chore: update Kotlin code

Author: JOHN

app/src/main/java/com/pubky/noise/pubky_noise.kt

@@ -1097,7 +1097,7 @@ private fun uniffiCheckApiChecksums(lib: IntegrityCheckingUniffiLib) {
     if (lib.uniffi_pubky_noise_checksum_func_ed25519_verify() != 14993.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
-    if (lib.uniffi_pubky_noise_checksum_func_is_sealed_blob() != 59485.toShort()) {
+    if (lib.uniffi_pubky_noise_checksum_func_is_sealed_blob() != 27217.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
     if (lib.uniffi_pubky_noise_checksum_func_performance_config() != 613.toShort()) {
@@ -1106,10 +1106,10 @@ private fun uniffiCheckApiChecksums(lib: IntegrityCheckingUniffiLib) {
     if (lib.uniffi_pubky_noise_checksum_func_public_key_from_secret() != 12954.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
-    if (lib.uniffi_pubky_noise_checksum_func_sealed_blob_decrypt() != 36862.toShort()) {
+    if (lib.uniffi_pubky_noise_checksum_func_sealed_blob_decrypt() != 39236.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
-    if (lib.uniffi_pubky_noise_checksum_func_sealed_blob_encrypt() != 44846.toShort()) {
+    if (lib.uniffi_pubky_noise_checksum_func_sealed_blob_encrypt() != 19222.toShort()) {
         throw RuntimeException("UniFFI API checksum mismatch: try cleaning and rebuilding your project")
     }
     if (lib.uniffi_pubky_noise_checksum_func_x25519_generate_keypair() != 20350.toShort()) {
@@ -2801,8 +2801,9 @@ public object FfiConverterSequenceString: FfiConverterRustBuffer<List<kotlin.Str
 
 
         /**
-         * Check if a JSON string looks like a sealed blob envelope.
+         * Check if a JSON string looks like a sealed blob envelope (v1 or v2).
          *
+         * Requires both version field (`"v":1` or `"v":2`) AND ephemeral public key (`"epk":`).
          * This is a quick heuristic check for distinguishing encrypted from legacy plaintext.
          */ fun `isSealedBlob`(`json`: kotlin.String): kotlin.Boolean {
             return FfiConverterBoolean.lift(
@@ -2841,12 +2842,12 @@ public object FfiConverterSequenceString: FfiConverterRustBuffer<List<kotlin.Str
 
 
         /**
-         * Decrypt a Paykit Sealed Blob v1 envelope.
+         * Decrypt a Paykit Sealed Blob v1 or v2 envelope (auto-detects version).
          *
          * # Arguments
          *
          * * `recipient_sk` - Recipient's X25519 secret key (32 bytes)
-         * * `envelope_json` - JSON-encoded sealed blob envelope
+         * * `envelope_json` - JSON-encoded sealed blob envelope (v1 or v2)
          * * `aad` - Associated authenticated data (must match encryption)
          *
          * # Returns
@@ -2869,7 +2870,7 @@ public object FfiConverterSequenceString: FfiConverterRustBuffer<List<kotlin.Str
 
 
         /**
-         * Encrypt plaintext using Paykit Sealed Blob v1 format.
+         * Encrypt plaintext using Paykit Sealed Blob v2 format (XChaCha20-Poly1305).
          *
          * # Arguments
          *
@@ -2880,7 +2881,7 @@ public object FfiConverterSequenceString: FfiConverterRustBuffer<List<kotlin.Str
          *
          * # Returns
          *
-         * JSON-encoded sealed blob envelope.
+         * JSON-encoded sealed blob v2 envelope.
          *
          * # Errors
          *

app/src/main/java/to/bitkit/fcm/WakeNodeWorker.kt

@@ -1,6 +1,7 @@
 package to.bitkit.fcm
 
 import android.content.Context
+import android.net.Uri
 import androidx.hilt.work.HiltWorker
 import androidx.work.CoroutineWorker
 import androidx.work.WorkerParameters
@@ -59,6 +60,7 @@ class WakeNodeWorker @AssistedInject constructor(
     private val self = this
 
     private var bestAttemptContent: NotificationDetails? = null
+    private var bestAttemptDeepLink: Uri? = null
 
     private var notificationType: BlocktankNotificationType? = null
     private var notificationPayload: JsonObject? = null
@@ -253,6 +255,7 @@ class WakeNodeWorker @AssistedInject constructor(
         when (self.notificationType) {
             paykitPaymentRequest -> {
                 val requestId = (notificationPayload?.get("requestId") as? JsonPrimitive)?.contentOrNull
+                val fromPubkey = (notificationPayload?.get("from") as? JsonPrimitive)?.contentOrNull
                 if (requestId == null) {
                     Logger.error("Missing requestId for payment request")
                     return
@@ -266,6 +269,12 @@ class WakeNodeWorker @AssistedInject constructor(
                     title = appContext.getString(R.string.notification_payment_request_title),
                     body = appContext.getString(R.string.notification_payment_request_body),
                 )
+                // Set deep link for payment request detail (with from if available, else general requests screen)
+                self.bestAttemptDeepLink = if (fromPubkey != null) {
+                    Uri.parse("bitkit://payment-request?requestId=$requestId&from=$fromPubkey")
+                } else {
+                    Uri.parse("bitkit://payment-requests")
+                }
                 self.deliver()
             }
 
@@ -283,6 +292,7 @@ class WakeNodeWorker @AssistedInject constructor(
                     title = appContext.getString(R.string.notification_subscription_due_title),
                     body = appContext.getString(R.string.notification_subscription_due_body),
                 )
+                self.bestAttemptDeepLink = Uri.parse("bitkit://subscriptions")
                 self.deliver()
             }
 
@@ -299,6 +309,7 @@ class WakeNodeWorker @AssistedInject constructor(
                     title = appContext.getString(R.string.notification_autopay_executed_title),
                     body = "$BITCOIN_SYMBOL $amount ${appContext.getString(R.string.notification_sent)}",
                 )
+                self.bestAttemptDeepLink = Uri.parse("bitkit://payment-requests")
                 self.deliver()
             }
 
@@ -316,6 +327,7 @@ class WakeNodeWorker @AssistedInject constructor(
                     title = appContext.getString(R.string.notification_subscription_failed_title),
                     body = reason,
                 )
+                self.bestAttemptDeepLink = Uri.parse("bitkit://subscriptions")
                 self.deliver()
             }
 
@@ -329,7 +341,11 @@ class WakeNodeWorker @AssistedInject constructor(
         lightningRepo.stop()
 
         bestAttemptContent?.run {
-            appContext.pushNotification(title, body)
+            appContext.pushNotification(
+                title = title,
+                text = body,
+                deepLinkUri = bestAttemptDeepLink,
+            )
             Logger.info("Delivered notification")
         }
 

app/src/main/java/to/bitkit/paykit/services/DirectoryService.kt

@@ -455,7 +455,9 @@ class DirectoryService @Inject constructor(
             throw DirectoryError.EncryptionFailed("Encryption failed: ${e.message}")
         }
 
-        val result = adapter.put(path, encryptedEnvelope)
+        val result = kotlinx.coroutines.withContext(kotlinx.coroutines.Dispatchers.IO) {
+            adapter.put(path, encryptedEnvelope)
+        }
         if (!result.success) {
             Logger.error("Failed to publish payment request ${request.id}: ${result.error}", context = TAG)
             throw DirectoryError.PublishFailed(result.error ?: "Unknown error")
@@ -557,6 +559,99 @@ class DirectoryService @Inject constructor(
         Logger.info("Removed payment request: $requestId", context = TAG)
     }
 
+    /**
+     * List all payment request IDs on the homeserver for a given recipient.
+     *
+     * Used to compare with locally tracked requests and find orphaned ones.
+     *
+     * @param recipientPubkey The recipient pubkey (used for scope computation)
+     * @return List of request IDs found on the homeserver
+     */
+    suspend fun listRequestsOnHomeserver(recipientPubkey: String): List<String> {
+        if (!isConfigured) tryRestoreFromKeychain()
+        val myPubkey = keyManager.getCurrentPublicKeyZ32() ?: throw DirectoryError.NotConfigured
+
+        val effectiveHomeserver = homeserverURL ?: HomeserverDefaults.defaultHomeserverURL
+        val adapter = pubkyStorage.createUnauthenticatedAdapter(effectiveHomeserver)
+        val recipientScope = PaykitV0Protocol.recipientScope(recipientPubkey)
+        val requestsPath =
+            "${PaykitV0Protocol.PAYKIT_V0_PREFIX}/${PaykitV0Protocol.REQUESTS_SUBPATH}/$recipientScope/"
+
+        return try {
+            val requestFiles = pubkyStorage.listDirectory(requestsPath, adapter, myPubkey)
+            Logger.info(
+                "Found ${requestFiles.size} requests on homeserver for recipient ${recipientPubkey.take(12)}...",
+                context = TAG,
+            )
+            requestFiles
+        } catch (e: Exception) {
+            Logger.debug(
+                "No requests directory found for recipient ${recipientPubkey.take(12)}...",
+                context = TAG,
+            )
+            emptyList()
+        }
+    }
+
+    /**
+     * Delete a payment request from OUR storage (as sender).
+     *
+     * Used when the sender wants to cancel a pending request they sent.
+     *
+     * @param requestId The request ID to delete
+     * @param recipientPubkey The recipient pubkey (used for scope computation)
+     */
+    suspend fun deletePaymentRequest(requestId: String, recipientPubkey: String) {
+        // Auto-restore from keychain if not configured
+        if (!isConfigured) tryRestoreFromKeychain()
+        val adapter = authenticatedAdapter ?: throw DirectoryError.NotConfigured
+        val path = PaykitV0Protocol.paymentRequestPath(recipientPubkey, requestId)
+
+        val result = adapter.delete(path)
+        if (!result.success) {
+            Logger.error("Failed to delete payment request $requestId: ${result.error}", context = TAG)
+            throw DirectoryError.PublishFailed(result.error ?: "Unknown error")
+        }
+        Logger.info("Deleted payment request: $requestId for recipient ${recipientPubkey.take(12)}...", context = TAG)
+    }
+
+    /**
+     * Delete multiple payment requests in batch.
+     *
+     * Used to clean up orphaned requests that exist on homeserver but aren't tracked locally.
+     *
+     * @param requestIds List of request IDs to delete
+     * @param recipientPubkey The recipient pubkey (used for scope computation)
+     * @return Number of successfully deleted requests
+     */
+    suspend fun deleteRequestsBatch(requestIds: List<String>, recipientPubkey: String): Int {
+        if (!isConfigured) tryRestoreFromKeychain()
+        val adapter = authenticatedAdapter ?: throw DirectoryError.NotConfigured
+
+        var deletedCount = 0
+        for (requestId in requestIds) {
+            try {
+                val path = PaykitV0Protocol.paymentRequestPath(recipientPubkey, requestId)
+                val result = adapter.delete(path)
+                if (result.success) {
+                    deletedCount++
+                    Logger.info(
+                        "Deleted orphaned request: $requestId for recipient ${recipientPubkey.take(12)}...",
+                        context = TAG,
+                    )
+                } else {
+                    Logger.error(
+                        "Failed to delete orphaned request $requestId: ${result.error}",
+                        context = TAG,
+                    )
+                }
+            } catch (e: Exception) {
+                Logger.error("Failed to delete orphaned request $requestId", e, context = TAG)
+            }
+        }
+        return deletedCount
+    }
+
     /**
      * Delete a subscription proposal from OUR storage (as provider).
      *
@@ -663,12 +758,14 @@ class DirectoryService @Inject constructor(
     suspend fun discoverPendingRequestsFromPeer(
         peerPubkey: String,
         myPubkey: String,
-    ): List<to.bitkit.paykit.workers.DiscoveredRequest> {
+    ): List<to.bitkit.paykit.workers.DiscoveredRequest> = kotlinx.coroutines.withContext(
+        kotlinx.coroutines.Dispatchers.IO
+    ) {
         val adapter = pubkyStorage.createUnauthenticatedAdapter(homeserverURL)
         val myScope = PaykitV0Protocol.recipientScope(myPubkey)
         val requestsPath = "${PaykitV0Protocol.PAYKIT_V0_PREFIX}/${PaykitV0Protocol.REQUESTS_SUBPATH}/$myScope/"
 
-        return try {
+        try {
             val requestFiles = pubkyStorage.listDirectory(requestsPath, adapter, peerPubkey)
 
             requestFiles.mapNotNull { requestId ->
@@ -894,6 +991,28 @@ class DirectoryService @Inject constructor(
         val myNoiseSk = PubkyRingBridge.hexStringToByteArray(noiseKeypair.secretKey)
         val aad = PaykitV0Protocol.paymentRequestAad(recipientPubkey, requestId)
 
+        // Detailed logging for debugging decryption issues
+        Logger.info("Decrypting request $requestId:", context = TAG)
+        Logger.info("  - recipientPubkey: ${recipientPubkey.take(12)}...", context = TAG)
+        Logger.info("  - myNoisePk (first 16 hex): ${noiseKeypair.publicKey.take(32)}...", context = TAG)
+        Logger.info("  - epoch: 0", context = TAG)
+        Logger.info("  - AAD: $aad", context = TAG)
+
+        // Check if our local key matches the published endpoint (key sync issue detection)
+        val publishedEndpoint = try {
+            discoverNoiseEndpoint(recipientPubkey)
+        } catch (e: Exception) {
+            null
+        }
+        if (publishedEndpoint != null && publishedEndpoint.serverNoisePubkey != noiseKeypair.publicKey) {
+            Logger.error(
+                "KEY MISMATCH: Local key ${noiseKeypair.publicKey.take(16)}... != published ${publishedEndpoint.serverNoisePubkey.take(16)}...",
+                context = TAG,
+            )
+            Logger.error("Senders are encrypting with published key but we have a different local key!", context = TAG)
+            Logger.error("Please reconnect to Pubky Ring to fix key sync", context = TAG)
+        }
+
         return try {
             val plaintextBytes = com.pubky.noise.sealedBlobDecrypt(myNoiseSk, envelopeJson, aad)
             val plaintextJson = String(plaintextBytes)
@@ -902,10 +1021,10 @@ class DirectoryService @Inject constructor(
             to.bitkit.paykit.workers.DiscoveredRequest(
                 requestId = requestId,
                 type = to.bitkit.paykit.workers.RequestType.PaymentRequest,
-                fromPubkey = obj.optString("from_pubkey", ""),
-                amountSats = obj.optLong("amount_sats", 0),
+                fromPubkey = obj.optString("fromPubkey", ""),
+                amountSats = obj.optLong("amountSats", 0),
                 description = if (obj.has("description")) obj.getString("description") else null,
-                createdAt = obj.optLong("created_at", System.currentTimeMillis()),
+                createdAt = obj.optLong("createdAt", System.currentTimeMillis()),
             )
         } catch (e: Exception) {
             Logger.error("Failed to decrypt/parse payment request $requestId", e, context = TAG)