@zi2/relay-sdk 1.0.2 → 2.0.0

package/README.md

@@ -228,7 +228,7 @@ model PhoneRelay {
   organizationId        String
   deviceName            String
   platform              String
-  phoneNumber           String?
+  relayIdentifier       String    @unique
   devicePublicKey       String
   sharedKeyEncrypted    String
   authTokenHash         String
@@ -364,7 +364,6 @@ const result = await sdk.completePairing({
   devicePublicKey: '<device X25519 public key>',
   deviceName: 'Samsung Galaxy S24',
   platform: 'android',
-  phoneNumber: '+15551234567',
 });
 // Returns: { relayId, authToken }
 ```

package/dist/adapters/prisma-adapter.d.ts

@@ -1,4 +1,4 @@
-import { D as DatabaseAdapter, P as PhoneRelayRecord, c as CreateRelayInput, d as PhoneRelayPairingRecord, e as CreatePairingInput, R as RelayMessageRecord, f as CreateMessageInput } from '../types-CPJUrmcy.js';
+import { D as DatabaseAdapter, P as PhoneRelayRecord, c as CreateRelayInput, d as PhoneRelayPairingRecord, e as CreatePairingInput, R as RelayMessageRecord, f as CreateMessageInput } from '../types-BlrN83F-.js';
 import 'ws';
 
 /**

package/dist/client/index.d.ts

@@ -39,7 +39,7 @@ interface QrPayload {
     url: string;
 }
 declare function parseQrPayload(data: string): QrPayload;
-declare function completePairing(qr: QrPayload, deviceName: string, platform: string, phoneNumber?: string): Promise<any>;
+declare function completePairing(qr: QrPayload, deviceName: string, platform: string): Promise<any>;
 
 declare function requestSmsPermission(): Promise<boolean>;
 declare function sendNativeSms(to: string, body: string): Promise<boolean>;

package/dist/client/index.js

@@ -208,7 +208,7 @@ function parseQrPayload(data) {
   if (!parsed.pid || !parsed.spk || !parsed.pt || !parsed.url) throw new Error("Invalid QR data");
   return parsed;
 }
-async function completePairing(qr, deviceName, platform, phoneNumber) {
+async function completePairing(qr, deviceName, platform) {
   console.log("[Pairing] Starting pairing...");
   console.log("[Pairing] QR url:", qr.url);
   const keyPair = await generateX25519KeyPair();
@@ -226,8 +226,7 @@ async function completePairing(qr, deviceName, platform, phoneNumber) {
     pairingToken: qr.pt,
     devicePublicKey: keyPair.publicKey,
     deviceName,
-    platform,
-    phoneNumber
+    platform
   };
   const response = await fetch(endpoint, {
     method: "POST",

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { E as EncryptionAdapter, B as BroadcastAdapter, L as LoggerAdapter, A as AuditAdapter, a as AuditEntry, D as DatabaseAdapter, S as SmsProviderAdapter, b as SmsSendResponse, F as FallbackConfig, C as ConnectionBroker, P as PhoneRelayRecord, c as CreateRelayInput, d as PhoneRelayPairingRecord, e as CreatePairingInput, R as RelayMessageRecord, f as CreateMessageInput, g as RelaySDKConfig, h as RelaySDK } from './types-CPJUrmcy.js';
-export { M as MessageList, i as PairingCompleteResult, j as PairingResult, k as RelayDetail, l as RelayListItem, m as SendResult } from './types-CPJUrmcy.js';
+import { E as EncryptionAdapter, B as BroadcastAdapter, L as LoggerAdapter, A as AuditAdapter, a as AuditEntry, D as DatabaseAdapter, S as SmsProviderAdapter, b as SmsSendResponse, F as FallbackConfig, C as ConnectionBroker, P as PhoneRelayRecord, c as CreateRelayInput, d as PhoneRelayPairingRecord, e as CreatePairingInput, R as RelayMessageRecord, f as CreateMessageInput, g as RelaySDKConfig, h as RelaySDK } from './types-BlrN83F-.js';
+export { M as MessageList, i as PairingCompleteResult, j as PairingResult, k as RelayDetail, l as RelayListItem, m as SendResult } from './types-BlrN83F-.js';
 import { z } from 'zod';
 import { WebSocket } from 'ws';
 
@@ -63,21 +63,18 @@ declare const completePairingSchema: z.ZodObject<{
     devicePublicKey: z.ZodString;
     deviceName: z.ZodString;
     platform: z.ZodEnum<["android", "ios"]>;
-    phoneNumber: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     deviceName: string;
     platform: "android" | "ios";
     devicePublicKey: string;
     pairingToken: string;
     pairingId: string;
-    phoneNumber?: string | undefined;
 }, {
     deviceName: string;
     platform: "android" | "ios";
     devicePublicKey: string;
     pairingToken: string;
     pairingId: string;
-    phoneNumber?: string | undefined;
 }>;
 declare const updatePhoneRelaySchema: z.ZodObject<{
     deviceName: z.ZodOptional<z.ZodString>;
@@ -453,8 +450,8 @@ declare function createQueueService(deps: QueueServiceDeps): {
         messageId: string;
         status: string;
     }>;
-    handleAck: (messageId: string, status: string, nativeMessageId?: string, errorMessage?: string) => Promise<void>;
-    handleDeliveryReceipt: (messageId: string, deliveryStatus: string) => Promise<void>;
+    handleAck: (messageId: string, relayId: string, status: string, nativeMessageId?: string, errorMessage?: string) => Promise<void>;
+    handleDeliveryReceipt: (messageId: string, relayId: string, deliveryStatus: string) => Promise<void>;
     drainQueue: (relayId: string) => Promise<void>;
 };
 type QueueService = ReturnType<typeof createQueueService>;
@@ -565,6 +562,16 @@ declare function decryptE2E(ciphertext: string, sharedKey: Buffer): string;
 declare function hashToken(token: string): string;
 declare function generateSecureToken(bytes?: number): string;
 declare function timingSafeCompare(a: string, b: string): boolean;
+/**
+ * Generate a unique anonymous relay identifier.
+ * Format: RELAY-XXXX (4 random hex chars, uppercase)
+ *
+ * Patent claim: The relay server assigns cryptographic identifiers
+ * to physical devices WITHOUT ever collecting or storing the device's
+ * phone number. The identifier has no mathematical relationship to
+ * the phone number.
+ */
+declare function generateRelayIdentifier(): string;
 
 /**
  * @zi2/relay-sdk — Standalone SMS Relay SDK
@@ -590,4 +597,4 @@ declare function timingSafeCompare(a: string, b: string): boolean;
 
 declare function createRelay(config: RelaySDKConfig): RelaySDK;
 
-export { AesGcmEncryption, AuditAdapter, AuditEntry, AuthLimiter, BroadcastAdapter, type CompletePairingInput, ConnectionBroker, ConsoleAudit, ConsoleLogger, CreateMessageInput, CreatePairingInput, CreateRelayInput, DatabaseAdapter, EncryptionAdapter, FallbackConfig, FallbackProvider, LoggerAdapter, MemoryAdapter, NoopAudit, NoopBroadcast, PhoneRelayPairingRecord, PhoneRelayProvider, PhoneRelayRecord, RELAY_DELIVERY_STATUS, RELAY_ERRORS, RELAY_ERRORS_EXTENDED, RELAY_LIMITS, RELAY_MESSAGE_STATUS, RELAY_MESSAGE_TYPES, RELAY_PAIRING_STATUS, RELAY_PLATFORMS, RELAY_STATUS, RedisBroker, RelayError, RelayMessageRecord, type RelayMessageStatus, type RelayMessageType, type RelayPlatform, RelaySDK, RelaySDKConfig, type RelayStatus, SmsProviderAdapter, SmsSendResponse, type TestRelaySmsInput, type UpdatePhoneRelayInput, completePairingSchema, createRelay, createRelayError, decryptE2E, deriveSharedKey, encryptE2E, generateSecureToken, generateX25519KeyPair, getRelaySocket, getRelayTranslations, getSupportedLocales, getTranslation, hashToken, isRelayOnline, relayMessagesQuerySchema, testRelaySmsSchema, timingSafeCompare, updatePhoneRelaySchema, withRedaction };
+export { AesGcmEncryption, AuditAdapter, AuditEntry, AuthLimiter, BroadcastAdapter, type CompletePairingInput, ConnectionBroker, ConsoleAudit, ConsoleLogger, CreateMessageInput, CreatePairingInput, CreateRelayInput, DatabaseAdapter, EncryptionAdapter, FallbackConfig, FallbackProvider, LoggerAdapter, MemoryAdapter, NoopAudit, NoopBroadcast, PhoneRelayPairingRecord, PhoneRelayProvider, PhoneRelayRecord, RELAY_DELIVERY_STATUS, RELAY_ERRORS, RELAY_ERRORS_EXTENDED, RELAY_LIMITS, RELAY_MESSAGE_STATUS, RELAY_MESSAGE_TYPES, RELAY_PAIRING_STATUS, RELAY_PLATFORMS, RELAY_STATUS, RedisBroker, RelayError, RelayMessageRecord, type RelayMessageStatus, type RelayMessageType, type RelayPlatform, RelaySDK, RelaySDKConfig, type RelayStatus, SmsProviderAdapter, SmsSendResponse, type TestRelaySmsInput, type UpdatePhoneRelayInput, completePairingSchema, createRelay, createRelayError, decryptE2E, deriveSharedKey, encryptE2E, generateRelayIdentifier, generateSecureToken, generateX25519KeyPair, getRelaySocket, getRelayTranslations, getSupportedLocales, getTranslation, hashToken, isRelayOnline, relayMessagesQuerySchema, testRelaySmsSchema, timingSafeCompare, updatePhoneRelaySchema, withRedaction };

package/dist/index.js

@@ -128,11 +128,21 @@ function createQueueService(deps) {
     if (!relay || relay.status !== RELAY_STATUS.ACTIVE && relay.status !== RELAY_STATUS.DEGRADED) {
       throw new Error("Relay not found or inactive");
     }
+    const todayUTC = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+    const dailyCount = relay.dailyResetAt && relay.dailyResetAt.toISOString().slice(0, 10) === todayUTC ? relay.dailySmsSent : 0;
+    if (dailyCount >= relay.maxSmsPerDay) {
+      throw new Error(`Daily SMS limit reached (${relay.maxSmsPerDay}/day)`);
+    }
     let sharedKeyHex;
     try {
-      sharedKeyHex = encryption.decrypt(relay.sharedKeyEncrypted);
+      const decrypted = encryption.decrypt(relay.sharedKeyEncrypted);
+      if (decrypted.startsWith("{")) {
+        throw new Error("Relay is in pending key rotation \u2014 retry after rotation completes");
+      }
+      sharedKeyHex = decrypted;
     } catch (err) {
-      throw new Error(`Failed to decrypt relay shared key: ${err}`);
+      logger.error("Failed to decrypt relay shared key", { relayId, error: String(err) });
+      throw new Error("Failed to prepare message for relay");
     }
     const sharedKey = Buffer.from(sharedKeyHex, "hex");
     const payload = JSON.stringify({ to, body });
@@ -170,7 +180,12 @@ function createQueueService(deps) {
       });
     });
   }
-  async function handleAck(messageId, status, nativeMessageId, errorMessage) {
+  async function handleAck(messageId, relayId, status, nativeMessageId, errorMessage) {
+    const message = await db.findMessage(messageId).catch(() => null);
+    if (!message || message.relayId !== relayId) {
+      logger.warn("ACK rejected \u2014 message does not belong to relay", { messageId, relayId });
+      return;
+    }
     const updateData = {
       status: status === "sent" ? RELAY_MESSAGE_STATUS.DELIVERED : RELAY_MESSAGE_STATUS.FAILED,
       ackedAt: /* @__PURE__ */ new Date()
@@ -178,32 +193,37 @@ function createQueueService(deps) {
     if (nativeMessageId) updateData.nativeMessageId = nativeMessageId;
     if (errorMessage) updateData.errorMessage = errorMessage;
     await db.updateMessage(messageId, updateData);
-    const message = await db.findMessage(messageId).catch(() => null);
     try {
-      if (message) {
-        if (status === "sent") {
-          await db.incrementRelayStat(message.relayId, "totalSmsSent");
-          await db.incrementRelayStat(message.relayId, "dailySmsSent");
-        } else {
-          await db.incrementRelayStat(message.relayId, "totalSmsFailed");
-        }
+      if (status === "sent") {
+        await db.incrementRelayStat(message.relayId, "totalSmsSent");
+        await db.incrementRelayStat(message.relayId, "dailySmsSent");
+      } else {
+        await db.incrementRelayStat(message.relayId, "totalSmsFailed");
       }
     } catch (err) {
       logger.error("Failed to update relay stats after ack", { messageId, error: String(err) });
     }
     ackEmitter.emit(`ack:${messageId}`, status);
-    if (message) {
-      if (status === "sent") {
-        events.emit("message:delivered", messageId, message.relayId);
-      } else {
-        events.emit("message:failed", messageId, message.relayId, errorMessage || "Unknown error");
-      }
+    if (status === "sent") {
+      events.emit("message:delivered", messageId, message.relayId);
+    } else {
+      events.emit("message:failed", messageId, message.relayId, errorMessage || "Unknown error");
     }
   }
-  async function handleDeliveryReceipt(messageId, deliveryStatus) {
+  async function handleDeliveryReceipt(messageId, relayId, deliveryStatus) {
+    const message = await db.findMessage(messageId).catch(() => null);
+    if (!message || message.relayId !== relayId) {
+      logger.warn("Delivery receipt rejected \u2014 message does not belong to relay", { messageId, relayId });
+      return;
+    }
     await db.updateMessage(messageId, { deliveryStatus });
   }
   async function drainQueue(relayId) {
+    const relay = await db.findRelay(relayId);
+    if (!relay || relay.status === "revoked") {
+      logger.warn("drainQueue skipped \u2014 relay revoked or not found", { relayId });
+      return;
+    }
     const pendingMessages = await db.findPendingMessages(relayId, 50);
     const ws = getRelaySocket(relayId);
     if (!ws || ws.readyState !== 1) return;
@@ -240,6 +260,9 @@ function timingSafeCompare(a, b) {
     return false;
   }
 }
+function generateRelayIdentifier() {
+  return `RELAY-${crypto3.randomBytes(2).toString("hex").toUpperCase()}`;
+}
 
 // src/errors.ts
 var RelayError = class extends Error {
@@ -311,11 +334,12 @@ function createPairingService(deps) {
       wsUrl
     };
   }
-  async function completePairing(pairingId, pairingToken, devicePublicKey, deviceName, platform, phoneNumber) {
+  async function completePairing(pairingId, pairingToken, devicePublicKey, deviceName, platform) {
     const pairing = await db.findPairing(pairingId);
     if (!pairing) throw createRelayError("PAIRING_NOT_FOUND");
     if (pairing.status !== RELAY_PAIRING_STATUS.PENDING) throw createRelayError("PAIRING_EXPIRED");
     if (!timingSafeCompare(pairing.pairingToken, pairingToken)) {
+      await db.updatePairingStatus(pairingId, RELAY_PAIRING_STATUS.EXPIRED);
       throw createRelayError("PAIRING_INVALID_TOKEN");
     }
     if (/* @__PURE__ */ new Date() > pairing.expiresAt) {
@@ -326,11 +350,20 @@ function createPairingService(deps) {
     const sharedKey = deriveSharedKey(serverPrivateKey, devicePublicKey);
     const authToken = generateSecureToken(64);
     const authTokenHashed = hashToken(authToken);
+    const existingRelays = await db.findRelays(pairing.organizationId, "revoked");
+    let uniqueName = deviceName;
+    const existingNames = existingRelays.map((r) => r.deviceName);
+    if (existingNames.includes(uniqueName)) {
+      let counter = 2;
+      while (existingNames.includes(`${deviceName} (${counter})`)) counter++;
+      uniqueName = `${deviceName} (${counter})`;
+    }
+    const relayIdentifier = generateRelayIdentifier();
     const relay = await db.createRelay({
       organizationId: pairing.organizationId,
-      deviceName,
+      deviceName: uniqueName,
       platform,
-      phoneNumber: phoneNumber || null,
+      relayIdentifier,
       devicePublicKey,
       sharedKeyEncrypted: encryption.encrypt(sharedKey.toString("hex")),
       authTokenHash: authTokenHashed,
@@ -348,7 +381,7 @@ function createPairingService(deps) {
     });
     await db.updatePairingStatus(pairingId, RELAY_PAIRING_STATUS.COMPLETED);
     try {
-      await deps.onPairingComplete?.({ relayId: relay.id, orgId: pairing.organizationId, deviceName, phoneNumber });
+      await deps.onPairingComplete?.({ relayId: relay.id, orgId: pairing.organizationId, deviceName: uniqueName, relayIdentifier });
     } catch (err) {
       deps.logger.error("onPairingComplete callback failed", { relayId: relay.id, error: String(err) });
     }
@@ -376,14 +409,32 @@ function createPairingService(deps) {
     }
     const { publicKey, privateKey } = generateX25519KeyPair();
     ws.send(JSON.stringify({ type: "rekey", serverPublicKey: publicKey }));
+    const previousKey = relay.sharedKeyEncrypted;
     await db.updateRelay(relayId, {
       sharedKeyEncrypted: encryption.encrypt(JSON.stringify({
         pending: true,
         serverPrivateKey: privateKey,
         serverPublicKey: publicKey,
-        previousSharedKey: relay.sharedKeyEncrypted
+        previousSharedKey: previousKey
       }))
     });
+    setTimeout(async () => {
+      try {
+        const current = await db.findRelay(relayId, orgId);
+        if (!current) return;
+        const decrypted = encryption.decrypt(current.sharedKeyEncrypted);
+        try {
+          const parsed = JSON.parse(decrypted);
+          if (parsed.pending) {
+            logger.warn("Rekey timeout \u2014 rolling back to previous key", { relayId });
+            await db.updateRelay(relayId, { sharedKeyEncrypted: parsed.previousSharedKey });
+          }
+        } catch {
+        }
+      } catch (err) {
+        logger.error("Rekey rollback failed", { relayId, error: String(err) });
+      }
+    }, 6e4);
   }
   return { initiatePairing, completePairing, revokeRelay, rotateKeys };
 }
@@ -635,7 +686,7 @@ var FallbackProvider = class {
 var RATE_LIMIT_WINDOW_MS = 1e4;
 var RATE_LIMIT_MAX_MESSAGES = 100;
 function createWebSocketHandler(deps) {
-  const { db, encryption, broadcast, logger, events, queue, limits } = deps;
+  const { db, encryption, broadcast, logger, events, queue, limits, audit } = deps;
   return function handleWebSocket(socket, request) {
     const log = request.log || logger;
     let authenticated = false;
@@ -661,6 +712,8 @@ function createWebSocketHandler(deps) {
       messageCount++;
       if (messageCount > RATE_LIMIT_MAX_MESSAGES) {
         log.warn("Relay WebSocket rate limit exceeded", { relayId, ip });
+        audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.rate_limited", organizationId: relayOrgId || "", relayId: relayId || void 0, ip }).catch(() => {
+        });
         socket.close(4008, "Rate limit exceeded");
         return;
       }
@@ -680,6 +733,11 @@ function createWebSocketHandler(deps) {
           socket.close(4003, "Missing relayId or token");
           return;
         }
+        if (deps.authLimiter.isLocked(ip)) {
+          log.warn("WebSocket auth blocked \u2014 IP locked out", { ip });
+          socket.close(4009, "Too many failed attempts");
+          return;
+        }
         const tokenHash = hashToken(token);
         const verifiedRelay = await db.findRelayByTokenHash(
           rid,
@@ -687,10 +745,14 @@ function createWebSocketHandler(deps) {
           [RELAY_STATUS.ACTIVE, RELAY_STATUS.DEGRADED]
         ).catch(() => null);
         if (!verifiedRelay) {
+          deps.authLimiter.recordFailure(ip);
           log.warn("Relay WebSocket auth failed", { relayId: rid });
+          audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.auth_failed", organizationId: "", relayId: rid, ip }).catch(() => {
+          });
           socket.close(4004, "Invalid credentials");
           return;
         }
+        deps.authLimiter.recordSuccess(ip);
         clearTimeout(authTimeout);
         authenticated = true;
         relayId = rid;
@@ -701,12 +763,14 @@ function createWebSocketHandler(deps) {
           existing.close(4005, "Replaced by new connection");
         }
         setRelaySocket(rid, socket);
-        await db.updateRelay(rid, {
+        await db.updateRelayByOrg(rid, relayOrgId, {
           lastSeenAt: /* @__PURE__ */ new Date(),
           lastIpAddress: ip,
           status: RELAY_STATUS.ACTIVE
         });
         socket.send(JSON.stringify({ type: "auth_ok" }));
+        audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.connected", organizationId: relayOrgId, relayId: rid, ip }).catch(() => {
+        });
         broadcast.broadcast(verifiedRelay.organizationId, {
           type: "relay:status_change",
           relayId: rid,
@@ -739,42 +803,52 @@ function createWebSocketHandler(deps) {
             const nativeId = isValidStr(message.nativeMessageId) ? message.nativeMessageId : void 0;
             const errorMsg = isValidStr(message.errorMessage, 500) ? message.errorMessage : void 0;
             log.debug("Relay SMS ACK", { relayId, messageId: message.messageId, status });
-            queue.handleAck(message.messageId, status, nativeId, errorMsg).catch(() => {
+            queue.handleAck(message.messageId, relayId, status, nativeId, errorMsg).catch(() => {
             });
           }
           break;
         case RELAY_MESSAGE_TYPES.DELIVERY_RECEIPT:
           if (isValidStr(message.messageId) && isValidStr(message.deliveryStatus, 50)) {
-            queue.handleDeliveryReceipt(message.messageId, message.deliveryStatus).catch(() => {
+            queue.handleDeliveryReceipt(message.messageId, relayId, message.deliveryStatus).catch(() => {
             });
           }
           break;
         case RELAY_MESSAGE_TYPES.PONG:
-          if (relayId) {
-            db.updateRelay(relayId, { lastSeenAt: /* @__PURE__ */ new Date(), lastIpAddress: ip }).catch(() => {
+          if (relayId && relayOrgId) {
+            db.updateRelayByOrg(relayId, relayOrgId, { lastSeenAt: /* @__PURE__ */ new Date(), lastIpAddress: ip }).catch(() => {
             });
           }
           break;
         case RELAY_MESSAGE_TYPES.STATUS:
-          if (relayId) {
+          if (relayId && relayOrgId) {
             const battery = typeof message.batteryLevel === "number" && Number.isFinite(message.batteryLevel) ? Math.max(0, Math.min(100, Math.round(message.batteryLevel))) : null;
             const signal = typeof message.signalStrength === "number" && Number.isFinite(message.signalStrength) ? Math.max(0, Math.min(100, Math.round(message.signalStrength))) : null;
             const statusUpdate = { lastSeenAt: /* @__PURE__ */ new Date() };
             if (battery !== null) statusUpdate.batteryLevel = battery;
             if (signal !== null) statusUpdate.signalStrength = signal;
-            db.updateRelay(relayId, statusUpdate).catch(() => {
+            db.updateRelayByOrg(relayId, relayOrgId, statusUpdate).catch(() => {
             });
           }
           break;
         case RELAY_MESSAGE_TYPES.REKEY_ACK:
-          if (relayId && isValidStr(message.devicePublicKey, 500)) {
+          if (relayId && relayOrgId && isValidStr(message.devicePublicKey, 500)) {
             try {
               const relay = await db.findRelay(relayId);
               if (!relay) break;
               const rekeyData = JSON.parse(encryption.decrypt(relay.sharedKeyEncrypted));
               if (!rekeyData.pending) break;
+              try {
+                const keyBuf = Buffer.from(message.devicePublicKey, "hex");
+                if (keyBuf.length < 32) throw new Error("Key too short");
+              } catch {
+                socket.send(JSON.stringify({ type: "rekey_failed" }));
+                if (rekeyData.previousSharedKey) {
+                  await db.updateRelayByOrg(relayId, relayOrgId, { sharedKeyEncrypted: rekeyData.previousSharedKey });
+                }
+                break;
+              }
               const newSharedKey = deriveSharedKey(rekeyData.serverPrivateKey, message.devicePublicKey);
-              await db.updateRelay(relayId, {
+              await db.updateRelayByOrg(relayId, relayOrgId, {
                 sharedKeyEncrypted: encryption.encrypt(newSharedKey.toString("hex")),
                 devicePublicKey: message.devicePublicKey,
                 keyVersion: relay.keyVersion + 1,
@@ -782,8 +856,18 @@ function createWebSocketHandler(deps) {
               });
               socket.send(JSON.stringify({ type: "rekey_complete" }));
             } catch {
-              log.warn("Rekey failed, notifying device", { relayId });
+              log.warn("Rekey failed, rolling back to previous key", { relayId });
               socket.send(JSON.stringify({ type: "rekey_failed" }));
+              try {
+                const current = await deps.db.findRelay(relayId);
+                if (current) {
+                  const data = JSON.parse(deps.encryption.decrypt(current.sharedKeyEncrypted));
+                  if (data.pending && data.previousSharedKey) {
+                    await deps.db.updateRelayByOrg(relayId, relayOrgId, { sharedKeyEncrypted: data.previousSharedKey });
+                  }
+                }
+              } catch {
+              }
             }
           }
           break;
@@ -795,6 +879,10 @@ function createWebSocketHandler(deps) {
       if (heartbeatInterval) clearInterval(heartbeatInterval);
       if (relayId) {
         deleteRelaySocket(relayId);
+        if (relayOrgId) {
+          audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.disconnected", organizationId: relayOrgId, relayId, ip }).catch(() => {
+          });
+        }
         try {
           if (relayOrgId) {
             broadcast.broadcast(relayOrgId, {
@@ -925,8 +1013,7 @@ var completePairingSchema = z.object({
   pairingToken: z.string().min(1),
   devicePublicKey: z.string().min(44).max(5e3),
   deviceName: z.string().min(1).max(200),
-  platform: z.enum(["android", "ios"]),
-  phoneNumber: z.string().max(30).optional()
+  platform: z.enum(["android", "ios"])
 });
 var updatePhoneRelaySchema = z.object({
   deviceName: z.string().min(1).max(200).optional(),
@@ -935,7 +1022,7 @@ var updatePhoneRelaySchema = z.object({
   maxSmsPerDay: z.number().int().min(1).max(1e4).optional()
 });
 var testRelaySmsSchema = z.object({
-  to: z.string().min(1),
+  to: z.string().min(1).regex(/^\+?[1-9]\d{1,14}$/, "Invalid phone number format (E.164)"),
   body: z.string().min(1).max(160).optional()
 });
 var relayMessagesQuerySchema = z.object({
@@ -2393,24 +2480,33 @@ function createRelay(config) {
     encryption: config.encryption,
     broadcast,
     logger,
+    audit,
     events,
     queue,
-    limits
+    limits,
+    authLimiter
   });
   const sdk = {
     // Pairing
     async initiatePairing(orgId, userId) {
-      return pairing.initiatePairing(orgId, userId);
+      const result = await pairing.initiatePairing(orgId, userId);
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "pairing.initiated", organizationId: orgId, userId }).catch(() => {
+      });
+      return result;
     },
     async completePairing(input) {
-      return pairing.completePairing(
+      const result = await pairing.completePairing(
         input.pairingId,
         input.pairingToken,
         input.devicePublicKey,
         input.deviceName,
-        input.platform,
-        input.phoneNumber
+        input.platform
       );
+      const relay = await config.db.findRelay(result.relayId);
+      const orgId = relay?.organizationId || "";
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "pairing.completed", organizationId: orgId, relayId: result.relayId }).catch(() => {
+      });
+      return result;
     },
     // Relay management
     async listRelays(orgId) {
@@ -2435,16 +2531,58 @@ function createRelay(config) {
     },
     async updateRelay(id, orgId, data) {
       await config.db.updateRelayByOrg(id, orgId, data);
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.updated", organizationId: orgId, relayId: id }).catch(() => {
+      });
     },
     async revokeRelay(id, orgId) {
-      return pairing.revokeRelay(id, orgId);
+      await pairing.revokeRelay(id, orgId);
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.revoked", organizationId: orgId, relayId: id }).catch(() => {
+      });
     },
     async rotateKeys(id, orgId) {
-      return pairing.rotateKeys(id, orgId);
+      await pairing.rotateKeys(id, orgId);
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action: "relay.keys_rotated", organizationId: orgId, relayId: id }).catch(() => {
+      });
     },
     // Messaging
     async sendSMS(options) {
-      return queue.enqueueAndWait(options);
+      const result = await queue.enqueueAndWait(options);
+      const action = result.status === "failed" ? "sms.failed" : "sms.sent";
+      audit.log({ timestamp: /* @__PURE__ */ new Date(), action, organizationId: options.orgId, relayId: options.relayId, metadata: { messageId: result.messageId } }).catch(() => {
+      });
+      return result;
+    },
+    async sendSMSToOrg(options) {
+      const { orgId, to, body, timeoutMs } = options;
+      const allRelays = await config.db.findRelays(orgId, "revoked");
+      const activeRelays = allRelays.filter((r) => r.status === "active" || r.status === "degraded");
+      if (activeRelays.length === 0) {
+        throw new Error("No active relays available for this organization");
+      }
+      const todayUTC = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+      const onlineRelays = activeRelays.filter((r) => isRelayOnline(r.id));
+      const offlineRelays = activeRelays.filter((r) => !isRelayOnline(r.id));
+      const sortedOnline = [...onlineRelays].sort((a, b) => {
+        const aDaily = a.dailyResetAt && a.dailyResetAt.toISOString().slice(0, 10) === todayUTC ? a.dailySmsSent : 0;
+        const bDaily = b.dailyResetAt && b.dailyResetAt.toISOString().slice(0, 10) === todayUTC ? b.dailySmsSent : 0;
+        return aDaily - bDaily;
+      });
+      const sortedOffline = [...offlineRelays].sort((a, b) => {
+        const aTime = a.lastSeenAt ? a.lastSeenAt.getTime() : 0;
+        const bTime = b.lastSeenAt ? b.lastSeenAt.getTime() : 0;
+        return bTime - aTime;
+      });
+      const candidates = [...sortedOnline, ...sortedOffline];
+      let lastError;
+      for (const candidate of candidates) {
+        try {
+          return await queue.enqueueAndWait({ relayId: candidate.id, orgId, to, body, timeoutMs });
+        } catch (err) {
+          lastError = err instanceof Error ? err : new Error(String(err));
+          logger.warn("sendSMSToOrg: relay failed, trying next", { relayId: candidate.id, error: lastError.message });
+        }
+      }
+      throw lastError || new Error("All relays failed");
     },
     async getMessages(relayId, orgId, limit = 50, offset = 0) {
       const relay = await config.db.findRelay(relayId, orgId);
@@ -2525,6 +2663,7 @@ export {
   decryptE2E,
   deriveSharedKey,
   encryptE2E,
+  generateRelayIdentifier,
   generateSecureToken,
   generateX25519KeyPair,
   getRelaySocket,

package/dist/server/fastify-plugin.d.ts

@@ -1,4 +1,4 @@
-import { h as RelaySDK } from '../types-CPJUrmcy.js';
+import { h as RelaySDK } from '../types-BlrN83F-.js';
 import 'ws';
 
 /**
@@ -7,6 +7,10 @@ import 'ws';
  *
  * Requires @fastify/websocket for WebSocket support.
  *
+ * **WebSocket maxPayload:** To limit inbound WebSocket frame sizes (recommended
+ * 64 KB for relay messages), configure `maxPayload` when registering the
+ * `@fastify/websocket` plugin — it cannot be set per-route:
+ *
  * @example
  * ```typescript
  * import Fastify from 'fastify';
@@ -14,7 +18,7 @@ import 'ws';
  * import { relayPlugin } from '@zi2/relay-sdk/fastify';
  *
  * const app = Fastify();
- * await app.register(websocket);
+ * await app.register(websocket, { options: { maxPayload: 65536 } });
  * // Use Fastify's prefix option for route namespacing:
  * await app.register(relayPlugin, { sdk, prefix: '/phone-relay' });
  * ```

package/dist/server/fastify-plugin.js

@@ -5,8 +5,7 @@ var completePairingSchema = z.object({
   pairingToken: z.string().min(1),
   devicePublicKey: z.string().min(44).max(5e3),
   deviceName: z.string().min(1).max(200),
-  platform: z.enum(["android", "ios"]),
-  phoneNumber: z.string().max(30).optional()
+  platform: z.enum(["android", "ios"])
 });
 var updatePhoneRelaySchema = z.object({
   deviceName: z.string().min(1).max(200).optional(),
@@ -15,7 +14,7 @@ var updatePhoneRelaySchema = z.object({
   maxSmsPerDay: z.number().int().min(1).max(1e4).optional()
 });
 var testRelaySmsSchema = z.object({
-  to: z.string().min(1),
+  to: z.string().min(1).regex(/^\+?[1-9]\d{1,14}$/, "Invalid phone number format (E.164)"),
   body: z.string().min(1).max(160).optional()
 });
 var relayMessagesQuerySchema = z.object({
@@ -37,8 +36,7 @@ function createRouteHandlers(sdk) {
         pairingToken: parsed.pairingToken,
         devicePublicKey: parsed.devicePublicKey,
         deviceName: parsed.deviceName,
-        platform: parsed.platform,
-        phoneNumber: parsed.phoneNumber
+        platform: parsed.platform
       });
       return result;
     },

package/dist/{types-CPJUrmcy.d.ts → types-BlrN83F-.d.ts}

@@ -5,7 +5,7 @@ interface PhoneRelayRecord {
     organizationId: string;
     deviceName: string;
     platform: string;
-    phoneNumber: string | null;
+    relayIdentifier: string;
     devicePublicKey: string;
     sharedKeyEncrypted: string;
     authTokenHash: string;
@@ -149,7 +149,7 @@ interface RelaySDKConfig {
         relayId: string;
         orgId: string;
         deviceName: string;
-        phoneNumber?: string;
+        relayIdentifier: string;
     }) => Promise<void>;
     /** Called after relay is revoked. Use to clean up SmsProvider records. */
     onRelayRevoked?: (relay: {
@@ -188,7 +188,7 @@ interface RelayListItem {
     id: string;
     deviceName: string;
     platform: string;
-    phoneNumber: string | null;
+    relayIdentifier: string;
     status: string;
     lastSeenAt: Date | null;
     batteryLevel: number | null;
@@ -207,7 +207,7 @@ interface RelayDetail {
     organizationId: string;
     deviceName: string;
     platform: string;
-    phoneNumber: string | null;
+    relayIdentifier: string;
     status: string;
     keyVersion: number;
     lastKeyRotation: Date;
@@ -249,7 +249,6 @@ interface RelaySDK {
         devicePublicKey: string;
         deviceName: string;
         platform: string;
-        phoneNumber?: string;
     }): Promise<PairingCompleteResult>;
     listRelays(orgId: string): Promise<RelayListItem[]>;
     getRelay(id: string, orgId: string): Promise<RelayDetail | null>;
@@ -263,6 +262,12 @@ interface RelaySDK {
         body: string;
         timeoutMs?: number;
     }): Promise<SendResult>;
+    sendSMSToOrg(options: {
+        orgId: string;
+        to: string;
+        body: string;
+        timeoutMs?: number;
+    }): Promise<SendResult>;
     getMessages(relayId: string, orgId: string, limit?: number, offset?: number): Promise<MessageList>;
     isRelayOnline(relayId: string): boolean;
     getRelaySocket(relayId: string): WebSocket | undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zi2/relay-sdk",
-  "version": "1.0.2",
+  "version": "2.0.0",
   "description": "Enterprise SMS relay SDK with E2E encryption, provider fallback, and PCI DSS v4 compliance",
   "author": "Zenith Intelligence Technologies <dev@zisquare.app>",
   "license": "SEE LICENSE IN LICENSE",

package/prisma/schema.prisma

@@ -20,7 +20,7 @@ model PhoneRelay {
   organizationId     String    @map("organization_id") @db.Uuid
   deviceName         String    @map("device_name") @db.VarChar(200)
   platform           String    @db.VarChar(20)
-  phoneNumber        String?   @map("phone_number") @db.VarChar(30)
+  relayIdentifier    String    @unique @map("relay_identifier") @db.VarChar(10)
   devicePublicKey    String    @map("device_public_key") @db.Text
   sharedKeyEncrypted String    @map("shared_key_encrypted") @db.Text
   authTokenHash      String    @map("auth_token_hash") @db.VarChar(128)