From 4454458e38c8a1657ebb557667c66d06d063fcd7 Mon Sep 17 00:00:00 2001 From: Christian Nennemann Date: Wed, 4 Mar 2026 02:07:28 +0100 Subject: [PATCH] docs: expand sprint candidates to 24 features (A-X) Added 12 more feature candidates: M) message threading, N) cross-signing, O) offline queue priorities, P) audit log/compliance, Q) bot framework, R) Tor/I2P transport, S) plugin marketplace, T) stress testing, U) view-once media, V) emoji presence, W) rich text, X) invite links. Updated selection guide with 6 priority tracks. --- docs/SPRINT-PLAN-NEXT.md | 68 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 5 deletions(-) diff --git a/docs/SPRINT-PLAN-NEXT.md b/docs/SPRINT-PLAN-NEXT.md index 96783c3..d0c389e 100644 --- a/docs/SPRINT-PLAN-NEXT.md +++ b/docs/SPRINT-PLAN-NEXT.md @@ -1,6 +1,6 @@ # Next Sprint Planning — quicproquo -> Pick 8 of the 12 features below for the next sprint cycle. +> Pick 8 of the 24 features below for the next sprint cycle. > Created: 2026-03-04 | Status: PENDING SELECTION ## Completed Sprints (this cycle) @@ -77,17 +77,75 @@ Per-conversation notification settings: all, mentions-only, muted. Server-side W **Effort**: High | **Area**: Mobile + FFI React Native app using the C FFI bindings (quicproquo-ffi). Screens: login, conversation list, chat view, settings. Bridge FFI functions to React Native via NativeModules. Use the existing `qpq_connect`, `qpq_login`, `qpq_send`, `qpq_receive` C API. iOS + Android targets. Alternatively: Flutter with dart:ffi. Includes push notification registration. +### M. Message Threading & Replies +**Effort**: Low-Medium | **Area**: Client + Core +Threaded conversations within channels. Add `thread_id` field to Chat AppMessage — replies to a message inherit its thread_id (or create one). `/thread ` enters a thread view showing only that thread's messages. `/threads` lists active threads with last activity. Thread-aware notification counts. Local storage: add `thread_id` column to messages table, filter queries by thread. + +### N. Cross-Signing & Identity Verification +**Effort**: Medium | **Area**: Core + Client +Out-of-band identity verification via QR codes and emoji comparison. Generate a short verification code from both parties' identity keys (similar to Signal's safety numbers but interactive). `/verify ` starts a verification session, displays emoji sequence or QR payload. `/verify confirm` marks the contact as verified. Verified contacts show a checkmark. Store verification state locally. Alert if a verified contact's key changes. + +### O. Offline Message Queue with Priorities +**Effort**: Low-Medium | **Area**: Client +Smart offline queue that prioritizes messages when reconnecting. Messages queued while offline get priority levels: critical (key rotation, group ops), normal (chat), low (typing, read receipts). On reconnect, send critical first, then normal, drop stale low-priority. `/outbox` shows pending messages. `/outbox flush` forces immediate send. `/outbox clear` discards unsent. Exponential backoff with jitter for reconnection. + +### P. Audit Log & Compliance Export +**Effort**: Medium | **Area**: Server +Persistent server-side audit log for compliance. Every RPC call logged to a dedicated `audit_events` table: timestamp, identity, operation, result, metadata. Configurable retention policy (30/60/90 days). `qpq-admin audit --from --to --user` CLI to query. Export to JSON/CSV. GDPR data export: `/export-my-data` RPC returns all data the server holds about a user. Separate from redact-logs (this is structured, queryable). + +### Q. Bot Framework Enhancements +**Effort**: Medium | **Area**: Bot SDK + Server +Enhance the existing `quicproquo-bot` crate into a full bot platform. Add: slash command registration (`/weather`, `/poll`, etc.), interactive message components (buttons/selects as structured AppMessage extensions), bot permissions (scoped access tokens), webhook delivery (HTTP POST on events). `BotBuilder` pattern: `Bot::new().command("ping", handle_ping).on_message(handle_msg).run()`. Example bots: echo, reminder, RSS feed. + +### R. Tor/I2P Transport +**Effort**: High | **Area**: Server + Client + P2P +Anonymous transport layer for privacy-critical deployments. Server: listen on Tor hidden service (.onion) via `arti` or `tor` crate, configurable via `--tor-hidden-service`. Client: connect through SOCKS5 proxy to .onion address, `--tor-proxy socks5://127.0.0.1:9050`. P2P mesh: route through Tor for metadata-resistant peer communication. Optional I2P support via SAM bridge. All existing QUIC+TLS works over the tunnel. + +### S. Plugin Marketplace & Hot-Reload +**Effort**: Medium | **Area**: Server + Plugin API +Extend the existing plugin system into a discoverable marketplace. Plugin manifest format (TOML) with name, version, permissions, hooks. `qpq-server --plugin-dir ./plugins/` auto-loads `.so`/`.dylib` files. Hot-reload: watch plugin directory, reload on change without server restart. Plugin isolation: each plugin runs in its own thread with limited Store access. Add `qpq-gen plugin ` scaffolding. Example: spam filter plugin, message archiver. + +### T. Stress Testing & Benchmarking Suite +**Effort**: Medium | **Area**: Testing + Infra +Production-grade load testing tool. Simulate N concurrent clients: register, login, create channels, send/receive at configurable rate. Measure: messages/sec throughput, p50/p95/p99 latency, memory usage, connection limits. `cargo bench` integration for micro-benchmarks (already have some). New `qpq-loadtest` binary: `qpq-loadtest --clients 100 --rate 50/s --duration 60s --server localhost:5001`. Generate HTML report with charts. Identify bottlenecks before production. + +### U. Disappearing Media & View-Once +**Effort**: Low | **Area**: Client + Core +View-once messages that auto-delete after first viewing. Add `ViewOnce` flag to FileRef AppMessage — recipient can view the file/image once, then it's deleted locally. Server-side: auto-delete blob after first download. `/send-once ` command. Display "[view-once media]" placeholder until opened. Prevent screenshots (best-effort: clear clipboard, disable screen recording notification). Extends existing file transfer infrastructure. + +### V. Emoji Status & Presence +**Effort**: Low | **Area**: Server + Client +Lightweight presence system. Users set an emoji + short text status ("🏖️ On vacation", "🔴 Do not disturb", "🟢 Available"). Ephemeral — not stored permanently, expires after configurable duration. `publishPresence` RPC (piggyback on existing `publishEndpoint`). Client poll or push-based presence updates. `/status 🎯 Focusing` to set, `/status` to view, `/who` shows online contacts with their status. No tracking — presence is opt-in and ephemeral. + +### W. Markdown & Rich Text Messages +**Effort**: Low | **Area**: Core + Client +Rich text formatting in messages. Support a subset of Markdown in chat: **bold**, *italic*, `code`, ```code blocks```, ~~strikethrough~~, > quotes, [links](url). Parse on display (client-side only — wire format stays plain text with Markdown syntax). TUI renderer: ANSI escape codes for bold/italic/color. Browser demo: render as HTML. Add `/format on|off` toggle. No changes to MLS or wire protocol — purely presentational. + +### X. Invitation Links & QR Codes +**Effort**: Low-Medium | **Area**: Server + Client +Shareable invitation links for joining the server or a group. `createInvite` RPC generates a time-limited, usage-limited token. Format: `qpq://server:port/invite/TOKEN` or QR code encoding. `/invite create [--expires 24h] [--uses 10]` generates link. `/invite list` shows active invites. `/invite revoke ` cancels. New users can register via invite: `qpq-client --invite qpq://...`. Group invites: generate a link that auto-adds the joiner to a specific group after registration. + --- ## Selection Guide -**For a privacy-focused messenger**, prioritize: A (federation), B (contacts/blocking), D (backup), F (KT audit) +**Privacy-first** (maximum anonymity & security): +A (federation), D (backup), F (KT audit), N (cross-signing), R (Tor), U (view-once) -**For production readiness**, prioritize: A (federation), H (clustering), I (compliance tests), K (notifications) +**Production-ready** (deploy to real users): +A (federation), B (contacts), H (clustering), I (compliance), K (notifications), T (stress test) -**For user experience**, prioritize: B (contacts), C (calls), G (search), J (profiles) +**User experience** (make it feel like a real messenger): +B (contacts), C (calls), G (search), J (profiles), V (presence), W (rich text), X (invites) -**For mobile launch**, prioritize: D (backup), J (profiles), K (notifications), L (mobile app) +**Mobile launch** (ship an app): +D (backup), J (profiles), K (notifications), L (mobile app), X (invites) + +**Developer ecosystem** (grow the community): +Q (bot framework), S (plugin marketplace), T (stress test), I (compliance) + +**Mesh/Freifunk** (offline-first, decentralized): +A (federation), N (cross-signing), O (offline queue), R (Tor) ---