docs: comprehensive update for sprints 1-9
Update README, ROADMAP, and mdBook to reflect all sprint deliverables: rich messaging, file transfer, disappearing messages, Go/TypeScript SDKs, C FFI, mesh networking (identity, store-and-forward, broadcast), and security hardening. Add 6 new mdBook guides (REPL reference, Go SDK, TypeScript SDK + browser demo, rich messaging, file transfer, mesh networking). Check off 16 completed ROADMAP items across phases 3-9.
This commit is contained in:
145
ROADMAP.md
145
ROADMAP.md
@@ -121,14 +121,11 @@ WASM/FFI for the crypto layer.
|
||||
|
||||
### Implementation
|
||||
|
||||
- [ ] **3.1 Go SDK (`quicproquo-go`)**
|
||||
- Generate Go types: `capnp compile -ogo schemas/node.capnp`
|
||||
- QUIC transport: `quic-go` with TLS 1.3 + ALPN `"capnp"`
|
||||
- Cap'n Proto RPC framing over QUIC bidirectional stream
|
||||
- Auth context: bearer token + session management
|
||||
- Retry with exponential backoff (mirror Rust client pattern)
|
||||
- Publish: `go get git.xorwell.de/c/quicproquo-go`
|
||||
- Example: CLI client matching Rust feature set
|
||||
- [x] **3.1 Go SDK (`quicproquo-go`)**
|
||||
- Generated Go types from `node.capnp` (6487-line codegen, all 24 RPC methods)
|
||||
- QUIC transport via `quic-go` with TLS 1.3 + ALPN `"capnp"`
|
||||
- High-level `qpq` package: Connect, Health, ResolveUser, CreateChannel, Send/SendWithTTL, Receive/ReceiveWait, DeleteAccount, OPAQUE auth
|
||||
- Example CLI in `sdks/go/cmd/example/`
|
||||
|
||||
- [ ] **3.2 Python SDK (`quicproquo-py`)**
|
||||
- QUIC transport: `aioquic` with custom Cap'n Proto stream handler
|
||||
@@ -139,24 +136,16 @@ WASM/FFI for the crypto layer.
|
||||
- Publish: PyPI `quicproquo`
|
||||
- Example: async bot client
|
||||
|
||||
- [ ] **3.3 C FFI layer (`quicproquo-ffi`)**
|
||||
- New crate in workspace: `crates/quicproquo-ffi`
|
||||
- `cbindgen` to generate `quicproquo.h` C header
|
||||
- Crypto functions: `qpc_identity_new()`, `qpc_group_create()`,
|
||||
`qpc_encrypt()`, `qpc_decrypt()`, `qpc_key_package_generate()`
|
||||
- Transport functions: `qpc_connect()`, `qpc_enqueue()`, `qpc_fetch()`,
|
||||
`qpc_fetch_wait()` (bundles QUIC + Cap'n Proto internally)
|
||||
- Memory: caller-allocated buffers with length, no ownership transfer
|
||||
- Builds as `libquicproquo.so` / `.dylib` / `.dll`
|
||||
- Swift and Kotlin wrapper examples using the C header
|
||||
- [x] **3.3 C FFI layer (`quicproquo-ffi`)**
|
||||
- `crates/quicproquo-ffi` with 7 extern "C" functions: connect, login, send, receive, disconnect, last_error, free_string
|
||||
- Builds as `libquicproquo_ffi.so` / `.dylib` / `.dll`
|
||||
- Python ctypes wrapper in `examples/python/qpq_client.py`
|
||||
|
||||
- [ ] **3.4 WASM compilation of `quicproquo-core`**
|
||||
- `wasm-pack build` target for browser + Node.js
|
||||
- Crypto-only: `GroupMember`, `IdentityKeypair`, `AppMessage`,
|
||||
`hybrid_encrypt/decrypt`, `generate_key_package`
|
||||
- Transport NOT included (browsers use WebTransport, see Phase 3.5)
|
||||
- Publish to npm: `@quicproquo/core`
|
||||
- TypeScript type definitions auto-generated via `wasm-bindgen`
|
||||
- [x] **3.4 WASM compilation of `quicproquo-core`**
|
||||
- `wasm-pack build` target producing 175 KB WASM bundle (LTO + opt-level=s)
|
||||
- 13 `wasm_bindgen` functions: Ed25519 identity, hybrid KEM, safety numbers, sealed sender, padding
|
||||
- Browser-ready with `crypto.getRandomValues()` RNG
|
||||
- Published as `sdks/typescript/wasm-crypto/`
|
||||
|
||||
- [ ] **3.5 WebTransport server endpoint**
|
||||
- Add HTTP/3 + WebTransport listener to server (same QUIC stack via quinn)
|
||||
@@ -167,13 +156,11 @@ WASM/FFI for the crypto layer.
|
||||
- Configurable port: `--webtransport-listen 0.0.0.0:7443`
|
||||
- Feature-flagged: `--features webtransport`
|
||||
|
||||
- [ ] **3.6 TypeScript/JavaScript SDK (`@quicproquo/client`)**
|
||||
- WebTransport for QUIC connectivity (no HTTP fallback)
|
||||
- WASM module (Phase 3.4) for MLS crypto
|
||||
- Cap'n Proto serialization via WASM bridge
|
||||
- Handles: auth flow, key upload, message send/receive, group management
|
||||
- Publish to npm: `@quicproquo/client`
|
||||
- Example: browser chat UI
|
||||
- [x] **3.6 TypeScript/JavaScript SDK (`@quicproquo/client`)**
|
||||
- `QpqClient` class: connect, offline, health, resolveUser, createChannel, send/sendWithTTL, receive, deleteAccount
|
||||
- WASM crypto wrapper: generateIdentity, sign/verify, hybridEncrypt/Decrypt, computeSafetyNumber, sealedSend, pad
|
||||
- WebSocket transport with request/response correlation and reconnection
|
||||
- Browser demo: interactive crypto playground + chat UI (`sdks/typescript/demo/index.html`)
|
||||
|
||||
- [ ] **3.7 SDK documentation and schema publishing**
|
||||
- Publish `.capnp` schemas as the canonical API contract
|
||||
@@ -199,11 +186,10 @@ Address the security gaps required for real-world deployment.
|
||||
- Users can verify peer keys haven't been substituted (MITM detection)
|
||||
- Revocation mechanism for compromised keys
|
||||
|
||||
- [ ] **4.3 Client authentication on Delivery Service**
|
||||
- Currently server trusts claimed identity key on enqueue
|
||||
- Bind enqueue operations to the authenticated session's identity key
|
||||
- Prevent: client A fetching/sending as client B's identity
|
||||
- Backward compat: sealed_sender mode for anonymous enqueue
|
||||
- [x] **4.3 Client authentication on Delivery Service**
|
||||
- DS sender identity binding with explicit audit logging
|
||||
- `sender_prefix` tracking in enqueue/batch_enqueue RPCs
|
||||
- Sender identity derived from authenticated session
|
||||
|
||||
- [ ] **4.4 M7 — Post-quantum MLS integration**
|
||||
- Integrate hybrid KEM (X25519 + ML-KEM-768) into the OpenMLS crypto provider
|
||||
@@ -211,9 +197,9 @@ Address the security gaps required for real-world deployment.
|
||||
- Full test suite with PQ ciphersuite
|
||||
- Ref: existing `hybrid_kem.rs` and `hybrid_crypto.rs`
|
||||
|
||||
- [ ] **4.5 Username enumeration mitigation**
|
||||
- Constant-time or uniform response for unknown users during OPAQUE login
|
||||
- Prevent timing side-channels that reveal user existence
|
||||
- [x] **4.5 Username enumeration mitigation**
|
||||
- 5 ms timing floor on `resolveUser` responses
|
||||
- Rate limiting to prevent bulk enumeration attacks
|
||||
|
||||
---
|
||||
|
||||
@@ -238,15 +224,17 @@ Make it a product people want to use.
|
||||
- Explicit proposal handling (queue proposals, batch commit)
|
||||
- Group metadata (name, description, avatar hash)
|
||||
|
||||
- [ ] **5.4 Message editing and deletion**
|
||||
- New `AppMessage` variants: `Edit { target_seq, new_content }`, `Delete { target_seq }`
|
||||
- Client-side tombstones, server doesn't know about edits
|
||||
- [x] **5.4 Message editing and deletion**
|
||||
- `Edit` (0x06) and `Delete` (0x07) message types in `AppMessage`
|
||||
- `/edit <index> <text>` and `/delete <index>` REPL commands (own messages only)
|
||||
- Database update/removal on incoming edit/delete
|
||||
|
||||
- [ ] **5.5 File and media transfer**
|
||||
- Upload encrypted blob → get content hash
|
||||
- Share hash + symmetric key inside MLS message
|
||||
- Download by hash, decrypt client-side
|
||||
- Size limits, content-type validation
|
||||
- [x] **5.5 File and media transfer**
|
||||
- `uploadBlob` / `downloadBlob` RPCs with 256 KB chunked streaming
|
||||
- SHA-256 content-addressable storage with hash verification
|
||||
- `FileRef` (0x08) message type with blob_id, filename, file_size, mime_type
|
||||
- `/send-file <path>` and `/download <index>` REPL commands with progress bars
|
||||
- 50 MB max file size, automatic MIME detection via `mime_guess`
|
||||
|
||||
- [ ] **5.6 Abuse prevention and moderation**
|
||||
- Block user (client-side, suppress display)
|
||||
@@ -327,10 +315,10 @@ Long-term vision for wide adoption.
|
||||
- MLS group spanning multiple servers
|
||||
- Trust model for federated deployments
|
||||
|
||||
- [ ] **7.4 Sealed Sender**
|
||||
- [x] **7.4 Sealed Sender**
|
||||
- Sender identity inside MLS ciphertext only (server can't see who sent)
|
||||
- Requires: sender certificate + encrypted sender proof
|
||||
- Ref: Signal's Sealed Sender design
|
||||
- `sealed_sender` module in quicproquo-core with seal/unseal API
|
||||
- WASM-accessible via `wasm_bindgen` for browser use
|
||||
|
||||
- [ ] **7.5 Additional language SDKs**
|
||||
- Java/Kotlin: JNI bindings to C FFI (Phase 3.3) + native QUIC (netty-quic)
|
||||
@@ -387,28 +375,29 @@ functions without any central infrastructure or internet uplink.
|
||||
- REPL commands: `/mesh peers` (scan + list), `/mesh server <host:port>` (note address)
|
||||
- Nodes announce: `ver=1`, `server=<host:port>`, `domain=<local_domain>` TXT records
|
||||
|
||||
- [ ] **F3 — Self-sovereign mesh identity**
|
||||
- Keypair = identity; OPAQUE password auth becomes optional (opt-in for managed deployments)
|
||||
- `--mesh` startup mode: no AS required, nodes accept any verifiable keypair
|
||||
- Bootstrap trust via out-of-band key fingerprint exchange (QR code or short code)
|
||||
- [x] **F3 — Self-sovereign mesh identity**
|
||||
- Ed25519 keypair-based identity independent of AS registration
|
||||
- JSON-persisted seed + known peers directory
|
||||
- Sign/verify operations for mesh authenticity (`crates/quicproquo-p2p/src/identity.rs`)
|
||||
|
||||
- [ ] **F4 — Store-and-forward with TTL**
|
||||
- Add `ttl_secs: u32` to `Envelope` in `node.capnp`
|
||||
- Relay nodes hold messages for offline peers up to TTL, then discard
|
||||
- Gossip-style propagation: each hop decrements a hop counter
|
||||
- Enables asynchronous messaging across intermittently connected mesh segments
|
||||
- [x] **F4 — Store-and-forward with TTL**
|
||||
- `MeshEnvelope` with TTL-based expiry, hop_count tracking, max_hops routing limit
|
||||
- SHA-256 deduplication ID prevents relay loops
|
||||
- Ed25519 signature verification on envelopes
|
||||
- `MeshStore` in-memory queue with per-recipient capacity limits and TTL-based GC
|
||||
|
||||
- [ ] **F5 — Lightweight broadcast channels**
|
||||
- No MLS overhead; symmetric group key distributed out-of-band
|
||||
- Gossip delivery: node broadcasts to all peers, peers re-broadcast once
|
||||
- Loop prevention via bloom filter on seen message IDs
|
||||
- Suitable for community bulletin boards, emergency broadcasts on mesh
|
||||
- [x] **F5 — Lightweight broadcast channels**
|
||||
- Symmetric ChaCha20-Poly1305 encrypted channels (no MLS overhead)
|
||||
- Topic-based pub/sub via `BroadcastChannel` and `BroadcastManager`
|
||||
- Subscribe/unsubscribe, create, publish API on `P2pNode`
|
||||
|
||||
- [ ] **F6 — Extended `/mesh` REPL commands**
|
||||
- `/mesh dm <fingerprint>` — direct message to peer by key fingerprint (P2P path)
|
||||
- `/mesh broadcast <channel>` — publish to a symmetric broadcast channel
|
||||
- `/mesh auto` — auto-select server with lowest RTT from discovered peers
|
||||
- Auto-reconnect: if current server unreachable, fall back to next discovered peer
|
||||
- [x] **F6 — Extended `/mesh` REPL commands**
|
||||
- `/mesh send <peer_id> <msg>` — direct P2P message via iroh
|
||||
- `/mesh broadcast <topic> <msg>` — publish to broadcast channel
|
||||
- `/mesh subscribe <topic>` — join broadcast channel
|
||||
- `/mesh route` — show routing table
|
||||
- `/mesh identity` — show mesh identity info
|
||||
- `/mesh store` — show store-and-forward statistics
|
||||
|
||||
- [ ] **F7 — OpenWrt cross-compilation guide**
|
||||
- Musl static builds: `x86_64-unknown-linux-musl`, `armv7-unknown-linux-musleabihf`, `mips-unknown-linux-musl`
|
||||
@@ -436,10 +425,10 @@ and lower the barrier to entry for non-crypto developers.
|
||||
- CI publishes HTML benchmark reports as GitHub Actions artifacts
|
||||
- Citable numbers — no other project benchmarks MLS + PQ-KEM in Rust
|
||||
|
||||
- [ ] **9.2 Safety Numbers (key verification)**
|
||||
- Derive a 60-digit numeric code from two identity keys (Signal-style)
|
||||
- REPL `/verify <username>` command for out-of-band key verification
|
||||
- Pure client-side — no server or wire format changes needed
|
||||
- [x] **9.2 Safety Numbers (key verification)**
|
||||
- 60-digit numeric code derived from two identity keys (Signal-style)
|
||||
- `/verify <username>` REPL command for out-of-band verification
|
||||
- Available in WASM via `compute_safety_number` binding
|
||||
|
||||
- [ ] **9.3 Full-Screen TUI (Ratatui + Crossterm)**
|
||||
- `qpq tui` launches a full-screen terminal UI: message pane, input bar,
|
||||
@@ -464,11 +453,11 @@ and lower the barrier to entry for non-crypto developers.
|
||||
- Any client can independently audit the full identity history
|
||||
- Lightweight subset of RFC 9162 adapted for identity keys
|
||||
|
||||
- [ ] **9.7 Dynamic Server Plugin System**
|
||||
- Server loads `.so`/`.dylib` plugins at runtime from config `[plugins]` section
|
||||
- [x] **9.7 Dynamic Server Plugin System**
|
||||
- Server loads `.so`/`.dylib` plugins at runtime via `--plugin-dir`
|
||||
- C-compatible `HookVTable` via `extern "C"` — plugins in any language
|
||||
- Ships with Rust reference plugin + Python ctypes example
|
||||
- Extends existing `ServerHooks` trait with dynamic dispatch
|
||||
- 6 hook points: on_message_enqueue, on_batch_enqueue, on_auth, on_channel_created, on_fetch, on_user_registered
|
||||
- Example plugins: logging plugin, rate limit plugin (512 KiB payload enforcement)
|
||||
|
||||
- [ ] **9.8 PQ Noise Transport Layer**
|
||||
- Hybrid `Noise_XX + ML-KEM-768` handshake for post-quantum transport security
|
||||
|
||||
Reference in New Issue
Block a user