@stagewhisper/stagewhisper 0.49.0 → 0.51.0

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "stagewhisper",
   "name": "StageWhisper",
   "description": "Turn live call moments into assistant tasks via StageWhisper",
-  "version": "0.49.0",
+  "version": "0.51.0",
   "channels": [
     "stagewhisper"
   ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stagewhisper/stagewhisper",
-  "version": "0.49.0",
+  "version": "0.51.0",
   "type": "module",
   "description": "OpenClaw channel plugin that connects StageWhisper live calls to your AI assistant",
   "license": "MIT",
@@ -35,5 +35,10 @@
   },
   "peerDependencies": {
     "openclaw": ">=2026.3.0"
+  },
+  "dependencies": {
+    "@noble/ciphers": "^1.3.0",
+    "@noble/curves": "^1.8.0",
+    "@noble/hashes": "^1.7.0"
   }
 }

package/plugin-main.ts

@@ -64,11 +64,16 @@ export default definePluginEntry({
               enableResponses: boolean;
             }) => {
               const { StageWhisperClient } = await import("./src/client.js");
+              const { IdentityKeypair } = await import("./src/crypto.js");
               const client = new StageWhisperClient(opts.apiUrl, "", "");
               try {
+                const pluginKeypair = IdentityKeypair.generate();
+                const pluginPubB64 = pluginKeypair.publicKeyBase64();
+
                 const result = await client.completePairing(
                   opts.code,
                   opts.label ?? "OpenClaw",
+                  pluginPubB64,
                 );
 
                 const cfg = await api.runtime.config.loadConfig();
@@ -81,18 +86,27 @@ export default definePluginEntry({
                 swConfig["integrationId"] = result.integration_id;
                 swConfig["relayToken"] = result.relay_token;
                 swConfig["label"] = result.label;
+                swConfig["pluginSecretKey"] = Buffer.from(pluginKeypair.secretBytes()).toString("base64");
+                if (result.byo_public_key) {
+                  swConfig["desktopPublicKey"] = result.byo_public_key;
+                }
                 swEntry["config"] = swConfig;
                 entries["stagewhisper"] = swEntry;
                 plugins["entries"] = entries;
                 (cfg as Record<string, unknown>)["plugins"] = plugins;
 
                 const channels = ((cfg as Record<string, unknown>)["channels"] ?? {}) as Record<string, Record<string, unknown>>;
-                channels["stagewhisper"] = {
+                const channelEntry: Record<string, unknown> = {
                   apiBaseUrl: opts.apiUrl,
                   integrationId: result.integration_id,
                   relayToken: result.relay_token,
                   label: result.label,
+                  pluginSecretKey: Buffer.from(pluginKeypair.secretBytes()).toString("base64"),
                 };
+                if (result.byo_public_key) {
+                  channelEntry["desktopPublicKey"] = result.byo_public_key;
+                }
+                channels["stagewhisper"] = channelEntry;
                 (cfg as Record<string, unknown>)["channels"] = channels;
 
                 if (opts.enableResponses) {

package/src/channel.ts

@@ -11,6 +11,8 @@ export type StageWhisperAccount = {
   integrationId: string;
   relayToken: string;
   label: string;
+  pluginSecretKeyB64?: string;
+  desktopPublicKeyB64?: string;
 };
 
 function getChannelSection(cfg: OpenClawConfig): Record<string, unknown> {
@@ -63,6 +65,8 @@ export function resolveAccount(
     integrationId,
     relayToken,
     label,
+    pluginSecretKeyB64: (section["pluginSecretKey"] as string) ?? (swConfig?.["pluginSecretKey"] as string) ?? undefined,
+    desktopPublicKeyB64: (section["desktopPublicKey"] as string) ?? (swConfig?.["desktopPublicKey"] as string) ?? undefined,
   };
 }
 

package/src/client.ts

@@ -1,3 +1,5 @@
+import type { IdentityKeypair } from "./crypto.js";
+
 export type TaskPayload = {
   id: string;
   session_id: string;
@@ -7,12 +9,17 @@ export type TaskPayload = {
   status: string;
   evidence_payload: Record<string, unknown> | null;
   created_at: string;
+  is_byo_encrypted?: boolean;
+  encrypted_title?: string;
+  encrypted_request?: string;
+  encrypted_evidence?: string;
 };
 
 export type PairCompleteResponse = {
   integration_id: string;
   relay_token: string;
   label: string;
+  byo_public_key?: string;
 };
 
 export type HeartbeatResponse = {
@@ -23,6 +30,8 @@ export class StageWhisperClient {
   private baseUrl: string;
   private integrationId: string;
   private relayToken: string;
+  private pluginKeypair_: IdentityKeypair | null = null;
+  private desktopPublicKey_: Uint8Array | null = null;
 
   constructor(baseUrl: string, integrationId: string, relayToken: string) {
     this.baseUrl = baseUrl.replace(/\/+$/, "");
@@ -30,6 +39,30 @@ export class StageWhisperClient {
     this.relayToken = relayToken;
   }
 
+  setPluginKeypair(kp: IdentityKeypair): void {
+    this.pluginKeypair_ = kp;
+  }
+
+  setDesktopPublicKey(key: Uint8Array): void {
+    this.desktopPublicKey_ = key;
+  }
+
+  getPluginKeypair(): IdentityKeypair | null {
+    return this.pluginKeypair_;
+  }
+
+  getDesktopPublicKey(): Uint8Array | null {
+    return this.desktopPublicKey_;
+  }
+
+  get pluginKeypair(): IdentityKeypair | null {
+    return this.pluginKeypair_;
+  }
+
+  get desktopPublicKey(): Uint8Array | null {
+    return this.desktopPublicKey_;
+  }
+
   private headers(): Record<string, string> {
     return {
       Authorization: `Bearer ${this.relayToken}`,
@@ -37,14 +70,22 @@ export class StageWhisperClient {
     };
   }
 
-  async completePairing(pairingCode: string, hostLabel: string): Promise<PairCompleteResponse> {
+  async completePairing(
+    pairingCode: string,
+    hostLabel: string,
+    pluginPublicKey?: string,
+  ): Promise<PairCompleteResponse> {
+    const body: Record<string, unknown> = {
+      pairing_code: pairingCode,
+      host_label: hostLabel,
+    };
+    if (pluginPublicKey) {
+      body.plugin_public_key = pluginPublicKey;
+    }
     const res = await fetch(`${this.baseUrl}/api/v1/openclaw/pair/complete`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        pairing_code: pairingCode,
-        host_label: hostLabel,
-      }),
+      body: JSON.stringify(body),
     });
     if (!res.ok) {
       const text = await res.text();
@@ -68,9 +109,15 @@ export class StageWhisperClient {
     }
   }
 
-  async postReply(taskId: string, content: string, remoteMessageId?: string): Promise<void> {
+  async postReply(
+    taskId: string,
+    content: string,
+    remoteMessageId?: string,
+    encryptedSummary?: string,
+  ): Promise<void> {
     const body: Record<string, unknown> = { content };
     if (remoteMessageId) body.remote_message_id = remoteMessageId;
+    if (encryptedSummary) body.encrypted_summary = encryptedSummary;
 
     const res = await fetch(`${this.baseUrl}/api/v1/openclaw/tasks/${taskId}/reply`, {
       method: "POST",

package/src/crypto.test.ts

@@ -0,0 +1,181 @@
+import { describe, it, expect } from "vitest";
+import {
+  IdentityKeypair,
+  seal,
+  open,
+  sealJson,
+  openJson,
+  openChecked,
+  ReplayGuard,
+  ENVELOPE_VERSION,
+  type BYOEnvelope,
+} from "./crypto";
+
+function makeTestKey(): { key: Uint8Array; alice: IdentityKeypair; bob: IdentityKeypair } {
+  const alice = IdentityKeypair.generate();
+  const bob = IdentityKeypair.generate();
+  const key = alice.deriveEnvelopeKey(bob.publicKey);
+  return { key, alice, bob };
+}
+
+describe("crypto envelope", () => {
+  it("seal and open roundtrip", () => {
+    const { key } = makeTestKey();
+    const plaintext = new TextEncoder().encode("hello world");
+
+    const envelope = seal(key, "desktop", "session-1", "corr-1", "reasoning_input", plaintext);
+
+    expect(envelope.version).toBe(ENVELOPE_VERSION);
+    expect(envelope.sender_role).toBe("desktop");
+
+    const decrypted = open(key, envelope);
+    expect(decrypted).toEqual(plaintext);
+  });
+
+  it("wrong key fails", () => {
+    const { key: key1 } = makeTestKey();
+    const { key: key2 } = makeTestKey();
+
+    const envelope = seal(key1, "plugin", "s", "c", "reasoning_output", new TextEncoder().encode("secret"));
+
+    expect(() => open(key2, envelope)).toThrow();
+  });
+
+  it("tampered ciphertext fails", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("data"));
+
+    const bytes = Uint8Array.from(atob(envelope.ciphertext), (c) => c.codePointAt(0)!);
+    bytes[0] ^= 0xff;
+    const tampered: BYOEnvelope = {
+      ...envelope,
+      ciphertext: btoa(Array.from(bytes, (b) => String.fromCodePoint(b)).join("")),
+    };
+
+    expect(() => open(key, tampered)).toThrow();
+  });
+
+  it("tampered session_id fails", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "session-1", "corr-1", "reasoning_input", new TextEncoder().encode("data"));
+
+    const tampered: BYOEnvelope = { ...envelope, session_id: "TAMPERED" };
+    expect(() => open(key, tampered)).toThrow();
+  });
+
+  it("tampered sender_role fails", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("data"));
+
+    const tampered: BYOEnvelope = { ...envelope, sender_role: "plugin" };
+    expect(() => open(key, tampered)).toThrow();
+  });
+
+  it("tampered content_type fails", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("data"));
+
+    const tampered: BYOEnvelope = { ...envelope, content_type: "task_content" };
+    expect(() => open(key, tampered)).toThrow();
+  });
+
+  it("unique message_ids", () => {
+    const { key } = makeTestKey();
+    const e1 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("a"));
+    const e2 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("a"));
+    expect(e1.message_id).not.toBe(e2.message_id);
+  });
+
+  it("unique nonces", () => {
+    const { key } = makeTestKey();
+    const e1 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("a"));
+    const e2 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("a"));
+    expect(e1.nonce).not.toBe(e2.nonce);
+  });
+
+  it("json roundtrip", () => {
+    const { key } = makeTestKey();
+    const payload = {
+      system_instruction: "You are an analyst",
+      user_prompt: "Analyze the transcript",
+      response_schema: { type: "object" },
+    };
+
+    const envelope = sealJson(key, "desktop", "session-1", "corr-1", "reasoning_input", payload);
+    const decrypted = openJson(key, envelope);
+    expect(decrypted).toEqual(payload);
+  });
+
+  it("serialization roundtrip", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "session-1", "corr-1", "reasoning_input", new TextEncoder().encode("test payload"));
+
+    const json = JSON.stringify(envelope);
+    const restored: BYOEnvelope = JSON.parse(json);
+
+    const decrypted = open(key, restored);
+    expect(new TextDecoder().decode(decrypted)).toBe("test payload");
+  });
+
+  it("unsupported version rejected", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("data"));
+    const bad: BYOEnvelope = { ...envelope, version: "static_v99" };
+
+    expect(() => open(key, bad)).toThrow(/Unsupported envelope version/);
+  });
+});
+
+describe("replay guard", () => {
+  it("detects duplicate message", () => {
+    const { key } = makeTestKey();
+    const envelope = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("data"));
+
+    const guard = new ReplayGuard();
+    expect(() => openChecked(key, envelope, guard)).not.toThrow();
+    expect(() => openChecked(key, envelope, guard)).toThrow(/Replay detected/);
+  });
+
+  it("allows different messages", () => {
+    const { key } = makeTestKey();
+    const e1 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("a"));
+    const e2 = seal(key, "desktop", "s", "c", "reasoning_input", new TextEncoder().encode("b"));
+
+    const guard = new ReplayGuard();
+    expect(() => openChecked(key, e1, guard)).not.toThrow();
+    expect(() => openChecked(key, e2, guard)).not.toThrow();
+  });
+});
+
+describe("identity keypair", () => {
+  it("generate and DH agreement", () => {
+    const alice = IdentityKeypair.generate();
+    const bob = IdentityKeypair.generate();
+
+    const sharedA = alice.diffieHellman(bob.publicKey);
+    const sharedB = bob.diffieHellman(alice.publicKey);
+    expect(sharedA).toEqual(sharedB);
+  });
+
+  it("derived envelope keys match", () => {
+    const alice = IdentityKeypair.generate();
+    const bob = IdentityKeypair.generate();
+
+    const keyA = alice.deriveEnvelopeKey(bob.publicKey);
+    const keyB = bob.deriveEnvelopeKey(alice.publicKey);
+    expect(keyA).toEqual(keyB);
+  });
+
+  it("base64 roundtrip", () => {
+    const kp = IdentityKeypair.generate();
+    const b64 = kp.publicKeyBase64();
+    const restored = IdentityKeypair.publicKeyFromBase64(b64);
+    expect(restored).toEqual(kp.publicKey);
+  });
+
+  it("from secret bytes roundtrip", () => {
+    const original = IdentityKeypair.generate();
+    const restored = IdentityKeypair.fromSecretBytes(original.secretBytes());
+    expect(restored.publicKey).toEqual(original.publicKey);
+  });
+});

package/src/crypto.ts

@@ -0,0 +1,203 @@
+import { x25519 } from "@noble/curves/ed25519";
+import { xchacha20poly1305 } from "@noble/ciphers/chacha";
+import { hkdf } from "@noble/hashes/hkdf";
+import { sha256 } from "@noble/hashes/sha256";
+import { randomBytes } from "@noble/ciphers/webcrypto";
+
+export const ENVELOPE_VERSION = "static_v1";
+const ENVELOPE_HKDF_INFO = "stagewhisper-byo-envelope-v1";
+const REPLAY_GUARD_MAX_IDS = 10_000;
+
+export type SenderRole = "desktop" | "plugin";
+
+export type ContentType =
+  | "reasoning_input"
+  | "reasoning_output"
+  | "tool_intent"
+  | "tool_result"
+  | "task_content"
+  | "task_reply";
+
+export interface BYOEnvelope {
+  version: string;
+  sender_role: SenderRole;
+  message_id: string;
+  session_id: string;
+  correlation_id: string;
+  content_type: ContentType;
+  nonce: string;
+  ciphertext: string;
+}
+
+export class IdentityKeypair {
+  private secretKey: Uint8Array;
+  readonly publicKey: Uint8Array;
+
+  private constructor(secretKey: Uint8Array) {
+    this.secretKey = secretKey;
+    this.publicKey = x25519.getPublicKey(secretKey);
+  }
+
+  static generate(): IdentityKeypair {
+    const secretKey = randomBytes(32);
+    return new IdentityKeypair(secretKey);
+  }
+
+  static fromSecretBytes(bytes: Uint8Array): IdentityKeypair {
+    if (bytes.length !== 32) throw new Error(`Secret key must be 32 bytes, got ${bytes.length}`);
+    return new IdentityKeypair(bytes);
+  }
+
+  secretBytes(): Uint8Array {
+    return new Uint8Array(this.secretKey);
+  }
+
+  publicKeyBase64(): string {
+    return toBase64(this.publicKey);
+  }
+
+  static publicKeyFromBase64(b64: string): Uint8Array {
+    const bytes = fromBase64(b64);
+    if (bytes.length !== 32) throw new Error(`Public key must be 32 bytes, got ${bytes.length}`);
+    return bytes;
+  }
+
+  diffieHellman(peerPublicKey: Uint8Array): Uint8Array {
+    return x25519.getSharedSecret(this.secretKey, peerPublicKey);
+  }
+
+  deriveEnvelopeKey(peerPublicKey: Uint8Array): Uint8Array {
+    const shared = this.diffieHellman(peerPublicKey);
+    return hkdf(sha256, shared, undefined, ENVELOPE_HKDF_INFO, 32);
+  }
+}
+
+function buildAad(envelope: Omit<BYOEnvelope, "nonce" | "ciphertext">): Uint8Array {
+  const aadObj = {
+    content_type: envelope.content_type,
+    correlation_id: envelope.correlation_id,
+    message_id: envelope.message_id,
+    sender_role: envelope.sender_role,
+    session_id: envelope.session_id,
+    version: envelope.version,
+  };
+  return new TextEncoder().encode(JSON.stringify(aadObj));
+}
+
+function generateUUID(): string {
+  return crypto.randomUUID();
+}
+
+export function seal(
+  key: Uint8Array,
+  senderRole: SenderRole,
+  sessionId: string,
+  correlationId: string,
+  contentType: ContentType,
+  plaintext: Uint8Array,
+): BYOEnvelope {
+  const messageId = generateUUID();
+  const nonce = randomBytes(24);
+
+  const metadata = {
+    version: ENVELOPE_VERSION,
+    sender_role: senderRole,
+    message_id: messageId,
+    session_id: sessionId,
+    correlation_id: correlationId,
+    content_type: contentType,
+  };
+
+  const aad = buildAad(metadata);
+  const cipher = xchacha20poly1305(key, nonce, aad);
+  const ciphertext = cipher.encrypt(plaintext);
+
+  return {
+    ...metadata,
+    nonce: toBase64(nonce),
+    ciphertext: toBase64(ciphertext),
+  };
+}
+
+export function open(key: Uint8Array, envelope: BYOEnvelope): Uint8Array {
+  if (envelope.version !== ENVELOPE_VERSION) {
+    throw new Error(`Unsupported envelope version: ${envelope.version}`);
+  }
+
+  const nonce = fromBase64(envelope.nonce);
+  if (nonce.length !== 24) {
+    throw new Error(`Nonce must be 24 bytes, got ${nonce.length}`);
+  }
+
+  const ciphertext = fromBase64(envelope.ciphertext);
+  const aad = buildAad(envelope);
+  const cipher = xchacha20poly1305(key, nonce, aad);
+
+  return cipher.decrypt(ciphertext);
+}
+
+export function sealJson<T>(
+  key: Uint8Array,
+  senderRole: SenderRole,
+  sessionId: string,
+  correlationId: string,
+  contentType: ContentType,
+  value: T,
+): BYOEnvelope {
+  const plaintext = new TextEncoder().encode(JSON.stringify(value));
+  return seal(key, senderRole, sessionId, correlationId, contentType, plaintext);
+}
+
+export function openJson<T>(key: Uint8Array, envelope: BYOEnvelope): T {
+  const plaintext = open(key, envelope);
+  return JSON.parse(new TextDecoder().decode(plaintext));
+}
+
+export class ReplayGuard {
+  private seen = new Set<string>();
+  private order: string[] = [];
+
+  check(messageId: string): void {
+    if (this.seen.has(messageId)) {
+      throw new Error(`Replay detected: duplicate message_id ${messageId}`);
+    }
+    while (this.seen.size >= REPLAY_GUARD_MAX_IDS) {
+      const oldest = this.order.shift();
+      if (oldest !== undefined) {
+        this.seen.delete(oldest);
+      } else {
+        break;
+      }
+    }
+    this.seen.add(messageId);
+    this.order.push(messageId);
+  }
+}
+
+export function openChecked(
+  key: Uint8Array,
+  envelope: BYOEnvelope,
+  replayGuard: ReplayGuard,
+): Uint8Array {
+  replayGuard.check(envelope.message_id);
+  return open(key, envelope);
+}
+
+export function openJsonChecked<T>(
+  key: Uint8Array,
+  envelope: BYOEnvelope,
+  replayGuard: ReplayGuard,
+): T {
+  replayGuard.check(envelope.message_id);
+  return openJson<T>(key, envelope);
+}
+
+function toBase64(bytes: Uint8Array): string {
+  const binString = Array.from(bytes, (b) => String.fromCodePoint(b)).join("");
+  return btoa(binString);
+}
+
+function fromBase64(b64: string): Uint8Array {
+  const binString = atob(b64);
+  return Uint8Array.from(binString, (c) => c.codePointAt(0)!);
+}

package/src/service.ts

@@ -8,6 +8,7 @@ import { resolveAccount } from "./channel.js";
 import { createHealthTracker } from "./health.js";
 import { executeReasoningJob, probeOpenResponses, type ReasoningJobEnvelope } from "./reasoning.js";
 import { isResponsesEndpointEnabled } from "./openresponses.js";
+import { IdentityKeypair, seal, open, type BYOEnvelope } from "./crypto.js";
 
 const HEARTBEAT_INTERVAL_MS = 30_000;
 const RECONNECT_BASE_MS = 1_000;
@@ -58,6 +59,8 @@ export function createRelayService(api: OpenClawPluginApi) {
         integrationId: (pluginCfg["integrationId"] as string) ?? "",
         relayToken: (pluginCfg["relayToken"] as string) ?? "",
         label: (pluginCfg["label"] as string) ?? "StageWhisper",
+        pluginSecretKeyB64: (pluginCfg["pluginSecretKey"] as string) ?? undefined,
+        desktopPublicKeyB64: (pluginCfg["desktopPublicKey"] as string) ?? undefined,
       };
     }
   }
@@ -188,6 +191,60 @@ export function createRelayService(api: OpenClawPluginApi) {
     return null;
   }
 
+  function decryptTaskFields(task: TaskPayload, client: StageWhisperClient): TaskPayload {
+    const keypair = client.pluginKeypair;
+    const desktopPub = client.desktopPublicKey;
+    if (!keypair || !desktopPub) return task;
+
+    const envelopeKey = keypair.deriveEnvelopeKey(desktopPub);
+    const decrypted = { ...task };
+    if (task.encrypted_title) {
+      try {
+        const envelope: BYOEnvelope = JSON.parse(task.encrypted_title);
+        const data = open(envelopeKey, envelope);
+        decrypted.title = new TextDecoder().decode(data);
+      } catch {
+        api.logger.warn(`Failed to decrypt task title for ${task.id}`);
+      }
+    }
+    if (task.encrypted_request) {
+      try {
+        const envelope: BYOEnvelope = JSON.parse(task.encrypted_request);
+        const data = open(envelopeKey, envelope);
+        decrypted.request_text = new TextDecoder().decode(data);
+      } catch {
+        api.logger.warn(`Failed to decrypt task request for ${task.id}`);
+      }
+    }
+    if (task.encrypted_evidence) {
+      try {
+        const envelope: BYOEnvelope = JSON.parse(task.encrypted_evidence);
+        const data = open(envelopeKey, envelope);
+        decrypted.evidence_payload = JSON.parse(new TextDecoder().decode(data));
+      } catch {
+        api.logger.warn(`Failed to decrypt task evidence for ${task.id}`);
+      }
+    }
+    return decrypted;
+  }
+
+  function encryptReply(content: string, client: StageWhisperClient, sessionId: string, taskId: string): string | undefined {
+    const keypair = client.pluginKeypair;
+    const desktopPub = client.desktopPublicKey;
+    if (!keypair || !desktopPub) return undefined;
+
+    const envelopeKey = keypair.deriveEnvelopeKey(desktopPub);
+    const envelope = seal(
+      envelopeKey,
+      "plugin",
+      sessionId,
+      taskId,
+      "task_reply",
+      new TextEncoder().encode(content),
+    );
+    return JSON.stringify(envelope);
+  }
+
   async function handleNormalTask(task: TaskPayload, client: StageWhisperClient): Promise<void> {
     let deliveredMarked = false;
     for (let attempt = 0; attempt < 2; attempt++) {
@@ -205,7 +262,10 @@ export function createRelayService(api: OpenClawPluginApi) {
       return;
     }
 
-    const messageContent = buildTaskMessage(task);
+    const isByo = !!task.is_byo_encrypted;
+    const effectiveTask = isByo ? decryptTaskFields(task, client) : task;
+
+    const messageContent = buildTaskMessage(effectiveTask);
     const peerId = `sw-session-${task.session_id}`;
     const sessionKey = buildAgentSessionKey({
       agentId: "default",
@@ -234,7 +294,8 @@ export function createRelayService(api: OpenClawPluginApi) {
         if (waitResult.status === "ok") {
           const reply = await extractReplyForTask(sessionKey, task.id);
           if (reply) {
-            await client.postReply(task.id, reply);
+            const encSummary = isByo ? encryptReply(reply, client, task.session_id, task.id) : undefined;
+            await client.postReply(task.id, isByo ? "[BYO Encrypted]" : reply, undefined, encSummary);
             api.logger.info(`Task ${task.id} completed with reply`);
           } else {
             api.logger.warn(`Task ${task.id} completed but no reply found`);
@@ -305,7 +366,7 @@ export function createRelayService(api: OpenClawPluginApi) {
   async function handleCapabilityProbe(
     job: ReasoningJobEnvelope,
     client: StageWhisperClient,
-  ): Promise<void> {
+  ): Promise<boolean> {
     const correlationId = job.correlation_id;
     const displayModel = health.get().displayModel ?? null;
     const prompt =
@@ -318,6 +379,8 @@ export function createRelayService(api: OpenClawPluginApi) {
       peer: { kind: "direct", id: `sw-probe-${job.job_id}` },
     });
 
+    let callbackDelivered = false;
+
     try {
       const result = await api.runtime.subagent.run({
         sessionKey,
@@ -348,6 +411,7 @@ export function createRelayService(api: OpenClawPluginApi) {
           },
           correlationId,
         );
+        callbackDelivered = true;
         api.logger.info(`Capability probe ${job.job_id} completed`);
       } else {
         await client.postReasoningResult(
@@ -364,6 +428,7 @@ export function createRelayService(api: OpenClawPluginApi) {
           },
           correlationId,
         );
+        callbackDelivered = true;
       }
     } catch (err) {
       const errMsg = err instanceof Error ? err.message : String(err);
@@ -383,10 +448,206 @@ export function createRelayService(api: OpenClawPluginApi) {
           },
           correlationId,
         );
+        callbackDelivered = true;
       } catch (postErr) {
         api.logger.error(`Failed to report probe failure: ${postErr}`);
       }
     }
+
+    return callbackDelivered;
+  }
+
+  async function handleBYOEncryptedJob(
+    job: ReasoningJobEnvelope,
+    client: StageWhisperClient,
+  ): Promise<void> {
+    const correlationId = job.correlation_id;
+    api.logger.info(
+      `Received BYO encrypted reasoning job: ${job.job_id}`,
+    );
+
+    const rawPayload = job.payload as Record<string, unknown>;
+    const envelope = rawPayload.envelope as Record<string, unknown> | undefined;
+    if (!envelope || !envelope.ciphertext) {
+      api.logger.error(`BYO job ${job.job_id} missing encrypted envelope`);
+      try {
+        await client.postReasoningResult(
+          job.job_id,
+          {
+            job_id: job.job_id,
+            status: "failed",
+            provider_run_id: null,
+            model_ref: null,
+            usage: null,
+            output: null,
+            error_code: "missing_envelope",
+            error_message: "No encrypted envelope in BYO reasoning job",
+            byo_encrypted: true,
+          },
+          correlationId,
+        );
+      } catch (postErr) {
+        api.logger.error(`Failed to report BYO failure: ${postErr}`);
+      }
+      return;
+    }
+
+    const pluginKeypair = client.getPluginKeypair?.();
+    const desktopPublicKey = client.getDesktopPublicKey?.();
+
+    if (!pluginKeypair || !desktopPublicKey) {
+      api.logger.error(`BYO job ${job.job_id}: missing crypto keys`);
+      try {
+        await client.postReasoningResult(
+          job.job_id,
+          {
+            job_id: job.job_id,
+            status: "failed",
+            provider_run_id: null,
+            model_ref: null,
+            usage: null,
+            output: null,
+            error_code: "missing_keys",
+            error_message: "Plugin or desktop keys not configured for BYO mode",
+            byo_encrypted: true,
+          },
+          correlationId,
+        );
+      } catch (postErr) {
+        api.logger.error(`Failed to report BYO key failure: ${postErr}`);
+      }
+      return;
+    }
+
+    let decryptedPayload: Record<string, unknown>;
+    const envelopeKey = pluginKeypair.deriveEnvelopeKey(desktopPublicKey);
+    try {
+      const byoEnvelope: BYOEnvelope = {
+        version: (envelope.version as string) ?? "static_v1",
+        sender_role: (envelope.sender_role as "desktop" | "plugin") ?? "desktop",
+        message_id: (envelope.message_id as string) ?? "",
+        session_id: (envelope.session_id as string) ?? "",
+        correlation_id: (envelope.correlation_id as string) ?? "",
+        content_type: (envelope.content_type as BYOEnvelope["content_type"]) ?? "reasoning_input",
+        nonce: envelope.nonce as string,
+        ciphertext: envelope.ciphertext as string,
+      };
+
+      const plaintext = open(envelopeKey, byoEnvelope);
+      decryptedPayload = JSON.parse(new TextDecoder().decode(plaintext));
+    } catch (err) {
+      api.logger.error(`BYO job ${job.job_id} decryption failed: ${err}`);
+      try {
+        await client.postReasoningResult(
+          job.job_id,
+          {
+            job_id: job.job_id,
+            status: "failed",
+            provider_run_id: null,
+            model_ref: null,
+            usage: null,
+            output: null,
+            error_code: "decryption_error",
+            error_message: "Failed to decrypt BYO envelope",
+            byo_encrypted: true,
+          },
+          correlationId,
+        );
+      } catch (postErr) {
+        api.logger.error(`Failed to report BYO decryption failure: ${postErr}`);
+      }
+      return;
+    }
+
+    const plainJob: ReasoningJobEnvelope = {
+      ...job,
+      payload: decryptedPayload,
+      response_schema: decryptedPayload.response_schema as Record<string, unknown> ?? job.response_schema,
+    };
+
+    const displayModel = health.get().displayModel ?? null;
+    let result;
+    try {
+      result = await executeReasoningJob(api, plainJob, displayModel);
+    } catch (err) {
+      const errMsg = err instanceof Error ? err.message : String(err);
+      health.recordFailure(errMsg);
+      api.logger.error(`BYO reasoning job ${job.job_id} failed: ${errMsg}`);
+      try {
+        await client.postReasoningResult(
+          job.job_id,
+          {
+            job_id: job.job_id,
+            status: "failed",
+            provider_run_id: null,
+            model_ref: displayModel,
+            usage: null,
+            output: null,
+            error_code: "execution_error",
+            error_message: errMsg,
+            byo_encrypted: true,
+          },
+          correlationId,
+        );
+      } catch (postErr) {
+        api.logger.error(`Failed to report BYO reasoning failure: ${postErr}`);
+      }
+      return;
+    }
+
+    if (result.status === "completed") {
+      health.recordSuccess();
+    } else {
+      health.recordFailure(result.error_message ?? `reasoning ${result.status}`);
+    }
+
+    let encryptedResult: Record<string, unknown>;
+    try {
+      const resultJson = JSON.stringify(result.output ?? {});
+      const resultBytes = new TextEncoder().encode(resultJson);
+
+      const sessionId = (envelope.session_id as string) ?? "";
+      const resultCorrelationId = (envelope.correlation_id as string) ?? "";
+
+      const resultEnvelope = seal(
+        envelopeKey,
+        "plugin",
+        sessionId,
+        resultCorrelationId,
+        "reasoning_output",
+        resultBytes,
+      );
+
+      encryptedResult = {
+        byo_encrypted: true,
+        envelope: resultEnvelope,
+        job_id: job.job_id,
+        status: result.status,
+        usage: result.usage,
+        model_ref: result.model_ref,
+      };
+    } catch (err) {
+      api.logger.error(`BYO job ${job.job_id} result encryption failed: ${err}`);
+      encryptedResult = {
+        job_id: job.job_id,
+        status: "failed",
+        error_code: "encryption_error",
+        error_message: "Failed to encrypt result",
+        byo_encrypted: true,
+      };
+    }
+
+    try {
+      await client.postReasoningResult(
+        job.job_id,
+        encryptedResult,
+        correlationId,
+      );
+      completedReasoningJobs.set(job.job_id, Date.now());
+      api.logger.info(`BYO reasoning job ${job.job_id} completed (status: ${result.status})`);
+    } catch (postErr) {
+      api.logger.error(`Failed to post BYO reasoning result for ${job.job_id}: ${postErr}`);
+    }
   }
 
   async function handleReasoningJob(
@@ -410,8 +671,10 @@ export function createRelayService(api: OpenClawPluginApi) {
 
     if (job.purpose === "capability_probe") {
       try {
-        await handleCapabilityProbe(job, client);
-        completedReasoningJobs.set(job.job_id, Date.now());
+        const delivered = await handleCapabilityProbe(job, client);
+        if (delivered) {
+          completedReasoningJobs.set(job.job_id, Date.now());
+        }
       } finally {
         processingReasoningJobs.delete(job.job_id);
       }
@@ -419,6 +682,15 @@ export function createRelayService(api: OpenClawPluginApi) {
     }
 
     try {
+      const isBYOEncrypted =
+        job.payload &&
+        (job.payload as Record<string, unknown>).byo_encrypted === true;
+
+      if (isBYOEncrypted) {
+        await handleBYOEncryptedJob(job, client);
+        return;
+      }
+
       const displayModel = health.get().displayModel ?? null;
 
       let result;
@@ -479,12 +751,34 @@ export function createRelayService(api: OpenClawPluginApi) {
     }
   }
 
-  async function connectStream(account: StageWhisperAccount): Promise<void> {
+  function createClient(account: StageWhisperAccount): StageWhisperClient {
     const client = new StageWhisperClient(
       account.apiBaseUrl,
       account.integrationId,
       account.relayToken,
     );
+    if (account.pluginSecretKeyB64) {
+      try {
+        const secretBytes = Uint8Array.from(atob(account.pluginSecretKeyB64), c => c.charCodeAt(0));
+        client.setPluginKeypair(IdentityKeypair.fromSecretBytes(secretBytes));
+      } catch (err) {
+        api.logger.warn(`Failed to load plugin keypair from config: ${err}`);
+      }
+    }
+    if (account.desktopPublicKeyB64) {
+      try {
+        client.setDesktopPublicKey(
+          IdentityKeypair.publicKeyFromBase64(account.desktopPublicKeyB64),
+        );
+      } catch (err) {
+        api.logger.warn(`Failed to load desktop public key from config: ${err}`);
+      }
+    }
+    return client;
+  }
+
+  async function connectStream(account: StageWhisperAccount): Promise<void> {
+    const client = createClient(account);
 
     abortController = new AbortController();
     const url = client.streamUrl();
@@ -583,11 +877,7 @@ export function createRelayService(api: OpenClawPluginApi) {
   }
 
   function startHeartbeat(account: StageWhisperAccount): void {
-    const client = new StageWhisperClient(
-      account.apiBaseUrl,
-      account.integrationId,
-      account.relayToken,
-    );
+    const client = createClient(account);
 
     heartbeatTimer = setInterval(async () => {
       try {