c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
553de3a2b75132b555b70a044297f71b632cf619
quicproquo/crates
History
Christian Nennemann 553de3a2b7 feat: interactive REPL with auto-setup, auto-join, encrypted local storage 
REPL auto-setup (zero-friction startup):
- OnceLock → RwLock for CLIENT_AUTH to allow delayed init after OPAQUE login
- Extract opaque_register/opaque_login helpers from one-shot commands
- Token cache (.session file) with QPCE encryption when password provided
- Add --username/--password/--state-password to repl subcommand
- resolve_access_token: auto-register + login, cache token, prompt interactively
- rpassword for secure password input (no echo)

Interactive REPL (multi-conversation):
- SessionState: identity, hybrid key, ConversationStore, per-conversation GroupMembers
- ConversationStore: SQLite-backed conversations + messages with full CRUD
- Slash commands: /dm, /group, /invite, /join, /switch, /list, /members, /history, /whoami
- Background polling (1s interval) with auto-join from MLS Welcome messages
- pending_member pattern: persistent keystore for HPKE init key, replenish after join
- Self-DM handled as local-only notepad (no MLS/server channel)
- ANSI display module for colored prompts, incoming messages, status/error output

Username resolution:
- resolveIdentity RPC (@20 in node.capnp): look up username by identity key
- Server: resolve_identity_key in Store trait, FileBackedStore, SqlStore
- Client: resolve_identity in rpc.rs, used in auto-join for peer display names
- resolveUser: bidirectional lookup (username → identity key)

Encrypted local storage (nothing in cleartext):
- ConversationStore uses SQLCipher when --state-password is provided
- Argon2id key derivation with per-database random salt (.convdb-salt, mode 0600)
- Transparent migration of existing unencrypted databases via sqlcipher_export
- Token cache encrypted with QPCE format (Argon2id + ChaCha20Poly1305)

Server changes:
- resolveIdentity + resolveUser RPC handlers with auth + validation
- Auth: sealed-sender identity binding on enqueue, channel member authorization
- Delivery: hybrid decrypt attempts, identity key validation on enqueue
- Config: --allow-sealed-sender flag for anonymous delivery mode
- zeroize added to server dependencies

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 22:45:34 +01:00
..
quicnprotochat-client
feat: interactive REPL with auto-setup, auto-join, encrypted local storage
2026-02-26 22:45:34 +01:00
quicnprotochat-core
DM channels (createChannel), channel authz, security/docs, future improvements
2026-02-23 22:54:28 +01:00
quicnprotochat-gui
DM channels (createChannel), channel authz, security/docs, future improvements
2026-02-23 22:54:28 +01:00
quicnprotochat-p2p
chore: exclude p2p crate from workspace, slim tokio features
2026-02-23 23:10:23 +01:00
quicnprotochat-proto
feat: add protocol comparison docs, P2P crate, production audit, and design fixes
2026-02-22 12:15:44 +01:00
quicnprotochat-server
feat: interactive REPL with auto-setup, auto-join, encrypted local storage
2026-02-26 22:45:34 +01:00