@voidly/agent-sdk 1.9.0 → 2.1.0

package/dist/index.mjs

@@ -2335,11 +2335,107 @@ async function sha256(data) {
   const { createHash } = await import("crypto");
   return createHash("sha256").update(data).digest("hex");
 }
+function padMessage(content) {
+  const contentLen = content.length;
+  const totalLen = Math.max(256, nextPowerOf2(contentLen + 2));
+  const padded = new Uint8Array(totalLen);
+  padded[0] = contentLen >> 8 & 255;
+  padded[1] = contentLen & 255;
+  padded.set(content, 2);
+  const randomPad = import_tweetnacl.default.randomBytes(totalLen - contentLen - 2);
+  padded.set(randomPad, contentLen + 2);
+  return padded;
+}
+function unpadMessage(padded) {
+  if (padded.length < 2) return padded;
+  const contentLen = padded[0] << 8 | padded[1];
+  if (contentLen + 2 > padded.length) return padded;
+  return padded.slice(2, 2 + contentLen);
+}
+function nextPowerOf2(n) {
+  let p = 1;
+  while (p < n) p <<= 1;
+  return p;
+}
+async function ratchetStep(chainKey) {
+  const encoder = new TextEncoder();
+  if (typeof globalThis.crypto?.subtle !== "undefined") {
+    const ckInput = new Uint8Array([...chainKey, 1]);
+    const mkInput = new Uint8Array([...chainKey, 2]);
+    const nextChainKey2 = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", ckInput));
+    const messageKey2 = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", mkInput));
+    return { nextChainKey: nextChainKey2, messageKey: messageKey2 };
+  }
+  const { createHash } = await import("crypto");
+  const nextChainKey = new Uint8Array(
+    createHash("sha256").update(Buffer.from([...chainKey, 1])).digest()
+  );
+  const messageKey = new Uint8Array(
+    createHash("sha256").update(Buffer.from([...chainKey, 2])).digest()
+  );
+  return { nextChainKey, messageKey };
+}
+function sealEnvelope(senderDid, plaintext) {
+  return JSON.stringify({
+    v: 2,
+    from: senderDid,
+    msg: plaintext,
+    ts: (/* @__PURE__ */ new Date()).toISOString()
+  });
+}
+function unsealEnvelope(plaintext) {
+  try {
+    const parsed = JSON.parse(plaintext);
+    if (parsed.v === 2 && parsed.from && parsed.msg) {
+      return { from: parsed.from, msg: parsed.msg, ts: parsed.ts };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+var PROTO_MARKER = 86;
+var FLAG_PADDED = 1;
+var FLAG_SEALED = 2;
+var FLAG_RATCHET = 4;
+function makeProtoHeader(flags, ratchetStep2) {
+  return new Uint8Array([PROTO_MARKER, flags, ratchetStep2 >> 8 & 255, ratchetStep2 & 255]);
+}
+function parseProtoHeader(data) {
+  if (data.length < 4 || data[0] !== PROTO_MARKER) return null;
+  return {
+    flags: data[1],
+    ratchetStep: data[2] << 8 | data[3],
+    content: data.slice(4)
+  };
+}
+var MAX_SKIP = 200;
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase58(bytes) {
+  if (bytes.length === 0) return "1";
+  let result = "";
+  let num = BigInt("0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join(""));
+  while (num > 0n) {
+    const remainder = num % 58n;
+    num = num / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  for (const byte of bytes) {
+    if (byte === 0) result = "1" + result;
+    else break;
+  }
+  return result || "1";
+}
 var VoidlyAgent = class _VoidlyAgent {
   constructor(identity, config) {
     this._pinnedDids = /* @__PURE__ */ new Set();
     this._listeners = /* @__PURE__ */ new Set();
     this._conversations = /* @__PURE__ */ new Map();
+    this._offlineQueue = [];
+    this._ratchetStates = /* @__PURE__ */ new Map();
+    this._identityCache = /* @__PURE__ */ new Map();
+    this._seenMessageIds = /* @__PURE__ */ new Set();
+    this._decryptFailCount = 0;
     this.did = identity.did;
     this.apiKey = identity.apiKey;
     this.signingKeyPair = identity.signingKeyPair;
@@ -2347,6 +2443,11 @@ var VoidlyAgent = class _VoidlyAgent {
     this.baseUrl = config?.baseUrl || "https://api.voidly.ai";
     this.autoPin = config?.autoPin !== false;
     this.defaultRetries = config?.retries ?? 3;
+    this.fallbackRelays = config?.fallbackRelays || [];
+    this.paddingEnabled = config?.padding !== false;
+    this.sealedSender = config?.sealedSender || false;
+    this.requireSignatures = config?.requireSignatures || false;
+    this.timeout = config?.timeout ?? 3e4;
   }
   // ─── Factory Methods ────────────────────────────────────────────────────────
   /**
@@ -2385,8 +2486,29 @@ var VoidlyAgent = class _VoidlyAgent {
    * Use this to resume an agent across sessions.
    */
   static fromCredentials(creds, config) {
-    const signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
-    const encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    if (!creds.did || !creds.did.startsWith("did:")) {
+      throw new Error('Invalid credentials: did must start with "did:"');
+    }
+    if (!creds.apiKey || creds.apiKey.length < 8) {
+      throw new Error("Invalid credentials: apiKey is missing or too short");
+    }
+    if (!creds.signingSecretKey || !creds.encryptionSecretKey) {
+      throw new Error("Invalid credentials: secret keys are required");
+    }
+    let signingSecret;
+    let encryptionSecret;
+    try {
+      signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
+      encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    } catch {
+      throw new Error("Invalid credentials: secret keys must be valid base64");
+    }
+    if (signingSecret.length !== 64) {
+      throw new Error(`Invalid credentials: signing key must be 64 bytes, got ${signingSecret.length}`);
+    }
+    if (encryptionSecret.length !== 32) {
+      throw new Error(`Invalid credentials: encryption key must be 32 bytes, got ${encryptionSecret.length}`);
+    }
     return new _VoidlyAgent({
       did: creds.did,
       apiKey: creds.apiKey,
@@ -2411,18 +2533,43 @@ var VoidlyAgent = class _VoidlyAgent {
       encryptionPublicKey: (0, import_tweetnacl_util.encodeBase64)(this.encryptionKeyPair.publicKey)
     };
   }
+  /**
+   * Get the number of messages that failed to decrypt.
+   * Useful for detecting key mismatches, attacks, or corruption.
+   */
+  get decryptFailCount() {
+    return this._decryptFailCount;
+  }
+  /**
+   * Generate a did:key identifier from this agent's Ed25519 signing key.
+   * did:key is a W3C standard — interoperable across systems.
+   * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+   */
+  get didKey() {
+    const multicodec = new Uint8Array(2 + this.signingKeyPair.publicKey.length);
+    multicodec[0] = 237;
+    multicodec[1] = 1;
+    multicodec.set(this.signingKeyPair.publicKey, 2);
+    return `did:key:z${toBase58(multicodec)}`;
+  }
   // ─── Messaging ──────────────────────────────────────────────────────────────
   /**
-   * Send an E2E encrypted message with automatic retry and transparent TOFU.
+   * Send an E2E encrypted message with hardened security.
    * Encryption happens locally — the relay NEVER sees plaintext or private keys.
    *
-   * Features:
+   * Security features:
+   * - **Message padding** — ciphertext padded to power-of-2 boundary (traffic analysis resistance)
+   * - **Hash ratchet** — per-conversation forward secrecy (compromise key[n] can't derive key[n-1])
+   * - **Sealed sender** — optionally hide sender DID from relay metadata
    * - **Auto-retry** with exponential backoff on transient failures
-   * - **Transparent TOFU** — automatically pins recipient keys on first contact
-   * - **Key verification** — warns if pinned keys have changed (potential MitM)
+   * - **Multi-relay fallback** — try backup relays if primary is down
+   * - **Offline queue** — queue messages if all relays fail
+   * - **Transparent TOFU** — auto-pin recipient keys on first contact
    */
   async send(recipientDid, message, options = {}) {
     const maxRetries = options.retries ?? this.defaultRetries;
+    const usePadding = !options.noPadding && this.paddingEnabled;
+    const useSealed = options.sealedSender ?? this.sealedSender;
     const profile = await this.getIdentity(recipientDid);
     if (!profile) {
       throw new Error(`Recipient ${recipientDid} not found`);
@@ -2431,9 +2578,43 @@ var VoidlyAgent = class _VoidlyAgent {
       await this._autoPinKeys(recipientDid);
     }
     const recipientPubKey = (0, import_tweetnacl_util.decodeBase64)(profile.encryption_public_key);
-    const messageBytes = (0, import_tweetnacl_util.decodeUTF8)(message);
-    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.box.nonceLength);
-    const ciphertext = import_tweetnacl.default.box(messageBytes, nonce, recipientPubKey, this.encryptionKeyPair.secretKey);
+    let plaintext = message;
+    if (useSealed) {
+      plaintext = sealEnvelope(this.did, message);
+    }
+    let contentBytes;
+    if (usePadding) {
+      contentBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
+    } else {
+      contentBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
+    }
+    const pairId = `${this.did}:${recipientDid}`;
+    let state = this._ratchetStates.get(pairId);
+    if (!state) {
+      const sharedSecret = import_tweetnacl.default.box.before(recipientPubKey, this.encryptionKeyPair.secretKey);
+      state = {
+        sendChainKey: sharedSecret,
+        sendStep: 0,
+        recvChainKey: sharedSecret,
+        // Will be synced on first receive
+        recvStep: 0,
+        skippedKeys: /* @__PURE__ */ new Map()
+      };
+      this._ratchetStates.set(pairId, state);
+    }
+    const { nextChainKey, messageKey } = await ratchetStep(state.sendChainKey);
+    state.sendChainKey = nextChainKey;
+    state.sendStep++;
+    const currentStep = state.sendStep;
+    let flags = FLAG_RATCHET;
+    if (usePadding) flags |= FLAG_PADDED;
+    if (useSealed) flags |= FLAG_SEALED;
+    const header = makeProtoHeader(flags, currentStep);
+    const messageBytes = new Uint8Array(header.length + contentBytes.length);
+    messageBytes.set(header, 0);
+    messageBytes.set(contentBytes, header.length);
+    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const ciphertext = import_tweetnacl.default.secretbox(messageBytes, nonce, messageKey);
     if (!ciphertext) {
       throw new Error("Encryption failed");
     }
@@ -2442,7 +2623,8 @@ var VoidlyAgent = class _VoidlyAgent {
       to: recipientDid,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       nonce: (0, import_tweetnacl_util.encodeBase64)(nonce),
-      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext))
+      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext)),
+      ratchet_step: currentStep
     });
     const signature = import_tweetnacl.default.sign.detached((0, import_tweetnacl_util.decodeUTF8)(envelopeData), this.signingKeyPair.secretKey);
     const payload = {
@@ -2457,24 +2639,42 @@ var VoidlyAgent = class _VoidlyAgent {
       reply_to: options.replyTo,
       ttl: options.ttl
     };
-    const raw = await this._fetchWithRetry(
-      `${this.baseUrl}/v1/agent/send/encrypted`,
-      {
-        method: "POST",
-        headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
-        body: JSON.stringify(payload)
-      },
-      { maxRetries, baseDelay: 500, maxDelay: 1e4 }
-    );
-    return {
-      id: raw.id,
-      from: raw.from,
-      to: raw.to,
-      timestamp: raw.timestamp,
-      expiresAt: raw.expires_at || raw.expiresAt,
-      encrypted: raw.encrypted,
-      clientSide: raw.client_side || raw.clientSide
-    };
+    const relays = [this.baseUrl, ...this.fallbackRelays];
+    let lastError = null;
+    for (const relay of relays) {
+      try {
+        const raw = await this._fetchWithRetry(
+          `${relay}/v1/agent/send/encrypted`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
+            body: JSON.stringify(payload)
+          },
+          { maxRetries, baseDelay: 500, maxDelay: 1e4 }
+        );
+        return {
+          id: raw.id,
+          from: raw.from,
+          to: raw.to,
+          timestamp: raw.timestamp,
+          expiresAt: raw.expires_at || raw.expiresAt,
+          encrypted: raw.encrypted,
+          clientSide: raw.client_side || raw.clientSide
+        };
+      } catch (err) {
+        lastError = err instanceof Error ? err : new Error(String(err));
+        if (lastError.message.includes("(4")) break;
+      }
+    }
+    if (lastError && !lastError.message.includes("(4")) {
+      this._offlineQueue.push({
+        recipientDid,
+        message,
+        options,
+        timestamp: Date.now()
+      });
+    }
+    throw lastError || new Error("Send failed");
   }
   /**
    * Receive and decrypt messages. Decryption happens locally.
@@ -2500,17 +2700,105 @@ var VoidlyAgent = class _VoidlyAgent {
     const decrypted = [];
     for (const msg of data.messages) {
       try {
+        if (this._seenMessageIds.has(msg.id)) continue;
         const senderEncPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_encryption_key);
         const ciphertext = (0, import_tweetnacl_util.decodeBase64)(msg.ciphertext);
         const nonce = (0, import_tweetnacl_util.decodeBase64)(msg.nonce);
-        const plaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
-        if (!plaintext) continue;
+        let rawPlaintext = null;
+        let envelopeRatchetStep = 0;
+        if (msg.envelope) {
+          try {
+            const env = JSON.parse(msg.envelope);
+            if (typeof env.ratchet_step === "number") {
+              envelopeRatchetStep = env.ratchet_step;
+            }
+          } catch {
+          }
+        }
+        if (envelopeRatchetStep > 0) {
+          const pairId = `${msg.from}:${this.did}`;
+          let state = this._ratchetStates.get(pairId);
+          if (!state) {
+            const sharedSecret = import_tweetnacl.default.box.before(senderEncPub, this.encryptionKeyPair.secretKey);
+            state = {
+              sendChainKey: sharedSecret,
+              // Our sending chain to this peer
+              sendStep: 0,
+              recvChainKey: sharedSecret,
+              // Their sending chain (our receiving)
+              recvStep: 0,
+              skippedKeys: /* @__PURE__ */ new Map()
+            };
+            this._ratchetStates.set(pairId, state);
+          }
+          const targetStep = envelopeRatchetStep;
+          if (state.skippedKeys.has(targetStep)) {
+            const mk = state.skippedKeys.get(targetStep);
+            rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, mk);
+            state.skippedKeys.delete(targetStep);
+          } else if (targetStep > state.recvStep) {
+            const skip = targetStep - state.recvStep;
+            if (skip > MAX_SKIP) {
+              rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+            } else {
+              let ck = state.recvChainKey;
+              for (let i = state.recvStep + 1; i < targetStep; i++) {
+                const { nextChainKey: nextChainKey2, messageKey: skippedMk } = await ratchetStep(ck);
+                state.skippedKeys.set(i, skippedMk);
+                ck = nextChainKey2;
+                if (state.skippedKeys.size > MAX_SKIP) {
+                  const oldest = state.skippedKeys.keys().next().value;
+                  if (oldest !== void 0) state.skippedKeys.delete(oldest);
+                }
+              }
+              const { nextChainKey, messageKey } = await ratchetStep(ck);
+              state.recvChainKey = nextChainKey;
+              state.recvStep = targetStep;
+              rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, messageKey);
+            }
+          }
+          if (!rawPlaintext) {
+            rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+          }
+        } else {
+          rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+        }
+        if (!rawPlaintext) {
+          this._decryptFailCount++;
+          continue;
+        }
+        let plaintextBytes = rawPlaintext;
+        let wasPadded = false;
+        let wasSealed = false;
+        const proto = parseProtoHeader(rawPlaintext);
+        if (proto) {
+          wasPadded = !!(proto.flags & FLAG_PADDED);
+          wasSealed = !!(proto.flags & FLAG_SEALED);
+          plaintextBytes = proto.content;
+        }
+        if (wasPadded) {
+          plaintextBytes = unpadMessage(plaintextBytes);
+        } else if (!proto && rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
+          const unpadded = unpadMessage(rawPlaintext);
+          if (unpadded.length < rawPlaintext.length) {
+            plaintextBytes = unpadded;
+          }
+        }
+        let content = (0, import_tweetnacl_util.encodeUTF8)(plaintextBytes);
+        let senderDid = msg.from;
+        if (wasSealed || !proto) {
+          const unsealed = unsealEnvelope(content);
+          if (unsealed) {
+            content = unsealed.msg;
+            senderDid = unsealed.from;
+          }
+        }
         let signatureValid = false;
         try {
           const senderSignPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_signing_key);
           const signatureBytes = (0, import_tweetnacl_util.decodeBase64)(msg.signature);
           const envelopeStr = msg.envelope || JSON.stringify({
-            from: msg.from,
+            from: senderDid,
             to: msg.to,
             timestamp: msg.timestamp,
             nonce: msg.nonce,
@@ -2524,11 +2812,20 @@ var VoidlyAgent = class _VoidlyAgent {
         } catch {
           signatureValid = false;
         }
+        if (this.requireSignatures && !signatureValid) {
+          this._decryptFailCount++;
+          continue;
+        }
+        this._seenMessageIds.add(msg.id);
+        if (this._seenMessageIds.size > 1e4) {
+          const first = this._seenMessageIds.values().next().value;
+          if (first !== void 0) this._seenMessageIds.delete(first);
+        }
         decrypted.push({
           id: msg.id,
-          from: msg.from,
+          from: senderDid,
           to: msg.to,
-          content: (0, import_tweetnacl_util.encodeUTF8)(plaintext),
+          content,
           contentType: msg.content_type,
           messageType: msg.message_type || "text",
           threadId: msg.thread_id,
@@ -2538,6 +2835,7 @@ var VoidlyAgent = class _VoidlyAgent {
           expiresAt: msg.expires_at
         });
       } catch {
+        this._decryptFailCount++;
       }
     }
     return decrypted;
@@ -2588,9 +2886,19 @@ var VoidlyAgent = class _VoidlyAgent {
    * Look up an agent's public profile and keys.
    */
   async getIdentity(did) {
+    const cached = this._identityCache.get(did);
+    if (cached && Date.now() - cached.cachedAt < 3e5) {
+      return cached.profile;
+    }
     const res = await fetch(`${this.baseUrl}/v1/agent/identity/${did}`);
     if (!res.ok) return null;
-    return await res.json();
+    const profile = await res.json();
+    this._identityCache.set(did, { profile, cachedAt: Date.now() });
+    if (this._identityCache.size > 500) {
+      const oldest = this._identityCache.keys().next().value;
+      if (oldest !== void 0) this._identityCache.delete(oldest);
+    }
+    return profile;
   }
   /**
    * Search for agents by name or capability.
@@ -2650,10 +2958,14 @@ var VoidlyAgent = class _VoidlyAgent {
    * Delete a webhook.
    */
   async deleteWebhook(webhookId) {
-    await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
+    const res = await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
       method: "DELETE",
       headers: { "X-Agent-Key": this.apiKey }
     });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({}));
+      throw new Error(`Webhook delete failed: ${err.error || res.statusText}`);
+    }
   }
   /**
    * Verify a webhook payload signature (for use in your webhook handler).
@@ -3271,13 +3583,21 @@ var VoidlyAgent = class _VoidlyAgent {
    * The relay finds matching agents and creates individual tasks for each.
    */
   async broadcastTask(options) {
+    const inputBytes = (0, import_tweetnacl_util.decodeUTF8)(options.input);
+    const broadcastNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const broadcastEncrypted = import_tweetnacl.default.secretbox(inputBytes, broadcastNonce, import_tweetnacl.default.box.before(
+      this.encryptionKeyPair.publicKey,
+      this.encryptionKeyPair.secretKey
+    ));
+    const broadcastSig = import_tweetnacl.default.sign.detached(inputBytes, this.signingKeyPair.secretKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/tasks/broadcast`, {
       method: "POST",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
         capability: options.capability,
-        encrypted_input: (0, import_tweetnacl_util.encodeBase64)((0, import_tweetnacl_util.decodeUTF8)(options.input)),
-        input_nonce: (0, import_tweetnacl_util.encodeBase64)(import_tweetnacl.default.randomBytes(24)),
+        encrypted_input: (0, import_tweetnacl_util.encodeBase64)(broadcastEncrypted),
+        input_nonce: (0, import_tweetnacl_util.encodeBase64)(broadcastNonce),
+        input_signature: (0, import_tweetnacl_util.encodeBase64)(broadcastSig),
         priority: options.priority,
         max_agents: options.maxAgents,
         min_trust_level: options.minTrustLevel,
@@ -3347,16 +3667,30 @@ var VoidlyAgent = class _VoidlyAgent {
   // ─── Memory Store ──────────────────────────────────────────────────────────
   /**
    * Store an encrypted key-value pair in persistent memory.
-   * Values are encrypted with a key derived from your API key — only you can read them.
+   * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+   * The relay never sees plaintext values — true E2E encrypted storage.
    */
   async memorySet(namespace, key, value, options) {
+    const valueStr = JSON.stringify(value);
+    const valueBytes = (0, import_tweetnacl_util.decodeUTF8)(valueStr);
+    const memNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+    let memKey;
+    if (typeof globalThis.crypto?.subtle !== "undefined") {
+      memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+    } else {
+      const { createHash } = await import("crypto");
+      memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+    }
+    const encryptedValue = import_tweetnacl.default.secretbox(valueBytes, memNonce, memKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
       method: "PUT",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
-        value,
-        value_type: options?.valueType || (typeof value === "object" ? "json" : typeof value),
-        ttl: options?.ttl
+        value: (0, import_tweetnacl_util.encodeBase64)(encryptedValue),
+        value_type: `encrypted:${options?.valueType || (typeof value === "object" ? "json" : typeof value)}`,
+        ttl: options?.ttl,
+        client_nonce: (0, import_tweetnacl_util.encodeBase64)(memNonce)
       })
     });
     if (!res.ok) throw new Error(`Memory set failed: ${res.status} ${await res.text()}`);
@@ -3364,7 +3698,7 @@ var VoidlyAgent = class _VoidlyAgent {
   }
   /**
    * Retrieve a value from persistent memory.
-   * Decrypted server-side using your API key derivation.
+   * Decrypted CLIENT-SIDE — relay never sees plaintext.
    */
   async memoryGet(namespace, key) {
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
@@ -3372,7 +3706,28 @@ var VoidlyAgent = class _VoidlyAgent {
     });
     if (res.status === 404) return null;
     if (!res.ok) throw new Error(`Memory get failed: ${res.status} ${await res.text()}`);
-    return res.json();
+    const data = await res.json();
+    if (data.value_type?.startsWith("encrypted:") && data.client_nonce) {
+      try {
+        const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+        let memKey;
+        if (typeof globalThis.crypto?.subtle !== "undefined") {
+          memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+        } else {
+          const { createHash } = await import("crypto");
+          memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+        }
+        const encBytes = (0, import_tweetnacl_util.decodeBase64)(data.value);
+        const memNonce = (0, import_tweetnacl_util.decodeBase64)(data.client_nonce);
+        const plain = import_tweetnacl.default.secretbox.open(encBytes, memNonce, memKey);
+        if (plain) {
+          data.value = JSON.parse((0, import_tweetnacl_util.encodeUTF8)(plain));
+          data.value_type = data.value_type.replace("encrypted:", "");
+        }
+      } catch {
+      }
+    }
+    return data;
   }
   /**
    * Delete a key from persistent memory.
@@ -3788,6 +4143,96 @@ var VoidlyAgent = class _VoidlyAgent {
     }
     throw lastError || new Error("Send failed after retries");
   }
+  // ═══════════════════════════════════════════════════════════════════════════
+  // OFFLINE QUEUE — Resilience against relay downtime
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Drain the offline message queue — retry sending queued messages.
+   * Call this when connectivity is restored.
+   * Returns: number of messages successfully sent.
+   */
+  async drainQueue() {
+    let sent = 0;
+    let failed = 0;
+    const remaining = [];
+    for (const item of this._offlineQueue) {
+      if (Date.now() - item.timestamp > 864e5) {
+        failed++;
+        continue;
+      }
+      try {
+        await this.send(item.recipientDid, item.message, item.options);
+        sent++;
+      } catch {
+        remaining.push(item);
+        failed++;
+      }
+    }
+    this._offlineQueue = remaining;
+    return { sent, failed, remaining: remaining.length };
+  }
+  /** Number of messages waiting in the offline queue */
+  get queueLength() {
+    return this._offlineQueue.length;
+  }
+  // ═══════════════════════════════════════════════════════════════════════════
+  // SECURITY REPORT — Transparent threat model
+  // ═══════════════════════════════════════════════════════════════════════════
+  /**
+   * Returns what the relay can and cannot see about this agent.
+   * Call this to understand your threat model. Total transparency.
+   */
+  threatModel() {
+    return {
+      relayCanSee: [
+        "Your DID (public identifier)",
+        "Who you message (recipient DIDs)",
+        "When you message (timestamps)",
+        "Message types (text, task-request, etc.)",
+        "Thread structure (which messages are replies)",
+        "Channel membership",
+        "Capability registrations",
+        "Online/offline status",
+        "Approximate message size (even with padding, bounded to power-of-2)"
+      ],
+      relayCannotSee: [
+        "Message content (E2E encrypted \u2014 nacl.secretbox with ratchet-derived per-message keys)",
+        "Private keys (generated and stored client-side only)",
+        "Memory values (encrypted CLIENT-SIDE with nacl.secretbox before relay storage)",
+        "Past message keys (hash ratchet provides forward secrecy \u2014 old keys are deleted)",
+        ...this.sealedSender ? ["Sender identity (sealed inside ciphertext)"] : []
+      ],
+      protections: [
+        "Hash ratchet forward secrecy \u2014 per-message key derivation, old keys deleted",
+        "X25519 key exchange + XSalsa20-Poly1305 authenticated encryption",
+        "Ed25519 signatures on every message (envelope + ciphertext hash)",
+        "TOFU key pinning (MitM detection on key change)",
+        "Client-side memory encryption (relay never sees plaintext values)",
+        "Protocol version header (deterministic padding/sealing detection, no heuristics)",
+        "Identity cache (reduced key lookups, 5-min TTL)",
+        "Message deduplication (track seen message IDs)",
+        "Request validation (fromCredentials validates key sizes and format)",
+        ...this.paddingEnabled ? ["Message padding to power-of-2 boundary (traffic analysis resistance)"] : [],
+        ...this.sealedSender ? ["Sealed sender (relay cannot see who sent a message)"] : [],
+        ...this.requireSignatures ? ["Strict signature enforcement (reject unsigned/invalid messages)"] : [],
+        ...this.fallbackRelays.length > 0 ? [`Multi-relay fallback (${this.fallbackRelays.length} backup relays)`] : [],
+        "Auto-retry with exponential backoff",
+        "Offline message queue",
+        "did:key interoperability (W3C standard DID format)"
+      ],
+      gaps: [
+        "No DH ratchet yet \u2014 hash ratchet only (no post-compromise recovery, planned for v3)",
+        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later (planned for v3)",
+        "Channel encryption is server-side (relay holds channel keys, NOT true E2E)",
+        "Metadata (who, when, thread structure) visible to relay operator",
+        "Single relay architecture (no onion routing, no mix network)",
+        "Ed25519 signatures are non-repudiable (no deniable messaging)",
+        "No async key agreement (no X3DH prekeys)",
+        "Polling-based (no WebSocket real-time transport)",
+        "Ratchet state is in-memory (lost on process restart \u2014 export credentials to persist)"
+      ]
+    };
+  }
 };
 var Conversation = class {
   /** @internal */
@@ -3810,6 +4255,9 @@ var Conversation = class {
       replyTo: this._lastMessageId || void 0
     });
     this._lastMessageId = result.id;
+    if (this._messageHistory.length >= 1e3) {
+      this._messageHistory.splice(0, this._messageHistory.length - 999);
+    }
     this._messageHistory.push({
       id: result.id,
       from: this.agent.did,
@@ -3884,14 +4332,23 @@ var Conversation = class {
   async waitForReply(timeoutMs = 3e4) {
     return new Promise((resolve, reject) => {
       let resolved = false;
+      let pollTimer = null;
+      const cleanup = () => {
+        resolved = true;
+        if (pollTimer) {
+          clearTimeout(pollTimer);
+          pollTimer = null;
+        }
+      };
       const timeout = setTimeout(() => {
         if (!resolved) {
-          resolved = true;
+          cleanup();
           reject(new Error(`No reply received within ${timeoutMs}ms`));
         }
       }, timeoutMs);
       const check = async () => {
-        while (!resolved) {
+        if (resolved) return;
+        try {
           const messages = await this.agent.receive({
             from: this.peerDid,
             threadId: this.threadId,
@@ -3899,9 +4356,12 @@ var Conversation = class {
             limit: 1
           });
           if (messages.length > 0 && !resolved) {
-            resolved = true;
             clearTimeout(timeout);
+            cleanup();
             const msg = messages[0];
+            if (this._messageHistory.length >= 1e3) {
+              this._messageHistory.splice(0, this._messageHistory.length - 999);
+            }
             this._messageHistory.push({
               id: msg.id,
               from: msg.from,
@@ -3916,16 +4376,19 @@ var Conversation = class {
             resolve(msg);
             return;
           }
-          await new Promise((r) => setTimeout(r, 1500));
+        } catch (err) {
+          if (!resolved) {
+            clearTimeout(timeout);
+            cleanup();
+            reject(err instanceof Error ? err : new Error(String(err)));
+            return;
+          }
         }
-      };
-      check().catch((err) => {
         if (!resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          reject(err);
+          pollTimer = setTimeout(check, 1500);
         }
-      });
+      };
+      check();
     });
   }
   /**