npm - @twsxtd/baileys - Versions diffs - 7.0.0-rc.9.commit.7a91cac1d4ec → 7.0.0-rc.9.commit.8d1e795328c7 - Mend

@twsxtd/baileys 7.0.0-rc.9.commit.7a91cac1d4ec → 7.0.0-rc.9.commit.8d1e795328c7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

package/WAProto/fix-imports.js +22 -18
package/WAProto/index.js +22 -18
package/lib/Defaults/index.d.ts +2 -0
package/lib/Defaults/index.d.ts.map +1 -1
package/lib/Defaults/index.js +3 -1
package/lib/Defaults/index.js.map +1 -1
package/lib/Signal/libsignal.d.ts.map +1 -1
package/lib/Signal/libsignal.js +15 -12
package/lib/Signal/libsignal.js.map +1 -1
package/lib/Signal/lid-mapping.d.ts +3 -5
package/lib/Signal/lid-mapping.d.ts.map +1 -1
package/lib/Signal/lid-mapping.js +37 -22
package/lib/Signal/lid-mapping.js.map +1 -1
package/lib/Socket/Client/websocket.d.ts.map +1 -1
package/lib/Socket/Client/websocket.js +3 -6
package/lib/Socket/Client/websocket.js.map +1 -1
package/lib/Socket/business.d.ts +7 -4
package/lib/Socket/business.d.ts.map +1 -1
package/lib/Socket/chats.d.ts +9 -3
package/lib/Socket/chats.d.ts.map +1 -1
package/lib/Socket/chats.js +253 -47
package/lib/Socket/chats.js.map +1 -1
package/lib/Socket/communities.d.ts +7 -4
package/lib/Socket/communities.d.ts.map +1 -1
package/lib/Socket/groups.d.ts +8 -4
package/lib/Socket/groups.d.ts.map +1 -1
package/lib/Socket/groups.js +20 -0
package/lib/Socket/groups.js.map +1 -1
package/lib/Socket/index.d.ts +7 -4
package/lib/Socket/index.d.ts.map +1 -1
package/lib/Socket/messages-recv.d.ts +7 -4
package/lib/Socket/messages-recv.d.ts.map +1 -1
package/lib/Socket/messages-recv.js +296 -103
package/lib/Socket/messages-recv.js.map +1 -1
package/lib/Socket/messages-send.d.ts +7 -4
package/lib/Socket/messages-send.d.ts.map +1 -1
package/lib/Socket/messages-send.js +113 -50
package/lib/Socket/messages-send.js.map +1 -1
package/lib/Socket/newsletter.d.ts +6 -3
package/lib/Socket/newsletter.d.ts.map +1 -1
package/lib/Socket/newsletter.js +2 -2
package/lib/Socket/newsletter.js.map +1 -1
package/lib/Socket/socket.d.ts +0 -2
package/lib/Socket/socket.d.ts.map +1 -1
package/lib/Socket/socket.js +15 -9
package/lib/Socket/socket.js.map +1 -1
package/lib/Types/Auth.d.ts +2 -0
package/lib/Types/Auth.d.ts.map +1 -1
package/lib/Types/Call.d.ts +1 -1
package/lib/Types/Call.d.ts.map +1 -1
package/lib/Types/Contact.d.ts +2 -0
package/lib/Types/Contact.d.ts.map +1 -1
package/lib/Types/Events.d.ts +16 -0
package/lib/Types/Events.d.ts.map +1 -1
package/lib/Types/GroupMetadata.d.ts +4 -0
package/lib/Types/GroupMetadata.d.ts.map +1 -1
package/lib/Types/Message.d.ts +15 -2
package/lib/Types/Message.d.ts.map +1 -1
package/lib/Types/Message.js.map +1 -1
package/lib/Types/Newsletter.d.ts +4 -2
package/lib/Types/Newsletter.d.ts.map +1 -1
package/lib/Types/Newsletter.js +4 -2
package/lib/Types/Newsletter.js.map +1 -1
package/lib/Types/Signal.d.ts +1 -2
package/lib/Types/Signal.d.ts.map +1 -1
package/lib/Utils/auth-utils.d.ts +5 -0
package/lib/Utils/auth-utils.d.ts.map +1 -1
package/lib/Utils/auth-utils.js +49 -14
package/lib/Utils/auth-utils.js.map +1 -1
package/lib/Utils/chat-utils.d.ts +30 -0
package/lib/Utils/chat-utils.d.ts.map +1 -1
package/lib/Utils/chat-utils.js +34 -8
package/lib/Utils/chat-utils.js.map +1 -1
package/lib/Utils/companion-reg-client-utils.d.ts +17 -0
package/lib/Utils/companion-reg-client-utils.d.ts.map +1 -0
package/lib/Utils/companion-reg-client-utils.js +41 -0
package/lib/Utils/companion-reg-client-utils.js.map +1 -0
package/lib/Utils/decode-wa-message.d.ts +12 -0
package/lib/Utils/decode-wa-message.d.ts.map +1 -1
package/lib/Utils/decode-wa-message.js +22 -0
package/lib/Utils/decode-wa-message.js.map +1 -1
package/lib/Utils/event-buffer.d.ts +0 -7
package/lib/Utils/event-buffer.d.ts.map +1 -1
package/lib/Utils/event-buffer.js +9 -29
package/lib/Utils/event-buffer.js.map +1 -1
package/lib/Utils/generics.d.ts +1 -0
package/lib/Utils/generics.d.ts.map +1 -1
package/lib/Utils/generics.js +22 -1
package/lib/Utils/generics.js.map +1 -1
package/lib/Utils/history.d.ts.map +1 -1
package/lib/Utils/history.js +11 -9
package/lib/Utils/history.js.map +1 -1
package/lib/Utils/identity-change-handler.d.ts +7 -0
package/lib/Utils/identity-change-handler.d.ts.map +1 -1
package/lib/Utils/identity-change-handler.js +2 -6
package/lib/Utils/identity-change-handler.js.map +1 -1
package/lib/Utils/index.d.ts +15 -15
package/lib/Utils/index.d.ts.map +1 -1
package/lib/Utils/index.js +15 -15
package/lib/Utils/index.js.map +1 -1
package/lib/Utils/message-retry-manager.d.ts +1 -5
package/lib/Utils/message-retry-manager.d.ts.map +1 -1
package/lib/Utils/message-retry-manager.js +7 -14
package/lib/Utils/message-retry-manager.js.map +1 -1
package/lib/Utils/messages-media.js +1 -1
package/lib/Utils/messages-media.js.map +1 -1
package/lib/Utils/messages.d.ts.map +1 -1
package/lib/Utils/messages.js +22 -1
package/lib/Utils/messages.js.map +1 -1
package/lib/Utils/process-message.d.ts.map +1 -1
package/lib/Utils/process-message.js +74 -7
package/lib/Utils/process-message.js.map +1 -1
package/lib/Utils/sync-action-utils.d.ts.map +1 -1
package/lib/Utils/sync-action-utils.js +1 -0
package/lib/Utils/sync-action-utils.js.map +1 -1
package/lib/Utils/tc-token-utils.d.ts +26 -1
package/lib/Utils/tc-token-utils.d.ts.map +1 -1
package/lib/Utils/tc-token-utils.js +149 -4
package/lib/Utils/tc-token-utils.js.map +1 -1
package/lib/WAUSync/Protocols/USyncContactProtocol.d.ts.map +1 -1
package/lib/WAUSync/Protocols/USyncContactProtocol.js +26 -3
package/lib/WAUSync/Protocols/USyncContactProtocol.js.map +1 -1
package/lib/WAUSync/Protocols/USyncUsernameProtocol.d.ts +10 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.d.ts.map +1 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.js +25 -0
package/lib/WAUSync/Protocols/USyncUsernameProtocol.js.map +1 -0
package/lib/WAUSync/Protocols/index.d.ts +1 -0
package/lib/WAUSync/Protocols/index.d.ts.map +1 -1
package/lib/WAUSync/Protocols/index.js +1 -0
package/lib/WAUSync/Protocols/index.js.map +1 -1
package/lib/WAUSync/USyncQuery.d.ts +1 -0
package/lib/WAUSync/USyncQuery.d.ts.map +1 -1
package/lib/WAUSync/USyncQuery.js +5 -1
package/lib/WAUSync/USyncQuery.js.map +1 -1
package/lib/WAUSync/USyncUser.d.ts +4 -0
package/lib/WAUSync/USyncUser.d.ts.map +1 -1
package/lib/WAUSync/USyncUser.js +8 -0
package/lib/WAUSync/USyncUser.js.map +1 -1
package/package.json +5 -3

package/lib/Socket/messages-recv.js CHANGED Viewed

@@ -5,39 +5,63 @@ import Long from 'long';
 import { proto } from '../../WAProto/index.js';
 import { DEFAULT_CACHE_TTLS, KEY_BUNDLE_TYPE, MIN_PREKEY_COUNT, PLACEHOLDER_MAX_AGE_SECONDS, STATUS_EXPIRY_SECONDS } from '../Defaults/index.js';
 import { WAMessageStatus, WAMessageStubType } from '../Types/index.js';
-import { aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
+import { aesDecryptCTR, aesEncryptGCM, cleanMessage, Curve, decodeMediaRetryNode, decodeMessageNode, decryptMessageNode, delay, derivePairingCodeKey, encodeBigEndian, encodeSignedDeviceIdentity, extractAddressingContext, getCallStatusFromNode, getHistoryMsg, getNextPreKeys, getStatusFromReceiptType, handleIdentityChange, hkdf, bindCleanupOnConnectionClose, MISSING_KEYS_ERROR_TEXT, NACK_REASONS, NO_MESSAGE_FOUND_ERROR_TEXT, SERVER_ERROR_CODES, toNumber, unixTimestampSeconds, xmppPreKey, xmppSignedPreKey } from '../Utils/index.js';
 import { makeMutex } from '../Utils/make-mutex.js';
 import { makeOfflineNodeProcessor } from '../Utils/offline-node-processor.js';
 import { buildAckStanza } from '../Utils/stanza-ack.js';
+import { buildMergedTcTokenIndexWrite, isTcTokenExpired, readTcTokenIndex, resolveIssuanceJid, resolveTcTokenJid, storeTcTokensFromIqResult, TC_TOKEN_INDEX_KEY } from '../Utils/tc-token-utils.js';
 import { areJidsSameUser, binaryNodeToString, getAllBinaryNodeChildren, getBinaryNodeChild, getBinaryNodeChildBuffer, getBinaryNodeChildren, getBinaryNodeChildString, isJidGroup, isJidNewsletter, isJidStatusBroadcast, isLidUser, isPnUser, jidDecode, jidNormalizedUser, S_WHATSAPP_NET } from '../WABinary/index.js';
 import { extractGroupMetadata } from './groups.js';
 import { makeMessagesSocket } from './messages-send.js';
 export const makeMessagesRecvSocket = (config) => {
     const { logger, retryRequestDelayMs, maxMsgRetryCount, getMessage, shouldIgnoreJid, enableAutoSessionRecreation } = config;
     const sock = makeMessagesSocket(config);
-    const { ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, messageRetryManager } = sock;
+    const { ev, authState, ws, messageMutex, notificationMutex, receiptMutex, signalRepository, query, upsertMessage, resyncAppState, onUnexpectedError, assertSessions, sendNode, relayMessage, sendReceipt, uploadPreKeys, sendPeerDataOperationMessage, messageRetryManager, issuePrivacyTokens } = sock;
+    const getLIDForPN = signalRepository.lidMapping.getLIDForPN.bind(signalRepository.lidMapping);
     /** this mutex ensures that each retryRequest will wait for the previous one to finish */
     const retryMutex = makeMutex();
-    const msgRetryCache = config.msgRetryCounterCache ||
-        new NodeCache({
+    const internalMsgRetryCache = config.msgRetryCounterCache
+        ? undefined
+        : new NodeCache({
             stdTTL: DEFAULT_CACHE_TTLS.MSG_RETRY, // 1 hour
-            useClones: false,
-            maxKeys: 5000
+            useClones: false
         });
-    const callOfferCache = config.callOfferCache ||
-        new NodeCache({
+    const msgRetryCache = config.msgRetryCounterCache || internalMsgRetryCache;
+    const internalCallOfferCache = config.callOfferCache
+        ? undefined
+        : new NodeCache({
             stdTTL: DEFAULT_CACHE_TTLS.CALL_OFFER, // 5 mins
-            useClones: false,
-            maxKeys: 1000
+            useClones: false
         });
-    const placeholderResendCache = config.placeholderResendCache ||
-        new NodeCache({
+    const callOfferCache = config.callOfferCache || internalCallOfferCache;
+    const internalPlaceholderResendCache = config.placeholderResendCache
+        ? undefined
+        : new NodeCache({
             stdTTL: DEFAULT_CACHE_TTLS.MSG_RETRY, // 1 hour
-            useClones: false,
-            maxKeys: 5000
+            useClones: false
         });
+    const placeholderResendCache = config.placeholderResendCache || internalPlaceholderResendCache;
     // Debounce identity-change session refreshes per JID to avoid bursts
-    const identityAssertDebounce = new NodeCache({ stdTTL: 5, useClones: false, maxKeys: 500 });
+    const identityAssertDebounce = new NodeCache({ stdTTL: 5, useClones: false });
+    let cleanedUp = false;
+    const cleanupInternalCaches = async () => {
+        if (cleanedUp) {
+            return;
+        }
+        cleanedUp = true;
+        const closers = [Promise.resolve(identityAssertDebounce.close())];
+        if (internalMsgRetryCache) {
+            closers.push(Promise.resolve(internalMsgRetryCache.close()));
+        }
+        if (internalCallOfferCache) {
+            closers.push(Promise.resolve(internalCallOfferCache.close()));
+        }
+        if (internalPlaceholderResendCache) {
+            closers.push(Promise.resolve(internalPlaceholderResendCache.close()));
+        }
+        await Promise.allSettled(closers);
+    };
+    bindCleanupOnConnectionClose(ev, cleanupInternalCaches);
     let sendActiveReceipts = false;
     const fetchMessageHistory = async (count, oldestMsgKey, oldestMsgTimestamp) => {
         if (!authState.creds.me?.id) {
@@ -66,12 +90,7 @@ export const makeMessagesRecvSocket = (config) => {
         else {
             // Store original message data so PDO response handler can preserve
             // metadata (LID details, timestamps, etc.) that the phone may omit
-            try {
-                await placeholderResendCache.set(messageKey?.id, msgData || true);
-            }
-            catch {
-                /* maxKeys exceeded */
-            }
+            await placeholderResendCache.set(messageKey?.id, msgData || true);
         }
         await delay(2000);
         if (!(await placeholderResendCache.get(messageKey?.id))) {
@@ -97,20 +116,34 @@ export const makeMessagesRecvSocket = (config) => {
     // Handles mex newsletter notifications
     const handleMexNewsletterNotification = async (node) => {
         const mexNode = getBinaryNodeChild(node, 'mex');
-        if (!mexNode?.content) {
+        const updateNode = mexNode?.content ? null : getBinaryNodeChild(node, 'update') || getAllBinaryNodeChildren(node)[0];
+        const payloadNode = mexNode?.content ? mexNode : updateNode;
+        if (!payloadNode?.content) {
             logger.warn({ node }, 'Invalid mex newsletter notification');
             return;
         }
         let data;
         try {
-            data = JSON.parse(mexNode.content.toString());
+            const payloadContent = payloadNode.content;
+            if (Array.isArray(payloadContent)) {
+                logger.warn({ payloadNode }, 'Invalid mex newsletter notification payload format');
+                return;
+            }
+            const contentBuf = typeof payloadContent === 'string' ? Buffer.from(payloadContent, 'binary') : Buffer.from(payloadContent);
+            data = JSON.parse(contentBuf.toString());
         }
         catch (error) {
             logger.error({ err: error, node }, 'Failed to parse mex newsletter notification');
             return;
         }
-        const operation = data?.operation;
-        const updates = data?.updates;
+        const operation = data?.operation ?? payloadNode?.attrs?.op_name;
+        let updates = data?.updates;
+        if (!updates) {
+            const linkedProfiles = data?.data?.xwa2_notify_linked_profiles;
+            if (linkedProfiles) {
+                updates = [linkedProfiles];
+            }
+        }
         if (!updates || !operation) {
             logger.warn({ data }, 'Invalid mex newsletter notification content');
             return;
@@ -140,6 +173,22 @@ export const makeMessagesRecvSocket = (config) => {
                     }
                 }
                 break;
+            case 'NotificationLinkedProfilesUpdates':
+                for (const update of updates) {
+                    const lid = update?.jid;
+                    const addedProfiles = Array.isArray(update?.added_profiles) ? update.added_profiles : [];
+                    const mappings = [];
+                    for (const profile of addedProfiles) {
+                        const pn = typeof profile === 'string' ? profile : (profile?.pn ?? profile?.jid ?? null);
+                        if (lid && pn) {
+                            const mapping = { lid, pn };
+                            ev.emit('lid-mapping.update', mapping);
+                            mappings.push(mapping);
+                        }
+                    }
+                    await signalRepository.lidMapping.storeLIDPNMappings(mappings);
+                }
+                break;
             default:
                 logger.info({ operation, data }, 'Unhandled mex newsletter notification');
                 break;
@@ -268,12 +317,7 @@ export const makeMessagesRecvSocket = (config) => {
             const retryCount = messageRetryManager.incrementRetryCount(msgId);
             // Use the new retry count for the rest of the logic
             const key = `${msgId}:${msgKey?.participant}`;
-            try {
-                await msgRetryCache.set(key, retryCount);
-            }
-            catch {
-                /* maxKeys exceeded */
-            }
+            await msgRetryCache.set(key, retryCount);
         }
         else {
             // Fallback to old system
@@ -285,12 +329,7 @@ export const makeMessagesRecvSocket = (config) => {
                 return;
             }
             retryCount += 1;
-            try {
-                await msgRetryCache.set(key, retryCount);
-            }
-            catch {
-                /* maxKeys exceeded */
-            }
+            await msgRetryCache.set(key, retryCount);
         }
         const key = `${msgId}:${msgKey?.participant}`;
         const retryCount = (await msgRetryCache.get(key)) || 1;
@@ -394,6 +433,35 @@ export const makeMessagesRecvSocket = (config) => {
             logger.info({ msgAttrs: node.attrs, retryCount }, 'sent retry receipt');
         }, authState?.creds?.me?.id || 'sendRetryRequest');
     };
+    /**
+     * Fire-and-forget tctoken re-issuance after a peer's device identity changed.
+     * Mirrors WAWebSendTcTokenWhenDeviceIdentityChange — runs in parallel with
+     * the session refresh (not after it).
+     */
+    const reissueTcTokenAfterIdentityChange = (from) => {
+        void (async () => {
+            const normalizedJid = jidNormalizedUser(from);
+            const tcJid = await resolveTcTokenJid(normalizedJid, getLIDForPN);
+            const tcTokenData = await authState.keys.get('tctoken', [tcJid]);
+            const senderTs = tcTokenData?.[tcJid]?.senderTimestamp;
+            if (senderTs === null || senderTs === undefined || isTcTokenExpired(senderTs)) {
+                return;
+            }
+            logger.debug({ jid: normalizedJid, senderTimestamp: senderTs }, 'identity changed, re-issuing tctoken');
+            const getPNForLID = signalRepository.lidMapping.getPNForLID.bind(signalRepository.lidMapping);
+            const issueJid = await resolveIssuanceJid(normalizedJid, sock.serverProps.lidTrustedTokenIssueToLid, getLIDForPN, getPNForLID);
+            const result = await issuePrivacyTokens([issueJid], senderTs);
+            await storeTcTokensFromIqResult({
+                result,
+                fallbackJid: tcJid,
+                keys: authState.keys,
+                getLIDForPN,
+                onNewJidStored: trackTcTokenJid
+            });
+        })().catch(err => {
+            logger.debug({ jid: from, err: err?.message }, 'failed to re-issue tctoken after identity change');
+        });
+    };
     const handleEncryptNotification = async (node) => {
         const from = node.attrs.from;
         if (from === S_WHATSAPP_NET) {
@@ -412,7 +480,8 @@ export const makeMessagesRecvSocket = (config) => {
                 validateSession: signalRepository.validateSession,
                 assertSessions,
                 debounceCache: identityAssertDebounce,
-                logger
+                logger,
+                onBeforeSessionRefresh: reissueTcTokenAfterIdentityChange
             });
             if (result.action === 'no_identity_node') {
                 logger.info({ node }, 'unknown encrypt notification');
@@ -423,6 +492,7 @@ export const makeMessagesRecvSocket = (config) => {
         // TODO: Support PN/LID (Here is only LID now)
         const actingParticipantLid = fullNode.attrs.participant;
         const actingParticipantPn = fullNode.attrs.participant_pn;
+        const actingParticipantUsername = fullNode.attrs.participant_username;
         const affectedParticipantLid = getBinaryNodeChild(child, 'participant')?.attrs?.jid || actingParticipantLid;
         const affectedParticipantPn = getBinaryNodeChild(child, 'participant')?.attrs?.phone_number || actingParticipantPn;
         switch (child?.tag) {
@@ -442,7 +512,8 @@ export const makeMessagesRecvSocket = (config) => {
                     {
                         ...metadata,
                         author: actingParticipantLid,
-                        authorPn: actingParticipantPn
+                        authorPn: actingParticipantPn,
+                        authorUsername: actingParticipantUsername
                     }
                 ]);
                 break;
@@ -473,6 +544,7 @@ export const makeMessagesRecvSocket = (config) => {
                         id: attrs.jid,
                         phoneNumber: isLidUser(attrs.jid) && isPnUser(attrs.phone_number) ? attrs.phone_number : undefined,
                         lid: isPnUser(attrs.jid) && isLidUser(attrs.lid) ? attrs.lid : undefined,
+                        username: attrs.participant_username || attrs.username || undefined,
                         admin: (attrs.type || null)
                     };
                 });
@@ -698,27 +770,70 @@ export const makeMessagesRecvSocket = (config) => {
             return result;
         }
     };
+    /**
+     * In-memory cache of storage JIDs with stored tctokens, seeded from the persisted index.
+     * Used to coalesce writes during a session; pruning always re-reads the persisted index
+     * to cover writes made by other layers (e.g. history sync).
+     */
+    const tcTokenKnownJids = new Set();
+    const tcTokenIndexLoaded = (async () => {
+        try {
+            const jids = await readTcTokenIndex(authState.keys);
+            for (const jid of jids)
+                tcTokenKnownJids.add(jid);
+            logger.debug({ count: tcTokenKnownJids.size }, 'loaded tctoken index');
+        }
+        catch (err) {
+            logger.warn({ err: err?.message }, 'failed to load tctoken index');
+        }
+    })();
+    let tcTokenIndexTimer;
+    async function flushTcTokenIndex() {
+        if (tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+            tcTokenIndexTimer = undefined;
+        }
+        // Merge with whatever is already persisted so we don't clobber writes from other
+        // paths (history sync, concurrent sessions on the same store).
+        const write = await buildMergedTcTokenIndexWrite(authState.keys, tcTokenKnownJids);
+        return authState.keys.set({ tctoken: write });
+    }
+    function scheduleTcTokenIndexSave() {
+        if (tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+        }
+        tcTokenIndexTimer = setTimeout(() => {
+            tcTokenIndexTimer = undefined;
+            flushTcTokenIndex().catch(err => {
+                logger.warn({ err: err?.message }, 'failed to save tctoken index');
+            });
+        }, 5000);
+    }
+    function trackTcTokenJid(jid) {
+        if (jid && jid !== TC_TOKEN_INDEX_KEY && !tcTokenKnownJids.has(jid)) {
+            tcTokenKnownJids.add(jid);
+            scheduleTcTokenIndexSave();
+        }
+    }
     const handlePrivacyTokenNotification = async (node) => {
         const tokensNode = getBinaryNodeChild(node, 'tokens');
-        const from = jidNormalizedUser(node.attrs.from);
         if (!tokensNode)
             return;
-        const tokenNodes = getBinaryNodeChildren(tokensNode, 'token');
-        for (const tokenNode of tokenNodes) {
-            const { attrs, content } = tokenNode;
-            const type = attrs.type;
-            const timestamp = attrs.t;
-            if (type === 'trusted_contact' && content instanceof Buffer) {
-                logger.debug({
-                    from,
-                    timestamp,
-                    tcToken: content
-                }, 'received trusted contact token');
-                await authState.keys.set({
-                    tctoken: { [from]: { token: content, timestamp } }
-                });
-            }
-        }
+        const from = jidNormalizedUser(node.attrs.from);
+        // WA Web uses: senderLid ?? toLid(from) for the storage key
+        // The sender_lid attribute provides the LID directly when available
+        const senderLid = node.attrs.sender_lid && isLidUser(jidNormalizedUser(node.attrs.sender_lid))
+            ? jidNormalizedUser(node.attrs.sender_lid)
+            : undefined;
+        const fallbackJid = senderLid ?? (await resolveTcTokenJid(from, getLIDForPN));
+        logger.debug({ from, storageJid: fallbackJid }, 'processing privacy token notification');
+        await storeTcTokensFromIqResult({
+            result: node,
+            fallbackJid,
+            keys: authState.keys,
+            getLIDForPN,
+            onNewJidStored: trackTcTokenJid
+        });
     };
     async function decipherLinkPublicKey(data) {
         const buffer = toRequiredBuffer(data);
@@ -742,12 +857,7 @@ export const makeMessagesRecvSocket = (config) => {
     const updateSendMessageAgainCount = async (id, participant) => {
         const key = `${id}:${participant}`;
         const newValue = ((await msgRetryCache.get(key)) || 0) + 1;
-        try {
-            await msgRetryCache.set(key, newValue);
-        }
-        catch {
-            /* maxKeys exceeded */
-        }
+        await msgRetryCache.set(key, newValue);
     };
     const sendMessagesAgain = async (key, ids, retryNode) => {
         const remoteJid = key.remoteJid;
@@ -842,11 +952,6 @@ export const makeMessagesRecvSocket = (config) => {
             fromMe,
             participant: attrs.participant
         };
-        if (shouldIgnoreJid(remoteJid) && remoteJid !== S_WHATSAPP_NET) {
-            logger.debug({ remoteJid }, 'ignoring receipt from jid');
-            await sendMessageAck(node);
-            return;
-        }
         const ids = [attrs.id];
         if (Array.isArray(content)) {
             const items = getBinaryNodeChildren(content[0], 'item');
@@ -911,11 +1016,6 @@ export const makeMessagesRecvSocket = (config) => {
     };
     const handleNotification = async (node) => {
         const remoteJid = node.attrs.from;
-        if (shouldIgnoreJid(remoteJid) && remoteJid !== S_WHATSAPP_NET) {
-            logger.debug({ remoteJid, id: node.attrs.id }, 'ignored notification');
-            await sendMessageAck(node);
-            return;
-        }
         try {
             await Promise.all([
                 notificationMutex.mutex(async () => {
@@ -928,6 +1028,7 @@ export const makeMessagesRecvSocket = (config) => {
                             fromMe,
                             participant: node.attrs.participant,
                             participantAlt,
+                            participantUsername: node.attrs.participant_username,
                             addressingMode,
                             id: node.attrs.id,
                             ...(msg.key || {})
@@ -945,11 +1046,6 @@ export const makeMessagesRecvSocket = (config) => {
         }
     };
     const handleMessage = async (node) => {
-        if (shouldIgnoreJid(node.attrs.from) && node.attrs.from !== S_WHATSAPP_NET) {
-            logger.debug({ key: node.attrs.key }, 'ignored message');
-            await sendMessageAck(node, NACK_REASONS.UnhandledError);
-            return;
-        }
         const encNode = getBinaryNodeChild(node, 'enc');
         // TODO: temporary fix for crashes and issues resulting of failed msmsg decryption
         if (encNode?.attrs.type === 'msmsg') {
@@ -1167,16 +1263,18 @@ export const makeMessagesRecvSocket = (config) => {
                 offline: !!attrs.offline,
                 status
             };
+            if (status === 'relaylatency') {
+                const latencyValue = infoChild.attrs.latency || infoChild.attrs['latency_ms'] || infoChild.attrs['latency-ms'];
+                const latencyMs = latencyValue ? Number(latencyValue) : undefined;
+                if (Number.isFinite(latencyMs)) {
+                    call.latencyMs = latencyMs;
+                }
+            }
             if (status === 'offer') {
                 call.isVideo = !!getBinaryNodeChild(infoChild, 'video');
                 call.isGroup = infoChild.attrs.type === 'group' || !!infoChild.attrs['group-jid'];
                 call.groupJid = infoChild.attrs['group-jid'];
-                try {
-                    await callOfferCache.set(call.id, call);
-                }
-                catch {
-                    /* maxKeys exceeded */
-                }
+                await callOfferCache.set(call.id, call);
             }
             const existingCall = await callOfferCache.get(call.id);
             // use existing call info to populate this event
@@ -1216,7 +1314,19 @@ export const makeMessagesRecvSocket = (config) => {
         // error in acknowledgement,
         // device could not display the message
         if (attrs.error) {
-            logger.warn({ attrs }, 'received error in ack');
+            if (attrs.error === SERVER_ERROR_CODES.MissingTcToken) {
+                // 463 = account restricted + no tctoken for this contact.
+                // WA Web prevents this client-side (disables compose bar).
+                // No retry — retrying worsens the restriction by counting
+                // as another "reach out" to an unknown contact.
+                logger.warn({ msgId: attrs.id, from: attrs.from }, 'error 463: account restricted or missing tctoken for contact');
+            }
+            else if (attrs.error === SERVER_ERROR_CODES.SmaxInvalid) {
+                logger.warn({ msgId: attrs.id, from: attrs.from }, 'smax-invalid (479): stanza rejected by server — likely stale device session or malformed addressing');
+            }
+            else {
+                logger.warn({ attrs }, 'received error in ack');
+            }
             ev.emit('messages.update', [
                 {
                     key,
@@ -1226,19 +1336,6 @@ export const makeMessagesRecvSocket = (config) => {
                     }
                 }
             ]);
-            // resend the message with device_fanout=false, use at your own risk
-            // if (attrs.error === '475') {
-            // 	const msg = await getMessage(key)
-            // 	if (msg) {
-            // 		await relayMessage(key.remoteJid!, msg, {
-            // 			messageId: key.id!,
-            // 			useUserDevicesCache: false,
-            // 			additionalAttributes: {
-            // 				device_fanout: 'false'
-            // 			}
-            // 		})
-            // 	}
-            // }
         }
     };
     /// processes a node with the given function
@@ -1262,6 +1359,19 @@ export const makeMessagesRecvSocket = (config) => {
         yieldToEventLoop: () => new Promise(resolve => setImmediate(resolve))
     });
     const processNode = async (type, node, identifier, exec) => {
+        // Fast path: ack and drop ignored JIDs before entering the buffer/queue
+        const from = node.attrs.from;
+        let ignoreJid = from;
+        if (type === 'receipt' && from) {
+            const attrs = node.attrs;
+            const isLid = attrs.from.includes('lid');
+            const isNodeFromMe = areJidsSameUser(attrs.participant || attrs.from, isLid ? authState.creds.me?.lid : authState.creds.me?.id);
+            ignoreJid = !isNodeFromMe || isJidGroup(attrs.from) ? attrs.from : attrs.recipient;
+        }
+        if (ignoreJid && ignoreJid !== S_WHATSAPP_NET && shouldIgnoreJid(ignoreJid)) {
+            await sendMessageAck(node, type === 'message' ? NACK_REASONS.UnhandledError : undefined);
+            return;
+        }
         const isOffline = !!node.attrs.offline;
         if (isOffline) {
             offlineNodeProcessor.enqueue(type, node);
@@ -1317,21 +1427,104 @@ export const makeMessagesRecvSocket = (config) => {
             await upsertMessage(protoMsg, call.offline ? 'append' : 'notify');
         }
     });
+    /** timestamp of last tctoken prune run — throttles to once per 24h */
+    let lastTcTokenPruneTs = 0;
     ev.on('connection.update', ({ isOnline, connection }) => {
         if (typeof isOnline !== 'undefined') {
             sendActiveReceipts = isOnline;
             logger.trace(`sendActiveReceipts set to "${sendActiveReceipts}"`);
         }
-        // Clean up local caches when connection closes
-        if (connection === 'close') {
-            msgRetryCache.flushAll();
-            callOfferCache.flushAll();
-            placeholderResendCache.flushAll();
-            identityAssertDebounce.flushAll();
+        // Flush pending tctoken index save on disconnect to avoid writing after close
+        if (connection === 'close' && tcTokenIndexTimer) {
+            clearTimeout(tcTokenIndexTimer);
+            tcTokenIndexTimer = undefined;
+            // Best-effort flush — may fail if store is already closed
+            try {
+                void Promise.resolve(flushTcTokenIndex()).catch(() => { });
+            }
+            catch {
+                /* ignore sync errors */
+            }
+        }
+        // Prune expired tctokens when coming online, at most once per 24 hours
+        // Matches WA Web's CLEAN_TC_TOKENS task
+        // Note: don't gate on tcTokenKnownJids.size — the index may still be loading
+        if (isOnline) {
+            const now = Date.now();
+            const DAY_MS = 24 * 60 * 60 * 1000;
+            if (now - lastTcTokenPruneTs >= DAY_MS) {
+                lastTcTokenPruneTs = now;
+                void pruneExpiredTcTokens();
+            }
         }
     });
+    async function pruneExpiredTcTokens() {
+        try {
+            await tcTokenIndexLoaded;
+            // Union with the persisted index picks up JIDs added by other layers
+            // (history sync) without needing inter-module wiring.
+            const persisted = await readTcTokenIndex(authState.keys);
+            const allJids = new Set(tcTokenKnownJids);
+            for (const jid of persisted)
+                allJids.add(jid);
+            if (!allJids.size)
+                return;
+            const jids = [...allJids];
+            const allTokens = await authState.keys.get('tctoken', jids);
+            const writes = {};
+            const survivors = new Set();
+            let mutated = 0;
+            for (const jid of jids) {
+                const entry = allTokens[jid];
+                if (!entry) {
+                    // Tracked but nothing in store — drop from index.
+                    mutated++;
+                    continue;
+                }
+                const hasPeerToken = !!entry.token?.length;
+                const peerTokenExpired = hasPeerToken && isTcTokenExpired(entry.timestamp);
+                const hasSenderTs = entry.senderTimestamp !== undefined;
+                const senderTsExpired = hasSenderTs && isTcTokenExpired(entry.senderTimestamp);
+                const keepPeerToken = hasPeerToken && !peerTokenExpired;
+                const keepSenderTs = hasSenderTs && !senderTsExpired;
+                if (!keepPeerToken && !keepSenderTs) {
+                    writes[jid] = null;
+                    mutated++;
+                }
+                else if (peerTokenExpired && keepSenderTs) {
+                    writes[jid] = { token: Buffer.alloc(0), senderTimestamp: entry.senderTimestamp };
+                    survivors.add(jid);
+                    mutated++;
+                }
+                else {
+                    survivors.add(jid);
+                }
+            }
+            if (mutated === 0)
+                return;
+            await authState.keys.set({
+                tctoken: {
+                    ...writes,
+                    [TC_TOKEN_INDEX_KEY]: {
+                        token: Buffer.from(JSON.stringify([...survivors]))
+                    }
+                }
+            });
+            tcTokenKnownJids.clear();
+            for (const jid of survivors)
+                tcTokenKnownJids.add(jid);
+            logger.debug({ mutated, remaining: survivors.size }, 'pruned expired tctokens');
+        }
+        catch (err) {
+            logger.warn({ err: err?.message }, 'failed to prune expired tctokens');
+        }
+    }
     return {
         ...sock,
+        end: async (error) => {
+            await cleanupInternalCaches();
+            await sock.end(error);
+        },
         sendMessageAck,
         sendRetryRequest,
         rejectCall,