feat: Phase 9 — developer experience, extensibility, and community growth

New crates: - quicproquo-bot: Bot SDK with polling API + JSON pipe mode - quicproquo-kt: Key Transparency Merkle log (RFC 9162 subset) - quicproquo-plugin-api: no_std C-compatible plugin vtable API - quicproquo-gen: scaffolding tool (qpq-gen plugin/bot/rpc/hook) Server features: - ServerHooks trait wired into all RPC handlers (enqueue, fetch, auth, channel, registration) with plugin rejection support - Dynamic plugin loader (libloading) with --plugin-dir config - Delivery proof canary tokens (Ed25519 server signatures on enqueue) - Key Transparency Merkle log with inclusion proofs on resolveUser Core library: - Safety numbers (60-digit HMAC-SHA256 key verification codes) - Verifiable transcript archive (CBOR + ChaCha20-Poly1305 + hash chain) - Delivery proof verification utility - Criterion benchmarks (hybrid KEM, MLS, identity, sealed sender, padding) Client: - /verify REPL command for out-of-band key verification - Full-screen TUI via Ratatui (feature-gated --features tui) - qpq export / qpq export-verify CLI subcommands - KT inclusion proof verification on user resolution Also: ROADMAP Phase 9 added, bot SDK docs, server hooks docs, crate-responsibilities updated, example plugins (rate_limit, logging).
2026-03-03 22:47:38 +01:00
parent b6483dedbc
commit dc4e4e49a0
62 changed files with 6959 additions and 62 deletions
--- a/crates/quicproquo-server/src/node_service/user_ops.rs
+++ b/crates/quicproquo-server/src/node_service/user_ops.rs
@@ -78,14 +78,36 @@ impl NodeServiceImpl {
        }

        // Local resolution.
-        match self.store.get_user_identity_key(&addr.username) {
-            Ok(Some(key)) => {
-                results.get().set_identity_key(&key);
-            }
+        let identity_key = match self.store.get_user_identity_key(&addr.username) {
+            Ok(Some(key)) => key,
            Ok(None) => {
                // Return empty Data — caller checks length to detect "not found".
+                return Promise::ok(());
            }
            Err(e) => return Promise::err(storage_err(e)),
+        };
+
+        let mut r = results.get();
+        r.set_identity_key(&identity_key);
+
+        // Attempt to include a KT Merkle inclusion proof.
+        // Non-fatal: if the log is unavailable or has no entry, return just the key.
+        if let Ok(log) = self.kt_log.lock() {
+            if let Some(leaf_idx) = log.find(&addr.username, &identity_key) {
+                match log.inclusion_proof(leaf_idx) {
+                    Ok(proof) => match proof.to_bytes() {
+                        Ok(bytes) => {
+                            r.set_inclusion_proof(&bytes);
+                        }
+                        Err(e) => {
+                            tracing::warn!(error = %e, "KT proof serialise failed");
+                        }
+                    },
+                    Err(e) => {
+                        tracing::warn!(error = %e, "KT inclusion_proof failed");
+                    }
+                }
+            }
        }

        Promise::ok(())