From 2e081ead8e63683b55500c985e76411f789eeba0 Mon Sep 17 00:00:00 2001 From: Christian Nennemann Date: Sat, 7 Mar 2026 18:46:43 +0100 Subject: [PATCH] =?UTF-8?q?chore:=20rename=20quicproquo=20=E2=86=92=20quic?= =?UTF-8?q?prochat=20in=20docs,=20Docker,=20CI,=20and=20packaging?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename all project references from quicproquo/qpq to quicprochat/qpc across documentation, Docker configuration, CI workflows, packaging scripts, operational configs, and build tooling. - Docker: crate paths, binary names, user/group, data dirs, env vars - CI: workflow crate references, binary names, artifact names - Docs: all markdown files under docs/, SDK READMEs, book.toml - Packaging: OpenWrt Makefile, init script, UCI config (file renames) - Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team - Operations: Prometheus config, alert rules, Grafana dashboard - Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths - Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md --- .env.example | 16 +- .github/CODEOWNERS | 20 +-- .github/workflows/bench.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/openwrt.yml | 8 +- CONTRIBUTING.md | 4 +- README.md | 56 +++---- ROADMAP.md | 64 ++++---- docker-compose.prod.yml | 52 +++---- docker-compose.yml | 2 +- docker/Dockerfile | 106 ++++++------- docker/Dockerfile.chat-test | 48 +++--- docker/docker-compose.chat-test.yml | 18 +-- docs/FUTURE-IMPROVEMENTS.md | 6 +- docs/PRODUCTION-READINESS-AUDIT.md | 18 +-- docs/SECURITY-AUDIT.md | 28 ++-- docs/openwrt.md | 44 +++--- docs/operations/backup-restore.md | 76 ++++----- .../{qpq-overview.json => qpc-overview.json} | 10 +- .../dashboards/default.yml | 2 +- docs/operations/incident-response.md | 64 ++++---- docs/operations/key-rotation.md | 88 +++++------ docs/operations/monitoring.md | 36 ++--- docs/operations/prometheus-alerts.yml | 20 +-- docs/operations/prometheus.yml | 2 +- docs/operations/scaling-guide.md | 34 ++-- docs/sdk/build-your-own.md | 14 +- docs/sdk/c-ffi.md | 78 +++++----- docs/sdk/go.md | 10 +- docs/sdk/index.md | 12 +- docs/sdk/python.md | 22 +-- docs/sdk/rust.md | 24 +-- docs/sdk/typescript.md | 6 +- docs/sdk/wire-format.md | 6 +- docs/src/SUMMARY.md | 4 +- docs/src/appendix/glossary.md | 46 +++--- docs/src/appendix/references.md | 42 ++--- .../architecture/crate-responsibilities.md | 58 +++---- docs/src/architecture/data-flow.md | 4 +- docs/src/architecture/overview.md | 30 ++-- docs/src/architecture/protocol-stack.md | 8 +- docs/src/architecture/service-architecture.md | 16 +- docs/src/contributing/coding-standards.md | 8 +- docs/src/contributing/testing.md | 52 +++---- docs/src/cryptography/forward-secrecy.md | 10 +- docs/src/cryptography/identity-keys.md | 6 +- docs/src/cryptography/key-lifecycle.md | 14 +- docs/src/cryptography/overview.md | 2 +- .../cryptography/post-compromise-security.md | 10 +- .../cryptography/post-quantum-readiness.md | 18 +-- docs/src/cryptography/threat-model.md | 4 +- .../src/design-rationale/adr-002-capnproto.md | 10 +- .../adr-004-mls-unaware-ds.md | 6 +- .../adr-005-single-use-keypackages.md | 4 +- .../design-rationale/adr-006-rest-gateway.md | 12 +- docs/src/design-rationale/overview.md | 20 +-- .../design-rationale/protocol-comparison.md | 64 ++++---- docs/src/design-rationale/why-not-signal.md | 34 ++-- docs/src/getting-started/building.md | 40 ++--- .../getting-started/certificate-lifecycle.md | 18 +-- docs/src/getting-started/demo-walkthrough.md | 26 ++-- docs/src/getting-started/docker.md | 80 +++++----- docs/src/getting-started/ffi.md | 146 +++++++++--------- docs/src/getting-started/file-transfer.md | 8 +- docs/src/getting-started/go-sdk.md | 12 +- docs/src/getting-started/mesh-networking.md | 40 ++--- docs/src/getting-started/prerequisites.md | 8 +- docs/src/getting-started/repl-reference.md | 8 +- docs/src/getting-started/rich-messaging.md | 8 +- .../src/getting-started/running-the-client.md | 44 +++--- .../src/getting-started/running-the-server.md | 102 ++++++------ docs/src/getting-started/tls.md | 32 ++-- docs/src/getting-started/typescript-sdk.md | 10 +- docs/src/getting-started/wasm.md | 10 +- docs/src/internals/authentication-service.md | 10 +- docs/src/internals/delivery-service.md | 4 +- docs/src/internals/group-member-lifecycle.md | 4 +- docs/src/internals/keypackage-exchange.md | 16 +- docs/src/internals/server-hooks.md | 8 +- docs/src/internals/storage-backend.md | 10 +- docs/src/introduction.md | 18 +-- docs/src/operations/backup-restore.md | 76 ++++----- docs/src/operations/monitoring.md | 36 ++--- docs/src/operations/scaling-guide.md | 34 ++-- docs/src/protocol-layers/capn-proto.md | 20 +-- docs/src/protocol-layers/hybrid-kem.md | 14 +- docs/src/protocol-layers/mls.md | 20 +-- docs/src/protocol-layers/overview.md | 16 +- docs/src/protocol-layers/quic-tls.md | 32 ++-- docs/src/roadmap/authz-plan.md | 2 +- docs/src/roadmap/dm-channels.md | 2 +- .../roadmap/fully-operational-checklist.md | 2 +- docs/src/roadmap/future-research.md | 16 +- docs/src/roadmap/milestones.md | 22 +-- docs/src/roadmap/phase2-and-m4-m6.md | 2 +- docs/src/roadmap/production-readiness.md | 10 +- docs/src/sdk/index.md | 12 +- docs/src/sdk/rust.md | 22 +-- docs/src/sdk/wire-format.md | 6 +- docs/src/wire-format/auth-schema.md | 6 +- docs/src/wire-format/delivery-schema.md | 8 +- docs/src/wire-format/envelope-schema.md | 4 +- docs/src/wire-format/node-service-schema.md | 34 ++-- docs/src/wire-format/overview.md | 12 +- examples/python/README.md | 14 +- .../python/{qpq_client.py => qpc_client.py} | 18 +-- justfile | 14 +- packaging/openwrt/Makefile | 38 ++--- .../{quicproquo.init => quicprochat.init} | 24 +-- packaging/openwrt/files/quicprochat.uci | 7 + packaging/openwrt/files/quicproquo.uci | 7 - playbooks/README.md | 12 +- scripts/chat-test.sh | 20 +-- scripts/cross-compile.sh | 10 +- scripts/dev-shell.sh | 32 ++-- scripts/screenshot.sh | 8 +- sdks/go/README.md | 16 +- sdks/go/cmd/example/main.go | 4 +- sdks/go/go.mod | 2 +- sdks/go/proto/node/node.capnp | 4 +- sdks/go/qpc/client.go | 10 +- sdks/go/transport/transport.go | 6 +- sdks/java/README.md | 14 +- sdks/java/build.gradle.kts | 2 +- .../java/dev/quicprochat/NativeBridge.java | 8 +- .../dev/quicprochat/QpqAuthException.java | 2 +- .../main/java/dev/quicprochat/QpqClient.java | 10 +- .../java/dev/quicprochat/QpqException.java | 4 +- .../dev/quicprochat/QpqTimeoutException.java | 2 +- sdks/kotlin/README.md | 38 ++--- sdks/kotlin/build.gradle.kts | 2 +- .../kotlin/jni/dev_quicprochat_NativeBridge.c | 22 +-- .../kotlin/dev/quicprochat/NativeBridge.kt | 10 +- .../main/kotlin/dev/quicprochat/QpqClient.kt | 6 +- .../main/kotlin/dev/quicprochat/QpqError.kt | 4 +- sdks/python/README.md | 30 ++-- sdks/python/examples/bot.py | 4 +- sdks/python/examples/ffi_demo.py | 6 +- sdks/python/quicprochat/__init__.py | 8 +- sdks/python/quicprochat/client.py | 14 +- sdks/python/quicprochat/ffi.py | 24 +-- sdks/python/quicprochat/transport.py | 4 +- sdks/python/quicprochat/types.py | 6 +- sdks/python/quicprochat/wire.py | 2 +- sdks/python/tests/test_proto.py | 2 +- sdks/python/tests/test_types.py | 2 +- sdks/python/tests/test_wire.py | 2 +- sdks/ruby/README.md | 32 ++-- sdks/ruby/examples/demo.rb | 6 +- sdks/ruby/lib/quicprochat.rb | 23 +++ sdks/ruby/lib/quicprochat/client.rb | 12 +- sdks/ruby/lib/quicprochat/errors.rb | 4 +- sdks/ruby/lib/quicprochat/ffi_bindings.rb | 18 +-- sdks/ruby/lib/quicprochat/version.rb | 2 +- sdks/ruby/lib/quicproquo.rb | 23 --- sdks/ruby/quicprochat.gemspec | 10 +- sdks/swift/Package.swift | 20 +-- sdks/swift/README.md | 24 +-- .../Sources/CQuicProChat/module.modulemap | 5 + .../quicprochat_ffi.h} | 12 +- .../Sources/CQuicProQuo/module.modulemap | 5 - .../QpqClient.swift | 8 +- .../QpqError.swift | 2 +- sdks/typescript/README.md | 10 +- sdks/typescript/demo/index.html | 6 +- sdks/typescript/package-lock.json | 4 +- sdks/typescript/package.json | 2 +- sdks/typescript/src/client.ts | 6 +- sdks/typescript/src/index.ts | 2 +- sdks/typescript/src/transport.ts | 2 +- sdks/typescript/src/types.ts | 2 +- sdks/typescript/wasm-crypto/Cargo.lock | 4 +- sdks/web/package.json | 4 +- sdks/web/public/index.html | 4 +- sdks/web/public/manifest.json | 2 +- sdks/web/public/style.css | 2 +- sdks/web/public/sw.js | 6 +- sdks/web/src/app.ts | 2 +- sdks/web/src/store.ts | 2 +- 179 files changed, 1645 insertions(+), 1645 deletions(-) rename docs/operations/dashboards/{qpq-overview.json => qpc-overview.json} (97%) rename examples/python/{qpq_client.py => qpc_client.py} (93%) rename packaging/openwrt/files/{quicproquo.init => quicprochat.init} (65%) create mode 100644 packaging/openwrt/files/quicprochat.uci delete mode 100644 packaging/openwrt/files/quicproquo.uci create mode 100644 sdks/ruby/lib/quicprochat.rb delete mode 100644 sdks/ruby/lib/quicproquo.rb create mode 100644 sdks/swift/Sources/CQuicProChat/module.modulemap rename sdks/swift/Sources/{CQuicProQuo/quicproquo_ffi.h => CQuicProChat/quicprochat_ffi.h} (81%) delete mode 100644 sdks/swift/Sources/CQuicProQuo/module.modulemap rename sdks/swift/Sources/{QuicProQuo => QuicProChat}/QpqClient.swift (96%) rename sdks/swift/Sources/{QuicProQuo => QuicProChat}/QpqError.swift (94%) diff --git a/.env.example b/.env.example index cbfb698..ee57b5a 100644 --- a/.env.example +++ b/.env.example @@ -1,20 +1,20 @@ -# quicproquo Production Environment Variables +# quicprochat Production Environment Variables # Copy this file to .env and fill in the values. # Server auth token (required, >= 16 characters) -QPQ_AUTH_TOKEN= +QPC_AUTH_TOKEN= # SQLCipher database encryption key (required for store_backend=sql) -QPQ_DB_KEY= +QPC_DB_KEY= # Ports (defaults shown) -QPQ_LISTEN_PORT=7000 -QPQ_WS_PORT=9000 +QPC_LISTEN_PORT=7000 +QPC_WS_PORT=9000 # Optional features -QPQ_SEALED_SENDER=false -QPQ_REDACT_LOGS=true -QPQ_WS_LISTEN= +QPC_SEALED_SENDER=false +QPC_REDACT_LOGS=true +QPC_WS_LISTEN= # Grafana admin password (required — must be strong, no default) GRAFANA_ADMIN_PASSWORD= diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 203bf5e..d1fdea5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,4 @@ -# Code owners for quicproquo. PRs require review from owners. +# Code owners for quicprochat. PRs require review from owners. # See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners # Replace 'maintainers' with your GitHub user/team handle. @@ -6,32 +6,32 @@ * @maintainers # Security-critical: crypto primitives, MLS, hybrid KEM -/crates/quicproquo-core/ @maintainers +/crates/quicprochat-core/ @maintainers # Wire format: protobuf definitions, Cap'n Proto schemas -/crates/quicproquo-proto/ @maintainers +/crates/quicprochat-proto/ @maintainers /proto/ @maintainers # Auth and server-side domain logic -/crates/quicproquo-server/ @maintainers +/crates/quicprochat-server/ @maintainers # Client SDK: auth, conversation store, messaging pipeline -/crates/quicproquo-sdk/ @maintainers +/crates/quicprochat-sdk/ @maintainers # CLI/TUI client -/crates/quicproquo-client/ @maintainers +/crates/quicprochat-client/ @maintainers # RPC framework: framing, middleware, QUIC transport -/crates/quicproquo-rpc/ @maintainers +/crates/quicprochat-rpc/ @maintainers # Key transparency -/crates/quicproquo-kt/ @maintainers +/crates/quicprochat-kt/ @maintainers # Plugin ABI (no_std C-ABI boundary) -/crates/quicproquo-plugin-api/ @maintainers +/crates/quicprochat-plugin-api/ @maintainers # P2P transport -/crates/quicproquo-p2p/ @maintainers +/crates/quicprochat-p2p/ @maintainers # CI and infrastructure /.github/ @maintainers diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index 1bdce66..f68f334 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}-bench- - name: Run benchmarks - run: cargo bench --package quicproquo-core -- --output-format=bencher 2>&1 | tee bench-output.txt + run: cargo bench --package quicprochat-core -- --output-format=bencher 2>&1 | tee bench-output.txt - name: Upload HTML reports uses: actions/upload-artifact@v4 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c25ff47..ef3516c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -102,7 +102,7 @@ jobs: - name: Run coverage run: | cargo tarpaulin --workspace \ - --exclude quicproquo-p2p \ + --exclude quicprochat-p2p \ --out xml \ --output-dir coverage/ \ -- --test-threads 1 diff --git a/.github/workflows/openwrt.yml b/.github/workflows/openwrt.yml index 1bb524f..dc6a0a3 100644 --- a/.github/workflows/openwrt.yml +++ b/.github/workflows/openwrt.yml @@ -43,11 +43,11 @@ jobs: CARGO_PROFILE_RELEASE_CODEGEN_UNITS: '1' CARGO_PROFILE_RELEASE_STRIP: symbols run: | - cargo zigbuild --release --target ${{ matrix.target }} --bin qpq-server + cargo zigbuild --release --target ${{ matrix.target }} --bin qpc-server - name: Check binary size run: | - BINARY="target/${{ matrix.target }}/release/qpq-server" + BINARY="target/${{ matrix.target }}/release/qpc-server" SIZE=$(stat -c%s "$BINARY") SIZE_MB=$(echo "scale=2; $SIZE / 1048576" | bc) echo "Binary size: ${SIZE_MB} MB" @@ -60,6 +60,6 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: qpq-server-${{ matrix.target }} - path: target/${{ matrix.target }}/release/qpq-server + name: qpc-server-${{ matrix.target }} + path: target/${{ matrix.target }}/release/qpc-server retention-days: 30 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3560a33..ce9a434 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,4 @@ -# Contributing to quicproquo +# Contributing to quicprochat ## Prerequisites @@ -37,4 +37,4 @@ Do not open public issues for security bugs. See [SECURITY.md](SECURITY.md) for ## Licensing -The server crate (`quicproquo-server`) is licensed under **AGPL-3.0**. All other crates are dual-licensed under **Apache-2.0 / MIT**. By submitting a contribution, you agree to license your work under the applicable license(s). +The server crate (`quicprochat-server`) is licensed under **AGPL-3.0**. All other crates are dual-licensed under **Apache-2.0 / MIT**. By submitting a contribution, you agree to license your work under the applicable license(s). diff --git a/README.md b/README.md index d678a02..43392b1 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@

- quicproquo + quicprochat

-

quicproquo

+

quicprochat

End-to-end encrypted group messaging over QUIC, powered by MLS and post-quantum cryptography. @@ -17,7 +17,7 @@ --- -quicproquo is a production-grade messenger where the server **never sees plaintext**. All traffic flows over QUIC/TLS 1.3, group keys are negotiated with the [MLS protocol](https://www.rfc-editor.org/rfc/rfc9420) (RFC 9420), and a hybrid X25519 + ML-KEM-768 KEM provides post-quantum confidentiality. Written in Rust. 45,000 lines of code. 301 tests. +quicprochat is a production-grade messenger where the server **never sees plaintext**. All traffic flows over QUIC/TLS 1.3, group keys are negotiated with the [MLS protocol](https://www.rfc-editor.org/rfc/rfc9420) (RFC 9420), and a hybrid X25519 + ML-KEM-768 KEM provides post-quantum confidentiality. Written in Rust. 45,000 lines of code. 301 tests. ``` ┌─────────────────────────────────────────────────┐ @@ -53,17 +53,17 @@ cargo build --workspace cargo test --workspace # Start the server (auto-generates self-signed TLS cert) -cargo run --bin qpq-server -- --allow-insecure-auth +cargo run --bin qpc-server -- --allow-insecure-auth # Interactive REPL (registers + logs in automatically) -cargo run --bin qpq -- repl --username alice --password secret +cargo run --bin qpc -- repl --username alice --password secret ``` **Two-terminal demo:** ```bash # Terminal 1 # Terminal 2 -qpq repl -u alice -p secretA qpq repl -u bob -p secretB +qpc repl -u alice -p secretA qpc repl -u bob -p secretB # Alice: # Bob sees: /dm bob [alice] Hello, Bob! @@ -73,19 +73,19 @@ Hello, Bob! ## Architecture ``` -quicproquo/ +quicprochat/ ├── crates/ -│ ├── quicproquo-core # MLS, hybrid KEM, PQ Noise, OPAQUE, recovery, padding -│ ├── quicproquo-proto # Protobuf (prost) + Cap'n Proto generated types -│ ├── quicproquo-rpc # QUIC RPC framework (framing, dispatch, middleware) -│ ├── quicproquo-sdk # Client SDK (QpqClient, conversation store, outbox) -│ ├── quicproquo-server # QUIC server, 33 RPC methods, domain services, plugins -│ ├── quicproquo-client # CLI + REPL + TUI (Ratatui) -│ ├── quicproquo-kt # Key transparency (Merkle-log, revocation) -│ ├── quicproquo-p2p # iroh P2P, mesh identity, store-and-forward -│ ├── quicproquo-ffi # C FFI (libquicproquo_ffi.so) -│ └── quicproquo-plugin-api # Dynamic plugin hooks (C ABI) -├── proto/qpq/v1/ # 15 .proto schema files +│ ├── quicprochat-core # MLS, hybrid KEM, PQ Noise, OPAQUE, recovery, padding +│ ├── quicprochat-proto # Protobuf (prost) + Cap'n Proto generated types +│ ├── quicprochat-rpc # QUIC RPC framework (framing, dispatch, middleware) +│ ├── quicprochat-sdk # Client SDK (QpqClient, conversation store, outbox) +│ ├── quicprochat-server # QUIC server, 33 RPC methods, domain services, plugins +│ ├── quicprochat-client # CLI + REPL + TUI (Ratatui) +│ ├── quicprochat-kt # Key transparency (Merkle-log, revocation) +│ ├── quicprochat-p2p # iroh P2P, mesh identity, store-and-forward +│ ├── quicprochat-ffi # C FFI (libquicprochat_ffi.so) +│ └── quicprochat-plugin-api # Dynamic plugin hooks (C ABI) +├── proto/qpc/v1/ # 15 .proto schema files ├── sdks/ # Go, Python, TypeScript, Swift, Kotlin, Java, Ruby ├── docs/ # mdBook docs, SDK guides, operational runbooks └── packaging/ # OpenWrt, Docker, cross-compilation @@ -132,7 +132,7 @@ quicproquo/ | Language | Location | Transport | Notes | |---|---|---|---| -| **Rust** | `crates/quicproquo-sdk` | QUIC (quinn) | Reference implementation | +| **Rust** | `crates/quicprochat-sdk` | QUIC (quinn) | Reference implementation | | **Go** | `sdks/go/` | QUIC (quic-go) | Cap'n Proto RPC, full API | | **Python** | `sdks/python/` | QUIC (aioquic) + FFI | Async client, PyPI-ready | | **TypeScript** | `sdks/typescript/` | WebSocket + WASM crypto | 175 KB WASM bundle, browser demo | @@ -165,8 +165,8 @@ quicproquo/ ### Docker ```bash -docker build -t quicproquo -f docker/Dockerfile . -docker run -p 7000:7000 -v qpq-data:/data quicproquo +docker build -t quicprochat -f docker/Dockerfile . +docker run -p 7000:7000 -v qpc-data:/data quicprochat ``` ### Production (Docker Compose) @@ -190,13 +190,13 @@ See [docs/openwrt.md](docs/openwrt.md) for `opkg` packaging and `procd` init scr ```bash # Environment variables (see .env.example for full list) -QPQ_LISTEN=0.0.0.0:7000 -QPQ_AUTH_TOKEN=your-strong-token -QPQ_DB_KEY=your-db-encryption-key -QPQ_STORE_BACKEND=sql -QPQ_METRICS_LISTEN=0.0.0.0:9090 -QPQ_DRAIN_TIMEOUT=30 -QPQ_RPC_TIMEOUT=30 +QPC_LISTEN=0.0.0.0:7000 +QPC_AUTH_TOKEN=your-strong-token +QPC_DB_KEY=your-db-encryption-key +QPC_STORE_BACKEND=sql +QPC_METRICS_LISTEN=0.0.0.0:9090 +QPC_DRAIN_TIMEOUT=30 +QPC_RPC_TIMEOUT=30 ``` ## Documentation diff --git a/ROADMAP.md b/ROADMAP.md index 1044873..d680a8d 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,4 +1,4 @@ -# Roadmap — quicproquo +# Roadmap — quicprochat > From proof-of-concept to production-grade E2E encrypted messaging. > @@ -18,7 +18,7 @@ Eliminate all crash paths, enforce secure defaults, fix deployment blockers. - Audit: `grep -rn 'unwrap()\|expect(' crates/` outside `#[cfg(test)]` - [x] **1.2 Enforce secure defaults in production mode** - - Reject startup if `QPQ_PRODUCTION=true` and `auth_token` is empty or `"devtoken"` + - Reject startup if `QPC_PRODUCTION=true` and `auth_token` is empty or `"devtoken"` - Require non-empty `db_key` when using SQL backend in production - Refuse to auto-generate TLS certs in production mode (require existing cert+key) - Already partially implemented — verify and harden the validation in `config.rs` @@ -30,8 +30,8 @@ Eliminate all crash paths, enforce secure defaults, fix deployment blockers. - [x] **1.4 Fix Dockerfile** - Sync workspace members (handle excluded `p2p` crate) - Create dedicated user/group instead of `nobody` - - Set writable `QPQ_DATA_DIR` with correct permissions - - Test: `docker build . && docker run --rm -it qpq-server --help` + - Set writable `QPC_DATA_DIR` with correct permissions + - Test: `docker build . && docker run --rm -it qpc-server --help` - [x] **1.5 TLS certificate lifecycle** - Document CA-signed cert setup (Let's Encrypt / custom CA) @@ -121,27 +121,27 @@ WASM/FFI for the crypto layer. ### Implementation -- [x] **3.1 Go SDK (`quicproquo-go`)** +- [x] **3.1 Go SDK (`quicprochat-go`)** - Generated Go types from `node.capnp` (6487-line codegen, all 24 RPC methods) - QUIC transport via `quic-go` with TLS 1.3 + ALPN `"capnp"` - - High-level `qpq` package: Connect, Health, ResolveUser, CreateChannel, Send/SendWithTTL, Receive/ReceiveWait, DeleteAccount, OPAQUE auth + - High-level `qpc` package: Connect, Health, ResolveUser, CreateChannel, Send/SendWithTTL, Receive/ReceiveWait, DeleteAccount, OPAQUE auth - Example CLI in `sdks/go/cmd/example/` -- [x] **3.2 Python SDK (`quicproquo-py`)** +- [x] **3.2 Python SDK (`quicprochat-py`)** - QUIC transport: `aioquic` with custom Cap'n Proto stream handler - Cap'n Proto serialization: `pycapnp` for message types - Manual RPC framing: length-prefixed request/response over QUIC stream - Async/await API matching the Rust client patterns - - Crypto: PyO3 bindings to `quicproquo-core` for MLS operations - - Publish: PyPI `quicproquo` + - Crypto: PyO3 bindings to `quicprochat-core` for MLS operations + - Publish: PyPI `quicprochat` - Example: async bot client -- [x] **3.3 C FFI layer (`quicproquo-ffi`)** - - `crates/quicproquo-ffi` with 7 extern "C" functions: connect, login, send, receive, disconnect, last_error, free_string - - Builds as `libquicproquo_ffi.so` / `.dylib` / `.dll` - - Python ctypes wrapper in `examples/python/qpq_client.py` +- [x] **3.3 C FFI layer (`quicprochat-ffi`)** + - `crates/quicprochat-ffi` with 7 extern "C" functions: connect, login, send, receive, disconnect, last_error, free_string + - Builds as `libquicprochat_ffi.so` / `.dylib` / `.dll` + - Python ctypes wrapper in `examples/python/qpc_client.py` -- [x] **3.4 WASM compilation of `quicproquo-core`** +- [x] **3.4 WASM compilation of `quicprochat-core`** - `wasm-pack build` target producing 175 KB WASM bundle (LTO + opt-level=s) - 13 `wasm_bindgen` functions: Ed25519 identity, hybrid KEM, safety numbers, sealed sender, padding - Browser-ready with `crypto.getRandomValues()` RNG @@ -156,7 +156,7 @@ WASM/FFI for the crypto layer. - Configurable port: `--webtransport-listen 0.0.0.0:7443` - Feature-flagged: `--features webtransport` -- [x] **3.6 TypeScript/JavaScript SDK (`@quicproquo/client`)** +- [x] **3.6 TypeScript/JavaScript SDK (`@quicprochat/client`)** - `QpqClient` class: connect, offline, health, resolveUser, createChannel, send/sendWithTTL, receive, deleteAccount - WASM crypto wrapper: generateIdentity, sign/verify, hybridEncrypt/Decrypt, computeSafetyNumber, sealedSend, pad - WebSocket transport with request/response correlation and reconnection @@ -317,17 +317,17 @@ Long-term vision for wide adoption. - [x] **7.4 Sealed Sender** - Sender identity inside MLS ciphertext only (server can't see who sent) - - `sealed_sender` module in quicproquo-core with seal/unseal API + - `sealed_sender` module in quicprochat-core with seal/unseal API - WASM-accessible via `wasm_bindgen` for browser use - [x] **7.5 Additional language SDKs** - Java/Kotlin: JNI bindings to C FFI (Phase 3.3) + native QUIC (netty-quic) - Swift: Swift wrapper over C FFI + Network.framework QUIC - - Ruby: FFI bindings via `quicproquo-ffi` + - Ruby: FFI bindings via `quicprochat-ffi` - Evaluate demand-driven — only build SDKs people request - [x] **7.6 P2P / NAT traversal** - - Direct peer-to-peer via iroh (foundation exists in `quicproquo-p2p`) + - Direct peer-to-peer via iroh (foundation exists in `quicprochat-p2p`) - Server as fallback relay only - Reduces latency and single-point-of-failure - Ref: `FUTURE-IMPROVEMENTS.md § 6.1` @@ -342,35 +342,35 @@ Long-term vision for wide adoption. ## Phase 8 — Freifunk / Community Mesh Networking -Make qpq a first-class citizen on decentralised, community-operated wireless -networks (Freifunk, BATMAN-adv/Babel routing, OpenWrt). Multiple qpq nodes form +Make qpc a first-class citizen on decentralised, community-operated wireless +networks (Freifunk, BATMAN-adv/Babel routing, OpenWrt). Multiple qpc nodes form a federated mesh; clients auto-discover nearby nodes via mDNS; the network functions without any central infrastructure or internet uplink. ### Architecture ``` - Client A ─── mDNS discovery ──► nearby qpq node (LAN / mesh) + Client A ─── mDNS discovery ──► nearby qpc node (LAN / mesh) │ Cap'n Proto federation │ - remote qpq node (across mesh) + remote qpc node (across mesh) ``` -- [x] **F0 — Re-include `quicproquo-p2p` in workspace; fix ALPN strings** - - Moved `crates/quicproquo-p2p` from `exclude` back into `[workspace] members` - - Fixed ALPN `b"quicnprotochat/p2p/1"` → `b"quicproquo/p2p/1"` (breaking wire change) - - Fixed federation ALPN `b"qnpc-fed"` → `b"quicproquo/federation/1"` +- [x] **F0 — Re-include `quicprochat-p2p` in workspace; fix ALPN strings** + - Moved `crates/quicprochat-p2p` from `exclude` back into `[workspace] members` + - Fixed ALPN `b"quicnprotochat/p2p/1"` → `b"quicprochat/p2p/1"` (breaking wire change) + - Fixed federation ALPN `b"qnpc-fed"` → `b"quicprochat/federation/1"` - Feature-gated behind `--features mesh` on client (keeps iroh out of default builds) - [x] **F1 — Federation routing in message delivery** - `handle_enqueue` and `handle_batch_enqueue` call `federation::routing::resolve_destination()` - Recipients with a remote home server are relayed via `FederationClient::relay_enqueue()` - mTLS mutual authentication between nodes (both present client certs, validated against shared CA) - - Config: `QPQ_FEDERATION_LISTEN`, `QPQ_LOCAL_DOMAIN`, `QPQ_FEDERATION_CERT/KEY/CA` + - Config: `QPC_FEDERATION_LISTEN`, `QPC_LOCAL_DOMAIN`, `QPC_FEDERATION_CERT/KEY/CA` - [x] **F2 — mDNS local peer discovery** - - Server announces `_quicproquo._udp.local.` on startup via `mdns-sd` + - Server announces `_quicprochat._udp.local.` on startup via `mdns-sd` - Client: `MeshDiscovery::start()` browses for nearby nodes (feature-gated) - REPL commands: `/mesh peers` (scan + list), `/mesh server ` (note address) - Nodes announce: `ver=1`, `server=`, `domain=` TXT records @@ -378,7 +378,7 @@ functions without any central infrastructure or internet uplink. - [x] **F3 — Self-sovereign mesh identity** - Ed25519 keypair-based identity independent of AS registration - JSON-persisted seed + known peers directory - - Sign/verify operations for mesh authenticity (`crates/quicproquo-p2p/src/identity.rs`) + - Sign/verify operations for mesh authenticity (`crates/quicprochat-p2p/src/identity.rs`) - [x] **F4 — Store-and-forward with TTL** - `MeshEnvelope` with TTL-based expiry, hop_count tracking, max_hops routing limit @@ -419,7 +419,7 @@ functions without any central infrastructure or internet uplink. Features designed to attract contributors, create demo/showcase potential, and lower the barrier to entry for non-crypto developers. -- [x] **9.1 Criterion Benchmark Suite (`qpq-bench`)** +- [x] **9.1 Criterion Benchmark Suite (`qpc-bench`)** - Criterion benchmarks for all crypto primitives: hybrid KEM encap/decap, MLS group-add at 10/100/1000 members, epoch rotation, Noise_XX handshake - CI publishes HTML benchmark reports as GitHub Actions artifacts @@ -431,7 +431,7 @@ and lower the barrier to entry for non-crypto developers. - Available in WASM via `compute_safety_number` binding - [x] **9.3 Full-Screen TUI (Ratatui + Crossterm)** - - `qpq tui` launches a full-screen terminal UI: message pane, input bar, + - `qpc tui` launches a full-screen terminal UI: message pane, input bar, channel sidebar with unread counts, MLS epoch indicator - Feature-gated `--features tui` to keep ratatui/crossterm out of default builds - Existing REPL and CLI subcommands are unaffected @@ -444,7 +444,7 @@ and lower the barrier to entry for non-crypto developers. - [x] **9.5 Verifiable Transcript Archive** - `GroupMember::export_transcript(path, password)` writes encrypted, tamper-evident message archive (CBOR records, Argon2id + ChaCha20-Poly1305, Merkle chain) - - `qpq export verify` CLI command independently verifies chain integrity + - `qpc export verify` CLI command independently verifies chain integrity - Useful for legal discovery, audit, or personal backup - [x] **9.6 Key Transparency (Merkle-Log Identity Binding)** diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 52b3d97..0ba83ce 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,4 +1,4 @@ -# Production Docker Compose for quicproquo +# Production Docker Compose for quicprochat # # Usage: # 1. Copy .env.example to .env and fill in secrets @@ -11,45 +11,45 @@ # - Database encryption key networks: - qpq: + qpc: driver: bridge volumes: - qpq-data: + qpc-data: prometheus-data: grafana-data: services: - # ── quicproquo server ──────────────────────────────────────────────────────── + # ── quicprochat server ──────────────────────────────────────────────────────── server: build: context: . dockerfile: docker/Dockerfile restart: unless-stopped ports: - - "${QPQ_LISTEN_PORT:-7000}:7000/udp" # QUIC - - "${QPQ_WS_PORT:-9000}:9000" # WebSocket bridge (optional) + - "${QPC_LISTEN_PORT:-7000}:7000/udp" # QUIC + - "${QPC_WS_PORT:-9000}:9000" # WebSocket bridge (optional) environment: RUST_LOG: info - QPQ_PRODUCTION: "true" - QPQ_LISTEN: "0.0.0.0:7000" - QPQ_DATA_DIR: /var/lib/quicproquo - QPQ_TLS_CERT: /var/lib/quicproquo/certs/server-cert.der - QPQ_TLS_KEY: /var/lib/quicproquo/certs/server-key.der - QPQ_AUTH_TOKEN: "${QPQ_AUTH_TOKEN}" - QPQ_STORE_BACKEND: sql - QPQ_DB_PATH: /var/lib/quicproquo/qpq.db - QPQ_DB_KEY: "${QPQ_DB_KEY}" - QPQ_METRICS_LISTEN: "0.0.0.0:9090" - QPQ_METRICS_ENABLED: "true" - QPQ_SEALED_SENDER: "${QPQ_SEALED_SENDER:-false}" - QPQ_REDACT_LOGS: "${QPQ_REDACT_LOGS:-true}" - QPQ_WS_LISTEN: "${QPQ_WS_LISTEN:-}" + QPC_PRODUCTION: "true" + QPC_LISTEN: "0.0.0.0:7000" + QPC_DATA_DIR: /var/lib/quicprochat + QPC_TLS_CERT: /var/lib/quicprochat/certs/server-cert.der + QPC_TLS_KEY: /var/lib/quicprochat/certs/server-key.der + QPC_AUTH_TOKEN: "${QPC_AUTH_TOKEN}" + QPC_STORE_BACKEND: sql + QPC_DB_PATH: /var/lib/quicprochat/qpc.db + QPC_DB_KEY: "${QPC_DB_KEY}" + QPC_METRICS_LISTEN: "0.0.0.0:9090" + QPC_METRICS_ENABLED: "true" + QPC_SEALED_SENDER: "${QPC_SEALED_SENDER:-false}" + QPC_REDACT_LOGS: "${QPC_REDACT_LOGS:-true}" + QPC_WS_LISTEN: "${QPC_WS_LISTEN:-}" volumes: - - qpq-data:/var/lib/quicproquo - - ./certs:/var/lib/quicproquo/certs:ro + - qpc-data:/var/lib/quicprochat + - ./certs:/var/lib/quicprochat/certs:ro networks: - - qpq + - qpc deploy: resources: limits: @@ -63,7 +63,7 @@ services: soft: 65536 hard: 65536 healthcheck: - test: ["CMD", "test", "-f", "/var/lib/quicproquo/certs/server-cert.der"] + test: ["CMD", "test", "-f", "/var/lib/quicprochat/certs/server-cert.der"] interval: 30s timeout: 5s retries: 3 @@ -90,7 +90,7 @@ services: - '--storage.tsdb.retention.time=30d' - '--web.enable-lifecycle' networks: - - qpq + - qpc depends_on: - server @@ -108,6 +108,6 @@ services: - ./docs/operations/dashboards:/var/lib/grafana/dashboards:ro - ./docs/operations/grafana-provisioning:/etc/grafana/provisioning:ro networks: - - qpq + - qpc depends_on: - prometheus diff --git a/docker-compose.yml b/docker-compose.yml index c48e146..31e7b1c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: - "7000:7000" environment: RUST_LOG: "info" - QPQ_LISTEN: "0.0.0.0:7000" + QPC_LISTEN: "0.0.0.0:7000" # Healthcheck: attempt a TCP connection to port 7000. # Uses bash /dev/tcp — available in debian:bookworm-slim without extra packages. healthcheck: diff --git a/docker/Dockerfile b/docker/Dockerfile index ace2c26..aed50f1 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -12,60 +12,60 @@ WORKDIR /build # Copy manifests first so dependency layers are cached independently of source. COPY Cargo.toml Cargo.lock ./ -COPY crates/quicproquo-core/Cargo.toml crates/quicproquo-core/Cargo.toml -COPY crates/quicproquo-proto/Cargo.toml crates/quicproquo-proto/Cargo.toml -COPY crates/quicproquo-server/Cargo.toml crates/quicproquo-server/Cargo.toml -COPY crates/quicproquo-client/Cargo.toml crates/quicproquo-client/Cargo.toml -COPY crates/quicproquo-p2p/Cargo.toml crates/quicproquo-p2p/Cargo.toml -COPY crates/quicproquo-kt/Cargo.toml crates/quicproquo-kt/Cargo.toml -COPY crates/quicproquo-plugin-api/Cargo.toml crates/quicproquo-plugin-api/Cargo.toml -COPY crates/quicproquo-rpc/Cargo.toml crates/quicproquo-rpc/Cargo.toml -COPY crates/quicproquo-sdk/Cargo.toml crates/quicproquo-sdk/Cargo.toml +COPY crates/quicprochat-core/Cargo.toml crates/quicprochat-core/Cargo.toml +COPY crates/quicprochat-proto/Cargo.toml crates/quicprochat-proto/Cargo.toml +COPY crates/quicprochat-server/Cargo.toml crates/quicprochat-server/Cargo.toml +COPY crates/quicprochat-client/Cargo.toml crates/quicprochat-client/Cargo.toml +COPY crates/quicprochat-p2p/Cargo.toml crates/quicprochat-p2p/Cargo.toml +COPY crates/quicprochat-kt/Cargo.toml crates/quicprochat-kt/Cargo.toml +COPY crates/quicprochat-plugin-api/Cargo.toml crates/quicprochat-plugin-api/Cargo.toml +COPY crates/quicprochat-rpc/Cargo.toml crates/quicprochat-rpc/Cargo.toml +COPY crates/quicprochat-sdk/Cargo.toml crates/quicprochat-sdk/Cargo.toml # Create dummy source files so `cargo build` can resolve the dependency graph # and cache the compiled dependencies before copying real source. RUN mkdir -p \ - crates/quicproquo-core/src \ - crates/quicproquo-proto/src \ - crates/quicproquo-server/src \ - crates/quicproquo-client/src \ - crates/quicproquo-p2p/src \ - crates/quicproquo-kt/src \ - crates/quicproquo-plugin-api/src \ - crates/quicproquo-rpc/src \ - crates/quicproquo-sdk/src \ - && echo 'fn main() {}' > crates/quicproquo-server/src/main.rs \ - && echo 'fn main() {}' > crates/quicproquo-client/src/main.rs \ - && touch crates/quicproquo-core/src/lib.rs \ - && touch crates/quicproquo-proto/src/lib.rs \ - && touch crates/quicproquo-p2p/src/lib.rs \ - && touch crates/quicproquo-kt/src/lib.rs \ - && touch crates/quicproquo-plugin-api/src/lib.rs \ - && touch crates/quicproquo-rpc/src/lib.rs \ - && touch crates/quicproquo-sdk/src/lib.rs + crates/quicprochat-core/src \ + crates/quicprochat-proto/src \ + crates/quicprochat-server/src \ + crates/quicprochat-client/src \ + crates/quicprochat-p2p/src \ + crates/quicprochat-kt/src \ + crates/quicprochat-plugin-api/src \ + crates/quicprochat-rpc/src \ + crates/quicprochat-sdk/src \ + && echo 'fn main() {}' > crates/quicprochat-server/src/main.rs \ + && echo 'fn main() {}' > crates/quicprochat-client/src/main.rs \ + && touch crates/quicprochat-core/src/lib.rs \ + && touch crates/quicprochat-proto/src/lib.rs \ + && touch crates/quicprochat-p2p/src/lib.rs \ + && touch crates/quicprochat-kt/src/lib.rs \ + && touch crates/quicprochat-plugin-api/src/lib.rs \ + && touch crates/quicprochat-rpc/src/lib.rs \ + && touch crates/quicprochat-sdk/src/lib.rs # Schemas must exist before the proto crate's build.rs runs. COPY schemas/ schemas/ # Build dependencies only (source stubs mean this layer is cache-friendly). -RUN cargo build --release --bin qpq-server 2>/dev/null || true +RUN cargo build --release --bin qpc-server 2>/dev/null || true # Copy real source and build for real. COPY crates/ crates/ # Touch source to force re-compilation after copying real crates. RUN touch \ - crates/quicproquo-core/src/lib.rs \ - crates/quicproquo-proto/src/lib.rs \ - crates/quicproquo-p2p/src/lib.rs \ - crates/quicproquo-kt/src/lib.rs \ - crates/quicproquo-plugin-api/src/lib.rs \ - crates/quicproquo-rpc/src/lib.rs \ - crates/quicproquo-sdk/src/lib.rs \ - crates/quicproquo-server/src/main.rs \ - crates/quicproquo-client/src/main.rs + crates/quicprochat-core/src/lib.rs \ + crates/quicprochat-proto/src/lib.rs \ + crates/quicprochat-p2p/src/lib.rs \ + crates/quicprochat-kt/src/lib.rs \ + crates/quicprochat-plugin-api/src/lib.rs \ + crates/quicprochat-rpc/src/lib.rs \ + crates/quicprochat-sdk/src/lib.rs \ + crates/quicprochat-server/src/main.rs \ + crates/quicprochat-client/src/main.rs -RUN cargo build --release --bin qpq-server +RUN cargo build --release --bin qpc-server # ── Stage 2: Runtime ────────────────────────────────────────────────────────── # @@ -78,31 +78,31 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates \ && rm -rf /var/lib/apt/lists/* -COPY --from=builder /build/target/release/qpq-server /usr/local/bin/qpq-server +COPY --from=builder /build/target/release/qpc-server /usr/local/bin/qpc-server # Create a dedicated non-root user with a writable data directory. -RUN groupadd --system qpq \ - && useradd --system --gid qpq --no-create-home --shell /usr/sbin/nologin qpq \ - && mkdir -p /var/lib/quicproquo \ - && chown qpq:qpq /var/lib/quicproquo +RUN groupadd --system qpc \ + && useradd --system --gid qpc --no-create-home --shell /usr/sbin/nologin qpc \ + && mkdir -p /var/lib/quicprochat \ + && chown qpc:qpc /var/lib/quicprochat EXPOSE 7000 # Persistent data volume: TLS certs, SQLCipher DB, delivery queues, KT log. # Mount a named volume or host path here for data persistence across restarts: -# docker run -v qpq-data:/var/lib/quicproquo ... -VOLUME ["/var/lib/quicproquo"] +# docker run -v qpc-data:/var/lib/quicprochat ... +VOLUME ["/var/lib/quicprochat"] ENV RUST_LOG=info \ - QPQ_LISTEN=0.0.0.0:7000 \ - QPQ_DATA_DIR=/var/lib/quicproquo \ - QPQ_TLS_CERT=/var/lib/quicproquo/server-cert.der \ - QPQ_TLS_KEY=/var/lib/quicproquo/server-key.der \ - QPQ_PRODUCTION=true + QPC_LISTEN=0.0.0.0:7000 \ + QPC_DATA_DIR=/var/lib/quicprochat \ + QPC_TLS_CERT=/var/lib/quicprochat/server-cert.der \ + QPC_TLS_KEY=/var/lib/quicprochat/server-key.der \ + QPC_PRODUCTION=true HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ - CMD test -f /var/lib/quicproquo/server-cert.der || exit 1 + CMD test -f /var/lib/quicprochat/server-cert.der || exit 1 -USER qpq +USER qpc -CMD ["qpq-server"] +CMD ["qpc-server"] diff --git a/docker/Dockerfile.chat-test b/docker/Dockerfile.chat-test index 2d1b3b2..6b78c7b 100644 --- a/docker/Dockerfile.chat-test +++ b/docker/Dockerfile.chat-test @@ -12,45 +12,45 @@ WORKDIR /build # Copy manifests first so dependency layers are cached independently of source. COPY Cargo.toml Cargo.lock ./ -COPY crates/quicproquo-core/Cargo.toml crates/quicproquo-core/Cargo.toml -COPY crates/quicproquo-proto/Cargo.toml crates/quicproquo-proto/Cargo.toml -COPY crates/quicproquo-server/Cargo.toml crates/quicproquo-server/Cargo.toml -COPY crates/quicproquo-client/Cargo.toml crates/quicproquo-client/Cargo.toml -COPY crates/quicproquo-p2p/Cargo.toml crates/quicproquo-p2p/Cargo.toml +COPY crates/quicprochat-core/Cargo.toml crates/quicprochat-core/Cargo.toml +COPY crates/quicprochat-proto/Cargo.toml crates/quicprochat-proto/Cargo.toml +COPY crates/quicprochat-server/Cargo.toml crates/quicprochat-server/Cargo.toml +COPY crates/quicprochat-client/Cargo.toml crates/quicprochat-client/Cargo.toml +COPY crates/quicprochat-p2p/Cargo.toml crates/quicprochat-p2p/Cargo.toml # Create dummy source files so `cargo build` can resolve the dependency graph # and cache the compiled dependencies before copying real source. RUN mkdir -p \ - crates/quicproquo-core/src \ - crates/quicproquo-proto/src \ - crates/quicproquo-server/src \ - crates/quicproquo-client/src \ - crates/quicproquo-p2p/src \ - && echo 'fn main() {}' > crates/quicproquo-server/src/main.rs \ - && echo 'fn main() {}' > crates/quicproquo-client/src/main.rs \ - && touch crates/quicproquo-core/src/lib.rs \ - && touch crates/quicproquo-proto/src/lib.rs \ - && touch crates/quicproquo-p2p/src/lib.rs + crates/quicprochat-core/src \ + crates/quicprochat-proto/src \ + crates/quicprochat-server/src \ + crates/quicprochat-client/src \ + crates/quicprochat-p2p/src \ + && echo 'fn main() {}' > crates/quicprochat-server/src/main.rs \ + && echo 'fn main() {}' > crates/quicprochat-client/src/main.rs \ + && touch crates/quicprochat-core/src/lib.rs \ + && touch crates/quicprochat-proto/src/lib.rs \ + && touch crates/quicprochat-p2p/src/lib.rs # Schemas must exist before the proto crate's build.rs runs. COPY schemas/ schemas/ # Build dependencies only (source stubs mean this layer is cache-friendly). # The GUI crate is not included, so workspace resolution may fail — || true handles it. -RUN cargo build --release --bin qpq-server --bin qpq 2>/dev/null || true +RUN cargo build --release --bin qpc-server --bin qpc 2>/dev/null || true # Copy real source and build for real. COPY crates/ crates/ # Touch source to force re-compilation after copying real crates. RUN touch \ - crates/quicproquo-core/src/lib.rs \ - crates/quicproquo-proto/src/lib.rs \ - crates/quicproquo-p2p/src/lib.rs \ - crates/quicproquo-server/src/main.rs \ - crates/quicproquo-client/src/main.rs + crates/quicprochat-core/src/lib.rs \ + crates/quicprochat-proto/src/lib.rs \ + crates/quicprochat-p2p/src/lib.rs \ + crates/quicprochat-server/src/main.rs \ + crates/quicprochat-client/src/main.rs -RUN cargo build --release --bin qpq-server --bin qpq +RUN cargo build --release --bin qpc-server --bin qpc # ── Stage 2: Runtime ────────────────────────────────────────────────────────── # @@ -61,8 +61,8 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates \ && rm -rf /var/lib/apt/lists/* -COPY --from=builder /build/target/release/qpq-server /usr/local/bin/qpq-server -COPY --from=builder /build/target/release/qpq /usr/local/bin/qpq +COPY --from=builder /build/target/release/qpc-server /usr/local/bin/qpc-server +COPY --from=builder /build/target/release/qpc /usr/local/bin/qpc RUN mkdir -p /chat diff --git a/docker/docker-compose.chat-test.yml b/docker/docker-compose.chat-test.yml index f599860..306a691 100644 --- a/docker/docker-compose.chat-test.yml +++ b/docker/docker-compose.chat-test.yml @@ -14,7 +14,7 @@ services: context: .. dockerfile: docker/Dockerfile.chat-test command: >- - qpq-server + qpc-server --listen 0.0.0.0:7000 --data-dir /data --tls-cert /data/server-cert.der @@ -43,10 +43,10 @@ services: entrypoint: ["sleep", "infinity"] environment: RUST_LOG: warn - QPQ_ACCESS_TOKEN: devtoken - QPQ_CA_CERT: /data/server-cert.der - QPQ_SERVER_NAME: localhost - QPQ_SERVER: "server:7000" + QPC_ACCESS_TOKEN: devtoken + QPC_CA_CERT: /data/server-cert.der + QPC_SERVER_NAME: localhost + QPC_SERVER: "server:7000" volumes: - server-data:/data:ro working_dir: /chat @@ -65,10 +65,10 @@ services: entrypoint: ["sleep", "infinity"] environment: RUST_LOG: warn - QPQ_ACCESS_TOKEN: devtoken - QPQ_CA_CERT: /data/server-cert.der - QPQ_SERVER_NAME: localhost - QPQ_SERVER: "server:7000" + QPC_ACCESS_TOKEN: devtoken + QPC_CA_CERT: /data/server-cert.der + QPC_SERVER_NAME: localhost + QPC_SERVER: "server:7000" volumes: - server-data:/data:ro working_dir: /chat diff --git a/docs/FUTURE-IMPROVEMENTS.md b/docs/FUTURE-IMPROVEMENTS.md index 651e6bb..054dbc7 100644 --- a/docs/FUTURE-IMPROVEMENTS.md +++ b/docs/FUTURE-IMPROVEMENTS.md @@ -1,6 +1,6 @@ # Future Improvements -This document consolidates suggested improvements for quicproquo, drawn from the [roadmap](src/roadmap/milestones.md), [production readiness WBS](src/roadmap/production-readiness.md), [security audit](SECURITY-AUDIT.md), [production readiness audit](PRODUCTION-READINESS-AUDIT.md), and [future research](src/roadmap/future-research.md). Items are grouped by theme and ordered by impact and dependency. +This document consolidates suggested improvements for quicprochat, drawn from the [roadmap](src/roadmap/milestones.md), [production readiness WBS](src/roadmap/production-readiness.md), [security audit](SECURITY-AUDIT.md), [production readiness audit](PRODUCTION-READINESS-AUDIT.md), and [future research](src/roadmap/future-research.md). Items are grouped by theme and ordered by impact and dependency. --- @@ -98,7 +98,7 @@ This document consolidates suggested improvements for quicproquo, drawn from the ### 4.5 Docker user and writable paths - **Current:** Image runs as `nobody`; data dir may not be writable. -- **Improve:** Create a dedicated user/group in the image and set `QPQ_DATA_DIR` (and cert paths) to a directory writable by that user; document in deployment docs. +- **Improve:** Create a dedicated user/group in the image and set `QPC_DATA_DIR` (and cert paths) to a directory writable by that user; document in deployment docs. - **Ref:** [Production readiness audit § 15](PRODUCTION-READINESS-AUDIT.md). --- @@ -133,7 +133,7 @@ This document consolidates suggested improvements for quicproquo, drawn from the ### 6.1 P2P / NAT traversal (iroh, LibP2P) - **Goal:** Direct peer-to-peer when possible; server as optional relay/rendezvous. Reduces single-point-of-failure and can improve latency. -- **Ref:** [Future research § LibP2P / iroh](src/roadmap/future-research.md). The `quicproquo-p2p` crate is a starting point. +- **Ref:** [Future research § LibP2P / iroh](src/roadmap/future-research.md). The `quicprochat-p2p` crate is a starting point. ### 6.2 WebTransport (browser client) diff --git a/docs/PRODUCTION-READINESS-AUDIT.md b/docs/PRODUCTION-READINESS-AUDIT.md index f465173..c0f9225 100644 --- a/docs/PRODUCTION-READINESS-AUDIT.md +++ b/docs/PRODUCTION-READINESS-AUDIT.md @@ -1,6 +1,6 @@ # Production Readiness Audit -This document summarizes issues and fixes needed to get quicproquo production-ready, based on a codebase review. It aligns with the existing [Production Readiness WBS](src/roadmap/production-readiness.md) and [Coding Standards](src/contributing/coding-standards.md). +This document summarizes issues and fixes needed to get quicprochat production-ready, based on a codebase review. It aligns with the existing [Production Readiness WBS](src/roadmap/production-readiness.md) and [Coding Standards](src/contributing/coding-standards.md). --- @@ -10,7 +10,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re - **README and example config** use `auth_token = "devtoken"` and `db_key = ""`. - **Risk:** Deploying with default/example config allows weak or no auth and unencrypted DB. -- **Fix:** Require explicit `QPQ_AUTH_TOKEN` (or config) in production; reject empty or `"devtoken"` when a production mode/env is set. Document that `db_key` empty disables SQLCipher and is not acceptable for production. +- **Fix:** Require explicit `QPC_AUTH_TOKEN` (or config) in production; reject empty or `"devtoken"` when a production mode/env is set. Document that `db_key` empty disables SQLCipher and is not acceptable for production. ### 2. **Database encryption optional** @@ -19,15 +19,15 @@ This document summarizes issues and fixes needed to get quicproquo production-re ### 3. **Secrets and generated files not ignored** -- **`.gitignore`** does not include `data/`, so `data/server-cert.der`, `data/server-key.der`, and `data/qpq.db` could be committed. +- **`.gitignore`** does not include `data/`, so `data/server-cert.der`, `data/server-key.der`, and `data/qpc.db` could be committed. - **Fix:** Add `data/` (and any other dirs that hold certs, keys, or DBs) to `.gitignore`. Consider adding `*.der` and `*.db` if used only for local/dev. ### 4. **Dockerfile out of sync with workspace** -- **Workspace** has 5 members including `crates/quicproquo-p2p`. -- **Dockerfile** only copies 4 crate manifests and creates stub dirs for those 4; it never copies `quicproquo-p2p`. -- **Result:** `cargo build --release --bin quicproquo-server` can fail (missing workspace member) or behave inconsistently. -- **Fix:** Add `COPY crates/quicproquo-p2p/Cargo.toml` and a stub `crates/quicproquo-p2p/src` (or equivalent) in the dependency-cache layer so the workspace resolves. Ensure the final `COPY crates/ crates/` still brings in real p2p source. +- **Workspace** has 5 members including `crates/quicprochat-p2p`. +- **Dockerfile** only copies 4 crate manifests and creates stub dirs for those 4; it never copies `quicprochat-p2p`. +- **Result:** `cargo build --release --bin quicprochat-server` can fail (missing workspace member) or behave inconsistently. +- **Fix:** Add `COPY crates/quicprochat-p2p/Cargo.toml` and a stub `crates/quicprochat-p2p/src` (or equivalent) in the dependency-cache layer so the workspace resolves. Ensure the final `COPY crates/ crates/` still brings in real p2p source. ### 5. **E2E test failing (rustls CryptoProvider)** @@ -41,7 +41,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re ### 6. **Panic risk in client RPC path** -- **`quicproquo-client/src/lib.rs`:** `set_auth()` uses `.expect("init_auth must be called with a non-empty token before RPCs")`. If RPC is called without `init_auth`, the process panics. +- **`quicprochat-client/src/lib.rs`:** `set_auth()` uses `.expect("init_auth must be called with a non-empty token before RPCs")`. If RPC is called without `init_auth`, the process panics. - **Fix:** Replace with a `Result` or an error return (e.g. a dedicated error type) so callers get a recoverable error instead of a panic. Document that `init_auth` must be called before RPCs. ### 7. **Mutex `.unwrap()` in production paths** @@ -95,7 +95,7 @@ This document summarizes issues and fixes needed to get quicproquo production-re ### 15. **Docker image runs as `nobody`** - **Dockerfile** uses `USER nobody`. Good for not running as root, but `nobody` may not have a writable home or data dir. -- **Fix:** Ensure `QPQ_DATA_DIR` (and cert paths) point to a directory writable by `nobody`, or create a dedicated user/group with a known UID and use that in the Dockerfile and docs. +- **Fix:** Ensure `QPC_DATA_DIR` (and cert paths) point to a directory writable by `nobody`, or create a dedicated user/group with a known UID and use that in the Dockerfile and docs. --- diff --git a/docs/SECURITY-AUDIT.md b/docs/SECURITY-AUDIT.md index 090abe7..0652407 100644 --- a/docs/SECURITY-AUDIT.md +++ b/docs/SECURITY-AUDIT.md @@ -1,6 +1,6 @@ # Security Audit -This document is a security audit of the quicproquo codebase as of the audit date. It aligns with the [Threat Model](src/cryptography/threat-model.md) and [Production Readiness Audit](PRODUCTION-READINESS-AUDIT.md). The project has **not** undergone a formal third-party audit; this is an internal review. +This document is a security audit of the quicprochat codebase as of the audit date. It aligns with the [Threat Model](src/cryptography/threat-model.md) and [Production Readiness Audit](PRODUCTION-READINESS-AUDIT.md). The project has **not** undergone a formal third-party audit; this is an internal review. --- @@ -24,19 +24,19 @@ This document is a security audit of the quicproquo codebase as of the audit dat ### 1.1 Token comparison -- **Location:** `crates/quicproquo-server/src/auth.rs` +- **Location:** `crates/quicprochat-server/src/auth.rs` - **Finding:** Bearer token and identity key comparisons use `subtle::ConstantTimeEq` (`ct_eq`). Length is checked before comparison where applicable. - **Status:** ✅ No timing leakage from token or identity comparison. ### 1.2 Session token generation -- **Location:** `crates/quicproquo-server/src/node_service/auth_ops.rs` (login finish) +- **Location:** `crates/quicprochat-server/src/node_service/auth_ops.rs` (login finish) - **Finding:** Session tokens are 32 bytes from `rand::RngCore::fill_bytes(&mut rand::rngs::OsRng, &mut token)`. Stored in `sessions` with TTL (24h). Expired sessions are removed on next use. - **Status:** ✅ Cryptographically strong, single-use style (opaque 32-byte token). ### 1.3 OPAQUE (RFC 9497) -- **Location:** `crates/quicproquo-core/src/opaque_auth.rs`, server `auth_ops.rs` +- **Location:** `crates/quicprochat-core/src/opaque_auth.rs`, server `auth_ops.rs` - **Finding:** Shared `OpaqueSuite` (Ristretto255, Triple-DH, Argon2id). Server never sees password. Registration and login flows use `ServerRegistration`/`ServerLogin` correctly. Pending login state is stored server-side and removed on consume. Identity key is bound at login finish; mismatch returns E016 and is not logged with secrets. - **DoS:** Pending-login check runs **before** expensive OPAQUE work (login start); repeated attempts for the same username within 60s are rejected early. - **Status:** ✅ Correct usage; DoS mitigation in place. @@ -52,19 +52,19 @@ This document is a security audit of the quicproquo codebase as of the audit dat ### 2.1 MLS and identity -- **Location:** `quicproquo-core` (group, identity, keypackage) +- **Location:** `quicprochat-core` (group, identity, keypackage) - **Finding:** MLS ciphersuite `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519` (RFC 9420). Ed25519 identity seed stored in `Zeroizing<[u8; 32]>`; zeroize-on-drop. KeyPackages validated for ciphersuite before server stores. Single-use KeyPackage semantics enforced (consume-on-fetch). - **Status:** ✅ Aligns with key lifecycle and zeroization goals. ### 2.2 Hybrid KEM (X25519 + ML-KEM-768) -- **Location:** `crates/quicproquo-core/src/hybrid_kem.rs` -- **Finding:** Hybrid keypair and shared secrets use `Zeroizing` where appropriate. HKDF domain separation (`quicproquo-hybrid-v1`). ChaCha20-Poly1305 for AEAD. Versioned envelope. +- **Location:** `crates/quicprochat-core/src/hybrid_kem.rs` +- **Finding:** Hybrid keypair and shared secrets use `Zeroizing` where appropriate. HKDF domain separation (`quicprochat-hybrid-v1`). ChaCha20-Poly1305 for AEAD. Versioned envelope. - **Status:** ✅ PQ-ready envelope layer; secret handling is careful. ### 2.3 Client state encryption (QPCE) -- **Location:** `crates/quicproquo-client/src/client/state.rs` +- **Location:** `crates/quicprochat-client/src/client/state.rs` - **Finding:** Optional password protection: Argon2id (default params) for key derivation, ChaCha20-Poly1305, random salt and nonce. Derived key held in `Zeroizing` during use. Unencrypted state is a documented option (e.g. dev). - **Recommendation:** Document Argon2 params (memory, iterations) for auditability; consider explicit `Argon2::new()` with named params in a future revision. - **Status:** ✅ Appropriate for optional at-rest protection. @@ -75,13 +75,13 @@ This document is a security audit of the quicproquo codebase as of the audit dat ### 3.1 Server TLS -- **Location:** `crates/quicproquo-server/src/tls.rs` +- **Location:** `crates/quicprochat-server/src/tls.rs` - **Finding:** TLS 1.3 only. No client cert. ALPN `capnp`. When not in production, missing cert/key triggers self-signed generation; key file permissions set to `0o600` on Unix. Production mode requires existing cert/key (no auto-generation). - **Status:** ✅ Matches documented design; self-signed limitation is documented in threat model. ### 3.2 Client TLS -- **Location:** `crates/quicproquo-client/src/client/rpc.rs` +- **Location:** `crates/quicprochat-client/src/client/rpc.rs` - **Finding:** Client loads CA cert from file, builds `RootCertStore` with that single cert, uses it for server verification. Server name from CLI/env is used for connection (SNI and cert verification). No custom bypass. - **Status:** ✅ Proper verification against provided CA; trust-on-first-use / self-signed caveat is documented. @@ -106,7 +106,7 @@ This document is a security audit of the quicproquo codebase as of the audit dat ### 4.2 Rate limiting -- **Location:** `crates/quicproquo-server/src/auth.rs`, `delivery.rs` +- **Location:** `crates/quicprochat-server/src/auth.rs`, `delivery.rs` - **Finding:** Per-token rate limit (e.g. 100 enqueues per 60s). Enqueue path checks before storage. Queue depth and payload size caps (1000 messages, 5 MB) enforced. - **Status:** ✅ Limits in place to curb abuse and DoS. @@ -156,11 +156,11 @@ These remain as documented, not new findings: ### 8.1 High value - **Dependency audit:** Run `cargo install cargo-audit` then `cargo audit` locally (and in CI if available) to check for known-vulnerable dependencies. Fix or document any findings. See [Checking dependencies](#checking-dependencies) below. -- **Argon2 params:** Implemented: client state KDF now uses explicit Argon2id parameters (19 MiB memory, 2 iterations, 1 lane) in `quicproquo-client` so they are auditable. +- **Argon2 params:** Implemented: client state KDF now uses explicit Argon2id parameters (19 MiB memory, 2 iterations, 1 lane) in `quicprochat-client` so they are auditable. ### 8.2 Medium value -- **Certificate pinning:** To pin the server, use the server's certificate as the client's `ca_cert` (e.g. copy `server-cert.der` from the server and pass it via `--ca-cert` or `QPQ_CA_CERT`). Do not use a general CA unless you intend to trust that CA for all servers. See [Certificate pinning](#certificate-pinning) below. +- **Certificate pinning:** To pin the server, use the server's certificate as the client's `ca_cert` (e.g. copy `server-cert.der` from the server and pass it via `--ca-cert` or `QPC_CA_CERT`). Do not use a general CA unless you intend to trust that CA for all servers. See [Certificate pinning](#certificate-pinning) below. - **Health endpoint:** The `health` RPC is unauthenticated by design for liveness probes and load balancers; this is documented in code and in this audit. ### 8.3 Lower priority @@ -208,7 +208,7 @@ Fix or document any reported issues. Running `cargo audit` in CI (e.g. GitHub Ac ## Certificate pinning -The client trusts the server certificate(s) in the file given by `--ca-cert` (or `QPQ_CA_CERT`). To **pin** a specific server: +The client trusts the server certificate(s) in the file given by `--ca-cert` (or `QPC_CA_CERT`). To **pin** a specific server: 1. Obtain the server's certificate (e.g. copy `data/server-cert.der` from the server, or export from your deployment). 2. Use that file as the client's `ca_cert`. The client will only connect to a server that presents that exact certificate (or chain). diff --git a/docs/openwrt.md b/docs/openwrt.md index 9157607..4590c3a 100644 --- a/docs/openwrt.md +++ b/docs/openwrt.md @@ -1,6 +1,6 @@ # OpenWrt Deployment Guide -Run quicproquo on OpenWrt routers for mesh-capable, always-on encrypted messaging at the network edge. +Run quicprochat on OpenWrt routers for mesh-capable, always-on encrypted messaging at the network edge. ## Supported Targets @@ -44,10 +44,10 @@ CARGO_PROFILE_RELEASE_OPT_LEVEL=s \ CARGO_PROFILE_RELEASE_LTO=true \ CARGO_PROFILE_RELEASE_CODEGEN_UNITS=1 \ CARGO_PROFILE_RELEASE_STRIP=symbols \ -cargo zigbuild --release --target x86_64-unknown-linux-musl --bin qpq-server +cargo zigbuild --release --target x86_64-unknown-linux-musl --bin qpc-server ``` -The binary lands at `target//release/qpq-server`. Target size: under 5 MB. +The binary lands at `target//release/qpc-server`. Target size: under 5 MB. ## OpenWrt Package Installation @@ -55,14 +55,14 @@ The binary lands at `target//release/qpq-server`. Target size: under 5 M ```bash # Copy binary to router -scp target/aarch64-unknown-linux-musl/release/qpq-server root@router:/usr/bin/ +scp target/aarch64-unknown-linux-musl/release/qpc-server root@router:/usr/bin/ # Copy init script and config -scp packaging/openwrt/files/quicproquo.init root@router:/etc/init.d/quicproquo -scp packaging/openwrt/files/quicproquo.uci root@router:/etc/config/quicproquo +scp packaging/openwrt/files/quicprochat.init root@router:/etc/init.d/quicprochat +scp packaging/openwrt/files/quicprochat.uci root@router:/etc/config/quicprochat # Enable and start -ssh root@router 'chmod +x /etc/init.d/quicproquo && /etc/init.d/quicproquo enable && /etc/init.d/quicproquo start' +ssh root@router 'chmod +x /etc/init.d/quicprochat && /etc/init.d/quicprochat enable && /etc/init.d/quicprochat start' ``` ### Option 2: opkg package feed @@ -71,28 +71,28 @@ Add the feed to your OpenWrt build system: ```bash # In your OpenWrt buildroot, add to feeds.conf: -echo "src-link quicproquo /path/to/quicproquo/packaging/openwrt" >> feeds.conf +echo "src-link quicprochat /path/to/quicprochat/packaging/openwrt" >> feeds.conf # Update and install -./scripts/feeds update quicproquo -./scripts/feeds install quicproquo +./scripts/feeds update quicprochat +./scripts/feeds install quicprochat -# Select in menuconfig: Network -> quicproquo +# Select in menuconfig: Network -> quicprochat make menuconfig -make package/quicproquo/compile V=s +make package/quicprochat/compile V=s ``` ## Configuration -The server is configured via UCI at `/etc/config/quicproquo`: +The server is configured via UCI at `/etc/config/quicprochat`: ``` config server 'server' option listen '0.0.0.0:7000' - option data_dir '/var/lib/quicproquo' + option data_dir '/var/lib/quicprochat' option log_level 'info' - option tls_cert '/var/lib/quicproquo/server-cert.der' - option tls_key '/var/lib/quicproquo/server-key.der' + option tls_cert '/var/lib/quicprochat/server-cert.der' + option tls_key '/var/lib/quicprochat/server-key.der' option production '1' ``` @@ -101,7 +101,7 @@ config server 'server' | Option | Default | Description | |--------------|------------------------------------------|----------------------------------| | `listen` | `0.0.0.0:7000` | QUIC listen address | -| `data_dir` | `/var/lib/quicproquo` | Persistent data directory | +| `data_dir` | `/var/lib/quicprochat` | Persistent data directory | | `log_level` | `info` | RUST_LOG filter | | `tls_cert` | `/server-cert.der` | TLS certificate path (DER) | | `tls_key` | `/server-key.der` | TLS private key path (DER) | @@ -111,15 +111,15 @@ config server 'server' ```bash # Start / stop / restart -/etc/init.d/quicproquo start -/etc/init.d/quicproquo stop -/etc/init.d/quicproquo restart +/etc/init.d/quicprochat start +/etc/init.d/quicprochat stop +/etc/init.d/quicprochat restart # Enable at boot -/etc/init.d/quicproquo enable +/etc/init.d/quicprochat enable # View logs -logread -e quicproquo +logread -e quicprochat ``` ## Binary Size Optimization diff --git a/docs/operations/backup-restore.md b/docs/operations/backup-restore.md index a17e56e..dd13af6 100644 --- a/docs/operations/backup-restore.md +++ b/docs/operations/backup-restore.md @@ -1,15 +1,15 @@ # Backup and Restore Procedures -This document covers backup and restore for all quicproquo server data stores. +This document covers backup and restore for all quicprochat server data stores. ## Data Inventory | Data | Location | Backend | Contains | |------|----------|---------|----------| -| SQLCipher DB | `QPQ_DB_PATH` (default `data/qpq.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation | -| File store | `QPQ_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state | -| Blob storage | `QPQ_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs | -| TLS certificates | `QPQ_TLS_CERT`, `QPQ_TLS_KEY` | DER files | Server identity | +| SQLCipher DB | `QPC_DB_PATH` (default `data/qpc.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation | +| File store | `QPC_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state | +| Blob storage | `QPC_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs | +| TLS certificates | `QPC_TLS_CERT`, `QPC_TLS_KEY` | DER files | Server identity | | OPAQUE ServerSetup | Inside DB or file store | Persisted | OPAQUE credential state (critical for auth) | | Server signing key | Inside DB or file store | Persisted | Ed25519 key for delivery proofs | | KT Merkle log | Inside DB or file store | Persisted | Key transparency audit log | @@ -22,13 +22,13 @@ SQLCipher supports the `.backup` command while the server is running (WAL mode a ```bash # 1. Open the encrypted database with the same key -sqlite3 data/qpq.db +sqlite3 data/qpc.db # 2. At the sqlite3 prompt, set the encryption key PRAGMA key = 'your-db-key-here'; # 3. Perform an online backup -.backup /backups/qpq-$(date +%Y%m%d-%H%M%S).db +.backup /backups/qpc-$(date +%Y%m%d-%H%M%S).db .quit ``` @@ -39,11 +39,11 @@ PRAGMA key = 'your-db-key-here'; #!/bin/bash set -euo pipefail -BACKUP_DIR="/backups/qpq" -DB_PATH="${QPQ_DB_PATH:-data/qpq.db}" -DB_KEY="${QPQ_DB_KEY}" +BACKUP_DIR="/backups/qpc" +DB_PATH="${QPC_DB_PATH:-data/qpc.db}" +DB_KEY="${QPC_DB_KEY}" TIMESTAMP=$(date +%Y%m%d-%H%M%S) -BACKUP_FILE="${BACKUP_DIR}/qpq-${TIMESTAMP}.db" +BACKUP_FILE="${BACKUP_DIR}/qpc-${TIMESTAMP}.db" mkdir -p "$BACKUP_DIR" @@ -58,40 +58,40 @@ sqlite3 "$BACKUP_FILE" "PRAGMA key = '${DB_KEY}'; PRAGMA integrity_check;" \ || { echo "ERROR: backup verification failed"; exit 1; } # Retain last 7 daily backups -find "$BACKUP_DIR" -name 'qpq-*.db' -mtime +7 -delete +find "$BACKUP_DIR" -name 'qpc-*.db' -mtime +7 -delete ``` ### Cold Backup (Offline) ```bash # 1. Stop the server -systemctl stop qpq-server # or docker compose stop server +systemctl stop qpc-server # or docker compose stop server # 2. Copy the database file -cp data/qpq.db /backups/qpq-$(date +%Y%m%d).db +cp data/qpc.db /backups/qpc-$(date +%Y%m%d).db # 3. Copy the WAL and SHM files if they exist -cp data/qpq.db-wal /backups/ 2>/dev/null || true -cp data/qpq.db-shm /backups/ 2>/dev/null || true +cp data/qpc.db-wal /backups/ 2>/dev/null || true +cp data/qpc.db-shm /backups/ 2>/dev/null || true # 4. Restart the server -systemctl start qpq-server +systemctl start qpc-server ``` ## File Backend Backup -When using `store_backend=file`, data is stored as bincode files under `QPQ_DATA_DIR`. +When using `store_backend=file`, data is stored as bincode files under `QPC_DATA_DIR`. ```bash # Full directory backup -tar czf /backups/qpq-data-$(date +%Y%m%d-%H%M%S).tar.gz \ - -C "$(dirname "${QPQ_DATA_DIR:-data}")" \ - "$(basename "${QPQ_DATA_DIR:-data}")" +tar czf /backups/qpc-data-$(date +%Y%m%d-%H%M%S).tar.gz \ + -C "$(dirname "${QPC_DATA_DIR:-data}")" \ + "$(basename "${QPC_DATA_DIR:-data}")" ``` ## Blob Storage Backup -Blobs are stored in `QPQ_DATA_DIR/blobs/`. These are immutable once written. +Blobs are stored in `QPC_DATA_DIR/blobs/`. These are immutable once written. ```bash # Incremental rsync (blobs are write-once, ideal for rsync) @@ -117,38 +117,38 @@ cp data/federation-ca.der /backups/tls/federation-ca.der 2>/dev/null || true ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Move the current (corrupt/lost) database aside -mv data/qpq.db data/qpq.db.broken 2>/dev/null || true -rm -f data/qpq.db-wal data/qpq.db-shm +mv data/qpc.db data/qpc.db.broken 2>/dev/null || true +rm -f data/qpc.db-wal data/qpc.db-shm # 3. Copy the backup in place -cp /backups/qpq-20260304.db data/qpq.db +cp /backups/qpc-20260304.db data/qpc.db # 4. Verify integrity -sqlite3 data/qpq.db "PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check;" +sqlite3 data/qpc.db "PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check;" # 5. Start the server (migrations will apply automatically if needed) -systemctl start qpq-server +systemctl start qpc-server ``` ### Restore File Backend ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Replace the data directory mv data data.broken 2>/dev/null || true -tar xzf /backups/qpq-data-20260304.tar.gz -C . +tar xzf /backups/qpc-data-20260304.tar.gz -C . # 3. Restore TLS certs if not included in the data backup cp /backups/tls/server-cert.der data/server-cert.der cp /backups/tls/server-key.der data/server-key.der # 4. Start the server -systemctl start qpq-server +systemctl start qpc-server ``` ### Restore Blobs Only @@ -170,16 +170,16 @@ rsync -av /backups/blobs/ data/blobs/ ```cron # SQLCipher hot backup every 6 hours -0 */6 * * * /opt/qpq/scripts/backup-db.sh >> /var/log/qpq-backup.log 2>&1 +0 */6 * * * /opt/qpc/scripts/backup-db.sh >> /var/log/qpc-backup.log 2>&1 # Full data directory daily at 02:00 -0 2 * * * tar czf /backups/qpq-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicproquo +0 2 * * * tar czf /backups/qpc-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicprochat # Blob sync every hour -0 * * * * rsync -a /var/lib/quicproquo/blobs/ /backups/blobs/ +0 * * * * rsync -a /var/lib/quicprochat/blobs/ /backups/blobs/ # Prune backups older than 30 days -0 3 * * 0 find /backups -name 'qpq-*' -mtime +30 -delete +0 3 * * 0 find /backups -name 'qpc-*' -mtime +30 -delete ``` ## Verification @@ -188,11 +188,11 @@ Always verify backups after creation: ```bash # SQLCipher integrity check -sqlite3 /backups/qpq-latest.db \ - "PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;" +sqlite3 /backups/qpc-latest.db \ + "PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;" # File backend: check the archive is valid -tar tzf /backups/qpq-data-latest.tar.gz > /dev/null +tar tzf /backups/qpc-data-latest.tar.gz > /dev/null # TLS cert: check it parses and is not expired openssl x509 -inform DER -in /backups/tls/server-cert.der -noout -dates diff --git a/docs/operations/dashboards/qpq-overview.json b/docs/operations/dashboards/qpc-overview.json similarity index 97% rename from docs/operations/dashboards/qpq-overview.json rename to docs/operations/dashboards/qpc-overview.json index 39690b7..93badf0 100644 --- a/docs/operations/dashboards/qpq-overview.json +++ b/docs/operations/dashboards/qpc-overview.json @@ -42,10 +42,10 @@ } ], "id": null, - "uid": "qpq-overview", - "title": "quicproquo Server Overview", - "description": "Operational dashboard for quicproquo server instances", - "tags": ["quicproquo", "qpq"], + "uid": "qpc-overview", + "title": "quicprochat Server Overview", + "description": "Operational dashboard for quicprochat server instances", + "tags": ["quicprochat", "qpc"], "timezone": "browser", "editable": true, "graphTooltip": 1, @@ -61,7 +61,7 @@ "gridPos": { "h": 4, "w": 4, "x": 0, "y": 0 }, "targets": [ { - "expr": "up{job=\"qpq-server\"}", + "expr": "up{job=\"qpc-server\"}", "legendFormat": "{{instance}}" } ], diff --git a/docs/operations/grafana-provisioning/dashboards/default.yml b/docs/operations/grafana-provisioning/dashboards/default.yml index d253e67..cc375b6 100644 --- a/docs/operations/grafana-provisioning/dashboards/default.yml +++ b/docs/operations/grafana-provisioning/dashboards/default.yml @@ -3,7 +3,7 @@ apiVersion: 1 providers: - name: 'default' orgId: 1 - folder: 'quicproquo' + folder: 'quicprochat' type: file disableDeletion: false editable: true diff --git a/docs/operations/incident-response.md b/docs/operations/incident-response.md index d3da08b..1bb2df8 100644 --- a/docs/operations/incident-response.md +++ b/docs/operations/incident-response.md @@ -1,6 +1,6 @@ # Incident Response Playbook -This document provides procedures for responding to common operational incidents in a quicproquo deployment. +This document provides procedures for responding to common operational incidents in a quicprochat deployment. ## Severity Levels @@ -20,7 +20,7 @@ This document provides procedures for responding to common operational incidents ```bash # Check server logs -journalctl -u qpq-server --since "10 min ago" --no-pager +journalctl -u qpc-server --since "10 min ago" --no-pager # Docker docker compose logs --tail=50 server @@ -39,17 +39,17 @@ ls -la data/server-cert.der data/server-key.der **Missing auth token (production mode)** ```bash -# Production requires QPQ_AUTH_TOKEN >= 16 chars, not "devtoken" -echo $QPQ_AUTH_TOKEN | wc -c +# Production requires QPC_AUTH_TOKEN >= 16 chars, not "devtoken" +echo $QPC_AUTH_TOKEN | wc -c ``` **Database locked or corrupt** ```bash # Check if another process holds the database -fuser data/qpq.db +fuser data/qpc.db # Verify database integrity -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA integrity_check;" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA integrity_check;" ``` **Port already in use** @@ -69,12 +69,12 @@ ss -tlnp | grep 7000 ```bash # 1. Check if the process is running -systemctl status qpq-server +systemctl status qpc-server # or: docker compose ps # 2. Check resource usage -top -bn1 | grep qpq -df -h /var/lib/quicproquo +top -bn1 | grep qpc +df -h /var/lib/quicprochat free -h # 3. Check QUIC port is reachable @@ -90,10 +90,10 @@ journalctl -k | grep -i oom ```bash # Restart the service -systemctl restart qpq-server +systemctl restart qpc-server # If OOM: increase memory limit -systemctl edit qpq-server --force +systemctl edit qpc-server --force # MemoryMax=2G # If disk full: see "Storage Full" incident below @@ -110,15 +110,15 @@ systemctl edit qpq-server --force ```bash # Check disk usage -df -h /var/lib/quicproquo -du -sh /var/lib/quicproquo/* +df -h /var/lib/quicprochat +du -sh /var/lib/quicprochat/* # Check largest files -du -a /var/lib/quicproquo | sort -rn | head -20 +du -a /var/lib/quicprochat | sort -rn | head -20 # Check blob storage specifically -du -sh /var/lib/quicproquo/blobs/ -find /var/lib/quicproquo/blobs/ -type f | wc -l +du -sh /var/lib/quicprochat/blobs/ +find /var/lib/quicprochat/blobs/ -type f | wc -l ``` ### Recovery @@ -128,8 +128,8 @@ find /var/lib/quicproquo/blobs/ -type f | wc -l # but if it's behind, you can trigger manual cleanup) # For SQL backend: delete expired delivery messages -sqlite3 data/qpq.db <<'EOF' -PRAGMA key = '${QPQ_DB_KEY}'; +sqlite3 data/qpc.db <<'EOF' +PRAGMA key = '${QPC_DB_KEY}'; DELETE FROM delivery_queue WHERE expires_at IS NOT NULL AND expires_at < unixepoch(); VACUUM; EOF @@ -142,10 +142,10 @@ EOF # Then: resize2fs /dev/xvdf # 4. Move to a larger disk -systemctl stop qpq-server -rsync -av /var/lib/quicproquo/ /mnt/new-volume/quicproquo/ -# Update QPQ_DATA_DIR and QPQ_DB_PATH to point to the new location -systemctl start qpq-server +systemctl stop qpc-server +rsync -av /var/lib/quicprochat/ /mnt/new-volume/quicprochat/ +# Update QPC_DATA_DIR and QPC_DB_PATH to point to the new location +systemctl start qpc-server ``` ### Prevention @@ -188,10 +188,10 @@ iptables -A INPUT -s -j DROP # (Cloudflare Spectrum, AWS Shield, etc.) # 4. If the server is overwhelmed, restart to clear state -systemctl restart qpq-server +systemctl restart qpc-server # 5. Enable log redaction to reduce I/O pressure during attacks -# Set QPQ_REDACT_LOGS=true +# Set QPC_REDACT_LOGS=true ``` ## Incident: Key Compromise @@ -210,7 +210,7 @@ NEW_TOKEN=$(openssl rand -base64 32) # 3. Notify all legitimate clients of the new token # 4. Review logs for unauthorized access -journalctl -u qpq-server | grep "auth_login_success" | tail -100 +journalctl -u qpc-server | grep "auth_login_success" | tail -100 ``` ### TLS Private Key Compromised @@ -225,7 +225,7 @@ journalctl -u qpq-server | grep "auth_login_success" | tail -100 # (procedure depends on your CA) # 3. Restart the server with the new certificate -systemctl restart qpq-server +systemctl restart qpc-server # 4. If clients pin certificates, notify them of the change ``` @@ -236,7 +236,7 @@ systemctl restart qpq-server ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Rekey the database immediately # See: key-rotation.md "Database Encryption Key Rotation" @@ -278,8 +278,8 @@ top -bn1 | head -20 iostat -x 1 3 # 2. Check database performance -sqlite3 data/qpq.db <<'EOF' -PRAGMA key = '${QPQ_DB_KEY}'; +sqlite3 data/qpc.db <<'EOF' +PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check; PRAGMA wal_checkpoint(PASSIVE); -- Check table sizes @@ -296,10 +296,10 @@ curl -s http://localhost:9090/metrics | grep delivery_queue_depth ```bash # 1. Checkpoint the WAL (reduces WAL file size) -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA wal_checkpoint(TRUNCATE);" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA wal_checkpoint(TRUNCATE);" # 2. VACUUM to reclaim space and defragment -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; VACUUM;" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; VACUUM;" # 3. If the queue is huge, check for clients not fetching # (delivery_queue rows accumulate when clients are offline) @@ -323,7 +323,7 @@ openssl x509 -inform DER -in data/server-cert.der -noout -enddate # See: key-rotation.md "TLS Certificate Rotation" # 3. Verify the new certificate is loaded -journalctl -u qpq-server --since "1 min ago" | grep -i cert +journalctl -u qpc-server --since "1 min ago" | grep -i cert ``` ## Post-Incident Checklist diff --git a/docs/operations/key-rotation.md b/docs/operations/key-rotation.md index ba7e105..324eb2b 100644 --- a/docs/operations/key-rotation.md +++ b/docs/operations/key-rotation.md @@ -1,10 +1,10 @@ # Key Rotation Procedures -This document provides step-by-step procedures for rotating all cryptographic material in a quicproquo deployment. +This document provides step-by-step procedures for rotating all cryptographic material in a quicprochat deployment. ## Auth Token Rotation -The auth token (`QPQ_AUTH_TOKEN`) is used for bearer-token authentication (auth version 1). OPAQUE-authenticated sessions are not affected by token rotation. +The auth token (`QPC_AUTH_TOKEN`) is used for bearer-token authentication (auth version 1). OPAQUE-authenticated sessions are not affected by token rotation. ### Procedure @@ -15,22 +15,22 @@ echo "New token: $NEW_TOKEN" # 2. Update the config file or environment # Option A: TOML config file -sed -i "s/^auth_token = .*/auth_token = \"$NEW_TOKEN\"/" qpq-server.toml +sed -i "s/^auth_token = .*/auth_token = \"$NEW_TOKEN\"/" qpc-server.toml # Option B: Environment variable (systemd) -systemctl edit qpq-server --force -# Add: Environment=QPQ_AUTH_TOKEN= +systemctl edit qpc-server --force +# Add: Environment=QPC_AUTH_TOKEN= # Option C: Docker Compose -# Update QPQ_AUTH_TOKEN in docker-compose.prod.yml or .env file +# Update QPC_AUTH_TOKEN in docker-compose.prod.yml or .env file # 3. Restart the server -systemctl restart qpq-server +systemctl restart qpc-server # or: docker compose restart server # 4. Update all clients with the new token # Clients using OPAQUE auth are unaffected. -# Clients using bearer-token auth must update their QPQ_ACCESS_TOKEN. +# Clients using bearer-token auth must update their QPC_ACCESS_TOKEN. ``` ### Impact @@ -49,7 +49,7 @@ The server uses DER-encoded X.509 certificates for QUIC TLS 1.3. The server vali # 1. Obtain a new certificate (example with Let's Encrypt / certbot) certbot certonly --standalone -d chat.example.com -# 2. Convert PEM to DER format (qpq-server expects DER) +# 2. Convert PEM to DER format (qpc-server expects DER) openssl x509 -in /etc/letsencrypt/live/chat.example.com/fullchain.pem \ -outform DER -out /tmp/server-cert.der @@ -71,10 +71,10 @@ cp /tmp/server-key.der data/server-key.der openssl x509 -inform DER -in data/server-cert.der -noout -text | head -20 # 7. Restart the server (QUIC requires restart for new TLS config) -systemctl restart qpq-server +systemctl restart qpc-server # 8. Verify the server started with the new certificate -journalctl -u qpq-server --since "1 min ago" | grep -i tls +journalctl -u qpc-server --since "1 min ago" | grep -i tls ``` ### Self-Signed Certificate (Development) @@ -83,7 +83,7 @@ In non-production mode, the server auto-generates a self-signed certificate if n ```bash rm data/server-cert.der data/server-key.der -systemctl restart qpq-server +systemctl restart qpc-server # Server will generate a new self-signed cert for localhost/127.0.0.1/::1 ``` @@ -91,26 +91,26 @@ systemctl restart qpq-server ```bash #!/bin/bash -# /opt/qpq/scripts/renew-cert.sh +# /opt/qpc/scripts/renew-cert.sh set -euo pipefail DOMAIN="chat.example.com" CERT_DIR="/etc/letsencrypt/live/$DOMAIN" -QPQ_DATA="/var/lib/quicproquo" +QPC_DATA="/var/lib/quicprochat" certbot renew --quiet -openssl x509 -in "$CERT_DIR/fullchain.pem" -outform DER -out "$QPQ_DATA/server-cert.der" -openssl pkey -in "$CERT_DIR/privkey.pem" -outform DER -out "$QPQ_DATA/server-key.der" -chmod 600 "$QPQ_DATA/server-key.der" -chown qpq:qpq "$QPQ_DATA/server-cert.der" "$QPQ_DATA/server-key.der" +openssl x509 -in "$CERT_DIR/fullchain.pem" -outform DER -out "$QPC_DATA/server-cert.der" +openssl pkey -in "$CERT_DIR/privkey.pem" -outform DER -out "$QPC_DATA/server-key.der" +chmod 600 "$QPC_DATA/server-key.der" +chown qpc:qpc "$QPC_DATA/server-cert.der" "$QPC_DATA/server-key.der" -systemctl restart qpq-server +systemctl restart qpc-server ``` ```cron # Run cert renewal check twice daily -0 3,15 * * * /opt/qpq/scripts/renew-cert.sh >> /var/log/qpq-cert-renew.log 2>&1 +0 3,15 * * * /opt/qpc/scripts/renew-cert.sh >> /var/log/qpc-cert-renew.log 2>&1 ``` ## Federation Certificate Rotation @@ -134,43 +134,43 @@ openssl pkey -in /tmp/federation-key.pem -outform DER -out data/federation-key.d chmod 600 data/federation-key.der # 3. Restart the server -systemctl restart qpq-server +systemctl restart qpc-server # 4. Coordinate with federation peers: they must trust the same CA ``` ## Database Encryption Key Rotation -The SQLCipher database key (`QPQ_DB_KEY`) encrypts all data at rest. +The SQLCipher database key (`QPC_DB_KEY`) encrypts all data at rest. ### Procedure (SQLCipher PRAGMA rekey) ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Back up the database -cp data/qpq.db /backups/qpq-pre-rekey-$(date +%Y%m%d).db +cp data/qpc.db /backups/qpc-pre-rekey-$(date +%Y%m%d).db # 3. Rekey the database -sqlite3 data/qpq.db <> .env +echo "QPC_DB_KEY=new-encryption-key" >> .env # 6. Start the server -systemctl start qpq-server +systemctl start qpc-server ``` ### Full Re-encryption (Alternative) @@ -179,18 +179,18 @@ If `PRAGMA rekey` is unavailable or you want a fresh database file: ```bash # 1. Stop the server and back up -systemctl stop qpq-server -cp data/qpq.db /backups/qpq-pre-rekey.db +systemctl stop qpc-server +cp data/qpc.db /backups/qpc-pre-rekey.db # 2. Export with old key, import with new key -sqlite3 data/qpq.db "PRAGMA key='old-key'; .dump" | \ - sqlite3 data/qpq-new.db "PRAGMA key='new-key'; .read /dev/stdin" +sqlite3 data/qpc.db "PRAGMA key='old-key'; .dump" | \ + sqlite3 data/qpc-new.db "PRAGMA key='new-key'; .read /dev/stdin" # 3. Replace the database -mv data/qpq-new.db data/qpq.db +mv data/qpc-new.db data/qpc.db # 4. Update config and restart -systemctl start qpq-server +systemctl start qpc-server ``` ## OPAQUE ServerSetup Rotation @@ -201,20 +201,20 @@ The OPAQUE ServerSetup is generated once and persisted. Rotating it invalidates ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Back up the database -cp data/qpq.db /backups/qpq-pre-opaque-rotate.db +cp data/qpc.db /backups/qpc-pre-opaque-rotate.db # 3. Delete the persisted OPAQUE setup # For SQL backend: -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; DELETE FROM server_state WHERE key = 'opaque_setup';" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; DELETE FROM server_state WHERE key = 'opaque_setup';" # For file backend: rm data/opaque_setup.bin 2>/dev/null || true # 4. Start the server (it will generate a new OPAQUE ServerSetup) -systemctl start qpq-server +systemctl start qpc-server # 5. All users must re-register (existing OPAQUE credentials are invalid) ``` @@ -225,17 +225,17 @@ The Ed25519 signing key is used for delivery proofs. Rotating it means old deliv ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Back up -cp data/qpq.db /backups/qpq-pre-sigkey-rotate.db +cp data/qpc.db /backups/qpc-pre-sigkey-rotate.db # 3. Delete the persisted signing key seed # For SQL backend: -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; DELETE FROM server_state WHERE key = 'signing_key_seed';" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; DELETE FROM server_state WHERE key = 'signing_key_seed';" # 4. Start the server (generates a new Ed25519 signing key) -systemctl start qpq-server +systemctl start qpc-server ``` ## Rotation Schedule diff --git a/docs/operations/monitoring.md b/docs/operations/monitoring.md index a6e4ec0..6c4f10c 100644 --- a/docs/operations/monitoring.md +++ b/docs/operations/monitoring.md @@ -1,6 +1,6 @@ # Monitoring Guide -This document covers metrics collection, alerting, and dashboards for quicproquo. +This document covers metrics collection, alerting, and dashboards for quicprochat. ## Enabling Metrics @@ -8,10 +8,10 @@ The server exports Prometheus metrics via HTTP when configured: ```bash # Environment variables -QPQ_METRICS_LISTEN=0.0.0.0:9090 -QPQ_METRICS_ENABLED=true +QPC_METRICS_LISTEN=0.0.0.0:9090 +QPC_METRICS_ENABLED=true -# Or in qpq-server.toml +# Or in qpc-server.toml metrics_listen = "0.0.0.0:9090" metrics_enabled = true ``` @@ -48,9 +48,9 @@ global: evaluation_interval: 15s scrape_configs: - - job_name: 'qpq-server' + - job_name: 'qpc-server' static_targets: - - targets: ['qpq-server:9090'] + - targets: ['qpc-server:9090'] scrape_interval: 10s ``` @@ -59,17 +59,17 @@ scrape_configs: ```yaml # prometheus-alerts.yml groups: - - name: qpq-server + - name: qpc-server rules: # Server down - alert: QpqServerDown - expr: up{job="qpq-server"} == 0 + expr: up{job="qpc-server"} == 0 for: 1m labels: severity: critical annotations: - summary: "qpq-server is down" - description: "Prometheus cannot scrape qpq-server metrics for > 1 minute." + summary: "qpc-server is down" + description: "Prometheus cannot scrape qpc-server metrics for > 1 minute." # High auth failure rate (potential brute force) - alert: QpqHighAuthFailureRate @@ -136,7 +136,7 @@ groups: ## Key Dashboard Panels -See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels: +See `dashboards/qpc-overview.json` for the full Grafana dashboard. Key panels: ### Message Throughput - **Enqueue rate**: `rate(enqueue_total[5m])` @@ -160,10 +160,10 @@ See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels: ## Grafana Dashboard -Import the dashboard from `dashboards/qpq-overview.json`: +Import the dashboard from `dashboards/qpc-overview.json`: 1. Open Grafana -> Dashboards -> Import -2. Upload `docs/operations/dashboards/qpq-overview.json` +2. Upload `docs/operations/dashboards/qpc-overview.json` 3. Select your Prometheus data source 4. Save @@ -176,7 +176,7 @@ The server uses `tracing` with `RUST_LOG` environment variable: RUST_LOG=info # Debug specific modules -RUST_LOG=info,quicproquo_server::node_service=debug +RUST_LOG=info,quicprochat_server::node_service=debug # Verbose debugging RUST_LOG=debug @@ -189,7 +189,7 @@ RUST_LOG=debug | `"TLS certificate expires within 30 days"` | Cert expiring soon | Rotate certificate | | `"TLS certificate is self-signed"` | Self-signed cert in use | Replace with CA-signed cert in production | | `"connection rate limit exceeded"` | IP being rate limited | Check for DDoS | -| `"running without QPQ_AUTH_TOKEN"` | Insecure mode | Must not appear in production | +| `"running without QPC_AUTH_TOKEN"` | Insecure mode | Must not appear in production | | `"db_key is empty; SQL store will be plaintext"` | Unencrypted DB | Must not appear in production | | `"shutdown signal received"` | Graceful shutdown started | Expected during deploys | | `"generated and persisted new OPAQUE ServerSetup"` | Fresh OPAQUE setup | Expected on first start only | @@ -200,13 +200,13 @@ For production, pipe logs to a log aggregator: ```bash # Systemd -> journald -> Loki/Elasticsearch -journalctl -u qpq-server -f --output=json | \ +journalctl -u qpc-server -f --output=json | \ promtail --stdin --client.url=http://loki:3100/loki/api/v1/push # Docker -> Loki driver docker run --log-driver=loki \ --log-opt loki-url="http://loki:3100/loki/api/v1/push" \ - qpq-server + qpc-server ``` ## Health Checking @@ -221,5 +221,5 @@ ss -ulnp | grep 7000 curl -sf http://localhost:9090/metrics > /dev/null # Full client connection test -qpq-client --server 127.0.0.1:7000 --auth-token "$TOKEN" --ping +qpc-client --server 127.0.0.1:7000 --auth-token "$TOKEN" --ping ``` diff --git a/docs/operations/prometheus-alerts.yml b/docs/operations/prometheus-alerts.yml index 8f2ae2b..5c4b6b9 100644 --- a/docs/operations/prometheus-alerts.yml +++ b/docs/operations/prometheus-alerts.yml @@ -1,16 +1,16 @@ groups: - - name: qpq-server + - name: qpc-server rules: - - alert: QpqServerDown - expr: up{job="qpq-server"} == 0 + - alert: QpcServerDown + expr: up{job="qpc-server"} == 0 for: 1m labels: severity: critical annotations: - summary: "qpq-server is down" - description: "Prometheus cannot scrape qpq-server metrics for > 1 minute." + summary: "qpc-server is down" + description: "Prometheus cannot scrape qpc-server metrics for > 1 minute." - - alert: QpqHighAuthFailureRate + - alert: QpcHighAuthFailureRate expr: rate(auth_login_failure_total[5m]) > 10 for: 2m labels: @@ -19,7 +19,7 @@ groups: summary: "High authentication failure rate" description: "{{ $value | printf \"%.1f\" }} auth failures/sec over 5 minutes." - - alert: QpqRateLimitActive + - alert: QpcRateLimitActive expr: rate(rate_limit_hit_total[5m]) > 5 for: 5m labels: @@ -27,7 +27,7 @@ groups: annotations: summary: "Rate limiting is actively rejecting requests" - - alert: QpqDeliveryQueueHigh + - alert: QpcDeliveryQueueHigh expr: delivery_queue_depth > 10000 for: 10m labels: @@ -35,7 +35,7 @@ groups: annotations: summary: "Delivery queue depth is high ({{ $value }})" - - alert: QpqDeliveryQueueCritical + - alert: QpcDeliveryQueueCritical expr: delivery_queue_depth > 100000 for: 5m labels: @@ -43,7 +43,7 @@ groups: annotations: summary: "Delivery queue depth is critical ({{ $value }})" - - alert: QpqLowAuthSuccessRatio + - alert: QpcLowAuthSuccessRatio expr: > rate(auth_login_success_total[5m]) / (rate(auth_login_success_total[5m]) + rate(auth_login_failure_total[5m])) diff --git a/docs/operations/prometheus.yml b/docs/operations/prometheus.yml index b96636f..ea8d48e 100644 --- a/docs/operations/prometheus.yml +++ b/docs/operations/prometheus.yml @@ -6,7 +6,7 @@ rule_files: - "alerts.yml" scrape_configs: - - job_name: 'qpq-server' + - job_name: 'qpc-server' static_configs: - targets: ['server:9090'] scrape_interval: 10s diff --git a/docs/operations/scaling-guide.md b/docs/operations/scaling-guide.md index 3754853..558def8 100644 --- a/docs/operations/scaling-guide.md +++ b/docs/operations/scaling-guide.md @@ -1,10 +1,10 @@ # Scaling Guide -This document covers resource sizing, scaling triggers, and capacity planning for quicproquo deployments. +This document covers resource sizing, scaling triggers, and capacity planning for quicprochat deployments. ## Architecture Overview -quicproquo runs as a single-process server handling QUIC connections. Key resource consumers: +quicprochat runs as a single-process server handling QUIC connections. Key resource consumers: - **CPU**: TLS 1.3 handshakes (QUIC), OPAQUE PAKE authentication, message routing - **Memory**: In-memory session state (DashMap), QUIC connection state, delivery waiters, rate limit entries @@ -70,7 +70,7 @@ The server is async (Tokio) and benefits from multiple cores. QUIC TLS handshake ```bash # Check current CPU usage -top -bn1 -p $(pgrep qpq-server) +top -bn1 -p $(pgrep qpc-server) # For Docker: increase CPU limits # docker-compose.prod.yml: @@ -107,22 +107,22 @@ iostat -x 1 5 # Move to NVMe if on spinning disk # Increase WAL autocheckpoint threshold for burst writes -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;" ``` ## Horizontal Scaling -quicproquo does not yet have built-in multi-node clustering. For horizontal scaling, use these patterns: +quicprochat does not yet have built-in multi-node clustering. For horizontal scaling, use these patterns: ### Load Balancer (UDP/QUIC) -Place a UDP load balancer in front of multiple qpq-server instances. Each instance runs independently with its own database. +Place a UDP load balancer in front of multiple qpc-server instances. Each instance runs independently with its own database. ``` +-----------+ - clients ------> | L4 LB | ----> qpq-server-1 (db-1) - | (UDP/QUIC)| ----> qpq-server-2 (db-2) - +-----------+ qpq-server-3 (db-3) + clients ------> | L4 LB | ----> qpc-server-1 (db-1) + | (UDP/QUIC)| ----> qpc-server-2 (db-2) + +-----------+ qpc-server-3 (db-3) ``` **Requirements:** @@ -134,7 +134,7 @@ Place a UDP load balancer in front of multiple qpq-server instances. Each instan Enable federation to relay messages between nodes: ```toml -# qpq-server.toml on node-1 +# qpc-server.toml on node-1 [federation] enabled = true domain = "node1.chat.example.com" @@ -153,9 +153,9 @@ address = "10.0.1.2:7001" For true horizontal scaling, migrate from SQLCipher to a shared PostgreSQL instance. This is not yet implemented but is the planned approach for multi-node deployments. ``` - qpq-server-1 --\ - qpq-server-2 ---+--> PostgreSQL (shared) - qpq-server-3 --/ + qpc-server-1 --\ + qpc-server-2 ---+--> PostgreSQL (shared) + qpc-server-3 --/ ``` ## Connection Tuning @@ -174,7 +174,7 @@ For high connection counts, consider: - Increasing UDP buffer sizes: ```bash -# /etc/sysctl.d/99-qpq.conf +# /etc/sysctl.d/99-qpc.conf net.core.rmem_max = 26214400 net.core.wmem_max = 26214400 net.core.rmem_default = 1048576 @@ -182,7 +182,7 @@ net.core.wmem_default = 1048576 ``` ```bash -sysctl -p /etc/sysctl.d/99-qpq.conf +sysctl -p /etc/sysctl.d/99-qpc.conf ``` ## Docker Resource Limits @@ -211,11 +211,11 @@ Use the included test infrastructure to benchmark: ```bash # Build the test client -cargo build --release --bin qpq-client +cargo build --release --bin qpc-client # Run concurrent connection test (example) for i in $(seq 1 100); do - qpq-client --server 127.0.0.1:7000 --auth-token "$QPQ_AUTH_TOKEN" & + qpc-client --server 127.0.0.1:7000 --auth-token "$QPC_AUTH_TOKEN" & done wait diff --git a/docs/sdk/build-your-own.md b/docs/sdk/build-your-own.md index 9a117bf..b9c997a 100644 --- a/docs/sdk/build-your-own.md +++ b/docs/sdk/build-your-own.md @@ -1,12 +1,12 @@ # Build Your Own SDK -This guide explains how to implement a quicproquo client SDK in any language. +This guide explains how to implement a quicprochat client SDK in any language. ## Two Approaches ### Approach 1: C FFI Wrapper (recommended) -The simplest path. Wrap `libquicproquo_ffi` using your language's FFI mechanism (e.g., Python CFFI, Ruby FFI, JNI, Swift C interop). +The simplest path. Wrap `libquicprochat_ffi` using your language's FFI mechanism (e.g., Python CFFI, Ruby FFI, JNI, Swift C interop). **Pros**: Full Rust crypto stack (MLS, OPAQUE, hybrid KEM) with zero reimplementation. **Cons**: Requires shipping a native library, synchronous API only. @@ -26,7 +26,7 @@ Implement the QUIC transport and protobuf serialization natively in your languag Open a QUIC connection to the server: -- **ALPN**: `qpq` +- **ALPN**: `qpc` - **TLS**: 1.3 with server certificate verification - **Port**: 5001 (default) @@ -64,7 +64,7 @@ payload = data[10 : 10 + length] ### 3. Protobuf Messages -Generate or hand-write protobuf encode/decode for the message types in `proto/qpq/v1/*.proto`. +Generate or hand-write protobuf encode/decode for the message types in `proto/qpc/v1/*.proto`. Minimum required messages for a basic client: @@ -96,7 +96,7 @@ Client Server Core operations (implement in order): -- [ ] **Connect**: Open QUIC connection with TLS 1.3 + ALPN `qpq` +- [ ] **Connect**: Open QUIC connection with TLS 1.3 + ALPN `qpc` - [ ] **Health**: Send `HealthRequest` (method 802), verify server is running - [ ] **Register**: OPAQUE registration (methods 100-101) - [ ] **Login**: OPAQUE login (methods 102-103), store session token @@ -146,7 +146,7 @@ Study these SDKs for patterns: - **Go** (`sdks/go/`): Native QUIC + Cap'n Proto, full OPAQUE flow - **Python** (`sdks/python/`): Native QUIC + Protobuf v2 wire format - **TypeScript** (`sdks/typescript/`): WebSocket bridge, WASM crypto -- **C FFI** (`crates/quicproquo-ffi/`): Synchronous wrapper +- **C FFI** (`crates/quicprochat-ffi/`): Synchronous wrapper ## Testing @@ -154,7 +154,7 @@ Test your SDK against a local server: ```sh # Start the server -cargo run -p quicproquo-server +cargo run -p quicprochat-server # Run your SDK's tests ``` diff --git a/docs/sdk/c-ffi.md b/docs/sdk/c-ffi.md index 651469d..03995fc 100644 --- a/docs/sdk/c-ffi.md +++ b/docs/sdk/c-ffi.md @@ -1,49 +1,49 @@ # C FFI Bindings -The C FFI layer (`crates/quicproquo-ffi/`) provides synchronous C-callable functions that wrap the Rust client library. This is the foundation for language bindings in Python (CFFI), Swift, Kotlin/JNI, Java, and Ruby. +The C FFI layer (`crates/quicprochat-ffi/`) provides synchronous C-callable functions that wrap the Rust client library. This is the foundation for language bindings in Python (CFFI), Swift, Kotlin/JNI, Java, and Ruby. ## Building ```sh -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi ``` This produces: -- Linux: `target/release/libquicproquo_ffi.so` -- macOS: `target/release/libquicproquo_ffi.dylib` -- Windows: `target/release/quicproquo_ffi.dll` +- Linux: `target/release/libquicprochat_ffi.so` +- macOS: `target/release/libquicprochat_ffi.dylib` +- Windows: `target/release/quicprochat_ffi.dll` ## API ### Status Codes ```c -#define QPQ_OK 0 -#define QPQ_ERROR 1 -#define QPQ_AUTH_FAILED 2 -#define QPQ_TIMEOUT 3 -#define QPQ_NOT_CONNECTED 4 +#define QPC_OK 0 +#define QPC_ERROR 1 +#define QPC_AUTH_FAILED 2 +#define QPC_TIMEOUT 3 +#define QPC_NOT_CONNECTED 4 ``` ### Functions ```c // Connect to a server. Returns opaque handle or NULL on failure. -QpqHandle* qpq_connect( +QpqHandle* qpc_connect( const char* server, // "host:port" const char* ca_cert, // path to CA certificate PEM const char* server_name // TLS SNI name ); // Authenticate with OPAQUE. Returns status code. -int qpq_login( +int qpc_login( QpqHandle* handle, const char* username, const char* password ); // Send a message to a recipient (by username). -int qpq_send( +int qpc_send( QpqHandle* handle, const char* recipient, // recipient username const uint8_t* message, // message bytes @@ -52,20 +52,20 @@ int qpq_send( // Receive pending messages. Blocks up to timeout_ms. // On success, *out_json is a JSON array of strings. -int qpq_receive( +int qpc_receive( QpqHandle* handle, uint32_t timeout_ms, - char** out_json // caller must free with qpq_free_string + char** out_json // caller must free with qpc_free_string ); // Disconnect and free the handle. -void qpq_disconnect(QpqHandle* handle); +void qpc_disconnect(QpqHandle* handle); // Get last error message (valid until next FFI call on this handle). -const char* qpq_last_error(const QpqHandle* handle); +const char* qpc_last_error(const QpqHandle* handle); -// Free a string returned by qpq_receive. -void qpq_free_string(char* ptr); +// Free a string returned by qpc_receive. +void qpc_free_string(char* ptr); ``` ## Usage Example (C) @@ -76,53 +76,53 @@ void qpq_free_string(char* ptr); // Forward declarations (or include a header). typedef struct QpqHandle QpqHandle; -extern QpqHandle* qpq_connect(const char*, const char*, const char*); -extern int qpq_login(QpqHandle*, const char*, const char*); -extern int qpq_send(QpqHandle*, const char*, const unsigned char*, size_t); -extern int qpq_receive(QpqHandle*, unsigned int, char**); -extern void qpq_disconnect(QpqHandle*); -extern const char* qpq_last_error(const QpqHandle*); -extern void qpq_free_string(char*); +extern QpqHandle* qpc_connect(const char*, const char*, const char*); +extern int qpc_login(QpqHandle*, const char*, const char*); +extern int qpc_send(QpqHandle*, const char*, const unsigned char*, size_t); +extern int qpc_receive(QpqHandle*, unsigned int, char**); +extern void qpc_disconnect(QpqHandle*); +extern const char* qpc_last_error(const QpqHandle*); +extern void qpc_free_string(char*); int main(void) { - QpqHandle* h = qpq_connect("127.0.0.1:5001", "ca.pem", "localhost"); + QpqHandle* h = qpc_connect("127.0.0.1:5001", "ca.pem", "localhost"); if (!h) { fprintf(stderr, "connect failed\n"); return 1; } - int rc = qpq_login(h, "alice", "password123"); + int rc = qpc_login(h, "alice", "password123"); if (rc != 0) { - fprintf(stderr, "login failed: %s\n", qpq_last_error(h)); - qpq_disconnect(h); + fprintf(stderr, "login failed: %s\n", qpc_last_error(h)); + qpc_disconnect(h); return 1; } const char* msg = "hello from C!"; - qpq_send(h, "bob", (const unsigned char*)msg, strlen(msg)); + qpc_send(h, "bob", (const unsigned char*)msg, strlen(msg)); char* json = NULL; - rc = qpq_receive(h, 5000, &json); + rc = qpc_receive(h, 5000, &json); if (rc == 0 && json) { printf("received: %s\n", json); - qpq_free_string(json); + qpc_free_string(json); } - qpq_disconnect(h); + qpc_disconnect(h); return 0; } ``` Compile with: ```sh -gcc -o demo demo.c -L target/release -lquicproquo_ffi +gcc -o demo demo.c -L target/release -lquicprochat_ffi ``` ## Memory Management -- `qpq_connect` returns a heap-allocated handle. The caller **must** call `qpq_disconnect` to free it. -- `qpq_receive` writes a heap-allocated JSON string to `*out_json`. The caller **must** call `qpq_free_string` to free it. -- `qpq_last_error` returns a pointer owned by the handle. Do **not** free it. It is valid until the next FFI call on the same handle. +- `qpc_connect` returns a heap-allocated handle. The caller **must** call `qpc_disconnect` to free it. +- `qpc_receive` writes a heap-allocated JSON string to `*out_json`. The caller **must** call `qpc_free_string` to free it. +- `qpc_last_error` returns a pointer owned by the handle. Do **not** free it. It is valid until the next FFI call on the same handle. ## Thread Safety @@ -133,7 +133,7 @@ Each `QpqHandle` owns its own Tokio runtime. Concurrent calls on the **same** ha The FFI layer bridges synchronous C callers to the async Rust client: ``` -C caller ─── qpq_login() ───► QpqHandle ─── runtime.block_on() ───► async Rust client +C caller ─── qpc_login() ───► QpqHandle ─── runtime.block_on() ───► async Rust client ``` Each handle contains: diff --git a/docs/sdk/go.md b/docs/sdk/go.md index 646a944..7c9701f 100644 --- a/docs/sdk/go.md +++ b/docs/sdk/go.md @@ -7,7 +7,7 @@ Location: `sdks/go/` ## Installation ```sh -go get quicproquo.dev/sdk/go +go get quicprochat.dev/sdk/go ``` ## Quick Start @@ -18,13 +18,13 @@ package main import ( "context" "fmt" - "quicproquo.dev/sdk/go/qpq" + "quicprochat.dev/sdk/go/qpc" ) func main() { ctx := context.Background() - client, err := qpq.Connect(ctx, qpq.Options{ + client, err := qpc.Connect(ctx, qpc.Options{ Addr: "127.0.0.1:5001", InsecureSkipVerify: true, // dev only }) @@ -63,7 +63,7 @@ func main() { | Method | Description | |---|---| -| `qpq.Connect(ctx, opts)` | Connect to server | +| `qpc.Connect(ctx, opts)` | Connect to server | | `client.Close()` | Disconnect | | `client.Health(ctx)` | Health check | | `client.SetSessionToken(token)` | Set pre-existing token | @@ -81,7 +81,7 @@ func main() { ## Structure -- `qpq/` -- High-level client API +- `qpc/` -- High-level client API - `transport/` -- QUIC + TLS 1.3 transport, Cap'n Proto RPC framing - `proto/node/` -- Generated Cap'n Proto Go types - `cmd/example/` -- Example usage diff --git a/docs/sdk/index.md b/docs/sdk/index.md index f01d491..495d065 100644 --- a/docs/sdk/index.md +++ b/docs/sdk/index.md @@ -1,16 +1,16 @@ -# quicproquo SDK Documentation +# quicprochat SDK Documentation -This guide covers how to build clients for the quicproquo E2E encrypted messenger using the official SDKs or by implementing your own. +This guide covers how to build clients for the quicprochat E2E encrypted messenger using the official SDKs or by implementing your own. ## Official SDKs | Language | Location | Transport | Status | |---|---|---|---| -| **Rust** | `crates/quicproquo-client` | QUIC + Cap'n Proto | Production | +| **Rust** | `crates/quicprochat-client` | QUIC + Cap'n Proto | Production | | **Go** | `sdks/go/` | QUIC + Cap'n Proto | Production | | **TypeScript** | `sdks/typescript/` | WebSocket bridge + WASM crypto | Production | | **Python** | `sdks/python/` | QUIC + Protobuf (v2) / Rust FFI | Production | -| **C** | `crates/quicproquo-ffi/` | Rust FFI (synchronous) | Production | +| **C** | `crates/quicprochat-ffi/` | Rust FFI (synchronous) | Production | | **Swift** | `sdks/swift/` | C FFI wrapper | In progress | | **Kotlin** | `sdks/kotlin/` | JNI + C FFI | In progress | | **Java** | `sdks/java/` | JNI + C FFI | In progress | @@ -57,7 +57,7 @@ Each RPC call opens a new QUIC bidirectional stream. The request and response us ## Canonical Schemas -- **Protobuf** (v2): `proto/qpq/v1/*.proto` -- 14 service definitions +- **Protobuf** (v2): `proto/qpc/v1/*.proto` -- 14 service definitions - **Cap'n Proto** (v1): `schemas/*.capnp` -- legacy RPC interface -The protobuf schemas in `proto/qpq/v1/` are the canonical API contract for the v2 protocol. New SDKs should implement against these definitions. +The protobuf schemas in `proto/qpc/v1/` are the canonical API contract for the v2 protocol. New SDKs should implement against these definitions. diff --git a/docs/sdk/python.md b/docs/sdk/python.md index e470179..6fa9b03 100644 --- a/docs/sdk/python.md +++ b/docs/sdk/python.md @@ -7,7 +7,7 @@ Location: `sdks/python/` ## Installation ```sh -pip install quicproquo +pip install quicprochat ``` ## Transport Backends @@ -18,7 +18,7 @@ Uses [aioquic](https://github.com/aiortc/aioquic) for native QUIC transport with ```python import asyncio -from quicproquo import QpqClient, ConnectOptions +from quicprochat import QpqClient, ConnectOptions async def main(): client = await QpqClient.connect(ConnectOptions( @@ -45,14 +45,14 @@ asyncio.run(main()) ### Rust FFI (synchronous) -Wraps `libquicproquo_ffi` via CFFI for full Rust crypto stack at native speed. +Wraps `libquicprochat_ffi` via CFFI for full Rust crypto stack at native speed. ```sh -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi ``` ```python -from quicproquo import QpqClient, ConnectOptions +from quicprochat import QpqClient, ConnectOptions client = QpqClient.connect_ffi(ConnectOptions( addr="127.0.0.1:5001", @@ -112,9 +112,9 @@ client.close_sync() | File | Purpose | |---|---| -| `quicproquo/client.py` | High-level client API | -| `quicproquo/transport.py` | QUIC transport (aioquic) | -| `quicproquo/ffi.py` | Rust FFI transport (CFFI) | -| `quicproquo/proto.py` | Protobuf encode/decode | -| `quicproquo/wire.py` | v2 wire format framing | -| `quicproquo/types.py` | Data types and exceptions | +| `quicprochat/client.py` | High-level client API | +| `quicprochat/transport.py` | QUIC transport (aioquic) | +| `quicprochat/ffi.py` | Rust FFI transport (CFFI) | +| `quicprochat/proto.py` | Protobuf encode/decode | +| `quicprochat/wire.py` | v2 wire format framing | +| `quicprochat/types.py` | Data types and exceptions | diff --git a/docs/sdk/rust.md b/docs/sdk/rust.md index 1953d2e..b3818ea 100644 --- a/docs/sdk/rust.md +++ b/docs/sdk/rust.md @@ -1,6 +1,6 @@ # Rust SDK -The Rust client is the reference implementation, located in `crates/quicproquo-client/`. +The Rust client is the reference implementation, located in `crates/quicprochat-client/`. ## Installation @@ -8,7 +8,7 @@ Add to your `Cargo.toml`: ```toml [dependencies] -quicproquo-client = { path = "crates/quicproquo-client" } +quicprochat-client = { path = "crates/quicprochat-client" } ``` ## Connection @@ -16,7 +16,7 @@ quicproquo-client = { path = "crates/quicproquo-client" } The Rust client connects directly over QUIC with Cap'n Proto RPC: ```rust -use quicproquo_client::{cmd_health, cmd_login, cmd_send, connect_node}; +use quicprochat_client::{cmd_health, cmd_login, cmd_send, connect_node}; // Health check cmd_health("127.0.0.1:5001", &ca_cert_path, "localhost").await?; @@ -38,14 +38,14 @@ cmd_login( - OPAQUE authentication with zeroizing credential storage - SQLCipher local state with Argon2id key derivation - Sealed sender metadata protection -- v2 QUIC + Protobuf transport (via `quicproquo-sdk` crate) +- v2 QUIC + Protobuf transport (via `quicprochat-sdk` crate) ## v2 SDK Crate -The `quicproquo-sdk` crate provides the higher-level v2 API: +The `quicprochat-sdk` crate provides the higher-level v2 API: ```rust -use quicproquo_sdk::QpqClient; +use quicprochat_sdk::QpqClient; let client = QpqClient::connect("127.0.0.1:5001", &tls_config).await?; let health = client.health().await?; @@ -55,9 +55,9 @@ let health = client.health().await?; | Crate | Purpose | |---|---| -| `quicproquo-core` | Crypto primitives, MLS, hybrid KEM | -| `quicproquo-proto` | Protobuf + Cap'n Proto generated types | -| `quicproquo-rpc` | QUIC RPC framework (framing, dispatch) | -| `quicproquo-sdk` | High-level client SDK | -| `quicproquo-client` | CLI/TUI client application | -| `quicproquo-ffi` | C FFI bindings | +| `quicprochat-core` | Crypto primitives, MLS, hybrid KEM | +| `quicprochat-proto` | Protobuf + Cap'n Proto generated types | +| `quicprochat-rpc` | QUIC RPC framework (framing, dispatch) | +| `quicprochat-sdk` | High-level client SDK | +| `quicprochat-client` | CLI/TUI client application | +| `quicprochat-ffi` | C FFI bindings | diff --git a/docs/sdk/typescript.md b/docs/sdk/typescript.md index a70e67c..ff0b810 100644 --- a/docs/sdk/typescript.md +++ b/docs/sdk/typescript.md @@ -7,13 +7,13 @@ Location: `sdks/typescript/` ## Installation ```sh -npm install quicproquo +npm install quicprochat ``` ## Quick Start ```typescript -import { QpqClient } from "quicproquo"; +import { QpqClient } from "quicprochat"; // Connect via WebSocket bridge const client = await QpqClient.connect({ @@ -115,7 +115,7 @@ The TypeScript SDK uses a WebSocket bridge proxy because browsers cannot open ra Browser ─── WebSocket ───► Bridge Proxy ─── QUIC/capnp ───► Server ``` -Crypto operations (Ed25519, hybrid KEM, sealed sender) run entirely in WASM, compiled from the Rust `quicproquo-core` crate. +Crypto operations (Ed25519, hybrid KEM, sealed sender) run entirely in WASM, compiled from the Rust `quicprochat-core` crate. ## Structure diff --git a/docs/sdk/wire-format.md b/docs/sdk/wire-format.md index b7e0358..6675f22 100644 --- a/docs/sdk/wire-format.md +++ b/docs/sdk/wire-format.md @@ -1,11 +1,11 @@ # v2 Wire Format -The quicproquo v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport layer and Protocol Buffers for message serialization. +The quicprochat v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport layer and Protocol Buffers for message serialization. ## Connection - **Protocol**: QUIC with TLS 1.3 -- **ALPN**: `qpq` +- **ALPN**: `qpc` - **Port**: 5001 (default) - **Certificate**: Server presents a TLS certificate; clients verify against a CA cert @@ -137,7 +137,7 @@ This allows concurrent RPCs without head-of-line blocking. ## Protobuf Definitions -All message types are defined in `proto/qpq/v1/*.proto`: +All message types are defined in `proto/qpc/v1/*.proto`: | File | Services | |---|---| diff --git a/docs/src/SUMMARY.md b/docs/src/SUMMARY.md index 9753263..a58aeee 100644 --- a/docs/src/SUMMARY.md +++ b/docs/src/SUMMARY.md @@ -4,7 +4,7 @@ --- -# Why quicproquo? +# Why quicprochat? - [Comparison with Classical Chat Protocols](design-rationale/protocol-comparison.md) - [Why This Design, Not Signal/Matrix/...](design-rationale/why-not-signal.md) @@ -20,7 +20,7 @@ - [REPL Command Reference](getting-started/repl-reference.md) - [Rich Messaging](getting-started/rich-messaging.md) - [File Transfer](getting-started/file-transfer.md) -- [TLS in quicproquo](getting-started/tls.md) +- [TLS in quicprochat](getting-started/tls.md) - [Certificate Lifecycle and CA-Signed TLS](getting-started/certificate-lifecycle.md) - [Docker Deployment](getting-started/docker.md) - [Mesh Networking](getting-started/mesh-networking.md) diff --git a/docs/src/appendix/glossary.md b/docs/src/appendix/glossary.md index 6986c2e..1a2bb96 100644 --- a/docs/src/appendix/glossary.md +++ b/docs/src/appendix/glossary.md @@ -1,22 +1,22 @@ # Glossary -Alphabetical glossary of terms used throughout the quicproquo documentation. +Alphabetical glossary of terms used throughout the quicprochat documentation. Each entry includes a brief definition and, where applicable, a reference to the relevant specification or documentation page. --- **AEAD** -- Authenticated Encryption with Associated Data. A symmetric encryption -scheme that provides both confidentiality and integrity. quicproquo uses +scheme that provides both confidentiality and integrity. quicprochat uses AES-128-GCM (in the MLS ciphersuite). See [Cryptography Overview](../cryptography/overview.md). **ALPN** -- Application-Layer Protocol Negotiation. A TLS extension that allows the client and server to agree on an application protocol during the TLS -handshake. quicproquo v2 uses the ALPN token `"qpq"` (replacing the legacy +handshake. quicprochat v2 uses the ALPN token `"qpc"` (replacing the legacy `"capnp"` token used in v1). See [Wire Format Overview](../wire-format/overview.md). **Argon2id** -- A memory-hard password hashing and key derivation function -(winner of the Password Hashing Competition, 2015). quicproquo uses Argon2id +(winner of the Password Hashing Competition, 2015). quicprochat uses Argon2id to derive the SQLCipher encryption key from the server's passphrase, and optionally for client-side key derivation. See [Storage Backend](../internals/storage-backend.md). @@ -25,10 +25,10 @@ registration and login, stores single-use MLS KeyPackages, and manages hybrid post-quantum public keys. See [Authentication Service Internals](../internals/authentication-service.md). **Cap'n Proto** -- A zero-copy serialisation format with a built-in RPC system. -Used in quicproquo v1 for all wire messages and service RPCs. Schemas lived in +Used in quicprochat v1 for all wire messages and service RPCs. Schemas lived in `schemas/*.capnp`. In v2, Cap'n Proto is replaced by Protobuf (prost) for RPC -messages, though the legacy Cap'n Proto types remain in `quicproquo-proto` for -backward compatibility. See the v1 archive in `crates/quicproquo-proto/`. +messages, though the legacy Cap'n Proto types remain in `quicprochat-proto` for +backward compatibility. See the v1 archive in `crates/quicprochat-proto/`. **Commit** -- An MLS message type that advances the group to a new epoch. When a member sends a Commit (e.g., after adding or removing a member), all group @@ -37,13 +37,13 @@ forward secrecy and post-compromise security. See [MLS (RFC 9420)](../protocol-layers/mls.md). **Credential** -- An MLS identity binding that associates a member's signing key -with their identity. quicproquo uses `BasicCredential`, which contains the +with their identity. quicprochat uses `BasicCredential`, which contains the raw Ed25519 public key bytes. See [Ed25519 Identity Keys](../cryptography/identity-keys.md). **DER** -- Distinguished Encoding Rules. A binary encoding format for ASN.1 structures, used for X.509 certificates and TLS certificate chains. The -self-signed TLS certificate generated by quicproquo is DER-encoded. +self-signed TLS certificate generated by quicprochat is DER-encoded. **DS** -- Delivery Service. The server component that provides store-and-forward relay for opaque MLS payloads. The DS never inspects ciphertext -- it routes @@ -52,7 +52,7 @@ See [Architecture Overview](../architecture/overview.md). **Ed25519** -- Edwards-curve Digital Signature Algorithm on Curve25519. Used for MLS identity credentials and signing (KeyPackages, Commits, group operations). -quicproquo uses the `ed25519-dalek` crate. +quicprochat uses the `ed25519-dalek` crate. See [Ed25519 Identity Keys](../cryptography/identity-keys.md). **Epoch** -- The version number of an MLS group's key state. Each Commit @@ -66,11 +66,11 @@ the epoch ratchet: key material from earlier epochs is deleted when the epoch advances. See [Forward Secrecy](../cryptography/forward-secrecy.md). **HKDF** -- HMAC-based Key Derivation Function. Used in MLS to derive symmetric -keys from shared secrets. quicproquo uses HKDF-SHA256. +keys from shared secrets. quicprochat uses HKDF-SHA256. **HPKE** -- Hybrid Public Key Encryption. The public-key encryption scheme used in MLS for key exchange (encrypting to a KeyPackage's init key). Defined in -RFC 9180. In quicproquo, HPKE uses DHKEM(X25519, HKDF-SHA256). +RFC 9180. In quicprochat, HPKE uses DHKEM(X25519, HKDF-SHA256). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). **KEM** -- Key Encapsulation Mechanism. A cryptographic primitive that generates @@ -85,7 +85,7 @@ is consumed on fetch. See **ML-KEM-768** -- Module-Lattice-based Key Encapsulation Mechanism, security level 3 (NIST FIPS 203). A post-quantum KEM based on the hardness of the -module learning-with-errors (MLWE) problem. quicproquo uses ML-KEM-768 in a +module learning-with-errors (MLWE) problem. quicprochat uses ML-KEM-768 in a hybrid construction with X25519 for post-quantum sealed envelope encryption. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). @@ -97,7 +97,7 @@ See [MLS (RFC 9420)](../protocol-layers/mls.md). **OPAQUE** -- Asymmetric Password-Authenticated Key Exchange (RFC 9497). A password authentication protocol in which the server never learns the user's password, not even during registration. The server stores an OPAQUE registration -record derived from the password. quicproquo uses OPAQUE for all user +record derived from the password. quicprochat uses OPAQUE for all user authentication (replacing static token auth in v1). See [Authentication Service Internals](../internals/authentication-service.md). @@ -114,19 +114,19 @@ KeyPackage and message fetch. See [Future Research](../roadmap/future-research.md). **prost** -- A Rust Protobuf code generation and runtime library. Used in -quicproquo v2 to generate Rust types from `proto/qpq/v1/*.proto` files at -build time. The generated types live in `crates/quicproquo-proto/`. +quicprochat v2 to generate Rust types from `proto/qpc/v1/*.proto` files at +build time. The generated types live in `crates/quicprochat-proto/`. See [Rust Crate Documentation](references.md). **Protobuf** -- Protocol Buffers. A language-neutral, binary serialisation format -from Google. quicproquo v2 uses Protobuf for all RPC message payloads, encoded -using the `prost` crate. Proto definitions live in `proto/qpq/v1/`. +from Google. quicprochat v2 uses Protobuf for all RPC message payloads, encoded +using the `prost` crate. Proto definitions live in `proto/qpc/v1/`. See [Wire Format Overview](../wire-format/overview.md). **QUIC** -- A UDP-based, multiplexed, encrypted transport protocol defined in RFC 9000. QUIC integrates TLS 1.3 for authentication and confidentiality and provides 0-RTT connection establishment, stream multiplexing, and built-in -congestion control. quicproquo uses the `quinn` crate. +congestion control. quicprochat uses the `quinn` crate. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). **Ratchet Tree** -- The binary tree data structure used in MLS for efficient @@ -135,13 +135,13 @@ hold derived key material. Updates propagate along the path from a leaf to the root, giving O(log N) cost for key updates in a group of N members. **SQLCipher** -- An open-source extension to SQLite that provides transparent, -page-level AES-256 encryption of the database file. quicproquo uses SQLCipher +page-level AES-256 encryption of the database file. quicprochat uses SQLCipher as the primary server-side storage backend via the `rusqlite` crate with the `sqlcipher` feature. The encryption key is derived from a server passphrase using Argon2id. See [Storage Backend](../internals/storage-backend.md). **TLS 1.3** -- Transport Layer Security version 1.3, defined in RFC 8446. The -standard for authenticated, encrypted transport. quicproquo uses TLS 1.3 +standard for authenticated, encrypted transport. quicprochat uses TLS 1.3 exclusively (via `rustls` with `TLS13` cipher suites only) as part of the QUIC transport. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). @@ -153,11 +153,11 @@ KeyPackage. See [MLS (RFC 9420)](../protocol-layers/mls.md). **X25519** -- Elliptic curve Diffie-Hellman key exchange on Curve25519 (using the Montgomery form). Used as the classical component of DHKEM in MLS HPKE and in the hybrid KEM (X25519 + ML-KEM-768). -quicproquo uses the `x25519-dalek` crate. +quicprochat uses the `x25519-dalek` crate. See [Cryptography Overview](../cryptography/overview.md). **Zeroize** -- The practice of securely clearing sensitive data (private keys, -shared secrets) from memory when it is no longer needed. quicproquo uses the +shared secrets) from memory when it is no longer needed. quicprochat uses the `zeroize` crate with the `ZeroizeOnDrop` derive macro to ensure that key material is overwritten on drop. See [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md). diff --git a/docs/src/appendix/references.md b/docs/src/appendix/references.md index 79be9e8..df5fc5f 100644 --- a/docs/src/appendix/references.md +++ b/docs/src/appendix/references.md @@ -1,7 +1,7 @@ # References and Further Reading This page collects the standards, crate documentation, and research papers -referenced throughout the quicproquo documentation. Entries are organised by +referenced throughout the quicprochat documentation. Entries are organised by category. --- @@ -10,26 +10,26 @@ category. | Reference | Description | |-----------|-------------| -| [RFC 9420 -- The Messaging Layer Security (MLS) Protocol](https://datatracker.ietf.org/doc/rfc9420/) | The group key agreement protocol used by quicproquo. Defines KeyPackages, Welcome messages, Commits, the ratchet tree, epoch advancement, and the security properties (forward secrecy, post-compromise security). See [MLS (RFC 9420)](../protocol-layers/mls.md). | -| [RFC 9497 -- The OPAQUE Asymmetric PAKE Protocol](https://datatracker.ietf.org/doc/rfc9497/) | Asymmetric password-authenticated key exchange. quicproquo uses OPAQUE for all user registration and login. The server never learns the user's password. See [Authentication Service Internals](../internals/authentication-service.md). | -| [RFC 9000 -- QUIC: A UDP-Based Multiplexed and Secure Transport](https://datatracker.ietf.org/doc/rfc9000/) | The transport protocol underlying quicproquo's primary connection layer. Provides multiplexed streams, 0-RTT connection establishment, and built-in congestion control. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). | -| [RFC 9001 -- Using TLS to Secure QUIC](https://datatracker.ietf.org/doc/rfc9001/) | Defines how TLS 1.3 is integrated into QUIC for authentication and key exchange. quicproquo uses this via the `quinn` + `rustls` stack. | -| [RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3](https://datatracker.ietf.org/doc/rfc8446/) | The TLS version used exclusively by quicproquo (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. | -| [RFC 9180 -- Hybrid Public Key Encryption (HPKE)](https://datatracker.ietf.org/doc/rfc9180/) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicproquo's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. | -| [NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) | The post-quantum KEM standard. quicproquo uses ML-KEM-768 in a hybrid construction with X25519 for post-quantum sealed envelope encryption. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). | -| [Protocol Buffers Language Guide (proto3)](https://protobuf.dev/programming-guides/proto3/) | The binary serialisation format used for all v2 RPC message payloads. quicproquo proto definitions live in `proto/qpq/v1/`. See [Wire Format Overview](../wire-format/overview.md). | -| [draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | The combiner approach used by quicproquo's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). | +| [RFC 9420 -- The Messaging Layer Security (MLS) Protocol](https://datatracker.ietf.org/doc/rfc9420/) | The group key agreement protocol used by quicprochat. Defines KeyPackages, Welcome messages, Commits, the ratchet tree, epoch advancement, and the security properties (forward secrecy, post-compromise security). See [MLS (RFC 9420)](../protocol-layers/mls.md). | +| [RFC 9497 -- The OPAQUE Asymmetric PAKE Protocol](https://datatracker.ietf.org/doc/rfc9497/) | Asymmetric password-authenticated key exchange. quicprochat uses OPAQUE for all user registration and login. The server never learns the user's password. See [Authentication Service Internals](../internals/authentication-service.md). | +| [RFC 9000 -- QUIC: A UDP-Based Multiplexed and Secure Transport](https://datatracker.ietf.org/doc/rfc9000/) | The transport protocol underlying quicprochat's primary connection layer. Provides multiplexed streams, 0-RTT connection establishment, and built-in congestion control. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). | +| [RFC 9001 -- Using TLS to Secure QUIC](https://datatracker.ietf.org/doc/rfc9001/) | Defines how TLS 1.3 is integrated into QUIC for authentication and key exchange. quicprochat uses this via the `quinn` + `rustls` stack. | +| [RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3](https://datatracker.ietf.org/doc/rfc8446/) | The TLS version used exclusively by quicprochat (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. | +| [RFC 9180 -- Hybrid Public Key Encryption (HPKE)](https://datatracker.ietf.org/doc/rfc9180/) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicprochat's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. | +| [NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) | The post-quantum KEM standard. quicprochat uses ML-KEM-768 in a hybrid construction with X25519 for post-quantum sealed envelope encryption. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). | +| [Protocol Buffers Language Guide (proto3)](https://protobuf.dev/programming-guides/proto3/) | The binary serialisation format used for all v2 RPC message payloads. quicprochat proto definitions live in `proto/qpc/v1/`. See [Wire Format Overview](../wire-format/overview.md). | +| [draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | The combiner approach used by quicprochat's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). | --- ## Rust Crate Documentation -| Crate | docs.rs | Role in quicproquo | +| Crate | docs.rs | Role in quicprochat | |-------|---------|----------------------| | `openmls` | [docs.rs/openmls](https://docs.rs/openmls/) | MLS protocol implementation: group creation, member addition, Welcome processing, application message encryption/decryption. See [MLS (RFC 9420)](../protocol-layers/mls.md). | | `openmls_rust_crypto` | [docs.rs/openmls_rust_crypto](https://docs.rs/openmls_rust_crypto/) | Pure-Rust cryptographic backend for openmls. Provides the `OpenMlsRustCrypto` provider used by `GroupMember`. | -| `prost` | [docs.rs/prost](https://docs.rs/prost/) | Protobuf runtime for Rust. Used to encode/decode all v2 RPC messages. Generated types are in `crates/quicproquo-proto/`. | -| `prost-build` | [docs.rs/prost-build](https://docs.rs/prost-build/) | Build-time Protobuf code generator invoked from `crates/quicproquo-proto/build.rs`. Reads `.proto` files and emits Rust structs. | +| `prost` | [docs.rs/prost](https://docs.rs/prost/) | Protobuf runtime for Rust. Used to encode/decode all v2 RPC messages. Generated types are in `crates/quicprochat-proto/`. | +| `prost-build` | [docs.rs/prost-build](https://docs.rs/prost-build/) | Build-time Protobuf code generator invoked from `crates/quicprochat-proto/build.rs`. Reads `.proto` files and emits Rust structs. | | `protobuf-src` | [docs.rs/protobuf-src](https://docs.rs/protobuf-src/) | Vendors the `protoc` compiler as a build dependency. No system-installed protoc required. | | `quinn` | [docs.rs/quinn](https://docs.rs/quinn/) | QUIC transport implementation. Provides the `Endpoint`, `Connection`, and stream types for client and server. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). | | `rustls` | [docs.rs/rustls](https://docs.rs/rustls/) | TLS 1.3 implementation used by `quinn`. Configured with `TLS13` cipher suites only and custom certificate verification. | @@ -40,9 +40,9 @@ category. | `ed25519-dalek` | [docs.rs/ed25519-dalek](https://docs.rs/ed25519-dalek/) | Ed25519 signing and verification. Used for MLS identity credentials (`BasicCredential`). See [Ed25519 Identity Keys](../cryptography/identity-keys.md). | | `x25519-dalek` | [docs.rs/x25519-dalek](https://docs.rs/x25519-dalek/) | X25519 Diffie-Hellman key exchange. Used in hybrid KEM (X25519 + ML-KEM-768) and as the classical component of DHKEM in MLS HPKE. See [Hybrid KEM](../protocol-layers/hybrid-kem.md). | | `zeroize` | [docs.rs/zeroize](https://docs.rs/zeroize/) | Secure memory zeroisation. All private key types implement `Zeroize + ZeroizeOnDrop`. See [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md). | -| `bytes` | [docs.rs/bytes](https://docs.rs/bytes/) | Zero-copy byte buffer abstraction. Used in the RPC framing layer (`quicproquo-rpc`) for efficient frame encoding/decoding without copying. | +| `bytes` | [docs.rs/bytes](https://docs.rs/bytes/) | Zero-copy byte buffer abstraction. Used in the RPC framing layer (`quicprochat-rpc`) for efficient frame encoding/decoding without copying. | | `tokio` | [docs.rs/tokio](https://docs.rs/tokio/) | Async runtime. All server and client I/O runs on Tokio. | -| `tower` | [docs.rs/tower](https://docs.rs/tower/) | Service abstraction and middleware framework. Used in `quicproquo-rpc` for RPC middleware (auth, rate limiting, tracing). | +| `tower` | [docs.rs/tower](https://docs.rs/tower/) | Service abstraction and middleware framework. Used in `quicprochat-rpc` for RPC middleware (auth, rate limiting, tracing). | | `clap` | [docs.rs/clap](https://docs.rs/clap/) | CLI argument parser for the client binary. | | `tracing` | [docs.rs/tracing](https://docs.rs/tracing/) | Structured logging framework. Used throughout the server for request logging and diagnostics. | | `thiserror` | [docs.rs/thiserror](https://docs.rs/thiserror/) | Derive macro for typed error enums in library crates. | @@ -61,7 +61,7 @@ Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, and Kevin Milner. This paper analyses the security properties of group messaging protocols and motivates the design of MLS. It defines the security goals (forward secrecy, post-compromise security, asynchronous operation) that MLS formalises into a -protocol. Essential background for understanding why quicproquo uses MLS +protocol. Essential background for understanding why quicprochat uses MLS rather than extending the Signal protocol to groups. ### Signal Protocol @@ -71,7 +71,7 @@ Trevor Perrin and Moxie Marlinspike. [signal.org/docs/specifications/doubleratchet](https://signal.org/docs/specifications/doubleratchet/) Defines the double ratchet used in Signal's 1:1 messaging. Relevant as a -potential optimisation for quicproquo's 1:1 channels (see +potential optimisation for quicprochat's 1:1 channels (see [Future Research: Double-Ratchet DM Layer](../roadmap/future-research.md#double-ratchet-dm-layer)) and as background for understanding how MLS generalises ratcheting to groups. @@ -90,7 +90,7 @@ Roberto Avanzi et al. [NIST PQC Round 3 submission](https://pq-crystals.org/kyber/) The predecessor to ML-KEM (NIST FIPS 203). CRYSTALS-Kyber was selected by NIST -and standardised as ML-KEM. quicproquo uses the `ml-kem` crate which +and standardised as ML-KEM. quicprochat uses the `ml-kem` crate which implements the final FIPS 203 standard. ### OPAQUE @@ -100,7 +100,7 @@ Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu. *EUROCRYPT 2018.* The original academic paper introducing OPAQUE. Standardised as RFC 9497. -Relevant background for understanding the security guarantees of quicproquo's +Relevant background for understanding the security guarantees of quicprochat's authentication system: the server stores a verifier (not the password), and the protocol is resistant to pre-computation attacks even if the server's verifier database is stolen. @@ -112,7 +112,7 @@ Signal Blog. [signal.org/blog/sealed-sender](https://signal.org/blog/sealed-sender/) Describes Signal's approach to hiding sender identity from the server. Relevant -to quicproquo's future research on metadata resistance (see +to quicprochat's future research on metadata resistance (see [Future Research](../roadmap/future-research.md)). --- @@ -120,7 +120,7 @@ to quicproquo's future research on metadata resistance (see ## Cross-references - [Glossary](glossary.md) -- definitions of terms used in these references -- [Protocol Layers Overview](../protocol-layers/overview.md) -- how the protocols layer in quicproquo +- [Protocol Layers Overview](../protocol-layers/overview.md) -- how the protocols layer in quicprochat - [Cryptography Overview](../cryptography/overview.md) -- cryptographic properties and threat model - [Future Research](../roadmap/future-research.md) -- technologies under consideration - [Milestones](../roadmap/milestones.md) -- current project status diff --git a/docs/src/architecture/crate-responsibilities.md b/docs/src/architecture/crate-responsibilities.md index 8a8211c..03bfd7f 100644 --- a/docs/src/architecture/crate-responsibilities.md +++ b/docs/src/architecture/crate-responsibilities.md @@ -1,6 +1,6 @@ # Crate Responsibilities -The quicproquo workspace contains nine crates. The core four (proto, core, +The quicprochat workspace contains nine crates. The core four (proto, core, server, client) follow strict layering rules; each owns one concern and depends only on the crates below it. The workspace also includes dedicated crates for the RPC framework, client SDK, key transparency, plugin API, and P2P. This @@ -13,7 +13,7 @@ crates relate to one another. ```text +-------------------+ +-------------------+ - | quicproquo-client | | quicproquo-sdk | + | quicprochat-client | | quicprochat-sdk | | (CLI/TUI binary) | | (QpqClient, store)| +--------+----------+ +--------+----------+ | | @@ -21,7 +21,7 @@ crates relate to one another. | | v v +-----------+----------+ - | quicproquo-rpc | + | quicprochat-rpc | | (framing, server, | | client, middleware) | +--------+-------------+ @@ -30,20 +30,20 @@ crates relate to one another. | | v v +------------------------+ +-----------------------------+ - | quicproquo-core | | quicproquo-server | + | quicprochat-core | | quicprochat-server | | (crypto, MLS, | | (RPC server + domain | | hybrid KEM) | | services) | +----------+-------------+ +-------------+---------------+ | | | +-------------------+ | - +------>| quicproquo-proto |<--+ + +------>| quicprochat-proto |<--+ | (capnp legacy + | | prost v2 types) | +-------------------+ (separate, no shared deps) +-------------------+ +-------------------+ +-------------------+ - | quicproquo-kt | | quicproquo-p2p | | quicproquo- | + | quicprochat-kt | | quicprochat-p2p | | quicprochat- | | (key transparency)| | (iroh P2P) | | plugin-api | +-------------------+ +-------------------+ | (#![no_std] C-ABI)| +-------------------+ @@ -56,7 +56,7 @@ both the sdk and server. --- -## quicproquo-core +## quicprochat-core **Role:** Pure cryptographic logic. No network I/O. No async runtime dependency. @@ -83,11 +83,11 @@ dependency. `ed25519-dalek`, `openmls`, `openmls_rust_crypto`, `openmls_traits`, `tls_codec`, `ml-kem`, `x25519-dalek`, `chacha20poly1305`, -`hkdf`, `sha2`, `zeroize`, `quicproquo-proto`, `serde`, `bincode`, `thiserror`. +`hkdf`, `sha2`, `zeroize`, `quicprochat-proto`, `serde`, `bincode`, `thiserror`. --- -## quicproquo-proto +## quicprochat-proto **Role:** Protocol type definitions for both v1 (legacy Cap'n Proto) and v2 (Protobuf/prost). This crate is the single source of truth for wire types and @@ -98,9 +98,9 @@ method ID constants. | Item | Description | |-------------------------------|-------------| | `schemas/*.capnp` | Legacy Cap'n Proto schemas (auth, delivery, node, federation). | -| `proto/qpq/v1/*.proto` | 14 Protobuf files defining all v2 message types. | +| `proto/qpc/v1/*.proto` | 14 Protobuf files defining all v2 message types. | | `build.rs` | Invokes `capnpc` for legacy types and `prost-build` for v2 types. | -| `pub mod qpq::v1` | All Protobuf-generated types, included via `prost` `include!`. | +| `pub mod qpc::v1` | All Protobuf-generated types, included via `prost` `include!`. | | `pub mod method_ids` | All 44 RPC method ID constants (u16) plus 4 push event type constants. | | `auth_capnp`, `node_capnp`... | Re-exported legacy Cap'n Proto generated modules. | @@ -138,7 +138,7 @@ method ID constants. --- -## quicproquo-rpc +## quicprochat-rpc **Role:** v2 RPC framework. Implements the custom binary framing protocol, server-side dispatch, client-side request/response handling, and Tower @@ -169,12 +169,12 @@ Push: [event_type: u16 BE][payload_len: u32 BE][protobuf] ### Key dependencies -`quinn`, `rustls`, `tokio`, `bytes`, `tower`, `prost`, `quicproquo-proto`, +`quinn`, `rustls`, `tokio`, `bytes`, `tower`, `prost`, `quicprochat-proto`, `tracing`, `thiserror`. --- -## quicproquo-sdk +## quicprochat-sdk **Role:** High-level client SDK. `QpqClient` wraps the RPC client with typed methods, an async event broadcast channel, and a `ConversationStore` @@ -190,17 +190,17 @@ for local conversation state. ### What this crate does NOT do -- No raw frame handling -- delegates to `quicproquo-rpc`. -- No MLS group state management -- delegates to `quicproquo-core`. +- No raw frame handling -- delegates to `quicprochat-rpc`. +- No MLS group state management -- delegates to `quicprochat-core`. ### Key dependencies -`quicproquo-rpc`, `quicproquo-core`, `quicproquo-proto`, `tokio`, `rusqlite`, +`quicprochat-rpc`, `quicprochat-core`, `quicprochat-proto`, `tokio`, `rusqlite`, `prost`, `tracing`, `thiserror`, `anyhow`. --- -## quicproquo-server +## quicprochat-server **Role:** Network-facing server binary. Accepts QUIC + TLS 1.3 connections, dispatches 44 Protobuf RPC methods through registered handlers in `domain/`, @@ -213,13 +213,13 @@ and persists state to SQLCipher. | `v2_handlers/` | One handler module per method category (auth, delivery, keys, channel, group, user, kt, blob, device, p2p, federation, moderation, recovery, account). | | `domain/` | Protocol-agnostic domain types and service logic (e.g., `AuthService`, `DeliveryService`, `KeyService`). | | `ServerState` | Shared state: SQLCipher connection pool, DashMap waiters, OPAQUE server state. | -| TLS config | Self-signed certificate auto-generated on first run (`rcgen`). TLS 1.3 only, ALPN `qpq`. | +| TLS config | Self-signed certificate auto-generated on first run (`rcgen`). TLS 1.3 only, ALPN `qpc`. | | CLI (`clap`) | `--listen` (default `0.0.0.0:5001`), `--data-dir`, `--tls-cert`, `--tls-key`. | ### Connection lifecycle ``` -QUIC accept (ALPN: "qpq") +QUIC accept (ALPN: "qpc") +- TLS 1.3 handshake (self-signed cert) +- Per-stream: read RequestFrame -> dispatch to handler -> write ResponseFrame +- Uni-stream (server -> client): write PushFrame for events @@ -235,13 +235,13 @@ via `tokio::spawn`. ### Key dependencies -`quicproquo-core`, `quicproquo-proto`, `quicproquo-rpc`, `quinn`, `rustls`, +`quicprochat-core`, `quicprochat-proto`, `quicprochat-rpc`, `quinn`, `rustls`, `rcgen`, `tokio`, `dashmap`, `rusqlite`, `prost`, `clap`, `tracing`, `anyhow`, `thiserror`. --- -## quicproquo-client +## quicprochat-client **Role:** CLI/TUI client binary. Connects to the server, orchestrates MLS group operations via `GroupMember`, and persists identity and group state. @@ -249,16 +249,16 @@ group operations via `GroupMember`, and persists identity and group state. ### What this crate does NOT do - No server-side logic. -- No raw frame parsing -- delegates to `quicproquo-sdk` / `quicproquo-rpc`. +- No raw frame parsing -- delegates to `quicprochat-sdk` / `quicprochat-rpc`. ### Key dependencies -`quicproquo-sdk`, `quicproquo-core`, `quicproquo-proto`, `tokio`, `clap`, +`quicprochat-sdk`, `quicprochat-core`, `quicprochat-proto`, `tokio`, `clap`, `rustyline`, `tracing`, `anyhow`. --- -## quicproquo-kt +## quicprochat-kt **Role:** Key transparency. Implements an append-only transparency log for Ed25519 public keys with revocation checking and audit support. @@ -268,7 +268,7 @@ Methods exposed: `RevokeKey` (510), `CheckRevocation` (511), --- -## quicproquo-plugin-api +## quicprochat-plugin-api **Role:** `#![no_std]` C-ABI plugin interface. Defines a stable ABI for dynamically loaded plugins with 6 hook points (on_message_send, @@ -279,11 +279,11 @@ allow plugins compiled for embedded or WASM targets. --- -## quicproquo-p2p +## quicprochat-p2p **Role:** P2P endpoint publish and resolve via iroh. Used by the server and clients for direct peer discovery when the `mesh` feature is enabled on -`quicproquo-client`. +`quicprochat-client`. Methods exposed: `PublishEndpoint` (800), `ResolveEndpoint` (801). @@ -308,7 +308,7 @@ build targets due to iroh's large dependency footprint (~90 extra deps). This layering ensures that: -- Crypto code can be tested in isolation (`cargo test -p quicproquo-core`). +- Crypto code can be tested in isolation (`cargo test -p quicprochat-core`). - Schema changes propagate automatically through codegen. - The server binary contains no client-side MLS orchestration logic. - The client binary contains no server-side storage or listener logic. diff --git a/docs/src/architecture/data-flow.md b/docs/src/architecture/data-flow.md index 6b57f41..57f3fb2 100644 --- a/docs/src/architecture/data-flow.md +++ b/docs/src/architecture/data-flow.md @@ -1,13 +1,13 @@ # End-to-End Data Flow -This page traces the three core data flows through the quicproquo system: +This page traces the three core data flows through the quicprochat system: registration, group creation, and message exchange. Each flow is illustrated with an ASCII sequence diagram showing control-plane (AS) and data-plane (DS) traffic. Throughout these flows the server is **MLS-unaware** -- it stores and forwards opaque byte blobs without parsing their MLS content. All RPC calls use the v2 -Protobuf framing protocol over QUIC (ALPN: `qpq`, port 5001). +Protobuf framing protocol over QUIC (ALPN: `qpc`, port 5001). --- diff --git a/docs/src/architecture/overview.md b/docs/src/architecture/overview.md index 0586240..c9e32f1 100644 --- a/docs/src/architecture/overview.md +++ b/docs/src/architecture/overview.md @@ -1,6 +1,6 @@ # Architecture Overview -quicproquo is an end-to-end encrypted group messaging system built in Rust. +quicprochat is an end-to-end encrypted group messaging system built in Rust. This page describes the high-level architecture: the services that compose the system, the dual-key cryptographic model, and how the pieces fit together. @@ -27,11 +27,11 @@ connection lifecycle, and push event delivery. ## Identity Key Model -Each quicproquo client holds a single Ed25519 signing keypair that serves +Each quicprochat client holds a single Ed25519 signing keypair that serves as its long-term identity: ```text - quicproquo Key Model + quicprochat Key Model +--------------------------------------------------+ | | | Ed25519 signing keypair (MLS identity) | @@ -71,11 +71,11 @@ For details on the cryptographic properties, see | (SDK) | | (SDK) | +--------+---------+ +--------+---------+ | | - | QUIC + TLS 1.3 (quinn/rustls) ALPN: "qpq" | + | QUIC + TLS 1.3 (quinn/rustls) ALPN: "qpc" | | | v v +------------------------------------------------------------------------+ - | quicproquo-server (port 5001) | + | quicprochat-server (port 5001) | | | | +---------------------------+ +--------------------------------+ | | | Authentication Service | | Delivery Service | | @@ -106,7 +106,7 @@ For details on the cryptographic properties, see 2. KeyPackages are single-use (RFC 9420 requirement). The AS atomically removes a KeyPackage on fetch to enforce this invariant. -3. QUIC + TLS 1.3 is the sole transport layer. The ALPN identifier is `qpq`. +3. QUIC + TLS 1.3 is the sole transport layer. The ALPN identifier is `qpc`. 4. Push events (new messages, typing, presence, membership changes) are delivered server-to-client on QUIC uni-streams using a separate push frame @@ -142,15 +142,15 @@ The implementation is split across nine workspace crates: | Crate | Role | |------------------------------|-------------------------------------------------------------------| -| `quicproquo-core` | Crypto primitives, MLS state machine, hybrid KEM | -| `quicproquo-proto` | Cap'n Proto legacy types + Protobuf (prost) v2 generated types | -| `quicproquo-kt` | Key transparency (append-only log, revocation) | -| `quicproquo-plugin-api` | `#![no_std]` C-ABI plugin interface | -| `quicproquo-rpc` | QUIC RPC framework: framing, server dispatch, client, middleware | -| `quicproquo-sdk` | Client SDK: `QpqClient`, event broadcast, `ConversationStore` | -| `quicproquo-server` | RPC server + domain services | -| `quicproquo-client` | CLI/TUI client binary | -| `quicproquo-p2p` | iroh P2P endpoint publish/resolve (feature-flagged) | +| `quicprochat-core` | Crypto primitives, MLS state machine, hybrid KEM | +| `quicprochat-proto` | Cap'n Proto legacy types + Protobuf (prost) v2 generated types | +| `quicprochat-kt` | Key transparency (append-only log, revocation) | +| `quicprochat-plugin-api` | `#![no_std]` C-ABI plugin interface | +| `quicprochat-rpc` | QUIC RPC framework: framing, server dispatch, client, middleware | +| `quicprochat-sdk` | Client SDK: `QpqClient`, event broadcast, `ConversationStore` | +| `quicprochat-server` | RPC server + domain services | +| `quicprochat-client` | CLI/TUI client binary | +| `quicprochat-p2p` | iroh P2P endpoint publish/resolve (feature-flagged) | See [Crate Responsibilities](crate-responsibilities.md) for a full breakdown and dependency diagram. diff --git a/docs/src/architecture/protocol-stack.md b/docs/src/architecture/protocol-stack.md index 598699b..744e4d7 100644 --- a/docs/src/architecture/protocol-stack.md +++ b/docs/src/architecture/protocol-stack.md @@ -1,6 +1,6 @@ # Protocol Stack -quicproquo layers three protocol stages to move a plaintext message from +quicprochat layers three protocol stages to move a plaintext message from sender to recipient with end-to-end encryption, typed RPC framing, and authenticated transport. This page describes each layer and provides a comparison table. @@ -32,12 +32,12 @@ one per RPC call. - TLS 1.3 provides perfect forward secrecy per connection via ephemeral ECDHE. - The server presents a self-signed certificate by default; the client pins the server certificate via `--ca-cert`. -- ALPN protocol identifier: `qpq`. +- ALPN protocol identifier: `qpc`. - Multiplexed streams over a single UDP socket -- one bidirectional stream per RPC call, preventing head-of-line blocking. - Uni-directional streams for server-to-client push events. -**Protobuf framing** (`quicproquo-rpc`, `quicproquo-proto`) +**Protobuf framing** (`quicprochat-rpc`, `quicprochat-proto`) - Three frame types: Request, Response, Push. - Fixed-length binary headers carry method/status codes, request correlation @@ -66,7 +66,7 @@ one per RPC call. | Layer | Provides | Crate(s) | |-------------|------------------------------------------------------------------|-----------------------------------------| | **Transport: QUIC + TLS 1.3** | Confidentiality, server authentication, forward secrecy, multiplexed streams, congestion control | `quinn`, `rustls` | -| **Framing: Protobuf** | Typed serialisation, length-prefixed framing, method dispatch, push events | `quicproquo-rpc`, `prost` | +| **Framing: Protobuf** | Typed serialisation, length-prefixed framing, method dispatch, push events | `quicprochat-rpc`, `prost` | | **Encryption: MLS** | Group key agreement, forward secrecy, post-compromise security, identity binding | `openmls`, `openmls_rust_crypto` | | **Encryption: Hybrid KEM** (optional) | Post-quantum confidentiality for individual payloads (X25519 + ML-KEM-768) | `ml-kem`, `x25519-dalek`, `chacha20poly1305`, `hkdf` | diff --git a/docs/src/architecture/service-architecture.md b/docs/src/architecture/service-architecture.md index 11ca27a..b414e2c 100644 --- a/docs/src/architecture/service-architecture.md +++ b/docs/src/architecture/service-architecture.md @@ -1,6 +1,6 @@ # Service Architecture -The quicproquo server exposes 44 RPC methods through a single QUIC + TLS 1.3 +The quicprochat server exposes 44 RPC methods through a single QUIC + TLS 1.3 endpoint on **port 5001**. Methods are dispatched by numeric method ID using the v2 Protobuf framing protocol. This page documents the method reference, connection lifecycle, storage model, and authentication flow. @@ -10,11 +10,11 @@ connection lifecycle, storage model, and authentication flow. ## RPC Endpoint A single QUIC + TLS 1.3 listener on **port 5001** serves all operations. -The ALPN identifier is `qpq`. Each RPC call uses a dedicated QUIC +The ALPN identifier is `qpc`. Each RPC call uses a dedicated QUIC bidirectional stream; calls are concurrent and do not block each other. ```text -quicproquo-server (port 5001, ALPN: "qpq") +quicprochat-server (port 5001, ALPN: "qpc") | +-- Auth (100-103) | +-- 100: OpaqueRegisterStart @@ -243,7 +243,7 @@ Client Server 2. <- QUIC HANDSHAKE TLS 1.3 ServerHello + Certificate (self-signed) - ALPN: "qpq" + ALPN: "qpc" 3. Client verifies server cert against pinned CA cert (--ca-cert flag) @@ -345,10 +345,10 @@ validates it on every authenticated method call. | Flag | Env var | Default | Description | |----------------|----------------------------|------------------------|-------------| -| `--listen` | `QPQ_LISTEN` | `0.0.0.0:5001` | QUIC listen address (host:port). | -| `--data-dir` | `QPQ_DATA_DIR` | `data` | Directory for persisted state. | -| `--tls-cert` | `QPQ_TLS_CERT` | `data/server-cert.der` | Path to TLS certificate (DER). Auto-generated if missing. | -| `--tls-key` | `QPQ_TLS_KEY` | `data/server-key.der` | Path to TLS private key (DER). Auto-generated if missing. | +| `--listen` | `QPC_LISTEN` | `0.0.0.0:5001` | QUIC listen address (host:port). | +| `--data-dir` | `QPC_DATA_DIR` | `data` | Directory for persisted state. | +| `--tls-cert` | `QPC_TLS_CERT` | `data/server-cert.der` | Path to TLS certificate (DER). Auto-generated if missing. | +| `--tls-key` | `QPC_TLS_KEY` | `data/server-key.der` | Path to TLS private key (DER). Auto-generated if missing. | Logging level is controlled by the `RUST_LOG` environment variable (default: `info`). diff --git a/docs/src/contributing/coding-standards.md b/docs/src/contributing/coding-standards.md index bef912b..ac9247d 100644 --- a/docs/src/contributing/coding-standards.md +++ b/docs/src/contributing/coding-standards.md @@ -1,6 +1,6 @@ # Coding Standards -This page defines the engineering standards for quicproquo. These are +This page defines the engineering standards for quicprochat. These are non-negotiable -- all code merged into the repository must conform to these rules. The standards exist to ensure that every milestone produces production-ready, auditable, and secure code. @@ -85,9 +85,9 @@ pub fn create_group( - No `unwrap()` or `expect()` on cryptographic operations or I/O in non-test paths. All crypto errors must be typed and propagated. -- Use `thiserror` for library error types (`quicproquo-core`, - `quicproquo-proto`, `quicproquo-rpc`, `quicproquo-sdk`) and `anyhow` for - application-level error handling (`quicproquo-server`, `quicproquo-client`). +- Use `thiserror` for library error types (`quicprochat-core`, + `quicprochat-proto`, `quicprochat-rpc`, `quicprochat-sdk`) and `anyhow` for + application-level error handling (`quicprochat-server`, `quicprochat-client`). - `unwrap()` is acceptable only in: - Test code. - Cases where the invariant is provably guaranteed by the type system diff --git a/docs/src/contributing/testing.md b/docs/src/contributing/testing.md index 1a7876e..fdbefdf 100644 --- a/docs/src/contributing/testing.md +++ b/docs/src/contributing/testing.md @@ -1,7 +1,7 @@ # Testing Strategy This page describes the testing structure, conventions, and current coverage for -quicproquo. All tests run with `cargo test --workspace` (or `just test`) and +quicprochat. All tests run with `cargo test --workspace` (or `just test`) and must pass before any code is merged. For the coding standards that tests must follow, see @@ -17,7 +17,7 @@ Unit tests live alongside the code they test, in `#[cfg(test)] mod tests` blocks at the bottom of each source file. They test individual functions and types in isolation. -**quicproquo-core (96 tests):** +**quicprochat-core (96 tests):** | Module | Tests | What they cover | |--------|-------|----------------| @@ -28,21 +28,21 @@ isolation. | `opaque_auth` | 12 | OPAQUE registration + login full flow, bad password rejection | | `mls_*` | 61 | MLS key schedule, member add/remove, Welcome processing, key exhaustion | -**quicproquo-rpc (18 tests):** +**quicprochat-rpc (18 tests):** | Module | Tests | What they cover | |--------|-------|----------------| | `framing` | 8 | Wire framing round-trips, method ID encoding, length-prefix correctness | | `dispatch` | 10 | Handler dispatch, method not found, middleware chain, timeout enforcement | -**quicproquo-sdk (30 tests):** +**quicprochat-sdk (30 tests):** | Module | Tests | What they cover | |--------|-------|----------------| | `client` | 15 | `QpqClient` connect, send, receive, event broadcast | | `conversation_store` | 15 | `ConversationStore` CRUD, pagination, message ordering | -**quicproquo-server (65 tests):** +**quicprochat-server (65 tests):** | Module | Tests | What they cover | |--------|-------|----------------| @@ -51,13 +51,13 @@ isolation. | `storage` | 15 | `FileBackedStore` and `SqlStore` CRUD, MLS entity serialisation | | `federation` | 10 | Federation peer relay, mTLS validation, domain routing | -**quicproquo-kt (21 tests):** +**quicprochat-kt (21 tests):** | Module | Tests | What they cover | |--------|-------|----------------| | `merkle_log` | 21 | Merkle tree insertion, consistency proofs, root hash correctness | -**quicproquo-p2p (34 tests):** +**quicprochat-p2p (34 tests):** | Module | Tests | What they cover | |--------|-------|----------------| @@ -65,18 +65,18 @@ isolation. ### Integration and E2E Tests -E2E tests live in `crates/quicproquo-client/tests/e2e.rs` (20 tests) and +E2E tests live in `crates/quicprochat-client/tests/e2e.rs` (20 tests) and exercise the full client-server stack in-process. Each test spawns a real server using `tokio::spawn`, runs client operations against it, and asserts on the results. -**quicproquo-client unit (16 tests):** +**quicprochat-client unit (16 tests):** | File | What it covers | |------|---------------| | `src/lib.rs` | CLI command parsing, client state machine, error formatting | -**quicproquo-client E2E (20 tests):** +**quicprochat-client E2E (20 tests):** | Test | What it covers | |------|---------------| @@ -141,7 +141,7 @@ The E2E test suite shares an `AUTH_LOCK` `tokio::Mutex` to prevent port binding conflicts when tests run in parallel. Always run E2E tests with a single thread: ```bash -cargo test -p quicproquo-client --test e2e -- --test-threads 1 +cargo test -p quicprochat-client --test e2e -- --test-threads 1 ``` Running without `--test-threads 1` may cause intermittent bind errors if two @@ -150,19 +150,19 @@ tests try to use the same port concurrently. ### Single Crate ```bash -cargo test -p quicproquo-core -cargo test -p quicproquo-rpc -cargo test -p quicproquo-sdk -cargo test -p quicproquo-server -cargo test -p quicproquo-kt -cargo test -p quicproquo-p2p +cargo test -p quicprochat-core +cargo test -p quicprochat-rpc +cargo test -p quicprochat-sdk +cargo test -p quicprochat-server +cargo test -p quicprochat-kt +cargo test -p quicprochat-p2p ``` ### Single Test ```bash -cargo test -p quicproquo-core -- codec::tests::test_round_trip -cargo test -p quicproquo-client --test e2e -- opaque_flow --test-threads 1 +cargo test -p quicprochat-core -- codec::tests::test_round_trip +cargo test -p quicprochat-client --test e2e -- opaque_flow --test-threads 1 ``` ### With Output @@ -179,13 +179,13 @@ All 301 tests pass on branch `v2`. | Crate | Unit / Integration Tests | E2E Tests | Total | |-------|--------------------------|-----------|-------| -| `quicproquo-core` | 96 | -- | 96 | -| `quicproquo-rpc` | 18 | -- | 18 | -| `quicproquo-sdk` | 30 | -- | 30 | -| `quicproquo-server` | 65 | -- | 65 | -| `quicproquo-kt` | 21 | -- | 21 | -| `quicproquo-p2p` | 34 | -- | 34 | -| `quicproquo-client` | 16 unit + 1 doctest | 20 | 37 | +| `quicprochat-core` | 96 | -- | 96 | +| `quicprochat-rpc` | 18 | -- | 18 | +| `quicprochat-sdk` | 30 | -- | 30 | +| `quicprochat-server` | 65 | -- | 65 | +| `quicprochat-kt` | 21 | -- | 21 | +| `quicprochat-p2p` | 34 | -- | 34 | +| `quicprochat-client` | 16 unit + 1 doctest | 20 | 37 | | **Total** | **281** | **20** | **301** | --- diff --git a/docs/src/cryptography/forward-secrecy.md b/docs/src/cryptography/forward-secrecy.md index 0952dfc..67f2567 100644 --- a/docs/src/cryptography/forward-secrecy.md +++ b/docs/src/cryptography/forward-secrecy.md @@ -6,7 +6,7 @@ compromised, past session keys cannot be recovered.** In other words, an attacker who obtains today's long-term key cannot use it to decrypt messages recorded yesterday. -quicproquo provides forward secrecy at two independent layers: the transport +quicprochat provides forward secrecy at two independent layers: the transport layer and the application layer. Even if one layer's FS mechanism is defeated, the other continues to protect message confidentiality. @@ -28,7 +28,7 @@ In each TLS 1.3 handshake: Because the ephemeral keys exist only for the duration of the handshake, compromising the server's long-term TLS certificate key (currently self-signed -in quicproquo) does not reveal past session keys. +in quicprochat) does not reveal past session keys. ## Application Layer Forward Secrecy @@ -54,7 +54,7 @@ This deletion is the mechanism that provides forward secrecy: once old epoch keys are erased, messages encrypted under those keys cannot be decrypted, even if the current group state is compromised. -In quicproquo, epoch advancement occurs when: +In quicprochat, epoch advancement occurs when: - `add_member()` is called, which creates a Commit and calls `merge_pending_commit()`. @@ -91,7 +91,7 @@ HPKE init keys. ## Layered Forward Secrecy -A distinctive property of quicproquo's design is that forward secrecy +A distinctive property of quicprochat's design is that forward secrecy operates at two independent layers: ```text @@ -135,7 +135,7 @@ unless they also break the transport encryption. Signal's Double Ratchet protocol also provides forward secrecy, but the mechanisms differ: -| Property | Signal Double Ratchet | MLS (quicproquo) | +| Property | Signal Double Ratchet | MLS (quicprochat) | |----------|----------------------|---------------------| | Scope | Pairwise (1:1 sessions) | Group (n-party) | | Ratchet granularity | Per message (symmetric ratchet) + per DH round (DH ratchet) | Per epoch (Commit) | diff --git a/docs/src/cryptography/identity-keys.md b/docs/src/cryptography/identity-keys.md index 5ce5c96..f5d8266 100644 --- a/docs/src/cryptography/identity-keys.md +++ b/docs/src/cryptography/identity-keys.md @@ -1,11 +1,11 @@ # Ed25519 Identity Keys The Ed25519 identity keypair is the long-term cryptographic identity of a -quicproquo client. It is generated once, persisted across sessions, and used +quicprochat client. It is generated once, persisted across sessions, and used for MLS credential signing, Authentication Service registration, and delivery queue addressing. -**Source:** `crates/quicproquo-core/src/identity.rs` +**Source:** `crates/quicprochat-core/src/identity.rs` ## Structure @@ -37,7 +37,7 @@ A fresh identity keypair is generated from the OS CSPRNG (`OsRng`) via `ed25519-dalek`: ```rust -use quicproquo_core::identity::IdentityKeypair; +use quicprochat_core::identity::IdentityKeypair; let identity = IdentityKeypair::generate(); // The signing key seed is generated from OsRng (getrandom on Linux). diff --git a/docs/src/cryptography/key-lifecycle.md b/docs/src/cryptography/key-lifecycle.md index c394a6b..1d29f3b 100644 --- a/docs/src/cryptography/key-lifecycle.md +++ b/docs/src/cryptography/key-lifecycle.md @@ -1,6 +1,6 @@ # Key Lifecycle and Zeroization -quicproquo uses multiple key types with different lifetimes, creation +quicprochat uses multiple key types with different lifetimes, creation patterns, and destruction guarantees. This page provides a comprehensive lifecycle diagram for every key type in the system, from generation through zeroization. @@ -25,7 +25,7 @@ Hybrid KEM Keys Per peer (future) Public portion X25519+ML-KEM-768 ## Ed25519 Identity Key -**Source:** `crates/quicproquo-core/src/identity.rs` +**Source:** `crates/quicprochat-core/src/identity.rs` The Ed25519 identity key is the most long-lived secret in the system. It represents the client's cryptographic identity across all sessions and groups. @@ -92,8 +92,8 @@ zeroization. ## HPKE Init Keys -**Source:** `crates/quicproquo-core/src/keystore.rs` and -`crates/quicproquo-core/src/group.rs` +**Source:** `crates/quicprochat-core/src/keystore.rs` and +`crates/quicprochat-core/src/group.rs` HPKE init keys are generated by the openmls backend as part of MLS KeyPackage creation. They are single-use: each init key is consumed exactly once when @@ -167,7 +167,7 @@ processing a Welcome message. **Managed by:** `openmls` (internal to the `MlsGroup` state machine) MLS epoch keys are derived internally by the openmls ratchet tree. They are not -directly accessible in quicproquo code but are critical to understanding the +directly accessible in quicprochat code but are critical to understanding the system's security properties. ### Lifecycle @@ -216,12 +216,12 @@ system's security properties. - **Deletion:** Old epoch keys are deleted after the Commit is processed. This deletion is what provides [forward secrecy](forward-secrecy.md) at the MLS layer. -- **No direct access:** quicproquo code interacts with epoch keys only +- **No direct access:** quicprochat code interacts with epoch keys only indirectly through `send_message()` and `receive_message()`. ## Hybrid KEM Keys (Future -- M5+) -**Source:** `crates/quicproquo-core/src/hybrid_kem.rs` +**Source:** `crates/quicprochat-core/src/hybrid_kem.rs` The hybrid KEM keypair combines X25519 (classical) with ML-KEM-768 (post-quantum) for content encryption that resists both classical and quantum diff --git a/docs/src/cryptography/overview.md b/docs/src/cryptography/overview.md index 7bf19e3..43d09fd 100644 --- a/docs/src/cryptography/overview.md +++ b/docs/src/cryptography/overview.md @@ -1,6 +1,6 @@ # Cryptography Overview -quicproquo layers multiple cryptographic protocols to provide confidentiality, +quicprochat layers multiple cryptographic protocols to provide confidentiality, integrity, authentication, forward secrecy, and post-compromise security. This page catalogues every algorithm in the system, the crate that supplies it, and the security margin it provides. diff --git a/docs/src/cryptography/post-compromise-security.md b/docs/src/cryptography/post-compromise-security.md index dec1d2b..f6427ba 100644 --- a/docs/src/cryptography/post-compromise-security.md +++ b/docs/src/cryptography/post-compromise-security.md @@ -13,7 +13,7 @@ PCS is the complement of [forward secrecy](forward-secrecy.md): - **Post-compromise security** protects the **future** from a past compromise. MLS (RFC 9420) is specifically designed to provide both properties simultaneously -for group messaging. This is a key differentiator of quicproquo's design. +for group messaging. This is a key differentiator of quicprochat's design. ## How MLS Provides PCS @@ -64,7 +64,7 @@ This means: For a group of 1,000 members, the path length is approximately 10 nodes -- making PCS practical even for large groups. -## Epoch Advancement in quicproquo +## Epoch Advancement in quicprochat In the current implementation, epoch advancement occurs through the `GroupMember` methods in `group.rs`: @@ -145,7 +145,7 @@ deleted), and future epochs are protected by PCS (new key material generated). Signal's group messaging uses **Sender Keys**, a fundamentally different mechanism from MLS's ratchet tree. The comparison is instructive because it -highlights why MLS was chosen for quicproquo: +highlights why MLS was chosen for quicprochat: ### Signal Sender Keys @@ -168,7 +168,7 @@ security. If an attacker compromises a member's Sender Key: membership changes. - There is no automatic healing mechanism analogous to MLS's ratchet tree. -### MLS Ratchet Tree (quicproquo) +### MLS Ratchet Tree (quicprochat) In contrast, MLS's ratchet tree provides PCS because: @@ -218,7 +218,7 @@ periodic Updates (planned) will bound the healing window. ### Server compromise does not prevent PCS -The quicproquo server is MLS-unaware -- it stores and forwards encrypted +The quicprochat server is MLS-unaware -- it stores and forwards encrypted MLS messages without access to the group state. A compromised server cannot: - Prevent PCS by blocking Commits (it could perform denial-of-service, but diff --git a/docs/src/cryptography/post-quantum-readiness.md b/docs/src/cryptography/post-quantum-readiness.md index eca07a6..22b25e2 100644 --- a/docs/src/cryptography/post-quantum-readiness.md +++ b/docs/src/cryptography/post-quantum-readiness.md @@ -1,15 +1,15 @@ # Post-Quantum Readiness -quicproquo includes a fully implemented and tested hybrid key encapsulation +quicprochat includes a fully implemented and tested hybrid key encapsulation mechanism (KEM) combining X25519 (classical) with ML-KEM-768 (post-quantum). This page describes the current implementation, the integration plan, the security rationale, and the known gaps. -**Source:** `crates/quicproquo-core/src/hybrid_kem.rs` +**Source:** `crates/quicprochat-core/src/hybrid_kem.rs` ## Current State -The hybrid KEM is **fully implemented and tested** in `quicproquo-core`. The +The hybrid KEM is **fully implemented and tested** in `quicprochat-core`. The implementation provides: - `HybridKeypair::generate()` -- generate a combined X25519 + ML-KEM-768 keypair @@ -35,7 +35,7 @@ The test suite in `hybrid_kem.rs` includes 10 tests covering: ## ML-KEM-768 (FIPS 203) ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) is the NIST-standardized -post-quantum KEM, published as FIPS 203. quicproquo uses ML-KEM-768, the +post-quantum KEM, published as FIPS 203. quicprochat uses ML-KEM-768, the middle parameter set: | Parameter Set | NIST Level | Security (PQ) | EK Size | CT Size | SS Size | @@ -69,8 +69,8 @@ executed, and their shared secrets are combined through a KDF: ```text ikm = X25519_shared_secret(32 bytes) || ML-KEM_shared_secret(32 bytes) -key = HKDF-SHA256(salt=[], ikm, info="quicproquo-hybrid-v1", L=32) -nonce = HKDF-SHA256(salt=[], ikm, info="quicproquo-hybrid-nonce-v1", L=12) +key = HKDF-SHA256(salt=[], ikm, info="quicprochat-hybrid-v1", L=32) +nonce = HKDF-SHA256(salt=[], ikm, info="quicprochat-hybrid-nonce-v1", L=12) ``` The combined IKM (input key material) is wrapped in `Zeroizing>` and @@ -165,7 +165,7 @@ hybrid KEM for HPKE init key exchange: ## The PQ Gap -There is an important asymmetry in quicproquo's post-quantum protection: +There is an important asymmetry in quicprochat's post-quantum protection: ```text Layer Classical Protection Post-Quantum Protection @@ -191,7 +191,7 @@ This is the **PQ gap**: content is safe, but metadata is not. Post-quantum TLS (via ML-KEM in the TLS 1.3 handshake) is being standardized by the IETF and is supported by some TLS libraries, but `rustls` does not yet -support it in a stable release. When `rustls` adds ML-KEM support, quicproquo +support it in a stable release. When `rustls` adds ML-KEM support, quicprochat will adopt it to close the PQ gap at the transport layer. ## Harvest-Now, Decrypt-Later Risk @@ -202,7 +202,7 @@ The "harvest-now, decrypt-later" (HNDL) threat model assumes an adversary who: 2. Waits for a sufficiently powerful quantum computer (years or decades). 3. Decrypts the recorded traffic retroactively. -In quicproquo's case: +In quicprochat's case: - **Content is safe from M5 onward.** The hybrid KEM wrapping MLS content uses ML-KEM-768, which resists quantum attacks. Even if the recorded traffic is diff --git a/docs/src/cryptography/threat-model.md b/docs/src/cryptography/threat-model.md index 4d9ee35..7168fc8 100644 --- a/docs/src/cryptography/threat-model.md +++ b/docs/src/cryptography/threat-model.md @@ -1,6 +1,6 @@ # Threat Model -This page defines the attacker models quicproquo is designed to resist, +This page defines the attacker models quicprochat is designed to resist, catalogues what is and is not protected, identifies known gaps in the current implementation, and outlines future mitigations. @@ -41,7 +41,7 @@ state-level adversary). **What they can do:** - Attempt TLS 1.3 MITM: TLS 1.3 prevents this if the client validates the - server's certificate. However, quicproquo currently uses **self-signed + server's certificate. However, quicprochat currently uses **self-signed certificates**, which means the client has no CA chain to verify. On the first connection, a MITM could present their own certificate and intercept the session (trust-on-first-use vulnerability). diff --git a/docs/src/design-rationale/adr-002-capnproto.md b/docs/src/design-rationale/adr-002-capnproto.md index a8e849a..7a9e4e8 100644 --- a/docs/src/design-rationale/adr-002-capnproto.md +++ b/docs/src/design-rationale/adr-002-capnproto.md @@ -6,7 +6,7 @@ ## Context -quicproquo needs an efficient, typed wire format for client-server communication. The format must support: +quicprochat needs an efficient, typed wire format for client-server communication. The format must support: 1. **Typed messages** with compile-time schema enforcement to eliminate hand-rolled serialisation bugs. 2. **Schema evolution** so that new fields and methods can be added without breaking existing clients. @@ -105,7 +105,7 @@ The Cap'n Proto schemas are stored in the `schemas/` directory: ### Costs and trade-offs -- **Build-time code generation.** The `capnpc` compiler must run during the build (via `build.rs` in `quicproquo-proto`). This adds a build dependency and increases compile times slightly. +- **Build-time code generation.** The `capnpc` compiler must run during the build (via `build.rs` in `quicprochat-proto`). This adds a build dependency and increases compile times slightly. - **Learning curve.** Cap'n Proto's builder/reader API is different from typical `serde`-based Rust serialisation. Developers must learn the Cap'n Proto programming model (builders for construction, readers for traversal, owned messages for storage). - **Generated code verbosity.** The generated Rust code is verbose and not intended to be read directly. Application code interacts with it through the builder/reader traits. - **Smaller ecosystem than Protobuf.** Cap'n Proto has fewer users, fewer tutorials, and fewer third-party tools than Protobuf. However, the core Rust crates are well-maintained. @@ -114,7 +114,7 @@ The Cap'n Proto schemas are stored in the `schemas/` directory: ### Residual risks - **Crate maintenance.** The `capnp` and `capnp-rpc` crates are maintained primarily by David Renshaw. If maintenance lapses, the project would need to fork or switch serialisation formats. Mitigated by the crates' maturity and the relatively stable Cap'n Proto specification. -- **RPC limitations.** The Rust `capnp-rpc` crate implements Level 1 of the Cap'n Proto RPC protocol. Level 3 features (three-party handoffs) are not supported. This has not been a limitation for quicproquo's client-server architecture. +- **RPC limitations.** The Rust `capnp-rpc` crate implements Level 1 of the Cap'n Proto RPC protocol. Level 3 features (three-party handoffs) are not supported. This has not been a limitation for quicprochat's client-server architecture. --- @@ -126,8 +126,8 @@ The Cap'n Proto schemas are stored in the `schemas/` directory: | `schemas/auth.capnp` | AuthenticationService RPC interface | | `schemas/delivery.capnp` | DeliveryService RPC interface | | `schemas/node.capnp` | NodeService unified RPC interface | -| `crates/quicproquo-proto/build.rs` | Build script that invokes `capnpc` for code generation | -| `crates/quicproquo-proto/src/lib.rs` | Re-exports generated Cap'n Proto modules | +| `crates/quicprochat-proto/build.rs` | Build script that invokes `capnpc` for code generation | +| `crates/quicprochat-proto/src/lib.rs` | Re-exports generated Cap'n Proto modules | --- diff --git a/docs/src/design-rationale/adr-004-mls-unaware-ds.md b/docs/src/design-rationale/adr-004-mls-unaware-ds.md index 647ea35..d067e55 100644 --- a/docs/src/design-rationale/adr-004-mls-unaware-ds.md +++ b/docs/src/design-rationale/adr-004-mls-unaware-ds.md @@ -40,7 +40,7 @@ The RFC explicitly envisions that the DS operates on opaque blobs, not on decryp ## Decision -The quicproquo Delivery Service is **MLS-unaware**. It routes opaque byte strings by `(recipientKey, channelId)` without parsing, inspecting, or validating any MLS content. +The quicprochat Delivery Service is **MLS-unaware**. It routes opaque byte strings by `(recipientKey, channelId)` without parsing, inspecting, or validating any MLS content. ### What the DS sees @@ -109,8 +109,8 @@ This means that sending a message to a group of n members requires n-1 enqueue c |---|---| | `schemas/delivery.capnp` | DeliveryService RPC interface (opaque `Data` payloads) | | `schemas/node.capnp` | NodeService: `enqueue`, `fetch`, `fetchWait` methods | -| `crates/quicproquo-server/src/storage.rs` | Server-side queue storage (DashMap-based FIFO queues) | -| `crates/quicproquo-server/src/main.rs` | NodeService RPC handler implementation | +| `crates/quicprochat-server/src/storage.rs` | Server-side queue storage (DashMap-based FIFO queues) | +| `crates/quicprochat-server/src/main.rs` | NodeService RPC handler implementation | --- diff --git a/docs/src/design-rationale/adr-005-single-use-keypackages.md b/docs/src/design-rationale/adr-005-single-use-keypackages.md index 55d16fe..2c32d43 100644 --- a/docs/src/design-rationale/adr-005-single-use-keypackages.md +++ b/docs/src/design-rationale/adr-005-single-use-keypackages.md @@ -100,8 +100,8 @@ This is a defense-in-depth measure. In practice, MLS's own signature verificatio |---|---| | `schemas/auth.capnp` | `AuthenticationService` interface: `uploadKeyPackage`, `fetchKeyPackage` | | `schemas/node.capnp` | `NodeService` interface: same methods with `Auth` parameter | -| `crates/quicproquo-server/src/storage.rs` | Server-side KeyPackage storage (DashMap-backed queue) | -| `crates/quicproquo-server/src/main.rs` | RPC handler: `fetchKeyPackage` implementation with atomic removal | +| `crates/quicprochat-server/src/storage.rs` | Server-side KeyPackage storage (DashMap-backed queue) | +| `crates/quicprochat-server/src/main.rs` | RPC handler: `fetchKeyPackage` implementation with atomic removal | --- diff --git a/docs/src/design-rationale/adr-006-rest-gateway.md b/docs/src/design-rationale/adr-006-rest-gateway.md index c3bd8ee..7995e1c 100644 --- a/docs/src/design-rationale/adr-006-rest-gateway.md +++ b/docs/src/design-rationale/adr-006-rest-gateway.md @@ -6,7 +6,7 @@ Accepted (supersedes earlier REST gateway proposal) ## Context -quicproquo uses QUIC + Cap'n Proto RPC as its native protocol. This +quicprochat uses QUIC + Cap'n Proto RPC as its native protocol. This combination delivers zero-copy serialization, multiplexed streams, and sub-RTT connection establishment — ideal for high-performance clients. @@ -58,11 +58,11 @@ Both paths use QUIC transport. The project name stays honest. ### Crypto layer distribution -MLS encryption/decryption must happen client-side. The `quicproquo-core` +MLS encryption/decryption must happen client-side. The `quicprochat-core` crate is compiled to: - **WASM** — for browsers, Node.js, Deno -- **C FFI** (`libquicproquo`) — for Swift, Kotlin, Python, Go (via cgo) +- **C FFI** (`libquicprochat`) — for Swift, Kotlin, Python, Go (via cgo) - **Native Rust** — for Rust clients (existing) ### Why not REST? @@ -104,9 +104,9 @@ gRPC may be reconsidered for server-to-server federation (Phase 7.3). ### Neutral -- SDKs live in separate repositories (e.g., `quicproquo-go`, - `quicproquo-py`) to avoid bloating the core workspace. -- The C FFI crate (`quicproquo-ffi`) bundles both crypto and transport, +- SDKs live in separate repositories (e.g., `quicprochat-go`, + `quicprochat-py`) to avoid bloating the core workspace. +- The C FFI crate (`quicprochat-ffi`) bundles both crypto and transport, so language bindings only need to call C functions. ## Related diff --git a/docs/src/design-rationale/overview.md b/docs/src/design-rationale/overview.md index 1c88ae1..da8b635 100644 --- a/docs/src/design-rationale/overview.md +++ b/docs/src/design-rationale/overview.md @@ -1,6 +1,6 @@ # Design Decisions Overview -This section collects the Architecture Decision Records (ADRs) that document the key design choices in quicproquo. Each ADR follows a standard format: context (why the decision was needed), decision (what was chosen), and consequences (trade-offs, benefits, and residual risks). +This section collects the Architecture Decision Records (ADRs) that document the key design choices in quicprochat. Each ADR follows a standard format: context (why the decision was needed), decision (what was chosen), and consequences (trade-offs, benefits, and residual risks). These decisions are not immutable. Each ADR has a status field and can be superseded by a later ADR if circumstances change. The goal is to preserve the reasoning behind each choice so that future contributors understand *why* the system works the way it does, not just *how*. @@ -19,7 +19,7 @@ These decisions are not immutable. Each ADR has a status field and can be supers ## Design comparison -For a broader comparison of quicproquo's design against alternative messaging protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md). +For a broader comparison of quicprochat's design against alternative messaging protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md). --- @@ -41,7 +41,7 @@ Each ADR page follows this structure: **Context** -quicproquo v1 used Cap'n Proto for both serialisation and RPC dispatch via +quicprochat v1 used Cap'n Proto for both serialisation and RPC dispatch via `capnp-rpc`. This worked well for the initial 8-method `NodeService` interface but had several limitations as the protocol expanded: @@ -60,15 +60,15 @@ but had several limitations as the protocol expanded: **Decision** -Replace `capnp-rpc` with a custom binary framing layer (`quicproquo-rpc`) and +Replace `capnp-rpc` with a custom binary framing layer (`quicprochat-rpc`) and Protocol Buffers (`prost`) for payload serialisation: - Three frame types: Request (10-byte header), Response (9-byte header), Push (6-byte header), all carrying Protobuf-encoded payloads. - Method IDs are numeric `u16` constants dispatched via a handler registry. One QUIC bidirectional stream per RPC call; push events on QUIC uni-streams. -- ALPN changed from `b"capnp"` to `b"qpq"`. Default port changed from 7000 to 5001. -- Cap'n Proto legacy types are retained in `quicproquo-proto` for v1 compatibility +- ALPN changed from `b"capnp"` to `b"qpc"`. Default port changed from 7000 to 5001. +- Cap'n Proto legacy types are retained in `quicprochat-proto` for v1 compatibility but are no longer used for RPC dispatch. **Consequences** @@ -90,9 +90,9 @@ Costs: **Code references** -- Frame format: `crates/quicproquo-rpc/src/framing.rs` -- Method IDs: `crates/quicproquo-proto/src/lib.rs` (`method_ids` module) -- Proto schemas: `proto/qpq/v1/*.proto` +- Frame format: `crates/quicprochat-rpc/src/framing.rs` +- Method IDs: `crates/quicprochat-proto/src/lib.rs` (`method_ids` module) +- Proto schemas: `proto/qpc/v1/*.proto` --- @@ -109,7 +109,7 @@ ADR-004 and ADR-005 reflect a design philosophy where the server does as little ### Schema-first design The v2 protocol defines all messages and method IDs in checked-in source files -(`proto/qpq/v1/*.proto` and `crates/quicproquo-proto/src/lib.rs`). Every wire +(`proto/qpc/v1/*.proto` and `crates/quicprochat-proto/src/lib.rs`). Every wire type is documented, versioned, and evolvable through the standard Protobuf schema evolution rules (adding optional fields, reserving removed field numbers). diff --git a/docs/src/design-rationale/protocol-comparison.md b/docs/src/design-rationale/protocol-comparison.md index 6411414..460ea3f 100644 --- a/docs/src/design-rationale/protocol-comparison.md +++ b/docs/src/design-rationale/protocol-comparison.md @@ -1,6 +1,6 @@ # Comparison with Classical Chat Protocols -This page compares quicproquo against **classical and legacy chat protocols** -- IRC+SSL, XMPP (with and without OMEMO), Telegram's MTProto, and plain TCP/TLS chat systems -- to demonstrate what a modern, cryptographically rigorous design provides over protocols that were designed before end-to-end encryption, post-compromise security, and post-quantum readiness were practical concerns. +This page compares quicprochat against **classical and legacy chat protocols** -- IRC+SSL, XMPP (with and without OMEMO), Telegram's MTProto, and plain TCP/TLS chat systems -- to demonstrate what a modern, cryptographically rigorous design provides over protocols that were designed before end-to-end encryption, post-compromise security, and post-quantum readiness were practical concerns. For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md). @@ -9,7 +9,7 @@ For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Mego ## At a glance ``` - Classical IRC+SSL quicproquo + Classical IRC+SSL quicprochat ───────────────── ────────────── You ──TLS──▶ Server ──TLS──▶ Bob You ──QUIC/TLS──▶ Server ──QUIC/TLS──▶ Bob @@ -19,13 +19,13 @@ For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Mego messages (cannot decrypt) ``` -The fundamental difference: **classical protocols trust the server with your plaintext**. quicproquo's server is cryptographically excluded from reading message content. +The fundamental difference: **classical protocols trust the server with your plaintext**. quicprochat's server is cryptographically excluded from reading message content. --- ## Protocol comparison matrix -| Property | IRC+SSL | XMPP+TLS | XMPP+OMEMO | Telegram (MTProto) | quicproquo | +| Property | IRC+SSL | XMPP+TLS | XMPP+OMEMO | Telegram (MTProto) | quicprochat | |---|---|---|---|---|---| | **Transport encryption** | TLS (server-to-server optional) | STARTTLS / direct TLS | STARTTLS / direct TLS | MTProto 2.0 (custom) | QUIC + TLS 1.3 | | **End-to-end encryption** | None | None | Double Ratchet (1:1) | "Secret chats" only (1:1) | MLS RFC 9420 (groups native) | @@ -41,7 +41,7 @@ The fundamental difference: **classical protocols trust the server with your pla --- -## Deep dive: IRC+SSL vs. quicproquo +## Deep dive: IRC+SSL vs. quicprochat IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Adding SSL/TLS wraps the TCP connection in transport encryption, but the protocol's security model remains fundamentally unchanged. @@ -66,7 +66,7 @@ IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Add 4. **No post-compromise security.** There is no mechanism to recover from a key compromise. If a server is breached, all messages flowing through it are exposed indefinitely. 5. **No identity binding.** NickServ password authentication is plaintext over the IRC protocol (inside TLS, but visible to the server). There is no cryptographic binding between a user's identity and their messages. -### What happens when Alice sends a message on quicproquo +### What happens when Alice sends a message on quicprochat ``` ┌───────┐ ┌────────┐ ┌─────┐ @@ -93,7 +93,7 @@ IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Add --- -## Deep dive: XMPP+OMEMO vs. quicproquo +## Deep dive: XMPP+OMEMO vs. quicprochat XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratchet protocol. This is a significant improvement over plain XMPP, but OMEMO inherits the limitations of the Signal Protocol for group messaging. @@ -109,7 +109,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc 3 encryptions per message O(n) cost per send - quicproquo MLS group (4 members) + quicprochat MLS group (4 members) Alice encrypts once with group epoch key: ┌───────┐ ── MLS_encrypt(epoch_key) ──▶ Server @@ -120,7 +120,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc (all decrypt with same epoch key) ``` -| Property | XMPP+OMEMO groups | quicproquo MLS groups | +| Property | XMPP+OMEMO groups | quicprochat MLS groups | |---|---|---| | **Encryption per message** | O(n) -- encrypt once per recipient | O(1) -- single MLS application message | | **Add member** | O(n) -- distribute sender keys to all | O(log n) -- single MLS Commit | @@ -131,7 +131,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc --- -## Deep dive: Telegram (MTProto) vs. quicproquo +## Deep dive: Telegram (MTProto) vs. quicprochat Telegram is often perceived as a "secure" messenger, but its default mode provides **no end-to-end encryption**. Only "Secret Chats" (1:1 only, not available on desktop) use E2E encryption. @@ -163,7 +163,7 @@ Telegram is often perceived as a "secure" messenger, but its default mode provid ### Comparison -| Property | Telegram Cloud Chats | Telegram Secret Chats | quicproquo | +| Property | Telegram Cloud Chats | Telegram Secret Chats | quicprochat | |---|---|---|---| | **Server reads plaintext** | Yes | No | No | | **Group E2E** | No | N/A (1:1 only) | Yes (MLS) | @@ -173,7 +173,7 @@ Telegram is often perceived as a "secure" messenger, but its default mode provid | **Open source server** | No | No | Yes (MIT license) | | **Post-quantum** | None | None | Hybrid KEM (X25519 + ML-KEM-768) | -**Critical concern with Telegram:** MTProto is a custom, proprietary cryptographic protocol that has not undergone the same level of independent cryptographic review as standard protocols (TLS, MLS, Signal Protocol). Multiple academic papers have identified weaknesses in earlier versions. quicproquo exclusively uses IETF-standardized protocols (TLS 1.3, MLS RFC 9420) and widely reviewed cryptographic primitives. +**Critical concern with Telegram:** MTProto is a custom, proprietary cryptographic protocol that has not undergone the same level of independent cryptographic review as standard protocols (TLS, MLS, Signal Protocol). Multiple academic papers have identified weaknesses in earlier versions. quicprochat exclusively uses IETF-standardized protocols (TLS 1.3, MLS RFC 9420) and widely reviewed cryptographic primitives. --- @@ -208,7 +208,7 @@ An attacker gains root access to the chat server. │ sees metadata (who talks to whom, │ │ when, message sizes). │ │ │ -│ quicproquo: │ +│ quicprochat: │ │ Cannot read messages (MLS E2E). │ │ Sees metadata (recipient keys, │ │ timing, sizes). │ @@ -243,7 +243,7 @@ A state-level adversary records all encrypted traffic today, planning to decrypt Telegram (MTProto / custom DH): └── Quantum computer breaks DH → all recorded messages decrypted - quicproquo (Hybrid KEM): + quicprochat (Hybrid KEM): └── Transport: QUIC/TLS with ECDHE → quantum computer breaks this layer └── Inner layer: MLS content encrypted with group epoch keys └── Hybrid KEM envelope: X25519 + ML-KEM-768 @@ -252,7 +252,7 @@ A state-level adversary records all encrypted traffic today, planning to decrypt └── Combined key: STILL SECURE (both must be broken) ``` -quicproquo's hybrid "belt and suspenders" design means that **even if X25519 falls to a quantum computer, ML-KEM-768 protects the content**. The adversary's recorded ciphertext remains useless. +quicprochat's hybrid "belt and suspenders" design means that **even if X25519 falls to a quantum computer, ML-KEM-768 protects the content**. The adversary's recorded ciphertext remains useless. ### Scenario 3: Device theft / compromise @@ -279,7 +279,7 @@ An attacker steals Alice's unlocked device and extracts her key material. Messages after T: all accessible (cloud sync) Recovery: terminate session from another device - quicproquo: + quicprochat: Messages before T: protected (MLS forward secrecy, past epoch keys deleted) Messages after T: exposed only until next MLS epoch advance Recovery: ANY group member issues an MLS Update proposal → @@ -293,7 +293,7 @@ An attacker steals Alice's unlocked device and extracts her key material. ### Why QUIC over TCP -Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) blocking. quicproquo uses QUIC, which provides independent streams over UDP. +Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) blocking. quicprochat uses QUIC, which provides independent streams over UDP. ``` TCP (IRC/XMPP): all streams share one ordered byte stream @@ -308,7 +308,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b └── ALL streams blocked until retransmit - QUIC (quicproquo): each stream is independent + QUIC (quicprochat): each stream is independent ────────────────────────────────────────────────── Stream A: ████████░░██████████████ (only A waits) @@ -334,7 +334,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b ════════════════════════════════════════════════════ Total: 2-3 round trips before first message - quicproquo: QUIC integrates crypto into handshake = 1 RTT (or 0-RTT) + quicprochat: QUIC integrates crypto into handshake = 1 RTT (or 0-RTT) ────────────────────────────────────────────────────────────────────────── Client ──Initial(ClientHello)──▶ Server │ Client ◀──Initial(ServerHello)── Server │ 1 RTT total @@ -363,7 +363,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b Phone number + SMS OTP ← carrier and Telegram see phone number (identity = phone number) ← no cryptographic identity - quicproquo (OPAQUE PAKE): + quicprochat (OPAQUE PAKE): Client ──blinded_element──▶ Server │ Server never sees password Client ◀──evaluated_element── Server │ Mutual authentication Client ──finalization──▶ Server │ Session key derived @@ -406,7 +406,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b │ Schema via XSD exists but rarely enforced at runtime. │ └──────────────────────────────────────────────────────────┘ - Cap'n Proto (quicproquo): + Cap'n Proto (quicprochat): ┌──────────────────────────────────────────────────────────┐ │ [8-byte aligned struct with pointers] │ │ │ @@ -434,7 +434,7 @@ The following diagram maps each protocol against the security properties it prov Telegram Cloud · · · · · · · · Telegram Secret △ · ● · · ● · · Signal ● · ● ● △ ● · · - quicproquo ● ● ● ● ● ● ● ● + quicprochat ● ● ● ● ● ● ● ● Legend: ● = yes △ = partial · = no FS = forward secrecy PCS = post-compromise security @@ -446,12 +446,12 @@ The following diagram maps each protocol against the security properties it prov --- -## The quicproquo advantage: a layered defense +## The quicprochat advantage: a layered defense -Classical protocols rely on a **single layer** of security (transport TLS). quicproquo applies defense in depth with **three independent layers**, each of which must be broken separately: +Classical protocols rely on a **single layer** of security (transport TLS). quicprochat applies defense in depth with **three independent layers**, each of which must be broken separately: ``` - IRC+SSL security layers: quicproquo security layers: + IRC+SSL security layers: quicprochat security layers: ┌─────────────────────────┐ ┌─────────────────────────────────┐ │ TLS (transport) │ │ Layer 3: Hybrid KEM envelope │ @@ -474,7 +474,7 @@ Classical protocols rely on a **single layer** of security (transport TLS). quic To read a message, attacker must break: IRC+SSL: TLS (1 layer) - quicproquo: TLS + MLS + Hybrid KEM (3 layers) + quicprochat: TLS + MLS + Hybrid KEM (3 layers) ``` --- @@ -483,7 +483,7 @@ Classical protocols rely on a **single layer** of security (transport TLS). quic Fairness demands acknowledging where classical protocols genuinely excel: -| Advantage | IRC | quicproquo | +| Advantage | IRC | quicprochat | |---|---|---| | **Simplicity** | Telnet-compatible text protocol | Binary protocol requiring client implementation | | **Maturity** | 35+ years of production use | Early-stage research project | @@ -493,7 +493,7 @@ Fairness demands acknowledging where classical protocols genuinely excel: | **Public channels** | Designed for open, unencrypted discussion | Designed for private, encrypted communication | | **Anonymity** | No identity required | Requires Ed25519 identity keypair | -IRC remains an excellent choice for **public, open discussion** where encryption is not needed and simplicity is valued. quicproquo is designed for a different threat model: private communication where **confidentiality, forward secrecy, and post-compromise security** are requirements, not luxuries. +IRC remains an excellent choice for **public, open discussion** where encryption is not needed and simplicity is valued. quicprochat is designed for a different threat model: private communication where **confidentiality, forward secrecy, and post-compromise security** are requirements, not luxuries. --- @@ -501,10 +501,10 @@ IRC remains an excellent choice for **public, open discussion** where encryption For users and operators coming from classical chat systems, here is what changes practically: -| Concern | Classical (IRC/XMPP) | quicproquo | +| Concern | Classical (IRC/XMPP) | quicprochat | |---|---|---| -| **Server setup** | Install IRCd, configure TLS cert | `cargo build && ./qpq-server` (auto-generates TLS cert) | -| **Client setup** | Install any IRC client | `./quicproquo-client register-user` (generates Ed25519 identity) | +| **Server setup** | Install IRCd, configure TLS cert | `cargo build && ./qpc-server` (auto-generates TLS cert) | +| **Client setup** | Install any IRC client | `./quicprochat-client register-user` (generates Ed25519 identity) | | **Joining a group** | `/join #channel` | Receive MLS Welcome message from group creator | | **Sending a message** | Type and press enter | Same -- client handles MLS encryption transparently | | **Server admin sees messages** | Yes (always) | No (never -- server sees only ciphertext) | @@ -518,7 +518,7 @@ For users and operators coming from classical chat systems, here is what changes - [Why This Design, Not Signal/Matrix/...](why-not-signal.md) -- comparison with modern E2E-encrypted protocols - [Protocol Layers Overview](../protocol-layers/overview.md) -- detailed protocol stack documentation -- [Threat Model](../cryptography/threat-model.md) -- what quicproquo does and does not protect against +- [Threat Model](../cryptography/threat-model.md) -- what quicprochat does and does not protect against - [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- hybrid KEM design and rationale - [MLS (RFC 9420)](../protocol-layers/mls.md) -- deep dive into the group key agreement protocol - [Architecture Overview](../architecture/overview.md) -- system-level architecture diff --git a/docs/src/design-rationale/why-not-signal.md b/docs/src/design-rationale/why-not-signal.md index 8f1534d..89b3f7f 100644 --- a/docs/src/design-rationale/why-not-signal.md +++ b/docs/src/design-rationale/why-not-signal.md @@ -1,6 +1,6 @@ # Why This Design, Not Signal/Matrix/... -This page compares quicproquo's protocol choices against two widely deployed secure messaging systems -- the Signal Protocol and the Matrix ecosystem (Olm/Megolm) -- to explain why a different architecture was chosen. The comparison covers four dimensions: group key agreement, transport, serialisation, and overall trade-offs. +This page compares quicprochat's protocol choices against two widely deployed secure messaging systems -- the Signal Protocol and the Matrix ecosystem (Olm/Megolm) -- to explain why a different architecture was chosen. The comparison covers four dimensions: group key agreement, transport, serialisation, and overall trade-offs. --- @@ -26,11 +26,11 @@ The Signal Protocol was designed for **1:1 messaging** and later extended to gro - Group membership changes require O(n) pairwise Sender Key distributions. Adding or removing a member requires the affected member to generate a new Sender Key and distribute it to all n-1 other members. - The pairwise key exchange for initial setup is O(n^2): each of n members must establish a Double Ratchet session with each of the other n-1 members. -**Limitations for quicproquo's use case:** +**Limitations for quicprochat's use case:** - O(n^2) pairwise setup cost limits practical group size. - No post-compromise security for groups is a significant gap. -- The protocol requires a central server for X3DH prekey bundle distribution (similar to quicproquo's AS, but tightly coupled to the Signal server). +- The protocol requires a central server for X3DH prekey bundle distribution (similar to quicprochat's AS, but tightly coupled to the Signal server). ### Matrix / Olm / Megolm @@ -54,15 +54,15 @@ The Matrix ecosystem uses two distinct cryptographic protocols: - **Eventually consistent state** model means that room membership, key sharing, and message ordering can diverge between homeservers. The client must reconcile these inconsistencies, adding complexity to the state machine. - **Device verification** is a persistent UX challenge. The cross-signing mechanism is powerful but difficult for users to understand. -**Limitations for quicproquo's use case:** +**Limitations for quicprochat's use case:** - No post-compromise security for groups (same limitation as Signal's Sender Keys). -- Federation adds latency, metadata exposure, and state management complexity that quicproquo does not need. +- Federation adds latency, metadata exposure, and state management complexity that quicprochat does not need. - JSON-based wire format is inefficient (see serialisation comparison below). -### quicproquo: MLS (RFC 9420) +### quicprochat: MLS (RFC 9420) -quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as RFC 9420 by the IETF. +quicprochat uses the **Messaging Layer Security (MLS)** protocol, standardized as RFC 9420 by the IETF. **Key properties:** @@ -74,7 +74,7 @@ quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as **Cost of group operations:** -| Operation | Signal (Sender Keys) | Matrix (Megolm) | MLS (quicproquo) | +| Operation | Signal (Sender Keys) | Matrix (Megolm) | MLS (quicprochat) | |---|---|---|---| | Add member | O(n) Sender Key distributions | O(n) Megolm session shares | O(log n) tree update | | Remove member | O(n) Sender Key rotations | O(n) new Megolm session | O(log n) tree update | @@ -87,7 +87,7 @@ quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as The transport layer determines how encrypted payloads reach the server and how client-server authentication is performed. -| Property | Signal | Matrix | quicproquo | +| Property | Signal | Matrix | quicprochat | |---|---|---|---| | **Transport protocol** | TLS over TCP (HTTP/2) | HTTPS (TLS over TCP) | QUIC (UDP) + TLS 1.3 | | **Multiplexing** | HTTP/2 stream multiplexing | HTTP/1.1 or HTTP/2 | Native QUIC stream multiplexing | @@ -106,7 +106,7 @@ QUIC eliminates TCP head-of-line blocking, which is particularly important for a The serialisation format determines the overhead of encoding and decoding messages, the type safety of the wire format, and the feasibility of schema evolution. -| Property | Signal (Protobuf) | Matrix (JSON) | quicproquo (Cap'n Proto) | +| Property | Signal (Protobuf) | Matrix (JSON) | quicprochat (Cap'n Proto) | |---|---|---|---| | **Format** | Binary, schema-defined | Text, schema-optional (JSON Schema exists but is not enforced by the wire format) | Binary, schema-defined | | **Deserialization cost** | Requires a decode pass (allocates and copies) | Requires a parse pass (allocates, copies, and handles UTF-8) | **Zero-copy**: the wire bytes are the in-memory representation. Readers traverse pointers in-place. | @@ -118,7 +118,7 @@ The serialisation format determines the overhead of encoding and decoding messag **Why Cap'n Proto over Protobuf?** -While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n Proto provides two features that are particularly valuable for quicproquo: +While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n Proto provides two features that are particularly valuable for quicprochat: 1. **Zero-copy deserialization** eliminates a class of allocation and performance overhead. In a messaging system that processes many small messages, avoiding deserialization copies adds up. 2. **Built-in RPC** means that Cap'n Proto is both the serialisation format and the RPC framework. There is no need for a separate gRPC or HTTP layer. The same `.capnp` schema file defines both the data structures and the service interface. @@ -128,7 +128,7 @@ While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n P ## Summary comparison table -| Dimension | Signal | Matrix | quicproquo | +| Dimension | Signal | Matrix | quicprochat | |---|---|---|---| | **1:1 encryption** | Double Ratchet (FS + PCS) | Olm / Double Ratchet (FS + PCS) | MLS (FS + PCS) | | **Group encryption** | Sender Keys (FS only) | Megolm (FS only) | MLS (FS + PCS) | @@ -143,13 +143,13 @@ While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n P --- -## What quicproquo gives up +## What quicprochat gives up -No design is without trade-offs. Compared to Signal and Matrix, quicproquo: +No design is without trade-offs. Compared to Signal and Matrix, quicprochat: - **Has no federation.** A single server per deployment means no decentralized architecture. This is a deliberate simplification -- federation adds significant complexity and metadata exposure. -- **Is less mature.** Signal and Matrix have years of production hardening, formal security audits, and battle-tested implementations. quicproquo is in early development. -- **Has a smaller ecosystem.** Signal and Matrix have extensive client libraries, bridges, and integrations. quicproquo is a standalone Rust implementation. +- **Is less mature.** Signal and Matrix have years of production hardening, formal security audits, and battle-tested implementations. quicprochat is in early development. +- **Has a smaller ecosystem.** Signal and Matrix have extensive client libraries, bridges, and integrations. quicprochat is a standalone Rust implementation. - **Requires MLS client complexity.** MLS clients must maintain a ratchet tree, process Commits, and handle epoch transitions. This is more complex than a simple symmetric ratchet (Sender Keys / Megolm), though the complexity buys post-compromise security. --- @@ -158,6 +158,6 @@ No design is without trade-offs. Compared to Signal and Matrix, quicproquo: - [Design Decisions Overview](overview.md) -- index of all ADRs - [ADR-002: Cap'n Proto over MessagePack](adr-002-capnproto.md) -- serialisation format choice -- [Protocol Layers Overview](../protocol-layers/overview.md) -- how quicproquo's layers compose +- [Protocol Layers Overview](../protocol-layers/overview.md) -- how quicprochat's layers compose - [MLS (RFC 9420)](../protocol-layers/mls.md) -- deep dive into the MLS protocol layer - [Architecture Overview](../architecture/overview.md) -- system-level architecture diff --git a/docs/src/getting-started/building.md b/docs/src/getting-started/building.md index 5b4f186..e409195 100644 --- a/docs/src/getting-started/building.md +++ b/docs/src/getting-started/building.md @@ -22,15 +22,15 @@ This compiles all nine crates in the workspace: | Crate | Type | Purpose | |---|---|---| -| `quicproquo-core` | library | Crypto primitives, MLS `GroupMember` state machine, hybrid KEM | -| `quicproquo-proto` | library | Protobuf schemas (prost), generated types, method ID constants | -| `quicproquo-kt` | library | Key Transparency Merkle log | -| `quicproquo-plugin-api` | library | `#![no_std]` C-ABI plugin interface (`HookVTable`) | -| `quicproquo-rpc` | library | QUIC RPC framing, server dispatcher, client, Tower middleware | -| `quicproquo-sdk` | library | `QpqClient`, event broadcast, `ConversationStore` | -| `quicproquo-server` | binary | Unified Authentication + Delivery Service (`qpq-server`) | -| `quicproquo-client` | binary | CLI client (`qpq`) with REPL and subcommands | -| `quicproquo-p2p` | library | iroh P2P layer (compiled when the `mesh` feature is enabled) | +| `quicprochat-core` | library | Crypto primitives, MLS `GroupMember` state machine, hybrid KEM | +| `quicprochat-proto` | library | Protobuf schemas (prost), generated types, method ID constants | +| `quicprochat-kt` | library | Key Transparency Merkle log | +| `quicprochat-plugin-api` | library | `#![no_std]` C-ABI plugin interface (`HookVTable`) | +| `quicprochat-rpc` | library | QUIC RPC framing, server dispatcher, client, Tower middleware | +| `quicprochat-sdk` | library | `QpqClient`, event broadcast, `ConversationStore` | +| `quicprochat-server` | binary | Unified Authentication + Delivery Service (`qpc-server`) | +| `quicprochat-client` | binary | CLI client (`qpc`) with REPL and subcommands | +| `quicprochat-p2p` | library | iroh P2P layer (compiled when the `mesh` feature is enabled) | For a release build with LTO, symbol stripping, and single codegen unit: @@ -61,11 +61,11 @@ A `justfile` at the repository root provides shortcuts for common tasks: | `just lint` | `cargo clippy --workspace -- -D warnings` | Check for warnings (CI-strict) | | `just fmt` | `cargo fmt --all -- --check` | Check formatting | | `just fmt-fix` | `cargo fmt --all` | Auto-format | -| `just proto` | `cargo build -p quicproquo-proto` | Trigger Protobuf codegen | -| `just rpc` | `cargo build -p quicproquo-rpc` | Build RPC framework only | -| `just sdk` | `cargo build -p quicproquo-sdk` | Build client SDK only | -| `just server` | `cargo build -p quicproquo-server` | Build server only | -| `just client` | `cargo build -p quicproquo-client` | Build CLI client only | +| `just proto` | `cargo build -p quicprochat-proto` | Trigger Protobuf codegen | +| `just rpc` | `cargo build -p quicprochat-rpc` | Build RPC framework only | +| `just sdk` | `cargo build -p quicprochat-sdk` | Build client SDK only | +| `just server` | `cargo build -p quicprochat-server` | Build server only | +| `just client` | `cargo build -p quicprochat-client` | Build CLI client only | | `just clean` | `cargo clean` | Remove build artifacts | --- @@ -88,16 +88,16 @@ cargo test --workspace -- --test-threads 1 To run tests for a single crate: ```bash -cargo test -p quicproquo-core -cargo test -p quicproquo-server -cargo test -p quicproquo-rpc +cargo test -p quicprochat-core +cargo test -p quicprochat-server +cargo test -p quicprochat-rpc ``` --- ## Protobuf code generation -The `quicproquo-proto` crate does not contain hand-written Rust types for wire messages. Instead, its `build.rs` script uses `prost-build` to generate Rust source from the `.proto` schema files in `proto/qpq/v1/`. +The `quicprochat-proto` crate does not contain hand-written Rust types for wire messages. Instead, its `build.rs` script uses `prost-build` to generate Rust source from the `.proto` schema files in `proto/qpc/v1/`. ### How it works @@ -110,7 +110,7 @@ The `quicproquo-proto` crate does not contain hand-written Rust types for wire m The `build.rs` script emits `cargo:rerun-if-changed` directives for each `.proto` file. Modifying a schema triggers automatic re-generation on the next `cargo build`. -### Design constraints of `quicproquo-proto` +### Design constraints of `quicprochat-proto` The proto crate is intentionally restricted: @@ -141,7 +141,7 @@ xcode-select --install Run E2E tests with `--test-threads 1` to serialise the tests and avoid bind conflicts on the shared test port: ```bash -cargo test -p quicproquo-client --test e2e -- --test-threads 1 +cargo test -p quicprochat-client --test e2e -- --test-threads 1 ``` --- diff --git a/docs/src/getting-started/certificate-lifecycle.md b/docs/src/getting-started/certificate-lifecycle.md index 8e56f66..230d11c 100644 --- a/docs/src/getting-started/certificate-lifecycle.md +++ b/docs/src/getting-started/certificate-lifecycle.md @@ -1,6 +1,6 @@ # Certificate lifecycle and CA-signed TLS -This page describes how to use CA-issued certificates with quicproquo and how to think about certificate pinning, rotation, and lifecycle. +This page describes how to use CA-issued certificates with quicprochat and how to think about certificate pinning, rotation, and lifecycle. For basic server TLS setup (self-signed certs, generation), see [Running the Server](running-the-server.md#tls-certificate-handling). @@ -8,8 +8,8 @@ For basic server TLS setup (self-signed certs, generation), see [Running the Ser ## Current behaviour -- **Server:** Uses a single TLS certificate and private key (DER format). If the files are missing and the server is not in production mode, it generates a self-signed certificate. Production mode (`QPQ_PRODUCTION=1`) requires existing cert and key files. -- **Client:** Trusts exactly the roots in the file given by `--ca-cert` (or `QPQ_CA_CERT`). Typically this is the server's own certificate (pinning) or a CA that signed the server cert. +- **Server:** Uses a single TLS certificate and private key (DER format). If the files are missing and the server is not in production mode, it generates a self-signed certificate. Production mode (`QPC_PRODUCTION=1`) requires existing cert and key files. +- **Client:** Trusts exactly the roots in the file given by `--ca-cert` (or `QPC_CA_CERT`). Typically this is the server's own certificate (pinning) or a CA that signed the server cert. --- @@ -20,7 +20,7 @@ To pin the server so the client only connects to that server: 1. Copy the server's certificate file (e.g. `data/server-cert.der`) from the server (or your deployment). 2. Use that file as the client's CA cert: ```bash - qpq --ca-cert /path/to/server-cert.der ... + qpc --ca-cert /path/to/server-cert.der ... ``` 3. The client will only accept a connection if the server presents that exact certificate (or a chain ending in it). No separate CA bundle is required. @@ -43,12 +43,12 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt): ``` 2. **Configure the server** to use those paths: ```bash - export QPQ_TLS_CERT=/etc/quicproquo/server-cert.der - export QPQ_TLS_KEY=/etc/quicproquo/server-key.der + export QPC_TLS_CERT=/etc/quicprochat/server-cert.der + export QPC_TLS_KEY=/etc/quicprochat/server-key.der ``` 3. **Configure the client** to trust the CA that signed the server cert. Use the CA’s certificate (or the CA bundle) as `--ca-cert`: ```bash - qpq --ca-cert /etc/ssl/certs/your-ca.der --server-name your.server.example ... + qpc --ca-cert /etc/ssl/certs/your-ca.der --server-name your.server.example ... ``` The `--server-name` must match the certificate’s SAN (e.g. DNS name). @@ -60,7 +60,7 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt): - **Manual rotation:** Replace `server-cert.der` and `server-key.der` on disk, then restart the server. Clients that pin the new cert must be updated with the new cert file. - **Let’s Encrypt renewal:** After renewing (e.g. via certbot), convert the new cert and key to DER, replace the files, and restart the server. If clients use the CA cert (e.g. ISRG Root X1) as `--ca-cert`, they do not need updates when the server cert is renewed. -- **OCSP / CRL:** The quicproquo server does not currently perform OCSP stapling or CRL checks. Revocation is handled by the client or by operational procedures (e.g. short-lived certs, rotation on compromise). +- **OCSP / CRL:** The quicprochat server does not currently perform OCSP stapling or CRL checks. Revocation is handled by the client or by operational procedures (e.g. short-lived certs, rotation on compromise). --- @@ -70,6 +70,6 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt): |------------------|-------------|--------------------| | Pinned (single server) | Self-signed or any | Server’s cert file | | CA-issued | Let’s Encrypt (or other CA) | CA cert (or bundle) | -| Production | Always use existing cert/key; set `QPQ_PRODUCTION=1` | CA or pinned server cert | +| Production | Always use existing cert/key; set `QPC_PRODUCTION=1` | CA or pinned server cert | For production, prefer either (a) certificate pinning with the server’s cert or (b) a CA-issued server cert with clients trusting the CA, and plan for rotation and restart (or future reload support). diff --git a/docs/src/getting-started/demo-walkthrough.md b/docs/src/getting-started/demo-walkthrough.md index 75444e1..0890709 100644 --- a/docs/src/getting-started/demo-walkthrough.md +++ b/docs/src/getting-started/demo-walkthrough.md @@ -75,13 +75,13 @@ You will need **three terminal windows**: one for the server, one for Alice, and In **Terminal 1** (Server): ```bash -cargo run -p quicproquo-server +cargo run -p quicprochat-server ``` Wait for the log line confirming it is accepting connections: ``` -INFO quicproquo_server: accepting QUIC connections addr="0.0.0.0:7000" +INFO quicprochat_server: accepting QUIC connections addr="0.0.0.0:7000" ``` If this is the first run, you will also see a log line about generating the self-signed TLS certificate. The certificate is written to `data/server-cert.der`, which the client will use for TLS verification. @@ -91,7 +91,7 @@ If this is the first run, you will also see a log line about generating the self In **Terminal 2** (Alice): ```bash -cargo run -p quicproquo-client -- register-state \ +cargo run -p quicprochat-client -- register-state \ --state alice.bin \ --server 127.0.0.1:7000 ``` @@ -116,7 +116,7 @@ KeyPackage uploaded successfully. In **Terminal 3** (Bob): ```bash -cargo run -p quicproquo-client -- register-state \ +cargo run -p quicprochat-client -- register-state \ --state bob.bin \ --server 127.0.0.1:7000 ``` @@ -137,7 +137,7 @@ In **Terminal 2** (Alice): First, create the group: ```bash -cargo run -p quicproquo-client -- create-group \ +cargo run -p quicprochat-client -- create-group \ --state alice.bin \ --group-id "demo-chat" ``` @@ -151,7 +151,7 @@ Alice is now the sole member of the group at epoch 0. Next, invite Bob using his identity key from Step 3: ```bash -cargo run -p quicproquo-client -- invite \ +cargo run -p quicprochat-client -- invite \ --state alice.bin \ --peer-key \ --server 127.0.0.1:7000 @@ -173,7 +173,7 @@ Alice's group state has now advanced to epoch 1. In **Terminal 3** (Bob): ```bash -cargo run -p quicproquo-client -- join \ +cargo run -p quicprochat-client -- join \ --state bob.bin \ --server 127.0.0.1:7000 ``` @@ -195,7 +195,7 @@ Bob is now a member of the group at epoch 1, sharing the same group secret as Al In **Terminal 2** (Alice): ```bash -cargo run -p quicproquo-client -- send \ +cargo run -p quicprochat-client -- send \ --state alice.bin \ --peer-key \ --msg "Hello Bob, this is encrypted with MLS!" \ @@ -215,7 +215,7 @@ message sent In **Terminal 3** (Bob): ```bash -cargo run -p quicproquo-client -- recv \ +cargo run -p quicprochat-client -- recv \ --state bob.bin \ --server 127.0.0.1:7000 ``` @@ -233,7 +233,7 @@ This command: In **Terminal 3** (Bob): ```bash -cargo run -p quicproquo-client -- send \ +cargo run -p quicprochat-client -- send \ --state bob.bin \ --peer-key \ --msg "Hi Alice, received loud and clear!" \ @@ -249,7 +249,7 @@ message sent In **Terminal 2** (Alice): ```bash -cargo run -p quicproquo-client -- recv \ +cargo run -p quicprochat-client -- recv \ --state alice.bin \ --server 127.0.0.1:7000 ``` @@ -266,7 +266,7 @@ If you want to see the entire flow in a single command without managing three te ```bash # Ensure the server is running, then: -cargo run -p quicproquo-client -- demo-group --server 127.0.0.1:7000 +cargo run -p quicprochat-client -- demo-group --server 127.0.0.1:7000 ``` ``` @@ -327,7 +327,7 @@ Ensure the client has access to the server's TLS certificate. By default, both s - [REPL Command Reference](repl-reference.md) -- complete list of 40+ slash commands - [Rich Messaging](rich-messaging.md) -- reactions, typing indicators, edit/delete - [File Transfer](file-transfer.md) -- chunked upload/download with SHA-256 verification -- [Go SDK](go-sdk.md) -- build Go applications against the qpq server +- [Go SDK](go-sdk.md) -- build Go applications against the qpc server - [TypeScript SDK & Browser Demo](typescript-sdk.md) -- WASM crypto in the browser - [Mesh Networking](mesh-networking.md) -- P2P, broadcast channels, store-and-forward - [MLS (RFC 9420)](../protocol-layers/mls.md) -- how the MLS group operations work diff --git a/docs/src/getting-started/docker.md b/docs/src/getting-started/docker.md index ec92e9c..b9f5578 100644 --- a/docs/src/getting-started/docker.md +++ b/docs/src/getting-started/docker.md @@ -1,6 +1,6 @@ # Docker Deployment -quicproquo includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers. +quicprochat includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers. --- @@ -40,11 +40,11 @@ services: - "7000:7000/udp" environment: RUST_LOG: "info" - QPQ_LISTEN: "0.0.0.0:7000" - QPQ_DATA_DIR: "/var/lib/quicproquo" - QPQ_PRODUCTION: "true" + QPC_LISTEN: "0.0.0.0:7000" + QPC_DATA_DIR: "/var/lib/quicprochat" + QPC_PRODUCTION: "true" volumes: - - server-data:/var/lib/quicproquo + - server-data:/var/lib/quicprochat restart: unless-stopped volumes: @@ -74,7 +74,7 @@ WORKDIR /build # Copy manifests first so dependency layers are cached independently of source. COPY Cargo.toml Cargo.lock ./ -COPY crates/quicproquo-core/Cargo.toml crates/quicproquo-core/Cargo.toml +COPY crates/quicprochat-core/Cargo.toml crates/quicprochat-core/Cargo.toml # ... (all 9 crate manifests) # Create dummy source files for dependency caching. @@ -84,11 +84,11 @@ RUN mkdir -p ... && echo 'fn main() {}' > ... COPY schemas/ schemas/ # Build dependencies only (cache layer). -RUN cargo build --release --bin qpq-server 2>/dev/null || true +RUN cargo build --release --bin qpc-server 2>/dev/null || true # Copy real source and build for real. COPY crates/ crates/ -RUN cargo build --release --bin qpq-server +RUN cargo build --release --bin qpc-server ``` Key steps: @@ -96,7 +96,7 @@ Key steps: 1. **Base image**: `rust:bookworm` (Debian Bookworm with the Rust toolchain pre-installed). 2. **No system compiler required**: Unlike v1, the builder stage does not install `capnproto`. The v2 Protobuf compiler is vendored by `protobuf-src` and compiled automatically as part of `cargo build`. 3. **Copy manifests first**: `Cargo.toml` and `Cargo.lock` are copied before source code with dummy stubs so that dependency compilation is cached in a separate Docker layer. -4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicproquo-proto/build.rs` references it. +4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicprochat-proto/build.rs` references it. 5. **Copy real source and build**: After the dependency cache layer, real source files are copied in and `cargo build --release` produces the final binary. ### Stage 2: Runtime (`debian:bookworm-slim`) @@ -108,39 +108,39 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates \ && rm -rf /var/lib/apt/lists/* -COPY --from=builder /build/target/release/qpq-server /usr/local/bin/qpq-server +COPY --from=builder /build/target/release/qpc-server /usr/local/bin/qpc-server -RUN groupadd --system qpq \ - && useradd --system --gid qpq --no-create-home --shell /usr/sbin/nologin qpq \ - && mkdir -p /var/lib/quicproquo \ - && chown qpq:qpq /var/lib/quicproquo +RUN groupadd --system qpc \ + && useradd --system --gid qpc --no-create-home --shell /usr/sbin/nologin qpc \ + && mkdir -p /var/lib/quicprochat \ + && chown qpc:qpc /var/lib/quicprochat EXPOSE 7000 -VOLUME ["/var/lib/quicproquo"] +VOLUME ["/var/lib/quicprochat"] ENV RUST_LOG=info \ - QPQ_LISTEN=0.0.0.0:7000 \ - QPQ_DATA_DIR=/var/lib/quicproquo \ - QPQ_TLS_CERT=/var/lib/quicproquo/server-cert.der \ - QPQ_TLS_KEY=/var/lib/quicproquo/server-key.der \ - QPQ_PRODUCTION=true + QPC_LISTEN=0.0.0.0:7000 \ + QPC_DATA_DIR=/var/lib/quicprochat \ + QPC_TLS_CERT=/var/lib/quicprochat/server-cert.der \ + QPC_TLS_KEY=/var/lib/quicprochat/server-key.der \ + QPC_PRODUCTION=true HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ - CMD test -f /var/lib/quicproquo/server-cert.der || exit 1 + CMD test -f /var/lib/quicprochat/server-cert.der || exit 1 -USER qpq +USER qpc -CMD ["qpq-server"] +CMD ["qpc-server"] ``` Key characteristics: - **Minimal image**: No Rust toolchain, no build tools, no `protoc` binary. - **`ca-certificates`**: Included for future HTTPS calls (e.g., ACME certificate provisioning). -- **Dedicated user**: The container runs as the `qpq` system user (not `root`) for defense in depth. -- **Named volume**: `/var/lib/quicproquo` is declared as a `VOLUME` for data persistence. -- **`QPQ_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token. +- **Dedicated user**: The container runs as the `qpc` system user (not `root`) for defense in depth. +- **Named volume**: `/var/lib/quicprochat` is declared as a `VOLUME` for data persistence. +- **`QPC_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token. --- @@ -153,7 +153,7 @@ services: server: # ... existing config ... volumes: - - server-data:/var/lib/quicproquo + - server-data:/var/lib/quicprochat volumes: server-data: @@ -165,13 +165,13 @@ Or use a bind mount for easier inspection: mkdir -p ./server-data docker run -d \ - --name quicproquo \ + --name quicprochat \ -p 7000:7000/udp \ - -v "$(pwd)/server-data:/var/lib/quicproquo" \ - -e QPQ_ALLOW_INSECURE_AUTH=true \ - -e QPQ_PRODUCTION=false \ + -v "$(pwd)/server-data:/var/lib/quicprochat" \ + -e QPC_ALLOW_INSECURE_AUTH=true \ + -e QPC_PRODUCTION=false \ -e RUST_LOG=info \ - qpq-server + qpc-server ``` Without a volume, all server state (including TLS certificates and message queues) is lost when the container is removed. The server will generate a new self-signed certificate on each fresh start, which means clients will need the new certificate to connect. @@ -183,19 +183,19 @@ Without a volume, all server state (including TLS certificates and message queue To build the Docker image without starting a container: ```bash -docker build -t qpq-server -f docker/Dockerfile . +docker build -t qpc-server -f docker/Dockerfile . ``` To run it in development mode (without production validation): ```bash docker run -d \ - --name quicproquo \ + --name quicprochat \ -p 7000:7000/udp \ - -e QPQ_ALLOW_INSECURE_AUTH=true \ - -e QPQ_PRODUCTION=false \ + -e QPC_ALLOW_INSECURE_AUTH=true \ + -e QPC_PRODUCTION=false \ -e RUST_LOG=info \ - qpq-server + qpc-server ``` --- @@ -206,15 +206,15 @@ When the server runs in Docker with `docker compose up`, the client can connect ```bash # Extract the server's TLS cert from the container volume -docker compose cp server:/var/lib/quicproquo/server-cert.der ./data/server-cert.der +docker compose cp server:/var/lib/quicprochat/server-cert.der ./data/server-cert.der # Connect -cargo run -p quicproquo-client -- ping \ +cargo run -p quicprochat-client -- ping \ --ca-cert ./data/server-cert.der \ --server-name localhost ``` -If you mounted a bind volume (e.g., `./server-data:/var/lib/quicproquo`), the certificate is directly accessible at `./server-data/server-cert.der`. +If you mounted a bind volume (e.g., `./server-data:/var/lib/quicprochat`), the certificate is directly accessible at `./server-data/server-cert.der`. --- diff --git a/docs/src/getting-started/ffi.md b/docs/src/getting-started/ffi.md index 4246784..d17adea 100644 --- a/docs/src/getting-started/ffi.md +++ b/docs/src/getting-started/ffi.md @@ -1,7 +1,7 @@ # C FFI Bindings -The `quicproquo-ffi` crate provides a synchronous C API for the quicproquo -messaging client. It wraps the async `quicproquo-client` library behind an +The `quicprochat-ffi` crate provides a synchronous C API for the quicprochat +messaging client. It wraps the async `quicprochat-client` library behind an opaque handle, so C, Python, Swift, or any language with C FFI support can connect, authenticate, send messages, and receive messages. @@ -13,26 +13,26 @@ internals. ```bash # Shared library (.so / .dylib / .dll) + static archive (.a) -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi ``` Output: | Platform | Shared library | Static library | |----------|---------------------------------------------|-----------------------------------------| -| Linux | `target/release/libquicproquo_ffi.so` | `target/release/libquicproquo_ffi.a` | -| macOS | `target/release/libquicproquo_ffi.dylib` | `target/release/libquicproquo_ffi.a` | -| Windows | `target/release/quicproquo_ffi.dll` | `target/release/quicproquo_ffi.lib` | +| Linux | `target/release/libquicprochat_ffi.so` | `target/release/libquicprochat_ffi.a` | +| macOS | `target/release/libquicprochat_ffi.dylib` | `target/release/libquicprochat_ffi.a` | +| Windows | `target/release/quicprochat_ffi.dll` | `target/release/quicprochat_ffi.lib` | ## Status Codes | Code | Constant | Meaning | |------|--------------------|------------------------------------------| -| 0 | `QPQ_OK` | Success | -| 1 | `QPQ_ERROR` | Generic error (check `qpq_last_error`) | -| 2 | `QPQ_AUTH_FAILED` | OPAQUE authentication failed | -| 3 | `QPQ_TIMEOUT` | Receive timed out with no messages | -| 4 | `QPQ_NOT_CONNECTED`| Handle is null or not logged in | +| 0 | `QPC_OK` | Success | +| 1 | `QPC_ERROR` | Generic error (check `qpc_last_error`) | +| 2 | `QPC_AUTH_FAILED` | OPAQUE authentication failed | +| 3 | `QPC_TIMEOUT` | Receive timed out with no messages | +| 4 | `QPC_NOT_CONNECTED`| Handle is null or not logged in | ## C API Reference @@ -40,10 +40,10 @@ All functions use the `extern "C"` calling convention. All string parameters must be valid, non-null, null-terminated UTF-8. The opaque handle type is `QpqHandle *`. -### `qpq_connect` +### `qpc_connect` ```c -QpqHandle *qpq_connect( +QpqHandle *qpc_connect( const char *server, /* "host:port", e.g. "127.0.0.1:7000" */ const char *ca_cert, /* path to CA certificate file (DER) */ const char *server_name /* TLS server name, e.g. "localhost" */ @@ -54,11 +54,11 @@ Creates a Tokio runtime, performs a health check against the server, and returns a heap-allocated opaque handle. Returns `NULL` on failure (invalid arguments, server unreachable, or runtime creation failed). -### `qpq_login` +### `qpc_login` ```c -int32_t qpq_login( - QpqHandle *handle, /* handle from qpq_connect */ +int32_t qpc_login( + QpqHandle *handle, /* handle from qpc_connect */ const char *username, /* OPAQUE username */ const char *password /* OPAQUE password */ ); @@ -66,16 +66,16 @@ int32_t qpq_login( Authenticates with the server using OPAQUE (password-authenticated key exchange). On success the handle is marked as logged-in and subsequent -`qpq_send`/`qpq_receive` calls use the authenticated session. +`qpc_send`/`qpc_receive` calls use the authenticated session. -**Returns:** `QPQ_OK` on success, `QPQ_AUTH_FAILED` on bad credentials, -`QPQ_NOT_CONNECTED` if the handle is null, or `QPQ_ERROR` on other failures. +**Returns:** `QPC_OK` on success, `QPC_AUTH_FAILED` on bad credentials, +`QPC_NOT_CONNECTED` if the handle is null, or `QPC_ERROR` on other failures. -### `qpq_send` +### `qpc_send` ```c -int32_t qpq_send( - QpqHandle *handle, /* handle from qpq_connect */ +int32_t qpc_send( + QpqHandle *handle, /* handle from qpc_connect */ const char *recipient, /* recipient username (null-terminated) */ const uint8_t *message, /* message bytes (UTF-8, not null-terminated) */ size_t message_len /* length of message in bytes */ @@ -86,14 +86,14 @@ Resolves the recipient by username, then sends an MLS-encrypted message through the server. The `message` buffer must contain valid UTF-8 of at least `message_len` bytes. The handle must be logged in. -**Returns:** `QPQ_OK` on success, `QPQ_NOT_CONNECTED` if not logged in, or -`QPQ_ERROR` on failure (recipient not found, network error, etc.). +**Returns:** `QPC_OK` on success, `QPC_NOT_CONNECTED` if not logged in, or +`QPC_ERROR` on failure (recipient not found, network error, etc.). -### `qpq_receive` +### `qpc_receive` ```c -int32_t qpq_receive( - QpqHandle *handle, /* handle from qpq_connect */ +int32_t qpc_receive( + QpqHandle *handle, /* handle from qpc_connect */ uint32_t timeout_ms, /* maximum wait time in milliseconds */ char **out_json /* output: heap-allocated JSON string */ ); @@ -102,48 +102,48 @@ int32_t qpq_receive( Blocks up to `timeout_ms` milliseconds waiting for pending messages. On success, `*out_json` points to a null-terminated JSON string containing an array of decrypted message strings (e.g., `["hello","world"]`). The caller -**must** free this string with `qpq_free_string`. +**must** free this string with `qpc_free_string`. -**Returns:** `QPQ_OK` on success (even if the array is empty), -`QPQ_TIMEOUT` if the wait expires with no messages, `QPQ_NOT_CONNECTED` if -not logged in, or `QPQ_ERROR` on failure. +**Returns:** `QPC_OK` on success (even if the array is empty), +`QPC_TIMEOUT` if the wait expires with no messages, `QPC_NOT_CONNECTED` if +not logged in, or `QPC_ERROR` on failure. -### `qpq_disconnect` +### `qpc_disconnect` ```c -void qpq_disconnect(QpqHandle *handle); +void qpc_disconnect(QpqHandle *handle); ``` Shuts down the Tokio runtime and frees the handle. After this call, the handle must not be used again. Passing `NULL` is a safe no-op. -### `qpq_last_error` +### `qpc_last_error` ```c -const char *qpq_last_error(const QpqHandle *handle); +const char *qpc_last_error(const QpqHandle *handle); ``` Returns the last error message recorded on the handle, or `NULL` if no error has occurred. The returned pointer is valid **only** until the next FFI call on the same handle. Do **not** free this pointer -- it is owned by the handle. -### `qpq_free_string` +### `qpc_free_string` ```c -void qpq_free_string(char *ptr); +void qpc_free_string(char *ptr); ``` -Frees a string previously returned by `qpq_receive` via the `out_json` +Frees a string previously returned by `qpc_receive` via the `out_json` output parameter. Passing `NULL` is a safe no-op. Do **not** use this to -free strings from `qpq_last_error`. +free strings from `qpc_last_error`. ## Memory Management Rules -1. **`QpqHandle`** is heap-allocated by `qpq_connect` and freed by - `qpq_disconnect`. Do not use the handle after disconnecting. -2. **`out_json` from `qpq_receive`** is heap-allocated. Free it with - `qpq_free_string`. -3. **`qpq_last_error`** returns a pointer owned by the handle. Do not free +1. **`QpqHandle`** is heap-allocated by `qpc_connect` and freed by + `qpc_disconnect`. Do not use the handle after disconnecting. +2. **`out_json` from `qpc_receive`** is heap-allocated. Free it with + `qpc_free_string`. +3. **`qpc_last_error`** returns a pointer owned by the handle. Do not free it; it is valid until the next FFI call on the same handle. 4. All `const char *` input parameters are borrowed for the duration of the call and not stored beyond it. @@ -154,11 +154,11 @@ Every function that returns `int32_t` uses the status codes above. The recommended pattern is: ```c -int rc = qpq_login(handle, "alice", "password123"); -if (rc != QPQ_OK) { - const char *err = qpq_last_error(handle); +int rc = qpc_login(handle, "alice", "password123"); +if (rc != QPC_OK) { + const char *err = qpc_last_error(handle); fprintf(stderr, "login failed (code %d): %s\n", rc, err ? err : "unknown"); - qpq_disconnect(handle); + qpc_disconnect(handle); return 1; } ``` @@ -169,48 +169,48 @@ if (rc != QPQ_OK) { #include #include -/* Link with: -lquicproquo_ffi -lpthread -ldl -lm */ +/* Link with: -lquicprochat_ffi -lpthread -ldl -lm */ typedef struct QpqHandle QpqHandle; -extern QpqHandle *qpq_connect(const char *, const char *, const char *); -extern int qpq_login(QpqHandle *, const char *, const char *); -extern int qpq_send(QpqHandle *, const char *, const unsigned char *, unsigned long); -extern int qpq_receive(QpqHandle *, unsigned int, char **); -extern void qpq_disconnect(QpqHandle *); -extern const char *qpq_last_error(const QpqHandle *); -extern void qpq_free_string(char *); +extern QpqHandle *qpc_connect(const char *, const char *, const char *); +extern int qpc_login(QpqHandle *, const char *, const char *); +extern int qpc_send(QpqHandle *, const char *, const unsigned char *, unsigned long); +extern int qpc_receive(QpqHandle *, unsigned int, char **); +extern void qpc_disconnect(QpqHandle *); +extern const char *qpc_last_error(const QpqHandle *); +extern void qpc_free_string(char *); -#define QPQ_OK 0 +#define QPC_OK 0 int main(void) { - QpqHandle *h = qpq_connect("127.0.0.1:7000", "server-cert.der", "localhost"); + QpqHandle *h = qpc_connect("127.0.0.1:7000", "server-cert.der", "localhost"); if (!h) { fprintf(stderr, "connection failed\n"); return 1; } - if (qpq_login(h, "alice", "secret") != QPQ_OK) { - fprintf(stderr, "login failed: %s\n", qpq_last_error(h)); - qpq_disconnect(h); + if (qpc_login(h, "alice", "secret") != QPC_OK) { + fprintf(stderr, "login failed: %s\n", qpc_last_error(h)); + qpc_disconnect(h); return 1; } /* Send a message */ const char *msg = "hello from C"; - if (qpq_send(h, "bob", (const unsigned char *)msg, strlen(msg)) != QPQ_OK) { - fprintf(stderr, "send failed: %s\n", qpq_last_error(h)); + if (qpc_send(h, "bob", (const unsigned char *)msg, strlen(msg)) != QPC_OK) { + fprintf(stderr, "send failed: %s\n", qpc_last_error(h)); } /* Receive messages (5 second timeout) */ char *json = NULL; - int rc = qpq_receive(h, 5000, &json); - if (rc == QPQ_OK && json) { + int rc = qpc_receive(h, 5000, &json); + if (rc == QPC_OK && json) { printf("received: %s\n", json); - qpq_free_string(json); + qpc_free_string(json); } - qpq_disconnect(h); + qpc_disconnect(h); return 0; } ``` @@ -218,26 +218,26 @@ int main(void) { Compile and link: ```bash -gcc -o qpq_demo qpq_demo.c -L target/release -lquicproquo_ffi -lpthread -ldl -lm -LD_LIBRARY_PATH=target/release ./qpq_demo +gcc -o qpc_demo qpc_demo.c -L target/release -lquicprochat_ffi -lpthread -ldl -lm +LD_LIBRARY_PATH=target/release ./qpc_demo ``` ## Python Bindings A ready-made Python `ctypes` wrapper is provided in -[`examples/python/qpq_client.py`](https://github.com/nickvidal/quicproquo/tree/main/examples/python). +[`examples/python/qpc_client.py`](https://github.com/nickvidal/quicprochat/tree/main/examples/python). ```bash # Build the FFI library first -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi # Run the Python client -python examples/python/qpq_client.py \ +python examples/python/qpc_client.py \ --server 127.0.0.1:7000 \ --ca-cert server-cert.der \ --username alice --password secret \ --receive --timeout 5000 ``` -Set `QPQ_FFI_LIB=/path/to/libquicproquo_ffi.so` to override automatic +Set `QPC_FFI_LIB=/path/to/libquicprochat_ffi.so` to override automatic library discovery. diff --git a/docs/src/getting-started/file-transfer.md b/docs/src/getting-started/file-transfer.md index 92b645c..35f32ed 100644 --- a/docs/src/getting-started/file-transfer.md +++ b/docs/src/getting-started/file-transfer.md @@ -1,6 +1,6 @@ # File Transfer -quicproquo supports encrypted file transfer with chunked upload/download, +quicprochat supports encrypted file transfer with chunked upload/download, SHA-256 content addressing, and automatic MIME type detection. Files up to 50 MB are supported. @@ -109,6 +109,6 @@ file extension. For example: ## Implementation -- **Server:** `crates/quicproquo-server/src/node_service/blob_ops.rs` -- **Client REPL:** `/send-file` and `/download` in `crates/quicproquo-client/src/client/repl.rs` -- **Message type:** `FileRef` variant in `crates/quicproquo-core/src/app_message.rs` +- **Server:** `crates/quicprochat-server/src/node_service/blob_ops.rs` +- **Client REPL:** `/send-file` and `/download` in `crates/quicprochat-client/src/client/repl.rs` +- **Message type:** `FileRef` variant in `crates/quicprochat-core/src/app_message.rs` diff --git a/docs/src/getting-started/go-sdk.md b/docs/src/getting-started/go-sdk.md index 6e9191b..5eb2635 100644 --- a/docs/src/getting-started/go-sdk.md +++ b/docs/src/getting-started/go-sdk.md @@ -1,18 +1,18 @@ # Go SDK The Go SDK (`sdks/go/`) provides a native QUIC + Cap'n Proto client for -quicproquo, giving Go applications full access to the messaging API without +quicprochat, giving Go applications full access to the messaging API without any HTTP translation layer. ## Prerequisites - Go 1.21+ -- A running qpq server +- A running qpc server ## Installation ```go -import "quicproquo.dev/sdk/go/qpq" +import "quicprochat.dev/sdk/go/qpc" ``` ## Quick start @@ -25,14 +25,14 @@ import ( "fmt" "log" - "quicproquo.dev/sdk/go/qpq" + "quicprochat.dev/sdk/go/qpc" ) func main() { ctx := context.Background() // Connect to the server - client, err := qpq.Connect(ctx, qpq.Options{ + client, err := qpc.Connect(ctx, qpc.Options{ Addr: "127.0.0.1:7000", InsecureSkipVerify: true, // development only }) @@ -130,7 +130,7 @@ type Options struct { sdks/go/ ├── proto/ # Generated Cap'n Proto types from node.capnp ├── transport/ # QUIC transport layer (quic-go + TLS 1.3) -├── qpq/ # High-level client API (QpqClient) +├── qpc/ # High-level client API (QpqClient) ├── cmd/example/ # Example CLI program ├── go.mod └── README.md diff --git a/docs/src/getting-started/mesh-networking.md b/docs/src/getting-started/mesh-networking.md index 35fd98f..46a9549 100644 --- a/docs/src/getting-started/mesh-networking.md +++ b/docs/src/getting-started/mesh-networking.md @@ -1,6 +1,6 @@ # Mesh Networking -quicproquo includes a mesh networking layer for decentralised, peer-to-peer +quicprochat includes a mesh networking layer for decentralised, peer-to-peer messaging without central infrastructure. It is designed for community networks (Freifunk, BATMAN-adv, Babel routing) and offline-capable environments. @@ -8,17 +8,17 @@ environments. Mesh features are **feature-gated** — build the client with: ```bash -cargo build -p quicproquo-client --features mesh +cargo build -p quicprochat-client --features mesh ``` ## Architecture ``` -Client A ── mDNS discovery ──► nearby qpq node (LAN / mesh) +Client A ── mDNS discovery ──► nearby qpc node (LAN / mesh) │ Cap'n Proto federation │ - remote qpq node (across mesh) + remote qpc node (across mesh) Client B ── iroh P2P ──────► Client C (direct, NAT-traversed) ``` @@ -44,7 +44,7 @@ persisted in a local JSON file. ## mDNS discovery -Servers announce `_quicproquo._udp.local.` via mDNS on startup with TXT +Servers announce `_quicprochat._udp.local.` via mDNS on startup with TXT records: ``` @@ -126,14 +126,14 @@ Servers relay messages for recipients on remote nodes: ```bash # Environment variables -QPQ_FEDERATION_LISTEN=0.0.0.0:7001 -QPQ_LOCAL_DOMAIN=node1.mesh.local -QPQ_FEDERATION_CERT=/path/to/cert.der -QPQ_FEDERATION_KEY=/path/to/key.der -QPQ_FEDERATION_CA=/path/to/ca.der +QPC_FEDERATION_LISTEN=0.0.0.0:7001 +QPC_LOCAL_DOMAIN=node1.mesh.local +QPC_FEDERATION_CERT=/path/to/cert.der +QPC_FEDERATION_KEY=/path/to/key.der +QPC_FEDERATION_CA=/path/to/ca.der ``` -Or in `qpq-server.toml`: +Or in `qpc-server.toml`: ```toml federation_enabled = true @@ -146,8 +146,8 @@ federation_listen = "0.0.0.0:7001" | Protocol | ALPN | |---|---| | Client ↔ Server | `b"capnp"` | -| P2P transport | `b"quicproquo/p2p/1"` | -| Federation | `b"quicproquo/federation/1"` | +| P2P transport | `b"quicprochat/p2p/1"` | +| Federation | `b"quicprochat/federation/1"` | ## REPL command summary @@ -164,12 +164,12 @@ federation_listen = "0.0.0.0:7001" ## Implementation -- **P2P node:** `crates/quicproquo-p2p/src/lib.rs` — `P2pNode` with iroh +- **P2P node:** `crates/quicprochat-p2p/src/lib.rs` — `P2pNode` with iroh transport -- **Mesh identity:** `crates/quicproquo-p2p/src/identity.rs` -- **Store-and-forward:** `crates/quicproquo-p2p/src/store.rs` + +- **Mesh identity:** `crates/quicprochat-p2p/src/identity.rs` +- **Store-and-forward:** `crates/quicprochat-p2p/src/store.rs` + `envelope.rs` -- **Broadcast:** `crates/quicproquo-p2p/src/broadcast.rs` -- **mDNS discovery:** `crates/quicproquo-client/src/client/mesh_discovery.rs` -- **Federation routing:** `crates/quicproquo-server/src/node_service/delivery.rs` -- **REPL commands:** mesh handlers in `crates/quicproquo-client/src/client/repl.rs` +- **Broadcast:** `crates/quicprochat-p2p/src/broadcast.rs` +- **mDNS discovery:** `crates/quicprochat-client/src/client/mesh_discovery.rs` +- **Federation routing:** `crates/quicprochat-server/src/node_service/delivery.rs` +- **REPL commands:** mesh handlers in `crates/quicprochat-client/src/client/repl.rs` diff --git a/docs/src/getting-started/prerequisites.md b/docs/src/getting-started/prerequisites.md index e5c4416..2be893f 100644 --- a/docs/src/getting-started/prerequisites.md +++ b/docs/src/getting-started/prerequisites.md @@ -1,6 +1,6 @@ # Prerequisites -Before building quicproquo you need a Rust toolchain. No other system tools are required — Protobuf compilation is handled automatically at build time by the `protobuf-src` crate, which vendors the `protoc` compiler. Docker is optional and useful for reproducible builds and deployment. +Before building quicprochat you need a Rust toolchain. No other system tools are required — Protobuf compilation is handled automatically at build time by the `protobuf-src` crate, which vendors the `protoc` compiler. Docker is optional and useful for reproducible builds and deployment. --- @@ -8,7 +8,7 @@ Before building quicproquo you need a Rust toolchain. No other system tools are **Minimum supported Rust version: 1.77+ (stable)** -quicproquo uses the 2021 edition and workspace resolver v2. Any stable Rust release from 1.77 onward should work. Install or update via [rustup](https://rustup.rs/): +quicprochat uses the 2021 edition and workspace resolver v2. Any stable Rust release from 1.77 onward should work. Install or update via [rustup](https://rustup.rs/): ```bash # Install rustup (if not already present) @@ -29,7 +29,7 @@ The workspace depends on several crates that use procedural macros (`serde_deriv ## No external compiler dependencies -In v2, all wire-format serialisation uses [Protobuf](https://protobuf.dev/) via the `prost` crate. The `quicproquo-proto` crate's `build.rs` script drives code generation through `prost-build`, which in turn uses the `protobuf-src` crate to compile and use a vendored copy of `protoc`. **You do not need to install `protoc` or any other system compiler.** +In v2, all wire-format serialisation uses [Protobuf](https://protobuf.dev/) via the `prost` crate. The `quicprochat-proto` crate's `build.rs` script drives code generation through `prost-build`, which in turn uses the `protobuf-src` crate to compile and use a vendored copy of `protoc`. **You do not need to install `protoc` or any other system compiler.** The legacy Cap'n Proto schemas (`schemas/`) are still present for reference, but the v2 runtime and RPC framework use Protobuf exclusively. @@ -37,7 +37,7 @@ The legacy Cap'n Proto schemas (`schemas/`) are still present for reference, but ## Optional: Docker and Docker Compose -If you prefer to build and run quicproquo in containers, you will need: +If you prefer to build and run quicprochat in containers, you will need: - **Docker Engine** 20.10+ (or Docker Desktop) - **Docker Compose** v2+ (the `docker compose` plugin, not the legacy `docker-compose` binary) diff --git a/docs/src/getting-started/repl-reference.md b/docs/src/getting-started/repl-reference.md index 5fd1263..1db9c14 100644 --- a/docs/src/getting-started/repl-reference.md +++ b/docs/src/getting-started/repl-reference.md @@ -1,11 +1,11 @@ # REPL Command Reference -The qpq interactive REPL provides 40+ slash commands for messaging, group +The qpc interactive REPL provides 40+ slash commands for messaging, group management, file transfer, privacy controls, and mesh networking. Launch it with: ```bash -cargo run --bin qpq -- repl --username alice --password mypass +cargo run --bin qpc -- repl --username alice --password mypass ``` Type any text without a leading `/` to send a message in the active @@ -79,12 +79,12 @@ conversation. These commands require the client to be built with mesh support: ```bash -cargo build -p quicproquo-client --features mesh +cargo build -p quicprochat-client --features mesh ``` | Command | Description | |---|---| -| `/mesh peers` | Scan for nearby qpq nodes via mDNS (`_quicproquo._udp.local.`) | +| `/mesh peers` | Scan for nearby qpc nodes via mDNS (`_quicprochat._udp.local.`) | | `/mesh server ` | Note a discovered server address for connection | | `/mesh send ` | Send a direct P2P message via iroh transport | | `/mesh broadcast ` | Publish a message to a broadcast channel | diff --git a/docs/src/getting-started/rich-messaging.md b/docs/src/getting-started/rich-messaging.md index 9b6e939..78aaeb0 100644 --- a/docs/src/getting-started/rich-messaging.md +++ b/docs/src/getting-started/rich-messaging.md @@ -1,6 +1,6 @@ # Rich Messaging -quicproquo supports rich messaging features beyond basic text: reactions, read +quicprochat supports rich messaging features beyond basic text: reactions, read receipts, typing indicators, message editing, and message deletion. All message types are end-to-end encrypted inside MLS ciphertext — the server only sees opaque bytes. @@ -86,9 +86,9 @@ All rich message types use the same binary envelope inside the MLS ciphertext: ## Implementation -- **Core serialisation:** `crates/quicproquo-core/src/app_message.rs` — the +- **Core serialisation:** `crates/quicprochat-core/src/app_message.rs` — the `AppMessage` enum with `serialize()` / `deserialize()` methods -- **REPL commands:** `crates/quicproquo-client/src/client/repl.rs` — slash +- **REPL commands:** `crates/quicprochat-client/src/client/repl.rs` — slash command handlers -- **Display:** `crates/quicproquo-client/src/client/display.rs` — typing +- **Display:** `crates/quicprochat-client/src/client/display.rs` — typing indicator rendering diff --git a/docs/src/getting-started/running-the-client.md b/docs/src/getting-started/running-the-client.md index a3dfa00..ee7cf5c 100644 --- a/docs/src/getting-started/running-the-client.md +++ b/docs/src/getting-started/running-the-client.md @@ -1,6 +1,6 @@ # Running the Client -The quicproquo CLI client provides subcommands for connectivity testing, identity registration, KeyPackage exchange, and persistent group messaging. All commands connect to the server over QUIC + TLS 1.3 and issue Cap'n Proto RPC calls against the `NodeService` endpoint. +The quicprochat CLI client provides subcommands for connectivity testing, identity registration, KeyPackage exchange, and persistent group messaging. All commands connect to the server over QUIC + TLS 1.3 and issue Cap'n Proto RPC calls against the `NodeService` endpoint. --- @@ -10,8 +10,8 @@ These flags apply to every subcommand: | Flag | Env var | Default | Purpose | |---|---|---|---| -| `--ca-cert` | `QPQ_CA_CERT` | `data/server-cert.der` | Path to the server's TLS certificate (DER format). The client uses this to verify the server's identity during the TLS handshake. | -| `--server-name` | `QPQ_SERVER_NAME` | `localhost` | Expected TLS server name. Must match a SAN in the server's certificate. | +| `--ca-cert` | `QPC_CA_CERT` | `data/server-cert.der` | Path to the server's TLS certificate (DER format). The client uses this to verify the server's identity during the TLS handshake. | +| `--server-name` | `QPC_SERVER_NAME` | `localhost` | Expected TLS server name. Must match a SAN in the server's certificate. | Most subcommands also accept `--server` (default `127.0.0.1:7000`) to specify the server address. @@ -24,11 +24,11 @@ Most subcommands also accept `--server` (default `127.0.0.1:7000`) to specify th Send a health probe to the server and print the round-trip time. ```bash -cargo run -p quicproquo-client -- ping +cargo run -p quicprochat-client -- ping ``` ```bash -cargo run -p quicproquo-client -- ping --server 192.168.1.10:7000 +cargo run -p quicprochat-client -- ping --server 192.168.1.10:7000 ``` **Output:** @@ -49,7 +49,7 @@ These commands generate a fresh identity keypair in memory each time they run. T Generate a fresh Ed25519 identity, create an MLS KeyPackage, and upload it to the Authentication Service. ```bash -cargo run -p quicproquo-client -- register +cargo run -p quicprochat-client -- register ``` **Output:** @@ -66,7 +66,7 @@ Share the `identity_key` value with peers who want to add you to a group. They w Fetch a peer's KeyPackage from the Authentication Service by their Ed25519 public key. ```bash -cargo run -p quicproquo-client -- fetch-key a1b2c3d4e5f6... +cargo run -p quicprochat-client -- fetch-key a1b2c3d4e5f6... ``` The `identity_key` argument must be exactly 64 lowercase hex characters (32 bytes). @@ -90,7 +90,7 @@ KeyPackages are single-use: fetching a KeyPackage atomically removes it from the Run a complete Alice-and-Bob MLS round-trip against a live server. Both identities are created in-process; both communicate through the server's AS and DS. ```bash -cargo run -p quicproquo-client -- demo-group --server 127.0.0.1:7000 +cargo run -p quicprochat-client -- demo-group --server 127.0.0.1:7000 ``` **Output:** @@ -106,21 +106,21 @@ This is the fastest way to verify that the entire stack (QUIC + TLS + Cap'n Prot ## Persistent group commands -These commands use a state file (`--state`, default `qpq-state.bin`) to persist the Ed25519 identity seed and MLS group state between invocations. A companion key store file (same path with `.ks` extension) holds HPKE init private keys. +These commands use a state file (`--state`, default `qpc-state.bin`) to persist the Ed25519 identity seed and MLS group state between invocations. A companion key store file (same path with `.ks` extension) holds HPKE init private keys. All persistent commands share the `--state` flag: | Flag | Env var | Default | |---|---|---| -| `--state` | `QPQ_STATE` | `qpq-state.bin` | -| `--server` | `QPQ_SERVER` | `127.0.0.1:7000` | +| `--state` | `QPC_STATE` | `qpc-state.bin` | +| `--server` | `QPC_SERVER` | `127.0.0.1:7000` | ### `register-state` Create or load a persistent identity, generate a KeyPackage, and upload it to the AS. ```bash -cargo run -p quicproquo-client -- register-state \ +cargo run -p quicprochat-client -- register-state \ --state alice.bin \ --server 127.0.0.1:7000 ``` @@ -141,10 +141,10 @@ Refresh the KeyPackage on the server using your **existing** state file. Does no - Your KeyPackage has expired (server TTL, e.g. 24h). - Your KeyPackage was consumed (someone invited you) and you want to be invitable again. -Run with the same `--access-token` (or `QPQ_ACCESS_TOKEN`) as for other commands. +Run with the same `--access-token` (or `QPC_ACCESS_TOKEN`) as for other commands. ```bash -cargo run -p quicproquo-client -- refresh-keypackage \ +cargo run -p quicprochat-client -- refresh-keypackage \ --state alice.bin \ --server 127.0.0.1:7000 ``` @@ -163,7 +163,7 @@ If you are told "no key" when someone tries to invite you, have them wait and ru Create a new MLS group. The caller becomes the sole member at epoch 0. ```bash -cargo run -p quicproquo-client -- create-group \ +cargo run -p quicprochat-client -- create-group \ --state alice.bin \ --group-id "project-chat" ``` @@ -180,7 +180,7 @@ The group state is saved to the state file. You can now invite peers with `invit Fetch a peer's KeyPackage from the AS, add them to the group, and deliver the Welcome message via the DS. ```bash -cargo run -p quicproquo-client -- invite \ +cargo run -p quicprochat-client -- invite \ --state alice.bin \ --peer-key b9a8c7d6e5f4... \ --server 127.0.0.1:7000 @@ -202,7 +202,7 @@ invited peer (welcome queued) Join a group by consuming a Welcome message from the DS. ```bash -cargo run -p quicproquo-client -- join \ +cargo run -p quicprochat-client -- join \ --state bob.bin \ --server 127.0.0.1:7000 ``` @@ -219,7 +219,7 @@ joined group successfully Encrypt and send an application message to a peer via the DS. ```bash -cargo run -p quicproquo-client -- send \ +cargo run -p quicprochat-client -- send \ --state alice.bin \ --peer-key b9a8c7d6e5f4... \ --msg "hello from alice" \ @@ -238,7 +238,7 @@ message sent Receive and decrypt all pending messages from the DS. ```bash -cargo run -p quicproquo-client -- recv \ +cargo run -p quicprochat-client -- recv \ --state bob.bin \ --server 127.0.0.1:7000 ``` @@ -257,12 +257,12 @@ Additional flags: ```bash # Wait up to 5 seconds for messages -cargo run -p quicproquo-client -- recv \ +cargo run -p quicprochat-client -- recv \ --state bob.bin \ --wait-ms 5000 # Stream messages continuously -cargo run -p quicproquo-client -- recv \ +cargo run -p quicprochat-client -- recv \ --state bob.bin \ --stream --wait-ms 10000 ``` @@ -271,7 +271,7 @@ cargo run -p quicproquo-client -- recv \ ## HPKE init key lifecycle warning -The MLS protocol requires that the HPKE init private key generated during KeyPackage creation is available when processing the corresponding Welcome message. In quicproquo, this private key is stored in the key store file (`.ks` extension alongside the state file). +The MLS protocol requires that the HPKE init private key generated during KeyPackage creation is available when processing the corresponding Welcome message. In quicprochat, this private key is stored in the key store file (`.ks` extension alongside the state file). **The same state file and key store must be used for both `register-state` and `join`.** If you: diff --git a/docs/src/getting-started/running-the-server.md b/docs/src/getting-started/running-the-server.md index fcf6216..9f6eaf8 100644 --- a/docs/src/getting-started/running-the-server.md +++ b/docs/src/getting-started/running-the-server.md @@ -1,13 +1,13 @@ # Running the Server -The quicproquo server is a single binary (`qpq-server`) that exposes a unified **NodeService** endpoint combining Authentication Service (OPAQUE registration/login, KeyPackage management) and Delivery Service (message relay) operations over a single QUIC + TLS 1.3 connection. +The quicprochat server is a single binary (`qpc-server`) that exposes a unified **NodeService** endpoint combining Authentication Service (OPAQUE registration/login, KeyPackage management) and Delivery Service (message relay) operations over a single QUIC + TLS 1.3 connection. --- ## Quick start ```bash -cargo run -p quicproquo-server -- --allow-insecure-auth +cargo run -p quicprochat-server -- --allow-insecure-auth ``` On first launch the server will: @@ -21,8 +21,8 @@ On first launch the server will: You should see output similar to: ``` -2026-01-01T00:00:00.000000Z INFO qpq_server: generated self-signed TLS certificate cert="data/server-cert.der" key="data/server-key.der" -2026-01-01T00:00:00.000000Z INFO qpq_server: accepting QUIC connections addr="0.0.0.0:7000" +2026-01-01T00:00:00.000000Z INFO qpc_server: generated self-signed TLS certificate cert="data/server-cert.der" key="data/server-key.der" +2026-01-01T00:00:00.000000Z INFO qpc_server: accepting QUIC connections addr="0.0.0.0:7000" ``` > **Development note:** `--allow-insecure-auth` bypasses the requirement for a static bearer token. Do not use this flag in production. @@ -31,108 +31,108 @@ You should see output similar to: ## Configuration -All configuration is available via CLI flags, environment variables, or a TOML config file (`qpq-server.toml` by default, overridden with `--config`). CLI flags take precedence over the config file. +All configuration is available via CLI flags, environment variables, or a TOML config file (`qpc-server.toml` by default, overridden with `--config`). CLI flags take precedence over the config file. ### Core flags | Purpose | CLI flag | Env var | Default | |---|---|---|---| -| QUIC listen address | `--listen` | `QPQ_LISTEN` | `0.0.0.0:7000` | -| TLS certificate (DER) | `--tls-cert` | `QPQ_TLS_CERT` | `data/server-cert.der` | -| TLS private key (DER) | `--tls-key` | `QPQ_TLS_KEY` | `data/server-key.der` | -| Data directory | `--data-dir` | `QPQ_DATA_DIR` | `data` | -| TOML config file | `--config` | `QPQ_CONFIG` | `qpq-server.toml` | +| QUIC listen address | `--listen` | `QPC_LISTEN` | `0.0.0.0:7000` | +| TLS certificate (DER) | `--tls-cert` | `QPC_TLS_CERT` | `data/server-cert.der` | +| TLS private key (DER) | `--tls-key` | `QPC_TLS_KEY` | `data/server-key.der` | +| Data directory | `--data-dir` | `QPC_DATA_DIR` | `data` | +| TOML config file | `--config` | `QPC_CONFIG` | `qpc-server.toml` | | Log level | -- | `RUST_LOG` | `info` | ### Authentication flags | Purpose | CLI flag | Env var | Default | |---|---|---|---| -| Static bearer token | `--auth-token` | `QPQ_AUTH_TOKEN` | (none) | -| Skip token requirement (dev only) | `--allow-insecure-auth` | `QPQ_ALLOW_INSECURE_AUTH` | `false` | -| Sealed sender mode | `--sealed-sender` | `QPQ_SEALED_SENDER` | `false` | +| Static bearer token | `--auth-token` | `QPC_AUTH_TOKEN` | (none) | +| Skip token requirement (dev only) | `--allow-insecure-auth` | `QPC_ALLOW_INSECURE_AUTH` | `false` | +| Sealed sender mode | `--sealed-sender` | `QPC_SEALED_SENDER` | `false` | ### Storage flags | Purpose | CLI flag | Env var | Default | |---|---|---|---| -| Storage backend | `--store-backend` | `QPQ_STORE_BACKEND` | `file` | -| SQLCipher DB path | `--db-path` | `QPQ_DB_PATH` | `data/qpq.db` | -| SQLCipher encryption key | `--db-key` | `QPQ_DB_KEY` | (empty = plaintext) | +| Storage backend | `--store-backend` | `QPC_STORE_BACKEND` | `file` | +| SQLCipher DB path | `--db-path` | `QPC_DB_PATH` | `data/qpc.db` | +| SQLCipher encryption key | `--db-key` | `QPC_DB_KEY` | (empty = plaintext) | ### Transport and timeout flags | Purpose | CLI flag | Env var | Default | |---|---|---|---| -| Drain timeout (graceful shutdown) | `--drain-timeout` | `QPQ_DRAIN_TIMEOUT` | `30` s | -| Per-RPC timeout | `--rpc-timeout` | `QPQ_RPC_TIMEOUT` | `30` s | -| Storage operation timeout | `--storage-timeout` | `QPQ_STORAGE_TIMEOUT` | `10` s | +| Drain timeout (graceful shutdown) | `--drain-timeout` | `QPC_DRAIN_TIMEOUT` | `30` s | +| Per-RPC timeout | `--rpc-timeout` | `QPC_RPC_TIMEOUT` | `30` s | +| Storage operation timeout | `--storage-timeout` | `QPC_STORAGE_TIMEOUT` | `10` s | ### Extension flags | Purpose | CLI flag | Env var | Default | |---|---|---|---| -| Plugin directory | `--plugin-dir` | `QPQ_PLUGIN_DIR` | (none) | -| WebSocket bridge address | `--ws-listen` | `QPQ_WS_LISTEN` | (none) | -| WebTransport address | `--webtransport-listen` | `QPQ_WEBTRANSPORT_LISTEN` | (none) | -| Federation | `--federation-enabled` | `QPQ_FEDERATION_ENABLED` | `false` | -| Federation domain | `--federation-domain` | `QPQ_FEDERATION_DOMAIN` | (none) | -| Federation listen address | `--federation-listen` | `QPQ_FEDERATION_LISTEN` | `0.0.0.0:7001` | -| Redact audit logs | `--redact-logs` | `QPQ_REDACT_LOGS` | `false` | -| Metrics listen address | `--metrics-listen` | `QPQ_METRICS_LISTEN` | (none) | +| Plugin directory | `--plugin-dir` | `QPC_PLUGIN_DIR` | (none) | +| WebSocket bridge address | `--ws-listen` | `QPC_WS_LISTEN` | (none) | +| WebTransport address | `--webtransport-listen` | `QPC_WEBTRANSPORT_LISTEN` | (none) | +| Federation | `--federation-enabled` | `QPC_FEDERATION_ENABLED` | `false` | +| Federation domain | `--federation-domain` | `QPC_FEDERATION_DOMAIN` | (none) | +| Federation listen address | `--federation-listen` | `QPC_FEDERATION_LISTEN` | `0.0.0.0:7001` | +| Redact audit logs | `--redact-logs` | `QPC_REDACT_LOGS` | `false` | +| Metrics listen address | `--metrics-listen` | `QPC_METRICS_LISTEN` | (none) | ### Examples ```bash # Development: no auth token required -cargo run -p quicproquo-server -- --allow-insecure-auth +cargo run -p quicprochat-server -- --allow-insecure-auth # Listen on a custom port -cargo run -p quicproquo-server -- --allow-insecure-auth --listen 0.0.0.0:5001 +cargo run -p quicprochat-server -- --allow-insecure-auth --listen 0.0.0.0:5001 # Use SQLCipher storage backend -cargo run -p quicproquo-server -- \ +cargo run -p quicprochat-server -- \ --allow-insecure-auth \ --store-backend sql \ - --db-path data/qpq.db \ + --db-path data/qpc.db \ --db-key mysecretkey # Load server plugins from a directory -cargo run -p quicproquo-server -- \ +cargo run -p quicprochat-server -- \ --allow-insecure-auth \ --plugin-dir /path/to/plugins # Enable WebSocket bridge for browser clients -cargo run -p quicproquo-server -- \ +cargo run -p quicprochat-server -- \ --allow-insecure-auth \ --ws-listen 0.0.0.0:9000 # Via environment variables -QPQ_LISTEN=0.0.0.0:5001 \ -QPQ_ALLOW_INSECURE_AUTH=true \ +QPC_LISTEN=0.0.0.0:5001 \ +QPC_ALLOW_INSECURE_AUTH=true \ RUST_LOG=debug \ -cargo run -p quicproquo-server +cargo run -p quicprochat-server ``` --- ## Production deployment -Set `QPQ_PRODUCTION=true` to enable production validation. The server enforces: +Set `QPC_PRODUCTION=true` to enable production validation. The server enforces: - `--allow-insecure-auth` is **prohibited**. -- `QPQ_AUTH_TOKEN` must be set, non-empty, at least 16 characters, and not equal to `devtoken`. +- `QPC_AUTH_TOKEN` must be set, non-empty, at least 16 characters, and not equal to `devtoken`. - TLS cert and key files must already exist (auto-generation is disabled). -- When `--store-backend=sql`, `QPQ_DB_KEY` must be non-empty. +- When `--store-backend=sql`, `QPC_DB_KEY` must be non-empty. ```bash -QPQ_PRODUCTION=true \ -QPQ_AUTH_TOKEN= \ -QPQ_TLS_CERT=/etc/quicproquo/cert.der \ -QPQ_TLS_KEY=/etc/quicproquo/key.der \ -QPQ_STORE_BACKEND=sql \ -QPQ_DB_KEY= \ -qpq-server +QPC_PRODUCTION=true \ +QPC_AUTH_TOKEN= \ +QPC_TLS_CERT=/etc/quicprochat/cert.der \ +QPC_TLS_KEY=/etc/quicprochat/key.der \ +QPC_STORE_BACKEND=sql \ +QPC_DB_KEY= \ +qpc-server ``` --- @@ -160,7 +160,7 @@ To use a certificate issued by a CA or a custom self-signed certificate: ``` 2. Point the server at them: ```bash - cargo run -p quicproquo-server -- \ + cargo run -p quicprochat-server -- \ --allow-insecure-auth \ --tls-cert cert.der \ --tls-key key.der @@ -171,7 +171,7 @@ To use a certificate issued by a CA or a custom self-signed certificate: - **Protocol versions**: TLS 1.3 only. TLS 1.2 and below are rejected. - **Client authentication**: Disabled. Client identity is established at the MLS/OPAQUE layer, not at the TLS layer. -- **ALPN**: The server advertises `b"qpq/1"` as the application-layer protocol. +- **ALPN**: The server advertises `b"qpc/1"` as the application-layer protocol. --- @@ -201,13 +201,13 @@ The server uses `tracing` with `tracing-subscriber` and respects the `RUST_LOG` ```bash # Default: info level -RUST_LOG=info cargo run -p quicproquo-server -- --allow-insecure-auth +RUST_LOG=info cargo run -p quicprochat-server -- --allow-insecure-auth # Debug level for detailed RPC tracing -RUST_LOG=debug cargo run -p quicproquo-server -- --allow-insecure-auth +RUST_LOG=debug cargo run -p quicprochat-server -- --allow-insecure-auth # Filter to specific crates -RUST_LOG=quicproquo_server=debug,quinn=warn cargo run -p quicproquo-server -- --allow-insecure-auth +RUST_LOG=quicprochat_server=debug,quinn=warn cargo run -p quicprochat-server -- --allow-insecure-auth ``` --- diff --git a/docs/src/getting-started/tls.md b/docs/src/getting-started/tls.md index 68c23eb..0c54761 100644 --- a/docs/src/getting-started/tls.md +++ b/docs/src/getting-started/tls.md @@ -1,10 +1,10 @@ -# TLS in quicproquo +# TLS in quicprochat -quicproquo uses QUIC (RFC 9000) for all client-server communication. QUIC mandates TLS 1.3, so every connection is encrypted and authenticated at the transport layer — there is no plaintext mode. +quicprochat uses QUIC (RFC 9000) for all client-server communication. QUIC mandates TLS 1.3, so every connection is encrypted and authenticated at the transport layer — there is no plaintext mode. ## How it works -The server holds a TLS certificate and private key (DER format). On startup it either loads existing files or, in development mode, generates a self-signed certificate automatically. The client authenticates the server by verifying its certificate against a trusted root provided via `--ca-cert` (or `QPQ_CA_CERT`). +The server holds a TLS certificate and private key (DER format). On startup it either loads existing files or, in development mode, generates a self-signed certificate automatically. The client authenticates the server by verifying its certificate against a trusted root provided via `--ca-cert` (or `QPC_CA_CERT`). The TLS handshake negotiates the ALPN protocol `capnp`, after which the QUIC bi-directional stream carries Cap'n Proto RPC traffic. @@ -13,29 +13,29 @@ The TLS handshake negotiates the ALPN protocol `capnp`, after which the QUIC bi- By default the client trusts exactly the certificate (or CA) in the file given by `--ca-cert`: ```bash -qpq --ca-cert data/server-cert.der --server-name localhost health --server 127.0.0.1:7000 +qpc --ca-cert data/server-cert.der --server-name localhost health --server 127.0.0.1:7000 ``` This is a form of **certificate pinning**: the client will only connect to a server whose certificate chains to the provided root. For single-server deployments, pass the server's own self-signed certificate. For CA-issued certificates, pass the CA's root certificate instead. | Flag / Env var | Purpose | |---|---| -| `--ca-cert` / `QPQ_CA_CERT` | Path to trusted root certificate (DER) | -| `--server-name` / `QPQ_SERVER_NAME` | Expected TLS server name (must match certificate SAN) | +| `--ca-cert` / `QPC_CA_CERT` | Path to trusted root certificate (DER) | +| `--server-name` / `QPC_SERVER_NAME` | Expected TLS server name (must match certificate SAN) | ## The `--danger-accept-invalid-certs` flag For local development and testing you can skip certificate verification entirely: ```bash -qpq --danger-accept-invalid-certs health --server 127.0.0.1:7000 +qpc --danger-accept-invalid-certs health --server 127.0.0.1:7000 ``` Or via the environment: ```bash -export QPQ_DANGER_ACCEPT_INVALID_CERTS=true -qpq health --server 127.0.0.1:7000 +export QPC_DANGER_ACCEPT_INVALID_CERTS=true +qpc health --server 127.0.0.1:7000 ``` When active, the client prints a warning to stderr: @@ -50,7 +50,7 @@ WARNING: TLS verification disabled — insecure mode ### Using rcgen (Rust) -The server generates a self-signed certificate automatically when the cert/key files are missing (unless `QPQ_PRODUCTION=1` is set). The generated files are written to: +The server generates a self-signed certificate automatically when the cert/key files are missing (unless `QPC_PRODUCTION=1` is set). The generated files are written to: - `data/server-cert.der` — DER-encoded certificate - `data/server-key.der` — DER-encoded PKCS#8 private key @@ -66,7 +66,7 @@ openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" -# Convert to DER format (required by quicproquo) +# Convert to DER format (required by quicprochat) openssl x509 -in cert.pem -outform DER -out data/server-cert.der openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out data/server-key.der -nocrypt ``` @@ -74,15 +74,15 @@ openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out data/server-key.d Point the server at the DER files: ```bash -export QPQ_TLS_CERT=data/server-cert.der -export QPQ_TLS_KEY=data/server-key.der -cargo run -p quicproquo-server +export QPC_TLS_CERT=data/server-cert.der +export QPC_TLS_KEY=data/server-key.der +cargo run -p quicprochat-server ``` And the client at the certificate: ```bash -qpq --ca-cert data/server-cert.der --server-name localhost repl +qpc --ca-cert data/server-cert.der --server-name localhost repl ``` ## CA-issued certificates @@ -94,7 +94,7 @@ For production deployments with a public CA (e.g. Let's Encrypt): 3. Configure the client to trust the CA root rather than the server certificate directly: ```bash -qpq --ca-cert /etc/ssl/certs/isrg-root-x1.der --server-name chat.example.com repl +qpc --ca-cert /etc/ssl/certs/isrg-root-x1.der --server-name chat.example.com repl ``` See [Certificate Lifecycle and CA-Signed TLS](certificate-lifecycle.md) for rotation, OCSP, and operational details. diff --git a/docs/src/getting-started/typescript-sdk.md b/docs/src/getting-started/typescript-sdk.md index a7bd063..954c1cd 100644 --- a/docs/src/getting-started/typescript-sdk.md +++ b/docs/src/getting-started/typescript-sdk.md @@ -1,6 +1,6 @@ # TypeScript SDK and Browser Demo -The TypeScript SDK (`sdks/typescript/`) provides `@quicproquo/client` — a +The TypeScript SDK (`sdks/typescript/`) provides `@quicprochat/client` — a browser-ready client with WASM-powered crypto operations and WebSocket transport. @@ -8,7 +8,7 @@ transport. - **WASM crypto bundle** (175 KB) — Ed25519 signatures, X25519 + ML-KEM-768 hybrid encryption, safety numbers, sealed sender, and message padding, - compiled from the Rust `quicproquo-core` crate + compiled from the Rust `quicprochat-core` crate - **`QpqClient` class** — high-level API for server connectivity and crypto - **Offline mode** — all crypto operations work without a server connection - **Browser demo** — interactive HTML page for trying every crypto operation @@ -33,7 +33,7 @@ cd sdks/typescript/wasm-crypto wasm-pack build --target web --out-dir ../pkg ``` -This compiles `quicproquo-core`'s crypto modules to WebAssembly and produces +This compiles `quicprochat-core`'s crypto modules to WebAssembly and produces JavaScript + TypeScript bindings in `sdks/typescript/pkg/`. ### 2. Build the TypeScript SDK @@ -75,7 +75,7 @@ The crypto operations work entirely offline — no server connection needed. ### Server connectivity -The Chat section of the demo connects via WebSocket. Since the native qpq +The Chat section of the demo connects via WebSocket. Since the native qpc server speaks Cap'n Proto RPC over QUIC/TCP + Noise_XX, a WebSocket bridge proxy is required for browser connectivity. The demo sends JSON-framed requests over WebSocket. @@ -85,7 +85,7 @@ requests over WebSocket. ### Offline crypto (no server) ```typescript -import { QpqClient } from "@quicproquo/client"; +import { QpqClient } from "@quicprochat/client"; const client = await QpqClient.offline(); diff --git a/docs/src/getting-started/wasm.md b/docs/src/getting-started/wasm.md index 4ed4f6f..7f83d42 100644 --- a/docs/src/getting-started/wasm.md +++ b/docs/src/getting-started/wasm.md @@ -1,6 +1,6 @@ # WASM Integration -The `quicproquo-core` crate supports compilation to `wasm32-unknown-unknown` +The `quicprochat-core` crate supports compilation to `wasm32-unknown-unknown` when the `native` feature is disabled. This exposes the pure-crypto subset of the library for use in browsers or other WASM runtimes. @@ -9,7 +9,7 @@ the library for use in browsers or other WASM runtimes. ```bash rustup target add wasm32-unknown-unknown -cargo build -p quicproquo-core \ +cargo build -p quicprochat-core \ --target wasm32-unknown-unknown \ --no-default-features ``` @@ -43,13 +43,13 @@ The following require the `native` feature and will not compile to WASM: - `keystore` -- OpenMLS key store with disk persistence - `opaque_auth` -- OPAQUE cipher suite configuration -Networking (`quicproquo-client`, `quicproquo-server`) is not available in WASM. +Networking (`quicprochat-client`, `quicprochat-server`) is not available in WASM. ## Random number generation On `wasm32`, the `getrandom` crate is configured with the `js` feature to use the browser's `crypto.getRandomValues()` API. This is set automatically -in `quicproquo-core/Cargo.toml`: +in `quicprochat-core/Cargo.toml`: ```toml [target.'cfg(target_arch = "wasm32")'.dependencies] @@ -71,7 +71,7 @@ cd sdks/typescript/wasm-crypto wasm-pack build --target web --out-dir ../pkg ``` -The resulting 175 KB WASM bundle is used by the `@quicproquo/client` +The resulting 175 KB WASM bundle is used by the `@quicprochat/client` TypeScript SDK and the interactive browser demo. See the [TypeScript SDK and Browser Demo](typescript-sdk.md) guide for diff --git a/docs/src/internals/authentication-service.md b/docs/src/internals/authentication-service.md index 26f19cd..18f60a7 100644 --- a/docs/src/internals/authentication-service.md +++ b/docs/src/internals/authentication-service.md @@ -5,15 +5,15 @@ The Authentication Service handles user registration and login via the OPAQUE as This page covers the server-side OPAQUE flow, session token lifecycle, KeyPackage storage, and hybrid key endpoints. **Sources:** -- `crates/quicproquo-server/src/domain/` (OPAQUE handlers, session management) -- `crates/quicproquo-server/src/sql_store.rs` (SqlStore persistence) -- `proto/qpq/v1/auth.proto` (wire schema) +- `crates/quicprochat-server/src/domain/` (OPAQUE handlers, session management) +- `crates/quicprochat-server/src/sql_store.rs` (SqlStore persistence) +- `proto/qpc/v1/auth.proto` (wire schema) --- ## OPAQUE Protocol -quicproquo uses the OPAQUE asymmetric PAKE (RFC 9497) for user authentication. The password never leaves the client and is never known to the server. The server stores an OPAQUE registration record derived from the password, but this record cannot be used to recover the password even if the server is fully compromised. +quicprochat uses the OPAQUE asymmetric PAKE (RFC 9497) for user authentication. The password never leaves the client and is never known to the server. The server stores an OPAQUE registration record derived from the password, but this record cannot be used to recover the password even if the server is fully compromised. ### Registration (IDs 100-101) @@ -184,7 +184,7 @@ Returns a range of entries from the append-only log for client-side Merkle verif ## Server implementation structure ```rust -// Domain handler (quicproquo-server/src/domain/) +// Domain handler (quicprochat-server/src/domain/) struct AuthHandler { store: Arc, // SQLCipher persistence opaque_server: OpaqueServer, // opaque-ke server state diff --git a/docs/src/internals/delivery-service.md b/docs/src/internals/delivery-service.md index 85214b9..174331c 100644 --- a/docs/src/internals/delivery-service.md +++ b/docs/src/internals/delivery-service.md @@ -6,8 +6,8 @@ recipient identity key and channel identifier. The DS exposes three operations through the `NodeService` RPC interface: `enqueue`, `fetch`, and `fetchWait`. **Sources:** -- `crates/quicproquo-server/src/main.rs` (RPC handlers) -- `crates/quicproquo-server/src/storage.rs` (queue storage) +- `crates/quicprochat-server/src/main.rs` (RPC handlers) +- `crates/quicprochat-server/src/storage.rs` (queue storage) - `schemas/node.capnp` (wire schema) --- diff --git a/docs/src/internals/group-member-lifecycle.md b/docs/src/internals/group-member-lifecycle.md index a72298a..67f6876 100644 --- a/docs/src/internals/group-member-lifecycle.md +++ b/docs/src/internals/group-member-lifecycle.md @@ -1,12 +1,12 @@ # GroupMember Lifecycle -The `GroupMember` struct in `quicproquo-core` is the core MLS state machine +The `GroupMember` struct in `quicprochat-core` is the core MLS state machine that manages a single client's membership in an MLS group. It wraps an openmls `MlsGroup`, a persistent crypto backend, and the long-term Ed25519 identity keypair. Every MLS operation -- key package generation, group creation, member addition, joining, sending, and receiving -- flows through this struct. -**Source:** `crates/quicproquo-core/src/group.rs` +**Source:** `crates/quicprochat-core/src/group.rs` --- diff --git a/docs/src/internals/keypackage-exchange.md b/docs/src/internals/keypackage-exchange.md index 9492ee1..d80adb5 100644 --- a/docs/src/internals/keypackage-exchange.md +++ b/docs/src/internals/keypackage-exchange.md @@ -3,7 +3,7 @@ MLS KeyPackages are single-use tokens that enable a group creator to add a new member. The KeyPackage contains the member's HPKE init public key, their MLS credential (Ed25519 public key), and a signature proving ownership. The -quicproquo Authentication Service (AS) provides a simple upload/fetch +quicprochat Authentication Service (AS) provides a simple upload/fetch interface for distributing KeyPackages between clients. **Expiry and refresh:** KeyPackages are consumed on fetch (single-use). The server may also enforce a TTL (e.g. 24h). Clients should upload a fresh KeyPackage periodically or on demand so they remain invitable. The CLI provides `refresh-keypackage`: load existing state, generate a new KeyPackage, upload to the AS. See [Running the Client](../getting-started/running-the-client.md#refresh-keypackage). @@ -12,10 +12,10 @@ This page describes the end-to-end flow: from client-side generation through server-side storage to peer-side retrieval and consumption. **Sources:** -- `crates/quicproquo-core/src/group.rs` (client-side generation) -- `crates/quicproquo-server/src/main.rs` (server-side handlers) -- `crates/quicproquo-server/src/storage.rs` (server-side persistence) -- `crates/quicproquo-client/src/lib.rs` (client-side RPC calls) +- `crates/quicprochat-core/src/group.rs` (client-side generation) +- `crates/quicprochat-server/src/main.rs` (server-side handlers) +- `crates/quicprochat-server/src/storage.rs` (server-side persistence) +- `crates/quicprochat-client/src/lib.rs` (client-side RPC calls) - `schemas/node.capnp` (wire schema) --- @@ -274,10 +274,10 @@ identity; `register-state` loads from (or initializes) a persistent state file. ```bash # Ephemeral registration (for testing) -qpq register --server 127.0.0.1:7000 +qpc register --server 127.0.0.1:7000 # Persistent registration (production) -qpq register-state --state alice.bin --server 127.0.0.1:7000 +qpc register-state --state alice.bin --server 127.0.0.1:7000 ``` Output: @@ -292,7 +292,7 @@ KeyPackage uploaded successfully. Fetches a peer's KeyPackage by their hex-encoded Ed25519 public key: ```bash -qpq fetch-key --server 127.0.0.1:7000 7a3f... +qpc fetch-key --server 127.0.0.1:7000 7a3f... ``` --- diff --git a/docs/src/internals/server-hooks.md b/docs/src/internals/server-hooks.md index 3590d05..0411ea8 100644 --- a/docs/src/internals/server-hooks.md +++ b/docs/src/internals/server-hooks.md @@ -1,6 +1,6 @@ # Server Hooks -The `ServerHooks` trait provides a plugin system for extending the quicproquo +The `ServerHooks` trait provides a plugin system for extending the quicprochat server. Hooks fire at key points in the request lifecycle — message delivery, authentication, channel creation, and message fetch — allowing you to inspect, log, rate-limit, or reject operations without modifying server internals. @@ -169,7 +169,7 @@ impl ServerHooks for TracingHooks { ### Example: payload size limiter ```rust,ignore -use quicproquo_server::hooks::{ServerHooks, HookAction, MessageEvent}; +use quicprochat_server::hooks::{ServerHooks, HookAction, MessageEvent}; struct PayloadLimiter { max_bytes: usize, @@ -191,7 +191,7 @@ impl ServerHooks for PayloadLimiter { ### Example: login auditor ```rust,ignore -use quicproquo_server::hooks::{ServerHooks, AuthEvent}; +use quicprochat_server::hooks::{ServerHooks, AuthEvent}; struct LoginAuditor; @@ -210,7 +210,7 @@ impl ServerHooks for LoginAuditor { ### Example: composing multiple hooks ```rust,ignore -use quicproquo_server::hooks::*; +use quicprochat_server::hooks::*; struct CompositeHooks { hooks: Vec>, diff --git a/docs/src/internals/storage-backend.md b/docs/src/internals/storage-backend.md index aab8bcf..8375c15 100644 --- a/docs/src/internals/storage-backend.md +++ b/docs/src/internals/storage-backend.md @@ -1,11 +1,11 @@ # Storage Backend -quicproquo uses two storage backends: `SqlStore` on the server side (SQLCipher-encrypted SQLite with Argon2id key derivation) and `DiskKeyStore` on the client side (bincode-serialised file for MLS cryptographic key material). +quicprochat uses two storage backends: `SqlStore` on the server side (SQLCipher-encrypted SQLite with Argon2id key derivation) and `DiskKeyStore` on the client side (bincode-serialised file for MLS cryptographic key material). **Sources:** -- `crates/quicproquo-server/src/sql_store.rs` (SqlStore) -- `crates/quicproquo-server/src/storage.rs` (Store trait, FileBackedStore legacy) -- `crates/quicproquo-core/src/keystore.rs` (DiskKeyStore, StoreCrypto) +- `crates/quicprochat-server/src/sql_store.rs` (SqlStore) +- `crates/quicprochat-server/src/storage.rs` (Store trait, FileBackedStore legacy) +- `crates/quicprochat-core/src/keystore.rs` (DiskKeyStore, StoreCrypto) --- @@ -199,7 +199,7 @@ Persistent mode is used for production clients. The key store path is derived fr MLS entities MUST use bincode serialisation. The `DiskKeyStore` implements this with a two-layer scheme: -1. **Inner layer:** Each MLS entity value (`V: MlsEntity`) is serialised using the openmls-required serialisation format. The `DiskKeyStore` in quicproquo uses bincode for MLS entity values, matching the `OpenMlsKeyStore` trait requirements. +1. **Inner layer:** Each MLS entity value (`V: MlsEntity`) is serialised using the openmls-required serialisation format. The `DiskKeyStore` in quicprochat uses bincode for MLS entity values, matching the `OpenMlsKeyStore` trait requirements. 2. **Outer layer:** The entire `HashMap, Vec>` is bincode-serialised as the file on disk. **Important:** Do not use Protobuf or JSON for MLS entities. MLS requires bincode for the `DiskKeyStore` in this codebase. Using a different format will produce incompatible key material. diff --git a/docs/src/introduction.md b/docs/src/introduction.md index 2814ad8..d61d460 100644 --- a/docs/src/introduction.md +++ b/docs/src/introduction.md @@ -1,6 +1,6 @@ # Introduction -**quicproquo** is a research-oriented, end-to-end encrypted group messaging system written in Rust. It layers the Messaging Layer Security protocol (MLS, [RFC 9420](https://datatracker.ietf.org/doc/rfc9420/)) on top of QUIC + TLS 1.3 transport (via [quinn](https://github.com/quinn-rs/quinn) and [rustls](https://github.com/rustls/rustls)), with all service RPCs framed using a compact binary Protocol Buffers format over a custom framing layer. The project exists to explore how modern transport encryption (QUIC), a formally specified group key agreement protocol (MLS), and post-quantum hybrid key encapsulation compose in practice -- and to provide a readable, auditable reference implementation for security researchers, protocol designers, and Rust developers who want to study or extend the design. +**quicprochat** is a research-oriented, end-to-end encrypted group messaging system written in Rust. It layers the Messaging Layer Security protocol (MLS, [RFC 9420](https://datatracker.ietf.org/doc/rfc9420/)) on top of QUIC + TLS 1.3 transport (via [quinn](https://github.com/quinn-rs/quinn) and [rustls](https://github.com/rustls/rustls)), with all service RPCs framed using a compact binary Protocol Buffers format over a custom framing layer. The project exists to explore how modern transport encryption (QUIC), a formally specified group key agreement protocol (MLS), and post-quantum hybrid key encapsulation compose in practice -- and to provide a readable, auditable reference implementation for security researchers, protocol designers, and Rust developers who want to study or extend the design. --- @@ -18,9 +18,9 @@ Each layer addresses a distinct concern: -1. **QUIC + TLS 1.3** provides authenticated, confidential transport with 0-RTT connection establishment and multiplexed streams. The server presents a TLS 1.3 certificate (self-signed by default); the client verifies it against a local trust anchor. ALPN negotiation uses the token `qpq`. +1. **QUIC + TLS 1.3** provides authenticated, confidential transport with 0-RTT connection establishment and multiplexed streams. The server presents a TLS 1.3 certificate (self-signed by default); the client verifies it against a local trust anchor. ALPN negotiation uses the token `qpc`. -2. **Protobuf framing** defines the wire format for all service operations across 44 RPC methods. Each request carries a `[method_id: u16][request_id: u32][payload_len: u32]` header followed by a Protobuf-encoded payload. Server-to-client push events use a separate frame type on QUIC uni-streams. Message definitions live in `proto/qpq/v1/*.proto` and are compiled to Rust with `prost` at build time. +2. **Protobuf framing** defines the wire format for all service operations across 44 RPC methods. Each request carries a `[method_id: u16][request_id: u32][payload_len: u32]` header followed by a Protobuf-encoded payload. Server-to-client push events use a separate frame type on QUIC uni-streams. Message definitions live in `proto/qpc/v1/*.proto` and are compiled to Rust with `prost` at build time. 3. **MLS (RFC 9420)** provides the group key agreement layer. Each participant holds an Ed25519 identity keypair and generates single-use HPKE KeyPackages. The MLS epoch ratchet delivers forward secrecy and post-compromise security: compromising a member's state at epoch *n* does not reveal plaintext from epochs *< n* (forward secrecy) or *> n+1* (post-compromise security, once the compromised member updates). @@ -53,12 +53,12 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known **Security researchers** studying how MLS composes with QUIC transport and post-quantum hybrid KEM. The codebase spans 9 workspace crates with clear cryptographic boundaries for auditability. -**Protocol designers** evaluating MLS deployment patterns. quicproquo implements a concrete Authentication Service (AS) and Delivery Service (DS) pair, demonstrating single-use KeyPackage lifecycle, Welcome routing, and epoch advancement in a live system. +**Protocol designers** evaluating MLS deployment patterns. quicprochat implements a concrete Authentication Service (AS) and Delivery Service (DS) pair, demonstrating single-use KeyPackage lifecycle, Welcome routing, and epoch advancement in a live system. **Application developers** building on the platform via the Rust SDK: -- **`quicproquo-sdk`** -- `QpqClient` with async event streams and a `ConversationStore` -- **C FFI** -- cross-language integration via `quicproquo-plugin-api` +- **`quicprochat-sdk`** -- `QpqClient` with async event streams and a `ConversationStore` +- **C FFI** -- cross-language integration via `quicprochat-plugin-api` **Rust developers** looking for a working example of: @@ -73,7 +73,7 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known | Section | What you will find | |---|---| -| **[Comparison with Classical Protocols](design-rationale/protocol-comparison.md)** | **Why quicproquo? IRC+SSL, XMPP, Telegram vs. our design** | +| **[Comparison with Classical Protocols](design-rationale/protocol-comparison.md)** | **Why quicprochat? IRC+SSL, XMPP, Telegram vs. our design** | | [Prerequisites](getting-started/prerequisites.md) | Toolchain and system dependencies | | [Building from Source](getting-started/building.md) | `cargo build`, Protobuf codegen, troubleshooting | | [Running the Server](getting-started/running-the-server.md) | Server startup, configuration, TLS cert generation | @@ -90,7 +90,7 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known ## Current status -quicproquo is a **research project** with production-grade features. It has +quicprochat is a **research project** with production-grade features. It has not been audited by a third party. The test suite covers 301 tests across core, server, client, E2E, and P2P modules. @@ -120,4 +120,4 @@ For the full milestone tracker, see [Milestones](roadmap/milestones.md). ## License -quicproquo is released under the **MIT** license. See `LICENSE` in the repository root. +quicprochat is released under the **MIT** license. See `LICENSE` in the repository root. diff --git a/docs/src/operations/backup-restore.md b/docs/src/operations/backup-restore.md index 0ba2480..0bffa5d 100644 --- a/docs/src/operations/backup-restore.md +++ b/docs/src/operations/backup-restore.md @@ -1,15 +1,15 @@ # Backup and Restore Procedures -This document covers backup and restore for all quicproquo server data stores. +This document covers backup and restore for all quicprochat server data stores. ## Data Inventory | Data | Location | Backend | Contains | |------|----------|---------|----------| -| SQLCipher DB | `QPQ_DB_PATH` (default `data/qpq.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation | -| File store | `QPQ_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state | -| Blob storage | `QPQ_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs | -| TLS certificates | `QPQ_TLS_CERT`, `QPQ_TLS_KEY` | DER files | Server identity | +| SQLCipher DB | `QPC_DB_PATH` (default `data/qpc.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation | +| File store | `QPC_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state | +| Blob storage | `QPC_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs | +| TLS certificates | `QPC_TLS_CERT`, `QPC_TLS_KEY` | DER files | Server identity | | OPAQUE ServerSetup | Inside DB or file store | Persisted | OPAQUE credential state (critical for auth) | | Server signing key | Inside DB or file store | Persisted | Ed25519 key for delivery proofs | | KT Merkle log | Inside DB or file store | Persisted | Key transparency audit log | @@ -23,13 +23,13 @@ allows concurrent readers). ```bash # 1. Open the encrypted database with the same key -sqlite3 data/qpq.db +sqlite3 data/qpc.db # 2. At the sqlite3 prompt, set the encryption key PRAGMA key = 'your-db-key-here'; # 3. Perform an online backup -.backup /backups/qpq-$(date +%Y%m%d-%H%M%S).db +.backup /backups/qpc-$(date +%Y%m%d-%H%M%S).db .quit ``` @@ -40,11 +40,11 @@ PRAGMA key = 'your-db-key-here'; #!/bin/bash set -euo pipefail -BACKUP_DIR="/backups/qpq" -DB_PATH="${QPQ_DB_PATH:-data/qpq.db}" -DB_KEY="${QPQ_DB_KEY}" +BACKUP_DIR="/backups/qpc" +DB_PATH="${QPC_DB_PATH:-data/qpc.db}" +DB_KEY="${QPC_DB_KEY}" TIMESTAMP=$(date +%Y%m%d-%H%M%S) -BACKUP_FILE="${BACKUP_DIR}/qpq-${TIMESTAMP}.db" +BACKUP_FILE="${BACKUP_DIR}/qpc-${TIMESTAMP}.db" mkdir -p "$BACKUP_DIR" @@ -59,41 +59,41 @@ sqlite3 "$BACKUP_FILE" "PRAGMA key = '${DB_KEY}'; PRAGMA integrity_check;" \ || { echo "ERROR: backup verification failed"; exit 1; } # Retain last 7 daily backups -find "$BACKUP_DIR" -name 'qpq-*.db' -mtime +7 -delete +find "$BACKUP_DIR" -name 'qpc-*.db' -mtime +7 -delete ``` ### Cold Backup (Offline) ```bash # 1. Stop the server -systemctl stop qpq-server # or docker compose stop server +systemctl stop qpc-server # or docker compose stop server # 2. Copy the database file -cp data/qpq.db /backups/qpq-$(date +%Y%m%d).db +cp data/qpc.db /backups/qpc-$(date +%Y%m%d).db # 3. Copy the WAL and SHM files if they exist -cp data/qpq.db-wal /backups/ 2>/dev/null || true -cp data/qpq.db-shm /backups/ 2>/dev/null || true +cp data/qpc.db-wal /backups/ 2>/dev/null || true +cp data/qpc.db-shm /backups/ 2>/dev/null || true # 4. Restart the server -systemctl start qpq-server +systemctl start qpc-server ``` ## File Backend Backup When using `store_backend=file`, data is stored as bincode files under -`QPQ_DATA_DIR`. +`QPC_DATA_DIR`. ```bash # Full directory backup -tar czf /backups/qpq-data-$(date +%Y%m%d-%H%M%S).tar.gz \ - -C "$(dirname "${QPQ_DATA_DIR:-data}")" \ - "$(basename "${QPQ_DATA_DIR:-data}")" +tar czf /backups/qpc-data-$(date +%Y%m%d-%H%M%S).tar.gz \ + -C "$(dirname "${QPC_DATA_DIR:-data}")" \ + "$(basename "${QPC_DATA_DIR:-data}")" ``` ## Blob Storage Backup -Blobs are stored in `QPQ_DATA_DIR/blobs/`. These are immutable once written. +Blobs are stored in `QPC_DATA_DIR/blobs/`. These are immutable once written. ```bash # Incremental rsync (blobs are write-once, ideal for rsync) @@ -119,38 +119,38 @@ cp data/federation-ca.der /backups/tls/federation-ca.der 2>/dev/null || true ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Move the current (corrupt/lost) database aside -mv data/qpq.db data/qpq.db.broken 2>/dev/null || true -rm -f data/qpq.db-wal data/qpq.db-shm +mv data/qpc.db data/qpc.db.broken 2>/dev/null || true +rm -f data/qpc.db-wal data/qpc.db-shm # 3. Copy the backup in place -cp /backups/qpq-20260304.db data/qpq.db +cp /backups/qpc-20260304.db data/qpc.db # 4. Verify integrity -sqlite3 data/qpq.db "PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check;" +sqlite3 data/qpc.db "PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check;" # 5. Start the server (migrations will apply automatically if needed) -systemctl start qpq-server +systemctl start qpc-server ``` ### Restore File Backend ```bash # 1. Stop the server -systemctl stop qpq-server +systemctl stop qpc-server # 2. Replace the data directory mv data data.broken 2>/dev/null || true -tar xzf /backups/qpq-data-20260304.tar.gz -C . +tar xzf /backups/qpc-data-20260304.tar.gz -C . # 3. Restore TLS certs if not included in the data backup cp /backups/tls/server-cert.der data/server-cert.der cp /backups/tls/server-key.der data/server-key.der # 4. Start the server -systemctl start qpq-server +systemctl start qpc-server ``` ### Restore Blobs Only @@ -172,16 +172,16 @@ rsync -av /backups/blobs/ data/blobs/ ```cron # SQLCipher hot backup every 6 hours -0 */6 * * * /opt/qpq/scripts/backup-db.sh >> /var/log/qpq-backup.log 2>&1 +0 */6 * * * /opt/qpc/scripts/backup-db.sh >> /var/log/qpc-backup.log 2>&1 # Full data directory daily at 02:00 -0 2 * * * tar czf /backups/qpq-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicproquo +0 2 * * * tar czf /backups/qpc-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicprochat # Blob sync every hour -0 * * * * rsync -a /var/lib/quicproquo/blobs/ /backups/blobs/ +0 * * * * rsync -a /var/lib/quicprochat/blobs/ /backups/blobs/ # Prune backups older than 30 days -0 3 * * 0 find /backups -name 'qpq-*' -mtime +30 -delete +0 3 * * 0 find /backups -name 'qpc-*' -mtime +30 -delete ``` ## Verification @@ -190,11 +190,11 @@ Always verify backups after creation: ```bash # SQLCipher integrity check -sqlite3 /backups/qpq-latest.db \ - "PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;" +sqlite3 /backups/qpc-latest.db \ + "PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;" # File backend: check the archive is valid -tar tzf /backups/qpq-data-latest.tar.gz > /dev/null +tar tzf /backups/qpc-data-latest.tar.gz > /dev/null # TLS cert: check it parses and is not expired openssl x509 -inform DER -in /backups/tls/server-cert.der -noout -dates diff --git a/docs/src/operations/monitoring.md b/docs/src/operations/monitoring.md index 823b92c..a95f150 100644 --- a/docs/src/operations/monitoring.md +++ b/docs/src/operations/monitoring.md @@ -1,7 +1,7 @@ # Monitoring Guide This document covers metrics collection, alerting, and dashboards for -quicproquo server deployments. +quicprochat server deployments. ## Enabling Metrics @@ -9,10 +9,10 @@ The server exports Prometheus metrics via HTTP when configured: ```bash # Environment variables -QPQ_METRICS_LISTEN=0.0.0.0:9090 -QPQ_METRICS_ENABLED=true +QPC_METRICS_LISTEN=0.0.0.0:9090 +QPC_METRICS_ENABLED=true -# Or in qpq-server.toml +# Or in qpc-server.toml metrics_listen = "0.0.0.0:9090" metrics_enabled = true ``` @@ -50,9 +50,9 @@ global: evaluation_interval: 15s scrape_configs: - - job_name: 'qpq-server' + - job_name: 'qpc-server' static_configs: - - targets: ['qpq-server:9090'] + - targets: ['qpc-server:9090'] scrape_interval: 10s ``` @@ -61,17 +61,17 @@ scrape_configs: ```yaml # prometheus-alerts.yml groups: - - name: qpq-server + - name: qpc-server rules: # Server down - alert: QpqServerDown - expr: up{job="qpq-server"} == 0 + expr: up{job="qpc-server"} == 0 for: 1m labels: severity: critical annotations: - summary: "qpq-server is down" - description: "Prometheus cannot scrape qpq-server metrics for > 1 minute." + summary: "qpc-server is down" + description: "Prometheus cannot scrape qpc-server metrics for > 1 minute." # High auth failure rate (potential brute force) - alert: QpqHighAuthFailureRate @@ -138,7 +138,7 @@ groups: ## Key Dashboard Panels -See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels: +See `dashboards/qpc-overview.json` for the full Grafana dashboard. Key panels: ### Message Throughput @@ -167,10 +167,10 @@ See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels: ## Grafana Dashboard -Import the dashboard from `dashboards/qpq-overview.json`: +Import the dashboard from `dashboards/qpc-overview.json`: 1. Open Grafana -> Dashboards -> Import -2. Upload `docs/operations/dashboards/qpq-overview.json` +2. Upload `docs/operations/dashboards/qpc-overview.json` 3. Select your Prometheus data source 4. Save @@ -183,7 +183,7 @@ The server uses `tracing` with `RUST_LOG` environment variable: RUST_LOG=info # Debug specific modules -RUST_LOG=info,quicproquo_server::node_service=debug +RUST_LOG=info,quicprochat_server::node_service=debug # Verbose debugging RUST_LOG=debug @@ -196,7 +196,7 @@ RUST_LOG=debug | `"TLS certificate expires within 30 days"` | Cert expiring soon | Rotate certificate | | `"TLS certificate is self-signed"` | Self-signed cert in use | Replace with CA-signed cert in production | | `"connection rate limit exceeded"` | IP being rate limited | Check for DDoS | -| `"running without QPQ_AUTH_TOKEN"` | Insecure mode | Must not appear in production | +| `"running without QPC_AUTH_TOKEN"` | Insecure mode | Must not appear in production | | `"db_key is empty; SQL store will be plaintext"` | Unencrypted DB | Must not appear in production | | `"shutdown signal received"` | Graceful shutdown started | Expected during deploys | | `"generated and persisted new OPAQUE ServerSetup"` | Fresh OPAQUE setup | Expected on first start only | @@ -207,13 +207,13 @@ For production, pipe logs to a log aggregator: ```bash # Systemd -> journald -> Loki/Elasticsearch -journalctl -u qpq-server -f --output=json | \ +journalctl -u qpc-server -f --output=json | \ promtail --stdin --client.url=http://loki:3100/loki/api/v1/push # Docker -> Loki driver docker run --log-driver=loki \ --log-opt loki-url="http://loki:3100/loki/api/v1/push" \ - qpq-server + qpc-server ``` ## Health Checking @@ -229,5 +229,5 @@ ss -ulnp | grep 5001 curl -sf http://localhost:9090/metrics > /dev/null # Full client connection test -qpq-client --server 127.0.0.1:5001 --ping +qpc-client --server 127.0.0.1:5001 --ping ``` diff --git a/docs/src/operations/scaling-guide.md b/docs/src/operations/scaling-guide.md index 098ef51..1461a96 100644 --- a/docs/src/operations/scaling-guide.md +++ b/docs/src/operations/scaling-guide.md @@ -1,11 +1,11 @@ # Scaling Guide This document covers resource sizing, scaling triggers, and capacity planning -for quicproquo deployments. +for quicprochat deployments. ## Architecture Overview -quicproquo runs as a single-process server handling QUIC connections. Key +quicprochat runs as a single-process server handling QUIC connections. Key resource consumers: - **CPU**: TLS 1.3 handshakes (QUIC), OPAQUE PAKE authentication, message routing @@ -73,7 +73,7 @@ handshakes and OPAQUE computations are CPU-intensive. ```bash # Check current CPU usage -top -bn1 -p $(pgrep qpq-server) +top -bn1 -p $(pgrep qpc-server) # For Docker: increase CPU limits in docker-compose.prod.yml # deploy: @@ -109,24 +109,24 @@ SQLCipher uses WAL mode for concurrent reads. For write-heavy workloads: iostat -x 1 5 # Increase WAL autocheckpoint threshold for burst writes -sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;" +sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;" ``` ## Horizontal Scaling -quicproquo does not yet have built-in multi-node clustering. For horizontal +quicprochat does not yet have built-in multi-node clustering. For horizontal scaling, use these patterns: ### Load Balancer (UDP/QUIC) -Place a UDP load balancer in front of multiple qpq-server instances. Each +Place a UDP load balancer in front of multiple qpc-server instances. Each instance runs independently with its own database. ``` +-----------+ - clients ------> | L4 LB | ----> qpq-server-1 (db-1) - | (UDP/QUIC)| ----> qpq-server-2 (db-2) - +-----------+ qpq-server-3 (db-3) + clients ------> | L4 LB | ----> qpc-server-1 (db-1) + | (UDP/QUIC)| ----> qpc-server-2 (db-2) + +-----------+ qpc-server-3 (db-3) ``` **Requirements:** @@ -140,7 +140,7 @@ instance runs independently with its own database. Enable federation to relay messages between nodes: ```toml -# qpq-server.toml on node-1 +# qpc-server.toml on node-1 [federation] enabled = true domain = "node1.chat.example.com" @@ -160,9 +160,9 @@ For true horizontal scaling, migrating from SQLCipher to a shared PostgreSQL instance is the planned approach. This is not yet implemented. ``` - qpq-server-1 --\ - qpq-server-2 ---+--> PostgreSQL (shared) - qpq-server-3 --/ + qpc-server-1 --\ + qpc-server-2 ---+--> PostgreSQL (shared) + qpc-server-3 --/ ``` ## Connection Tuning @@ -181,7 +181,7 @@ For high connection counts: # Increase OS file descriptor limit ulimit -n 65536 -# Increase UDP buffer sizes in /etc/sysctl.d/99-qpq.conf +# Increase UDP buffer sizes in /etc/sysctl.d/99-qpc.conf net.core.rmem_max = 26214400 net.core.wmem_max = 26214400 net.core.rmem_default = 1048576 @@ -189,7 +189,7 @@ net.core.wmem_default = 1048576 ``` ```bash -sysctl -p /etc/sysctl.d/99-qpq.conf +sysctl -p /etc/sysctl.d/99-qpc.conf ``` ## Docker Resource Limits @@ -218,11 +218,11 @@ Use the included test infrastructure to benchmark: ```bash # Build the test client -cargo build --release --bin qpq-client +cargo build --release --bin qpc-client # Run concurrent connection test (example) for i in $(seq 1 100); do - qpq-client --server 127.0.0.1:5001 & + qpc-client --server 127.0.0.1:5001 & done wait diff --git a/docs/src/protocol-layers/capn-proto.md b/docs/src/protocol-layers/capn-proto.md index 2c73896..98ba94d 100644 --- a/docs/src/protocol-layers/capn-proto.md +++ b/docs/src/protocol-layers/capn-proto.md @@ -1,6 +1,6 @@ # Protobuf Framing -quicproquo v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicproquo-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec. +quicprochat v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicprochat-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec. This page covers the three frame types, the method ID dispatch table, status codes, push event delivery, and the Protobuf schema organisation. @@ -105,7 +105,7 @@ The `status` byte in a Response frame carries one of the following values: ## Method IDs -All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category. +All 44 RPC method IDs are defined in `crates/quicprochat-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category. ### Auth (100-103) @@ -230,7 +230,7 @@ All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the ## Push Event Types -Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicproquo-proto/src/lib.rs`: +Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicprochat-proto/src/lib.rs`: | Value | Event | Description | |-------|-------|-------------| @@ -261,7 +261,7 @@ This allows many concurrent RPCs on a single QUIC connection without head-of-lin ## Protobuf Schema Organisation -All message types are defined in `proto/qpq/v1/`: +All message types are defined in `proto/qpc/v1/`: | File | Contents | |---|---| @@ -280,22 +280,22 @@ All message types are defined in `proto/qpq/v1/`: | `p2p.proto` | P2P endpoints, health | | `federation.proto` | Cross-server relay | -All `.proto` files use `package qpq.v1;` and are compiled to Rust at build time using `prost-build` via the `quicproquo-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required. +All `.proto` files use `package qpc.v1;` and are compiled to Rust at build time using `prost-build` via the `quicprochat-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required. Generated Rust types are accessed via: ```rust -use quicproquo_proto::qpq::v1::{EnqueueRequest, FetchResponse, /* ... */}; -use quicproquo_proto::method_ids::{ENQUEUE, FETCH, /* ... */}; +use quicprochat_proto::qpc::v1::{EnqueueRequest, FetchResponse, /* ... */}; +use quicprochat_proto::method_ids::{ENQUEUE, FETCH, /* ... */}; ``` --- -## Design Constraints of `quicproquo-proto` +## Design Constraints of `quicprochat-proto` -The `quicproquo-proto` crate enforces three constraints: +The `quicprochat-proto` crate enforces three constraints: -1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicproquo-core`. +1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicprochat-core`. 2. **No I/O**: Callers own the transport. This crate only converts between bytes and types. 3. **No async**: Pure synchronous data-layer code. Async is the caller's responsibility. diff --git a/docs/src/protocol-layers/hybrid-kem.md b/docs/src/protocol-layers/hybrid-kem.md index 696927e..1b9ae17 100644 --- a/docs/src/protocol-layers/hybrid-kem.md +++ b/docs/src/protocol-layers/hybrid-kem.md @@ -1,8 +1,8 @@ # Hybrid KEM: X25519 + ML-KEM-768 -quicproquo implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519. +quicprochat implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519. -The implementation lives in `quicproquo-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network. +The implementation lives in `quicprochat-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network. ## Design approach @@ -70,8 +70,8 @@ The two shared secrets are combined via HKDF-SHA256 with domain separation: ikm = X25519_shared_secret(32 bytes) || ML-KEM_shared_secret(32 bytes) salt = [] (empty) -key = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-v1", L=32) -nonce = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-nonce-v1", L=12) +key = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-v1", L=32) +nonce = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-nonce-v1", L=12) ``` The implementation in `derive_aead_material()`: @@ -85,10 +85,10 @@ fn derive_aead_material(x25519_ss: &[u8], mlkem_ss: &[u8]) -> (Key, Nonce) { let hk = Hkdf::::new(None, &ikm); let mut key_bytes = Zeroizing::new([0u8; 32]); - hk.expand(b"quicproquo-hybrid-v1", &mut *key_bytes).unwrap(); + hk.expand(b"quicprochat-hybrid-v1", &mut *key_bytes).unwrap(); let mut nonce_bytes = [0u8; 12]; - hk.expand(b"quicproquo-hybrid-nonce-v1", &mut nonce_bytes).unwrap(); + hk.expand(b"quicprochat-hybrid-nonce-v1", &mut nonce_bytes).unwrap(); (*Key::from_slice(&*key_bytes), *Nonce::from_slice(&nonce_bytes)) } @@ -273,7 +273,7 @@ The AEAD nonce is derived deterministically from the shared secrets via HKDF. Si ## Further reading -- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicproquo's PQ strategy. +- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicprochat's PQ strategy. - [MLS (RFC 9420)](mls.md) -- The MLS layer that the hybrid KEM will wrap. - [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md) -- How hybrid key material is managed and cleared. - [Threat Model](../cryptography/threat-model.md) -- Where hybrid KEM fits in the overall threat model. diff --git a/docs/src/protocol-layers/mls.md b/docs/src/protocol-layers/mls.md index d85441d..0fa7daf 100644 --- a/docs/src/protocol-layers/mls.md +++ b/docs/src/protocol-layers/mls.md @@ -1,8 +1,8 @@ # MLS (RFC 9420) -The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicproquo. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicproquo from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack. +The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicprochat. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicprochat from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack. -The implementation lives in `quicproquo-core/src/group.rs` and `quicproquo-core/src/keystore.rs`, using the `openmls 0.5` crate. +The implementation lives in `quicprochat-core/src/group.rs` and `quicprochat-core/src/keystore.rs`, using the `openmls 0.5` crate. ## Background: what problem MLS solves @@ -21,7 +21,7 @@ MLS takes a fundamentally different approach: it uses a **ratchet tree** (a bina ## Ciphersuite -quicproquo uses: +quicprochat uses: ```text MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 @@ -38,7 +38,7 @@ This ciphersuite provides 128-bit classical security. Post-quantum protection is ## The `GroupMember` state machine -The central type is `GroupMember`, defined in `quicproquo-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair. +The central type is `GroupMember`, defined in `quicprochat-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair. ### Lifecycle diagram @@ -135,7 +135,7 @@ pub fn create_group(&mut self, group_id: &[u8]) -> Result<(), CoreError> Creates a new MLS group at epoch 0 with the caller as the sole member. **Parameters:** -- `group_id`: Any non-empty byte string. By convention, quicproquo uses the SHA-256 digest of a human-readable group name. +- `group_id`: Any non-empty byte string. By convention, quicprochat uses the SHA-256 digest of a human-readable group name. **What happens internally:** @@ -259,7 +259,7 @@ Processes an incoming TLS-encoded MLS message. ## The `StoreCrypto` backend -The `StoreCrypto` struct (in `quicproquo-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations: +The `StoreCrypto` struct (in `quicprochat-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations: ```rust pub struct StoreCrypto { @@ -318,11 +318,11 @@ KeyPackageIn::tls_deserialize(&mut bytes.as_ref())? ### Feature-gated methods -Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicproquo does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants. +Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicprochat does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants. ### MlsGroup is not Send -`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicproquo, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks. +`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicprochat, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks. ## Ratchet tree embedding @@ -335,7 +335,7 @@ The trade-off: - **Pro**: No need for a separate tree distribution service or additional round-trips. - **Con**: Welcome messages grow with the group size (O(n log n) for a balanced tree of n members). -For quicproquo's target group sizes (2-100 members), this trade-off is acceptable. +For quicprochat's target group sizes (2-100 members), this trade-off is acceptable. ## Wire format @@ -386,7 +386,7 @@ The following sequence shows a complete Alice-and-Bob scenario, matching the `tw ## Credential model -quicproquo uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key: +quicprochat uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key: ```rust let credential = Credential::new( diff --git a/docs/src/protocol-layers/overview.md b/docs/src/protocol-layers/overview.md index ffbc234..9d81569 100644 --- a/docs/src/protocol-layers/overview.md +++ b/docs/src/protocol-layers/overview.md @@ -1,6 +1,6 @@ # Protocol Layers Overview -quicproquo composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance. +quicprochat composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance. This page provides a high-level comparison and a suggested reading order. The deep-dive pages that follow contain implementation details drawn directly from the source code. @@ -9,7 +9,7 @@ This page provides a high-level comparison and a suggested reading order. The de | Layer | Standard / Spec | Crate(s) | Security Properties | |---|---|---|---| | **QUIC + TLS 1.3** | RFC 9000, RFC 9001 | `quinn 0.11`, `rustls 0.23` | Transport confidentiality, server authentication, 0-RTT resumption | -| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicproquo-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes | +| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicprochat-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes | | **MLS** | [RFC 9420](https://www.rfc-editor.org/rfc/rfc9420.html) | `openmls 0.5` | Group key agreement, forward secrecy, post-compromise security (PCS) | | **Hybrid KEM** | [draft-ietf-tls-hybrid-design](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | `ml-kem 0.2`, `x25519-dalek 2` | Post-quantum resistance via ML-KEM-768 combined with X25519 | @@ -48,7 +48,7 @@ The pages in this section are ordered to build understanding incrementally: 1. **[QUIC + TLS 1.3](quic-tls.md)** -- Start here. This is the transport layer that every client-server connection uses. Understanding QUIC stream multiplexing and the TLS 1.3 handshake is prerequisite to understanding how the Protobuf framing protocol rides on top. -2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicproquo an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page. +2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicprochat an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page. 3. **[Protobuf Framing](capn-proto.md)** -- The framing and RPC layer that bridges MLS application data with the transport. Understanding the three frame types (Request, Response, Push), the method ID dispatch table, and status codes is essential for reading the server and client source code. @@ -71,10 +71,10 @@ Each protocol layer maps to one or more workspace crates: | Layer | Primary Crate | Source File(s) | |---|---|---| -| QUIC + TLS 1.3 | `quicproquo-server`, `quicproquo-client` | Server and client entry points | -| Protobuf framing | `quicproquo-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` | -| Protobuf types + method IDs | `quicproquo-proto` | `src/lib.rs` (method_ids), `proto/qpq/v1/*.proto` | -| MLS | `quicproquo-core` | `src/group.rs`, `src/keystore.rs` | -| Hybrid KEM | `quicproquo-core` | `src/hybrid_kem.rs` | +| QUIC + TLS 1.3 | `quicprochat-server`, `quicprochat-client` | Server and client entry points | +| Protobuf framing | `quicprochat-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` | +| Protobuf types + method IDs | `quicprochat-proto` | `src/lib.rs` (method_ids), `proto/qpc/v1/*.proto` | +| MLS | `quicprochat-core` | `src/group.rs`, `src/keystore.rs` | +| Hybrid KEM | `quicprochat-core` | `src/hybrid_kem.rs` | For a full crate responsibility breakdown, see [Crate Responsibilities](../architecture/crate-responsibilities.md). diff --git a/docs/src/protocol-layers/quic-tls.md b/docs/src/protocol-layers/quic-tls.md index 067bd22..d988ef8 100644 --- a/docs/src/protocol-layers/quic-tls.md +++ b/docs/src/protocol-layers/quic-tls.md @@ -1,6 +1,6 @@ # QUIC + TLS 1.3 -quicproquo uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides. +quicprochat uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides. ## Why QUIC @@ -15,11 +15,11 @@ QUIC provides several advantages over traditional TCP-based transports: ## Crate integration -quicproquo uses the following crates for QUIC and TLS: +quicprochat uses the following crates for QUIC and TLS: - **`quinn 0.11`** -- The async QUIC implementation for Tokio. Provides `Endpoint`, `Connection`, and bidirectional/uni-directional stream types. - **`quinn-proto 0.11`** -- The protocol-level types, including `QuicServerConfig` and `QuicClientConfig` wrappers that bridge `rustls` into `quinn`. -- **`rustls 0.23`** -- The TLS implementation. quicproquo uses it in strict TLS 1.3 mode with no fallback to TLS 1.2. +- **`rustls 0.23`** -- The TLS implementation. quicprochat uses it in strict TLS 1.3 mode with no fallback to TLS 1.2. - **`rcgen 0.13`** -- Self-signed certificate generation for development and testing. ### Server configuration @@ -30,7 +30,7 @@ The server builds its QUIC endpoint configuration with: let mut tls = rustls::ServerConfig::builder_with_protocol_versions(&[&TLS13]) .with_no_client_auth() .with_single_cert(cert_chain, key)?; -tls.alpn_protocols = vec![b"qpq".to_vec()]; +tls.alpn_protocols = vec![b"qpc".to_vec()]; let crypto = QuicServerConfig::try_from(tls)?; Ok(ServerConfig::with_crypto(Arc::new(crypto))) @@ -38,11 +38,11 @@ Ok(ServerConfig::with_crypto(Arc::new(crypto))) Key points: -1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicproquo relies on. +1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicprochat relies on. 2. **No client certificate authentication**: `with_no_client_auth()` means the server does not verify client certificates at the TLS layer. Client authentication is handled at the application layer via OPAQUE password authentication and Ed25519 identity keys. This is a deliberate design choice -- OPAQUE provides stronger authentication properties than TLS client certificates without requiring PKI infrastructure. -3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpq"`, advertising that this endpoint speaks the quicproquo v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails. +3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpc"`, advertising that this endpoint speaks the quicprochat v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails. 4. **`QuicServerConfig` bridge**: The `quinn-proto` crate provides `QuicServerConfig::try_from(tls)` to adapt the `rustls::ServerConfig` for use with QUIC. This handles the QUIC-specific TLS parameters (transport parameters, QUIC header protection keys) automatically. @@ -57,7 +57,7 @@ roots.add(CertificateDer::from(cert_bytes))?; let mut tls = rustls::ClientConfig::builder_with_protocol_versions(&[&TLS13]) .with_root_certificates(roots) .with_no_client_auth(); -tls.alpn_protocols = vec![b"qpq".to_vec()]; +tls.alpn_protocols = vec![b"qpc".to_vec()]; let crypto = QuicClientConfig::try_from(tls)?; ``` @@ -89,11 +89,11 @@ Unlike the v1 Cap'n Proto RPC (which required `tokio::task::LocalSet` due to ## Certificate trust model -quicproquo currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates: +quicprochat currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates: 1. On first start, the server generates a self-signed certificate using `rcgen::generate_simple_self_signed` with SANs for `localhost`, `127.0.0.1`, and `::1`. 2. The certificate and private key are persisted to disk as DER files (default: `data/server-cert.der` and `data/server-key.der`). -3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPQ_CA_CERT` environment variable. +3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPC_CA_CERT` environment variable. This model is adequate for development and single-server deployments. The roadmap includes: @@ -143,18 +143,18 @@ The QUIC + TLS 1.3 layer provides: | Environment Variable | CLI Flag | Default | Description | |---|---|---|---| -| `QPQ_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address | -| `QPQ_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path | -| `QPQ_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path | -| `QPQ_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory | +| `QPC_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address | +| `QPC_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path | +| `QPC_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path | +| `QPC_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory | ### Client | Environment Variable | CLI Flag | Default | Description | |---|---|---|---| -| `QPQ_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust | -| `QPQ_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) | -| `QPQ_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) | +| `QPC_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust | +| `QPC_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) | +| `QPC_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) | ## Further reading diff --git a/docs/src/roadmap/authz-plan.md b/docs/src/roadmap/authz-plan.md index 1277ccc..3b7d28f 100644 --- a/docs/src/roadmap/authz-plan.md +++ b/docs/src/roadmap/authz-plan.md @@ -1,7 +1,7 @@ # Auth, Devices, and Tokens This page describes the authentication, device management, and authorisation -design for quicproquo. It introduces account and device identities, gates +design for quicprochat. It introduces account and device identities, gates server operations by authenticated identity, enforces rate and size limits, and binds MLS identity keys to accounts. diff --git a/docs/src/roadmap/dm-channels.md b/docs/src/roadmap/dm-channels.md index f14f2d3..8e6973b 100644 --- a/docs/src/roadmap/dm-channels.md +++ b/docs/src/roadmap/dm-channels.md @@ -1,7 +1,7 @@ # 1:1 Channel Design This page describes the design for first-class 1:1 (direct message) channels in -quicproquo. Channels provide per-conversation authorisation, MLS-encrypted +quicprochat. Channels provide per-conversation authorisation, MLS-encrypted payloads, message retention with TTL eviction, and backward compatibility with the legacy delivery model. diff --git a/docs/src/roadmap/fully-operational-checklist.md b/docs/src/roadmap/fully-operational-checklist.md index 3bcacb2..2d56b39 100644 --- a/docs/src/roadmap/fully-operational-checklist.md +++ b/docs/src/roadmap/fully-operational-checklist.md @@ -109,7 +109,7 @@ Not strictly required for “operational” but expected for production deployme ## 3. Roadmap and Documentation Updates - **Milestones doc:** Mark M4 as **Complete** (CLI subcommands exist). Mark M6 as **Complete** (migrations + runner; server and client persistence in place). Leave M5 as **Next** and M7 as **Planned**. -- **README:** Update milestone table to reflect M4 and M6 complete; add one line on migrations (e.g. “Server supports SQL migrations under `quicproquo-server/migrations/`”). +- **README:** Update milestone table to reflect M4 and M6 complete; add one line on migrations (e.g. “Server supports SQL migrations under `quicprochat-server/migrations/`”). - **Migration convention:** Document in README or a dev doc: add new migrations as `NNN_name.sql`, add to `MIGRATIONS` in `sql_store.rs`, bump `SCHEMA_VERSION`. --- diff --git a/docs/src/roadmap/future-research.md b/docs/src/roadmap/future-research.md index 24965fb..494e0c4 100644 --- a/docs/src/roadmap/future-research.md +++ b/docs/src/roadmap/future-research.md @@ -1,7 +1,7 @@ # Future Research Directions This page catalogues technologies and research directions that could strengthen -quicproquo beyond the current [milestone plan](milestones.md). Each entry +quicprochat beyond the current [milestone plan](milestones.md). Each entry includes a brief description, the problem it solves, relevant crates or specifications, and how it maps to the project architecture. @@ -94,7 +94,7 @@ vulnerable to harvest-now-decrypt-later attacks. hybrid Ed25519 + ML-DSA-65 for credential signatures. The `ml-kem` crate is already vendored in the workspace. -**Architecture impact:** Custom `OpenMlsCryptoProvider` in `quicproquo-core` +**Architecture impact:** Custom `OpenMlsCryptoProvider` in `quicprochat-core` implementing the hybrid combiner. This is the M7 milestone -- see [Milestones](milestones.md#m7----post-quantum-planned) and [Hybrid KEM](../protocol-layers/hybrid-kem.md). @@ -186,7 +186,7 @@ admin could require proof of organization membership before allowing join. **Problem:** A single server is a single point of failure and a single point of trust. Users on different servers cannot communicate. -**Solution:** Federation allows multiple quicproquo servers to exchange +**Solution:** Federation allows multiple quicprochat servers to exchange messages, similar to [Matrix](https://matrix.org/) homeserver federation. Each server manages its own users and relays messages to peer servers. @@ -278,10 +278,10 @@ the user base for testing and demonstration. **Solution:** [Tauri](https://tauri.app/) or [Dioxus](https://dioxuslabs.com/) provide native cross-platform GUI frameworks in Rust. The -`quicproquo-core` crate can be shared directly with the GUI client. +`quicprochat-core` crate can be shared directly with the GUI client. -**Architecture impact:** Add a `quicproquo-gui` crate that depends on -`quicproquo-core` and `quicproquo-proto`. The GUI drives the same +**Architecture impact:** Add a `quicprochat-gui` crate that depends on +`quicprochat-core` and `quicprochat-proto`. The GUI drives the same `GroupMember` and RPC logic as the CLI client. **Crates:** `tauri`, `dioxus` @@ -294,7 +294,7 @@ provide native cross-platform GUI frameworks in Rust. The [diplomat](https://github.com/nickelc/diplomat) generate idiomatic Swift and Kotlin bindings from Rust definitions. -**Architecture impact:** Expose `quicproquo-core` through a C-compatible FFI +**Architecture impact:** Expose `quicprochat-core` through a C-compatible FFI layer. Mobile apps call into the Rust crypto and protocol logic. **Crates:** `uniffi`, `diplomat` @@ -325,7 +325,7 @@ Items marked **Implemented** are already part of the v2 codebase. | -- | **Post-quantum hybrid KEM** | `ml-kem` vendored; custom `OpenMlsCryptoProvider` with X25519 + ML-KEM-768. | **Implemented** | | -- | **SQLCipher persistence** | Encrypted-at-rest storage via rusqlite + bundled-sqlcipher + Argon2id key derivation. | **Implemented** | | -- | **OPAQUE auth** | Zero-knowledge password authentication via `opaque-ke`. Server never stores passwords. | **Implemented** | -| -- | **iroh P2P** | NAT traversal and optional P2P mesh via the `quicproquo-p2p` crate (feature-flagged). | **Implemented** | +| -- | **iroh P2P** | NAT traversal and optional P2P mesh via the `quicprochat-p2p` crate (feature-flagged). | **Implemented** | | -- | **Sealed Sender** | `--sealed-sender` flag encrypts sender identity inside MLS ciphertext. | **Implemented** | | 1 | **PIR (Private Information Retrieval)** | Fetch messages without revealing the recipient's identity to the server. | Future | | 2 | **Key Transparency** | Verifiable, append-only log of public key bindings. Detects key substitution attacks. | Future | diff --git a/docs/src/roadmap/milestones.md b/docs/src/roadmap/milestones.md index 5d2c37c..93a7433 100644 --- a/docs/src/roadmap/milestones.md +++ b/docs/src/roadmap/milestones.md @@ -1,6 +1,6 @@ # Milestone Tracker -This page tracks the project milestones for quicproquo, from initial transport +This page tracks the project milestones for quicprochat, from initial transport layer through post-quantum cryptography. Each milestone produces production-ready, tested, deployable code -- see [Coding Standards](../contributing/coding-standards.md) for what that means in practice. @@ -29,13 +29,13 @@ typed Cap'n Proto frames. **Deliverables:** - `schemas/envelope.capnp`: `Envelope` struct with `MsgType` enum (Ping/Pong at this stage) -- `quicproquo-proto`: `build.rs` invoking `capnpc`, generated type re-exports, +- `quicprochat-proto`: `build.rs` invoking `capnpc`, generated type re-exports, canonical serialisation helpers -- `quicproquo-core`: Ed25519 identity keypair generation, +- `quicprochat-core`: Ed25519 identity keypair generation, Cap'n Proto frame codec (Tokio `Encoder`/`Decoder`) -- `quicproquo-server`: QUIC listener with TLS 1.3 (quinn/rustls), Ping to Pong +- `quicprochat-server`: QUIC listener with TLS 1.3 (quinn/rustls), Ping to Pong handler, one tokio task per connection -- `quicproquo-client`: connects over QUIC, sends Ping, receives Pong, exits 0 +- `quicprochat-client`: connects over QUIC, sends Ping, receives Pong, exits 0 - Integration test: server and client in same test binary using `tokio::spawn` - `docker-compose.yml` running the server @@ -54,10 +54,10 @@ via Cap'n Proto RPC. - `schemas/auth.capnp`: `AuthenticationService` interface (`uploadKeyPackage`, `fetchKeyPackage`) -- `quicproquo-core`: Ed25519 identity keypair generation, MLS KeyPackage +- `quicprochat-core`: Ed25519 identity keypair generation, MLS KeyPackage generation via `openmls` -- `quicproquo-server`: AS RPC server with `DashMap` store, atomic consume-on-fetch -- `quicproquo-client`: `register-state` and `fetch-key` CLI subcommands +- `quicprochat-server`: AS RPC server with `DashMap` store, atomic consume-on-fetch +- `quicprochat-client`: `register-state` and `fetch-key` CLI subcommands - Integration test: Alice uploads KeyPackage, Bob fetches it, fingerprints match **Tests:** auth\_service.rs integration tests (upload, fetch, consume semantics). @@ -97,7 +97,7 @@ group\_id lifecycle, MLS integration. 3. **openmls 0.5 API gotchas.** Several `openmls` methods changed signatures between 0.4 and 0.5 (e.g., `MlsGroup::new` vs `MlsGroup::new_with_group_id`, `BasicCredential::new` taking `Vec` directly). These differences are - documented inline in `quicproquo-core/src/group.rs`. + documented inline in `quicprochat-core/src/group.rs`. **Branch:** `feat/m1-noise-transport` @@ -142,13 +142,13 @@ providing post-quantum confidentiality for all group key material. **Deliverables:** -- Custom `OpenMlsCryptoProvider` with hybrid KEM in `quicproquo-core` +- Custom `OpenMlsCryptoProvider` with hybrid KEM in `quicprochat-core` - Hybrid shared secret derivation: ``` SharedSecret = HKDF-SHA256( ikm = X25519_ss || ML-KEM-768_ss, - info = "quicproquo-hybrid-v1", + info = "quicprochat-hybrid-v1", len = 32 ) ``` diff --git a/docs/src/roadmap/phase2-and-m4-m6.md b/docs/src/roadmap/phase2-and-m4-m6.md index 17a4f72..09e7bcd 100644 --- a/docs/src/roadmap/phase2-and-m4-m6.md +++ b/docs/src/roadmap/phase2-and-m4-m6.md @@ -21,7 +21,7 @@ The following legacy behaviour has been removed; only current behaviour is suppo | Task | Status | Notes | |------|--------|-------| -| **Ciphersuite allowlist** | **Done** | Server rejects KeyPackages whose ciphersuite is not `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`. See `quicproquo_core::validate_keypackage_ciphersuite` and `upload_key_package` (E021). | +| **Ciphersuite allowlist** | **Done** | Server rejects KeyPackages whose ciphersuite is not `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`. See `quicprochat_core::validate_keypackage_ciphersuite` and `upload_key_package` (E021). | | **ALPN enforcement** | **Done** | Server TLS config sets `alpn_protocols = [b"capnp"]`; handshake completes only if client offers `capnp`. | | **Connection draining** | **Done** | On `Ctrl+C`, server calls `endpoint.close(0, b"server shutdown")` and exits the accept loop. | | **Wire versioning** | **Done** | `enqueue`, `fetch`, `fetchWait` require `version == CURRENT_WIRE_VERSION` (1). Other RPCs use auth version. | diff --git a/docs/src/roadmap/production-readiness.md b/docs/src/roadmap/production-readiness.md index 96c8d27..29cd35e 100644 --- a/docs/src/roadmap/production-readiness.md +++ b/docs/src/roadmap/production-readiness.md @@ -1,6 +1,6 @@ # Production Readiness WBS -This page defines the work breakdown structure (WBS) for taking quicproquo +This page defines the work breakdown structure (WBS) for taking quicprochat from a proof-of-concept to a production-hardened system. It covers feature scope, security policy, phased delivery, and a planning checklist. @@ -11,7 +11,7 @@ document focuses on the cross-cutting concerns that span multiple milestones. ## Feature Scope (Must-Have) -These are the feature areas that must be addressed before quicproquo can be +These are the feature areas that must be addressed before quicprochat can be considered production-ready. Each area maps to one or more milestones or phases in the WBS below. @@ -30,7 +30,7 @@ in the WBS below. ## Security Plan (By Design) -quicproquo follows a security-by-design philosophy. The standards below are +quicprochat follows a security-by-design philosophy. The standards below are non-negotiable -- see [Coding Standards](../contributing/coding-standards.md) for how they are enforced in code. @@ -44,7 +44,7 @@ how they are enforced in code. ### Transport Policy - TLS 1.3 only (`rustls` configured with `TLS13` cipher suites exclusively). -- ALPN token `b"qpq"` required; reject connections with mismatched ALPN. +- ALPN token `b"qpc"` required; reject connections with mismatched ALPN. - Self-signed certificates acceptable for development; production deployments must use a CA-signed certificate or certificate pinning. - Connection draining on shutdown (QUIC `CONNECTION_CLOSE`). @@ -128,7 +128,7 @@ how they are enforced in code. | Wire versioning | Version field in all Protobuf frames; reject unknown versions | | Ciphersuite allowlist | Server rejects KeyPackages outside the allowed set | | Downgrade guards | Prevent epoch rollback; reject Commits with weaker ciphersuites | -| ALPN enforcement | Reject connections without `b"qpq"` ALPN token | +| ALPN enforcement | Reject connections without `b"qpc"` ALPN token | | Connection draining | Graceful QUIC `CONNECTION_CLOSE` on server shutdown | | KeyPackage rotation | Client-side timer to upload fresh KeyPackages before TTL expiry | diff --git a/docs/src/sdk/index.md b/docs/src/sdk/index.md index 20a76c2..9470a5e 100644 --- a/docs/src/sdk/index.md +++ b/docs/src/sdk/index.md @@ -1,17 +1,17 @@ # Client SDKs -This guide covers how to build clients for the quicproquo E2E encrypted messenger +This guide covers how to build clients for the quicprochat E2E encrypted messenger using the official SDKs or by implementing a new one. ## Official SDKs | Language | Location | Transport | Status | |----------|----------|-----------|--------| -| **Rust** | `crates/quicproquo-client` | QUIC + Protobuf (v2) | Production | +| **Rust** | `crates/quicprochat-client` | QUIC + Protobuf (v2) | Production | | **Go** | `sdks/go/` | QUIC + Protobuf (v2) | Production | | **TypeScript** | `sdks/typescript/` | WebSocket bridge + WASM crypto | Production | | **Python** | `sdks/python/` | QUIC + Protobuf (v2) / Rust FFI | Production | -| **C** | `crates/quicproquo-ffi/` | Rust FFI (synchronous) | Production | +| **C** | `crates/quicprochat-ffi/` | Rust FFI (synchronous) | Production | | **Swift** | `sdks/swift/` | C FFI wrapper | In progress | | **Kotlin** | `sdks/kotlin/` | JNI + C FFI | In progress | | **Java** | `sdks/java/` | JNI + C FFI | In progress | @@ -49,15 +49,15 @@ use the same 10-byte framing header followed by a protobuf payload. ## Canonical Schemas -- **Protobuf** (v2): `proto/qpq/v1/*.proto` -- 14 service definitions +- **Protobuf** (v2): `proto/qpc/v1/*.proto` -- 14 service definitions -The protobuf schemas in `proto/qpq/v1/` are the canonical API contract for +The protobuf schemas in `proto/qpc/v1/` are the canonical API contract for the v2 protocol. New SDKs should implement against these definitions. ## Documentation - [Wire Format Reference](wire-format.md) -- v2 QUIC + Protobuf framing and method IDs -- [Rust SDK](rust.md) -- native Rust client using `quicproquo-sdk` +- [Rust SDK](rust.md) -- native Rust client using `quicprochat-sdk` - [Go SDK](../getting-started/go-sdk.md) -- Go client with QUIC transport - [TypeScript SDK](../getting-started/typescript-sdk.md) -- browser and Node.js client - [C FFI Bindings](../getting-started/ffi.md) -- C bindings for language integrations diff --git a/docs/src/sdk/rust.md b/docs/src/sdk/rust.md index 1f7606e..b60ad71 100644 --- a/docs/src/sdk/rust.md +++ b/docs/src/sdk/rust.md @@ -1,7 +1,7 @@ # Rust SDK The Rust client is the reference implementation, located in -`crates/quicproquo-client/`. It is built on top of the `quicproquo-sdk` crate, +`crates/quicprochat-client/`. It is built on top of the `quicprochat-sdk` crate, which provides the high-level v2 API over QUIC + Protobuf. ## Installation @@ -10,13 +10,13 @@ Add to your `Cargo.toml`: ```toml [dependencies] -quicproquo-sdk = { path = "crates/quicproquo-sdk" } +quicprochat-sdk = { path = "crates/quicprochat-sdk" } ``` ## Connection ```rust -use quicproquo_sdk::QpqClient; +use quicprochat_sdk::QpqClient; let client = QpqClient::connect("127.0.0.1:5001", &tls_config).await?; let health = client.health().await?; @@ -24,10 +24,10 @@ let health = client.health().await?; ## CLI Client Usage -The `quicproquo-client` binary provides a CLI/TUI interface: +The `quicprochat-client` binary provides a CLI/TUI interface: ```rust -use quicproquo_client::{cmd_health, cmd_login, cmd_send}; +use quicprochat_client::{cmd_health, cmd_login, cmd_send}; // Health check cmd_health("127.0.0.1:5001", &ca_cert_path, "localhost").await?; @@ -49,17 +49,17 @@ cmd_login( - OPAQUE authentication with zeroizing credential storage - SQLCipher local state with Argon2id key derivation - Sealed sender metadata protection (`--sealed-sender` flag) -- v2 QUIC + Protobuf transport via the `quicproquo-sdk` crate +- v2 QUIC + Protobuf transport via the `quicprochat-sdk` crate ## Crate Structure | Crate | Purpose | |-------|---------| -| `quicproquo-core` | Crypto primitives, MLS, hybrid KEM | -| `quicproquo-proto` | Protobuf generated types | -| `quicproquo-rpc` | QUIC RPC framework (framing, dispatch) | -| `quicproquo-sdk` | High-level client SDK (`QpqClient`) | -| `quicproquo-client` | CLI/TUI client application | +| `quicprochat-core` | Crypto primitives, MLS, hybrid KEM | +| `quicprochat-proto` | Protobuf generated types | +| `quicprochat-rpc` | QUIC RPC framework (framing, dispatch) | +| `quicprochat-sdk` | High-level client SDK (`QpqClient`) | +| `quicprochat-client` | CLI/TUI client application | ## Related diff --git a/docs/src/sdk/wire-format.md b/docs/src/sdk/wire-format.md index cb7b82d..e7b598b 100644 --- a/docs/src/sdk/wire-format.md +++ b/docs/src/sdk/wire-format.md @@ -1,12 +1,12 @@ # Wire Format Reference -The quicproquo v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport +The quicprochat v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport layer and Protocol Buffers for message serialization. ## Connection - **Protocol**: QUIC with TLS 1.3 -- **ALPN**: `qpq` +- **ALPN**: `qpc` - **Port**: 5001 (default) - **Certificate**: Server presents a TLS certificate; clients verify against a CA cert @@ -138,7 +138,7 @@ This allows concurrent RPCs without head-of-line blocking. ## Protobuf Definitions -All message types are defined in `proto/qpq/v1/*.proto`: +All message types are defined in `proto/qpc/v1/*.proto`: | File | Services | |------|----------| diff --git a/docs/src/wire-format/auth-schema.md b/docs/src/wire-format/auth-schema.md index fe1f295..5e24ec4 100644 --- a/docs/src/wire-format/auth-schema.md +++ b/docs/src/wire-format/auth-schema.md @@ -1,7 +1,7 @@ # Auth Schema -**Proto file:** `proto/qpq/v1/auth.proto` -**Package:** `qpq.v1` +**Proto file:** `proto/qpc/v1/auth.proto` +**Package:** `qpc.v1` **Method IDs:** 100-103 The auth proto defines the OPAQUE asymmetric password-authenticated key exchange (PAKE) messages used for user registration and login. OPAQUE never transmits the password to the server; the server learns only a random value derived from the password. @@ -16,7 +16,7 @@ See [Authentication Service Internals](../internals/authentication-service.md) f ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // OPAQUE registration + login (4 methods). // Method IDs: 100-103. diff --git a/docs/src/wire-format/delivery-schema.md b/docs/src/wire-format/delivery-schema.md index 5ce4510..6df8842 100644 --- a/docs/src/wire-format/delivery-schema.md +++ b/docs/src/wire-format/delivery-schema.md @@ -1,7 +1,7 @@ # Delivery and Keys Schema -**Proto files:** `proto/qpq/v1/delivery.proto`, `proto/qpq/v1/keys.proto` -**Package:** `qpq.v1` +**Proto files:** `proto/qpc/v1/delivery.proto`, `proto/qpc/v1/keys.proto` +**Package:** `qpc.v1` **Method IDs:** 200-205 (delivery), 300-304 (key packages and hybrid keys), 510-520 (key transparency) This page documents the Protobuf message definitions for the delivery service (store-and-forward message relay) and the key management service (MLS KeyPackages, hybrid post-quantum keys, and key transparency). @@ -16,7 +16,7 @@ The delivery service is a store-and-forward relay. It is intentionally MLS-unawa ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Delivery service: enqueue, fetch, peek, ack, batch (6 methods). // Method IDs: 200-205. @@ -221,7 +221,7 @@ Key management for MLS KeyPackages, hybrid post-quantum keys, and key transparen ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Key package + hybrid key CRUD (5 methods). // Method IDs: 300-304. diff --git a/docs/src/wire-format/envelope-schema.md b/docs/src/wire-format/envelope-schema.md index 7f8de4f..aab1f1e 100644 --- a/docs/src/wire-format/envelope-schema.md +++ b/docs/src/wire-format/envelope-schema.md @@ -2,7 +2,7 @@ The v2 RPC protocol dispatches requests by a `u16` method ID encoded in the first two bytes of every request frame. This page is the authoritative reference for all 44 method IDs and their corresponding Protobuf message types. -Method IDs are defined in `crates/quicproquo-proto/src/lib.rs` (the `method_ids` module). Proto definitions live in `proto/qpq/v1/`. +Method IDs are defined in `crates/quicprochat-proto/src/lib.rs` (the `method_ids` module). Proto definitions live in `proto/qpc/v1/`. --- @@ -190,7 +190,7 @@ Push events are sent by the server on QUIC uni-streams using the push frame form | 1002 | `PUSH_PRESENCE` | `PresenceUpdate` | | 1003 | `PUSH_MEMBERSHIP` | `GroupMembershipChange` | -Push payload messages are defined in `proto/qpq/v1/push.proto` and wrapped in a `PushEvent` oneof. See [RPC Reference](node-service-schema.md) for the full proto listing. +Push payload messages are defined in `proto/qpc/v1/push.proto` and wrapped in a `PushEvent` oneof. See [RPC Reference](node-service-schema.md) for the full proto listing. --- diff --git a/docs/src/wire-format/node-service-schema.md b/docs/src/wire-format/node-service-schema.md index 533e2a4..36a9bf4 100644 --- a/docs/src/wire-format/node-service-schema.md +++ b/docs/src/wire-format/node-service-schema.md @@ -1,12 +1,12 @@ # RPC Reference -**Proto package:** `qpq.v1` -**Proto files:** 14 files in `proto/qpq/v1/` +**Proto package:** `qpc.v1` +**Proto files:** 14 files in `proto/qpc/v1/` **Total methods:** 44 This page is the complete Protobuf definition reference for all 14 proto files in the v2 RPC protocol. For transport framing, see [Wire Format Overview](overview.md). For method ID assignments, see [Method ID Reference](envelope-schema.md). -Generated Rust types live in `crates/quicproquo-proto/src/` (via prost). +Generated Rust types live in `crates/quicprochat-proto/src/` (via prost). --- @@ -16,7 +16,7 @@ OPAQUE asymmetric PAKE for registration and login. See [Auth Schema](auth-schema ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; message OpaqueRegisterStartRequest { string username = 1; @@ -65,7 +65,7 @@ Shared types and account deletion. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Auth context for federation and internal use. // In v2, session authentication is carried at the QUIC connection level @@ -93,7 +93,7 @@ Store-and-forward message relay. See [Delivery Schema](delivery-schema.md) for f ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; message Envelope { uint64 seq = 1; @@ -178,7 +178,7 @@ MLS KeyPackages, hybrid PQ keys, and key transparency. See [Delivery Schema](del ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; message UploadKeyPackageRequest { bytes identity_key = 1; @@ -266,7 +266,7 @@ message LogEntry { ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Channel create (1 method). // Method ID: 400. @@ -291,7 +291,7 @@ Group management: member removal, metadata, member listing, and key rotation. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Group management (4 methods). // Method IDs: 410-413. @@ -359,7 +359,7 @@ Content moderation: encrypted reports, bans, and audit lists. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Moderation service: report, ban, unban, list reports, list banned. // Method IDs: 420-424. @@ -432,7 +432,7 @@ Forward and reverse user resolution. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // User resolve + identity (2 methods). // Method IDs: 500-501. @@ -465,7 +465,7 @@ Content-addressed binary object storage with chunked upload and ranged download. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Blob upload/download (2 methods). // Method IDs: 600-601. @@ -505,7 +505,7 @@ Multi-device management and push notification token registration. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Device register/list/revoke (3 methods). // Method IDs: 700-702. @@ -568,7 +568,7 @@ Encrypted account recovery bundle storage. The server stores an opaque blob inde ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Recovery service. // Method IDs: 750-752. @@ -608,7 +608,7 @@ iroh P2P node address exchange and server health probe. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // P2P endpoint publish/resolve + health (3 methods). // Method IDs: 800-802. @@ -649,7 +649,7 @@ Cross-server relay and proxy operations. All federation methods include a `Feder ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Federation relay + proxy (6 methods). // Method IDs: 900-905. @@ -725,7 +725,7 @@ Server-push event types sent on QUIC uni-streams using the push frame format. ```protobuf syntax = "proto3"; -package qpq.v1; +package qpc.v1; // Server-push event types (sent on QUIC uni-streams). // Event type IDs: 1000+. diff --git a/docs/src/wire-format/overview.md b/docs/src/wire-format/overview.md index 348903b..8312968 100644 --- a/docs/src/wire-format/overview.md +++ b/docs/src/wire-format/overview.md @@ -1,6 +1,6 @@ # Wire Format Overview -This section documents the v2 serialisation pipeline that transforms application-level data structures into bytes on the wire. Every byte exchanged between quicproquo clients and the server passes through this pipeline, so understanding it is prerequisite to reading the protocol deep dives or the server and client source code. +This section documents the v2 serialisation pipeline that transforms application-level data structures into bytes on the wire. Every byte exchanged between quicprochat clients and the server passes through this pipeline, so understanding it is prerequisite to reading the protocol deep dives or the server and client source code. --- @@ -27,7 +27,7 @@ Data flows through three stages on the send path. The receive path reverses the ### Stage 1: Application creates a message or RPC call -At the application layer, the client or server constructs a typed Protobuf message defined in `proto/qpq/v1/*.proto`. Each RPC method has a corresponding request and response message type. +At the application layer, the client or server constructs a typed Protobuf message defined in `proto/qpc/v1/*.proto`. Each RPC method has a corresponding request and response message type. - **Auth methods** (IDs 100-103): see [Auth Schema](auth-schema.md) - **Delivery methods** (IDs 200-205): see [Delivery Schema](delivery-schema.md) @@ -104,7 +104,7 @@ Header size: **6 bytes**. | Maximum payload size | 4 MiB (4,194,304 bytes) | | Payloads exceeding this limit | rejected with `PayloadTooLarge` error | -Source: `crates/quicproquo-rpc/src/framing.rs`. +Source: `crates/quicprochat-rpc/src/framing.rs`. ### Stage 3: Transport encryption @@ -138,7 +138,7 @@ This design allows unlimited concurrent RPCs with no head-of-line blocking. | Parameter | Value | |-----------|-------| | Protocol | QUIC (RFC 9000) | -| ALPN | `"qpq"` | +| ALPN | `"qpc"` | | Default port | 5001 | | TLS version | 1.3 only | | Certificate | Server presents a TLS certificate; clients verify against a CA cert | @@ -147,7 +147,7 @@ This design allows unlimited concurrent RPCs with no head-of-line blocking. ## Schema index -Protobuf schemas are defined in `proto/qpq/v1/` and documented on dedicated pages: +Protobuf schemas are defined in `proto/qpc/v1/` and documented on dedicated pages: | Proto File | Documentation | Purpose | |------------|---------------|---------| @@ -166,7 +166,7 @@ Protobuf schemas are defined in `proto/qpq/v1/` and documented on dedicated page | `push.proto` | [RPC Reference](node-service-schema.md) | Push event types (IDs 1000+) | | `common.proto` | [RPC Reference](node-service-schema.md) | Auth context, account deletion (ID 950) | -Method ID assignment: `crates/quicproquo-proto/src/lib.rs` (`method_ids` module). +Method ID assignment: `crates/quicprochat-proto/src/lib.rs` (`method_ids` module). --- diff --git a/examples/python/README.md b/examples/python/README.md index 86a44d4..36488ce 100644 --- a/examples/python/README.md +++ b/examples/python/README.md @@ -1,18 +1,18 @@ -# quicproquo Python FFI Client +# quicprochat Python FFI Client -Python wrapper around `libquicproquo_ffi` using `ctypes`. +Python wrapper around `libquicprochat_ffi` using `ctypes`. ## Build the FFI library ```bash -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi ``` This produces: -- Linux: `target/release/libquicproquo_ffi.so` -- macOS: `target/release/libquicproquo_ffi.dylib` -- Windows: `target/release/quicproquo_ffi.dll` +- Linux: `target/release/libquicprochat_ffi.so` +- macOS: `target/release/libquicprochat_ffi.dylib` +- Windows: `target/release/quicprochat_ffi.dll` ## Usage @@ -51,7 +51,7 @@ The script auto-detects the library in `target/release/` or `target/debug/`. Override with `QPQ_FFI_LIB`: ```bash -export QPQ_FFI_LIB=/path/to/libquicproquo_ffi.so +export QPQ_FFI_LIB=/path/to/libquicprochat_ffi.so ``` ## Programmatic usage diff --git a/examples/python/qpq_client.py b/examples/python/qpc_client.py similarity index 93% rename from examples/python/qpq_client.py rename to examples/python/qpc_client.py index c61e81f..06e62f9 100644 --- a/examples/python/qpq_client.py +++ b/examples/python/qpc_client.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -"""quicproquo Python client -- ctypes wrapper around libquicproquo_ffi. +"""quicprochat Python client -- ctypes wrapper around libquicprochat_ffi. Usage: python qpq_client.py --server 127.0.0.1:7000 \\ @@ -28,7 +28,7 @@ from ctypes import ( from pathlib import Path # --------------------------------------------------------------------------- -# Status codes (must match quicproquo-ffi/src/lib.rs) +# Status codes (must match quicprochat-ffi/src/lib.rs) # --------------------------------------------------------------------------- QPQ_OK = 0 QPQ_ERROR = 1 @@ -54,7 +54,7 @@ def _status_name(code: int) -> str: # --------------------------------------------------------------------------- def _find_library() -> str: - """Locate libquicproquo_ffi shared library.""" + """Locate libquicprochat_ffi shared library.""" env = os.environ.get("QPQ_FFI_LIB") if env: return env @@ -63,14 +63,14 @@ def _find_library() -> str: repo_root = Path(__file__).resolve().parent.parent.parent for profile in ("release", "debug"): for ext in ("so", "dylib", "dll"): - candidate = repo_root / "target" / profile / f"libquicproquo_ffi.{ext}" + candidate = repo_root / "target" / profile / f"libquicprochat_ffi.{ext}" if candidate.exists(): return str(candidate) print( - "ERROR: Could not find libquicproquo_ffi. " - "Build with: cargo build --release -p quicproquo-ffi\n" - "Or set QPQ_FFI_LIB=/path/to/libquicproquo_ffi.so", + "ERROR: Could not find libquicprochat_ffi. " + "Build with: cargo build --release -p quicprochat-ffi\n" + "Or set QPQ_FFI_LIB=/path/to/libquicprochat_ffi.so", file=sys.stderr, ) sys.exit(1) @@ -116,7 +116,7 @@ def _load_library(path: str) -> ctypes.CDLL: # --------------------------------------------------------------------------- class QpqClient: - """Synchronous Python client wrapping the quicproquo C FFI.""" + """Synchronous Python client wrapping the quicprochat C FFI.""" def __init__(self, lib: ctypes.CDLL): self._lib = lib @@ -182,7 +182,7 @@ class QpqClient: # --------------------------------------------------------------------------- def main() -> None: - parser = argparse.ArgumentParser(description="quicproquo Python FFI client") + parser = argparse.ArgumentParser(description="quicprochat Python FFI client") parser.add_argument("--server", required=True, help="Server address (host:port)") parser.add_argument("--ca-cert", required=True, help="Path to CA certificate (DER)") parser.add_argument("--server-name", default="localhost", help="TLS server name") diff --git a/justfile b/justfile index 1980fd1..3d28bad 100644 --- a/justfile +++ b/justfile @@ -1,4 +1,4 @@ -# quicproquo v2 — build commands +# quicprochat v2 — build commands # Default: build all workspace crates build: @@ -10,27 +10,27 @@ test: # Run core crypto tests only test-core: - cargo test -p quicproquo-core + cargo test -p quicprochat-core # Build proto crate (triggers prost codegen) proto: - cargo build -p quicproquo-proto + cargo build -p quicprochat-proto # Build RPC framework rpc: - cargo build -p quicproquo-rpc + cargo build -p quicprochat-rpc # Build SDK sdk: - cargo build -p quicproquo-sdk + cargo build -p quicprochat-sdk # Build server server: - cargo build -p quicproquo-server + cargo build -p quicprochat-server # Build client client: - cargo build -p quicproquo-client + cargo build -p quicprochat-client # Check all with clippy lint: diff --git a/packaging/openwrt/Makefile b/packaging/openwrt/Makefile index ed76845..5cfcc23 100644 --- a/packaging/openwrt/Makefile +++ b/packaging/openwrt/Makefile @@ -1,58 +1,58 @@ -# OpenWrt package feed Makefile for quicproquo server. +# OpenWrt package feed Makefile for quicprochat server. # # Usage: # 1. Add this directory as a custom feed in feeds.conf: -# src-link quicproquo /path/to/quicproquo/packaging/openwrt -# 2. ./scripts/feeds update quicproquo && ./scripts/feeds install quicproquo -# 3. make menuconfig (select Network -> quicproquo) -# 4. make package/quicproquo/compile V=s +# src-link quicprochat /path/to/quicprochat/packaging/openwrt +# 2. ./scripts/feeds update quicprochat && ./scripts/feeds install quicprochat +# 3. make menuconfig (select Network -> quicprochat) +# 4. make package/quicprochat/compile V=s # # The binary is pre-built via cross-compilation (see scripts/cross-compile.sh) # and the Makefile simply installs it into the ipkg. include $(TOPDIR)/rules.mk -PKG_NAME:=quicproquo +PKG_NAME:=quicprochat PKG_VERSION:=0.1.0 PKG_RELEASE:=1 -PKG_MAINTAINER:=quicproquo team +PKG_MAINTAINER:=quicprochat team PKG_LICENSE:=MIT include $(INCLUDE_DIR)/package.mk -define Package/quicproquo +define Package/quicprochat SECTION:=net CATEGORY:=Network TITLE:=End-to-end encrypted group messenger (server) DEPENDS:=+libpthread +librt - URL:=https://github.com/nicholasgasior/quicproquo + URL:=https://github.com/nicholasgasior/quicprochat endef -define Package/quicproquo/description +define Package/quicprochat/description Production-grade end-to-end encrypted group messenger using QUIC transport, MLS (RFC 9420), ML-KEM-768 hybrid post-quantum KEM, and OPAQUE authentication. - This package installs the qpq-server daemon. + This package installs the qpc-server daemon. endef -define Package/quicproquo/conffiles -/etc/config/quicproquo +define Package/quicprochat/conffiles +/etc/config/quicprochat endef # Skip standard build — we use pre-compiled static musl binaries. define Build/Compile endef -define Package/quicproquo/install +define Package/quicprochat/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/qpq-server $(1)/usr/bin/qpq-server + $(INSTALL_BIN) $(PKG_BUILD_DIR)/qpc-server $(1)/usr/bin/qpc-server $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/quicproquo.init $(1)/etc/init.d/quicproquo + $(INSTALL_BIN) ./files/quicprochat.init $(1)/etc/init.d/quicprochat $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_CONF) ./files/quicproquo.uci $(1)/etc/config/quicproquo + $(INSTALL_CONF) ./files/quicprochat.uci $(1)/etc/config/quicprochat - $(INSTALL_DIR) $(1)/var/lib/quicproquo + $(INSTALL_DIR) $(1)/var/lib/quicprochat endef -$(eval $(call BuildPackage,quicproquo)) +$(eval $(call BuildPackage,quicprochat)) diff --git a/packaging/openwrt/files/quicproquo.init b/packaging/openwrt/files/quicprochat.init similarity index 65% rename from packaging/openwrt/files/quicproquo.init rename to packaging/openwrt/files/quicprochat.init index 902fca4..0fb97e2 100755 --- a/packaging/openwrt/files/quicproquo.init +++ b/packaging/openwrt/files/quicprochat.init @@ -1,18 +1,18 @@ #!/bin/sh /etc/rc.common -# procd init script for quicproquo server. -# Reads configuration from /etc/config/quicproquo (uci). +# procd init script for quicprochat server. +# Reads configuration from /etc/config/quicprochat (uci). START=95 STOP=10 USE_PROCD=1 -PROG=/usr/bin/qpq-server -DATA_DIR=/var/lib/quicproquo +PROG=/usr/bin/qpc-server +DATA_DIR=/var/lib/quicprochat start_service() { local listen data_dir log_level tls_cert tls_key production - config_load quicproquo + config_load quicprochat config_get listen server listen '0.0.0.0:7000' config_get data_dir server data_dir "$DATA_DIR" config_get log_level server log_level 'info' @@ -27,19 +27,19 @@ start_service() { procd_set_param env \ RUST_LOG="$log_level" \ - QPQ_LISTEN="$listen" \ - QPQ_DATA_DIR="$data_dir" \ - QPQ_TLS_CERT="$tls_cert" \ - QPQ_TLS_KEY="$tls_key" \ - QPQ_PRODUCTION="$production" + QPC_LISTEN="$listen" \ + QPC_DATA_DIR="$data_dir" \ + QPC_TLS_CERT="$tls_cert" \ + QPC_TLS_KEY="$tls_key" \ + QPC_PRODUCTION="$production" procd_set_param respawn 3600 5 5 procd_set_param stderr 1 procd_set_param stdout 1 - procd_set_param user qpq + procd_set_param user qpc procd_close_instance } service_triggers() { - procd_add_reload_trigger "quicproquo" + procd_add_reload_trigger "quicprochat" } diff --git a/packaging/openwrt/files/quicprochat.uci b/packaging/openwrt/files/quicprochat.uci new file mode 100644 index 0000000..5314e44 --- /dev/null +++ b/packaging/openwrt/files/quicprochat.uci @@ -0,0 +1,7 @@ +config server 'server' + option listen '0.0.0.0:7000' + option data_dir '/var/lib/quicprochat' + option log_level 'info' + option tls_cert '/var/lib/quicprochat/server-cert.der' + option tls_key '/var/lib/quicprochat/server-key.der' + option production '1' diff --git a/packaging/openwrt/files/quicproquo.uci b/packaging/openwrt/files/quicproquo.uci deleted file mode 100644 index d85d316..0000000 --- a/packaging/openwrt/files/quicproquo.uci +++ /dev/null @@ -1,7 +0,0 @@ -config server 'server' - option listen '0.0.0.0:7000' - option data_dir '/var/lib/quicproquo' - option log_level 'info' - option tls_cert '/var/lib/quicproquo/server-cert.der' - option tls_key '/var/lib/quicproquo/server-key.der' - option production '1' diff --git a/playbooks/README.md b/playbooks/README.md index 47c0369..26119c1 100644 --- a/playbooks/README.md +++ b/playbooks/README.md @@ -1,22 +1,22 @@ -# quicproquo Playbooks +# quicprochat Playbooks -YAML-based scripted command sequences for the qpq client. +YAML-based scripted command sequences for the qpc client. ## Running a playbook ```bash # Build with playbook support -cargo build -p quicproquo-client --features playbook +cargo build -p quicprochat-client --features playbook # Run a playbook -cargo run -p quicproquo-client --features playbook -- \ +cargo run -p quicprochat-client --features playbook -- \ run playbooks/smoke-test.yaml \ --server 127.0.0.1:7000 \ --username alice --password hunter2 \ --danger-accept-invalid-certs # Override variables -cargo run -p quicproquo-client --features playbook -- \ +cargo run -p quicprochat-client --features playbook -- \ run playbooks/smoke-test.yaml \ -V recipient=charlie -V server=remote.example.com:7000 ``` @@ -82,7 +82,7 @@ Plus lifecycle commands: `send` (send a chat message), `wait` (pause), `assert` ## Programmatic Rust API ```rust -use quicproquo_client::{PlaybookRunner, Command, CommandRegistry, CommandResult}; +use quicprochat_client::{PlaybookRunner, Command, CommandRegistry, CommandResult}; // From YAML file let mut runner = PlaybookRunner::from_file(Path::new("playbook.yaml"))?; diff --git a/scripts/chat-test.sh b/scripts/chat-test.sh index e873069..6ec9af6 100755 --- a/scripts/chat-test.sh +++ b/scripts/chat-test.sh @@ -79,14 +79,14 @@ $COMPOSE up -d --wait # ── Step 3: Verify server reachable via QUIC ────────────────────────────────── step "Verifying QUIC connectivity from alice..." -$COMPOSE exec -T alice qpq health +$COMPOSE exec -T alice qpc health # ── Step 4: Alice — register identity + upload KeyPackage ───────────────────── step "Alice: register-state..." -$COMPOSE exec -T alice qpq register-state --state /chat/alice.bin +$COMPOSE exec -T alice qpc register-state --state /chat/alice.bin -ALICE_KEY=$($COMPOSE exec -T alice qpq whoami --state /chat/alice.bin \ +ALICE_KEY=$($COMPOSE exec -T alice qpc whoami --state /chat/alice.bin \ | grep 'identity_key' | awk '{print $3}' | tr -d '[:space:]') info "Alice identity: ${ALICE_KEY}" @@ -98,9 +98,9 @@ fi # ── Step 5: Bob — register identity + upload KeyPackage ─────────────────────── step "Bob: register-state..." -$COMPOSE exec -T bob qpq register-state --state /chat/bob.bin +$COMPOSE exec -T bob qpc register-state --state /chat/bob.bin -BOB_KEY=$($COMPOSE exec -T bob qpq whoami --state /chat/bob.bin \ +BOB_KEY=$($COMPOSE exec -T bob qpc whoami --state /chat/bob.bin \ | grep 'identity_key' | awk '{print $3}' | tr -d '[:space:]') info "Bob identity: ${BOB_KEY}" @@ -112,21 +112,21 @@ fi # ── Step 6: Alice creates group ─────────────────────────────────────────────── step "Alice: create-group 'docker-chat'..." -$COMPOSE exec -T alice qpq create-group \ +$COMPOSE exec -T alice qpc create-group \ --state /chat/alice.bin \ --group-id docker-chat # ── Step 7: Alice invites Bob ───────────────────────────────────────────────── step "Alice: invite Bob..." -$COMPOSE exec -T alice qpq invite \ +$COMPOSE exec -T alice qpc invite \ --state /chat/alice.bin \ --peer-key "$BOB_KEY" # ── Step 8: Bob joins ───────────────────────────────────────────────────────── step "Bob: join group..." -$COMPOSE exec -T bob qpq join --state /chat/bob.bin +$COMPOSE exec -T bob qpc join --state /chat/bob.bin # ── Step 9: Launch tmux ────────────────────────────────────────────────────── @@ -140,8 +140,8 @@ echo " Ctrl+D exits a pane." echo " tmux kill-session -t qpc-chat to stop." echo "" -ALICE_CMD="$COMPOSE exec alice qpq chat --state /chat/alice.bin" -BOB_CMD="$COMPOSE exec bob qpq chat --state /chat/bob.bin" +ALICE_CMD="$COMPOSE exec alice qpc chat --state /chat/alice.bin" +BOB_CMD="$COMPOSE exec bob qpc chat --state /chat/bob.bin" # Kill any stale tmux session with the same name. tmux kill-session -t qpc-chat 2>/dev/null || true diff --git a/scripts/cross-compile.sh b/scripts/cross-compile.sh index bdcfd4a..0f8699b 100755 --- a/scripts/cross-compile.sh +++ b/scripts/cross-compile.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Cross-compile quicproquo for musl targets (OpenWrt / embedded Linux). +# Cross-compile quicprochat for musl targets (OpenWrt / embedded Linux). # # Produces statically linked, stripped binaries optimised for size. # Requires: cargo-zigbuild (preferred) or cross. @@ -8,7 +8,7 @@ # ./scripts/cross-compile.sh # all targets # ./scripts/cross-compile.sh x86_64-unknown-linux-musl # single target # -# Output: target//release/qpq-server (stripped) +# Output: target//release/qpc-server (stripped) set -euo pipefail @@ -47,7 +47,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" -echo "=== quicproquo cross-compilation ===" +echo "=== quicprochat cross-compilation ===" echo "Build tool: $BUILD_CMD" echo "Targets: ${TARGETS[*]}" echo "" @@ -55,8 +55,8 @@ echo "" FAILED=() for target in "${TARGETS[@]}"; do echo "--- Building for $target ---" - if $BUILD_CMD --release --target "$target" --bin qpq-server; then - BINARY="target/$target/release/qpq-server" + if $BUILD_CMD --release --target "$target" --bin qpc-server; then + BINARY="target/$target/release/qpc-server" if [ -f "$BINARY" ]; then SIZE=$(stat -c%s "$BINARY" 2>/dev/null || stat -f%z "$BINARY") SIZE_MB=$(echo "scale=2; $SIZE / 1048576" | bc) diff --git a/scripts/dev-shell.sh b/scripts/dev-shell.sh index 854e996..2ea7cf2 100755 --- a/scripts/dev-shell.sh +++ b/scripts/dev-shell.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -# ── qpq Dev Shell ───────────────────────────────────────────────────────────── +# ── qpc Dev Shell ───────────────────────────────────────────────────────────── # -# Builds qpq (if needed), starts a local server, registers Alice + Bob, then +# Builds qpc (if needed), starts a local server, registers Alice + Bob, then # opens a tmux session with two side-by-side REPL panes and a server-log strip. # # Layout (window 0 — "chat"): @@ -12,7 +12,7 @@ # │ /create-group g ← or create a group │ /join ← to accept invite │ # │ │ │ # ├──────────[ SERVER LOG ]────────────────────┴──────────────────────────────┤ -# │ live qpq-server stdout / stderr │ +# │ live qpc-server stdout / stderr │ # └───────────────────────────────────────────────────────────────────────────┘ # # Window 1 — "ref": full slash-command cheatsheet (read-only) @@ -23,7 +23,7 @@ # ./scripts/dev-shell.sh --resume reuse existing state files + server data # ./scripts/dev-shell.sh --help show this message # -# Stop: Ctrl-C here OR tmux kill-session -t qpq-dev +# Stop: Ctrl-C here OR tmux kill-session -t qpc-dev # Ref: Ctrl-B 1 (inside tmux → cheatsheet window) # Nav: Ctrl-B ←/→ (switch Alice ↔ Bob pane) # Ctrl-B z (zoom current pane) @@ -33,19 +33,19 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" BIN_DIR="$PROJECT_ROOT/target/debug" -SESSION="qpq-dev" +SESSION="qpc-dev" SERVER_PORT=7000 SERVER_ADDR="127.0.0.1:$SERVER_PORT" SERVER_NAME="localhost" # All runtime state lives in /tmp so the project tree stays clean -RUN_DIR="/tmp/qpq-devshell" +RUN_DIR="/tmp/qpc-devshell" DATA_DIR="$RUN_DIR/server-data" # server stores TLS cert + OPAQUE data here CA_CERT="$DATA_DIR/server-cert.der" LOG_FILE="$RUN_DIR/server.log" -QPQ="$BIN_DIR/qpq" -QPQS="$BIN_DIR/qpq-server" +QPQ="$BIN_DIR/qpc" +QPQS="$BIN_DIR/qpc-server" # ── Colours ──────────────────────────────────────────────────────────────────── GRN='\033[0;32m'; CYN='\033[0;36m'; YLW='\033[1;33m'; RED='\033[0;31m'; NC='\033[0m' @@ -125,7 +125,7 @@ cleanup() { step "Shutting down..." tmux kill-session -t "$SESSION" 2>/dev/null || true if [[ -n "$SERVER_PID" ]] && kill -0 "$SERVER_PID" 2>/dev/null; then - info "Stopping qpq-server (PID $SERVER_PID)..." + info "Stopping qpc-server (PID $SERVER_PID)..." kill "$SERVER_PID" 2>/dev/null || true wait "$SERVER_PID" 2>/dev/null || true fi @@ -135,7 +135,7 @@ cleanup() { trap cleanup EXIT INT TERM # ── Start server ─────────────────────────────────────────────────────────────── -step "Starting qpq-server on $SERVER_ADDR..." +step "Starting qpc-server on $SERVER_ADDR..." "$QPQS" \ --listen "$SERVER_ADDR" \ --data-dir "$DATA_DIR" \ @@ -166,7 +166,7 @@ for i in $(seq 1 20); do done sleep 0.5 # brief pause for the QUIC listener to open -QPQ_GLOBAL=(--ca-cert "$CA_CERT" --server-name "$SERVER_NAME") +QPC_GLOBAL=(--ca-cert "$CA_CERT" --server-name "$SERVER_NAME") # ── Build REPL command strings ───────────────────────────────────────────────── # Registration is handled automatically by the REPL on first launch: @@ -177,7 +177,7 @@ QPQ_GLOBAL=(--ca-cert "$CA_CERT" --server-name "$SERVER_NAME") # the identity key from ever being bound on a subsequent REPL launch. repl_cmd() { local user="$1" pass="$2" - echo "$QPQ ${QPQ_GLOBAL[*]} repl \ + echo "$QPQ ${QPC_GLOBAL[*]} repl \ --state $RUN_DIR/${user}.bin \ --server $SERVER_ADDR \ --username $user \ @@ -244,7 +244,7 @@ tmux send-keys -t "${SESSION}:1" "clear" Enter # Heredoc piped through cat so it renders immediately and stays visible tmux send-keys -t "${SESSION}:1" "cat << 'CHEAT' ╔══════════════════════════════════════════════════════════════════════════╗ -║ qpq REPL ─ Slash Command Cheatsheet ║ +║ qpc REPL ─ Slash Command Cheatsheet ║ ╠══════════════════════════════════════════════════════════════════════════╣ ║ GENERAL ║ ║ /help show all commands in the REPL ║ @@ -303,7 +303,7 @@ tmux send-keys -t "${SESSION}:1" "cat << 'CHEAT' ║ ║ ║ EXIT / STOP ║ ║ Ctrl-B :kill-session Enter kill tmux + triggers script cleanup ║ -║ tmux kill-session -t qpq-dev from any other terminal ║ +║ tmux kill-session -t qpc-dev from any other terminal ║ ║ /quit (in Alice or Bob pane) exit that REPL only ║ ╚══════════════════════════════════════════════════════════════════════════╝ CHEAT" Enter @@ -315,7 +315,7 @@ tmux select-pane -t "${SESSION}:0.0" # ── Print startup summary ────────────────────────────────────────────────────── printf "\n" printf "${GRN}╔══════════════════════════════════════════════════════╗${NC}\n" -printf "${GRN}║${NC} ${GRN}qpq dev shell — ready${NC} ${GRN}║${NC}\n" +printf "${GRN}║${NC} ${GRN}qpc dev shell — ready${NC} ${GRN}║${NC}\n" printf "${GRN}╠══════════════════════════════════════════════════════╣${NC}\n" printf "${GRN}║${NC} Session ${CYN}%s${NC}\n" "$SESSION ${GRN}║${NC}" printf "${GRN}║${NC} Server ${CYN}%s${NC}\n" "$SERVER_ADDR (log → $LOG_FILE) ${GRN}║${NC}" @@ -326,7 +326,7 @@ printf "${GRN}║${NC} Quick DM: ${CYN}[Alice pane]${NC} type: /dm bob printf "${GRN}║${NC} Cheatsheet: Ctrl-B 1 (inside tmux) ${GRN}║${NC}\n" printf "${GRN}║${NC} Exit: Ctrl-B :kill-session Enter ${GRN}║${NC}\n" printf "${GRN}║${NC} or from another terminal: ${GRN}║${NC}\n" -printf "${GRN}║${NC} tmux kill-session -t qpq-dev ${GRN}║${NC}\n" +printf "${GRN}║${NC} tmux kill-session -t qpc-dev ${GRN}║${NC}\n" printf "${GRN}╚══════════════════════════════════════════════════════╝${NC}\n" printf "\n" diff --git a/scripts/screenshot.sh b/scripts/screenshot.sh index 57f9eb8..6b92286 100755 --- a/scripts/screenshot.sh +++ b/scripts/screenshot.sh @@ -6,14 +6,14 @@ cd "$(git rev-parse --show-toplevel)" INTERACTIVE=false [[ "${1:-}" == "--interactive" ]] && INTERACTIVE=true -SESSION="qpq-screenshot" +SESSION="qpc-screenshot" SERVER_PORT=17123 SERVER_ADDR="127.0.0.1:${SERVER_PORT}" DATA_DIR=$(mktemp -d) CERT="${DATA_DIR}/server-cert.der" KEY="${DATA_DIR}/server-key.der" -QPQ="./target/debug/qpq" -SERVER="./target/debug/qpq-server" +QPQ="./target/debug/qpc" +SERVER="./target/debug/qpc-server" SLOG="${DATA_DIR}/server.log" cleanup() { @@ -26,7 +26,7 @@ trap cleanup EXIT # ── Build ──────────────────────────────────────────────────────────────────── echo "Building binaries..." -cargo build --bin qpq --bin qpq-server 2>&1 | tail -1 +cargo build --bin qpc --bin qpc-server 2>&1 | tail -1 # ── Start server ───────────────────────────────────────────────────────────── echo "Starting server on ${SERVER_ADDR}..." diff --git a/sdks/go/README.md b/sdks/go/README.md index 1eca810..eacd16c 100644 --- a/sdks/go/README.md +++ b/sdks/go/README.md @@ -1,16 +1,16 @@ -# quicproquo Go SDK +# quicprochat Go SDK -Go client library for the [quicproquo](https://github.com/nicholasgasior/quicproquo) E2E encrypted messenger. +Go client library for the [quicprochat](https://github.com/nicholasgasior/quicprochat) E2E encrypted messenger. ## Prerequisites - Go 1.21+ -- A running quicproquo server +- A running quicprochat server ## Installation ```sh -go get quicproquo.dev/sdk/go +go get quicprochat.dev/sdk/go ``` ## Quick Start @@ -22,14 +22,14 @@ import ( "context" "fmt" - "quicproquo.dev/sdk/go/qpq" + "quicprochat.dev/sdk/go/qpc" ) func main() { ctx := context.Background() // Connect to a local server (dev mode) - client, err := qpq.Connect(ctx, qpq.Options{ + client, err := qpc.Connect(ctx, qpc.Options{ Addr: "127.0.0.1:5001", InsecureSkipVerify: true, }) @@ -68,7 +68,7 @@ func main() { | Method | Description | |---|---| -| `qpq.Connect(ctx, opts)` | Connect to a server, returns `*Client` | +| `qpc.Connect(ctx, opts)` | Connect to a server, returns `*Client` | | `client.Close()` | Disconnect | ### Authentication @@ -106,7 +106,7 @@ For testing without OPAQUE, use `SetSessionToken` with a token obtained by other - `proto/node/` -- Generated Cap'n Proto Go types from `schemas/node.capnp` - `transport/` -- QUIC + TLS 1.3 transport and Cap'n Proto RPC framing -- `qpq/` -- High-level client API (auth, messaging, channels) +- `qpc/` -- High-level client API (auth, messaging, channels) - `cmd/example/` -- Example usage ## Regenerating Proto Types diff --git a/sdks/go/cmd/example/main.go b/sdks/go/cmd/example/main.go index e293ee4..fd60d46 100644 --- a/sdks/go/cmd/example/main.go +++ b/sdks/go/cmd/example/main.go @@ -1,4 +1,4 @@ -// Command example demonstrates basic usage of the quicproquo Go SDK. +// Command example demonstrates basic usage of the quicprochat Go SDK. package main import ( @@ -6,7 +6,7 @@ import ( "fmt" "os" - "quicproquo.dev/sdk/go/qpq" + "quicprochat.dev/sdk/go/qpq" ) func main() { diff --git a/sdks/go/go.mod b/sdks/go/go.mod index cc58563..a4320bc 100644 --- a/sdks/go/go.mod +++ b/sdks/go/go.mod @@ -1,4 +1,4 @@ -module quicproquo.dev/sdk/go +module quicprochat.dev/sdk/go go 1.25.7 diff --git a/sdks/go/proto/node/node.capnp b/sdks/go/proto/node/node.capnp index 10f8c2e..3589dac 100644 --- a/sdks/go/proto/node/node.capnp +++ b/sdks/go/proto/node/node.capnp @@ -1,10 +1,10 @@ -# node.capnp — Go-annotated copy of the quicproquo node schema. +# node.capnp — Go-annotated copy of the quicprochat node schema. # This adds Go package annotations needed by capnpc-go. @0xd5ca5648a9cc1c28; using Go = import "/go.capnp"; $Go.package("node"); -$Go.import("quicproquo.dev/sdk/go/proto/node"); +$Go.import("quicprochat.dev/sdk/go/proto/node"); interface NodeService { uploadKeyPackage @0 (identityKey :Data, package :Data, auth :Auth) -> (fingerprint :Data); diff --git a/sdks/go/qpc/client.go b/sdks/go/qpc/client.go index 847489c..b129fa9 100644 --- a/sdks/go/qpc/client.go +++ b/sdks/go/qpc/client.go @@ -1,4 +1,4 @@ -// Package qpq provides the high-level Go API for interacting with a quicproquo server. +// Package qpq provides the high-level Go API for interacting with a quicprochat server. // // It wraps the generated Cap'n Proto types and transport layer into an // ergonomic client that handles authentication, key management, and messaging. @@ -8,11 +8,11 @@ import ( "context" "fmt" - "quicproquo.dev/sdk/go/proto/node" - "quicproquo.dev/sdk/go/transport" + "quicprochat.dev/sdk/go/proto/node" + "quicprochat.dev/sdk/go/transport" ) -// Options configures the connection to a quicproquo server. +// Options configures the connection to a quicprochat server. type Options struct { // Addr is the host:port of the server (e.g. "127.0.0.1:5001"). Addr string @@ -30,7 +30,7 @@ type Message struct { Data []byte } -// Client is the high-level quicproquo client. +// Client is the high-level quicprochat client. type Client struct { conn *transport.Connection token []byte // session token from OPAQUE login diff --git a/sdks/go/transport/transport.go b/sdks/go/transport/transport.go index b20211b..3f4212d 100644 --- a/sdks/go/transport/transport.go +++ b/sdks/go/transport/transport.go @@ -1,4 +1,4 @@ -// Package transport provides the low-level QUIC+TLS connection to a quicproquo server +// Package transport provides the low-level QUIC+TLS connection to a quicprochat server // and bootstraps the Cap'n Proto RPC client over a single bidirectional QUIC stream. package transport @@ -14,10 +14,10 @@ import ( "capnproto.org/go/capnp/v3/rpc" "github.com/quic-go/quic-go" - "quicproquo.dev/sdk/go/proto/node" + "quicprochat.dev/sdk/go/proto/node" ) -// ConnectOptions configures the connection to a quicproquo server. +// ConnectOptions configures the connection to a quicprochat server. type ConnectOptions struct { // Addr is the host:port of the server (e.g. "127.0.0.1:5001"). Addr string diff --git a/sdks/java/README.md b/sdks/java/README.md index c593735..5fe036c 100644 --- a/sdks/java/README.md +++ b/sdks/java/README.md @@ -1,18 +1,18 @@ -# QuicProQuo Java SDK +# QuicProChat Java SDK -Java wrapper over `libquicproquo_ffi` via JNI for JVM and Android. +Java wrapper over `libquicprochat_ffi` via JNI for JVM and Android. ## Prerequisites - JDK 17+ -- `libquicproquo_ffi` built for the target platform +- `libquicprochat_ffi` built for the target platform - JNI bridge compiled (shared with Kotlin SDK: `../kotlin/jni/`) ## Building ```sh # Build Rust FFI library -cargo build --release -p quicproquo-ffi +cargo build --release -p quicprochat-ffi # Build Java SDK ./gradlew build @@ -21,7 +21,7 @@ cargo build --release -p quicproquo-ffi ## Usage ```java -import dev.quicproquo.QpqClient; +import dev.quicprochat.QpqClient; try (QpqClient client = new QpqClient("127.0.0.1:5001", "ca.pem")) { client.login("alice", "secret"); @@ -45,6 +45,6 @@ try (QpqClient client = new QpqClient("127.0.0.1:5001", "ca.pem")) { ## Structure -- `src/main/java/dev/quicproquo/QpqClient.java` -- High-level client -- `src/main/java/dev/quicproquo/NativeBridge.java` -- JNI declarations +- `src/main/java/dev/quicprochat/QpqClient.java` -- High-level client +- `src/main/java/dev/quicprochat/NativeBridge.java` -- JNI declarations - JNI C bridge shared with Kotlin SDK at `../kotlin/jni/` diff --git a/sdks/java/build.gradle.kts b/sdks/java/build.gradle.kts index e3745b2..4df2107 100644 --- a/sdks/java/build.gradle.kts +++ b/sdks/java/build.gradle.kts @@ -2,7 +2,7 @@ plugins { java } -group = "dev.quicproquo" +group = "dev.quicprochat" version = "0.1.0" java { diff --git a/sdks/java/src/main/java/dev/quicprochat/NativeBridge.java b/sdks/java/src/main/java/dev/quicprochat/NativeBridge.java index c4ff28b..93878b4 100644 --- a/sdks/java/src/main/java/dev/quicprochat/NativeBridge.java +++ b/sdks/java/src/main/java/dev/quicprochat/NativeBridge.java @@ -1,11 +1,11 @@ -package dev.quicproquo; +package dev.quicprochat; /** - * JNI bridge to libquicproquo_ffi native library. + * JNI bridge to libquicprochat_ffi native library. * *

Load the library with: * 

{@code
- * System.loadLibrary("quicproquo_ffi");
+ * System.loadLibrary("quicprochat_ffi");
  * }
*/ final class NativeBridge { @@ -16,7 +16,7 @@ final class NativeBridge { static final int QPQ_NOT_CONNECTED = 4; static { - System.loadLibrary("quicproquo_ffi"); + System.loadLibrary("quicprochat_ffi"); } static native long nativeConnect(String server, String caCert, String serverName); diff --git a/sdks/java/src/main/java/dev/quicprochat/QpqAuthException.java b/sdks/java/src/main/java/dev/quicprochat/QpqAuthException.java index f84680d..4a35d57 100644 --- a/sdks/java/src/main/java/dev/quicprochat/QpqAuthException.java +++ b/sdks/java/src/main/java/dev/quicprochat/QpqAuthException.java @@ -1,4 +1,4 @@ -package dev.quicproquo; +package dev.quicprochat; /** OPAQUE authentication failed (bad credentials). */ public class QpqAuthException extends QpqException { diff --git a/sdks/java/src/main/java/dev/quicprochat/QpqClient.java b/sdks/java/src/main/java/dev/quicprochat/QpqClient.java index 46f0871..e07c64f 100644 --- a/sdks/java/src/main/java/dev/quicprochat/QpqClient.java +++ b/sdks/java/src/main/java/dev/quicprochat/QpqClient.java @@ -1,4 +1,4 @@ -package dev.quicproquo; +package dev.quicprochat; import com.google.gson.Gson; import com.google.gson.reflect.TypeToken; @@ -7,9 +7,9 @@ import java.util.Collections; import java.util.List; /** - * High-level quicproquo client for JVM. + * High-level quicprochat client for JVM. * - *

Wraps {@code libquicproquo_ffi} via JNI. + *

Wraps {@code libquicprochat_ffi} via JNI. * * 

{@code
  * try (QpqClient client = new QpqClient("127.0.0.1:5001", "ca.pem")) {
@@ -26,7 +26,7 @@ public final class QpqClient implements AutoCloseable {
             new TypeToken>() {}.getType();
 
     /**
-     * Connect to a quicproquo server.
+     * Connect to a quicprochat server.
      *
      * @param server    server address as {@code host:port}
      * @param caCertPath path to PEM-encoded CA certificate
@@ -36,7 +36,7 @@ public final class QpqClient implements AutoCloseable {
     }
 
     /**
-     * Connect to a quicproquo server with explicit TLS server name.
+     * Connect to a quicprochat server with explicit TLS server name.
      *
      * @param server     server address as {@code host:port}
      * @param caCertPath path to PEM-encoded CA certificate
diff --git a/sdks/java/src/main/java/dev/quicprochat/QpqException.java b/sdks/java/src/main/java/dev/quicprochat/QpqException.java
index e4c3c98..3cf17f3 100644
--- a/sdks/java/src/main/java/dev/quicprochat/QpqException.java
+++ b/sdks/java/src/main/java/dev/quicprochat/QpqException.java
@@ -1,6 +1,6 @@
-package dev.quicproquo;
+package dev.quicprochat;
 
-/** Base exception for quicproquo SDK errors. */
+/** Base exception for quicprochat SDK errors. */
 public class QpqException extends RuntimeException {
     public QpqException(String message) { super(message); }
     public QpqException(String message, Throwable cause) { super(message, cause); }
diff --git a/sdks/java/src/main/java/dev/quicprochat/QpqTimeoutException.java b/sdks/java/src/main/java/dev/quicprochat/QpqTimeoutException.java
index 73ef04c..e4101b8 100644
--- a/sdks/java/src/main/java/dev/quicprochat/QpqTimeoutException.java
+++ b/sdks/java/src/main/java/dev/quicprochat/QpqTimeoutException.java
@@ -1,4 +1,4 @@
-package dev.quicproquo;
+package dev.quicprochat;
 
 /** Operation timed out. */
 public class QpqTimeoutException extends QpqException {
diff --git a/sdks/kotlin/README.md b/sdks/kotlin/README.md
index 1ce7b51..6252edc 100644
--- a/sdks/kotlin/README.md
+++ b/sdks/kotlin/README.md
@@ -1,34 +1,34 @@
-# QuicProQuo Kotlin SDK
+# QuicProChat Kotlin SDK
 
-Kotlin/JVM wrapper over `libquicproquo_ffi` via JNI for Android and JVM platforms.
+Kotlin/JVM wrapper over `libquicprochat_ffi` via JNI for Android and JVM platforms.
 
 ## Prerequisites
 
 - Kotlin 1.9+ / JDK 17+
-- `libquicproquo_ffi` built for the target architecture
-- JNI bridge compiled (`jni/dev_quicproquo_NativeBridge.c`)
+- `libquicprochat_ffi` built for the target architecture
+- JNI bridge compiled (`jni/dev_quicprochat_NativeBridge.c`)
 
 ## Building the Native Library
 
 ```sh
 # Linux (JVM)
-cargo build --release -p quicproquo-ffi
+cargo build --release -p quicprochat-ffi
 
 # Android (aarch64)
-cargo build --release -p quicproquo-ffi --target aarch64-linux-android
+cargo build --release -p quicprochat-ffi --target aarch64-linux-android
 
 # Android (armv7)
-cargo build --release -p quicproquo-ffi --target armv7-linux-androideabi
+cargo build --release -p quicprochat-ffi --target armv7-linux-androideabi
 ```
 
 ### Compiling the JNI Bridge
 
 ```sh
 cd jni
-gcc -shared -fPIC -o libquicproquo_jni.so \
+gcc -shared -fPIC -o libquicprochat_jni.so \
     -I"$JAVA_HOME/include" -I"$JAVA_HOME/include/linux" \
-    dev_quicproquo_NativeBridge.c \
-    -L ../../../../target/release -lquicproquo_ffi
+    dev_quicprochat_NativeBridge.c \
+    -L ../../../../target/release -lquicprochat_ffi
 ```
 
 ## Installation
@@ -37,7 +37,7 @@ gcc -shared -fPIC -o libquicproquo_jni.so \
 
 ```kotlin
 dependencies {
-    implementation(files("libs/quicproquo-0.1.0.jar"))
+    implementation(files("libs/quicprochat-0.1.0.jar"))
 }
 ```
 
@@ -46,7 +46,7 @@ Or include as a local project module.
 ## Usage
 
 ```kotlin
-import dev.quicproquo.QpqClient
+import dev.quicprochat.QpqClient
 
 val client = QpqClient("127.0.0.1:5001", caCertPath = "ca.pem")
 
@@ -86,16 +86,16 @@ try {
 
 ## Structure
 
-- `src/main/kotlin/dev/quicproquo/QpqClient.kt` -- High-level client
-- `src/main/kotlin/dev/quicproquo/NativeBridge.kt` -- JNI declarations
-- `src/main/kotlin/dev/quicproquo/QpqError.kt` -- Exception types
-- `jni/dev_quicproquo_NativeBridge.c` -- JNI C bridge to FFI
+- `src/main/kotlin/dev/quicprochat/QpqClient.kt` -- High-level client
+- `src/main/kotlin/dev/quicprochat/NativeBridge.kt` -- JNI declarations
+- `src/main/kotlin/dev/quicprochat/QpqError.kt` -- Exception types
+- `jni/dev_quicprochat_NativeBridge.c` -- JNI C bridge to FFI
 
 ## Android Integration
 
 1. Add the native libraries to `src/main/jniLibs//`:
-   - `arm64-v8a/libquicproquo_ffi.so`
-   - `armeabi-v7a/libquicproquo_ffi.so`
+   - `arm64-v8a/libquicprochat_ffi.so`
+   - `armeabi-v7a/libquicprochat_ffi.so`
 2. Add the JNI bridge library alongside
 3. The `NativeBridge` class loads the library via `System.loadLibrary`
 
@@ -107,5 +107,5 @@ rustup target add aarch64-linux-android armv7-linux-androideabi
 
 # Build with the NDK linker
 CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=aarch64-linux-android21-clang \
-  cargo build --release -p quicproquo-ffi --target aarch64-linux-android
+  cargo build --release -p quicprochat-ffi --target aarch64-linux-android
 ```
diff --git a/sdks/kotlin/build.gradle.kts b/sdks/kotlin/build.gradle.kts
index 2130886..a13e4ee 100644
--- a/sdks/kotlin/build.gradle.kts
+++ b/sdks/kotlin/build.gradle.kts
@@ -2,7 +2,7 @@ plugins {
     kotlin("jvm") version "1.9.22"
 }
 
-group = "dev.quicproquo"
+group = "dev.quicprochat"
 version = "0.1.0"
 
 repositories {
diff --git a/sdks/kotlin/jni/dev_quicprochat_NativeBridge.c b/sdks/kotlin/jni/dev_quicprochat_NativeBridge.c
index ffa5dd9..89eb946 100644
--- a/sdks/kotlin/jni/dev_quicprochat_NativeBridge.c
+++ b/sdks/kotlin/jni/dev_quicprochat_NativeBridge.c
@@ -1,18 +1,18 @@
 /**
- * JNI bridge between Kotlin/Java and libquicproquo_ffi.
+ * JNI bridge between Kotlin/Java and libquicprochat_ffi.
  *
  * Compile with:
- *   gcc -shared -fPIC -o libquicproquo_jni.so \
+ *   gcc -shared -fPIC -o libquicprochat_jni.so \
  *       -I"$JAVA_HOME/include" -I"$JAVA_HOME/include/linux" \
- *       dev_quicproquo_NativeBridge.c \
- *       -L ../../../../target/release -lquicproquo_ffi
+ *       dev_quicprochat_NativeBridge.c \
+ *       -L ../../../../target/release -lquicprochat_ffi
  */
 
 #include 
 #include 
 #include 
 
-/* Forward declarations for libquicproquo_ffi functions. */
+/* Forward declarations for libquicprochat_ffi functions. */
 typedef struct QpqHandle QpqHandle;
 
 extern QpqHandle* qpq_connect(const char* server, const char* ca_cert, const char* server_name);
@@ -27,7 +27,7 @@ extern void qpq_free_string(char* ptr);
 /* --- JNI exports --- */
 
 JNIEXPORT jlong JNICALL
-Java_dev_quicproquo_NativeBridge_nativeConnect(
+Java_dev_quicprochat_NativeBridge_nativeConnect(
     JNIEnv* env, jclass cls,
     jstring server, jstring caCert, jstring serverName)
 {
@@ -45,7 +45,7 @@ Java_dev_quicproquo_NativeBridge_nativeConnect(
 }
 
 JNIEXPORT jint JNICALL
-Java_dev_quicproquo_NativeBridge_nativeLogin(
+Java_dev_quicprochat_NativeBridge_nativeLogin(
     JNIEnv* env, jclass cls,
     jlong handle, jstring username, jstring password)
 {
@@ -61,7 +61,7 @@ Java_dev_quicproquo_NativeBridge_nativeLogin(
 }
 
 JNIEXPORT jint JNICALL
-Java_dev_quicproquo_NativeBridge_nativeSend(
+Java_dev_quicprochat_NativeBridge_nativeSend(
     JNIEnv* env, jclass cls,
     jlong handle, jstring recipient, jbyteArray message)
 {
@@ -78,7 +78,7 @@ Java_dev_quicproquo_NativeBridge_nativeSend(
 }
 
 JNIEXPORT jstring JNICALL
-Java_dev_quicproquo_NativeBridge_nativeReceive(
+Java_dev_quicprochat_NativeBridge_nativeReceive(
     JNIEnv* env, jclass cls,
     jlong handle, jint timeoutMs)
 {
@@ -97,7 +97,7 @@ Java_dev_quicproquo_NativeBridge_nativeReceive(
 }
 
 JNIEXPORT void JNICALL
-Java_dev_quicproquo_NativeBridge_nativeDisconnect(
+Java_dev_quicprochat_NativeBridge_nativeDisconnect(
     JNIEnv* env, jclass cls, jlong handle)
 {
     QpqHandle* h = (QpqHandle*)(uintptr_t)handle;
@@ -107,7 +107,7 @@ Java_dev_quicproquo_NativeBridge_nativeDisconnect(
 }
 
 JNIEXPORT jstring JNICALL
-Java_dev_quicproquo_NativeBridge_nativeLastError(
+Java_dev_quicprochat_NativeBridge_nativeLastError(
     JNIEnv* env, jclass cls, jlong handle)
 {
     QpqHandle* h = (QpqHandle*)(uintptr_t)handle;
diff --git a/sdks/kotlin/src/main/kotlin/dev/quicprochat/NativeBridge.kt b/sdks/kotlin/src/main/kotlin/dev/quicprochat/NativeBridge.kt
index 3e6730b..0bff900 100644
--- a/sdks/kotlin/src/main/kotlin/dev/quicprochat/NativeBridge.kt
+++ b/sdks/kotlin/src/main/kotlin/dev/quicprochat/NativeBridge.kt
@@ -1,18 +1,18 @@
-package dev.quicproquo
+package dev.quicprochat
 
 /**
- * JNI bridge to libquicproquo_ffi native library.
+ * JNI bridge to libquicprochat_ffi native library.
  *
  * Load the library with:
  * ```kotlin
- * System.loadLibrary("quicproquo_ffi")
+ * System.loadLibrary("quicprochat_ffi")
  * ```
  *
  * Or set `java.library.path` to the directory containing the shared object.
  */
 internal object NativeBridge {
 
-    /** Status codes (mirrors crates/quicproquo-ffi/src/lib.rs). */
+    /** Status codes (mirrors crates/quicprochat-ffi/src/lib.rs). */
     const val QPQ_OK = 0
     const val QPQ_ERROR = 1
     const val QPQ_AUTH_FAILED = 2
@@ -20,7 +20,7 @@ internal object NativeBridge {
     const val QPQ_NOT_CONNECTED = 4
 
     init {
-        System.loadLibrary("quicproquo_ffi")
+        System.loadLibrary("quicprochat_ffi")
     }
 
     /**
diff --git a/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqClient.kt b/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqClient.kt
index 7254c3e..4eebfe8 100644
--- a/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqClient.kt
+++ b/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqClient.kt
@@ -1,13 +1,13 @@
-package dev.quicproquo
+package dev.quicprochat
 
 import com.google.gson.Gson
 import com.google.gson.reflect.TypeToken
 import java.io.Closeable
 
 /**
- * High-level quicproquo client for Android/JVM.
+ * High-level quicprochat client for Android/JVM.
  *
- * Wraps `libquicproquo_ffi` via JNI to provide a Kotlin-native API.
+ * Wraps `libquicprochat_ffi` via JNI to provide a Kotlin-native API.
  *
  * ```kotlin
  * val client = QpqClient("127.0.0.1:5001", caCertPath = "ca.pem")
diff --git a/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqError.kt b/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqError.kt
index 92bd399..8352d3f 100644
--- a/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqError.kt
+++ b/sdks/kotlin/src/main/kotlin/dev/quicprochat/QpqError.kt
@@ -1,6 +1,6 @@
-package dev.quicproquo
+package dev.quicprochat
 
-/** Base exception for quicproquo SDK errors. */
+/** Base exception for quicprochat SDK errors. */
 open class QpqException(message: String, cause: Throwable? = null) :
     RuntimeException(message, cause)
 
diff --git a/sdks/python/README.md b/sdks/python/README.md
index 546de39..5d4b3ae 100644
--- a/sdks/python/README.md
+++ b/sdks/python/README.md
@@ -1,16 +1,16 @@
-# quicproquo Python SDK
+# quicprochat Python SDK
 
-Python client library for the [quicproquo](https://github.com/nicholasgasior/quicproquo) E2E encrypted messenger.
+Python client library for the [quicprochat](https://github.com/nicholasgasior/quicprochat) E2E encrypted messenger.
 
 ## Prerequisites
 
 - Python 3.10+
-- A running quicproquo server
+- A running quicprochat server
 
 ## Installation
 
 ```sh
-pip install quicproquo
+pip install quicprochat
 ```
 
 For development:
@@ -27,7 +27,7 @@ Uses [aioquic](https://github.com/aiortc/aioquic) for native QUIC transport with
 
 ```python
 import asyncio
-from quicproquo import QpqClient, ConnectOptions
+from quicprochat import QpqClient, ConnectOptions
 
 async def main():
     client = await QpqClient.connect(ConnectOptions(
@@ -61,15 +61,15 @@ asyncio.run(main())
 
 ### 2. Rust FFI (synchronous)
 
-Wraps `libquicproquo_ffi` via CFFI for full Rust crypto stack (MLS, hybrid KEM, OPAQUE) at native speed.
+Wraps `libquicprochat_ffi` via CFFI for full Rust crypto stack (MLS, hybrid KEM, OPAQUE) at native speed.
 
 ```sh
 # Build the FFI library first
-cargo build --release -p quicproquo-ffi
+cargo build --release -p quicprochat-ffi
 ```
 
 ```python
-from quicproquo import QpqClient, ConnectOptions
+from quicprochat import QpqClient, ConnectOptions
 
 client = QpqClient.connect_ffi(ConnectOptions(
     addr="127.0.0.1:5001",
@@ -138,7 +138,7 @@ client.close_sync()
 
 ## Wire Format
 
-The SDK implements the qpq v2 wire format:
+The SDK implements the qpc v2 wire format:
 
 ```
 [method_id:u16][req_id:u32][len:u32][protobuf payload]
@@ -148,12 +148,12 @@ Each RPC is sent over its own QUIC bidirectional stream.
 
 ## Structure
 
-- `quicproquo/client.py` -- High-level client API
-- `quicproquo/transport.py` -- QUIC transport (aioquic)
-- `quicproquo/ffi.py` -- Rust FFI transport (CFFI)
-- `quicproquo/proto.py` -- Protobuf encode/decode (no codegen)
-- `quicproquo/wire.py` -- v2 wire format framing
-- `quicproquo/types.py` -- Data types and exceptions
+- `quicprochat/client.py` -- High-level client API
+- `quicprochat/transport.py` -- QUIC transport (aioquic)
+- `quicprochat/ffi.py` -- Rust FFI transport (CFFI)
+- `quicprochat/proto.py` -- Protobuf encode/decode (no codegen)
+- `quicprochat/wire.py` -- v2 wire format framing
+- `quicprochat/types.py` -- Data types and exceptions
 - `examples/bot.py` -- Async echo bot example
 - `examples/ffi_demo.py` -- Synchronous FFI example
 
diff --git a/sdks/python/examples/bot.py b/sdks/python/examples/bot.py
index 4382c8a..3baed47 100644
--- a/sdks/python/examples/bot.py
+++ b/sdks/python/examples/bot.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-"""Example: async echo bot using the quicproquo Python SDK.
+"""Example: async echo bot using the quicprochat Python SDK.
 
 Connects to a qpq server, authenticates, and echoes back any received
 messages with a "[bot] " prefix.
@@ -19,7 +19,7 @@ import asyncio
 import signal
 import sys
 
-from quicproquo import QpqClient, ConnectOptions
+from quicprochat import QpqClient, ConnectOptions
 
 
 async def run_bot(opts: ConnectOptions, token: bytes, identity_key: bytes) -> None:
diff --git a/sdks/python/examples/ffi_demo.py b/sdks/python/examples/ffi_demo.py
index 3377e11..00a2f33 100644
--- a/sdks/python/examples/ffi_demo.py
+++ b/sdks/python/examples/ffi_demo.py
@@ -1,8 +1,8 @@
 #!/usr/bin/env python3
 """Example: synchronous messaging using the Rust FFI backend.
 
-Requires libquicproquo_ffi to be built:
-    cargo build --release -p quicproquo-ffi
+Requires libquicprochat_ffi to be built:
+    cargo build --release -p quicprochat-ffi
 
 Set QPQ_LIB_PATH if the library is not in the default search path.
 
@@ -15,7 +15,7 @@ from __future__ import annotations
 
 import argparse
 
-from quicproquo import QpqClient, ConnectOptions
+from quicprochat import QpqClient, ConnectOptions
 
 
 def main() -> None:
diff --git a/sdks/python/quicprochat/__init__.py b/sdks/python/quicprochat/__init__.py
index 5946e2a..0146b09 100644
--- a/sdks/python/quicprochat/__init__.py
+++ b/sdks/python/quicprochat/__init__.py
@@ -1,8 +1,8 @@
-"""quicproquo -- Python SDK for the quicproquo E2E encrypted messenger.
+"""quicprochat -- Python SDK for the quicprochat E2E encrypted messenger.
 
 Two transport backends are available:
 
-1. **FFI** (``QpqClient.connect_ffi``): wraps the Rust ``libquicproquo_ffi``
+1. **FFI** (``QpqClient.connect_ffi``): wraps the Rust ``libquicprochat_ffi``
    shared library via CFFI.  This gives you the full Rust crypto stack
    (MLS, hybrid KEM, OPAQUE) at native speed.
 
@@ -11,8 +11,8 @@ Two transport backends are available:
    operations must be supplied externally.
 """
 
-from quicproquo.client import QpqClient
-from quicproquo.types import (
+from quicprochat.client import QpqClient
+from quicprochat.types import (
     ConnectOptions,
     Envelope,
     ChannelResult,
diff --git a/sdks/python/quicprochat/client.py b/sdks/python/quicprochat/client.py
index 8dbf113..a294961 100644
--- a/sdks/python/quicprochat/client.py
+++ b/sdks/python/quicprochat/client.py
@@ -1,27 +1,27 @@
-"""High-level quicproquo client.
+"""High-level quicprochat client.
 
 Provides both async (QUIC transport) and sync (FFI transport) APIs for
-interacting with a quicproquo server.
+interacting with a quicprochat server.
 """
 
 from __future__ import annotations
 
 from typing import Optional
 
-from quicproquo.types import (
+from quicprochat.types import (
     ConnectOptions,
     Envelope,
     ChannelResult,
     HealthInfo,
     ConnectionError,
 )
-from quicproquo.transport import QuicTransport
-from quicproquo.ffi import FfiTransport
-from quicproquo import proto, wire
+from quicprochat.transport import QuicTransport
+from quicprochat.ffi import FfiTransport
+from quicprochat import proto, wire
 
 
 class QpqClient:
-    """High-level quicproquo client.
+    """High-level quicprochat client.
 
     Use ``QpqClient.connect()`` for the async QUIC transport, or
     ``QpqClient.connect_ffi()`` for the synchronous Rust FFI backend.
diff --git a/sdks/python/quicprochat/ffi.py b/sdks/python/quicprochat/ffi.py
index 1283f28..2361c67 100644
--- a/sdks/python/quicprochat/ffi.py
+++ b/sdks/python/quicprochat/ffi.py
@@ -1,7 +1,7 @@
-"""CFFI bindings to ``libquicproquo_ffi`` (the Rust C FFI layer).
+"""CFFI bindings to ``libquicprochat_ffi`` (the Rust C FFI layer).
 
 This module loads the shared library and exposes a synchronous Python API
-that mirrors the C functions in ``crates/quicproquo-ffi/src/lib.rs``.
+that mirrors the C functions in ``crates/quicprochat-ffi/src/lib.rs``.
 """
 
 from __future__ import annotations
@@ -13,14 +13,14 @@ from typing import Optional
 
 import cffi
 
-from quicproquo.types import (
+from quicprochat.types import (
     QpqError,
     AuthError,
     TimeoutError,
     ConnectionError,
 )
 
-# Status codes (must match crates/quicproquo-ffi/src/lib.rs).
+# Status codes (must match crates/quicprochat-ffi/src/lib.rs).
 QPQ_OK = 0
 QPQ_ERROR = 1
 QPQ_AUTH_FAILED = 2
@@ -54,23 +54,23 @@ def _load_lib() -> object:
         # Explicit environment variable.
         os.environ.get("QPQ_LIB_PATH", ""),
         # Common cargo build output locations.
-        str(Path(__file__).resolve().parents[3] / "target" / "release" / "libquicproquo_ffi.so"),
-        str(Path(__file__).resolve().parents[3] / "target" / "debug" / "libquicproquo_ffi.so"),
+        str(Path(__file__).resolve().parents[3] / "target" / "release" / "libquicprochat_ffi.so"),
+        str(Path(__file__).resolve().parents[3] / "target" / "debug" / "libquicprochat_ffi.so"),
         # macOS dylib.
         str(
             Path(__file__).resolve().parents[3]
             / "target"
             / "release"
-            / "libquicproquo_ffi.dylib"
+            / "libquicprochat_ffi.dylib"
         ),
         str(
             Path(__file__).resolve().parents[3]
             / "target"
             / "debug"
-            / "libquicproquo_ffi.dylib"
+            / "libquicprochat_ffi.dylib"
         ),
         # System library path.
-        "libquicproquo_ffi.so",
+        "libquicprochat_ffi.so",
     ]
 
     for path in search_paths:
@@ -83,8 +83,8 @@ def _load_lib() -> object:
             continue
 
     raise OSError(
-        "Could not find libquicproquo_ffi. Set QPQ_LIB_PATH or build with "
-        "`cargo build --release -p quicproquo-ffi`."
+        "Could not find libquicprochat_ffi. Set QPQ_LIB_PATH or build with "
+        "`cargo build --release -p quicprochat-ffi`."
     )
 
 
@@ -107,7 +107,7 @@ def _check_error(handle: object, code: int) -> None:
 
 
 class FfiTransport:
-    """Synchronous transport wrapping ``libquicproquo_ffi``.
+    """Synchronous transport wrapping ``libquicprochat_ffi``.
 
     Provides the same logical operations as ``QuicTransport`` but backed
     by the Rust client library through C FFI.
diff --git a/sdks/python/quicprochat/transport.py b/sdks/python/quicprochat/transport.py
index c007ec6..5573135 100644
--- a/sdks/python/quicprochat/transport.py
+++ b/sdks/python/quicprochat/transport.py
@@ -14,8 +14,8 @@ import asyncio
 import ssl
 from typing import Any
 
-from quicproquo.types import ConnectionError, TimeoutError
-from quicproquo.wire import HEADER_SIZE, encode_frame, decode_header
+from quicprochat.types import ConnectionError, TimeoutError
+from quicprochat.wire import HEADER_SIZE, encode_frame, decode_header
 
 
 def _make_protocol_class() -> type:
diff --git a/sdks/python/quicprochat/types.py b/sdks/python/quicprochat/types.py
index efc01e0..aeccf4e 100644
--- a/sdks/python/quicprochat/types.py
+++ b/sdks/python/quicprochat/types.py
@@ -1,4 +1,4 @@
-"""Data types and exceptions for the quicproquo Python SDK."""
+"""Data types and exceptions for the quicprochat Python SDK."""
 
 from __future__ import annotations
 
@@ -12,7 +12,7 @@ from typing import Optional
 
 
 class QpqError(Exception):
-    """Base exception for quicproquo SDK errors."""
+    """Base exception for quicprochat SDK errors."""
 
 
 class AuthError(QpqError):
@@ -34,7 +34,7 @@ class ConnectionError(QpqError):
 
 @dataclass(frozen=True)
 class ConnectOptions:
-    """Options for connecting to a quicproquo server.
+    """Options for connecting to a quicprochat server.
 
     Parameters
     ----------
diff --git a/sdks/python/quicprochat/wire.py b/sdks/python/quicprochat/wire.py
index 08c78ae..c11664e 100644
--- a/sdks/python/quicprochat/wire.py
+++ b/sdks/python/quicprochat/wire.py
@@ -12,7 +12,7 @@ import struct
 HEADER_FMT = "!HII"  # network byte-order: u16 + u32 + u32
 HEADER_SIZE = struct.calcsize(HEADER_FMT)
 
-# Method IDs (mirrors quicproquo-proto/src/lib.rs::method_ids).
+# Method IDs (mirrors quicprochat-proto/src/lib.rs::method_ids).
 # Auth (100-103)
 OPAQUE_REGISTER_START = 100
 OPAQUE_REGISTER_FINISH = 101
diff --git a/sdks/python/tests/test_proto.py b/sdks/python/tests/test_proto.py
index b61a595..3a8449c 100644
--- a/sdks/python/tests/test_proto.py
+++ b/sdks/python/tests/test_proto.py
@@ -1,6 +1,6 @@
 """Tests for the manual protobuf encode/decode layer."""
 
-from quicproquo.proto import (
+from quicprochat.proto import (
     encode_health,
     decode_health_response,
     encode_resolve_user,
diff --git a/sdks/python/tests/test_types.py b/sdks/python/tests/test_types.py
index 4420cce..868e194 100644
--- a/sdks/python/tests/test_types.py
+++ b/sdks/python/tests/test_types.py
@@ -1,6 +1,6 @@
 """Tests for SDK data types and exceptions."""
 
-from quicproquo.types import (
+from quicprochat.types import (
     ConnectOptions,
     Envelope,
     ChannelResult,
diff --git a/sdks/python/tests/test_wire.py b/sdks/python/tests/test_wire.py
index a2ba95d..4831f8a 100644
--- a/sdks/python/tests/test_wire.py
+++ b/sdks/python/tests/test_wire.py
@@ -1,6 +1,6 @@
 """Tests for the v2 wire format encoder/decoder."""
 
-from quicproquo.wire import (
+from quicprochat.wire import (
     HEADER_SIZE,
     encode_frame,
     decode_header,
diff --git a/sdks/ruby/README.md b/sdks/ruby/README.md
index e558881..a962c59 100644
--- a/sdks/ruby/README.md
+++ b/sdks/ruby/README.md
@@ -1,39 +1,39 @@
-# QuicProQuo Ruby SDK
+# QuicProChat Ruby SDK
 
-Ruby FFI gem wrapping `libquicproquo_ffi` for the quicproquo E2E encrypted messenger.
+Ruby FFI gem wrapping `libquicprochat_ffi` for the quicprochat E2E encrypted messenger.
 
 ## Prerequisites
 
 - Ruby 3.1+
-- `libquicproquo_ffi` built for the target platform
+- `libquicprochat_ffi` built for the target platform
 
 ## Installation
 
 ```sh
-gem install quicproquo
+gem install quicprochat
 ```
 
 Or add to your Gemfile:
 
 ```ruby
-gem "quicproquo"
+gem "quicprochat"
 ```
 
 ## Building the Native Library
 
 ```sh
-cargo build --release -p quicproquo-ffi
+cargo build --release -p quicprochat-ffi
 ```
 
-Set `QPQ_LIB_PATH` if the library is not in the default search path.
+Set `QPC_LIB_PATH` if the library is not in the default search path.
 
 ## Usage
 
 ```ruby
-require "quicproquo"
+require "quicprochat"
 
 # Block form (auto-disconnect)
-QuicProQuo::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |client|
+QuicProChat::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |client|
   client.login("alice", "secret")
   client.send("bob", "hello from Ruby!")
 
@@ -42,7 +42,7 @@ QuicProQuo::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |client|
 end
 
 # Manual lifecycle
-client = QuicProQuo::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
+client = QuicProChat::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
 client.login("alice", "secret")
 client.send("bob", "hello")
 client.disconnect
@@ -65,18 +65,18 @@ client.disconnect
 ```ruby
 begin
   client.login("alice", "wrong")
-rescue QuicProQuo::AuthError => e
+rescue QuicProChat::AuthError => e
   puts "Auth failed: #{e.message}"
-rescue QuicProQuo::TimeoutError => e
+rescue QuicProChat::TimeoutError => e
   puts "Timeout: #{e.message}"
-rescue QuicProQuo::Error => e
+rescue QuicProChat::Error => e
   puts "Error: #{e.message}"
 end
 ```
 
 ## Structure
 
-- `lib/quicproquo/client.rb` -- High-level client
-- `lib/quicproquo/ffi_bindings.rb` -- FFI function declarations
-- `lib/quicproquo/errors.rb` -- Exception classes
+- `lib/quicprochat/client.rb` -- High-level client
+- `lib/quicprochat/ffi_bindings.rb` -- FFI function declarations
+- `lib/quicprochat/errors.rb` -- Exception classes
 - `examples/demo.rb` -- Usage example
diff --git a/sdks/ruby/examples/demo.rb b/sdks/ruby/examples/demo.rb
index 16de1fc..9d022bc 100644
--- a/sdks/ruby/examples/demo.rb
+++ b/sdks/ruby/examples/demo.rb
@@ -1,14 +1,14 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-# Example: quicproquo Ruby SDK demo.
+# Example: quicprochat Ruby SDK demo.
 #
 # Usage:
 #   ruby demo.rb --server 127.0.0.1:5001 --ca-cert ca.pem \
 #     --user alice --pass secret --recipient bob --message "hello"
 
 require "optparse"
-require_relative "../lib/quicproquo"
+require_relative "../lib/quicprochat"
 
 options = {
   server: "127.0.0.1:5001",
@@ -26,7 +26,7 @@ OptionParser.new do |opts|
   opts.on("--message TEXT", "Message") { |v| options[:message] = v }
 end.parse!
 
-QuicProQuo::Client.open(options[:server], ca_cert: options[:ca_cert]) do |client|
+QuicProChat::Client.open(options[:server], ca_cert: options[:ca_cert]) do |client|
   puts "Connected to #{options[:server]}"
 
   client.login(options[:user], options[:pass])
diff --git a/sdks/ruby/lib/quicprochat.rb b/sdks/ruby/lib/quicprochat.rb
new file mode 100644
index 0000000..9e8d1d0
--- /dev/null
+++ b/sdks/ruby/lib/quicprochat.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require_relative "quicprochat/ffi_bindings"
+require_relative "quicprochat/client"
+require_relative "quicprochat/errors"
+require_relative "quicprochat/version"
+
+# Ruby SDK for the quicprochat E2E encrypted messenger.
+#
+# Two usage patterns:
+#
+#   # Block form (auto-disconnect)
+#   QuicProChat::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |client|
+#     client.login("alice", "secret")
+#     client.send("bob", "hello")
+#   end
+#
+#   # Manual lifecycle
+#   client = QuicProChat::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
+#   client.login("alice", "secret")
+#   client.disconnect
+module QuicProChat
+end
diff --git a/sdks/ruby/lib/quicprochat/client.rb b/sdks/ruby/lib/quicprochat/client.rb
index f7992f4..9864f3d 100644
--- a/sdks/ruby/lib/quicprochat/client.rb
+++ b/sdks/ruby/lib/quicprochat/client.rb
@@ -2,12 +2,12 @@
 
 require "json"
 
-module QuicProQuo
-  # High-level quicproquo client for Ruby.
+module QuicProChat
+  # High-level quicprochat client for Ruby.
   #
-  # Wraps +libquicproquo_ffi+ via the +ffi+ gem.
+  # Wraps +libquicprochat_ffi+ via the +ffi+ gem.
   #
-  #   client = QuicProQuo::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
+  #   client = QuicProChat::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
   #   client.login("alice", "secret")
   #   client.send("bob", "hello")
   #   messages = client.receive(timeout_ms: 5000)
@@ -15,12 +15,12 @@ module QuicProQuo
   #
   # Or use the block form for automatic cleanup:
   #
-  #   QuicProQuo::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |c|
+  #   QuicProChat::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |c|
   #     c.login("alice", "secret")
   #     c.send("bob", "hello")
   #   end
   class Client
-    # Connect to a quicproquo server.
+    # Connect to a quicprochat server.
     #
     # @param server [String] Server address as +host:port+.
     # @param ca_cert [String] Path to PEM-encoded CA certificate.
diff --git a/sdks/ruby/lib/quicprochat/errors.rb b/sdks/ruby/lib/quicprochat/errors.rb
index a4416d8..c310bf1 100644
--- a/sdks/ruby/lib/quicprochat/errors.rb
+++ b/sdks/ruby/lib/quicprochat/errors.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-module QuicProQuo
-  # Base error for quicproquo SDK.
+module QuicProChat
+  # Base error for quicprochat SDK.
   class Error < StandardError; end
 
   # OPAQUE authentication failed (bad credentials).
diff --git a/sdks/ruby/lib/quicprochat/ffi_bindings.rb b/sdks/ruby/lib/quicprochat/ffi_bindings.rb
index ce13f0f..b207503 100644
--- a/sdks/ruby/lib/quicprochat/ffi_bindings.rb
+++ b/sdks/ruby/lib/quicprochat/ffi_bindings.rb
@@ -2,8 +2,8 @@
 
 require "ffi"
 
-module QuicProQuo
-  # Low-level FFI bindings to libquicproquo_ffi.
+module QuicProChat
+  # Low-level FFI bindings to libquicprochat_ffi.
   #
   # The library is located via:
   # 1. QPQ_LIB_PATH environment variable
@@ -12,7 +12,7 @@ module QuicProQuo
   module FFIBindings
     extend FFI::Library
 
-    # Status codes (mirrors crates/quicproquo-ffi/src/lib.rs).
+    # Status codes (mirrors crates/quicprochat-ffi/src/lib.rs).
     QPQ_OK            = 0
     QPQ_ERROR         = 1
     QPQ_AUTH_FAILED   = 2
@@ -22,14 +22,14 @@ module QuicProQuo
     # Locate and load the shared library.
     LIB_SEARCH_PATHS = [
       ENV.fetch("QPQ_LIB_PATH", nil),
-      File.expand_path("../../../../target/release/libquicproquo_ffi.so", __dir__),
-      File.expand_path("../../../../target/debug/libquicproquo_ffi.so", __dir__),
-      File.expand_path("../../../../target/release/libquicproquo_ffi.dylib", __dir__),
-      File.expand_path("../../../../target/debug/libquicproquo_ffi.dylib", __dir__),
-      "quicproquo_ffi",
+      File.expand_path("../../../../target/release/libquicprochat_ffi.so", __dir__),
+      File.expand_path("../../../../target/debug/libquicprochat_ffi.so", __dir__),
+      File.expand_path("../../../../target/release/libquicprochat_ffi.dylib", __dir__),
+      File.expand_path("../../../../target/debug/libquicprochat_ffi.dylib", __dir__),
+      "quicprochat_ffi",
     ].compact.freeze
 
-    lib_path = LIB_SEARCH_PATHS.find { |p| File.exist?(p) } || "quicproquo_ffi"
+    lib_path = LIB_SEARCH_PATHS.find { |p| File.exist?(p) } || "quicprochat_ffi"
     ffi_lib lib_path
 
     # QpqHandle* qpq_connect(const char*, const char*, const char*)
diff --git a/sdks/ruby/lib/quicprochat/version.rb b/sdks/ruby/lib/quicprochat/version.rb
index cd63822..8da57d3 100644
--- a/sdks/ruby/lib/quicprochat/version.rb
+++ b/sdks/ruby/lib/quicprochat/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
-module QuicProQuo
+module QuicProChat
   VERSION = "0.1.0"
 end
diff --git a/sdks/ruby/lib/quicproquo.rb b/sdks/ruby/lib/quicproquo.rb
deleted file mode 100644
index 6ac8598..0000000
--- a/sdks/ruby/lib/quicproquo.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "quicproquo/ffi_bindings"
-require_relative "quicproquo/client"
-require_relative "quicproquo/errors"
-require_relative "quicproquo/version"
-
-# Ruby SDK for the quicproquo E2E encrypted messenger.
-#
-# Two usage patterns:
-#
-#   # Block form (auto-disconnect)
-#   QuicProQuo::Client.open("127.0.0.1:5001", ca_cert: "ca.pem") do |client|
-#     client.login("alice", "secret")
-#     client.send("bob", "hello")
-#   end
-#
-#   # Manual lifecycle
-#   client = QuicProQuo::Client.new("127.0.0.1:5001", ca_cert: "ca.pem")
-#   client.login("alice", "secret")
-#   client.disconnect
-module QuicProQuo
-end
diff --git a/sdks/ruby/quicprochat.gemspec b/sdks/ruby/quicprochat.gemspec
index d31c6a0..850ab25 100644
--- a/sdks/ruby/quicprochat.gemspec
+++ b/sdks/ruby/quicprochat.gemspec
@@ -1,12 +1,12 @@
 Gem::Specification.new do |s|
-  s.name        = "quicproquo"
+  s.name        = "quicprochat"
   s.version     = "0.1.0"
-  s.summary     = "Ruby SDK for quicproquo E2E encrypted messenger"
-  s.description = "Ruby FFI bindings to libquicproquo_ffi for the quicproquo " \
+  s.summary     = "Ruby SDK for quicprochat E2E encrypted messenger"
+  s.description = "Ruby FFI bindings to libquicprochat_ffi for the quicprochat " \
                   "end-to-end encrypted messaging system."
-  s.authors     = ["quicproquo contributors"]
+  s.authors     = ["quicprochat contributors"]
   s.license     = "MIT"
-  s.homepage    = "https://github.com/nicholasgasior/quicproquo"
+  s.homepage    = "https://github.com/nicholasgasior/quicprochat"
 
   s.required_ruby_version = ">= 3.1"
 
diff --git a/sdks/swift/Package.swift b/sdks/swift/Package.swift
index 2ca0fe0..ab6df12 100644
--- a/sdks/swift/Package.swift
+++ b/sdks/swift/Package.swift
@@ -1,32 +1,32 @@
 // swift-tools-version: 5.9
-// QuicProQuo Swift SDK — wraps libquicproquo_ffi for iOS/macOS.
+// QuicProChat Swift SDK — wraps libquicprochat_ffi for iOS/macOS.
 
 import PackageDescription
 
 let package = Package(
-    name: "QuicProQuo",
+    name: "QuicProChat",
     platforms: [
         .iOS(.v15),
         .macOS(.v13),
     ],
     products: [
-        .library(name: "QuicProQuo", targets: ["QuicProQuo"]),
+        .library(name: "QuicProChat", targets: ["QuicProChat"]),
     ],
     targets: [
         .systemLibrary(
-            name: "CQuicProQuo",
+            name: "CQuicProChat",
             pkgConfig: nil,
             providers: []
         ),
         .target(
-            name: "QuicProQuo",
-            dependencies: ["CQuicProQuo"],
-            path: "Sources/QuicProQuo"
+            name: "QuicProChat",
+            dependencies: ["CQuicProChat"],
+            path: "Sources/QuicProChat"
         ),
         .testTarget(
-            name: "QuicProQuoTests",
-            dependencies: ["QuicProQuo"],
-            path: "Tests/QuicProQuoTests"
+            name: "QuicProChatTests",
+            dependencies: ["QuicProChat"],
+            path: "Tests/QuicProChatTests"
         ),
     ]
 )
diff --git a/sdks/swift/README.md b/sdks/swift/README.md
index dd72d38..49cf627 100644
--- a/sdks/swift/README.md
+++ b/sdks/swift/README.md
@@ -1,24 +1,24 @@
-# QuicProQuo Swift SDK
+# QuicProChat Swift SDK
 
-Swift wrapper over `libquicproquo_ffi` for iOS and macOS.
+Swift wrapper over `libquicprochat_ffi` for iOS and macOS.
 
 ## Prerequisites
 
 - Xcode 15+ / Swift 5.9+
 - iOS 15+ or macOS 13+
-- `libquicproquo_ffi` built for the target architecture
+- `libquicprochat_ffi` built for the target architecture
 
 ## Building the Native Library
 
 ```sh
 # iOS (device)
-cargo build --release -p quicproquo-ffi --target aarch64-apple-ios
+cargo build --release -p quicprochat-ffi --target aarch64-apple-ios
 
 # iOS Simulator (Apple Silicon)
-cargo build --release -p quicproquo-ffi --target aarch64-apple-ios-sim
+cargo build --release -p quicprochat-ffi --target aarch64-apple-ios-sim
 
 # macOS
-cargo build --release -p quicproquo-ffi --target aarch64-apple-darwin
+cargo build --release -p quicprochat-ffi --target aarch64-apple-darwin
 ```
 
 ## Installation
@@ -37,13 +37,13 @@ Or add the library search path to your Xcode project:
 
 ```
 LIBRARY_SEARCH_PATHS = $(PROJECT_DIR)/../target/release
-OTHER_LDFLAGS = -lquicproquo_ffi
+OTHER_LDFLAGS = -lquicprochat_ffi
 ```
 
 ## Usage
 
 ```swift
-import QuicProQuo
+import QuicProChat
 
 let client = try QpqClient(
     server: "127.0.0.1:5001",
@@ -88,9 +88,9 @@ do {
 
 ## Structure
 
-- `Sources/CQuicProQuo/` -- C module map and FFI header
-- `Sources/QuicProQuo/QpqClient.swift` -- High-level Swift client
-- `Sources/QuicProQuo/QpqError.swift` -- Error types
+- `Sources/CQuicProChat/` -- C module map and FFI header
+- `Sources/QuicProChat/QpqClient.swift` -- High-level Swift client
+- `Sources/QuicProChat/QpqError.swift` -- Error types
 
 ## Cross-Compilation
 
@@ -98,7 +98,7 @@ For iOS devices, add the Rust target and build:
 
 ```sh
 rustup target add aarch64-apple-ios
-cargo build --release -p quicproquo-ffi --target aarch64-apple-ios
+cargo build --release -p quicprochat-ffi --target aarch64-apple-ios
 ```
 
 Copy the library to your Xcode project's framework search path.
diff --git a/sdks/swift/Sources/CQuicProChat/module.modulemap b/sdks/swift/Sources/CQuicProChat/module.modulemap
new file mode 100644
index 0000000..2ce563f
--- /dev/null
+++ b/sdks/swift/Sources/CQuicProChat/module.modulemap
@@ -0,0 +1,5 @@
+module CQuicProChat {
+    header "quicprochat_ffi.h"
+    link "quicprochat_ffi"
+    export *
+}
diff --git a/sdks/swift/Sources/CQuicProQuo/quicproquo_ffi.h b/sdks/swift/Sources/CQuicProChat/quicprochat_ffi.h
similarity index 81%
rename from sdks/swift/Sources/CQuicProQuo/quicproquo_ffi.h
rename to sdks/swift/Sources/CQuicProChat/quicprochat_ffi.h
index 0a3c397..2b1ab24 100644
--- a/sdks/swift/Sources/CQuicProQuo/quicproquo_ffi.h
+++ b/sdks/swift/Sources/CQuicProChat/quicprochat_ffi.h
@@ -1,9 +1,9 @@
-// quicproquo_ffi.h — C header for libquicproquo_ffi.
+// quicprochat_ffi.h — C header for libquicprochat_ffi.
 //
-// Mirrors the extern "C" functions from crates/quicproquo-ffi/src/lib.rs.
+// Mirrors the extern "C" functions from crates/quicprochat-ffi/src/lib.rs.
 
-#ifndef QUICPROQUO_FFI_H
-#define QUICPROQUO_FFI_H
+#ifndef QUICPROCHAT_FFI_H
+#define QUICPROCHAT_FFI_H
 
 #include 
 #include 
@@ -22,7 +22,7 @@ extern "C" {
 // Opaque handle type.
 typedef struct QpqHandle QpqHandle;
 
-// Connect to a quicproquo server.  Returns NULL on failure.
+// Connect to a quicprochat server.  Returns NULL on failure.
 QpqHandle* qpq_connect(const char* server, const char* ca_cert, const char* server_name);
 
 // Authenticate with OPAQUE credentials.
@@ -49,4 +49,4 @@ void qpq_free_string(char* ptr);
 }
 #endif
 
-#endif // QUICPROQUO_FFI_H
+#endif // QUICPROCHAT_FFI_H
diff --git a/sdks/swift/Sources/CQuicProQuo/module.modulemap b/sdks/swift/Sources/CQuicProQuo/module.modulemap
deleted file mode 100644
index 3045953..0000000
--- a/sdks/swift/Sources/CQuicProQuo/module.modulemap
+++ /dev/null
@@ -1,5 +0,0 @@
-module CQuicProQuo {
-    header "quicproquo_ffi.h"
-    link "quicproquo_ffi"
-    export *
-}
diff --git a/sdks/swift/Sources/QuicProQuo/QpqClient.swift b/sdks/swift/Sources/QuicProChat/QpqClient.swift
similarity index 96%
rename from sdks/swift/Sources/QuicProQuo/QpqClient.swift
rename to sdks/swift/Sources/QuicProChat/QpqClient.swift
index df47903..5455ee9 100644
--- a/sdks/swift/Sources/QuicProQuo/QpqClient.swift
+++ b/sdks/swift/Sources/QuicProChat/QpqClient.swift
@@ -1,9 +1,9 @@
 import Foundation
-import CQuicProQuo
+import CQuicProChat
 
-/// High-level quicproquo client for iOS/macOS.
+/// High-level quicprochat client for iOS/macOS.
 ///
-/// Wraps ``libquicproquo_ffi`` to provide a Swift-native API for
+/// Wraps ``libquicprochat_ffi`` to provide a Swift-native API for
 /// connecting, authenticating, and messaging.
 ///
 /// ```swift
@@ -20,7 +20,7 @@ public final class QpqClient: @unchecked Sendable {
     private var handle: OpaquePointer?
     private let lock = NSLock()
 
-    /// Connect to a quicproquo server.
+    /// Connect to a quicprochat server.
     ///
     /// - Parameters:
     ///   - server: Server address as ``host:port``.
diff --git a/sdks/swift/Sources/QuicProQuo/QpqError.swift b/sdks/swift/Sources/QuicProChat/QpqError.swift
similarity index 94%
rename from sdks/swift/Sources/QuicProQuo/QpqError.swift
rename to sdks/swift/Sources/QuicProChat/QpqError.swift
index f57d669..18b947e 100644
--- a/sdks/swift/Sources/QuicProQuo/QpqError.swift
+++ b/sdks/swift/Sources/QuicProChat/QpqError.swift
@@ -1,4 +1,4 @@
-/// Errors returned by the QuicProQuo SDK.
+/// Errors returned by the QuicProChat SDK.
 public enum QpqError: Error, Sendable, CustomStringConvertible {
     /// Connection to the server failed.
     case connectionFailed(String)
diff --git a/sdks/typescript/README.md b/sdks/typescript/README.md
index 083c9fd..6216975 100644
--- a/sdks/typescript/README.md
+++ b/sdks/typescript/README.md
@@ -1,13 +1,13 @@
-# @quicproquo/client
+# @quicprochat/client
 
-TypeScript SDK for [quicproquo](https://github.com/nicholasgasior/quicproquo) --
+TypeScript SDK for [quicprochat](https://github.com/nicholasgasior/quicprochat) --
 an E2E encrypted group messenger built on MLS (RFC 9420), hybrid post-quantum
 key exchange (X25519 + ML-KEM-768), and sealed sender envelopes.
 
 ## Features
 
 - **WASM-powered crypto** -- Ed25519 signatures, hybrid KEM, sealed sender,
-  message padding, safety numbers -- all compiled from the Rust `quicproquo-core`
+  message padding, safety numbers -- all compiled from the Rust `quicprochat-core`
   crate via `wasm-pack`.
 - **High-level client API** -- `QpqClient` wraps transport + crypto into a
   type-safe interface for resolving users, creating channels, and exchanging
@@ -20,7 +20,7 @@ key exchange (X25519 + ML-KEM-768), and sealed sender envelopes.
 ## Quick start
 
 ```typescript
-import { QpqClient } from "@quicproquo/client";
+import { QpqClient } from "@quicprochat/client";
 
 // Crypto-only (no server needed)
 const client = await QpqClient.offline();
@@ -37,7 +37,7 @@ console.log("Valid:", client.verify(alice.publicKey, msg, sig));
 
 ## Server connection
 
-The native qpq server speaks Cap'n Proto RPC over QUIC/TCP with Noise_XX.
+The native qpc server speaks Cap'n Proto RPC over QUIC/TCP with Noise_XX.
 Browsers cannot open raw TCP sockets, so a WebSocket bridge proxy is required
 for full server connectivity:
 
diff --git a/sdks/typescript/demo/index.html b/sdks/typescript/demo/index.html
index c72d84f..5ab3e66 100644
--- a/sdks/typescript/demo/index.html
+++ b/sdks/typescript/demo/index.html
@@ -3,7 +3,7 @@
 
 
 
-quicproquo -- E2E Encrypted Messenger Demo
+quicprochat -- E2E Encrypted Messenger Demo