@nexustechpro/baileys 2.0.2 → 2.0.5

package/lib/Socket/messages-send.js

@@ -4,7 +4,7 @@ import * as Utils from '../Utils/index.js'
 import { proto } from '../../WAProto/index.js'
 import { DEFAULT_CACHE_TTLS, WA_DEFAULT_EPHEMERAL } from '../Defaults/index.js'
 import * as WABinary from '../WABinary/index.js'
-import { getUrlInfo } from '../Utils/link-preview.js'
+import { getUrlInfo, migrateIndexKey } from '../Utils/index.js'
 import { makeKeyedMutex } from '../Utils/make-mutex.js'
 import { USyncQuery, USyncUser } from '../WAUSync/index.js'
 import { makeNewsletterSocket } from './newsletter.js'
@@ -22,10 +22,47 @@ const {
 
 const {
     areJidsSameUser, getBinaryNodeChild, getBinaryNodeChildren, isHostedLidUser, isHostedPnUser,
-    isJidGroup, isLidUser, isPnUser, jidDecode, jidEncode, jidNormalizedUser, S_WHATSAPP_NET,
+    isJidBroadcast, isJidGroup, isJidStatusBroadcast, isLidUser, isPnUser, jidDecode, jidEncode, jidNormalizedUser, S_WHATSAPP_NET,
     getBinaryFilteredButtons, STORIES_JID, isJidUser, getButtonArgs, getButtonType
 } = WABinary
 
+const TC_TOKEN_BUCKET_DURATION = 604800 // 7 days
+const TC_TOKEN_NUM_BUCKETS = 4          // ~28-day rolling window
+
+const isTcTokenExpired = (timestamp) => {
+    if (timestamp === null || timestamp === undefined) return true
+    const ts = typeof timestamp === 'string' ? parseInt(timestamp) : timestamp
+    if (isNaN(ts)) return true
+    const now = Math.floor(Date.now() / 1000)
+    const currentBucket = Math.floor(now / TC_TOKEN_BUCKET_DURATION)
+    const cutoffBucket = currentBucket - (TC_TOKEN_NUM_BUCKETS - 1)
+    return ts < (cutoffBucket * TC_TOKEN_BUCKET_DURATION)
+}
+
+const shouldSendNewTcToken = (senderTimestamp) => {
+    if (senderTimestamp === undefined) return true
+    const now = Math.floor(Date.now() / 1000)
+    const currentBucket = Math.floor(now / TC_TOKEN_BUCKET_DURATION)
+    const senderBucket = Math.floor(senderTimestamp / TC_TOKEN_BUCKET_DURATION)
+    return currentBucket > senderBucket
+}
+
+const resolveTcTokenJid = async (jid, getLIDForPN) => {
+    if (isLidUser(jid)) return jid
+    const lid = await getLIDForPN(jid)
+    return lid ?? jid
+}
+
+const resolveIssuanceJid = async (jid, issueToLid, getLIDForPN, getPNForLID) => {
+    if (issueToLid) {
+        if (isLidUser(jid)) return jid
+        return (await getLIDForPN(jid)) ?? jid
+    }
+    if (!isLidUser(jid)) return jid
+    if (getPNForLID) return (await getPNForLID(jid)) ?? jid
+    return jid
+}
+
 export const makeMessagesSocket = (config) => {
     const {
         logger, linkPreviewImageThumbnailWidth, generateHighQualityLinkPreview,
@@ -43,13 +80,12 @@ export const makeMessagesSocket = (config) => {
     const peerSessionsCache = new NodeCache({ stdTTL: DEFAULT_CACHE_TTLS.USER_DEVICES, useClones: false })
     const messageRetryManager = enableRecentMessageCache ? new MessageRetryManager(logger, maxMsgRetryCount) : null
     const encryptionMutex = makeKeyedMutex()
+
+    // Prevents duplicate TC token IQ requests from concurrent sends
+    const inFlightTcTokenIssuance = new Set()
+
     let mediaConn
 
-    // ─────────────────────────────────────────────
-    // MEDIA CONNECTION
-    // Fetches and caches the WhatsApp media upload connection.
-    // Refreshes automatically when TTL expires or forced.
-    // ─────────────────────────────────────────────
     const refreshMediaConn = async (forceGet = false) => {
         const media = await mediaConn
         if (!media || forceGet || Date.now() - media.fetchDate.getTime() > media.ttl * 1000) {
@@ -68,10 +104,8 @@ export const makeMessagesSocket = (config) => {
         return mediaConn
     }
 
-    // ─────────────────────────────────────────────
-    // RECEIPTS
-    // Sends read receipts and delivery confirmations.
-    // ─────────────────────────────────────────────
+    const waUploadToServer = getWAUploadToServer(config, refreshMediaConn)
+
     const sendReceipt = async (jid, participant, messageIds, type) => {
         if (!messageIds?.length) throw new Boom('missing ids in receipt')
         const node = { tag: 'receipt', attrs: { id: messageIds[0] } }
@@ -104,11 +138,6 @@ export const makeMessagesSocket = (config) => {
         await sendReceipts(keys, privacySettings.readreceipts === 'all' ? 'read' : 'read-self')
     }
 
-    // ─────────────────────────────────────────────
-    // DEVICE & SESSION MANAGEMENT
-    // Fetches participant devices via USync and manages
-    // Signal protocol sessions for encryption.
-    // ─────────────────────────────────────────────
     const getUSyncDevices = async (jids, useCache, ignoreZeroDevices) => {
         const deviceResults = []
         if (!useCache) logger.debug('not using cache for devices')
@@ -117,7 +146,6 @@ export const makeMessagesSocket = (config) => {
             const decoded = jidDecode(jid)
             const user = decoded?.user
             const device = decoded?.device
-            // Already has a device number — push directly
             if (typeof device === 'number' && device >= 0 && user) { deviceResults.push({ user, device, jid }); return null }
             return { jid: jidNormalizedUser(jid), user }
         }).filter(Boolean)
@@ -144,7 +172,6 @@ export const makeMessagesSocket = (config) => {
 
         if (!toFetch.length) return deviceResults
 
-        // Track which JIDs are LID-based so we can encode them correctly
         const requestedLidUsers = new Set()
         for (const jid of toFetch) {
             if (isLidUser(jid) || isHostedLidUser(jid)) {
@@ -153,23 +180,21 @@ export const makeMessagesSocket = (config) => {
             }
         }
 
-        const query = new USyncQuery().withContext('message').withDeviceProtocol().withLIDProtocol()
-        for (const jid of toFetch) query.withUser(new USyncUser().withId(jid))
+        const usyncQuery = new USyncQuery().withContext('message').withDeviceProtocol().withLIDProtocol()
+        for (const jid of toFetch) usyncQuery.withUser(new USyncUser().withId(jid))
 
-        const result = await sock.executeUSyncQuery(query)
+        const result = await sock.executeUSyncQuery(usyncQuery)
         if (result) {
             const lidResults = result.list.filter(a => !!a.lid)
             if (lidResults.length > 0) {
                 logger.trace('Storing LID maps from device call')
                 await signalRepository.lidMapping.storeLIDPNMappings(lidResults.map(a => ({ lid: a.lid, pn: a.id })))
-            }
-
-            // Pre-assert sessions for newly discovered LID users
-            try {
-                const lids = lidResults.map(a => a.lid)
-                if (lids.length) await assertSessions(lids, false)
-            } catch (e) {
-                logger.warn({ error: e, count: lidResults.length }, 'failed to assert sessions for newly mapped LIDs')
+                try {
+                    const lids = lidResults.map(a => a.lid)
+                    if (lids.length) await assertSessions(lids, false)
+                } catch (e) {
+                    logger.warn({ error: e, count: lidResults.length }, 'failed to assert sessions for newly mapped LIDs')
+                }
             }
 
             const extracted = extractDeviceJids(result?.list, authState.creds.me.id, authState.creds.me.lid, ignoreZeroDevices)
@@ -187,27 +212,23 @@ export const makeMessagesSocket = (config) => {
                 }
             }
 
-            // Cache results
             if (userDevicesCache.mset) {
                 await userDevicesCache.mset(Object.entries(deviceMap).map(([key, value]) => ({ key, value })))
             } else {
                 for (const key in deviceMap) if (deviceMap[key]) await userDevicesCache.set(key, deviceMap[key])
             }
 
-            // Persist device lists for session migration support (capped at 500 users)
+            // Persist device lists for session migration (capped at 500 users)
             const userDeviceUpdates = {}
             for (const [userId, devices] of Object.entries(deviceMap)) {
                 if (devices?.length > 0) userDeviceUpdates[userId] = devices.map(d => d.device?.toString() || '0')
             }
             if (Object.keys(userDeviceUpdates).length > 0) {
                 try {
-                    const existingData = await authState.keys.get('device-list', ['_index'])
-                    const currentBatch = existingData?.['_index'] || {}
+                    const currentBatch = await migrateIndexKey(authState.keys, 'device-list')
                     const mergedBatch = { ...currentBatch, ...userDeviceUpdates }
-                    const trimmedBatch = {}
-                    Object.keys(mergedBatch).sort().slice(-500).forEach(userId => { trimmedBatch[userId] = mergedBatch[userId] })
-                    await authState.keys.set({ 'device-list': { '_index': trimmedBatch } })
-                    logger.debug({ userCount: Object.keys(userDeviceUpdates).length, batchSize: Object.keys(trimmedBatch).length }, 'stored user device lists')
+                    await authState.keys.set({ 'device-list': { 'index': mergedBatch } })
+                    logger.debug({ userCount: Object.keys(userDeviceUpdates).length, batchSize: Object.keys(mergedBatch).length }, 'stored user device lists')
                 } catch (error) {
                     logger.warn({ error }, 'failed to store user device lists')
                 }
@@ -217,47 +238,26 @@ export const makeMessagesSocket = (config) => {
     }
 
     const assertSessions = async (jids, force) => {
-        const uniqueJids = [...new Set(jids)]
-        const jidsRequiringFetch = []
-
-        for (const jid of uniqueJids) {
-            const signalId = signalRepository.jidToSignalProtocolAddress(jid)
-            const cachedSession = peerSessionsCache.get(signalId)
-            if (cachedSession !== undefined) {
-                if (cachedSession && !force) continue
-            } else {
-                const sessionValidation = await signalRepository.validateSession(jid)
-                peerSessionsCache.set(signalId, sessionValidation.exists)
-                if (sessionValidation.exists && !force) continue
+        let didFetchNewSession = false
+        let jidsRequiringFetch = []
+        if (force) {
+            jidsRequiringFetch = jids
+        } else {
+            // assertSessions
+            const sessionBatch = await migrateIndexKey(authState.keys, 'session') // sessions live in index blob, not individual files
+            for (const jid of jids) {
+                const signalId = signalRepository.jidToSignalProtocolAddress(jid)
+                if (!sessionBatch[signalId]) jidsRequiringFetch.push(jid)
             }
-            jidsRequiringFetch.push(jid)
         }
-
-        if (!jidsRequiringFetch.length) return false
-
-        // Resolve LID JIDs for wire-level session fetch
-        const wireJids = [
-            ...jidsRequiringFetch.filter(jid => isLidUser(jid) || isHostedLidUser(jid)),
-            ...(await signalRepository.lidMapping.getLIDsForPNs(
-                jidsRequiringFetch.filter(jid => isPnUser(jid) || isHostedPnUser(jid))
-            ) || []).map(a => a.lid)
-        ]
-
-        logger.debug({ jidsRequiringFetch, wireJids }, 'fetching sessions')
-        const result = await query({
-            tag: 'iq',
-            attrs: { xmlns: 'encrypt', type: 'get', to: S_WHATSAPP_NET },
-            content: [{ tag: 'key', attrs: {}, content: wireJids.map(jid => { const attrs = { jid }; if (force) attrs.reason = 'identity'; return { tag: 'user', attrs } }) }]
-        })
-        await parseAndInjectE2ESessions(result, signalRepository)
-        for (const wireJid of wireJids) peerSessionsCache.set(signalRepository.jidToSignalProtocolAddress(wireJid), true)
-        return true
+        if (jidsRequiringFetch.length) {
+            logger.debug({ jidsRequiringFetch }, 'fetching sessions')
+            const result = await query({ tag: 'iq', attrs: { xmlns: 'encrypt', type: 'get', to: S_WHATSAPP_NET }, content: [{ tag: 'key', attrs: {}, content: jidsRequiringFetch.map(jid => ({ tag: 'user', attrs: { jid } })) }] })
+            await parseAndInjectE2ESessions(result, signalRepository)
+            didFetchNewSession = true
+        }
+        return didFetchNewSession
     }
-
-    // ─────────────────────────────────────────────
-    // PEER DATA OPERATIONS
-    // Used for history sync requests and placeholder resends.
-    // ─────────────────────────────────────────────
     const sendPeerDataOperationMessage = async (pdoMessage) => {
         if (!authState.creds.me?.id) throw new Boom('Not authenticated')
         return await relayMessage(jidNormalizedUser(authState.creds.me.id), {
@@ -265,18 +265,24 @@ export const makeMessagesSocket = (config) => {
         }, { additionalAttributes: { category: 'peer', push_priority: 'high_force' }, additionalNodes: [{ tag: 'meta', attrs: { appdata: 'default' } }] })
     }
 
-    // ─────────────────────────────────────────────
-    // TC TOKEN (Trusted Contact Token)
-    // Used for end-to-end privacy verification with contacts.
-    // ─────────────────────────────────────────────
-    const TOKEN_EXPIRY_TTL = 24 * 60 * 60 // 24 hours in seconds
-
-    const isTokenExpired = (tokenData) => {
-        if (!tokenData || !tokenData.timestamp) return true
-        return unixTimestampSeconds() - Number(tokenData.timestamp) > TOKEN_EXPIRY_TTL
+    // Issues our TC token to a contact so they can send us private messages. Fire-and-forget.
+    const issuePrivacyTokens = async (jids, timestamp) => {
+        const t = (timestamp ?? unixTimestampSeconds()).toString()
+        return query({
+            tag: 'iq',
+            attrs: { to: S_WHATSAPP_NET, type: 'set', xmlns: 'privacy' },
+            content: [{ tag: 'tokens', attrs: {}, content: jids.map(jid => ({ tag: 'token', attrs: { jid: jidNormalizedUser(jid), t, type: 'trusted_contact' } })) }]
+        })
     }
 
-    const parseTCTokens = (result) => {
+    // Fetches TC tokens from the server for the given JIDs and stores them locally.
+    const getPrivacyTokens = async (jids) => {
+        const t = unixTimestampSeconds().toString()
+        const result = await query({
+            tag: 'iq',
+            attrs: { to: S_WHATSAPP_NET, type: 'set', xmlns: 'privacy' },
+            content: [{ tag: 'tokens', attrs: {}, content: jids.map(jid => ({ tag: 'token', attrs: { jid: jidNormalizedUser(jid), t, type: 'trusted_contact' } })) }]
+        })
         const tokens = {}
         const tokenList = getBinaryNodeChild(result, 'tokens')
         if (tokenList) {
@@ -285,25 +291,10 @@ export const makeMessagesSocket = (config) => {
                 if (jid && content) tokens[jid] = { token: content, timestamp: Number(unixTimestampSeconds()) }
             }
         }
-        return tokens
-    }
-
-    const getPrivacyTokens = async (jids) => {
-        const t = unixTimestampSeconds().toString()
-        const result = await query({
-            tag: 'iq',
-            attrs: { to: S_WHATSAPP_NET, type: 'set', xmlns: 'privacy' },
-            content: [{ tag: 'tokens', attrs: {}, content: jids.map(jid => ({ tag: 'token', attrs: { jid: jidNormalizedUser(jid), t, type: 'trusted_contact' } })) }]
-        })
-        const tokens = parseTCTokens(result)
         if (Object.keys(tokens).length > 0) await authState.keys.set({ 'tctoken': tokens })
         return tokens
     }
 
-    // ─────────────────────────────────────────────
-    // GROUP MEMBER LABEL
-    // Sets a custom label for a member in a group.
-    // ─────────────────────────────────────────────
     const updateMemberLabel = (jid, memberLabel) => {
         if (!memberLabel || typeof memberLabel !== 'string') throw new Error('Member label must be a non-empty string')
         if (!isJidGroup(jid)) throw new Error('Member labels can only be set in groups')
@@ -315,20 +306,19 @@ export const makeMessagesSocket = (config) => {
         }, { additionalNodes: [{ tag: 'meta', attrs: { tag_reason: 'user_update', appdata: 'member_tag' }, content: undefined }] })
     }
 
-    // ─────────────────────────────────────────────
-    // MESSAGE TYPE DETECTION
-    // Classifies messages for proper stanza type attribute.
-    // ─────────────────────────────────────────────
     const getMessageType = (msg) => {
         const message = normalizeMessageContent(msg)
+        if (!message) return 'text'
         if (message.pollCreationMessage || message.pollCreationMessageV2 || message.pollCreationMessageV3) return 'poll'
-        if (message.reactionMessage) return 'reaction'
+        if (message.reactionMessage || message.encReactionMessage) return 'reaction'
         if (message.eventMessage) return 'event'
         if (getMediaType(message)) return 'media'
         return 'text'
     }
 
     const getMediaType = (message) => {
+        const inner = message.viewOnceMessage?.message || message.viewOnceMessageV2?.message || message.viewOnceMessageV2Extension?.message
+        if (inner) return getMediaType(inner)
         if (message.imageMessage) return 'image'
         if (message.stickerMessage) return message.stickerMessage.isLottie ? '1p_sticker' : message.stickerMessage.isAvatar ? 'avatar_sticker' : 'sticker'
         if (message.videoMessage) return message.videoMessage.gifPlayback ? 'gif' : 'video'
@@ -352,11 +342,6 @@ export const makeMessagesSocket = (config) => {
         if (message.extendedTextMessage?.matchedText || message.groupInviteMessage) return 'url'
     }
 
-    // ─────────────────────────────────────────────
-    // PARTICIPANT NODE CREATION
-    // Encrypts a message for each recipient JID and
-    // wraps it in a binary <to> node for the stanza.
-    // ─────────────────────────────────────────────
     const createParticipantNodes = async (recipientJids, message, extraAttrs, dsmMessage) => {
         if (!recipientJids.length) return { nodes: [], shouldIncludeDeviceIdentity: false }
 
@@ -373,7 +358,7 @@ export const makeMessagesSocket = (config) => {
                 if (!jid) return null
                 let msgToEncrypt = patchedMessage
 
-                // Use Device Sent Message (DSM) for own linked devices so they can read the message
+                // Use DSM for own linked devices so they can read the message
                 if (dsmMessage) {
                     const { user: targetUser } = jidDecode(jid)
                     const { user: ownPnUser } = jidDecode(meId)
@@ -389,7 +374,7 @@ export const makeMessagesSocket = (config) => {
                     return { tag: 'to', attrs: { jid }, content: [{ tag: 'enc', attrs: { v: '2', type, ...(extraAttrs || {}) }, content: ciphertext }] }
                 })
             } catch (err) {
-                logger.error({ jid, err }, 'Failed to encrypt for recipient')
+                logger.warn({ jid, err: err?.message || err }, 'Failed to encrypt for recipient — no session, will retry on next interaction')
                 return null
             }
         })
@@ -398,17 +383,6 @@ export const makeMessagesSocket = (config) => {
         return { nodes, shouldIncludeDeviceIdentity }
     }
 
-    // ─────────────────────────────────────────────
-    // RELAY MESSAGE
-    // Core message sending function. Handles groups, DMs,
-    // newsletters, status broadcasts, and retries.
-    //
-    // Key design decisions:
-    // - senderKeyMap always starts empty (Promise.resolve({})) so
-    //   SKDM is always sent fresh — prevents "waiting for message"
-    //   errors caused by stale persisted sender key memory.
-    // - LID vs PN identity is resolved per group's addressingMode.
-    // ─────────────────────────────────────────────
     const relayMessage = async (jid, message, { messageId: msgId, participant, additionalAttributes, additionalNodes, useUserDevicesCache, useCachedGroupMetadata, statusJidList, quoted } = {}) => {
         const meId = authState.creds.me.id
         const meLid = authState.creds.me?.lid
@@ -418,7 +392,6 @@ export const makeMessagesSocket = (config) => {
         const isLid = server === 'lid'
         const isNewsletter = server === 'newsletter'
 
-        // Choose sender identity (PN or LID) based on destination
         let activeSender = meId
         let groupAddressingMode = 'pn'
         if (isGroup && !isStatus) {
@@ -473,7 +446,6 @@ export const makeMessagesSocket = (config) => {
             const mediaType = getMediaType(message)
             if (mediaType) extraAttrs.mediatype = mediaType
 
-            // ── Newsletter: plaintext encoding, no encryption ──
             if (isNewsletter) {
                 const patched = patchMessageBeforeSending ? await patchMessageBeforeSending(message, []) : message
                 binaryNodeContent.push({ tag: 'plaintext', attrs: {}, content: encodeNewsletterMessage(patched) })
@@ -482,11 +454,10 @@ export const makeMessagesSocket = (config) => {
                 return
             }
 
-            if (messages.pinInChatMessage || messages.keepInChatMessage || message.reactionMessage || message.protocolMessage?.editedMessage) {
+            if (messages?.pinInChatMessage || messages?.keepInChatMessage || message.reactionMessage || message.protocolMessage?.editedMessage) {
                 extraAttrs['decrypt-fail'] = 'hide'
             }
 
-            // ── Group / Status: sender key (SKDM + skmsg) ──
             if ((isGroup || isStatus) && !isRetryResend) {
                 const [groupData] = await Promise.all([
                     (async () => {
@@ -495,10 +466,9 @@ export const makeMessagesSocket = (config) => {
                         else if (!isStatus) groupData = await groupMetadata(jid)
                         return groupData
                     })(),
-                    Promise.resolve({}) // senderKeyMap intentionally always empty — forces fresh SKDM every send
+                    Promise.resolve({}) // senderKeyMap always empty — forces fresh SKDM every send
                 ])
 
-                // Build participant list
                 const participantsList = []
                 if (isStatus) {
                     if (statusJidList?.length) participantsList.push(...statusJidList)
@@ -515,9 +485,7 @@ export const makeMessagesSocket = (config) => {
                 const additionalDevices = await getUSyncDevices(participantsList, !!useUserDevicesCache, false)
                 devices.push(...additionalDevices)
 
-                // Ensure Device 0 (primary phone) is always included for every participant.
-                // USync sometimes omits Device 0 for LID groups to save bandwidth,
-                // which would cause recipients to miss the SKDM on first send.
+                // Force Device 0 inclusion — USync sometimes omits it for LID groups
                 for (const pJid of participantsList) {
                     const decoded = jidDecode(pJid)
                     if (decoded?.user && !devices.some(d => d.user === decoded.user && d.device === 0)) {
@@ -533,7 +501,6 @@ export const makeMessagesSocket = (config) => {
                 const groupSenderIdentity = gAddressingMode === 'lid' && meLid ? meLid : meId
                 const { ciphertext, senderKeyDistributionMessage } = await signalRepository.encryptGroupMessage({ group: destinationJid, data: bytes, meId: groupSenderIdentity })
 
-                // Send SKDM to ALL devices every time (senderKeyMap is always {})
                 const senderKeyRecipients = devices
                     .filter(d => !isHostedLidUser(d.jid) && !isHostedPnUser(d.jid) && d.device !== 99)
                     .map(d => d.jid)
@@ -549,7 +516,6 @@ export const makeMessagesSocket = (config) => {
 
                 binaryNodeContent.push({ tag: 'enc', attrs: { v: '2', type: 'skmsg', ...extraAttrs }, content: ciphertext })
 
-                // ── Group Retry: direct pairwise re-encrypt for specific participant ──
             } else if ((isGroup || isStatus) && isRetryResend) {
                 const groupData = useCachedGroupMetadata && cachedGroupMetadata ? await cachedGroupMetadata(jid) : undefined
                 if (!groupData && !isStatus) await groupMetadata(jid)
@@ -565,17 +531,19 @@ export const makeMessagesSocket = (config) => {
                 const groupSenderIdentity = gAddressingMode === 'lid' && meLid ? meLid : meId
                 const { ciphertext, senderKeyDistributionMessage } = await signalRepository.encryptGroupMessage({ group: destinationJid, data: bytes, meId: groupSenderIdentity })
 
-                // Send fresh SKDM directly to the requesting participant
                 const senderKeyMsg = { senderKeyDistributionMessage: { axolotlSenderKeyDistributionMessage: senderKeyDistributionMessage, groupId: destinationJid } }
                 await assertSessions([participant.jid])
                 const skResult = await createParticipantNodes([participant.jid], senderKeyMsg, {})
                 shouldIncludeDeviceIdentity = shouldIncludeDeviceIdentity || skResult.shouldIncludeDeviceIdentity
                 participants.push(...skResult.nodes)
 
-                const { type, ciphertext: encryptedContent } = await signalRepository.encryptMessage({ data: bytes, jid: participant?.jid })
+                // For retry resend, encrypt directly to the requesting participant
+                const isParticipantLid = isLidUser(participant.jid)
+                const isMe = areJidsSameUser(participant.jid, isParticipantLid ? meLid : meId)
+                const encodedMsg = isMe ? encodeWAMessage({ deviceSentMessage: { destinationJid, message } }) : encodeWAMessage(message)
+                const { type, ciphertext: encryptedContent } = await signalRepository.encryptMessage({ data: encodedMsg, jid: participant.jid })
                 binaryNodeContent.push({ tag: 'enc', attrs: { v: '2', type, count: participant.count.toString() }, content: encryptedContent })
 
-                // ── DM / LID: standard pairwise encryption ──
             } else {
                 let ownId = meId
                 if (isLid && meLid) { ownId = meLid; logger.debug({ to: jid, ownId }, 'Using LID identity') }
@@ -593,7 +561,6 @@ export const makeMessagesSocket = (config) => {
                     }
 
                     if (additionalAttributes?.category !== 'peer') {
-                        // Preserve Device 0 entries before USync refetch which may omit them
                         const device0Entries = devices.filter(d => d.device === 0)
                         const senderOwnUser = device0Entries.find(d => d.user !== user)?.user
                         devices.length = 0
@@ -603,7 +570,6 @@ export const makeMessagesSocket = (config) => {
                         const sessionDevices = await getUSyncDevices([senderIdentity, jid], true, false)
                         devices.push(...device0Entries, ...sessionDevices)
 
-                        // Explicitly fetch sender's linked devices if not returned by USync
                         if (senderOwnUser && !sessionDevices.some(d => d.user === senderOwnUser && d.device !== 0)) {
                             const senderDevices = await getUSyncDevices([senderIdentity], true, false)
                             const senderLinkedDevices = senderDevices.filter(d => d.device !== 0 && d.user === senderOwnUser)
@@ -639,7 +605,6 @@ export const makeMessagesSocket = (config) => {
                 shouldIncludeDeviceIdentity = shouldIncludeDeviceIdentity || s1 || s2
             }
 
-            // ── Build final stanza ──
             if (participants.length) {
                 if (additionalAttributes?.category === 'peer') {
                     const peerNode = participants[0]?.content?.[0]
@@ -670,41 +635,74 @@ export const makeMessagesSocket = (config) => {
                 stanza.attrs.to = destinationJid
             }
 
-            // Attach button metadata if needed
-            if (!isNewsletter && buttonType) {
+            let didPushAdditional = false
+
+            if (!isNewsletter && buttonType && !isStatus) {
                 const buttonsNode = getButtonArgs(messages)
                 const filteredButtons = getBinaryFilteredButtons(additionalNodes || [])
-                if (filteredButtons) { stanza.content.push(...additionalNodes) }
-                else stanza.content.push(buttonsNode)
-            } else if (additionalNodes?.length > 0) {
+                if (filteredButtons) {
+                    stanza.content.push(...additionalNodes)
+                    didPushAdditional = true
+                } else {
+                    stanza.content.push(...buttonsNode)
+                }
+            }
+
+            if (!didPushAdditional && additionalNodes?.length > 0) {
                 stanza.content.push(...additionalNodes)
             }
 
-            // Attach device identity for LID groups and pkmsg sessions
             if ((shouldIncludeDeviceIdentity || (meLid && (isLid || (isGroup && groupAddressingMode === 'lid')))) && !isNewsletter) {
                 stanza.content.push({ tag: 'device-identity', attrs: {}, content: encodeSignedDeviceIdentity(authState.creds.account, true) })
                 logger.debug({ jid }, 'adding device identity')
             }
 
-            // Attach TC token for DM messages (auto-refresh if expired)
-            if (!isGroup && !isRetryResend && !isStatus) {
-                const contactTcTokenData = await authState.keys.get('tctoken', [destinationJid])
-                let tcTokenBuffer = contactTcTokenData[destinationJid]?.token
-                if (isTokenExpired(contactTcTokenData[destinationJid])) {
-                    logger.debug({ jid: destinationJid }, 'tctoken expired, refreshing')
+            // TC token handling for 1:1 messages
+            const isPeerMessage = additionalAttributes?.category === 'peer'
+            const is1on1 = !isGroup && !isRetryResend && !isStatus && !isNewsletter && !isPeerMessage
+            if (is1on1) {
+                const getLIDForPN = signalRepository.lidMapping.getLIDForPN.bind(signalRepository.lidMapping)
+                const tcTokenJid = await resolveTcTokenJid(destinationJid, getLIDForPN)
+
+                const contactTcTokenData = await authState.keys.get('tctoken', [tcTokenJid])
+                const existingEntry = contactTcTokenData[tcTokenJid]
+                let tcTokenBuffer = existingEntry?.token
+
+                // Clear expired tokens
+                if (tcTokenBuffer?.length && isTcTokenExpired(existingEntry?.timestamp)) {
+                    logger.debug({ jid: destinationJid }, 'tctoken expired, clearing')
+                    tcTokenBuffer = undefined
                     try {
-                        const freshTokens = await getPrivacyTokens([destinationJid])
-                        tcTokenBuffer = freshTokens[destinationJid]?.token
-                    } catch (err) {
-                        logger.warn({ jid: destinationJid, err }, 'failed to refresh expired tctoken')
-                    }
+                        await authState.keys.set({ tctoken: { [tcTokenJid]: existingEntry?.senderTimestamp !== undefined ? { token: Buffer.alloc(0), senderTimestamp: existingEntry.senderTimestamp } : null } })
+                    } catch { }
+                }
+
+                if (tcTokenBuffer?.length) {
+                    stanza.content.push({ tag: 'tctoken', attrs: {}, content: tcTokenBuffer })
+                }
+
+                // Fire-and-forget: issue our token to the contact after send
+                const isProtocolMsg = !!normalizeMessageContent(message)?.protocolMessage
+                if (!isProtocolMsg && shouldSendNewTcToken(existingEntry?.senderTimestamp) && !inFlightTcTokenIssuance.has(tcTokenJid)) {
+                    inFlightTcTokenIssuance.add(tcTokenJid)
+                    const issueTimestamp = unixTimestampSeconds()
+                    const getPNForLID = signalRepository.lidMapping.getPNForLID.bind(signalRepository.lidMapping)
+                    const issueToLid = sock.serverProps?.lidTrustedTokenIssueToLid ?? false
+                    resolveIssuanceJid(destinationJid, issueToLid, getLIDForPN, getPNForLID)
+                        .then(issueJid => issuePrivacyTokens([issueJid], issueTimestamp))
+                        .then(async () => {
+                            const currentData = await authState.keys.get('tctoken', [tcTokenJid])
+                            const current = currentData[tcTokenJid]
+                            await authState.keys.set({ tctoken: { [tcTokenJid]: { ...current, senderTimestamp: issueTimestamp } } })
+                        })
+                        .catch(err => logger.debug({ jid: destinationJid, err: err?.message }, 'fire-and-forget tctoken issuance failed'))
+                        .finally(() => inFlightTcTokenIssuance.delete(tcTokenJid))
                 }
-                if (tcTokenBuffer) stanza.content.push({ tag: 'tctoken', attrs: {}, content: tcTokenBuffer })
             }
 
-            logger.debug({ msgId }, `sending message to ${participants.length} devices`)
+            logger.debug({ msgId: finalMsgId }, `sending message to ${participants.length} devices`)
             await sendNode(stanza)
-            if (messageRetryManager && !participant) messageRetryManager.addRecentMessage(destinationJid, msgId, message)
+            if (messageRetryManager && !participant) messageRetryManager.addRecentMessage(destinationJid, finalMsgId, message)
 
         }, activeSender)
 
@@ -722,21 +720,131 @@ export const makeMessagesSocket = (config) => {
         }
     }
 
-    const waUploadToServer = getWAUploadToServer(config, refreshMediaConn)
-    const nexus = new NexusHandler(Utils, waUploadToServer, relayMessage, { logger, mediaCache: config.mediaCache, options: config.options, mediaUploadTimeoutMs: config.mediaUploadTimeoutMs, user: authState.creds.me })
+    const nexus = new NexusHandler(Utils, waUploadToServer, relayMessage, { logger, mediaCache: config.mediaCache, options: config.options, mediaUploadTimeoutMs: config.mediaUploadTimeoutMs, user: authState.creds.me, getUrlInfo: text => getUrlInfo(text, { thumbnailWidth: linkPreviewImageThumbnailWidth, fetchOpts: { timeout: 3000, ...(httpRequestOptions || {}) }, logger, uploadImage: generateHighQualityLinkPreview ? waUploadToServer : undefined }) })
     const waitForMsgMediaUpdate = bindWaitForEvent(ev, 'messages.media-update')
 
+    const sendMessage = async (jid, content, options = {}) => {
+        const meId = authState.creds.me.id
+        const meLid = authState.creds.me?.lid
+        const { server } = jidDecode(jid)
+        const isGroup = server === 'g.us'
+        const isDestinationLid = server === 'lid'
+        const useCache = options.useCachedGroupMetadata !== false
+        const { quoted } = options
+
+        let activeSender = meId
+        let addressingMode = 'pn'
+        if (isGroup) {
+            const groupData = useCache && cachedGroupMetadata ? await cachedGroupMetadata(jid) : undefined
+            addressingMode = groupData?.addressingMode || 'lid'
+            if (addressingMode === 'lid' && meLid) activeSender = meLid
+        } else if (isDestinationLid && meLid) {
+            activeSender = meLid
+            addressingMode = 'lid'
+        }
+
+        // Unwrap shorthand `interactive` key
+        if (content.interactive && !content.interactiveMessage) {
+            const { interactive, ...rest } = content
+            content = { ...rest, interactiveMessage: interactive }
+        }
+
+        const messageType = nexus.detectType(content)
+        if (messageType) return await nexus.processMessage(content, jid, quoted)
+
+        if (content.disappearingMessagesInChat && isJidGroup(jid)) {
+            const value = typeof content.disappearingMessagesInChat === 'boolean'
+                ? (content.disappearingMessagesInChat ? WA_DEFAULT_EPHEMERAL : 0)
+                : content.disappearingMessagesInChat
+            await groupToggleEphemeral(jid, value)
+            return
+        }
+
+        if (content.delete) {
+            const deleteKey = content.delete
+            if (!deleteKey.remoteJid || !deleteKey.id) {
+                logger.error({ deleteKey }, 'Invalid delete key: missing remoteJid or id')
+                throw new Boom('Delete key must have remoteJid and id', { statusCode: 400 })
+            }
+
+            const { server: deleteServer } = jidDecode(deleteKey.remoteJid)
+            let deleteAddressingMode = deleteServer === 'lid' ? 'lid' : 'pn'
+            if (isJidGroup(deleteKey.remoteJid)) {
+                const groupData = useCache && cachedGroupMetadata ? await cachedGroupMetadata(deleteKey.remoteJid) : undefined
+                deleteAddressingMode = groupData?.addressingMode || 'lid'
+            }
+
+            let normalizedParticipant = deleteKey.participant
+            if (deleteKey.fromMe || isJidGroup(deleteKey.remoteJid)) {
+                const senderJid = (deleteAddressingMode === 'lid' && meLid) ? meLid : meId
+                normalizedParticipant = jidNormalizedUser(senderJid)
+            }
+
+            content.delete = {
+                remoteJid: deleteKey.remoteJid,
+                fromMe: deleteKey.fromMe === true || deleteKey.fromMe === 'true',
+                id: deleteKey.id,
+                ...(normalizedParticipant ? { participant: jidNormalizedUser(normalizedParticipant) } : {}),
+                addressingMode: deleteAddressingMode
+            }
+            logger.debug({ jid, deleteKey: content.delete }, 'processing message deletion')
+        }
+
+        const fullMsg = await generateWAMessage(jid, content, {
+            logger,
+            userJid: jidNormalizedUser(activeSender),
+            getUrlInfo: text => getUrlInfo(text, { thumbnailWidth: linkPreviewImageThumbnailWidth, fetchOpts: { timeout: 3000, ...(httpRequestOptions || {}) }, logger, uploadImage: generateHighQualityLinkPreview ? waUploadToServer : undefined }),
+            getProfilePicUrl: sock.profilePictureUrl,
+            getCallLink: sock.createCallLink,
+            upload: waUploadToServer,
+            mediaCache: config.mediaCache,
+            options: config.options,
+            messageId: generateMessageIDV2(activeSender),
+            ...options
+        })
+
+        const additionalAttributes = {}, additionalNodes = []
+        if (content.delete) {
+            additionalAttributes.edit = isJidGroup(content.delete.remoteJid) ? '8' : '7'
+        } else if (content.edit) {
+            additionalAttributes.edit = '1'
+        } else if (content.pin) {
+            additionalAttributes.edit = '2'
+        }
+        if (content.poll) additionalNodes.push({ tag: 'meta', attrs: { polltype: 'creation' } })
+        if (content.event) additionalNodes.push({ tag: 'meta', attrs: { event_type: 'creation' } })
+        if (content.ai) additionalNodes.push({ tag: 'bot', attrs: { biz_bot: '1' } })
+
+        // Pre-fetch TC token for new DM contacts
+        if (!isJidGroup(jid) && !isJidStatusBroadcast(jid) && !isJidBroadcast(jid) && !content.disappearingMessagesInChat) {
+            const existingToken = await authState.keys.get('tctoken', [jid])
+            if (!existingToken[jid]) {
+                try { await getPrivacyTokens([jid]); logger.debug({ jid }, 'fetched tctoken for new contact') }
+                catch (err) { logger.warn({ jid, err }, 'failed to fetch tctoken') }
+            }
+        }
+
+        await relayMessage(jid, fullMsg.message, {
+            messageId: fullMsg.key.id,
+            useCachedGroupMetadata: options.useCachedGroupMetadata,
+            additionalAttributes,
+            statusJidList: options.statusJidList,
+            additionalNodes
+        })
+
+        if (config.emitOwnEvents) {
+            process.nextTick(() => processingMutex.mutex(() => upsertMessage(fullMsg, 'append')))
+        }
+        return fullMsg
+    }
+
     return {
         ...sock,
-        getPrivacyTokens, assertSessions, relayMessage, sendReceipt, sendReceipts, nexus,
-        readMessages, refreshMediaConn, waUploadToServer, fetchPrivacySettings,
-        sendPeerDataOperationMessage, createParticipantNodes, getUSyncDevices,
-        messageRetryManager, updateMemberLabel,
-
-        // ─────────────────────────────────────────────
-        // UPDATE MEDIA MESSAGE
-        // Re-requests media upload for expired/missing media.
-        // ─────────────────────────────────────────────
+        getPrivacyTokens, issuePrivacyTokens, assertSessions, relayMessage,
+        sendReceipt, sendReceipts, nexus, readMessages, refreshMediaConn,
+        waUploadToServer, fetchPrivacySettings, sendPeerDataOperationMessage,
+        createParticipantNodes, getUSyncDevices, messageRetryManager, updateMemberLabel,
+
         updateMediaMessage: async (message) => {
             const content = assertMediaContent(message.message)
             const mediaKey = content.mediaKey
@@ -767,11 +875,6 @@ export const makeMessagesSocket = (config) => {
             return message
         },
 
-        // ─────────────────────────────────────────────
-        // SEND STATUS MENTIONS
-        // Broadcasts a status update and notifies mentioned
-        // users or groups via statusMentionMessage protocol.
-        // ─────────────────────────────────────────────
         sendStatusMentions: async (content, jids = []) => {
             const userJid = jidNormalizedUser(authState.creds.me.id)
             const allUsers = new Set([userJid])
@@ -825,7 +928,7 @@ export const makeMessagesSocket = (config) => {
             return msg
         },
 
-        // Nexus handler shortcuts for rich message types
+        // Nexus handler shortcuts
         sendPaymentMessage: (jid, data, quoted) => nexus.handlePayment({ requestPaymentMessage: data }, jid, quoted),
         sendProductMessage: (jid, data, quoted) => nexus.handleProduct({ productMessage: data }, jid, quoted),
         sendInteractiveMessage: (jid, data, quoted) => nexus.handleInteractive({ interactiveMessage: data }, jid, quoted),
@@ -838,133 +941,20 @@ export const makeMessagesSocket = (config) => {
         sendCarouselMessage: (jid, data, quoted) => nexus.handleCarousel({ carouselMessage: data }, jid, quoted),
         sendCarouselProtoMessage: (jid, data, quoted) => nexus.handleCarouselProto({ carouselProto: data }, jid, quoted),
         stickerPackMessage: (jid, data, options) => nexus.handleStickerPack(data, jid, options?.quoted),
-
-        // ─────────────────────────────────────────────
-        // SEND MESSAGE
-        // Main public API for sending any message type.
-        // Handles delete normalization, LID/PN identity selection,
-        // message generation, and relay.
-        // ─────────────────────────────────────────────
-        sendMessage: async (jid, content, options = {}) => {
-            const meId = authState.creds.me.id
-            const meLid = authState.creds.me?.lid
-            const { server } = jidDecode(jid)
-            const isGroup = server === 'g.us'
-            const isDestinationLid = server === 'lid'
-            const useCache = options.useCachedGroupMetadata !== false
-            const { quoted } = options
-
-            // Resolve sender identity for this destination
-            let activeSender = meId
-            let addressingMode = 'pn'
-            if (isGroup) {
-                const groupData = useCache && cachedGroupMetadata ? await cachedGroupMetadata(jid) : undefined
-                addressingMode = groupData?.addressingMode || 'lid'
-                if (addressingMode === 'lid' && meLid) activeSender = meLid
-            } else if (isDestinationLid && meLid) {
-                activeSender = meLid
-                addressingMode = 'lid'
-            }
-
-            // Unwrap shorthand `interactive` key
-            if (content.interactive && !content.interactiveMessage) {
-                const { interactive, ...rest } = content
-                content = { ...rest, interactiveMessage: interactive }
-            }
-
-            // Delegate rich message types to NexusHandler
-            const messageType = nexus.detectType(content)
-            if (messageType) return await nexus.processMessage(content, jid, quoted)
-
-            // Handle disappearing message toggle for groups
-            if (content.disappearingMessagesInChat && isJidGroup(jid)) {
-                const value = typeof content.disappearingMessagesInChat === 'boolean'
-                    ? (content.disappearingMessagesInChat ? WA_DEFAULT_EPHEMERAL : 0)
-                    : content.disappearingMessagesInChat
-                await groupToggleEphemeral(jid, value)
-                return
-            }
-
-            // ── Normalize delete key ──
-            // Groups require a participant field matching the sender's LID or PN identity.
-            // edit="7" = delete own message, edit="8" = admin delete another's message.
-            if (content.delete) {
-                const deleteKey = content.delete
-                if (!deleteKey.remoteJid || !deleteKey.id) {
-                    logger.error({ deleteKey }, 'Invalid delete key: missing remoteJid or id')
-                    throw new Boom('Delete key must have remoteJid and id', { statusCode: 400 })
-                }
-
-                const { server: deleteServer } = jidDecode(deleteKey.remoteJid)
-                let deleteAddressingMode = deleteServer === 'lid' ? 'lid' : 'pn'
-                if (isJidGroup(deleteKey.remoteJid)) {
-                    const groupData = useCache && cachedGroupMetadata ? await cachedGroupMetadata(deleteKey.remoteJid) : undefined
-                    deleteAddressingMode = groupData?.addressingMode || 'lid'
-                }
-
-                let normalizedParticipant = deleteKey.participant
-                if (deleteKey.fromMe || isJidGroup(deleteKey.remoteJid)) {
-                    const senderJid = (deleteAddressingMode === 'lid' && meLid) ? meLid : meId
-                    normalizedParticipant = jidNormalizedUser(senderJid)
-                }
-
-                content.delete = {
-                    remoteJid: deleteKey.remoteJid,
-                    fromMe: deleteKey.fromMe === true || deleteKey.fromMe === 'true',
-                    id: deleteKey.id,
-                    ...(normalizedParticipant ? { participant: jidNormalizedUser(normalizedParticipant) } : {}),
-                    addressingMode: deleteAddressingMode
-                }
-                logger.debug({ jid, deleteKey: content.delete }, 'processing message deletion')
-            }
-
-            // Generate the full WAMessage proto
-            const fullMsg = await generateWAMessage(jid, content, {
-                logger,
-                userJid: jidNormalizedUser(activeSender),
-                getUrlInfo: text => getUrlInfo(text, { thumbnailWidth: linkPreviewImageThumbnailWidth, fetchOpts: { timeout: 3000, ...(httpRequestOptions || {}) }, logger, uploadImage: generateHighQualityLinkPreview ? waUploadToServer : undefined }),
-                getProfilePicUrl: sock.profilePictureUrl,
-                getCallLink: sock.createCallLink,
-                upload: waUploadToServer,
-                mediaCache: config.mediaCache,
-                options: config.options,
-                messageId: generateMessageIDV2(activeSender),
-                ...options
-            })
-
-            // Build additional stanza attributes
-            const additionalAttributes = {}, additionalNodes = []
-            if (content.delete) {
-                additionalAttributes.edit = isJidGroup(content.delete.remoteJid) && !content.delete.fromMe ? '8' : '7'
-            } else if (content.edit) {
-                additionalAttributes.edit = '1'
-            } else if (content.pin) {
-                additionalAttributes.edit = '2'
-            }
-            if (content.poll) additionalNodes.push({ tag: 'meta', attrs: { polltype: 'creation' } })
-            if (content.event) additionalNodes.push({ tag: 'meta', attrs: { event_type: 'creation' } })
-
-            // Fetch TC token for new DM contacts
-            if (!isJidGroup(jid) && !content.disappearingMessagesInChat) {
-                const existingToken = await authState.keys.get('tctoken', [jid])
-                if (!existingToken[jid]) {
-                    try { await getPrivacyTokens([jid]); logger.debug({ jid }, 'fetched tctoken for new contact') }
-                    catch (err) { logger.warn({ jid, err }, 'failed to fetch tctoken') }
-                }
-            }
-
-            await relayMessage(jid, fullMsg.message, {
-                messageId: fullMsg.key.id,
-                useCachedGroupMetadata: options.useCachedGroupMetadata,
-                additionalAttributes,
-                statusJidList: options.statusJidList,
-                additionalNodes
-            })
-
-            if (config.emitOwnEvents) {
-                process.nextTick(() => processingMutex.mutex(() => upsertMessage(fullMsg, 'append')))
-            }
-            return fullMsg
-        }
+        sendMessage,
+        // Shorthand wrappers
+        sendText: (jid, text, options = {}) => sendMessage(jid, { text, ...options }, options),
+        sendImage: (jid, image, caption = '', options = {}) => sendMessage(jid, { image, caption, ...options }, options),
+        sendVideo: (jid, video, caption = '', options = {}) => sendMessage(jid, { video, caption, ...options }, options),
+        sendDocument: (jid, document, caption = '', options = {}) => sendMessage(jid, { document, caption, ...options }, options),
+        sendAudio: (jid, audio, options = {}) => sendMessage(jid, { audio, ...options }, options),
+        sendLocation: (jid, { degreesLatitude, degreesLongitude, name, url, address } = {}, options = {}) =>
+            sendMessage(jid, { location: { degreesLatitude, degreesLongitude, name, url, address }, ...options }, options),
+        sendPoll: (jid, name, pollVote = [], multiSelect = false, options = {}) =>
+            sendMessage(jid, { poll: { name, values: pollVote, selectableOptionsCount: multiSelect ? pollVote.length : 0 }, ...options }, options),
+        sendReaction: (jid, key, reaction, options = {}) => sendMessage(jid, { react: { text: reaction, key }, ...options }, options),
+        sendSticker: (jid, sticker, options = {}) => sendMessage(jid, { sticker, ...options }, options),
+        sendContact: (jid, contact, options = {}) => sendMessage(jid, { contacts: { contacts: Array.isArray(contact) ? contact : [contact] }, ...options }, options),
+        sendForward: (jid, message, options = {}) => sendMessage(jid, { forward: message, force: options.force }, options),
     }
 }