agent-messenger 2.19.4 → 2.20.0

package/src/platforms/line/client.ts

@@ -13,10 +13,12 @@ import {
 } from '@/vendor/linejs/client/mod.js'
 
 import { LineCredentialManager } from './credential-manager'
+import { ensureSelfKeyForMid, migrateOwnE2EEKeys } from './e2ee-storage'
 import type {
   LineAccountCredentials,
   LineChat,
   LineDevice,
+  LineDecryptionError,
   LineFriend,
   LineLoginResult,
   LineMessage,
@@ -26,15 +28,29 @@ import type {
 import { LineError } from './types'
 
 export interface LineRawMessage {
-  raw: { id: unknown; contentType?: unknown; createdTime?: unknown; toType?: unknown; to?: unknown; from?: unknown }
+  raw: {
+    id: unknown
+    contentType?: unknown
+    contentMetadata?: unknown
+    createdTime?: unknown
+    toType?: unknown
+    to?: unknown
+    from?: unknown
+    text?: unknown
+    chunks?: unknown
+    metadata?: unknown
+  }
   to: { id: unknown }
   from: { id: unknown }
   isMyMessage: boolean
   text: string | null
+  decryption_error?: LineDecryptionError
 }
 
 export type LineRawEvent = { kind: 'message'; message: LineRawMessage } | { kind: 'event'; op: LineOperation }
 
+type VendorMessage = Parameters<Client['base']['e2ee']['decryptE2EEMessage']>[0]
+
 const MAX_MESSAGE_ID = 9223372036854775807n
 
 function wrapError(error: unknown, code: string): LineError {
@@ -76,10 +92,19 @@ function getDefaultDevice(): LineDevice {
   return 'ANDROIDSECONDARY'
 }
 
-function createStorage(accountId?: string): FileStorage {
+function lineStorageDir(): string {
   const dir = join(getConfigDir(), 'line-storage')
   mkdirSync(dir, { recursive: true })
-  return new FileStorage(join(dir, `${accountId ?? 'default'}.json`))
+  return dir
+}
+
+// Per-account stores stay isolated: blindly cloning default.json would copy another
+// account's E2EE private keys into this account's file. E2EE key material is migrated
+// explicitly via migrateOwnE2EEKeys after login resolves the account MID.
+function createStorage(accountId?: string): FileStorage {
+  const dir = lineStorageDir()
+  const fileName = accountId ? `${accountId}.json` : 'default.json'
+  return new FileStorage(join(dir, fileName))
 }
 
 export class LineClient {
@@ -110,6 +135,7 @@ export class LineClient {
       this.client = client
 
       const profile = await client.base.talk.getProfile()
+      await this.persistAccountE2EEKeys(client, profile.mid)
       const now = new Date().toISOString()
 
       await this.credManager.setAccount({
@@ -146,6 +172,7 @@ export class LineClient {
         {
           email: options.email,
           password: options.password,
+          e2ee: true,
           onPincodeRequest: (pin) => options.onPincode(pin),
         },
         { device, storage },
@@ -154,6 +181,7 @@ export class LineClient {
       this.client = client
 
       const profile = await client.base.talk.getProfile()
+      await this.persistAccountE2EEKeys(client, profile.mid)
       const now = new Date().toISOString()
 
       await this.credManager.setAccount({
@@ -188,15 +216,41 @@ export class LineClient {
       }
 
       const device: LineDevice = creds.device ?? getDefaultDevice()
-      const storage = createStorage()
+      const storage = createStorage(creds.account_id)
 
       this.client = await linejsLoginWithAuthToken(creds.auth_token, { device, storage })
+      await this.repairSelfE2EEKey(this.client, creds.account_id)
       return this
     } catch (error) {
       throw wrapError(error, 'login_failed')
     }
   }
 
+  // A fresh QR/email login writes E2EE keys into the shared default store. Copy only
+  // this account's verified key material into its isolated per-account store so token
+  // logins (which read the per-account store) can later encrypt for E2EE chats.
+  private async persistAccountE2EEKeys(client: Client, mid: string): Promise<void> {
+    try {
+      const advertised = await client.base.talk.getE2EEPublicKeys().catch(() => undefined)
+      const target = createStorage(mid)
+      await migrateOwnE2EEKeys(client.base.storage, target, mid, advertised)
+    } catch (error) {
+      warnDegraded('persist account E2EE keys', error)
+    }
+  }
+
+  // Token sessions don't perform an E2EE handshake, so getE2EESelfKeyData can't find
+  // a key under the account MID even when the keyId-addressed key already exists in
+  // storage. Promote it to the MID address, trusting only server-advertised keyIds.
+  private async repairSelfE2EEKey(client: Client, mid: string): Promise<void> {
+    try {
+      const advertised = await client.base.talk.getE2EEPublicKeys().catch(() => undefined)
+      await ensureSelfKeyForMid(client.base.storage, mid, advertised)
+    } catch (error) {
+      warnDegraded('repair self E2EE key', error)
+    }
+  }
+
   async getProfile(): Promise<LineProfile> {
     try {
       const profile = await this.ensureClient().base.talk.getProfile()
@@ -337,19 +391,86 @@ export class LineClient {
         },
       })
 
-      return (rawMessages ?? []).map((msg) => ({
-        message_id: String(msg.id),
-        chat_id: chatId,
-        author_id: String(msg.from ?? ''),
-        text: msg.text || null,
-        content_type: String(msg.contentType ?? 'NONE'),
-        sent_at: new Date(Number(msg.createdTime)).toISOString(),
-      }))
+      const messages = rawMessages ?? []
+      const authorNames = await this.resolveAuthorNames(client, messages)
+
+      return await Promise.all(
+        messages.map(async (msg) => {
+          const { text, decryptionError } = await this.decryptMessageText(client, msg)
+          const authorId = String(msg.from ?? '')
+          const authorName = authorNames.get(authorId)
+          return {
+            message_id: String(msg.id),
+            chat_id: chatId,
+            author_id: authorId,
+            ...(authorName && { author_name: authorName }),
+            text,
+            ...(decryptionError && { decryption_error: decryptionError }),
+            content_type: String(msg.contentType ?? 'NONE'),
+            sent_at: new Date(Number(msg.createdTime)).toISOString(),
+          }
+        }),
+      )
     } catch (error) {
       throw wrapError(error, 'get_messages_failed')
     }
   }
 
+  // getPreviousMessagesV2WithRequest returns Letter-Sealing messages as encrypted
+  // chunks with null text, so they must be decrypted with the same path streamEvents
+  // uses. Plain messages already carry text and skip decryption.
+  private async decryptMessageText(
+    client: Client,
+    msg: VendorMessage,
+  ): Promise<{ text: string | null; decryptionError?: LineDecryptionError }> {
+    if (!isEncryptedChunkMessage(msg)) {
+      return { text: msg.text || null }
+    }
+
+    try {
+      const decrypted = await client.base.e2ee.decryptE2EEMessage(normalizeE2EEMetadata(msg))
+      return { text: decrypted.text ?? null }
+    } catch (error) {
+      return { text: null, decryptionError: getDecryptionError(error) }
+    }
+  }
+
+  // getContacts doesn't return the current user, so self-authored messages need
+  // getProfile separately. Lookups degrade to bare MIDs rather than failing.
+  private async resolveAuthorNames(
+    client: Client,
+    messages: ReadonlyArray<{ from?: unknown }>,
+  ): Promise<Map<string, string>> {
+    const names = new Map<string, string>()
+    const authorMids = [...new Set(messages.map((m) => String(m.from ?? '')).filter((mid) => mid.length > 0))]
+    if (authorMids.length === 0) return names
+
+    const selfMid = client.base.profile?.mid
+    const contactMids = authorMids.filter((mid) => mid !== selfMid)
+
+    if (contactMids.length > 0) {
+      try {
+        const contacts = await client.base.talk.getContacts({ mids: contactMids })
+        for (const contact of contacts ?? []) {
+          if (contact.displayName) names.set(contact.mid, contact.displayName)
+        }
+      } catch (error) {
+        warnDegraded('resolve message author names', error)
+      }
+    }
+
+    if (selfMid && authorMids.includes(selfMid) && !names.has(selfMid)) {
+      try {
+        const profile = await client.base.talk.getProfile()
+        if (profile.displayName) names.set(selfMid, profile.displayName)
+      } catch (error) {
+        warnDegraded('resolve own display name', error)
+      }
+    }
+
+    return names
+  }
+
   async sendMessage(chatId: string, text: string): Promise<LineSendResult> {
     try {
       const client = this.ensureClient()
@@ -418,12 +539,15 @@ export class LineClient {
         // surface the message with null text, since its text is unreadable.
         let raw = op.message
         let decrypted = true
+        let decryptionError: LineDecryptionError | undefined
         try {
           raw = await client.base.e2ee.decryptE2EEMessage(op.message)
-        } catch {
+        } catch (error) {
           raw = op.message
           decrypted = false
+          decryptionError = getDecryptionError(error)
         }
+        decryptionError ??= getUndecryptableMessageError(raw)
         yield {
           kind: 'message',
           message: {
@@ -432,6 +556,7 @@ export class LineClient {
             from: { id: raw.from },
             isMyMessage: selfMid === raw.from,
             text: decrypted ? (raw.text ?? null) : null,
+            ...(decryptionError && { decryption_error: decryptionError }),
           },
         }
       }
@@ -449,3 +574,48 @@ export class LineClient {
     return this.client
   }
 }
+
+function getUndecryptableMessageError(raw: unknown): LineDecryptionError | undefined {
+  if (!isEncryptedChunkMessage(raw) || hasPlainText(raw)) return undefined
+  return {
+    code: 'missing_e2ee_key',
+    message: 'LINE message is encrypted with Letter Sealing, but this session has no saved E2EE key material.',
+  }
+}
+
+function getDecryptionError(error: unknown): LineDecryptionError {
+  const message = error instanceof Error ? error.message : String(error)
+  return {
+    code: /NoE2EEKey|E2EE Key has not been saved|saveE2EE/i.test(message) ? 'missing_e2ee_key' : 'decrypt_failed',
+    message,
+  }
+}
+
+function hasPlainText(raw: unknown): boolean {
+  if (!raw || typeof raw !== 'object') return false
+  const text = (raw as { text?: unknown }).text
+  return typeof text === 'string' && text.length > 0
+}
+
+function isEncryptedChunkMessage(raw: unknown): boolean {
+  if (!raw || typeof raw !== 'object') return false
+  const message = raw as { chunks?: unknown; contentMetadata?: unknown; metadata?: unknown }
+  if (!Array.isArray(message.chunks) || message.chunks.length === 0) return false
+  return hasE2EEMetadata(message.contentMetadata) || hasE2EEMetadata(message.metadata)
+}
+
+// decryptE2EEMessage reads messageObj.contentMetadata.e2eeVersion unconditionally.
+// History messages from getPreviousMessagesV2WithRequest may carry E2EE metadata
+// only under `metadata`, which would crash the decryptor on undefined.e2eeVersion.
+function normalizeE2EEMetadata<T extends VendorMessage>(msg: T): T {
+  const m = msg as { contentMetadata?: unknown; metadata?: unknown }
+  if (hasE2EEMetadata(m.contentMetadata)) return msg
+  if (!hasE2EEMetadata(m.metadata)) return msg
+  return { ...msg, contentMetadata: m.metadata }
+}
+
+function hasE2EEMetadata(raw: unknown): boolean {
+  if (!raw || typeof raw !== 'object') return false
+  const metadata = raw as { e2eeMark?: unknown; e2eeVersion?: unknown }
+  return metadata.e2eeMark !== undefined || metadata.e2eeVersion !== undefined
+}

package/src/platforms/line/e2ee-storage.test.ts

@@ -0,0 +1,154 @@
+import { describe, expect, it } from 'bun:test'
+
+import { ensureSelfKeyForMid, migrateOwnE2EEKeys } from './e2ee-storage'
+
+function memStore(initial: Record<string, string> = {}) {
+  const data: Record<string, string> = { ...initial }
+  return {
+    data,
+    async get(key: string) {
+      return data[key]
+    },
+    async set(key: string, value: string) {
+      data[key] = value
+    },
+    async getAll() {
+      return { ...data }
+    },
+  }
+}
+
+const SELF_A = { keyId: 100, privKey: 'privA', pubKey: 'pubA', e2eeVersion: 2 }
+const SELF_B = { keyId: 200, privKey: 'privB', pubKey: 'pubB', e2eeVersion: 2 }
+
+describe('ensureSelfKeyForMid', () => {
+  it('keeps an existing MID-addressed self-key', async () => {
+    const store = memStore({ 'e2eeKeys:midA': JSON.stringify(SELF_A) })
+
+    const ok = await ensureSelfKeyForMid(store, 'midA', [{ keyId: 100 }])
+
+    expect(ok).toBe(true)
+    expect(JSON.parse(store.data['e2eeKeys:midA'])).toMatchObject({ privKey: 'privA' })
+  })
+
+  it('promotes a keyId-addressed self-key when the server advertises that keyId', async () => {
+    const store = memStore({ 'e2eeKeys:100': JSON.stringify(SELF_A) })
+
+    const ok = await ensureSelfKeyForMid(store, 'midA', [{ keyId: 100 }])
+
+    expect(ok).toBe(true)
+    expect(JSON.parse(store.data['e2eeKeys:midA'])).toMatchObject({ privKey: 'privA' })
+  })
+
+  it('supports the array-shaped public key (keyId at index 2)', async () => {
+    const store = memStore({ 'e2eeKeys:100': JSON.stringify(SELF_A) })
+
+    const ok = await ensureSelfKeyForMid(store, 'midA', [[undefined, undefined, 100] as never])
+
+    expect(ok).toBe(true)
+  })
+
+  it('never promotes a foreign-MID-addressed key (no advertised match)', async () => {
+    // given: storage contaminated with another account's self-key under its MID
+    const store = memStore({ 'e2eeKeys:midB': JSON.stringify(SELF_B) })
+
+    // when: account A has no advertised keyId matching any stored key
+    const ok = await ensureSelfKeyForMid(store, 'midA', [{ keyId: 999 }])
+
+    // then: A's MID key is not created from B's material
+    expect(ok).toBe(false)
+    expect(store.data['e2eeKeys:midA']).toBeUndefined()
+  })
+
+  it('never promotes a keyId key the server did not advertise for this account', async () => {
+    const store = memStore({ 'e2eeKeys:200': JSON.stringify(SELF_B) })
+
+    const ok = await ensureSelfKeyForMid(store, 'midA', [{ keyId: 100 }])
+
+    expect(ok).toBe(false)
+    expect(store.data['e2eeKeys:midA']).toBeUndefined()
+  })
+
+  it('rejects a payload whose own keyId does not match the advertised slot', async () => {
+    // given: the slot e2eeKeys:100 holds a payload that claims keyId 999
+    const mislabeled = { keyId: 999, privKey: 'privX', pubKey: 'pubX', e2eeVersion: 2 }
+    const store = memStore({ 'e2eeKeys:100': JSON.stringify(mislabeled) })
+
+    const ok = await ensureSelfKeyForMid(store, 'midA', [{ keyId: 100 }])
+
+    expect(ok).toBe(false)
+    expect(store.data['e2eeKeys:midA']).toBeUndefined()
+  })
+
+  it('returns false when no keys exist', async () => {
+    const store = memStore()
+    expect(await ensureSelfKeyForMid(store, 'midA', [{ keyId: 100 }])).toBe(false)
+  })
+
+  it('returns false for an empty mid', async () => {
+    const store = memStore({ 'e2eeKeys:100': JSON.stringify(SELF_A) })
+    expect(await ensureSelfKeyForMid(store, '', [{ keyId: 100 }])).toBe(false)
+  })
+})
+
+describe('migrateOwnE2EEKeys', () => {
+  it('copies only the advertised keyId material into the target', async () => {
+    const source = memStore({
+      'e2eeKeys:100': JSON.stringify(SELF_A),
+      'e2eePublicKeys:100': 'pubkey-blob-A',
+      'e2eeKeys:200': JSON.stringify(SELF_B),
+      'e2eePublicKeys:200': 'pubkey-blob-B',
+    })
+    const target = memStore()
+
+    const count = await migrateOwnE2EEKeys(source, target, 'midA', [{ keyId: 100 }])
+
+    expect(count).toBe(1)
+    expect(JSON.parse(target.data['e2eeKeys:100'])).toMatchObject({ privKey: 'privA' })
+    expect(target.data['e2eePublicKeys:100']).toBe('pubkey-blob-A')
+    // foreign account B keys must not leak across
+    expect(target.data['e2eeKeys:200']).toBeUndefined()
+    expect(target.data['e2eePublicKeys:200']).toBeUndefined()
+  })
+
+  it('copies the MID-addressed self-key when present', async () => {
+    const source = memStore({ 'e2eeKeys:midA': JSON.stringify(SELF_A) })
+    const target = memStore()
+
+    const count = await migrateOwnE2EEKeys(source, target, 'midA', [])
+
+    expect(count).toBe(1)
+    expect(JSON.parse(target.data['e2eeKeys:midA'])).toMatchObject({ privKey: 'privA' })
+  })
+
+  it('migrates nothing when only foreign keys are present', async () => {
+    const source = memStore({ 'e2eeKeys:midB': JSON.stringify(SELF_B), 'e2eeKeys:200': JSON.stringify(SELF_B) })
+    const target = memStore()
+
+    const count = await migrateOwnE2EEKeys(source, target, 'midA', [{ keyId: 100 }])
+
+    expect(count).toBe(0)
+    expect(Object.keys(target.data)).toHaveLength(0)
+  })
+
+  it('skips a payload whose own keyId does not match the advertised slot', async () => {
+    const mislabeled = { keyId: 999, privKey: 'privX', pubKey: 'pubX', e2eeVersion: 2 }
+    const source = memStore({ 'e2eeKeys:100': JSON.stringify(mislabeled), 'e2eePublicKeys:100': 'blob' })
+    const target = memStore()
+
+    const count = await migrateOwnE2EEKeys(source, target, 'midA', [{ keyId: 100 }])
+
+    expect(count).toBe(0)
+    expect(target.data['e2eeKeys:100']).toBeUndefined()
+    expect(target.data['e2eePublicKeys:100']).toBeUndefined()
+  })
+
+  it('ignores malformed key entries', async () => {
+    const source = memStore({ 'e2eeKeys:100': 'not-json', 'e2eeKeys:midA': '{"keyId":1}' })
+    const target = memStore()
+
+    const count = await migrateOwnE2EEKeys(source, target, 'midA', [{ keyId: 100 }])
+
+    expect(count).toBe(0)
+  })
+})

package/src/platforms/line/e2ee-storage.ts

@@ -0,0 +1,119 @@
+export interface E2EEKeyStore {
+  get(key: string): Promise<unknown> | unknown
+  set(key: string, value: string): Promise<void> | void
+}
+
+export interface E2EEKeyData {
+  keyId: number | string
+  privKey: string
+  pubKey: string
+  e2eeVersion?: number
+}
+
+export type E2EEPublicKey = { keyId?: number | string } | ReadonlyArray<unknown>
+
+const SELF_KEY_PREFIX = 'e2eeKeys:'
+
+function selfKey(id: number | string): string {
+  return `${SELF_KEY_PREFIX}${id}`
+}
+
+function isE2EEKeyData(value: unknown): value is E2EEKeyData {
+  if (!value || typeof value !== 'object') return false
+  const data = value as Partial<E2EEKeyData>
+  return typeof data.privKey === 'string' && typeof data.pubKey === 'string'
+}
+
+function parseKeyData(raw: unknown): E2EEKeyData | null {
+  if (typeof raw !== 'string') return isE2EEKeyData(raw) ? raw : null
+  try {
+    const parsed: unknown = JSON.parse(raw)
+    return isE2EEKeyData(parsed) ? parsed : null
+  } catch {
+    return null
+  }
+}
+
+// The stored payload carries its own keyId. Requiring it to equal the slot it was
+// read from rejects entries mislabeled under an advertised keyId, so only a payload
+// genuinely belonging to that keyId is ever trusted.
+function keyDataMatchesSlot(data: E2EEKeyData, keyId: number | string): boolean {
+  return String(data.keyId) === String(keyId)
+}
+
+function keyIdOf(key: E2EEPublicKey): number | string | undefined {
+  if (Array.isArray(key)) {
+    const id = key[2]
+    return typeof id === 'number' || typeof id === 'string' ? id : undefined
+  }
+  const id = (key as { keyId?: number | string }).keyId
+  return typeof id === 'number' || typeof id === 'string' ? id : undefined
+}
+
+function advertisedKeyIds(keys: ReadonlyArray<E2EEPublicKey> | undefined): Array<number | string> {
+  if (!keys) return []
+  const ids: Array<number | string> = []
+  for (const key of keys) {
+    const id = keyIdOf(key)
+    if (id !== undefined) ids.push(id)
+  }
+  return ids
+}
+
+// Ensures the account's own self-key is addressable by MID for getE2EESelfKeyData,
+// which checks `e2eeKeys:<mid>` before falling back to a live Thrift channel. The
+// keyId-addressed entry is only trusted when the server advertises that exact keyId
+// for this account, so a contaminated store (another account's key copied in) can
+// never promote a foreign private key to this MID. Returns true when a self-key
+// becomes available under the MID.
+export async function ensureSelfKeyForMid(
+  storage: E2EEKeyStore,
+  mid: string,
+  advertisedKeys: ReadonlyArray<E2EEPublicKey> | undefined,
+): Promise<boolean> {
+  if (!mid) return false
+
+  const existing = parseKeyData(await storage.get(selfKey(mid)))
+  if (existing) return true
+
+  for (const keyId of advertisedKeyIds(advertisedKeys)) {
+    const candidate = parseKeyData(await storage.get(selfKey(keyId)))
+    if (candidate && keyDataMatchesSlot(candidate, keyId)) {
+      await storage.set(selfKey(mid), JSON.stringify(candidate))
+      return true
+    }
+  }
+
+  return false
+}
+
+// Copies only this account's E2EE key material out of a shared (default) store into
+// an isolated per-account store. Trust is anchored to the server-advertised keyIds
+// for `mid`, so foreign-account keys present in the shared store are never carried
+// over. Used right after a fresh login resolves the account MID.
+export async function migrateOwnE2EEKeys(
+  source: E2EEKeyStore,
+  target: E2EEKeyStore,
+  mid: string,
+  advertisedKeys: ReadonlyArray<E2EEPublicKey> | undefined,
+): Promise<number> {
+  if (!mid) return 0
+
+  let migrated = 0
+  const own = parseKeyData(await source.get(selfKey(mid)))
+  if (own) {
+    await target.set(selfKey(mid), JSON.stringify(own))
+    migrated++
+  }
+
+  for (const keyId of advertisedKeyIds(advertisedKeys)) {
+    const data = parseKeyData(await source.get(selfKey(keyId)))
+    if (!data || !keyDataMatchesSlot(data, keyId)) continue
+    await target.set(selfKey(keyId), JSON.stringify(data))
+    migrated++
+    const publicKey = await source.get(`e2eePublicKeys:${keyId}`)
+    if (typeof publicKey === 'string') await target.set(`e2eePublicKeys:${keyId}`, publicKey)
+  }
+
+  return migrated
+}

package/src/platforms/line/index.test.ts

@@ -11,6 +11,12 @@ import {
   LineMessageSchema,
   LineSendResultSchema,
 } from '@/platforms/line/index'
+import type { LineDecryptionError } from '@/platforms/line/index'
+
+const lineDecryptionError: LineDecryptionError = {
+  code: 'missing_e2ee_key',
+  message: 'E2EE key material is missing',
+}
 
 it('LineClient is exported from barrel', () => {
   expect(typeof LineClient).toBe('function')
@@ -47,3 +53,7 @@ it('LineAccountCredentialsSchema is exported from barrel', () => {
 it('LineConfigSchema is exported from barrel', () => {
   expect(typeof LineConfigSchema.parse).toBe('function')
 })
+
+it('LineDecryptionError type is exported from barrel', () => {
+  expect(lineDecryptionError.code).toBe('missing_e2ee_key')
+})

package/src/platforms/line/index.ts

@@ -6,6 +6,7 @@ export type {
   LineAccountCredentials,
   LineChat,
   LineConfig,
+  LineDecryptionError,
   LineDevice,
   LineFriend,
   LineListenerEventMap,

package/src/platforms/line/listener.test.ts

@@ -230,6 +230,38 @@ describe('LineListener', () => {
       expect(messages[0].content_type).toBe('NONE')
     })
 
+    it('forwards LINE decryption errors on message events', async () => {
+      const client = createMockLineClient()
+      listener = new LineListener(client)
+
+      const messages: LinePushMessageEvent[] = []
+      listener.on('message', (event) => messages.push(event))
+
+      await listener.start()
+      mockInternalClientInstance.simulateMessage({
+        isMyMessage: false,
+        from: { type: 'USER', id: 'u456' },
+        to: { type: 'USER', id: 'u123' },
+        text: null,
+        decryption_error: {
+          code: 'missing_e2ee_key',
+          message: 'LINE message is encrypted with Letter Sealing, but this session has no saved E2EE key material.',
+        },
+        raw: {
+          id: 'msg013',
+          contentType: 'NONE',
+          createdTime: 1700000010000,
+          chunks: ['a', 'b'],
+          metadata: { e2eeMark: '2', e2eeVersion: '2' },
+        },
+      })
+      await flush()
+
+      expect(messages.length).toBe(1)
+      expect(messages[0].text).toBeNull()
+      expect(messages[0].decryption_error?.code).toBe('missing_e2ee_key')
+    })
+
     it('coerces non-string contentMetadata values to strings', async () => {
       const client = createMockLineClient()
       listener = new LineListener(client)

package/src/platforms/line/listener.ts

@@ -1,6 +1,6 @@
 import { EventEmitter } from 'events'
 
-import type { LineClient } from './client'
+import type { LineClient, LineRawMessage } from './client'
 import type { LineListenerEventMap, LinePushGenericEvent, LinePushMessageEvent } from './types'
 
 const RECONNECT_BASE_DELAY = 1_000
@@ -94,19 +94,20 @@ export class LineListener {
     }
   }
 
-  private emitMessage(msg: any): void {
+  private emitMessage(msg: LineRawMessage): void {
     try {
       const toType = msg.raw.toType
       const isGroupOrRoom = toType === 'GROUP' || toType === 'ROOM' || toType === 0 || toType === 1
-      const chatId = isGroupOrRoom ? msg.to.id : msg.isMyMessage ? msg.to.id : msg.from.id
+      const chatId = String(isGroupOrRoom ? msg.to.id : msg.isMyMessage ? msg.to.id : msg.from.id)
 
       const contentType = String(msg.raw.contentType ?? 'NONE')
       const event: LinePushMessageEvent = {
         type: 'message',
         chat_id: chatId,
         message_id: String(msg.raw.id),
-        author_id: msg.from.id,
+        author_id: String(msg.from.id),
         text: getMessageText(msg.text, msg.raw, contentType),
+        ...(msg.decryption_error && { decryption_error: msg.decryption_error }),
         content_type: contentType,
         content_metadata: normalizeContentMetadata(msg.raw.contentMetadata),
         sent_at: new Date(Number(msg.raw.createdTime)).toISOString(),