@voidly/agent-sdk 2.0.0 → 2.1.0

package/dist/index.d.mts

@@ -60,6 +60,10 @@ interface VoidlyAgentConfig {
     padding?: boolean;
     /** Enable sealed sender — hide sender DID from relay metadata (default: false) */
     sealedSender?: boolean;
+    /** Reject messages with invalid signatures (default: false — returns signatureValid: false) */
+    requireSignatures?: boolean;
+    /** Request timeout in milliseconds (default: 30000) */
+    timeout?: number;
 }
 interface ListenOptions {
     /** Milliseconds between polls (default: 2000, min: 500) */
@@ -137,11 +141,16 @@ declare class VoidlyAgent {
     private fallbackRelays;
     private paddingEnabled;
     private sealedSender;
+    private requireSignatures;
+    private timeout;
     private _pinnedDids;
     private _listeners;
     private _conversations;
     private _offlineQueue;
     private _ratchetStates;
+    private _identityCache;
+    private _seenMessageIds;
+    private _decryptFailCount;
     private constructor();
     /**
      * Register a new agent on the Voidly relay.
@@ -173,6 +182,17 @@ declare class VoidlyAgent {
         signingPublicKey: string;
         encryptionPublicKey: string;
     };
+    /**
+     * Get the number of messages that failed to decrypt.
+     * Useful for detecting key mismatches, attacks, or corruption.
+     */
+    get decryptFailCount(): number;
+    /**
+     * Generate a did:key identifier from this agent's Ed25519 signing key.
+     * did:key is a W3C standard — interoperable across systems.
+     * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+     */
+    get didKey(): string;
     /**
      * Send an E2E encrypted message with hardened security.
      * Encryption happens locally — the relay NEVER sees plaintext or private keys.
@@ -644,7 +664,8 @@ declare class VoidlyAgent {
     }, signingPublicKey: string): boolean;
     /**
      * Store an encrypted key-value pair in persistent memory.
-     * Values are encrypted with a key derived from your API key — only you can read them.
+     * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+     * The relay never sees plaintext values — true E2E encrypted storage.
      */
     memorySet(namespace: string, key: string, value: unknown, options?: {
         valueType?: string;
@@ -657,7 +678,7 @@ declare class VoidlyAgent {
     }>;
     /**
      * Retrieve a value from persistent memory.
-     * Decrypted server-side using your API key derivation.
+     * Decrypted CLIENT-SIDE — relay never sees plaintext.
      */
     memoryGet(namespace: string, key: string): Promise<{
         namespace: string;

package/dist/index.d.ts

@@ -60,6 +60,10 @@ interface VoidlyAgentConfig {
     padding?: boolean;
     /** Enable sealed sender — hide sender DID from relay metadata (default: false) */
     sealedSender?: boolean;
+    /** Reject messages with invalid signatures (default: false — returns signatureValid: false) */
+    requireSignatures?: boolean;
+    /** Request timeout in milliseconds (default: 30000) */
+    timeout?: number;
 }
 interface ListenOptions {
     /** Milliseconds between polls (default: 2000, min: 500) */
@@ -137,11 +141,16 @@ declare class VoidlyAgent {
     private fallbackRelays;
     private paddingEnabled;
     private sealedSender;
+    private requireSignatures;
+    private timeout;
     private _pinnedDids;
     private _listeners;
     private _conversations;
     private _offlineQueue;
     private _ratchetStates;
+    private _identityCache;
+    private _seenMessageIds;
+    private _decryptFailCount;
     private constructor();
     /**
      * Register a new agent on the Voidly relay.
@@ -173,6 +182,17 @@ declare class VoidlyAgent {
         signingPublicKey: string;
         encryptionPublicKey: string;
     };
+    /**
+     * Get the number of messages that failed to decrypt.
+     * Useful for detecting key mismatches, attacks, or corruption.
+     */
+    get decryptFailCount(): number;
+    /**
+     * Generate a did:key identifier from this agent's Ed25519 signing key.
+     * did:key is a W3C standard — interoperable across systems.
+     * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+     */
+    get didKey(): string;
     /**
      * Send an E2E encrypted message with hardened security.
      * Encryption happens locally — the relay NEVER sees plaintext or private keys.
@@ -644,7 +664,8 @@ declare class VoidlyAgent {
     }, signingPublicKey: string): boolean;
     /**
      * Store an encrypted key-value pair in persistent memory.
-     * Values are encrypted with a key derived from your API key — only you can read them.
+     * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+     * The relay never sees plaintext values — true E2E encrypted storage.
      */
     memorySet(namespace: string, key: string, value: unknown, options?: {
         valueType?: string;
@@ -657,7 +678,7 @@ declare class VoidlyAgent {
     }>;
     /**
      * Retrieve a value from persistent memory.
-     * Decrypted server-side using your API key derivation.
+     * Decrypted CLIENT-SIDE — relay never sees plaintext.
      */
     memoryGet(namespace: string, key: string): Promise<{
         namespace: string;

package/dist/index.js

@@ -2405,6 +2405,38 @@ function unsealEnvelope(plaintext) {
     return null;
   }
 }
+var PROTO_MARKER = 86;
+var FLAG_PADDED = 1;
+var FLAG_SEALED = 2;
+var FLAG_RATCHET = 4;
+function makeProtoHeader(flags, ratchetStep2) {
+  return new Uint8Array([PROTO_MARKER, flags, ratchetStep2 >> 8 & 255, ratchetStep2 & 255]);
+}
+function parseProtoHeader(data) {
+  if (data.length < 4 || data[0] !== PROTO_MARKER) return null;
+  return {
+    flags: data[1],
+    ratchetStep: data[2] << 8 | data[3],
+    content: data.slice(4)
+  };
+}
+var MAX_SKIP = 200;
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase58(bytes) {
+  if (bytes.length === 0) return "1";
+  let result = "";
+  let num = BigInt("0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join(""));
+  while (num > 0n) {
+    const remainder = num % 58n;
+    num = num / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  for (const byte of bytes) {
+    if (byte === 0) result = "1" + result;
+    else break;
+  }
+  return result || "1";
+}
 var VoidlyAgent = class _VoidlyAgent {
   constructor(identity, config) {
     this._pinnedDids = /* @__PURE__ */ new Set();
@@ -2412,6 +2444,9 @@ var VoidlyAgent = class _VoidlyAgent {
     this._conversations = /* @__PURE__ */ new Map();
     this._offlineQueue = [];
     this._ratchetStates = /* @__PURE__ */ new Map();
+    this._identityCache = /* @__PURE__ */ new Map();
+    this._seenMessageIds = /* @__PURE__ */ new Set();
+    this._decryptFailCount = 0;
     this.did = identity.did;
     this.apiKey = identity.apiKey;
     this.signingKeyPair = identity.signingKeyPair;
@@ -2422,6 +2457,8 @@ var VoidlyAgent = class _VoidlyAgent {
     this.fallbackRelays = config?.fallbackRelays || [];
     this.paddingEnabled = config?.padding !== false;
     this.sealedSender = config?.sealedSender || false;
+    this.requireSignatures = config?.requireSignatures || false;
+    this.timeout = config?.timeout ?? 3e4;
   }
   // ─── Factory Methods ────────────────────────────────────────────────────────
   /**
@@ -2460,8 +2497,29 @@ var VoidlyAgent = class _VoidlyAgent {
    * Use this to resume an agent across sessions.
    */
   static fromCredentials(creds, config) {
-    const signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
-    const encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    if (!creds.did || !creds.did.startsWith("did:")) {
+      throw new Error('Invalid credentials: did must start with "did:"');
+    }
+    if (!creds.apiKey || creds.apiKey.length < 8) {
+      throw new Error("Invalid credentials: apiKey is missing or too short");
+    }
+    if (!creds.signingSecretKey || !creds.encryptionSecretKey) {
+      throw new Error("Invalid credentials: secret keys are required");
+    }
+    let signingSecret;
+    let encryptionSecret;
+    try {
+      signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
+      encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    } catch {
+      throw new Error("Invalid credentials: secret keys must be valid base64");
+    }
+    if (signingSecret.length !== 64) {
+      throw new Error(`Invalid credentials: signing key must be 64 bytes, got ${signingSecret.length}`);
+    }
+    if (encryptionSecret.length !== 32) {
+      throw new Error(`Invalid credentials: encryption key must be 32 bytes, got ${encryptionSecret.length}`);
+    }
     return new _VoidlyAgent({
       did: creds.did,
       apiKey: creds.apiKey,
@@ -2486,6 +2544,25 @@ var VoidlyAgent = class _VoidlyAgent {
       encryptionPublicKey: (0, import_tweetnacl_util.encodeBase64)(this.encryptionKeyPair.publicKey)
     };
   }
+  /**
+   * Get the number of messages that failed to decrypt.
+   * Useful for detecting key mismatches, attacks, or corruption.
+   */
+  get decryptFailCount() {
+    return this._decryptFailCount;
+  }
+  /**
+   * Generate a did:key identifier from this agent's Ed25519 signing key.
+   * did:key is a W3C standard — interoperable across systems.
+   * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+   */
+  get didKey() {
+    const multicodec = new Uint8Array(2 + this.signingKeyPair.publicKey.length);
+    multicodec[0] = 237;
+    multicodec[1] = 1;
+    multicodec.set(this.signingKeyPair.publicKey, 2);
+    return `did:key:z${toBase58(multicodec)}`;
+  }
   // ─── Messaging ──────────────────────────────────────────────────────────────
   /**
    * Send an E2E encrypted message with hardened security.
@@ -2516,29 +2593,39 @@ var VoidlyAgent = class _VoidlyAgent {
     if (useSealed) {
       plaintext = sealEnvelope(this.did, message);
     }
-    let messageBytes;
+    let contentBytes;
     if (usePadding) {
-      messageBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
+      contentBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
     } else {
-      messageBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
+      contentBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
     }
     const pairId = `${this.did}:${recipientDid}`;
-    const ratchetState = this._ratchetStates.get(pairId);
-    let ratchetStep_n = 0;
-    if (ratchetState) {
-      const { nextChainKey, messageKey } = await ratchetStep(ratchetState.chainKey);
-      ratchetState.chainKey = nextChainKey;
-      ratchetState.step++;
-      ratchetStep_n = ratchetState.step;
-    } else {
+    let state = this._ratchetStates.get(pairId);
+    if (!state) {
       const sharedSecret = import_tweetnacl.default.box.before(recipientPubKey, this.encryptionKeyPair.secretKey);
-      this._ratchetStates.set(pairId, {
-        chainKey: sharedSecret,
-        step: 0
-      });
+      state = {
+        sendChainKey: sharedSecret,
+        sendStep: 0,
+        recvChainKey: sharedSecret,
+        // Will be synced on first receive
+        recvStep: 0,
+        skippedKeys: /* @__PURE__ */ new Map()
+      };
+      this._ratchetStates.set(pairId, state);
     }
-    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.box.nonceLength);
-    const ciphertext = import_tweetnacl.default.box(messageBytes, nonce, recipientPubKey, this.encryptionKeyPair.secretKey);
+    const { nextChainKey, messageKey } = await ratchetStep(state.sendChainKey);
+    state.sendChainKey = nextChainKey;
+    state.sendStep++;
+    const currentStep = state.sendStep;
+    let flags = FLAG_RATCHET;
+    if (usePadding) flags |= FLAG_PADDED;
+    if (useSealed) flags |= FLAG_SEALED;
+    const header = makeProtoHeader(flags, currentStep);
+    const messageBytes = new Uint8Array(header.length + contentBytes.length);
+    messageBytes.set(header, 0);
+    messageBytes.set(contentBytes, header.length);
+    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const ciphertext = import_tweetnacl.default.secretbox(messageBytes, nonce, messageKey);
     if (!ciphertext) {
       throw new Error("Encryption failed");
     }
@@ -2547,7 +2634,8 @@ var VoidlyAgent = class _VoidlyAgent {
       to: recipientDid,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       nonce: (0, import_tweetnacl_util.encodeBase64)(nonce),
-      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext))
+      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext)),
+      ratchet_step: currentStep
     });
     const signature = import_tweetnacl.default.sign.detached((0, import_tweetnacl_util.decodeUTF8)(envelopeData), this.signingKeyPair.secretKey);
     const payload = {
@@ -2623,13 +2711,85 @@ var VoidlyAgent = class _VoidlyAgent {
     const decrypted = [];
     for (const msg of data.messages) {
       try {
+        if (this._seenMessageIds.has(msg.id)) continue;
         const senderEncPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_encryption_key);
         const ciphertext = (0, import_tweetnacl_util.decodeBase64)(msg.ciphertext);
         const nonce = (0, import_tweetnacl_util.decodeBase64)(msg.nonce);
-        const rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
-        if (!rawPlaintext) continue;
+        let rawPlaintext = null;
+        let envelopeRatchetStep = 0;
+        if (msg.envelope) {
+          try {
+            const env = JSON.parse(msg.envelope);
+            if (typeof env.ratchet_step === "number") {
+              envelopeRatchetStep = env.ratchet_step;
+            }
+          } catch {
+          }
+        }
+        if (envelopeRatchetStep > 0) {
+          const pairId = `${msg.from}:${this.did}`;
+          let state = this._ratchetStates.get(pairId);
+          if (!state) {
+            const sharedSecret = import_tweetnacl.default.box.before(senderEncPub, this.encryptionKeyPair.secretKey);
+            state = {
+              sendChainKey: sharedSecret,
+              // Our sending chain to this peer
+              sendStep: 0,
+              recvChainKey: sharedSecret,
+              // Their sending chain (our receiving)
+              recvStep: 0,
+              skippedKeys: /* @__PURE__ */ new Map()
+            };
+            this._ratchetStates.set(pairId, state);
+          }
+          const targetStep = envelopeRatchetStep;
+          if (state.skippedKeys.has(targetStep)) {
+            const mk = state.skippedKeys.get(targetStep);
+            rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, mk);
+            state.skippedKeys.delete(targetStep);
+          } else if (targetStep > state.recvStep) {
+            const skip = targetStep - state.recvStep;
+            if (skip > MAX_SKIP) {
+              rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+            } else {
+              let ck = state.recvChainKey;
+              for (let i = state.recvStep + 1; i < targetStep; i++) {
+                const { nextChainKey: nextChainKey2, messageKey: skippedMk } = await ratchetStep(ck);
+                state.skippedKeys.set(i, skippedMk);
+                ck = nextChainKey2;
+                if (state.skippedKeys.size > MAX_SKIP) {
+                  const oldest = state.skippedKeys.keys().next().value;
+                  if (oldest !== void 0) state.skippedKeys.delete(oldest);
+                }
+              }
+              const { nextChainKey, messageKey } = await ratchetStep(ck);
+              state.recvChainKey = nextChainKey;
+              state.recvStep = targetStep;
+              rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, messageKey);
+            }
+          }
+          if (!rawPlaintext) {
+            rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+          }
+        } else {
+          rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+        }
+        if (!rawPlaintext) {
+          this._decryptFailCount++;
+          continue;
+        }
         let plaintextBytes = rawPlaintext;
-        if (rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
+        let wasPadded = false;
+        let wasSealed = false;
+        const proto = parseProtoHeader(rawPlaintext);
+        if (proto) {
+          wasPadded = !!(proto.flags & FLAG_PADDED);
+          wasSealed = !!(proto.flags & FLAG_SEALED);
+          plaintextBytes = proto.content;
+        }
+        if (wasPadded) {
+          plaintextBytes = unpadMessage(plaintextBytes);
+        } else if (!proto && rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
           const unpadded = unpadMessage(rawPlaintext);
           if (unpadded.length < rawPlaintext.length) {
             plaintextBytes = unpadded;
@@ -2637,10 +2797,12 @@ var VoidlyAgent = class _VoidlyAgent {
         }
         let content = (0, import_tweetnacl_util.encodeUTF8)(plaintextBytes);
         let senderDid = msg.from;
-        const unsealed = unsealEnvelope(content);
-        if (unsealed) {
-          content = unsealed.msg;
-          senderDid = unsealed.from;
+        if (wasSealed || !proto) {
+          const unsealed = unsealEnvelope(content);
+          if (unsealed) {
+            content = unsealed.msg;
+            senderDid = unsealed.from;
+          }
         }
         let signatureValid = false;
         try {
@@ -2661,6 +2823,15 @@ var VoidlyAgent = class _VoidlyAgent {
         } catch {
           signatureValid = false;
         }
+        if (this.requireSignatures && !signatureValid) {
+          this._decryptFailCount++;
+          continue;
+        }
+        this._seenMessageIds.add(msg.id);
+        if (this._seenMessageIds.size > 1e4) {
+          const first = this._seenMessageIds.values().next().value;
+          if (first !== void 0) this._seenMessageIds.delete(first);
+        }
         decrypted.push({
           id: msg.id,
           from: senderDid,
@@ -2675,6 +2846,7 @@ var VoidlyAgent = class _VoidlyAgent {
           expiresAt: msg.expires_at
         });
       } catch {
+        this._decryptFailCount++;
       }
     }
     return decrypted;
@@ -2725,9 +2897,19 @@ var VoidlyAgent = class _VoidlyAgent {
    * Look up an agent's public profile and keys.
    */
   async getIdentity(did) {
+    const cached = this._identityCache.get(did);
+    if (cached && Date.now() - cached.cachedAt < 3e5) {
+      return cached.profile;
+    }
     const res = await fetch(`${this.baseUrl}/v1/agent/identity/${did}`);
     if (!res.ok) return null;
-    return await res.json();
+    const profile = await res.json();
+    this._identityCache.set(did, { profile, cachedAt: Date.now() });
+    if (this._identityCache.size > 500) {
+      const oldest = this._identityCache.keys().next().value;
+      if (oldest !== void 0) this._identityCache.delete(oldest);
+    }
+    return profile;
   }
   /**
    * Search for agents by name or capability.
@@ -2787,10 +2969,14 @@ var VoidlyAgent = class _VoidlyAgent {
    * Delete a webhook.
    */
   async deleteWebhook(webhookId) {
-    await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
+    const res = await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
       method: "DELETE",
       headers: { "X-Agent-Key": this.apiKey }
     });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({}));
+      throw new Error(`Webhook delete failed: ${err.error || res.statusText}`);
+    }
   }
   /**
    * Verify a webhook payload signature (for use in your webhook handler).
@@ -3408,13 +3594,21 @@ var VoidlyAgent = class _VoidlyAgent {
    * The relay finds matching agents and creates individual tasks for each.
    */
   async broadcastTask(options) {
+    const inputBytes = (0, import_tweetnacl_util.decodeUTF8)(options.input);
+    const broadcastNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const broadcastEncrypted = import_tweetnacl.default.secretbox(inputBytes, broadcastNonce, import_tweetnacl.default.box.before(
+      this.encryptionKeyPair.publicKey,
+      this.encryptionKeyPair.secretKey
+    ));
+    const broadcastSig = import_tweetnacl.default.sign.detached(inputBytes, this.signingKeyPair.secretKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/tasks/broadcast`, {
       method: "POST",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
         capability: options.capability,
-        encrypted_input: (0, import_tweetnacl_util.encodeBase64)((0, import_tweetnacl_util.decodeUTF8)(options.input)),
-        input_nonce: (0, import_tweetnacl_util.encodeBase64)(import_tweetnacl.default.randomBytes(24)),
+        encrypted_input: (0, import_tweetnacl_util.encodeBase64)(broadcastEncrypted),
+        input_nonce: (0, import_tweetnacl_util.encodeBase64)(broadcastNonce),
+        input_signature: (0, import_tweetnacl_util.encodeBase64)(broadcastSig),
         priority: options.priority,
         max_agents: options.maxAgents,
         min_trust_level: options.minTrustLevel,
@@ -3484,16 +3678,30 @@ var VoidlyAgent = class _VoidlyAgent {
   // ─── Memory Store ──────────────────────────────────────────────────────────
   /**
    * Store an encrypted key-value pair in persistent memory.
-   * Values are encrypted with a key derived from your API key — only you can read them.
+   * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+   * The relay never sees plaintext values — true E2E encrypted storage.
    */
   async memorySet(namespace, key, value, options) {
+    const valueStr = JSON.stringify(value);
+    const valueBytes = (0, import_tweetnacl_util.decodeUTF8)(valueStr);
+    const memNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+    let memKey;
+    if (typeof globalThis.crypto?.subtle !== "undefined") {
+      memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+    } else {
+      const { createHash } = await import("crypto");
+      memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+    }
+    const encryptedValue = import_tweetnacl.default.secretbox(valueBytes, memNonce, memKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
       method: "PUT",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
-        value,
-        value_type: options?.valueType || (typeof value === "object" ? "json" : typeof value),
-        ttl: options?.ttl
+        value: (0, import_tweetnacl_util.encodeBase64)(encryptedValue),
+        value_type: `encrypted:${options?.valueType || (typeof value === "object" ? "json" : typeof value)}`,
+        ttl: options?.ttl,
+        client_nonce: (0, import_tweetnacl_util.encodeBase64)(memNonce)
       })
     });
     if (!res.ok) throw new Error(`Memory set failed: ${res.status} ${await res.text()}`);
@@ -3501,7 +3709,7 @@ var VoidlyAgent = class _VoidlyAgent {
   }
   /**
    * Retrieve a value from persistent memory.
-   * Decrypted server-side using your API key derivation.
+   * Decrypted CLIENT-SIDE — relay never sees plaintext.
    */
   async memoryGet(namespace, key) {
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
@@ -3509,7 +3717,28 @@ var VoidlyAgent = class _VoidlyAgent {
     });
     if (res.status === 404) return null;
     if (!res.ok) throw new Error(`Memory get failed: ${res.status} ${await res.text()}`);
-    return res.json();
+    const data = await res.json();
+    if (data.value_type?.startsWith("encrypted:") && data.client_nonce) {
+      try {
+        const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+        let memKey;
+        if (typeof globalThis.crypto?.subtle !== "undefined") {
+          memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+        } else {
+          const { createHash } = await import("crypto");
+          memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+        }
+        const encBytes = (0, import_tweetnacl_util.decodeBase64)(data.value);
+        const memNonce = (0, import_tweetnacl_util.decodeBase64)(data.client_nonce);
+        const plain = import_tweetnacl.default.secretbox.open(encBytes, memNonce, memKey);
+        if (plain) {
+          data.value = JSON.parse((0, import_tweetnacl_util.encodeUTF8)(plain));
+          data.value_type = data.value_type.replace("encrypted:", "");
+        }
+      } catch {
+      }
+    }
+    return data;
   }
   /**
    * Delete a key from persistent memory.
@@ -3978,31 +4207,40 @@ var VoidlyAgent = class _VoidlyAgent {
         "Approximate message size (even with padding, bounded to power-of-2)"
       ],
       relayCannotSee: [
-        "Message content (E2E encrypted with NaCl box)",
+        "Message content (E2E encrypted \u2014 nacl.secretbox with ratchet-derived per-message keys)",
         "Private keys (generated and stored client-side only)",
-        "Memory values (encrypted with key derived from your API key)",
-        "Attestation content (signed but readable by anyone with the attestation)",
+        "Memory values (encrypted CLIENT-SIDE with nacl.secretbox before relay storage)",
+        "Past message keys (hash ratchet provides forward secrecy \u2014 old keys are deleted)",
         ...this.sealedSender ? ["Sender identity (sealed inside ciphertext)"] : []
       ],
       protections: [
+        "Hash ratchet forward secrecy \u2014 per-message key derivation, old keys deleted",
         "X25519 key exchange + XSalsa20-Poly1305 authenticated encryption",
-        "Ed25519 signatures on every message",
+        "Ed25519 signatures on every message (envelope + ciphertext hash)",
         "TOFU key pinning (MitM detection on key change)",
+        "Client-side memory encryption (relay never sees plaintext values)",
+        "Protocol version header (deterministic padding/sealing detection, no heuristics)",
+        "Identity cache (reduced key lookups, 5-min TTL)",
+        "Message deduplication (track seen message IDs)",
+        "Request validation (fromCredentials validates key sizes and format)",
         ...this.paddingEnabled ? ["Message padding to power-of-2 boundary (traffic analysis resistance)"] : [],
         ...this.sealedSender ? ["Sealed sender (relay cannot see who sent a message)"] : [],
+        ...this.requireSignatures ? ["Strict signature enforcement (reject unsigned/invalid messages)"] : [],
         ...this.fallbackRelays.length > 0 ? [`Multi-relay fallback (${this.fallbackRelays.length} backup relays)`] : [],
         "Auto-retry with exponential backoff",
-        "Offline message queue"
+        "Offline message queue",
+        "did:key interoperability (W3C standard DID format)"
       ],
       gaps: [
-        "No forward secrecy \u2014 same keypair for all messages (compromise exposes ALL history)",
-        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later",
+        "No DH ratchet yet \u2014 hash ratchet only (no post-compromise recovery, planned for v3)",
+        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later (planned for v3)",
         "Channel encryption is server-side (relay holds channel keys, NOT true E2E)",
         "Metadata (who, when, thread structure) visible to relay operator",
         "Single relay architecture (no onion routing, no mix network)",
         "Ed25519 signatures are non-repudiable (no deniable messaging)",
         "No async key agreement (no X3DH prekeys)",
-        "Polling-based (no WebSocket real-time transport)"
+        "Polling-based (no WebSocket real-time transport)",
+        "Ratchet state is in-memory (lost on process restart \u2014 export credentials to persist)"
       ]
     };
   }
@@ -4028,6 +4266,9 @@ var Conversation = class {
       replyTo: this._lastMessageId || void 0
     });
     this._lastMessageId = result.id;
+    if (this._messageHistory.length >= 1e3) {
+      this._messageHistory.splice(0, this._messageHistory.length - 999);
+    }
     this._messageHistory.push({
       id: result.id,
       from: this.agent.did,
@@ -4102,14 +4343,23 @@ var Conversation = class {
   async waitForReply(timeoutMs = 3e4) {
     return new Promise((resolve, reject) => {
       let resolved = false;
+      let pollTimer = null;
+      const cleanup = () => {
+        resolved = true;
+        if (pollTimer) {
+          clearTimeout(pollTimer);
+          pollTimer = null;
+        }
+      };
       const timeout = setTimeout(() => {
         if (!resolved) {
-          resolved = true;
+          cleanup();
           reject(new Error(`No reply received within ${timeoutMs}ms`));
         }
       }, timeoutMs);
       const check = async () => {
-        while (!resolved) {
+        if (resolved) return;
+        try {
           const messages = await this.agent.receive({
             from: this.peerDid,
             threadId: this.threadId,
@@ -4117,9 +4367,12 @@ var Conversation = class {
             limit: 1
           });
           if (messages.length > 0 && !resolved) {
-            resolved = true;
             clearTimeout(timeout);
+            cleanup();
             const msg = messages[0];
+            if (this._messageHistory.length >= 1e3) {
+              this._messageHistory.splice(0, this._messageHistory.length - 999);
+            }
             this._messageHistory.push({
               id: msg.id,
               from: msg.from,
@@ -4134,16 +4387,19 @@ var Conversation = class {
             resolve(msg);
             return;
           }
-          await new Promise((r) => setTimeout(r, 1500));
+        } catch (err) {
+          if (!resolved) {
+            clearTimeout(timeout);
+            cleanup();
+            reject(err instanceof Error ? err : new Error(String(err)));
+            return;
+          }
         }
-      };
-      check().catch((err) => {
         if (!resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          reject(err);
+          pollTimer = setTimeout(check, 1500);
         }
-      });
+      };
+      check();
     });
   }
   /**

package/dist/index.mjs

@@ -2394,6 +2394,38 @@ function unsealEnvelope(plaintext) {
     return null;
   }
 }
+var PROTO_MARKER = 86;
+var FLAG_PADDED = 1;
+var FLAG_SEALED = 2;
+var FLAG_RATCHET = 4;
+function makeProtoHeader(flags, ratchetStep2) {
+  return new Uint8Array([PROTO_MARKER, flags, ratchetStep2 >> 8 & 255, ratchetStep2 & 255]);
+}
+function parseProtoHeader(data) {
+  if (data.length < 4 || data[0] !== PROTO_MARKER) return null;
+  return {
+    flags: data[1],
+    ratchetStep: data[2] << 8 | data[3],
+    content: data.slice(4)
+  };
+}
+var MAX_SKIP = 200;
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase58(bytes) {
+  if (bytes.length === 0) return "1";
+  let result = "";
+  let num = BigInt("0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join(""));
+  while (num > 0n) {
+    const remainder = num % 58n;
+    num = num / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  for (const byte of bytes) {
+    if (byte === 0) result = "1" + result;
+    else break;
+  }
+  return result || "1";
+}
 var VoidlyAgent = class _VoidlyAgent {
   constructor(identity, config) {
     this._pinnedDids = /* @__PURE__ */ new Set();
@@ -2401,6 +2433,9 @@ var VoidlyAgent = class _VoidlyAgent {
     this._conversations = /* @__PURE__ */ new Map();
     this._offlineQueue = [];
     this._ratchetStates = /* @__PURE__ */ new Map();
+    this._identityCache = /* @__PURE__ */ new Map();
+    this._seenMessageIds = /* @__PURE__ */ new Set();
+    this._decryptFailCount = 0;
     this.did = identity.did;
     this.apiKey = identity.apiKey;
     this.signingKeyPair = identity.signingKeyPair;
@@ -2411,6 +2446,8 @@ var VoidlyAgent = class _VoidlyAgent {
     this.fallbackRelays = config?.fallbackRelays || [];
     this.paddingEnabled = config?.padding !== false;
     this.sealedSender = config?.sealedSender || false;
+    this.requireSignatures = config?.requireSignatures || false;
+    this.timeout = config?.timeout ?? 3e4;
   }
   // ─── Factory Methods ────────────────────────────────────────────────────────
   /**
@@ -2449,8 +2486,29 @@ var VoidlyAgent = class _VoidlyAgent {
    * Use this to resume an agent across sessions.
    */
   static fromCredentials(creds, config) {
-    const signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
-    const encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    if (!creds.did || !creds.did.startsWith("did:")) {
+      throw new Error('Invalid credentials: did must start with "did:"');
+    }
+    if (!creds.apiKey || creds.apiKey.length < 8) {
+      throw new Error("Invalid credentials: apiKey is missing or too short");
+    }
+    if (!creds.signingSecretKey || !creds.encryptionSecretKey) {
+      throw new Error("Invalid credentials: secret keys are required");
+    }
+    let signingSecret;
+    let encryptionSecret;
+    try {
+      signingSecret = (0, import_tweetnacl_util.decodeBase64)(creds.signingSecretKey);
+      encryptionSecret = (0, import_tweetnacl_util.decodeBase64)(creds.encryptionSecretKey);
+    } catch {
+      throw new Error("Invalid credentials: secret keys must be valid base64");
+    }
+    if (signingSecret.length !== 64) {
+      throw new Error(`Invalid credentials: signing key must be 64 bytes, got ${signingSecret.length}`);
+    }
+    if (encryptionSecret.length !== 32) {
+      throw new Error(`Invalid credentials: encryption key must be 32 bytes, got ${encryptionSecret.length}`);
+    }
     return new _VoidlyAgent({
       did: creds.did,
       apiKey: creds.apiKey,
@@ -2475,6 +2533,25 @@ var VoidlyAgent = class _VoidlyAgent {
       encryptionPublicKey: (0, import_tweetnacl_util.encodeBase64)(this.encryptionKeyPair.publicKey)
     };
   }
+  /**
+   * Get the number of messages that failed to decrypt.
+   * Useful for detecting key mismatches, attacks, or corruption.
+   */
+  get decryptFailCount() {
+    return this._decryptFailCount;
+  }
+  /**
+   * Generate a did:key identifier from this agent's Ed25519 signing key.
+   * did:key is a W3C standard — interoperable across systems.
+   * Format: did:key:z6Mk{base58-multicodec-ed25519-pubkey}
+   */
+  get didKey() {
+    const multicodec = new Uint8Array(2 + this.signingKeyPair.publicKey.length);
+    multicodec[0] = 237;
+    multicodec[1] = 1;
+    multicodec.set(this.signingKeyPair.publicKey, 2);
+    return `did:key:z${toBase58(multicodec)}`;
+  }
   // ─── Messaging ──────────────────────────────────────────────────────────────
   /**
    * Send an E2E encrypted message with hardened security.
@@ -2505,29 +2582,39 @@ var VoidlyAgent = class _VoidlyAgent {
     if (useSealed) {
       plaintext = sealEnvelope(this.did, message);
     }
-    let messageBytes;
+    let contentBytes;
     if (usePadding) {
-      messageBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
+      contentBytes = padMessage((0, import_tweetnacl_util.decodeUTF8)(plaintext));
     } else {
-      messageBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
+      contentBytes = (0, import_tweetnacl_util.decodeUTF8)(plaintext);
     }
     const pairId = `${this.did}:${recipientDid}`;
-    const ratchetState = this._ratchetStates.get(pairId);
-    let ratchetStep_n = 0;
-    if (ratchetState) {
-      const { nextChainKey, messageKey } = await ratchetStep(ratchetState.chainKey);
-      ratchetState.chainKey = nextChainKey;
-      ratchetState.step++;
-      ratchetStep_n = ratchetState.step;
-    } else {
+    let state = this._ratchetStates.get(pairId);
+    if (!state) {
       const sharedSecret = import_tweetnacl.default.box.before(recipientPubKey, this.encryptionKeyPair.secretKey);
-      this._ratchetStates.set(pairId, {
-        chainKey: sharedSecret,
-        step: 0
-      });
+      state = {
+        sendChainKey: sharedSecret,
+        sendStep: 0,
+        recvChainKey: sharedSecret,
+        // Will be synced on first receive
+        recvStep: 0,
+        skippedKeys: /* @__PURE__ */ new Map()
+      };
+      this._ratchetStates.set(pairId, state);
     }
-    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.box.nonceLength);
-    const ciphertext = import_tweetnacl.default.box(messageBytes, nonce, recipientPubKey, this.encryptionKeyPair.secretKey);
+    const { nextChainKey, messageKey } = await ratchetStep(state.sendChainKey);
+    state.sendChainKey = nextChainKey;
+    state.sendStep++;
+    const currentStep = state.sendStep;
+    let flags = FLAG_RATCHET;
+    if (usePadding) flags |= FLAG_PADDED;
+    if (useSealed) flags |= FLAG_SEALED;
+    const header = makeProtoHeader(flags, currentStep);
+    const messageBytes = new Uint8Array(header.length + contentBytes.length);
+    messageBytes.set(header, 0);
+    messageBytes.set(contentBytes, header.length);
+    const nonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const ciphertext = import_tweetnacl.default.secretbox(messageBytes, nonce, messageKey);
     if (!ciphertext) {
       throw new Error("Encryption failed");
     }
@@ -2536,7 +2623,8 @@ var VoidlyAgent = class _VoidlyAgent {
       to: recipientDid,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       nonce: (0, import_tweetnacl_util.encodeBase64)(nonce),
-      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext))
+      ciphertext_hash: await sha256((0, import_tweetnacl_util.encodeBase64)(ciphertext)),
+      ratchet_step: currentStep
     });
     const signature = import_tweetnacl.default.sign.detached((0, import_tweetnacl_util.decodeUTF8)(envelopeData), this.signingKeyPair.secretKey);
     const payload = {
@@ -2612,13 +2700,85 @@ var VoidlyAgent = class _VoidlyAgent {
     const decrypted = [];
     for (const msg of data.messages) {
       try {
+        if (this._seenMessageIds.has(msg.id)) continue;
         const senderEncPub = (0, import_tweetnacl_util.decodeBase64)(msg.sender_encryption_key);
         const ciphertext = (0, import_tweetnacl_util.decodeBase64)(msg.ciphertext);
         const nonce = (0, import_tweetnacl_util.decodeBase64)(msg.nonce);
-        const rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
-        if (!rawPlaintext) continue;
+        let rawPlaintext = null;
+        let envelopeRatchetStep = 0;
+        if (msg.envelope) {
+          try {
+            const env = JSON.parse(msg.envelope);
+            if (typeof env.ratchet_step === "number") {
+              envelopeRatchetStep = env.ratchet_step;
+            }
+          } catch {
+          }
+        }
+        if (envelopeRatchetStep > 0) {
+          const pairId = `${msg.from}:${this.did}`;
+          let state = this._ratchetStates.get(pairId);
+          if (!state) {
+            const sharedSecret = import_tweetnacl.default.box.before(senderEncPub, this.encryptionKeyPair.secretKey);
+            state = {
+              sendChainKey: sharedSecret,
+              // Our sending chain to this peer
+              sendStep: 0,
+              recvChainKey: sharedSecret,
+              // Their sending chain (our receiving)
+              recvStep: 0,
+              skippedKeys: /* @__PURE__ */ new Map()
+            };
+            this._ratchetStates.set(pairId, state);
+          }
+          const targetStep = envelopeRatchetStep;
+          if (state.skippedKeys.has(targetStep)) {
+            const mk = state.skippedKeys.get(targetStep);
+            rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, mk);
+            state.skippedKeys.delete(targetStep);
+          } else if (targetStep > state.recvStep) {
+            const skip = targetStep - state.recvStep;
+            if (skip > MAX_SKIP) {
+              rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+            } else {
+              let ck = state.recvChainKey;
+              for (let i = state.recvStep + 1; i < targetStep; i++) {
+                const { nextChainKey: nextChainKey2, messageKey: skippedMk } = await ratchetStep(ck);
+                state.skippedKeys.set(i, skippedMk);
+                ck = nextChainKey2;
+                if (state.skippedKeys.size > MAX_SKIP) {
+                  const oldest = state.skippedKeys.keys().next().value;
+                  if (oldest !== void 0) state.skippedKeys.delete(oldest);
+                }
+              }
+              const { nextChainKey, messageKey } = await ratchetStep(ck);
+              state.recvChainKey = nextChainKey;
+              state.recvStep = targetStep;
+              rawPlaintext = import_tweetnacl.default.secretbox.open(ciphertext, nonce, messageKey);
+            }
+          }
+          if (!rawPlaintext) {
+            rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+          }
+        } else {
+          rawPlaintext = import_tweetnacl.default.box.open(ciphertext, nonce, senderEncPub, this.encryptionKeyPair.secretKey);
+        }
+        if (!rawPlaintext) {
+          this._decryptFailCount++;
+          continue;
+        }
         let plaintextBytes = rawPlaintext;
-        if (rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
+        let wasPadded = false;
+        let wasSealed = false;
+        const proto = parseProtoHeader(rawPlaintext);
+        if (proto) {
+          wasPadded = !!(proto.flags & FLAG_PADDED);
+          wasSealed = !!(proto.flags & FLAG_SEALED);
+          plaintextBytes = proto.content;
+        }
+        if (wasPadded) {
+          plaintextBytes = unpadMessage(plaintextBytes);
+        } else if (!proto && rawPlaintext.length >= 256 && (rawPlaintext.length & rawPlaintext.length - 1) === 0) {
           const unpadded = unpadMessage(rawPlaintext);
           if (unpadded.length < rawPlaintext.length) {
             plaintextBytes = unpadded;
@@ -2626,10 +2786,12 @@ var VoidlyAgent = class _VoidlyAgent {
         }
         let content = (0, import_tweetnacl_util.encodeUTF8)(plaintextBytes);
         let senderDid = msg.from;
-        const unsealed = unsealEnvelope(content);
-        if (unsealed) {
-          content = unsealed.msg;
-          senderDid = unsealed.from;
+        if (wasSealed || !proto) {
+          const unsealed = unsealEnvelope(content);
+          if (unsealed) {
+            content = unsealed.msg;
+            senderDid = unsealed.from;
+          }
         }
         let signatureValid = false;
         try {
@@ -2650,6 +2812,15 @@ var VoidlyAgent = class _VoidlyAgent {
         } catch {
           signatureValid = false;
         }
+        if (this.requireSignatures && !signatureValid) {
+          this._decryptFailCount++;
+          continue;
+        }
+        this._seenMessageIds.add(msg.id);
+        if (this._seenMessageIds.size > 1e4) {
+          const first = this._seenMessageIds.values().next().value;
+          if (first !== void 0) this._seenMessageIds.delete(first);
+        }
         decrypted.push({
           id: msg.id,
           from: senderDid,
@@ -2664,6 +2835,7 @@ var VoidlyAgent = class _VoidlyAgent {
           expiresAt: msg.expires_at
         });
       } catch {
+        this._decryptFailCount++;
       }
     }
     return decrypted;
@@ -2714,9 +2886,19 @@ var VoidlyAgent = class _VoidlyAgent {
    * Look up an agent's public profile and keys.
    */
   async getIdentity(did) {
+    const cached = this._identityCache.get(did);
+    if (cached && Date.now() - cached.cachedAt < 3e5) {
+      return cached.profile;
+    }
     const res = await fetch(`${this.baseUrl}/v1/agent/identity/${did}`);
     if (!res.ok) return null;
-    return await res.json();
+    const profile = await res.json();
+    this._identityCache.set(did, { profile, cachedAt: Date.now() });
+    if (this._identityCache.size > 500) {
+      const oldest = this._identityCache.keys().next().value;
+      if (oldest !== void 0) this._identityCache.delete(oldest);
+    }
+    return profile;
   }
   /**
    * Search for agents by name or capability.
@@ -2776,10 +2958,14 @@ var VoidlyAgent = class _VoidlyAgent {
    * Delete a webhook.
    */
   async deleteWebhook(webhookId) {
-    await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
+    const res = await fetch(`${this.baseUrl}/v1/agent/webhooks/${webhookId}`, {
       method: "DELETE",
       headers: { "X-Agent-Key": this.apiKey }
     });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({}));
+      throw new Error(`Webhook delete failed: ${err.error || res.statusText}`);
+    }
   }
   /**
    * Verify a webhook payload signature (for use in your webhook handler).
@@ -3397,13 +3583,21 @@ var VoidlyAgent = class _VoidlyAgent {
    * The relay finds matching agents and creates individual tasks for each.
    */
   async broadcastTask(options) {
+    const inputBytes = (0, import_tweetnacl_util.decodeUTF8)(options.input);
+    const broadcastNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const broadcastEncrypted = import_tweetnacl.default.secretbox(inputBytes, broadcastNonce, import_tweetnacl.default.box.before(
+      this.encryptionKeyPair.publicKey,
+      this.encryptionKeyPair.secretKey
+    ));
+    const broadcastSig = import_tweetnacl.default.sign.detached(inputBytes, this.signingKeyPair.secretKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/tasks/broadcast`, {
       method: "POST",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
         capability: options.capability,
-        encrypted_input: (0, import_tweetnacl_util.encodeBase64)((0, import_tweetnacl_util.decodeUTF8)(options.input)),
-        input_nonce: (0, import_tweetnacl_util.encodeBase64)(import_tweetnacl.default.randomBytes(24)),
+        encrypted_input: (0, import_tweetnacl_util.encodeBase64)(broadcastEncrypted),
+        input_nonce: (0, import_tweetnacl_util.encodeBase64)(broadcastNonce),
+        input_signature: (0, import_tweetnacl_util.encodeBase64)(broadcastSig),
         priority: options.priority,
         max_agents: options.maxAgents,
         min_trust_level: options.minTrustLevel,
@@ -3473,16 +3667,30 @@ var VoidlyAgent = class _VoidlyAgent {
   // ─── Memory Store ──────────────────────────────────────────────────────────
   /**
    * Store an encrypted key-value pair in persistent memory.
-   * Values are encrypted with a key derived from your API key — only you can read them.
+   * Values are encrypted CLIENT-SIDE with nacl.secretbox before sending to relay.
+   * The relay never sees plaintext values — true E2E encrypted storage.
    */
   async memorySet(namespace, key, value, options) {
+    const valueStr = JSON.stringify(value);
+    const valueBytes = (0, import_tweetnacl_util.decodeUTF8)(valueStr);
+    const memNonce = import_tweetnacl.default.randomBytes(import_tweetnacl.default.secretbox.nonceLength);
+    const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+    let memKey;
+    if (typeof globalThis.crypto?.subtle !== "undefined") {
+      memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+    } else {
+      const { createHash } = await import("crypto");
+      memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+    }
+    const encryptedValue = import_tweetnacl.default.secretbox(valueBytes, memNonce, memKey);
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
       method: "PUT",
       headers: { "Content-Type": "application/json", "X-Agent-Key": this.apiKey },
       body: JSON.stringify({
-        value,
-        value_type: options?.valueType || (typeof value === "object" ? "json" : typeof value),
-        ttl: options?.ttl
+        value: (0, import_tweetnacl_util.encodeBase64)(encryptedValue),
+        value_type: `encrypted:${options?.valueType || (typeof value === "object" ? "json" : typeof value)}`,
+        ttl: options?.ttl,
+        client_nonce: (0, import_tweetnacl_util.encodeBase64)(memNonce)
       })
     });
     if (!res.ok) throw new Error(`Memory set failed: ${res.status} ${await res.text()}`);
@@ -3490,7 +3698,7 @@ var VoidlyAgent = class _VoidlyAgent {
   }
   /**
    * Retrieve a value from persistent memory.
-   * Decrypted server-side using your API key derivation.
+   * Decrypted CLIENT-SIDE — relay never sees plaintext.
    */
   async memoryGet(namespace, key) {
     const res = await fetch(`${this.baseUrl}/v1/agent/memory/${encodeURIComponent(namespace)}/${encodeURIComponent(key)}`, {
@@ -3498,7 +3706,28 @@ var VoidlyAgent = class _VoidlyAgent {
     });
     if (res.status === 404) return null;
     if (!res.ok) throw new Error(`Memory get failed: ${res.status} ${await res.text()}`);
-    return res.json();
+    const data = await res.json();
+    if (data.value_type?.startsWith("encrypted:") && data.client_nonce) {
+      try {
+        const memKeyInput = new Uint8Array([...this.encryptionKeyPair.secretKey, 77, 69, 77]);
+        let memKey;
+        if (typeof globalThis.crypto?.subtle !== "undefined") {
+          memKey = new Uint8Array(await globalThis.crypto.subtle.digest("SHA-256", memKeyInput));
+        } else {
+          const { createHash } = await import("crypto");
+          memKey = new Uint8Array(createHash("sha256").update(Buffer.from(memKeyInput)).digest());
+        }
+        const encBytes = (0, import_tweetnacl_util.decodeBase64)(data.value);
+        const memNonce = (0, import_tweetnacl_util.decodeBase64)(data.client_nonce);
+        const plain = import_tweetnacl.default.secretbox.open(encBytes, memNonce, memKey);
+        if (plain) {
+          data.value = JSON.parse((0, import_tweetnacl_util.encodeUTF8)(plain));
+          data.value_type = data.value_type.replace("encrypted:", "");
+        }
+      } catch {
+      }
+    }
+    return data;
   }
   /**
    * Delete a key from persistent memory.
@@ -3967,31 +4196,40 @@ var VoidlyAgent = class _VoidlyAgent {
         "Approximate message size (even with padding, bounded to power-of-2)"
       ],
       relayCannotSee: [
-        "Message content (E2E encrypted with NaCl box)",
+        "Message content (E2E encrypted \u2014 nacl.secretbox with ratchet-derived per-message keys)",
         "Private keys (generated and stored client-side only)",
-        "Memory values (encrypted with key derived from your API key)",
-        "Attestation content (signed but readable by anyone with the attestation)",
+        "Memory values (encrypted CLIENT-SIDE with nacl.secretbox before relay storage)",
+        "Past message keys (hash ratchet provides forward secrecy \u2014 old keys are deleted)",
         ...this.sealedSender ? ["Sender identity (sealed inside ciphertext)"] : []
       ],
       protections: [
+        "Hash ratchet forward secrecy \u2014 per-message key derivation, old keys deleted",
         "X25519 key exchange + XSalsa20-Poly1305 authenticated encryption",
-        "Ed25519 signatures on every message",
+        "Ed25519 signatures on every message (envelope + ciphertext hash)",
         "TOFU key pinning (MitM detection on key change)",
+        "Client-side memory encryption (relay never sees plaintext values)",
+        "Protocol version header (deterministic padding/sealing detection, no heuristics)",
+        "Identity cache (reduced key lookups, 5-min TTL)",
+        "Message deduplication (track seen message IDs)",
+        "Request validation (fromCredentials validates key sizes and format)",
         ...this.paddingEnabled ? ["Message padding to power-of-2 boundary (traffic analysis resistance)"] : [],
         ...this.sealedSender ? ["Sealed sender (relay cannot see who sent a message)"] : [],
+        ...this.requireSignatures ? ["Strict signature enforcement (reject unsigned/invalid messages)"] : [],
         ...this.fallbackRelays.length > 0 ? [`Multi-relay fallback (${this.fallbackRelays.length} backup relays)`] : [],
         "Auto-retry with exponential backoff",
-        "Offline message queue"
+        "Offline message queue",
+        "did:key interoperability (W3C standard DID format)"
       ],
       gaps: [
-        "No forward secrecy \u2014 same keypair for all messages (compromise exposes ALL history)",
-        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later",
+        "No DH ratchet yet \u2014 hash ratchet only (no post-compromise recovery, planned for v3)",
+        "No post-quantum protection \u2014 vulnerable to harvest-now-decrypt-later (planned for v3)",
         "Channel encryption is server-side (relay holds channel keys, NOT true E2E)",
         "Metadata (who, when, thread structure) visible to relay operator",
         "Single relay architecture (no onion routing, no mix network)",
         "Ed25519 signatures are non-repudiable (no deniable messaging)",
         "No async key agreement (no X3DH prekeys)",
-        "Polling-based (no WebSocket real-time transport)"
+        "Polling-based (no WebSocket real-time transport)",
+        "Ratchet state is in-memory (lost on process restart \u2014 export credentials to persist)"
       ]
     };
   }
@@ -4017,6 +4255,9 @@ var Conversation = class {
       replyTo: this._lastMessageId || void 0
     });
     this._lastMessageId = result.id;
+    if (this._messageHistory.length >= 1e3) {
+      this._messageHistory.splice(0, this._messageHistory.length - 999);
+    }
     this._messageHistory.push({
       id: result.id,
       from: this.agent.did,
@@ -4091,14 +4332,23 @@ var Conversation = class {
   async waitForReply(timeoutMs = 3e4) {
     return new Promise((resolve, reject) => {
       let resolved = false;
+      let pollTimer = null;
+      const cleanup = () => {
+        resolved = true;
+        if (pollTimer) {
+          clearTimeout(pollTimer);
+          pollTimer = null;
+        }
+      };
       const timeout = setTimeout(() => {
         if (!resolved) {
-          resolved = true;
+          cleanup();
           reject(new Error(`No reply received within ${timeoutMs}ms`));
         }
       }, timeoutMs);
       const check = async () => {
-        while (!resolved) {
+        if (resolved) return;
+        try {
           const messages = await this.agent.receive({
             from: this.peerDid,
             threadId: this.threadId,
@@ -4106,9 +4356,12 @@ var Conversation = class {
             limit: 1
           });
           if (messages.length > 0 && !resolved) {
-            resolved = true;
             clearTimeout(timeout);
+            cleanup();
             const msg = messages[0];
+            if (this._messageHistory.length >= 1e3) {
+              this._messageHistory.splice(0, this._messageHistory.length - 999);
+            }
             this._messageHistory.push({
               id: msg.id,
               from: msg.from,
@@ -4123,16 +4376,19 @@ var Conversation = class {
             resolve(msg);
             return;
           }
-          await new Promise((r) => setTimeout(r, 1500));
+        } catch (err) {
+          if (!resolved) {
+            clearTimeout(timeout);
+            cleanup();
+            reject(err instanceof Error ? err : new Error(String(err)));
+            return;
+          }
         }
-      };
-      check().catch((err) => {
         if (!resolved) {
-          resolved = true;
-          clearTimeout(timeout);
-          reject(err);
+          pollTimer = setTimeout(check, 1500);
         }
-      });
+      };
+      check();
     });
   }
   /**

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@voidly/agent-sdk",
-  "version": "2.0.0",
-  "description": "E2E encrypted agent-to-agent communication SDK — padding, sealed sender, multi-relay fallback",
+  "version": "2.1.0",
+  "description": "E2E encrypted agent-to-agent communication SDK — forward secrecy, padding, sealed sender, client-side memory encryption",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",