npm - @queenanya/baileys - Versions diffs - 9.5.4 → 9.5.5-beta.0 - Mend

@queenanya/baileys 9.5.4 → 9.5.5-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +309 -1831
package/WAProto/fix-imports.js +22 -18
package/WAProto/index.js +22 -18
package/lib/Defaults/index.d.ts +2 -0
package/lib/Defaults/index.d.ts.map +1 -1
package/lib/Defaults/index.js +3 -1
package/lib/Defaults/index.js.map +1 -1
package/lib/Socket/business.d.ts +80 -3
package/lib/Socket/business.d.ts.map +1 -1
package/lib/Socket/chats.d.ts +9 -0
package/lib/Socket/chats.d.ts.map +1 -1
package/lib/Socket/chats.js +216 -58
package/lib/Socket/chats.js.map +1 -1
package/lib/Socket/communities.d.ts +80 -3
package/lib/Socket/communities.d.ts.map +1 -1
package/lib/Socket/groups.d.ts +6 -0
package/lib/Socket/groups.d.ts.map +1 -1
package/lib/Socket/groups.js +6 -0
package/lib/Socket/groups.js.map +1 -1
package/lib/Socket/index.d.ts +80 -3
package/lib/Socket/index.d.ts.map +1 -1
package/lib/Socket/messages-recv.d.ts +80 -3
package/lib/Socket/messages-recv.d.ts.map +1 -1
package/lib/Socket/messages-recv.js +315 -60
package/lib/Socket/messages-recv.js.map +1 -1
package/lib/Socket/messages-send.d.ts +109 -3
package/lib/Socket/messages-send.d.ts.map +1 -1
package/lib/Socket/messages-send.js +170 -4
package/lib/Socket/messages-send.js.map +1 -1
package/lib/Socket/newsletter.d.ts +6 -0
package/lib/Socket/newsletter.d.ts.map +1 -1
package/lib/Socket/newsletter.js +2 -2
package/lib/Socket/newsletter.js.map +1 -1
package/lib/Socket/socket.d.ts.map +1 -1
package/lib/Socket/socket.js +3 -3
package/lib/Socket/socket.js.map +1 -1
package/lib/Types/Auth.d.ts +1 -0
package/lib/Types/Auth.d.ts.map +1 -1
package/lib/Types/Call.d.ts +1 -1
package/lib/Types/Call.d.ts.map +1 -1
package/lib/Types/Contact.d.ts +2 -0
package/lib/Types/Contact.d.ts.map +1 -1
package/lib/Types/Events.d.ts +18 -1
package/lib/Types/Events.d.ts.map +1 -1
package/lib/Types/GroupMetadata.d.ts +4 -0
package/lib/Types/GroupMetadata.d.ts.map +1 -1
package/lib/Types/Message.d.ts +360 -9
package/lib/Types/Message.d.ts.map +1 -1
package/lib/Types/Message.js.map +1 -1
package/lib/Types/Newsletter.d.ts +37 -42
package/lib/Types/Newsletter.d.ts.map +1 -1
package/lib/Types/Newsletter.js +18 -23
package/lib/Types/Newsletter.js.map +1 -1
package/lib/Types/State.d.ts +54 -0
package/lib/Types/State.d.ts.map +1 -1
package/lib/Types/State.js +42 -0
package/lib/Types/State.js.map +1 -1
package/lib/Utils/chat-utils.d.ts +30 -0
package/lib/Utils/chat-utils.d.ts.map +1 -1
package/lib/Utils/chat-utils.js +34 -8
package/lib/Utils/chat-utils.js.map +1 -1
package/lib/Utils/decode-wa-message.d.ts +12 -0
package/lib/Utils/decode-wa-message.d.ts.map +1 -1
package/lib/Utils/decode-wa-message.js +16 -0
package/lib/Utils/decode-wa-message.js.map +1 -1
package/lib/Utils/event-buffer.js +2 -0
package/lib/Utils/event-buffer.js.map +1 -1
package/lib/Utils/generics.d.ts.map +1 -1
package/lib/Utils/generics.js +9 -0
package/lib/Utils/generics.js.map +1 -1
package/lib/Utils/history.d.ts.map +1 -1
package/lib/Utils/history.js +12 -10
package/lib/Utils/history.js.map +1 -1
package/lib/Utils/identity-change-handler.d.ts +7 -0
package/lib/Utils/identity-change-handler.d.ts.map +1 -1
package/lib/Utils/identity-change-handler.js +1 -0
package/lib/Utils/identity-change-handler.js.map +1 -1
package/lib/Utils/index.d.ts +3 -0
package/lib/Utils/index.d.ts.map +1 -1
package/lib/Utils/index.js +3 -0
package/lib/Utils/index.js.map +1 -1
package/lib/Utils/interactive-message.js.map +1 -1
package/lib/Utils/message-composer.d.ts +5 -0
package/lib/Utils/message-composer.d.ts.map +1 -0
package/lib/Utils/message-composer.js +5 -0
package/lib/Utils/message-composer.js.map +1 -0
package/lib/Utils/message-retry-manager.js.map +1 -1
package/lib/Utils/messages-media.d.ts +1 -1
package/lib/Utils/messages-media.d.ts.map +1 -1
package/lib/Utils/messages-media.js +2 -2
package/lib/Utils/messages-media.js.map +1 -1
package/lib/Utils/messages.d.ts.map +1 -1
package/lib/Utils/messages.js +14 -5
package/lib/Utils/messages.js.map +1 -1
package/lib/Utils/noise-handler.js.map +1 -1
package/lib/Utils/process-message.d.ts.map +1 -1
package/lib/Utils/process-message.js +58 -2
package/lib/Utils/process-message.js.map +1 -1
package/lib/Utils/sync-action-utils.d.ts.map +1 -1
package/lib/Utils/sync-action-utils.js +1 -0
package/lib/Utils/sync-action-utils.js.map +1 -1
package/lib/Utils/tc-token-utils.d.ts +26 -1
package/lib/Utils/tc-token-utils.d.ts.map +1 -1
package/lib/Utils/tc-token-utils.js +149 -4
package/lib/Utils/tc-token-utils.js.map +1 -1
package/lib/WABinary/jid-utils.js.map +1 -1
package/lib/WAUSync/Protocols/USyncContactProtocol.d.ts.map +1 -1
package/lib/WAUSync/Protocols/USyncContactProtocol.js +26 -3
package/lib/WAUSync/Protocols/USyncContactProtocol.js.map +1 -1
package/lib/WAUSync/Protocols/USyncUsernameProtocol.d.ts +10 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.d.ts.map +1 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.js +25 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.js.map +1 -0
package/lib/WAUSync/Protocols/index.d.ts +1 -0
package/lib/WAUSync/Protocols/index.d.ts.map +1 -1
package/lib/WAUSync/Protocols/index.js +1 -0
package/lib/WAUSync/Protocols/index.js.map +1 -1
package/lib/WAUSync/USyncQuery.d.ts +1 -0
package/lib/WAUSync/USyncQuery.d.ts.map +1 -1
package/lib/WAUSync/USyncQuery.js +5 -1
package/lib/WAUSync/USyncQuery.js.map +1 -1
package/lib/WAUSync/USyncUser.d.ts +4 -0
package/lib/WAUSync/USyncUser.d.ts.map +1 -1
package/lib/WAUSync/USyncUser.js +8 -0
package/lib/WAUSync/USyncUser.js.map +1 -1
package/lib/addons/auto-reply.js.map +1 -1
package/lib/addons/browser-presets.d.ts +16 -0
package/lib/addons/browser-presets.d.ts.map +1 -0
package/lib/addons/browser-presets.js +24 -0
package/lib/addons/browser-presets.js.map +1 -0
package/lib/addons/button-sender.d.ts +0 -2
package/lib/addons/button-sender.d.ts.map +1 -1
package/lib/addons/button-sender.js +21 -23
package/lib/addons/button-sender.js.map +1 -1
package/lib/addons/call-handler.d.ts.map +1 -1
package/lib/addons/call-handler.js.map +1 -1
package/lib/addons/from-messages-recv.d.ts.map +1 -1
package/lib/addons/from-messages-recv.js.map +1 -1
package/lib/addons/from-messages.js.map +1 -1
package/lib/addons/index.d.ts +22 -5
package/lib/addons/index.d.ts.map +1 -1
package/lib/addons/index.js +29 -17
package/lib/addons/index.js.map +1 -1
package/lib/addons/interactive-message.js.map +1 -1
package/lib/addons/jid-plot.d.ts +49 -0
package/lib/addons/jid-plot.d.ts.map +1 -0
package/lib/addons/jid-plot.js +84 -0
package/lib/addons/jid-plot.js.map +1 -0
package/lib/addons/lid-support.d.ts +41 -0
package/lib/addons/lid-support.d.ts.map +1 -0
package/lib/addons/lid-support.js +42 -0
package/lib/addons/lid-support.js.map +1 -0
package/lib/addons/message-composer.d.ts +142 -0
package/lib/addons/message-composer.d.ts.map +1 -0
package/lib/addons/message-composer.js +377 -0
package/lib/addons/message-composer.js.map +1 -0
package/lib/addons/message-scheduler.d.ts +77 -0
package/lib/addons/message-scheduler.d.ts.map +1 -0
package/lib/addons/message-scheduler.js +108 -0
package/lib/addons/message-scheduler.js.map +1 -0
package/lib/addons/message-utils.d.ts.map +1 -1
package/lib/addons/message-utils.js.map +1 -1
package/lib/addons/outgoing-calls.d.ts +64 -0
package/lib/addons/outgoing-calls.d.ts.map +1 -0
package/lib/addons/outgoing-calls.js +139 -0
package/lib/addons/outgoing-calls.js.map +1 -0
package/lib/addons/pairing-fix.d.ts +31 -0
package/lib/addons/pairing-fix.d.ts.map +1 -0
package/lib/addons/pairing-fix.js +74 -0
package/lib/addons/pairing-fix.js.map +1 -0
package/lib/addons/past-participants.d.ts +42 -0
package/lib/addons/past-participants.d.ts.map +1 -0
package/lib/addons/past-participants.js +41 -0
package/lib/addons/past-participants.js.map +1 -0
package/lib/addons/rich-response.d.ts +111 -0
package/lib/addons/rich-response.d.ts.map +1 -0
package/lib/addons/rich-response.js +152 -0
package/lib/addons/rich-response.js.map +1 -0
package/lib/addons/status-posting.d.ts.map +1 -1
package/lib/addons/status-posting.js +1 -3
package/lib/addons/status-posting.js.map +1 -1
package/lib/addons/stickerpack.d.ts +37 -0
package/lib/addons/stickerpack.d.ts.map +1 -0
package/lib/addons/stickerpack.js +39 -0
package/lib/addons/stickerpack.js.map +1 -0
package/package.json +3 -3

package/lib/Socket/messages-recv.js CHANGED Viewed

@@ -4,16 +4,18 @@ import { randomBytes } from 'crypto';
 import Long from 'long';
 import { proto } from '../../WAProto/index.js';
 import { DEFAULT_CACHE_TTLS, KEY_BUNDLE_TYPE, MIN_PREKEY_COUNT, PLACEHOLDER_MAX_AGE_SECONDS, STATUS_EXPIRY_SECONDS } from '../Defaults/index.js';
-import { WAMessageStatus, WAMessageStubType } from '../Types/index.js';
-import { aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
+import { ReachoutTimelockEnforcementType, WAMessageStatus, WAMessageStubType } from '../Types/index.js';
+import { aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, SERVER_ERROR_CODES, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
 import { makeMutex } from '../Utils/make-mutex.js';
+import { buildMergedTcTokenIndexWrite, isTcTokenExpired, readTcTokenIndex, resolveIssuanceJid, resolveTcTokenJid, storeTcTokensFromIqResult, TC_TOKEN_INDEX_KEY } from '../Utils/tc-token-utils.js';
 import { areJidsSameUser, binaryNodeToString, getAllBinaryNodeChildren, getBinaryNodeChild, getBinaryNodeChildBuffer, getBinaryNodeChildren, getBinaryNodeChildString, isJidGroup, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser, jidDecode, jidEncode, jidNormalizedUser, S_WHATSAPP_NET } from '../WABinary/index.js';
 import { extractGroupMetadata } from './groups.js';
 import { makeMessagesSocket } from './messages-send.js';
 export const makeMessagesRecvSocket = (config) => {
     const { logger, retryRequestDelayMs, maxMsgRetryCount, getMessage, shouldIgnoreJid, enableAutoSessionRecreation } = config;
     const sock = makeMessagesSocket(config);
-    const { ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, generateMessageTag, getUSyncDevices, createParticipantNodes, messageRetryManager } = sock;
+    const { ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, generateMessageTag, getUSyncDevices, createParticipantNodes, messageRetryManager, issuePrivacyTokens } = sock;
+    const getLIDForPN = signalRepository.lidMapping.getLIDForPN.bind(signalRepository.lidMapping);
     /** this mutex ensures that each retryRequest will wait for the previous one to finish */
     const retryMutex = makeMutex();
     const msgRetryCache = config.msgRetryCounterCache ||
@@ -84,25 +86,145 @@ export const makeMessagesRecvSocket = (config) => {
         }, 8000);
         return sendPeerDataOperationMessage(pdoMessage);
     };
-    // Handles mex newsletter notifications
-    const handleMexNewsletterNotification = async (node) => {
+    const ENFORCEMENT_TYPE_VALUES = new Set(Object.values(ReachoutTimelockEnforcementType));
+    function isValidEnforcementType(value) {
+        return typeof value === 'string' && ENFORCEMENT_TYPE_VALUES.has(value);
+    }
+    // ── Top-level mex dispatcher (PR: feat-mex-notification-dispatch) ─────────
+    const handleMexNotification = async (node) => {
+        const updateNode = getBinaryNodeChild(node, 'update');
+        if (updateNode) {
+            const opName = updateNode.attrs?.op_name;
+            if (!opName) {
+                logger.warn({ node: binaryNodeToString(node) }, 'mex notification missing op_name');
+                return;
+            }
+            let mexResponse;
+            try {
+                mexResponse = JSON.parse(updateNode.content.toString());
+            }
+            catch (error) {
+                logger.error({ err: error, opName }, 'failed to parse mex notification JSON');
+                return;
+            }
+            if (mexResponse.errors?.length) {
+                logger.warn({ errors: mexResponse.errors, opName }, 'mex notification has GQL errors');
+                return;
+            }
+            const data = mexResponse.data;
+            if (!data) {
+                logger.warn({ opName }, 'mex notification has null data');
+                return;
+            }
+            logger.debug({ opName }, 'processing mex notification');
+            switch (opName) {
+                case 'NotificationUserReachoutTimelockUpdate':
+                    handleReachoutTimelockNotification(data);
+                    break;
+                case 'MessageCappingInfoNotification':
+                    handleMessageCappingNotification(data);
+                    break;
+                case 'NotificationLinkedProfilesUpdates': {
+                    // PR: fix-mex-linked-profiles
+                    const linkedProfiles = data.xwa2_notify_linked_profiles;
+                    if (!linkedProfiles)
+                        break;
+                    const lid = linkedProfiles.jid;
+                    for (const profile of linkedProfiles.added_profiles ?? []) {
+                        const pn = typeof profile === 'string' ? profile : (profile?.pn ?? profile?.jid ?? null);
+                        if (lid && pn)
+                            ev.emit('lid-mapping.update', { lid, pn });
+                    }
+                    break;
+                }
+                // newsletter ops still use the legacy <mex> child structure
+                case 'NotificationNewsletterUpdate':
+                case 'NotificationNewsletterAdminPromote':
+                case 'NotificationNewsletterAdminDemote':
+                case 'NotificationNewsletterUserSettingChange':
+                case 'NotificationNewsletterJoin':
+                case 'NotificationNewsletterLeave':
+                case 'NotificationNewsletterStateChange':
+                case 'NotificationNewsletterAdminMetadataUpdate':
+                case 'NotificationNewsletterOwnerUpdate':
+                case 'NotificationNewsletterAdminInviteRevoke':
+                case 'NotificationNewsletterWamoSubStatusChange':
+                case 'NotificationNewsletterBlockUser':
+                case 'NotificationNewsletterPaidPartnership':
+                case 'NotificationNewsletterMilestone':
+                case 'NewsletterResponseStateUpdate':
+                    await handleLegacyMexNewsletterNotification(node);
+                    break;
+                default:
+                    logger.debug({ opName }, 'unhandled mex notification');
+                    break;
+            }
+            return;
+        }
+        await handleLegacyMexNewsletterNotification(node);
+    };
+    const handleReachoutTimelockNotification = (data) => {
+        const payload = data.xwa2_notify_account_reachout_timelock;
+        if (!payload) {
+            logger.warn('reachout timelock notification missing payload');
+            return;
+        }
+        if (!payload.is_active) {
+            logger.info('reachout timelock restriction lifted');
+            ev.emit('connection.update', {
+                reachoutTimeLock: {
+                    isActive: false,
+                    enforcementType: ReachoutTimelockEnforcementType.DEFAULT
+                }
+            });
+            return;
+        }
+        // WA Web defaults to now+60s when the server omits the expiry
+        const timeEnforcementEnds = payload.time_enforcement_ends
+            ? new Date(parseInt(payload.time_enforcement_ends, 10) * 1000)
+            : new Date(Date.now() + 60000);
+        const enforcementType = isValidEnforcementType(payload.enforcement_type)
+            ? payload.enforcement_type
+            : ReachoutTimelockEnforcementType.DEFAULT;
+        logger.info({ enforcementType, timeEnforcementEnds }, 'reachout timelock restriction set');
+        ev.emit('connection.update', {
+            reachoutTimeLock: {
+                isActive: true,
+                timeEnforcementEnds,
+                enforcementType
+            }
+        });
+    };
+    const handleMessageCappingNotification = (data) => {
+        const payload = data.xwa2_notify_new_chat_messages_capping_info_update;
+        if (!payload) {
+            logger.warn('message capping notification missing payload');
+            return;
+        }
+        logger.info({ payload }, 'received message capping update');
+        ev.emit('message-capping.update', payload);
+    };
+    // ── Legacy mex newsletter notification handler ────────────────────────────
+    const handleLegacyMexNewsletterNotification = async (node) => {
         const mexNode = getBinaryNodeChild(node, 'mex');
         if (!mexNode?.content) {
-            logger.warn({ node }, 'Invalid mex newsletter notification');
+            logger.warn({ node: binaryNodeToString(node) }, 'invalid mex newsletter notification');
             return;
         }
-        let data;
+        let parsed;
         try {
-            data = JSON.parse(mexNode.content.toString());
+            // PR fix-mex-linked-profiles: handle binary-encoded content correctly
+            const payloadContent = mexNode.content;
+            const contentBuf = typeof payloadContent === 'string' ? Buffer.from(payloadContent, 'binary') : Buffer.from(payloadContent);
+            parsed = JSON.parse(contentBuf.toString());
         }
         catch (error) {
-            logger.error({ err: error, node }, 'Failed to parse mex newsletter notification');
+            logger.error({ err: error, node: binaryNodeToString(node) }, 'failed to parse mex newsletter notification');
             return;
         }
-        const operation = data?.operation;
-        const updates = data?.updates;
+        const { operation, updates } = parsed;
         if (!updates || !operation) {
-            logger.warn({ data }, 'Invalid mex newsletter notification content');
+            logger.warn({ parsed }, 'invalid mex newsletter notification content');
             return;
         }
         logger.info({ operation, updates }, 'got mex newsletter notification');
@@ -131,7 +253,7 @@ export const makeMessagesRecvSocket = (config) => {
                 }
                 break;
             default:
-                logger.info({ operation, data }, 'Unhandled mex newsletter notification');
+                logger.info({ operation, parsed }, 'unhandled mex newsletter notification');
                 break;
         }
     };
@@ -664,7 +786,8 @@ export const makeMessagesRecvSocket = (config) => {
                 validateSession: signalRepository.validateSession,
                 assertSessions,
                 debounceCache: identityAssertDebounce,
-                logger
+                logger,
+                onBeforeSessionRefresh: reissueTcTokenAfterIdentityChange
             });
             if (result.action === 'no_identity_node') {
                 logger.info({ node }, 'unknown encrypt notification');
@@ -675,6 +798,7 @@ export const makeMessagesRecvSocket = (config) => {
         // TODO: Support PN/LID (Here is only LID now)
         const actingParticipantLid = fullNode.attrs.participant;
         const actingParticipantPn = fullNode.attrs.participant_pn;
+        const actingParticipantUsername = fullNode.attrs.participant_username;
         const affectedParticipantLid = getBinaryNodeChild(child, 'participant')?.attrs?.jid || actingParticipantLid;
         const affectedParticipantPn = getBinaryNodeChild(child, 'participant')?.attrs?.phone_number || actingParticipantPn;
         switch (child?.tag) {
@@ -694,7 +818,8 @@ export const makeMessagesRecvSocket = (config) => {
                     {
                         ...metadata,
                         author: actingParticipantLid,
-                        authorPn: actingParticipantPn
+                        authorPn: actingParticipantPn,
+                        authorUsername: actingParticipantUsername
                     }
                 ]);
                 break;
@@ -804,7 +929,7 @@ export const makeMessagesRecvSocket = (config) => {
                 await handleNewsletterNotification(node);
                 break;
             case 'mex':
-                await handleMexNewsletterNotification(node);
+                await handleMexNotification(node);
                 break;
             case 'w:gp2':
                 // TODO: HANDLE PARTICIPANT_PN
@@ -950,27 +1075,91 @@ export const makeMessagesRecvSocket = (config) => {
             return result;
         }
     };
+    /**
+     * In-memory cache of storage JIDs with stored tctokens, seeded from the persisted index.
+     */
+    const tcTokenKnownJids = new Set();
+    const tcTokenIndexLoaded = (async () => {
+        try {
+            const jids = await readTcTokenIndex(authState.keys);
+            for (const jid of jids)
+                tcTokenKnownJids.add(jid);
+            logger.debug({ count: tcTokenKnownJids.size }, 'loaded tctoken index');
+        }
+        catch (err) {
+            logger.warn({ err: err?.message }, 'failed to load tctoken index');
+        }
+    })();
+    let tcTokenIndexTimer;
+    async function flushTcTokenIndex() {
+        if (tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+            tcTokenIndexTimer = undefined;
+        }
+        const write = await buildMergedTcTokenIndexWrite(authState.keys, tcTokenKnownJids);
+        return authState.keys.set({ tctoken: write });
+    }
+    function scheduleTcTokenIndexSave() {
+        if (tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+        }
+        tcTokenIndexTimer = setTimeout(() => {
+            tcTokenIndexTimer = undefined;
+            flushTcTokenIndex().catch(err => {
+                logger.warn({ err: err?.message }, 'failed to save tctoken index');
+            });
+        }, 5000);
+    }
+    function trackTcTokenJid(jid) {
+        if (jid && jid !== TC_TOKEN_INDEX_KEY && !tcTokenKnownJids.has(jid)) {
+            tcTokenKnownJids.add(jid);
+            scheduleTcTokenIndexSave();
+        }
+    }
     const handlePrivacyTokenNotification = async (node) => {
         const tokensNode = getBinaryNodeChild(node, 'tokens');
-        const from = jidNormalizedUser(node.attrs.from);
         if (!tokensNode)
             return;
-        const tokenNodes = getBinaryNodeChildren(tokensNode, 'token');
-        for (const tokenNode of tokenNodes) {
-            const { attrs, content } = tokenNode;
-            const type = attrs.type;
-            const timestamp = attrs.t;
-            if (type === 'trusted_contact' && content instanceof Buffer) {
-                logger.debug({
-                    from,
-                    timestamp,
-                    tcToken: content
-                }, 'received trusted contact token');
-                await authState.keys.set({
-                    tctoken: { [from]: { token: content, timestamp } }
-                });
+        const from = jidNormalizedUser(node.attrs.from);
+        const senderLid = node.attrs.sender_lid && isLidUser(jidNormalizedUser(node.attrs.sender_lid))
+            ? jidNormalizedUser(node.attrs.sender_lid)
+            : undefined;
+        const fallbackJid = senderLid ?? (await resolveTcTokenJid(from, getLIDForPN));
+        logger.debug({ from, storageJid: fallbackJid }, 'processing privacy token notification');
+        await storeTcTokensFromIqResult({
+            result: node,
+            fallbackJid,
+            keys: authState.keys,
+            getLIDForPN,
+            onNewJidStored: trackTcTokenJid
+        });
+    };
+    /**
+     * Fire-and-forget tctoken re-issuance after a peer's device identity changed.
+     */
+    const reissueTcTokenAfterIdentityChange = (from) => {
+        void (async () => {
+            const normalizedJid = jidNormalizedUser(from);
+            const tcJid = await resolveTcTokenJid(normalizedJid, getLIDForPN);
+            const tcTokenData = await authState.keys.get('tctoken', [tcJid]);
+            const senderTs = tcTokenData?.[tcJid]?.senderTimestamp;
+            if (senderTs === null || senderTs === undefined || isTcTokenExpired(senderTs)) {
+                return;
             }
-        }
+            logger.debug({ jid: normalizedJid, senderTimestamp: senderTs }, 'identity changed, re-issuing tctoken');
+            const getPNForLID = signalRepository.lidMapping.getPNForLID.bind(signalRepository.lidMapping);
+            const issueJid = await resolveIssuanceJid(normalizedJid, sock.serverProps.lidTrustedTokenIssueToLid, getLIDForPN, getPNForLID);
+            const result = await issuePrivacyTokens([issueJid], senderTs);
+            await storeTcTokensFromIqResult({
+                result,
+                fallbackJid: tcJid,
+                keys: authState.keys,
+                getLIDForPN,
+                onNewJidStored: trackTcTokenJid
+            });
+        })().catch(err => {
+            logger.debug({ jid: from, err: err?.message }, 'failed to re-issue tctoken after identity change');
+        });
     };
     async function decipherLinkPublicKey(data) {
         const buffer = toRequiredBuffer(data);
@@ -1437,23 +1626,22 @@ export const makeMessagesRecvSocket = (config) => {
     };
     const handleBadAck = async ({ attrs }) => {
         const key = { remoteJid: attrs.from, fromMe: true, id: attrs.id };
-        // WARNING: REFRAIN FROM ENABLING THIS FOR NOW. IT WILL CAUSE A LOOP
-        // // current hypothesis is that if pash is sent in the ack
-        // // it means -- the message hasn't reached all devices yet
-        // // we'll retry sending the message here
-        // if(attrs.phash) {
-        // 	logger.info({ attrs }, 'received phash in ack, resending message...')
-        // 	const msg = await getMessage(key)
-        // 	if(msg) {
-        // 		await relayMessage(key.remoteJid!, msg, { messageId: key.id!, useUserDevicesCache: false })
-        // 	} else {
-        // 		logger.warn({ attrs }, 'could not send message again, as it was not found')
-        // 	}
-        // }
         // error in acknowledgement,
         // device could not display the message
         if (attrs.error) {
-            logger.warn({ attrs }, 'received error in ack');
+            if (attrs.error === SERVER_ERROR_CODES.MissingTcToken) {
+                // 463 = account restricted + no tctoken for this contact.
+                // WA Web prevents this client-side (disables compose bar).
+                // No retry — retrying worsens the restriction by counting
+                // as another "reach out" to an unknown contact.
+                logger.warn({ msgId: attrs.id, from: attrs.from }, 'error 463: account restricted or missing tctoken for contact');
+            }
+            else if (attrs.error === SERVER_ERROR_CODES.SmaxInvalid) {
+                logger.warn({ msgId: attrs.id, from: attrs.from }, 'smax-invalid (479): stanza rejected by server — likely stale device session or malformed addressing');
+            }
+            else {
+                logger.warn({ attrs }, 'received error in ack');
+            }
             ev.emit('messages.update', [
                 {
                     key,
@@ -1463,19 +1651,6 @@ export const makeMessagesRecvSocket = (config) => {
                     }
                 }
             ]);
-            // resend the message with device_fanout=false, use at your own risk
-            // if (attrs.error === '475') {
-            // 	const msg = await getMessage(key)
-            // 	if (msg) {
-            // 		await relayMessage(key.remoteJid!, msg, {
-            // 			messageId: key.id!,
-            // 			useUserDevicesCache: false,
-            // 			additionalAttributes: {
-            // 				device_fanout: 'false'
-            // 			}
-            // 		})
-            // 	}
-            // }
         }
     };
     /// processes a node with the given function
@@ -1590,12 +1765,92 @@ export const makeMessagesRecvSocket = (config) => {
             await upsertMessage(protoMsg, call.offline ? 'append' : 'notify');
         }
     });
-    ev.on('connection.update', ({ isOnline }) => {
+    /** timestamp of last tctoken prune run — throttles to once per 24h */
+    let lastTcTokenPruneTs = 0;
+    ev.on('connection.update', ({ isOnline, connection }) => {
         if (typeof isOnline !== 'undefined') {
             sendActiveReceipts = isOnline;
             logger.trace(`sendActiveReceipts set to "${sendActiveReceipts}"`);
         }
+        // Flush pending tctoken index save on disconnect to avoid writing after close
+        if (connection === 'close' && tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+            tcTokenIndexTimer = undefined;
+            try {
+                void Promise.resolve(flushTcTokenIndex()).catch(() => { });
+            }
+            catch {
+                /* ignore sync errors */
+            }
+        }
+        // Prune expired tctokens when coming online, at most once per 24 hours
+        if (isOnline) {
+            const now = Date.now();
+            const DAY_MS = 24 * 60 * 60 * 1000;
+            if (now - lastTcTokenPruneTs >= DAY_MS) {
+                lastTcTokenPruneTs = now;
+                void pruneExpiredTcTokens();
+            }
+        }
     });
+    async function pruneExpiredTcTokens() {
+        try {
+            await tcTokenIndexLoaded;
+            const persisted = await readTcTokenIndex(authState.keys);
+            const allJids = new Set(tcTokenKnownJids);
+            for (const jid of persisted)
+                allJids.add(jid);
+            if (!allJids.size)
+                return;
+            const jids = [...allJids];
+            const allTokens = await authState.keys.get('tctoken', jids);
+            const writes = {};
+            const survivors = new Set();
+            let mutated = 0;
+            for (const jid of jids) {
+                const entry = allTokens[jid];
+                if (!entry) {
+                    mutated++;
+                    continue;
+                }
+                const hasPeerToken = !!entry.token?.length;
+                const peerTokenExpired = hasPeerToken && isTcTokenExpired(entry.timestamp);
+                const hasSenderTs = entry.senderTimestamp !== undefined;
+                const senderTsExpired = hasSenderTs && isTcTokenExpired(entry.senderTimestamp);
+                const keepPeerToken = hasPeerToken && !peerTokenExpired;
+                const keepSenderTs = hasSenderTs && !senderTsExpired;
+                if (!keepPeerToken && !keepSenderTs) {
+                    writes[jid] = null;
+                    mutated++;
+                }
+                else if (peerTokenExpired && keepSenderTs) {
+                    writes[jid] = { token: Buffer.alloc(0), senderTimestamp: entry.senderTimestamp };
+                    survivors.add(jid);
+                    mutated++;
+                }
+                else {
+                    survivors.add(jid);
+                }
+            }
+            if (mutated === 0)
+                return;
+            await authState.keys.set({
+                tctoken: {
+                    ...writes,
+                    [TC_TOKEN_INDEX_KEY]: {
+                        token: Buffer.from(JSON.stringify([...survivors]))
+                    }
+                }
+            });
+            tcTokenKnownJids.clear();
+            for (const jid of survivors)
+                tcTokenKnownJids.add(jid);
+            logger.debug({ mutated, remaining: survivors.size }, 'pruned expired tctokens');
+        }
+        catch (err) {
+            logger.warn({ err: err?.message }, 'failed to prune expired tctokens');
+        }
+    }
     return {
         ...sock,
         sendMessageAck,