@relay-federation/bridge 0.3.11 → 0.3.13

package/cli.js

@@ -6,6 +6,7 @@ import { PeerManager } from './lib/peer-manager.js'
 import { HeaderRelay } from './lib/header-relay.js'
 import { TxRelay } from './lib/tx-relay.js'
 import { DataRelay } from './lib/data-relay.js'
+import { SessionRelay } from './lib/session-relay.js'
 import { StatusServer } from './lib/status-server.js'
 // network.js import removed — register/deregister now use local UTXOs + P2P broadcast
 
@@ -404,6 +405,7 @@ async function cmdStart () {
   const headerRelay = new HeaderRelay(peerManager)
   const txRelay = new TxRelay(peerManager)
   const dataRelay = new DataRelay(peerManager)
+  const sessionRelay = new SessionRelay(peerManager, store)
 
   // ── 2b. Phase 2: Security layer ────────────────────────────
   const { PeerScorer } = await import('./lib/peer-scorer.js')
@@ -960,6 +962,12 @@ async function cmdStart () {
     statusServer.addLog(msg)
   })
 
+  sessionRelay.on('sessions:sync', ({ pubkeyHex, address, added, total }) => {
+    const msg = `Synced ${added} sessions for ${address.slice(0, 12)}... from ${pubkeyHex.slice(0, 16)}... (total: ${total})`
+    console.log(msg)
+    statusServer.addLog(msg)
+  })
+
   txRelay.on('tx:new', ({ txid }) => {
     const msg = `New tx: ${txid}`
     console.log(msg)

package/lib/address-scanner.js

@@ -25,14 +25,15 @@ export async function scanAddress (address, store, onProgress = () => {}) {
   // Phase 1: Fetch tx history from WhatsOnChain
   onProgress({ phase: 'discovery', current: 0, total: 0, message: 'Fetching transaction history...' })
 
-  const historyUrl = `${WOC_BASE}/address/${address}/history`
+  const historyUrl = `${WOC_BASE}/address/${address}/confirmed/history`
   const histRes = await fetchWithRetry(historyUrl)
   if (!histRes.ok) {
     throw new Error(`WhatsOnChain returned ${histRes.status} for address history`)
   }
-  const history = await histRes.json()
+  const data = await histRes.json()
+  const history = Array.isArray(data) ? data : (data.result || [])
 
-  if (!Array.isArray(history) || history.length === 0) {
+  if (history.length === 0) {
     onProgress({ phase: 'done', current: 0, total: 0, message: 'No transactions found for this address' })
     return { address, txsScanned: 0, inscriptionsFound: 0, errors: 0 }
   }

package/lib/persistent-store.js

@@ -42,6 +42,7 @@ export class PersistentStore extends EventEmitter {
     this._txBlock = null
     this._content = null
     this._tokens = null
+    this._sessions = null
     this._contentDir = join(dataDir, 'content')
   }
 
@@ -61,6 +62,7 @@ export class PersistentStore extends EventEmitter {
     this._txBlock = this.db.sublevel('txBlock', { valueEncoding: 'json' })
     this._content = this.db.sublevel('content', { valueEncoding: 'json' })
     this._tokens = this.db.sublevel('tokens', { valueEncoding: 'json' })
+    this._sessions = this.db.sublevel('sessions', { valueEncoding: 'json' })
     await mkdir(this._contentDir, { recursive: true })
     this.emit('open')
   }
@@ -273,6 +275,107 @@ export class PersistentStore extends EventEmitter {
     return matches
   }
 
+  // ── Sessions (Indelible) ───────────────────────────────────
+
+  /**
+   * Store a session metadata record with sort index.
+   * PK: s!{address}!{txId}  SK: t!{address}!{revTs}!{txId}
+   * @param {object} session — must have txId and address
+   */
+  async putSession (session) {
+    const { txId, address } = session
+    if (!txId || !address) throw new Error('txId and address required')
+    const pk = `s!${address}!${txId}`
+    const ts = session.timestamp || new Date().toISOString()
+    const revTs = String(9999999999999 - new Date(ts).getTime()).padStart(13, '0')
+    const sk = `t!${address}!${revTs}!${txId}`
+    const record = {
+      txId, address,
+      session_id: session.session_id || null,
+      prev_session_id: session.prev_session_id || null,
+      summary: session.summary || '',
+      message_count: session.message_count || 0,
+      save_type: session.save_type || 'full',
+      timestamp: ts,
+      receivedAt: new Date().toISOString()
+    }
+    await this._sessions.batch([
+      { type: 'put', key: pk, value: record },
+      { type: 'put', key: sk, value: txId }
+    ])
+    return record
+  }
+
+  /**
+   * Get sessions for an address, newest first.
+   * @param {string} address
+   * @param {number} [limit=200]
+   * @returns {Promise<Array>}
+   */
+  async getSessions (address, limit = 200) {
+    const prefix = `t!${address}!`
+    const results = []
+    for await (const [, txId] of this._sessions.iterator({
+      gte: prefix, lt: prefix + '~', limit
+    })) {
+      const record = await this._safeGet(this._sessions, `s!${address}!${txId}`)
+      if (record) results.push(record)
+    }
+    return results
+  }
+
+  /**
+   * Batch import sessions (for backfill).
+   * @param {Array} sessions — array of session objects
+   * @returns {Promise<number>} count imported
+   */
+  async putSessionsBatch (sessions) {
+    const ops = []
+    for (const session of sessions) {
+      const { txId, address } = session
+      if (!txId || !address) continue
+      const pk = `s!${address}!${txId}`
+      const ts = session.timestamp || new Date().toISOString()
+      const revTs = String(9999999999999 - new Date(ts).getTime()).padStart(13, '0')
+      const sk = `t!${address}!${revTs}!${txId}`
+      const record = {
+        txId, address,
+        session_id: session.session_id || null,
+        prev_session_id: session.prev_session_id || null,
+        summary: session.summary || '',
+        message_count: session.message_count || 0,
+        save_type: session.save_type || 'full',
+        timestamp: ts,
+        receivedAt: new Date().toISOString()
+      }
+      ops.push({ type: 'put', key: pk, value: record })
+      ops.push({ type: 'put', key: sk, value: txId })
+    }
+    if (ops.length > 0) await this._sessions.batch(ops)
+    return ops.length / 2
+  }
+
+  /**
+   * Get summary of all addresses with sessions (for peer sync announce).
+   * @returns {Promise<Array<{ address: string, count: number, latest: string }>>}
+   */
+  async getSessionAddresses () {
+    const map = new Map() // address → { count, latest }
+    for await (const [key, value] of this._sessions.iterator({
+      gte: 's!', lt: 's!~'
+    })) {
+      const addr = key.split('!')[1]
+      const entry = map.get(addr)
+      if (!entry) {
+        map.set(addr, { count: 1, latest: value.timestamp || '' })
+      } else {
+        entry.count++
+        if (value.timestamp > entry.latest) entry.latest = value.timestamp
+      }
+    }
+    return [...map].map(([address, { count, latest }]) => ({ address, count, latest }))
+  }
+
   // ── Metadata ─────────────────────────────────────────────
 
   /**

package/lib/session-relay.js

@@ -0,0 +1,179 @@
+import { EventEmitter } from 'node:events'
+
+/**
+ * SessionRelay — syncs Indelible session metadata between peers.
+ *
+ * Uses the PeerManager's message infrastructure to:
+ * - Announce session counts per address to new peers (triggered by hello)
+ * - Request missing sessions from peers that have more
+ * - Respond to session requests with batches
+ * - Re-announce to all peers after syncing new sessions
+ *
+ * Message types:
+ *   sessions_announce — { type, summaries: [{ address, count, latest }] }
+ *   sessions_request  — { type, address, beforeTimestamp, limit }
+ *   sessions          — { type, address, sessions: [...], hasMore }
+ *
+ * Events:
+ *   'sessions:sync'  — { pubkeyHex, address, added, total }
+ */
+export class SessionRelay extends EventEmitter {
+  /**
+   * @param {import('./peer-manager.js').PeerManager} peerManager
+   * @param {import('./persistent-store.js').PersistentStore} store
+   * @param {object} [opts]
+   * @param {number} [opts.maxBatch=500] — Max sessions per response
+   */
+  constructor (peerManager, store, opts = {}) {
+    super()
+    this.peerManager = peerManager
+    this.store = store
+    this._maxBatch = opts.maxBatch || 500
+    this._syncing = new Set() // track in-progress syncs: "pubkey:address"
+
+    this.peerManager.on('peer:message', ({ pubkeyHex, message }) => {
+      this._handleMessage(pubkeyHex, message)
+    })
+  }
+
+  /** @private */
+  async _announceToPeer (pubkeyHex) {
+    const conn = this.peerManager.peers.get(pubkeyHex)
+    if (!conn) return
+    try {
+      const summaries = await this.store.getSessionAddresses()
+      conn.send({ type: 'sessions_announce', summaries })
+    } catch (err) {
+      // Store not ready yet — skip announce
+    }
+  }
+
+  /** @private */
+  _handleMessage (pubkeyHex, message) {
+    switch (message.type) {
+      case 'hello':
+        this._announceToPeer(pubkeyHex)
+        break
+      case 'sessions_announce':
+        this._onSessionsAnnounce(pubkeyHex, message)
+        break
+      case 'sessions_request':
+        this._onSessionsRequest(pubkeyHex, message)
+        break
+      case 'sessions':
+        this._onSessions(pubkeyHex, message)
+        break
+    }
+  }
+
+  /** @private */
+  async _onSessionsAnnounce (pubkeyHex, msg) {
+    if (!Array.isArray(msg.summaries)) return
+    const ourSummaries = await this.store.getSessionAddresses()
+    const ourMap = new Map(ourSummaries.map(s => [s.address, s]))
+
+    for (const remote of msg.summaries) {
+      const local = ourMap.get(remote.address)
+      const ourCount = local ? local.count : 0
+
+      if (remote.count > ourCount) {
+        // Peer has more sessions for this address — request what we're missing
+        const syncKey = `${pubkeyHex}:${remote.address}`
+        if (this._syncing.has(syncKey)) continue // already syncing
+        this._syncing.add(syncKey)
+
+        const conn = this.peerManager.peers.get(pubkeyHex)
+        if (conn) {
+          conn.send({
+            type: 'sessions_request',
+            address: remote.address,
+            beforeTimestamp: '',
+            limit: this._maxBatch
+          })
+        }
+      } else if (remote.count < ourCount) {
+        // We have more — announce back so they can sync from us
+        this._announceToPeer(pubkeyHex)
+        break // one announce covers all addresses
+      }
+    }
+  }
+
+  /** @private */
+  async _onSessionsRequest (pubkeyHex, msg) {
+    if (!msg.address) return
+    const limit = Math.min(msg.limit || this._maxBatch, this._maxBatch)
+    const allSessions = await this.store.getSessions(msg.address, 5000)
+
+    // Filter: getSessions returns newest-first, so paginate by "before" timestamp
+    let sessions = allSessions
+    if (msg.beforeTimestamp) {
+      sessions = allSessions.filter(s => s.timestamp < msg.beforeTimestamp)
+    }
+
+    // Paginate
+    const batch = sessions.slice(0, limit)
+    const hasMore = sessions.length > limit
+
+    const conn = this.peerManager.peers.get(pubkeyHex)
+    if (conn) {
+      conn.send({
+        type: 'sessions',
+        address: msg.address,
+        sessions: batch,
+        hasMore
+      })
+    }
+  }
+
+  /** @private */
+  async _onSessions (pubkeyHex, msg) {
+    if (!msg.address || !Array.isArray(msg.sessions)) return
+    const syncKey = `${pubkeyHex}:${msg.address}`
+
+    // Deduplicate: only import sessions we don't already have
+    const existing = await this.store.getSessions(msg.address, 5000)
+    const existingTxIds = new Set(existing.map(s => s.txId))
+    const newSessions = msg.sessions.filter(s => !existingTxIds.has(s.txId))
+
+    let added = 0
+    if (newSessions.length > 0) {
+      added = await this.store.putSessionsBatch(newSessions)
+    }
+
+    if (added > 0) {
+      const total = existing.length + added
+      this.emit('sessions:sync', {
+        pubkeyHex,
+        address: msg.address,
+        added,
+        total
+      })
+
+      // Re-announce to all peers except the source
+      const summaries = await this.store.getSessionAddresses()
+      this.peerManager.broadcast({
+        type: 'sessions_announce',
+        summaries
+      }, pubkeyHex)
+    }
+
+    // If peer has more, request next batch (oldest from current batch = cursor)
+    if (msg.hasMore && msg.sessions.length > 0) {
+      const oldest = msg.sessions.reduce((min, s) =>
+        !min || s.timestamp < min ? s.timestamp : min, ''
+      )
+      const conn = this.peerManager.peers.get(pubkeyHex)
+      if (conn) {
+        conn.send({
+          type: 'sessions_request',
+          address: msg.address,
+          beforeTimestamp: oldest,
+          limit: this._maxBatch
+        })
+      }
+    } else {
+      this._syncing.delete(syncKey)
+    }
+  }
+}

package/lib/status-server.js

@@ -415,7 +415,7 @@ export class StatusServer {
                 isP2PKH: o.isP2PKH,
                 hash160: o.hash160,
                 type: o.type,
-                data: o.data,
+                data: o.data ? o.data.map(d => d.length > 128 ? d.slice(0, 128) + '...' : d) : o.data,
                 protocol: o.protocol,
                 parsed: o.parsed
               }))
@@ -793,7 +793,7 @@ export class StatusServer {
       return
     }
 
-    // GET /address/:addr/history — transaction history for an address (via WoC)
+    // GET /address/:addr/history — local sessions first, WoC fallback
     const addrMatch = path.match(/^\/address\/([13][a-km-zA-HJ-NP-Z1-9]{24,33})\/history$/)
     if (req.method === 'GET' && addrMatch) {
       const addr = addrMatch[1]
@@ -804,11 +804,30 @@ export class StatusServer {
         return
       }
       try {
-        const resp = await fetch('https://api.whatsonchain.com/v1/bsv/main/address/' + addr + '/history', { signal: AbortSignal.timeout(10000) })
-        if (!resp.ok) throw new Error('WoC returned ' + resp.status)
-        const history = await resp.json()
+        // Local sessions from LevelDB (source of truth)
+        const localSessions = await this._store.getSessions(addr, 2000)
+        const seen = new Set(localSessions.map(s => s.txId))
+        const history = localSessions.map(s => ({ tx_hash: s.txId, height: -1 }))
+
+        // WoC fallback for older txs + block heights
+        try {
+          const resp = await fetch('https://api.whatsonchain.com/v1/bsv/main/address/' + addr + '/confirmed/history', { signal: AbortSignal.timeout(10000) })
+          if (resp.ok) {
+            const data = await resp.json()
+            const wocHistory = Array.isArray(data) ? data : (data.result || [])
+            for (const entry of wocHistory) {
+              if (seen.has(entry.tx_hash)) {
+                const match = history.find(h => h.tx_hash === entry.tx_hash)
+                if (match && entry.height > 0) match.height = entry.height
+              } else {
+                history.push(entry)
+                seen.add(entry.tx_hash)
+              }
+            }
+          }
+        } catch {} // WoC failure doesn't block response
+
         this._addressCache.set(addr, { data: history, time: Date.now() })
-        // Prune cache if it grows too large
         if (this._addressCache.size > 100) {
           const oldest = this._addressCache.keys().next().value
           this._addressCache.delete(oldest)
@@ -816,7 +835,7 @@ export class StatusServer {
         res.writeHead(200, { 'Content-Type': 'application/json' })
         res.end(JSON.stringify({ address: addr, history, cached: false }))
       } catch (err) {
-        res.writeHead(502, { 'Content-Type': 'application/json' })
+        res.writeHead(500, { 'Content-Type': 'application/json' })
         res.end(JSON.stringify({ error: 'Failed to fetch address history: ' + err.message }))
       }
       return
@@ -1092,6 +1111,264 @@ export class StatusServer {
       return
     }
 
+    // GET /health — MCP/CLI compatibility
+    if (req.method === 'GET' && path === '/health') {
+      const status = await this.getStatus()
+      res.writeHead(200, { 'Content-Type': 'application/json' })
+      res.end(JSON.stringify({
+        status: 'ok',
+        headerHeight: status.headers.bestHeight,
+        connectedPeers: status.bsvNode.peers,
+        synced: status.headers.bestHeight > 0
+      }))
+      return
+    }
+
+    // GET /api/address/:addr/unspent — UTXO lookup via GorillaPool ordinals
+    const unspentMatch = path.match(/^\/api\/address\/([13][a-km-zA-HJ-NP-Z1-9]{24,33})\/unspent$/)
+    if (req.method === 'GET' && unspentMatch) {
+      const addr = unspentMatch[1]
+      try {
+        const resp = await fetch(
+          `https://ordinals.gorillapool.io/api/txos/address/${addr}/unspent`,
+          { signal: AbortSignal.timeout(10000) }
+        )
+        if (!resp.ok) throw new Error(`GorillaPool ${resp.status}`)
+        const data = await resp.json()
+        // Transform GorillaPool format → WoC format
+        const utxos = data.map(u => ({
+          tx_hash: u.txid,
+          tx_pos: u.vout,
+          value: u.satoshis
+        }))
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify(utxos))
+      } catch (err) {
+        res.writeHead(502, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'UTXO fetch failed: ' + err.message }))
+      }
+      return
+    }
+
+    // GET /api/tx/:txid/hex — raw transaction hex
+    const hexMatch = path.match(/^\/api\/tx\/([0-9a-f]{64})\/hex$/)
+    if (req.method === 'GET' && hexMatch) {
+      const txid = hexMatch[1]
+      let rawHex = null
+      // Mempool first
+      if (this._txRelay && this._txRelay.mempool.has(txid)) {
+        rawHex = this._txRelay.mempool.get(txid)
+      }
+      // P2P second
+      if (!rawHex && this._bsvNodeClient) {
+        try {
+          const result = await this._bsvNodeClient.getTx(txid, 5000)
+          rawHex = result.rawHex
+        } catch {}
+      }
+      // WoC fallback
+      if (!rawHex) {
+        try {
+          const resp = await fetch(`https://api.whatsonchain.com/v1/bsv/main/tx/${txid}/hex`)
+          if (resp.ok) rawHex = await resp.text()
+        } catch {}
+      }
+      if (rawHex) {
+        res.writeHead(200, { 'Content-Type': 'text/plain' })
+        res.end(rawHex)
+      } else {
+        res.writeHead(404, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'tx not found' }))
+      }
+      return
+    }
+
+    // POST /api/broadcast — MCP/CLI compatibility (accepts { rawTx } key)
+    if (req.method === 'POST' && path === '/api/broadcast') {
+      const body = await this._readBody(req)
+      const rawHex = body.rawTx || body.rawHex
+      if (!rawHex || typeof rawHex !== 'string') {
+        res.writeHead(400, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'rawTx or rawHex required' }))
+        return
+      }
+      if (!/^[0-9a-fA-F]+$/.test(rawHex) || rawHex.length % 2 !== 0) {
+        res.writeHead(400, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'Invalid hex string' }))
+        return
+      }
+      const buf = Buffer.from(rawHex, 'hex')
+      const hash = createHash('sha256').update(createHash('sha256').update(buf).digest()).digest()
+      const txid = Buffer.from(hash).reverse().toString('hex')
+      const sent = this._txRelay ? this._txRelay.broadcastTx(txid, rawHex) : 0
+      res.writeHead(200, { 'Content-Type': 'application/json' })
+      res.end(JSON.stringify({ txid, peers: sent }))
+      return
+    }
+
+    // GET /api/address/:addr/history — local sessions first, WoC fallback (web app compat)
+    const apiHistMatch = path.match(/^\/api\/address\/([13][a-km-zA-HJ-NP-Z1-9]{24,33})\/history$/)
+    if (req.method === 'GET' && apiHistMatch) {
+      const addr = apiHistMatch[1]
+      const cached = this._addressCache.get(addr)
+      if (cached && Date.now() - cached.time < 60000) {
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify(cached.data))
+        return
+      }
+      try {
+        // Local sessions from LevelDB (source of truth)
+        const localSessions = await this._store.getSessions(addr, 2000)
+        const seen = new Set(localSessions.map(s => s.txId))
+        const history = localSessions.map(s => ({ tx_hash: s.txId, height: -1 }))
+
+        // WoC fallback for older txs + block heights
+        try {
+          const resp = await fetch('https://api.whatsonchain.com/v1/bsv/main/address/' + addr + '/confirmed/history', { signal: AbortSignal.timeout(10000) })
+          if (resp.ok) {
+            const data = await resp.json()
+            const wocHistory = Array.isArray(data) ? data : (data.result || [])
+            for (const entry of wocHistory) {
+              if (seen.has(entry.tx_hash)) {
+                const match = history.find(h => h.tx_hash === entry.tx_hash)
+                if (match && entry.height > 0) match.height = entry.height
+              } else {
+                history.push(entry)
+                seen.add(entry.tx_hash)
+              }
+            }
+          }
+        } catch {} // WoC failure doesn't block response
+
+        this._addressCache.set(addr, { data: history, time: Date.now() })
+        if (this._addressCache.size > 100) {
+          const oldest = this._addressCache.keys().next().value
+          this._addressCache.delete(oldest)
+        }
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify(history))
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'Failed to fetch address history: ' + err.message }))
+      }
+      return
+    }
+
+    // GET /api/address/:addr/balance — sum UTXOs from GorillaPool (web app compat)
+    const apiBalMatch = path.match(/^\/api\/address\/([13][a-km-zA-HJ-NP-Z1-9]{24,33})\/balance$/)
+    if (req.method === 'GET' && apiBalMatch) {
+      const addr = apiBalMatch[1]
+      try {
+        const resp = await fetch(
+          `https://ordinals.gorillapool.io/api/txos/address/${addr}/unspent`,
+          { signal: AbortSignal.timeout(10000) }
+        )
+        if (!resp.ok) throw new Error(`GorillaPool ${resp.status}`)
+        const data = await resp.json()
+        const confirmed = data.reduce((sum, u) => sum + (u.satoshis || 0), 0)
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ confirmed, unconfirmed: 0 }))
+      } catch (err) {
+        res.writeHead(502, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'Balance fetch failed: ' + err.message }))
+      }
+      return
+    }
+
+    // GET /api/tx/:txid — full tx JSON via WoC (web app compat)
+    const apiTxMatch = path.match(/^\/api\/tx\/([0-9a-f]{64})$/)
+    if (req.method === 'GET' && apiTxMatch) {
+      const txid = apiTxMatch[1]
+      try {
+        const resp = await fetch(`https://api.whatsonchain.com/v1/bsv/main/tx/${txid}`, { signal: AbortSignal.timeout(10000) })
+        if (!resp.ok) throw new Error('WoC returned ' + resp.status)
+        const data = await resp.json()
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify(data))
+      } catch (err) {
+        res.writeHead(502, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'tx fetch failed: ' + err.message }))
+      }
+      return
+    }
+
+    // GET /api/mesh/status — alias for /status (web app compat)
+    if (req.method === 'GET' && path === '/api/mesh/status') {
+      const status = await this.getStatus({ authenticated })
+      res.writeHead(200, { 'Content-Type': 'application/json' })
+      res.end(JSON.stringify(status))
+      return
+    }
+
+    // ── Session Storage (Indelible) ─────────────────────────
+
+    // POST /api/sessions/index — MCP/CLI pushes session metadata after broadcast (open, like /api/broadcast)
+    if (req.method === 'POST' && path === '/api/sessions/index') {
+      try {
+        const body = await this._readBody(req)
+        if (!body.txId || !body.address) {
+          res.writeHead(400, { 'Content-Type': 'application/json' })
+          res.end(JSON.stringify({ error: 'txId and address required' }))
+          return
+        }
+        const record = await this._store.putSession(body)
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ success: true, txId: record.txId }))
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: err.message }))
+      }
+      return
+    }
+
+    // GET /api/sessions/{addr} — read session list for an address
+    if (req.method === 'GET' && path.startsWith('/api/sessions/')) {
+      const addr = path.slice('/api/sessions/'.length)
+      if (!addr) {
+        res.writeHead(400, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'address required' }))
+        return
+      }
+      try {
+        const limit = Math.min(parseInt(url.searchParams.get('limit') || '200', 10), 2000)
+        const sessions = await this._store.getSessions(addr, limit)
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ sessions, count: sessions.length }))
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: err.message }))
+      }
+      return
+    }
+
+    // POST /api/sessions/backfill — bulk import for migration
+    if (req.method === 'POST' && path === '/api/sessions/backfill') {
+      if (!authenticated) {
+        res.writeHead(401, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: 'Unauthorized. Provide statusSecret via ?auth= or Authorization header.' }))
+        return
+      }
+      try {
+        const body = await this._readBody(req)
+        const sessions = (body.sessions || []).map(s => ({
+          txId: s.txId, address: body.address || s.address,
+          session_id: s.session_id || s.sessionId || null,
+          prev_session_id: s.prev_session_id || s.prevTxId || null,
+          summary: s.summary || '',
+          message_count: s.message_count || s.messageCount || 0,
+          save_type: s.save_type || s.saveType || 'full',
+          timestamp: s.timestamp || null
+        }))
+        const imported = await this._store.putSessionsBatch(sessions)
+        res.writeHead(200, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ success: true, imported }))
+      } catch (err) {
+        res.writeHead(500, { 'Content-Type': 'application/json' })
+        res.end(JSON.stringify({ error: err.message }))
+      }
+      return
+    }
+
     res.writeHead(404)
     res.end('Not Found')
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@relay-federation/bridge",
-  "version": "0.3.11",
+  "version": "0.3.13",
   "description": "Bridge server — WebSocket peering, header sync, tx relay, CLI",
   "type": "module",
   "bin": {