npm - @voidly/agent-sdk - Versions diffs - 1.9.0 → 2.1.0 - Mend

@voidly/agent-sdk 1.9.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -2346,11 +2346,107 @@ async function sha256(data) {
   const { createHash } = await import("crypto");
   return createHash("sha256").update(data).digest("hex");
 }
+function padMessage(content) {
+  const contentLen = content.length;
+  const totalLen = Math.max(256, nextPowerOf2(contentLen + 2));
+  const padded = new Uint8Array(totalLen);
+  padded[0] = contentLen >> 8 & 255;
+  padded[1] = contentLen & 255;
+  padded.set(content, 2);
+  const randomPad = import_tweetnacl.default.randomBytes(totalLen - contentLen - 2);
+  padded.set(randomPad, contentLen + 2);
+  return padded;
+}
+function unpadMessage(padded) {
+  if (padded.length < 2) return padded;
+  const contentLen = padded[0] << 8 | padded[1];
+  if (contentLen + 2 > padded.length) return padded;
+  return padded.slice(2, 2 + contentLen);
+}
+function nextPowerOf2(n) {
+  let p = 1;
+  while (p < n) p <<= 1;
+  return p;
+}
+async function ratchetStep(chainKey) {
+  const encoder = new TextEncoder();
+  if (typeof globalThis.crypto?.subtle !== "undefined") {
+    const ckInput = new Uint8Array([...chainKey, 1]);
+    const mkInput = new Uint8Array([...chainKey, 2]);
+    const nextChainKey2 = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", ckInput));
+    const messageKey2 = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", mkInput));
+    return { nextChainKey: nextChainKey2, messageKey: messageKey2 };
+  }
+  const { createHash } = await import("crypto");
+  const nextChainKey = new Uint8Array(
+    createHash("sha256").update(Buffer.from([...chainKey, 1])).digest()
+  );
+  const messageKey = new Uint8Array(
+    createHash("sha256").update(Buffer.from([...chainKey, 2])).digest()
+  );
+  return { nextChainKey, messageKey };
+}
+function sealEnvelope(senderDid, plaintext) {
+  return JSON.stringify({
+    v: 2,
+    from: senderDid,
+    msg: plaintext,
+    ts: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+function unsealEnvelope(plaintext) {
+  try {
+    const parsed = JSON.parse(plaintext);
+    if (parsed.v === 2 && parsed.from && parsed.msg) {
+      return { from: parsed.from, msg: parsed.msg, ts: parsed.ts };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+var PROTO_MARKER = 86;
+var FLAG_PADDED = 1;
+var FLAG_SEALED = 2;
+var FLAG_RATCHET = 4;
+function makeProtoHeader(flags, ratchetStep2) {
+  return new Uint8Array([PROTO_MARKER, flags, ratchetStep2 >> 8 & 255, ratchetStep2 & 255]);
+}
+function parseProtoHeader(data) {
+  if (data.length < 4 || data[0] !== PROTO_MARKER) return null;
+  return {
+    flags: data[1],
+    ratchetStep: data[2] << 8 | data[3],
+    content: data.slice(4)
+  };
+}
+var MAX_SKIP = 200;
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase58(bytes) {
+  if (bytes.length === 0) return "1";
+  let result = "";
+  let num = BigInt("0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join(""));
+  while (num > 0n) {
+    const remainder = num % 58n;
+    num = num / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  for (const byte of bytes) {
+    if (byte === 0) result = "1" + result;
+    else break;
+  }
+  return result || "1";
+}
 var VoidlyAgent = class _VoidlyAgent {
   constructor(identity, config) {
     this._pinnedDids = /* @__PURE__ */ new Set();
     this._listeners = /* @__PURE__ */ new Set();
     this._conversations = /* @__PURE__ */ new Map();
+    this._offlineQueue = [];
+    this._ratchetStates = /* @__PURE__ */ new Map();
+    this._identityCache = /* @__PURE__ */ new Map();
+    this._seenMessageIds = /* @__PURE__ */ new Set();
+    this._decryptFailCount = 0;
     this.did = identity.did;
     this.apiKey = identity.apiKey;
     this.signingKeyPair = identity.signingKeyPair;
@@ -2358,6 +2454,11 @@ var VoidlyAgent = class _VoidlyAgent {
     this.baseUrl = config?.baseUrl || "https://api.voidly.ai";
     this.autoPin = config?.autoPin !== false;
     this.defaultRetries = config?.retries ?? 3;
+    this.fallbackRelays = config?.fallbackRelays || [];
+    this.paddingEnabled = config?.padding !== false;
+    this.sealedSender = config?.sealedSender || false;
+    this.requireSignatures = config?.requireSignatures || false;
+    this.timeout = config?.timeout ?? 3e4;
   }
   // ─── Factory Methods ────────────────────────────────────────────────────────
   /**
@@ -2396,8 +2497,29 @@ var VoidlyAgent = class _VoidlyAgent {
    * Use this to resume an agent across sessions.
    */
   static fromCredentials(creds, config) {
-    const signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
-    const encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    if (!creds.did || !creds.did.startsWith("did:")) {
+      throw new Error('Invalid credentials: did must start with "did:"');
+    }
+    if (!creds.apiKey || creds.apiKey.length < 8) {
+      throw new Error("Invalid credentials: apiKey is missing or too short");
+    }
+    if (!creds.signingSecretKey || !creds.encryptionSecretKey) {
+      throw new Error("Invalid credentials: secret keys are required");
+    }
+    let signingSecret;
+    let encryptionSecret;
+    try {
+      signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
+      encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    } catch {
+      throw new Error("Invalid credentials: secret keys must be valid base64");
+    }
+    if (signingSecret.length !== 64) {
+      throw new Error(`Invalid credentials: signing key must be 64 bytes, got ${signingSecret.length}`);
+    }
+    if (encryptionSecret.length !== 32) {
+      throw new Error(`Invalid credentials: encryption key must be 32 bytes, got ${encryptionSecret.length}`);
+    }
     return new _VoidlyAgent({
       did: creds.did,
       apiKey: creds.apiKey,
@@ -2422,18 +2544,43 @@ var VoidlyAgent = class _VoidlyAgent {
       encryptionPublicKey: (0, import_tweetnacl_util.encodeBase64)(this.encryptionKeyPair.publicKey)
     };
   }
+  /**
+   * Get the number of messages that failed to decrypt.
+   * Useful for detecting key mismatches, attacks, or corruption.
+   */
+  get decryptFailCount() {
+    return this._decryptFailCount;
+  }
+  /**
+   * Generate a did:key identifier from this agent's Ed25519 signing key.
+   * did:key is a W3C standard — interoperable across systems.
+   * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+   */
+  get didKey() {
+    const multicodec = new Uint8Array(2 + this.signingKeyPair.publicKey.length);
+    multicodec[0] = 237;
+    multicodec[1] = 1;
+    multicodec.set(this.signingKeyPair.publicKey, 2);
+    return `did:key:z${toBase58(multicodec)}`;
+  }
   // ─── Messaging ──────────────────────────────────────────────────────────────
   /**
-   * Send an E2E encrypted message with automatic retry and transparent TOFU.
+   * Send an E2E encrypted message with hardened security.
    * Encryption happens locally — the relay NEVER sees plaintext or private keys.
    *
-   * Features:
+   * Security features:
+   * - **Message padding** — ciphertext padded to power-of-2 boundary (traffic analysis resistance)
+   * - **Hash ratchet** — per-conversation forward secrecy (compromise key[n] can't derive key[n-1])
+   * - **Sealed sender** — optionally hide sender DID from relay metadata
    * - **Auto-retry** with exponential backoff on transient failures
-   * - **Transparent TOFU** — automatically pins recipient keys on first contact
-   * - **Key verification** — warns if pinned keys have changed (potential MitM)
+   * - **Multi-relay fallback** — try backup relays if primary is down
+   * - **Offline queue** — queue messages if all relays fail
+   * - **Transparent TOFU** — auto-pin recipient keys on first contact
    */
   async send(recipientDid, message, options = {}) {
     const maxRetries = options.retries ?? this.defaultRetries;
+    const usePadding = !options.noPadding && this.paddingEnabled;
+    const useSealed = options.sealedSender ?? this.sealedSender;
     const profile = await this.getIdentity(recipientDid);
     if (!profile) {
       throw new Error(`Recipient ${recipientDid} not found`);
@@ -2442,9 +2589,43 @@ var VoidlyAgent = class _VoidlyAgent {
       await this._autoPinKeys(recipientDid);
     }
     const recipientPubKey = (0, import_tweetnacl_util.decodeBase64)(profile.encryption_public_key);
-    const messageBytes = (0, import_tweetnacl_util.decodeUTF8)(message);
-    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.box.nonceLength);
-    const ciphertext = import_tweetnacl.default.box(messageBytes, nonce, recipientPubKey, this.encryptionKeyPair.secretKey);
+    let plaintext = message;
+    if (useSealed) {
+      plaintext = sealEnvelope(this.did, message);
+    }
+    let contentBytes;
+    if (usePadding) {
+      contentBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
+    } else {
+      contentBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
+    }
+    const pairId = `${this.did}:${recipientDid}`;
+    let state = this._ratchetStates.get(pairId);
+    if (!state) {
+      const sharedSecret = import_tweetnacl.default.box.before(recipientPubKey, this.encryptionKeyPair.secretKey);
+      state = {
+        sendChainKey: sharedSecret,
+        sendStep: 0,
+        recvChainKey: sharedSecret,
+        // Will be synced on first receive
+        recvStep: 0,
+        skippedKeys: /* @__PURE__ */ new Map()
+      };
+      this._ratchetStates.set(pairId, state);
+    }
+    const { nextChainKey, messageKey } = await ratchetStep(state.sendChainKey);
+    state.sendChainKey = nextChainKey;
+    state.sendStep++;
+    const currentStep = state.sendStep;
+    let flags = FLAG_RATCHET;
+    if (usePadding) flags |= FLAG_PADDED;
+    if (useSealed) flags |= FLAG_SEALED;
+    const header = makeProtoHeader(flags, currentStep);
+    const messageBytes = new Uint8Array(header.length + contentBytes.length);
+    messageBytes.set(header, 0);
+    messageBytes.set(contentBytes, header.length);
+    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const ciphertext = import_tweetnacl.default.secretbox(messageBytes, nonce, messageKey);
     if (!ciphertext) {
       throw new Error("Encryption failed");
     }
@@ -2453,7 +2634,8 @@ var VoidlyAgent = class _VoidlyAgent {
       to: recipientDid,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       nonce: (0, import_tweetnacl_util.encodeBase64)(nonce),
-      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext))
+      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext)),
+      ratchet_step: currentStep
     });
     const signature = import_tweetnacl.default.sign.detached((0, import_tweetnacl_util.decodeUTF8)(envelopeData), this.signingKeyPair.secretKey);
     const payload = {
@@ -2468,24 +2650,42 @@ var VoidlyAgent = class _VoidlyAgent {
       reply_to: options.replyTo,
       ttl: options.ttl
     };
-    const raw = await this._fetchWithRetry(
-      `${this.baseUrl}/v1/agent/send/encrypted`,
-      {
-        method: "POST",
-        headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
-        body: JSON.stringify(payload)
-      },
-      { maxRetries, baseDelay: 500, maxDelay: 1e4 }
-    );
-    return {
-      id: raw.id,
-      from: raw.from,
-      to: raw.to,
-      timestamp: raw.timestamp,
-      expiresAt: raw.expires_at || raw.expiresAt,
-      encrypted: raw.encrypted,
-      clientSide: raw.client_side || raw.clientSide
-    };
+    const relays = [this.baseUrl, ...this.fallbackRelays];
+    let lastError = null;
+    for (const relay of relays) {
+      try {
+        const raw = await this._fetchWithRetry(
+          `${relay}/v1/agent/send/encrypted`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
+            body: JSON.stringify(payload)
+          },
+          { maxRetries, baseDelay: 500, maxDelay: 1e4 }
+        );
+        return {
+          id: raw.id,
+          from: raw.from,
+          to: raw.to,
+          timestamp: raw.timestamp,
+          expiresAt: raw.expires_at || raw.expiresAt,
+          encrypted: raw.encrypted,
+          clientSide: raw.client_side || raw.clientSide
+        };
+      } catch (err) {
+        lastError = err instanceof Error ? err : new Error(String(err));
+        if (lastError.message.includes("(4")) break;
+      }
+    }
+    if (lastError && !lastError.message.includes("(4")) {
+      this._offlineQueue.push({
+        recipientDid,
+        message,
+        options,
+        timestamp: Date.now()
+      });
+    }
+    throw lastError || new Error("Send failed");
   }
   /**
    * Receive and decrypt messages. Decryption happens locally.
@@ -2511,17 +2711,105 @@ var VoidlyAgent = class _VoidlyAgent {
     const decrypted = [];
     for (const msg of data.messages) {
       try {
+        if (this._seenMessageIds.has(msg.id)) continue;
         const senderEncPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_encryption_key);
         const ciphertext = (0, import_tweetnacl_util.decodeBase64)(msg.ciphertext);
         const nonce = (0, import_tweetnacl_util.decodeBase64)(msg.nonce);
-        const plaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
-        if (!plaintext) continue;
+        let rawPlaintext = null;
+        let envelopeRatchetStep = 0;
+        if (msg.envelope) {
+          try {
+            const env = JSON.parse(msg.envelope);
+            if (typeof env.ratchet_step === "number") {
+              envelopeRatchetStep = env.ratchet_step;
+            }
+          } catch {
+          }
+        }
+        if (envelopeRatchetStep > 0) {
+          const pairId = `${msg.from}:${this.did}`;
+          let state = this._ratchetStates.get(pairId);
+          if (!state) {
+            const sharedSecret = import_tweetnacl.default.box.before(senderEncPub, this.encryptionKeyPair.secretKey);
+            state = {
+              sendChainKey: sharedSecret,
+              // Our sending chain to this peer
+              sendStep: 0,
+              recvChainKey: sharedSecret,
+              // Their sending chain (our receiving)
+              recvStep: 0,
+              skippedKeys: /* @__PURE__ */ new Map()
+            };
+            this._ratchetStates.set(pairId, state);
+          }
+          const targetStep = envelopeRatchetStep;
+          if (state.skippedKeys.has(targetStep)) {
+            const mk = state.skippedKeys.get(targetStep);
+            rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, mk);
+            state.skippedKeys.delete(targetStep);
+          } else if (targetStep > state.recvStep) {
+            const skip = targetStep - state.recvStep;
+            if (skip > MAX_SKIP) {
+              rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+            } else {
+              let ck = state.recvChainKey;
+              for (let i = state.recvStep + 1; i < targetStep; i++) {
+                const { nextChainKey: nextChainKey2, messageKey: skippedMk } = await ratchetStep(ck);
+                state.skippedKeys.set(i, skippedMk);
+                ck = nextChainKey2;
+                if (state.skippedKeys.size > MAX_SKIP) {
+                  const oldest = state.skippedKeys.keys().next().value;
+                  if (oldest !== void 0) state.skippedKeys.delete(oldest);
+                }
+              }
+              const { nextChainKey, messageKey } = await ratchetStep(ck);
+              state.recvChainKey = nextChainKey;
+              state.recvStep = targetStep;
+              rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, messageKey);
+            }
+          }
+          if (!rawPlaintext) {
+            rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+          }
+        } else {
+          rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+        }
+        if (!rawPlaintext) {
+          this._decryptFailCount++;
+          continue;
+        }
+        let plaintextBytes = rawPlaintext;
+        let wasPadded = false;
+        let wasSealed = false;
+        const proto = parseProtoHeader(rawPlaintext);
+        if (proto) {
+          wasPadded = !!(proto.flags & FLAG_PADDED);
+          wasSealed = !!(proto.flags & FLAG_SEALED);
+          plaintextBytes = proto.content;
+        }
+        if (wasPadded) {
+          plaintextBytes = unpadMessage(plaintextBytes);
+        } else if (!proto && rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
+          const unpadded = unpadMessage(rawPlaintext);
+          if (unpadded.length < rawPlaintext.length) {
+            plaintextBytes = unpadded;
+          }
+        }
+        let content = (0, import_tweetnacl_util.encodeUTF8)(plaintextBytes);
+        let senderDid = msg.from;
+        if (wasSealed || !proto) {
+          const unsealed = unsealEnvelope(content);
+          if (unsealed) {
+            content = unsealed.msg;
+            senderDid = unsealed.from;
+          }
+        }
         let signatureValid = false;
         try {
           const senderSignPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_signing_key);
           const signatureBytes = (0, import_tweetnacl_util.decodeBase64)(msg.signature);
           const envelopeStr = msg.envelope || JSON.stringify({
-            from: msg.from,
+            from: senderDid,
             to: msg.to,
             timestamp: msg.timestamp,
             nonce: msg.nonce,
@@ -2535,11 +2823,20 @@ var VoidlyAgent = class _VoidlyAgent {
         } catch {
           signatureValid = false;
         }
+        if (this.requireSignatures && !signatureValid) {
+          this._decryptFailCount++;
+          continue;
+        }
+        this._seenMessageIds.add(msg.id);
+        if (this._seenMessageIds.size > 1e4) {
+          const first = this._seenMessageIds.values().next().value;
+          if (first !== void 0) this._seenMessageIds.delete(first);
+        }
         decrypted.push({
           id: msg.id,
-          from: msg.from,
+          from: senderDid,
           to: msg.to,
-          content: (0, import_tweetnacl_util.encodeUTF8)(plaintext),
+          content,
           contentType: msg.content_type,
           messageType: msg.message_type || "text",
           threadId: msg.thread_id,
@@ -2549,6 +2846,7 @@ var VoidlyAgent = class _VoidlyAgent {
           expiresAt: msg.expires_at
         });
       } catch {
+        this._decryptFailCount++;
       }
     }
     return decrypted;
@@ -2599,9 +2897,19 @@ var VoidlyAgent = class _VoidlyAgent {
    * Look up an agent's public profile and keys.
    */
   async getIdentity(did) {
+    const cached = this._identityCache.get(did);
+    if (cached && Date.now() - cached.cachedAt < 3e5) {
+      return cached.profile;
+    }
     const res = await fetch(`${this.baseUrl}/v1/agent/identity/${did}`);
     if (!res.ok) return null;
-    return await res.json();
+    const profile = await res.json();
+    this._identityCache.set(did, { profile, cachedAt: Date.now() });
+    if (this._identityCache.size > 500) {
+      const oldest = this._identityCache.keys().next().value;
+      if (oldest !== void 0) this._identityCache.delete(oldest);
+    }
+    return profile;
   }
   /**
    * Search for agents by name or capability.
@@ -2661,10 +2969,14 @@ var VoidlyAgent = class _VoidlyAgent {
    * Delete a webhook.
    */
   async deleteWebhook(webhookId) {
-    await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
+    const res = await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
       method: "DELETE",
       headers: { "X-Agent-Key": this.apiKey }
     });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({}));
+      throw new Error(`Webhook delete failed: ${err.error || res.statusText}`);
+    }
   }
   /**
    * Verify a webhook payload signature (for use in your webhook handler).
@@ -3282,13 +3594,21 @@ var VoidlyAgent = class _VoidlyAgent {
    * The relay finds matching agents and creates individual tasks for each.
    */
   async broadcastTask(options) {
+    const inputBytes = (0, import_tweetnacl_util.decodeUTF8)(options.input);
+    const broadcastNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const broadcastEncrypted = import_tweetnacl.default.secretbox(inputBytes, broadcastNonce, import_tweetnacl.default.box.before(
+      this.encryptionKeyPair.publicKey,
+      this.encryptionKeyPair.secretKey
+    ));
+    const broadcastSig = import_tweetnacl.default.sign.detached(inputBytes, this.signingKeyPair.secretKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/tasks/broadcast`, {
       method: "POST",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
         capability: options.capability,
-        encrypted_input: (0, import_tweetnacl_util.encodeBase64)((0, import_tweetnacl_util.decodeUTF8)(options.input)),
-        input_nonce: (0, import_tweetnacl_util.encodeBase64)(import_tweetnacl.default.randomBytes(24)),
+        encrypted_input: (0, import_tweetnacl_util.encodeBase64)(broadcastEncrypted),
+        input_nonce: (0, import_tweetnacl_util.encodeBase64)(broadcastNonce),
+        input_signature: (0, import_tweetnacl_util.encodeBase64)(broadcastSig),
         priority: options.priority,
         max_agents: options.maxAgents,
         min_trust_level: options.minTrustLevel,
@@ -3358,16 +3678,30 @@ var VoidlyAgent = class _VoidlyAgent {
   // ─── Memory Store ──────────────────────────────────────────────────────────
   /**
    * Store an encrypted key-value pair in persistent memory.
-   * Values are encrypted with a key derived from your API key — only you can read them.
+   * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+   * The relay never sees plaintext values — true E2E encrypted storage.
    */
   async memorySet(namespace, key, value, options) {
+    const valueStr = JSON.stringify(value);
+    const valueBytes = (0, import_tweetnacl_util.decodeUTF8)(valueStr);
+    const memNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+    let memKey;
+    if (typeof globalThis.crypto?.subtle !== "undefined") {
+      memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+    } else {
+      const { createHash } = await import("crypto");
+      memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+    }
+    const encryptedValue = import_tweetnacl.default.secretbox(valueBytes, memNonce, memKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
       method: "PUT",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
-        value,
-        value_type: options?.valueType || (typeof value === "object" ? "json" : typeof value),
-        ttl: options?.ttl
+        value: (0, import_tweetnacl_util.encodeBase64)(encryptedValue),
+        value_type: `encrypted:${options?.valueType || (typeof value === "object" ? "json" : typeof value)}`,
+        ttl: options?.ttl,
+        client_nonce: (0, import_tweetnacl_util.encodeBase64)(memNonce)
       })
     });
     if (!res.ok) throw new Error(`Memory set failed: ${res.status} ${await res.text()}`);
@@ -3375,7 +3709,7 @@ var VoidlyAgent = class _VoidlyAgent {
   }
   /**
    * Retrieve a value from persistent memory.
-   * Decrypted server-side using your API key derivation.
+   * Decrypted CLIENT-SIDE — relay never sees plaintext.
    */
   async memoryGet(namespace, key) {
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
@@ -3383,7 +3717,28 @@ var VoidlyAgent = class _VoidlyAgent {
     });
     if (res.status === 404) return null;
     if (!res.ok) throw new Error(`Memory get failed: ${res.status} ${await res.text()}`);
-    return res.json();
+    const data = await res.json();
+    if (data.value_type?.startsWith("encrypted:") && data.client_nonce) {
+      try {
+        const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+        let memKey;
+        if (typeof globalThis.crypto?.subtle !== "undefined") {
+          memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+        } else {
+          const { createHash } = await import("crypto");
+          memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+        }
+        const encBytes = (0, import_tweetnacl_util.decodeBase64)(data.value);
+        const memNonce = (0, import_tweetnacl_util.decodeBase64)(data.client_nonce);
+        const plain = import_tweetnacl.default.secretbox.open(encBytes, memNonce, memKey);
+        if (plain) {
+          data.value = JSON.parse((0, import_tweetnacl_util.encodeUTF8)(plain));
+          data.value_type = data.value_type.replace("encrypted:", "");
+        }
+      } catch {
+      }
+    }
+    return data;
   }
   /**
    * Delete a key from persistent memory.
@@ -3799,6 +4154,96 @@ var VoidlyAgent = class _VoidlyAgent {
     }
     throw lastError || new Error("Send failed after retries");
   }
+  // ═══════════════════════════════════════════════════════════════════════════
+  // OFFLINE QUEUE — Resilience against relay downtime
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Drain the offline message queue — retry sending queued messages.
+   * Call this when connectivity is restored.
+   * Returns: number of messages successfully sent.
+   */
+  async drainQueue() {
+    let sent = 0;
+    let failed = 0;
+    const remaining = [];
+    for (const item of this._offlineQueue) {
+      if (Date.now() - item.timestamp > 864e5) {
+        failed++;
+        continue;
+      }
+      try {
+        await this.send(item.recipientDid, item.message, item.options);
+        sent++;
+      } catch {
+        remaining.push(item);
+        failed++;
+      }
+    }
+    this._offlineQueue = remaining;
+    return { sent, failed, remaining: remaining.length };
+  }
+  /** Number of messages waiting in the offline queue */
+  get queueLength() {
+    return this._offlineQueue.length;
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  // SECURITY REPORT — Transparent threat model
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Returns what the relay can and cannot see about this agent.
+   * Call this to understand your threat model. Total transparency.
+   */
+  threatModel() {
+    return {
+      relayCanSee: [
+        "Your DID (public identifier)",
+        "Who you message (recipient DIDs)",
+        "When you message (timestamps)",
+        "Message types (text, task-request, etc.)",
+        "Thread structure (which messages are replies)",
+        "Channel membership",
+        "Capability registrations",
+        "Online/offline status",
+        "Approximate message size (even with padding, bounded to power-of-2)"
+      ],
+      relayCannotSee: [
+        "Message content (E2E encrypted \u2014 nacl.secretbox with ratchet-derived per-message keys)",
+        "Private keys (generated and stored client-side only)",
+        "Memory values (encrypted CLIENT-SIDE with nacl.secretbox before relay storage)",
+        "Past message keys (hash ratchet provides forward secrecy \u2014 old keys are deleted)",
+        ...this.sealedSender ? ["Sender identity (sealed inside ciphertext)"] : []
+      ],
+      protections: [
+        "Hash ratchet forward secrecy \u2014 per-message key derivation, old keys deleted",
+        "X25519 key exchange + XSalsa20-Poly1305 authenticated encryption",
+        "Ed25519 signatures on every message (envelope + ciphertext hash)",
+        "TOFU key pinning (MitM detection on key change)",
+        "Client-side memory encryption (relay never sees plaintext values)",
+        "Protocol version header (deterministic padding/sealing detection, no heuristics)",
+        "Identity cache (reduced key lookups, 5-min TTL)",
+        "Message deduplication (track seen message IDs)",
+        "Request validation (fromCredentials validates key sizes and format)",
+        ...this.paddingEnabled ? ["Message padding to power-of-2 boundary (traffic analysis resistance)"] : [],
+        ...this.sealedSender ? ["Sealed sender (relay cannot see who sent a message)"] : [],
+        ...this.requireSignatures ? ["Strict signature enforcement (reject unsigned/invalid messages)"] : [],
+        ...this.fallbackRelays.length > 0 ? [`Multi-relay fallback (${this.fallbackRelays.length} backup relays)`] : [],
+        "Auto-retry with exponential backoff",
+        "Offline message queue",
+        "did:key interoperability (W3C standard DID format)"
+      ],
+      gaps: [
+        "No DH ratchet yet \u2014 hash ratchet only (no post-compromise recovery, planned for v3)",
+        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later (planned for v3)",
+        "Channel encryption is server-side (relay holds channel keys, NOT true E2E)",
+        "Metadata (who, when, thread structure) visible to relay operator",
+        "Single relay architecture (no onion routing, no mix network)",
+        "Ed25519 signatures are non-repudiable (no deniable messaging)",
+        "No async key agreement (no X3DH prekeys)",
+        "Polling-based (no WebSocket real-time transport)",
+        "Ratchet state is in-memory (lost on process restart \u2014 export credentials to persist)"
+      ]
+    };
+  }
 };
 var Conversation = class {
   /** @internal */
@@ -3821,6 +4266,9 @@ var Conversation = class {
       replyTo: this._lastMessageId || void 0
     });
     this._lastMessageId = result.id;
+    if (this._messageHistory.length >= 1e3) {
+      this._messageHistory.splice(0, this._messageHistory.length - 999);
+    }
     this._messageHistory.push({
       id: result.id,
       from: this.agent.did,
@@ -3895,14 +4343,23 @@ var Conversation = class {
   async waitForReply(timeoutMs = 3e4) {
     return new Promise((resolve, reject) => {
       let resolved = false;
+      let pollTimer = null;
+      const cleanup = () => {
+        resolved = true;
+        if (pollTimer) {
+          clearTimeout(pollTimer);
+          pollTimer = null;
+        }
+      };
       const timeout = setTimeout(() => {
         if (!resolved) {
-          resolved = true;
+          cleanup();
           reject(new Error(`No reply received within ${timeoutMs}ms`));
         }
       }, timeoutMs);
       const check = async () => {
-        while (!resolved) {
+        if (resolved) return;
+        try {
           const messages = await this.agent.receive({
             from: this.peerDid,
             threadId: this.threadId,
@@ -3910,9 +4367,12 @@ var Conversation = class {
             limit: 1
           });
           if (messages.length > 0 && !resolved) {
-            resolved = true;
             clearTimeout(timeout);
+            cleanup();
             const msg = messages[0];
+            if (this._messageHistory.length >= 1e3) {
+              this._messageHistory.splice(0, this._messageHistory.length - 999);
+            }
             this._messageHistory.push({
               id: msg.id,
               from: msg.from,
@@ -3927,16 +4387,19 @@ var Conversation = class {
             resolve(msg);
             return;
           }
-          await new Promise((r) => setTimeout(r, 1500));
+        } catch (err) {
+          if (!resolved) {
+            clearTimeout(timeout);
+            cleanup();
+            reject(err instanceof Error ? err : new Error(String(err)));
+            return;
+          }
         }
-      };
-      check().catch((err) => {
         if (!resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          reject(err);
+          pollTimer = setTimeout(check, 1500);
         }
-      });
+      };
+      check();
     });
   }
   /**