zapo-js 1.1.2 → 1.1.3

package/dist/client/WaClientFactory.js

@@ -487,7 +487,8 @@ function buildWaClientDependencies(input) {
     });
     const presenceCoordinator = (0, WaPresenceCoordinator_1.createPresenceCoordinator)({
         sendNode: (node) => nodeOrchestrator.sendNode(node, false),
-        getCurrentCredentials
+        getCurrentCredentials,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid)
     });
     const peerDataOperation = (0, peer_data_operation_1.createPeerDataOperationRequester)({
         logger,
@@ -559,9 +560,7 @@ function buildWaClientDependencies(input) {
             const credentials = getCurrentCredentials();
             if (!credentials)
                 return false;
-            const candidateUser = (0, jid_1.toUserJid)(deviceJid);
-            return ((!!credentials.meJid && (0, jid_1.toUserJid)(credentials.meJid) === candidateUser) ||
-                (!!credentials.meLid && (0, jid_1.toUserJid)(credentials.meLid) === candidateUser));
+            return (0, jid_1.isOwnAccountJid)(deviceJid, credentials.meJid, credentials.meLid);
         },
         sendKeyShare: (toDeviceJid, keys, missingKeyIds) => messageDispatch.sendAppStateSyncKeyShare(toDeviceJid, keys, missingKeyIds),
         triggerSync: async () => {
@@ -604,6 +603,7 @@ function buildWaClientDependencies(input) {
         queryLidsByPhoneJids: (phoneJids) => signalDeviceSync.queryLidsByPhoneJids(phoneJids),
         mutations: appStateMutations,
         applyOwnPushName,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid),
         logger
     });
     const statusCoordinator = (0, WaStatusCoordinator_1.createStatusCoordinator)({
@@ -684,6 +684,7 @@ function buildWaClientDependencies(input) {
         logger,
         sendNode: runtime.sendNode,
         getMeJid: () => getCurrentCredentials()?.meJid,
+        getMeLid: () => getCurrentCredentials()?.meLid,
         signalProtocol,
         senderKeyManager,
         onDecryptFailure: (context, error) => retryCoordinator.onDecryptFailure(context, error),

package/dist/client/coordinators/WaMessageDispatchCoordinator.js

@@ -68,17 +68,20 @@ class WaMessageDispatchCoordinator {
     }
     async publishSignalMessage(input, options = {}) {
         this.requireCurrentMeJid('publishSignalMessage');
-        const address = (0, jid_1.parseSignalAddressFromJid)(input.to);
+        const credentials = this.deps.getCurrentCredentials();
+        const sessionJid = (0, jid_1.canonicalizeOwnAccountJid)(input.to, credentials?.meJid, credentials?.meLid);
+        const address = (0, jid_1.parseSignalAddressFromJid)(sessionJid);
         if (address.server === constants_1.WA_DEFAULTS.GROUP_SERVER) {
             throw new Error('publishSignalMessage currently supports only direct chats; use sender-key flow for groups');
         }
         this.deps.logger.trace('wa client publish signal message', {
             to: input.to,
+            sessionJid,
             type: input.type
         });
         const [paddedPlaintext] = await Promise.all([
             (0, padding_1.writeRandomPadMax16)(input.plaintext),
-            this.deps.sessionResolver.ensureSession(address, input.to, input.expectedIdentity)
+            this.deps.sessionResolver.ensureSession(address, sessionJid, input.expectedIdentity)
         ]);
         const encrypted = await this.deps.signalProtocol.encryptMessage(address, paddedPlaintext, input.expectedIdentity);
         const messageType = input.type ?? 'text';
@@ -325,7 +328,8 @@ class WaMessageDispatchCoordinator {
         await this.deps.messageClient.sendReceipt(input);
     }
     async publishProtocolMessageToDevice(deviceJid, protocolMessage, options) {
-        const meJid = this.deps.getCurrentCredentials()?.meJid;
+        const credentials = this.deps.getCurrentCredentials();
+        const meJid = credentials?.meJid;
         const meParsed = meJid ? (0, jid_1.parseJidFull)(meJid) : undefined;
         const meUserJid = meParsed?.userJid;
         let senderIcdc = null;

package/dist/client/coordinators/WaPresenceCoordinator.d.ts

@@ -21,6 +21,12 @@ export interface WaPresenceCoordinator {
 interface WaPresenceCoordinatorOptions {
     readonly sendNode: (node: BinaryNode) => Promise<void>;
     readonly getCurrentCredentials: () => WaAuthCredentials | null;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node for a contact, echoed back
+     * on a user presence subscription to unlock the target's presence
+     * visibility. Returns `null` when no valid token is held.
+     */
+    readonly resolvePrivacyTokenNode: (jid: string) => Promise<BinaryNode | null>;
 }
 /** Builds a {@link WaPresenceCoordinator} from its node-send dependency. */
 export declare function createPresenceCoordinator(options: WaPresenceCoordinatorOptions): WaPresenceCoordinator;

package/dist/client/coordinators/WaPresenceCoordinator.js

@@ -1,11 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createPresenceCoordinator = createPresenceCoordinator;
+const jid_1 = require("../../protocol/jid");
 const chatstate_1 = require("../../transport/node/builders/chatstate");
 const presence_1 = require("../../transport/node/builders/presence");
 /** Builds a {@link WaPresenceCoordinator} from its node-send dependency. */
 function createPresenceCoordinator(options) {
-    const { sendNode, getCurrentCredentials } = options;
+    const { sendNode, getCurrentCredentials, resolvePrivacyTokenNode } = options;
     return {
         send: async (type) => {
             const credentials = getCurrentCredentials();
@@ -15,7 +16,12 @@ function createPresenceCoordinator(options) {
             await sendNode((0, chatstate_1.buildChatstateNode)({ jid, ...opts }));
         },
         subscribe: async (jid, opts) => {
-            await sendNode((0, presence_1.buildPresenceSubscribeNode)({ jid, ...opts }));
+            const privacyTokenNode = (0, jid_1.isGroupJid)(jid) ? null : await resolvePrivacyTokenNode(jid);
+            await sendNode((0, presence_1.buildPresenceSubscribeNode)({
+                jid,
+                ...opts,
+                ...(privacyTokenNode ? { privacyTokenNode } : {})
+            }));
         }
     };
 }

package/dist/client/coordinators/WaProfileCoordinator.d.ts

@@ -149,6 +149,13 @@ interface WaProfileCoordinatorOptions {
      * idempotent (a no-op when the name already matches).
      */
     readonly applyOwnPushName: (name: string) => Promise<void>;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node for a contact, echoed back on
+     * privacy-gated profile queries (picture get, about/status usync) to prove
+     * this account is a trusted contact. Returns `null` when no valid token is
+     * held for the JID.
+     */
+    readonly resolvePrivacyTokenNode: (jid: string) => Promise<BinaryNode | null>;
     readonly logger: Logger;
 }
 /** Builds a {@link WaProfileCoordinator} from its IQ/MEX/SID dependencies. */

package/dist/client/coordinators/WaProfileCoordinator.js

@@ -195,10 +195,11 @@ function buildTextStatusMutationInput(input) {
 }
 /** Builds a {@link WaProfileCoordinator} from its IQ/MEX/SID dependencies. */
 function createProfileCoordinator(options) {
-    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, logger } = options;
+    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, resolvePrivacyTokenNode, logger } = options;
     return {
         getProfilePicture: async (jid, type, existingId) => {
-            const node = (0, profile_1.buildGetProfilePictureIq)(jid, type, existingId);
+            const privacyTokenNode = (await resolvePrivacyTokenNode(jid)) ?? undefined;
+            const node = (0, profile_1.buildGetProfilePictureIq)(jid, type, existingId, privacyTokenNode);
             const result = await queryWithContext('profile.getPicture', node, undefined, {
                 jid,
                 type: type ?? 'preview'
@@ -225,10 +226,11 @@ function createProfileCoordinator(options) {
         getStatus: async (jid) => {
             const sid = await generateSid();
             const queryNodes = (0, profile_1.buildGetStatusUsyncQueryNodes)();
+            const privacyTokenNode = await resolvePrivacyTokenNode(jid);
             const usyncNode = (0, usync_1.buildUsyncIq)({
                 sid,
                 queryProtocolNodes: [queryNodes[1]],
-                users: [{ jid }]
+                users: [{ jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) }]
             });
             const result = await queryWithContext('profile.getStatus', usyncNode, undefined, {
                 jid
@@ -256,10 +258,14 @@ function createProfileCoordinator(options) {
             }
             const sid = await generateSid();
             const queryProtocolNodes = (0, profile_1.buildGetStatusUsyncQueryNodes)();
+            const users = await Promise.all(jids.map(async (jid) => {
+                const privacyTokenNode = await resolvePrivacyTokenNode(jid);
+                return { jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) };
+            }));
             const usyncNode = (0, usync_1.buildUsyncIq)({
                 sid,
                 queryProtocolNodes,
-                users: jids.map((jid) => ({ jid }))
+                users
             });
             const result = await queryWithContext('profile.getProfiles', usyncNode, undefined, {
                 count: jids.length

package/dist/client/coordinators/WaRetryCoordinator.js

@@ -502,7 +502,7 @@ class WaRetryCoordinator {
                     id: request.keyBundle.key.id,
                     publicKey: request.keyBundle.key.publicKey
                 }
-            });
+            }, { reuseExisting: true });
             return this.applySessionBaseKeyPolicy(request, requesterJid, requesterAddress, requesterNormalizedDeviceJid);
         }
         const sessionStillExists = currentSession !== null && !regIdMismatch;

package/dist/client/coordinators/WaTrustedContactTokenCoordinator.d.ts

@@ -41,6 +41,15 @@ export declare class WaTrustedContactTokenCoordinator {
         readonly getConfigOverrides?: () => Partial<WaTrustedContactTokenConfig>;
     });
     private resolveConfig;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node to echo back on outbound
+     * queries against a contact's privacy-gated data (presence subscribe,
+     * profile-picture get, about/status usync). Returns the token only when a
+     * non-expired receiver token exists for `jid`; unlike
+     * {@link resolveTokenForMessage} it does **not** fall back to a `<cstoken>`
+     * (the gated query flows attach the trusted-contact token only).
+     */
+    resolveReceiverTokenNode(jid: string): Promise<BinaryNode | null>;
     resolveTokenForMessage(recipientJid: string): Promise<BinaryNode | null>;
     handleIncomingToken(fromJid: string, tokens: readonly ParsedPrivacyToken[]): Promise<void>;
     maybeIssueSenderToken(recipientJid: string): Promise<void>;

package/dist/client/coordinators/WaTrustedContactTokenCoordinator.js

@@ -42,14 +42,30 @@ class WaTrustedContactTokenCoordinator {
             maxDurationS
         };
     }
-    async resolveTokenForMessage(recipientJid) {
-        const record = await this.store.getByJid(recipientJid);
-        const nowS = this.serverClock.nowSeconds();
+    /**
+     * Resolves the receiver-mode `<tctoken>` node to echo back on outbound
+     * queries against a contact's privacy-gated data (presence subscribe,
+     * profile-picture get, about/status usync). Returns the token only when a
+     * non-expired receiver token exists for `jid`; unlike
+     * {@link resolveTokenForMessage} it does **not** fall back to a `<cstoken>`
+     * (the gated query flows attach the trusted-contact token only).
+     */
+    async resolveReceiverTokenNode(jid) {
+        const record = await this.store.getByJid(jid);
+        if (!record?.tcToken || record.tcTokenTimestamp === undefined) {
+            return null;
+        }
         const config = this.resolveConfig();
-        if (record?.tcToken &&
-            record.tcTokenTimestamp !== undefined &&
-            !(0, tc_token_1.isTokenExpired)(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
-            return (0, privacy_token_2.buildTcTokenMessageNode)(record.tcToken);
+        const nowS = this.serverClock.nowSeconds();
+        if ((0, tc_token_1.isTokenExpired)(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
+            return null;
+        }
+        return (0, privacy_token_2.buildTcTokenMessageNode)(record.tcToken);
+    }
+    async resolveTokenForMessage(recipientJid) {
+        const tcTokenNode = await this.resolveReceiverTokenNode(recipientJid);
+        if (tcTokenNode) {
+            return tcTokenNode;
         }
         const nctSalt = await this.getNctSalt();
         if (!nctSalt) {

package/dist/esm/client/WaClientFactory.js

@@ -39,7 +39,7 @@ import { handleIncomingMessageAck } from '../message/primitives/incoming.js';
 import { createPeerDataOperationRequester } from '../message/primitives/peer-data-operation.js';
 import { WaMessageClient } from '../message/WaMessageClient.js';
 import { getWaCompanionPlatformId, WA_DEFAULTS, WA_DISCONNECT_REASONS, WA_NEWSLETTER_NOTIFICATION_TAGS, WA_NODE_TAGS, WA_NOTIFICATION_TYPES, WA_PRIVACY_TOKEN_NOTIFICATION_TYPE } from '../protocol/constants.js';
-import { isNewsletterJid, parseSignalAddressFromJid, toUserJid } from '../protocol/jid.js';
+import { isNewsletterJid, isOwnAccountJid, parseSignalAddressFromJid, toUserJid } from '../protocol/jid.js';
 import { WA_PRESENCE_TYPES } from '../protocol/presence.js';
 import { createOutboundRetryTracker } from '../retry/tracker.js';
 import { SignalDeviceSyncApi } from '../signal/api/SignalDeviceSyncApi.js';
@@ -483,7 +483,8 @@ export function buildWaClientDependencies(input) {
     });
     const presenceCoordinator = createPresenceCoordinator({
         sendNode: (node) => nodeOrchestrator.sendNode(node, false),
-        getCurrentCredentials
+        getCurrentCredentials,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid)
     });
     const peerDataOperation = createPeerDataOperationRequester({
         logger,
@@ -555,9 +556,7 @@ export function buildWaClientDependencies(input) {
             const credentials = getCurrentCredentials();
             if (!credentials)
                 return false;
-            const candidateUser = toUserJid(deviceJid);
-            return ((!!credentials.meJid && toUserJid(credentials.meJid) === candidateUser) ||
-                (!!credentials.meLid && toUserJid(credentials.meLid) === candidateUser));
+            return isOwnAccountJid(deviceJid, credentials.meJid, credentials.meLid);
         },
         sendKeyShare: (toDeviceJid, keys, missingKeyIds) => messageDispatch.sendAppStateSyncKeyShare(toDeviceJid, keys, missingKeyIds),
         triggerSync: async () => {
@@ -600,6 +599,7 @@ export function buildWaClientDependencies(input) {
         queryLidsByPhoneJids: (phoneJids) => signalDeviceSync.queryLidsByPhoneJids(phoneJids),
         mutations: appStateMutations,
         applyOwnPushName,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid),
         logger
     });
     const statusCoordinator = createStatusCoordinator({
@@ -680,6 +680,7 @@ export function buildWaClientDependencies(input) {
         logger,
         sendNode: runtime.sendNode,
         getMeJid: () => getCurrentCredentials()?.meJid,
+        getMeLid: () => getCurrentCredentials()?.meLid,
         signalProtocol,
         senderKeyManager,
         onDecryptFailure: (context, error) => retryCoordinator.onDecryptFailure(context, error),

package/dist/esm/client/coordinators/WaMessageDispatchCoordinator.js

@@ -12,7 +12,7 @@ import { writeRandomPadMax16 } from '../../message/encode/padding.js';
 import { buildBotInvokeProtoCopy, extractInvokedBotJid, genBotMsgSecret } from '../../message/kinds/bot.js';
 import { proto } from '../../proto.js';
 import { WA_DEFAULTS, WA_NACK_REASONS } from '../../protocol/constants.js';
-import { isBotJid, isGroupJid, isHostedDeviceJid, isLidJid, isNewsletterJid, normalizeDeviceJid, normalizeRecipientJid, parseJidFull, parseSignalAddressFromJid, signalAddressKey, toUserJid } from '../../protocol/jid.js';
+import { canonicalizeOwnAccountJid, isBotJid, isGroupJid, isHostedDeviceJid, isLidJid, isNewsletterJid, normalizeDeviceJid, normalizeRecipientJid, parseJidFull, parseSignalAddressFromJid, signalAddressKey, toUserJid } from '../../protocol/jid.js';
 import { encodeBinaryNode } from '../../transport/binary/index.js';
 import { buildButtonAddonNode, buildDirectMessageFanoutNode, buildGroupSenderKeyMessageNode, buildMetaNode } from '../../transport/node/builders/message.js';
 import { bytesToHex, TEXT_ENCODER } from '../../util/bytes.js';
@@ -65,17 +65,20 @@ export class WaMessageDispatchCoordinator {
     }
     async publishSignalMessage(input, options = {}) {
         this.requireCurrentMeJid('publishSignalMessage');
-        const address = parseSignalAddressFromJid(input.to);
+        const credentials = this.deps.getCurrentCredentials();
+        const sessionJid = canonicalizeOwnAccountJid(input.to, credentials?.meJid, credentials?.meLid);
+        const address = parseSignalAddressFromJid(sessionJid);
         if (address.server === WA_DEFAULTS.GROUP_SERVER) {
             throw new Error('publishSignalMessage currently supports only direct chats; use sender-key flow for groups');
         }
         this.deps.logger.trace('wa client publish signal message', {
             to: input.to,
+            sessionJid,
             type: input.type
         });
         const [paddedPlaintext] = await Promise.all([
             writeRandomPadMax16(input.plaintext),
-            this.deps.sessionResolver.ensureSession(address, input.to, input.expectedIdentity)
+            this.deps.sessionResolver.ensureSession(address, sessionJid, input.expectedIdentity)
         ]);
         const encrypted = await this.deps.signalProtocol.encryptMessage(address, paddedPlaintext, input.expectedIdentity);
         const messageType = input.type ?? 'text';
@@ -322,7 +325,8 @@ export class WaMessageDispatchCoordinator {
         await this.deps.messageClient.sendReceipt(input);
     }
     async publishProtocolMessageToDevice(deviceJid, protocolMessage, options) {
-        const meJid = this.deps.getCurrentCredentials()?.meJid;
+        const credentials = this.deps.getCurrentCredentials();
+        const meJid = credentials?.meJid;
         const meParsed = meJid ? parseJidFull(meJid) : undefined;
         const meUserJid = meParsed?.userJid;
         let senderIcdc = null;

package/dist/esm/client/coordinators/WaPresenceCoordinator.js

@@ -1,8 +1,9 @@
+import { isGroupJid } from '../../protocol/jid.js';
 import { buildChatstateNode } from '../../transport/node/builders/chatstate.js';
 import { buildPresenceNode, buildPresenceSubscribeNode } from '../../transport/node/builders/presence.js';
 /** Builds a {@link WaPresenceCoordinator} from its node-send dependency. */
 export function createPresenceCoordinator(options) {
-    const { sendNode, getCurrentCredentials } = options;
+    const { sendNode, getCurrentCredentials, resolvePrivacyTokenNode } = options;
     return {
         send: async (type) => {
             const credentials = getCurrentCredentials();
@@ -12,7 +13,12 @@ export function createPresenceCoordinator(options) {
             await sendNode(buildChatstateNode({ jid, ...opts }));
         },
         subscribe: async (jid, opts) => {
-            await sendNode(buildPresenceSubscribeNode({ jid, ...opts }));
+            const privacyTokenNode = isGroupJid(jid) ? null : await resolvePrivacyTokenNode(jid);
+            await sendNode(buildPresenceSubscribeNode({
+                jid,
+                ...opts,
+                ...(privacyTokenNode ? { privacyTokenNode } : {})
+            }));
         }
     };
 }

package/dist/esm/client/coordinators/WaProfileCoordinator.js

@@ -192,10 +192,11 @@ function buildTextStatusMutationInput(input) {
 }
 /** Builds a {@link WaProfileCoordinator} from its IQ/MEX/SID dependencies. */
 export function createProfileCoordinator(options) {
-    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, logger } = options;
+    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, resolvePrivacyTokenNode, logger } = options;
     return {
         getProfilePicture: async (jid, type, existingId) => {
-            const node = buildGetProfilePictureIq(jid, type, existingId);
+            const privacyTokenNode = (await resolvePrivacyTokenNode(jid)) ?? undefined;
+            const node = buildGetProfilePictureIq(jid, type, existingId, privacyTokenNode);
             const result = await queryWithContext('profile.getPicture', node, undefined, {
                 jid,
                 type: type ?? 'preview'
@@ -222,10 +223,11 @@ export function createProfileCoordinator(options) {
         getStatus: async (jid) => {
             const sid = await generateSid();
             const queryNodes = buildGetStatusUsyncQueryNodes();
+            const privacyTokenNode = await resolvePrivacyTokenNode(jid);
             const usyncNode = buildUsyncIq({
                 sid,
                 queryProtocolNodes: [queryNodes[1]],
-                users: [{ jid }]
+                users: [{ jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) }]
             });
             const result = await queryWithContext('profile.getStatus', usyncNode, undefined, {
                 jid
@@ -253,10 +255,14 @@ export function createProfileCoordinator(options) {
             }
             const sid = await generateSid();
             const queryProtocolNodes = buildGetStatusUsyncQueryNodes();
+            const users = await Promise.all(jids.map(async (jid) => {
+                const privacyTokenNode = await resolvePrivacyTokenNode(jid);
+                return { jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) };
+            }));
             const usyncNode = buildUsyncIq({
                 sid,
                 queryProtocolNodes,
-                users: jids.map((jid) => ({ jid }))
+                users
             });
             const result = await queryWithContext('profile.getProfiles', usyncNode, undefined, {
                 count: jids.length

package/dist/esm/client/coordinators/WaRetryCoordinator.js

@@ -499,7 +499,7 @@ export class WaRetryCoordinator {
                     id: request.keyBundle.key.id,
                     publicKey: request.keyBundle.key.publicKey
                 }
-            });
+            }, { reuseExisting: true });
             return this.applySessionBaseKeyPolicy(request, requesterJid, requesterAddress, requesterNormalizedDeviceJid);
         }
         const sessionStillExists = currentSession !== null && !regIdMismatch;

package/dist/esm/client/coordinators/WaTrustedContactTokenCoordinator.js

@@ -39,14 +39,30 @@ export class WaTrustedContactTokenCoordinator {
             maxDurationS
         };
     }
-    async resolveTokenForMessage(recipientJid) {
-        const record = await this.store.getByJid(recipientJid);
-        const nowS = this.serverClock.nowSeconds();
+    /**
+     * Resolves the receiver-mode `<tctoken>` node to echo back on outbound
+     * queries against a contact's privacy-gated data (presence subscribe,
+     * profile-picture get, about/status usync). Returns the token only when a
+     * non-expired receiver token exists for `jid`; unlike
+     * {@link resolveTokenForMessage} it does **not** fall back to a `<cstoken>`
+     * (the gated query flows attach the trusted-contact token only).
+     */
+    async resolveReceiverTokenNode(jid) {
+        const record = await this.store.getByJid(jid);
+        if (!record?.tcToken || record.tcTokenTimestamp === undefined) {
+            return null;
+        }
         const config = this.resolveConfig();
-        if (record?.tcToken &&
-            record.tcTokenTimestamp !== undefined &&
-            !isTokenExpired(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
-            return buildTcTokenMessageNode(record.tcToken);
+        const nowS = this.serverClock.nowSeconds();
+        if (isTokenExpired(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
+            return null;
+        }
+        return buildTcTokenMessageNode(record.tcToken);
+    }
+    async resolveTokenForMessage(recipientJid) {
+        const tcTokenNode = await this.resolveReceiverTokenNode(recipientJid);
+        if (tcTokenNode) {
+            return tcTokenNode;
         }
         const nctSalt = await this.getNctSalt();
         if (!nctSalt) {

package/dist/esm/message/primitives/incoming.js

@@ -4,7 +4,7 @@ import { unpadPkcs7 } from '../encode/padding.js';
 import { processIncomingNewsletterMessage } from '../kinds/newsletter.js';
 import { proto } from '../../proto.js';
 import { WA_MESSAGE_TAGS, WA_MESSAGE_TYPES } from '../../protocol/constants.js';
-import { isBroadcastJid, isGroupJid, isNewsletterJid, parseJidFull, parseSignalAddressFromJid, toUserJid } from '../../protocol/jid.js';
+import { canonicalizeOwnAccountJid, isBroadcastJid, isGroupJid, isNewsletterJid, isOwnAccountJid, parseJidFull, parseSignalAddressFromJid, toUserJid } from '../../protocol/jid.js';
 import { buildAckNode, buildReceiptNode } from '../../transport/node/builders/global.js';
 import { decodeNodeContentBase64OrBytes, findNodeChild } from '../../transport/node/helpers.js';
 import { longToNumber, parseOptionalInt, toError } from '../../util/primitives.js';
@@ -27,6 +27,52 @@ function extractMessageIdentityAttrs(attrs) {
         pushName: attrs.notify
     };
 }
+/**
+ * Self-authored 1:1 chat is the recipient, so its alternate addressing is the
+ * `recipient*` attrs (the `sender*` attrs describe me). Promotes `recipientAlt`
+ * to `remoteJidAlt` and drops the stale sender/recipient fields.
+ */
+function promoteRecipientAddressing(identity) {
+    return {
+        ...(identity.recipientAlt ? { remoteJidAlt: identity.recipientAlt } : {}),
+        ...(identity.senderUsername !== undefined
+            ? { senderUsername: identity.senderUsername }
+            : {})
+    };
+}
+/**
+ * Resolves the {@link WaIncomingMessageKey} for a decrypted stanza. `remoteJid`
+ * is the chat: the `from`, or the recipient (`recipient` attr, then the
+ * deviceSentMessage `destinationJid`) when the message is `fromMe`.
+ */
+function buildIncomingMessageKey(node, sender, options, destinationJid) {
+    const fromUserJid = node.attrs.from ? toUserJid(node.attrs.from) : node.attrs.from;
+    const isGroup = fromUserJid ? isGroupJid(fromUserJid) : false;
+    const isBroadcast = fromUserJid ? isBroadcastJid(fromUserJid) : false;
+    const fromMe = sender
+        ? isOwnAccountJid(sender.userJid, options.getMeJid?.(), options.getMeLid?.())
+        : false;
+    const selfSentChat = fromMe && !isGroup && !isBroadcast
+        ? (node.attrs.recipient ?? destinationJid ?? undefined)
+        : undefined;
+    const chatJid = selfSentChat ? toUserJid(selfSentChat) : fromUserJid;
+    const { pushName, ...identity } = extractMessageIdentityAttrs(node.attrs);
+    const keyIdentity = selfSentChat ? promoteRecipientAddressing(identity) : identity;
+    return {
+        pushName,
+        key: {
+            remoteJid: chatJid ?? '',
+            id: node.attrs.id ?? '',
+            fromMe,
+            isGroup,
+            isBroadcast,
+            isNewsletter: false,
+            ...keyIdentity,
+            senderDevice: sender?.device ?? 0,
+            ...((isGroup || isBroadcast) && sender ? { participant: sender.userJid } : {})
+        }
+    };
+}
 function pickNextRetryCount(node) {
     const retryNode = findNodeChild(node, 'retry');
     const parsed = parseOptionalInt(retryNode?.attrs.count);
@@ -240,26 +286,11 @@ function processMsmsgEncNode(node, encNode, senderJid, options) {
                 encPayload: decoded.encPayload
             }
         };
-        const chatJid = node.attrs.from ? toUserJid(node.attrs.from) : node.attrs.from;
         const sender = senderJid ? parseJidFull(senderJid) : null;
-        const isGroup = chatJid ? isGroupJid(chatJid) : false;
-        const isBroadcast = chatJid ? isBroadcastJid(chatJid) : false;
-        const { pushName, ...keyIdentity } = extractMessageIdentityAttrs(node.attrs);
+        const { key, pushName } = buildIncomingMessageKey(node, sender ? { userJid: sender.userJid, device: sender.address.device } : null, options);
         options.emitIncomingMessage?.({
             rawNode: buildIncomingEventRawNode(node),
-            key: {
-                remoteJid: chatJid ?? '',
-                id: node.attrs.id ?? '',
-                fromMe: false,
-                isGroup,
-                isBroadcast,
-                isNewsletter: false,
-                ...keyIdentity,
-                ...((isGroup || isBroadcast) && sender?.userJid
-                    ? { participant: sender.userJid }
-                    : {}),
-                senderDevice: sender?.address.device ?? 0
-            },
+            key,
             stanzaType: node.attrs.type,
             offline: node.attrs.offline !== undefined,
             timestampSeconds: parseOptionalInt(node.attrs.t),
@@ -313,29 +344,14 @@ async function decryptAndProcessEncNode(node, encNode, encType, senderJid, optio
             }
         }
         if (shouldEmitIncomingMessage(message)) {
-            // remoteJid is the chat identity, which is deviceless: the device
-            // lives in senderDevice (from senderAddress), so strip any `:device`
-            // segment the `from` attr carries for 1:1 chats.
-            const fromAttr = node.attrs.from;
-            const chatJid = fromAttr ? toUserJid(fromAttr) : fromAttr;
-            const isGroup = chatJid ? isGroupJid(chatJid) : false;
-            const isBroadcast = chatJid ? isBroadcastJid(chatJid) : false;
-            const senderUserJid = `${senderAddress.user}@${senderAddress.server}`;
-            const { pushName, ...keyIdentity } = extractMessageIdentityAttrs(node.attrs);
+            const { key, pushName } = buildIncomingMessageKey(node, {
+                userJid: `${senderAddress.user}@${senderAddress.server}`,
+                device: senderAddress.device
+            }, options, decodedMessage.deviceSentMessage?.destinationJid ?? undefined);
             const expirationSeconds = pickIncomingExpirationSeconds(message);
             options.emitIncomingMessage?.({
                 rawNode: buildIncomingEventRawNode(node),
-                key: {
-                    remoteJid: chatJid ?? '',
-                    id: node.attrs.id ?? '',
-                    fromMe: false,
-                    isGroup,
-                    isBroadcast,
-                    isNewsletter: false,
-                    ...keyIdentity,
-                    senderDevice: senderAddress.device,
-                    ...(isGroup || isBroadcast ? { participant: senderUserJid } : {})
-                },
+                key,
                 stanzaType: node.attrs.type,
                 offline: node.attrs.offline !== undefined,
                 timestampSeconds: parseOptionalInt(node.attrs.t),
@@ -414,10 +430,15 @@ export async function handleIncomingMessageAck(node, options) {
                         continue;
                     }
                     const encType = child.attrs.type === 'msg' ? 'msg' : 'pkmsg';
-                    result = await decryptAndProcessEncNode(node, child, encType, senderJid, options, (ciphertext, senderAddress) => options.signalProtocol.decryptMessage(senderAddress, {
-                        type: encType,
-                        ciphertext
-                    }));
+                    result = await decryptAndProcessEncNode(node, child, encType, senderJid, options, (ciphertext, senderAddress) => {
+                        const sessionJid = canonicalizeOwnAccountJid(senderJid, options.getMeJid?.(), options.getMeLid?.());
+                        return options.signalProtocol.decryptMessage(sessionJid === senderJid
+                            ? senderAddress
+                            : parseSignalAddressFromJid(sessionJid), {
+                            type: encType,
+                            ciphertext
+                        });
+                    });
                     break;
                 }
                 case 'msmsg': {

package/dist/esm/protocol/jid.js

@@ -191,6 +191,48 @@ export function toUserJid(jid, options = {}) {
         : address.server;
     return `${address.user}@${server}`;
 }
+/**
+ * True when `jid` is the account's own user, matching the `meJid` (pn) or
+ * `meLid` (lid) identity device-insensitively. Mirrors WhatsApp Web's
+ * `isMeAccount`.
+ */
+export function isOwnAccountJid(jid, meJid, meLid) {
+    const candidateUser = toUserJid(jid);
+    return ((!!meJid && toUserJid(meJid) === candidateUser) ||
+        (!!meLid && toUserJid(meLid) === candidateUser));
+}
+/**
+ * Rewrites the account's own PN device JID to its LID equivalent so self traffic
+ * keys one LID session instead of forking into separate PN and LID ratchets.
+ * No-op for other users, already-LID/unparseable JIDs, or unknown identity.
+ */
+export function canonicalizeOwnAccountJid(jid, meJid, meLid) {
+    if (!meJid || !meLid)
+        return jid;
+    let address;
+    try {
+        address = parseSignalAddressFromJid(jid);
+    }
+    catch {
+        return jid;
+    }
+    if ((address.server ?? WA_DEFAULTS.HOST_DOMAIN) !== WA_DEFAULTS.HOST_DOMAIN)
+        return jid;
+    let mePnUser;
+    let meLidUser;
+    try {
+        mePnUser = parseSignalAddressFromJid(meJid).user;
+        meLidUser = parseSignalAddressFromJid(meLid).user;
+    }
+    catch {
+        return jid;
+    }
+    if (address.user !== mePnUser)
+        return jid;
+    return address.device === 0
+        ? `${meLidUser}@${WA_DEFAULTS.LID_SERVER}`
+        : `${meLidUser}:${address.device}@${WA_DEFAULTS.LID_SERVER}`;
+}
 /**
  * Returns the JID in its full device form. JIDs with `device === 0` lose the
  * device segment (`user@server`); all others keep `user:device@server`.

package/dist/esm/retry/reason.js

@@ -17,10 +17,10 @@ const RETRY_REASON_MATCHERS = [
     },
     { matches: ['invalid signature'], code: RETRY_REASON.SignalErrorInvalidSignature },
     {
-        matches: ['too many messages in future', 'future message'],
+        matches: ['too far in future', 'too many messages in future', 'future message'],
         code: RETRY_REASON.SignalErrorFutureMessage
     },
-    { matches: ['invalid mac'], code: RETRY_REASON.SignalErrorBadMac },
+    { matches: ['invalid message mac', 'invalid mac'], code: RETRY_REASON.SignalErrorBadMac },
     { matches: ['invalid session'], code: RETRY_REASON.SignalErrorInvalidSession },
     { matches: ['invalid message key'], code: RETRY_REASON.SignalErrorInvalidMsgKey },
     {

package/dist/esm/transport/node/WaNodeOrchestrator.js

@@ -21,8 +21,12 @@ export class WaNodeOrchestrator {
         return this.pendingQueries.size > 0;
     }
     clearPending(reason) {
-        this.logger.warn('clearing pending node queries', {
-            count: this.pendingQueries.size,
+        const count = this.pendingQueries.size;
+        if (count === 0) {
+            return;
+        }
+        this.logger.debug('clearing pending node queries', {
+            count,
             reason: reason.message
         });
         for (const pending of this.pendingQueries.values()) {

package/dist/esm/transport/node/builders/presence.js

@@ -34,6 +34,7 @@ export function buildPresenceSubscribeNode(input) {
     }
     return {
         tag: WA_NODE_TAGS.PRESENCE,
-        attrs
+        attrs,
+        ...(input.privacyTokenNode ? { content: [input.privacyTokenNode] } : {})
     };
 }

package/dist/esm/transport/node/builders/profile.js

@@ -1,6 +1,6 @@
 import { WA_DEFAULTS, WA_IQ_TYPES, WA_NODE_TAGS, WA_XMLNS } from '../../../protocol/constants.js';
 import { buildIqNode } from '../../node/query.js';
-export function buildGetProfilePictureIq(targetJid, type = 'preview', existingId) {
+export function buildGetProfilePictureIq(targetJid, type = 'preview', existingId, privacyTokenNode) {
     const pictureAttrs = {
         type,
         query: 'url'
@@ -11,7 +11,8 @@ export function buildGetProfilePictureIq(targetJid, type = 'preview', existingId
     return buildIqNode(WA_IQ_TYPES.GET, WA_DEFAULTS.HOST_DOMAIN, WA_XMLNS.PROFILE_PICTURE, [
         {
             tag: WA_NODE_TAGS.PICTURE,
-            attrs: pictureAttrs
+            attrs: pictureAttrs,
+            ...(privacyTokenNode ? { content: [privacyTokenNode] } : {})
         }
     ], {
         target: targetJid

package/dist/esm/transport/node/builders/retry.js

@@ -73,11 +73,9 @@ export function buildRetryReceiptNode(input) {
         v: RETRY_RECEIPT_VERSION,
         count: String(input.retryCount),
         id: input.originalMsgId,
-        t: input.t
+        t: input.t,
+        error: String(input.error ?? 0)
     };
-    if (input.error !== undefined && input.error !== 0) {
-        retryAttrs.error = String(input.error);
-    }
     const content = [
         {
             tag: 'retry',

package/dist/message/primitives/incoming.d.ts

@@ -9,6 +9,7 @@ interface WaIncomingMessageAckHandlerOptions {
     readonly logger: Logger;
     readonly sendNode: (node: BinaryNode) => Promise<void>;
     readonly getMeJid?: () => string | null | undefined;
+    readonly getMeLid?: () => string | null | undefined;
     readonly signalProtocol?: SignalProtocol;
     readonly senderKeyManager?: SenderKeyManager;
     readonly onDecryptFailure?: (context: WaRetryDecryptFailureContext, error: unknown) => Promise<boolean>;

package/dist/message/primitives/incoming.js

@@ -31,6 +31,52 @@ function extractMessageIdentityAttrs(attrs) {
         pushName: attrs.notify
     };
 }
+/**
+ * Self-authored 1:1 chat is the recipient, so its alternate addressing is the
+ * `recipient*` attrs (the `sender*` attrs describe me). Promotes `recipientAlt`
+ * to `remoteJidAlt` and drops the stale sender/recipient fields.
+ */
+function promoteRecipientAddressing(identity) {
+    return {
+        ...(identity.recipientAlt ? { remoteJidAlt: identity.recipientAlt } : {}),
+        ...(identity.senderUsername !== undefined
+            ? { senderUsername: identity.senderUsername }
+            : {})
+    };
+}
+/**
+ * Resolves the {@link WaIncomingMessageKey} for a decrypted stanza. `remoteJid`
+ * is the chat: the `from`, or the recipient (`recipient` attr, then the
+ * deviceSentMessage `destinationJid`) when the message is `fromMe`.
+ */
+function buildIncomingMessageKey(node, sender, options, destinationJid) {
+    const fromUserJid = node.attrs.from ? (0, jid_1.toUserJid)(node.attrs.from) : node.attrs.from;
+    const isGroup = fromUserJid ? (0, jid_1.isGroupJid)(fromUserJid) : false;
+    const isBroadcast = fromUserJid ? (0, jid_1.isBroadcastJid)(fromUserJid) : false;
+    const fromMe = sender
+        ? (0, jid_1.isOwnAccountJid)(sender.userJid, options.getMeJid?.(), options.getMeLid?.())
+        : false;
+    const selfSentChat = fromMe && !isGroup && !isBroadcast
+        ? (node.attrs.recipient ?? destinationJid ?? undefined)
+        : undefined;
+    const chatJid = selfSentChat ? (0, jid_1.toUserJid)(selfSentChat) : fromUserJid;
+    const { pushName, ...identity } = extractMessageIdentityAttrs(node.attrs);
+    const keyIdentity = selfSentChat ? promoteRecipientAddressing(identity) : identity;
+    return {
+        pushName,
+        key: {
+            remoteJid: chatJid ?? '',
+            id: node.attrs.id ?? '',
+            fromMe,
+            isGroup,
+            isBroadcast,
+            isNewsletter: false,
+            ...keyIdentity,
+            senderDevice: sender?.device ?? 0,
+            ...((isGroup || isBroadcast) && sender ? { participant: sender.userJid } : {})
+        }
+    };
+}
 function pickNextRetryCount(node) {
     const retryNode = (0, helpers_1.findNodeChild)(node, 'retry');
     const parsed = (0, primitives_1.parseOptionalInt)(retryNode?.attrs.count);
@@ -244,26 +290,11 @@ function processMsmsgEncNode(node, encNode, senderJid, options) {
                 encPayload: decoded.encPayload
             }
         };
-        const chatJid = node.attrs.from ? (0, jid_1.toUserJid)(node.attrs.from) : node.attrs.from;
         const sender = senderJid ? (0, jid_1.parseJidFull)(senderJid) : null;
-        const isGroup = chatJid ? (0, jid_1.isGroupJid)(chatJid) : false;
-        const isBroadcast = chatJid ? (0, jid_1.isBroadcastJid)(chatJid) : false;
-        const { pushName, ...keyIdentity } = extractMessageIdentityAttrs(node.attrs);
+        const { key, pushName } = buildIncomingMessageKey(node, sender ? { userJid: sender.userJid, device: sender.address.device } : null, options);
         options.emitIncomingMessage?.({
             rawNode: buildIncomingEventRawNode(node),
-            key: {
-                remoteJid: chatJid ?? '',
-                id: node.attrs.id ?? '',
-                fromMe: false,
-                isGroup,
-                isBroadcast,
-                isNewsletter: false,
-                ...keyIdentity,
-                ...((isGroup || isBroadcast) && sender?.userJid
-                    ? { participant: sender.userJid }
-                    : {}),
-                senderDevice: sender?.address.device ?? 0
-            },
+            key,
             stanzaType: node.attrs.type,
             offline: node.attrs.offline !== undefined,
             timestampSeconds: (0, primitives_1.parseOptionalInt)(node.attrs.t),
@@ -317,29 +348,14 @@ async function decryptAndProcessEncNode(node, encNode, encType, senderJid, optio
             }
         }
         if (shouldEmitIncomingMessage(message)) {
-            // remoteJid is the chat identity, which is deviceless: the device
-            // lives in senderDevice (from senderAddress), so strip any `:device`
-            // segment the `from` attr carries for 1:1 chats.
-            const fromAttr = node.attrs.from;
-            const chatJid = fromAttr ? (0, jid_1.toUserJid)(fromAttr) : fromAttr;
-            const isGroup = chatJid ? (0, jid_1.isGroupJid)(chatJid) : false;
-            const isBroadcast = chatJid ? (0, jid_1.isBroadcastJid)(chatJid) : false;
-            const senderUserJid = `${senderAddress.user}@${senderAddress.server}`;
-            const { pushName, ...keyIdentity } = extractMessageIdentityAttrs(node.attrs);
+            const { key, pushName } = buildIncomingMessageKey(node, {
+                userJid: `${senderAddress.user}@${senderAddress.server}`,
+                device: senderAddress.device
+            }, options, decodedMessage.deviceSentMessage?.destinationJid ?? undefined);
             const expirationSeconds = (0, context_info_1.pickIncomingExpirationSeconds)(message);
             options.emitIncomingMessage?.({
                 rawNode: buildIncomingEventRawNode(node),
-                key: {
-                    remoteJid: chatJid ?? '',
-                    id: node.attrs.id ?? '',
-                    fromMe: false,
-                    isGroup,
-                    isBroadcast,
-                    isNewsletter: false,
-                    ...keyIdentity,
-                    senderDevice: senderAddress.device,
-                    ...(isGroup || isBroadcast ? { participant: senderUserJid } : {})
-                },
+                key,
                 stanzaType: node.attrs.type,
                 offline: node.attrs.offline !== undefined,
                 timestampSeconds: (0, primitives_1.parseOptionalInt)(node.attrs.t),
@@ -418,10 +434,15 @@ async function handleIncomingMessageAck(node, options) {
                         continue;
                     }
                     const encType = child.attrs.type === 'msg' ? 'msg' : 'pkmsg';
-                    result = await decryptAndProcessEncNode(node, child, encType, senderJid, options, (ciphertext, senderAddress) => options.signalProtocol.decryptMessage(senderAddress, {
-                        type: encType,
-                        ciphertext
-                    }));
+                    result = await decryptAndProcessEncNode(node, child, encType, senderJid, options, (ciphertext, senderAddress) => {
+                        const sessionJid = (0, jid_1.canonicalizeOwnAccountJid)(senderJid, options.getMeJid?.(), options.getMeLid?.());
+                        return options.signalProtocol.decryptMessage(sessionJid === senderJid
+                            ? senderAddress
+                            : (0, jid_1.parseSignalAddressFromJid)(sessionJid), {
+                            type: encType,
+                            ciphertext
+                        });
+                    });
                     break;
                 }
                 case 'msmsg': {

package/dist/protocol/jid.d.ts

@@ -66,6 +66,18 @@ export declare function toUserJid(jid: string, options?: {
     readonly canonicalizeSignalServer?: boolean;
     readonly hostDomain?: string;
 }): string;
+/**
+ * True when `jid` is the account's own user, matching the `meJid` (pn) or
+ * `meLid` (lid) identity device-insensitively. Mirrors WhatsApp Web's
+ * `isMeAccount`.
+ */
+export declare function isOwnAccountJid(jid: string, meJid: string | null | undefined, meLid: string | null | undefined): boolean;
+/**
+ * Rewrites the account's own PN device JID to its LID equivalent so self traffic
+ * keys one LID session instead of forking into separate PN and LID ratchets.
+ * No-op for other users, already-LID/unparseable JIDs, or unknown identity.
+ */
+export declare function canonicalizeOwnAccountJid(jid: string, meJid: string | null | undefined, meLid: string | null | undefined): string;
 /**
  * Returns the JID in its full device form. JIDs with `device === 0` lose the
  * device segment (`user@server`); all others keep `user:device@server`.

package/dist/protocol/jid.js

@@ -15,6 +15,8 @@ exports.parseJidFull = parseJidFull;
 exports.canonicalizeSignalServer = canonicalizeSignalServer;
 exports.canonicalizeSignalJid = canonicalizeSignalJid;
 exports.toUserJid = toUserJid;
+exports.isOwnAccountJid = isOwnAccountJid;
+exports.canonicalizeOwnAccountJid = canonicalizeOwnAccountJid;
 exports.normalizeDeviceJid = normalizeDeviceJid;
 exports.applyDeviceToJid = applyDeviceToJid;
 exports.isHostedDeviceId = isHostedDeviceId;
@@ -217,6 +219,48 @@ function toUserJid(jid, options = {}) {
         : address.server;
     return `${address.user}@${server}`;
 }
+/**
+ * True when `jid` is the account's own user, matching the `meJid` (pn) or
+ * `meLid` (lid) identity device-insensitively. Mirrors WhatsApp Web's
+ * `isMeAccount`.
+ */
+function isOwnAccountJid(jid, meJid, meLid) {
+    const candidateUser = toUserJid(jid);
+    return ((!!meJid && toUserJid(meJid) === candidateUser) ||
+        (!!meLid && toUserJid(meLid) === candidateUser));
+}
+/**
+ * Rewrites the account's own PN device JID to its LID equivalent so self traffic
+ * keys one LID session instead of forking into separate PN and LID ratchets.
+ * No-op for other users, already-LID/unparseable JIDs, or unknown identity.
+ */
+function canonicalizeOwnAccountJid(jid, meJid, meLid) {
+    if (!meJid || !meLid)
+        return jid;
+    let address;
+    try {
+        address = parseSignalAddressFromJid(jid);
+    }
+    catch {
+        return jid;
+    }
+    if ((address.server ?? constants_1.WA_DEFAULTS.HOST_DOMAIN) !== constants_1.WA_DEFAULTS.HOST_DOMAIN)
+        return jid;
+    let mePnUser;
+    let meLidUser;
+    try {
+        mePnUser = parseSignalAddressFromJid(meJid).user;
+        meLidUser = parseSignalAddressFromJid(meLid).user;
+    }
+    catch {
+        return jid;
+    }
+    if (address.user !== mePnUser)
+        return jid;
+    return address.device === 0
+        ? `${meLidUser}@${constants_1.WA_DEFAULTS.LID_SERVER}`
+        : `${meLidUser}:${address.device}@${constants_1.WA_DEFAULTS.LID_SERVER}`;
+}
 /**
  * Returns the JID in its full device form. JIDs with `device === 0` lose the
  * device segment (`user@server`); all others keep `user:device@server`.

package/dist/retry/reason.js

@@ -20,10 +20,10 @@ const RETRY_REASON_MATCHERS = [
     },
     { matches: ['invalid signature'], code: constants_1.RETRY_REASON.SignalErrorInvalidSignature },
     {
-        matches: ['too many messages in future', 'future message'],
+        matches: ['too far in future', 'too many messages in future', 'future message'],
         code: constants_1.RETRY_REASON.SignalErrorFutureMessage
     },
-    { matches: ['invalid mac'], code: constants_1.RETRY_REASON.SignalErrorBadMac },
+    { matches: ['invalid message mac', 'invalid mac'], code: constants_1.RETRY_REASON.SignalErrorBadMac },
     { matches: ['invalid session'], code: constants_1.RETRY_REASON.SignalErrorInvalidSession },
     { matches: ['invalid message key'], code: constants_1.RETRY_REASON.SignalErrorInvalidMsgKey },
     {

package/dist/transport/node/WaNodeOrchestrator.js

@@ -24,8 +24,12 @@ class WaNodeOrchestrator {
         return this.pendingQueries.size > 0;
     }
     clearPending(reason) {
-        this.logger.warn('clearing pending node queries', {
-            count: this.pendingQueries.size,
+        const count = this.pendingQueries.size;
+        if (count === 0) {
+            return;
+        }
+        this.logger.debug('clearing pending node queries', {
+            count,
             reason: reason.message
         });
         for (const pending of this.pendingQueries.values()) {

package/dist/transport/node/builders/presence.d.ts

@@ -9,5 +9,11 @@ export interface BuildPresenceSubscribeNodeInput {
     readonly jid: string;
     readonly name?: string;
     readonly context?: string;
+    /**
+     * Receiver-mode `<tctoken>` node echoed back to prove this account is a
+     * trusted contact, gating the target's presence/last-seen visibility.
+     * Attached as a child of the `<presence>` stanza when present.
+     */
+    readonly privacyTokenNode?: BinaryNode;
 }
 export declare function buildPresenceSubscribeNode(input: BuildPresenceSubscribeNodeInput): BinaryNode;

package/dist/transport/node/builders/presence.js

@@ -38,6 +38,7 @@ function buildPresenceSubscribeNode(input) {
     }
     return {
         tag: nodes_1.WA_NODE_TAGS.PRESENCE,
-        attrs
+        attrs,
+        ...(input.privacyTokenNode ? { content: [input.privacyTokenNode] } : {})
     };
 }

package/dist/transport/node/builders/profile.d.ts

@@ -1,6 +1,6 @@
 import type { BinaryNode } from '../../types';
 export type WaProfilePictureType = 'preview' | 'image';
-export declare function buildGetProfilePictureIq(targetJid: string, type?: WaProfilePictureType, existingId?: string): BinaryNode;
+export declare function buildGetProfilePictureIq(targetJid: string, type?: WaProfilePictureType, existingId?: string, privacyTokenNode?: BinaryNode): BinaryNode;
 export declare function buildSetProfilePictureIq(imageBytes: Uint8Array, targetJid?: string): BinaryNode;
 export declare function buildDeleteProfilePictureIq(targetJid?: string): BinaryNode;
 export declare function buildSetStatusIq(text: string): BinaryNode;

package/dist/transport/node/builders/profile.js

@@ -11,7 +11,7 @@ exports.buildGetUsernameUsyncQueryNode = buildGetUsernameUsyncQueryNode;
 exports.buildGetStatusUsyncQueryNodes = buildGetStatusUsyncQueryNodes;
 const constants_1 = require("../../../protocol/constants");
 const query_1 = require("../../node/query");
-function buildGetProfilePictureIq(targetJid, type = 'preview', existingId) {
+function buildGetProfilePictureIq(targetJid, type = 'preview', existingId, privacyTokenNode) {
     const pictureAttrs = {
         type,
         query: 'url'
@@ -22,7 +22,8 @@ function buildGetProfilePictureIq(targetJid, type = 'preview', existingId) {
     return (0, query_1.buildIqNode)(constants_1.WA_IQ_TYPES.GET, constants_1.WA_DEFAULTS.HOST_DOMAIN, constants_1.WA_XMLNS.PROFILE_PICTURE, [
         {
             tag: constants_1.WA_NODE_TAGS.PICTURE,
-            attrs: pictureAttrs
+            attrs: pictureAttrs,
+            ...(privacyTokenNode ? { content: [privacyTokenNode] } : {})
         }
     ], {
         target: targetJid

package/dist/transport/node/builders/retry.js

@@ -76,11 +76,9 @@ function buildRetryReceiptNode(input) {
         v: constants_2.RETRY_RECEIPT_VERSION,
         count: String(input.retryCount),
         id: input.originalMsgId,
-        t: input.t
+        t: input.t,
+        error: String(input.error ?? 0)
     };
-    if (input.error !== undefined && input.error !== 0) {
-        retryAttrs.error = String(input.error);
-    }
     const content = [
         {
             tag: 'retry',

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "zapo-js",
-    "version": "1.1.2",
+    "version": "1.1.3",
     "description": "High-performance WhatsApp Web TypeScript library",
     "license": "MIT",
     "author": "vinikjkkj <contact@vinicius.email> (https://github.com/vinikjkkj)",
@@ -124,7 +124,7 @@
     },
     "scripts": {
         "preinstall": "node ./scripts/check-node-version.cjs",
-        "prepack": "npm run build",
+        "prepare": "npm run build",
         "changeset": "changeset",
         "changeset:status": "changeset status --verbose",
         "version:packages": "changeset version",