docs: comprehensive update for sprints 1-9
Update README, ROADMAP, and mdBook to reflect all sprint deliverables: rich messaging, file transfer, disappearing messages, Go/TypeScript SDKs, C FFI, mesh networking (identity, store-and-forward, broadcast), and security hardening. Add 6 new mdBook guides (REPL reference, Go SDK, TypeScript SDK + browser demo, rich messaging, file transfer, mesh networking). Check off 16 completed ROADMAP items across phases 3-9.
This commit is contained in:
@@ -34,7 +34,11 @@ Each layer addresses a distinct concern:
|
||||
| Transport authentication | TLS 1.3 server certificate (self-signed, SANs: `localhost`, `127.0.0.1`, `::1`) |
|
||||
| Group key agreement | `MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519` |
|
||||
| Post-compromise security (PCS) | MLS epoch ratchet -- each Commit advances the key schedule |
|
||||
| Post-quantum readiness | X25519 + ML-KEM-768 hybrid KEM envelope |
|
||||
| Identity | Ed25519 (`ed25519-dalek`); public key used as MLS `BasicCredential` |
|
||||
| Password auth | OPAQUE (password never sent to server) |
|
||||
| Metadata protection | Sealed sender + message padding |
|
||||
| Local storage | SQLCipher + Argon2id + ChaCha20-Poly1305 |
|
||||
| Framing | Cap'n Proto (unpacked wire format, schema-versioned) |
|
||||
|
||||
For a deeper discussion of the cryptographic guarantees, threat model, and known gaps, see:
|
||||
@@ -47,15 +51,22 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
|
||||
|
||||
## Who is this for?
|
||||
|
||||
**Security researchers** studying how MLS composes with QUIC transport and Cap'n Proto framing. The codebase is intentionally small (four crates, ~2 500 lines of non-generated Rust) so that every cryptographic boundary is auditable.
|
||||
**Security researchers** studying how MLS composes with QUIC transport and Cap'n Proto framing. The codebase spans 12 crates with clear cryptographic boundaries for auditability.
|
||||
|
||||
**Protocol designers** evaluating MLS deployment patterns. quicproquo implements a concrete Authentication Service (AS) and Delivery Service (DS) pair, demonstrating single-use KeyPackage lifecycle, Welcome routing, and epoch advancement in a live system.
|
||||
|
||||
**Application developers** building on the platform via SDKs:
|
||||
|
||||
- **Go SDK** — native QUIC + Cap'n Proto client with full API
|
||||
- **TypeScript SDK** — WASM crypto + WebSocket transport for browsers
|
||||
- **C FFI** — cross-language integration (Python, Swift, Kotlin)
|
||||
|
||||
**Rust developers** looking for a working example of:
|
||||
|
||||
- `quinn` + `rustls` server/client setup with self-signed certificates
|
||||
- `capnp-rpc` over QUIC bidirectional streams (including the `!Send` / `LocalSet` constraint)
|
||||
- `openmls` group creation, member addition, and application message encryption
|
||||
- `wasm-bindgen` for compiling Rust crypto to WebAssembly
|
||||
- `zeroize`-on-drop key material handling
|
||||
|
||||
---
|
||||
@@ -69,7 +80,12 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
|
||||
| [Building from Source](getting-started/building.md) | `cargo build`, Cap'n Proto codegen, troubleshooting |
|
||||
| [Running the Server](getting-started/running-the-server.md) | Server startup, configuration, TLS cert generation |
|
||||
| [Running the Client](getting-started/running-the-client.md) | All CLI subcommands with examples |
|
||||
| [Docker Deployment](getting-started/docker.md) | `docker compose up`, multi-stage build |
|
||||
| [REPL Command Reference](getting-started/repl-reference.md) | Complete list of 40+ slash commands |
|
||||
| [Rich Messaging](getting-started/rich-messaging.md) | Reactions, typing, read receipts, edit/delete |
|
||||
| [File Transfer](getting-started/file-transfer.md) | Chunked upload/download with SHA-256 verification |
|
||||
| [Go SDK](getting-started/go-sdk.md) | Native QUIC + Cap'n Proto Go client |
|
||||
| [TypeScript SDK & Browser Demo](getting-started/typescript-sdk.md) | WASM crypto + WebSocket transport |
|
||||
| [Mesh Networking](getting-started/mesh-networking.md) | P2P, broadcast channels, store-and-forward, federation |
|
||||
| [Demo Walkthrough](getting-started/demo-walkthrough.md) | Step-by-step Alice-and-Bob narrative with sequence diagram |
|
||||
| [Architecture Overview](architecture/overview.md) | Crate boundaries, service architecture, data flow |
|
||||
| [Protocol Layers](protocol-layers/overview.md) | Deep dives into QUIC/TLS, Cap'n Proto, MLS, Hybrid KEM |
|
||||
@@ -82,16 +98,27 @@ For a deeper discussion of the cryptographic guarantees, threat model, and known
|
||||
|
||||
## Current status
|
||||
|
||||
quicproquo is a **proof of concept**. It has not been audited by a third party.
|
||||
quicproquo is a **research project** with production-grade features. It has
|
||||
not been audited by a third party. The test suite covers 130+ tests across
|
||||
core, server, client, E2E, and P2P modules.
|
||||
|
||||
Known limitations:
|
||||
**What works today:**
|
||||
|
||||
- Full-featured REPL with 40+ commands: DMs, groups, reactions, typing,
|
||||
edit/delete, file transfer, disappearing messages, safety numbers, MLS key
|
||||
rotation, account deletion
|
||||
- Go SDK, TypeScript SDK (WASM crypto + browser demo), C FFI + Python bindings
|
||||
- Mesh networking: P2P via iroh, mDNS discovery, federation, store-and-forward,
|
||||
broadcast channels
|
||||
- Dynamic plugin system with 6 C-compatible hook points
|
||||
- 24 Cap'n Proto RPC methods on the server
|
||||
|
||||
**Known limitations:**
|
||||
|
||||
- The server uses a **self-signed TLS certificate** by default. No certificate pinning or CA-based server identity is enforced.
|
||||
- MLS credentials use `CredentialType::Basic` (raw public key). A production system would bind credentials to a certificate authority or use X.509 certificates.
|
||||
- The Delivery Service performs **no authentication** of the `recipientKey` field -- anyone who knows a recipient's public key can enqueue messages for them. Access control is a future milestone.
|
||||
- The HPKE init private key generated during `register-state` is held in-process memory (or on-disk via the key store). If the process exits before the corresponding Welcome is consumed, `join` will fail because the private key is lost.
|
||||
|
||||
Multi-party groups (N > 2) are supported (milestone M5): Commit fan-out, `send --all`, and epoch sync work for all members.
|
||||
- The hybrid KEM envelope is implemented and tested, but not yet integrated into the OpenMLS CryptoProvider for full post-quantum MLS (milestone M7).
|
||||
- Browser connectivity requires a WebSocket-to-Cap'n-Proto bridge proxy (not yet included).
|
||||
- The GUI crate (`quicproquo-gui`) requires GTK system libraries and is not feature-complete.
|
||||
|
||||
For the full milestone tracker, see [Milestones](roadmap/milestones.md).
|
||||
|
||||
|
||||
Reference in New Issue
Block a user