@signalapp/libsignal-client 0.82.1 → 0.83.0

package/Native.d.ts

@@ -270,13 +270,13 @@ export function ComparableBackup_GetComparableString(backup: Wrapper<ComparableB
 export function ComparableBackup_GetUnknownFields(backup: Wrapper<ComparableBackup>): string[];
 export function ComparableBackup_ReadUnencrypted(stream: InputStream, len: bigint, purpose: number): Promise<ComparableBackup>;
 export function ConnectionManager_clear_proxy(connectionManager: Wrapper<ConnectionManager>): void;
-export function ConnectionManager_new(environment: number, userAgent: string, remoteConfig: Wrapper<BridgedStringMap>): ConnectionManager;
+export function ConnectionManager_new(environment: number, userAgent: string, remoteConfig: Wrapper<BridgedStringMap>, buildVariant: number): ConnectionManager;
 export function ConnectionManager_on_network_change(connectionManager: Wrapper<ConnectionManager>): void;
 export function ConnectionManager_set_censorship_circumvention_enabled(connectionManager: Wrapper<ConnectionManager>, enabled: boolean): void;
 export function ConnectionManager_set_invalid_proxy(connectionManager: Wrapper<ConnectionManager>): void;
 export function ConnectionManager_set_ipv6_enabled(connectionManager: Wrapper<ConnectionManager>, ipv6Enabled: boolean): void;
 export function ConnectionManager_set_proxy(connectionManager: Wrapper<ConnectionManager>, proxy: Wrapper<ConnectionProxyConfig>): void;
-export function ConnectionManager_set_remote_config(connectionManager: Wrapper<ConnectionManager>, remoteConfig: Wrapper<BridgedStringMap>): void;
+export function ConnectionManager_set_remote_config(connectionManager: Wrapper<ConnectionManager>, remoteConfig: Wrapper<BridgedStringMap>, buildVariant: number): void;
 export function ConnectionProxyConfig_new(scheme: string, host: string, port: number, username: string | null, password: string | null): ConnectionProxyConfig;
 export function CreateCallLinkCredentialPresentation_CheckValidContents(presentationBytes: Uint8Array): void;
 export function CreateCallLinkCredentialPresentation_Verify(presentationBytes: Uint8Array, roomId: Uint8Array, now: Timestamp, serverParamsBytes: Uint8Array, callLinkParamsBytes: Uint8Array): void;
@@ -503,7 +503,7 @@ export function SealedSenderDecryptionResult_GetSenderE164(obj: Wrapper<SealedSe
 export function SealedSenderDecryptionResult_GetSenderUuid(obj: Wrapper<SealedSenderDecryptionResult>): string;
 export function SealedSenderDecryptionResult_Message(obj: Wrapper<SealedSenderDecryptionResult>): Uint8Array;
 export function SealedSenderMultiRecipientMessage_Parse(buffer: Uint8Array): SealedSenderMultiRecipientMessage;
-export function SealedSender_DecryptMessage(message: Uint8Array, trustRoot: Wrapper<PublicKey>, timestamp: Timestamp, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: boolean): Promise<SealedSenderDecryptionResult>;
+export function SealedSender_DecryptMessage(message: Uint8Array, trustRoot: Wrapper<PublicKey>, timestamp: Timestamp, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<SealedSenderDecryptionResult>;
 export function SealedSender_DecryptToUsmc(ctext: Uint8Array, identityStore: IdentityKeyStore): Promise<UnidentifiedSenderMessageContent>;
 export function SealedSender_Encrypt(destination: Wrapper<ProtocolAddress>, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientEncrypt(recipients: Wrapper<ProtocolAddress>[], recipientSessions: Wrapper<SessionRecord>[], excludedRecipients: Uint8Array, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
@@ -579,8 +579,8 @@ export function ServiceId_ParseFromServiceIdString(input: string): Uint8Array;
 export function ServiceId_ServiceIdBinary(value: Uint8Array): Uint8Array;
 export function ServiceId_ServiceIdLog(value: Uint8Array): string;
 export function ServiceId_ServiceIdString(value: Uint8Array): string;
-export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp, usePqRatchet: boolean): Promise<void>;
-export function SessionCipher_DecryptPreKeySignalMessage(message: Wrapper<PreKeySignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: boolean): Promise<Uint8Array>;
+export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp): Promise<void>;
+export function SessionCipher_DecryptPreKeySignalMessage(message: Wrapper<PreKeySignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<Uint8Array>;
 export function SessionCipher_DecryptSignalMessage(message: Wrapper<SignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SessionCipher_EncryptMessage(ptext: Uint8Array, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp): Promise<CiphertextMessage>;
 export function SessionRecord_ArchiveCurrentState(sessionRecord: Wrapper<SessionRecord>): void;

package/dist/index.d.ts

@@ -24,10 +24,6 @@ export declare enum ContentHint {
     Resendable = 1,
     Implicit = 2
 }
-export declare enum UsePQRatchet {
-    Yes = 0,
-    No = 1
-}
 export type Uuid = string;
 export declare function hkdf(outputLength: number, keyMaterial: Uint8Array, label: Uint8Array, salt: Uint8Array | null): Uint8Array;
 export declare class ScannableFingerprint {
@@ -379,10 +375,10 @@ export declare class DecryptionErrorMessage {
     deviceId(): number;
     ratchetKey(): PublicKey | undefined;
 }
-export declare function processPreKeyBundle(bundle: PreKeyBundle, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, usePqRatchet: UsePQRatchet, now?: Date): Promise<void>;
+export declare function processPreKeyBundle(bundle: PreKeyBundle, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise<void>;
 export declare function signalEncrypt(message: Uint8Array, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise<CiphertextMessage>;
 export declare function signalDecrypt(message: SignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise<Uint8Array>;
-export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: UsePQRatchet): Promise<Uint8Array>;
+export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<Uint8Array>;
 export declare function sealedSenderEncryptMessage(message: Uint8Array, address: ProtocolAddress, senderCert: SenderCertificate, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise<Uint8Array>;
 export declare function sealedSenderEncrypt(content: UnidentifiedSenderMessageContent, address: ProtocolAddress, identityStore: IdentityKeyStore): Promise<Uint8Array>;
 export type SealedSenderMultiRecipientEncryptOptions = {
@@ -395,7 +391,7 @@ export type SealedSenderMultiRecipientEncryptOptions = {
 export declare function sealedSenderMultiRecipientEncrypt(options: SealedSenderMultiRecipientEncryptOptions): Promise<Uint8Array>;
 export declare function sealedSenderMultiRecipientEncrypt(content: UnidentifiedSenderMessageContent, recipients: ProtocolAddress[], identityStore: IdentityKeyStore, sessionStore: SessionStore): Promise<Uint8Array>;
 export declare function sealedSenderMultiRecipientMessageForSingleRecipient(message: Uint8Array): Uint8Array;
-export declare function sealedSenderDecryptMessage(message: Uint8Array, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: UsePQRatchet): Promise<SealedSenderDecryptionResult>;
+export declare function sealedSenderDecryptMessage(message: Uint8Array, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<SealedSenderDecryptionResult>;
 export declare function sealedSenderDecryptToUsmc(message: Uint8Array, identityStore: IdentityKeyStore): Promise<UnidentifiedSenderMessageContent>;
 export declare class Cds2Client {
     readonly _nativeHandle: Native.SgxClientState;

package/dist/index.js

@@ -37,11 +37,6 @@ export var ContentHint;
     ContentHint[ContentHint["Resendable"] = 1] = "Resendable";
     ContentHint[ContentHint["Implicit"] = 2] = "Implicit";
 })(ContentHint || (ContentHint = {}));
-export var UsePQRatchet;
-(function (UsePQRatchet) {
-    UsePQRatchet[UsePQRatchet["Yes"] = 0] = "Yes";
-    UsePQRatchet[UsePQRatchet["No"] = 1] = "No";
-})(UsePQRatchet || (UsePQRatchet = {}));
 export function hkdf(outputLength, keyMaterial, label, salt) {
     return Native.HKDF_DeriveSecrets(outputLength, keyMaterial, label, salt);
 }
@@ -788,8 +783,8 @@ export class DecryptionErrorMessage {
         }
     }
 }
-export function processPreKeyBundle(bundle, address, sessionStore, identityStore, usePqRatchet, now = new Date()) {
-    return Native.SessionBuilder_ProcessPreKeyBundle(bundle, address, sessionStore, identityStore, now.getTime(), usePqRatchet == UsePQRatchet.Yes);
+export function processPreKeyBundle(bundle, address, sessionStore, identityStore, now = new Date()) {
+    return Native.SessionBuilder_ProcessPreKeyBundle(bundle, address, sessionStore, identityStore, now.getTime());
 }
 export async function signalEncrypt(message, address, sessionStore, identityStore, now = new Date()) {
     return CiphertextMessage._fromNativeHandle(await Native.SessionCipher_EncryptMessage(message, address, sessionStore, identityStore, now.getTime()));
@@ -797,8 +792,8 @@ export async function signalEncrypt(message, address, sessionStore, identityStor
 export function signalDecrypt(message, address, sessionStore, identityStore) {
     return Native.SessionCipher_DecryptSignalMessage(message, address, sessionStore, identityStore);
 }
-export function signalDecryptPreKey(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet) {
-    return Native.SessionCipher_DecryptPreKeySignalMessage(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet == UsePQRatchet.Yes);
+export function signalDecryptPreKey(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore) {
+    return Native.SessionCipher_DecryptPreKeySignalMessage(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore);
 }
 export async function sealedSenderEncryptMessage(message, address, senderCert, sessionStore, identityStore) {
     const ciphertext = await signalEncrypt(message, address, sessionStore, identityStore);
@@ -831,8 +826,8 @@ export async function sealedSenderMultiRecipientEncrypt(contentOrOptions, recipi
 export function sealedSenderMultiRecipientMessageForSingleRecipient(message) {
     return Native.SealedSender_MultiRecipientMessageForSingleRecipient(message);
 }
-export async function sealedSenderDecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet) {
-    const ssdr = await Native.SealedSender_DecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet == UsePQRatchet.Yes);
+export async function sealedSenderDecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore) {
+    const ssdr = await Native.SealedSender_DecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore);
     return SealedSenderDecryptionResult._fromNativeHandle(ssdr);
 }
 export async function sealedSenderDecryptToUsmc(message, identityStore) {

package/dist/net.d.ts

@@ -13,6 +13,19 @@ export declare enum Environment {
     Staging = 0,
     Production = 1
 }
+/**
+ * Build variant for remote config key selection.
+ *
+ * This must match the libsignal-bridge Rust enum of the same name.
+ *
+ * - `Production`: Use for release builds. Only uses base remote config keys without suffixes.
+ * - `Beta`: Use for all other builds (nightly, alpha, internal, public betas). Prefers
+ *   keys with a `.beta` suffix, falling back to base keys if the suffixed key is not present.
+ */
+export declare enum BuildVariant {
+    Production = 0,
+    Beta = 1
+}
 export type ServiceAuth = {
     username: string;
     password: string;
@@ -36,6 +49,7 @@ export type NetConstructorOptions = Readonly<{
     env: Environment;
     userAgent: string;
     remoteConfig?: Map<string, string>;
+    buildVariant?: BuildVariant;
 } | {
     localTestServer: true;
     userAgent: string;
@@ -208,9 +222,30 @@ export declare class Net {
      * Only new connections made *after* this call will use the new remote config settings.
      * Existing connections are not affected.
      *
+     * @deprecated Calling without buildVariant is deprecated. Please explicitly specify BuildVariant.Production or BuildVariant.Beta.
      * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
      */
     setRemoteConfig(remoteConfig: ReadonlyMap<string, string>): void;
+    /**
+     * Updates libsignal's remote configuration settings.
+     *
+     * The provided configuration map must conform to the following requirements:
+     * - Each key represents an enabled configuration and directly indicates that the setting is enabled.
+     * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed.
+     * - Entries explicitly disabled by the server must not appear in the map.
+     * - Values originally set to `null` by the server must be represented as empty strings.
+     * - Values should otherwise maintain the same format as they are returned by the server.
+     *
+     * These constraints ensure configurations passed to libsignal precisely reflect enabled
+     * server-provided settings without ambiguity.
+     *
+     * Only new connections made *after* this call will use the new remote config settings.
+     * Existing connections are not affected.
+     *
+     * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
+     * @param buildVariant The build variant (BuildVariant.Production or BuildVariant.Beta) that determines which remote config keys to use.
+     */
+    setRemoteConfig(remoteConfig: ReadonlyMap<string, string>, buildVariant: BuildVariant): void;
     /**
      * Notifies libsignal that the network has changed.
      *

package/dist/net.js

@@ -19,6 +19,20 @@ export var Environment;
     Environment[Environment["Staging"] = 0] = "Staging";
     Environment[Environment["Production"] = 1] = "Production";
 })(Environment || (Environment = {}));
+/**
+ * Build variant for remote config key selection.
+ *
+ * This must match the libsignal-bridge Rust enum of the same name.
+ *
+ * - `Production`: Use for release builds. Only uses base remote config keys without suffixes.
+ * - `Beta`: Use for all other builds (nightly, alpha, internal, public betas). Prefers
+ *   keys with a `.beta` suffix, falling back to base keys if the suffixed key is not present.
+ */
+export var BuildVariant;
+(function (BuildVariant) {
+    BuildVariant[BuildVariant["Production"] = 0] = "Production";
+    BuildVariant[BuildVariant["Beta"] = 1] = "Beta";
+})(BuildVariant || (BuildVariant = {}));
 /** Low-level async runtime control, mostly just exported for testing. */
 export class TokioAsyncContext {
     constructor(handle) {
@@ -50,7 +64,8 @@ export class Net {
             this._connectionManager = newNativeHandle(Native.TESTING_ConnectionManager_newLocalOverride(options.userAgent, options.TESTING_localServer_chatPort, options.TESTING_localServer_cdsiPort, options.TESTING_localServer_svr2Port, options.TESTING_localServer_svrBPort, options.TESTING_localServer_rootCertificateDer));
         }
         else {
-            this._connectionManager = newNativeHandle(Native.ConnectionManager_new(options.env, options.userAgent, new BridgedStringMap(options.remoteConfig || new Map())));
+            const { env, userAgent, remoteConfig = new Map(), buildVariant = BuildVariant.Production, } = options;
+            this._connectionManager = newNativeHandle(Native.ConnectionManager_new(env, userAgent, new BridgedStringMap(remoteConfig), buildVariant));
         }
     }
     /**
@@ -232,26 +247,8 @@ export class Net {
     clearProxy() {
         Native.ConnectionManager_clear_proxy(this._connectionManager);
     }
-    /**
-     * Updates libsignal's remote configuration settings.
-     *
-     * The provided configuration map must conform to the following requirements:
-     * - Each key represents an enabled configuration and directly indicates that the setting is enabled.
-     * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed.
-     * - Entries explicitly disabled by the server must not appear in the map.
-     * - Values originally set to `null` by the server must be represented as empty strings.
-     * - Values should otherwise maintain the same format as they are returned by the server.
-     *
-     * These constraints ensure configurations passed to libsignal precisely reflect enabled
-     * server-provided settings without ambiguity.
-     *
-     * Only new connections made *after* this call will use the new remote config settings.
-     * Existing connections are not affected.
-     *
-     * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
-     */
-    setRemoteConfig(remoteConfig) {
-        Native.ConnectionManager_set_remote_config(this._connectionManager, new BridgedStringMap(remoteConfig));
+    setRemoteConfig(remoteConfig, buildVariant = BuildVariant.Production) {
+        Native.ConnectionManager_set_remote_config(this._connectionManager, new BridgedStringMap(remoteConfig), buildVariant);
     }
     /**
      * Notifies libsignal that the network has changed.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.82.1",
+  "version": "0.83.0",
   "license": "AGPL-3.0-only",
   "type": "module",
   "main": "dist/index.js",