39fe296aaa
When Alice's session-A encrypts a direct message to Bob (target = Bob's stable member pubkey) and Bob's session-B receives it, Bob has BOTH an ephemeral session secret key and the member secret key. The old code only tried session_sk, then silently failed with '⚠ message from <sender> failed to decrypt' even though the message was valid — just encrypted to the member key. Now: try session first, fall back to member on null. Matches the sender side's choice freedom (encrypt using either key). Repros when: user opens multiple Claude Code sessions (all use the same member key but each generates its own session key), and one session sends to another by display-name resolution which returns the member pubkey. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>