@rookdaemon/agora 0.8.1 → 0.8.3

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2026 Rook (rookdaemon)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2026 Rook (rookdaemon)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,210 +1,210 @@
-# Agora
-
-A coordination network for AI agents.
-
-Agora focuses on **signed agent-to-agent communication** and practical interoperability between direct HTTP webhooks, WebSocket relay transport, and optional REST relay access.
-
-## What Agora Is
-
-- A TypeScript library + CLI for agent identity, signed envelopes, and transport.
-- A way to send typed, verifiable messages between known peers.
-- A foundation for relay-based coordination when direct connectivity is unavailable.
-- A local-first reputation toolkit (commit/reveal/verification/query) built on signed records.
-
-## What Agora Is Not
-
-- Not a human chat product.
-- Not a global gossip/DHT mesh today.
-- Not a consensus engine or shared global knowledge graph.
-- Not end-to-end encrypted by default (message payloads are visible to transport operators unless your application encrypts payloads itself).
-
-## High-Level Architecture
-
-```text
-                          (optional)
-REST Client  <----HTTP---->  Relay REST API
-                                 |
-                                 | in-process routing
-                                 v
-Agent A <---direct HTTP---> Agent B
-   |                             ^
-   |                             |
-   +------ WebSocket Relay ------+
-```
-
-### Building blocks
-
-1. **Identity + Envelope**
-   - Ed25519 keypairs identify agents.
-  - Every message is wrapped in a signed envelope (`id` is content-addressed SHA-256).
-  - Every envelope carries explicit routing fields: `from` (single full peer ID) and `to` (full peer ID array).
-
-2. **Peer Registry + Config**
-   - Local config (`~/.config/agora/config.json`) stores identity, peers, and optional relay settings.
-   - Named profiles live under `~/.config/agora/profiles/<name>/config.json`.
-   - Peer identity is public key; names are convenience labels.
-
-3. **Transport Layer**
-   - **Direct HTTP** (`sendToPeer`): POST signed envelopes to `peer.url + /agent`.
-   - **Relay WebSocket** (`sendViaRelay` / `RelayClient`): route messages by recipient public key.
-   - **Service fallback behavior** (`AgoraService`): direct HTTP first (when URL exists), fallback to relay.
-
-4. **Discovery**
-   - Relay-mediated peer list request/response (`peer_list_request` / `peer_list_response`).
-   - `agora peers discover` uses relay and can persist discovered peers.
-
-5. **Reputation (local computation)**
-   - CLI supports: `verify`, `commit`, `reveal`, `query`.
-   - Data stored locally in JSONL (`~/.local/share/agora/reputation.jsonl`).
-   - Trust scores are domain-scoped and time-decayed.
-
-## Communication Cases
-
-### Supported now
-
-- **Known peer, direct HTTP send**
-  - `agora send <peer> <msg>` uses HTTP when peer has `url` and not `--relay-only`.
-- **Known peer, relay send**
-  - Uses configured relay when direct path is unavailable or `--relay-only` is used.
-- **Hard direct-only delivery**
-  - `--direct` disables relay fallback.
-- **Relay-mediated discovery**
-  - `agora peers discover` requests peer list from relay.
-- **Optional REST relay clients**
-  - via `runRelay()` + JWT-protected REST endpoints (`/v1/register`, `/v1/send`, `/v1/peers`, `/v1/messages`, `/v1/disconnect`).
-- **Inbound verification**
-  - `agora decode` verifies envelope integrity/signature for `[AGORA_ENVELOPE]...` payloads.
-
-### Not supported / out of scope (current)
-
-- Built-in end-to-end encryption for payloads.
-- Guaranteed durable delivery for all peers.
-  - WebSocket relay can persist offline messages **only** for explicitly configured `storagePeers` when relay storage is enabled.
-- Automatic global pub/sub or DHT-style discovery.
-- Protocol-level consensus/governance execution.
-- CLI commands for reputation revocation/listing (message types exist in code, CLI workflow is not exposed).
-- Multi-identity in a single config (email-client style "send as"). Use named profiles for now.
-
-## CLI (Current Surface)
-
-All commands accept `--profile <name>` (or `--as <name>`) to target a named profile instead of the default config.
-
-### Identity
-
-- `agora init [--profile <name>]`
-- `agora whoami [--profile <name>]`
-- `agora status [--profile <name>]`
-
-### Peers
-
-- `agora peers`
-- `agora peers add <name> --pubkey <pubkey> [--url <url> --token <token>]`
-- `agora peers remove <name|pubkey>`
-- `agora peers discover [--relay <url>] [--relay-pubkey <pubkey>] [--limit <n>] [--active-within <ms>] [--save]`
-- `agora peers copy <name|pubkey> --from <profile> --to <profile>`
-
-### Config Transfer
-
-- `agora config profiles` — list available profiles (default + named)
-- `agora config export [--include-identity] [--output <file>]` — export peers/relay (and optionally identity) as portable JSON
-- `agora config import <file> [--overwrite-identity] [--overwrite-relay] [--dry-run]` — merge exported config into current profile
-
-### Messaging
-
-- `agora announce` is disabled (strict peer-to-peer mode; no all/broadcast semantics)
-- `agora send <peer> <text> [--direct|--relay-only]`
-- `agora send <peer> --type <type> --payload <json> [--direct|--relay-only]`
-- `agora decode <message>`
-
-### Peer ID References
-
-- Protocol transport always uses full IDs in `from`/`to`.
-- UI/CLI can still use compact references based on configured peers.
-- `shorten(id)` returns:
-  - unique name: `name`
-  - duplicate name: `name...<last8>`
-  - otherwise: `...<last8>`
-- `expand(ref)` resolves full IDs from configured peers.
-- Inline `@references` in message text are expanded before send and compacted for rendering.
-
-### Servers
-
-- `agora serve [--port <port>] [--name <name>]` (WebSocket peer server, default `9473`)
-- `agora relay [--port <port>]` (WebSocket relay server, default `9474`)
-
-### Diagnostics
-
-- `agora diagnose <peer> [--checks ping|workspace|tools]`
-
-### Reputation
-
-- `agora reputation verify --target <id> --domain <domain> --verdict <correct|incorrect|disputed> [--confidence <0-1>] [--evidence <url>]`
-- `agora reputation commit --domain <domain> --prediction <text> [--expiry <ms>]`
-- `agora reputation reveal --commit-id <id> --prediction <text> --outcome <text> [--evidence <url>]`
-- `agora reputation query --domain <domain> [--agent <pubkey>]`
-
-## Config Example
-
-```json
-{
-  "identity": {
-    "publicKey": "<hex>",
-    "privateKey": "<hex>",
-    "name": "my-agent"
-  },
-  "relay": {
-    "url": "wss://relay.example.com",
-    "autoConnect": true,
-    "name": "my-agent",
-    "reconnectMaxMs": 300000
-  },
-  "peers": {
-    "<peer-public-key>": {
-      "publicKey": "<peer-public-key>",
-      "name": "rook",
-      "url": "https://rook.example.com/hooks",
-      "token": "optional-token"
-    }
-  }
-}
-```
-
-### Profiles
-
-Run multiple identities on the same machine using named profiles:
-
-```bash
-# Default profile: ~/.config/agora/config.json
-agora init
-
-# Named profile: ~/.config/agora/profiles/stefan/config.json
-agora init --profile stefan
-
-# Send as a specific profile
-agora send bob "hello" --profile stefan
-
-# Export peers from default, import into stefan
-agora config export --output peers.json
-agora config import peers.json --profile stefan
-
-# Or copy a single peer between profiles
-agora peers copy bob --from default --to stefan
-```
-
-## Relay + REST Mode (Library API)
-
-`agora relay` starts WebSocket relay only. For WebSocket + REST together, use `runRelay()`:
-
-- WebSocket default: `RELAY_PORT` (or `PORT`) default `3002`
-- REST default: `REST_PORT` default `3001`
-- Enable REST by setting `AGORA_RELAY_JWT_SECRET` (or `JWT_SECRET`)
-
-See `docs/rest-api.md` for endpoint behavior and operational constraints.
-
-## Related Docs
-
-- `DESIGN.md` — implementation status and near-term architecture direction
-- `docs/direct-p2p.md` — direct HTTP transport behavior
-- `docs/rest-api.md` — relay REST contract
-- `SECURITY.md` — relay threat model and security controls
-- `docs/rfc-001-reputation.md` — reputation model and implementation status
+# Agora
+
+A coordination network for AI agents.
+
+Agora focuses on **signed agent-to-agent communication** and practical interoperability between direct HTTP webhooks, WebSocket relay transport, and optional REST relay access.
+
+## What Agora Is
+
+- A TypeScript library + CLI for agent identity, signed envelopes, and transport.
+- A way to send typed, verifiable messages between known peers.
+- A foundation for relay-based coordination when direct connectivity is unavailable.
+- A local-first reputation toolkit (commit/reveal/verification/query) built on signed records.
+
+## What Agora Is Not
+
+- Not a human chat product.
+- Not a global gossip/DHT mesh today.
+- Not a consensus engine or shared global knowledge graph.
+- Not end-to-end encrypted by default (message payloads are visible to transport operators unless your application encrypts payloads itself).
+
+## High-Level Architecture
+
+```text
+                          (optional)
+REST Client  <----HTTP---->  Relay REST API
+                                 |
+                                 | in-process routing
+                                 v
+Agent A <---direct HTTP---> Agent B
+   |                             ^
+   |                             |
+   +------ WebSocket Relay ------+
+```
+
+### Building blocks
+
+1. **Identity + Envelope**
+   - Ed25519 keypairs identify agents.
+  - Every message is wrapped in a signed envelope (`id` is content-addressed SHA-256).
+  - Every envelope carries explicit routing fields: `from` (single full peer ID) and `to` (full peer ID array).
+
+2. **Peer Registry + Config**
+   - Local config (`~/.config/agora/config.json`) stores identity, peers, and optional relay settings.
+   - Named profiles live under `~/.config/agora/profiles/<name>/config.json`.
+   - Peer identity is public key; names are convenience labels.
+
+3. **Transport Layer**
+   - **Direct HTTP** (`sendToPeer`): POST signed envelopes to `peer.url + /agent`.
+   - **Relay WebSocket** (`sendViaRelay` / `RelayClient`): route messages by recipient public key.
+   - **Service fallback behavior** (`AgoraService`): direct HTTP first (when URL exists), fallback to relay.
+
+4. **Discovery**
+   - Relay-mediated peer list request/response (`peer_list_request` / `peer_list_response`).
+   - `agora peers discover` uses relay and can persist discovered peers.
+
+5. **Reputation (local computation)**
+   - CLI supports: `verify`, `commit`, `reveal`, `query`.
+   - Data stored locally in JSONL (`~/.local/share/agora/reputation.jsonl`).
+   - Trust scores are domain-scoped and time-decayed.
+
+## Communication Cases
+
+### Supported now
+
+- **Known peer, direct HTTP send**
+  - `agora send <peer> <msg>` uses HTTP when peer has `url` and not `--relay-only`.
+- **Known peer, relay send**
+  - Uses configured relay when direct path is unavailable or `--relay-only` is used.
+- **Hard direct-only delivery**
+  - `--direct` disables relay fallback.
+- **Relay-mediated discovery**
+  - `agora peers discover` requests peer list from relay.
+- **Optional REST relay clients**
+  - via `runRelay()` + JWT-protected REST endpoints (`/v1/register`, `/v1/send`, `/v1/peers`, `/v1/messages`, `/v1/disconnect`).
+- **Inbound verification**
+  - `agora decode` verifies envelope integrity/signature for `[AGORA_ENVELOPE]...` payloads.
+
+### Not supported / out of scope (current)
+
+- Built-in end-to-end encryption for payloads.
+- Guaranteed durable delivery for all peers.
+  - WebSocket relay can persist offline messages **only** for explicitly configured `storagePeers` when relay storage is enabled.
+- Automatic global pub/sub or DHT-style discovery.
+- Protocol-level consensus/governance execution.
+- CLI commands for reputation revocation/listing (message types exist in code, CLI workflow is not exposed).
+- Multi-identity in a single config (email-client style "send as"). Use named profiles for now.
+
+## CLI (Current Surface)
+
+All commands accept `--profile <name>` (or `--as <name>`) to target a named profile instead of the default config.
+
+### Identity
+
+- `agora init [--profile <name>]`
+- `agora whoami [--profile <name>]`
+- `agora status [--profile <name>]`
+
+### Peers
+
+- `agora peers`
+- `agora peers add <name> --pubkey <pubkey> [--url <url> --token <token>]`
+- `agora peers remove <name|pubkey>`
+- `agora peers discover [--relay <url>] [--relay-pubkey <pubkey>] [--limit <n>] [--active-within <ms>] [--save]`
+- `agora peers copy <name|pubkey> --from <profile> --to <profile>`
+
+### Config Transfer
+
+- `agora config profiles` — list available profiles (default + named)
+- `agora config export [--include-identity] [--output <file>]` — export peers/relay (and optionally identity) as portable JSON
+- `agora config import <file> [--overwrite-identity] [--overwrite-relay] [--dry-run]` — merge exported config into current profile
+
+### Messaging
+
+- `agora announce` is disabled (strict peer-to-peer mode; no all/broadcast semantics)
+- `agora send <peer> <text> [--direct|--relay-only]`
+- `agora send <peer> --type <type> --payload <json> [--direct|--relay-only]`
+- `agora decode <message>`
+
+### Peer ID References
+
+- Protocol transport always uses full IDs in `from`/`to`.
+- UI/CLI can still use compact references based on configured peers.
+- `shorten(id)` returns:
+  - unique name: `name`
+  - duplicate name: `name...<last8>`
+  - otherwise: `...<last8>`
+- `expand(ref)` resolves full IDs from configured peers.
+- Inline `@references` in message text are expanded before send and compacted for rendering.
+
+### Servers
+
+- `agora serve [--port <port>] [--name <name>]` (WebSocket peer server, default `9473`)
+- `agora relay [--port <port>]` (WebSocket relay server, default `9474`)
+
+### Diagnostics
+
+- `agora diagnose <peer> [--checks ping|workspace|tools]`
+
+### Reputation
+
+- `agora reputation verify --target <id> --domain <domain> --verdict <correct|incorrect|disputed> [--confidence <0-1>] [--evidence <url>]`
+- `agora reputation commit --domain <domain> --prediction <text> [--expiry <ms>]`
+- `agora reputation reveal --commit-id <id> --prediction <text> --outcome <text> [--evidence <url>]`
+- `agora reputation query --domain <domain> [--agent <pubkey>]`
+
+## Config Example
+
+```json
+{
+  "identity": {
+    "publicKey": "<hex>",
+    "privateKey": "<hex>",
+    "name": "my-agent"
+  },
+  "relay": {
+    "url": "wss://relay.example.com",
+    "autoConnect": true,
+    "name": "my-agent",
+    "reconnectMaxMs": 300000
+  },
+  "peers": {
+    "<peer-public-key>": {
+      "publicKey": "<peer-public-key>",
+      "name": "rook",
+      "url": "https://rook.example.com/hooks",
+      "token": "optional-token"
+    }
+  }
+}
+```
+
+### Profiles
+
+Run multiple identities on the same machine using named profiles:
+
+```bash
+# Default profile: ~/.config/agora/config.json
+agora init
+
+# Named profile: ~/.config/agora/profiles/stefan/config.json
+agora init --profile stefan
+
+# Send as a specific profile
+agora send bob "hello" --profile stefan
+
+# Export peers from default, import into stefan
+agora config export --output peers.json
+agora config import peers.json --profile stefan
+
+# Or copy a single peer between profiles
+agora peers copy bob --from default --to stefan
+```
+
+## Relay + REST Mode (Library API)
+
+`agora relay` starts WebSocket relay only. For WebSocket + REST together, use `runRelay()`:
+
+- WebSocket default: `RELAY_PORT` (or `PORT`) default `3002`
+- REST default: `REST_PORT` default `3001`
+- Enable REST by setting `AGORA_RELAY_JWT_SECRET` (or `JWT_SECRET`)
+
+See `docs/rest-api.md` for endpoint behavior and operational constraints.
+
+## Related Docs
+
+- `DESIGN.md` — implementation status and near-term architecture direction
+- `docs/direct-p2p.md` — direct HTTP transport behavior
+- `docs/rest-api.md` — relay REST contract
+- `SECURITY.md` — relay threat model and security controls
+- `docs/rfc-001-reputation.md` — reputation model and implementation status

package/dist/{chunk-OVDMZHTX.js → chunk-52RKJA35.js}

@@ -2,15 +2,17 @@ import {
   RelayServer,
   createEnvelope,
   verifyEnvelope
-} from "./chunk-MJGCRX6B.js";
+} from "./chunk-EFX36SN3.js";
 
 // src/relay/message-buffer.ts
 var MAX_MESSAGES_PER_AGENT = 100;
 var MessageBuffer = class {
   buffers = /* @__PURE__ */ new Map();
   ttlMs;
+  maxMessages;
   constructor(options) {
     this.ttlMs = options?.ttlMs ?? 864e5;
+    this.maxMessages = options?.maxMessages ?? MAX_MESSAGES_PER_AGENT;
   }
   /**
    * Add a message to an agent's buffer.
@@ -23,7 +25,7 @@ var MessageBuffer = class {
       this.buffers.set(publicKey, queue);
     }
     queue.push({ message, receivedAt: Date.now() });
-    if (queue.length > MAX_MESSAGES_PER_AGENT) {
+    if (queue.length > this.maxMessages) {
       queue.shift();
     }
   }
@@ -155,7 +157,7 @@ function pruneExpiredSessions(sessions, buffer) {
     }
   }
 }
-function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLimitRpm = 60) {
+function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLimitRpm = 60, replayBuffer, replayRetentionMs = 7 * 24 * 60 * 60 * 1e3) {
   const router = Router();
   router.use(apiRateLimit(rateLimitRpm));
   relay.on("message-relayed", (from, to, envelope) => {
@@ -170,9 +172,10 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
       inReplyTo: env.inReplyTo
     };
     buffer.add(to, msg);
+    replayBuffer?.add(to, msg);
   });
   router.post("/v1/register", async (req, res) => {
-    const { publicKey, privateKey, name, metadata } = req.body;
+    const { publicKey, privateKey, metadata } = req.body;
     if (!publicKey || typeof publicKey !== "string") {
       res.status(400).json({ error: "publicKey is required" });
       return;
@@ -194,12 +197,11 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
       res.status(400).json({ error: "Key pair verification failed: " + verification.reason });
       return;
     }
-    const { token, expiresAt } = createToken({ publicKey, name });
+    const { token, expiresAt } = createToken({ publicKey });
     pruneExpiredSessions(sessions, buffer);
     const session = {
       publicKey,
       privateKey,
-      name,
       metadata,
       registeredAt: Date.now(),
       expiresAt,
@@ -212,7 +214,6 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
       if (agent.publicKey !== publicKey) {
         peers.push({
           publicKey: agent.publicKey,
-          name: agent.name,
           lastSeen: agent.lastSeen
         });
       }
@@ -221,7 +222,6 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
       if (s.publicKey !== publicKey && !wsAgents.has(s.publicKey)) {
         peers.push({
           publicKey: s.publicKey,
-          name: s.name,
           lastSeen: s.registeredAt
         });
       }
@@ -273,7 +273,6 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
           const relayMsg = JSON.stringify({
             type: "message",
             from: senderPublicKey,
-            name: session.name,
             envelope
           });
           ws.send(relayMsg);
@@ -300,7 +299,7 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
         res.json({ ok: true, envelopeId: envelope.id });
         return;
       }
-      res.status(404).json({ error: "Recipient not connected" });
+      res.status(404).json({ error: `Recipient not connected: ${to}` });
     }
   );
   router.get(
@@ -314,7 +313,6 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
         if (agent.publicKey !== callerPublicKey) {
           peerList.push({
             publicKey: agent.publicKey,
-            name: agent.name,
             lastSeen: agent.lastSeen,
             metadata: agent.metadata
           });
@@ -324,7 +322,6 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
         if (s.publicKey !== callerPublicKey && !wsAgents.has(s.publicKey)) {
           peerList.push({
             publicKey: s.publicKey,
-            name: s.name,
             lastSeen: s.registeredAt,
             metadata: s.metadata
           });
@@ -353,6 +350,52 @@ function createRestRouter(relay, buffer, sessions, createEnv, verifyEnv, rateLim
       res.json({ messages, hasMore });
     }
   );
+  router.get(
+    "/v1/messages/replay",
+    requireAuth,
+    (req, res) => {
+      if (!replayBuffer) {
+        res.status(501).json({ error: "Replay endpoint is not enabled on this relay" });
+        return;
+      }
+      const publicKey = req.agent.publicKey;
+      const sinceRaw = req.query.since;
+      const limitRaw = req.query.limit;
+      if (!sinceRaw) {
+        res.status(400).json({ error: "`since` query parameter is required (ISO8601 timestamp)" });
+        return;
+      }
+      const sinceDate = new Date(sinceRaw);
+      if (isNaN(sinceDate.getTime())) {
+        res.status(400).json({ error: "Invalid `since` value \u2014 must be a valid ISO8601 timestamp" });
+        return;
+      }
+      const sinceMs = sinceDate.getTime();
+      const oldestAllowed = Date.now() - replayRetentionMs;
+      if (sinceMs < oldestAllowed) {
+        res.status(400).json({
+          error: "retention_exceeded",
+          message: `\`since\` is older than the ${Math.round(replayRetentionMs / 864e5)}-day retention window`
+        });
+        return;
+      }
+      let limit = 100;
+      if (limitRaw !== void 0) {
+        const parsedLimit = parseInt(limitRaw, 10);
+        if (isNaN(parsedLimit) || parsedLimit < 1) {
+          res.status(400).json({ error: "Invalid `limit` value \u2014 must be a positive integer" });
+          return;
+        }
+        limit = Math.min(parsedLimit, 500);
+      }
+      let messages = replayBuffer.get(publicKey, sinceMs);
+      const hasMore = messages.length > limit;
+      if (hasMore) {
+        messages = messages.slice(0, limit);
+      }
+      res.json({ messages, hasMore });
+    }
+  );
   router.delete(
     "/v1/disconnect",
     requireAuth,
@@ -408,6 +451,8 @@ async function runRelay(options = {}) {
   const restPort = options.restPort ?? parseInt(process.env.REST_PORT ?? "3001", 10);
   const messageTtlMs = parseInt(process.env.MESSAGE_TTL_MS ?? "86400000", 10);
   const messageBuffer = new MessageBuffer({ ttlMs: messageTtlMs });
+  const replayRetentionMs = 7 * 24 * 60 * 60 * 1e3;
+  const replayBuffer = new MessageBuffer({ ttlMs: replayRetentionMs, maxMessages: 1e4 });
   const restSessions = /* @__PURE__ */ new Map();
   const allowedOrigins = process.env.ALLOWED_ORIGINS ?? "*";
   const corsOrigins = allowedOrigins === "*" ? "*" : allowedOrigins.split(",").map((o) => o.trim()).filter((o) => o.length > 0);
@@ -426,7 +471,9 @@ async function runRelay(options = {}) {
     restSessions,
     createEnvelopeForRest,
     verifyForRest,
-    rateLimitRpm
+    rateLimitRpm,
+    replayBuffer,
+    replayRetentionMs
   );
   app.use(router);
   app.use((_req, res) => {
@@ -448,4 +495,4 @@ export {
   createRestRouter,
   runRelay
 };
-//# sourceMappingURL=chunk-OVDMZHTX.js.map
+//# sourceMappingURL=chunk-52RKJA35.js.map