docs: CLAUDE.md design principles, update ARCHITECTURE + SECURITY

- CLAUDE.md: design principles (E2E by default, semi-trusted server, federation transparency, TG bot compat), coding conventions for Rust/TUI/ WASM/federation/bots, task naming, key files reference - ARCHITECTURE.md: added bots to high-level diagram, friends/bot/resolve modules, 9 sled trees (was 7), bot API sequence diagram, addressing table, federated features table, test count 72→122 - SECURITY.md: v0.0.21, added friend list/API auth/device/bot alias to protected assets, auth & authorization section, rate limiting, session recovery Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-29 07:39:30 +04:00
parent 210fbbb35b
commit 953b3bd13a
3 changed files with 186 additions and 7 deletions
--- a/warzone/docs/SECURITY.md
+++ b/warzone/docs/SECURITY.md
@@ -1,7 +1,7 @@
 # Warzone Messenger (featherChat) — Security Model & Threat Analysis

-**Version:** 0.0.20
-**Last Updated:** 2026-03-28
+**Version:** 0.0.21
+**Last Updated:** 2026-03-29

 ---

@@ -20,6 +20,10 @@
 | Session state            | Encrypted backup (HKDF + ChaCha20-Poly1305)   |
 | Pre-key authenticity     | Ed25519 signature on signed pre-keys          |
 | Key exchange integrity   | X3DH with 3-4 DH operations                  |
+| Friend list              | E2E encrypted blob (ChaCha20 + HKDF-derived key) |
+| API write operations     | Bearer token middleware on all POST routes     |
+| Device sessions          | Kick/revoke-all, max 5 WS per fingerprint     |
+| Bot aliases              | Reserved suffixes (Bot/bot/_bot) enforced      |

 ### What Is NOT Protected (Current)

@@ -32,6 +36,7 @@
 | Message sizes            | Server sees encrypted message sizes            |
 | Online/offline status    | Server knows when clients connect via WebSocket|
 | IP addresses             | Server sees client IP addresses                |
+| Bot messages             | Plaintext (not E2E) in v1 — bots don't hold ratchet sessions |

 ### Trust Boundaries

@@ -63,6 +68,34 @@
 └─────────────────────────────────────────────────────┘
 ```

+### Authentication & Authorization
+
+- Challenge-response: Ed25519 signature over random challenge
+- Bearer tokens: 7-day TTL, required on all write endpoints
+- Auth middleware: `AuthFingerprint` extractor returns 401 on invalid/missing token
+- Bot tokens: separate namespace (`bot:<token>`), validated per-request
+- Federation: shared secret compared on WS auth frame
+
+Protected endpoints (require bearer token):
+- messages/send, groups/*, aliases/*, calls/*, devices/*, friends, presence/batch
+
+Public endpoints (no auth):
+- keys/:fp, messages/poll, groups GET, alias/resolve, resolve/:address, bot/*
+
+### Rate Limiting & Abuse Prevention
+
+- Global: 200 concurrent requests (tower ConcurrencyLimitLayer)
+- Per-fingerprint: max 5 WebSocket connections
+- Stale connections auto-cleaned on new registrations
+- Federation: auto-reconnect with 3s backoff (no amplification)
+
+### Session Recovery
+
+On ratchet decryption failure:
+1. Corrupted session deleted from local DB
+2. Warning shown: "[session reset]"
+3. Next KeyExchange re-establishes the session automatically
+
 ---

 ## Cryptographic Primitives