Christian Nennemann
00b0aa92a1
Add comprehensive documentation comparing quicnprotochat against classical chat protocols (IRC+SSL, XMPP, Telegram) with diagrams and attack scenarios. Promote comparison pages to top-level sidebar section. Include P2P transport crate (iroh), production readiness audit, CI workflows, dependency policy, and continued architecture improvements across all crates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
73 lines
3.6 KiB
Cap'n Proto
73 lines
3.6 KiB
Cap'n Proto
# node.capnp — Unified quicnprotochat node RPC interface.
|
|
#
|
|
# Combines Authentication and Delivery operations into a single service.
|
|
#
|
|
# ID generated with: capnp id
|
|
@0xd5ca5648a9cc1c28;
|
|
|
|
interface NodeService {
|
|
# Upload a single-use KeyPackage for later retrieval by peers.
|
|
# identityKey : Ed25519 public key bytes (32 bytes)
|
|
# package : TLS-encoded openmls KeyPackage
|
|
# auth : Auth context (version=1, non-empty accessToken required).
|
|
uploadKeyPackage @0 (identityKey :Data, package :Data, auth :Auth) -> (fingerprint :Data);
|
|
|
|
# Fetch and atomically remove one KeyPackage for a given identity key.
|
|
# Returns empty Data if none are stored.
|
|
fetchKeyPackage @1 (identityKey :Data, auth :Auth) -> (package :Data);
|
|
|
|
# Enqueue an opaque payload for delivery to a recipient.
|
|
# channelId : Optional channel identifier (empty for default). A 16-byte UUID
|
|
# is recommended for 1:1 channels.
|
|
# version : Schema/wire version. Must be 1.
|
|
enqueue @2 (recipientKey :Data, payload :Data, channelId :Data, version :UInt16, auth :Auth) -> ();
|
|
|
|
# Fetch and drain all queued payloads for the recipient.
|
|
# limit: max number of messages to return (0 = fetch all).
|
|
fetch @3 (recipientKey :Data, channelId :Data, version :UInt16, auth :Auth, limit :UInt32) -> (payloads :List(Data));
|
|
|
|
# Long-poll: wait up to timeoutMs for new payloads, then drain queue.
|
|
# limit: max number of messages to return (0 = fetch all).
|
|
fetchWait @4 (recipientKey :Data, channelId :Data, version :UInt16, timeoutMs :UInt64, auth :Auth, limit :UInt32) -> (payloads :List(Data));
|
|
|
|
# Health probe for readiness/liveness.
|
|
health @5 () -> (status :Text);
|
|
|
|
# Upload the hybrid (X25519 + ML-KEM-768) public key for sealed envelope encryption.
|
|
uploadHybridKey @6 (identityKey :Data, hybridPublicKey :Data, auth :Auth) -> ();
|
|
|
|
# Fetch a peer's hybrid public key (for post-quantum envelope encryption).
|
|
fetchHybridKey @7 (identityKey :Data, auth :Auth) -> (hybridPublicKey :Data);
|
|
|
|
# ── OPAQUE password-authenticated registration ──────────────────────────
|
|
|
|
# Start OPAQUE registration: client sends blinded password element.
|
|
opaqueRegisterStart @8 (username :Text, request :Data) -> (response :Data);
|
|
|
|
# Finish OPAQUE registration: client uploads sealed credential envelope.
|
|
opaqueRegisterFinish @9 (username :Text, upload :Data, identityKey :Data) -> (success :Bool);
|
|
|
|
# ── OPAQUE password-authenticated login ─────────────────────────────────
|
|
|
|
# Start OPAQUE login: client sends credential request.
|
|
opaqueLoginStart @10 (username :Text, request :Data) -> (response :Data);
|
|
|
|
# Finish OPAQUE login: client sends credential finalization, receives session token.
|
|
opaqueLoginFinish @11 (username :Text, finalization :Data, identityKey :Data) -> (sessionToken :Data);
|
|
|
|
# ── P2P endpoint discovery ────────────────────────────────────────────────
|
|
|
|
# Publish this node's iroh endpoint address for P2P connectivity.
|
|
# nodeAddr is the serialized iroh NodeAddr (JSON or custom encoding).
|
|
publishEndpoint @12 (identityKey :Data, nodeAddr :Data, auth :Auth) -> ();
|
|
|
|
# Resolve a peer's iroh endpoint for direct P2P connection.
|
|
resolveEndpoint @13 (identityKey :Data, auth :Auth) -> (nodeAddr :Data);
|
|
}
|
|
|
|
struct Auth {
|
|
version @0 :UInt16; # 1 = token-based auth (required)
|
|
accessToken @1 :Data; # opaque bearer token issued at login
|
|
deviceId @2 :Data; # optional UUID bytes for auditing/rate limiting
|
|
}
|