@signalapp/libsignal-client 0.82.1 → 0.84.0

package/Native.d.ts

@@ -229,6 +229,10 @@ export function BackupAuthCredential_GetBackupId(credentialBytes: Uint8Array): U
 export function BackupAuthCredential_GetBackupLevel(credentialBytes: Uint8Array): number;
 export function BackupAuthCredential_GetType(credentialBytes: Uint8Array): number;
 export function BackupAuthCredential_PresentDeterministic(credentialBytes: Uint8Array, serverParamsBytes: Uint8Array, randomness: Uint8Array): Uint8Array;
+export function BackupJsonExporter_ExportFrames(exporter: Wrapper<BackupJsonExporter>, frames: Uint8Array): string;
+export function BackupJsonExporter_Finish(exporter: Wrapper<BackupJsonExporter>): string;
+export function BackupJsonExporter_GetInitialChunk(exporter: Wrapper<BackupJsonExporter>): string;
+export function BackupJsonExporter_New(backupInfo: Uint8Array, shouldValidate: boolean): BackupJsonExporter;
 export function BackupKey_DeriveBackupId(backupKey: Uint8Array, aci: Uint8Array): Uint8Array;
 export function BackupKey_DeriveEcKey(backupKey: Uint8Array, aci: Uint8Array): PrivateKey;
 export function BackupKey_DeriveLocalBackupMetadataKey(backupKey: Uint8Array): Uint8Array;
@@ -270,13 +274,13 @@ export function ComparableBackup_GetComparableString(backup: Wrapper<ComparableB
 export function ComparableBackup_GetUnknownFields(backup: Wrapper<ComparableBackup>): string[];
 export function ComparableBackup_ReadUnencrypted(stream: InputStream, len: bigint, purpose: number): Promise<ComparableBackup>;
 export function ConnectionManager_clear_proxy(connectionManager: Wrapper<ConnectionManager>): void;
-export function ConnectionManager_new(environment: number, userAgent: string, remoteConfig: Wrapper<BridgedStringMap>): ConnectionManager;
+export function ConnectionManager_new(environment: number, userAgent: string, remoteConfig: Wrapper<BridgedStringMap>, buildVariant: number): ConnectionManager;
 export function ConnectionManager_on_network_change(connectionManager: Wrapper<ConnectionManager>): void;
 export function ConnectionManager_set_censorship_circumvention_enabled(connectionManager: Wrapper<ConnectionManager>, enabled: boolean): void;
 export function ConnectionManager_set_invalid_proxy(connectionManager: Wrapper<ConnectionManager>): void;
 export function ConnectionManager_set_ipv6_enabled(connectionManager: Wrapper<ConnectionManager>, ipv6Enabled: boolean): void;
 export function ConnectionManager_set_proxy(connectionManager: Wrapper<ConnectionManager>, proxy: Wrapper<ConnectionProxyConfig>): void;
-export function ConnectionManager_set_remote_config(connectionManager: Wrapper<ConnectionManager>, remoteConfig: Wrapper<BridgedStringMap>): void;
+export function ConnectionManager_set_remote_config(connectionManager: Wrapper<ConnectionManager>, remoteConfig: Wrapper<BridgedStringMap>, buildVariant: number): void;
 export function ConnectionProxyConfig_new(scheme: string, host: string, port: number, username: string | null, password: string | null): ConnectionProxyConfig;
 export function CreateCallLinkCredentialPresentation_CheckValidContents(presentationBytes: Uint8Array): void;
 export function CreateCallLinkCredentialPresentation_Verify(presentationBytes: Uint8Array, roomId: Uint8Array, now: Timestamp, serverParamsBytes: Uint8Array, callLinkParamsBytes: Uint8Array): void;
@@ -347,7 +351,7 @@ export function HsmEnclaveClient_InitialRequest(obj: Wrapper<HsmEnclaveClient>):
 export function HsmEnclaveClient_New(trustedPublicKey: Uint8Array, trustedCodeHashes: Uint8Array): HsmEnclaveClient;
 export function HttpRequest_add_header(request: Wrapper<HttpRequest>, name: string, value: string): void;
 export function HttpRequest_new(method: string, path: string, bodyAsSlice: Uint8Array | null): HttpRequest;
-export function IdentityKeyPair_Deserialize(buffer: Uint8Array): {publicKey:PublicKey,privateKey:PrivateKey};
+export function IdentityKeyPair_Deserialize(input: Uint8Array): [PublicKey, PrivateKey];
 export function IdentityKeyPair_Serialize(publicKey: Wrapper<PublicKey>, privateKey: Wrapper<PrivateKey>): Uint8Array;
 export function IdentityKeyPair_SignAlternateIdentity(publicKey: Wrapper<PublicKey>, privateKey: Wrapper<PrivateKey>, otherIdentity: Wrapper<PublicKey>): Uint8Array;
 export function IdentityKey_VerifyAlternateIdentity(publicKey: Wrapper<PublicKey>, otherIdentity: Wrapper<PublicKey>, signature: Uint8Array): boolean;
@@ -503,7 +507,7 @@ export function SealedSenderDecryptionResult_GetSenderE164(obj: Wrapper<SealedSe
 export function SealedSenderDecryptionResult_GetSenderUuid(obj: Wrapper<SealedSenderDecryptionResult>): string;
 export function SealedSenderDecryptionResult_Message(obj: Wrapper<SealedSenderDecryptionResult>): Uint8Array;
 export function SealedSenderMultiRecipientMessage_Parse(buffer: Uint8Array): SealedSenderMultiRecipientMessage;
-export function SealedSender_DecryptMessage(message: Uint8Array, trustRoot: Wrapper<PublicKey>, timestamp: Timestamp, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: boolean): Promise<SealedSenderDecryptionResult>;
+export function SealedSender_DecryptMessage(message: Uint8Array, trustRoot: Wrapper<PublicKey>, timestamp: Timestamp, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<SealedSenderDecryptionResult>;
 export function SealedSender_DecryptToUsmc(ctext: Uint8Array, identityStore: IdentityKeyStore): Promise<UnidentifiedSenderMessageContent>;
 export function SealedSender_Encrypt(destination: Wrapper<ProtocolAddress>, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SealedSender_MultiRecipientEncrypt(recipients: Wrapper<ProtocolAddress>[], recipientSessions: Wrapper<SessionRecord>[], excludedRecipients: Uint8Array, content: Wrapper<UnidentifiedSenderMessageContent>, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
@@ -579,8 +583,8 @@ export function ServiceId_ParseFromServiceIdString(input: string): Uint8Array;
 export function ServiceId_ServiceIdBinary(value: Uint8Array): Uint8Array;
 export function ServiceId_ServiceIdLog(value: Uint8Array): string;
 export function ServiceId_ServiceIdString(value: Uint8Array): string;
-export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp, usePqRatchet: boolean): Promise<void>;
-export function SessionCipher_DecryptPreKeySignalMessage(message: Wrapper<PreKeySignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: boolean): Promise<Uint8Array>;
+export function SessionBuilder_ProcessPreKeyBundle(bundle: Wrapper<PreKeyBundle>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp): Promise<void>;
+export function SessionCipher_DecryptPreKeySignalMessage(message: Wrapper<PreKeySignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<Uint8Array>;
 export function SessionCipher_DecryptSignalMessage(message: Wrapper<SignalMessage>, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore): Promise<Uint8Array>;
 export function SessionCipher_EncryptMessage(ptext: Uint8Array, protocolAddress: Wrapper<ProtocolAddress>, sessionStore: SessionStore, identityKeyStore: IdentityKeyStore, now: Timestamp): Promise<CiphertextMessage>;
 export function SessionRecord_ArchiveCurrentState(sessionRecord: Wrapper<SessionRecord>): void;
@@ -685,6 +689,7 @@ export function TESTING_RegistrationService_ResumeSessionErrorConvert(errorDescr
 export function TESTING_RegistrationService_SubmitVerificationErrorConvert(errorDescription: string): void;
 export function TESTING_RegistrationService_UpdateSessionErrorConvert(errorDescription: string): void;
 export function TESTING_RegistrationSessionInfoConvert(): RegistrationSession;
+export function TESTING_ReturnPair(): [number, string];
 export function TESTING_ReturnStringArray(): string[];
 export function TESTING_RoundTripI32(input: number): number;
 export function TESTING_RoundTripU16(input: number): number;
@@ -733,6 +738,7 @@ export function initLogger(maxLevel: LogLevel, callback: (level: LogLevel, targe
 export function test_only_fn_returns_123(): number;
 interface Aes256GcmSiv { readonly __type: unique symbol; }
 interface AuthenticatedChatConnection { readonly __type: unique symbol; }
+interface BackupJsonExporter { readonly __type: unique symbol; }
 interface BackupRestoreResponse { readonly __type: unique symbol; }
 interface BackupStoreResponse { readonly __type: unique symbol; }
 interface BridgedStringMap { readonly __type: unique symbol; }
@@ -740,7 +746,6 @@ interface CdsiLookup { readonly __type: unique symbol; }
 interface ChatConnectionInfo { readonly __type: unique symbol; }
 interface CiphertextMessage { readonly __type: unique symbol; }
 interface ComparableBackup { readonly __type: unique symbol; }
-interface ComparableBackup { readonly __type: unique symbol; }
 interface ConnectionManager { readonly __type: unique symbol; }
 interface ConnectionProxyConfig { readonly __type: unique symbol; }
 interface DecryptionErrorMessage { readonly __type: unique symbol; }

package/dist/EcKeys.js

@@ -93,7 +93,7 @@ export class IdentityKeyPair {
         return new IdentityKeyPair(privateKey.getPublicKey(), privateKey);
     }
     static deserialize(buffer) {
-        const { privateKey, publicKey } = Native.IdentityKeyPair_Deserialize(buffer);
+        const [publicKey, privateKey] = Native.IdentityKeyPair_Deserialize(buffer);
         return new IdentityKeyPair(PublicKey._fromNativeHandle(publicKey), PrivateKey._fromNativeHandle(privateKey));
     }
     serialize() {

package/dist/MessageBackup.d.ts

@@ -62,7 +62,8 @@ export declare class MessageBackupKey {
 }
 export declare enum Purpose {
     DeviceTransfer = 0,
-    RemoteBackup = 1
+    RemoteBackup = 1,
+    TakeoutExport = 2
 }
 /**
  * Validate a backup file
@@ -170,3 +171,37 @@ export declare class ComparableBackup {
      */
     get unknownFields(): Array<string>;
 }
+/**
+ * Streaming exporter that produces a human-readable JSON representation of a backup.
+ */
+export declare class BackupJsonExporter {
+    readonly _nativeHandle: Native.BackupJsonExporter;
+    private constructor();
+    /**
+     * Initializes the streaming exporter and returns the first chunk of output.
+     * @param backupInfo The serialized BackupInfo protobuf without a varint header.
+     * @param [options] Additional configuration for the exporter.
+     * @param [options.validate=true] Whether to run semantic validation on the backup.
+     * @returns An object containing the exporter and the first chunk of output, containing the backup info.
+     * @throws Error if the input is invalid.
+     */
+    static start(backupInfo: Uint8Array, options?: {
+        validate?: boolean;
+    }): {
+        exporter: BackupJsonExporter;
+        chunk: string;
+    };
+    /**
+     * Validates and exports a human-readable JSON representation of backup frames.
+     * @param frames One or more varint delimited Frame serialized protobuf messages.
+     * @returns A string containing the exported frames.
+     * @throws Error if the input is invalid.
+     */
+    exportFrames(frames: Uint8Array): string;
+    /**
+     * Completes the validation and export of the previously exported frames.
+     * @returns A string containing the final chunk of the output.
+     * @throws Error if some previous input fails validation at the final stage.
+     */
+    finish(): string;
+}

package/dist/MessageBackup.js

@@ -70,6 +70,7 @@ export var Purpose;
 (function (Purpose) {
     Purpose[Purpose["DeviceTransfer"] = 0] = "DeviceTransfer";
     Purpose[Purpose["RemoteBackup"] = 1] = "RemoteBackup";
+    Purpose[Purpose["TakeoutExport"] = 2] = "TakeoutExport";
 })(Purpose || (Purpose = {}));
 /**
  * Validate a backup file
@@ -202,4 +203,44 @@ export class ComparableBackup {
         return Native.ComparableBackup_GetUnknownFields(this);
     }
 }
+/**
+ * Streaming exporter that produces a human-readable JSON representation of a backup.
+ */
+export class BackupJsonExporter {
+    constructor(handle) {
+        this._nativeHandle = handle;
+    }
+    /**
+     * Initializes the streaming exporter and returns the first chunk of output.
+     * @param backupInfo The serialized BackupInfo protobuf without a varint header.
+     * @param [options] Additional configuration for the exporter.
+     * @param [options.validate=true] Whether to run semantic validation on the backup.
+     * @returns An object containing the exporter and the first chunk of output, containing the backup info.
+     * @throws Error if the input is invalid.
+     */
+    static start(backupInfo, options) {
+        const shouldValidate = options?.validate ?? true;
+        const handle = Native.BackupJsonExporter_New(backupInfo, shouldValidate);
+        const exporter = new BackupJsonExporter(handle);
+        const chunk = Native.BackupJsonExporter_GetInitialChunk(exporter);
+        return { exporter, chunk };
+    }
+    /**
+     * Validates and exports a human-readable JSON representation of backup frames.
+     * @param frames One or more varint delimited Frame serialized protobuf messages.
+     * @returns A string containing the exported frames.
+     * @throws Error if the input is invalid.
+     */
+    exportFrames(frames) {
+        return Native.BackupJsonExporter_ExportFrames(this, frames);
+    }
+    /**
+     * Completes the validation and export of the previously exported frames.
+     * @returns A string containing the final chunk of the output.
+     * @throws Error if some previous input fails validation at the final stage.
+     */
+    finish() {
+        return Native.BackupJsonExporter_Finish(this);
+    }
+}
 //# sourceMappingURL=MessageBackup.js.map

package/dist/index.d.ts

@@ -24,10 +24,6 @@ export declare enum ContentHint {
     Resendable = 1,
     Implicit = 2
 }
-export declare enum UsePQRatchet {
-    Yes = 0,
-    No = 1
-}
 export type Uuid = string;
 export declare function hkdf(outputLength: number, keyMaterial: Uint8Array, label: Uint8Array, salt: Uint8Array | null): Uint8Array;
 export declare class ScannableFingerprint {
@@ -379,10 +375,10 @@ export declare class DecryptionErrorMessage {
     deviceId(): number;
     ratchetKey(): PublicKey | undefined;
 }
-export declare function processPreKeyBundle(bundle: PreKeyBundle, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, usePqRatchet: UsePQRatchet, now?: Date): Promise<void>;
+export declare function processPreKeyBundle(bundle: PreKeyBundle, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise<void>;
 export declare function signalEncrypt(message: Uint8Array, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, now?: Date): Promise<CiphertextMessage>;
 export declare function signalDecrypt(message: SignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise<Uint8Array>;
-export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: UsePQRatchet): Promise<Uint8Array>;
+export declare function signalDecryptPreKey(message: PreKeySignalMessage, address: ProtocolAddress, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<Uint8Array>;
 export declare function sealedSenderEncryptMessage(message: Uint8Array, address: ProtocolAddress, senderCert: SenderCertificate, sessionStore: SessionStore, identityStore: IdentityKeyStore): Promise<Uint8Array>;
 export declare function sealedSenderEncrypt(content: UnidentifiedSenderMessageContent, address: ProtocolAddress, identityStore: IdentityKeyStore): Promise<Uint8Array>;
 export type SealedSenderMultiRecipientEncryptOptions = {
@@ -395,7 +391,7 @@ export type SealedSenderMultiRecipientEncryptOptions = {
 export declare function sealedSenderMultiRecipientEncrypt(options: SealedSenderMultiRecipientEncryptOptions): Promise<Uint8Array>;
 export declare function sealedSenderMultiRecipientEncrypt(content: UnidentifiedSenderMessageContent, recipients: ProtocolAddress[], identityStore: IdentityKeyStore, sessionStore: SessionStore): Promise<Uint8Array>;
 export declare function sealedSenderMultiRecipientMessageForSingleRecipient(message: Uint8Array): Uint8Array;
-export declare function sealedSenderDecryptMessage(message: Uint8Array, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore, usePqRatchet: UsePQRatchet): Promise<SealedSenderDecryptionResult>;
+export declare function sealedSenderDecryptMessage(message: Uint8Array, trustRoot: PublicKey, timestamp: number, localE164: string | null, localUuid: string, localDeviceId: number, sessionStore: SessionStore, identityStore: IdentityKeyStore, prekeyStore: PreKeyStore, signedPrekeyStore: SignedPreKeyStore, kyberPrekeyStore: KyberPreKeyStore): Promise<SealedSenderDecryptionResult>;
 export declare function sealedSenderDecryptToUsmc(message: Uint8Array, identityStore: IdentityKeyStore): Promise<UnidentifiedSenderMessageContent>;
 export declare class Cds2Client {
     readonly _nativeHandle: Native.SgxClientState;

package/dist/index.js

@@ -37,11 +37,6 @@ export var ContentHint;
     ContentHint[ContentHint["Resendable"] = 1] = "Resendable";
     ContentHint[ContentHint["Implicit"] = 2] = "Implicit";
 })(ContentHint || (ContentHint = {}));
-export var UsePQRatchet;
-(function (UsePQRatchet) {
-    UsePQRatchet[UsePQRatchet["Yes"] = 0] = "Yes";
-    UsePQRatchet[UsePQRatchet["No"] = 1] = "No";
-})(UsePQRatchet || (UsePQRatchet = {}));
 export function hkdf(outputLength, keyMaterial, label, salt) {
     return Native.HKDF_DeriveSecrets(outputLength, keyMaterial, label, salt);
 }
@@ -788,8 +783,8 @@ export class DecryptionErrorMessage {
         }
     }
 }
-export function processPreKeyBundle(bundle, address, sessionStore, identityStore, usePqRatchet, now = new Date()) {
-    return Native.SessionBuilder_ProcessPreKeyBundle(bundle, address, sessionStore, identityStore, now.getTime(), usePqRatchet == UsePQRatchet.Yes);
+export function processPreKeyBundle(bundle, address, sessionStore, identityStore, now = new Date()) {
+    return Native.SessionBuilder_ProcessPreKeyBundle(bundle, address, sessionStore, identityStore, now.getTime());
 }
 export async function signalEncrypt(message, address, sessionStore, identityStore, now = new Date()) {
     return CiphertextMessage._fromNativeHandle(await Native.SessionCipher_EncryptMessage(message, address, sessionStore, identityStore, now.getTime()));
@@ -797,8 +792,8 @@ export async function signalEncrypt(message, address, sessionStore, identityStor
 export function signalDecrypt(message, address, sessionStore, identityStore) {
     return Native.SessionCipher_DecryptSignalMessage(message, address, sessionStore, identityStore);
 }
-export function signalDecryptPreKey(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet) {
-    return Native.SessionCipher_DecryptPreKeySignalMessage(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet == UsePQRatchet.Yes);
+export function signalDecryptPreKey(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore) {
+    return Native.SessionCipher_DecryptPreKeySignalMessage(message, address, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore);
 }
 export async function sealedSenderEncryptMessage(message, address, senderCert, sessionStore, identityStore) {
     const ciphertext = await signalEncrypt(message, address, sessionStore, identityStore);
@@ -831,8 +826,8 @@ export async function sealedSenderMultiRecipientEncrypt(contentOrOptions, recipi
 export function sealedSenderMultiRecipientMessageForSingleRecipient(message) {
     return Native.SealedSender_MultiRecipientMessageForSingleRecipient(message);
 }
-export async function sealedSenderDecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet) {
-    const ssdr = await Native.SealedSender_DecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore, usePqRatchet == UsePQRatchet.Yes);
+export async function sealedSenderDecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore) {
+    const ssdr = await Native.SealedSender_DecryptMessage(message, trustRoot, timestamp, localE164, localUuid, localDeviceId, sessionStore, identityStore, prekeyStore, signedPrekeyStore, kyberPrekeyStore);
     return SealedSenderDecryptionResult._fromNativeHandle(ssdr);
 }
 export async function sealedSenderDecryptToUsmc(message, identityStore) {

package/dist/net.d.ts

@@ -13,6 +13,19 @@ export declare enum Environment {
     Staging = 0,
     Production = 1
 }
+/**
+ * Build variant for remote config key selection.
+ *
+ * This must match the libsignal-bridge Rust enum of the same name.
+ *
+ * - `Production`: Use for release builds. Only uses base remote config keys without suffixes.
+ * - `Beta`: Use for all other builds (nightly, alpha, internal, public betas). Prefers
+ *   keys with a `.beta` suffix, falling back to base keys if the suffixed key is not present.
+ */
+export declare enum BuildVariant {
+    Production = 0,
+    Beta = 1
+}
 export type ServiceAuth = {
     username: string;
     password: string;
@@ -36,6 +49,7 @@ export type NetConstructorOptions = Readonly<{
     env: Environment;
     userAgent: string;
     remoteConfig?: Map<string, string>;
+    buildVariant?: BuildVariant;
 } | {
     localTestServer: true;
     userAgent: string;
@@ -208,9 +222,30 @@ export declare class Net {
      * Only new connections made *after* this call will use the new remote config settings.
      * Existing connections are not affected.
      *
+     * @deprecated Calling without buildVariant is deprecated. Please explicitly specify BuildVariant.Production or BuildVariant.Beta.
      * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
      */
     setRemoteConfig(remoteConfig: ReadonlyMap<string, string>): void;
+    /**
+     * Updates libsignal's remote configuration settings.
+     *
+     * The provided configuration map must conform to the following requirements:
+     * - Each key represents an enabled configuration and directly indicates that the setting is enabled.
+     * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed.
+     * - Entries explicitly disabled by the server must not appear in the map.
+     * - Values originally set to `null` by the server must be represented as empty strings.
+     * - Values should otherwise maintain the same format as they are returned by the server.
+     *
+     * These constraints ensure configurations passed to libsignal precisely reflect enabled
+     * server-provided settings without ambiguity.
+     *
+     * Only new connections made *after* this call will use the new remote config settings.
+     * Existing connections are not affected.
+     *
+     * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
+     * @param buildVariant The build variant (BuildVariant.Production or BuildVariant.Beta) that determines which remote config keys to use.
+     */
+    setRemoteConfig(remoteConfig: ReadonlyMap<string, string>, buildVariant: BuildVariant): void;
     /**
      * Notifies libsignal that the network has changed.
      *

package/dist/net.js

@@ -19,6 +19,20 @@ export var Environment;
     Environment[Environment["Staging"] = 0] = "Staging";
     Environment[Environment["Production"] = 1] = "Production";
 })(Environment || (Environment = {}));
+/**
+ * Build variant for remote config key selection.
+ *
+ * This must match the libsignal-bridge Rust enum of the same name.
+ *
+ * - `Production`: Use for release builds. Only uses base remote config keys without suffixes.
+ * - `Beta`: Use for all other builds (nightly, alpha, internal, public betas). Prefers
+ *   keys with a `.beta` suffix, falling back to base keys if the suffixed key is not present.
+ */
+export var BuildVariant;
+(function (BuildVariant) {
+    BuildVariant[BuildVariant["Production"] = 0] = "Production";
+    BuildVariant[BuildVariant["Beta"] = 1] = "Beta";
+})(BuildVariant || (BuildVariant = {}));
 /** Low-level async runtime control, mostly just exported for testing. */
 export class TokioAsyncContext {
     constructor(handle) {
@@ -50,7 +64,8 @@ export class Net {
             this._connectionManager = newNativeHandle(Native.TESTING_ConnectionManager_newLocalOverride(options.userAgent, options.TESTING_localServer_chatPort, options.TESTING_localServer_cdsiPort, options.TESTING_localServer_svr2Port, options.TESTING_localServer_svrBPort, options.TESTING_localServer_rootCertificateDer));
         }
         else {
-            this._connectionManager = newNativeHandle(Native.ConnectionManager_new(options.env, options.userAgent, new BridgedStringMap(options.remoteConfig || new Map())));
+            const { env, userAgent, remoteConfig = new Map(), buildVariant = BuildVariant.Production, } = options;
+            this._connectionManager = newNativeHandle(Native.ConnectionManager_new(env, userAgent, new BridgedStringMap(remoteConfig), buildVariant));
         }
     }
     /**
@@ -232,26 +247,8 @@ export class Net {
     clearProxy() {
         Native.ConnectionManager_clear_proxy(this._connectionManager);
     }
-    /**
-     * Updates libsignal's remote configuration settings.
-     *
-     * The provided configuration map must conform to the following requirements:
-     * - Each key represents an enabled configuration and directly indicates that the setting is enabled.
-     * - Keys must have had the platform-specific prefix (e.g., `"desktop.libsignal."`) removed.
-     * - Entries explicitly disabled by the server must not appear in the map.
-     * - Values originally set to `null` by the server must be represented as empty strings.
-     * - Values should otherwise maintain the same format as they are returned by the server.
-     *
-     * These constraints ensure configurations passed to libsignal precisely reflect enabled
-     * server-provided settings without ambiguity.
-     *
-     * Only new connections made *after* this call will use the new remote config settings.
-     * Existing connections are not affected.
-     *
-     * @param remoteConfig A map containing preprocessed libsignal configuration keys and their associated values.
-     */
-    setRemoteConfig(remoteConfig) {
-        Native.ConnectionManager_set_remote_config(this._connectionManager, new BridgedStringMap(remoteConfig));
+    setRemoteConfig(remoteConfig, buildVariant = BuildVariant.Production) {
+        Native.ConnectionManager_set_remote_config(this._connectionManager, new BridgedStringMap(remoteConfig), buildVariant);
     }
     /**
      * Notifies libsignal that the network has changed.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.82.1",
+  "version": "0.84.0",
   "license": "AGPL-3.0-only",
   "type": "module",
   "main": "dist/index.js",
@@ -64,6 +64,7 @@
     "mocha": "^11",
     "prettier": "^2.7.1",
     "prettier-plugin-packagejson": "^2.5.19",
+    "protobufjs": "^7.5.3",
     "rimraf": "^6.0.1",
     "sinon": "^21.0.0",
     "sinon-chai": "^4.0.1",