The 1.30.0 daemon-multiplexed presence flow needs a way for the daemon
to open a WS keyed on a per-launch ephemeral pubkey. This commit adds:
- WSSessionHelloMessage in types.ts (additive — older clients still use
WSHelloMessage; older brokers reply with unknown_message_type so newer
clients can fall back).
- handleSessionHello in index.ts: validates parentAttestation (TTL ≤24h,
ed25519 by parent), session signature (skew + ed25519 by session),
parent membership in mesh.member, and parentMemberId/pubkey coherence.
- Inserts a presence row keyed on sessionPubkey but member_id from the
parent — member-targeted operations (revocation, send-by-member-pubkey)
keep working unchanged.
- Broadcasts peer_joined to ALL siblings in the mesh, including the
same-member ones (the regular hello path skips those to avoid self-
spam, but session_hello explicitly wants sibling visibility).
Behavior parity tests will land alongside the daemon SessionBrokerClient.
The unit tests added in the previous commit cover the crypto layer.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
e688f66791