release: merge 0.16.0 back to main (OpenPGP silent-fork fix + bug fixes) (#405)

## Summary

Merge `release/0.16.0` back to main.

### OpenPGP silent-fork prevention

A fresh browser / desktop install with no local OpenPGP key was silently
generating a fresh keypair and publishing its fingerprint to PEP,
overwriting whatever metadata peers had pinned — leaving any sibling
device that still held the matching private key (or any peer whose
pinning hadn't refreshed) unable to deliver or decrypt.

Author: mremond

CHANGELOG.md

@@ -5,6 +5,31 @@ All notable changes to Fluux Messenger are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.16.0] - 2026-05-18
+
+### Added
+
+- OpenPGP end-to-end encryption (XEP-0373 / XEP-0374) — encrypted 1:1 messaging with passphrase-protected key storage and secret-key backup/restore
+- OpenPGP end-to-end encryption support in web version
+- Multi-TSK (Transferable Secret Key) handling in the XEP-0373 backup restore flow for accounts with multiple OpenPGP keys
+
+### Changed
+
+- XMPP Console hides Stream Management packets by default for less noise (toggle remains available)
+- Significant render-performance pass: cut store over-subscription in ConversationList, CommandPalette, RoomConfig, ContactSelector, ContactItem, and room modals
+- Simplified Chinese translation updated
+
+### Fixed
+
+- SASL2 inline Stream Management resumption handled correctly; duplicate <enable/> suppressed
+- Proxy/auth: forward <open/> from= attribute so SASL2/FAST works through the desktop proxy, plus keychain fallback
+- SDK: client-side FAST token cleared on logout to prevent silent re-authentication
+- Wake and reconnect resilience: stale-timer detection, DarkWake handling, reload cooldown, and settle-time scaling
+- Activity log: subscription events now navigate to the contact profile
+- Sidebar user panel: prevent status label truncation
+- RTL sidebar lists: truncate Latin names at the end instead of the start
+- Blockquote decorative quote marks no longer clipped at the edge
+
 ## [0.15.2] - 2026-04-21
 
 ### Added

RELEASE_NOTES.md

@@ -1,43 +1,27 @@
-## What's New in v0.15.2
+## What's New in v0.16.0
 
 ### Added
 
-- Right-to-left (RTL) layout support for RTL languages
-- Arabic and Hebrew translations (beta quality, please report any error or issue to help improve them)
-- Decorative quotation marks for blockquotes
+- OpenPGP end-to-end encryption (XEP-0373 / XEP-0374) — encrypted 1:1 messaging with passphrase-protected key storage and secret-key backup/restore
+- OpenPGP end-to-end encryption support in web version
+- Multi-TSK (Transferable Secret Key) handling in the XEP-0373 backup restore flow for accounts with multiple OpenPGP keys
 
 ### Changed
 
-- SASL2 user-agent identifier and server-side FAST token invalidation on logout
-- Faster reconnection: skip redundant MAM queries on stream-management resume
-- Perf: Per-conversation typing and draft subscriptions for smoother list rendering during background sync
-- Security updates for several dependencies (brace-expansion, rustls-webpki, tar, rand, serialize-javascript; trust-dns-resolver migrated to hickory-resolver)
+- XMPP Console hides Stream Management packets by default for less noise (toggle remains available)
+- Significant render-performance pass: cut store over-subscription in ConversationList, CommandPalette, RoomConfig, ContactSelector, ContactItem, and room modals
+- Simplified Chinese translation updated
 
 ### Fixed
 
-- Preserve MUC room state across stream-management resume and interrupted fresh sessions
-- Prevent reconnection loops and UI freezes after system sleep/wake
-- Keep FAST token rotation working across page-reload reconnect
-- Retry FAST token authentication when the server field was initially empty
-- Suppress spurious FAST token deletion log message on first login
-- Set websocket stream "from" attribute so SASL2 is accepted on compliant servers
-- Hydrate outbound stream-management state on resume to avoid ackQueue crash
-- Recover Tauri reconnect stalls via native keepalive with proxy fallback
-- fetchBookmarks no longer wipes stored room messages on reconnect
-- Write live room messages directly to IndexedDB to prevent loss on reconnect
-- Restore saved rooms through the connect call so history loads after SM resume
-- Skip unnecessary webview reload when the app was hidden but the machine stayed awake
-- Lightbox displays the full-resolution original without upscaling past its natural size
-- Run discovery calls before the serial session-setup chain
-- Recover when post-wake auto-connect stalls after SASL
-- Handle superseded connection attempts with a dedicated error class
-- Grow reconnect attempt counter past the backoff ceiling
-- Probe runtime before reloading on dynamic import failure; auto-reload otherwise
-- Fall back to direct URL when the web image cache fetch fails
-- Display upload errors in the UI and allow HTTP upload URLs
-- Use inert instead of aria-hidden on the scroll-to-bottom FAB (accessibility)
-- Use ServiceWorker.showNotification() on web for reliable notifications
-- Fix vertical alignment of the message toolbar "more" menu button
+- SASL2 inline Stream Management resumption handled correctly; duplicate <enable/> suppressed
+- Proxy/auth: forward <open/> from= attribute so SASL2/FAST works through the desktop proxy, plus keychain fallback
+- SDK: client-side FAST token cleared on logout to prevent silent re-authentication
+- Wake and reconnect resilience: stale-timer detection, DarkWake handling, reload cooldown, and settle-time scaling
+- Activity log: subscription events now navigate to the contact profile
+- Sidebar user panel: prevent status label truncation
+- RTL sidebar lists: truncate Latin names at the end instead of the start
+- Blockquote decorative quote marks no longer clipped at the edge
 
 ---
 [Full Changelog](https://github.com/processone/fluux-messenger/blob/main/CHANGELOG.md)

apps/fluux/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xmpp/fluux",
-  "version": "0.15.2",
+  "version": "0.16.0",
   "private": true,
   "type": "module",
   "scripts": {

apps/fluux/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "fluux"
-version = "0.15.2"
+version = "0.16.0"
 description = "A powerful, productive messaging client that's pleasant to use."
 authors = ["ProcessOne"]
 license = "AGPL-3.0-or-later"

apps/fluux/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "Fluux Messenger",
-  "version": "0.15.2",
+  "version": "0.16.0",
   "identifier": "com.processone.fluux",
   "plugins": {
     "deep-link": {
@@ -68,7 +68,7 @@
     ],
     "macOS": {
       "minimumSystemVersion": "10.13",
-      "bundleVersion": "201a389",
+      "bundleVersion": "5768074e",
       "entitlements": "Entitlements.plist",
       "signingIdentity": null
     },

apps/fluux/src/App.tsx

@@ -1,10 +1,15 @@
-import { useState, useEffect } from 'react'
+import { useState, useEffect, useCallback } from 'react'
 import { Routes, Route, Navigate } from 'react-router-dom'
+import { useTranslation } from 'react-i18next'
 import { useConnection, useXMPPContext, hasFastToken } from '@fluux/sdk'
 import { registerE2EEPlugins } from './e2ee/registerPlugins'
 import { isKeyLocked } from './e2ee/webPassphraseStore'
+import { probeRemoteIdentityState } from './e2ee/secretKeyProbe'
 import { isOpenpgpEnabled } from './stores/encryptionSettingsStore'
+import { useToastStore } from './stores/toastStore'
 import { UnlockEncryptionDialog } from './components/UnlockEncryptionDialog'
+import { IdentityChoiceDialog } from './components/IdentityChoiceDialog'
+import { RestorePassphraseDialog } from './components/RestorePassphraseDialog'
 import { detectRenderLoop } from '@/utils/renderLoopDetector'
 import { LoginScreen } from './components/LoginScreen'
 import { ChatLayout } from './components/ChatLayout'
@@ -50,8 +55,10 @@ function App() {
   // Detect render loops before they freeze the UI
   detectRenderLoop('App')
 
-  const { status } = useConnection()
+  const { status, jid } = useConnection()
   const { client } = useXMPPContext()
+  const { t } = useTranslation()
+  const addToast = useToastStore((s) => s.addToast)
   const tabCoordination = useTabCoordination(() => {
     // When another tab takes over, disconnect this client
     void client.disconnect()
@@ -148,6 +155,22 @@ function App() {
   const [hasBeenOnline, setHasBeenOnline] = useState(false)
 
   const [showWebUnlockDialog, setShowWebUnlockDialog] = useState(false)
+  // Set when auto-init detects a server-side OpenPGP identity for this
+  // account but no local key. Forces the user through IdentityChoiceDialog
+  // instead of the standard unlock dialog (which would otherwise reach
+  // ensureKeyMaterial, hit the crypto guard, and surface an opaque error).
+  // Keeping this state lifted here matches the existing pattern for
+  // showWebUnlockDialog: App is the single owner of the connect-time
+  // E2EE bootstrap flow.
+  const [pendingIdentityChoice, setPendingIdentityChoice] = useState<{
+    accountJid: string
+    hasBackup: boolean
+    publishedFingerprints: string[]
+  } | null>(null)
+  // Holds the armored file content while the user types the file
+  // passphrase. Decoupled from `pendingIdentityChoice` so the choice
+  // dialog can dismiss as soon as the file is picked.
+  const [pendingImportFile, setPendingImportFile] = useState<string | null>(null)
 
   // Auto-reconnect on page reload if session exists
   useSessionPersistence(tabCoordination.claimConnection)
@@ -167,8 +190,42 @@ function App() {
       // Fire-and-forget: a failure must not block the chat path.
       // On web, after registration the key may be in locked state — show the
       // unlock dialog so the user can supply the session passphrase.
-      void registerE2EEPlugins(client).then(() => {
-        if (!isTauri && isOpenpgpEnabled() && isKeyLocked()) {
+      void registerE2EEPlugins(client).then(async () => {
+        if (isTauri || !isOpenpgpEnabled()) return
+        // Web auto-init: if the server already advertises an OpenPGP
+        // identity but the local IndexedDB has no key (cleared cookies,
+        // new browser profile, fresh install of Fluux web on the same
+        // account), route the user to IdentityChoiceDialog up-front
+        // instead of through the unlock dialog. The crypto guard would
+        // refuse silent generation either way, but a clean dialog is
+        // friendlier than a generic unlock failure.
+        const accountJid = jid ? jid.split('/')[0] : null
+        const plugin = client.e2ee?.getPlugin('openpgp') as
+          | { hasNoLocalKey?: () => Promise<boolean> }
+          | null
+          | undefined
+        if (accountJid && plugin?.hasNoLocalKey) {
+          try {
+            const hasNoLocal = await plugin.hasNoLocalKey()
+            if (hasNoLocal) {
+              const state = await probeRemoteIdentityState(client, accountJid)
+              if (state.hasServerIdentity) {
+                setPendingIdentityChoice({
+                  accountJid,
+                  hasBackup: state.backupMessage !== null,
+                  publishedFingerprints: state.publishedFingerprints,
+                })
+                return
+              }
+            }
+          } catch {
+            // Probe failure (transient network, server down): fall
+            // through to the unlock dialog. The crypto guard remains
+            // effective; the worst case is a confused error message
+            // until the user re-toggles via Settings.
+          }
+        }
+        if (isKeyLocked()) {
           setShowWebUnlockDialog(true)
         }
       })
@@ -180,7 +237,81 @@ function App() {
         setIsAutoReconnecting(false)
       }
     }
-  }, [status, client])
+  }, [status, client, jid])
+
+  // --- Identity-choice handlers (web first-login safety net) ---
+  // Each resolves `pendingIdentityChoice` with one explicit recovery
+  // path. Failures stay inside the dialog (the dialog's try/catch
+  // surfaces the error to the user); success closes the dialog and
+  // emits a toast. Toast strings reuse settings.encryption.restoreSuccess
+  // — the user-visible outcome is identical regardless of which path
+  // ran (the account is now usable for E2EE).
+
+  const handleIdentityRestoreFromServer = useCallback(
+    async (passphrase: string) => {
+      const plugin = client.e2ee?.getPlugin('openpgp') as
+        | {
+            restoreSecretKey?: (pp: string) => Promise<unknown>
+          }
+        | null
+        | undefined
+      if (!plugin?.restoreSecretKey) {
+        throw new Error(t('settings.encryption.backupPluginUnavailable'))
+      }
+      await plugin.restoreSecretKey(passphrase)
+      setPendingIdentityChoice(null)
+      client.notifyE2EEKeyUnlocked?.()
+      addToast('success', t('settings.encryption.restoreSuccess'))
+    },
+    [client, t, addToast],
+  )
+
+  const handleIdentityImportFromFile = useCallback(async () => {
+    const plugin = client.e2ee?.getPlugin('openpgp') as
+      | { pickKeyFile?: () => Promise<string | null> }
+      | null
+      | undefined
+    if (!plugin?.pickKeyFile) return
+    const content = await plugin.pickKeyFile()
+    if (!content) return
+    // Close the choice dialog and hand off to the passphrase dialog.
+    setPendingIdentityChoice(null)
+    setPendingImportFile(content)
+  }, [client])
+
+  const handleImportFilePassphrase = useCallback(
+    async (passphrase: string) => {
+      if (!pendingImportFile) return
+      const plugin = client.e2ee?.getPlugin('openpgp') as
+        | {
+            importKeyFromFile?: (armored: string, pp: string) => Promise<unknown>
+          }
+        | null
+        | undefined
+      if (!plugin?.importKeyFromFile) {
+        throw new Error(t('settings.encryption.backupPluginUnavailable'))
+      }
+      await plugin.importKeyFromFile(pendingImportFile, passphrase)
+      setPendingImportFile(null)
+      client.notifyE2EEKeyUnlocked?.()
+      addToast('success', t('settings.encryption.restoreSuccess'))
+    },
+    [client, pendingImportFile, t, addToast],
+  )
+
+  const handleIdentityReplaceIdentity = useCallback(async () => {
+    const plugin = client.e2ee?.getPlugin('openpgp') as
+      | { retireAndGenerateIdentity?: () => Promise<unknown> }
+      | null
+      | undefined
+    if (!plugin?.retireAndGenerateIdentity) {
+      throw new Error(t('settings.encryption.backupPluginUnavailable'))
+    }
+    await plugin.retireAndGenerateIdentity()
+    setPendingIdentityChoice(null)
+    client.notifyE2EEKeyUnlocked?.()
+    addToast('success', t('settings.encryption.restoreSuccess'))
+  }, [client, t, addToast])
 
   // Check if we have a stored session (for reconnect scenarios)
   const hasSession = getSession() !== null
@@ -267,6 +398,25 @@ function App() {
           onClose={() => setShowWebUnlockDialog(false)}
         />
       )}
+      {pendingIdentityChoice && (
+        <IdentityChoiceDialog
+          hasServerBackup={pendingIdentityChoice.hasBackup}
+          publishedFingerprints={pendingIdentityChoice.publishedFingerprints}
+          onRestoreFromServer={handleIdentityRestoreFromServer}
+          onImportFromFile={handleIdentityImportFromFile}
+          onReplaceIdentity={handleIdentityReplaceIdentity}
+          onCancel={() => setPendingIdentityChoice(null)}
+        />
+      )}
+      {pendingImportFile && (
+        <RestorePassphraseDialog
+          title={t('settings.encryption.importFileDialogTitle')}
+          body={t('settings.encryption.importFileDialogBody')}
+          confirmLabel={t('settings.encryption.importFileAction')}
+          onConfirm={handleImportFilePassphrase}
+          onCancel={() => setPendingImportFile(null)}
+        />
+      )}
     </>
   )
 }