From 5a6d9ae7f4baa052f1ab829ea374dc55f93c78c7 Mon Sep 17 00:00:00 2001 From: Christian Nennemann Date: Wed, 4 Mar 2026 02:02:01 +0100 Subject: [PATCH] =?UTF-8?q?docs:=20next=20sprint=20planning=20=E2=80=94=20?= =?UTF-8?q?12=20feature=20candidates=20for=20selection?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sprint plan for cycles 12-19. Pick 8 of 12 features: A) Federation wiring, B) Contacts/blocking, C) Voice/video signaling, D) Encrypted backup, E) Group roles, F) KT audit client, G) Message search, H) Server clustering, I) Protocol compliance, J) User profiles, K) Notification framework, L) Mobile app shell. --- docs/SPRINT-PLAN-NEXT.md | 107 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 docs/SPRINT-PLAN-NEXT.md diff --git a/docs/SPRINT-PLAN-NEXT.md b/docs/SPRINT-PLAN-NEXT.md new file mode 100644 index 0000000..96783c3 --- /dev/null +++ b/docs/SPRINT-PLAN-NEXT.md @@ -0,0 +1,107 @@ +# Next Sprint Planning — quicproquo + +> Pick 8 of the 12 features below for the next sprint cycle. +> Created: 2026-03-04 | Status: PENDING SELECTION + +## Completed Sprints (this cycle) + +| # | Sprint | Commit | Summary | +|---|--------|--------|---------| +| 4 | Rich Messaging | `81d5e2e` | Read receipts, typing, reactions, edit/delete | +| 5 | File Transfer | `3350d76` | Chunked blob upload/download, /send-file | +| 6 | Disappearing + Groups | `fd21ea6` | TTL messages, /group-info, deleteAccount | +| 7 | Go SDK | `65ff262` | QUIC + Cap'n Proto, 24 RPC methods, 14 API functions | +| 8 | TypeScript SDK | `28ceaaf` | 175KB WASM crypto, WebSocket transport, browser demo | +| 9 | Mesh Networking | `1b61b7e` | MeshIdentity, store-and-forward, broadcast channels | +| 10 | Privacy Hardening | `9244e80` | --redact-logs, traffic padding, /privacy suite, /verify-fs | +| 11 | Multi-Device | `9244e80` | Device registry (3 RPCs), /devices, max 5 per identity | + +## Current Codebase Stats + +- **27 Cap'n Proto RPCs** (@0–@26) on NodeService +- **10 AppMessage types** (0x01–0x09 + file ref) +- **~40 REPL commands** +- **Tests**: 72 core + 35 server + 28 P2P + 14 E2E = 149 +- **SDKs**: Rust (native), Go, TypeScript/WASM, C FFI, Python ctypes +- **Crates**: core, proto, server, client, p2p, bot, gen, kt, plugin-api, gui, mobile, ffi + +--- + +## Feature Candidates (pick 8) + +### A. Federation Wiring +**Effort**: Medium | **Area**: Server +Wire the existing outbound federation relay into the actual delivery flow. When a message targets `user@remote.domain`, the server routes via `FederationClient::relay_enqueue()` instead of local store. Add `/federate ` admin command to configure peers. Test with two server instances. Currently all federation code exists but is marked `#[allow(dead_code)]`. + +### B. Contact Management & Blocking +**Effort**: Medium | **Area**: Client + Server +Contact list with add/remove/block/unblock. Server-side: `addContact @27`, `removeContact @28`, `blockUser @29`, `listContacts @30` RPCs + contacts table. Client: `/contacts`, `/block `, `/unblock `. Blocked users can't enqueue messages to you (server enforces). Import/export contacts as JSON. + +### C. Voice/Video Call Signaling +**Effort**: High | **Area**: Core + Client +WebRTC signaling over MLS for E2E encrypted calls. Add `CallOffer`, `CallAnswer`, `CallIce`, `CallHangup` AppMessage types (0x0A–0x0D). Client REPL: `/call `, `/answer`, `/hangup`. The actual media (audio/video) uses WebRTC peer-to-peer; qpq only handles the encrypted signaling. Include SDP offer/answer exchange and ICE candidate relay. + +### D. Encrypted Backup & Restore +**Effort**: Medium | **Area**: Client + Core +Export all local state (message history, keys, group state) as an encrypted archive. Key derivation from user password via Argon2id. Format: encrypted SQLite dump + identity seed + MLS group states. `/backup ` and `/restore ` commands. Verify integrity on restore. Critical for device migration and disaster recovery. + +### E. Group Permissions & Roles +**Effort**: Medium | **Area**: Server + Client +Admin/moderator/member roles within MLS groups. Server-side role storage per channel. Admins can: remove members, rename group, set TTL policy. Moderators can: mute members. Members can: send messages. `/role admin|mod|member`, `/mute `. Enforced at both server (RPC level) and client (MLS proposal validation). + +### F. Key Transparency Audit Client +**Effort**: Medium | **Area**: Client + KT crate +Client-side verification of the KT Merkle log. The KT crate (`quicproquo-kt`) already has the Merkle tree and audit log. Add: `/kt audit ` to verify a user's key history is consistent, `/kt monitor` to continuously watch for key changes, `/kt proof ` to fetch and verify inclusion proofs. Alert on unexpected key changes (TOFU violation). + +### G. Message Search +**Effort**: Low-Medium | **Area**: Client +Full-text search over local encrypted message history. Add FTS5 virtual table to the conversation SQLite DB. `/search ` returns matching messages with context, timestamps, and conversation names. `/search in:` for scoped search. Highlight matching terms. Index on message insert. + +### H. Server Clustering & HA +**Effort**: High | **Area**: Server + Infra +Run multiple qpq-server instances behind a shared state layer. Options: shared PostgreSQL backend (replace SQLite for clustered mode), or Raft consensus for delivery queue. Add `--cluster-peers` flag, health-based leader election, delivery queue synchronization. Docker Compose with 3-node cluster. This is the path to production-scale deployment. + +### I. Protocol Compliance Testing +**Effort**: Medium | **Area**: Testing +Comprehensive MLS RFC 9420 compliance test suite. Verify: TreeKEM operations, epoch advancement, proposal/commit sequences, welcome message handling, group context extensions, PSK injection, external joins. Cross-test with other MLS implementations (OpenMLS test vectors). Add to CI. Target: 50+ protocol-level tests covering edge cases. + +### J. User Profiles & Status +**Effort**: Low | **Area**: Server + Client +Profile pictures (stored as blobs), display names, status messages ("Available", "Away", custom text), about/bio text. `updateProfile @27` and `fetchProfile @28` RPCs. Profile data is signed by the identity key for authenticity. `/profile set-name `, `/profile set-status `, `/profile set-avatar `, `/profile ` to view. Cache profiles locally. + +### K. Notification Framework +**Effort**: Medium | **Area**: Server + Client +Per-conversation notification settings: all, mentions-only, muted. Server-side WebPush integration for browser clients (using the TS SDK). Add `updateNotificationSettings @27` RPC. Client: `/mute `, `/unmute`, `/notify mentions-only`. Push notification payload: encrypted sender + conversation hint (no message content). APNs/FCM gateway as a separate microservice. + +### L. Mobile App Shell +**Effort**: High | **Area**: Mobile + FFI +React Native app using the C FFI bindings (quicproquo-ffi). Screens: login, conversation list, chat view, settings. Bridge FFI functions to React Native via NativeModules. Use the existing `qpq_connect`, `qpq_login`, `qpq_send`, `qpq_receive` C API. iOS + Android targets. Alternatively: Flutter with dart:ffi. Includes push notification registration. + +--- + +## Selection Guide + +**For a privacy-focused messenger**, prioritize: A (federation), B (contacts/blocking), D (backup), F (KT audit) + +**For production readiness**, prioritize: A (federation), H (clustering), I (compliance tests), K (notifications) + +**For user experience**, prioritize: B (contacts), C (calls), G (search), J (profiles) + +**For mobile launch**, prioritize: D (backup), J (profiles), K (notifications), L (mobile app) + +--- + +## Selected Features (fill in after choosing) + +> Replace this section with your 8 picks, then we'll plan sprint assignments. + +| Sprint | Feature | Notes | +|--------|---------|-------| +| 12 | | | +| 13 | | | +| 14 | | | +| 15 | | | +| 16 | | | +| 17 | | | +| 18 | | | +| 19 | | |