c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DM channels (createChannel), channel authz, security/docs, future improvements

Browse Source 
- Add createChannel RPC (node.capnp @18): create 1:1 channel, returns 16-byte channelId
- Store: create_channel(member_a, member_b), get_channel_members(channel_id)
- FileBackedStore: channels.bin; SqlStore: migration 003_channels, schema v4
- channel_ops: handle_create_channel (auth + identity, peerKey 32 bytes)
- Delivery authz: when channel_id.len() == 16, require caller and recipient are channel members (E022/E023)
- Error codes E022 CHANNEL_ACCESS_DENIED, E023 CHANNEL_NOT_FOUND
- SUMMARY: link Certificate lifecycle; security audit, future improvements, multi-agent plan docs
- Certificate lifecycle doc, SECURITY-AUDIT, FUTURE-IMPROVEMENTS, MULTI-AGENT-WORK-PLAN
- Client/core/tls/auth/server main: assorted fixes and updates from review and audit

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Christian Nennemann
2026-02-23 22:54:28 +01:00
parent 6b8b61c6ae
commit 750b794342
40 changed files with 4715 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
schemas/node.capnp
View File

@@ -66,6 +66,23 @@ interface NodeService {
# Resolve a peer's iroh endpoint for direct P2P connection.
resolveEndpoint @13 (identityKey :Data, auth :Auth) -> (nodeAddr :Data);
# Peek at queued payloads without removing them (non-destructive read).
# Returns envelopes sorted by seq. Use `ack` to remove processed messages.
peek @14 (recipientKey :Data, channelId :Data, version :UInt16, auth :Auth, limit :UInt32) -> (payloads :List(Envelope));
# Acknowledge (remove) all messages up to and including the given sequence number.
ack @15 (recipientKey :Data, channelId :Data, version :UInt16, seqUpTo :UInt64, auth :Auth) -> ();
# Fetch multiple peers' hybrid public keys in a single round-trip.
fetchHybridKeys @16 (identityKeys :List(Data), auth :Auth) -> (keys :List(Data));
# Enqueue the same payload to multiple recipients in a single round-trip.
batchEnqueue @17 (recipientKeys :List(Data), payload :Data, channelId :Data, version :UInt16, auth :Auth) -> (seqs :List(UInt64));
# Create a 1:1 channel between the caller and the given peer. Returns a 16-byte channelId (UUID).
# Both members can enqueue/fetch for this channel; recipientKey must be the other member.
createChannel @18 (peerKey :Data, auth :Auth) -> (channelId :Data);
}
struct Auth {