zapo-js 1.1.0 → 1.1.2

package/dist/client/coordinators/WaRetryCoordinator.d.ts

@@ -33,6 +33,21 @@ interface WaRetryCoordinatorOptions {
     readonly resolveUserIcdc?: (userJid: string) => Promise<IcdcMeta | null>;
     readonly peerDataOperation?: PeerDataOperationRequester;
     readonly emitIncomingMessage?: (event: WaIncomingMessageEvent) => void;
+    /**
+     * Placeholder resend asks the primary phone (a peer) for the plaintext. A
+     * mobile primary is itself the phone and has no peer to ask, so when this
+     * resolves true the coordinator skips the resend and falls back to plain
+     * retry receipts. Resolved per failure (post-connect, after credentials
+     * load) so a registered mobile session reconnecting without an explicit
+     * `mobileTransport` option still takes the fallback path.
+     */
+    readonly isMobilePrimary?: () => boolean;
+    /**
+     * Resolves the trusted-contact (privacy) token node for a recipient user
+     * jid: retry resends must carry the same `<tctoken>` the original send did,
+     * or privacy-gated recipients nack them with error 463.
+     */
+    readonly resolvePrivacyTokenNode?: (recipientJid: string) => Promise<BinaryNode | null>;
 }
 export declare class WaRetryCoordinator {
     private readonly deps;
@@ -44,13 +59,15 @@ export declare class WaRetryCoordinator {
     private readonly placeholderInFlight;
     private placeholderQueue;
     private placeholderTimer;
+    private readonly decryptFailureQueue;
     constructor(options: WaRetryCoordinatorOptions);
     onDecryptFailure(context: WaRetryDecryptFailureContext, error: unknown): Promise<boolean>;
+    private handleDecryptFailure;
     handleIncomingRetryReceipt(receiptNode: BinaryNode): Promise<void>;
     private isRetryReceiptNode;
     private prepareDecryptFailureRetry;
     private sendDecryptFailureRetryReceipt;
-    private resolvePeerRetryRecipient;
+    private sendDecryptFailureAck;
     private handleParsedRetryRequest;
     private processRetryRequest;
     private prepareRetryResend;

package/dist/client/coordinators/WaRetryCoordinator.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WaRetryCoordinator = void 0;
+const keys_1 = require("../../crypto/core/keys");
+const BoundedTaskQueue_1 = require("../../infra/perf/BoundedTaskQueue");
 const incoming_1 = require("../../message/primitives/incoming");
 const _proto_1 = require("../../proto");
 const constants_1 = require("../../protocol/constants");
@@ -17,6 +19,10 @@ const collections_1 = require("../../util/collections");
 const primitives_1 = require("../../util/primitives");
 const RETRY_CLEANUP_INTERVAL_MS = 30000;
 const RETRY_SESSION_BASE_KEY_CACHE_MAX_ENTRIES = 8192;
+// Decrypt-failure handling runs off the inbound pipeline (keys-section builds
+// serialize on the prekey lock and hit the store); excess under flood is dropped.
+const DECRYPT_FAILURE_QUEUE_MAX_SIZE = 1024;
+const DECRYPT_FAILURE_QUEUE_MAX_CONCURRENCY = 8;
 const PLACEHOLDER_RESEND_RETRY_THRESHOLD = 3;
 const PLACEHOLDER_RESEND_BATCH_SIZE = 32;
 const PLACEHOLDER_RESEND_DEBOUNCE_MS = 200;
@@ -58,22 +64,46 @@ class WaRetryCoordinator {
             signalProtocol: options.signalProtocol,
             sessionResolver: options.sessionResolver,
             getCurrentCredentials: options.getCurrentCredentials,
-            resolveUserIcdc: options.resolveUserIcdc
+            resolveUserIcdc: options.resolveUserIcdc,
+            resolvePrivacyTokenNode: options.resolvePrivacyTokenNode
         });
         this.retryProcessingByMessageId = new Map();
         this.retrySessionBaseKeys = new Map();
+        this.decryptFailureQueue = new BoundedTaskQueue_1.BoundedTaskQueue(DECRYPT_FAILURE_QUEUE_MAX_SIZE, DECRYPT_FAILURE_QUEUE_MAX_CONCURRENCY);
     }
-    async onDecryptFailure(context, error) {
+    onDecryptFailure(context, error) {
+        // Deferred to the bounded queue: building the receipt inline would stall
+        // the inbound node pipeline.
+        void this.decryptFailureQueue
+            .enqueue(() => this.handleDecryptFailure(context, error))
+            .catch((queueError) => {
+            if (queueError instanceof BoundedTaskQueue_1.BoundedTaskQueueFullError) {
+                this.deps.logger.warn('decrypt-failure retry dropped: queue saturated', {
+                    id: context.stanzaId,
+                    from: context.from,
+                    participant: context.participant
+                });
+                return;
+            }
+            this.deps.logger.warn('failed to schedule decrypt-failure retry', {
+                id: context.stanzaId,
+                from: context.from,
+                participant: context.participant,
+                message: (0, primitives_1.toError)(queueError).message
+            });
+        });
+        return Promise.resolve(true);
+    }
+    async handleDecryptFailure(context, error) {
         try {
             const prepared = await this.prepareDecryptFailureRetry(context, error);
-            if (!prepared) {
-                return false;
+            if (prepared && !prepared.delegatedToPlaceholderResend) {
+                await this.sendDecryptFailureRetryReceipt(context, prepared);
             }
-            if (prepared.delegatedToPlaceholderResend) {
-                return true;
-            }
-            await this.sendDecryptFailureRetryReceipt(context, prepared);
-            return true;
+            // Ack the failed stanza even on the give-up path: the retry receipt
+            // asks for a resend but does not consume the message, so without the
+            // ack it is redelivered on every offline resume.
+            await this.sendDecryptFailureAck(context);
         }
         catch (sendError) {
             this.deps.logger.warn('failed to send retry receipt for decrypt failure', {
@@ -82,7 +112,6 @@ class WaRetryCoordinator {
                 participant: context.participant,
                 message: (0, primitives_1.toError)(sendError).message
             });
-            return false;
         }
     }
     async handleIncomingRetryReceipt(receiptNode) {
@@ -141,6 +170,17 @@ class WaRetryCoordinator {
         const requester = context.participant ?? context.from;
         const expiresAtMs = nowMs + this.retryTtlMs;
         const retryCount = await this.deps.retryStore.incrementInboundCounter(context.stanzaId, requester, nowMs, expiresAtMs);
+        if (retryCount > constants_2.MAX_RETRY_ATTEMPTS) {
+            // Give up past the ceiling: each attempt rebuilds an expensive keys
+            // section, so an uncapped retry on redelivered backlog hammers the store.
+            this.deps.logger.debug('retry receipt skipped: inbound retry limit exceeded', {
+                id: context.stanzaId,
+                from: context.from,
+                participant: context.participant,
+                retryCount
+            });
+            return null;
+        }
         const delegatedToPlaceholderResend = retryCount >= PLACEHOLDER_RESEND_RETRY_THRESHOLD &&
             this.enqueuePlaceholderResend(context);
         if (delegatedToPlaceholderResend) {
@@ -169,7 +209,7 @@ class WaRetryCoordinator {
         };
     }
     async sendDecryptFailureRetryReceipt(context, prepared) {
-        const recipient = context.recipient ?? this.resolvePeerRetryRecipient(context);
+        const { recipient } = context;
         const retryReceiptNode = (0, retry_1.buildRetryReceiptNode)({
             stanzaId: context.stanzaId,
             to: context.from,
@@ -194,24 +234,33 @@ class WaRetryCoordinator {
             withKeys: prepared.retryKeys !== undefined
         });
     }
-    resolvePeerRetryRecipient(context) {
-        if (!context.participant) {
-            return undefined;
-        }
-        const meLid = this.deps.getCurrentCredentials()?.meLid;
-        if (!meLid) {
-            return undefined;
+    async sendDecryptFailureAck(context) {
+        if (!context.stanzaId || !context.from) {
+            return;
         }
         try {
-            const participantUser = (0, jid_1.toUserJid)(context.participant);
-            const meUserLid = (0, jid_1.toUserJid)(meLid);
-            if (participantUser !== meUserLid) {
-                return undefined;
-            }
-            return meUserLid;
+            await this.deps.sendNode((0, global_1.buildAckNode)({
+                kind: 'message',
+                node: context.messageNode,
+                id: context.stanzaId,
+                to: context.from,
+                participant: context.participant,
+                from: this.deps.getCurrentCredentials()?.meJid ?? undefined,
+                error: constants_1.WA_NACK_REASONS.UNHANDLED_ERROR
+            }));
+            this.deps.logger.trace('acked undecryptable stanza', {
+                id: context.stanzaId,
+                from: context.from,
+                participant: context.participant
+            });
         }
-        catch {
-            return undefined;
+        catch (error) {
+            this.deps.logger.warn('failed to ack undecryptable stanza', {
+                id: context.stanzaId,
+                from: context.from,
+                participant: context.participant,
+                message: (0, primitives_1.toError)(error).message
+            });
         }
     }
     async handleParsedRetryRequest(receiptNode, request) {
@@ -387,14 +436,14 @@ class WaRetryCoordinator {
         await this.deps.preKeyStore.markKeyAsUploaded(preKey.keyId);
         const signedIdentity = this.deps.getCurrentCredentials()?.signedIdentity;
         return {
-            identity,
+            identity: (0, keys_1.toRawPubKey)(identity),
             key: {
                 id: preKey.keyId,
-                publicKey: preKey.keyPair.pubKey
+                publicKey: (0, keys_1.toRawPubKey)(preKey.keyPair.pubKey)
             },
             skey: {
                 id: signedPreKey.keyId,
-                publicKey: signedPreKey.keyPair.pubKey,
+                publicKey: (0, keys_1.toRawPubKey)(signedPreKey.keyPair.pubKey),
                 signature: signedPreKey.signature
             },
             deviceIdentity: signedIdentity
@@ -722,6 +771,9 @@ class WaRetryCoordinator {
         if (!this.deps.peerDataOperation || !this.deps.emitIncomingMessage) {
             return false;
         }
+        if (this.deps.isMobilePrimary?.()) {
+            return false;
+        }
         const subtype = context.messageNode.attrs.subtype;
         if (typeof subtype === 'string' && PLACEHOLDER_RESEND_SKIP_SUBTYPES.has(subtype)) {
             return false;
@@ -779,6 +831,7 @@ class WaRetryCoordinator {
                         }
                     }))
                 });
+                const meJid = this.deps.getCurrentCredentials()?.meJid;
                 for (const result of results) {
                     const bytes = result.placeholderMessageResendResponse?.webMessageInfoBytes;
                     if (!bytes) {
@@ -786,7 +839,7 @@ class WaRetryCoordinator {
                     }
                     try {
                         const recovered = _proto_1.proto.WebMessageInfo.decode(bytes);
-                        emitIncomingMessage((0, incoming_1.buildRecoveredIncomingEvent)(recovered));
+                        emitIncomingMessage((0, incoming_1.buildRecoveredIncomingEvent)(recovered, meJid));
                     }
                     catch (error) {
                         this.deps.logger.warn('placeholder resend: failed to decode WebMessageInfo', {

package/dist/client/messaging/ignore-key.js

@@ -88,12 +88,14 @@ function extractIgnoreKeyContext(node, meJid) {
     const me = tryParseJid(meJid);
     const fromCandidates = collectFromCandidates(kind, a);
     const fromMe = me !== null && fromCandidates.some((f) => tryParseJid(f)?.address.user === me.address.user);
+    // Device-stripped to match the JID form used by events/keys; a userless
+    // server `from` like `s.whatsapp.net` is unparseable, so fall back to raw.
     return {
         kind,
-        remoteJid: a.from ?? null,
+        remoteJid: tryParseJid(a.from)?.userJid ?? a.from ?? null,
         fromMe,
         id: a.id,
-        participant: a.participant ?? null
+        participant: tryParseJid(a.participant)?.userJid ?? a.participant ?? null
     };
 }
 /** Pure matcher. Exported for direct testing without a coordinator. */

package/dist/client/types.d.ts

@@ -423,27 +423,30 @@ export interface WaIgnoreKey {
  * Lib derives `kind` from the stanza tag and resolves `fromMe` by comparing
  * every from-candidate (`from`, `sender_pn`, `sender_lid`) against `meJid`.
  *
- * `remoteJid` and `participant` expose the **raw** `from` / `participant`
- * attrs verbatim and do NOT include the descriptor-style alt-attr lookups
- * (`sender_pn` / `sender_lid` / `participant_pn` / `participant_lid`) or
- * PN↔LID normalization. If the predicate needs to match by user identity
- * regardless of addressing mode, run the raw JID through `parseJidFull` and
- * compare on `userJid`, or use the descriptor form which handles it.
+ * `remoteJid` and `participant` are the `from` / `participant` attrs with the
+ * `:device` segment stripped (bare `user@server`), matching the JID form used
+ * by message events and keys. A value that does not parse as a JID (e.g. a
+ * userless server `from` like `s.whatsapp.net`) is passed through unchanged.
+ * They do NOT include the descriptor-style
+ * alt-attr lookups (`sender_pn` / `sender_lid` / `participant_pn` /
+ * `participant_lid`) or PN↔LID normalization, so they stay in whichever
+ * addressing mode the stanza arrived in. To match by user identity regardless
+ * of addressing mode, use the descriptor form, which handles it.
  */
 export interface WaIgnoreKeyContext {
     readonly kind: WaIgnoreStanzaKind;
-    /** Raw `from` attr (group JID for groups, PN or LID device JID for 1:1). */
+    /** `from` attr without `:device` (group JID for groups, PN or LID user JID for 1:1). */
     readonly remoteJid: string | null;
     readonly fromMe: boolean;
     readonly id: string | undefined;
-    /** Raw `participant` attr; `null` for non-group stanzas. */
+    /** `participant` attr without `:device`; `null` for non-group stanzas. */
     readonly participant: string | null;
 }
 /**
  * Predicate form of {@link WaClient.ignoreKey}. Return `true` to drop the
  * stanza, `false` to let it through. Receives a {@link WaIgnoreKeyContext}
- * with the raw `from`/`participant` attrs (see the context's JSDoc for the
- * PN↔LID caveat) plus lib-resolved `kind` and `fromMe`.
+ * with the device-stripped `from`/`participant` (see the context's JSDoc for
+ * the addressing-mode caveat) plus lib-resolved `kind` and `fromMe`.
  */
 export type WaIgnoreKeyPredicate = (ctx: WaIgnoreKeyContext) => boolean;
 export interface WaIncomingBaseEvent {

package/dist/esm/appstate/sync/WaAppStateSyncClient.js

@@ -35,20 +35,33 @@ export class WaAppStateSyncClient {
         this.sendKeyShare = options.sendKeyShare;
         this.triggerSync = options.triggerSync;
         this.crypto = new WaAppStateCrypto(undefined, options.skipMacVerification === true);
-        this.mobilePrimary = options.mobilePrimary ?? false;
+        this.mobilePrimary = options.mobilePrimary ?? (() => false);
         this.syncContext = null;
         this.syncPromise = null;
     }
     /**
      * Returns the active app-state sync key, generating and persisting a new
      * one when the store is empty (used during initial setup).
+     *
+     * The key id mirrors the primary device layout: 2 big-endian bytes of
+     * device id followed by a 4 big-endian byte epoch. `keyEpoch` and
+     * `pickActiveSyncKey` read that structure, so a shorter id would make the
+     * generated key invisible to active-key selection.
      */
     async ensureInitialSyncKey() {
         const existing = await this.store.getActiveSyncKey();
         if (existing) {
             return existing;
         }
-        const keyIdBytes = await randomBytesAsync(2);
+        const deviceId = this.resolveDeviceIndex() ?? 0;
+        const epoch = await randomIntAsync(1, 65537);
+        const keyIdBytes = new Uint8Array(6);
+        keyIdBytes[0] = (deviceId >>> 8) & 0xff;
+        keyIdBytes[1] = deviceId & 0xff;
+        keyIdBytes[2] = (epoch >>> 24) & 0xff;
+        keyIdBytes[3] = (epoch >>> 16) & 0xff;
+        keyIdBytes[4] = (epoch >>> 8) & 0xff;
+        keyIdBytes[5] = epoch & 0xff;
         const keyData = await randomBytesAsync(32);
         const rawId = await randomIntAsync(0, 4294967295);
         const key = {
@@ -61,6 +74,7 @@ export class WaAppStateSyncClient {
         this.crypto.clearCache();
         this.logger.info('app-state initial sync key generated (mobile primary)', {
             keyId: bytesToHex(keyIdBytes),
+            epoch,
             rawId
         });
         return key;
@@ -386,17 +400,18 @@ export class WaAppStateSyncClient {
     async buildCollectionSyncRequest(collection, pendingByCollection, activeSyncKey) {
         const collectionState = await this.getCollectionState(collection);
         const hasPersistedState = collectionState.initialized;
+        const requestSnapshot = !this.mobilePrimary() && !hasPersistedState;
         const attrs = {
             name: collection,
             version: String(hasPersistedState ? collectionState.version : APP_STATE_DEFAULT_COLLECTION_VERSION),
-            return_snapshot: hasPersistedState ? 'false' : 'true'
+            return_snapshot: requestSnapshot ? 'true' : 'false'
         };
         const children = [];
         const pendingMutations = pendingByCollection.get(collection) ?? [];
         let outgoingContext;
         let skippedUpload = false;
         if (pendingMutations.length > 0) {
-            if (!hasPersistedState) {
+            if (!hasPersistedState && !this.mobilePrimary()) {
                 skippedUpload = true;
                 this.logger.debug('app-state skipped outgoing patch upload until snapshot bootstrap', {
                     collection,
@@ -435,7 +450,7 @@ export class WaAppStateSyncClient {
             content: [
                 {
                     tag: WA_NODE_TAGS.SYNC,
-                    attrs: this.mobilePrimary ? { data_namespace: '3' } : {},
+                    attrs: this.mobilePrimary() ? { data_namespace: '3' } : {},
                     content: collectionNodes
                 }
             ]
@@ -470,20 +485,19 @@ export class WaAppStateSyncClient {
             return this.createCollectionOutcome(collection, payload.state, payload.version);
         }
         const pendingMutationsCount = pendingByCollection.get(collection)?.length ?? 0;
-        if (payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT ||
-            payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT_HAS_MORE) {
+        const isConflict = payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT ||
+            payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT_HAS_MORE;
+        if (isConflict) {
             shouldRefetch =
                 payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT_HAS_MORE ||
                     pendingMutationsCount > 0;
-            return this.createCollectionOutcome(collection, payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT
-                ? pendingMutationsCount > 0
-                    ? WA_APP_STATE_COLLECTION_STATES.CONFLICT
-                    : WA_APP_STATE_COLLECTION_STATES.SUCCESS
-                : payload.state, payload.version, shouldRefetch);
         }
         try {
             let appliedMutations = [];
-            if (payload.snapshotReference) {
+            if (payload.snapshotReference && this.mobilePrimary()) {
+                collectionLogger.debug('app-state ignoring server snapshot on primary device');
+            }
+            else if (payload.snapshotReference) {
                 const downloader = options.downloadExternalBlob;
                 if (!downloader) {
                     throw new Error(`snapshot for ${payload.collection} requires external blob downloader`);
@@ -522,12 +536,19 @@ export class WaAppStateSyncClient {
                     payload.state === WA_APP_STATE_COLLECTION_STATES.SUCCESS_HAS_MORE ||
                     (payload.state === WA_APP_STATE_COLLECTION_STATES.SUCCESS &&
                         skippedUploadCollections.has(collection));
+            const resolvedState = !isConflict
+                ? payload.state
+                : payload.state === WA_APP_STATE_COLLECTION_STATES.CONFLICT
+                    ? pendingMutationsCount > 0
+                        ? WA_APP_STATE_COLLECTION_STATES.CONFLICT
+                        : WA_APP_STATE_COLLECTION_STATES.SUCCESS
+                    : payload.state;
             collectionLogger.debug('app-state collection processed', {
-                state: payload.state,
+                state: resolvedState,
                 version: payload.version,
                 appliedMutations: appliedMutations.length
             });
-            return this.createCollectionOutcome(collection, payload.state, payload.version, shouldRefetch, collectionStateChanged, appliedMutations);
+            return this.createCollectionOutcome(collection, resolvedState, payload.version, shouldRefetch, collectionStateChanged, appliedMutations);
         }
         catch (error) {
             if (error instanceof WaAppStateMissingKeyError) {

package/dist/esm/auth/credentials-flow.js

@@ -30,6 +30,8 @@ export async function loadOrCreateCredentials(args) {
     }
     await restoreSignalStore(args.signalStore, args.preKeyStore, existing);
     args.logger.trace('auth credentials restored into signal store');
+    // A mobile primary has no self-signed device-identity and no key-index-list:
+    // both are companion-only (set at pairing). Do not re-add them here.
     return existing;
 }
 export async function persistCredentials(args, credentials) {
@@ -129,7 +131,7 @@ export async function buildCommsConfig(logger, credentials, socketOptions, clien
         noise: {
             clientStaticKeyPair: credentials.noiseKeyPair,
             isRegistered: registered,
-            serverStaticKey: credentials.serverStaticKey,
+            serverStaticKey: registered ? credentials.serverStaticKey : undefined,
             routingInfo: credentials.routingInfo,
             trustedRootCa: clientOptions.noiseTrustedRootCa,
             verifyCertificateChain: clientOptions.disableNoiseCertificateChainVerification

package/dist/esm/auth/pairing/WaPairingFlow.js

@@ -8,6 +8,7 @@ import { ADV_PREFIX_HOSTED_ACCOUNT_SIGNATURE, computeAdvIdentityHmac, generateDe
 import { buildAckNode, buildIqResultNode } from '../../transport/node/builders/global.js';
 import { buildCompanionFinishRequestNode, buildCompanionHelloRequestNode, buildGetCountryCodeRequestNode } from '../../transport/node/builders/pairing.js';
 import { decodeNodeContentUtf8OrBytes, findNodeChild, findNodeChildrenByTags, getFirstNodeChild, getNodeChildrenNonEmptyUtf8ByTag, hasNodeChild } from '../../transport/node/helpers.js';
+import { assertIqResult } from '../../transport/node/query.js';
 import { concatBytes, decodeProtoBytes, uint8Equal, uint8TimingSafeEqual } from '../../util/bytes.js';
 export class WaPairingFlow {
     constructor(options) {
@@ -46,6 +47,7 @@ export class WaPairingFlow {
             responseTag: response.tag,
             responseType: response.attrs.type
         });
+        assertIqResult(response, 'companion hello');
         const linkCodeNode = findNodeChild(response, WA_NODE_TAGS.LINK_CODE_COMPANION_REG);
         if (!linkCodeNode) {
             throw new Error('companion hello response missing link_code_companion_reg');

package/dist/esm/client/WaClient.js

@@ -255,10 +255,28 @@ export class WaClient extends EventEmitter {
                 return;
             }
             if (protocolType === proto.Message.ProtocolMessage.Type.HISTORY_SYNC_NOTIFICATION) {
-                if (this.options.history?.enabled !== false &&
-                    protocolMessage.historySyncNotification) {
-                    const peerRemoteJid = event.key.remoteJid;
-                    const peerStanzaId = event.key.id;
+                if (!protocolMessage.historySyncNotification) {
+                    return;
+                }
+                const peerRemoteJid = event.key.remoteJid;
+                const peerStanzaId = event.key.id;
+                const sendHistSyncReceipt = peerRemoteJid && peerStanzaId
+                    ? async () => {
+                        try {
+                            await this.message.sendReceipt(peerRemoteJid, peerStanzaId, {
+                                type: WA_MESSAGE_TYPES.RECEIPT_TYPE_HISTORY_SYNC
+                            });
+                        }
+                        catch (err) {
+                            this.logger.warn('failed to send hist_sync receipt', {
+                                id: peerStanzaId,
+                                to: peerRemoteJid,
+                                message: toError(err).message
+                            });
+                        }
+                    }
+                    : undefined;
+                if (this.options.history?.enabled !== false) {
                     await runHistorySyncNotification({
                         logger: this.logger,
                         mediaTransfer: this.mediaTransfer,
@@ -266,24 +284,12 @@ export class WaClient extends EventEmitter {
                         emitEvent: this.emit.bind(this),
                         onPrivacyTokens: (conversations) => this.deps.trustedContactToken.hydrateFromHistorySync(conversations),
                         onNctSalt: (salt) => this.deps.trustedContactToken.hydrateNctSaltFromHistorySync(salt),
-                        onProcessed: peerRemoteJid && peerStanzaId
-                            ? async () => {
-                                try {
-                                    await this.message.sendReceipt(peerRemoteJid, peerStanzaId, {
-                                        type: WA_MESSAGE_TYPES.RECEIPT_TYPE_HISTORY_SYNC
-                                    });
-                                }
-                                catch (err) {
-                                    this.logger.warn('failed to send hist_sync receipt', {
-                                        id: peerStanzaId,
-                                        to: peerRemoteJid,
-                                        message: toError(err).message
-                                    });
-                                }
-                            }
-                            : undefined
+                        onProcessed: sendHistSyncReceipt
                     }, protocolMessage.historySyncNotification);
                 }
+                else if (sendHistSyncReceipt) {
+                    await sendHistSyncReceipt();
+                }
                 return;
             }
             if (SYNC_RELATED_PROTOCOL_TYPES.has(protocolType)) {

package/dist/esm/client/WaClientFactory.js

@@ -210,7 +210,7 @@ export function buildWaClientDependencies(input) {
         logger,
         defaultTimeoutMs: options.nodeQueryTimeoutMs,
         hostDomain: WA_DEFAULTS.HOST_DOMAIN,
-        mobileIqIdFormat: options.mobileTransport !== undefined
+        mobileIqIdFormat: () => isMobilePrimary()
     });
     const keepAlive = new WaKeepAlive({
         logger,
@@ -352,6 +352,7 @@ export function buildWaClientDependencies(input) {
         }
     });
     const getCurrentCredentials = authClient.getCurrentCredentials.bind(authClient);
+    const isMobilePrimary = () => options.mobileTransport !== undefined || Boolean(getCurrentCredentials()?.deviceInfo);
     const groupCoordinator = createGroupCoordinator({
         queryWithContext: runtime.queryWithContext,
         mexSocket: { query: runtime.query }
@@ -477,7 +478,7 @@ export function buildWaClientDependencies(input) {
             additionalAttributes: sendOptions.additionalAttributes
         }),
         getIcdcHashLength: () => abPropsCoordinator.getConfigValue('md_icdc_hash_length'),
-        mobileMessageIdFormat: options.mobileTransport !== undefined,
+        mobileMessageIdFormat: isMobilePrimary,
         serverClock
     });
     const presenceCoordinator = createPresenceCoordinator({
@@ -517,12 +518,15 @@ export function buildWaClientDependencies(input) {
         sendNode: runtime.sendNode,
         getCurrentCredentials,
         resolveUserIcdc: (userJid) => messageDispatch.resolveUserIcdc(userJid),
+        resolvePrivacyTokenNode: (recipientJid) => trustedContactToken.resolveTokenForMessage(recipientJid),
+        // Placeholder resend asks the primary phone (a peer) for the plaintext.
         peerDataOperation,
         emitIncomingMessage: (event) => {
             void runtime
                 .handleIncomingMessageEvent(event)
                 .catch((err) => runtime.handleError(toError(err)));
-        }
+        },
+        isMobilePrimary
     });
     const botCoordinator = createBotCoordinator({
         logger,
@@ -546,7 +550,7 @@ export function buildWaClientDependencies(input) {
             await messageDispatch.requestAppStateSyncKeys(keyIds);
         },
         skipMacVerification: options.dangerous?.disableAppStateMacVerification,
-        mobilePrimary: options.mobileTransport !== undefined,
+        mobilePrimary: isMobilePrimary,
         isOwnAccountDevice: (deviceJid) => {
             const credentials = getCurrentCredentials();
             if (!credentials)
@@ -560,6 +564,18 @@ export function buildWaClientDependencies(input) {
             await runtime.syncAppState();
         }
     });
+    // Persists a pushName change and re-broadcasts presence carrying it (how the
+    // name reaches peers on primary connections). No-op when unchanged, which
+    // also collapses the app-state echo of our own SettingPushName write.
+    const applyOwnPushName = async (name) => {
+        if (getCurrentCredentials()?.meDisplayName === name) {
+            return;
+        }
+        await authClient.persistSuccessAttributes({ meDisplayName: name });
+        if (connectionManager?.isConnected()) {
+            await presenceCoordinator.send();
+        }
+    };
     const appStateMutations = new WaAppStateMutationCoordinator({
         logger,
         messageStore: sessionStore.messages,
@@ -570,7 +586,12 @@ export function buildWaClientDependencies(input) {
         emitSnapshotMutations: options.chatEvents?.emitSnapshotMutations === true,
         emitMutation: (event) => runtime.emitEvent('mutation', event),
         nctSaltSink: (salt) => trustedContactToken.handleNctSaltSync(salt),
-        contactSink: runtime.persistContact
+        contactSink: runtime.persistContact,
+        pushNameSink: (name) => {
+            void applyOwnPushName(name).catch((error) => logger.debug('apply own pushName from app-state sync failed', {
+                message: toError(error).message
+            }));
+        }
     });
     const profileCoordinator = createProfileCoordinator({
         queryWithContext: runtime.queryWithContext,
@@ -578,6 +599,7 @@ export function buildWaClientDependencies(input) {
         mexSocket: { query: runtime.query },
         queryLidsByPhoneJids: (phoneJids) => signalDeviceSync.queryLidsByPhoneJids(phoneJids),
         mutations: appStateMutations,
+        applyOwnPushName,
         logger
     });
     const statusCoordinator = createStatusCoordinator({
@@ -975,7 +997,7 @@ export function buildWaClientDependencies(input) {
             abPropsCoordinator,
             markOnlineOnConnect: options.markOnlineOnConnect ?? false
         }),
-        mobilePrimary: options.mobileTransport !== undefined,
+        mobilePrimary: isMobilePrimary,
         appStateSync
     });
     const lowLevelCoordinator = createLowLevelCoordinator({

package/dist/esm/client/connection/WaConnectionManager.js

@@ -246,6 +246,9 @@ export class WaConnectionManager {
             if (!serverStaticKey) {
                 this.logger.trace('no server static key available to persist');
             }
+            else if (!credentials.meJid) {
+                this.logger.trace('skipping server static key persist while unregistered');
+            }
             else {
                 await this.authClient.persistServerStaticKey(serverStaticKey);
                 this.assertLifecycleCurrent(lifecycleGeneration, 'start comms');