diff --git a/docs/SPRINT-PLAN-NEXT.md b/docs/SPRINT-PLAN-NEXT.md new file mode 100644 index 0000000..96783c3 --- /dev/null +++ b/docs/SPRINT-PLAN-NEXT.md @@ -0,0 +1,107 @@ +# Next Sprint Planning — quicproquo + +> Pick 8 of the 12 features below for the next sprint cycle. +> Created: 2026-03-04 | Status: PENDING SELECTION + +## Completed Sprints (this cycle) + +| # | Sprint | Commit | Summary | +|---|--------|--------|---------| +| 4 | Rich Messaging | `81d5e2e` | Read receipts, typing, reactions, edit/delete | +| 5 | File Transfer | `3350d76` | Chunked blob upload/download, /send-file | +| 6 | Disappearing + Groups | `fd21ea6` | TTL messages, /group-info, deleteAccount | +| 7 | Go SDK | `65ff262` | QUIC + Cap'n Proto, 24 RPC methods, 14 API functions | +| 8 | TypeScript SDK | `28ceaaf` | 175KB WASM crypto, WebSocket transport, browser demo | +| 9 | Mesh Networking | `1b61b7e` | MeshIdentity, store-and-forward, broadcast channels | +| 10 | Privacy Hardening | `9244e80` | --redact-logs, traffic padding, /privacy suite, /verify-fs | +| 11 | Multi-Device | `9244e80` | Device registry (3 RPCs), /devices, max 5 per identity | + +## Current Codebase Stats + +- **27 Cap'n Proto RPCs** (@0–@26) on NodeService +- **10 AppMessage types** (0x01–0x09 + file ref) +- **~40 REPL commands** +- **Tests**: 72 core + 35 server + 28 P2P + 14 E2E = 149 +- **SDKs**: Rust (native), Go, TypeScript/WASM, C FFI, Python ctypes +- **Crates**: core, proto, server, client, p2p, bot, gen, kt, plugin-api, gui, mobile, ffi + +--- + +## Feature Candidates (pick 8) + +### A. Federation Wiring +**Effort**: Medium | **Area**: Server +Wire the existing outbound federation relay into the actual delivery flow. When a message targets `user@remote.domain`, the server routes via `FederationClient::relay_enqueue()` instead of local store. Add `/federate ` admin command to configure peers. Test with two server instances. Currently all federation code exists but is marked `#[allow(dead_code)]`. + +### B. Contact Management & Blocking +**Effort**: Medium | **Area**: Client + Server +Contact list with add/remove/block/unblock. Server-side: `addContact @27`, `removeContact @28`, `blockUser @29`, `listContacts @30` RPCs + contacts table. Client: `/contacts`, `/block `, `/unblock `. Blocked users can't enqueue messages to you (server enforces). Import/export contacts as JSON. + +### C. Voice/Video Call Signaling +**Effort**: High | **Area**: Core + Client +WebRTC signaling over MLS for E2E encrypted calls. Add `CallOffer`, `CallAnswer`, `CallIce`, `CallHangup` AppMessage types (0x0A–0x0D). Client REPL: `/call `, `/answer`, `/hangup`. The actual media (audio/video) uses WebRTC peer-to-peer; qpq only handles the encrypted signaling. Include SDP offer/answer exchange and ICE candidate relay. + +### D. Encrypted Backup & Restore +**Effort**: Medium | **Area**: Client + Core +Export all local state (message history, keys, group state) as an encrypted archive. Key derivation from user password via Argon2id. Format: encrypted SQLite dump + identity seed + MLS group states. `/backup ` and `/restore ` commands. Verify integrity on restore. Critical for device migration and disaster recovery. + +### E. Group Permissions & Roles +**Effort**: Medium | **Area**: Server + Client +Admin/moderator/member roles within MLS groups. Server-side role storage per channel. Admins can: remove members, rename group, set TTL policy. Moderators can: mute members. Members can: send messages. `/role admin|mod|member`, `/mute `. Enforced at both server (RPC level) and client (MLS proposal validation). + +### F. Key Transparency Audit Client +**Effort**: Medium | **Area**: Client + KT crate +Client-side verification of the KT Merkle log. The KT crate (`quicproquo-kt`) already has the Merkle tree and audit log. Add: `/kt audit ` to verify a user's key history is consistent, `/kt monitor` to continuously watch for key changes, `/kt proof ` to fetch and verify inclusion proofs. Alert on unexpected key changes (TOFU violation). + +### G. Message Search +**Effort**: Low-Medium | **Area**: Client +Full-text search over local encrypted message history. Add FTS5 virtual table to the conversation SQLite DB. `/search ` returns matching messages with context, timestamps, and conversation names. `/search in:` for scoped search. Highlight matching terms. Index on message insert. + +### H. Server Clustering & HA +**Effort**: High | **Area**: Server + Infra +Run multiple qpq-server instances behind a shared state layer. Options: shared PostgreSQL backend (replace SQLite for clustered mode), or Raft consensus for delivery queue. Add `--cluster-peers` flag, health-based leader election, delivery queue synchronization. Docker Compose with 3-node cluster. This is the path to production-scale deployment. + +### I. Protocol Compliance Testing +**Effort**: Medium | **Area**: Testing +Comprehensive MLS RFC 9420 compliance test suite. Verify: TreeKEM operations, epoch advancement, proposal/commit sequences, welcome message handling, group context extensions, PSK injection, external joins. Cross-test with other MLS implementations (OpenMLS test vectors). Add to CI. Target: 50+ protocol-level tests covering edge cases. + +### J. User Profiles & Status +**Effort**: Low | **Area**: Server + Client +Profile pictures (stored as blobs), display names, status messages ("Available", "Away", custom text), about/bio text. `updateProfile @27` and `fetchProfile @28` RPCs. Profile data is signed by the identity key for authenticity. `/profile set-name `, `/profile set-status `, `/profile set-avatar `, `/profile ` to view. Cache profiles locally. + +### K. Notification Framework +**Effort**: Medium | **Area**: Server + Client +Per-conversation notification settings: all, mentions-only, muted. Server-side WebPush integration for browser clients (using the TS SDK). Add `updateNotificationSettings @27` RPC. Client: `/mute `, `/unmute`, `/notify mentions-only`. Push notification payload: encrypted sender + conversation hint (no message content). APNs/FCM gateway as a separate microservice. + +### L. Mobile App Shell +**Effort**: High | **Area**: Mobile + FFI +React Native app using the C FFI bindings (quicproquo-ffi). Screens: login, conversation list, chat view, settings. Bridge FFI functions to React Native via NativeModules. Use the existing `qpq_connect`, `qpq_login`, `qpq_send`, `qpq_receive` C API. iOS + Android targets. Alternatively: Flutter with dart:ffi. Includes push notification registration. + +--- + +## Selection Guide + +**For a privacy-focused messenger**, prioritize: A (federation), B (contacts/blocking), D (backup), F (KT audit) + +**For production readiness**, prioritize: A (federation), H (clustering), I (compliance tests), K (notifications) + +**For user experience**, prioritize: B (contacts), C (calls), G (search), J (profiles) + +**For mobile launch**, prioritize: D (backup), J (profiles), K (notifications), L (mobile app) + +--- + +## Selected Features (fill in after choosing) + +> Replace this section with your 8 picks, then we'll plan sprint assignments. + +| Sprint | Feature | Notes | +|--------|---------|-------| +| 12 | | | +| 13 | | | +| 14 | | | +| 15 | | | +| 16 | | | +| 17 | | | +| 18 | | | +| 19 | | |