ping-openmls-sdk-react-native-macos 0.2.3 → 0.6.0

package/ios/PingNativeModule.swift

@@ -211,11 +211,14 @@ public final class PingNative: RCTEventEmitter {
     /// `nowMs` is the wall-clock at the call site (Hermes can't pass UInt64 across the
     /// bridge precisely so we accept Double and truncate; valid for the next ~285,000
     /// years of Unix time).
-    @objc(initClient:deviceLabel:nowMs:resolver:rejecter:)
+    @objc(initClient:deviceLabel:nowMs:sqlitePath:sqliteEncryptionKeyB64:deviceSigningSecretKeyB64:resolver:rejecter:)
     public func initClient(
         _ identityB64: String,
         deviceLabel: String,
         nowMs: Double,
+        sqlitePath: String?,
+        sqliteEncryptionKeyB64: String?,
+        deviceSigningSecretKeyB64: String?,
         resolver resolve: @escaping RCTPromiseResolveBlock,
         rejecter reject: @escaping RCTPromiseRejectBlock
     ) {
@@ -225,6 +228,35 @@ public final class PingNative: RCTEventEmitter {
                     reject("InvalidIdentity", "identity bytes failed base64 decode", nil)
                     return
                 }
+                // [CR-4] Optional SQLCipher key. Decode if supplied; reject if it
+                // decodes but isn't 32 bytes (host bug — better loud than silent).
+                var sqliteKey: Data? = nil
+                if let keyB64 = sqliteEncryptionKeyB64,
+                   let keyData = Data(base64Encoded: keyB64) {
+                    guard keyData.count == 32 else {
+                        reject("InvalidSqliteKey", "sqliteEncryptionKey must be 32 bytes, got \(keyData.count)", nil)
+                        return
+                    }
+                    sqliteKey = keyData
+                }
+                // Optional Ed25519 device signing secret. Same 32-byte
+                // shape as the SQLCipher key; loud-reject on mismatched
+                // length so callers find the bug at init time rather
+                // than via a server-side `sender_device_mismatch`
+                // hours later.
+                var deviceSigningSecret: Data? = nil
+                if let secretB64 = deviceSigningSecretKeyB64,
+                   let secretData = Data(base64Encoded: secretB64) {
+                    guard secretData.count == 32 else {
+                        reject(
+                            "InvalidDeviceSigningKey",
+                            "deviceSigningSecretKey must be 32 bytes, got \(secretData.count)",
+                            nil
+                        )
+                        return
+                    }
+                    deviceSigningSecret = secretData
+                }
                 // UniFFI's `[Name=init]` constructor generates a static factory named
                 // `init` (backquoted because Swift reserves the bare identifier for
                 // designated initializers).
@@ -233,7 +265,10 @@ public final class PingNative: RCTEventEmitter {
                     deviceLabel: deviceLabel,
                     storage: self.storageBridge,
                     transport: self.transportBridge,
-                    nowMs: UInt64(nowMs)
+                    nowMs: UInt64(nowMs),
+                    sqlitePath: sqlitePath,
+                    sqliteEncryptionKey: sqliteKey,
+                    deviceSigningSecretKey: deviceSigningSecret
                 )
                 self.client = c
                 resolve(true)
@@ -373,12 +408,13 @@ public final class PingNative: RCTEventEmitter {
         }
     }
 
-    /// Add members to an existing conversation. `keyPackages` is an array of byte arrays
-    /// (each one a peer's KeyPackage from `freshKeyPackage`).
-    @objc(addMembers:keyPackages:nowMs:resolver:rejecter:)
+    /// Add members ([CR-2]). `entries` is an array of `{ deviceId: [Int], keyPackage:
+    /// [Int] }` dicts — the device-id pairing lets the SDK persist a per-conversation
+    /// device→leaf map that `revokeDeviceNative` later consumes.
+    @objc(addMembers:entries:nowMs:resolver:rejecter:)
     public func addMembersNative(
         _ conversationIdBytes: NSArray,
-        keyPackages keyPackagesArr: NSArray,
+        entries entriesArr: NSArray,
         nowMs: Double,
         resolver resolve: @escaping RCTPromiseResolveBlock,
         rejecter reject: @escaping RCTPromiseRejectBlock
@@ -390,13 +426,10 @@ public final class PingNative: RCTEventEmitter {
             }
             do {
                 let convId = try TypeBridge.decodeConversationId(conversationIdBytes)
-                var kps: [Data] = []
-                for kp in keyPackagesArr {
-                    kps.append(try TypeBridge.decodeBytesOrThrow(kp, field: "keyPackage"))
-                }
+                let entries = try TypeBridge.decodeKeyPackageEntryArray(entriesArr)
                 try await client.addMembers(
                     conversationId: convId,
-                    keyPackages: kps,
+                    entries: entries,
                     nowMs: UInt64(nowMs)
                 )
                 resolve(NSNull())
@@ -555,10 +588,15 @@ public final class PingNative: RCTEventEmitter {
     /// Build a linking ticket on the existing device (E) for a new device (N) that
     /// just published its KeyPackage. The ticket bundles a Welcome to E's DeviceGroup
     /// plus a catch-up snapshot. N consumes the ticket via `consumeLinkingTicket`.
-    @objc(buildLinkingTicket:newDeviceKp:nowMs:resolver:rejecter:)
+    /// Build a linking ticket ([CR-13] populates `catchup_snapshot` from
+    /// `lastAppEvents`). `lastAppEvents` is an array of `{ conversationId: [Int],
+    /// appEventBytes: [Int] }` — host-supplied "what you missed" data the new
+    /// device renders before sync catches up. Empty array suppresses catchup.
+    @objc(buildLinkingTicket:newDeviceKp:lastAppEvents:nowMs:resolver:rejecter:)
     public func buildLinkingTicketNative(
         _ newDeviceIdBytes: NSArray,
         newDeviceKp newDeviceKpBytes: NSArray,
+        lastAppEvents lastAppEventsArr: NSArray,
         nowMs: Double,
         resolver resolve: @escaping RCTPromiseResolveBlock,
         rejecter reject: @escaping RCTPromiseRejectBlock
@@ -571,9 +609,11 @@ public final class PingNative: RCTEventEmitter {
             do {
                 let newDeviceId = try TypeBridge.decodeDeviceId(newDeviceIdBytes)
                 let newKp = try TypeBridge.decodeBytesOrThrow(newDeviceKpBytes, field: "newDeviceKp")
+                let events = try TypeBridge.decodeCatchupAppEventArray(lastAppEventsArr)
                 let ticket = try await client.buildLinkingTicket(
                     newDeviceId: newDeviceId,
                     newDeviceKp: newKp,
+                    lastAppEvents: events,
                     nowMs: UInt64(nowMs)
                 )
                 resolve(TypeBridge.encodeLinkingTicket(ticket))
@@ -610,9 +650,9 @@ public final class PingNative: RCTEventEmitter {
         }
     }
 
-    /// Revoke a device — issues Remove proposals in the DeviceGroup and every external
-    /// conversation the device participates in. Post-revocation, the target device
-    /// can't decrypt new traffic (PCS).
+    /// Revoke a device ([CR-2]). Returns the array of Commit envelopes the SDK
+    /// produced — one per conversation the device was a locally-known leaf in.
+    /// Empty array means the device wasn't locally known (scope limit per CR-2).
     @objc(revokeDevice:nowMs:resolver:rejecter:)
     public func revokeDeviceNative(
         _ deviceIdBytes: NSArray,
@@ -627,14 +667,96 @@ public final class PingNative: RCTEventEmitter {
             }
             do {
                 let deviceId = try TypeBridge.decodeDeviceId(deviceIdBytes)
-                try await client.revokeDevice(deviceId: deviceId, nowMs: UInt64(nowMs))
-                resolve(NSNull())
+                let envs = try await client.revokeDevice(deviceId: deviceId, nowMs: UInt64(nowMs))
+                resolve(TypeBridge.encodeEnvelopeArray(envs))
             } catch {
                 reject("RevokeFailed", String(describing: error), error)
             }
         }
     }
 
+    // MARK: - CR-8 / CR-7 helpers
+
+    /// Export a derived secret from a conversation's MLS exporter ([CR-8]).
+    /// Returned bytes are a secret — the JS side is responsible for wiping them.
+    @objc(exportConversationSecret:label:context:length:resolver:rejecter:)
+    public func exportConversationSecretNative(
+        _ conversationIdBytes: NSArray,
+        label: String,
+        context contextBytes: NSArray,
+        length: NSNumber,
+        resolver resolve: @escaping RCTPromiseResolveBlock,
+        rejecter reject: @escaping RCTPromiseRejectBlock
+    ) {
+        guard let client = self.client else {
+            reject("NotInitialised", "MessagingClient not initialised", nil)
+            return
+        }
+        do {
+            let convId = try TypeBridge.decodeConversationId(conversationIdBytes)
+            let context = try TypeBridge.decodeBytesOrThrow(contextBytes, field: "context")
+            let bytes = try client.exportConversationSecret(
+                conversationId: convId,
+                label: label,
+                context: context,
+                length: length.uint32Value
+            )
+            resolve(TypeBridge.encodeBytes(bytes))
+        } catch {
+            reject("ExportSecretFailed", String(describing: error), error)
+        }
+    }
+
+    /// Export a `GroupStateSnapshot` for one conversation ([CR-7]).
+    @objc(exportConversationStateSnapshot:nowMs:resolver:rejecter:)
+    public func exportConversationStateSnapshotNative(
+        _ conversationIdBytes: NSArray,
+        nowMs: Double,
+        resolver resolve: @escaping RCTPromiseResolveBlock,
+        rejecter reject: @escaping RCTPromiseRejectBlock
+    ) {
+        guard let client = self.client else {
+            reject("NotInitialised", "MessagingClient not initialised", nil)
+            return
+        }
+        do {
+            let convId = try TypeBridge.decodeConversationId(conversationIdBytes)
+            let bytes = try client.exportConversationStateSnapshot(
+                conversationId: convId,
+                nowMs: UInt64(nowMs)
+            )
+            resolve(TypeBridge.encodeBytes(bytes))
+        } catch {
+            reject("ExportStateSnapshotFailed", String(describing: error), error)
+        }
+    }
+
+    /// Import a `GroupStateSnapshot` from another device ([CR-7]).
+    @objc(importStateSnapshot:nowMs:resolver:rejecter:)
+    public func importStateSnapshotNative(
+        _ snapshotBytes: NSArray,
+        nowMs: Double,
+        resolver resolve: @escaping RCTPromiseResolveBlock,
+        rejecter reject: @escaping RCTPromiseRejectBlock
+    ) {
+        Task {
+            guard let client = self.client else {
+                reject("NotInitialised", "MessagingClient not initialised", nil)
+                return
+            }
+            do {
+                let bytes = try TypeBridge.decodeBytesOrThrow(snapshotBytes, field: "snapshotBytes")
+                let convId = try await client.importStateSnapshot(
+                    snapshotBytes: bytes,
+                    nowMs: UInt64(nowMs)
+                )
+                resolve(TypeBridge.encodeConversationId(convId))
+            } catch {
+                reject("ImportStateSnapshotFailed", String(describing: error), error)
+            }
+        }
+    }
+
     // MARK: - macOS clipboard helper (stage 5 polish)
 
     /// Write a string to the macOS pasteboard. Hermes doesn't ship `navigator.clipboard`

package/ios/TypeBridge.swift

@@ -294,4 +294,50 @@ enum TypeBridge {
             catchupSnapshot: snapshot
         )
     }
+
+    // MARK: - [CR-2] KeyPackageEntry
+
+    /// Decode `{ deviceId: [Int], keyPackage: [Int] }` into UniFFI's `KeyPackageEntry`.
+    /// Used by `addMembersNative` — each entry pairs a device with its KeyPackage.
+    static func decodeKeyPackageEntry(_ value: Any?) throws -> KeyPackageEntry {
+        guard let dict = value as? [String: Any] else {
+            throw BridgeError.decodeFailure("expected KeyPackageEntry dict")
+        }
+        let deviceId = try decodeDeviceId(dict["deviceId"] ?? dict["device_id"])
+        let keyPackage = try decodeBytesOrThrow(
+            dict["keyPackage"] ?? dict["key_package"],
+            field: "keyPackage"
+        )
+        return KeyPackageEntry(deviceId: deviceId, keyPackage: keyPackage)
+    }
+
+    static func decodeKeyPackageEntryArray(_ value: Any?) throws -> [KeyPackageEntry] {
+        guard let arr = value as? [Any] else {
+            throw BridgeError.decodeFailure("expected KeyPackageEntry array")
+        }
+        return try arr.map { try decodeKeyPackageEntry($0) }
+    }
+
+    // MARK: - [CR-13] CatchupAppEvent
+
+    /// Decode `{ conversationId: [Int], appEventBytes: [Int] }` into UniFFI's
+    /// `CatchupAppEvent`. Used by `buildLinkingTicketNative`.
+    static func decodeCatchupAppEvent(_ value: Any?) throws -> CatchupAppEvent {
+        guard let dict = value as? [String: Any] else {
+            throw BridgeError.decodeFailure("expected CatchupAppEvent dict")
+        }
+        let convId = try decodeConversationId(dict["conversationId"] ?? dict["conversation_id"])
+        let bytes = try decodeBytesOrThrow(
+            dict["appEventBytes"] ?? dict["app_event_bytes"],
+            field: "appEventBytes"
+        )
+        return CatchupAppEvent(conversationId: convId, appEventBytes: bytes)
+    }
+
+    static func decodeCatchupAppEventArray(_ value: Any?) throws -> [CatchupAppEvent] {
+        guard let arr = value as? [Any] else {
+            throw BridgeError.decodeFailure("expected CatchupAppEvent array")
+        }
+        return try arr.map { try decodeCatchupAppEvent($0) }
+    }
 }

package/ios/pingFFI.h

@@ -374,17 +374,17 @@ void uniffi_ping_ffi_fn_free_messagingclient(void*_Nonnull ptr, RustCallStatus *
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_CONSTRUCTOR_MESSAGINGCLIENT_INIT
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_CONSTRUCTOR_MESSAGINGCLIENT_INIT
-uint64_t uniffi_ping_ffi_fn_constructor_messagingclient_init(RustBuffer identity_export, RustBuffer device_label, void*_Nonnull storage, void*_Nonnull transport, uint64_t now_ms
+uint64_t uniffi_ping_ffi_fn_constructor_messagingclient_init(RustBuffer identity_export, RustBuffer device_label, void*_Nonnull storage, void*_Nonnull transport, uint64_t now_ms, RustBuffer sqlite_path, RustBuffer sqlite_encryption_key, RustBuffer device_signing_secret_key
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_ADD_MEMBERS
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_ADD_MEMBERS
-uint64_t uniffi_ping_ffi_fn_method_messagingclient_add_members(void*_Nonnull ptr, RustBuffer conversation_id, RustBuffer key_packages, uint64_t now_ms
+uint64_t uniffi_ping_ffi_fn_method_messagingclient_add_members(void*_Nonnull ptr, RustBuffer conversation_id, RustBuffer entries, uint64_t now_ms
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_BUILD_LINKING_TICKET
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_BUILD_LINKING_TICKET
-uint64_t uniffi_ping_ffi_fn_method_messagingclient_build_linking_ticket(void*_Nonnull ptr, RustBuffer new_device_id, RustBuffer new_device_kp, uint64_t now_ms
+uint64_t uniffi_ping_ffi_fn_method_messagingclient_build_linking_ticket(void*_Nonnull ptr, RustBuffer new_device_id, RustBuffer new_device_kp, RustBuffer last_app_events, uint64_t now_ms
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_CONSUME_LINKING_TICKET
@@ -407,11 +407,26 @@ RustBuffer uniffi_ping_ffi_fn_method_messagingclient_device_id(void*_Nonnull ptr
 RustBuffer uniffi_ping_ffi_fn_method_messagingclient_device_info(void*_Nonnull ptr, uint64_t now_ms, RustCallStatus *_Nonnull out_status
 );
 #endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_SECRET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_SECRET
+RustBuffer uniffi_ping_ffi_fn_method_messagingclient_export_conversation_secret(void*_Nonnull ptr, RustBuffer conversation_id, RustBuffer label, RustBuffer context, uint32_t length, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_STATE_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_STATE_SNAPSHOT
+RustBuffer uniffi_ping_ffi_fn_method_messagingclient_export_conversation_state_snapshot(void*_Nonnull ptr, RustBuffer conversation_id, uint64_t now_ms, RustCallStatus *_Nonnull out_status
+);
+#endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_FRESH_KEY_PACKAGE
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_FRESH_KEY_PACKAGE
 RustBuffer uniffi_ping_ffi_fn_method_messagingclient_fresh_key_package(void*_Nonnull ptr, RustCallStatus *_Nonnull out_status
 );
 #endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_IMPORT_STATE_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_IMPORT_STATE_SNAPSHOT
+uint64_t uniffi_ping_ffi_fn_method_messagingclient_import_state_snapshot(void*_Nonnull ptr, RustBuffer snapshot_bytes, uint64_t now_ms
+);
+#endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_JOIN_CONVERSATION
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_METHOD_MESSAGINGCLIENT_JOIN_CONVERSATION
 uint64_t uniffi_ping_ffi_fn_method_messagingclient_join_conversation(void*_Nonnull ptr, RustBuffer welcome, uint64_t now_ms
@@ -527,10 +542,25 @@ uint64_t uniffi_ping_ffi_fn_method_transport_fetch_since(void*_Nonnull ptr, Rust
 uint64_t uniffi_ping_ffi_fn_method_transport_send(void*_Nonnull ptr, RustBuffer envelope
 );
 #endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_DECODE_CATCHUP_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_DECODE_CATCHUP_SNAPSHOT
+RustBuffer uniffi_ping_ffi_fn_func_decode_catchup_snapshot(RustBuffer snapshot_bytes, RustCallStatus *_Nonnull out_status
+);
+#endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_GENERATE_IDENTITY_EXPORT
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_GENERATE_IDENTITY_EXPORT
 RustBuffer uniffi_ping_ffi_fn_func_generate_identity_export(RustCallStatus *_Nonnull out_status
     
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_OPEN_LINKING_TICKET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_OPEN_LINKING_TICKET
+RustBuffer uniffi_ping_ffi_fn_func_open_linking_ticket(RustBuffer sealed, RustBuffer new_device_priv, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_SEAL_LINKING_TICKET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_FN_FUNC_SEAL_LINKING_TICKET
+RustBuffer uniffi_ping_ffi_fn_func_seal_linking_ticket(RustBuffer ticket, RustBuffer new_device_pub, RustCallStatus *_Nonnull out_status
 );
 #endif
 #ifndef UNIFFI_FFIDEF_FFI_PING_FFI_RUSTBUFFER_ALLOC
@@ -811,12 +841,30 @@ void ffi_ping_ffi_rust_future_free_void(uint64_t handle
 #ifndef UNIFFI_FFIDEF_FFI_PING_FFI_RUST_FUTURE_COMPLETE_VOID
 #define UNIFFI_FFIDEF_FFI_PING_FFI_RUST_FUTURE_COMPLETE_VOID
 void ffi_ping_ffi_rust_future_complete_void(uint64_t handle, RustCallStatus *_Nonnull out_status
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_DECODE_CATCHUP_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_DECODE_CATCHUP_SNAPSHOT
+uint16_t uniffi_ping_ffi_checksum_func_decode_catchup_snapshot(void
+    
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_GENERATE_IDENTITY_EXPORT
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_GENERATE_IDENTITY_EXPORT
 uint16_t uniffi_ping_ffi_checksum_func_generate_identity_export(void
     
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_OPEN_LINKING_TICKET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_OPEN_LINKING_TICKET
+uint16_t uniffi_ping_ffi_checksum_func_open_linking_ticket(void
+    
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_SEAL_LINKING_TICKET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_FUNC_SEAL_LINKING_TICKET
+uint16_t uniffi_ping_ffi_checksum_func_seal_linking_ticket(void
+    
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGEOBSERVER_ON_APPLICATION_MESSAGE
@@ -865,12 +913,30 @@ uint16_t uniffi_ping_ffi_checksum_method_messagingclient_device_id(void
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_DEVICE_INFO
 uint16_t uniffi_ping_ffi_checksum_method_messagingclient_device_info(void
     
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_SECRET
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_SECRET
+uint16_t uniffi_ping_ffi_checksum_method_messagingclient_export_conversation_secret(void
+    
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_STATE_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_EXPORT_CONVERSATION_STATE_SNAPSHOT
+uint16_t uniffi_ping_ffi_checksum_method_messagingclient_export_conversation_state_snapshot(void
+    
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_FRESH_KEY_PACKAGE
 #define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_FRESH_KEY_PACKAGE
 uint16_t uniffi_ping_ffi_checksum_method_messagingclient_fresh_key_package(void
     
+);
+#endif
+#ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_IMPORT_STATE_SNAPSHOT
+#define UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_IMPORT_STATE_SNAPSHOT
+uint16_t uniffi_ping_ffi_checksum_method_messagingclient_import_state_snapshot(void
+    
 );
 #endif
 #ifndef UNIFFI_FFIDEF_UNIFFI_PING_FFI_CHECKSUM_METHOD_MESSAGINGCLIENT_JOIN_CONVERSATION

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ping-openmls-sdk-react-native-macos",
-  "version": "0.2.3",
+  "version": "0.6.0",
   "description": "Real MLS for React Native macOS apps — wraps the ping-openmls-sdk Rust core via UniFFI.",
   "homepage": "https://github.com/AMP-Media-Development/ping-openmls-sdk",
   "license": "Apache-2.0",

package/src/MessagingClient.ts

@@ -24,6 +24,50 @@ export interface ClientConfig {
   storage: Storage;
   /** Caller's transport backend. Wired into the native bridge during `init`. */
   transport: Transport;
+  /**
+   * [CR-4] Absolute path to a host-managed SQLite file the SDK creates and owns
+   * for persistent MLS state. Pass when the host needs cold-restart decryption
+   * (iOS NSE, Android Service push wake, similar). The parent directory MUST exist.
+   * When omitted, the SDK uses the in-memory provider — fine for tests, not for
+   * NSE-style flows.
+   */
+  sqlitePath?: string;
+  /**
+   * [CR-4] 32-byte SQLCipher key. Ignored when `sqlitePath` is omitted. Source
+   * from your OS keyring (Keychain on iOS, Keystore on Android, etc.).
+   */
+  sqliteEncryptionKey?: Uint8Array;
+  /**
+   * Optional 32-byte Ed25519 secret key the SDK adopts as its device
+   * signing key on FIRST init. When supplied, `deviceId()` returns
+   * `SHA-256(public_key_of(secret))` — deterministic from what the
+   * caller passes.
+   *
+   * Use case: align the SDK's `device_id` (which the SDK stamps into
+   * every envelope's `sender_device` field) with an externally-
+   * computed device id — typically `SHA-256(device_signing_pubkey)`
+   * in the host's auth layer, where the JWT carries that same value
+   * as its `device_id` claim. Without this alignment, a server that
+   * validates `envelope.sender_device == jwt.device_id` rejects every
+   * send with `sender_device_mismatch`.
+   *
+   * Ignored on re-init when a `LocalDevice` is already persisted in
+   * storage — the on-disk identity is authoritative for stability
+   * across restarts.
+   */
+  deviceSigningSecretKey?: Uint8Array;
+}
+
+/** [CR-2] One `(deviceId, keyPackage)` pair for `Conversation.addMembers`. */
+export interface KeyPackageEntry {
+  deviceId: Uint8Array;
+  keyPackage: Uint8Array;
+}
+
+/** [CR-13] One `(conversationId, lastAppEventBytes)` pair for `buildLinkingTicket`. */
+export interface CatchupAppEvent {
+  conversationId: Uint8Array;
+  appEventBytes: Uint8Array;
 }
 
 /**
@@ -57,7 +101,20 @@ export class MessagingClient {
 
     try {
       const identityB64 = bytesToBase64(cfg.identityExport);
-      await NativePing.initClient(identityB64, cfg.deviceLabel, Date.now());
+      const sqliteKeyB64 = cfg.sqliteEncryptionKey
+        ? bytesToBase64(cfg.sqliteEncryptionKey)
+        : null;
+      const signingSecretB64 = cfg.deviceSigningSecretKey
+        ? bytesToBase64(cfg.deviceSigningSecretKey)
+        : null;
+      await NativePing.initClient(
+        identityB64,
+        cfg.deviceLabel,
+        Date.now(),
+        cfg.sqlitePath ?? null,
+        sqliteKeyB64,
+        signingSecretB64,
+      );
     } catch (e) {
       // Init failed — disconnect the bridges so we don't leak event listeners.
       disconnectStorage();
@@ -264,14 +321,22 @@ export class MessagingClient {
    * KeyPackage (`newDeviceKp`); this builds an HPKE-wrapped Welcome to the user's
    * DeviceGroup plus a catch-up snapshot. The new device consumes via
    * `consumeLinkingTicket`.
+   *
+   * [CR-13] `lastAppEvents` is host-supplied "what you missed" data the new device
+   * will render before sync catches up. Pass `[]` to suppress catchup data.
    */
   async buildLinkingTicket(
     newDeviceId: Uint8Array,
     newDeviceKp: Uint8Array,
+    lastAppEvents: CatchupAppEvent[] = [],
   ): Promise<LinkingTicket> {
     const raw = await NativePing.buildLinkingTicket(
       Array.from(newDeviceId),
       Array.from(newDeviceKp),
+      lastAppEvents.map((e) => ({
+        conversationId: Array.from(e.conversationId),
+        appEventBytes: Array.from(e.appEventBytes),
+      })),
       Date.now(),
     );
     return decodeLinkingTicket(raw);
@@ -282,9 +347,67 @@ export class MessagingClient {
     await NativePing.consumeLinkingTicket(encodeLinkingTicket(ticket), Date.now());
   }
 
-  /** Revoke a device — issues Remove proposals across the user's groups. */
-  async revokeDevice(deviceId: Uint8Array): Promise<void> {
-    await NativePing.revokeDevice(Array.from(deviceId), Date.now());
+  /**
+   * Revoke a device ([CR-2]).
+   *
+   * Returns one Commit envelope per conversation the device was a locally-known
+   * leaf in. The SDK has already broadcast each via `transport.send`; the returned
+   * list is for any additional host-side handling. Empty array means the device
+   * wasn't locally known anywhere (CR-2 scope limit).
+   */
+  async revokeDevice(deviceId: Uint8Array): Promise<Array<Record<string, unknown>>> {
+    return await NativePing.revokeDevice(Array.from(deviceId), Date.now());
+  }
+
+  /**
+   * Export a derived secret from a conversation's MLS exporter ([CR-8]).
+   *
+   * Used to seed the ephemeral channel, call-media keys, and call-ephemeral
+   * framer keys. Returned bytes are a secret — never log; clear the typed array
+   * (`u8.fill(0)`) after use.
+   */
+  async exportConversationSecret(
+    conversation: Uint8Array,
+    label: string,
+    context: Uint8Array,
+    length: number,
+  ): Promise<Uint8Array> {
+    const arr = await NativePing.exportConversationSecret(
+      Array.from(conversation),
+      label,
+      Array.from(context),
+      length,
+    );
+    return Uint8Array.from(arr);
+  }
+
+  /**
+   * Export a portable MLS state snapshot for one conversation ([CR-7]).
+   *
+   * Bytes can be embedded in a recovery blob or shipped through a linking ticket
+   * so another device of the same user identity can re-attach via
+   * [importStateSnapshot]. Contains past epoch secrets — treat as a secret.
+   */
+  async exportConversationStateSnapshot(
+    conversation: Uint8Array,
+  ): Promise<Uint8Array> {
+    const arr = await NativePing.exportConversationStateSnapshot(
+      Array.from(conversation),
+      Date.now(),
+    );
+    return Uint8Array.from(arr);
+  }
+
+  /**
+   * Import a `GroupStateSnapshot` from another device of the same user identity
+   * ([CR-7]). On success the conversation appears in [listConversations].
+   */
+  async importStateSnapshot(snapshotBytes: Uint8Array): Promise<Uint8Array> {
+    const arr = await NativePing.importStateSnapshot(
+      Array.from(snapshotBytes),
+      Date.now(),
+    );
+    return Uint8Array.from(arr);
   }
 
   /** Detach storage + transport + observer listeners. Call when you're done. */
@@ -423,11 +546,21 @@ export class Conversation {
     );
   }
 
-  /** Add members by their KeyPackage bytes (typically obtained via the relay's directory). */
-  async addMembers(keyPackages: Uint8Array[]): Promise<void> {
+  /**
+   * Add members by `(deviceId, keyPackage)` pairs ([CR-2]).
+   *
+   * Hosts typically pull these straight from `transport.discoverDevices(userId)`.
+   * The pairing lets the SDK persist a per-conversation device→leaf map so
+   * `MessagingClient.revokeDevice` can later locate the leaves without a fresh
+   * directory lookup.
+   */
+  async addMembers(entries: KeyPackageEntry[]): Promise<void> {
     await NativePing.addMembers(
       Array.from(this.id),
-      keyPackages.map((kp) => Array.from(kp)),
+      entries.map((e) => ({
+        deviceId: Array.from(e.deviceId),
+        keyPackage: Array.from(e.keyPackage),
+      })),
       Date.now(),
     );
   }