quicproquo

c/quicproquo

Fork 0

Commit Graph

Author	SHA1	Message	Date
Christian Nennemann	750b794342	DM channels (createChannel), channel authz, security/docs, future improvements - Add createChannel RPC (node.capnp @18): create 1:1 channel, returns 16-byte channelId - Store: create_channel(member_a, member_b), get_channel_members(channel_id) - FileBackedStore: channels.bin; SqlStore: migration 003_channels, schema v4 - channel_ops: handle_create_channel (auth + identity, peerKey 32 bytes) - Delivery authz: when channel_id.len() == 16, require caller and recipient are channel members (E022/E023) - Error codes E022 CHANNEL_ACCESS_DENIED, E023 CHANNEL_NOT_FOUND - SUMMARY: link Certificate lifecycle; security audit, future improvements, multi-agent plan docs - Certificate lifecycle doc, SECURITY-AUDIT, FUTURE-IMPROVEMENTS, MULTI-AGENT-WORK-PLAN - Client/core/tls/auth/server main: assorted fixes and updates from review and audit Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-23 22:54:28 +01:00
Christian Nennemann	6b8b61c6ae	feat: add delivery sequence numbers + major server/client refactor Delivery sequence numbers (MLS epoch ordering fix): - schemas/node.capnp: add Envelope{seq,data} struct; enqueue returns seq:UInt64; fetch/fetchWait return List(Envelope) instead of List(Data) - storage.rs: Store trait enqueue returns u64; fetch/fetch_limited return Vec<(u64, Vec<u8>)>; FileBackedStore gains QueueMapV3 with per-inbox seq counters and V2→V3 on-disk migration - migrations/002_add_seq.sql: seq column, delivery_seq_counters table, index - sql_store.rs: atomic UPSERT counter via RETURNING, ORDER BY seq, SCHEMA_VERSION→3 - node_service/delivery.rs: builds Envelope list; returns seq from enqueue - client/rpc.rs: enqueue→u64, fetch_all/fetch_wait→Vec<(u64,Vec<u8>)> - client/commands.rs: sort-by-seq before MLS processing; retry loop in cmd_recv and receive_pending_plaintexts for correct epoch ordering Server refactor: - Split monolithic main.rs into node_service/{mod,delivery,auth_ops,key_ops,p2p_ops} - Add auth.rs (token validation, rate limiting), config.rs, metrics.rs, tls.rs - Add SQL migrations runner (001_initial.sql, 002_add_seq.sql) - OPAQUE PAKE login/registration, sealed-sender mode, queue depth limit (1000) Client refactor: - Split lib.rs into client/{commands,rpc,state,retry,hex,mod} - Add cmd_whoami, cmd_health, cmd_check_key, cmd_ping subcommands - Add cmd_register_user, cmd_login (OPAQUE), cmd_refresh_keypackage - Hybrid PQ envelope (X25519 + ML-KEM-768) on all send/recv paths - E2E test suite expanded Other: - quicnprotochat-gui: Tauri 2 desktop GUI skeleton (backend + HTML UI) - quicnprotochat-p2p: iroh-based P2P transport stub - quicnprotochat-core: app_message, hybrid_crypto modules; GroupMember API updates - .github/workflows/size-lint.yml: binary size regression check - docs: protocol comparison, roadmap updates, fully-operational checklist	2026-02-22 20:40:12 +01:00

Author

SHA1

Message

Date

Christian Nennemann

750b794342

DM channels (createChannel), channel authz, security/docs, future improvements

- Add createChannel RPC (node.capnp @18): create 1:1 channel, returns 16-byte channelId
- Store: create_channel(member_a, member_b), get_channel_members(channel_id)
- FileBackedStore: channels.bin; SqlStore: migration 003_channels, schema v4
- channel_ops: handle_create_channel (auth + identity, peerKey 32 bytes)
- Delivery authz: when channel_id.len() == 16, require caller and recipient are channel members (E022/E023)
- Error codes E022 CHANNEL_ACCESS_DENIED, E023 CHANNEL_NOT_FOUND
- SUMMARY: link Certificate lifecycle; security audit, future improvements, multi-agent plan docs
- Certificate lifecycle doc, SECURITY-AUDIT, FUTURE-IMPROVEMENTS, MULTI-AGENT-WORK-PLAN
- Client/core/tls/auth/server main: assorted fixes and updates from review and audit

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-23 22:54:28 +01:00

Christian Nennemann

6b8b61c6ae

feat: add delivery sequence numbers + major server/client refactor

Delivery sequence numbers (MLS epoch ordering fix):
- schemas/node.capnp: add Envelope{seq,data} struct; enqueue returns seq:UInt64;
  fetch/fetchWait return List(Envelope) instead of List(Data)
- storage.rs: Store trait enqueue returns u64; fetch/fetch_limited return
  Vec<(u64, Vec<u8>)>; FileBackedStore gains QueueMapV3 with per-inbox seq
  counters and V2→V3 on-disk migration
- migrations/002_add_seq.sql: seq column, delivery_seq_counters table, index
- sql_store.rs: atomic UPSERT counter via RETURNING, ORDER BY seq, SCHEMA_VERSION→3
- node_service/delivery.rs: builds Envelope list; returns seq from enqueue
- client/rpc.rs: enqueue→u64, fetch_all/fetch_wait→Vec<(u64,Vec<u8>)>
- client/commands.rs: sort-by-seq before MLS processing; retry loop in cmd_recv
  and receive_pending_plaintexts for correct epoch ordering

Server refactor:
- Split monolithic main.rs into node_service/{mod,delivery,auth_ops,key_ops,p2p_ops}
- Add auth.rs (token validation, rate limiting), config.rs, metrics.rs, tls.rs
- Add SQL migrations runner (001_initial.sql, 002_add_seq.sql)
- OPAQUE PAKE login/registration, sealed-sender mode, queue depth limit (1000)

Client refactor:
- Split lib.rs into client/{commands,rpc,state,retry,hex,mod}
- Add cmd_whoami, cmd_health, cmd_check_key, cmd_ping subcommands
- Add cmd_register_user, cmd_login (OPAQUE), cmd_refresh_keypackage
- Hybrid PQ envelope (X25519 + ML-KEM-768) on all send/recv paths
- E2E test suite expanded

Other:
- quicnprotochat-gui: Tauri 2 desktop GUI skeleton (backend + HTML UI)
- quicnprotochat-p2p: iroh-based P2P transport stub
- quicnprotochat-core: app_message, hybrid_crypto modules; GroupMember API updates
- .github/workflows/size-lint.yml: binary size regression check
- docs: protocol comparison, roadmap updates, fully-operational checklist

2026-02-22 20:40:12 +01:00

2 Commits