docs: CLAUDE.md design principles, update ARCHITECTURE + SECURITY
- CLAUDE.md: design principles (E2E by default, semi-trusted server, federation transparency, TG bot compat), coding conventions for Rust/TUI/ WASM/federation/bots, task naming, key files reference - ARCHITECTURE.md: added bots to high-level diagram, friends/bot/resolve modules, 9 sled trees (was 7), bot API sequence diagram, addressing table, federated features table, test count 72→122 - SECURITY.md: v0.0.21, added friend list/API auth/device/bot alias to protected assets, auth & authorization section, rate limiting, session recovery Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
78
warzone/CLAUDE.md
Normal file
78
warzone/CLAUDE.md
Normal file
@@ -0,0 +1,78 @@
|
||||
# featherChat — Design Principles & Conventions
|
||||
|
||||
## Architecture Principles
|
||||
|
||||
1. **Single seed, multiple identities** — Ed25519 (messaging), X25519 (encryption), secp256k1 (ETH address) all derived from one BIP39 seed via HKDF with domain-separated info strings.
|
||||
|
||||
2. **E2E by default** — All user messages are Double Ratchet encrypted. The server NEVER sees plaintext. Friend lists are client-side encrypted. Only bot messages are plaintext (v1).
|
||||
|
||||
3. **Server is semi-trusted** — Server sees metadata (who talks to whom, timing, groups) but cannot read message content. Design all features with this trust boundary in mind.
|
||||
|
||||
4. **Federation is transparent** — Users don't need to know which server their peer is on. Key lookup, alias resolution, and message delivery automatically proxy through federation.
|
||||
|
||||
5. **Telegram Bot API compatibility** — Bot API follows Telegram conventions (getUpdates, sendMessage, token-in-URL). Bot aliases must end with Bot/bot/_bot.
|
||||
|
||||
6. **Auth on writes, open reads** — All POST/write endpoints require bearer tokens. GET/read endpoints are public (needed for key exchange before auth is possible).
|
||||
|
||||
## Coding Conventions
|
||||
|
||||
### Rust
|
||||
- Workspace crates: protocol (no I/O), server (axum), client (ratatui), wasm (wasm-bindgen), mule (future)
|
||||
- Error handling: `AppResult<T>` in server, `anyhow::Result` in client, `ProtocolError` in protocol
|
||||
- State: `AppState` with `Arc<Mutex<>>` for shared state, `Arc<Database>` for sled
|
||||
- Auth: `AuthFingerprint` extractor as first handler param for protected routes
|
||||
- Fingerprints: always normalize with `normfp()` (strip non-hex, lowercase)
|
||||
- New routes: create `routes/<name>.rs`, add `pub fn routes() -> Router<AppState>`, merge in `routes/mod.rs`
|
||||
|
||||
### TUI
|
||||
- 7 modules in `tui/`: types, draw, commands, input, file_transfer, network, mod
|
||||
- All ChatLine must include `timestamp: Local::now()`
|
||||
- Add new commands to both the handler chain AND `/help` text
|
||||
- Self-messaging prevention: check `normfp(&peer) != normfp(&self.our_fp)`
|
||||
|
||||
### Web (WASM)
|
||||
- JS embedded in `routes/web.rs` as Rust raw string — careful with escaping
|
||||
- Service worker cache version must be bumped on WASM changes (`wz-vN`)
|
||||
- `WasmSession::initiate()` stores X3DH result — `encrypt_key_exchange` must NOT re-initiate
|
||||
|
||||
### Federation
|
||||
- Persistent WS between servers, NOT HTTP polling
|
||||
- Presence re-pushed every 10s + on connect
|
||||
- Key lookup: proxy to peer for non-local fingerprints (never cache remote bundles)
|
||||
- Alias resolution: fall back to peer if not found locally
|
||||
- Registration: check peer to enforce global uniqueness
|
||||
|
||||
### Bot API
|
||||
- Token stored as `bot:<token>` in tokens tree
|
||||
- Reverse lookup: `bot_fp:<fingerprint>` → token
|
||||
- Alias auto-registered on bot creation with `_bot` suffix
|
||||
- Reserved aliases: `*Bot`, `*bot`, `*_bot` blocked for non-bots
|
||||
|
||||
## Task Naming
|
||||
|
||||
`FC-P{phase}-T{task}[-S{subtask}]`
|
||||
|
||||
See `docs/TASK_PLAN.md` for the full breakdown.
|
||||
|
||||
## Testing
|
||||
|
||||
- Protocol: unit tests in each module's `#[cfg(test)]`
|
||||
- TUI: unit tests for types, input, draw (using ratatui TestBackend)
|
||||
- WASM: can't test natively (js-sys dependency) — test equivalent logic in protocol crate
|
||||
- Server: no integration tests yet (planned)
|
||||
|
||||
## Key Files
|
||||
|
||||
| What | Where |
|
||||
|------|-------|
|
||||
| Wire format | `warzone-protocol/src/message.rs` |
|
||||
| Crypto primitives | `warzone-protocol/src/crypto.rs` |
|
||||
| Server state | `warzone-server/src/state.rs` |
|
||||
| All routes | `warzone-server/src/routes/mod.rs` |
|
||||
| Federation | `warzone-server/src/federation.rs` |
|
||||
| TUI commands | `warzone-client/src/tui/commands.rs` |
|
||||
| Web client | `warzone-server/src/routes/web.rs` |
|
||||
| WASM bridge | `warzone-wasm/src/lib.rs` |
|
||||
| Task plan | `docs/TASK_PLAN.md` |
|
||||
| Bot API docs | `docs/BOT_API.md` |
|
||||
| LLM help ref | `docs/LLM_HELP.md` |
|
||||
Reference in New Issue
Block a user