npm - echoclaw-relay-agent - Versions diffs - 0.19.2 → 0.19.4 - Mend

echoclaw-relay-agent 0.19.2 → 0.19.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/RelayAgent.js +7 -6
package/dist/RelayClient.js +18 -8
package/dist/cli.js +19 -0
package/dist/relay/PairingProtocol.js +5 -5
package/package.json +1 -1

package/dist/RelayAgent.js CHANGED Viewed

@@ -602,18 +602,19 @@ export class RelayAgent extends EventEmitter {
                 this._identityExchanged = true;
                 return;
             }
-            // Remove early handler before entering wait — prevents both handlers from
-            // processing the same message simultaneously (Reviewer #2, #3 finding).
-            this.removeListener('message', earlyHandler);
-            // Use early-captured message if available, otherwise wait with timeout
-            const peerIdentity = earlyIdentity ?? await this._waitForIdentityExchange(10000);
-            // Respond with our own identity
+            // SYMMETRIC EXCHANGE: Send our identity FIRST, then wait for peer's.
+            // Both sides send immediately upon pairing — eliminates "who sends first" race.
             const myPubKeyBase64 = toBase64(ed.publicKeyRaw);
             await this.send({
                 type: 'identity_exchange',
                 ed25519_pubkey: myPubKeyBase64,
                 device_id: identity.deviceId,
             });
+            // Remove early handler before entering wait — prevents both handlers from
+            // processing the same message simultaneously.
+            this.removeListener('message', earlyHandler);
+            // Use early-captured message if available, otherwise wait with timeout
+            const peerIdentity = earlyIdentity ?? await this._waitForIdentityExchange(15000);
             // Persist peer's public key
             await this.identityStore.updatePeer(peerIdentity.ed25519_pubkey);
             sessionData.peerPublicKeyRaw = peerIdentity.ed25519_pubkey;

package/dist/RelayClient.js CHANGED Viewed

@@ -286,11 +286,20 @@ export class RelayClient extends EventEmitter {
             await this.onPaired(result, 'paired');
         }
         catch (err) {
-            // Identity exchange failed on fresh pairing — tear down transport to
-            // prevent leaking an authenticated-but-unusable WebSocket, then re-throw.
-            // Do NOT emit('error') here — the throw propagates to connect() caller.
-            this.transport?.disconnect();
-            throw err;
+            // Identity exchange failed — non-fatal for fresh pairing.
+            // ECDH succeeded, encrypted channel works. Identity exchange only enables
+            // V2 identity-based reconnect. Keep connection alive, emit warning.
+            const isIdentityErr = err?.message?.includes('Identity exchange');
+            if (isIdentityErr) {
+                console.warn('[RelayClient] Identity exchange failed (non-fatal):', err?.message);
+                this.emit('error', Object.assign(new Error(`Identity exchange failed: ${err?.message}`), { name: 'IdentityExchangeError' }));
+                // Connection is usable — don't tear down
+            }
+            else {
+                // Non-identity errors are still fatal
+                this.transport?.disconnect();
+                throw err;
+            }
         }
     }
     async resumeSession(session) {
@@ -577,7 +586,8 @@ export class RelayClient extends EventEmitter {
                 this._identityExchanged = true;
                 return; // finally will clean up earlyHandler
             }
-            // Send our Ed25519 public key to the agent (through E2E encrypted DATA channel)
+            // SYMMETRIC EXCHANGE: Send our identity FIRST, then wait for peer's.
+            // Both sides send immediately upon pairing — eliminates "who sends first" race.
             const myPubKeyBase64 = toBase64(ed.publicKeyRaw);
             await this.send({
                 type: 'identity_exchange',
@@ -586,8 +596,8 @@ export class RelayClient extends EventEmitter {
             });
             // Remove early handler before entering wait — prevents dual listeners
             this.removeListener('message', earlyHandler);
-            // Use early-captured message if available, otherwise wait with timeout
-            const peerIdentity = earlyIdentity ?? await this._waitForIdentityExchange(10000);
+            // Use early-captured message if available, otherwise wait with timeout (15s for setup)
+            const peerIdentity = earlyIdentity ?? await this._waitForIdentityExchange(15000);
             // Persist peer's public key
             await this.identityStore.updatePeer(peerIdentity.ed25519_pubkey);
             sessionData.peerPublicKeyRaw = peerIdentity.ed25519_pubkey;

package/dist/cli.js CHANGED Viewed

@@ -326,6 +326,25 @@ async function runSetup(code, relay, bridgePort) {
     const pairInfo = await pairPromise;
     printOk(`Paired with desktop client`);
     console.log(`        ${DIM}Session: ${pairInfo.sessionId.slice(0, 8)}...${RESET}`);
+    // Wait for identity exchange to complete (or timeout gracefully)
+    // Identity exchange starts inside onPaired() — give it time before stopping.
+    await new Promise((resolve) => {
+        const onIdentity = () => { cleanup(); resolve(); };
+        const onError = (err) => {
+            if (err.constructor?.name === 'IdentityExchangeError') {
+                cleanup();
+                resolve();
+            }
+        };
+        const timer = setTimeout(() => { cleanup(); resolve(); }, 12000); // 12s > 10s identity timeout
+        const cleanup = () => {
+            clearTimeout(timer);
+            agent.removeListener('identity_exchanged', onIdentity);
+            agent.removeListener('error', onError);
+        };
+        agent.on('identity_exchanged', onIdentity);
+        agent.on('error', onError);
+    });
     console.log();
     // Step 2: Stop the foreground agent (service will take over)
     await agent.stop();

package/dist/relay/PairingProtocol.js CHANGED Viewed

@@ -174,18 +174,18 @@ export class PairingProtocol extends EventEmitter {
                         code = msg.payload;
                         this.emit('pairing_code', code);
                     }
-                    // In initiator mode, send pubkey after receiving server HELLO
-                    if (isInitiator) {
-                        sendPubkey();
-                    }
+                    // Do NOT send pubkey here in initiator mode — agent hasn't connected yet.
+                    // Wait for agent's HELLO with pubkey first (see below).
                 }
                 // Track session_id from any message
                 if (msg.session_id && !sessionId) {
                     sessionId = msg.session_id;
                 }
-                // Agent sends their public key — complete ECDH
+                // Agent sends their public key — send ours back, then complete ECDH
                 if (msg.type === 'HELLO' && msg.pubkey && msg.sender_role === 'agent') {
                     try {
+                        // Send our pubkey AFTER receiving agent's (so agent WS is guaranteed connected)
+                        sendPubkey();
                         const theirPub = fromBase64(msg.pubkey);
                         const sessionKey = await completeHandshake(this.keyPair.privateKey, theirPub, code || undefined);
                         cleanup();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "echoclaw-relay-agent",
-  "version": "0.19.2",
+  "version": "0.19.4",
   "description": "EchoClaw Relay Connection — E2E encrypted relay transport, pairing, and session management",
   "type": "module",
   "main": "./dist/index.js",