feat: Sprint 10+11 — privacy hardening and multi-device support

Privacy Hardening (Sprint 10): - Server --redact-logs flag: SHA-256 hashed identity prefixes in audit logs, payload_len omitted when enabled - Client /privacy command suite: redact-keys on|off, auto-clear with duration parsing, padding on|off for traffic analysis resistance - Forward secrecy: /verify-fs checks MLS epoch advancement, /rotate-all-keys rotates MLS leaf + hybrid KEM keypair - Dummy message type (0x09): constant-rate traffic padding every 30s, silently discarded by recipients, serialize_dummy() + parse support - delete_messages_before() for auto-clear in ConversationStore Multi-Device Support (Sprint 11): - Device registry: registerDevice @24, listDevices @25, revokeDevice @26 RPCs with Device struct (deviceId, deviceName, registeredAt) - Server storage: devices table (migration 008), max 5 per identity, E029_DEVICE_LIMIT and E030_DEVICE_NOT_FOUND error codes - Device cleanup integrated into deleteAccount transaction - Client REPL: /devices, /register-device <name>, /revoke-device <id> 72 core + 35 server tests pass.
2026-03-04 01:55:23 +01:00
parent 1b61b7ee8f
commit 9244e80ec7
16 changed files with 958 additions and 45 deletions
--- a/crates/quicproquo-server/src/config.rs
+++ b/crates/quicproquo-server/src/config.rs
@@ -33,6 +33,9 @@ pub struct FileConfig {
    pub federation: Option<FederationFileConfig>,
    /// Directory containing plugin `.so` / `.dylib` files to load at startup.
    pub plugin_dir: Option<PathBuf>,
+    /// When true, audit logs hash identity key prefixes and omit payload sizes.
+    #[serde(default)]
+    pub redact_logs: Option<bool>,
 }

 #[derive(Debug)]
@@ -55,6 +58,8 @@ pub struct EffectiveConfig {
    pub federation: Option<EffectiveFederationConfig>,
    /// Directory to scan for plugin `.so` / `.dylib` files at startup. None = no plugins.
    pub plugin_dir: Option<PathBuf>,
+    /// When true, audit logs hash identity key prefixes and omit payload sizes.
+    pub redact_logs: bool,
 }

 #[derive(Debug, Default, Deserialize)]
@@ -219,6 +224,7 @@ pub fn merge_config(args: &crate::Args, file: &FileConfig) -> EffectiveConfig {
    };

    let plugin_dir = args.plugin_dir.clone().or_else(|| file.plugin_dir.clone());
+    let redact_logs = args.redact_logs || file.redact_logs.unwrap_or(false);

    EffectiveConfig {
        listen,
@@ -235,6 +241,7 @@ pub fn merge_config(args: &crate::Args, file: &FileConfig) -> EffectiveConfig {
        metrics_enabled,
        federation,
        plugin_dir,
+        redact_logs,
    }
 }