feat: feat(getdmuser): show shared-key DMs (identity + admin) in getdmuser - Derive shared key from (trade_keys, identity_keys) and fetch/unwrap gift wraps so DMs sent to the user's identity appear in getdmuser. - Also derive (trade_keys, mostro_pubkey) and fetch so admin replies from the send_admin_dm_attach flow are shown. - Reuse derive_shared_key_bytes from util/messaging (same ECDH as send_admin_dm_attach). No longer use get_all_trade_and_counterparty_keys; counterparty_pubkey is not used in this setup.

Author: arkanoider

.cursor/commands/build.md

@@ -0,0 +1,13 @@
+# build mostro-cli using coding standards
+
+
+## Overview
+
+Build and test mostro-cli, fixing all errors reported by cargo and clippy.
+
+## Steps
+
+- execute cargo fmt --all
+- execute cargo clippy --all-targets --all-features
+- execute cargo test
+- execute cargo build

.cursor/commands/pull_request.md

@@ -0,0 +1,31 @@
+# Create PR
+
+## Overview
+
+Create a well-structured pull request with proper description, labels, and reviewers.
+
+## Steps
+
+1. **Prepare branch**
+   - Ensure all changes are committed
+   - Push branch to remote
+   - Verify branch is up to date with main
+
+2. **Write PR description**
+   - Summarize changes clearly
+   - Include context and motivation
+   - List any breaking changes
+   - Add screenshots if UI changes
+
+3. **Set up PR**
+   - Create PR with descriptive title
+   - Add appropriate labels
+   - Assign reviewers
+   - Link related issues
+
+## PR Template
+
+- [ ] Feature A
+- [ ] Bug fix B
+- [ ] Unit tests pass
+- [ ] Manual testing completed

.cursor/commands/update_docs.md

@@ -0,0 +1,12 @@
+# Update AI docs for automatic code generation with context
+
+## Overview
+
+Keep Markdown documents updated to provide AI context, improving the quality of generated code.
+
+## Steps
+
+- Identify the latest changes in Git history for files in the docs folder
+- Analyze all new changes up to the latest commit
+- Document new features, fixes, and refactorings in the docs
+- Add contextual notes for structural changes (e.g., update DATABASE.md for DB schema changes)

docs/architecture.md

@@ -31,12 +31,12 @@ This document describes the internal structure of `mostro-cli`, how major module
 - **`src/util/mod.rs`**
   - Organizes utility modules:
     - `events`: event filtering and retrieval from Nostr.
-    - `messaging`: higher-level DM helpers (gift-wrapped messages, admin keys, etc.).
+    - `messaging`: higher-level DM helpers (gift-wrapped messages, admin keys, **shared-key derivation and custom wraps**).
     - `misc`: small helpers such as `get_mcli_path` and string utilities.
     - `net`: Nostr network connection setup.
     - `storage`: thin storage helpers for orders and DMs.
     - `types`: small shared enums/wrappers.
-  - Re-exports commonly used symbols (`create_filter`, `send_dm`, `connect_nostr`, `save_order`, etc.) so other modules can import from `crate::util` directly.
+  - Re-exports commonly used symbols (`create_filter`, `send_dm`, `connect_nostr`, `save_order`, **`derive_shared_keys`, `derive_shared_key_hex`, `keys_from_shared_hex`, `send_admin_chat_message_via_shared_key`**, etc.) so other modules can import from `crate::util` directly.
 
 - **`src/util/storage.rs`**
   - `save_order(order, trade_keys, request_id, trade_index, pool)`:
@@ -68,7 +68,7 @@ This document describes the internal structure of `mostro-cli`, how major module
       - Handles creation (`User::new`), loading (`User::get`), updating (`save`), and key derivation helpers (identity keys and per-trade keys using `nip06`).
     - `Order`:
       - Represents cached orders with fields mapped to the `orders` table.
-      - Provides `new`, `insert_db`, `update_db`, fluent setters, `save`, `save_new_id`, `get_by_id`, `get_all_trade_keys`, and `delete_by_id`.
+      - Provides `new`, `insert_db`, `update_db`, fluent setters, `save`, `save_new_id`, `get_by_id`, `get_all_trade_keys`, **`get_all_trade_and_counterparty_keys`** (distinct `(trade_keys, counterparty_pubkey)` pairs for orders where both are set), and `delete_by_id`.
   - See `database.md` for schema details.
 
 ### Parsers and protocol types
@@ -82,6 +82,10 @@ This document describes the internal structure of `mostro-cli`, how major module
     - `common.rs`: shared parsing helpers.
     - `mod.rs`: module glue.
 
+- **Shared-key custom wraps** (`src/util/messaging.rs`):
+  - **Sending**: `derive_shared_keys(local_keys, counterparty_pubkey)` yields a `Keys` whose public key is used as the NIP-59 gift-wrap recipient; inner content is a signed text note encrypted with NIP-44 to that pubkey. Used by `dmtouser` and `sendadmindmattach`.
+  - **Receiving**: `unwrap_giftwrap_with_shared_key(shared_keys, event)` decrypts with NIP-44 and returns `(content, timestamp, sender_pubkey)`; `fetch_gift_wraps_for_shared_key(client, shared_keys)` fetches Kind::GiftWrap events with `#p` = shared key pubkey and unwraps them. Use when implementing flows that read shared-key DMs.
+
 ### Lightning integration
 
 - **`src/lightning/mod.rs`**

docs/commands.md

@@ -110,10 +110,10 @@ All commands are part of the `Commands` enum and are dispatched via `Commands::r
   - **Handler**: `execute_send_dm(PublicKey::from_str(pubkey)?, ctx, order_id, &msg)` in `src/cli/send_dm.rs`.
 
 - **`dmtouser`**
-  - **Description**: Send a gift-wrapped direct message to a user.
+  - **Description**: Send a direct message to a user via a **shared-key custom wrap**. Derives an ECDH shared key from the order’s trade keys and the recipient pubkey; the message is sent as a NIP-59 gift wrap addressed to the shared key’s public key (NIP-44 encrypted), so both sides can decrypt.
   - **Args**:
     - `--pubkey <NPUB/HEX>`: Recipient pubkey.
-    - `--order-id <UUID>`: Order id to derive ephemeral keys.
+    - `--order-id <UUID>`: Order id to derive trade keys and shared key.
     - `--message <STRING>...`: Message parts; joined with spaces.
   - **Handler**: `execute_dm_to_user(PublicKey::from_str(pubkey)?, &ctx.client, order_id, &msg, &ctx.pool)` in `src/cli/dm_to_user.rs`.
 

docs/database.md

@@ -77,6 +77,8 @@ This file is created under the CLI data directory returned by `util::get_mcli_pa
       - Loads a single order (and returns an error if no ID is present).
     - `get_all_trade_keys(pool)`:
       - Returns distinct non-null `trade_keys` for all orders.
+    - `get_all_trade_and_counterparty_keys(pool)`:
+      - Returns distinct `(trade_keys, counterparty_pubkey)` pairs for orders where both columns are non-null; useful for deriving per-order shared keys when fetching or sending shared-key DMs.
     - `delete_by_id(pool, id)`:
       - Deletes an order row.
 

docs/overview.md

@@ -7,7 +7,7 @@ The CLI is heavily inspired by the Mostro backend documentation (`mostro/docs` i
 ### High-level responsibilities
 
 - **Order lifecycle**: create, take, cancel, dispute, and settle orders using `mostro_core` types and the Mostro protocol.
-- **Direct messaging**: send and receive Nostr DMs between users, admins, and solvers, including gift-wrapped messages and encrypted attachments.
+- **Direct messaging**: send and receive Nostr DMs between users, admins, and solvers, including gift-wrapped messages, shared-key custom wraps (ECDH-derived key, NIP-44 inside NIP-59) for `dmtouser` and admin attachment DMs, and encrypted attachments.
 - **Local persistence**: keep a local cache of orders and a deterministic identity in a SQLite database (`mcli.db`) under the CLI data directory.
 - **Admin / solver tooling**: expose admin-only and solver-only flows (e.g. taking disputes, adding solvers, admin DMs) when run with the proper keys.
 

docs/send_admin_dm_attach_flow.md

@@ -320,115 +320,30 @@ Blossom protocol details:
 
 The function ultimately returns a **public URL** (`blossom_url`) pointing to the encrypted blob.
 
-### 5. DM payload and gift wrap to admin
-
-Once the encrypted blob is uploaded and we have `blossom_url`, the DM payload is built:
-
-```268:311:/home/pinballwizard/rust_prj/mostro_p2p/mostro-cli/src/cli/send_admin_dm_attach.rs
-let filename = file_path
-    .file_name()
-    .and_then(|s| s.to_str())
-    .unwrap_or("attachment.bin")
-    .to_string();
-
-// Best-effort MIME type detection based on the file extension.
-let mime_type = file_path
-    .extension()
-    .and_then(|ext| ext.to_str())
-    .map(|ext| ext.to_ascii_lowercase())
-    .map(|ext| match ext.as_str() {
-        "txt" => "text/plain",
-        "md" => "text/markdown",
-        "json" => "application/json",
-        "csv" => "text/csv",
-        "jpg" | "jpeg" => "image/jpeg",
-        "png" => "image/png",
-        "gif" => "image/gif",
-        "webp" => "image/webp",
-        "pdf" => "application/pdf",
-        "zip" => "application/zip",
-        "tar" => "application/x-tar",
-        "gz" | "tgz" => "application/gzip",
-        "mp3" => "audio/mpeg",
-        "mp4" => "video/mp4",
-        "mov" => "video/quicktime",
-        _ => "application/octet-stream",
-    })
-    .unwrap_or("application/octet-stream")
-    .to_string();
-
-let payload_json = serde_json::json!({
-    "type": "file_encrypted",
-    "blossom_url": blossom_url,
-    "nonce": nonce_hex,
-    "mime_type": mime_type,
-    "original_size": file_bytes.len(),
-    "filename": filename,
-    "encrypted_size": encrypted_size,
-    "file_type": "document",
-});
-
-let content = serde_json::to_string(&payload_json)
-    .map_err(|e| anyhow::anyhow!("failed to serialize attachment payload: {e}"))?;
-```
-
-This JSON is the **Mostro DM payload** describing the encrypted attachment:
-
-- `type = "file_encrypted"` – payload kind.
-- `blossom_url` – where the admin can fetch the encrypted blob.
-- `nonce` – hex nonce for ChaCha20‑Poly1305.
-- `mime_type` – hint about original file type.
-- `original_size` / `encrypted_size` – size bookkeeping.
-- `filename` – original filename.
-
-#### 5.1 Gift‑wrapped DM event
-
-```316:331:/home/pinballwizard/rust_prj/mostro_p2p/mostro-cli/src/cli/send_admin_dm_attach.rs
-let pow: u8 = std::env::var("POW")
-    .unwrap_or_else(|_| "0".to_string())
-    .parse()
-    .unwrap_or(0);
-
-let rumor = EventBuilder::text_note(content)
-    .pow(pow)
-    .build(trade_keys.public_key());
-
-let event = EventBuilder::gift_wrap(&trade_keys, &receiver, rumor, Tags::new()).await?;
-
-ctx.client
-    .send_event(&event)
-    .await
-    .map_err(|e| anyhow::anyhow!("failed to send gift wrap event: {e}"))?;
-
-println!("✅ Encrypted attachment sent successfully to admin!");
-```
+### 5. DM payload and shared-key custom wrap to admin
 
-- **Rumor event** (inner):
-  - `kind`: `TextNote`
-  - `content`: the `payload_json` string above.
-  - `pubkey`: `trade_keys.public_key()` (per‑order trade identity).
-  - Optional POW from `POW` env var.
+Once the encrypted blob is uploaded and we have `blossom_url`, the DM payload is built as JSON (`type`, `blossom_url`, `nonce`, `mime_type`, sizes, `filename`). This content is then sent using **shared-key custom wrap** (same pattern as `dmtouser`):
 
-- **Outer GiftWrap event** (NIP‑59):
-  - Created via `EventBuilder::gift_wrap(&trade_keys, &receiver, rumor, Tags::new())`.
-  - **Signer / sender**: `trade_keys` (per‑order).
-  - **Recipient**: `receiver` (admin / solver Nostr pubkey).
-  - **Tags**: currently empty (no extra expiration here; optional).
+- **Shared key**: The same ECDH shared key used for file encryption (trade keys + admin pubkey) is turned into a `Keys` via `Keys::new(SecretKey::from_slice(&shared_key)?)`.
+- **Send**: `send_admin_chat_message_via_shared_key(&ctx.client, &trade_keys, &shared_keys, &content)` in `src/util/messaging.rs`:
+  - Builds an inner text-note event (sender = trade keys), signs it, encrypts it with NIP-44 to the **shared key’s public key**, and wraps it in a NIP-59 GiftWrap event tagged with that pubkey (`#p`).
+  - Both the sender (trade keys) and the admin (who can derive the same shared key) can later fetch and decrypt the event by filtering GiftWrap by the shared key pubkey and using `unwrap_giftwrap_with_shared_key`.
 
-- **Relaying**:
-  - Final event is sent with `ctx.client.send_event(&event).await`.
-  - `ctx.client` is connected to configured Nostr relays via `RELAYS` env var.
+So the attachment metadata is not sent as a plain NIP-59 gift wrap to the admin pubkey; it is sent to the **shared key’s public key**, enabling symmetric decryption for both parties. Relaying is via `ctx.client.send_event(&event)`.
 
 ### 6. Keys and protocols summary
 
 - **Keys**:
   - `trade_keys` (per‑order):
     - Used for:
-      - ECDH shared secret with admin pubkey for file encryption.
-      - Nostr DM identity for the rumor + giftwrap.
-      - (Indirectly) for signing Blossom auth event (kind 24242).
+      - ECDH shared secret with admin pubkey (for file encryption and for the shared-key DM).
+      - Nostr identity for the inner text note and for signing the outer NIP‑59 wrap.
+      - Signing the Blossom auth event (kind 24242).
+  - **Shared key** (ECDH from trade_keys + admin pubkey):
+    - Same 32-byte secret used for ChaCha20‑Poly1305 file encryption.
+    - Wrapped as `Keys` and used as the **recipient** of the DM: the NIP-59 GiftWrap is addressed to the shared key’s public key, and the inner content is NIP-44 encrypted to it, so both sender and admin can derive the key and decrypt.
   - `receiver`:
-    - Admin / solver Nostr pubkey; DM destination for the final NIP‑59 GiftWrap.
+    - Admin / solver Nostr pubkey; used to derive the shared key and as the human-facing destination (the actual Nostr event recipient is the shared key pubkey).
 
 - **Protocols**:
   - **ChaCha20‑Poly1305**:
@@ -441,16 +356,15 @@ println!("✅ Encrypted attachment sent successfully to admin!");
     - JSON with attachment metadata:
       - `type`, `blossom_url`, `nonce`, `mime_type`, sizes, `filename`.
   - **Nostr**:
-    - NIP‑13: optional POW on the rumor text note.
-    - NIP‑40: optional expiration (not used on the DM here).
-    - NIP‑59: GiftWrap envelope:
-      - Wraps the text‑note rumor for the admin’s pubkey.
+    - NIP‑13: optional POW on the inner text note.
+    - NIP‑44: encryption of the inner event to the shared key’s public key.
+    - NIP‑59: GiftWrap envelope addressed to the **shared key pubkey** (not directly to the admin), so both parties that know the ECDH secret can fetch and decrypt.
 
 End‑to‑end, `sendadmindmattach`:
 
-1. Derives a shared ECDH key between trade and admin.
-2. Encrypts the file with ChaCha20‑Poly1305.
+1. Derives a shared ECDH key between trade keys and admin pubkey.
+2. Encrypts the file with ChaCha20‑Poly1305 using that key.
 3. Authenticates to Blossom with a kind‑24242 auth event (BUD‑01) and uploads the encrypted blob (BUD‑02).
-4. Builds a Mostro DM payload with Blossom URL + crypto metadata.
-5. Sends a NIP‑59 gift‑wrapped text note from the trade keys to the admin pubkey with that payload as content.
+4. Builds a Mostro DM payload JSON with Blossom URL and crypto metadata.
+5. Sends a **shared-key custom wrap** (NIP-44 inner content, NIP-59 GiftWrap addressed to the shared key’s public key) via `send_admin_chat_message_via_shared_key`, so both the sender and the admin can decrypt the attachment metadata and fetch the blob.
 

src/cli/add_invoice.rs

@@ -43,7 +43,7 @@ pub async fn execute_add_invoice(order_id: &Uuid, invoice: &str, ctx: &Context)
     ));
     println!("{table}");
     println!("💡 Sending lightning invoice to Mostro...\n");
-    // Check invoice string
+    // Parse invoice (Lightning address or BOLT11) and build payload
     let ln_addr = LightningAddress::from_str(invoice);
     let payload = if ln_addr.is_ok() {
         Some(Payload::PaymentRequest(None, invoice.to_string(), None))

src/cli/dm_to_user.rs

@@ -1,7 +1,10 @@
 use crate::parser::common::{
     print_info_line, print_key_value, print_section_header, print_success_message,
 };
-use crate::{db::Order, util::send_gift_wrap_dm};
+use crate::{
+    db::Order,
+    util::{derive_shared_keys, send_admin_chat_message_via_shared_key},
+};
 use anyhow::Result;
 use nostr_sdk::prelude::*;
 use sqlx::SqlitePool;
@@ -24,16 +27,26 @@ pub async fn execute_dm_to_user(
         None => anyhow::bail!("No trade_keys found for this order"),
     };
 
-    // Send the DM
+    // Derive per-dispute shared keys between our trade keys and the receiver pubkey
+    let shared_keys = derive_shared_keys(Some(&trade_keys), Some(&receiver))
+        .ok_or_else(|| anyhow::anyhow!("Failed to derive shared key for this DM"))?;
+
+    // Print summary and send shared-key wrap DM
     print_section_header("💬 Direct Message to User");
     print_key_value("📋", "Order ID", &order_id.to_string());
     print_key_value("🔑", "Trade Keys", &trade_keys.public_key().to_hex());
     print_key_value("🎯", "Recipient", &receiver.to_string());
     print_key_value("💬", "Message", message);
-    print_info_line("💡", "Sending gift wrap message...");
+    print_key_value(
+        "🔑",
+        "Shared Key Pubkey",
+        &shared_keys.public_key().to_hex(),
+    );
+    print_info_line("💡", "Sending shared-key custom wrap message...");
     println!();
 
-    send_gift_wrap_dm(client, &trade_keys, &receiver, message).await?;
+    // Send as shared-key custom wrap so both parties can decrypt via the shared key
+    send_admin_chat_message_via_shared_key(client, &trade_keys, &shared_keys, message).await?;
 
     print_success_message("Gift wrap message sent successfully!");