npm - zapo-js - Versions diffs - 1.1.2 → 1.2.0 - Mend

zapo-js 1.1.2 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/dist/client/WaClient.js CHANGED Viewed

@@ -12,7 +12,6 @@ const _proto_1 = require("../proto");
 const constants_1 = require("../protocol/constants");
 const jid_1 = require("../protocol/jid");
 const stream_1 = require("../protocol/stream");
-const noop_store_1 = require("../store/noop.store");
 const device_1 = require("../transport/node/builders/device");
 const query_1 = require("../transport/node/query");
 const wa_web_version_fetcher_1 = require("../transport/wa-web-version-fetcher");
@@ -91,12 +90,6 @@ class WaClient extends node_events_1.EventEmitter {
             threadStore: this.stores.threads,
             contactStore: this.stores.contacts
         }, this.logger, this.options.writeBehind);
-        if (this.options.addons?.autoDecrypt !== false &&
-            this.stores.messageSecret === noop_store_1.NOOP_MESSAGE_SECRET_STORE) {
-            this.logger.warn('addons.autoDecrypt is on (default) but messageSecret cache is noop – ' +
-                'addon decryption will only work if secrets are in the message store. ' +
-                'Set addons.autoDecrypt: false to silence this warning.');
-        }
         const dependencies = (0, WaClientFactory_1.buildWaClientDependencies)({
             base,
             runtime: {
@@ -212,6 +205,7 @@ class WaClient extends node_events_1.EventEmitter {
                 logger: this.logger,
                 writeBehind: this.writeBehind,
                 messageSecretStore: this.stores.messageSecret,
+                persistAllSecrets: this.options.addons?.persistAllSecrets === true,
                 event
             });
             if (this.options.addons?.autoDecrypt !== false && event.message) {

package/dist/client/WaClientFactory.js CHANGED Viewed

@@ -468,6 +468,7 @@ function buildWaClientDependencies(input) {
         deviceListStore: sessionStore.deviceList,
         signalDeviceSync,
         messageSecretStore: sessionStore.messageSecret,
+        persistAllMessageSecrets: options.addons?.persistAllSecrets === true,
         getCurrentCredentials,
         resolvePrivacyTokenNode: (recipientJid) => trustedContactToken.resolveTokenForMessage(recipientJid),
         onDirectMessageSent: (recipientJid) => {
@@ -487,7 +488,8 @@ function buildWaClientDependencies(input) {
     });
     const presenceCoordinator = (0, WaPresenceCoordinator_1.createPresenceCoordinator)({
         sendNode: (node) => nodeOrchestrator.sendNode(node, false),
-        getCurrentCredentials
+        getCurrentCredentials,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid)
     });
     const peerDataOperation = (0, peer_data_operation_1.createPeerDataOperationRequester)({
         logger,
@@ -559,9 +561,7 @@ function buildWaClientDependencies(input) {
             const credentials = getCurrentCredentials();
             if (!credentials)
                 return false;
-            const candidateUser = (0, jid_1.toUserJid)(deviceJid);
-            return ((!!credentials.meJid && (0, jid_1.toUserJid)(credentials.meJid) === candidateUser) ||
-                (!!credentials.meLid && (0, jid_1.toUserJid)(credentials.meLid) === candidateUser));
+            return (0, jid_1.isOwnAccountJid)(deviceJid, credentials.meJid, credentials.meLid);
         },
         sendKeyShare: (toDeviceJid, keys, missingKeyIds) => messageDispatch.sendAppStateSyncKeyShare(toDeviceJid, keys, missingKeyIds),
         triggerSync: async () => {
@@ -604,6 +604,7 @@ function buildWaClientDependencies(input) {
         queryLidsByPhoneJids: (phoneJids) => signalDeviceSync.queryLidsByPhoneJids(phoneJids),
         mutations: appStateMutations,
         applyOwnPushName,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid),
         logger
     });
     const statusCoordinator = (0, WaStatusCoordinator_1.createStatusCoordinator)({
@@ -684,6 +685,7 @@ function buildWaClientDependencies(input) {
         logger,
         sendNode: runtime.sendNode,
         getMeJid: () => getCurrentCredentials()?.meJid,
+        getMeLid: () => getCurrentCredentials()?.meLid,
         signalProtocol,
         senderKeyManager,
         onDecryptFailure: (context, error) => retryCoordinator.onDecryptFailure(context, error),
@@ -693,6 +695,7 @@ function buildWaClientDependencies(input) {
                 .catch((err) => runtime.handleError((0, primitives_1.toError)(err)));
         },
         emitNewsletterMessageUpdate: (event) => runtime.emitEvent('newsletter_message_update', event),
+        emitUnavailableMessage: (event) => runtime.emitEvent('message_unavailable', event),
         emitUnhandledStanza: (event) => runtime.emitEvent('debug_unhandled_stanza', event)
     };
     const handleClientDirtyBits = (dirtyBits) => (0, dirty_1.handleDirtyBits)({

package/dist/client/coordinators/WaMessageDispatchCoordinator.d.ts CHANGED Viewed

@@ -45,6 +45,12 @@ interface WaMessageDispatchCoordinatorOptions {
     readonly deviceListStore: WaDeviceListStore;
     readonly signalDeviceSync: SignalDeviceSyncApi;
     readonly messageSecretStore: WaMessageSecretStore;
+    /**
+     * When `true`, persist the message secret for every outgoing message, not
+     * only the poll / event / bot prompts that `needsSecretPersistence` flags.
+     * Wired from the client-level `addons.persistAllSecrets` option.
+     */
+    readonly persistAllMessageSecrets?: boolean;
     readonly getCurrentCredentials: () => WaAuthCredentials | null;
     readonly resolvePrivacyTokenNode: (recipientJid: string) => Promise<BinaryNode | null>;
     readonly onDirectMessageSent: (recipientJid: string) => void;
@@ -79,6 +85,16 @@ export declare class WaMessageDispatchCoordinator {
      * no LID is known/resolvable. Inputs already in LID form pass through.
      */
     private resolveDirectRecipientLid;
+    /**
+     * Resolves the `peer_recipient_pn` cross-reference for a 1:1 send, or
+     * `undefined` to drop the attribute. Only set when the envelope is
+     * LID-addressed (`directRecipientJid` is a LID): the PN is the caller's own
+     * JID when they passed a PN (zapo switched it to LID for sending), else the
+     * device-list snapshot counterpart for a recipient passed in LID form.
+     * Mirrors wa-web, which sets `peer_recipient_pn = getPhoneNumber($)` for a
+     * LID destination.
+     */
+    private resolvePeerRecipientPn;
     syncSignalSession(jid: string, reasonIdentity?: boolean): Promise<void>;
     sendReceipt(input: WaSendReceiptInput): Promise<void>;
     publishProtocolMessageToDevice(deviceJid: string, protocolMessage: Proto.Message.IProtocolMessage, options?: {

package/dist/client/coordinators/WaMessageDispatchCoordinator.js CHANGED Viewed

@@ -68,17 +68,20 @@ class WaMessageDispatchCoordinator {
     }
     async publishSignalMessage(input, options = {}) {
         this.requireCurrentMeJid('publishSignalMessage');
-        const address = (0, jid_1.parseSignalAddressFromJid)(input.to);
+        const credentials = this.deps.getCurrentCredentials();
+        const sessionJid = (0, jid_1.canonicalizeOwnAccountJid)(input.to, credentials?.meJid, credentials?.meLid);
+        const address = (0, jid_1.parseSignalAddressFromJid)(sessionJid);
         if (address.server === constants_1.WA_DEFAULTS.GROUP_SERVER) {
             throw new Error('publishSignalMessage currently supports only direct chats; use sender-key flow for groups');
         }
         this.deps.logger.trace('wa client publish signal message', {
             to: input.to,
+            sessionJid,
             type: input.type
         });
         const [paddedPlaintext] = await Promise.all([
             (0, padding_1.writeRandomPadMax16)(input.plaintext),
-            this.deps.sessionResolver.ensureSession(address, input.to, input.expectedIdentity)
+            this.deps.sessionResolver.ensureSession(address, sessionJid, input.expectedIdentity)
         ]);
         const encrypted = await this.deps.signalProtocol.encryptMessage(address, paddedPlaintext, input.expectedIdentity);
         const messageType = input.type ?? 'text';
@@ -214,7 +217,7 @@ class WaMessageDispatchCoordinator {
         if (rawSecret &&
             rawSecret.length > 0 &&
             sendOptions.id &&
-            (0, content_1.needsSecretPersistence)(messageWithSecret)) {
+            (this.deps.persistAllMessageSecrets || (0, content_1.needsSecretPersistence)(messageWithSecret))) {
             const meJid = this.deps.getCurrentCredentials()?.meJid ?? '';
             void this.deps.messageSecretStore
                 .set(sendOptions.id, { secret: rawSecret, senderJid: meJid })
@@ -275,11 +278,14 @@ class WaMessageDispatchCoordinator {
         const directRecipientJid = isGroup
             ? recipientJid
             : await this.resolveDirectRecipientLid((0, jid_1.toUserJid)(recipientJid));
+        const peerRecipientPn = isGroup
+            ? undefined
+            : await this.resolvePeerRecipientPn((0, jid_1.toUserJid)(recipientJid), directRecipientJid);
         const publishResult = isGroup
             ? this.shouldUseGroupDirectPath(messageWithIcdc)
                 ? await this.publishGroupDirectMessage(recipientJid, envelope)
                 : await this.publishGroupSenderKeyMessage(recipientJid, envelope)
-            : await this.publishDirectSignalMessageWithFanout(directRecipientJid, envelope);
+            : await this.publishDirectSignalMessageWithFanout(directRecipientJid, envelope, peerRecipientPn);
         return upload ? { ...publishResult, upload } : publishResult;
     }
     /**
@@ -314,6 +320,35 @@ class WaMessageDispatchCoordinator {
         }
         return pnUserJid;
     }
+    /**
+     * Resolves the `peer_recipient_pn` cross-reference for a 1:1 send, or
+     * `undefined` to drop the attribute. Only set when the envelope is
+     * LID-addressed (`directRecipientJid` is a LID): the PN is the caller's own
+     * JID when they passed a PN (zapo switched it to LID for sending), else the
+     * device-list snapshot counterpart for a recipient passed in LID form.
+     * Mirrors wa-web, which sets `peer_recipient_pn = getPhoneNumber($)` for a
+     * LID destination.
+     */
+    async resolvePeerRecipientPn(recipientUserJid, directRecipientJid) {
+        if (!(0, jid_1.isLidJid)(directRecipientJid))
+            return undefined;
+        if ((0, jid_1.isUserJid)(recipientUserJid))
+            return recipientUserJid;
+        try {
+            const snapshot = await this.deps.deviceListStore.findByAnyUserJid(directRecipientJid);
+            if (snapshot?.userJid && (0, jid_1.isUserJid)(snapshot.userJid))
+                return snapshot.userJid;
+            if (snapshot?.altUserJid && (0, jid_1.isUserJid)(snapshot.altUserJid))
+                return snapshot.altUserJid;
+        }
+        catch (error) {
+            this.deps.logger.trace('peer_recipient_pn store lookup failed', {
+                lid: directRecipientJid,
+                message: (0, primitives_2.toError)(error).message
+            });
+        }
+        return undefined;
+    }
     async syncSignalSession(jid, reasonIdentity = false) {
         const address = (0, jid_1.parseSignalAddressFromJid)(jid);
         if (address.server === constants_1.WA_DEFAULTS.GROUP_SERVER) {
@@ -325,7 +360,8 @@ class WaMessageDispatchCoordinator {
         await this.deps.messageClient.sendReceipt(input);
     }
     async publishProtocolMessageToDevice(deviceJid, protocolMessage, options) {
-        const meJid = this.deps.getCurrentCredentials()?.meJid;
+        const credentials = this.deps.getCurrentCredentials();
+        const meJid = credentials?.meJid;
         const meParsed = meJid ? (0, jid_1.parseJidFull)(meJid) : undefined;
         const meUserJid = meParsed?.userJid;
         let senderIcdc = null;
@@ -993,7 +1029,7 @@ class WaMessageDispatchCoordinator {
             distributionParticipants
         };
     }
-    async publishDirectSignalMessageWithFanout(recipientJid, envelope) {
+    async publishDirectSignalMessageWithFanout(recipientJid, envelope, peerRecipientPn) {
         const { message, plaintext, type, edit, mediatype, sendOptions } = envelope;
         const meJid = this.requireCurrentMeJid('sendMessage');
         const meLid = this.deps.getCurrentCredentials()?.meLid;
@@ -1156,6 +1192,7 @@ class WaMessageDispatchCoordinator {
             customNodes: customNodes.length > 0 ? customNodes : undefined,
             mediatype,
             decryptFail: envelope.decryptFail,
+            peerRecipientPn,
             additionalAttributes: sendOptions.additionalAttributes
         });
         const replayPayload = {

package/dist/client/coordinators/WaPresenceCoordinator.d.ts CHANGED Viewed

@@ -21,6 +21,12 @@ export interface WaPresenceCoordinator {
 interface WaPresenceCoordinatorOptions {
     readonly sendNode: (node: BinaryNode) => Promise<void>;
     readonly getCurrentCredentials: () => WaAuthCredentials | null;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node for a contact, echoed back
+     * on a user presence subscription to unlock the target's presence
+     * visibility. Returns `null` when no valid token is held.
+     */
+    readonly resolvePrivacyTokenNode: (jid: string) => Promise<BinaryNode | null>;
 }
 /** Builds a {@link WaPresenceCoordinator} from its node-send dependency. */
 export declare function createPresenceCoordinator(options: WaPresenceCoordinatorOptions): WaPresenceCoordinator;

package/dist/client/coordinators/WaPresenceCoordinator.js CHANGED Viewed

@@ -1,11 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createPresenceCoordinator = createPresenceCoordinator;
+const jid_1 = require("../../protocol/jid");
 const chatstate_1 = require("../../transport/node/builders/chatstate");
 const presence_1 = require("../../transport/node/builders/presence");
 /** Builds a {@link WaPresenceCoordinator} from its node-send dependency. */
 function createPresenceCoordinator(options) {
-    const { sendNode, getCurrentCredentials } = options;
+    const { sendNode, getCurrentCredentials, resolvePrivacyTokenNode } = options;
     return {
         send: async (type) => {
             const credentials = getCurrentCredentials();
@@ -15,7 +16,12 @@ function createPresenceCoordinator(options) {
             await sendNode((0, chatstate_1.buildChatstateNode)({ jid, ...opts }));
         },
         subscribe: async (jid, opts) => {
-            await sendNode((0, presence_1.buildPresenceSubscribeNode)({ jid, ...opts }));
+            const privacyTokenNode = (0, jid_1.isGroupJid)(jid) ? null : await resolvePrivacyTokenNode(jid);
+            await sendNode((0, presence_1.buildPresenceSubscribeNode)({
+                jid,
+                ...opts,
+                ...(privacyTokenNode ? { privacyTokenNode } : {})
+            }));
         }
     };
 }

package/dist/client/coordinators/WaProfileCoordinator.d.ts CHANGED Viewed

@@ -149,6 +149,13 @@ interface WaProfileCoordinatorOptions {
      * idempotent (a no-op when the name already matches).
      */
     readonly applyOwnPushName: (name: string) => Promise<void>;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node for a contact, echoed back on
+     * privacy-gated profile queries (picture get, about/status usync) to prove
+     * this account is a trusted contact. Returns `null` when no valid token is
+     * held for the JID.
+     */
+    readonly resolvePrivacyTokenNode: (jid: string) => Promise<BinaryNode | null>;
     readonly logger: Logger;
 }
 /** Builds a {@link WaProfileCoordinator} from its IQ/MEX/SID dependencies. */

package/dist/client/coordinators/WaProfileCoordinator.js CHANGED Viewed

@@ -195,10 +195,11 @@ function buildTextStatusMutationInput(input) {
 }
 /** Builds a {@link WaProfileCoordinator} from its IQ/MEX/SID dependencies. */
 function createProfileCoordinator(options) {
-    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, logger } = options;
+    const { queryWithContext, generateSid, mexSocket, queryLidsByPhoneJids, mutations, applyOwnPushName, resolvePrivacyTokenNode, logger } = options;
     return {
         getProfilePicture: async (jid, type, existingId) => {
-            const node = (0, profile_1.buildGetProfilePictureIq)(jid, type, existingId);
+            const privacyTokenNode = (await resolvePrivacyTokenNode(jid)) ?? undefined;
+            const node = (0, profile_1.buildGetProfilePictureIq)(jid, type, existingId, privacyTokenNode);
             const result = await queryWithContext('profile.getPicture', node, undefined, {
                 jid,
                 type: type ?? 'preview'
@@ -225,10 +226,11 @@ function createProfileCoordinator(options) {
         getStatus: async (jid) => {
             const sid = await generateSid();
             const queryNodes = (0, profile_1.buildGetStatusUsyncQueryNodes)();
+            const privacyTokenNode = await resolvePrivacyTokenNode(jid);
             const usyncNode = (0, usync_1.buildUsyncIq)({
                 sid,
                 queryProtocolNodes: [queryNodes[1]],
-                users: [{ jid }]
+                users: [{ jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) }]
             });
             const result = await queryWithContext('profile.getStatus', usyncNode, undefined, {
                 jid
@@ -256,10 +258,14 @@ function createProfileCoordinator(options) {
             }
             const sid = await generateSid();
             const queryProtocolNodes = (0, profile_1.buildGetStatusUsyncQueryNodes)();
+            const users = await Promise.all(jids.map(async (jid) => {
+                const privacyTokenNode = await resolvePrivacyTokenNode(jid);
+                return { jid, ...(privacyTokenNode ? { content: [privacyTokenNode] } : {}) };
+            }));
             const usyncNode = (0, usync_1.buildUsyncIq)({
                 sid,
                 queryProtocolNodes,
-                users: jids.map((jid) => ({ jid }))
+                users
             });
             const result = await queryWithContext('profile.getProfiles', usyncNode, undefined, {
                 count: jids.length

package/dist/client/coordinators/WaRetryCoordinator.js CHANGED Viewed

@@ -502,7 +502,7 @@ class WaRetryCoordinator {
                     id: request.keyBundle.key.id,
                     publicKey: request.keyBundle.key.publicKey
                 }
-            });
+            }, { reuseExisting: true });
             return this.applySessionBaseKeyPolicy(request, requesterJid, requesterAddress, requesterNormalizedDeviceJid);
         }
         const sessionStillExists = currentSession !== null && !regIdMismatch;

package/dist/client/coordinators/WaTrustedContactTokenCoordinator.d.ts CHANGED Viewed

@@ -41,6 +41,15 @@ export declare class WaTrustedContactTokenCoordinator {
         readonly getConfigOverrides?: () => Partial<WaTrustedContactTokenConfig>;
     });
     private resolveConfig;
+    /**
+     * Resolves the receiver-mode `<tctoken>` node to echo back on outbound
+     * queries against a contact's privacy-gated data (presence subscribe,
+     * profile-picture get, about/status usync). Returns the token only when a
+     * non-expired receiver token exists for `jid`; unlike
+     * {@link resolveTokenForMessage} it does **not** fall back to a `<cstoken>`
+     * (the gated query flows attach the trusted-contact token only).
+     */
+    resolveReceiverTokenNode(jid: string): Promise<BinaryNode | null>;
     resolveTokenForMessage(recipientJid: string): Promise<BinaryNode | null>;
     handleIncomingToken(fromJid: string, tokens: readonly ParsedPrivacyToken[]): Promise<void>;
     maybeIssueSenderToken(recipientJid: string): Promise<void>;

package/dist/client/coordinators/WaTrustedContactTokenCoordinator.js CHANGED Viewed

@@ -42,14 +42,30 @@ class WaTrustedContactTokenCoordinator {
             maxDurationS
         };
     }
-    async resolveTokenForMessage(recipientJid) {
-        const record = await this.store.getByJid(recipientJid);
-        const nowS = this.serverClock.nowSeconds();
+    /**
+     * Resolves the receiver-mode `<tctoken>` node to echo back on outbound
+     * queries against a contact's privacy-gated data (presence subscribe,
+     * profile-picture get, about/status usync). Returns the token only when a
+     * non-expired receiver token exists for `jid`; unlike
+     * {@link resolveTokenForMessage} it does **not** fall back to a `<cstoken>`
+     * (the gated query flows attach the trusted-contact token only).
+     */
+    async resolveReceiverTokenNode(jid) {
+        const record = await this.store.getByJid(jid);
+        if (!record?.tcToken || record.tcTokenTimestamp === undefined) {
+            return null;
+        }
         const config = this.resolveConfig();
-        if (record?.tcToken &&
-            record.tcTokenTimestamp !== undefined &&
-            !(0, tc_token_1.isTokenExpired)(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
-            return (0, privacy_token_2.buildTcTokenMessageNode)(record.tcToken);
+        const nowS = this.serverClock.nowSeconds();
+        if ((0, tc_token_1.isTokenExpired)(record.tcTokenTimestamp, nowS, config.durationS, config.numBuckets)) {
+            return null;
+        }
+        return (0, privacy_token_2.buildTcTokenMessageNode)(record.tcToken);
+    }
+    async resolveTokenForMessage(recipientJid) {
+        const tcTokenNode = await this.resolveReceiverTokenNode(recipientJid);
+        if (tcTokenNode) {
+            return tcTokenNode;
         }
         const nctSalt = await this.getNctSalt();
         if (!nctSalt) {

package/dist/client/persistence/mailbox.d.ts CHANGED Viewed

@@ -6,6 +6,12 @@ interface WaPersistIncomingMailboxOptions {
     readonly logger: Logger;
     readonly writeBehind: WriteBehindPersistence;
     readonly messageSecretStore: WaMessageSecretStore;
+    /**
+     * When `true`, persist the secret of every incoming message, not only the
+     * poll / event / bot prompts that `needsSecretPersistence` flags. Wired
+     * from the client-level `addons.persistAllSecrets` option.
+     */
+    readonly persistAllSecrets?: boolean;
     readonly event: WaIncomingMessageEvent;
 }
 export declare function persistIncomingMailboxEntities(options: WaPersistIncomingMailboxOptions): void;

package/dist/client/persistence/mailbox.js CHANGED Viewed

@@ -56,7 +56,7 @@ function persistContacts(writeBehind, event, nowMs) {
     }
 }
 function persistIncomingMailboxEntities(options) {
-    const { logger, writeBehind, messageSecretStore, event } = options;
+    const { logger, writeBehind, messageSecretStore, persistAllSecrets, event } = options;
     const stanzaId = event.key.id;
     const chatJid = event.key.remoteJid;
     if (!stanzaId || !chatJid) {
@@ -81,7 +81,7 @@ function persistIncomingMailboxEntities(options) {
         if (rawSecret &&
             rawSecret.length > 0 &&
             event.message &&
-            (0, content_1.needsSecretPersistence)(event.message)) {
+            (persistAllSecrets || (0, content_1.needsSecretPersistence)(event.message))) {
             const rawSender = event.key.participant ?? event.rawNode.attrs.participant ?? event.key.remoteJid;
             const senderJid = rawSender ? (0, jid_1.toUserJid)(rawSender) : '';
             void messageSecretStore

package/dist/client/types.d.ts CHANGED Viewed

@@ -241,6 +241,26 @@ export interface WaAddonOptions {
      * poll votes, event responses, comments).
      */
     readonly autoDecrypt?: boolean;
+    /**
+     * Persist the 32-byte message secret of every sent and received message,
+     * not just the poll / event / bot-prompt messages the library knows will
+     * get a follow-up. Off by default.
+     *
+     * Encrypted addons whose parent can be any message type - reactions,
+     * comments, and `secretEncryptedMessage` edits - need the parent's secret
+     * to decrypt. Without this, those parents stay decryptable after a restart
+     * only when the full `messages` archive is persistent. Enable this to keep
+     * them decryptable while storing only the secret, not the message body
+     * (e.g. with `messages: 'none'`).
+     *
+     * Has no effect when the `messageSecret` cache is `'none'`: every write
+     * lands in the noop store and is silently discarded. With the default
+     * `'memory'` provider it works for the lifetime of the process but is lost
+     * on restart and bounded by the cache's LRU and `messageSecretMs` TTL;
+     * point `messageSecret` at a persistent backend to keep the secrets across
+     * restarts.
+     */
+    readonly persistAllSecrets?: boolean;
 }
 export interface WaPrivacyTokenOptions {
     readonly tcTokenDurationS?: number;
@@ -721,6 +741,27 @@ export interface WaIncomingUnhandledStanzaEvent extends WaIncomingBaseEvent {
     /** Short reason describing why the dispatcher did not match a typed handler. */
     readonly reason: string;
 }
+/**
+ * Why an incoming message arrived as a content-less placeholder. `view_once`:
+ * a view-once already consumed elsewhere. `hosted`: a hosted/bot message that
+ * could not be fanned out. `other`: an `unavailable` marker the lib does not
+ * categorize yet.
+ */
+export type WaUnavailableMessageKind = 'view_once' | 'hosted' | 'other';
+export interface WaIncomingUnavailableMessageEvent extends Omit<WaIncomingBaseEvent, 'chatJid' | 'stanzaId'> {
+    /** Which flavour of content the server signalled as unavailable. */
+    readonly kind: WaUnavailableMessageKind;
+    /**
+     * The message key (chat, stanza id, author, addressing metadata) – same
+     * shape the `message` event carries, so it can be stored or correlated. There
+     * is no decrypted `message`: the payload is unavailable and cannot be fetched.
+     */
+    readonly key: WaIncomingMessageKey;
+    /** Stanza `t` attr (seconds since epoch). */
+    readonly timestampSeconds?: number;
+    /** Sender's display name from the stanza's `notify` attr. */
+    readonly pushName?: string;
+}
 export interface WaIncomingErrorStanzaEvent extends WaIncomingBaseEvent {
     readonly code?: number;
     readonly text?: string;
@@ -1057,6 +1098,14 @@ export interface WaClientEventMap {
      * typed protocol payload directly.
      */
     readonly message_protocol: (event: WaIncomingProtocolMessageEvent) => void;
+    /**
+     * A message the server delivered as a content-less placeholder: the payload
+     * is unavailable and cannot be recovered (a view-once already consumed, or a
+     * hosted/bot message that could not be fanned out). The lib acks it and emits
+     * this instead of a `message` event for the same stanza. Branch on
+     * `event.kind`.
+     */
+    readonly message_unavailable: (event: WaIncomingUnavailableMessageEvent) => void;
     /**
      * Inbound `<receipt>` for an outgoing message – delivery, read, played,
      * server, etc. Use this to track message ACK progression.

package/dist/esm/client/WaClient.js CHANGED Viewed

@@ -9,7 +9,6 @@ import { proto } from '../proto.js';
 import { WA_DEFAULTS, WA_MESSAGE_TYPES } from '../protocol/constants.js';
 import { normalizeDeviceJid } from '../protocol/jid.js';
 import { WA_DISCONNECT_REASONS, WA_LOGOUT_REASONS } from '../protocol/stream.js';
-import { NOOP_MESSAGE_SECRET_STORE } from '../store/noop.store.js';
 import { buildRemoveCompanionDeviceIq } from '../transport/node/builders/device.js';
 import { assertIqResult, queryWithContext as queryNodeWithContext } from '../transport/node/query.js';
 import { fetchLatestWaWebVersion } from '../transport/wa-web-version-fetcher.js';
@@ -88,12 +87,6 @@ export class WaClient extends EventEmitter {
             threadStore: this.stores.threads,
             contactStore: this.stores.contacts
         }, this.logger, this.options.writeBehind);
-        if (this.options.addons?.autoDecrypt !== false &&
-            this.stores.messageSecret === NOOP_MESSAGE_SECRET_STORE) {
-            this.logger.warn('addons.autoDecrypt is on (default) but messageSecret cache is noop – ' +
-                'addon decryption will only work if secrets are in the message store. ' +
-                'Set addons.autoDecrypt: false to silence this warning.');
-        }
         const dependencies = buildWaClientDependencies({
             base,
             runtime: {
@@ -209,6 +202,7 @@ export class WaClient extends EventEmitter {
                 logger: this.logger,
                 writeBehind: this.writeBehind,
                 messageSecretStore: this.stores.messageSecret,
+                persistAllSecrets: this.options.addons?.persistAllSecrets === true,
                 event
             });
             if (this.options.addons?.autoDecrypt !== false && event.message) {

package/dist/esm/client/WaClientFactory.js CHANGED Viewed

@@ -39,7 +39,7 @@ import { handleIncomingMessageAck } from '../message/primitives/incoming.js';
 import { createPeerDataOperationRequester } from '../message/primitives/peer-data-operation.js';
 import { WaMessageClient } from '../message/WaMessageClient.js';
 import { getWaCompanionPlatformId, WA_DEFAULTS, WA_DISCONNECT_REASONS, WA_NEWSLETTER_NOTIFICATION_TAGS, WA_NODE_TAGS, WA_NOTIFICATION_TYPES, WA_PRIVACY_TOKEN_NOTIFICATION_TYPE } from '../protocol/constants.js';
-import { isNewsletterJid, parseSignalAddressFromJid, toUserJid } from '../protocol/jid.js';
+import { isNewsletterJid, isOwnAccountJid, parseSignalAddressFromJid, toUserJid } from '../protocol/jid.js';
 import { WA_PRESENCE_TYPES } from '../protocol/presence.js';
 import { createOutboundRetryTracker } from '../retry/tracker.js';
 import { SignalDeviceSyncApi } from '../signal/api/SignalDeviceSyncApi.js';
@@ -464,6 +464,7 @@ export function buildWaClientDependencies(input) {
         deviceListStore: sessionStore.deviceList,
         signalDeviceSync,
         messageSecretStore: sessionStore.messageSecret,
+        persistAllMessageSecrets: options.addons?.persistAllSecrets === true,
         getCurrentCredentials,
         resolvePrivacyTokenNode: (recipientJid) => trustedContactToken.resolveTokenForMessage(recipientJid),
         onDirectMessageSent: (recipientJid) => {
@@ -483,7 +484,8 @@ export function buildWaClientDependencies(input) {
     });
     const presenceCoordinator = createPresenceCoordinator({
         sendNode: (node) => nodeOrchestrator.sendNode(node, false),
-        getCurrentCredentials
+        getCurrentCredentials,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid)
     });
     const peerDataOperation = createPeerDataOperationRequester({
         logger,
@@ -555,9 +557,7 @@ export function buildWaClientDependencies(input) {
             const credentials = getCurrentCredentials();
             if (!credentials)
                 return false;
-            const candidateUser = toUserJid(deviceJid);
-            return ((!!credentials.meJid && toUserJid(credentials.meJid) === candidateUser) ||
-                (!!credentials.meLid && toUserJid(credentials.meLid) === candidateUser));
+            return isOwnAccountJid(deviceJid, credentials.meJid, credentials.meLid);
         },
         sendKeyShare: (toDeviceJid, keys, missingKeyIds) => messageDispatch.sendAppStateSyncKeyShare(toDeviceJid, keys, missingKeyIds),
         triggerSync: async () => {
@@ -600,6 +600,7 @@ export function buildWaClientDependencies(input) {
         queryLidsByPhoneJids: (phoneJids) => signalDeviceSync.queryLidsByPhoneJids(phoneJids),
         mutations: appStateMutations,
         applyOwnPushName,
+        resolvePrivacyTokenNode: (jid) => trustedContactToken.resolveReceiverTokenNode(jid),
         logger
     });
     const statusCoordinator = createStatusCoordinator({
@@ -680,6 +681,7 @@ export function buildWaClientDependencies(input) {
         logger,
         sendNode: runtime.sendNode,
         getMeJid: () => getCurrentCredentials()?.meJid,
+        getMeLid: () => getCurrentCredentials()?.meLid,
         signalProtocol,
         senderKeyManager,
         onDecryptFailure: (context, error) => retryCoordinator.onDecryptFailure(context, error),
@@ -689,6 +691,7 @@ export function buildWaClientDependencies(input) {
                 .catch((err) => runtime.handleError(toError(err)));
         },
         emitNewsletterMessageUpdate: (event) => runtime.emitEvent('newsletter_message_update', event),
+        emitUnavailableMessage: (event) => runtime.emitEvent('message_unavailable', event),
         emitUnhandledStanza: (event) => runtime.emitEvent('debug_unhandled_stanza', event)
     };
     const handleClientDirtyBits = (dirtyBits) => handleDirtyBits({