Add channel-aware delivery and update roadmap

design/DM_CHANNELS.md

@@ -0,0 +1,38 @@
+# 1:1 Channel Design (MVP)
+
+## Goals
+- First-class 1:1 channels (DMs) atop NodeService.
+- Authz on enqueue/fetch per channel, not just recipient key.
+- Privacy: MLS-encrypted payloads; metadata limited to channel ID + participants.
+- Retention: 7d message retention; keypackages expire after 24h (configurable later).
+- Compatibility: additive schema change with version tagging; N-1 clients can interop if they ignore new fields.
+
+## Schema changes (Cap'n Proto)
+- Add `channelId :Data` (UUID/16B) to enqueue/fetch/fetchWait requests.
+- Add `version :UInt16` to NodeService messages (reject unknown > current).
+- Keep `recipientKey` for routing; server authz uses `(channelId, caller identity)`.
+
+## AuthZ model
+- Channel membership: exactly two identities (A,B). Server stores membership map `{channelId -> {a_key, b_key}}`.
+- Enqueue allowed if caller identity ∈ channel members; fetch/fetchWait allowed only for caller identity.
+- Rate limits applied per channel and per identity (50 r/s per IP/identity, 5 MB max payload).
+
+## Storage model
+- New table/map: `channels` with `channelId`, `member_keys[2]`, `created_at`.
+- Deliveries keyed by `(channelId, recipient_key)`; queues retain per recipient, per channel.
+- Messages carry `received_at` timestamp; TTL eviction at fetch time and background sweep.
+
+## Flows
+- Create channel: caller provides peer identity; server generates channelId, stores membership, returns channelId.
+- Send: client includes channelId + recipientKey; server authz + size/TTL checks; enqueue.
+- Receive: fetch/fetchWait drains messages for `(channelId, caller_key)`; applies TTL, returns non-expired.
+
+## Backward compatibility
+- Old clients without channelId: server treats channelId=nil as legacy mode (current behavior) for interim.
+- Version field allows rejecting future schema changes cleanly.
+
+## Open items
+- Persistence backend: extend FileBackedStore or move to proper DB for channels + TTL metadata.
+- API surface: add `createChannel(channelMembers)` RPC or reuse auth service.
+- Client UX: map peer identity → channelId discovery; cache channelId in state file.
+- Auditing: log channel create, authz failures, send/recv events with redaction.

design/TECHNOLOGY_SUGGESTIONS.md

@@ -0,0 +1,57 @@
+# Technology Suggestions for quicnprotochat
+
+## Transport & Networking
+
+- **LibP2P or iroh (from n0)** — Decentralized peer discovery, NAT traversal (hole-punching), and relay fallback. Move beyond client-server to a mesh/hybrid topology where peers can communicate directly when possible.
+- **WebTransport (HTTP/3)** — Expose QUIC transport to browsers, enabling a web client without WebSocket degradation.
+- **Tor / I2P integration** — Onion-routed transport layer for metadata resistance. MLS protects content, but connection metadata still leaks to the server.
+
+## Storage & Persistence
+
+- **SQLCipher or libsql (Turso)** — Encrypted-at-rest SQLite for durable group state, key stores, and message history.
+- **CRDT-based sync (Automerge / Yrs)** — Conflict-free replicated data types for multi-device state synchronization without a central authority.
+- **Object storage (S3-compatible)** — For encrypted file/media attachments with server-side ignorance of content.
+
+## Cryptography & Privacy
+
+- **ML-KEM + ML-DSA hybrid** — Hybrid X25519+ML-KEM-768 KEM for MLS init keys. One of the first post-quantum MLS implementations.
+- **Private Information Retrieval (PIR)** — Let clients fetch messages/key packages without revealing which recipient they are (SealPIR / SimplePIR).
+- **Sealed Sender (Signal-style)** — Encrypt sender identity inside the MLS ciphertext so the server can't see who sent a message to whom.
+- **Key Transparency (RFC draft)** — Verifiable log of public keys to detect server-side key substitution attacks.
+
+## Identity & Authentication
+
+- **DID (Decentralized Identifiers)** — Self-sovereign `did:key` or `did:web` identifiers. Portable across servers.
+- **OPAQUE (aPAKE)** — Password-authenticated key exchange where the server never sees the password.
+- **WebAuthn / Passkeys** — Hardware-backed authentication for device binding (YubiKey, Touch ID, etc.).
+- **Verifiable Credentials (W3C VC)** — Prove attributes (org membership, role) without revealing full identity.
+
+## Application Layer
+
+- **Matrix-style federation** — Let multiple quicnprotochat servers federate for cross-server communication.
+- **WASM plugin system** — Sandboxed WASM plugins for bots, bridges, custom message types.
+- **Double-ratchet DM layer** — Signal-style double ratchet (X3DH + Axolotl) for efficient 1:1 conversations.
+
+## Observability & Operations
+
+- **OpenTelemetry (tracing + metrics)** — OTLP export for distributed tracing, latency histograms, and dashboards.
+- **Prometheus + Grafana** — Metrics on message throughput, MLS epoch advancement rate, queue depths.
+- **Testcontainers-rs** — Docker stack in Rust integration tests for true end-to-end CI.
+
+## Developer Experience
+
+- **Tauri or Dioxus** — Native cross-platform GUI client in Rust, sharing core crate.
+- **uniffi or diplomat** — FFI bindings from Rust core to Swift/Kotlin for mobile clients.
+- **Nix flakes** — Reproducible dev environment bundling capnp, Rust toolchain, and test infra.
+
+---
+
+## Top 5 Priority Implementations
+
+| Priority | Technology | Why |
+|----------|-----------|-----|
+| 1 | **Post-quantum hybrid KEM** | `ml-kem` already vendored — finishing this makes the project cutting-edge |
+| 2 | **SQLCipher persistence** | Unlocks M6, multi-device, and offline usage |
+| 3 | **OPAQUE auth** | Zero-knowledge passwords, massive security uplift for auth layer |
+| 4 | **iroh / LibP2P** | NAT traversal + optional P2P mesh makes this deployable without central infra |
+| 5 | **Sealed Sender + PIR** | Metadata resistance is the frontier — content encryption is table stakes now |