namespace: accept RSLV direct (non-forwarded) in addition to PFWD

RSLV was previously rejected by the server unless forwarded via PFWD,
making the agent's direct fallback unreachable. Relax the server-side
guard so RSLV is accepted both forwarded (preferred - hides client IP
from the resolver) and direct (faster, exposes client IP). Mode choice
is delegated to the client and the operator network config.

- Server: drop the forwarded-only check on SResolver in
  verifyQueueTransmission.
- Protocol: give SResolver a client role (SRMessaging) so SMPClient can
  connect in the Resolver role. checkRole accepts this because RSLV
  clients have no service binding (falls through to True).
- Client: add directResolveName mirroring proxyResolveName via
  sendProtocolCommand with no auth and no entity (RSLV is noAuthCmd).
- Agent: wire the direct path through sendOrProxySMPCommand so the
  PFWD-or-direct selection works the same as other commands.

Author: shumvgolove

src/Simplex/Messaging/Agent/Client.hs

@@ -1993,16 +1993,16 @@ getQueueLink c nm userId server lnkId =
     getViaProxy smp proxySess = proxyGetSMPQueueLink smp nm proxySess lnkId
     getDirectly smp = getSMPQueueLink smp nm lnkId
 
--- | RSLV is proxy-only at the protocol level (SResolver has no direct client
--- role), so the direct fallback used by sendOrProxySMPCommand cannot succeed.
--- Surface a transport error if the network config (SPMNever, or no proxy
--- available for the destination) routes us to the direct path.
+-- | Resolve a public-namespace name. Prefers PFWD (hides client IP from the
+-- resolver) and falls back to a direct send when the proxy is unavailable
+-- (faster but exposes the client IP). Mode selection is delegated to
+-- `sendOrProxySMPCommand`, which honours the network config (SPMNever etc.).
 resolveName :: AgentClient -> NetworkRequestMode -> UserId -> SMPServer -> NameOwner -> Text -> AM NameRecord
 resolveName c nm userId server contract name =
   snd <$> sendOrProxySMPCommand c nm userId server "" "RSLV" NoEntity resolveViaProxy resolveDirectly
   where
     resolveViaProxy smp proxySess = proxyResolveName smp nm proxySess contract name
-    resolveDirectly _ = throwE $ PCETransportError TENoServerAuth
+    resolveDirectly smp = directResolveName smp nm contract name
 
 enableQueueNotifications :: AgentClient -> RcvQueue -> SMP.NtfPublicAuthKey -> SMP.RcvNtfPublicDhKey -> AM (SMP.NotifierId, SMP.RcvNtfPublicDhKey)
 enableQueueNotifications c rq@RcvQueue {rcvId, rcvPrivateKey} notifierKey rcvNtfPublicDhKey =

src/Simplex/Messaging/Client.hs

@@ -74,6 +74,7 @@ module Simplex.Messaging.Client
     connectSMPProxiedRelay,
     proxySMPMessage,
     proxyResolveName,
+    directResolveName,
     forwardSMPTransmission,
     getSMPQueueInfo,
     sendProtocolCommand,
@@ -1047,17 +1048,26 @@ sendSMPMessage c nm spKey sId flags msg =
 proxySMPMessage :: SMPClient -> NetworkRequestMode -> ProxiedRelay -> Maybe SndPrivateAuthKey -> SenderId -> MsgFlags -> MsgBody -> ExceptT SMPClientError IO (Either ProxyClientError ())
 proxySMPMessage c nm proxiedRelay spKey sId flags msg = proxyOKSMPCommand c nm proxiedRelay spKey sId (SEND flags msg)
 
--- | Resolve a public-namespace name via PFWD. RSLV is forwarded-only on the
--- server, so this is the only client-side path. Mirrors `proxySMPMessage`'s
--- shape; routes through `proxySMPCommand` and pattern-matches the expected
--- NAME response.
+-- | Resolve a public-namespace name via PFWD. Preferred path - hides the
+-- client IP from the resolver. Mirrors `proxySMPMessage`'s shape; routes
+-- through `proxySMPCommand` and pattern-matches the expected NAME response.
 proxyResolveName :: SMPClient -> NetworkRequestMode -> ProxiedRelay -> NameOwner -> Text -> ExceptT SMPClientError IO (Either ProxyClientError NameRecord)
 proxyResolveName c nm proxiedRelay contract name =
   proxySMPCommand c nm proxiedRelay Nothing NoEntity (RSLV RslvRequest {name, contract}) >>= \case
     Right (NAME nr) -> pure $ Right nr
     Right r -> throwE $ unexpectedResponse r
     Left e -> pure $ Left e
 
+-- | Direct (non-PFWD) name resolution. Exposes the client IP to the resolver;
+-- callers that want anonymity should use `proxyResolveName` via the standard
+-- proxy fallback in the agent. RSLV requires no entity ID or authorization
+-- (see `noAuthCmd` in Protocol.hs).
+directResolveName :: SMPClient -> NetworkRequestMode -> NameOwner -> Text -> ExceptT SMPClientError IO NameRecord
+directResolveName c nm contract name =
+  sendProtocolCommand c nm Nothing NoEntity (Cmd SResolver (RSLV RslvRequest {name, contract})) >>= \case
+    NAME nr -> pure nr
+    r -> throwE $ unexpectedResponse r
+
 -- | Acknowledge message delivery (server deletes the message).
 --
 -- https://github.com/simplex-chat/simplexmq/blob/master/protocol/simplex-messaging.md#acknowledge-message-delivery

src/Simplex/Messaging/Protocol.hs

@@ -488,7 +488,7 @@ partyClientRole = \case
   SSenderLink -> Just SRMessaging
   SProxiedClient -> Just SRMessaging
   SProxyService -> Just SRProxy
-  SResolver -> Nothing
+  SResolver -> Just SRMessaging
 {-# INLINE partyClientRole #-}
 
 partyServiceRole :: ServiceParty p => SParty p -> SMPServiceRole

src/Simplex/Messaging/Server.hs

@@ -1250,7 +1250,7 @@ verifyLoadedQueue forwarded service thAuth t@(tAuth, authorized, (corrId, _, _))
   Left e -> VRFailed e
 
 verifyQueueTransmission :: forall s. Bool -> Maybe THPeerClientService -> Maybe (THandleAuth 'TServer) -> SignedTransmission Cmd -> Maybe (StoreQueue s, QueueRec) -> VerificationResult s
-verifyQueueTransmission forwarded service thAuth (tAuth, authorized, (corrId, entId, command@(Cmd p cmd))) q_
+verifyQueueTransmission _forwarded service thAuth (tAuth, authorized, (corrId, entId, command@(Cmd p cmd))) q_
   | not checkRole = VRFailed $ CMD PROHIBITED
   | not verifyServiceSig = VRFailed SERVICE
   | otherwise = vc p cmd
@@ -1270,9 +1270,9 @@ verifyQueueTransmission forwarded service thAuth (tAuth, authorized, (corrId, en
     vc SNotifierService NSUBS {} = verifyServiceCmd
     vc SProxiedClient _ = VRVerified Nothing
     vc SProxyService (RFWD _) = VRVerified Nothing
-    vc SResolver (RSLV _)
-      | forwarded = VRVerified Nothing
-      | otherwise = VRFailed $ CMD PROHIBITED
+    -- RSLV is accepted both forwarded (via PFWD, preferred - hides client IP from resolver)
+    -- and direct (client->resolver, faster, exposes client IP). Mode is chosen by the client.
+    vc SResolver (RSLV _) = VRVerified Nothing
     checkRole = case (service, partyClientRole p) of
       (Just THClientService {serviceRole}, Just role) -> serviceRole == role
       _ -> True