npm - nostr-double-ratchet - Versions diffs - 0.0.36 → 0.0.38 - Mend

nostr-double-ratchet 0.0.36 → 0.0.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/DeviceManager.d.ts +127 -0
package/dist/DeviceManager.d.ts.map +1 -0
package/dist/Invite.d.ts +3 -2
package/dist/Invite.d.ts.map +1 -1
package/dist/InviteList.d.ts +43 -0
package/dist/InviteList.d.ts.map +1 -0
package/dist/SessionManager.d.ts +86 -30
package/dist/SessionManager.d.ts.map +1 -1
package/dist/StorageAdapter.d.ts +9 -0
package/dist/StorageAdapter.d.ts.map +1 -1
package/dist/index.d.ts +4 -0
package/dist/index.d.ts.map +1 -1
package/dist/inviteUtils.d.ts +122 -0
package/dist/inviteUtils.d.ts.map +1 -0
package/dist/nostr-double-ratchet.es.js +3361 -2233
package/dist/nostr-double-ratchet.umd.js +1 -1
package/dist/types.d.ts +12 -0
package/dist/types.d.ts.map +1 -1
package/package.json +1 -1
package/src/DeviceManager.ts +565 -0
package/src/Invite.ts +63 -84
package/src/InviteList.ts +333 -0
package/src/Session.ts +1 -1
package/src/SessionManager.ts +780 -347
package/src/StorageAdapter.ts +64 -6
package/src/index.ts +5 -1
package/src/inviteUtils.ts +270 -0
package/src/types.ts +13 -1
package/src/utils.ts +3 -3

package/src/SessionManager.ts CHANGED Viewed

@@ -1,399 +1,832 @@
-import { CHAT_MESSAGE_KIND, NostrPublish, NostrSubscribe, Rumor, Unsubscribe } from "./types"
-import { UserRecord } from "./UserRecord"
-import { Invite } from "./Invite"
-import { getPublicKey } from "nostr-tools"
+import {
+  IdentityKey,
+  NostrSubscribe,
+  NostrPublish,
+  Rumor,
+  Unsubscribe,
+  INVITE_LIST_EVENT_KIND,
+  CHAT_MESSAGE_KIND,
+} from "./types"
 import { StorageAdapter, InMemoryStorageAdapter } from "./StorageAdapter"
-import { serializeSessionState, deserializeSessionState } from "./utils"
+import { InviteList } from "./InviteList"
 import { Session } from "./Session"
+import { serializeSessionState, deserializeSessionState } from "./utils"
+import { decryptInviteResponse, createSessionFromAccept } from "./inviteUtils"
+import { getEventHash } from "nostr-tools"
 export type OnEventCallback = (event: Rumor, from: string) => void
-export default class SessionManager {
-    private userRecords: Map<string, UserRecord> = new Map()
-    private nostrSubscribe: NostrSubscribe
-    private nostrPublish: NostrPublish
-    private ourIdentityKey: Uint8Array
-    private inviteUnsubscribes: Map<string, Unsubscribe> = new Map()
-    private deviceId: string
-    private invite?: Invite
-    private storage: StorageAdapter
-    private messageQueue: Map<string, Array<{event: Partial<Rumor>, resolve: (results: any[]) => void}>> = new Map()
-    constructor(
-        ourIdentityKey: Uint8Array,
-        deviceId: string,
-        nostrSubscribe: NostrSubscribe,
-        nostrPublish: NostrPublish,
-        storage: StorageAdapter = new InMemoryStorageAdapter(),
-    ) {
-        this.userRecords = new Map()
-        this.nostrSubscribe = nostrSubscribe
-        this.nostrPublish = nostrPublish
-        this.ourIdentityKey = ourIdentityKey
-        this.deviceId = deviceId
-        this.storage = storage
-        // Kick off initialisation in background for backwards compatibility
-        // Users that need to wait can call await manager.init()
-        this.init()
-    }
+/**
+ * Credentials for the invite handshake - used to listen for and decrypt invite responses
+ */
+export interface InviteCredentials {
+  ephemeralKeypair: { publicKey: string; privateKey: Uint8Array }
+  sharedSecret: string
+}
-    private _initialised = false
+interface DeviceRecord {
+  deviceId: string
+  activeSession?: Session
+  inactiveSessions: Session[]
+  createdAt: number
+  staleAt?: number
+  // Set to true when we've processed an invite response from this device
+  // This survives restarts and prevents duplicate RESPONDER session creation
+  hasResponderSession?: boolean
+}
-    /**
-     * Perform asynchronous initialisation steps: create (or load) our invite,
-     * publish it, hydrate sessions from storage and subscribe to new invites.
-     * Can be awaited by callers that need deterministic readiness.
-     */
-    public async init(): Promise<void> {
-        console.log("Initialising SessionManager")
-        if (this._initialised) return
+interface UserRecord {
+  publicKey: string
+  devices: Map<string, DeviceRecord>
+}
-        const ourPublicKey = getPublicKey(this.ourIdentityKey)
+type StoredSessionEntry = ReturnType<typeof serializeSessionState>
-        // 1. Hydrate existing sessions (placeholder for future implementation)
-        await this.loadSessions()
+interface StoredDeviceRecord {
+  deviceId: string
+  activeSession: StoredSessionEntry | null
+  inactiveSessions: StoredSessionEntry[]
+  createdAt: number
+  staleAt?: number
+  hasResponderSession?: boolean
+}
-        // 2. Create or load our own invite
-        let invite: Invite | undefined
-        try {
-            const stored = await this.storage.get<string>(`invite/${this.deviceId}`)
-            if (stored) {
-                invite = Invite.deserialize(stored)
-            }
-        } catch {/* ignore malformed */}
+interface StoredUserRecord {
+  publicKey: string
+  devices: StoredDeviceRecord[]
+}
-        if (!invite) {
-            invite = Invite.createNew(ourPublicKey, this.deviceId)
-            await this.storage.put(`invite/${this.deviceId}`, invite.serialize()).catch(() => {})
+export class SessionManager {
+  // Versioning
+  private readonly storageVersion = "1"
+  private readonly versionPrefix: string
+  // Params
+  private deviceId: string
+  private storage: StorageAdapter
+  private nostrSubscribe: NostrSubscribe
+  private nostrPublish: NostrPublish
+  private identityKey: IdentityKey
+  private ourPublicKey: string
+  // Owner's public key - used for grouping devices together (all devices are delegates)
+  private ownerPublicKey: string
+  // Credentials for invite handshake
+  private inviteKeys: InviteCredentials
+  // Data
+  private userRecords: Map<string, UserRecord> = new Map()
+  private messageHistory: Map<string, Rumor[]> = new Map()
+  // Map delegate device pubkeys to their owner's pubkey
+  private delegateToOwner: Map<string, string> = new Map()
+  // Subscriptions
+  private ourInviteResponseSubscription: Unsubscribe | null = null
+  private inviteSubscriptions: Map<string, Unsubscribe> = new Map()
+  private sessionSubscriptions: Map<string, Unsubscribe> = new Map()
+  // Callbacks
+  private internalSubscriptions: Set<OnEventCallback> = new Set()
+  // Initialization flag
+  private initialized: boolean = false
+  constructor(
+    ourPublicKey: string,
+    identityKey: IdentityKey,
+    deviceId: string,
+    nostrSubscribe: NostrSubscribe,
+    nostrPublish: NostrPublish,
+    ownerPublicKey: string,
+    inviteKeys: InviteCredentials,
+    storage?: StorageAdapter,
+  ) {
+    this.userRecords = new Map()
+    this.nostrSubscribe = nostrSubscribe
+    this.nostrPublish = nostrPublish
+    this.ourPublicKey = ourPublicKey
+    this.identityKey = identityKey
+    this.deviceId = deviceId
+    this.ownerPublicKey = ownerPublicKey
+    this.inviteKeys = inviteKeys
+    this.storage = storage || new InMemoryStorageAdapter()
+    this.versionPrefix = `v${this.storageVersion}`
+  }
+  async init() {
+    if (this.initialized) return
+    this.initialized = true
+    await this.runMigrations().catch((error) => {
+      console.error("Failed to run migrations:", error)
+    })
+    await this.loadAllUserRecords().catch((error) => {
+      console.error("Failed to load user records:", error)
+    })
+    // Add our own device to user record to prevent accepting our own invite
+    // Use ownerPublicKey so delegates are added to the owner's record
+    const ourUserRecord = this.getOrCreateUserRecord(this.ownerPublicKey)
+    this.upsertDeviceRecord(ourUserRecord, this.deviceId)
+    // Start invite response listener BEFORE setting up users
+    // This ensures we're listening when other devices respond to our invites
+    this.startInviteResponseListener()
+    // Setup sessions with our own other devices
+    // Use ownerPublicKey to find sibling devices (important for delegates)
+    this.setupUser(this.ownerPublicKey)
+  }
+  /**
+   * Start listening for invite responses on our ephemeral key.
+   * This is used by devices to receive session establishment responses.
+   */
+  private startInviteResponseListener(): void {
+    const { publicKey: ephemeralPubkey, privateKey: ephemeralPrivkey } = this.inviteKeys.ephemeralKeypair
+    const sharedSecret = this.inviteKeys.sharedSecret
+    // Subscribe to invite responses tagged to our ephemeral key
+    this.ourInviteResponseSubscription = this.nostrSubscribe(
+      {
+        kinds: [1059], // INVITE_RESPONSE_KIND
+        "#p": [ephemeralPubkey],
+      },
+      async (event) => {
+        try {
+          const decrypted = await decryptInviteResponse({
+            envelopeContent: event.content,
+            envelopeSenderPubkey: event.pubkey,
+            inviterEphemeralPrivateKey: ephemeralPrivkey,
+            inviterPrivateKey: this.identityKey instanceof Uint8Array ? this.identityKey : undefined,
+            sharedSecret,
+            decrypt: this.identityKey instanceof Uint8Array ? undefined : this.identityKey.decrypt,
+          })
+          // Skip our own responses - this happens when we publish an invite response
+          // and our own listener receives it back from relays
+          if (decrypted.deviceId === this.deviceId) {
+            return
+          }
+          // Resolve delegate pubkey to owner for correct UserRecord attribution
+          const ownerPubkey = this.resolveToOwner(decrypted.inviteeIdentity)
+          const userRecord = this.getOrCreateUserRecord(ownerPubkey)
+          const deviceRecord = this.upsertDeviceRecord(userRecord, decrypted.deviceId || "default")
+          // Check for duplicate/stale responses using the persisted flag
+          // This flag survives restarts and prevents creating duplicate RESPONDER sessions
+          if (deviceRecord.hasResponderSession) {
+            return
+          }
+          // Also check session state as a fallback (for existing sessions before the flag was added)
+          const responseSessionKey = decrypted.inviteeSessionPublicKey
+          const existingSession = deviceRecord.activeSession
+          const existingInactive = deviceRecord.inactiveSessions || []
+          const allSessions = existingSession ? [existingSession, ...existingInactive] : existingInactive
+          // Check if any existing session can already receive from this device:
+          // - Has receivingChainKey set (RESPONDER session has received messages)
+          // - Has the same theirNextNostrPublicKey (same session, duplicate response)
+          const canAlreadyReceive = allSessions.some(s =>
+            s.state?.receivingChainKey !== undefined ||
+            s.state?.theirNextNostrPublicKey === responseSessionKey ||
+            s.state?.theirCurrentNostrPublicKey === responseSessionKey
+          )
+          if (canAlreadyReceive) {
+            return
+          }
+          const session = createSessionFromAccept({
+            nostrSubscribe: this.nostrSubscribe,
+            theirPublicKey: decrypted.inviteeSessionPublicKey,
+            ourSessionPrivateKey: ephemeralPrivkey,
+            sharedSecret,
+            isSender: false,
+            name: event.id,
+          })
+          // Mark that we've processed a responder session for this device
+          // This flag is persisted and survives restarts
+          deviceRecord.hasResponderSession = true
+          this.attachSessionSubscription(ownerPubkey, deviceRecord, session, true)
+          // Persist the flag
+          this.storeUserRecord(ownerPubkey).catch(console.error)
+        } catch {
+          // Invalid response, ignore
         }
-        this.invite = invite
-        // Publish our own invite
-        console.log("Publishing our own invite", invite)
-        const event = invite.getEvent()
-        this.nostrPublish(event).then((verifiedEvent) => {
-            console.log("Invite published", verifiedEvent)
-        }).catch((e) => console.error("Failed to publish our own invite", e))
-        // 2b. Listen for acceptances of *our* invite and create sessions
-        this.invite.listen(
-            this.ourIdentityKey,
-            this.nostrSubscribe,
-            (session, inviteePubkey) => {
-                if (!inviteePubkey) return
-                const targetUserKey = inviteePubkey
-                try {
-                    let userRecord = this.userRecords.get(targetUserKey)
-                    if (!userRecord) {
-                        userRecord = new UserRecord(targetUserKey, this.nostrSubscribe)
-                        this.userRecords.set(targetUserKey, userRecord)
-                    }
-                    const deviceKey = session.name || 'unknown'
-                    userRecord.upsertSession(deviceKey, session)
-                    this.saveSession(targetUserKey, deviceKey, session)
-                    session.onEvent((_event: Rumor) => {
-                        this.internalSubscriptions.forEach(cb => cb(_event, targetUserKey))
-                    })
-                } catch {/* ignore errors */}
-            }
-        )
-        // 3. Subscribe to our own invites from other devices
-        Invite.fromUser(ourPublicKey, this.nostrSubscribe, async (invite) => {
-            try {
-                const inviteDeviceId = invite['deviceId'] || 'unknown'
-                if (!inviteDeviceId || inviteDeviceId === this.deviceId) {
-                    return
-                }
-                const existingRecord = this.userRecords.get(ourPublicKey)
-                if (existingRecord?.getActiveSessions().some(session => session.name === inviteDeviceId)) {
-                    return
-                }
-                const { session, event } = await invite.accept(
-                    this.nostrSubscribe,
-                    ourPublicKey,
-                    this.ourIdentityKey
-                )
-                this.nostrPublish(event)?.catch(() => {})
-                this.saveSession(ourPublicKey, inviteDeviceId, session)
-                let userRecord = this.userRecords.get(ourPublicKey)
-                if (!userRecord) {
-                    userRecord = new UserRecord(ourPublicKey, this.nostrSubscribe)
-                    this.userRecords.set(ourPublicKey, userRecord)
-                }
-                const deviceId = invite['deviceId'] || event.id || 'unknown'
-                userRecord.upsertSession(deviceId, session)
-                this.saveSession(ourPublicKey, deviceId, session)
-                session.onEvent((_event: Rumor) => {
-                    this.internalSubscriptions.forEach(cb => cb(_event, ourPublicKey))
-                })
-            } catch (err) {
-                // eslint-disable-next-line no-console
-                console.error('Own-invite accept failed', err)
-            }
-        })
+      }
+    )
+  }
+  // -------------------
+  // User and Device Records helpers
+  // -------------------
+  private getOrCreateUserRecord(userPubkey: string): UserRecord {
+    let rec = this.userRecords.get(userPubkey)
+    if (!rec) {
+      rec = { publicKey: userPubkey, devices: new Map() }
+      this.userRecords.set(userPubkey, rec)
+    }
+    return rec
+  }
-        this._initialised = true
-        await this.nostrPublish(this.invite.getEvent()).catch(() => {})
+  private upsertDeviceRecord(userRecord: UserRecord, deviceId: string): DeviceRecord {
+    if (!deviceId) {
+      throw new Error("Device record must include a deviceId")
+    }
+    const existing = userRecord.devices.get(deviceId)
+    if (existing) {
+      return existing
     }
-    private async loadSessions() {
-        const base = 'session/'
-        const keys = await this.storage.list(base)
-        for (const key of keys) {
-            const rest = key.substring(base.length)
-            const idx = rest.indexOf('/')
-            if (idx === -1) continue
-            const ownerPubKey = rest.substring(0, idx)
-            const deviceId = rest.substring(idx + 1) || 'unknown'
-            const data = await this.storage.get<string>(key)
-            if (!data) continue
-            try {
-                const state = deserializeSessionState(data)
-                const session = new Session(this.nostrSubscribe, state)
-                let userRecord = this.userRecords.get(ownerPubKey)
-                if (!userRecord) {
-                    userRecord = new UserRecord(ownerPubKey, this.nostrSubscribe)
-                    this.userRecords.set(ownerPubKey, userRecord)
-                }
-                userRecord.upsertSession(deviceId, session)
-                this.saveSession(ownerPubKey, deviceId, session)
-                session.onEvent((_event: Rumor) => {
-                    this.internalSubscriptions.forEach(cb => cb(_event, ownerPubKey))
-                })
-            } catch {
-                // corrupted entry — ignore
-            }
+    const deviceRecord: DeviceRecord = {
+      deviceId,
+      inactiveSessions: [],
+      createdAt: Date.now(),
+    }
+    userRecord.devices.set(deviceId, deviceRecord)
+    return deviceRecord
+  }
+  private sessionKey(userPubkey: string, deviceId: string, sessionName: string) {
+    return `${this.sessionKeyPrefix(userPubkey)}${deviceId}/${sessionName}`
+  }
+  private sessionKeyPrefix(userPubkey: string) {
+    return `${this.versionPrefix}/session/${userPubkey}/`
+  }
+  private userRecordKey(publicKey: string) {
+    return `${this.userRecordKeyPrefix()}${publicKey}`
+  }
+  private userRecordKeyPrefix() {
+    return `${this.versionPrefix}/user/`
+  }
+  private versionKey() {
+    return `storage-version`
+  }
+  /**
+   * Resolve a pubkey to its owner if it's a known delegate device.
+   * Returns the input pubkey if not a known delegate.
+   */
+  private resolveToOwner(pubkey: string): string {
+    return this.delegateToOwner.get(pubkey) || pubkey
+  }
+  /**
+   * Update the delegate-to-owner mapping from an InviteList.
+   * Extracts delegate device pubkeys and maps them to the owner.
+   */
+  private updateDelegateMapping(ownerPubkey: string, inviteList: InviteList): void {
+    for (const device of inviteList.getAllDevices()) {
+      if (device.identityPubkey) {
+        this.delegateToOwner.set(device.identityPubkey, ownerPubkey)
+      }
+    }
+  }
+  private subscribeToUserInviteList(
+    pubkey: string,
+    onInviteList: (list: InviteList) => void
+  ): Unsubscribe {
+    return this.nostrSubscribe(
+      {
+        kinds: [INVITE_LIST_EVENT_KIND],
+        authors: [pubkey],
+        "#d": ["double-ratchet/invite-list"],
+      },
+      (event) => {
+        try {
+          const list = InviteList.fromEvent(event)
+          // Update delegate mapping whenever we receive an InviteList
+          this.updateDelegateMapping(pubkey, list)
+          onInviteList(list)
+        } catch {
+          // Invalid event, ignore
         }
+      }
+    )
+  }
+  private attachSessionSubscription(
+    userPubkey: string,
+    deviceRecord: DeviceRecord,
+    session: Session,
+    // Set to true if only handshake -> not yet sendable -> will be promoted on message
+    inactive: boolean = false
+  ): void {
+    if (deviceRecord.staleAt !== undefined) {
+      return
     }
-    private async saveSession(ownerPubKey: string, deviceId: string, session: Session) {
-        try {
-            const key = `session/${ownerPubKey}/${deviceId}`
-            await this.storage.put(key, serializeSessionState(session.state))
-        } catch {/* ignore */}
+    const key = this.sessionKey(userPubkey, deviceRecord.deviceId, session.name)
+    if (this.sessionSubscriptions.has(key)) {
+      return
     }
-    getDeviceId(): string {
-        return this.deviceId
+    const dr = deviceRecord
+    const rotateSession = (nextSession: Session) => {
+      const current = dr.activeSession
+      if (!current) {
+        dr.activeSession = nextSession
+        return
+      }
+      if (current === nextSession || current.name === nextSession.name) {
+        dr.activeSession = nextSession
+        return
+      }
+      dr.inactiveSessions = dr.inactiveSessions.filter(
+        (session) => session !== current && session.name !== current.name
+      )
+      dr.inactiveSessions.push(current)
+      dr.inactiveSessions = dr.inactiveSessions.slice(-1)
+      dr.activeSession = nextSession
     }
-    getInvite(): Invite {
-        if (!this.invite) {
-            throw new Error("SessionManager not initialised yet")
-        }
-        return this.invite
+    if (inactive) {
+      const alreadyTracked = dr.inactiveSessions.some(
+        (tracked) => tracked === session || tracked.name === session.name
+      )
+      if (!alreadyTracked) {
+        dr.inactiveSessions.push(session)
+        dr.inactiveSessions = dr.inactiveSessions.slice(-1)
+      }
+    } else {
+      rotateSession(session)
     }
-    async sendText(recipientIdentityKey: string, text: string) {
-        const event = {
-            kind: CHAT_MESSAGE_KIND,
-            content: text,
-        }
-        return await this.sendEvent(recipientIdentityKey, event)
+    const unsub = session.onEvent((event) => {
+      for (const cb of this.internalSubscriptions) cb(event, userPubkey)
+      rotateSession(session)
+      this.storeUserRecord(userPubkey).catch(console.error)
+    })
+    this.storeUserRecord(userPubkey).catch(console.error)
+    this.sessionSubscriptions.set(key, unsub)
+  }
+  private attachInviteListSubscription(
+    userPubkey: string,
+    onInviteList?: (inviteList: InviteList) => void | Promise<void>
+  ): void {
+    const key = `invitelist:${userPubkey}`
+    if (this.inviteSubscriptions.has(key)) return
+    const unsubscribe = this.subscribeToUserInviteList(
+      userPubkey,
+      async (inviteList) => {
+        if (onInviteList) await onInviteList(inviteList)
+      }
+    )
+    this.inviteSubscriptions.set(key, unsubscribe)
+  }
+  setupUser(userPubkey: string) {
+    const userRecord = this.getOrCreateUserRecord(userPubkey)
+    const acceptInviteFromDevice = async (
+      inviteList: InviteList,
+      deviceId: string
+    ) => {
+      // Add device record IMMEDIATELY to prevent duplicate acceptance from race conditions
+      // (InviteList callback can fire multiple times before async accept completes)
+      const deviceRecord = this.upsertDeviceRecord(userRecord, deviceId)
+      const encryptor = this.identityKey instanceof Uint8Array ? this.identityKey : this.identityKey.encrypt
+      const { session, event } = await inviteList.accept(
+        deviceId,
+        this.nostrSubscribe,
+        this.ourPublicKey,
+        encryptor,
+        this.deviceId
+      )
+      return this.nostrPublish(event)
+        .then(() => this.attachSessionSubscription(userPubkey, deviceRecord, session))
+        .then(() => this.sendMessageHistory(userPubkey, deviceId))
+        .catch(console.error)
     }
-    async sendEvent(recipientIdentityKey: string, event: Partial<Rumor>) {
-        console.log("Sending event to", recipientIdentityKey, event)
-        // Immediately notify local subscribers so that UI can render sent message optimistically
-        this.internalSubscriptions.forEach(cb => cb(event as Rumor, recipientIdentityKey))
-        const results = []
-        const publishPromises: Promise<any>[] = []
-        // Send to recipient's devices
-        const userRecord = this.userRecords.get(recipientIdentityKey)
-        if (!userRecord) {
-            return new Promise<any[]>((resolve) => {
-                if (!this.messageQueue.has(recipientIdentityKey)) {
-                    this.messageQueue.set(recipientIdentityKey, [])
-                }
-                this.messageQueue.get(recipientIdentityKey)!.push({event, resolve})
-                this.listenToUser(recipientIdentityKey)
-            })
-        }
+    this.attachInviteListSubscription(userPubkey, async (inviteList) => {
+      const devices = inviteList.getAllDevices()
-        const activeSessions = userRecord.getActiveSessions()
-        const sendableSessions = activeSessions.filter(s => !!(s.state?.theirNextNostrPublicKey && s.state?.ourCurrentNostrKey))
-        if (sendableSessions.length === 0) {
-            return new Promise<any[]>((resolve) => {
-                if (!this.messageQueue.has(recipientIdentityKey)) {
-                    this.messageQueue.set(recipientIdentityKey, [])
-                }
-                this.messageQueue.get(recipientIdentityKey)!.push({event, resolve})
-                this.listenToUser(recipientIdentityKey)
-            })
-        }
+      // Handle removed devices (source of truth for revocation)
+      for (const deviceId of inviteList.getRemovedDeviceIds()) {
+        await this.cleanupDevice(userPubkey, deviceId)
+      }
-        // Send to all sendable sessions with recipient
-        for (const session of sendableSessions) {
-            const { event: encryptedEvent } = session.sendEvent(event)
-            results.push(encryptedEvent)
-            publishPromises.push(this.nostrPublish(encryptedEvent).catch(() => {}))
+      // Accept invites from new devices
+      for (const device of devices) {
+        if (!userRecord.devices.has(device.deviceId)) {
+          await acceptInviteFromDevice(inviteList, device.deviceId)
         }
+      }
+    })
+  }
-        // Send to our own devices (for multi-device sync)
-        const ourPublicKey = getPublicKey(this.ourIdentityKey)
-        const ownUserRecord = this.userRecords.get(ourPublicKey)
-        if (ownUserRecord) {
-            const ownSendableSessions = ownUserRecord.getActiveSessions().filter(s => !!(s.state?.theirNextNostrPublicKey && s.state?.ourCurrentNostrKey))
-            for (const session of ownSendableSessions) {
-                const { event: encryptedEvent } = session.sendEvent(event)
-                results.push(encryptedEvent)
-                publishPromises.push(this.nostrPublish(encryptedEvent).catch(() => {}))
-            }
+  onEvent(callback: OnEventCallback) {
+    this.internalSubscriptions.add(callback)
+    return () => {
+      this.internalSubscriptions.delete(callback)
+    }
+  }
+  getDeviceId(): string {
+    return this.deviceId
+  }
+  getUserRecords(): Map<string, UserRecord> {
+    return this.userRecords
+  }
+  close() {
+    for (const unsubscribe of this.inviteSubscriptions.values()) {
+      unsubscribe()
+    }
+    for (const unsubscribe of this.sessionSubscriptions.values()) {
+      unsubscribe()
+    }
+    this.ourInviteResponseSubscription?.()
+  }
+  deactivateCurrentSessions(publicKey: string) {
+    const userRecord = this.userRecords.get(publicKey)
+    if (!userRecord) return
+    for (const device of userRecord.devices.values()) {
+      if (device.activeSession) {
+        device.inactiveSessions.push(device.activeSession)
+        device.activeSession = undefined
+      }
+    }
+    this.storeUserRecord(publicKey).catch(console.error)
+  }
+  async deleteUser(userPubkey: string): Promise<void> {
+    await this.init()
+    const userRecord = this.userRecords.get(userPubkey)
+    if (userRecord) {
+      for (const device of userRecord.devices.values()) {
+        if (device.activeSession) {
+          this.removeSessionSubscription(
+            userPubkey,
+            device.deviceId,
+            device.activeSession.name
+          )
         }
-        // Ensure all publish operations settled before returning
-        if (publishPromises.length > 0) {
-            await Promise.all(publishPromises)
+        for (const session of device.inactiveSessions) {
+          this.removeSessionSubscription(userPubkey, device.deviceId, session.name)
         }
+      }
-        return results
+      this.userRecords.delete(userPubkey)
     }
-    listenToUser(userPubkey: string) {
-        // Don't subscribe multiple times to the same user
-        if (this.inviteUnsubscribes.has(userPubkey)) return
-        const unsubscribe = Invite.fromUser(userPubkey, this.nostrSubscribe, async (_invite) => {
-            try {
-                const deviceId = (_invite instanceof Invite && _invite.deviceId) ? _invite.deviceId : 'unknown'
-                const userRecord = this.userRecords.get(userPubkey)
-                if (userRecord) {
-                    const existingSessions = userRecord.getActiveSessions()
-                    if (existingSessions.some(session => session.name === deviceId)) {
-                        return // Already have session with this device
-                    }
-                }
-                const { session, event } = await _invite.accept(
-                    this.nostrSubscribe,
-                    getPublicKey(this.ourIdentityKey),
-                    this.ourIdentityKey
-                )
-                this.nostrPublish(event)?.catch(() => {})
-                // Store the new session
-                let currentUserRecord = this.userRecords.get(userPubkey)
-                if (!currentUserRecord) {
-                    currentUserRecord = new UserRecord(userPubkey, this.nostrSubscribe)
-                    this.userRecords.set(userPubkey, currentUserRecord)
-                }
-                currentUserRecord.upsertSession(deviceId, session)
-                this.saveSession(userPubkey, deviceId, session)
-                // Register all existing callbacks on the new session
-                session.onEvent((_event: Rumor) => {
-                    this.internalSubscriptions.forEach(callback => callback(_event, userPubkey))
-                })
-                const queuedMessages = this.messageQueue.get(userPubkey)
-                if (queuedMessages && queuedMessages.length > 0) {
-                    setTimeout(async () => {
-                        const currentQueuedMessages = this.messageQueue.get(userPubkey)
-                        if (currentQueuedMessages && currentQueuedMessages.length > 0) {
-                            const messagesToProcess = [...currentQueuedMessages]
-                            this.messageQueue.delete(userPubkey)
-                            for (const {event: queuedEvent, resolve} of messagesToProcess) {
-                                const results = await this.sendEvent(userPubkey, queuedEvent)
-                                resolve(results)
-                            }
-                        }
-                    }, 1000) // Increased delay for CI compatibility
-                }
-                // Return the event to be published
-                return event
-            } catch {
-            }
-        })
+    const inviteListKey = `invitelist:${userPubkey}`
+    const inviteListUnsub = this.inviteSubscriptions.get(inviteListKey)
+    if (inviteListUnsub) {
+      inviteListUnsub()
+      this.inviteSubscriptions.delete(inviteListKey)
+    }
-        this.inviteUnsubscribes.set(userPubkey, unsubscribe)
+    this.messageHistory.delete(userPubkey)
+    await Promise.allSettled([
+      this.deleteUserSessionsFromStorage(userPubkey),
+      this.storage.del(this.userRecordKey(userPubkey)),
+    ])
+  }
+  private removeSessionSubscription(
+    userPubkey: string,
+    deviceId: string,
+    sessionName: string
+  ) {
+    const key = this.sessionKey(userPubkey, deviceId, sessionName)
+    const unsubscribe = this.sessionSubscriptions.get(key)
+    if (unsubscribe) {
+      unsubscribe()
+      this.sessionSubscriptions.delete(key)
+    }
+  }
+  private async deleteUserSessionsFromStorage(userPubkey: string): Promise<void> {
+    const prefix = this.sessionKeyPrefix(userPubkey)
+    const keys = await this.storage.list(prefix)
+    await Promise.all(keys.map((key) => this.storage.del(key)))
+  }
+  private async sendMessageHistory(
+    recipientPublicKey: string,
+    deviceId: string
+  ): Promise<void> {
+    const history = this.messageHistory.get(recipientPublicKey) || []
+    const userRecord = this.userRecords.get(recipientPublicKey)
+    if (!userRecord) {
+      return
+    }
+    const device = userRecord.devices.get(deviceId)
+    if (!device) {
+      return
     }
+    if (device.staleAt !== undefined) {
+      return
+    }
+    for (const event of history) {
+      const { activeSession } = device
-    stopListeningToUser(userPubkey: string) {
-        const unsubscribe = this.inviteUnsubscribes.get(userPubkey)
-        if (unsubscribe) {
-            unsubscribe()
-            this.inviteUnsubscribes.delete(userPubkey)
-        }
+      if (!activeSession) continue
+      const { event: verifiedEvent } = activeSession.sendEvent(event)
+      await this.nostrPublish(verifiedEvent)
+      await this.storeUserRecord(recipientPublicKey)
+    }
+  }
+  async sendEvent(
+    recipientIdentityKey: string,
+    event: Partial<Rumor>
+  ): Promise<Rumor | undefined> {
+    await this.init()
+    // Add to message history queue (will be sent when session is established)
+    const completeEvent = event as Rumor
+    // Use ownerPublicKey for history targets so delegates share history with owner
+    const historyTargets = new Set([recipientIdentityKey, this.ownerPublicKey])
+    for (const key of historyTargets) {
+      const existing = this.messageHistory.get(key) || []
+      this.messageHistory.set(key, [...existing, completeEvent])
     }
-    // Update onEvent to include internalSubscriptions management
-    private internalSubscriptions: Set<OnEventCallback> = new Set()
+    const userRecord = this.getOrCreateUserRecord(recipientIdentityKey)
+    // Use ownerPublicKey to find sibling devices (important for delegates)
+    const ourUserRecord = this.getOrCreateUserRecord(this.ownerPublicKey)
-    onEvent(callback: OnEventCallback) {
-        this.internalSubscriptions.add(callback)
+    this.setupUser(recipientIdentityKey)
+    // Use ownerPublicKey to setup sessions with sibling devices
+    this.setupUser(this.ownerPublicKey)
-        // Subscribe to existing sessions
-        for (const [pubkey, userRecord] of this.userRecords.entries()) {
-            for (const session of userRecord.getActiveSessions()) {
-                session.onEvent((event: Rumor) => {
-                    callback(event, pubkey)
-                })
-            }
-        }
+    const recipientDevices = Array.from(userRecord.devices.values()).filter(d => d.staleAt === undefined)
+    const ownDevices = Array.from(ourUserRecord.devices.values()).filter(d => d.staleAt === undefined)
-        // Return unsubscribe function
-        return () => {
-            this.internalSubscriptions.delete(callback)
-        }
+    // Merge and deduplicate by deviceId, excluding our own sending device
+    // This fixes the self-message bug where sending to yourself would duplicate devices
+    const deviceMap = new Map<string, DeviceRecord>()
+    for (const d of [...recipientDevices, ...ownDevices]) {
+      if (d.deviceId !== this.deviceId) {  // Exclude sender's own device
+        deviceMap.set(d.deviceId, d)
+      }
     }
-    close() {
-        // Clean up all subscriptions
-        for (const unsubscribe of this.inviteUnsubscribes.values()) {
-            unsubscribe()
+    const devices = Array.from(deviceMap.values())
+    // Send to all devices in background (if sessions exist)
+    Promise.allSettled(
+      devices.map(async (device) => {
+        const { activeSession } = device
+        if (!activeSession) {
+          return
         }
-        this.inviteUnsubscribes.clear()
-        // Close all sessions
-        for (const userRecord of this.userRecords.values()) {
-            for (const session of userRecord.getActiveSessions()) {
-                session.close()
-            }
+        const { event: verifiedEvent } = activeSession.sendEvent(event)
+        await this.nostrPublish(verifiedEvent).catch(console.error)
+      })
+    )
+      .then(() => {
+        // Store recipient's user record
+        this.storeUserRecord(recipientIdentityKey)
+        // Also store owner's record if different (for sibling device sessions)
+        // This ensures session state is persisted after ratcheting
+        // TODO: check if really necessary, if yes, why?
+        if (this.ownerPublicKey !== recipientIdentityKey) {
+          this.storeUserRecord(this.ownerPublicKey)
         }
-        this.userRecords.clear()
-        this.internalSubscriptions.clear()
+      })
+      .catch(console.error)
+    // Return the event with computed ID (same as library would compute)
+    return completeEvent
+  }
+  async sendMessage(
+    recipientPublicKey: string,
+    content: string,
+    options: { kind?: number; tags?: string[][] } = {}
+  ): Promise<Rumor> {
+    const { kind = CHAT_MESSAGE_KIND, tags = [] } = options
+    // Build message exactly as library does (Session.ts sendEvent)
+    const now = Date.now()
+    const builtTags = this.buildMessageTags(recipientPublicKey, tags)
+    const rumor: Rumor = {
+      content,
+      kind,
+      created_at: Math.floor(now / 1000),
+      tags: builtTags,
+      pubkey: this.ourPublicKey,
+      id: "", // Will compute next
+    }
+    if (!rumor.tags.some(([k]) => k === "ms")) {
+      rumor.tags.push(["ms", String(now)])
     }
-    /**
-     * Accept an invite as our own device, persist the session, and publish the acceptance event.
-     * Used for multi-device flows where a user adds a new device.
-     */
-    public async acceptOwnInvite(invite: Invite) {
-        const ourPublicKey = getPublicKey(this.ourIdentityKey);
-        const { session, event } = await invite.accept(
-            this.nostrSubscribe,
-            ourPublicKey,
-            this.ourIdentityKey
-        );
-        let userRecord = this.userRecords.get(ourPublicKey);
-        if (!userRecord) {
-            userRecord = new UserRecord(ourPublicKey, this.nostrSubscribe);
-            this.userRecords.set(ourPublicKey, userRecord);
+    rumor.id = getEventHash(rumor)
+    // Use sendEvent for actual sending (includes queueing)
+    this.sendEvent(recipientPublicKey, rumor).catch(console.error)
+    return rumor
+  }
+  private async cleanupDevice(publicKey: string, deviceId: string): Promise<void> {
+    const userRecord = this.userRecords.get(publicKey)
+    if (!userRecord) return
+    const deviceRecord = userRecord.devices.get(deviceId)
+    if (!deviceRecord) return
+    if (deviceRecord.activeSession) {
+      this.removeSessionSubscription(publicKey, deviceId, deviceRecord.activeSession.name)
+    }
+    for (const session of deviceRecord.inactiveSessions) {
+      this.removeSessionSubscription(publicKey, deviceId, session.name)
+    }
+    deviceRecord.activeSession = undefined
+    deviceRecord.inactiveSessions = []
+    deviceRecord.staleAt = Date.now()
+    await this.storeUserRecord(publicKey).catch(console.error)
+  }
+  private buildMessageTags(
+    recipientPublicKey: string,
+    extraTags: string[][]
+  ): string[][] {
+    const hasRecipientPTag = extraTags.some(
+      (tag) => tag[0] === "p" && tag[1] === recipientPublicKey
+    )
+    const tags = hasRecipientPTag
+      ? [...extraTags]
+      : [["p", recipientPublicKey], ...extraTags]
+    return tags
+  }
+  private storeUserRecord(publicKey: string) {
+    const data: StoredUserRecord = {
+      publicKey: publicKey,
+      devices: Array.from(this.userRecords.get(publicKey)?.devices.entries() || []).map(
+        ([, device]) => ({
+          deviceId: device.deviceId,
+          activeSession: device.activeSession
+            ? serializeSessionState(device.activeSession.state)
+            : null,
+          inactiveSessions: device.inactiveSessions.map((session) =>
+            serializeSessionState(session.state)
+          ),
+          createdAt: device.createdAt,
+          staleAt: device.staleAt,
+          hasResponderSession: device.hasResponderSession,
+        })
+      ),
+    }
+    return this.storage.put(this.userRecordKey(publicKey), data)
+  }
+  private loadUserRecord(publicKey: string) {
+    return this.storage
+      .get<StoredUserRecord>(this.userRecordKey(publicKey))
+      .then((data) => {
+        if (!data) return
+        const devices = new Map<string, DeviceRecord>()
+        for (const deviceData of data.devices) {
+          const {
+            deviceId,
+            activeSession: serializedActive,
+            inactiveSessions: serializedInactive,
+            createdAt,
+            staleAt,
+            hasResponderSession,
+          } = deviceData
+          try {
+            const activeSession = serializedActive
+              ? new Session(
+                  this.nostrSubscribe,
+                  deserializeSessionState(serializedActive)
+                )
+              : undefined
+            const inactiveSessions = serializedInactive.map(
+              (entry) => new Session(this.nostrSubscribe, deserializeSessionState(entry))
+            )
+            devices.set(deviceId, {
+              deviceId,
+              activeSession,
+              inactiveSessions,
+              createdAt,
+              staleAt,
+              hasResponderSession,
+            })
+          } catch (e) {
+            console.error(
+              `Failed to deserialize session for user ${publicKey}, device ${deviceId}:`,
+              e
+            )
+          }
+        }
+        this.userRecords.set(publicKey, {
+          publicKey: data.publicKey,
+          devices,
+        })
+        for (const device of devices.values()) {
+          const { deviceId, activeSession, inactiveSessions, staleAt } = device
+          if (!deviceId || staleAt !== undefined) continue
+          for (const session of inactiveSessions.reverse()) {
+            this.attachSessionSubscription(publicKey, device, session)
+          }
+          if (activeSession) {
+            this.attachSessionSubscription(publicKey, device, activeSession)
+          }
         }
-        userRecord.upsertSession(session.name || 'unknown', session);
-        await this.saveSession(ourPublicKey, session.name || 'unknown', session);
-        this.nostrPublish(event)?.catch(() => {});
+      })
+      .catch((error) => {
+        console.error(`Failed to load user record for ${publicKey}:`, error)
+      })
+  }
+  private loadAllUserRecords() {
+    const prefix = this.userRecordKeyPrefix()
+    return this.storage.list(prefix).then((keys) => {
+      return Promise.all(
+        keys.map((key) => {
+          const publicKey = key.slice(prefix.length)
+          return this.loadUserRecord(publicKey)
+        })
+      )
+    })
+  }
+  private async runMigrations() {
+    // Run migrations sequentially
+    let version = await this.storage.get<string>(this.versionKey())
+    // First migration
+    if (!version) {
+      // Delete old invite data (legacy format no longer supported)
+      const oldInvitePrefix = "invite/"
+      const inviteKeys = await this.storage.list(oldInvitePrefix)
+      await Promise.all(inviteKeys.map((key) => this.storage.del(key)))
+      // Migrate old user records (clear sessions, keep device records)
+      const oldUserRecordPrefix = "user/"
+      const sessionKeys = await this.storage.list(oldUserRecordPrefix)
+      await Promise.all(
+        sessionKeys.map(async (key) => {
+          try {
+            const publicKey = key.slice(oldUserRecordPrefix.length)
+            const userRecordData = await this.storage.get<StoredUserRecord>(key)
+            if (userRecordData) {
+              const newKey = this.userRecordKey(publicKey)
+              const newUserRecordData: StoredUserRecord = {
+                publicKey: userRecordData.publicKey,
+                devices: userRecordData.devices.map((device) => ({
+                  deviceId: device.deviceId,
+                  activeSession: null,
+                  createdAt: device.createdAt,
+                  inactiveSessions: [],
+                })),
+              }
+              await this.storage.put(newKey, newUserRecordData)
+              await this.storage.del(key)
+            }
+          } catch (e) {
+            console.error("Migration error for user record:", e)
+          }
+        })
+      )
+      version = "1"
+      await this.storage.put(this.versionKey(), version)
     }
+  }
 }