@vex-chat/libvex 6.1.9 → 6.2.1

package/dist/transport/websocket.d.ts

@@ -25,7 +25,38 @@ export declare class WebSocketAdapter implements WebSocketLike {
     on(event: "close" | "open", listener: () => void): void;
     on(event: "error", listener: (error: Error) => void): void;
     on(event: "message", listener: (data: Uint8Array) => void): void;
+    /**
+     * Forward `data` to the underlying socket if and only if it's
+     * OPEN. Throws `WebSocketNotOpenError` (a typed, named error)
+     * otherwise, so callers can distinguish a teardown race from a
+     * protocol error and either retry on the next socket or drop
+     * the frame.
+     *
+     * Without this guard a transient teardown surfaces as
+     * `DOMException("INVALID_STATE_ERR")` from the platform WebSocket
+     * — opaque, hard to catch by name, and surfaced by React Native
+     * as an unhandled promise rejection (red box / "frozen UI") any
+     * time a `void this.send(...)` callsite (ping / pong / queued
+     * notify reply) is in flight when the close event lands.
+     */
     send(data: Uint8Array): void;
     terminate(): void;
 }
+/**
+ * Thrown when `send()` is called on a socket that's not in the OPEN
+ * state. Surfaced as a named, recognisable type so callers can
+ * distinguish "transient teardown race" from a real protocol error
+ * and either drop the frame (pings) or wait for reconnect (real
+ * payloads).
+ *
+ * Replaces the bare `DOMException("INVALID_STATE_ERR")` that the
+ * underlying WebSocket throws — that one is opaque, gets reported
+ * by RN's dev console as a red unhandled rejection, and freezes the
+ * passkey/foreground/network-swap recovery flow because every code
+ * path that voids the resulting promise leaks the rejection.
+ */
+export declare class WebSocketNotOpenError extends Error {
+    readonly readyState: number;
+    constructor(readyState: number);
+}
 //# sourceMappingURL=websocket.d.ts.map

package/dist/transport/websocket.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/transport/websocket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;GAKG;AACH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,qBAAa,gBAAiB,YAAW,aAAa;IAClD,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,GAAG,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAQ;IACtD,IAAI,UAAU,kBAEb;IACD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAG3B;IACJ,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAwC;IAC3E,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAG7B;IAEJ,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAY;gBAEnB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM;IAM1C,KAAK;IAIL,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI;IACxD,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI;IAC3D,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,GAAG,IAAI;IA0BjE,EAAE,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI;IACvD,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI;IAC1D,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,GAAG,IAAI;IAiChE,IAAI,CAAC,IAAI,EAAE,UAAU;IAIrB,SAAS;CAGZ"}
+{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/transport/websocket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;GAKG;AACH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,qBAAa,gBAAiB,YAAW,aAAa;IAClD,OAAO,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,GAAG,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAQ;IACtD,IAAI,UAAU,kBAEb;IACD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAG3B;IACJ,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAwC;IAC3E,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAG7B;IAEJ,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAY;gBAEnB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM;IAM1C,KAAK;IAIL,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI;IACxD,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI;IAC3D,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,GAAG,IAAI;IA0BjE,EAAE,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI;IACvD,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI;IAC1D,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,GAAG,IAAI;IAiChE;;;;;;;;;;;;;OAaG;IACH,IAAI,CAAC,IAAI,EAAE,UAAU;IAyBrB,SAAS;CAGZ;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;IAC5C,SAAgB,UAAU,EAAE,MAAM,CAAC;gBAEvB,UAAU,EAAE,MAAM;CAKjC"}

package/dist/transport/websocket.js

@@ -78,11 +78,66 @@ export class WebSocketAdapter {
             this.ws.addEventListener(event, wrapped);
         }
     }
+    /**
+     * Forward `data` to the underlying socket if and only if it's
+     * OPEN. Throws `WebSocketNotOpenError` (a typed, named error)
+     * otherwise, so callers can distinguish a teardown race from a
+     * protocol error and either retry on the next socket or drop
+     * the frame.
+     *
+     * Without this guard a transient teardown surfaces as
+     * `DOMException("INVALID_STATE_ERR")` from the platform WebSocket
+     * — opaque, hard to catch by name, and surfaced by React Native
+     * as an unhandled promise rejection (red box / "frozen UI") any
+     * time a `void this.send(...)` callsite (ping / pong / queued
+     * notify reply) is in flight when the close event lands.
+     */
     send(data) {
-        this.ws.send(new Uint8Array(data));
+        if (this.ws.readyState !== 1) {
+            throw new WebSocketNotOpenError(this.ws.readyState);
+        }
+        try {
+            this.ws.send(new Uint8Array(data));
+        }
+        catch (err) {
+            // Handles the TOCTOU between the readyState check above
+            // and the actual `ws.send` call. React Native's bridge
+            // can dispatch a `websocketMessage` and a
+            // `websocketClosed` back-to-back in the same JS turn:
+            // our message listener observes readyState=1 because
+            // the close event hasn't been processed yet, but the
+            // underlying WebSocket has already transitioned native-
+            // side and `send` throws INVALID_STATE_ERR.
+            if (err instanceof Error &&
+                /invalid_state|INVALID_STATE_ERR/i.test(err.message)) {
+                throw new WebSocketNotOpenError(this.ws.readyState);
+            }
+            throw err;
+        }
     }
     terminate() {
         this.ws.close();
     }
 }
+/**
+ * Thrown when `send()` is called on a socket that's not in the OPEN
+ * state. Surfaced as a named, recognisable type so callers can
+ * distinguish "transient teardown race" from a real protocol error
+ * and either drop the frame (pings) or wait for reconnect (real
+ * payloads).
+ *
+ * Replaces the bare `DOMException("INVALID_STATE_ERR")` that the
+ * underlying WebSocket throws — that one is opaque, gets reported
+ * by RN's dev console as a red unhandled rejection, and freezes the
+ * passkey/foreground/network-swap recovery flow because every code
+ * path that voids the resulting promise leaks the rejection.
+ */
+export class WebSocketNotOpenError extends Error {
+    readyState;
+    constructor(readyState) {
+        super(`WebSocket is not open (readyState=${readyState.toString()})`);
+        this.name = "WebSocketNotOpenError";
+        this.readyState = readyState;
+    }
+}
 //# sourceMappingURL=websocket.js.map

package/dist/transport/websocket.js.map

@@ -1 +1 @@
-{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../src/transport/websocket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,MAAM,OAAO,gBAAgB;IACzB,OAAO,GAA0C,IAAI,CAAC;IACtD,IAAI,UAAU;QACV,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC;IAC9B,CAAC;IACgB,cAAc,GAAG,IAAI,GAAG,EAGtC,CAAC;IACa,kBAAkB,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC1D,gBAAgB,GAAG,IAAI,GAAG,EAGxC,CAAC;IAEa,EAAE,CAAY;IAE/B,YAAY,GAAW,EAAE,QAAiB;QACtC,IAAI,CAAC,EAAE,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,EAAE,CAAC,UAAU,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,EAAE,CAAC,OAAO,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK;QACD,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;IAKD,GAAG,CAAC,KAAa,EAAE,QAAe;QAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,aAAa,GAA+B,QAAQ,CAAC;YAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAChD,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,aAAa,GAA2B,QAAQ,CAAC;YACvD,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvD,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAC9C,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,aAAa,GAAe,QAAQ,CAAC;YAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;IACL,CAAC;IAKD,EAAE,CAAC,KAAa,EAAE,QAAe;QAC7B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,aAAa,GAA+B,QAAQ,CAAC;YAC3D,MAAM,OAAO,GAAkB,CAAC,EAAS,EAAE,EAAE;gBACzC,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;oBAAE,OAAO;gBAC5B,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;gBACpB,IAAI,IAAI,YAAY,WAAW,EAAE,CAAC;oBAC9B,aAAa,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;gBACxC,CAAC;YACL,CAAC,CAAC;YACF,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,aAAa,GAA2B,QAAQ,CAAC;YACvD,MAAM,OAAO,GAAkB,CAAC,EAAS,EAAE,EAAE;gBACzC,aAAa,CACT,EAAE,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAC1D,CAAC;YACN,CAAC,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACJ,mBAAmB;YACnB,MAAM,aAAa,GAAe,QAAQ,CAAC;YAC3C,MAAM,OAAO,GAAkB,GAAG,EAAE;gBAChC,aAAa,EAAE,CAAC;YACpB,CAAC,CAAC;YACF,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YACpD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAED,IAAI,CAAC,IAAgB;QACjB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,SAAS;QACL,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;CACJ"}
+{"version":3,"file":"websocket.js","sourceRoot":"","sources":["../../src/transport/websocket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,MAAM,OAAO,gBAAgB;IACzB,OAAO,GAA0C,IAAI,CAAC;IACtD,IAAI,UAAU;QACV,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC;IAC9B,CAAC;IACgB,cAAc,GAAG,IAAI,GAAG,EAGtC,CAAC;IACa,kBAAkB,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC1D,gBAAgB,GAAG,IAAI,GAAG,EAGxC,CAAC;IAEa,EAAE,CAAY;IAE/B,YAAY,GAAW,EAAE,QAAiB;QACtC,IAAI,CAAC,EAAE,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,EAAE,CAAC,UAAU,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,EAAE,CAAC,OAAO,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,KAAK;QACD,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;IAKD,GAAG,CAAC,KAAa,EAAE,QAAe;QAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,aAAa,GAA+B,QAAQ,CAAC;YAC3D,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAChD,CAAC;QACL,CAAC;aAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,aAAa,GAA2B,QAAQ,CAAC;YACvD,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvD,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAC9C,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,MAAM,aAAa,GAAe,QAAQ,CAAC;YAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACV,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAC5C,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;IACL,CAAC;IAKD,EAAE,CAAC,KAAa,EAAE,QAAe;QAC7B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,MAAM,aAAa,GAA+B,QAAQ,CAAC;YAC3D,MAAM,OAAO,GAAkB,CAAC,EAAS,EAAE,EAAE;gBACzC,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;oBAAE,OAAO;gBAC5B,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;gBACpB,IAAI,IAAI,YAAY,WAAW,EAAE,CAAC;oBAC9B,aAAa,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;gBACxC,CAAC;YACL,CAAC,CAAC;YACF,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;aAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,aAAa,GAA2B,QAAQ,CAAC;YACvD,MAAM,OAAO,GAAkB,CAAC,EAAS,EAAE,EAAE;gBACzC,aAAa,CACT,EAAE,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAC1D,CAAC;YACN,CAAC,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACJ,mBAAmB;YACnB,MAAM,aAAa,GAAe,QAAQ,CAAC;YAC3C,MAAM,OAAO,GAAkB,GAAG,EAAE;gBAChC,aAAa,EAAE,CAAC;YACpB,CAAC,CAAC;YACF,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YACpD,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,IAAI,CAAC,IAAgB;QACjB,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC;YACD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QACvC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACpB,wDAAwD;YACxD,uDAAuD;YACvD,0CAA0C;YAC1C,sDAAsD;YACtD,qDAAqD;YACrD,qDAAqD;YACrD,wDAAwD;YACxD,4CAA4C;YAC5C,IACI,GAAG,YAAY,KAAK;gBACpB,kCAAkC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EACtD,CAAC;gBACC,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED,SAAS;QACL,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IACpB,CAAC;CACJ;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC5B,UAAU,CAAS;IAEnC,YAAY,UAAkB;QAC1B,KAAK,CAAC,qCAAqC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IACjC,CAAC;CACJ"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vex-chat/libvex",
-  "version": "6.1.9",
+  "version": "6.2.1",
   "description": "Library for communicating with xchat server.",
   "type": "module",
   "sideEffects": false,
@@ -93,8 +93,8 @@
     "msgpackr": "^1.11.9",
     "uuid": "^14.0.0",
     "zod": "^4.3.6",
-    "@vex-chat/types": "^3.1.0",
-    "@vex-chat/crypto": "^4.0.1"
+    "@vex-chat/crypto": "^5.0.0",
+    "@vex-chat/types": "^3.2.0"
   },
   "peerDependencies": {
     "better-sqlite3": ">=11.0.0"

package/src/Client.ts

@@ -26,6 +26,7 @@ import type {
     KeyBundle,
     MailWS,
     NotifyMsg,
+    Passkey,
     Permission,
     PreKeysSQL,
     PreKeysWS,
@@ -77,7 +78,10 @@ import { EventEmitter } from "eventemitter3";
 import * as uuid from "uuid";
 import { z } from "zod/v4";
 
-import { WebSocketAdapter } from "./transport/websocket.js";
+import {
+    WebSocketAdapter,
+    WebSocketNotOpenError,
+} from "./transport/websocket.js";
 import {
     decodeFipsInitialExtraV1,
     encodeFipsInitialExtraV1,
@@ -149,6 +153,13 @@ function debugLibvexDm(
     console.error(`[libvex:debug-dm] ${payload}`);
 }
 
+function ignoreSocketTeardown(err: unknown): void {
+    if (err instanceof WebSocketNotOpenError) return;
+    // Re-throw anything else as a real unhandled rejection so it
+    // shows up in dev tools and Sentry-style reporters.
+    throw err;
+}
+
 function isRecord(x: unknown): x is Record<string, unknown> {
     return typeof x === "object" && x !== null;
 }
@@ -258,6 +269,10 @@ import {
     InviteCodec,
     KeyBundleCodec,
     OtkCountCodec,
+    PasskeyArrayCodec,
+    PasskeyAuthFinishResponseCodec,
+    PasskeyCodec,
+    PasskeyOptionsCodec,
     PendingDeviceRequestArrayCodec,
     PendingDeviceRequestCodec,
     PermissionArrayCodec,
@@ -316,6 +331,14 @@ export interface Channels {
  */
 export type { Device } from "@vex-chat/types";
 
+/**
+ * Public passkey record returned by `client.passkeys.list()` and
+ * `client.passkeys.finishRegistration()`. Server-private fields
+ * (credential ID, public key, COSE algorithm, signature counter) are
+ * never exposed.
+ */
+export type { Passkey } from "@vex-chat/types";
+
 /**
  * ClientOptions are the options you can pass into the client.
  */
@@ -358,6 +381,8 @@ export interface Devices {
     delete: (deviceID: string) => Promise<void>;
     /** Fetches one pending registration request by ID for the current user. */
     getRequest: (requestID: string) => Promise<null | PendingDeviceRequest>;
+    /** Lists every device belonging to the current account. */
+    list: () => Promise<Device[]>;
     /** Lists pending/processed registration requests for the current user. */
     listRequests: () => Promise<PendingDeviceRequest[]>;
     /**
@@ -438,6 +463,16 @@ export interface FileProgress {
  */
 export type FileRes = FileResponse;
 
+/**
+ * @ignore
+ */
+export interface Files {
+    /** Uploads and encrypts a file. */
+    create: (file: Uint8Array) => Promise<[FileSQL, string]>;
+    /** Downloads and decrypts a file using a file ID and key. */
+    retrieve: (fileID: string, key: string) => Promise<FileResponse | null>;
+}
+
 /**
  * Channel is a chat channel on a server.
  *
@@ -458,16 +493,6 @@ export type { Channel } from "@vex-chat/types";
  */
 export type { Server } from "@vex-chat/types";
 
-/**
- * @ignore
- */
-export interface Files {
-    /** Uploads and encrypts a file. */
-    create: (file: Uint8Array) => Promise<[FileSQL, string]>;
-    /** Downloads and decrypts a file using a file ID and key. */
-    retrieve: (fileID: string, key: string) => Promise<FileResponse | null>;
-}
-
 /**
  * @ignore
  */
@@ -533,6 +558,65 @@ export interface Message {
     timestamp: string;
 }
 
+/**
+ * Begin/finish handshakes for a passkey (WebAuthn) ceremony plus the
+ * passkey-only admin/recovery surface. The host application (a
+ * browser, Tauri webview, etc.) is responsible for invoking
+ * `navigator.credentials.create()` / `.get()` itself (e.g. via
+ * `@simplewebauthn/browser`) using the `options` returned from
+ * `begin*`, and then handing the resulting `RegistrationResponseJSON`
+ * / `AuthenticationResponseJSON` to `finish*`.
+ *
+ * @public
+ */
+export interface Passkeys {
+    /** Approves a pending device-enrollment request using the passkey session. */
+    approveDeviceRequest: (requestID: string) => Promise<Device>;
+    /** Begin a public passkey authentication ceremony for `username`. */
+    beginAuthentication: (username: string) => Promise<{
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebAuthn options shape varies per simplewebauthn version
+        options: any;
+        requestID: string;
+    }>;
+    /** Begin adding a new passkey to the currently authenticated account. */
+    beginRegistration: (name: string) => Promise<{
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebAuthn options shape varies per simplewebauthn version
+        options: any;
+        requestID: string;
+    }>;
+    /** Remove a passkey from the account. */
+    delete: (passkeyID: string) => Promise<void>;
+    /** Delete one of the account's devices using the passkey session. */
+    deleteDevice: (deviceID: string) => Promise<void>;
+    /**
+     * Finish the public passkey authentication ceremony with the
+     * assertion produced by the host. On success the client is
+     * placed in passkey-only mode: the bearer is the passkey JWT,
+     * device-only flows (mail, etc.) will not work, and the
+     * `client.passkeys.*` admin methods become available.
+     */
+    finishAuthentication: (args: {
+        requestID: string;
+        response: Record<string, unknown>;
+    }) => Promise<{
+        passkeyID: string;
+        token: string;
+        user: User;
+    }>;
+    /** Finish adding a passkey to the currently authenticated account. */
+    finishRegistration: (args: {
+        name: string;
+        requestID: string;
+        response: Record<string, unknown>;
+    }) => Promise<Passkey>;
+    /** List the account's passkeys (public shape only — no key material). */
+    list: () => Promise<Passkey[]>;
+    /** List all of the account's devices using the passkey session. */
+    listDevices: () => Promise<Device[]>;
+    /** Reject a pending device-enrollment request using the passkey session. */
+    rejectDeviceRequest: (requestID: string) => Promise<void>;
+}
+
 export type PendingDeviceApprovalStatus =
     | "approved"
     | "expired"
@@ -896,6 +980,7 @@ export class Client {
         approveRequest: this.approveDeviceRequest.bind(this),
         delete: this.deleteDevice.bind(this),
         getRequest: this.getDeviceRegistrationRequest.bind(this),
+        list: this.listDevices.bind(this),
         listRequests: this.listDeviceRegistrationRequests.bind(this),
         pollPendingRegistration: this.pollPendingDeviceRegistration.bind(this),
         register: this.registerDevice.bind(this),
@@ -969,6 +1054,7 @@ export class Client {
          */
         user: this.getUser.bind(this),
     };
+
     /**
      * Message operations (direct and group).
      *
@@ -1009,7 +1095,6 @@ export class Client {
          */
         send: this.sendMessage.bind(this),
     };
-
     /**
      * Server moderation helper methods.
      */
@@ -1018,6 +1103,31 @@ export class Client {
         kick: this.kickUser.bind(this),
     };
 
+    /**
+     * Passkey ("recovery credential") methods.
+     *
+     * Passkeys are an account-bound second-class credential that can
+     * authenticate the owning user, list devices, delete devices, and
+     * approve/reject pending device-enrollment requests — i.e.
+     * provisioning + recovery. They cannot send/decrypt mail.
+     *
+     * The host app drives the WebAuthn ceremony (e.g. via
+     * `@simplewebauthn/browser`) and hands the JSON response to
+     * `finish*`.
+     */
+    public passkeys: Passkeys = {
+        approveDeviceRequest: this.passkeyApproveDeviceRequest.bind(this),
+        beginAuthentication: this.beginPasskeyAuthentication.bind(this),
+        beginRegistration: this.beginPasskeyRegistration.bind(this),
+        delete: this.deletePasskey.bind(this),
+        deleteDevice: this.passkeyDeleteDevice.bind(this),
+        finishAuthentication: this.finishPasskeyAuthentication.bind(this),
+        finishRegistration: this.finishPasskeyRegistration.bind(this),
+        list: this.listPasskeys.bind(this),
+        listDevices: this.passkeyListDevices.bind(this),
+        rejectDeviceRequest: this.passkeyRejectDeviceRequest.bind(this),
+    };
+
     /**
      * Permission-management methods for the current user.
      */
@@ -1981,6 +2091,33 @@ export class Client {
         return decodeAxios(DeviceCodec, response.data);
     }
 
+    private async beginPasskeyAuthentication(username: string): Promise<{
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebAuthn options shape varies per simplewebauthn version
+        options: any;
+        requestID: string;
+    }> {
+        const response = await this.http.post(
+            this.getHost() + "/auth/passkey/begin",
+            msgpack.encode({ username }),
+            { headers: { "Content-Type": "application/msgpack" } },
+        );
+        return decodeAxios(PasskeyOptionsCodec, response.data);
+    }
+
+    private async beginPasskeyRegistration(name: string): Promise<{
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebAuthn options shape varies per simplewebauthn version
+        options: any;
+        requestID: string;
+    }> {
+        const userID = this.getUser().userID;
+        const response = await this.http.post(
+            this.getHost() + "/user/" + userID + "/passkeys/register/begin",
+            msgpack.encode({ name }),
+            { headers: { "Content-Type": "application/msgpack" } },
+        );
+        return decodeAxios(PasskeyOptionsCodec, response.data);
+    }
+
     private censorPreKey(preKey: PreKeysSQL): PreKeysWS {
         if (!preKey.index) {
             throw new Error("Key index is required.");
@@ -2310,7 +2447,15 @@ export class Client {
                     }
                 };
                 this.socket.on("message", callback);
-                void this.send(msg, hmac);
+                // Forward send failures to the outer promise instead
+                // of leaking them as an unhandled rejection: the
+                // listener above can never resolve if the send didn't
+                // make it onto the wire, so without this the caller
+                // would hang for the full 30s send-loop timeout.
+                this.send(msg, hmac).catch((err: unknown) => {
+                    this.socket.off("message", callback);
+                    rej(err instanceof Error ? err : new Error(String(err)));
+                });
             });
         });
     }
@@ -2337,6 +2482,13 @@ export class Client {
         await this.database.deleteHistory(channelOrUserID);
     }
 
+    private async deletePasskey(passkeyID: string): Promise<void> {
+        const userID = this.getUser().userID;
+        await this.http.delete(
+            this.getHost() + "/user/" + userID + "/passkeys/" + passkeyID,
+        );
+    }
+
     private async deletePermission(permissionID: string): Promise<void> {
         await this.http.delete(this.getHost() + "/permission/" + permissionID);
     }
@@ -2374,7 +2526,6 @@ export class Client {
         );
         return decodeAxios(PermissionArrayCodec, res.data);
     }
-
     private async fetchUser(
         userIdentifier: string,
     ): Promise<[null | User, AxiosError | null]> {
@@ -2469,6 +2620,50 @@ export class Client {
         }
         throw new Error(`${base}${this.deviceListFailureDetail(lastErr)}`);
     }
+
+    /**
+     * Finish a passkey login and adopt the resulting JWT as the
+     * client's bearer token. After this call, `client.passkeys.*`
+     * admin methods are usable; messaging routes will continue to
+     * require a real device token.
+     */
+    private async finishPasskeyAuthentication(args: {
+        requestID: string;
+        response: Record<string, unknown>;
+    }): Promise<{
+        passkeyID: string;
+        token: string;
+        user: User;
+    }> {
+        const response = await this.http.post(
+            this.getHost() + "/auth/passkey/finish",
+            msgpack.encode(args),
+            { headers: { "Content-Type": "application/msgpack" } },
+        );
+        const decoded = decodeAxios(
+            PasskeyAuthFinishResponseCodec,
+            response.data,
+        );
+        this.setUser(decoded.user);
+        this.token = decoded.token;
+        this.http.defaults.headers.common.Authorization = `Bearer ${decoded.token}`;
+        return decoded;
+    }
+
+    private async finishPasskeyRegistration(args: {
+        name: string;
+        requestID: string;
+        response: Record<string, unknown>;
+    }): Promise<Passkey> {
+        const userID = this.getUser().userID;
+        const response = await this.http.post(
+            this.getHost() + "/user/" + userID + "/passkeys/register/finish",
+            msgpack.encode(args),
+            { headers: { "Content-Type": "application/msgpack" } },
+        );
+        return decodeAxios(PasskeyCodec, response.data);
+    }
+
     private async forward(message: Message) {
         if (this.isManualCloseInFlight()) {
             return;
@@ -2959,6 +3154,8 @@ export class Client {
         }
     }
 
+    // ── Passkeys ────────────────────────────────────────────────────────
+
     /**
      * Fresh read of the `manuallyClosing` flag for async loops — direct property checks
      * after `await` are flagged as always-false by control-flow analysis even though
@@ -3001,6 +3198,28 @@ export class Client {
         return decodeAxios(PendingDeviceRequestArrayCodec, response.data);
     }
 
+    /**
+     * Lists every device the current account owns.
+     *
+     * Uses the device-authenticated `/user/:id/devices` route. For
+     * the passkey-recovery equivalent see `client.passkeys.listDevices`.
+     */
+    private async listDevices(): Promise<Device[]> {
+        const userID = this.getUser().userID;
+        const res = await this.http.get(
+            this.getHost() + "/user/" + userID + "/devices",
+        );
+        return decodeAxios(DeviceArrayCodec, res.data);
+    }
+
+    private async listPasskeys(): Promise<Passkey[]> {
+        const userID = this.getUser().userID;
+        const response = await this.http.get(
+            this.getHost() + "/user/" + userID + "/passkeys",
+        );
+        return decodeAxios(PasskeyArrayCodec, response.data);
+    }
+
     private async markSessionVerified(sessionID: string) {
         return this.database.markSessionVerified(sessionID);
     }
@@ -3047,6 +3266,48 @@ export class Client {
         void this.database.saveMessage(message);
     };
 
+    private async passkeyApproveDeviceRequest(
+        requestID: string,
+    ): Promise<Device> {
+        const userID = this.getUser().userID;
+        const response = await this.http.post(
+            this.getHost() +
+                "/user/" +
+                userID +
+                "/passkey/devices/requests/" +
+                requestID +
+                "/approve",
+        );
+        return decodeAxios(DeviceCodec, response.data);
+    }
+
+    private async passkeyDeleteDevice(deviceID: string): Promise<void> {
+        const userID = this.getUser().userID;
+        await this.http.delete(
+            this.getHost() + "/user/" + userID + "/passkey/devices/" + deviceID,
+        );
+    }
+
+    private async passkeyListDevices(): Promise<Device[]> {
+        const userID = this.getUser().userID;
+        const response = await this.http.get(
+            this.getHost() + "/user/" + userID + "/passkey/devices",
+        );
+        return decodeAxios(DeviceArrayCodec, response.data);
+    }
+
+    private async passkeyRejectDeviceRequest(requestID: string): Promise<void> {
+        const userID = this.getUser().userID;
+        await this.http.post(
+            this.getHost() +
+                "/user/" +
+                userID +
+                "/passkey/devices/requests/" +
+                requestID +
+                "/reject",
+        );
+    }
+
     private ping() {
         if (!this.isAlive) {
             // Previous ping went unanswered — the WebSocket is half-open
@@ -3069,7 +3330,14 @@ export class Client {
             return;
         }
         this.setAlive(false);
-        void this.send({ transmissionID: uuid.v4(), type: "ping" });
+        // Swallow a teardown-race rejection: if the socket transitions
+        // to CLOSING between our readyState check and the platform
+        // `send`, the next ping interval will see `isAlive=false` and
+        // close cleanly above. Real failures still bubble up because
+        // we re-throw anything that isn't `WebSocketNotOpenError`.
+        this.send({ transmissionID: uuid.v4(), type: "ping" }).catch(
+            ignoreSocketTeardown,
+        );
     }
 
     /**
@@ -3107,7 +3375,15 @@ export class Client {
     }
 
     private pong(transmissionID: string) {
-        void this.send({ transmissionID, type: "pong" });
+        // Drop the pong if the socket is already tearing down — the
+        // server will simply mark us absent and our own ping watchdog
+        // will trigger a reconnect on the next interval. The
+        // alternative (an unhandled rejection from `void this.send`)
+        // shows up as a red INVALID_STATE_ERR every time native
+        // delivers a `message` and a `close` in the same JS turn,
+        // which is the exact race that fires during the Android
+        // biometric prompt and any background → foreground swap.
+        this.send({ transmissionID, type: "pong" }).catch(ignoreSocketTeardown);
     }
 
     private async populateKeyRing() {
@@ -3753,7 +4029,13 @@ export class Client {
             transmissionID: msg.transmissionID,
             type: "response",
         };
-        void this.send(response);
+        // If the socket tore down between receiving the challenge
+        // and signing the response, dropping the response is safe:
+        // the server will time out the auth handshake and close,
+        // our reconnect loop will redo the challenge on the next
+        // socket. Logging it as an unhandled rejection only adds
+        // noise during foreground/background swaps.
+        this.send(response).catch(ignoreSocketTeardown);
     }
 
     private async retrieveEmojiByID(emojiID: string): Promise<Emoji | null> {
@@ -3905,6 +4187,17 @@ export class Client {
             backoff = Math.min(backoff * 2, 4_000);
         }
 
+        // The adapter re-checks `readyState` and converts the
+        // platform's opaque `DOMException("INVALID_STATE_ERR")` into a
+        // typed `WebSocketNotOpenError`. That handles the TOCTOU
+        // window between the loop above exiting on readyState=1 and
+        // the synchronous `send` below: React Native's bridge can
+        // dispatch a `websocketClosed` between the two, in which case
+        // the socket has transitioned native-side even though our JS
+        // close handler hasn't run yet. With the typed error,
+        // discarded callers (`pong`, `ping`) can `.catch(ignore)` the
+        // teardown without an unhandled rejection, and real callers
+        // can choose to retry on the next reconnect.
         this.socket.send(XUtils.packMessage(msg, header));
     }
 
@@ -4096,7 +4389,14 @@ export class Client {
                     }
                 };
                 this.socket.on("message", callback);
-                void this.send(msgb, hmac);
+                // See the matching block above (sendMail handshake):
+                // forward send failures to the outer promise so the
+                // caller doesn't hang waiting for a response we never
+                // sent.
+                this.send(msgb, hmac).catch((err: unknown) => {
+                    this.socket.off("message", callback);
+                    rej(err instanceof Error ? err : new Error(String(err)));
+                });
             });
         } finally {
             this.sending.delete(device.deviceID);
@@ -4227,7 +4527,10 @@ export class Client {
             transmissionID: uuid.v4(),
             type: "receipt",
         };
-        void this.send(receipt);
+        // Receipts are best-effort acknowledgements; a missed one
+        // just means the server resends the mail on the next sync.
+        // Don't surface a teardown race as an unhandled rejection.
+        this.send(receipt).catch(ignoreSocketTeardown);
     }
 
     private setAlive(status: boolean) {