agent-messenger 2.19.4 → 2.20.0

package/dist/src/vendor/linejs/client/login.test.ts

@@ -0,0 +1,11 @@
+import { readFile } from 'node:fs/promises'
+
+import { describe, expect, it } from 'bun:test'
+
+describe('linejs login wrappers', () => {
+  it('passes E2EE option through password login', async () => {
+    const source = await readFile(new URL('./login.js', import.meta.url), 'utf8')
+
+    expect(source).toContain('e2ee: opts.e2ee')
+  })
+})

package/docs/content/docs/cli/line.mdx

@@ -9,14 +9,14 @@ description: Complete reference for the agent-line CLI.
 
 Before diving in, a few things about LINE's architecture:
 
-| Term                      | Description                                                                                                                                                                                |
-| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| **MID**                   | LINE's unique identifier for users, chats, and rooms. Prefixed with `u` (user), `c` (group chat), or `r` (room).                                                                           |
-| **QR code login**         | The primary authentication method. Scan a QR code with the LINE mobile app to authorize the CLI.                                                                                           |
-| **ANDROIDSECONDARY**      | The default device type. Registers as a secondary Android device so your phone and desktop sessions stay active.                                                                           |
-| **E2EE (Letter Sealing)** | LINE's end-to-end encryption. The CLI attempts E2EE first and falls back to plaintext if keys aren't available. Chats that require E2EE reject the fallback and fail with `e2ee_required`. |
-| **Device types**          | Controls which device slot the CLI occupies. Secondary devices coexist with your other sessions.                                                                                           |
-| **PIN verification**      | During login, LINE may display a PIN that you confirm on your phone to authorize the new device.                                                                                           |
+| Term                      | Description                                                                                                                                                                                                                                                                                                                        |
+| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **MID**                   | LINE's unique identifier for users, chats, and rooms. Prefixed with `u` (user), `c` (group chat), or `r` (room).                                                                                                                                                                                                                   |
+| **QR code login**         | The primary authentication method. Scan a QR code with the LINE mobile app to authorize the CLI.                                                                                                                                                                                                                                   |
+| **ANDROIDSECONDARY**      | The default device type. Registers as a secondary Android device so your phone and desktop sessions stay active.                                                                                                                                                                                                                   |
+| **E2EE (Letter Sealing)** | LINE's end-to-end encryption. The CLI encrypts and decrypts E2EE messages when key material is available, restoring keys saved by a prior QR/email login. It attempts E2EE first and falls back to plaintext otherwise. Chats that require E2EE reject the fallback and fail with `e2ee_required` when no key material is present. |
+| **Device types**          | Controls which device slot the CLI occupies. Secondary devices coexist with your other sessions.                                                                                                                                                                                                                                   |
+| **PIN verification**      | During login, LINE may display a PIN that you confirm on your phone to authorize the new device.                                                                                                                                                                                                                                   |
 
 ## Quick Start
 
@@ -192,7 +192,9 @@ Each message includes:
 - `message_id` — unique message identifier
 - `chat_id` — which chat the message belongs to
 - `author_id` — sender's MID
-- `text` — message text content (null for non-text messages)
+- `author_name` — sender's display name, resolved from contacts (omitted when it can't be resolved)
+- `text` — message text content (null for non-text or undecryptable messages). Letter Sealing (E2EE) messages are decrypted automatically when key material is available
+- `decryption_error` — present only when an E2EE message couldn't be decrypted; `{ code, message }` where `code` is `missing_e2ee_key` or `decrypt_failed`
 - `content_type` — message type (NONE = text, IMAGE, VIDEO, etc.)
 - `sent_at` — ISO 8601 timestamp
 
@@ -230,7 +232,7 @@ agent-line message list c7a8b9c0d1e2f3a4b5c6d7e8 -n 200
 - No message editing or deletion
 - No search across chats
 - Plain text messages only (no photos, videos, or rich content)
-- Sending to chats that **require** E2EE (Letter Sealing) is not supported on auth-token sessions; such sends fail with `e2ee_required`
+- Sending to chats that **require** E2EE (Letter Sealing) needs E2EE key material from a prior QR/email login; without it such sends fail with `e2ee_required`
 - Chat IDs are MID strings, not human-readable — use `chat list` to discover them
 
 ## Troubleshooting
@@ -267,7 +269,7 @@ If the QR code doesn't open in your browser:
 
 ### E2EE errors
 
-The CLI tries E2EE (Letter Sealing) first and falls back to plaintext when possible, so most messages still send. Chats that **require** E2EE reject the plaintext fallback, and the send fails with `e2ee_required` — auth-token sessions have no local E2EE key and cannot encrypt for those chats.
+The CLI tries E2EE (Letter Sealing) first and falls back to plaintext when possible, so most messages still send. When E2EE key material is available — restored from a prior QR/email login — the CLI encrypts and decrypts those messages. Chats that **require** E2EE reject the plaintext fallback, so if no key material is present the send fails with `e2ee_required`. Re-run `agent-line auth login` (QR) to provision E2EE keys.
 
 ### PIN verification timeout
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-messenger",
-  "version": "2.19.4",
+  "version": "2.20.0",
   "description": "Multi-platform messaging CLI for AI agents (Slack, Discord, Teams, Webex, Telegram, Telegram Bot, WhatsApp, LINE, Instagram, KakaoTalk, Channel Talk)",
   "repository": {
     "type": "git",

package/skills/agent-channeltalk/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-channeltalk
 description: Interact with Channel Talk using extracted desktop app or browser credentials - read chats, send messages, search messages, manage groups
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-channeltalk:*)
 metadata:
   openclaw:

package/skills/agent-channeltalkbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-channeltalkbot
 description: Interact with Channel Talk workspaces using API credentials - send messages, read chats, manage groups and bots
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-channeltalkbot:*)
 metadata:
   openclaw:

package/skills/agent-discord/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-discord
 description: Interact with Discord servers - send messages, read channels, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-discord:*)
 metadata:
   openclaw:

package/skills/agent-discordbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-discordbot
 description: Interact with Discord servers using bot tokens - send messages, read channels, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-discordbot:*)
 metadata:
   openclaw:

package/skills/agent-instagram/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-instagram
 description: Interact with Instagram DMs - send messages, read conversations, manage accounts
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-instagram:*)
 metadata:
   openclaw:

package/skills/agent-kakaotalk/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-kakaotalk
 description: Interact with KakaoTalk - send messages, read chats, manage conversations
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-kakaotalk:*)
 metadata:
   openclaw:

package/skills/agent-line/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-line
 description: Interact with LINE - send messages, read chats, manage conversations
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-line:*)
 metadata:
   openclaw:
@@ -298,7 +298,9 @@ Each message includes:
 - `message_id` - unique message identifier
 - `type` - message type (text, image, sticker, etc.)
 - `author_id` - sender's MID
-- `text` - message text content
+- `author_name` - sender's display name, resolved from contacts (omitted when unresolved)
+- `text` - message text content (E2EE messages are decrypted automatically when key material is available; null when undecryptable)
+- `decryption_error` - present only for E2EE messages that couldn't be decrypted (`code`: `missing_e2ee_key` or `decrypt_failed`)
 - `sent_at` - Unix timestamp (milliseconds)
 
 ## Output Format
@@ -428,8 +430,8 @@ See the [LINE SDK documentation](https://agent-messenger.dev/docs/sdk/line) for
 ## Limitations
 
 - No auto-extraction of credentials (requires interactive login via QR code or email/password)
-- E2EE (Letter Sealing) may prevent reading some message content
-- Sending to chats that **require** E2EE (Letter Sealing) is not supported on auth-token sessions; such sends fail with `e2ee_required`
+- E2EE (Letter Sealing) messages are decrypted automatically when key material is available (restored from a prior QR/email login); without keys, content may be unreadable
+- Sending to chats that **require** E2EE (Letter Sealing) needs E2EE key material from a prior QR/email login; without it such sends fail with `e2ee_required`
 - No file upload support yet
 - No sticker or rich message sending (text only)
 - No group creation or management
@@ -479,7 +481,7 @@ If commands start failing with `not_authenticated` or `invalid_token`:
 
 ### E2EE messages unreadable
 
-Some chats with Letter Sealing enabled may return empty or encrypted message content. This is a known limitation. The CLI cannot decrypt E2EE messages.
+The CLI decrypts Letter Sealing (E2EE) messages when E2EE key material is available. Keys are provisioned by a QR or email/password login and reused on later sessions. If a message comes back with `text: null` and a `decryption_error` of `missing_e2ee_key`, the session has no usable key — re-run `agent-line auth login` (QR) to provision E2EE keys.
 
 ## References
 

package/skills/agent-line/references/common-patterns.md

@@ -71,12 +71,15 @@ MESSAGES=$(agent-line message list "$CHAT_ID" -n 50)
 MSG_COUNT=$(echo "$MESSAGES" | jq 'length')
 echo "Found $MSG_COUNT messages"
 
-# Show messages
-echo "$MESSAGES" | jq -r '.[] | "\(.author_id): \(.text // "[non-text]")"'
+# Show messages by display name; Letter Sealing messages are decrypted when E2EE
+# key material is available, otherwise decryption_error explains why text is null.
+echo "$MESSAGES" | jq -r '.[] | "\(.author_name // .author_id): \(.text // .decryption_error.message // "[non-text]")"'
 ```
 
 **When to use**: Context gathering, summarizing conversations, catching up on missed messages.
 
+**E2EE note**: `message list` decrypts Letter Sealing (E2EE) messages when key material is available — restored from a prior QR/email login. When keys are missing, `text` is `null` and `decryption_error.code` is `missing_e2ee_key`; re-run `agent-line auth login` (QR) to provision keys.
+
 ## Pattern 4: Monitor for New Messages
 
 **Use case**: Watch a chat room and respond to new messages using the SDK
@@ -130,7 +133,9 @@ listener.on('connected', (info) => {
 })
 
 listener.on('message', (event) => {
-  console.log(`[${event.chat_id}] ${event.author_id}: ${event.text}`)
+  // event.decryption_error?: { code: 'missing_e2ee_key' | 'decrypt_failed'; message: string }
+  const content = event.text ?? event.decryption_error?.message ?? '[non-text]'
+  console.log(`[${event.chat_id}] ${event.author_id}: ${content}`)
 })
 
 listener.on('error', (error) => {
@@ -152,6 +157,10 @@ await listener.start()
 
 **Features**: Auto-reconnects with exponential backoff, typed events, AbortController-based clean shutdown.
 
+**E2EE note**: For LINE Letter Sealing messages that cannot be decrypted in the current session, `text` stays `null` and `decryption_error` explains whether E2EE key material is missing or decryption failed.
+
+Message listener payloads include `decryption_error` when encrypted content is present but unavailable. Check `event.decryption_error.code` for `missing_e2ee_key` or `decrypt_failed` before treating `text: null` as a non-text message.
+
 ## Pattern 5: Get User Profile
 
 **Use case**: Retrieve your own LINE profile information

package/skills/agent-slack/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-slack
 description: Interact with Slack workspaces - send messages, read channels, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-slack:*)
 metadata:
   openclaw:

package/skills/agent-slackbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-slackbot
 description: Interact with Slack workspaces using bot tokens - send messages, read channels, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-slackbot:*)
 metadata:
   openclaw:

package/skills/agent-teams/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-teams
 description: Interact with Microsoft Teams - send messages, read channels, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-teams:*)
 metadata:
   openclaw:
@@ -207,6 +207,23 @@ agent-teams channel info <team-id> 19:abc123@thread.tacv2
 agent-teams channel history <team-id> <channel-id> --limit 100
 ```
 
+### Chat Commands
+
+For personal Microsoft accounts (`@outlook.com` / `@live.com`) that have no teams or channels — only 1:1, group, and self chat threads. Work accounts can use these too for their 1:1 and group chats.
+
+```bash
+# List 1:1, group, and self chats
+agent-teams chat list
+
+# Get chat message history
+agent-teams chat history <chat-id> --limit 100
+
+# Send a message to a chat
+agent-teams chat send <chat-id> "Hello"
+```
+
+Chat IDs look like `19:guid1_guid2@unq.gbl.spaces` (1:1) or `19:guid@thread.tacv2` (group). Get them from `chat list`. The `48:notes` chat (`type: self`) is your personal "to me" notes thread.
+
 ### Team Commands
 
 ```bash
@@ -357,7 +374,7 @@ Common errors:
 
 - `Not authenticated`: No valid token (auto-extraction failed — see Troubleshooting)
 - `Token expired`: Token has expired and auto-refresh failed — see Troubleshooting
-- `No current team set`: Run `team switch <id>` first
+- `No current team set`: Run `team switch <id>` first. Personal accounts have no teams — use `chat list` / `chat history` / `chat send` instead
 - `Message not found`: Invalid message ID
 - `Channel not found`: Invalid channel ID
 - `401 Unauthorized`: Token expired and auto-refresh failed — see Troubleshooting
@@ -419,6 +436,7 @@ See the [Teams SDK documentation](https://agent-messenger.dev/docs/sdk/teams) fo
 - No real-time events / WebSocket connection
 - No voice/video channel support
 - No team management (create/delete channels, roles)
+- Personal accounts: chats only (no teams/channels); use the `chat` commands
 - No meeting support
 - No webhook support
 - Plain text messages only (no adaptive cards in v1)

package/skills/agent-teams/references/common-patterns.md

@@ -438,6 +438,34 @@ SNAPSHOT=$(teams_cmd agent-teams snapshot)
 
 **When to use**: Any script that runs for more than a few minutes.
 
+## Pattern 12: Personal Account Chats (No Teams)
+
+**Use case**: Message from a personal Microsoft account (`@outlook.com` / `@live.com`), which has no teams or channels — only 1:1, group, and self ("to me") chats
+
+```bash
+#!/bin/bash
+
+# Personal accounts have no teams, so `team list` is empty and team/channel
+# commands fail with "No current team set". Use the `chat` commands instead.
+
+agent-teams auth extract 2>/dev/null || true
+
+# List chats (type is oneOnOne, group, or self)
+CHATS=$(agent-teams chat list)
+echo "$CHATS" | jq -r '.[] | "  \(.type): \(.id) — \(.topic // .last_message // "")"'
+
+# Pick a chat ID (here: the self "to me" notes thread)
+CHAT_ID=$(echo "$CHATS" | jq -r '.[] | select(.type=="self") | .id')
+
+# Read history and send a message
+agent-teams chat history "$CHAT_ID" --limit 20
+agent-teams chat send "$CHAT_ID" "Reminder: stand-up at 10am"
+```
+
+**When to use**: Any workflow on a personal/consumer Teams account. Get chat IDs from `chat list` — they look like `19:guid1_guid2@unq.gbl.spaces` (1:1), `19:guid@thread.tacv2` (group), or `48:notes` (self).
+
+**Note**: Work accounts also have 1:1 and group chats and can use these same `chat` commands.
+
 ## Best Practices
 
 ### 1. Always Handle Token Expiry

package/skills/agent-telegram/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-telegram
 description: Interact with Telegram through TDLib - authenticate, inspect chats, and send messages
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-telegram:*)
 ---
 

package/skills/agent-telegrambot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-telegrambot
 description: Interact with Telegram using bot tokens - send messages, read chats, manage reactions
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-telegrambot:*)
 metadata:
   openclaw:

package/skills/agent-webex/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-webex
 description: Interact with Cisco Webex - send messages, read spaces, manage memberships
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-webex:*)
 metadata:
   openclaw:

package/skills/agent-wechatbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-wechatbot
 description: Interact with WeChat Official Account using API credentials - send messages, manage templates, list followers
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-wechatbot:*)
 metadata:
   openclaw:

package/skills/agent-whatsapp/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-whatsapp
 description: Interact with WhatsApp - send messages, read chats, manage conversations
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-whatsapp:*)
 metadata:
   openclaw:

package/skills/agent-whatsappbot/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: agent-whatsappbot
 description: Interact with WhatsApp using Cloud API credentials - send messages, manage templates
-version: 2.19.4
+version: 2.20.0
 allowed-tools: Bash(agent-whatsappbot:*)
 metadata:
   openclaw:

package/src/platforms/line/client.test.ts

@@ -56,9 +56,10 @@ describe('LineClient', () => {
   })
 
   describe('getMessages()', () => {
-    function clientWithTalk(talk: Record<string, unknown>): LineClient {
+    function clientWithTalk(talk: Record<string, unknown>, e2ee?: Record<string, unknown>): LineClient {
       const client = new LineClient()
-      ;(client as any).client = { base: { talk } }
+      const { profile, ...talkMethods } = talk
+      ;(client as any).client = { base: { talk: talkMethods, profile, e2ee: e2ee ?? {} } }
       return client
     }
 
@@ -105,6 +106,181 @@ describe('LineClient', () => {
       expect(result.map((m) => m.message_id)).toEqual(['30', '20'])
       expect(result.map((m) => m.text)).toEqual(['c', 'b'])
     })
+
+    it('resolves author MIDs to display names via getContacts', async () => {
+      const client = clientWithTalk({
+        profile: { mid: 'me' },
+        getServerTime: async () => 1700000000000,
+        getPreviousMessagesV2WithRequest: async () => [
+          { id: '10', from: 'u1', text: 'hi', contentType: 'NONE', createdTime: 1700000001000 },
+          { id: '11', from: 'u2', text: 'yo', contentType: 'NONE', createdTime: 1700000002000 },
+        ],
+        getContacts: async ({ mids }: { mids: string[] }) =>
+          mids.map((mid) => ({ mid, displayName: mid === 'u1' ? 'Alice' : 'Bob' })),
+      })
+
+      const result = await client.getMessages('chat1', { count: 2 })
+      expect(result.map((m) => m.author_name)).toEqual(['Alice', 'Bob'])
+    })
+
+    it('batch-resolves unique authors in a single getContacts call', async () => {
+      let contactCalls = 0
+      const client = clientWithTalk({
+        profile: { mid: 'me' },
+        getServerTime: async () => 1700000000000,
+        getPreviousMessagesV2WithRequest: async () => [
+          { id: '10', from: 'u1', text: 'a', contentType: 'NONE', createdTime: 1700000001000 },
+          { id: '11', from: 'u1', text: 'b', contentType: 'NONE', createdTime: 1700000002000 },
+          { id: '12', from: 'u2', text: 'c', contentType: 'NONE', createdTime: 1700000003000 },
+        ],
+        getContacts: async ({ mids }: { mids: string[] }) => {
+          contactCalls++
+          expect([...mids].sort()).toEqual(['u1', 'u2'])
+          return mids.map((mid) => ({ mid, displayName: mid.toUpperCase() }))
+        },
+      })
+
+      const result = await client.getMessages('chat1', { count: 3 })
+      expect(contactCalls).toBe(1)
+      expect(result.map((m) => m.author_name)).toEqual(['U1', 'U1', 'U2'])
+    })
+
+    it('resolves the current user via getProfile since getContacts omits self', async () => {
+      const client = clientWithTalk({
+        profile: { mid: 'me' },
+        getServerTime: async () => 1700000000000,
+        getPreviousMessagesV2WithRequest: async () => [
+          { id: '10', from: 'me', text: 'mine', contentType: 'NONE', createdTime: 1700000001000 },
+        ],
+        getContacts: async () => [],
+        getProfile: async () => ({ mid: 'me', displayName: 'My Name' }),
+      })
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect(result[0].author_name).toBe('My Name')
+    })
+
+    it('falls back to bare author_id when name resolution fails', async () => {
+      const client = clientWithTalk({
+        profile: { mid: 'me' },
+        getServerTime: async () => 1700000000000,
+        getPreviousMessagesV2WithRequest: async () => [
+          { id: '10', from: 'u1', text: 'hi', contentType: 'NONE', createdTime: 1700000001000 },
+        ],
+        getContacts: async () => {
+          throw new Error('network down')
+        },
+      })
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect(result[0].author_name).toBeUndefined()
+      expect(result[0].author_id).toBe('u1')
+    })
+
+    it('decrypts Letter-Sealing chunk messages via decryptE2EEMessage', async () => {
+      const encrypted = {
+        id: '40',
+        from: 'u1',
+        text: null,
+        contentType: 'NONE',
+        createdTime: 1700000004000,
+        chunks: ['a', 'b'],
+        metadata: { e2eeMark: '2', e2eeVersion: '2' },
+      }
+      const client = clientWithTalk(
+        {
+          getServerTime: async () => 1700000000000,
+          getPreviousMessagesV2WithRequest: async () => [encrypted],
+        },
+        { decryptE2EEMessage: async (m: { id: string }) => ({ ...m, text: 'decrypted secret' }) },
+      )
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect(result[0].text).toBe('decrypted secret')
+      expect(result[0].decryption_error).toBeUndefined()
+    })
+
+    it('normalizes metadata-shaped history messages to contentMetadata before decrypting', async () => {
+      let received: { contentMetadata?: unknown } | undefined
+      const client = clientWithTalk(
+        {
+          getServerTime: async () => 1700000000000,
+          getPreviousMessagesV2WithRequest: async () => [
+            {
+              id: '40',
+              from: 'u1',
+              text: null,
+              contentType: 'NONE',
+              createdTime: 1700000004000,
+              chunks: ['a', 'b'],
+              metadata: { e2eeMark: '2', e2eeVersion: '2' },
+            },
+          ],
+        },
+        {
+          decryptE2EEMessage: async (m: { contentMetadata?: unknown }) => {
+            received = m
+            // mirror the vendor decryptor: it reads contentMetadata.e2eeVersion
+            const meta = m.contentMetadata as { e2eeVersion?: string }
+            return { text: `v${meta.e2eeVersion}` }
+          },
+        },
+      )
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect((received?.contentMetadata as { e2eeVersion?: string })?.e2eeVersion).toBe('2')
+      expect(result[0].text).toBe('v2')
+    })
+
+    it('surfaces missing_e2ee_key when decryption fails for lack of keys', async () => {
+      const client = clientWithTalk(
+        {
+          getServerTime: async () => 1700000000000,
+          getPreviousMessagesV2WithRequest: async () => [
+            {
+              id: '40',
+              from: 'u1',
+              text: null,
+              contentType: 'NONE',
+              createdTime: 1700000004000,
+              chunks: ['a', 'b'],
+              metadata: { e2eeMark: '2', e2eeVersion: '2' },
+            },
+          ],
+        },
+        {
+          decryptE2EEMessage: async () => {
+            throw new Error('NoE2EEKey: E2EE Key has not been saved')
+          },
+        },
+      )
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect(result[0].text).toBeNull()
+      expect(result[0].decryption_error?.code).toBe('missing_e2ee_key')
+    })
+
+    it('does not decrypt plain messages that already carry text', async () => {
+      let decryptCalls = 0
+      const client = clientWithTalk(
+        {
+          getServerTime: async () => 1700000000000,
+          getPreviousMessagesV2WithRequest: async () => [
+            { id: '50', from: 'u1', text: 'plain hello', contentType: 'NONE', createdTime: 1700000005000 },
+          ],
+        },
+        {
+          decryptE2EEMessage: async () => {
+            decryptCalls++
+            return { text: 'should-not-run' }
+          },
+        },
+      )
+
+      const result = await client.getMessages('chat1', { count: 1 })
+      expect(result[0].text).toBe('plain hello')
+      expect(decryptCalls).toBe(0)
+    })
   })
 
   describe('sendMessage()', () => {
@@ -206,6 +382,18 @@ describe('LineClient', () => {
       const msg = events[1] as Extract<LineRawEvent, { kind: 'message' }>
       expect(msg.message.from.id).toBe('u1')
       expect(msg.message.text).toBeNull()
+      expect(msg.message.decryption_error).toEqual({ code: 'decrypt_failed', message: 'E2EE decrypt failed' })
+    })
+
+    it('marks missing E2EE key failures explicitly', async () => {
+      const op = { type: 'RECEIVE_MESSAGE', message: { id: '1', from: 'u1', to: 'me' } }
+      const client = clientWithStream([op], async () => {
+        throw new Error('NoE2EEKey: E2EE Key has not been saved')
+      })
+
+      const events = await collect(client)
+      const msg = events[1] as Extract<LineRawEvent, { kind: 'message' }>
+      expect(msg.message.decryption_error?.code).toBe('missing_e2ee_key')
     })
 
     it('propagates polling errors so the listener can reconnect', async () => {