Sterister
d47774ef1c
Two follow-ups to the V4.8.2 duplicate-fan-out fixes Prism filed. 1. `Inbox.acceptBridgeFrame(blob)` + shared 4096-entry msgId LRU. The relay durably stores blobs and pushes them to every active delivery channel; without a cross-channel ack the bridge frame ran first and the next inbox-poll re-dispatched the same blob ~30 s later, tripping on consumed prekeys. Bridge consumers now plumb pushed frames through `acceptBridgeFrame`, which shares the dedup gate + ack path with `pollOnce`. Whichever channel delivers first wins; the other acks-and-skips. Inbox records the msgId before the ack so a parallel poll can't observe an in-flight ack window. 2. `Shade.aliasSession(oldLabel, newLabel)`. First-contact forces the receiver to label the new session by the relay's sender fingerprint hint (`fp:<senderfp>`); the post-decrypt plaintext typically announces the peer's real address. Aliasing moves session, trusted identity, peer-verification, and identity- version under the canonical label. Holds the per-peer mutex on both labels (lexicographic order) so concurrent crypto ops can't observe a half-moved state. Refuses to overwrite an existing session at the new label. Wire change: `IncomingMessage.expiresAt?` now surfaces the relay's expiry so receivers can pass bridge frames straight to `acceptBridgeFrame` without inventing a TTL. Tests cover bridge-then-poll, poll-then-bridge, aliasSession happy path, refuse-to-overwrite, and same-label no-op. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/transport-bridge
Transport-agnostic delivery for Shade: WS → SSE → long-poll, in priority
order, behind a single IncomingMessage interface.
import {
FallbackBridgeTransport,
WsBridge,
SseBridge,
LongPollBridge,
} from '@shade/transport-bridge';
const auth = { crypto, signingPrivateKey, address: 'bob' };
const bridge = new FallbackBridgeTransport([
new WsBridge({ baseUrl, auth }),
new SseBridge({ baseUrl, auth }),
new LongPollBridge({ baseUrl, auth }),
]);
await bridge.connect({
onMessage: (msg) => {
// msg: { from: string; bytes: Uint8Array; receivedAt: number; msgId?: string }
},
});
console.log(bridge.activeKind); // "ws" | "sse" | "long-poll"
Pair with createBridgeRoutes in @shade/inbox-server to expose the
matching /v1/bridge/{stream,poll,ws} endpoints. Full design + threat
model in docs/transport.md.
What it solves
Browser extensions, strict corporate proxies, and edge runtimes routinely block long-lived WebSockets. Apps that already use the Shade inbox shouldn't have to write three custom delivery paths to handle the realistic mix of hostile networks they ship into. This package is the canonical answer.
Status
V3.7. Stable wire format, additive change to @shade/inbox-server. See
CHANGELOG.