Medium Priority Fixes based on Copilot code review:
1. Use full SHA-256 fingerprint (64 characters)
- Previously truncated to 32 characters (128 bits)
- Now uses full 256-bit hash for cryptographic consistency
- Aligns with standard security practices
2. Add bounds checking in protobuf parsing
- Added bounds check after offset += length for length-delimited fields
- Added bounds check for 64-bit and 32-bit fixed fields
- Prevents reading beyond buffer bounds with malformed messages
- Defense in depth against malformed/malicious PreKeyWhisperMessages
https://claude.ai/code/session_01SWAcNuGZQmEKyBPYkBhVHg
High Priority Fixes based on Copilot/Codex code review:
1. Propagate errorCode to shouldRecreateSession (CRITICAL)
- Extract error attribute from retry node
- Pass errorCode to shouldRecreateSession in both sendRetryRequest and sendMessagesAgain
- Without this fix, MAC error detection was NOT working
- Now immediate session recreation works for MAC errors
2. Use .unref() on metrics interval
- Prevents blocking process exit in short-lived scripts/tests
- Interval no longer keeps event loop alive unnecessarily
3. Reset circuit breaker regardless of state
- Previously only reset when isOpen()
- Now resets in any state (open, half-open, or closed with accumulated failures)
- Ensures clean slate after identity change detection
https://claude.ai/code/session_01SWAcNuGZQmEKyBPYkBhVHg
This implements the functionality from WhiskeySockets/Baileys PR #2307
with enhanced improvements:
## Core Features
- Extract identity key from PreKeyWhisperMessage before decryption
- Detect when a contact reinstalls WhatsApp (identity key changes)
- Automatically delete old session and recreate on identity change
- Trust On First Use (TOFU) for new contacts
## Improvements over original PR
- LRU cache for identity keys (1000 keys, 30min TTL)
- Integration with existing Circuit Breaker (reset on identity change)
- New Prometheus metrics for observability:
- signal_identity_changes_total (new/changed)
- signal_mac_errors_total
- signal_session_recreations_total
- signal_identity_key_cache_hits/misses
- signal_identity_key_operations_ms (histogram)
- New 'identity.changed' event for applications to notify users
- RetryReason enum with MAC_ERROR_CODES and SESSION_ERROR_CODES
- Robust protobuf parsing with validation
- Structured logging with fingerprints
## Technical Details
- Manual protobuf parsing (compatible with any Signal implementation)
- SHA-256 fingerprints for key identification
- Atomic session deletion + identity key save
- Best-effort identity tracking (doesn't fail decryption on errors)
Resolves permanent MAC errors when contacts reinstall WhatsApp.
https://claude.ai/code/session_01SWAcNuGZQmEKyBPYkBhVHg
* refactor(types): Strengthen Type Safety in Signal Handling & Core Utilities
* chore: revert typescript and move types to libsignal
* chore: update libsignal dependency resolution and checksum
* fix: a minor regression
* chore: update libsignal resolution and checksum
* lid-mapping: get missing lid from usync
* lid-mapping, jid-utils: change to isPnUser and store multiple mappings
* process-message: parse protocolMsg mapping, and store from new msgs
* types: lid-mapping event, addressing enum, alt, contact, group types
* validate, decode: use lid for identity, better logic
* lid: final commit
* linting
* linting
* linting
* linting
* misc: fix testing and also remove version json
* lint: IDE fucking up lint
* lid-mapping: fix build error on NPM
* message-retry: fix proto import
* mutex reimplementation
* lint
* lint
* lint fix
* Add cleanup for expired sender key mutexes
Introduces a mechanism to periodically clean up unused sender key mutexes in addTransactionCapability, reducing memory usage by removing mutexes that have not been used for over an hour and are not locked. A timer is started when the first mutex is created, and cleanup runs every 30 minutes.
* Update auth-utils.ts
* Refactor Signal key transaction usage
Introduces a local variable for parsed Signal keys in libsignal.ts to avoid repeated type assertions and improve code clarity.
* Refactor transaction handling for key operations
Introduces per-entity mutexes and passes key identifiers to transaction calls for finer-grained concurrency control in Signal key storage and socket operations. Updates transaction signatures and usage across Signal, Socket, and Utils modules to improve atomicity and performance, especially for system and sync messages.
* Improve SignalKeyStore transaction handling
Refactored transaction logic in SignalKeyStore to add commit retries, cleanup of transaction state, and improved mutex management for sender keys. Enhanced validation and batching for pre-key deletions and updates, improving concurrency and reliability.
* Replace custom mutex cleanup with LRU cache
Switched from manual mutex cleanup logic to using the lru-cache package for managing mutexes in addTransactionCapability. This simplifies resource management and ensures expired mutexes are automatically purged. Added lru-cache as a dependency.
* Lint fix
* Update src/Signal/libsignal.ts
* Update libsignal.ts
---------
Co-authored-by: João Lucas <jlucaso@hotmail.com>
Co-authored-by: Rajeh Taher <rajeh@reforward.dev>
* Add message retry manager for session recreation and caching
Introduces a MessageRetryManager to cache recent sent messages and manage automatic Signal session recreation for failed message retries. Adds new config options to enable these features, integrates retry manager into message send/receive logic, and provides periodic cache cleanup. Improves reliability of message delivery and retry handling.
* Add buffer timeout and cache limit to event-buffer
Introduces a buffer timeout to auto-flush events after 30 seconds and limits the history cache size to prevent memory bloat in event-buffer.ts.
* Add session validation to SignalRepository
Introduces a validateSession method to SignalRepository for checking session existence and state. Updates message retry logic to use the new validation, improving session recreation handling and retry management.
* Improve message retry management and tracking
Refactored message retry manager to use LRU caches for recent messages and session history, added retry counters and statistics tracking, and implemented phone request scheduling. Updated message receive and send logic to mark retry success and pass max retry count. Removed periodic cleanup logic in favor of cache TTLs for better resource management.
* lint fix
* Use validateSession for session checks in message send
Replaces direct session existence checks with the improved validateSession method, which also checks for session staleness. Adds debug logging for failed session validations to aid troubleshooting.
* Delete src/Utils/message-retry.ts
---------
Co-authored-by: Rajeh Taher <rajeh@reforward.dev>