c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: rename quicproquo → quicprochat in docs, Docker, CI, and packaging

Browse Source 
Rename all project references from quicproquo/qpq to quicprochat/qpc
across documentation, Docker configuration, CI workflows, packaging
scripts, operational configs, and build tooling.

- Docker: crate paths, binary names, user/group, data dirs, env vars
- CI: workflow crate references, binary names, artifact names
- Docs: all markdown files under docs/, SDK READMEs, book.toml
- Packaging: OpenWrt Makefile, init script, UCI config (file renames)
- Scripts: justfile, dev-shell, screenshot, cross-compile, ai_team
- Operations: Prometheus config, alert rules, Grafana dashboard
- Config: .env.example (QPQ_* → QPC_*), CODEOWNERS paths
- Top-level: README, CONTRIBUTING, ROADMAP, CLAUDE.md
This commit is contained in:
Christian Nennemann
2026-03-07 18:46:43 +01:00
parent a710037dde
commit 2e081ead8e
179 changed files with 1645 additions and 1645 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/src/SUMMARY.md
View File

@@ -4,7 +4,7 @@
---
# Why quicproquo?
# Why quicprochat?
- [Comparison with Classical Chat Protocols](design-rationale/protocol-comparison.md)
- [Why This Design, Not Signal/Matrix/...](design-rationale/why-not-signal.md)
@@ -20,7 +20,7 @@
- [REPL Command Reference](getting-started/repl-reference.md)
- [Rich Messaging](getting-started/rich-messaging.md)
- [File Transfer](getting-started/file-transfer.md)
- [TLS in quicproquo](getting-started/tls.md)
- [TLS in quicprochat](getting-started/tls.md)
- [Certificate Lifecycle and CA-Signed TLS](getting-started/certificate-lifecycle.md)
- [Docker Deployment](getting-started/docker.md)
- [Mesh Networking](getting-started/mesh-networking.md)

46
docs/src/appendix/glossary.md
View File

@@ -1,22 +1,22 @@
# Glossary
Alphabetical glossary of terms used throughout the quicproquo documentation.
Alphabetical glossary of terms used throughout the quicprochat documentation.
Each entry includes a brief definition and, where applicable, a reference to the
relevant specification or documentation page.
---
**AEAD** -- Authenticated Encryption with Associated Data. A symmetric encryption
scheme that provides both confidentiality and integrity. quicproquo uses
scheme that provides both confidentiality and integrity. quicprochat uses
AES-128-GCM (in the MLS ciphersuite). See [Cryptography Overview](../cryptography/overview.md).
**ALPN** -- Application-Layer Protocol Negotiation. A TLS extension that allows
the client and server to agree on an application protocol during the TLS
handshake. quicproquo v2 uses the ALPN token `"qpq"` (replacing the legacy
handshake. quicprochat v2 uses the ALPN token `"qpc"` (replacing the legacy
`"capnp"` token used in v1). See [Wire Format Overview](../wire-format/overview.md).
**Argon2id** -- A memory-hard password hashing and key derivation function
(winner of the Password Hashing Competition, 2015). quicproquo uses Argon2id
(winner of the Password Hashing Competition, 2015). quicprochat uses Argon2id
to derive the SQLCipher encryption key from the server's passphrase, and
optionally for client-side key derivation. See [Storage Backend](../internals/storage-backend.md).
@@ -25,10 +25,10 @@ registration and login, stores single-use MLS KeyPackages, and manages hybrid
post-quantum public keys. See [Authentication Service Internals](../internals/authentication-service.md).
**Cap'n Proto** -- A zero-copy serialisation format with a built-in RPC system.
Used in quicproquo v1 for all wire messages and service RPCs. Schemas lived in
Used in quicprochat v1 for all wire messages and service RPCs. Schemas lived in
`schemas/*.capnp`. In v2, Cap'n Proto is replaced by Protobuf (prost) for RPC
messages, though the legacy Cap'n Proto types remain in `quicproquo-proto` for
backward compatibility. See the v1 archive in `crates/quicproquo-proto/`.
messages, though the legacy Cap'n Proto types remain in `quicprochat-proto` for
backward compatibility. See the v1 archive in `crates/quicprochat-proto/`.
**Commit** -- An MLS message type that advances the group to a new epoch. When a
member sends a Commit (e.g., after adding or removing a member), all group
@@ -37,13 +37,13 @@ forward secrecy and post-compromise security.
See [MLS (RFC 9420)](../protocol-layers/mls.md).
**Credential** -- An MLS identity binding that associates a member's signing key
with their identity. quicproquo uses `BasicCredential`, which contains the
with their identity. quicprochat uses `BasicCredential`, which contains the
raw Ed25519 public key bytes. See
[Ed25519 Identity Keys](../cryptography/identity-keys.md).
**DER** -- Distinguished Encoding Rules. A binary encoding format for ASN.1
structures, used for X.509 certificates and TLS certificate chains. The
self-signed TLS certificate generated by quicproquo is DER-encoded.
self-signed TLS certificate generated by quicprochat is DER-encoded.
**DS** -- Delivery Service. The server component that provides store-and-forward
relay for opaque MLS payloads. The DS never inspects ciphertext -- it routes
@@ -52,7 +52,7 @@ See [Architecture Overview](../architecture/overview.md).
**Ed25519** -- Edwards-curve Digital Signature Algorithm on Curve25519. Used for
MLS identity credentials and signing (KeyPackages, Commits, group operations).
quicproquo uses the `ed25519-dalek` crate.
quicprochat uses the `ed25519-dalek` crate.
See [Ed25519 Identity Keys](../cryptography/identity-keys.md).
**Epoch** -- The version number of an MLS group's key state. Each Commit
@@ -66,11 +66,11 @@ the epoch ratchet: key material from earlier epochs is deleted when the epoch
advances. See [Forward Secrecy](../cryptography/forward-secrecy.md).
**HKDF** -- HMAC-based Key Derivation Function. Used in MLS to derive symmetric
keys from shared secrets. quicproquo uses HKDF-SHA256.
keys from shared secrets. quicprochat uses HKDF-SHA256.
**HPKE** -- Hybrid Public Key Encryption. The public-key encryption scheme used
in MLS for key exchange (encrypting to a KeyPackage's init key). Defined in
RFC 9180. In quicproquo, HPKE uses DHKEM(X25519, HKDF-SHA256).
RFC 9180. In quicprochat, HPKE uses DHKEM(X25519, HKDF-SHA256).
See [Hybrid KEM](../protocol-layers/hybrid-kem.md).
**KEM** -- Key Encapsulation Mechanism. A cryptographic primitive that generates
@@ -85,7 +85,7 @@ is consumed on fetch. See
**ML-KEM-768** -- Module-Lattice-based Key Encapsulation Mechanism, security
level 3 (NIST FIPS 203). A post-quantum KEM based on the hardness of the
module learning-with-errors (MLWE) problem. quicproquo uses ML-KEM-768 in a
module learning-with-errors (MLWE) problem. quicprochat uses ML-KEM-768 in a
hybrid construction with X25519 for post-quantum sealed envelope encryption.
See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md).
@@ -97,7 +97,7 @@ See [MLS (RFC 9420)](../protocol-layers/mls.md).
**OPAQUE** -- Asymmetric Password-Authenticated Key Exchange (RFC 9497). A
password authentication protocol in which the server never learns the user's
password, not even during registration. The server stores an OPAQUE registration
record derived from the password. quicproquo uses OPAQUE for all user
record derived from the password. quicprochat uses OPAQUE for all user
authentication (replacing static token auth in v1).
See [Authentication Service Internals](../internals/authentication-service.md).
@@ -114,19 +114,19 @@ KeyPackage and message fetch.
See [Future Research](../roadmap/future-research.md).
**prost** -- A Rust Protobuf code generation and runtime library. Used in
quicproquo v2 to generate Rust types from `proto/qpq/v1/*.proto` files at
build time. The generated types live in `crates/quicproquo-proto/`.
quicprochat v2 to generate Rust types from `proto/qpc/v1/*.proto` files at
build time. The generated types live in `crates/quicprochat-proto/`.
See [Rust Crate Documentation](references.md).
**Protobuf** -- Protocol Buffers. A language-neutral, binary serialisation format
from Google. quicproquo v2 uses Protobuf for all RPC message payloads, encoded
using the `prost` crate. Proto definitions live in `proto/qpq/v1/`.
from Google. quicprochat v2 uses Protobuf for all RPC message payloads, encoded
using the `prost` crate. Proto definitions live in `proto/qpc/v1/`.
See [Wire Format Overview](../wire-format/overview.md).
**QUIC** -- A UDP-based, multiplexed, encrypted transport protocol defined in
RFC 9000. QUIC integrates TLS 1.3 for authentication and confidentiality and
provides 0-RTT connection establishment, stream multiplexing, and built-in
congestion control. quicproquo uses the `quinn` crate.
congestion control. quicprochat uses the `quinn` crate.
See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md).
**Ratchet Tree** -- The binary tree data structure used in MLS for efficient
@@ -135,13 +135,13 @@ hold derived key material. Updates propagate along the path from a leaf to the
root, giving O(log N) cost for key updates in a group of N members.
**SQLCipher** -- An open-source extension to SQLite that provides transparent,
page-level AES-256 encryption of the database file. quicproquo uses SQLCipher
page-level AES-256 encryption of the database file. quicprochat uses SQLCipher
as the primary server-side storage backend via the `rusqlite` crate with the
`sqlcipher` feature. The encryption key is derived from a server passphrase
using Argon2id. See [Storage Backend](../internals/storage-backend.md).
**TLS 1.3** -- Transport Layer Security version 1.3, defined in RFC 8446. The
standard for authenticated, encrypted transport. quicproquo uses TLS 1.3
standard for authenticated, encrypted transport. quicprochat uses TLS 1.3
exclusively (via `rustls` with `TLS13` cipher suites only) as part of the QUIC
transport. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md).
@@ -153,11 +153,11 @@ KeyPackage. See [MLS (RFC 9420)](../protocol-layers/mls.md).
**X25519** -- Elliptic curve Diffie-Hellman key exchange on Curve25519 (using
the Montgomery form). Used as the classical component of DHKEM in MLS HPKE
and in the hybrid KEM (X25519 + ML-KEM-768).
quicproquo uses the `x25519-dalek` crate.
quicprochat uses the `x25519-dalek` crate.
See [Cryptography Overview](../cryptography/overview.md).
**Zeroize** -- The practice of securely clearing sensitive data (private keys,
shared secrets) from memory when it is no longer needed. quicproquo uses the
shared secrets) from memory when it is no longer needed. quicprochat uses the
`zeroize` crate with the `ZeroizeOnDrop` derive macro to ensure that key material
is overwritten on drop.
See [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md).

42
docs/src/appendix/references.md
View File

@@ -1,7 +1,7 @@
# References and Further Reading
This page collects the standards, crate documentation, and research papers
referenced throughout the quicproquo documentation. Entries are organised by
referenced throughout the quicprochat documentation. Entries are organised by
category.
---
@@ -10,26 +10,26 @@ category.
| Reference | Description |
|-----------|-------------|
| [RFC 9420 -- The Messaging Layer Security (MLS) Protocol](https://datatracker.ietf.org/doc/rfc9420/) | The group key agreement protocol used by quicproquo. Defines KeyPackages, Welcome messages, Commits, the ratchet tree, epoch advancement, and the security properties (forward secrecy, post-compromise security). See [MLS (RFC 9420)](../protocol-layers/mls.md). |
| [RFC 9497 -- The OPAQUE Asymmetric PAKE Protocol](https://datatracker.ietf.org/doc/rfc9497/) | Asymmetric password-authenticated key exchange. quicproquo uses OPAQUE for all user registration and login. The server never learns the user's password. See [Authentication Service Internals](../internals/authentication-service.md). |
| [RFC 9000 -- QUIC: A UDP-Based Multiplexed and Secure Transport](https://datatracker.ietf.org/doc/rfc9000/) | The transport protocol underlying quicproquo's primary connection layer. Provides multiplexed streams, 0-RTT connection establishment, and built-in congestion control. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). |
| [RFC 9001 -- Using TLS to Secure QUIC](https://datatracker.ietf.org/doc/rfc9001/) | Defines how TLS 1.3 is integrated into QUIC for authentication and key exchange. quicproquo uses this via the `quinn` + `rustls` stack. |
| [RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3](https://datatracker.ietf.org/doc/rfc8446/) | The TLS version used exclusively by quicproquo (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. |
| [RFC 9180 -- Hybrid Public Key Encryption (HPKE)](https://datatracker.ietf.org/doc/rfc9180/) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicproquo's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. |
| [NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) | The post-quantum KEM standard. quicproquo uses ML-KEM-768 in a hybrid construction with X25519 for post-quantum sealed envelope encryption. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). |
| [Protocol Buffers Language Guide (proto3)](https://protobuf.dev/programming-guides/proto3/) | The binary serialisation format used for all v2 RPC message payloads. quicproquo proto definitions live in `proto/qpq/v1/`. See [Wire Format Overview](../wire-format/overview.md). |
| [draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | The combiner approach used by quicproquo's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). |
| [RFC 9420 -- The Messaging Layer Security (MLS) Protocol](https://datatracker.ietf.org/doc/rfc9420/) | The group key agreement protocol used by quicprochat. Defines KeyPackages, Welcome messages, Commits, the ratchet tree, epoch advancement, and the security properties (forward secrecy, post-compromise security). See [MLS (RFC 9420)](../protocol-layers/mls.md). |
| [RFC 9497 -- The OPAQUE Asymmetric PAKE Protocol](https://datatracker.ietf.org/doc/rfc9497/) | Asymmetric password-authenticated key exchange. quicprochat uses OPAQUE for all user registration and login. The server never learns the user's password. See [Authentication Service Internals](../internals/authentication-service.md). |
| [RFC 9000 -- QUIC: A UDP-Based Multiplexed and Secure Transport](https://datatracker.ietf.org/doc/rfc9000/) | The transport protocol underlying quicprochat's primary connection layer. Provides multiplexed streams, 0-RTT connection establishment, and built-in congestion control. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). |
| [RFC 9001 -- Using TLS to Secure QUIC](https://datatracker.ietf.org/doc/rfc9001/) | Defines how TLS 1.3 is integrated into QUIC for authentication and key exchange. quicprochat uses this via the `quinn` + `rustls` stack. |
| [RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3](https://datatracker.ietf.org/doc/rfc8446/) | The TLS version used exclusively by quicprochat (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. |
| [RFC 9180 -- Hybrid Public Key Encryption (HPKE)](https://datatracker.ietf.org/doc/rfc9180/) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicprochat's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. |
| [NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)](https://csrc.nist.gov/pubs/fips/203/final) | The post-quantum KEM standard. quicprochat uses ML-KEM-768 in a hybrid construction with X25519 for post-quantum sealed envelope encryption. See [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md). |
| [Protocol Buffers Language Guide (proto3)](https://protobuf.dev/programming-guides/proto3/) | The binary serialisation format used for all v2 RPC message payloads. quicprochat proto definitions live in `proto/qpc/v1/`. See [Wire Format Overview](../wire-format/overview.md). |
| [draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | The combiner approach used by quicprochat's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See [Hybrid KEM](../protocol-layers/hybrid-kem.md). |
---
## Rust Crate Documentation
| Crate | docs.rs | Role in quicproquo |
| Crate | docs.rs | Role in quicprochat |
|-------|---------|----------------------|
| `openmls` | [docs.rs/openmls](https://docs.rs/openmls/) | MLS protocol implementation: group creation, member addition, Welcome processing, application message encryption/decryption. See [MLS (RFC 9420)](../protocol-layers/mls.md). |
| `openmls_rust_crypto` | [docs.rs/openmls_rust_crypto](https://docs.rs/openmls_rust_crypto/) | Pure-Rust cryptographic backend for openmls. Provides the `OpenMlsRustCrypto` provider used by `GroupMember`. |
| `prost` | [docs.rs/prost](https://docs.rs/prost/) | Protobuf runtime for Rust. Used to encode/decode all v2 RPC messages. Generated types are in `crates/quicproquo-proto/`. |
| `prost-build` | [docs.rs/prost-build](https://docs.rs/prost-build/) | Build-time Protobuf code generator invoked from `crates/quicproquo-proto/build.rs`. Reads `.proto` files and emits Rust structs. |
| `prost` | [docs.rs/prost](https://docs.rs/prost/) | Protobuf runtime for Rust. Used to encode/decode all v2 RPC messages. Generated types are in `crates/quicprochat-proto/`. |
| `prost-build` | [docs.rs/prost-build](https://docs.rs/prost-build/) | Build-time Protobuf code generator invoked from `crates/quicprochat-proto/build.rs`. Reads `.proto` files and emits Rust structs. |
| `protobuf-src` | [docs.rs/protobuf-src](https://docs.rs/protobuf-src/) | Vendors the `protoc` compiler as a build dependency. No system-installed protoc required. |
| `quinn` | [docs.rs/quinn](https://docs.rs/quinn/) | QUIC transport implementation. Provides the `Endpoint`, `Connection`, and stream types for client and server. See [QUIC + TLS 1.3](../protocol-layers/quic-tls.md). |
| `rustls` | [docs.rs/rustls](https://docs.rs/rustls/) | TLS 1.3 implementation used by `quinn`. Configured with `TLS13` cipher suites only and custom certificate verification. |
@@ -40,9 +40,9 @@ category.
| `ed25519-dalek` | [docs.rs/ed25519-dalek](https://docs.rs/ed25519-dalek/) | Ed25519 signing and verification. Used for MLS identity credentials (`BasicCredential`). See [Ed25519 Identity Keys](../cryptography/identity-keys.md). |
| `x25519-dalek` | [docs.rs/x25519-dalek](https://docs.rs/x25519-dalek/) | X25519 Diffie-Hellman key exchange. Used in hybrid KEM (X25519 + ML-KEM-768) and as the classical component of DHKEM in MLS HPKE. See [Hybrid KEM](../protocol-layers/hybrid-kem.md). |
| `zeroize` | [docs.rs/zeroize](https://docs.rs/zeroize/) | Secure memory zeroisation. All private key types implement `Zeroize + ZeroizeOnDrop`. See [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md). |
| `bytes` | [docs.rs/bytes](https://docs.rs/bytes/) | Zero-copy byte buffer abstraction. Used in the RPC framing layer (`quicproquo-rpc`) for efficient frame encoding/decoding without copying. |
| `bytes` | [docs.rs/bytes](https://docs.rs/bytes/) | Zero-copy byte buffer abstraction. Used in the RPC framing layer (`quicprochat-rpc`) for efficient frame encoding/decoding without copying. |
| `tokio` | [docs.rs/tokio](https://docs.rs/tokio/) | Async runtime. All server and client I/O runs on Tokio. |
| `tower` | [docs.rs/tower](https://docs.rs/tower/) | Service abstraction and middleware framework. Used in `quicproquo-rpc` for RPC middleware (auth, rate limiting, tracing). |
| `tower` | [docs.rs/tower](https://docs.rs/tower/) | Service abstraction and middleware framework. Used in `quicprochat-rpc` for RPC middleware (auth, rate limiting, tracing). |
| `clap` | [docs.rs/clap](https://docs.rs/clap/) | CLI argument parser for the client binary. |
| `tracing` | [docs.rs/tracing](https://docs.rs/tracing/) | Structured logging framework. Used throughout the server for request logging and diagnostics. |
| `thiserror` | [docs.rs/thiserror](https://docs.rs/thiserror/) | Derive macro for typed error enums in library crates. |
@@ -61,7 +61,7 @@ Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, and Kevin Milner.
This paper analyses the security properties of group messaging protocols and
motivates the design of MLS. It defines the security goals (forward secrecy,
post-compromise security, asynchronous operation) that MLS formalises into a
protocol. Essential background for understanding why quicproquo uses MLS
protocol. Essential background for understanding why quicprochat uses MLS
rather than extending the Signal protocol to groups.
### Signal Protocol
@@ -71,7 +71,7 @@ Trevor Perrin and Moxie Marlinspike.
[signal.org/docs/specifications/doubleratchet](https://signal.org/docs/specifications/doubleratchet/)
Defines the double ratchet used in Signal's 1:1 messaging. Relevant as a
potential optimisation for quicproquo's 1:1 channels (see
potential optimisation for quicprochat's 1:1 channels (see
[Future Research: Double-Ratchet DM Layer](../roadmap/future-research.md#double-ratchet-dm-layer))
and as background for understanding how MLS generalises ratcheting to groups.
@@ -90,7 +90,7 @@ Roberto Avanzi et al.
[NIST PQC Round 3 submission](https://pq-crystals.org/kyber/)
The predecessor to ML-KEM (NIST FIPS 203). CRYSTALS-Kyber was selected by NIST
and standardised as ML-KEM. quicproquo uses the `ml-kem` crate which
and standardised as ML-KEM. quicprochat uses the `ml-kem` crate which
implements the final FIPS 203 standard.
### OPAQUE
@@ -100,7 +100,7 @@ Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu.
*EUROCRYPT 2018.*
The original academic paper introducing OPAQUE. Standardised as RFC 9497.
Relevant background for understanding the security guarantees of quicproquo's
Relevant background for understanding the security guarantees of quicprochat's
authentication system: the server stores a verifier (not the password), and the
protocol is resistant to pre-computation attacks even if the server's verifier
database is stolen.
@@ -112,7 +112,7 @@ Signal Blog.
[signal.org/blog/sealed-sender](https://signal.org/blog/sealed-sender/)
Describes Signal's approach to hiding sender identity from the server. Relevant
to quicproquo's future research on metadata resistance (see
to quicprochat's future research on metadata resistance (see
[Future Research](../roadmap/future-research.md)).
---
@@ -120,7 +120,7 @@ to quicproquo's future research on metadata resistance (see
## Cross-references
- [Glossary](glossary.md) -- definitions of terms used in these references
- [Protocol Layers Overview](../protocol-layers/overview.md) -- how the protocols layer in quicproquo
- [Protocol Layers Overview](../protocol-layers/overview.md) -- how the protocols layer in quicprochat
- [Cryptography Overview](../cryptography/overview.md) -- cryptographic properties and threat model
- [Future Research](../roadmap/future-research.md) -- technologies under consideration
- [Milestones](../roadmap/milestones.md) -- current project status

58
docs/src/architecture/crate-responsibilities.md
View File

@@ -1,6 +1,6 @@
# Crate Responsibilities
The quicproquo workspace contains nine crates. The core four (proto, core,
The quicprochat workspace contains nine crates. The core four (proto, core,
server, client) follow strict layering rules; each owns one concern and depends
only on the crates below it. The workspace also includes dedicated crates for
the RPC framework, client SDK, key transparency, plugin API, and P2P. This
@@ -13,7 +13,7 @@ crates relate to one another.
```text
+-------------------+ +-------------------+
| quicproquo-client | | quicproquo-sdk |
| quicprochat-client | | quicprochat-sdk |
| (CLI/TUI binary) | | (QpqClient, store)|
+--------+----------+ +--------+----------+
| |
@@ -21,7 +21,7 @@ crates relate to one another.
| |
v v
+-----------+----------+
| quicproquo-rpc |
| quicprochat-rpc |
| (framing, server, |
| client, middleware) |
+--------+-------------+
@@ -30,20 +30,20 @@ crates relate to one another.
| |
v v
+------------------------+ +-----------------------------+
| quicproquo-core | | quicproquo-server |
| quicprochat-core | | quicprochat-server |
| (crypto, MLS, | | (RPC server + domain |
| hybrid KEM) | | services) |
+----------+-------------+ +-------------+---------------+
| |
| +-------------------+ |
+------>| quicproquo-proto |<--+
+------>| quicprochat-proto |<--+
| (capnp legacy + |
| prost v2 types) |
+-------------------+
(separate, no shared deps)
+-------------------+ +-------------------+ +-------------------+
| quicproquo-kt | | quicproquo-p2p | | quicproquo- |
| quicprochat-kt | | quicprochat-p2p | | quicprochat- |
| (key transparency)| | (iroh P2P) | | plugin-api |
+-------------------+ +-------------------+ | (#![no_std] C-ABI)|
+-------------------+
@@ -56,7 +56,7 @@ both the sdk and server.
---
## quicproquo-core
## quicprochat-core
**Role:** Pure cryptographic logic. No network I/O. No async runtime
dependency.
@@ -83,11 +83,11 @@ dependency.
`ed25519-dalek`, `openmls`, `openmls_rust_crypto`,
`openmls_traits`, `tls_codec`, `ml-kem`, `x25519-dalek`, `chacha20poly1305`,
`hkdf`, `sha2`, `zeroize`, `quicproquo-proto`, `serde`, `bincode`, `thiserror`.
`hkdf`, `sha2`, `zeroize`, `quicprochat-proto`, `serde`, `bincode`, `thiserror`.
---
## quicproquo-proto
## quicprochat-proto
**Role:** Protocol type definitions for both v1 (legacy Cap'n Proto) and v2
(Protobuf/prost). This crate is the single source of truth for wire types and
@@ -98,9 +98,9 @@ method ID constants.
| Item | Description |
|-------------------------------|-------------|
| `schemas/*.capnp` | Legacy Cap'n Proto schemas (auth, delivery, node, federation). |
| `proto/qpq/v1/*.proto` | 14 Protobuf files defining all v2 message types. |
| `proto/qpc/v1/*.proto` | 14 Protobuf files defining all v2 message types. |
| `build.rs` | Invokes `capnpc` for legacy types and `prost-build` for v2 types. |
| `pub mod qpq::v1` | All Protobuf-generated types, included via `prost` `include!`. |
| `pub mod qpc::v1` | All Protobuf-generated types, included via `prost` `include!`. |
| `pub mod method_ids` | All 44 RPC method ID constants (u16) plus 4 push event type constants. |
| `auth_capnp`, `node_capnp`... | Re-exported legacy Cap'n Proto generated modules. |
@@ -138,7 +138,7 @@ method ID constants.
---
## quicproquo-rpc
## quicprochat-rpc
**Role:** v2 RPC framework. Implements the custom binary framing protocol,
server-side dispatch, client-side request/response handling, and Tower
@@ -169,12 +169,12 @@ Push: [event_type: u16 BE][payload_len: u32 BE][protobuf]
### Key dependencies
`quinn`, `rustls`, `tokio`, `bytes`, `tower`, `prost`, `quicproquo-proto`,
`quinn`, `rustls`, `tokio`, `bytes`, `tower`, `prost`, `quicprochat-proto`,
`tracing`, `thiserror`.
---
## quicproquo-sdk
## quicprochat-sdk
**Role:** High-level client SDK. `QpqClient` wraps the RPC client with
typed methods, an async event broadcast channel, and a `ConversationStore`
@@ -190,17 +190,17 @@ for local conversation state.
### What this crate does NOT do
- No raw frame handling -- delegates to `quicproquo-rpc`.
- No MLS group state management -- delegates to `quicproquo-core`.
- No raw frame handling -- delegates to `quicprochat-rpc`.
- No MLS group state management -- delegates to `quicprochat-core`.
### Key dependencies
`quicproquo-rpc`, `quicproquo-core`, `quicproquo-proto`, `tokio`, `rusqlite`,
`quicprochat-rpc`, `quicprochat-core`, `quicprochat-proto`, `tokio`, `rusqlite`,
`prost`, `tracing`, `thiserror`, `anyhow`.
---
## quicproquo-server
## quicprochat-server
**Role:** Network-facing server binary. Accepts QUIC + TLS 1.3 connections,
dispatches 44 Protobuf RPC methods through registered handlers in `domain/`,
@@ -213,13 +213,13 @@ and persists state to SQLCipher.
| `v2_handlers/` | One handler module per method category (auth, delivery, keys, channel, group, user, kt, blob, device, p2p, federation, moderation, recovery, account). |
| `domain/` | Protocol-agnostic domain types and service logic (e.g., `AuthService`, `DeliveryService`, `KeyService`). |
| `ServerState` | Shared state: SQLCipher connection pool, DashMap waiters, OPAQUE server state. |
| TLS config | Self-signed certificate auto-generated on first run (`rcgen`). TLS 1.3 only, ALPN `qpq`. |
| TLS config | Self-signed certificate auto-generated on first run (`rcgen`). TLS 1.3 only, ALPN `qpc`. |
| CLI (`clap`) | `--listen` (default `0.0.0.0:5001`), `--data-dir`, `--tls-cert`, `--tls-key`. |
### Connection lifecycle
```
QUIC accept (ALPN: "qpq")
QUIC accept (ALPN: "qpc")
+- TLS 1.3 handshake (self-signed cert)
+- Per-stream: read RequestFrame -> dispatch to handler -> write ResponseFrame
+- Uni-stream (server -> client): write PushFrame for events
@@ -235,13 +235,13 @@ via `tokio::spawn`.
### Key dependencies
`quicproquo-core`, `quicproquo-proto`, `quicproquo-rpc`, `quinn`, `rustls`,
`quicprochat-core`, `quicprochat-proto`, `quicprochat-rpc`, `quinn`, `rustls`,
`rcgen`, `tokio`, `dashmap`, `rusqlite`, `prost`, `clap`, `tracing`, `anyhow`,
`thiserror`.
---
## quicproquo-client
## quicprochat-client
**Role:** CLI/TUI client binary. Connects to the server, orchestrates MLS
group operations via `GroupMember`, and persists identity and group state.
@@ -249,16 +249,16 @@ group operations via `GroupMember`, and persists identity and group state.
### What this crate does NOT do
- No server-side logic.
- No raw frame parsing -- delegates to `quicproquo-sdk` / `quicproquo-rpc`.
- No raw frame parsing -- delegates to `quicprochat-sdk` / `quicprochat-rpc`.
### Key dependencies
`quicproquo-sdk`, `quicproquo-core`, `quicproquo-proto`, `tokio`, `clap`,
`quicprochat-sdk`, `quicprochat-core`, `quicprochat-proto`, `tokio`, `clap`,
`rustyline`, `tracing`, `anyhow`.
---
## quicproquo-kt
## quicprochat-kt
**Role:** Key transparency. Implements an append-only transparency log for
Ed25519 public keys with revocation checking and audit support.
@@ -268,7 +268,7 @@ Methods exposed: `RevokeKey` (510), `CheckRevocation` (511),
---
## quicproquo-plugin-api
## quicprochat-plugin-api
**Role:** `#![no_std]` C-ABI plugin interface. Defines a stable ABI for
dynamically loaded plugins with 6 hook points (on_message_send,
@@ -279,11 +279,11 @@ allow plugins compiled for embedded or WASM targets.
---
## quicproquo-p2p
## quicprochat-p2p
**Role:** P2P endpoint publish and resolve via iroh. Used by the server and
clients for direct peer discovery when the `mesh` feature is enabled on
`quicproquo-client`.
`quicprochat-client`.
Methods exposed: `PublishEndpoint` (800), `ResolveEndpoint` (801).
@@ -308,7 +308,7 @@ build targets due to iroh's large dependency footprint (~90 extra deps).
This layering ensures that:
- Crypto code can be tested in isolation (`cargo test -p quicproquo-core`).
- Crypto code can be tested in isolation (`cargo test -p quicprochat-core`).
- Schema changes propagate automatically through codegen.
- The server binary contains no client-side MLS orchestration logic.
- The client binary contains no server-side storage or listener logic.

4
docs/src/architecture/data-flow.md
View File

@@ -1,13 +1,13 @@
# End-to-End Data Flow
This page traces the three core data flows through the quicproquo system:
This page traces the three core data flows through the quicprochat system:
registration, group creation, and message exchange. Each flow is illustrated
with an ASCII sequence diagram showing control-plane (AS) and data-plane (DS)
traffic.
Throughout these flows the server is **MLS-unaware** -- it stores and forwards
opaque byte blobs without parsing their MLS content. All RPC calls use the v2
Protobuf framing protocol over QUIC (ALPN: `qpq`, port 5001).
Protobuf framing protocol over QUIC (ALPN: `qpc`, port 5001).
---

30
docs/src/architecture/overview.md
View File

@@ -1,6 +1,6 @@
# Architecture Overview
quicproquo is an end-to-end encrypted group messaging system built in Rust.
quicprochat is an end-to-end encrypted group messaging system built in Rust.
This page describes the high-level architecture: the services that compose the
system, the dual-key cryptographic model, and how the pieces fit together.
@@ -27,11 +27,11 @@ connection lifecycle, and push event delivery.
## Identity Key Model
Each quicproquo client holds a single Ed25519 signing keypair that serves
Each quicprochat client holds a single Ed25519 signing keypair that serves
as its long-term identity:
```text
quicproquo Key Model
quicprochat Key Model
+--------------------------------------------------+
| |
| Ed25519 signing keypair (MLS identity) |
@@ -71,11 +71,11 @@ For details on the cryptographic properties, see
| (SDK) | | (SDK) |
+--------+---------+ +--------+---------+
| |
| QUIC + TLS 1.3 (quinn/rustls) ALPN: "qpq" |
| QUIC + TLS 1.3 (quinn/rustls) ALPN: "qpc" |
| |
v v
+------------------------------------------------------------------------+
| quicproquo-server (port 5001) |
| quicprochat-server (port 5001) |
| |
| +---------------------------+ +--------------------------------+ |
| | Authentication Service | | Delivery Service | |
@@ -106,7 +106,7 @@ For details on the cryptographic properties, see
2. KeyPackages are single-use (RFC 9420 requirement). The AS atomically removes
a KeyPackage on fetch to enforce this invariant.
3. QUIC + TLS 1.3 is the sole transport layer. The ALPN identifier is `qpq`.
3. QUIC + TLS 1.3 is the sole transport layer. The ALPN identifier is `qpc`.
4. Push events (new messages, typing, presence, membership changes) are
delivered server-to-client on QUIC uni-streams using a separate push frame
@@ -142,15 +142,15 @@ The implementation is split across nine workspace crates:
| Crate | Role |
|------------------------------|-------------------------------------------------------------------|
| `quicproquo-core` | Crypto primitives, MLS state machine, hybrid KEM |
| `quicproquo-proto` | Cap'n Proto legacy types + Protobuf (prost) v2 generated types |
| `quicproquo-kt` | Key transparency (append-only log, revocation) |
| `quicproquo-plugin-api` | `#![no_std]` C-ABI plugin interface |
| `quicproquo-rpc` | QUIC RPC framework: framing, server dispatch, client, middleware |
| `quicproquo-sdk` | Client SDK: `QpqClient`, event broadcast, `ConversationStore` |
| `quicproquo-server` | RPC server + domain services |
| `quicproquo-client` | CLI/TUI client binary |
| `quicproquo-p2p` | iroh P2P endpoint publish/resolve (feature-flagged) |
| `quicprochat-core` | Crypto primitives, MLS state machine, hybrid KEM |
| `quicprochat-proto` | Cap'n Proto legacy types + Protobuf (prost) v2 generated types |
| `quicprochat-kt` | Key transparency (append-only log, revocation) |
| `quicprochat-plugin-api` | `#![no_std]` C-ABI plugin interface |
| `quicprochat-rpc` | QUIC RPC framework: framing, server dispatch, client, middleware |
| `quicprochat-sdk` | Client SDK: `QpqClient`, event broadcast, `ConversationStore` |
| `quicprochat-server` | RPC server + domain services |
| `quicprochat-client` | CLI/TUI client binary |
| `quicprochat-p2p` | iroh P2P endpoint publish/resolve (feature-flagged) |
See [Crate Responsibilities](crate-responsibilities.md) for a full breakdown
and dependency diagram.

8
docs/src/architecture/protocol-stack.md
View File

@@ -1,6 +1,6 @@
# Protocol Stack
quicproquo layers three protocol stages to move a plaintext message from
quicprochat layers three protocol stages to move a plaintext message from
sender to recipient with end-to-end encryption, typed RPC framing, and
authenticated transport. This page describes each layer and provides a
comparison table.
@@ -32,12 +32,12 @@ one per RPC call.
- TLS 1.3 provides perfect forward secrecy per connection via ephemeral ECDHE.
- The server presents a self-signed certificate by default; the client pins
the server certificate via `--ca-cert`.
- ALPN protocol identifier: `qpq`.
- ALPN protocol identifier: `qpc`.
- Multiplexed streams over a single UDP socket -- one bidirectional stream
per RPC call, preventing head-of-line blocking.
- Uni-directional streams for server-to-client push events.
**Protobuf framing** (`quicproquo-rpc`, `quicproquo-proto`)
**Protobuf framing** (`quicprochat-rpc`, `quicprochat-proto`)
- Three frame types: Request, Response, Push.
- Fixed-length binary headers carry method/status codes, request correlation
@@ -66,7 +66,7 @@ one per RPC call.
| Layer | Provides | Crate(s) |
|-------------|------------------------------------------------------------------|-----------------------------------------|
| **Transport: QUIC + TLS 1.3** | Confidentiality, server authentication, forward secrecy, multiplexed streams, congestion control | `quinn`, `rustls` |
| **Framing: Protobuf** | Typed serialisation, length-prefixed framing, method dispatch, push events | `quicproquo-rpc`, `prost` |
| **Framing: Protobuf** | Typed serialisation, length-prefixed framing, method dispatch, push events | `quicprochat-rpc`, `prost` |
| **Encryption: MLS** | Group key agreement, forward secrecy, post-compromise security, identity binding | `openmls`, `openmls_rust_crypto` |
| **Encryption: Hybrid KEM** (optional) | Post-quantum confidentiality for individual payloads (X25519 + ML-KEM-768) | `ml-kem`, `x25519-dalek`, `chacha20poly1305`, `hkdf` |

16
docs/src/architecture/service-architecture.md
View File

@@ -1,6 +1,6 @@
# Service Architecture
The quicproquo server exposes 44 RPC methods through a single QUIC + TLS 1.3
The quicprochat server exposes 44 RPC methods through a single QUIC + TLS 1.3
endpoint on **port 5001**. Methods are dispatched by numeric method ID using
the v2 Protobuf framing protocol. This page documents the method reference,
connection lifecycle, storage model, and authentication flow.
@@ -10,11 +10,11 @@ connection lifecycle, storage model, and authentication flow.
## RPC Endpoint
A single QUIC + TLS 1.3 listener on **port 5001** serves all operations.
The ALPN identifier is `qpq`. Each RPC call uses a dedicated QUIC
The ALPN identifier is `qpc`. Each RPC call uses a dedicated QUIC
bidirectional stream; calls are concurrent and do not block each other.
```text
quicproquo-server (port 5001, ALPN: "qpq")
quicprochat-server (port 5001, ALPN: "qpc")
|
+-- Auth (100-103)
| +-- 100: OpaqueRegisterStart
@@ -243,7 +243,7 @@ Client Server
2. <- QUIC HANDSHAKE
TLS 1.3 ServerHello +
Certificate (self-signed)
ALPN: "qpq"
ALPN: "qpc"
3. Client verifies server cert against
pinned CA cert (--ca-cert flag)
@@ -345,10 +345,10 @@ validates it on every authenticated method call.
| Flag | Env var | Default | Description |
|----------------|----------------------------|------------------------|-------------|
| `--listen` | `QPQ_LISTEN` | `0.0.0.0:5001` | QUIC listen address (host:port). |
| `--data-dir` | `QPQ_DATA_DIR` | `data` | Directory for persisted state. |
| `--tls-cert` | `QPQ_TLS_CERT` | `data/server-cert.der` | Path to TLS certificate (DER). Auto-generated if missing. |
| `--tls-key` | `QPQ_TLS_KEY` | `data/server-key.der` | Path to TLS private key (DER). Auto-generated if missing. |
| `--listen` | `QPC_LISTEN` | `0.0.0.0:5001` | QUIC listen address (host:port). |
| `--data-dir` | `QPC_DATA_DIR` | `data` | Directory for persisted state. |
| `--tls-cert` | `QPC_TLS_CERT` | `data/server-cert.der` | Path to TLS certificate (DER). Auto-generated if missing. |
| `--tls-key` | `QPC_TLS_KEY` | `data/server-key.der` | Path to TLS private key (DER). Auto-generated if missing. |
Logging level is controlled by the `RUST_LOG` environment variable (default: `info`).

8
docs/src/contributing/coding-standards.md
View File

@@ -1,6 +1,6 @@
# Coding Standards
This page defines the engineering standards for quicproquo. These are
This page defines the engineering standards for quicprochat. These are
non-negotiable -- all code merged into the repository must conform to these
rules. The standards exist to ensure that every milestone produces
production-ready, auditable, and secure code.
@@ -85,9 +85,9 @@ pub fn create_group(
- No `unwrap()` or `expect()` on cryptographic operations or I/O in non-test
paths. All crypto errors must be typed and propagated.
- Use `thiserror` for library error types (`quicproquo-core`,
`quicproquo-proto`, `quicproquo-rpc`, `quicproquo-sdk`) and `anyhow` for
application-level error handling (`quicproquo-server`, `quicproquo-client`).
- Use `thiserror` for library error types (`quicprochat-core`,
`quicprochat-proto`, `quicprochat-rpc`, `quicprochat-sdk`) and `anyhow` for
application-level error handling (`quicprochat-server`, `quicprochat-client`).
- `unwrap()` is acceptable only in:
- Test code.
- Cases where the invariant is provably guaranteed by the type system

52
docs/src/contributing/testing.md
View File

@@ -1,7 +1,7 @@
# Testing Strategy
This page describes the testing structure, conventions, and current coverage for
quicproquo. All tests run with `cargo test --workspace` (or `just test`) and
quicprochat. All tests run with `cargo test --workspace` (or `just test`) and
must pass before any code is merged.
For the coding standards that tests must follow, see
@@ -17,7 +17,7 @@ Unit tests live alongside the code they test, in `#[cfg(test)] mod tests` blocks
at the bottom of each source file. They test individual functions and types in
isolation.
**quicproquo-core (96 tests):**
**quicprochat-core (96 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
@@ -28,21 +28,21 @@ isolation.
| `opaque_auth` | 12 | OPAQUE registration + login full flow, bad password rejection |
| `mls_*` | 61 | MLS key schedule, member add/remove, Welcome processing, key exhaustion |
**quicproquo-rpc (18 tests):**
**quicprochat-rpc (18 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
| `framing` | 8 | Wire framing round-trips, method ID encoding, length-prefix correctness |
| `dispatch` | 10 | Handler dispatch, method not found, middleware chain, timeout enforcement |
**quicproquo-sdk (30 tests):**
**quicprochat-sdk (30 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
| `client` | 15 | `QpqClient` connect, send, receive, event broadcast |
| `conversation_store` | 15 | `ConversationStore` CRUD, pagination, message ordering |
**quicproquo-server (65 tests):**
**quicprochat-server (65 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
@@ -51,13 +51,13 @@ isolation.
| `storage` | 15 | `FileBackedStore` and `SqlStore` CRUD, MLS entity serialisation |
| `federation` | 10 | Federation peer relay, mTLS validation, domain routing |
**quicproquo-kt (21 tests):**
**quicprochat-kt (21 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
| `merkle_log` | 21 | Merkle tree insertion, consistency proofs, root hash correctness |
**quicproquo-p2p (34 tests):**
**quicprochat-p2p (34 tests):**
| Module | Tests | What they cover |
|--------|-------|----------------|
@@ -65,18 +65,18 @@ isolation.
### Integration and E2E Tests
E2E tests live in `crates/quicproquo-client/tests/e2e.rs` (20 tests) and
E2E tests live in `crates/quicprochat-client/tests/e2e.rs` (20 tests) and
exercise the full client-server stack in-process. Each test spawns a real server
using `tokio::spawn`, runs client operations against it, and asserts on the
results.
**quicproquo-client unit (16 tests):**
**quicprochat-client unit (16 tests):**
| File | What it covers |
|------|---------------|
| `src/lib.rs` | CLI command parsing, client state machine, error formatting |
**quicproquo-client E2E (20 tests):**
**quicprochat-client E2E (20 tests):**
| Test | What it covers |
|------|---------------|
@@ -141,7 +141,7 @@ The E2E test suite shares an `AUTH_LOCK` `tokio::Mutex` to prevent port binding
conflicts when tests run in parallel. Always run E2E tests with a single thread:
```bash
cargo test -p quicproquo-client --test e2e -- --test-threads 1
cargo test -p quicprochat-client --test e2e -- --test-threads 1
```
Running without `--test-threads 1` may cause intermittent bind errors if two
@@ -150,19 +150,19 @@ tests try to use the same port concurrently.
### Single Crate
```bash
cargo test -p quicproquo-core
cargo test -p quicproquo-rpc
cargo test -p quicproquo-sdk
cargo test -p quicproquo-server
cargo test -p quicproquo-kt
cargo test -p quicproquo-p2p
cargo test -p quicprochat-core
cargo test -p quicprochat-rpc
cargo test -p quicprochat-sdk
cargo test -p quicprochat-server
cargo test -p quicprochat-kt
cargo test -p quicprochat-p2p
```
### Single Test
```bash
cargo test -p quicproquo-core -- codec::tests::test_round_trip
cargo test -p quicproquo-client --test e2e -- opaque_flow --test-threads 1
cargo test -p quicprochat-core -- codec::tests::test_round_trip
cargo test -p quicprochat-client --test e2e -- opaque_flow --test-threads 1
```
### With Output
@@ -179,13 +179,13 @@ All 301 tests pass on branch `v2`.
| Crate | Unit / Integration Tests | E2E Tests | Total |
|-------|--------------------------|-----------|-------|
| `quicproquo-core` | 96 | -- | 96 |
| `quicproquo-rpc` | 18 | -- | 18 |
| `quicproquo-sdk` | 30 | -- | 30 |
| `quicproquo-server` | 65 | -- | 65 |
| `quicproquo-kt` | 21 | -- | 21 |
| `quicproquo-p2p` | 34 | -- | 34 |
| `quicproquo-client` | 16 unit + 1 doctest | 20 | 37 |
| `quicprochat-core` | 96 | -- | 96 |
| `quicprochat-rpc` | 18 | -- | 18 |
| `quicprochat-sdk` | 30 | -- | 30 |
| `quicprochat-server` | 65 | -- | 65 |
| `quicprochat-kt` | 21 | -- | 21 |
| `quicprochat-p2p` | 34 | -- | 34 |
| `quicprochat-client` | 16 unit + 1 doctest | 20 | 37 |
| **Total** | **281** | **20** | **301** |
---

10
docs/src/cryptography/forward-secrecy.md
View File

@@ -6,7 +6,7 @@ compromised, past session keys cannot be recovered.** In other words, an
attacker who obtains today's long-term key cannot use it to decrypt messages
recorded yesterday.
quicproquo provides forward secrecy at two independent layers: the transport
quicprochat provides forward secrecy at two independent layers: the transport
layer and the application layer. Even if one layer's FS mechanism is defeated,
the other continues to protect message confidentiality.
@@ -28,7 +28,7 @@ In each TLS 1.3 handshake:
Because the ephemeral keys exist only for the duration of the handshake,
compromising the server's long-term TLS certificate key (currently self-signed
in quicproquo) does not reveal past session keys.
in quicprochat) does not reveal past session keys.
## Application Layer Forward Secrecy
@@ -54,7 +54,7 @@ This deletion is the mechanism that provides forward secrecy: once old epoch
keys are erased, messages encrypted under those keys cannot be decrypted, even
if the current group state is compromised.
In quicproquo, epoch advancement occurs when:
In quicprochat, epoch advancement occurs when:
- `add_member()` is called, which creates a Commit and calls
`merge_pending_commit()`.
@@ -91,7 +91,7 @@ HPKE init keys.
## Layered Forward Secrecy
A distinctive property of quicproquo's design is that forward secrecy
A distinctive property of quicprochat's design is that forward secrecy
operates at two independent layers:
```text
@@ -135,7 +135,7 @@ unless they also break the transport encryption.
Signal's Double Ratchet protocol also provides forward secrecy, but the
mechanisms differ:
| Property | Signal Double Ratchet | MLS (quicproquo) |
| Property | Signal Double Ratchet | MLS (quicprochat) |
|----------|----------------------|---------------------|
| Scope | Pairwise (1:1 sessions) | Group (n-party) |
| Ratchet granularity | Per message (symmetric ratchet) + per DH round (DH ratchet) | Per epoch (Commit) |

6
docs/src/cryptography/identity-keys.md
View File

@@ -1,11 +1,11 @@
# Ed25519 Identity Keys
The Ed25519 identity keypair is the long-term cryptographic identity of a
quicproquo client. It is generated once, persisted across sessions, and used
quicprochat client. It is generated once, persisted across sessions, and used
for MLS credential signing, Authentication Service registration, and delivery
queue addressing.
**Source:** `crates/quicproquo-core/src/identity.rs`
**Source:** `crates/quicprochat-core/src/identity.rs`
## Structure
@@ -37,7 +37,7 @@ A fresh identity keypair is generated from the OS CSPRNG (`OsRng`) via
`ed25519-dalek`:
```rust
use quicproquo_core::identity::IdentityKeypair;
use quicprochat_core::identity::IdentityKeypair;
let identity = IdentityKeypair::generate();
// The signing key seed is generated from OsRng (getrandom on Linux).

14
docs/src/cryptography/key-lifecycle.md
View File

@@ -1,6 +1,6 @@
# Key Lifecycle and Zeroization
quicproquo uses multiple key types with different lifetimes, creation
quicprochat uses multiple key types with different lifetimes, creation
patterns, and destruction guarantees. This page provides a comprehensive
lifecycle diagram for every key type in the system, from generation through
zeroization.
@@ -25,7 +25,7 @@ Hybrid KEM Keys Per peer (future) Public portion X25519+ML-KEM-768
## Ed25519 Identity Key
**Source:** `crates/quicproquo-core/src/identity.rs`
**Source:** `crates/quicprochat-core/src/identity.rs`
The Ed25519 identity key is the most long-lived secret in the system. It
represents the client's cryptographic identity across all sessions and groups.
@@ -92,8 +92,8 @@ zeroization.
## HPKE Init Keys
**Source:** `crates/quicproquo-core/src/keystore.rs` and
`crates/quicproquo-core/src/group.rs`
**Source:** `crates/quicprochat-core/src/keystore.rs` and
`crates/quicprochat-core/src/group.rs`
HPKE init keys are generated by the openmls backend as part of MLS KeyPackage
creation. They are single-use: each init key is consumed exactly once when
@@ -167,7 +167,7 @@ processing a Welcome message.
**Managed by:** `openmls` (internal to the `MlsGroup` state machine)
MLS epoch keys are derived internally by the openmls ratchet tree. They are not
directly accessible in quicproquo code but are critical to understanding the
directly accessible in quicprochat code but are critical to understanding the
system's security properties.
### Lifecycle
@@ -216,12 +216,12 @@ system's security properties.
- **Deletion:** Old epoch keys are deleted after the Commit is processed. This
deletion is what provides [forward secrecy](forward-secrecy.md) at the MLS
layer.
- **No direct access:** quicproquo code interacts with epoch keys only
- **No direct access:** quicprochat code interacts with epoch keys only
indirectly through `send_message()` and `receive_message()`.
## Hybrid KEM Keys (Future -- M5+)
**Source:** `crates/quicproquo-core/src/hybrid_kem.rs`
**Source:** `crates/quicprochat-core/src/hybrid_kem.rs`
The hybrid KEM keypair combines X25519 (classical) with ML-KEM-768
(post-quantum) for content encryption that resists both classical and quantum

2
docs/src/cryptography/overview.md
View File

@@ -1,6 +1,6 @@
# Cryptography Overview
quicproquo layers multiple cryptographic protocols to provide confidentiality,
quicprochat layers multiple cryptographic protocols to provide confidentiality,
integrity, authentication, forward secrecy, and post-compromise security. This
page catalogues every algorithm in the system, the crate that supplies it, and
the security margin it provides.

10
docs/src/cryptography/post-compromise-security.md
View File

@@ -13,7 +13,7 @@ PCS is the complement of [forward secrecy](forward-secrecy.md):
- **Post-compromise security** protects the **future** from a past compromise.
MLS (RFC 9420) is specifically designed to provide both properties simultaneously
for group messaging. This is a key differentiator of quicproquo's design.
for group messaging. This is a key differentiator of quicprochat's design.
## How MLS Provides PCS
@@ -64,7 +64,7 @@ This means:
For a group of 1,000 members, the path length is approximately 10 nodes --
making PCS practical even for large groups.
## Epoch Advancement in quicproquo
## Epoch Advancement in quicprochat
In the current implementation, epoch advancement occurs through the `GroupMember`
methods in `group.rs`:
@@ -145,7 +145,7 @@ deleted), and future epochs are protected by PCS (new key material generated).
Signal's group messaging uses **Sender Keys**, a fundamentally different
mechanism from MLS's ratchet tree. The comparison is instructive because it
highlights why MLS was chosen for quicproquo:
highlights why MLS was chosen for quicprochat:
### Signal Sender Keys
@@ -168,7 +168,7 @@ security. If an attacker compromises a member's Sender Key:
membership changes.
- There is no automatic healing mechanism analogous to MLS's ratchet tree.
### MLS Ratchet Tree (quicproquo)
### MLS Ratchet Tree (quicprochat)
In contrast, MLS's ratchet tree provides PCS because:
@@ -218,7 +218,7 @@ periodic Updates (planned) will bound the healing window.
### Server compromise does not prevent PCS
The quicproquo server is MLS-unaware -- it stores and forwards encrypted
The quicprochat server is MLS-unaware -- it stores and forwards encrypted
MLS messages without access to the group state. A compromised server cannot:
- Prevent PCS by blocking Commits (it could perform denial-of-service, but

18
docs/src/cryptography/post-quantum-readiness.md
View File

@@ -1,15 +1,15 @@
# Post-Quantum Readiness
quicproquo includes a fully implemented and tested hybrid key encapsulation
quicprochat includes a fully implemented and tested hybrid key encapsulation
mechanism (KEM) combining X25519 (classical) with ML-KEM-768 (post-quantum).
This page describes the current implementation, the integration plan, the
security rationale, and the known gaps.
**Source:** `crates/quicproquo-core/src/hybrid_kem.rs`
**Source:** `crates/quicprochat-core/src/hybrid_kem.rs`
## Current State
The hybrid KEM is **fully implemented and tested** in `quicproquo-core`. The
The hybrid KEM is **fully implemented and tested** in `quicprochat-core`. The
implementation provides:
- `HybridKeypair::generate()` -- generate a combined X25519 + ML-KEM-768 keypair
@@ -35,7 +35,7 @@ The test suite in `hybrid_kem.rs` includes 10 tests covering:
## ML-KEM-768 (FIPS 203)
ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) is the NIST-standardized
post-quantum KEM, published as FIPS 203. quicproquo uses ML-KEM-768, the
post-quantum KEM, published as FIPS 203. quicprochat uses ML-KEM-768, the
middle parameter set:
| Parameter Set | NIST Level | Security (PQ) | EK Size | CT Size | SS Size |
@@ -69,8 +69,8 @@ executed, and their shared secrets are combined through a KDF:
```text
ikm = X25519_shared_secret(32 bytes) || ML-KEM_shared_secret(32 bytes)
key = HKDF-SHA256(salt=[], ikm, info="quicproquo-hybrid-v1", L=32)
nonce = HKDF-SHA256(salt=[], ikm, info="quicproquo-hybrid-nonce-v1", L=12)
key = HKDF-SHA256(salt=[], ikm, info="quicprochat-hybrid-v1", L=32)
nonce = HKDF-SHA256(salt=[], ikm, info="quicprochat-hybrid-nonce-v1", L=12)
```
The combined IKM (input key material) is wrapped in `Zeroizing<Vec<u8>>` and
@@ -165,7 +165,7 @@ hybrid KEM for HPKE init key exchange:
## The PQ Gap
There is an important asymmetry in quicproquo's post-quantum protection:
There is an important asymmetry in quicprochat's post-quantum protection:
```text
Layer Classical Protection Post-Quantum Protection
@@ -191,7 +191,7 @@ This is the **PQ gap**: content is safe, but metadata is not.
Post-quantum TLS (via ML-KEM in the TLS 1.3 handshake) is being standardized by
the IETF and is supported by some TLS libraries, but `rustls` does not yet
support it in a stable release. When `rustls` adds ML-KEM support, quicproquo
support it in a stable release. When `rustls` adds ML-KEM support, quicprochat
will adopt it to close the PQ gap at the transport layer.
## Harvest-Now, Decrypt-Later Risk
@@ -202,7 +202,7 @@ The "harvest-now, decrypt-later" (HNDL) threat model assumes an adversary who:
2. Waits for a sufficiently powerful quantum computer (years or decades).
3. Decrypts the recorded traffic retroactively.
In quicproquo's case:
In quicprochat's case:
- **Content is safe from M5 onward.** The hybrid KEM wrapping MLS content uses
ML-KEM-768, which resists quantum attacks. Even if the recorded traffic is

4
docs/src/cryptography/threat-model.md
View File

@@ -1,6 +1,6 @@
# Threat Model
This page defines the attacker models quicproquo is designed to resist,
This page defines the attacker models quicprochat is designed to resist,
catalogues what is and is not protected, identifies known gaps in the current
implementation, and outlines future mitigations.
@@ -41,7 +41,7 @@ state-level adversary).
**What they can do:**
- Attempt TLS 1.3 MITM: TLS 1.3 prevents this if the client validates the
server's certificate. However, quicproquo currently uses **self-signed
server's certificate. However, quicprochat currently uses **self-signed
certificates**, which means the client has no CA chain to verify. On the first
connection, a MITM could present their own certificate and intercept the
session (trust-on-first-use vulnerability).

10
docs/src/design-rationale/adr-002-capnproto.md
View File

@@ -6,7 +6,7 @@
## Context
quicproquo needs an efficient, typed wire format for client-server communication. The format must support:
quicprochat needs an efficient, typed wire format for client-server communication. The format must support:
1. **Typed messages** with compile-time schema enforcement to eliminate hand-rolled serialisation bugs.
2. **Schema evolution** so that new fields and methods can be added without breaking existing clients.
@@ -105,7 +105,7 @@ The Cap'n Proto schemas are stored in the `schemas/` directory:
### Costs and trade-offs
- **Build-time code generation.** The `capnpc` compiler must run during the build (via `build.rs` in `quicproquo-proto`). This adds a build dependency and increases compile times slightly.
- **Build-time code generation.** The `capnpc` compiler must run during the build (via `build.rs` in `quicprochat-proto`). This adds a build dependency and increases compile times slightly.
- **Learning curve.** Cap'n Proto's builder/reader API is different from typical `serde`-based Rust serialisation. Developers must learn the Cap'n Proto programming model (builders for construction, readers for traversal, owned messages for storage).
- **Generated code verbosity.** The generated Rust code is verbose and not intended to be read directly. Application code interacts with it through the builder/reader traits.
- **Smaller ecosystem than Protobuf.** Cap'n Proto has fewer users, fewer tutorials, and fewer third-party tools than Protobuf. However, the core Rust crates are well-maintained.
@@ -114,7 +114,7 @@ The Cap'n Proto schemas are stored in the `schemas/` directory:
### Residual risks
- **Crate maintenance.** The `capnp` and `capnp-rpc` crates are maintained primarily by David Renshaw. If maintenance lapses, the project would need to fork or switch serialisation formats. Mitigated by the crates' maturity and the relatively stable Cap'n Proto specification.
- **RPC limitations.** The Rust `capnp-rpc` crate implements Level 1 of the Cap'n Proto RPC protocol. Level 3 features (three-party handoffs) are not supported. This has not been a limitation for quicproquo's client-server architecture.
- **RPC limitations.** The Rust `capnp-rpc` crate implements Level 1 of the Cap'n Proto RPC protocol. Level 3 features (three-party handoffs) are not supported. This has not been a limitation for quicprochat's client-server architecture.
---
@@ -126,8 +126,8 @@ The Cap'n Proto schemas are stored in the `schemas/` directory:
| `schemas/auth.capnp` | AuthenticationService RPC interface |
| `schemas/delivery.capnp` | DeliveryService RPC interface |
| `schemas/node.capnp` | NodeService unified RPC interface |
| `crates/quicproquo-proto/build.rs` | Build script that invokes `capnpc` for code generation |
| `crates/quicproquo-proto/src/lib.rs` | Re-exports generated Cap'n Proto modules |
| `crates/quicprochat-proto/build.rs` | Build script that invokes `capnpc` for code generation |
| `crates/quicprochat-proto/src/lib.rs` | Re-exports generated Cap'n Proto modules |
---

6
docs/src/design-rationale/adr-004-mls-unaware-ds.md
View File

@@ -40,7 +40,7 @@ The RFC explicitly envisions that the DS operates on opaque blobs, not on decryp
## Decision
The quicproquo Delivery Service is **MLS-unaware**. It routes opaque byte strings by `(recipientKey, channelId)` without parsing, inspecting, or validating any MLS content.
The quicprochat Delivery Service is **MLS-unaware**. It routes opaque byte strings by `(recipientKey, channelId)` without parsing, inspecting, or validating any MLS content.
### What the DS sees
@@ -109,8 +109,8 @@ This means that sending a message to a group of n members requires n-1 enqueue c
|---|---|
| `schemas/delivery.capnp` | DeliveryService RPC interface (opaque `Data` payloads) |
| `schemas/node.capnp` | NodeService: `enqueue`, `fetch`, `fetchWait` methods |
| `crates/quicproquo-server/src/storage.rs` | Server-side queue storage (DashMap-based FIFO queues) |
| `crates/quicproquo-server/src/main.rs` | NodeService RPC handler implementation |
| `crates/quicprochat-server/src/storage.rs` | Server-side queue storage (DashMap-based FIFO queues) |
| `crates/quicprochat-server/src/main.rs` | NodeService RPC handler implementation |
---

4
docs/src/design-rationale/adr-005-single-use-keypackages.md
View File

@@ -100,8 +100,8 @@ This is a defense-in-depth measure. In practice, MLS's own signature verificatio
|---|---|
| `schemas/auth.capnp` | `AuthenticationService` interface: `uploadKeyPackage`, `fetchKeyPackage` |
| `schemas/node.capnp` | `NodeService` interface: same methods with `Auth` parameter |
| `crates/quicproquo-server/src/storage.rs` | Server-side KeyPackage storage (DashMap-backed queue) |
| `crates/quicproquo-server/src/main.rs` | RPC handler: `fetchKeyPackage` implementation with atomic removal |
| `crates/quicprochat-server/src/storage.rs` | Server-side KeyPackage storage (DashMap-backed queue) |
| `crates/quicprochat-server/src/main.rs` | RPC handler: `fetchKeyPackage` implementation with atomic removal |
---

12
docs/src/design-rationale/adr-006-rest-gateway.md
View File

@@ -6,7 +6,7 @@ Accepted (supersedes earlier REST gateway proposal)
## Context
quicproquo uses QUIC + Cap'n Proto RPC as its native protocol. This
quicprochat uses QUIC + Cap'n Proto RPC as its native protocol. This
combination delivers zero-copy serialization, multiplexed streams, and
sub-RTT connection establishment — ideal for high-performance clients.
@@ -58,11 +58,11 @@ Both paths use QUIC transport. The project name stays honest.
### Crypto layer distribution
MLS encryption/decryption must happen client-side. The `quicproquo-core`
MLS encryption/decryption must happen client-side. The `quicprochat-core`
crate is compiled to:
- **WASM** — for browsers, Node.js, Deno
- **C FFI** (`libquicproquo`) — for Swift, Kotlin, Python, Go (via cgo)
- **C FFI** (`libquicprochat`) — for Swift, Kotlin, Python, Go (via cgo)
- **Native Rust** — for Rust clients (existing)
### Why not REST?
@@ -104,9 +104,9 @@ gRPC may be reconsidered for server-to-server federation (Phase 7.3).
### Neutral
- SDKs live in separate repositories (e.g., `quicproquo-go`,
`quicproquo-py`) to avoid bloating the core workspace.
- The C FFI crate (`quicproquo-ffi`) bundles both crypto and transport,
- SDKs live in separate repositories (e.g., `quicprochat-go`,
`quicprochat-py`) to avoid bloating the core workspace.
- The C FFI crate (`quicprochat-ffi`) bundles both crypto and transport,
so language bindings only need to call C functions.
## Related

20
docs/src/design-rationale/overview.md
View File

@@ -1,6 +1,6 @@
# Design Decisions Overview
This section collects the Architecture Decision Records (ADRs) that document the key design choices in quicproquo. Each ADR follows a standard format: context (why the decision was needed), decision (what was chosen), and consequences (trade-offs, benefits, and residual risks).
This section collects the Architecture Decision Records (ADRs) that document the key design choices in quicprochat. Each ADR follows a standard format: context (why the decision was needed), decision (what was chosen), and consequences (trade-offs, benefits, and residual risks).
These decisions are not immutable. Each ADR has a status field and can be superseded by a later ADR if circumstances change. The goal is to preserve the reasoning behind each choice so that future contributors understand *why* the system works the way it does, not just *how*.
@@ -19,7 +19,7 @@ These decisions are not immutable. Each ADR has a status field and can be supers
## Design comparison
For a broader comparison of quicproquo's design against alternative messaging protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md).
For a broader comparison of quicprochat's design against alternative messaging protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md).
---
@@ -41,7 +41,7 @@ Each ADR page follows this structure:
**Context**
quicproquo v1 used Cap'n Proto for both serialisation and RPC dispatch via
quicprochat v1 used Cap'n Proto for both serialisation and RPC dispatch via
`capnp-rpc`. This worked well for the initial 8-method `NodeService` interface
but had several limitations as the protocol expanded:
@@ -60,15 +60,15 @@ but had several limitations as the protocol expanded:
**Decision**
Replace `capnp-rpc` with a custom binary framing layer (`quicproquo-rpc`) and
Replace `capnp-rpc` with a custom binary framing layer (`quicprochat-rpc`) and
Protocol Buffers (`prost`) for payload serialisation:
- Three frame types: Request (10-byte header), Response (9-byte header), Push
(6-byte header), all carrying Protobuf-encoded payloads.
- Method IDs are numeric `u16` constants dispatched via a handler registry.
One QUIC bidirectional stream per RPC call; push events on QUIC uni-streams.
- ALPN changed from `b"capnp"` to `b"qpq"`. Default port changed from 7000 to 5001.
- Cap'n Proto legacy types are retained in `quicproquo-proto` for v1 compatibility
- ALPN changed from `b"capnp"` to `b"qpc"`. Default port changed from 7000 to 5001.
- Cap'n Proto legacy types are retained in `quicprochat-proto` for v1 compatibility
but are no longer used for RPC dispatch.
**Consequences**
@@ -90,9 +90,9 @@ Costs:
**Code references**
- Frame format: `crates/quicproquo-rpc/src/framing.rs`
- Method IDs: `crates/quicproquo-proto/src/lib.rs` (`method_ids` module)
- Proto schemas: `proto/qpq/v1/*.proto`
- Frame format: `crates/quicprochat-rpc/src/framing.rs`
- Method IDs: `crates/quicprochat-proto/src/lib.rs` (`method_ids` module)
- Proto schemas: `proto/qpc/v1/*.proto`
---
@@ -109,7 +109,7 @@ ADR-004 and ADR-005 reflect a design philosophy where the server does as little
### Schema-first design
The v2 protocol defines all messages and method IDs in checked-in source files
(`proto/qpq/v1/*.proto` and `crates/quicproquo-proto/src/lib.rs`). Every wire
(`proto/qpc/v1/*.proto` and `crates/quicprochat-proto/src/lib.rs`). Every wire
type is documented, versioned, and evolvable through the standard Protobuf
schema evolution rules (adding optional fields, reserving removed field numbers).

64
docs/src/design-rationale/protocol-comparison.md
View File

@@ -1,6 +1,6 @@
# Comparison with Classical Chat Protocols
This page compares quicproquo against **classical and legacy chat protocols** -- IRC+SSL, XMPP (with and without OMEMO), Telegram's MTProto, and plain TCP/TLS chat systems -- to demonstrate what a modern, cryptographically rigorous design provides over protocols that were designed before end-to-end encryption, post-compromise security, and post-quantum readiness were practical concerns.
This page compares quicprochat against **classical and legacy chat protocols** -- IRC+SSL, XMPP (with and without OMEMO), Telegram's MTProto, and plain TCP/TLS chat systems -- to demonstrate what a modern, cryptographically rigorous design provides over protocols that were designed before end-to-end encryption, post-compromise security, and post-quantum readiness were practical concerns.
For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Megolm), see [Why This Design, Not Signal/Matrix/...](why-not-signal.md).
@@ -9,7 +9,7 @@ For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Mego
## At a glance
```
Classical IRC+SSL quicproquo
Classical IRC+SSL quicprochat
───────────────── ──────────────
You ──TLS──▶ Server ──TLS──▶ Bob You ──QUIC/TLS──▶ Server ──QUIC/TLS──▶ Bob
@@ -19,13 +19,13 @@ For a comparison against modern E2E-encrypted protocols (Signal, Matrix/Olm/Mego
messages (cannot decrypt)
```
The fundamental difference: **classical protocols trust the server with your plaintext**. quicproquo's server is cryptographically excluded from reading message content.
The fundamental difference: **classical protocols trust the server with your plaintext**. quicprochat's server is cryptographically excluded from reading message content.
---
## Protocol comparison matrix
| Property | IRC+SSL | XMPP+TLS | XMPP+OMEMO | Telegram (MTProto) | quicproquo |
| Property | IRC+SSL | XMPP+TLS | XMPP+OMEMO | Telegram (MTProto) | quicprochat |
|---|---|---|---|---|---|
| **Transport encryption** | TLS (server-to-server optional) | STARTTLS / direct TLS | STARTTLS / direct TLS | MTProto 2.0 (custom) | QUIC + TLS 1.3 |
| **End-to-end encryption** | None | None | Double Ratchet (1:1) | "Secret chats" only (1:1) | MLS RFC 9420 (groups native) |
@@ -41,7 +41,7 @@ The fundamental difference: **classical protocols trust the server with your pla
---
## Deep dive: IRC+SSL vs. quicproquo
## Deep dive: IRC+SSL vs. quicprochat
IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Adding SSL/TLS wraps the TCP connection in transport encryption, but the protocol's security model remains fundamentally unchanged.
@@ -66,7 +66,7 @@ IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Add
4. **No post-compromise security.** There is no mechanism to recover from a key compromise. If a server is breached, all messages flowing through it are exposed indefinitely.
5. **No identity binding.** NickServ password authentication is plaintext over the IRC protocol (inside TLS, but visible to the server). There is no cryptographic binding between a user's identity and their messages.
### What happens when Alice sends a message on quicproquo
### What happens when Alice sends a message on quicprochat
```
┌───────┐ ┌────────┐ ┌─────┐
@@ -93,7 +93,7 @@ IRC (Internet Relay Chat) is the archetypal chat protocol, designed in 1988. Add
---
## Deep dive: XMPP+OMEMO vs. quicproquo
## Deep dive: XMPP+OMEMO vs. quicprochat
XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratchet protocol. This is a significant improvement over plain XMPP, but OMEMO inherits the limitations of the Signal Protocol for group messaging.
@@ -109,7 +109,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc
3 encryptions per message
O(n) cost per send
quicproquo MLS group (4 members)
quicprochat MLS group (4 members)
Alice encrypts once with group epoch key:
┌───────┐ ── MLS_encrypt(epoch_key) ──▶ Server
@@ -120,7 +120,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc
(all decrypt with same epoch key)
```
| Property | XMPP+OMEMO groups | quicproquo MLS groups |
| Property | XMPP+OMEMO groups | quicprochat MLS groups |
|---|---|---|
| **Encryption per message** | O(n) -- encrypt once per recipient | O(1) -- single MLS application message |
| **Add member** | O(n) -- distribute sender keys to all | O(log n) -- single MLS Commit |
@@ -131,7 +131,7 @@ XMPP with OMEMO (XEP-0384) adds end-to-end encryption via the Signal Double Ratc
---
## Deep dive: Telegram (MTProto) vs. quicproquo
## Deep dive: Telegram (MTProto) vs. quicprochat
Telegram is often perceived as a "secure" messenger, but its default mode provides **no end-to-end encryption**. Only "Secret Chats" (1:1 only, not available on desktop) use E2E encryption.
@@ -163,7 +163,7 @@ Telegram is often perceived as a "secure" messenger, but its default mode provid
### Comparison
| Property | Telegram Cloud Chats | Telegram Secret Chats | quicproquo |
| Property | Telegram Cloud Chats | Telegram Secret Chats | quicprochat |
|---|---|---|---|
| **Server reads plaintext** | Yes | No | No |
| **Group E2E** | No | N/A (1:1 only) | Yes (MLS) |
@@ -173,7 +173,7 @@ Telegram is often perceived as a "secure" messenger, but its default mode provid
| **Open source server** | No | No | Yes (MIT license) |
| **Post-quantum** | None | None | Hybrid KEM (X25519 + ML-KEM-768) |
**Critical concern with Telegram:** MTProto is a custom, proprietary cryptographic protocol that has not undergone the same level of independent cryptographic review as standard protocols (TLS, MLS, Signal Protocol). Multiple academic papers have identified weaknesses in earlier versions. quicproquo exclusively uses IETF-standardized protocols (TLS 1.3, MLS RFC 9420) and widely reviewed cryptographic primitives.
**Critical concern with Telegram:** MTProto is a custom, proprietary cryptographic protocol that has not undergone the same level of independent cryptographic review as standard protocols (TLS, MLS, Signal Protocol). Multiple academic papers have identified weaknesses in earlier versions. quicprochat exclusively uses IETF-standardized protocols (TLS 1.3, MLS RFC 9420) and widely reviewed cryptographic primitives.
---
@@ -208,7 +208,7 @@ An attacker gains root access to the chat server.
│ sees metadata (who talks to whom, │
│ when, message sizes). │
│ │
│ quicproquo: │
│ quicprochat: │
│ Cannot read messages (MLS E2E). │
│ Sees metadata (recipient keys, │
│ timing, sizes). │
@@ -243,7 +243,7 @@ A state-level adversary records all encrypted traffic today, planning to decrypt
Telegram (MTProto / custom DH):
└── Quantum computer breaks DH → all recorded messages decrypted
quicproquo (Hybrid KEM):
quicprochat (Hybrid KEM):
└── Transport: QUIC/TLS with ECDHE → quantum computer breaks this layer
└── Inner layer: MLS content encrypted with group epoch keys
└── Hybrid KEM envelope: X25519 + ML-KEM-768
@@ -252,7 +252,7 @@ A state-level adversary records all encrypted traffic today, planning to decrypt
└── Combined key: STILL SECURE (both must be broken)
```
quicproquo's hybrid "belt and suspenders" design means that **even if X25519 falls to a quantum computer, ML-KEM-768 protects the content**. The adversary's recorded ciphertext remains useless.
quicprochat's hybrid "belt and suspenders" design means that **even if X25519 falls to a quantum computer, ML-KEM-768 protects the content**. The adversary's recorded ciphertext remains useless.
### Scenario 3: Device theft / compromise
@@ -279,7 +279,7 @@ An attacker steals Alice's unlocked device and extracts her key material.
Messages after T: all accessible (cloud sync)
Recovery: terminate session from another device
quicproquo:
quicprochat:
Messages before T: protected (MLS forward secrecy, past epoch keys deleted)
Messages after T: exposed only until next MLS epoch advance
Recovery: ANY group member issues an MLS Update proposal →
@@ -293,7 +293,7 @@ An attacker steals Alice's unlocked device and extracts her key material.
### Why QUIC over TCP
Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) blocking. quicproquo uses QUIC, which provides independent streams over UDP.
Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) blocking. quicprochat uses QUIC, which provides independent streams over UDP.
```
TCP (IRC/XMPP): all streams share one ordered byte stream
@@ -308,7 +308,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b
└── ALL streams blocked until retransmit
QUIC (quicproquo): each stream is independent
QUIC (quicprochat): each stream is independent
──────────────────────────────────────────────────
Stream A: ████████░░██████████████ (only A waits)
@@ -334,7 +334,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b
════════════════════════════════════════════════════
Total: 2-3 round trips before first message
quicproquo: QUIC integrates crypto into handshake = 1 RTT (or 0-RTT)
quicprochat: QUIC integrates crypto into handshake = 1 RTT (or 0-RTT)
──────────────────────────────────────────────────────────────────────────
Client ──Initial(ClientHello)──▶ Server │
Client ◀──Initial(ServerHello)── Server │ 1 RTT total
@@ -363,7 +363,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b
Phone number + SMS OTP ← carrier and Telegram see phone number
(identity = phone number) ← no cryptographic identity
quicproquo (OPAQUE PAKE):
quicprochat (OPAQUE PAKE):
Client ──blinded_element──▶ Server │ Server never sees password
Client ◀──evaluated_element── Server │ Mutual authentication
Client ──finalization──▶ Server │ Session key derived
@@ -406,7 +406,7 @@ Classical protocols (IRC, XMPP) use TCP, which suffers from head-of-line (HOL) b
│ Schema via XSD exists but rarely enforced at runtime. │
└──────────────────────────────────────────────────────────┘
Cap'n Proto (quicproquo):
Cap'n Proto (quicprochat):
┌──────────────────────────────────────────────────────────┐
│ [8-byte aligned struct with pointers] │
│ │
@@ -434,7 +434,7 @@ The following diagram maps each protocol against the security properties it prov
Telegram Cloud · · · · · · · ·
Telegram Secret △ · ● · · ● · ·
Signal ● · ● ● △ ● · ·
quicproquo ● ● ● ● ● ● ● ●
quicprochat ● ● ● ● ● ● ● ●
Legend: ● = yes △ = partial · = no
FS = forward secrecy PCS = post-compromise security
@@ -446,12 +446,12 @@ The following diagram maps each protocol against the security properties it prov
---
## The quicproquo advantage: a layered defense
## The quicprochat advantage: a layered defense
Classical protocols rely on a **single layer** of security (transport TLS). quicproquo applies defense in depth with **three independent layers**, each of which must be broken separately:
Classical protocols rely on a **single layer** of security (transport TLS). quicprochat applies defense in depth with **three independent layers**, each of which must be broken separately:
```
IRC+SSL security layers: quicproquo security layers:
IRC+SSL security layers: quicprochat security layers:
┌─────────────────────────┐ ┌─────────────────────────────────┐
│ TLS (transport) │ │ Layer 3: Hybrid KEM envelope │
@@ -474,7 +474,7 @@ Classical protocols rely on a **single layer** of security (transport TLS). quic
To read a message, attacker must break:
IRC+SSL: TLS (1 layer)
quicproquo: TLS + MLS + Hybrid KEM (3 layers)
quicprochat: TLS + MLS + Hybrid KEM (3 layers)
```
---
@@ -483,7 +483,7 @@ Classical protocols rely on a **single layer** of security (transport TLS). quic
Fairness demands acknowledging where classical protocols genuinely excel:
| Advantage | IRC | quicproquo |
| Advantage | IRC | quicprochat |
|---|---|---|
| **Simplicity** | Telnet-compatible text protocol | Binary protocol requiring client implementation |
| **Maturity** | 35+ years of production use | Early-stage research project |
@@ -493,7 +493,7 @@ Fairness demands acknowledging where classical protocols genuinely excel:
| **Public channels** | Designed for open, unencrypted discussion | Designed for private, encrypted communication |
| **Anonymity** | No identity required | Requires Ed25519 identity keypair |
IRC remains an excellent choice for **public, open discussion** where encryption is not needed and simplicity is valued. quicproquo is designed for a different threat model: private communication where **confidentiality, forward secrecy, and post-compromise security** are requirements, not luxuries.
IRC remains an excellent choice for **public, open discussion** where encryption is not needed and simplicity is valued. quicprochat is designed for a different threat model: private communication where **confidentiality, forward secrecy, and post-compromise security** are requirements, not luxuries.
---
@@ -501,10 +501,10 @@ IRC remains an excellent choice for **public, open discussion** where encryption
For users and operators coming from classical chat systems, here is what changes practically:
| Concern | Classical (IRC/XMPP) | quicproquo |
| Concern | Classical (IRC/XMPP) | quicprochat |
|---|---|---|
| **Server setup** | Install IRCd, configure TLS cert | `cargo build && ./qpq-server` (auto-generates TLS cert) |
| **Client setup** | Install any IRC client | `./quicproquo-client register-user` (generates Ed25519 identity) |
| **Server setup** | Install IRCd, configure TLS cert | `cargo build && ./qpc-server` (auto-generates TLS cert) |
| **Client setup** | Install any IRC client | `./quicprochat-client register-user` (generates Ed25519 identity) |
| **Joining a group** | `/join #channel` | Receive MLS Welcome message from group creator |
| **Sending a message** | Type and press enter | Same -- client handles MLS encryption transparently |
| **Server admin sees messages** | Yes (always) | No (never -- server sees only ciphertext) |
@@ -518,7 +518,7 @@ For users and operators coming from classical chat systems, here is what changes
- [Why This Design, Not Signal/Matrix/...](why-not-signal.md) -- comparison with modern E2E-encrypted protocols
- [Protocol Layers Overview](../protocol-layers/overview.md) -- detailed protocol stack documentation
- [Threat Model](../cryptography/threat-model.md) -- what quicproquo does and does not protect against
- [Threat Model](../cryptography/threat-model.md) -- what quicprochat does and does not protect against
- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- hybrid KEM design and rationale
- [MLS (RFC 9420)](../protocol-layers/mls.md) -- deep dive into the group key agreement protocol
- [Architecture Overview](../architecture/overview.md) -- system-level architecture

34
docs/src/design-rationale/why-not-signal.md
View File

@@ -1,6 +1,6 @@
# Why This Design, Not Signal/Matrix/...
This page compares quicproquo's protocol choices against two widely deployed secure messaging systems -- the Signal Protocol and the Matrix ecosystem (Olm/Megolm) -- to explain why a different architecture was chosen. The comparison covers four dimensions: group key agreement, transport, serialisation, and overall trade-offs.
This page compares quicprochat's protocol choices against two widely deployed secure messaging systems -- the Signal Protocol and the Matrix ecosystem (Olm/Megolm) -- to explain why a different architecture was chosen. The comparison covers four dimensions: group key agreement, transport, serialisation, and overall trade-offs.
---
@@ -26,11 +26,11 @@ The Signal Protocol was designed for **1:1 messaging** and later extended to gro
- Group membership changes require O(n) pairwise Sender Key distributions. Adding or removing a member requires the affected member to generate a new Sender Key and distribute it to all n-1 other members.
- The pairwise key exchange for initial setup is O(n^2): each of n members must establish a Double Ratchet session with each of the other n-1 members.
**Limitations for quicproquo's use case:**
**Limitations for quicprochat's use case:**
- O(n^2) pairwise setup cost limits practical group size.
- No post-compromise security for groups is a significant gap.
- The protocol requires a central server for X3DH prekey bundle distribution (similar to quicproquo's AS, but tightly coupled to the Signal server).
- The protocol requires a central server for X3DH prekey bundle distribution (similar to quicprochat's AS, but tightly coupled to the Signal server).
### Matrix / Olm / Megolm
@@ -54,15 +54,15 @@ The Matrix ecosystem uses two distinct cryptographic protocols:
- **Eventually consistent state** model means that room membership, key sharing, and message ordering can diverge between homeservers. The client must reconcile these inconsistencies, adding complexity to the state machine.
- **Device verification** is a persistent UX challenge. The cross-signing mechanism is powerful but difficult for users to understand.
**Limitations for quicproquo's use case:**
**Limitations for quicprochat's use case:**
- No post-compromise security for groups (same limitation as Signal's Sender Keys).
- Federation adds latency, metadata exposure, and state management complexity that quicproquo does not need.
- Federation adds latency, metadata exposure, and state management complexity that quicprochat does not need.
- JSON-based wire format is inefficient (see serialisation comparison below).
### quicproquo: MLS (RFC 9420)
### quicprochat: MLS (RFC 9420)
quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as RFC 9420 by the IETF.
quicprochat uses the **Messaging Layer Security (MLS)** protocol, standardized as RFC 9420 by the IETF.
**Key properties:**
@@ -74,7 +74,7 @@ quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as
**Cost of group operations:**
| Operation | Signal (Sender Keys) | Matrix (Megolm) | MLS (quicproquo) |
| Operation | Signal (Sender Keys) | Matrix (Megolm) | MLS (quicprochat) |
|---|---|---|---|
| Add member | O(n) Sender Key distributions | O(n) Megolm session shares | O(log n) tree update |
| Remove member | O(n) Sender Key rotations | O(n) new Megolm session | O(log n) tree update |
@@ -87,7 +87,7 @@ quicproquo uses the **Messaging Layer Security (MLS)** protocol, standardized as
The transport layer determines how encrypted payloads reach the server and how client-server authentication is performed.
| Property | Signal | Matrix | quicproquo |
| Property | Signal | Matrix | quicprochat |
|---|---|---|---|
| **Transport protocol** | TLS over TCP (HTTP/2) | HTTPS (TLS over TCP) | QUIC (UDP) + TLS 1.3 |
| **Multiplexing** | HTTP/2 stream multiplexing | HTTP/1.1 or HTTP/2 | Native QUIC stream multiplexing |
@@ -106,7 +106,7 @@ QUIC eliminates TCP head-of-line blocking, which is particularly important for a
The serialisation format determines the overhead of encoding and decoding messages, the type safety of the wire format, and the feasibility of schema evolution.
| Property | Signal (Protobuf) | Matrix (JSON) | quicproquo (Cap'n Proto) |
| Property | Signal (Protobuf) | Matrix (JSON) | quicprochat (Cap'n Proto) |
|---|---|---|---|
| **Format** | Binary, schema-defined | Text, schema-optional (JSON Schema exists but is not enforced by the wire format) | Binary, schema-defined |
| **Deserialization cost** | Requires a decode pass (allocates and copies) | Requires a parse pass (allocates, copies, and handles UTF-8) | **Zero-copy**: the wire bytes are the in-memory representation. Readers traverse pointers in-place. |
@@ -118,7 +118,7 @@ The serialisation format determines the overhead of encoding and decoding messag
**Why Cap'n Proto over Protobuf?**
While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n Proto provides two features that are particularly valuable for quicproquo:
While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n Proto provides two features that are particularly valuable for quicprochat:
1. **Zero-copy deserialization** eliminates a class of allocation and performance overhead. In a messaging system that processes many small messages, avoiding deserialization copies adds up.
2. **Built-in RPC** means that Cap'n Proto is both the serialisation format and the RPC framework. There is no need for a separate gRPC or HTTP layer. The same `.capnp` schema file defines both the data structures and the service interface.
@@ -128,7 +128,7 @@ While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n P
## Summary comparison table
| Dimension | Signal | Matrix | quicproquo |
| Dimension | Signal | Matrix | quicprochat |
|---|---|---|---|
| **1:1 encryption** | Double Ratchet (FS + PCS) | Olm / Double Ratchet (FS + PCS) | MLS (FS + PCS) |
| **Group encryption** | Sender Keys (FS only) | Megolm (FS only) | MLS (FS + PCS) |
@@ -143,13 +143,13 @@ While Protobuf is a reasonable choice (and Signal uses it successfully), Cap'n P
---
## What quicproquo gives up
## What quicprochat gives up
No design is without trade-offs. Compared to Signal and Matrix, quicproquo:
No design is without trade-offs. Compared to Signal and Matrix, quicprochat:
- **Has no federation.** A single server per deployment means no decentralized architecture. This is a deliberate simplification -- federation adds significant complexity and metadata exposure.
- **Is less mature.** Signal and Matrix have years of production hardening, formal security audits, and battle-tested implementations. quicproquo is in early development.
- **Has a smaller ecosystem.** Signal and Matrix have extensive client libraries, bridges, and integrations. quicproquo is a standalone Rust implementation.
- **Is less mature.** Signal and Matrix have years of production hardening, formal security audits, and battle-tested implementations. quicprochat is in early development.
- **Has a smaller ecosystem.** Signal and Matrix have extensive client libraries, bridges, and integrations. quicprochat is a standalone Rust implementation.
- **Requires MLS client complexity.** MLS clients must maintain a ratchet tree, process Commits, and handle epoch transitions. This is more complex than a simple symmetric ratchet (Sender Keys / Megolm), though the complexity buys post-compromise security.
---
@@ -158,6 +158,6 @@ No design is without trade-offs. Compared to Signal and Matrix, quicproquo:
- [Design Decisions Overview](overview.md) -- index of all ADRs
- [ADR-002: Cap'n Proto over MessagePack](adr-002-capnproto.md) -- serialisation format choice
- [Protocol Layers Overview](../protocol-layers/overview.md) -- how quicproquo's layers compose
- [Protocol Layers Overview](../protocol-layers/overview.md) -- how quicprochat's layers compose
- [MLS (RFC 9420)](../protocol-layers/mls.md) -- deep dive into the MLS protocol layer
- [Architecture Overview](../architecture/overview.md) -- system-level architecture

40
docs/src/getting-started/building.md
View File

@@ -22,15 +22,15 @@ This compiles all nine crates in the workspace:
| Crate | Type | Purpose |
|---|---|---|
| `quicproquo-core` | library | Crypto primitives, MLS `GroupMember` state machine, hybrid KEM |
| `quicproquo-proto` | library | Protobuf schemas (prost), generated types, method ID constants |
| `quicproquo-kt` | library | Key Transparency Merkle log |
| `quicproquo-plugin-api` | library | `#![no_std]` C-ABI plugin interface (`HookVTable`) |
| `quicproquo-rpc` | library | QUIC RPC framing, server dispatcher, client, Tower middleware |
| `quicproquo-sdk` | library | `QpqClient`, event broadcast, `ConversationStore` |
| `quicproquo-server` | binary | Unified Authentication + Delivery Service (`qpq-server`) |
| `quicproquo-client` | binary | CLI client (`qpq`) with REPL and subcommands |
| `quicproquo-p2p` | library | iroh P2P layer (compiled when the `mesh` feature is enabled) |
| `quicprochat-core` | library | Crypto primitives, MLS `GroupMember` state machine, hybrid KEM |
| `quicprochat-proto` | library | Protobuf schemas (prost), generated types, method ID constants |
| `quicprochat-kt` | library | Key Transparency Merkle log |
| `quicprochat-plugin-api` | library | `#![no_std]` C-ABI plugin interface (`HookVTable`) |
| `quicprochat-rpc` | library | QUIC RPC framing, server dispatcher, client, Tower middleware |
| `quicprochat-sdk` | library | `QpqClient`, event broadcast, `ConversationStore` |
| `quicprochat-server` | binary | Unified Authentication + Delivery Service (`qpc-server`) |
| `quicprochat-client` | binary | CLI client (`qpc`) with REPL and subcommands |
| `quicprochat-p2p` | library | iroh P2P layer (compiled when the `mesh` feature is enabled) |
For a release build with LTO, symbol stripping, and single codegen unit:
@@ -61,11 +61,11 @@ A `justfile` at the repository root provides shortcuts for common tasks:
| `just lint` | `cargo clippy --workspace -- -D warnings` | Check for warnings (CI-strict) |
| `just fmt` | `cargo fmt --all -- --check` | Check formatting |
| `just fmt-fix` | `cargo fmt --all` | Auto-format |
| `just proto` | `cargo build -p quicproquo-proto` | Trigger Protobuf codegen |
| `just rpc` | `cargo build -p quicproquo-rpc` | Build RPC framework only |
| `just sdk` | `cargo build -p quicproquo-sdk` | Build client SDK only |
| `just server` | `cargo build -p quicproquo-server` | Build server only |
| `just client` | `cargo build -p quicproquo-client` | Build CLI client only |
| `just proto` | `cargo build -p quicprochat-proto` | Trigger Protobuf codegen |
| `just rpc` | `cargo build -p quicprochat-rpc` | Build RPC framework only |
| `just sdk` | `cargo build -p quicprochat-sdk` | Build client SDK only |
| `just server` | `cargo build -p quicprochat-server` | Build server only |
| `just client` | `cargo build -p quicprochat-client` | Build CLI client only |
| `just clean` | `cargo clean` | Remove build artifacts |
---
@@ -88,16 +88,16 @@ cargo test --workspace -- --test-threads 1
To run tests for a single crate:
```bash
cargo test -p quicproquo-core
cargo test -p quicproquo-server
cargo test -p quicproquo-rpc
cargo test -p quicprochat-core
cargo test -p quicprochat-server
cargo test -p quicprochat-rpc
```
---
## Protobuf code generation
The `quicproquo-proto` crate does not contain hand-written Rust types for wire messages. Instead, its `build.rs` script uses `prost-build` to generate Rust source from the `.proto` schema files in `proto/qpq/v1/`.
The `quicprochat-proto` crate does not contain hand-written Rust types for wire messages. Instead, its `build.rs` script uses `prost-build` to generate Rust source from the `.proto` schema files in `proto/qpc/v1/`.
### How it works
@@ -110,7 +110,7 @@ The `quicproquo-proto` crate does not contain hand-written Rust types for wire m
The `build.rs` script emits `cargo:rerun-if-changed` directives for each `.proto` file. Modifying a schema triggers automatic re-generation on the next `cargo build`.
### Design constraints of `quicproquo-proto`
### Design constraints of `quicprochat-proto`
The proto crate is intentionally restricted:
@@ -141,7 +141,7 @@ xcode-select --install
Run E2E tests with `--test-threads 1` to serialise the tests and avoid bind conflicts on the shared test port:
```bash
cargo test -p quicproquo-client --test e2e -- --test-threads 1
cargo test -p quicprochat-client --test e2e -- --test-threads 1
```
---

18
docs/src/getting-started/certificate-lifecycle.md
View File

@@ -1,6 +1,6 @@
# Certificate lifecycle and CA-signed TLS
This page describes how to use CA-issued certificates with quicproquo and how to think about certificate pinning, rotation, and lifecycle.
This page describes how to use CA-issued certificates with quicprochat and how to think about certificate pinning, rotation, and lifecycle.
For basic server TLS setup (self-signed certs, generation), see [Running the Server](running-the-server.md#tls-certificate-handling).
@@ -8,8 +8,8 @@ For basic server TLS setup (self-signed certs, generation), see [Running the Ser
## Current behaviour
- **Server:** Uses a single TLS certificate and private key (DER format). If the files are missing and the server is not in production mode, it generates a self-signed certificate. Production mode (`QPQ_PRODUCTION=1`) requires existing cert and key files.
- **Client:** Trusts exactly the roots in the file given by `--ca-cert` (or `QPQ_CA_CERT`). Typically this is the server's own certificate (pinning) or a CA that signed the server cert.
- **Server:** Uses a single TLS certificate and private key (DER format). If the files are missing and the server is not in production mode, it generates a self-signed certificate. Production mode (`QPC_PRODUCTION=1`) requires existing cert and key files.
- **Client:** Trusts exactly the roots in the file given by `--ca-cert` (or `QPC_CA_CERT`). Typically this is the server's own certificate (pinning) or a CA that signed the server cert.
---
@@ -20,7 +20,7 @@ To pin the server so the client only connects to that server:
1. Copy the server's certificate file (e.g. `data/server-cert.der`) from the server (or your deployment).
2. Use that file as the client's CA cert:
```bash
qpq --ca-cert /path/to/server-cert.der ...
qpc --ca-cert /path/to/server-cert.der ...
```
3. The client will only accept a connection if the server presents that exact certificate (or a chain ending in it). No separate CA bundle is required.
@@ -43,12 +43,12 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt):
```
2. **Configure the server** to use those paths:
```bash
export QPQ_TLS_CERT=/etc/quicproquo/server-cert.der
export QPQ_TLS_KEY=/etc/quicproquo/server-key.der
export QPC_TLS_CERT=/etc/quicprochat/server-cert.der
export QPC_TLS_KEY=/etc/quicprochat/server-key.der
```
3. **Configure the client** to trust the CA that signed the server cert. Use the CAs certificate (or the CA bundle) as `--ca-cert`:
```bash
qpq --ca-cert /etc/ssl/certs/your-ca.der --server-name your.server.example ...
qpc --ca-cert /etc/ssl/certs/your-ca.der --server-name your.server.example ...
```
The `--server-name` must match the certificates SAN (e.g. DNS name).
@@ -60,7 +60,7 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt):
- **Manual rotation:** Replace `server-cert.der` and `server-key.der` on disk, then restart the server. Clients that pin the new cert must be updated with the new cert file.
- **Lets Encrypt renewal:** After renewing (e.g. via certbot), convert the new cert and key to DER, replace the files, and restart the server. If clients use the CA cert (e.g. ISRG Root X1) as `--ca-cert`, they do not need updates when the server cert is renewed.
- **OCSP / CRL:** The quicproquo server does not currently perform OCSP stapling or CRL checks. Revocation is handled by the client or by operational procedures (e.g. short-lived certs, rotation on compromise).
- **OCSP / CRL:** The quicprochat server does not currently perform OCSP stapling or CRL checks. Revocation is handled by the client or by operational procedures (e.g. short-lived certs, rotation on compromise).
---
@@ -70,6 +70,6 @@ To use a certificate issued by a public CA (e.g. Let's Encrypt):
|------------------|-------------|--------------------|
| Pinned (single server) | Self-signed or any | Servers cert file |
| CA-issued | Lets Encrypt (or other CA) | CA cert (or bundle) |
| Production | Always use existing cert/key; set `QPQ_PRODUCTION=1` | CA or pinned server cert |
| Production | Always use existing cert/key; set `QPC_PRODUCTION=1` | CA or pinned server cert |
For production, prefer either (a) certificate pinning with the servers cert or (b) a CA-issued server cert with clients trusting the CA, and plan for rotation and restart (or future reload support).

26
docs/src/getting-started/demo-walkthrough.md
View File

@@ -75,13 +75,13 @@ You will need **three terminal windows**: one for the server, one for Alice, and
In **Terminal 1** (Server):
```bash
cargo run -p quicproquo-server
cargo run -p quicprochat-server
```
Wait for the log line confirming it is accepting connections:
```
INFO quicproquo_server: accepting QUIC connections addr="0.0.0.0:7000"
INFO quicprochat_server: accepting QUIC connections addr="0.0.0.0:7000"
```
If this is the first run, you will also see a log line about generating the self-signed TLS certificate. The certificate is written to `data/server-cert.der`, which the client will use for TLS verification.
@@ -91,7 +91,7 @@ If this is the first run, you will also see a log line about generating the self
In **Terminal 2** (Alice):
```bash
cargo run -p quicproquo-client -- register-state \
cargo run -p quicprochat-client -- register-state \
--state alice.bin \
--server 127.0.0.1:7000
```
@@ -116,7 +116,7 @@ KeyPackage uploaded successfully.
In **Terminal 3** (Bob):
```bash
cargo run -p quicproquo-client -- register-state \
cargo run -p quicprochat-client -- register-state \
--state bob.bin \
--server 127.0.0.1:7000
```
@@ -137,7 +137,7 @@ In **Terminal 2** (Alice):
First, create the group:
```bash
cargo run -p quicproquo-client -- create-group \
cargo run -p quicprochat-client -- create-group \
--state alice.bin \
--group-id "demo-chat"
```
@@ -151,7 +151,7 @@ Alice is now the sole member of the group at epoch 0.
Next, invite Bob using his identity key from Step 3:
```bash
cargo run -p quicproquo-client -- invite \
cargo run -p quicprochat-client -- invite \
--state alice.bin \
--peer-key <BOB_KEY> \
--server 127.0.0.1:7000
@@ -173,7 +173,7 @@ Alice's group state has now advanced to epoch 1.
In **Terminal 3** (Bob):
```bash
cargo run -p quicproquo-client -- join \
cargo run -p quicprochat-client -- join \
--state bob.bin \
--server 127.0.0.1:7000
```
@@ -195,7 +195,7 @@ Bob is now a member of the group at epoch 1, sharing the same group secret as Al
In **Terminal 2** (Alice):
```bash
cargo run -p quicproquo-client -- send \
cargo run -p quicprochat-client -- send \
--state alice.bin \
--peer-key <BOB_KEY> \
--msg "Hello Bob, this is encrypted with MLS!" \
@@ -215,7 +215,7 @@ message sent
In **Terminal 3** (Bob):
```bash
cargo run -p quicproquo-client -- recv \
cargo run -p quicprochat-client -- recv \
--state bob.bin \
--server 127.0.0.1:7000
```
@@ -233,7 +233,7 @@ This command:
In **Terminal 3** (Bob):
```bash
cargo run -p quicproquo-client -- send \
cargo run -p quicprochat-client -- send \
--state bob.bin \
--peer-key <ALICE_KEY> \
--msg "Hi Alice, received loud and clear!" \
@@ -249,7 +249,7 @@ message sent
In **Terminal 2** (Alice):
```bash
cargo run -p quicproquo-client -- recv \
cargo run -p quicprochat-client -- recv \
--state alice.bin \
--server 127.0.0.1:7000
```
@@ -266,7 +266,7 @@ If you want to see the entire flow in a single command without managing three te
```bash
# Ensure the server is running, then:
cargo run -p quicproquo-client -- demo-group --server 127.0.0.1:7000
cargo run -p quicprochat-client -- demo-group --server 127.0.0.1:7000
```
```
@@ -327,7 +327,7 @@ Ensure the client has access to the server's TLS certificate. By default, both s
- [REPL Command Reference](repl-reference.md) -- complete list of 40+ slash commands
- [Rich Messaging](rich-messaging.md) -- reactions, typing indicators, edit/delete
- [File Transfer](file-transfer.md) -- chunked upload/download with SHA-256 verification
- [Go SDK](go-sdk.md) -- build Go applications against the qpq server
- [Go SDK](go-sdk.md) -- build Go applications against the qpc server
- [TypeScript SDK & Browser Demo](typescript-sdk.md) -- WASM crypto in the browser
- [Mesh Networking](mesh-networking.md) -- P2P, broadcast channels, store-and-forward
- [MLS (RFC 9420)](../protocol-layers/mls.md) -- how the MLS group operations work

80
docs/src/getting-started/docker.md
View File

@@ -1,6 +1,6 @@
# Docker Deployment
quicproquo includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers.
quicprochat includes a multi-stage Dockerfile and a Docker Compose configuration for building and running the server in containers.
---
@@ -40,11 +40,11 @@ services:
- "7000:7000/udp"
environment:
RUST_LOG: "info"
QPQ_LISTEN: "0.0.0.0:7000"
QPQ_DATA_DIR: "/var/lib/quicproquo"
QPQ_PRODUCTION: "true"
QPC_LISTEN: "0.0.0.0:7000"
QPC_DATA_DIR: "/var/lib/quicprochat"
QPC_PRODUCTION: "true"
volumes:
- server-data:/var/lib/quicproquo
- server-data:/var/lib/quicprochat
restart: unless-stopped
volumes:
@@ -74,7 +74,7 @@ WORKDIR /build
# Copy manifests first so dependency layers are cached independently of source.
COPY Cargo.toml Cargo.lock ./
COPY crates/quicproquo-core/Cargo.toml crates/quicproquo-core/Cargo.toml
COPY crates/quicprochat-core/Cargo.toml crates/quicprochat-core/Cargo.toml
# ... (all 9 crate manifests)
# Create dummy source files for dependency caching.
@@ -84,11 +84,11 @@ RUN mkdir -p ... && echo 'fn main() {}' > ...
COPY schemas/ schemas/
# Build dependencies only (cache layer).
RUN cargo build --release --bin qpq-server 2>/dev/null || true
RUN cargo build --release --bin qpc-server 2>/dev/null || true
# Copy real source and build for real.
COPY crates/ crates/
RUN cargo build --release --bin qpq-server
RUN cargo build --release --bin qpc-server
```
Key steps:
@@ -96,7 +96,7 @@ Key steps:
1. **Base image**: `rust:bookworm` (Debian Bookworm with the Rust toolchain pre-installed).
2. **No system compiler required**: Unlike v1, the builder stage does not install `capnproto`. The v2 Protobuf compiler is vendored by `protobuf-src` and compiled automatically as part of `cargo build`.
3. **Copy manifests first**: `Cargo.toml` and `Cargo.lock` are copied before source code with dummy stubs so that dependency compilation is cached in a separate Docker layer.
4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicproquo-proto/build.rs` references it.
4. **Copy schemas**: The `schemas/` directory is copied before the dependency build because `quicprochat-proto/build.rs` references it.
5. **Copy real source and build**: After the dependency cache layer, real source files are copied in and `cargo build --release` produces the final binary.
### Stage 2: Runtime (`debian:bookworm-slim`)
@@ -108,39 +108,39 @@ RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /build/target/release/qpq-server /usr/local/bin/qpq-server
COPY --from=builder /build/target/release/qpc-server /usr/local/bin/qpc-server
RUN groupadd --system qpq \
&& useradd --system --gid qpq --no-create-home --shell /usr/sbin/nologin qpq \
&& mkdir -p /var/lib/quicproquo \
&& chown qpq:qpq /var/lib/quicproquo
RUN groupadd --system qpc \
&& useradd --system --gid qpc --no-create-home --shell /usr/sbin/nologin qpc \
&& mkdir -p /var/lib/quicprochat \
&& chown qpc:qpc /var/lib/quicprochat
EXPOSE 7000
VOLUME ["/var/lib/quicproquo"]
VOLUME ["/var/lib/quicprochat"]
ENV RUST_LOG=info \
QPQ_LISTEN=0.0.0.0:7000 \
QPQ_DATA_DIR=/var/lib/quicproquo \
QPQ_TLS_CERT=/var/lib/quicproquo/server-cert.der \
QPQ_TLS_KEY=/var/lib/quicproquo/server-key.der \
QPQ_PRODUCTION=true
QPC_LISTEN=0.0.0.0:7000 \
QPC_DATA_DIR=/var/lib/quicprochat \
QPC_TLS_CERT=/var/lib/quicprochat/server-cert.der \
QPC_TLS_KEY=/var/lib/quicprochat/server-key.der \
QPC_PRODUCTION=true
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
CMD test -f /var/lib/quicproquo/server-cert.der || exit 1
CMD test -f /var/lib/quicprochat/server-cert.der || exit 1
USER qpq
USER qpc
CMD ["qpq-server"]
CMD ["qpc-server"]
```
Key characteristics:
- **Minimal image**: No Rust toolchain, no build tools, no `protoc` binary.
- **`ca-certificates`**: Included for future HTTPS calls (e.g., ACME certificate provisioning).
- **Dedicated user**: The container runs as the `qpq` system user (not `root`) for defense in depth.
- **Named volume**: `/var/lib/quicproquo` is declared as a `VOLUME` for data persistence.
- **`QPQ_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token.
- **Dedicated user**: The container runs as the `qpc` system user (not `root`) for defense in depth.
- **Named volume**: `/var/lib/quicprochat` is declared as a `VOLUME` for data persistence.
- **`QPC_PRODUCTION=true`**: The runtime image defaults to production mode, requiring pre-existing TLS certificates and a strong auth token.
---
@@ -153,7 +153,7 @@ services:
server:
# ... existing config ...
volumes:
- server-data:/var/lib/quicproquo
- server-data:/var/lib/quicprochat
volumes:
server-data:
@@ -165,13 +165,13 @@ Or use a bind mount for easier inspection:
mkdir -p ./server-data
docker run -d \
--name quicproquo \
--name quicprochat \
-p 7000:7000/udp \
-v "$(pwd)/server-data:/var/lib/quicproquo" \
-e QPQ_ALLOW_INSECURE_AUTH=true \
-e QPQ_PRODUCTION=false \
-v "$(pwd)/server-data:/var/lib/quicprochat" \
-e QPC_ALLOW_INSECURE_AUTH=true \
-e QPC_PRODUCTION=false \
-e RUST_LOG=info \
qpq-server
qpc-server
```
Without a volume, all server state (including TLS certificates and message queues) is lost when the container is removed. The server will generate a new self-signed certificate on each fresh start, which means clients will need the new certificate to connect.
@@ -183,19 +183,19 @@ Without a volume, all server state (including TLS certificates and message queue
To build the Docker image without starting a container:
```bash
docker build -t qpq-server -f docker/Dockerfile .
docker build -t qpc-server -f docker/Dockerfile .
```
To run it in development mode (without production validation):
```bash
docker run -d \
--name quicproquo \
--name quicprochat \
-p 7000:7000/udp \
-e QPQ_ALLOW_INSECURE_AUTH=true \
-e QPQ_PRODUCTION=false \
-e QPC_ALLOW_INSECURE_AUTH=true \
-e QPC_PRODUCTION=false \
-e RUST_LOG=info \
qpq-server
qpc-server
```
---
@@ -206,15 +206,15 @@ When the server runs in Docker with `docker compose up`, the client can connect
```bash
# Extract the server's TLS cert from the container volume
docker compose cp server:/var/lib/quicproquo/server-cert.der ./data/server-cert.der
docker compose cp server:/var/lib/quicprochat/server-cert.der ./data/server-cert.der
# Connect
cargo run -p quicproquo-client -- ping \
cargo run -p quicprochat-client -- ping \
--ca-cert ./data/server-cert.der \
--server-name localhost
```
If you mounted a bind volume (e.g., `./server-data:/var/lib/quicproquo`), the certificate is directly accessible at `./server-data/server-cert.der`.
If you mounted a bind volume (e.g., `./server-data:/var/lib/quicprochat`), the certificate is directly accessible at `./server-data/server-cert.der`.
---

146
docs/src/getting-started/ffi.md
View File

@@ -1,7 +1,7 @@
# C FFI Bindings
The `quicproquo-ffi` crate provides a synchronous C API for the quicproquo
messaging client. It wraps the async `quicproquo-client` library behind an
The `quicprochat-ffi` crate provides a synchronous C API for the quicprochat
messaging client. It wraps the async `quicprochat-client` library behind an
opaque handle, so C, Python, Swift, or any language with C FFI support can
connect, authenticate, send messages, and receive messages.
@@ -13,26 +13,26 @@ internals.
```bash
# Shared library (.so / .dylib / .dll) + static archive (.a)
cargo build --release -p quicproquo-ffi
cargo build --release -p quicprochat-ffi
```
Output:
| Platform | Shared library | Static library |
|----------|---------------------------------------------|-----------------------------------------|
| Linux | `target/release/libquicproquo_ffi.so` | `target/release/libquicproquo_ffi.a` |
| macOS | `target/release/libquicproquo_ffi.dylib` | `target/release/libquicproquo_ffi.a` |
| Windows | `target/release/quicproquo_ffi.dll` | `target/release/quicproquo_ffi.lib` |
| Linux | `target/release/libquicprochat_ffi.so` | `target/release/libquicprochat_ffi.a` |
| macOS | `target/release/libquicprochat_ffi.dylib` | `target/release/libquicprochat_ffi.a` |
| Windows | `target/release/quicprochat_ffi.dll` | `target/release/quicprochat_ffi.lib` |
## Status Codes
| Code | Constant | Meaning |
|------|--------------------|------------------------------------------|
| 0 | `QPQ_OK` | Success |
| 1 | `QPQ_ERROR` | Generic error (check `qpq_last_error`) |
| 2 | `QPQ_AUTH_FAILED` | OPAQUE authentication failed |
| 3 | `QPQ_TIMEOUT` | Receive timed out with no messages |
| 4 | `QPQ_NOT_CONNECTED`| Handle is null or not logged in |
| 0 | `QPC_OK` | Success |
| 1 | `QPC_ERROR` | Generic error (check `qpc_last_error`) |
| 2 | `QPC_AUTH_FAILED` | OPAQUE authentication failed |
| 3 | `QPC_TIMEOUT` | Receive timed out with no messages |
| 4 | `QPC_NOT_CONNECTED`| Handle is null or not logged in |
## C API Reference
@@ -40,10 +40,10 @@ All functions use the `extern "C"` calling convention. All string parameters
must be valid, non-null, null-terminated UTF-8. The opaque handle type is
`QpqHandle *`.
### `qpq_connect`
### `qpc_connect`
```c
QpqHandle *qpq_connect(
QpqHandle *qpc_connect(
const char *server, /* "host:port", e.g. "127.0.0.1:7000" */
const char *ca_cert, /* path to CA certificate file (DER) */
const char *server_name /* TLS server name, e.g. "localhost" */
@@ -54,11 +54,11 @@ Creates a Tokio runtime, performs a health check against the server, and
returns a heap-allocated opaque handle. Returns `NULL` on failure (invalid
arguments, server unreachable, or runtime creation failed).
### `qpq_login`
### `qpc_login`
```c
int32_t qpq_login(
QpqHandle *handle, /* handle from qpq_connect */
int32_t qpc_login(
QpqHandle *handle, /* handle from qpc_connect */
const char *username, /* OPAQUE username */
const char *password /* OPAQUE password */
);
@@ -66,16 +66,16 @@ int32_t qpq_login(
Authenticates with the server using OPAQUE (password-authenticated key
exchange). On success the handle is marked as logged-in and subsequent
`qpq_send`/`qpq_receive` calls use the authenticated session.
`qpc_send`/`qpc_receive` calls use the authenticated session.
**Returns:** `QPQ_OK` on success, `QPQ_AUTH_FAILED` on bad credentials,
`QPQ_NOT_CONNECTED` if the handle is null, or `QPQ_ERROR` on other failures.
**Returns:** `QPC_OK` on success, `QPC_AUTH_FAILED` on bad credentials,
`QPC_NOT_CONNECTED` if the handle is null, or `QPC_ERROR` on other failures.
### `qpq_send`
### `qpc_send`
```c
int32_t qpq_send(
QpqHandle *handle, /* handle from qpq_connect */
int32_t qpc_send(
QpqHandle *handle, /* handle from qpc_connect */
const char *recipient, /* recipient username (null-terminated) */
const uint8_t *message, /* message bytes (UTF-8, not null-terminated) */
size_t message_len /* length of message in bytes */
@@ -86,14 +86,14 @@ Resolves the recipient by username, then sends an MLS-encrypted message
through the server. The `message` buffer must contain valid UTF-8 of at least
`message_len` bytes. The handle must be logged in.
**Returns:** `QPQ_OK` on success, `QPQ_NOT_CONNECTED` if not logged in, or
`QPQ_ERROR` on failure (recipient not found, network error, etc.).
**Returns:** `QPC_OK` on success, `QPC_NOT_CONNECTED` if not logged in, or
`QPC_ERROR` on failure (recipient not found, network error, etc.).
### `qpq_receive`
### `qpc_receive`
```c
int32_t qpq_receive(
QpqHandle *handle, /* handle from qpq_connect */
int32_t qpc_receive(
QpqHandle *handle, /* handle from qpc_connect */
uint32_t timeout_ms, /* maximum wait time in milliseconds */
char **out_json /* output: heap-allocated JSON string */
);
@@ -102,48 +102,48 @@ int32_t qpq_receive(
Blocks up to `timeout_ms` milliseconds waiting for pending messages. On
success, `*out_json` points to a null-terminated JSON string containing an
array of decrypted message strings (e.g., `["hello","world"]`). The caller
**must** free this string with `qpq_free_string`.
**must** free this string with `qpc_free_string`.
**Returns:** `QPQ_OK` on success (even if the array is empty),
`QPQ_TIMEOUT` if the wait expires with no messages, `QPQ_NOT_CONNECTED` if
not logged in, or `QPQ_ERROR` on failure.
**Returns:** `QPC_OK` on success (even if the array is empty),
`QPC_TIMEOUT` if the wait expires with no messages, `QPC_NOT_CONNECTED` if
not logged in, or `QPC_ERROR` on failure.
### `qpq_disconnect`
### `qpc_disconnect`
```c
void qpq_disconnect(QpqHandle *handle);
void qpc_disconnect(QpqHandle *handle);
```
Shuts down the Tokio runtime and frees the handle. After this call, the
handle must not be used again. Passing `NULL` is a safe no-op.
### `qpq_last_error`
### `qpc_last_error`
```c
const char *qpq_last_error(const QpqHandle *handle);
const char *qpc_last_error(const QpqHandle *handle);
```
Returns the last error message recorded on the handle, or `NULL` if no error
has occurred. The returned pointer is valid **only** until the next FFI call
on the same handle. Do **not** free this pointer -- it is owned by the handle.
### `qpq_free_string`
### `qpc_free_string`
```c
void qpq_free_string(char *ptr);
void qpc_free_string(char *ptr);
```
Frees a string previously returned by `qpq_receive` via the `out_json`
Frees a string previously returned by `qpc_receive` via the `out_json`
output parameter. Passing `NULL` is a safe no-op. Do **not** use this to
free strings from `qpq_last_error`.
free strings from `qpc_last_error`.
## Memory Management Rules
1. **`QpqHandle`** is heap-allocated by `qpq_connect` and freed by
`qpq_disconnect`. Do not use the handle after disconnecting.
2. **`out_json` from `qpq_receive`** is heap-allocated. Free it with
`qpq_free_string`.
3. **`qpq_last_error`** returns a pointer owned by the handle. Do not free
1. **`QpqHandle`** is heap-allocated by `qpc_connect` and freed by
`qpc_disconnect`. Do not use the handle after disconnecting.
2. **`out_json` from `qpc_receive`** is heap-allocated. Free it with
`qpc_free_string`.
3. **`qpc_last_error`** returns a pointer owned by the handle. Do not free
it; it is valid until the next FFI call on the same handle.
4. All `const char *` input parameters are borrowed for the duration of the
call and not stored beyond it.
@@ -154,11 +154,11 @@ Every function that returns `int32_t` uses the status codes above. The
recommended pattern is:
```c
int rc = qpq_login(handle, "alice", "password123");
if (rc != QPQ_OK) {
const char *err = qpq_last_error(handle);
int rc = qpc_login(handle, "alice", "password123");
if (rc != QPC_OK) {
const char *err = qpc_last_error(handle);
fprintf(stderr, "login failed (code %d): %s\n", rc, err ? err : "unknown");
qpq_disconnect(handle);
qpc_disconnect(handle);
return 1;
}
```
@@ -169,48 +169,48 @@ if (rc != QPQ_OK) {
#include <stdio.h>
#include <string.h>
/* Link with: -lquicproquo_ffi -lpthread -ldl -lm */
/* Link with: -lquicprochat_ffi -lpthread -ldl -lm */
typedef struct QpqHandle QpqHandle;
extern QpqHandle *qpq_connect(const char *, const char *, const char *);
extern int qpq_login(QpqHandle *, const char *, const char *);
extern int qpq_send(QpqHandle *, const char *, const unsigned char *, unsigned long);
extern int qpq_receive(QpqHandle *, unsigned int, char **);
extern void qpq_disconnect(QpqHandle *);
extern const char *qpq_last_error(const QpqHandle *);
extern void qpq_free_string(char *);
extern QpqHandle *qpc_connect(const char *, const char *, const char *);
extern int qpc_login(QpqHandle *, const char *, const char *);
extern int qpc_send(QpqHandle *, const char *, const unsigned char *, unsigned long);
extern int qpc_receive(QpqHandle *, unsigned int, char **);
extern void qpc_disconnect(QpqHandle *);
extern const char *qpc_last_error(const QpqHandle *);
extern void qpc_free_string(char *);
#define QPQ_OK 0
#define QPC_OK 0
int main(void) {
QpqHandle *h = qpq_connect("127.0.0.1:7000", "server-cert.der", "localhost");
QpqHandle *h = qpc_connect("127.0.0.1:7000", "server-cert.der", "localhost");
if (!h) {
fprintf(stderr, "connection failed\n");
return 1;
}
if (qpq_login(h, "alice", "secret") != QPQ_OK) {
fprintf(stderr, "login failed: %s\n", qpq_last_error(h));
qpq_disconnect(h);
if (qpc_login(h, "alice", "secret") != QPC_OK) {
fprintf(stderr, "login failed: %s\n", qpc_last_error(h));
qpc_disconnect(h);
return 1;
}
/* Send a message */
const char *msg = "hello from C";
if (qpq_send(h, "bob", (const unsigned char *)msg, strlen(msg)) != QPQ_OK) {
fprintf(stderr, "send failed: %s\n", qpq_last_error(h));
if (qpc_send(h, "bob", (const unsigned char *)msg, strlen(msg)) != QPC_OK) {
fprintf(stderr, "send failed: %s\n", qpc_last_error(h));
}
/* Receive messages (5 second timeout) */
char *json = NULL;
int rc = qpq_receive(h, 5000, &json);
if (rc == QPQ_OK && json) {
int rc = qpc_receive(h, 5000, &json);
if (rc == QPC_OK && json) {
printf("received: %s\n", json);
qpq_free_string(json);
qpc_free_string(json);
}
qpq_disconnect(h);
qpc_disconnect(h);
return 0;
}
```
@@ -218,26 +218,26 @@ int main(void) {
Compile and link:
```bash
gcc -o qpq_demo qpq_demo.c -L target/release -lquicproquo_ffi -lpthread -ldl -lm
LD_LIBRARY_PATH=target/release ./qpq_demo
gcc -o qpc_demo qpc_demo.c -L target/release -lquicprochat_ffi -lpthread -ldl -lm
LD_LIBRARY_PATH=target/release ./qpc_demo
```
## Python Bindings
A ready-made Python `ctypes` wrapper is provided in
[`examples/python/qpq_client.py`](https://github.com/nickvidal/quicproquo/tree/main/examples/python).
[`examples/python/qpc_client.py`](https://github.com/nickvidal/quicprochat/tree/main/examples/python).
```bash
# Build the FFI library first
cargo build --release -p quicproquo-ffi
cargo build --release -p quicprochat-ffi
# Run the Python client
python examples/python/qpq_client.py \
python examples/python/qpc_client.py \
--server 127.0.0.1:7000 \
--ca-cert server-cert.der \
--username alice --password secret \
--receive --timeout 5000
```
Set `QPQ_FFI_LIB=/path/to/libquicproquo_ffi.so` to override automatic
Set `QPC_FFI_LIB=/path/to/libquicprochat_ffi.so` to override automatic
library discovery.

8
docs/src/getting-started/file-transfer.md
View File

@@ -1,6 +1,6 @@
# File Transfer
quicproquo supports encrypted file transfer with chunked upload/download,
quicprochat supports encrypted file transfer with chunked upload/download,
SHA-256 content addressing, and automatic MIME type detection. Files up to
50 MB are supported.
@@ -109,6 +109,6 @@ file extension. For example:
## Implementation
- **Server:** `crates/quicproquo-server/src/node_service/blob_ops.rs`
- **Client REPL:** `/send-file` and `/download` in `crates/quicproquo-client/src/client/repl.rs`
- **Message type:** `FileRef` variant in `crates/quicproquo-core/src/app_message.rs`
- **Server:** `crates/quicprochat-server/src/node_service/blob_ops.rs`
- **Client REPL:** `/send-file` and `/download` in `crates/quicprochat-client/src/client/repl.rs`
- **Message type:** `FileRef` variant in `crates/quicprochat-core/src/app_message.rs`

12
docs/src/getting-started/go-sdk.md
View File

@@ -1,18 +1,18 @@
# Go SDK
The Go SDK (`sdks/go/`) provides a native QUIC + Cap'n Proto client for
quicproquo, giving Go applications full access to the messaging API without
quicprochat, giving Go applications full access to the messaging API without
any HTTP translation layer.
## Prerequisites
- Go 1.21+
- A running qpq server
- A running qpc server
## Installation
```go
import "quicproquo.dev/sdk/go/qpq"
import "quicprochat.dev/sdk/go/qpc"
```
## Quick start
@@ -25,14 +25,14 @@ import (
"fmt"
"log"
"quicproquo.dev/sdk/go/qpq"
"quicprochat.dev/sdk/go/qpc"
)
func main() {
ctx := context.Background()
// Connect to the server
client, err := qpq.Connect(ctx, qpq.Options{
client, err := qpc.Connect(ctx, qpc.Options{
Addr: "127.0.0.1:7000",
InsecureSkipVerify: true, // development only
})
@@ -130,7 +130,7 @@ type Options struct {
sdks/go/
├── proto/ # Generated Cap'n Proto types from node.capnp
├── transport/ # QUIC transport layer (quic-go + TLS 1.3)
├── qpq/ # High-level client API (QpqClient)
├── qpc/ # High-level client API (QpqClient)
├── cmd/example/ # Example CLI program
├── go.mod
└── README.md

40
docs/src/getting-started/mesh-networking.md
View File

@@ -1,6 +1,6 @@
# Mesh Networking
quicproquo includes a mesh networking layer for decentralised, peer-to-peer
quicprochat includes a mesh networking layer for decentralised, peer-to-peer
messaging without central infrastructure. It is designed for community
networks (Freifunk, BATMAN-adv, Babel routing) and offline-capable
environments.
@@ -8,17 +8,17 @@ environments.
Mesh features are **feature-gated** — build the client with:
```bash
cargo build -p quicproquo-client --features mesh
cargo build -p quicprochat-client --features mesh
```
## Architecture
```
Client A ── mDNS discovery ──► nearby qpq node (LAN / mesh)
Client A ── mDNS discovery ──► nearby qpc node (LAN / mesh)
Cap'n Proto federation
remote qpq node (across mesh)
remote qpc node (across mesh)
Client B ── iroh P2P ──────► Client C (direct, NAT-traversed)
```
@@ -44,7 +44,7 @@ persisted in a local JSON file.
## mDNS discovery
Servers announce `_quicproquo._udp.local.` via mDNS on startup with TXT
Servers announce `_quicprochat._udp.local.` via mDNS on startup with TXT
records:
```
@@ -126,14 +126,14 @@ Servers relay messages for recipients on remote nodes:
```bash
# Environment variables
QPQ_FEDERATION_LISTEN=0.0.0.0:7001
QPQ_LOCAL_DOMAIN=node1.mesh.local
QPQ_FEDERATION_CERT=/path/to/cert.der
QPQ_FEDERATION_KEY=/path/to/key.der
QPQ_FEDERATION_CA=/path/to/ca.der
QPC_FEDERATION_LISTEN=0.0.0.0:7001
QPC_LOCAL_DOMAIN=node1.mesh.local
QPC_FEDERATION_CERT=/path/to/cert.der
QPC_FEDERATION_KEY=/path/to/key.der
QPC_FEDERATION_CA=/path/to/ca.der
```
Or in `qpq-server.toml`:
Or in `qpc-server.toml`:
```toml
federation_enabled = true
@@ -146,8 +146,8 @@ federation_listen = "0.0.0.0:7001"
| Protocol | ALPN |
|---|---|
| Client ↔ Server | `b"capnp"` |
| P2P transport | `b"quicproquo/p2p/1"` |
| Federation | `b"quicproquo/federation/1"` |
| P2P transport | `b"quicprochat/p2p/1"` |
| Federation | `b"quicprochat/federation/1"` |
## REPL command summary
@@ -164,12 +164,12 @@ federation_listen = "0.0.0.0:7001"
## Implementation
- **P2P node:** `crates/quicproquo-p2p/src/lib.rs``P2pNode` with iroh
- **P2P node:** `crates/quicprochat-p2p/src/lib.rs``P2pNode` with iroh
transport
- **Mesh identity:** `crates/quicproquo-p2p/src/identity.rs`
- **Store-and-forward:** `crates/quicproquo-p2p/src/store.rs` +
- **Mesh identity:** `crates/quicprochat-p2p/src/identity.rs`
- **Store-and-forward:** `crates/quicprochat-p2p/src/store.rs` +
`envelope.rs`
- **Broadcast:** `crates/quicproquo-p2p/src/broadcast.rs`
- **mDNS discovery:** `crates/quicproquo-client/src/client/mesh_discovery.rs`
- **Federation routing:** `crates/quicproquo-server/src/node_service/delivery.rs`
- **REPL commands:** mesh handlers in `crates/quicproquo-client/src/client/repl.rs`
- **Broadcast:** `crates/quicprochat-p2p/src/broadcast.rs`
- **mDNS discovery:** `crates/quicprochat-client/src/client/mesh_discovery.rs`
- **Federation routing:** `crates/quicprochat-server/src/node_service/delivery.rs`
- **REPL commands:** mesh handlers in `crates/quicprochat-client/src/client/repl.rs`

8
docs/src/getting-started/prerequisites.md
View File

@@ -1,6 +1,6 @@
# Prerequisites
Before building quicproquo you need a Rust toolchain. No other system tools are required — Protobuf compilation is handled automatically at build time by the `protobuf-src` crate, which vendors the `protoc` compiler. Docker is optional and useful for reproducible builds and deployment.
Before building quicprochat you need a Rust toolchain. No other system tools are required — Protobuf compilation is handled automatically at build time by the `protobuf-src` crate, which vendors the `protoc` compiler. Docker is optional and useful for reproducible builds and deployment.
---
@@ -8,7 +8,7 @@ Before building quicproquo you need a Rust toolchain. No other system tools are
**Minimum supported Rust version: 1.77+ (stable)**
quicproquo uses the 2021 edition and workspace resolver v2. Any stable Rust release from 1.77 onward should work. Install or update via [rustup](https://rustup.rs/):
quicprochat uses the 2021 edition and workspace resolver v2. Any stable Rust release from 1.77 onward should work. Install or update via [rustup](https://rustup.rs/):
```bash
# Install rustup (if not already present)
@@ -29,7 +29,7 @@ The workspace depends on several crates that use procedural macros (`serde_deriv
## No external compiler dependencies
In v2, all wire-format serialisation uses [Protobuf](https://protobuf.dev/) via the `prost` crate. The `quicproquo-proto` crate's `build.rs` script drives code generation through `prost-build`, which in turn uses the `protobuf-src` crate to compile and use a vendored copy of `protoc`. **You do not need to install `protoc` or any other system compiler.**
In v2, all wire-format serialisation uses [Protobuf](https://protobuf.dev/) via the `prost` crate. The `quicprochat-proto` crate's `build.rs` script drives code generation through `prost-build`, which in turn uses the `protobuf-src` crate to compile and use a vendored copy of `protoc`. **You do not need to install `protoc` or any other system compiler.**
The legacy Cap'n Proto schemas (`schemas/`) are still present for reference, but the v2 runtime and RPC framework use Protobuf exclusively.
@@ -37,7 +37,7 @@ The legacy Cap'n Proto schemas (`schemas/`) are still present for reference, but
## Optional: Docker and Docker Compose
If you prefer to build and run quicproquo in containers, you will need:
If you prefer to build and run quicprochat in containers, you will need:
- **Docker Engine** 20.10+ (or Docker Desktop)
- **Docker Compose** v2+ (the `docker compose` plugin, not the legacy `docker-compose` binary)

8
docs/src/getting-started/repl-reference.md
View File

@@ -1,11 +1,11 @@
# REPL Command Reference
The qpq interactive REPL provides 40+ slash commands for messaging, group
The qpc interactive REPL provides 40+ slash commands for messaging, group
management, file transfer, privacy controls, and mesh networking. Launch it
with:
```bash
cargo run --bin qpq -- repl --username alice --password mypass
cargo run --bin qpc -- repl --username alice --password mypass
```
Type any text without a leading `/` to send a message in the active
@@ -79,12 +79,12 @@ conversation.
These commands require the client to be built with mesh support:
```bash
cargo build -p quicproquo-client --features mesh
cargo build -p quicprochat-client --features mesh
```
| Command | Description |
|---|---|
| `/mesh peers` | Scan for nearby qpq nodes via mDNS (`_quicproquo._udp.local.`) |
| `/mesh peers` | Scan for nearby qpc nodes via mDNS (`_quicprochat._udp.local.`) |
| `/mesh server <host:port>` | Note a discovered server address for connection |
| `/mesh send <peer_id> <msg>` | Send a direct P2P message via iroh transport |
| `/mesh broadcast <topic> <msg>` | Publish a message to a broadcast channel |

8
docs/src/getting-started/rich-messaging.md
View File

@@ -1,6 +1,6 @@
# Rich Messaging
quicproquo supports rich messaging features beyond basic text: reactions, read
quicprochat supports rich messaging features beyond basic text: reactions, read
receipts, typing indicators, message editing, and message deletion. All
message types are end-to-end encrypted inside MLS ciphertext — the server
only sees opaque bytes.
@@ -86,9 +86,9 @@ All rich message types use the same binary envelope inside the MLS ciphertext:
## Implementation
- **Core serialisation:** `crates/quicproquo-core/src/app_message.rs` — the
- **Core serialisation:** `crates/quicprochat-core/src/app_message.rs` — the
`AppMessage` enum with `serialize()` / `deserialize()` methods
- **REPL commands:** `crates/quicproquo-client/src/client/repl.rs` — slash
- **REPL commands:** `crates/quicprochat-client/src/client/repl.rs` — slash
command handlers
- **Display:** `crates/quicproquo-client/src/client/display.rs` — typing
- **Display:** `crates/quicprochat-client/src/client/display.rs` — typing
indicator rendering

44
docs/src/getting-started/running-the-client.md
View File

@@ -1,6 +1,6 @@
# Running the Client
The quicproquo CLI client provides subcommands for connectivity testing, identity registration, KeyPackage exchange, and persistent group messaging. All commands connect to the server over QUIC + TLS 1.3 and issue Cap'n Proto RPC calls against the `NodeService` endpoint.
The quicprochat CLI client provides subcommands for connectivity testing, identity registration, KeyPackage exchange, and persistent group messaging. All commands connect to the server over QUIC + TLS 1.3 and issue Cap'n Proto RPC calls against the `NodeService` endpoint.
---
@@ -10,8 +10,8 @@ These flags apply to every subcommand:
| Flag | Env var | Default | Purpose |
|---|---|---|---|
| `--ca-cert` | `QPQ_CA_CERT` | `data/server-cert.der` | Path to the server's TLS certificate (DER format). The client uses this to verify the server's identity during the TLS handshake. |
| `--server-name` | `QPQ_SERVER_NAME` | `localhost` | Expected TLS server name. Must match a SAN in the server's certificate. |
| `--ca-cert` | `QPC_CA_CERT` | `data/server-cert.der` | Path to the server's TLS certificate (DER format). The client uses this to verify the server's identity during the TLS handshake. |
| `--server-name` | `QPC_SERVER_NAME` | `localhost` | Expected TLS server name. Must match a SAN in the server's certificate. |
Most subcommands also accept `--server` (default `127.0.0.1:7000`) to specify the server address.
@@ -24,11 +24,11 @@ Most subcommands also accept `--server` (default `127.0.0.1:7000`) to specify th
Send a health probe to the server and print the round-trip time.
```bash
cargo run -p quicproquo-client -- ping
cargo run -p quicprochat-client -- ping
```
```bash
cargo run -p quicproquo-client -- ping --server 192.168.1.10:7000
cargo run -p quicprochat-client -- ping --server 192.168.1.10:7000
```
**Output:**
@@ -49,7 +49,7 @@ These commands generate a fresh identity keypair in memory each time they run. T
Generate a fresh Ed25519 identity, create an MLS KeyPackage, and upload it to the Authentication Service.
```bash
cargo run -p quicproquo-client -- register
cargo run -p quicprochat-client -- register
```
**Output:**
@@ -66,7 +66,7 @@ Share the `identity_key` value with peers who want to add you to a group. They w
Fetch a peer's KeyPackage from the Authentication Service by their Ed25519 public key.
```bash
cargo run -p quicproquo-client -- fetch-key a1b2c3d4e5f6...
cargo run -p quicprochat-client -- fetch-key a1b2c3d4e5f6...
```
The `identity_key` argument must be exactly 64 lowercase hex characters (32 bytes).
@@ -90,7 +90,7 @@ KeyPackages are single-use: fetching a KeyPackage atomically removes it from the
Run a complete Alice-and-Bob MLS round-trip against a live server. Both identities are created in-process; both communicate through the server's AS and DS.
```bash
cargo run -p quicproquo-client -- demo-group --server 127.0.0.1:7000
cargo run -p quicprochat-client -- demo-group --server 127.0.0.1:7000
```
**Output:**
@@ -106,21 +106,21 @@ This is the fastest way to verify that the entire stack (QUIC + TLS + Cap'n Prot
## Persistent group commands
These commands use a state file (`--state`, default `qpq-state.bin`) to persist the Ed25519 identity seed and MLS group state between invocations. A companion key store file (same path with `.ks` extension) holds HPKE init private keys.
These commands use a state file (`--state`, default `qpc-state.bin`) to persist the Ed25519 identity seed and MLS group state between invocations. A companion key store file (same path with `.ks` extension) holds HPKE init private keys.
All persistent commands share the `--state` flag:
| Flag | Env var | Default |
|---|---|---|
| `--state` | `QPQ_STATE` | `qpq-state.bin` |
| `--server` | `QPQ_SERVER` | `127.0.0.1:7000` |
| `--state` | `QPC_STATE` | `qpc-state.bin` |
| `--server` | `QPC_SERVER` | `127.0.0.1:7000` |
### `register-state`
Create or load a persistent identity, generate a KeyPackage, and upload it to the AS.
```bash
cargo run -p quicproquo-client -- register-state \
cargo run -p quicprochat-client -- register-state \
--state alice.bin \
--server 127.0.0.1:7000
```
@@ -141,10 +141,10 @@ Refresh the KeyPackage on the server using your **existing** state file. Does no
- Your KeyPackage has expired (server TTL, e.g. 24h).
- Your KeyPackage was consumed (someone invited you) and you want to be invitable again.
Run with the same `--access-token` (or `QPQ_ACCESS_TOKEN`) as for other commands.
Run with the same `--access-token` (or `QPC_ACCESS_TOKEN`) as for other commands.
```bash
cargo run -p quicproquo-client -- refresh-keypackage \
cargo run -p quicprochat-client -- refresh-keypackage \
--state alice.bin \
--server 127.0.0.1:7000
```
@@ -163,7 +163,7 @@ If you are told "no key" when someone tries to invite you, have them wait and ru
Create a new MLS group. The caller becomes the sole member at epoch 0.
```bash
cargo run -p quicproquo-client -- create-group \
cargo run -p quicprochat-client -- create-group \
--state alice.bin \
--group-id "project-chat"
```
@@ -180,7 +180,7 @@ The group state is saved to the state file. You can now invite peers with `invit
Fetch a peer's KeyPackage from the AS, add them to the group, and deliver the Welcome message via the DS.
```bash
cargo run -p quicproquo-client -- invite \
cargo run -p quicprochat-client -- invite \
--state alice.bin \
--peer-key b9a8c7d6e5f4... \
--server 127.0.0.1:7000
@@ -202,7 +202,7 @@ invited peer (welcome queued)
Join a group by consuming a Welcome message from the DS.
```bash
cargo run -p quicproquo-client -- join \
cargo run -p quicprochat-client -- join \
--state bob.bin \
--server 127.0.0.1:7000
```
@@ -219,7 +219,7 @@ joined group successfully
Encrypt and send an application message to a peer via the DS.
```bash
cargo run -p quicproquo-client -- send \
cargo run -p quicprochat-client -- send \
--state alice.bin \
--peer-key b9a8c7d6e5f4... \
--msg "hello from alice" \
@@ -238,7 +238,7 @@ message sent
Receive and decrypt all pending messages from the DS.
```bash
cargo run -p quicproquo-client -- recv \
cargo run -p quicprochat-client -- recv \
--state bob.bin \
--server 127.0.0.1:7000
```
@@ -257,12 +257,12 @@ Additional flags:
```bash
# Wait up to 5 seconds for messages
cargo run -p quicproquo-client -- recv \
cargo run -p quicprochat-client -- recv \
--state bob.bin \
--wait-ms 5000
# Stream messages continuously
cargo run -p quicproquo-client -- recv \
cargo run -p quicprochat-client -- recv \
--state bob.bin \
--stream --wait-ms 10000
```
@@ -271,7 +271,7 @@ cargo run -p quicproquo-client -- recv \
## HPKE init key lifecycle warning
The MLS protocol requires that the HPKE init private key generated during KeyPackage creation is available when processing the corresponding Welcome message. In quicproquo, this private key is stored in the key store file (`.ks` extension alongside the state file).
The MLS protocol requires that the HPKE init private key generated during KeyPackage creation is available when processing the corresponding Welcome message. In quicprochat, this private key is stored in the key store file (`.ks` extension alongside the state file).
**The same state file and key store must be used for both `register-state` and `join`.** If you:

102
docs/src/getting-started/running-the-server.md
View File

@@ -1,13 +1,13 @@
# Running the Server
The quicproquo server is a single binary (`qpq-server`) that exposes a unified **NodeService** endpoint combining Authentication Service (OPAQUE registration/login, KeyPackage management) and Delivery Service (message relay) operations over a single QUIC + TLS 1.3 connection.
The quicprochat server is a single binary (`qpc-server`) that exposes a unified **NodeService** endpoint combining Authentication Service (OPAQUE registration/login, KeyPackage management) and Delivery Service (message relay) operations over a single QUIC + TLS 1.3 connection.
---
## Quick start
```bash
cargo run -p quicproquo-server -- --allow-insecure-auth
cargo run -p quicprochat-server -- --allow-insecure-auth
```
On first launch the server will:
@@ -21,8 +21,8 @@ On first launch the server will:
You should see output similar to:
```
2026-01-01T00:00:00.000000Z INFO qpq_server: generated self-signed TLS certificate cert="data/server-cert.der" key="data/server-key.der"
2026-01-01T00:00:00.000000Z INFO qpq_server: accepting QUIC connections addr="0.0.0.0:7000"
2026-01-01T00:00:00.000000Z INFO qpc_server: generated self-signed TLS certificate cert="data/server-cert.der" key="data/server-key.der"
2026-01-01T00:00:00.000000Z INFO qpc_server: accepting QUIC connections addr="0.0.0.0:7000"
```
> **Development note:** `--allow-insecure-auth` bypasses the requirement for a static bearer token. Do not use this flag in production.
@@ -31,108 +31,108 @@ You should see output similar to:
## Configuration
All configuration is available via CLI flags, environment variables, or a TOML config file (`qpq-server.toml` by default, overridden with `--config`). CLI flags take precedence over the config file.
All configuration is available via CLI flags, environment variables, or a TOML config file (`qpc-server.toml` by default, overridden with `--config`). CLI flags take precedence over the config file.
### Core flags
| Purpose | CLI flag | Env var | Default |
|---|---|---|---|
| QUIC listen address | `--listen` | `QPQ_LISTEN` | `0.0.0.0:7000` |
| TLS certificate (DER) | `--tls-cert` | `QPQ_TLS_CERT` | `data/server-cert.der` |
| TLS private key (DER) | `--tls-key` | `QPQ_TLS_KEY` | `data/server-key.der` |
| Data directory | `--data-dir` | `QPQ_DATA_DIR` | `data` |
| TOML config file | `--config` | `QPQ_CONFIG` | `qpq-server.toml` |
| QUIC listen address | `--listen` | `QPC_LISTEN` | `0.0.0.0:7000` |
| TLS certificate (DER) | `--tls-cert` | `QPC_TLS_CERT` | `data/server-cert.der` |
| TLS private key (DER) | `--tls-key` | `QPC_TLS_KEY` | `data/server-key.der` |
| Data directory | `--data-dir` | `QPC_DATA_DIR` | `data` |
| TOML config file | `--config` | `QPC_CONFIG` | `qpc-server.toml` |
| Log level | -- | `RUST_LOG` | `info` |
### Authentication flags
| Purpose | CLI flag | Env var | Default |
|---|---|---|---|
| Static bearer token | `--auth-token` | `QPQ_AUTH_TOKEN` | (none) |
| Skip token requirement (dev only) | `--allow-insecure-auth` | `QPQ_ALLOW_INSECURE_AUTH` | `false` |
| Sealed sender mode | `--sealed-sender` | `QPQ_SEALED_SENDER` | `false` |
| Static bearer token | `--auth-token` | `QPC_AUTH_TOKEN` | (none) |
| Skip token requirement (dev only) | `--allow-insecure-auth` | `QPC_ALLOW_INSECURE_AUTH` | `false` |
| Sealed sender mode | `--sealed-sender` | `QPC_SEALED_SENDER` | `false` |
### Storage flags
| Purpose | CLI flag | Env var | Default |
|---|---|---|---|
| Storage backend | `--store-backend` | `QPQ_STORE_BACKEND` | `file` |
| SQLCipher DB path | `--db-path` | `QPQ_DB_PATH` | `data/qpq.db` |
| SQLCipher encryption key | `--db-key` | `QPQ_DB_KEY` | (empty = plaintext) |
| Storage backend | `--store-backend` | `QPC_STORE_BACKEND` | `file` |
| SQLCipher DB path | `--db-path` | `QPC_DB_PATH` | `data/qpc.db` |
| SQLCipher encryption key | `--db-key` | `QPC_DB_KEY` | (empty = plaintext) |
### Transport and timeout flags
| Purpose | CLI flag | Env var | Default |
|---|---|---|---|
| Drain timeout (graceful shutdown) | `--drain-timeout` | `QPQ_DRAIN_TIMEOUT` | `30` s |
| Per-RPC timeout | `--rpc-timeout` | `QPQ_RPC_TIMEOUT` | `30` s |
| Storage operation timeout | `--storage-timeout` | `QPQ_STORAGE_TIMEOUT` | `10` s |
| Drain timeout (graceful shutdown) | `--drain-timeout` | `QPC_DRAIN_TIMEOUT` | `30` s |
| Per-RPC timeout | `--rpc-timeout` | `QPC_RPC_TIMEOUT` | `30` s |
| Storage operation timeout | `--storage-timeout` | `QPC_STORAGE_TIMEOUT` | `10` s |
### Extension flags
| Purpose | CLI flag | Env var | Default |
|---|---|---|---|
| Plugin directory | `--plugin-dir` | `QPQ_PLUGIN_DIR` | (none) |
| WebSocket bridge address | `--ws-listen` | `QPQ_WS_LISTEN` | (none) |
| WebTransport address | `--webtransport-listen` | `QPQ_WEBTRANSPORT_LISTEN` | (none) |
| Federation | `--federation-enabled` | `QPQ_FEDERATION_ENABLED` | `false` |
| Federation domain | `--federation-domain` | `QPQ_FEDERATION_DOMAIN` | (none) |
| Federation listen address | `--federation-listen` | `QPQ_FEDERATION_LISTEN` | `0.0.0.0:7001` |
| Redact audit logs | `--redact-logs` | `QPQ_REDACT_LOGS` | `false` |
| Metrics listen address | `--metrics-listen` | `QPQ_METRICS_LISTEN` | (none) |
| Plugin directory | `--plugin-dir` | `QPC_PLUGIN_DIR` | (none) |
| WebSocket bridge address | `--ws-listen` | `QPC_WS_LISTEN` | (none) |
| WebTransport address | `--webtransport-listen` | `QPC_WEBTRANSPORT_LISTEN` | (none) |
| Federation | `--federation-enabled` | `QPC_FEDERATION_ENABLED` | `false` |
| Federation domain | `--federation-domain` | `QPC_FEDERATION_DOMAIN` | (none) |
| Federation listen address | `--federation-listen` | `QPC_FEDERATION_LISTEN` | `0.0.0.0:7001` |
| Redact audit logs | `--redact-logs` | `QPC_REDACT_LOGS` | `false` |
| Metrics listen address | `--metrics-listen` | `QPC_METRICS_LISTEN` | (none) |
### Examples
```bash
# Development: no auth token required
cargo run -p quicproquo-server -- --allow-insecure-auth
cargo run -p quicprochat-server -- --allow-insecure-auth
# Listen on a custom port
cargo run -p quicproquo-server -- --allow-insecure-auth --listen 0.0.0.0:5001
cargo run -p quicprochat-server -- --allow-insecure-auth --listen 0.0.0.0:5001
# Use SQLCipher storage backend
cargo run -p quicproquo-server -- \
cargo run -p quicprochat-server -- \
--allow-insecure-auth \
--store-backend sql \
--db-path data/qpq.db \
--db-path data/qpc.db \
--db-key mysecretkey
# Load server plugins from a directory
cargo run -p quicproquo-server -- \
cargo run -p quicprochat-server -- \
--allow-insecure-auth \
--plugin-dir /path/to/plugins
# Enable WebSocket bridge for browser clients
cargo run -p quicproquo-server -- \
cargo run -p quicprochat-server -- \
--allow-insecure-auth \
--ws-listen 0.0.0.0:9000
# Via environment variables
QPQ_LISTEN=0.0.0.0:5001 \
QPQ_ALLOW_INSECURE_AUTH=true \
QPC_LISTEN=0.0.0.0:5001 \
QPC_ALLOW_INSECURE_AUTH=true \
RUST_LOG=debug \
cargo run -p quicproquo-server
cargo run -p quicprochat-server
```
---
## Production deployment
Set `QPQ_PRODUCTION=true` to enable production validation. The server enforces:
Set `QPC_PRODUCTION=true` to enable production validation. The server enforces:
- `--allow-insecure-auth` is **prohibited**.
- `QPQ_AUTH_TOKEN` must be set, non-empty, at least 16 characters, and not equal to `devtoken`.
- `QPC_AUTH_TOKEN` must be set, non-empty, at least 16 characters, and not equal to `devtoken`.
- TLS cert and key files must already exist (auto-generation is disabled).
- When `--store-backend=sql`, `QPQ_DB_KEY` must be non-empty.
- When `--store-backend=sql`, `QPC_DB_KEY` must be non-empty.
```bash
QPQ_PRODUCTION=true \
QPQ_AUTH_TOKEN=<strong-token> \
QPQ_TLS_CERT=/etc/quicproquo/cert.der \
QPQ_TLS_KEY=/etc/quicproquo/key.der \
QPQ_STORE_BACKEND=sql \
QPQ_DB_KEY=<strong-db-key> \
qpq-server
QPC_PRODUCTION=true \
QPC_AUTH_TOKEN=<strong-token> \
QPC_TLS_CERT=/etc/quicprochat/cert.der \
QPC_TLS_KEY=/etc/quicprochat/key.der \
QPC_STORE_BACKEND=sql \
QPC_DB_KEY=<strong-db-key> \
qpc-server
```
---
@@ -160,7 +160,7 @@ To use a certificate issued by a CA or a custom self-signed certificate:
```
2. Point the server at them:
```bash
cargo run -p quicproquo-server -- \
cargo run -p quicprochat-server -- \
--allow-insecure-auth \
--tls-cert cert.der \
--tls-key key.der
@@ -171,7 +171,7 @@ To use a certificate issued by a CA or a custom self-signed certificate:
- **Protocol versions**: TLS 1.3 only. TLS 1.2 and below are rejected.
- **Client authentication**: Disabled. Client identity is established at the MLS/OPAQUE layer, not at the TLS layer.
- **ALPN**: The server advertises `b"qpq/1"` as the application-layer protocol.
- **ALPN**: The server advertises `b"qpc/1"` as the application-layer protocol.
---
@@ -201,13 +201,13 @@ The server uses `tracing` with `tracing-subscriber` and respects the `RUST_LOG`
```bash
# Default: info level
RUST_LOG=info cargo run -p quicproquo-server -- --allow-insecure-auth
RUST_LOG=info cargo run -p quicprochat-server -- --allow-insecure-auth
# Debug level for detailed RPC tracing
RUST_LOG=debug cargo run -p quicproquo-server -- --allow-insecure-auth
RUST_LOG=debug cargo run -p quicprochat-server -- --allow-insecure-auth
# Filter to specific crates
RUST_LOG=quicproquo_server=debug,quinn=warn cargo run -p quicproquo-server -- --allow-insecure-auth
RUST_LOG=quicprochat_server=debug,quinn=warn cargo run -p quicprochat-server -- --allow-insecure-auth
```
---

32
docs/src/getting-started/tls.md
View File

@@ -1,10 +1,10 @@
# TLS in quicproquo
# TLS in quicprochat
quicproquo uses QUIC (RFC 9000) for all client-server communication. QUIC mandates TLS 1.3, so every connection is encrypted and authenticated at the transport layer — there is no plaintext mode.
quicprochat uses QUIC (RFC 9000) for all client-server communication. QUIC mandates TLS 1.3, so every connection is encrypted and authenticated at the transport layer — there is no plaintext mode.
## How it works
The server holds a TLS certificate and private key (DER format). On startup it either loads existing files or, in development mode, generates a self-signed certificate automatically. The client authenticates the server by verifying its certificate against a trusted root provided via `--ca-cert` (or `QPQ_CA_CERT`).
The server holds a TLS certificate and private key (DER format). On startup it either loads existing files or, in development mode, generates a self-signed certificate automatically. The client authenticates the server by verifying its certificate against a trusted root provided via `--ca-cert` (or `QPC_CA_CERT`).
The TLS handshake negotiates the ALPN protocol `capnp`, after which the QUIC bi-directional stream carries Cap'n Proto RPC traffic.
@@ -13,29 +13,29 @@ The TLS handshake negotiates the ALPN protocol `capnp`, after which the QUIC bi-
By default the client trusts exactly the certificate (or CA) in the file given by `--ca-cert`:
```bash
qpq --ca-cert data/server-cert.der --server-name localhost health --server 127.0.0.1:7000
qpc --ca-cert data/server-cert.der --server-name localhost health --server 127.0.0.1:7000
```
This is a form of **certificate pinning**: the client will only connect to a server whose certificate chains to the provided root. For single-server deployments, pass the server's own self-signed certificate. For CA-issued certificates, pass the CA's root certificate instead.
| Flag / Env var | Purpose |
|---|---|
| `--ca-cert` / `QPQ_CA_CERT` | Path to trusted root certificate (DER) |
| `--server-name` / `QPQ_SERVER_NAME` | Expected TLS server name (must match certificate SAN) |
| `--ca-cert` / `QPC_CA_CERT` | Path to trusted root certificate (DER) |
| `--server-name` / `QPC_SERVER_NAME` | Expected TLS server name (must match certificate SAN) |
## The `--danger-accept-invalid-certs` flag
For local development and testing you can skip certificate verification entirely:
```bash
qpq --danger-accept-invalid-certs health --server 127.0.0.1:7000
qpc --danger-accept-invalid-certs health --server 127.0.0.1:7000
```
Or via the environment:
```bash
export QPQ_DANGER_ACCEPT_INVALID_CERTS=true
qpq health --server 127.0.0.1:7000
export QPC_DANGER_ACCEPT_INVALID_CERTS=true
qpc health --server 127.0.0.1:7000
```
When active, the client prints a warning to stderr:
@@ -50,7 +50,7 @@ WARNING: TLS verification disabled — insecure mode
### Using rcgen (Rust)
The server generates a self-signed certificate automatically when the cert/key files are missing (unless `QPQ_PRODUCTION=1` is set). The generated files are written to:
The server generates a self-signed certificate automatically when the cert/key files are missing (unless `QPC_PRODUCTION=1` is set). The generated files are written to:
- `data/server-cert.der` — DER-encoded certificate
- `data/server-key.der` — DER-encoded PKCS#8 private key
@@ -66,7 +66,7 @@ openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
# Convert to DER format (required by quicproquo)
# Convert to DER format (required by quicprochat)
openssl x509 -in cert.pem -outform DER -out data/server-cert.der
openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out data/server-key.der -nocrypt
```
@@ -74,15 +74,15 @@ openssl pkcs8 -topk8 -inform PEM -outform DER -in key.pem -out data/server-key.d
Point the server at the DER files:
```bash
export QPQ_TLS_CERT=data/server-cert.der
export QPQ_TLS_KEY=data/server-key.der
cargo run -p quicproquo-server
export QPC_TLS_CERT=data/server-cert.der
export QPC_TLS_KEY=data/server-key.der
cargo run -p quicprochat-server
```
And the client at the certificate:
```bash
qpq --ca-cert data/server-cert.der --server-name localhost repl
qpc --ca-cert data/server-cert.der --server-name localhost repl
```
## CA-issued certificates
@@ -94,7 +94,7 @@ For production deployments with a public CA (e.g. Let's Encrypt):
3. Configure the client to trust the CA root rather than the server certificate directly:
```bash
qpq --ca-cert /etc/ssl/certs/isrg-root-x1.der --server-name chat.example.com repl
qpc --ca-cert /etc/ssl/certs/isrg-root-x1.der --server-name chat.example.com repl
```
See [Certificate Lifecycle and CA-Signed TLS](certificate-lifecycle.md) for rotation, OCSP, and operational details.

10
docs/src/getting-started/typescript-sdk.md
View File

@@ -1,6 +1,6 @@
# TypeScript SDK and Browser Demo
The TypeScript SDK (`sdks/typescript/`) provides `@quicproquo/client` — a
The TypeScript SDK (`sdks/typescript/`) provides `@quicprochat/client` — a
browser-ready client with WASM-powered crypto operations and WebSocket
transport.
@@ -8,7 +8,7 @@ transport.
- **WASM crypto bundle** (175 KB) — Ed25519 signatures, X25519 + ML-KEM-768
hybrid encryption, safety numbers, sealed sender, and message padding,
compiled from the Rust `quicproquo-core` crate
compiled from the Rust `quicprochat-core` crate
- **`QpqClient` class** — high-level API for server connectivity and crypto
- **Offline mode** — all crypto operations work without a server connection
- **Browser demo** — interactive HTML page for trying every crypto operation
@@ -33,7 +33,7 @@ cd sdks/typescript/wasm-crypto
wasm-pack build --target web --out-dir ../pkg
```
This compiles `quicproquo-core`'s crypto modules to WebAssembly and produces
This compiles `quicprochat-core`'s crypto modules to WebAssembly and produces
JavaScript + TypeScript bindings in `sdks/typescript/pkg/`.
### 2. Build the TypeScript SDK
@@ -75,7 +75,7 @@ The crypto operations work entirely offline — no server connection needed.
### Server connectivity
The Chat section of the demo connects via WebSocket. Since the native qpq
The Chat section of the demo connects via WebSocket. Since the native qpc
server speaks Cap'n Proto RPC over QUIC/TCP + Noise_XX, a WebSocket bridge
proxy is required for browser connectivity. The demo sends JSON-framed
requests over WebSocket.
@@ -85,7 +85,7 @@ requests over WebSocket.
### Offline crypto (no server)
```typescript
import { QpqClient } from "@quicproquo/client";
import { QpqClient } from "@quicprochat/client";
const client = await QpqClient.offline();

10
docs/src/getting-started/wasm.md
View File

@@ -1,6 +1,6 @@
# WASM Integration
The `quicproquo-core` crate supports compilation to `wasm32-unknown-unknown`
The `quicprochat-core` crate supports compilation to `wasm32-unknown-unknown`
when the `native` feature is disabled. This exposes the pure-crypto subset of
the library for use in browsers or other WASM runtimes.
@@ -9,7 +9,7 @@ the library for use in browsers or other WASM runtimes.
```bash
rustup target add wasm32-unknown-unknown
cargo build -p quicproquo-core \
cargo build -p quicprochat-core \
--target wasm32-unknown-unknown \
--no-default-features
```
@@ -43,13 +43,13 @@ The following require the `native` feature and will not compile to WASM:
- `keystore` -- OpenMLS key store with disk persistence
- `opaque_auth` -- OPAQUE cipher suite configuration
Networking (`quicproquo-client`, `quicproquo-server`) is not available in WASM.
Networking (`quicprochat-client`, `quicprochat-server`) is not available in WASM.
## Random number generation
On `wasm32`, the `getrandom` crate is configured with the `js` feature to
use the browser's `crypto.getRandomValues()` API. This is set automatically
in `quicproquo-core/Cargo.toml`:
in `quicprochat-core/Cargo.toml`:
```toml
[target.'cfg(target_arch = "wasm32")'.dependencies]
@@ -71,7 +71,7 @@ cd sdks/typescript/wasm-crypto
wasm-pack build --target web --out-dir ../pkg
```
The resulting 175 KB WASM bundle is used by the `@quicproquo/client`
The resulting 175 KB WASM bundle is used by the `@quicprochat/client`
TypeScript SDK and the interactive browser demo.
See the [TypeScript SDK and Browser Demo](typescript-sdk.md) guide for

10
docs/src/internals/authentication-service.md
View File

@@ -5,15 +5,15 @@ The Authentication Service handles user registration and login via the OPAQUE as
This page covers the server-side OPAQUE flow, session token lifecycle, KeyPackage storage, and hybrid key endpoints.
**Sources:**
- `crates/quicproquo-server/src/domain/` (OPAQUE handlers, session management)
- `crates/quicproquo-server/src/sql_store.rs` (SqlStore persistence)
- `proto/qpq/v1/auth.proto` (wire schema)
- `crates/quicprochat-server/src/domain/` (OPAQUE handlers, session management)
- `crates/quicprochat-server/src/sql_store.rs` (SqlStore persistence)
- `proto/qpc/v1/auth.proto` (wire schema)
---
## OPAQUE Protocol
quicproquo uses the OPAQUE asymmetric PAKE (RFC 9497) for user authentication. The password never leaves the client and is never known to the server. The server stores an OPAQUE registration record derived from the password, but this record cannot be used to recover the password even if the server is fully compromised.
quicprochat uses the OPAQUE asymmetric PAKE (RFC 9497) for user authentication. The password never leaves the client and is never known to the server. The server stores an OPAQUE registration record derived from the password, but this record cannot be used to recover the password even if the server is fully compromised.
### Registration (IDs 100-101)
@@ -184,7 +184,7 @@ Returns a range of entries from the append-only log for client-side Merkle verif
## Server implementation structure
```rust
// Domain handler (quicproquo-server/src/domain/)
// Domain handler (quicprochat-server/src/domain/)
struct AuthHandler {
store: Arc<SqlStore>, // SQLCipher persistence
opaque_server: OpaqueServer, // opaque-ke server state

4
docs/src/internals/delivery-service.md
View File

@@ -6,8 +6,8 @@ recipient identity key and channel identifier. The DS exposes three operations
through the `NodeService` RPC interface: `enqueue`, `fetch`, and `fetchWait`.
**Sources:**
- `crates/quicproquo-server/src/main.rs` (RPC handlers)
- `crates/quicproquo-server/src/storage.rs` (queue storage)
- `crates/quicprochat-server/src/main.rs` (RPC handlers)
- `crates/quicprochat-server/src/storage.rs` (queue storage)
- `schemas/node.capnp` (wire schema)
---

4
docs/src/internals/group-member-lifecycle.md
View File

@@ -1,12 +1,12 @@
# GroupMember Lifecycle
The `GroupMember` struct in `quicproquo-core` is the core MLS state machine
The `GroupMember` struct in `quicprochat-core` is the core MLS state machine
that manages a single client's membership in an MLS group. It wraps an openmls
`MlsGroup`, a persistent crypto backend, and the long-term Ed25519 identity
keypair. Every MLS operation -- key package generation, group creation, member
addition, joining, sending, and receiving -- flows through this struct.
**Source:** `crates/quicproquo-core/src/group.rs`
**Source:** `crates/quicprochat-core/src/group.rs`
---

16
docs/src/internals/keypackage-exchange.md
View File

@@ -3,7 +3,7 @@
MLS KeyPackages are single-use tokens that enable a group creator to add a new
member. The KeyPackage contains the member's HPKE init public key, their MLS
credential (Ed25519 public key), and a signature proving ownership. The
quicproquo Authentication Service (AS) provides a simple upload/fetch
quicprochat Authentication Service (AS) provides a simple upload/fetch
interface for distributing KeyPackages between clients.
**Expiry and refresh:** KeyPackages are consumed on fetch (single-use). The server may also enforce a TTL (e.g. 24h). Clients should upload a fresh KeyPackage periodically or on demand so they remain invitable. The CLI provides `refresh-keypackage`: load existing state, generate a new KeyPackage, upload to the AS. See [Running the Client](../getting-started/running-the-client.md#refresh-keypackage).
@@ -12,10 +12,10 @@ This page describes the end-to-end flow: from client-side generation through
server-side storage to peer-side retrieval and consumption.
**Sources:**
- `crates/quicproquo-core/src/group.rs` (client-side generation)
- `crates/quicproquo-server/src/main.rs` (server-side handlers)
- `crates/quicproquo-server/src/storage.rs` (server-side persistence)
- `crates/quicproquo-client/src/lib.rs` (client-side RPC calls)
- `crates/quicprochat-core/src/group.rs` (client-side generation)
- `crates/quicprochat-server/src/main.rs` (server-side handlers)
- `crates/quicprochat-server/src/storage.rs` (server-side persistence)
- `crates/quicprochat-client/src/lib.rs` (client-side RPC calls)
- `schemas/node.capnp` (wire schema)
---
@@ -274,10 +274,10 @@ identity; `register-state` loads from (or initializes) a persistent state file.
```bash
# Ephemeral registration (for testing)
qpq register --server 127.0.0.1:7000
qpc register --server 127.0.0.1:7000
# Persistent registration (production)
qpq register-state --state alice.bin --server 127.0.0.1:7000
qpc register-state --state alice.bin --server 127.0.0.1:7000
```
Output:
@@ -292,7 +292,7 @@ KeyPackage uploaded successfully.
Fetches a peer's KeyPackage by their hex-encoded Ed25519 public key:
```bash
qpq fetch-key --server 127.0.0.1:7000 7a3f...
qpc fetch-key --server 127.0.0.1:7000 7a3f...
```
---

8
docs/src/internals/server-hooks.md
View File

@@ -1,6 +1,6 @@
# Server Hooks
The `ServerHooks` trait provides a plugin system for extending the quicproquo
The `ServerHooks` trait provides a plugin system for extending the quicprochat
server. Hooks fire at key points in the request lifecycle — message delivery,
authentication, channel creation, and message fetch — allowing you to inspect,
log, rate-limit, or reject operations without modifying server internals.
@@ -169,7 +169,7 @@ impl ServerHooks for TracingHooks {
### Example: payload size limiter
```rust,ignore
use quicproquo_server::hooks::{ServerHooks, HookAction, MessageEvent};
use quicprochat_server::hooks::{ServerHooks, HookAction, MessageEvent};
struct PayloadLimiter {
max_bytes: usize,
@@ -191,7 +191,7 @@ impl ServerHooks for PayloadLimiter {
### Example: login auditor
```rust,ignore
use quicproquo_server::hooks::{ServerHooks, AuthEvent};
use quicprochat_server::hooks::{ServerHooks, AuthEvent};
struct LoginAuditor;
@@ -210,7 +210,7 @@ impl ServerHooks for LoginAuditor {
### Example: composing multiple hooks
```rust,ignore
use quicproquo_server::hooks::*;
use quicprochat_server::hooks::*;
struct CompositeHooks {
hooks: Vec<Box<dyn ServerHooks>>,

10
docs/src/internals/storage-backend.md
View File

@@ -1,11 +1,11 @@
# Storage Backend
quicproquo uses two storage backends: `SqlStore` on the server side (SQLCipher-encrypted SQLite with Argon2id key derivation) and `DiskKeyStore` on the client side (bincode-serialised file for MLS cryptographic key material).
quicprochat uses two storage backends: `SqlStore` on the server side (SQLCipher-encrypted SQLite with Argon2id key derivation) and `DiskKeyStore` on the client side (bincode-serialised file for MLS cryptographic key material).
**Sources:**
- `crates/quicproquo-server/src/sql_store.rs` (SqlStore)
- `crates/quicproquo-server/src/storage.rs` (Store trait, FileBackedStore legacy)
- `crates/quicproquo-core/src/keystore.rs` (DiskKeyStore, StoreCrypto)
- `crates/quicprochat-server/src/sql_store.rs` (SqlStore)
- `crates/quicprochat-server/src/storage.rs` (Store trait, FileBackedStore legacy)
- `crates/quicprochat-core/src/keystore.rs` (DiskKeyStore, StoreCrypto)
---
@@ -199,7 +199,7 @@ Persistent mode is used for production clients. The key store path is derived fr
MLS entities MUST use bincode serialisation. The `DiskKeyStore` implements this with a two-layer scheme:
1. **Inner layer:** Each MLS entity value (`V: MlsEntity`) is serialised using the openmls-required serialisation format. The `DiskKeyStore` in quicproquo uses bincode for MLS entity values, matching the `OpenMlsKeyStore` trait requirements.
1. **Inner layer:** Each MLS entity value (`V: MlsEntity`) is serialised using the openmls-required serialisation format. The `DiskKeyStore` in quicprochat uses bincode for MLS entity values, matching the `OpenMlsKeyStore` trait requirements.
2. **Outer layer:** The entire `HashMap<Vec<u8>, Vec<u8>>` is bincode-serialised as the file on disk.
**Important:** Do not use Protobuf or JSON for MLS entities. MLS requires bincode for the `DiskKeyStore` in this codebase. Using a different format will produce incompatible key material.

18
docs/src/introduction.md
View File

@@ -1,6 +1,6 @@
# Introduction
**quicproquo** is a research-oriented, end-to-end encrypted group messaging system written in Rust. It layers the Messaging Layer Security protocol (MLS, [RFC 9420](https://datatracker.ietf.org/doc/rfc9420/)) on top of QUIC + TLS 1.3 transport (via [quinn](https://github.com/quinn-rs/quinn) and [rustls](https://github.com/rustls/rustls)), with all service RPCs framed using a compact binary Protocol Buffers format over a custom framing layer. The project exists to explore how modern transport encryption (QUIC), a formally specified group key agreement protocol (MLS), and post-quantum hybrid key encapsulation compose in practice -- and to provide a readable, auditable reference implementation for security researchers, protocol designers, and Rust developers who want to study or extend the design.
**quicprochat** is a research-oriented, end-to-end encrypted group messaging system written in Rust. It layers the Messaging Layer Security protocol (MLS, [RFC 9420](https://datatracker.ietf.org/doc/rfc9420/)) on top of QUIC + TLS 1.3 transport (via [quinn](https://github.com/quinn-rs/quinn) and [rustls](https://github.com/rustls/rustls)), with all service RPCs framed using a compact binary Protocol Buffers format over a custom framing layer. The project exists to explore how modern transport encryption (QUIC), a formally specified group key agreement protocol (MLS), and post-quantum hybrid key encapsulation compose in practice -- and to provide a readable, auditable reference implementation for security researchers, protocol designers, and Rust developers who want to study or extend the design.
---
@@ -18,9 +18,9 @@
Each layer addresses a distinct concern:
1. **QUIC + TLS 1.3** provides authenticated, confidential transport with 0-RTT connection establishment and multiplexed streams. The server presents a TLS 1.3 certificate (self-signed by default); the client verifies it against a local trust anchor. ALPN negotiation uses the token `qpq`.
1. **QUIC + TLS 1.3** provides authenticated, confidential transport with 0-RTT connection establishment and multiplexed streams. The server presents a TLS 1.3 certificate (self-signed by default); the client verifies it against a local trust anchor. ALPN negotiation uses the token `qpc`.
2. **Protobuf framing** defines the wire format for all service operations across 44 RPC methods. Each request carries a `[method_id: u16][request_id: u32][payload_len: u32]` header followed by a Protobuf-encoded payload. Server-to-client push events use a separate frame type on QUIC uni-streams. Message definitions live in `proto/qpq/v1/*.proto` and are compiled to Rust with `prost` at build time.
2. **Protobuf framing** defines the wire format for all service operations across 44 RPC methods. Each request carries a `[method_id: u16][request_id: u32][payload_len: u32]` header followed by a Protobuf-encoded payload. Server-to-client push events use a separate frame type on QUIC uni-streams. Message definitions live in `proto/qpc/v1/*.proto` and are compiled to Rust with `prost` at build time.
3. **MLS (RFC 9420)** provides the group key agreement layer. Each participant holds an Ed25519 identity keypair and generates single-use HPKE KeyPackages. The MLS epoch ratchet delivers forward secrecy and post-compromise security: compromising a member's state at epoch *n* does not reveal plaintext from epochs *< n* (forward secrecy) or *> n+1* (post-compromise security, once the compromised member updates).
@@ -53,12 +53,12 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
**Security researchers** studying how MLS composes with QUIC transport and post-quantum hybrid KEM. The codebase spans 9 workspace crates with clear cryptographic boundaries for auditability.
**Protocol designers** evaluating MLS deployment patterns. quicproquo implements a concrete Authentication Service (AS) and Delivery Service (DS) pair, demonstrating single-use KeyPackage lifecycle, Welcome routing, and epoch advancement in a live system.
**Protocol designers** evaluating MLS deployment patterns. quicprochat implements a concrete Authentication Service (AS) and Delivery Service (DS) pair, demonstrating single-use KeyPackage lifecycle, Welcome routing, and epoch advancement in a live system.
**Application developers** building on the platform via the Rust SDK:
- **`quicproquo-sdk`** -- `QpqClient` with async event streams and a `ConversationStore`
- **C FFI** -- cross-language integration via `quicproquo-plugin-api`
- **`quicprochat-sdk`** -- `QpqClient` with async event streams and a `ConversationStore`
- **C FFI** -- cross-language integration via `quicprochat-plugin-api`
**Rust developers** looking for a working example of:
@@ -73,7 +73,7 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
| Section | What you will find |
|---|---|
| **[Comparison with Classical Protocols](design-rationale/protocol-comparison.md)** | **Why quicproquo? IRC+SSL, XMPP, Telegram vs. our design** |
| **[Comparison with Classical Protocols](design-rationale/protocol-comparison.md)** | **Why quicprochat? IRC+SSL, XMPP, Telegram vs. our design** |
| [Prerequisites](getting-started/prerequisites.md) | Toolchain and system dependencies |
| [Building from Source](getting-started/building.md) | `cargo build`, Protobuf codegen, troubleshooting |
| [Running the Server](getting-started/running-the-server.md) | Server startup, configuration, TLS cert generation |
@@ -90,7 +90,7 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
## Current status
quicproquo is a **research project** with production-grade features. It has
quicprochat is a **research project** with production-grade features. It has
not been audited by a third party. The test suite covers 301 tests across
core, server, client, E2E, and P2P modules.
@@ -120,4 +120,4 @@ For the full milestone tracker, see [Milestones](roadmap/milestones.md).
## License
quicproquo is released under the **MIT** license. See `LICENSE` in the repository root.
quicprochat is released under the **MIT** license. See `LICENSE` in the repository root.

76
docs/src/operations/backup-restore.md
View File

@@ -1,15 +1,15 @@
# Backup and Restore Procedures
This document covers backup and restore for all quicproquo server data stores.
This document covers backup and restore for all quicprochat server data stores.
## Data Inventory
| Data | Location | Backend | Contains |
|------|----------|---------|----------|
| SQLCipher DB | `QPQ_DB_PATH` (default `data/qpq.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation |
| File store | `QPQ_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state |
| Blob storage | `QPQ_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs |
| TLS certificates | `QPQ_TLS_CERT`, `QPQ_TLS_KEY` | DER files | Server identity |
| SQLCipher DB | `QPC_DB_PATH` (default `data/qpc.db`) | `store_backend=sql` | Users, key packages, delivery queues, sessions, KT log, OPAQUE setup, blobs metadata, moderation |
| File store | `QPC_DATA_DIR` (default `data/`) | `store_backend=file` | Bincode-serialized key packages, delivery queues, server state |
| Blob storage | `QPC_DATA_DIR/blobs/` | Filesystem | Uploaded file transfer blobs |
| TLS certificates | `QPC_TLS_CERT`, `QPC_TLS_KEY` | DER files | Server identity |
| OPAQUE ServerSetup | Inside DB or file store | Persisted | OPAQUE credential state (critical for auth) |
| Server signing key | Inside DB or file store | Persisted | Ed25519 key for delivery proofs |
| KT Merkle log | Inside DB or file store | Persisted | Key transparency audit log |
@@ -23,13 +23,13 @@ allows concurrent readers).
```bash
# 1. Open the encrypted database with the same key
sqlite3 data/qpq.db
sqlite3 data/qpc.db
# 2. At the sqlite3 prompt, set the encryption key
PRAGMA key = 'your-db-key-here';
# 3. Perform an online backup
.backup /backups/qpq-$(date +%Y%m%d-%H%M%S).db
.backup /backups/qpc-$(date +%Y%m%d-%H%M%S).db
.quit
```
@@ -40,11 +40,11 @@ PRAGMA key = 'your-db-key-here';
#!/bin/bash
set -euo pipefail
BACKUP_DIR="/backups/qpq"
DB_PATH="${QPQ_DB_PATH:-data/qpq.db}"
DB_KEY="${QPQ_DB_KEY}"
BACKUP_DIR="/backups/qpc"
DB_PATH="${QPC_DB_PATH:-data/qpc.db}"
DB_KEY="${QPC_DB_KEY}"
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BACKUP_FILE="${BACKUP_DIR}/qpq-${TIMESTAMP}.db"
BACKUP_FILE="${BACKUP_DIR}/qpc-${TIMESTAMP}.db"
mkdir -p "$BACKUP_DIR"
@@ -59,41 +59,41 @@ sqlite3 "$BACKUP_FILE" "PRAGMA key = '${DB_KEY}'; PRAGMA integrity_check;" \
|| { echo "ERROR: backup verification failed"; exit 1; }
# Retain last 7 daily backups
find "$BACKUP_DIR" -name 'qpq-*.db' -mtime +7 -delete
find "$BACKUP_DIR" -name 'qpc-*.db' -mtime +7 -delete
```
### Cold Backup (Offline)
```bash
# 1. Stop the server
systemctl stop qpq-server # or docker compose stop server
systemctl stop qpc-server # or docker compose stop server
# 2. Copy the database file
cp data/qpq.db /backups/qpq-$(date +%Y%m%d).db
cp data/qpc.db /backups/qpc-$(date +%Y%m%d).db
# 3. Copy the WAL and SHM files if they exist
cp data/qpq.db-wal /backups/ 2>/dev/null || true
cp data/qpq.db-shm /backups/ 2>/dev/null || true
cp data/qpc.db-wal /backups/ 2>/dev/null || true
cp data/qpc.db-shm /backups/ 2>/dev/null || true
# 4. Restart the server
systemctl start qpq-server
systemctl start qpc-server
```
## File Backend Backup
When using `store_backend=file`, data is stored as bincode files under
`QPQ_DATA_DIR`.
`QPC_DATA_DIR`.
```bash
# Full directory backup
tar czf /backups/qpq-data-$(date +%Y%m%d-%H%M%S).tar.gz \
-C "$(dirname "${QPQ_DATA_DIR:-data}")" \
"$(basename "${QPQ_DATA_DIR:-data}")"
tar czf /backups/qpc-data-$(date +%Y%m%d-%H%M%S).tar.gz \
-C "$(dirname "${QPC_DATA_DIR:-data}")" \
"$(basename "${QPC_DATA_DIR:-data}")"
```
## Blob Storage Backup
Blobs are stored in `QPQ_DATA_DIR/blobs/`. These are immutable once written.
Blobs are stored in `QPC_DATA_DIR/blobs/`. These are immutable once written.
```bash
# Incremental rsync (blobs are write-once, ideal for rsync)
@@ -119,38 +119,38 @@ cp data/federation-ca.der /backups/tls/federation-ca.der 2>/dev/null || true
```bash
# 1. Stop the server
systemctl stop qpq-server
systemctl stop qpc-server
# 2. Move the current (corrupt/lost) database aside
mv data/qpq.db data/qpq.db.broken 2>/dev/null || true
rm -f data/qpq.db-wal data/qpq.db-shm
mv data/qpc.db data/qpc.db.broken 2>/dev/null || true
rm -f data/qpc.db-wal data/qpc.db-shm
# 3. Copy the backup in place
cp /backups/qpq-20260304.db data/qpq.db
cp /backups/qpc-20260304.db data/qpc.db
# 4. Verify integrity
sqlite3 data/qpq.db "PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check;"
sqlite3 data/qpc.db "PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check;"
# 5. Start the server (migrations will apply automatically if needed)
systemctl start qpq-server
systemctl start qpc-server
```
### Restore File Backend
```bash
# 1. Stop the server
systemctl stop qpq-server
systemctl stop qpc-server
# 2. Replace the data directory
mv data data.broken 2>/dev/null || true
tar xzf /backups/qpq-data-20260304.tar.gz -C .
tar xzf /backups/qpc-data-20260304.tar.gz -C .
# 3. Restore TLS certs if not included in the data backup
cp /backups/tls/server-cert.der data/server-cert.der
cp /backups/tls/server-key.der data/server-key.der
# 4. Start the server
systemctl start qpq-server
systemctl start qpc-server
```
### Restore Blobs Only
@@ -172,16 +172,16 @@ rsync -av /backups/blobs/ data/blobs/
```cron
# SQLCipher hot backup every 6 hours
0 */6 * * * /opt/qpq/scripts/backup-db.sh >> /var/log/qpq-backup.log 2>&1
0 */6 * * * /opt/qpc/scripts/backup-db.sh >> /var/log/qpc-backup.log 2>&1
# Full data directory daily at 02:00
0 2 * * * tar czf /backups/qpq-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicproquo
0 2 * * * tar czf /backups/qpc-data-$(date +\%Y\%m\%d).tar.gz -C /var/lib quicprochat
# Blob sync every hour
0 * * * * rsync -a /var/lib/quicproquo/blobs/ /backups/blobs/
0 * * * * rsync -a /var/lib/quicprochat/blobs/ /backups/blobs/
# Prune backups older than 30 days
0 3 * * 0 find /backups -name 'qpq-*' -mtime +30 -delete
0 3 * * 0 find /backups -name 'qpc-*' -mtime +30 -delete
```
## Verification
@@ -190,11 +190,11 @@ Always verify backups after creation:
```bash
# SQLCipher integrity check
sqlite3 /backups/qpq-latest.db \
"PRAGMA key = '${QPQ_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;"
sqlite3 /backups/qpc-latest.db \
"PRAGMA key = '${QPC_DB_KEY}'; PRAGMA integrity_check; SELECT count(*) FROM users;"
# File backend: check the archive is valid
tar tzf /backups/qpq-data-latest.tar.gz > /dev/null
tar tzf /backups/qpc-data-latest.tar.gz > /dev/null
# TLS cert: check it parses and is not expired
openssl x509 -inform DER -in /backups/tls/server-cert.der -noout -dates

36
docs/src/operations/monitoring.md
View File

@@ -1,7 +1,7 @@
# Monitoring Guide
This document covers metrics collection, alerting, and dashboards for
quicproquo server deployments.
quicprochat server deployments.
## Enabling Metrics
@@ -9,10 +9,10 @@ The server exports Prometheus metrics via HTTP when configured:
```bash
# Environment variables
QPQ_METRICS_LISTEN=0.0.0.0:9090
QPQ_METRICS_ENABLED=true
QPC_METRICS_LISTEN=0.0.0.0:9090
QPC_METRICS_ENABLED=true
# Or in qpq-server.toml
# Or in qpc-server.toml
metrics_listen = "0.0.0.0:9090"
metrics_enabled = true
```
@@ -50,9 +50,9 @@ global:
evaluation_interval: 15s
scrape_configs:
- job_name: 'qpq-server'
- job_name: 'qpc-server'
static_configs:
- targets: ['qpq-server:9090']
- targets: ['qpc-server:9090']
scrape_interval: 10s
```
@@ -61,17 +61,17 @@ scrape_configs:
```yaml
# prometheus-alerts.yml
groups:
- name: qpq-server
- name: qpc-server
rules:
# Server down
- alert: QpqServerDown
expr: up{job="qpq-server"} == 0
expr: up{job="qpc-server"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "qpq-server is down"
description: "Prometheus cannot scrape qpq-server metrics for > 1 minute."
summary: "qpc-server is down"
description: "Prometheus cannot scrape qpc-server metrics for > 1 minute."
# High auth failure rate (potential brute force)
- alert: QpqHighAuthFailureRate
@@ -138,7 +138,7 @@ groups:
## Key Dashboard Panels
See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels:
See `dashboards/qpc-overview.json` for the full Grafana dashboard. Key panels:
### Message Throughput
@@ -167,10 +167,10 @@ See `dashboards/qpq-overview.json` for the full Grafana dashboard. Key panels:
## Grafana Dashboard
Import the dashboard from `dashboards/qpq-overview.json`:
Import the dashboard from `dashboards/qpc-overview.json`:
1. Open Grafana -> Dashboards -> Import
2. Upload `docs/operations/dashboards/qpq-overview.json`
2. Upload `docs/operations/dashboards/qpc-overview.json`
3. Select your Prometheus data source
4. Save
@@ -183,7 +183,7 @@ The server uses `tracing` with `RUST_LOG` environment variable:
RUST_LOG=info
# Debug specific modules
RUST_LOG=info,quicproquo_server::node_service=debug
RUST_LOG=info,quicprochat_server::node_service=debug
# Verbose debugging
RUST_LOG=debug
@@ -196,7 +196,7 @@ RUST_LOG=debug
| `"TLS certificate expires within 30 days"` | Cert expiring soon | Rotate certificate |
| `"TLS certificate is self-signed"` | Self-signed cert in use | Replace with CA-signed cert in production |
| `"connection rate limit exceeded"` | IP being rate limited | Check for DDoS |
| `"running without QPQ_AUTH_TOKEN"` | Insecure mode | Must not appear in production |
| `"running without QPC_AUTH_TOKEN"` | Insecure mode | Must not appear in production |
| `"db_key is empty; SQL store will be plaintext"` | Unencrypted DB | Must not appear in production |
| `"shutdown signal received"` | Graceful shutdown started | Expected during deploys |
| `"generated and persisted new OPAQUE ServerSetup"` | Fresh OPAQUE setup | Expected on first start only |
@@ -207,13 +207,13 @@ For production, pipe logs to a log aggregator:
```bash
# Systemd -> journald -> Loki/Elasticsearch
journalctl -u qpq-server -f --output=json | \
journalctl -u qpc-server -f --output=json | \
promtail --stdin --client.url=http://loki:3100/loki/api/v1/push
# Docker -> Loki driver
docker run --log-driver=loki \
--log-opt loki-url="http://loki:3100/loki/api/v1/push" \
qpq-server
qpc-server
```
## Health Checking
@@ -229,5 +229,5 @@ ss -ulnp | grep 5001
curl -sf http://localhost:9090/metrics > /dev/null
# Full client connection test
qpq-client --server 127.0.0.1:5001 --ping
qpc-client --server 127.0.0.1:5001 --ping
```

34
docs/src/operations/scaling-guide.md
View File

@@ -1,11 +1,11 @@
# Scaling Guide
This document covers resource sizing, scaling triggers, and capacity planning
for quicproquo deployments.
for quicprochat deployments.
## Architecture Overview
quicproquo runs as a single-process server handling QUIC connections. Key
quicprochat runs as a single-process server handling QUIC connections. Key
resource consumers:
- **CPU**: TLS 1.3 handshakes (QUIC), OPAQUE PAKE authentication, message routing
@@ -73,7 +73,7 @@ handshakes and OPAQUE computations are CPU-intensive.
```bash
# Check current CPU usage
top -bn1 -p $(pgrep qpq-server)
top -bn1 -p $(pgrep qpc-server)
# For Docker: increase CPU limits in docker-compose.prod.yml
# deploy:
@@ -109,24 +109,24 @@ SQLCipher uses WAL mode for concurrent reads. For write-heavy workloads:
iostat -x 1 5
# Increase WAL autocheckpoint threshold for burst writes
sqlite3 data/qpq.db "PRAGMA key='${QPQ_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;"
sqlite3 data/qpc.db "PRAGMA key='${QPC_DB_KEY}'; PRAGMA wal_autocheckpoint=2000;"
```
## Horizontal Scaling
quicproquo does not yet have built-in multi-node clustering. For horizontal
quicprochat does not yet have built-in multi-node clustering. For horizontal
scaling, use these patterns:
### Load Balancer (UDP/QUIC)
Place a UDP load balancer in front of multiple qpq-server instances. Each
Place a UDP load balancer in front of multiple qpc-server instances. Each
instance runs independently with its own database.
```
+-----------+
clients ------> | L4 LB | ----> qpq-server-1 (db-1)
| (UDP/QUIC)| ----> qpq-server-2 (db-2)
+-----------+ qpq-server-3 (db-3)
clients ------> | L4 LB | ----> qpc-server-1 (db-1)
| (UDP/QUIC)| ----> qpc-server-2 (db-2)
+-----------+ qpc-server-3 (db-3)
```
**Requirements:**
@@ -140,7 +140,7 @@ instance runs independently with its own database.
Enable federation to relay messages between nodes:
```toml
# qpq-server.toml on node-1
# qpc-server.toml on node-1
[federation]
enabled = true
domain = "node1.chat.example.com"
@@ -160,9 +160,9 @@ For true horizontal scaling, migrating from SQLCipher to a shared PostgreSQL
instance is the planned approach. This is not yet implemented.
```
qpq-server-1 --\
qpq-server-2 ---+--> PostgreSQL (shared)
qpq-server-3 --/
qpc-server-1 --\
qpc-server-2 ---+--> PostgreSQL (shared)
qpc-server-3 --/
```
## Connection Tuning
@@ -181,7 +181,7 @@ For high connection counts:
# Increase OS file descriptor limit
ulimit -n 65536
# Increase UDP buffer sizes in /etc/sysctl.d/99-qpq.conf
# Increase UDP buffer sizes in /etc/sysctl.d/99-qpc.conf
net.core.rmem_max = 26214400
net.core.wmem_max = 26214400
net.core.rmem_default = 1048576
@@ -189,7 +189,7 @@ net.core.wmem_default = 1048576
```
```bash
sysctl -p /etc/sysctl.d/99-qpq.conf
sysctl -p /etc/sysctl.d/99-qpc.conf
```
## Docker Resource Limits
@@ -218,11 +218,11 @@ Use the included test infrastructure to benchmark:
```bash
# Build the test client
cargo build --release --bin qpq-client
cargo build --release --bin qpc-client
# Run concurrent connection test (example)
for i in $(seq 1 100); do
qpq-client --server 127.0.0.1:5001 &
qpc-client --server 127.0.0.1:5001 &
done
wait

20
docs/src/protocol-layers/capn-proto.md
View File

@@ -1,6 +1,6 @@
# Protobuf Framing
quicproquo v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicproquo-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec.
quicprochat v2 uses a custom binary framing protocol layered over QUIC bidirectional streams. Message payloads are serialised with Protocol Buffers (Protobuf) via the `prost` crate. The framing layer (implemented in `quicprochat-rpc`) adds a compact fixed-size header that carries the method ID, request correlation ID, and payload length -- enabling zero-copy dispatch without a separate length-delimited codec.
This page covers the three frame types, the method ID dispatch table, status codes, push event delivery, and the Protobuf schema organisation.
@@ -105,7 +105,7 @@ The `status` byte in a Response frame carries one of the following values:
## Method IDs
All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category.
All 44 RPC method IDs are defined in `crates/quicprochat-proto/src/lib.rs` in the `method_ids` module. The numeric ranges group related methods by service category.
### Auth (100-103)
@@ -230,7 +230,7 @@ All 44 RPC method IDs are defined in `crates/quicproquo-proto/src/lib.rs` in the
## Push Event Types
Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicproquo-proto/src/lib.rs`:
Server-to-client push events are delivered on QUIC uni-streams using the Push frame format. Event types are defined alongside method IDs in `quicprochat-proto/src/lib.rs`:
| Value | Event | Description |
|-------|-------|-------------|
@@ -261,7 +261,7 @@ This allows many concurrent RPCs on a single QUIC connection without head-of-lin
## Protobuf Schema Organisation
All message types are defined in `proto/qpq/v1/`:
All message types are defined in `proto/qpc/v1/`:
| File | Contents |
|---|---|
@@ -280,22 +280,22 @@ All message types are defined in `proto/qpq/v1/`:
| `p2p.proto` | P2P endpoints, health |
| `federation.proto` | Cross-server relay |
All `.proto` files use `package qpq.v1;` and are compiled to Rust at build time using `prost-build` via the `quicproquo-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required.
All `.proto` files use `package qpc.v1;` and are compiled to Rust at build time using `prost-build` via the `quicprochat-proto` crate's `build.rs`. The `protobuf-src` crate vendors `protoc`, so no system-wide `protoc` installation is required.
Generated Rust types are accessed via:
```rust
use quicproquo_proto::qpq::v1::{EnqueueRequest, FetchResponse, /* ... */};
use quicproquo_proto::method_ids::{ENQUEUE, FETCH, /* ... */};
use quicprochat_proto::qpc::v1::{EnqueueRequest, FetchResponse, /* ... */};
use quicprochat_proto::method_ids::{ENQUEUE, FETCH, /* ... */};
```
---
## Design Constraints of `quicproquo-proto`
## Design Constraints of `quicprochat-proto`
The `quicproquo-proto` crate enforces three constraints:
The `quicprochat-proto` crate enforces three constraints:
1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicproquo-core`.
1. **No crypto**: Key material never enters this crate. All encryption and signing happens in `quicprochat-core`.
2. **No I/O**: Callers own the transport. This crate only converts between bytes and types.
3. **No async**: Pure synchronous data-layer code. Async is the caller's responsibility.

14
docs/src/protocol-layers/hybrid-kem.md
View File

@@ -1,8 +1,8 @@
# Hybrid KEM: X25519 + ML-KEM-768
quicproquo implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519.
quicprochat implements a hybrid Key Encapsulation Mechanism that combines classical X25519 Diffie-Hellman with post-quantum ML-KEM-768 (FIPS 203). The hybrid construction ensures that the system remains secure even if one of the two components is broken: X25519 protects against failures in ML-KEM, and ML-KEM protects against quantum computers breaking X25519.
The implementation lives in `quicproquo-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network.
The implementation lives in `quicprochat-core/src/hybrid_kem.rs`. It is fully implemented and tested but **not yet integrated into the MLS ciphersuite** -- integration is planned for the M5 milestone. Currently, the module can be used as a standalone envelope encryption layer to wrap MLS payloads in an outer post-quantum-resistant encryption before they transit the network.
## Design approach
@@ -70,8 +70,8 @@ The two shared secrets are combined via HKDF-SHA256 with domain separation:
ikm = X25519_shared_secret(32 bytes) || ML-KEM_shared_secret(32 bytes)
salt = [] (empty)
key = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-v1", L=32)
nonce = HKDF-SHA256(salt, ikm, info="quicproquo-hybrid-nonce-v1", L=12)
key = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-v1", L=32)
nonce = HKDF-SHA256(salt, ikm, info="quicprochat-hybrid-nonce-v1", L=12)
```
The implementation in `derive_aead_material()`:
@@ -85,10 +85,10 @@ fn derive_aead_material(x25519_ss: &[u8], mlkem_ss: &[u8]) -> (Key, Nonce) {
let hk = Hkdf::<Sha256>::new(None, &ikm);
let mut key_bytes = Zeroizing::new([0u8; 32]);
hk.expand(b"quicproquo-hybrid-v1", &mut *key_bytes).unwrap();
hk.expand(b"quicprochat-hybrid-v1", &mut *key_bytes).unwrap();
let mut nonce_bytes = [0u8; 12];
hk.expand(b"quicproquo-hybrid-nonce-v1", &mut nonce_bytes).unwrap();
hk.expand(b"quicprochat-hybrid-nonce-v1", &mut nonce_bytes).unwrap();
(*Key::from_slice(&*key_bytes), *Nonce::from_slice(&nonce_bytes))
}
@@ -273,7 +273,7 @@ The AEAD nonce is derived deterministically from the shared secrets via HKDF. Si
## Further reading
- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicproquo's PQ strategy.
- [Post-Quantum Readiness](../cryptography/post-quantum-readiness.md) -- Broader discussion of quicprochat's PQ strategy.
- [MLS (RFC 9420)](mls.md) -- The MLS layer that the hybrid KEM will wrap.
- [Key Lifecycle and Zeroization](../cryptography/key-lifecycle.md) -- How hybrid key material is managed and cleared.
- [Threat Model](../cryptography/threat-model.md) -- Where hybrid KEM fits in the overall threat model.

20
docs/src/protocol-layers/mls.md
View File

@@ -1,8 +1,8 @@
# MLS (RFC 9420)
The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicproquo. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicproquo from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack.
The Messaging Layer Security protocol (RFC 9420) is the core cryptographic layer in quicprochat. It provides authenticated group key agreement with forward secrecy and post-compromise security -- properties that distinguish quicprochat from a simple transport-encrypted relay. This is the most detailed page in the Protocol Deep Dives section because MLS is the most complex layer in the stack.
The implementation lives in `quicproquo-core/src/group.rs` and `quicproquo-core/src/keystore.rs`, using the `openmls 0.5` crate.
The implementation lives in `quicprochat-core/src/group.rs` and `quicprochat-core/src/keystore.rs`, using the `openmls 0.5` crate.
## Background: what problem MLS solves
@@ -21,7 +21,7 @@ MLS takes a fundamentally different approach: it uses a **ratchet tree** (a bina
## Ciphersuite
quicproquo uses:
quicprochat uses:
```text
MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519
@@ -38,7 +38,7 @@ This ciphersuite provides 128-bit classical security. Post-quantum protection is
## The `GroupMember` state machine
The central type is `GroupMember`, defined in `quicproquo-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair.
The central type is `GroupMember`, defined in `quicprochat-core/src/group.rs`. It wraps an openmls `MlsGroup`, a persistent crypto backend (`StoreCrypto`), and the user's long-term Ed25519 identity keypair.
### Lifecycle diagram
@@ -135,7 +135,7 @@ pub fn create_group(&mut self, group_id: &[u8]) -> Result<(), CoreError>
Creates a new MLS group at epoch 0 with the caller as the sole member.
**Parameters:**
- `group_id`: Any non-empty byte string. By convention, quicproquo uses the SHA-256 digest of a human-readable group name.
- `group_id`: Any non-empty byte string. By convention, quicprochat uses the SHA-256 digest of a human-readable group name.
**What happens internally:**
@@ -259,7 +259,7 @@ Processes an incoming TLS-encoded MLS message.
## The `StoreCrypto` backend
The `StoreCrypto` struct (in `quicproquo-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations:
The `StoreCrypto` struct (in `quicprochat-core/src/keystore.rs`) implements `OpenMlsCryptoProvider`, which openmls requires for all cryptographic operations:
```rust
pub struct StoreCrypto {
@@ -318,11 +318,11 @@ KeyPackageIn::tls_deserialize(&mut bytes.as_ref())?
### Feature-gated methods
Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicproquo does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants.
Several convenient methods (`into_welcome()`, `into_protocol_message()`) are feature-gated behind openmls feature flags that quicprochat does not enable. The workaround is to use `msg_in.extract()` and pattern-match on the `MlsMessageInBody` enum variants.
### MlsGroup is not Send
`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicproquo, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks.
`MlsGroup` holds internal state that may not be `Send` depending on the crypto backend. In quicprochat, `StoreCrypto` uses `RwLock` (which is `Send + Sync`), so `GroupMember` is `Send`. However, all MLS operations must use the same backend instance, so `GroupMember` should not be cloned across tasks.
## Ratchet tree embedding
@@ -335,7 +335,7 @@ The trade-off:
- **Pro**: No need for a separate tree distribution service or additional round-trips.
- **Con**: Welcome messages grow with the group size (O(n log n) for a balanced tree of n members).
For quicproquo's target group sizes (2-100 members), this trade-off is acceptable.
For quicprochat's target group sizes (2-100 members), this trade-off is acceptable.
## Wire format
@@ -386,7 +386,7 @@ The following sequence shows a complete Alice-and-Bob scenario, matching the `tw
## Credential model
quicproquo uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key:
quicprochat uses MLS `Basic` credentials. The credential body is the raw Ed25519 public key bytes (32 bytes), and the `signature_key` is the same public key:
```rust
let credential = Credential::new(

16
docs/src/protocol-layers/overview.md
View File

@@ -1,6 +1,6 @@
# Protocol Layers Overview
quicproquo composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance.
quicprochat composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance.
This page provides a high-level comparison and a suggested reading order. The deep-dive pages that follow contain implementation details drawn directly from the source code.
@@ -9,7 +9,7 @@ This page provides a high-level comparison and a suggested reading order. The de
| Layer | Standard / Spec | Crate(s) | Security Properties |
|---|---|---|---|
| **QUIC + TLS 1.3** | RFC 9000, RFC 9001 | `quinn 0.11`, `rustls 0.23` | Transport confidentiality, server authentication, 0-RTT resumption |
| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicproquo-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes |
| **Protobuf framing** | Custom binary header + [Protocol Buffers](https://protobuf.dev/) | `quicprochat-rpc`, `prost 0.13` | Typed length-prefixed frames, method dispatch, push events, status codes |
| **MLS** | [RFC 9420](https://www.rfc-editor.org/rfc/rfc9420.html) | `openmls 0.5` | Group key agreement, forward secrecy, post-compromise security (PCS) |
| **Hybrid KEM** | [draft-ietf-tls-hybrid-design](https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/) | `ml-kem 0.2`, `x25519-dalek 2` | Post-quantum resistance via ML-KEM-768 combined with X25519 |
@@ -48,7 +48,7 @@ The pages in this section are ordered to build understanding incrementally:
1. **[QUIC + TLS 1.3](quic-tls.md)** -- Start here. This is the transport layer that every client-server connection uses. Understanding QUIC stream multiplexing and the TLS 1.3 handshake is prerequisite to understanding how the Protobuf framing protocol rides on top.
2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicproquo an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page.
2. **[MLS (RFC 9420)](mls.md)** -- The core cryptographic innovation. MLS provides the group key agreement that makes quicprochat an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page.
3. **[Protobuf Framing](capn-proto.md)** -- The framing and RPC layer that bridges MLS application data with the transport. Understanding the three frame types (Request, Response, Push), the method ID dispatch table, and status codes is essential for reading the server and client source code.
@@ -71,10 +71,10 @@ Each protocol layer maps to one or more workspace crates:
| Layer | Primary Crate | Source File(s) |
|---|---|---|
| QUIC + TLS 1.3 | `quicproquo-server`, `quicproquo-client` | Server and client entry points |
| Protobuf framing | `quicproquo-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` |
| Protobuf types + method IDs | `quicproquo-proto` | `src/lib.rs` (method_ids), `proto/qpq/v1/*.proto` |
| MLS | `quicproquo-core` | `src/group.rs`, `src/keystore.rs` |
| Hybrid KEM | `quicproquo-core` | `src/hybrid_kem.rs` |
| QUIC + TLS 1.3 | `quicprochat-server`, `quicprochat-client` | Server and client entry points |
| Protobuf framing | `quicprochat-rpc` | `src/framing.rs`, `src/server.rs`, `src/client.rs` |
| Protobuf types + method IDs | `quicprochat-proto` | `src/lib.rs` (method_ids), `proto/qpc/v1/*.proto` |
| MLS | `quicprochat-core` | `src/group.rs`, `src/keystore.rs` |
| Hybrid KEM | `quicprochat-core` | `src/hybrid_kem.rs` |
For a full crate responsibility breakdown, see [Crate Responsibilities](../architecture/crate-responsibilities.md).

32
docs/src/protocol-layers/quic-tls.md
View File

@@ -1,6 +1,6 @@
# QUIC + TLS 1.3
quicproquo uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides.
quicprochat uses QUIC (RFC 9000) with mandatory TLS 1.3 (RFC 9001) as its transport layer. This page explains how the `quinn` and `rustls` crates are integrated and what security properties the transport provides.
## Why QUIC
@@ -15,11 +15,11 @@ QUIC provides several advantages over traditional TCP-based transports:
## Crate integration
quicproquo uses the following crates for QUIC and TLS:
quicprochat uses the following crates for QUIC and TLS:
- **`quinn 0.11`** -- The async QUIC implementation for Tokio. Provides `Endpoint`, `Connection`, and bidirectional/uni-directional stream types.
- **`quinn-proto 0.11`** -- The protocol-level types, including `QuicServerConfig` and `QuicClientConfig` wrappers that bridge `rustls` into `quinn`.
- **`rustls 0.23`** -- The TLS implementation. quicproquo uses it in strict TLS 1.3 mode with no fallback to TLS 1.2.
- **`rustls 0.23`** -- The TLS implementation. quicprochat uses it in strict TLS 1.3 mode with no fallback to TLS 1.2.
- **`rcgen 0.13`** -- Self-signed certificate generation for development and testing.
### Server configuration
@@ -30,7 +30,7 @@ The server builds its QUIC endpoint configuration with:
let mut tls = rustls::ServerConfig::builder_with_protocol_versions(&[&TLS13])
.with_no_client_auth()
.with_single_cert(cert_chain, key)?;
tls.alpn_protocols = vec![b"qpq".to_vec()];
tls.alpn_protocols = vec![b"qpc".to_vec()];
let crypto = QuicServerConfig::try_from(tls)?;
Ok(ServerConfig::with_crypto(Arc::new(crypto)))
@@ -38,11 +38,11 @@ Ok(ServerConfig::with_crypto(Arc::new(crypto)))
Key points:
1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicproquo relies on.
1. **TLS 1.3 strict mode**: `builder_with_protocol_versions(&[&TLS13])` ensures no TLS 1.2 fallback. This is a hard requirement: TLS 1.2 lacks the 0-RTT and full forward secrecy guarantees that quicprochat relies on.
2. **No client certificate authentication**: `with_no_client_auth()` means the server does not verify client certificates at the TLS layer. Client authentication is handled at the application layer via OPAQUE password authentication and Ed25519 identity keys. This is a deliberate design choice -- OPAQUE provides stronger authentication properties than TLS client certificates without requiring PKI infrastructure.
3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpq"`, advertising that this endpoint speaks the quicproquo v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails.
3. **ALPN negotiation**: The Application-Layer Protocol Negotiation extension is set to `b"qpc"`, advertising that this endpoint speaks the quicprochat v2 Protobuf framing protocol. Both client and server must agree on this protocol identifier or the TLS handshake fails.
4. **`QuicServerConfig` bridge**: The `quinn-proto` crate provides `QuicServerConfig::try_from(tls)` to adapt the `rustls::ServerConfig` for use with QUIC. This handles the QUIC-specific TLS parameters (transport parameters, QUIC header protection keys) automatically.
@@ -57,7 +57,7 @@ roots.add(CertificateDer::from(cert_bytes))?;
let mut tls = rustls::ClientConfig::builder_with_protocol_versions(&[&TLS13])
.with_root_certificates(roots)
.with_no_client_auth();
tls.alpn_protocols = vec![b"qpq".to_vec()];
tls.alpn_protocols = vec![b"qpc".to_vec()];
let crypto = QuicClientConfig::try_from(tls)?;
```
@@ -89,11 +89,11 @@ Unlike the v1 Cap'n Proto RPC (which required `tokio::task::LocalSet` due to
## Certificate trust model
quicproquo currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates:
quicprochat currently uses a **trust-on-first-use (TOFU)** model with self-signed certificates:
1. On first start, the server generates a self-signed certificate using `rcgen::generate_simple_self_signed` with SANs for `localhost`, `127.0.0.1`, and `::1`.
2. The certificate and private key are persisted to disk as DER files (default: `data/server-cert.der` and `data/server-key.der`).
3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPQ_CA_CERT` environment variable.
3. Clients must obtain the server's certificate file out-of-band and reference it via the `--ca-cert` flag or `QPC_CA_CERT` environment variable.
This model is adequate for development and single-server deployments. The roadmap includes:
@@ -143,18 +143,18 @@ The QUIC + TLS 1.3 layer provides:
| Environment Variable | CLI Flag | Default | Description |
|---|---|---|---|
| `QPQ_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address |
| `QPQ_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path |
| `QPQ_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path |
| `QPQ_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory |
| `QPC_LISTEN` | `--listen` | `0.0.0.0:5001` | QUIC listen address |
| `QPC_TLS_CERT` | `--tls-cert` | `data/server-cert.der` | TLS certificate path |
| `QPC_TLS_KEY` | `--tls-key` | `data/server-key.der` | TLS private key path |
| `QPC_DATA_DIR` | `--data-dir` | `data` | Persistent storage directory |
### Client
| Environment Variable | CLI Flag | Default | Description |
|---|---|---|---|
| `QPQ_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust |
| `QPQ_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) |
| `QPQ_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) |
| `QPC_CA_CERT` | `--ca-cert` | `data/server-cert.der` | Server certificate to trust |
| `QPC_SERVER_NAME` | `--server-name` | `localhost` | Expected TLS server name (must match certificate SAN) |
| `QPC_SERVER` | `--server` | `127.0.0.1:5001` | Server address (per-subcommand) |
## Further reading

2
docs/src/roadmap/authz-plan.md
View File

@@ -1,7 +1,7 @@
# Auth, Devices, and Tokens
This page describes the authentication, device management, and authorisation
design for quicproquo. It introduces account and device identities, gates
design for quicprochat. It introduces account and device identities, gates
server operations by authenticated identity, enforces rate and size limits, and
binds MLS identity keys to accounts.

2
docs/src/roadmap/dm-channels.md
View File

@@ -1,7 +1,7 @@
# 1:1 Channel Design
This page describes the design for first-class 1:1 (direct message) channels in
quicproquo. Channels provide per-conversation authorisation, MLS-encrypted
quicprochat. Channels provide per-conversation authorisation, MLS-encrypted
payloads, message retention with TTL eviction, and backward compatibility with
the legacy delivery model.

2
docs/src/roadmap/fully-operational-checklist.md
View File

@@ -109,7 +109,7 @@ Not strictly required for “operational” but expected for production deployme
## 3. Roadmap and Documentation Updates
- **Milestones doc:** Mark M4 as **Complete** (CLI subcommands exist). Mark M6 as **Complete** (migrations + runner; server and client persistence in place). Leave M5 as **Next** and M7 as **Planned**.
- **README:** Update milestone table to reflect M4 and M6 complete; add one line on migrations (e.g. “Server supports SQL migrations under `quicproquo-server/migrations/`”).
- **README:** Update milestone table to reflect M4 and M6 complete; add one line on migrations (e.g. “Server supports SQL migrations under `quicprochat-server/migrations/`”).
- **Migration convention:** Document in README or a dev doc: add new migrations as `NNN_name.sql`, add to `MIGRATIONS` in `sql_store.rs`, bump `SCHEMA_VERSION`.
---

16
docs/src/roadmap/future-research.md
View File

@@ -1,7 +1,7 @@
# Future Research Directions
This page catalogues technologies and research directions that could strengthen
quicproquo beyond the current [milestone plan](milestones.md). Each entry
quicprochat beyond the current [milestone plan](milestones.md). Each entry
includes a brief description, the problem it solves, relevant crates or
specifications, and how it maps to the project architecture.
@@ -94,7 +94,7 @@ vulnerable to harvest-now-decrypt-later attacks.
hybrid Ed25519 + ML-DSA-65 for credential signatures. The `ml-kem` crate is
already vendored in the workspace.
**Architecture impact:** Custom `OpenMlsCryptoProvider` in `quicproquo-core`
**Architecture impact:** Custom `OpenMlsCryptoProvider` in `quicprochat-core`
implementing the hybrid combiner. This is the M7 milestone -- see
[Milestones](milestones.md#m7----post-quantum-planned) and
[Hybrid KEM](../protocol-layers/hybrid-kem.md).
@@ -186,7 +186,7 @@ admin could require proof of organization membership before allowing join.
**Problem:** A single server is a single point of failure and a single point of
trust. Users on different servers cannot communicate.
**Solution:** Federation allows multiple quicproquo servers to exchange
**Solution:** Federation allows multiple quicprochat servers to exchange
messages, similar to [Matrix](https://matrix.org/) homeserver federation. Each
server manages its own users and relays messages to peer servers.
@@ -278,10 +278,10 @@ the user base for testing and demonstration.
**Solution:** [Tauri](https://tauri.app/) or [Dioxus](https://dioxuslabs.com/)
provide native cross-platform GUI frameworks in Rust. The
`quicproquo-core` crate can be shared directly with the GUI client.
`quicprochat-core` crate can be shared directly with the GUI client.
**Architecture impact:** Add a `quicproquo-gui` crate that depends on
`quicproquo-core` and `quicproquo-proto`. The GUI drives the same
**Architecture impact:** Add a `quicprochat-gui` crate that depends on
`quicprochat-core` and `quicprochat-proto`. The GUI drives the same
`GroupMember` and RPC logic as the CLI client.
**Crates:** `tauri`, `dioxus`
@@ -294,7 +294,7 @@ provide native cross-platform GUI frameworks in Rust. The
[diplomat](https://github.com/nickelc/diplomat) generate idiomatic Swift and
Kotlin bindings from Rust definitions.
**Architecture impact:** Expose `quicproquo-core` through a C-compatible FFI
**Architecture impact:** Expose `quicprochat-core` through a C-compatible FFI
layer. Mobile apps call into the Rust crypto and protocol logic.
**Crates:** `uniffi`, `diplomat`
@@ -325,7 +325,7 @@ Items marked **Implemented** are already part of the v2 codebase.
| -- | **Post-quantum hybrid KEM** | `ml-kem` vendored; custom `OpenMlsCryptoProvider` with X25519 + ML-KEM-768. | **Implemented** |
| -- | **SQLCipher persistence** | Encrypted-at-rest storage via rusqlite + bundled-sqlcipher + Argon2id key derivation. | **Implemented** |
| -- | **OPAQUE auth** | Zero-knowledge password authentication via `opaque-ke`. Server never stores passwords. | **Implemented** |
| -- | **iroh P2P** | NAT traversal and optional P2P mesh via the `quicproquo-p2p` crate (feature-flagged). | **Implemented** |
| -- | **iroh P2P** | NAT traversal and optional P2P mesh via the `quicprochat-p2p` crate (feature-flagged). | **Implemented** |
| -- | **Sealed Sender** | `--sealed-sender` flag encrypts sender identity inside MLS ciphertext. | **Implemented** |
| 1 | **PIR (Private Information Retrieval)** | Fetch messages without revealing the recipient's identity to the server. | Future |
| 2 | **Key Transparency** | Verifiable, append-only log of public key bindings. Detects key substitution attacks. | Future |

22
docs/src/roadmap/milestones.md
View File

@@ -1,6 +1,6 @@
# Milestone Tracker
This page tracks the project milestones for quicproquo, from initial transport
This page tracks the project milestones for quicprochat, from initial transport
layer through post-quantum cryptography. Each milestone produces production-ready,
tested, deployable code -- see [Coding Standards](../contributing/coding-standards.md)
for what that means in practice.
@@ -29,13 +29,13 @@ typed Cap'n Proto frames.
**Deliverables:**
- `schemas/envelope.capnp`: `Envelope` struct with `MsgType` enum (Ping/Pong at this stage)
- `quicproquo-proto`: `build.rs` invoking `capnpc`, generated type re-exports,
- `quicprochat-proto`: `build.rs` invoking `capnpc`, generated type re-exports,
canonical serialisation helpers
- `quicproquo-core`: Ed25519 identity keypair generation,
- `quicprochat-core`: Ed25519 identity keypair generation,
Cap'n Proto frame codec (Tokio `Encoder`/`Decoder`)
- `quicproquo-server`: QUIC listener with TLS 1.3 (quinn/rustls), Ping to Pong
- `quicprochat-server`: QUIC listener with TLS 1.3 (quinn/rustls), Ping to Pong
handler, one tokio task per connection
- `quicproquo-client`: connects over QUIC, sends Ping, receives Pong, exits 0
- `quicprochat-client`: connects over QUIC, sends Ping, receives Pong, exits 0
- Integration test: server and client in same test binary using `tokio::spawn`
- `docker-compose.yml` running the server
@@ -54,10 +54,10 @@ via Cap'n Proto RPC.
- `schemas/auth.capnp`: `AuthenticationService` interface (`uploadKeyPackage`,
`fetchKeyPackage`)
- `quicproquo-core`: Ed25519 identity keypair generation, MLS KeyPackage
- `quicprochat-core`: Ed25519 identity keypair generation, MLS KeyPackage
generation via `openmls`
- `quicproquo-server`: AS RPC server with `DashMap` store, atomic consume-on-fetch
- `quicproquo-client`: `register-state` and `fetch-key` CLI subcommands
- `quicprochat-server`: AS RPC server with `DashMap` store, atomic consume-on-fetch
- `quicprochat-client`: `register-state` and `fetch-key` CLI subcommands
- Integration test: Alice uploads KeyPackage, Bob fetches it, fingerprints match
**Tests:** auth\_service.rs integration tests (upload, fetch, consume semantics).
@@ -97,7 +97,7 @@ group\_id lifecycle, MLS integration.
3. **openmls 0.5 API gotchas.** Several `openmls` methods changed signatures
between 0.4 and 0.5 (e.g., `MlsGroup::new` vs `MlsGroup::new_with_group_id`,
`BasicCredential::new` taking `Vec<u8>` directly). These differences are
documented inline in `quicproquo-core/src/group.rs`.
documented inline in `quicprochat-core/src/group.rs`.
**Branch:** `feat/m1-noise-transport`
@@ -142,13 +142,13 @@ providing post-quantum confidentiality for all group key material.
**Deliverables:**
- Custom `OpenMlsCryptoProvider` with hybrid KEM in `quicproquo-core`
- Custom `OpenMlsCryptoProvider` with hybrid KEM in `quicprochat-core`
- Hybrid shared secret derivation:
```
SharedSecret = HKDF-SHA256(
ikm = X25519_ss || ML-KEM-768_ss,
info = "quicproquo-hybrid-v1",
info = "quicprochat-hybrid-v1",
len = 32
)
```

2
docs/src/roadmap/phase2-and-m4-m6.md
View File

@@ -21,7 +21,7 @@ The following legacy behaviour has been removed; only current behaviour is suppo
| Task | Status | Notes |
|------|--------|-------|
| **Ciphersuite allowlist** | **Done** | Server rejects KeyPackages whose ciphersuite is not `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`. See `quicproquo_core::validate_keypackage_ciphersuite` and `upload_key_package` (E021). |
| **Ciphersuite allowlist** | **Done** | Server rejects KeyPackages whose ciphersuite is not `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519`. See `quicprochat_core::validate_keypackage_ciphersuite` and `upload_key_package` (E021). |
| **ALPN enforcement** | **Done** | Server TLS config sets `alpn_protocols = [b"capnp"]`; handshake completes only if client offers `capnp`. |
| **Connection draining** | **Done** | On `Ctrl+C`, server calls `endpoint.close(0, b"server shutdown")` and exits the accept loop. |
| **Wire versioning** | **Done** | `enqueue`, `fetch`, `fetchWait` require `version == CURRENT_WIRE_VERSION` (1). Other RPCs use auth version. |

10
docs/src/roadmap/production-readiness.md
View File

@@ -1,6 +1,6 @@
# Production Readiness WBS
This page defines the work breakdown structure (WBS) for taking quicproquo
This page defines the work breakdown structure (WBS) for taking quicprochat
from a proof-of-concept to a production-hardened system. It covers feature scope,
security policy, phased delivery, and a planning checklist.
@@ -11,7 +11,7 @@ document focuses on the cross-cutting concerns that span multiple milestones.
## Feature Scope (Must-Have)
These are the feature areas that must be addressed before quicproquo can be
These are the feature areas that must be addressed before quicprochat can be
considered production-ready. Each area maps to one or more milestones or phases
in the WBS below.
@@ -30,7 +30,7 @@ in the WBS below.
## Security Plan (By Design)
quicproquo follows a security-by-design philosophy. The standards below are
quicprochat follows a security-by-design philosophy. The standards below are
non-negotiable -- see [Coding Standards](../contributing/coding-standards.md) for
how they are enforced in code.
@@ -44,7 +44,7 @@ how they are enforced in code.
### Transport Policy
- TLS 1.3 only (`rustls` configured with `TLS13` cipher suites exclusively).
- ALPN token `b"qpq"` required; reject connections with mismatched ALPN.
- ALPN token `b"qpc"` required; reject connections with mismatched ALPN.
- Self-signed certificates acceptable for development; production deployments
must use a CA-signed certificate or certificate pinning.
- Connection draining on shutdown (QUIC `CONNECTION_CLOSE`).
@@ -128,7 +128,7 @@ how they are enforced in code.
| Wire versioning | Version field in all Protobuf frames; reject unknown versions |
| Ciphersuite allowlist | Server rejects KeyPackages outside the allowed set |
| Downgrade guards | Prevent epoch rollback; reject Commits with weaker ciphersuites |
| ALPN enforcement | Reject connections without `b"qpq"` ALPN token |
| ALPN enforcement | Reject connections without `b"qpc"` ALPN token |
| Connection draining | Graceful QUIC `CONNECTION_CLOSE` on server shutdown |
| KeyPackage rotation | Client-side timer to upload fresh KeyPackages before TTL expiry |

12
docs/src/sdk/index.md
View File

@@ -1,17 +1,17 @@
# Client SDKs
This guide covers how to build clients for the quicproquo E2E encrypted messenger
This guide covers how to build clients for the quicprochat E2E encrypted messenger
using the official SDKs or by implementing a new one.
## Official SDKs
| Language | Location | Transport | Status |
|----------|----------|-----------|--------|
| **Rust** | `crates/quicproquo-client` | QUIC + Protobuf (v2) | Production |
| **Rust** | `crates/quicprochat-client` | QUIC + Protobuf (v2) | Production |
| **Go** | `sdks/go/` | QUIC + Protobuf (v2) | Production |
| **TypeScript** | `sdks/typescript/` | WebSocket bridge + WASM crypto | Production |
| **Python** | `sdks/python/` | QUIC + Protobuf (v2) / Rust FFI | Production |
| **C** | `crates/quicproquo-ffi/` | Rust FFI (synchronous) | Production |
| **C** | `crates/quicprochat-ffi/` | Rust FFI (synchronous) | Production |
| **Swift** | `sdks/swift/` | C FFI wrapper | In progress |
| **Kotlin** | `sdks/kotlin/` | JNI + C FFI | In progress |
| **Java** | `sdks/java/` | JNI + C FFI | In progress |
@@ -49,15 +49,15 @@ use the same 10-byte framing header followed by a protobuf payload.
## Canonical Schemas
- **Protobuf** (v2): `proto/qpq/v1/*.proto` -- 14 service definitions
- **Protobuf** (v2): `proto/qpc/v1/*.proto` -- 14 service definitions
The protobuf schemas in `proto/qpq/v1/` are the canonical API contract for
The protobuf schemas in `proto/qpc/v1/` are the canonical API contract for
the v2 protocol. New SDKs should implement against these definitions.
## Documentation
- [Wire Format Reference](wire-format.md) -- v2 QUIC + Protobuf framing and method IDs
- [Rust SDK](rust.md) -- native Rust client using `quicproquo-sdk`
- [Rust SDK](rust.md) -- native Rust client using `quicprochat-sdk`
- [Go SDK](../getting-started/go-sdk.md) -- Go client with QUIC transport
- [TypeScript SDK](../getting-started/typescript-sdk.md) -- browser and Node.js client
- [C FFI Bindings](../getting-started/ffi.md) -- C bindings for language integrations

22
docs/src/sdk/rust.md
View File

@@ -1,7 +1,7 @@
# Rust SDK
The Rust client is the reference implementation, located in
`crates/quicproquo-client/`. It is built on top of the `quicproquo-sdk` crate,
`crates/quicprochat-client/`. It is built on top of the `quicprochat-sdk` crate,
which provides the high-level v2 API over QUIC + Protobuf.
## Installation
@@ -10,13 +10,13 @@ Add to your `Cargo.toml`:
```toml
[dependencies]
quicproquo-sdk = { path = "crates/quicproquo-sdk" }
quicprochat-sdk = { path = "crates/quicprochat-sdk" }
```
## Connection
```rust
use quicproquo_sdk::QpqClient;
use quicprochat_sdk::QpqClient;
let client = QpqClient::connect("127.0.0.1:5001", &tls_config).await?;
let health = client.health().await?;
@@ -24,10 +24,10 @@ let health = client.health().await?;
## CLI Client Usage
The `quicproquo-client` binary provides a CLI/TUI interface:
The `quicprochat-client` binary provides a CLI/TUI interface:
```rust
use quicproquo_client::{cmd_health, cmd_login, cmd_send};
use quicprochat_client::{cmd_health, cmd_login, cmd_send};
// Health check
cmd_health("127.0.0.1:5001", &ca_cert_path, "localhost").await?;
@@ -49,17 +49,17 @@ cmd_login(
- OPAQUE authentication with zeroizing credential storage
- SQLCipher local state with Argon2id key derivation
- Sealed sender metadata protection (`--sealed-sender` flag)
- v2 QUIC + Protobuf transport via the `quicproquo-sdk` crate
- v2 QUIC + Protobuf transport via the `quicprochat-sdk` crate
## Crate Structure
| Crate | Purpose |
|-------|---------|
| `quicproquo-core` | Crypto primitives, MLS, hybrid KEM |
| `quicproquo-proto` | Protobuf generated types |
| `quicproquo-rpc` | QUIC RPC framework (framing, dispatch) |
| `quicproquo-sdk` | High-level client SDK (`QpqClient`) |
| `quicproquo-client` | CLI/TUI client application |
| `quicprochat-core` | Crypto primitives, MLS, hybrid KEM |
| `quicprochat-proto` | Protobuf generated types |
| `quicprochat-rpc` | QUIC RPC framework (framing, dispatch) |
| `quicprochat-sdk` | High-level client SDK (`QpqClient`) |
| `quicprochat-client` | CLI/TUI client application |
## Related

6
docs/src/sdk/wire-format.md
View File

@@ -1,12 +1,12 @@
# Wire Format Reference
The quicproquo v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport
The quicprochat v2 protocol uses QUIC (RFC 9000) with TLS 1.3 as the transport
layer and Protocol Buffers for message serialization.
## Connection
- **Protocol**: QUIC with TLS 1.3
- **ALPN**: `qpq`
- **ALPN**: `qpc`
- **Port**: 5001 (default)
- **Certificate**: Server presents a TLS certificate; clients verify against a CA cert
@@ -138,7 +138,7 @@ This allows concurrent RPCs without head-of-line blocking.
## Protobuf Definitions
All message types are defined in `proto/qpq/v1/*.proto`:
All message types are defined in `proto/qpc/v1/*.proto`:
| File | Services |
|------|----------|

6
docs/src/wire-format/auth-schema.md
View File

@@ -1,7 +1,7 @@
# Auth Schema
**Proto file:** `proto/qpq/v1/auth.proto`
**Package:** `qpq.v1`
**Proto file:** `proto/qpc/v1/auth.proto`
**Package:** `qpc.v1`
**Method IDs:** 100-103
The auth proto defines the OPAQUE asymmetric password-authenticated key exchange (PAKE) messages used for user registration and login. OPAQUE never transmits the password to the server; the server learns only a random value derived from the password.
@@ -16,7 +16,7 @@ See [Authentication Service Internals](../internals/authentication-service.md) f
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// OPAQUE registration + login (4 methods).
// Method IDs: 100-103.

8
docs/src/wire-format/delivery-schema.md
View File

@@ -1,7 +1,7 @@
# Delivery and Keys Schema
**Proto files:** `proto/qpq/v1/delivery.proto`, `proto/qpq/v1/keys.proto`
**Package:** `qpq.v1`
**Proto files:** `proto/qpc/v1/delivery.proto`, `proto/qpc/v1/keys.proto`
**Package:** `qpc.v1`
**Method IDs:** 200-205 (delivery), 300-304 (key packages and hybrid keys), 510-520 (key transparency)
This page documents the Protobuf message definitions for the delivery service (store-and-forward message relay) and the key management service (MLS KeyPackages, hybrid post-quantum keys, and key transparency).
@@ -16,7 +16,7 @@ The delivery service is a store-and-forward relay. It is intentionally MLS-unawa
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Delivery service: enqueue, fetch, peek, ack, batch (6 methods).
// Method IDs: 200-205.
@@ -221,7 +221,7 @@ Key management for MLS KeyPackages, hybrid post-quantum keys, and key transparen
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Key package + hybrid key CRUD (5 methods).
// Method IDs: 300-304.

4
docs/src/wire-format/envelope-schema.md
View File

@@ -2,7 +2,7 @@
The v2 RPC protocol dispatches requests by a `u16` method ID encoded in the first two bytes of every request frame. This page is the authoritative reference for all 44 method IDs and their corresponding Protobuf message types.
Method IDs are defined in `crates/quicproquo-proto/src/lib.rs` (the `method_ids` module). Proto definitions live in `proto/qpq/v1/`.
Method IDs are defined in `crates/quicprochat-proto/src/lib.rs` (the `method_ids` module). Proto definitions live in `proto/qpc/v1/`.
---
@@ -190,7 +190,7 @@ Push events are sent by the server on QUIC uni-streams using the push frame form
| 1002 | `PUSH_PRESENCE` | `PresenceUpdate` |
| 1003 | `PUSH_MEMBERSHIP` | `GroupMembershipChange` |
Push payload messages are defined in `proto/qpq/v1/push.proto` and wrapped in a `PushEvent` oneof. See [RPC Reference](node-service-schema.md) for the full proto listing.
Push payload messages are defined in `proto/qpc/v1/push.proto` and wrapped in a `PushEvent` oneof. See [RPC Reference](node-service-schema.md) for the full proto listing.
---

34
docs/src/wire-format/node-service-schema.md
View File

@@ -1,12 +1,12 @@
# RPC Reference
**Proto package:** `qpq.v1`
**Proto files:** 14 files in `proto/qpq/v1/`
**Proto package:** `qpc.v1`
**Proto files:** 14 files in `proto/qpc/v1/`
**Total methods:** 44
This page is the complete Protobuf definition reference for all 14 proto files in the v2 RPC protocol. For transport framing, see [Wire Format Overview](overview.md). For method ID assignments, see [Method ID Reference](envelope-schema.md).
Generated Rust types live in `crates/quicproquo-proto/src/` (via prost).
Generated Rust types live in `crates/quicprochat-proto/src/` (via prost).
---
@@ -16,7 +16,7 @@ OPAQUE asymmetric PAKE for registration and login. See [Auth Schema](auth-schema
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
message OpaqueRegisterStartRequest {
string username = 1;
@@ -65,7 +65,7 @@ Shared types and account deletion.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Auth context for federation and internal use.
// In v2, session authentication is carried at the QUIC connection level
@@ -93,7 +93,7 @@ Store-and-forward message relay. See [Delivery Schema](delivery-schema.md) for f
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
message Envelope {
uint64 seq = 1;
@@ -178,7 +178,7 @@ MLS KeyPackages, hybrid PQ keys, and key transparency. See [Delivery Schema](del
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
message UploadKeyPackageRequest {
bytes identity_key = 1;
@@ -266,7 +266,7 @@ message LogEntry {
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Channel create (1 method).
// Method ID: 400.
@@ -291,7 +291,7 @@ Group management: member removal, metadata, member listing, and key rotation.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Group management (4 methods).
// Method IDs: 410-413.
@@ -359,7 +359,7 @@ Content moderation: encrypted reports, bans, and audit lists.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Moderation service: report, ban, unban, list reports, list banned.
// Method IDs: 420-424.
@@ -432,7 +432,7 @@ Forward and reverse user resolution.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// User resolve + identity (2 methods).
// Method IDs: 500-501.
@@ -465,7 +465,7 @@ Content-addressed binary object storage with chunked upload and ranged download.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Blob upload/download (2 methods).
// Method IDs: 600-601.
@@ -505,7 +505,7 @@ Multi-device management and push notification token registration.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Device register/list/revoke (3 methods).
// Method IDs: 700-702.
@@ -568,7 +568,7 @@ Encrypted account recovery bundle storage. The server stores an opaque blob inde
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Recovery service.
// Method IDs: 750-752.
@@ -608,7 +608,7 @@ iroh P2P node address exchange and server health probe.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// P2P endpoint publish/resolve + health (3 methods).
// Method IDs: 800-802.
@@ -649,7 +649,7 @@ Cross-server relay and proxy operations. All federation methods include a `Feder
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Federation relay + proxy (6 methods).
// Method IDs: 900-905.
@@ -725,7 +725,7 @@ Server-push event types sent on QUIC uni-streams using the push frame format.
```protobuf
syntax = "proto3";
package qpq.v1;
package qpc.v1;
// Server-push event types (sent on QUIC uni-streams).
// Event type IDs: 1000+.

12
docs/src/wire-format/overview.md
View File

@@ -1,6 +1,6 @@
# Wire Format Overview
This section documents the v2 serialisation pipeline that transforms application-level data structures into bytes on the wire. Every byte exchanged between quicproquo clients and the server passes through this pipeline, so understanding it is prerequisite to reading the protocol deep dives or the server and client source code.
This section documents the v2 serialisation pipeline that transforms application-level data structures into bytes on the wire. Every byte exchanged between quicprochat clients and the server passes through this pipeline, so understanding it is prerequisite to reading the protocol deep dives or the server and client source code.
---
@@ -27,7 +27,7 @@ Data flows through three stages on the send path. The receive path reverses the
### Stage 1: Application creates a message or RPC call
At the application layer, the client or server constructs a typed Protobuf message defined in `proto/qpq/v1/*.proto`. Each RPC method has a corresponding request and response message type.
At the application layer, the client or server constructs a typed Protobuf message defined in `proto/qpc/v1/*.proto`. Each RPC method has a corresponding request and response message type.
- **Auth methods** (IDs 100-103): see [Auth Schema](auth-schema.md)
- **Delivery methods** (IDs 200-205): see [Delivery Schema](delivery-schema.md)
@@ -104,7 +104,7 @@ Header size: **6 bytes**.
| Maximum payload size | 4 MiB (4,194,304 bytes) |
| Payloads exceeding this limit | rejected with `PayloadTooLarge` error |
Source: `crates/quicproquo-rpc/src/framing.rs`.
Source: `crates/quicprochat-rpc/src/framing.rs`.
### Stage 3: Transport encryption
@@ -138,7 +138,7 @@ This design allows unlimited concurrent RPCs with no head-of-line blocking.
| Parameter | Value |
|-----------|-------|
| Protocol | QUIC (RFC 9000) |
| ALPN | `"qpq"` |
| ALPN | `"qpc"` |
| Default port | 5001 |
| TLS version | 1.3 only |
| Certificate | Server presents a TLS certificate; clients verify against a CA cert |
@@ -147,7 +147,7 @@ This design allows unlimited concurrent RPCs with no head-of-line blocking.
## Schema index
Protobuf schemas are defined in `proto/qpq/v1/` and documented on dedicated pages:
Protobuf schemas are defined in `proto/qpc/v1/` and documented on dedicated pages:
| Proto File | Documentation | Purpose |
|------------|---------------|---------|
@@ -166,7 +166,7 @@ Protobuf schemas are defined in `proto/qpq/v1/` and documented on dedicated page
| `push.proto` | [RPC Reference](node-service-schema.md) | Push event types (IDs 1000+) |
| `common.proto` | [RPC Reference](node-service-schema.md) | Auth context, account deletion (ID 950) |
Method ID assignment: `crates/quicproquo-proto/src/lib.rs` (`method_ids` module).
Method ID assignment: `crates/quicprochat-proto/src/lib.rs` (`method_ids` module).
---