v1.4.0

What's Changed

• Key rotation improvements by @corrideat in #33
• Update error message by @corrideat in #37
• Add tests for permission escalation by @corrideat in #43
• automated pr review by @taoeffect in #49

AI Summary

🔐 Key Management & Security (Shelter Protocol)

Significant internal improvements to how end-to-end encryption keys are requested, shared, and rotated.

• Key Rotation Improvements: Refactored key revocation and rotation logic with the new deleteKeyHelper and updateKey utilities to handle out-of-order processing and foreign key synchronization.
• Key Request V2: Introduced a V2 format for OP_KEY_REQUEST and OP_KEY_REQUEST_SEEN. This includes an unencrypted outer layer for accounting and an encrypted inner layer for security.
• Invite Accounting: Added skipInviteAccounting flag to key operations, allowing for specific key requests that do not consume limited-use invite tokens.
• Permission Escalation Protection: Added explicit tests and validation logic to prevent a signing key from creating or updating a key with higher permissions than itself.
• Secret Storage: Root state now explicitly tracks secretKeys in a dedicated record, improving how serialized secret keys are managed.

🛠 Core Library & Internal Logic

• New Lifecycle Helper: Added chelonia/contract/withRetained, a high-level selector that automatically handles contract retain and release (lifecycle management) around a callback function.
• Message Metadata: Introduced a saveMessageMetadata configuration option, primarily for server-side use, to store receipt dates and other per-message info.
• Post-Operation Hooks: Implemented _postOpHook support, allowing contracts to trigger logic after specific operations (including individual operations within an OP_ATOMIC batch).
• Improved Error Messaging: Standardized error formats for "Forked Chain" and "Unexpected Data" errors to include the relevant contractID.

📖 Developer Experience

• AI Agent Guide: Added AGENTS.md, a comprehensive technical guide designed to help AI coding assistants (like Claude, GPT, or Devin) understand the architecture, SBP selectors, and coding conventions of the library.
• Build System: Improved the build workflow to ignore test files in the dist directory and updated .gitignore to exclude test artifacts from build outputs.
• Testing: Expanded test coverage for utility functions and permission validation.

New Contributors

• @taoeffect made their first contribution (to this repo - much of this code was copied/moved from @taoeffect's work in group-income) in #49
• @devin-ai-integration[bot] made their first contribution in #52

Full Changelog: v1.3.0...v1.4.0