${pkg.name}] Native library already present at build/messagix.${ext}`);
-        console.log(`[${pkg.name}] postinstall completed in ${Date.now() - startTime}ms`);
-        return;
-    }
-
-    // 1) Prefer local prebuilt shipped in npm tarball
-    const prebuiltDir = join(__dirname, "..", "prebuilt", triplet);
-    const prebuilt = join(prebuiltDir, `messagix.${ext}`);
-    console.log(`[${pkg.name}] Checking local prebuilt at: ${prebuilt}`);
-    if (await copyIfExists(prebuilt, buildOut)) {
-        console.log(`[${pkg.name}] Using local prebuilt for ${triplet}`);
-        // Keep the prebuilt copy so reinstalls (e.g. npm rebuild, CI caches) don't
-        // lose the patched binary and fall back to downloading an unpatched one.
-        console.log(`[${pkg.name}] postinstall completed in ${Date.now() - startTime}ms`);
-        return;
-    }
-    console.log(`[${pkg.name}] No local prebuilt found`);
-
-    // 2) Try remote prebuilt from GitHub Releases
-    console.log(`[${pkg.name}] Attempting to download remote prebuilt...`);
-    const downloadStart = Date.now();
-    try {
-        if (await downloadPrebuilt()) {
-            console.log(`[${pkg.name}] Download completed in ${Date.now() - downloadStart}ms`);
-            console.log(`[${pkg.name}] postinstall completed in ${Date.now() - startTime}ms`);
-            return;
-        }
-    } catch (err) {
-        console.log(
-            `[${pkg.name}] Download failed after ${Date.now() - downloadStart}ms:`,
-            err?.message || String(err),
-        );
-    }
-
-    console.warn(`[${pkg.name}] ──────────────────────────────────────────────────────────`);
-    console.warn(`[${pkg.name}] No prebuilt E2EE bridge found for your platform.`);
-    console.warn(`[${pkg.name}] Platform detected: ${triplet}`);
-    console.warn(`[${pkg.name}]`);
-    console.warn(`[${pkg.name}] Supported out-of-the-box:`);
-    console.warn(`[${pkg.name}]   linux-x64-gnu  (ships inside the npm package)`);
-    console.warn(`[${pkg.name}]   linux-x64-musl / darwin-x64 / darwin-arm64 / win32-x64`);
-    console.warn(`[${pkg.name}]   (downloaded automatically from yumi-team/meta-messenger.js)`);
-    console.warn(`[${pkg.name}]`);
-    console.warn(`[${pkg.name}] If the download failed, check your internet connection and retry:`);
-    console.warn(`[${pkg.name}]   npm install`);
-    console.warn(`[${pkg.name}]`);
-    console.warn(`[${pkg.name}] Non-E2EE features (sendMessage, listen, etc.) work without the bridge.`);
-    console.warn(`[${pkg.name}] ──────────────────────────────────────────────────────────`);
-}
-
-run()
-    .then(() => process.exit(0))
-    .catch(err => {
-        console.error(`[${pkg.name}] postinstall failed:`, err?.message || String(err));
-        process.exit(1);
-    });