openclaw-app 1.0.7 → 1.0.8

package/index.ts

@@ -241,6 +241,9 @@ interface RelayState {
      * so multiple users can be active simultaneously without key collisions.
      */
     e2eSessions: Map<string, E2EState>;
+    /** Previous E2E states kept for decrypting offline-buffered messages
+     *  that were encrypted with the old key before the app reconnected. */
+    prevE2eSessions: Map<string, E2EState>;
     relayToken: string;
 }
 
@@ -261,6 +264,7 @@ function getRelayState(accountId: string): RelayState {
             statusSink: null,
             gatewayCtx: null,
             e2eSessions: new Map(),
+            prevE2eSessions: new Map(),
             relayToken: "",
         };
         relayStates.set(accountId, state);
@@ -555,8 +559,8 @@ function cleanupRelay(state: RelayState) {
         try { state.ws.close(); } catch {}
         state.ws = null;
     }
-    // Clear all per-session E2E states — new handshakes needed on reconnect
     state.e2eSessions.clear();
+    state.prevE2eSessions.clear();
 }
 
 function connectRelay(ctx: any, account: ResolvedAccount) {
@@ -663,13 +667,14 @@ async function handleRelayMessage(ctx: any, accountId: string, state: RelayState
             ctx.log?.warn?.(`[${CHANNEL_ID}] [${accountId}] [E2E] peer_joined missing sessionKey, ignoring`);
             return;
         }
-        // Always restart E2E when peer_joined arrives — the app may have
-        // reconnected with a fresh _e2eReadyCompleter and is waiting for a
-        // new handshake even if we still hold an old session state.
-        if (state.e2eSessions.has(sessionKey)) {
-            ctx.log?.info?.(`[${CHANNEL_ID}] [${accountId}] [E2E] Session ${sessionKey} reconnected, resetting E2E state`);
-            state.e2eSessions.delete(sessionKey);
+        // Preserve old E2E state for decrypting offline-buffered messages,
+        // then create a fresh state for the new handshake.
+        const oldE2E = state.e2eSessions.get(sessionKey);
+        if (oldE2E?.ready) {
+            state.prevE2eSessions.set(sessionKey, oldE2E);
+            ctx.log?.info?.(`[${CHANNEL_ID}] [${accountId}] [E2E] Session ${sessionKey} reconnected, old key preserved for pending_flush`);
         }
+        state.e2eSessions.delete(sessionKey);
         ctx.log?.info?.(`[${CHANNEL_ID}] [${accountId}] [E2E] App session joined (${sessionKey}), sending handshake`);
         const sessionE2E = makeE2EState();
         state.e2eSessions.set(sessionKey, sessionE2E);
@@ -700,6 +705,49 @@ async function handleRelayMessage(ctx: any, accountId: string, state: RelayState
         return;
     }
 
+    // Relay forwards buffered offline messages for re-encryption.
+    // Each message was encrypted with the old E2E key; we decrypt with the
+    // preserved old key and re-encrypt with the current (new) session key.
+    if (msg.type === "pending_flush") {
+        const sessionKey = msg.sessionKey as string | undefined;
+        const messages = msg.messages as string[] | undefined;
+        if (!sessionKey || !messages || messages.length === 0) {
+            ctx.log?.info?.(`[${CHANNEL_ID}] [${accountId}] [E2E] pending_flush: nothing to flush`);
+            return;
+        }
+        const oldE2E = state.prevE2eSessions.get(sessionKey);
+        const newE2E = state.e2eSessions.get(sessionKey);
+        if (!oldE2E?.ready) {
+            ctx.log?.warn?.(`[${CHANNEL_ID}] [${accountId}] [E2E] pending_flush: no old key for session ${sessionKey}, dropping ${messages.length} message(s)`);
+            return;
+        }
+        if (!newE2E?.ready) {
+            ctx.log?.warn?.(`[${CHANNEL_ID}] [${accountId}] [E2E] pending_flush: new E2E not ready for session ${sessionKey}, dropping`);
+            return;
+        }
+        ctx.log?.info?.(`[${CHANNEL_ID}] [${accountId}] [E2E] pending_flush: re-encrypting ${messages.length} message(s) for session ${sessionKey}`);
+        for (const raw of messages) {
+            try {
+                const parsed = JSON.parse(raw);
+                if (parsed.type !== "encrypted" || !parsed.nonce || !parsed.ct) {
+                    // Not encrypted — forward as-is with sessionKey
+                    if (!parsed.sessionKey) parsed.sessionKey = sessionKey;
+                    state.ws?.send(JSON.stringify(parsed));
+                    continue;
+                }
+                const plaintext = await e2eDecrypt(oldE2E, parsed.nonce, parsed.ct);
+                const reEncrypted = JSON.parse(await e2eEncrypt(newE2E, plaintext));
+                reEncrypted.sessionKey = sessionKey;
+                state.ws?.send(JSON.stringify(reEncrypted));
+            } catch (e) {
+                ctx.log?.warn?.(`[${CHANNEL_ID}] [${accountId}] [E2E] pending_flush: failed to re-encrypt: ${e}`);
+            }
+        }
+        // Old key no longer needed after flush
+        state.prevE2eSessions.delete(sessionKey);
+        return;
+    }
+
     // App의 handshake 응답 수신 — ECDH 완성
     if (msg.type === "handshake") {
         const sessionKey = msg.sessionKey as string | undefined;

package/openclaw.plugin.json

@@ -1,7 +1,7 @@
 {
     "id": "openclaw-app",
     "name": "OpenClaw App",
-    "version": "1.0.7",
+    "version": "1.0.8",
     "description": "Mobile app channel for OpenClaw — chat via the OpenClaw Mobile app through a Cloudflare Worker relay.",
     "channels": [
         "openclaw-app"

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "openclaw-app",
-    "version": "1.0.7",
+    "version": "1.0.8",
     "description": "OpenClaw Mobile channel plugin — relay bridge for the OpenClaw Mobile app",
     "main": "index.ts",
     "type": "module",