@keks that sounds somewhat like what I have in the v18 branch. if a message could be decrypted, it's content property is set to the plaintext, and a cyphertext: ...
and private: true
properties are added. Then on certain apis, the messages are "reboxed" which just means the cyphertext is copied back to content
. It would be possible rebox before passing to particular plugins, but I wouldn't really consider that security unless they actually ran in a sandbox of some kind.