c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1ddef4cea3df34f14bd062a31549fa5a7264641
quicproquo/design/DM_CHANNELS.md

39 lines
2.1 KiB
Markdown
Raw Blame History

# 1:1 Channel Design (MVP)
## Goals
- First-class 1:1 channels (DMs) atop NodeService.
- Authz on enqueue/fetch per channel, not just recipient key.
- Privacy: MLS-encrypted payloads; metadata limited to channel ID + participants.
- Retention: 7d message retention; keypackages expire after 24h (configurable later).
- Compatibility: additive schema change with version tagging; N-1 clients can interop if they ignore new fields.
## Schema changes (Cap'n Proto)
- Add `channelId :Data` (UUID/16B) to enqueue/fetch/fetchWait requests.
- Add `version :UInt16` to NodeService messages (reject unknown > current).
- Keep `recipientKey` for routing; server authz uses `(channelId, caller identity)`.
## AuthZ model
- Channel membership: exactly two identities (A,B). Server stores membership map `{channelId -> {a_key, b_key}}`.
- Enqueue allowed if caller identity ∈ channel members; fetch/fetchWait allowed only for caller identity.
- Rate limits applied per channel and per identity (50 r/s per IP/identity, 5 MB max payload).
## Storage model
- New table/map: `channels` with `channelId`, `member_keys[2]`, `created_at`.
- Deliveries keyed by `(channelId, recipient_key)`; queues retain per recipient, per channel.
- Messages carry `received_at` timestamp; TTL eviction at fetch time and background sweep.
## Flows
- Create channel: caller provides peer identity; server generates channelId, stores membership, returns channelId.
- Send: client includes channelId + recipientKey; server authz + size/TTL checks; enqueue.
- Receive: fetch/fetchWait drains messages for `(channelId, caller_key)`; applies TTL, returns non-expired.
## Backward compatibility
- Old clients without channelId: server treats channelId=nil as legacy mode (current behavior) for interim.
- Version field allows rejecting future schema changes cleanly.
## Open items
- Persistence backend: extend FileBackedStore or move to proper DB for channels + TTL metadata.
- API surface: add `createChannel(channelMembers)` RPC or reuse auth service.
- Client UX: map peer identity → channelId discovery; cache channelId in state file.
- Auditing: log channel create, authz failures, send/recv events with redaction.
Reference in New Issue View Git Blame Copy Permalink