feat: Phase 9 — developer experience, extensibility, and community growth
New crates: - quicproquo-bot: Bot SDK with polling API + JSON pipe mode - quicproquo-kt: Key Transparency Merkle log (RFC 9162 subset) - quicproquo-plugin-api: no_std C-compatible plugin vtable API - quicproquo-gen: scaffolding tool (qpq-gen plugin/bot/rpc/hook) Server features: - ServerHooks trait wired into all RPC handlers (enqueue, fetch, auth, channel, registration) with plugin rejection support - Dynamic plugin loader (libloading) with --plugin-dir config - Delivery proof canary tokens (Ed25519 server signatures on enqueue) - Key Transparency Merkle log with inclusion proofs on resolveUser Core library: - Safety numbers (60-digit HMAC-SHA256 key verification codes) - Verifiable transcript archive (CBOR + ChaCha20-Poly1305 + hash chain) - Delivery proof verification utility - Criterion benchmarks (hybrid KEM, MLS, identity, sealed sender, padding) Client: - /verify REPL command for out-of-band key verification - Full-screen TUI via Ratatui (feature-gated --features tui) - qpq export / qpq export-verify CLI subcommands - KT inclusion proof verification on user resolution Also: ROADMAP Phase 9 added, bot SDK docs, server hooks docs, crate-responsibilities updated, example plugins (rate_limit, logging).
This commit is contained in:
55
ROADMAP.md
55
ROADMAP.md
@@ -425,6 +425,59 @@ functions without any central infrastructure or internet uplink.
|
||||
|
||||
---
|
||||
|
||||
## Phase 9 — Developer Experience & Community Growth
|
||||
|
||||
Features designed to attract contributors, create demo/showcase potential,
|
||||
and lower the barrier to entry for non-crypto developers.
|
||||
|
||||
- [ ] **9.1 Criterion Benchmark Suite (`qpq-bench`)**
|
||||
- Criterion benchmarks for all crypto primitives: hybrid KEM encap/decap,
|
||||
MLS group-add at 10/100/1000 members, epoch rotation, Noise_XX handshake
|
||||
- CI publishes HTML benchmark reports as GitHub Actions artifacts
|
||||
- Citable numbers — no other project benchmarks MLS + PQ-KEM in Rust
|
||||
|
||||
- [ ] **9.2 Safety Numbers (key verification)**
|
||||
- Derive a 60-digit numeric code from two identity keys (Signal-style)
|
||||
- REPL `/verify <username>` command for out-of-band key verification
|
||||
- Pure client-side — no server or wire format changes needed
|
||||
|
||||
- [ ] **9.3 Full-Screen TUI (Ratatui + Crossterm)**
|
||||
- `qpq tui` launches a full-screen terminal UI: message pane, input bar,
|
||||
channel sidebar with unread counts, MLS epoch indicator
|
||||
- Feature-gated `--features tui` to keep ratatui/crossterm out of default builds
|
||||
- Existing REPL and CLI subcommands are unaffected
|
||||
|
||||
- [ ] **9.4 Delivery Proof Canary Tokens**
|
||||
- Server signs `Ed25519(SHA-256(message_id || recipient || timestamp))` on enqueue
|
||||
- Sender stores proof locally — cryptographic evidence the server queued the message
|
||||
- Cap'n Proto schema gains optional `deliveryProof: Data` on enqueue response
|
||||
|
||||
- [ ] **9.5 Verifiable Transcript Archive**
|
||||
- `GroupMember::export_transcript(path, password)` writes encrypted, tamper-evident
|
||||
message archive (CBOR records, Argon2id + ChaCha20-Poly1305, Merkle chain)
|
||||
- `qpq export verify` CLI command independently verifies chain integrity
|
||||
- Useful for legal discovery, audit, or personal backup
|
||||
|
||||
- [ ] **9.6 Key Transparency (Merkle-Log Identity Binding)**
|
||||
- Append-only Merkle log of (username, identity_key) bindings in the AS
|
||||
- Clients receive inclusion proofs alongside key fetches
|
||||
- Any client can independently audit the full identity history
|
||||
- Lightweight subset of RFC 9162 adapted for identity keys
|
||||
|
||||
- [ ] **9.7 Dynamic Server Plugin System**
|
||||
- Server loads `.so`/`.dylib` plugins at runtime from config `[plugins]` section
|
||||
- C-compatible `HookVTable` via `extern "C"` — plugins in any language
|
||||
- Ships with Rust reference plugin + Python ctypes example
|
||||
- Extends existing `ServerHooks` trait with dynamic dispatch
|
||||
|
||||
- [ ] **9.8 PQ Noise Transport Layer**
|
||||
- Hybrid `Noise_XX + ML-KEM-768` handshake for post-quantum transport security
|
||||
- Closes the harvest-now-decrypt-later gap on handshake metadata (ADR-006)
|
||||
- Feature-gated `--features pq-noise`; classical Noise_XX default preserved
|
||||
- May require extending or forking `snow` crate's `CryptoResolver`
|
||||
|
||||
---
|
||||
|
||||
## Summary Timeline
|
||||
|
||||
| Phase | Focus | Estimated Effort |
|
||||
@@ -436,6 +489,8 @@ functions without any central infrastructure or internet uplink.
|
||||
| **5** | Features & UX | 5–7 days |
|
||||
| **6** | Scale & Operations | 3–5 days |
|
||||
| **7** | Platform Expansion & Research | ongoing |
|
||||
| **8** | Freifunk / Community Mesh | ongoing |
|
||||
| **9** | Developer Experience & Community Growth | 3–5 days |
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user