featherChat

manawenuz/featherChat

Fork 0

Commit Graph

Author	SHA1	Message	Date
Siavash Sameni	dbf5d136cf	fix: WASM double-X3DH bug, federated aliases, deploy tooling WASM fix (critical): - encrypt_key_exchange_with_id was calling x3dh::initiate a second time, generating a new ephemeral key that didn't match the ratchet — receiver always failed to decrypt. Now stores X3DH result from initiate() and reuses it. Added 2 protocol tests confirming the fix + the bug. - Bumped service worker cache to wz-v2 to force browsers to re-fetch. - Disabled wasm-opt for Hetzner builds (libc compat issue). Federation — alias support: - resolve_alias falls back to federation peer if not found locally - register_alias checks peer server before allowing — globally unique aliases - Added resolve_remote_alias() and is_alias_taken_remote() to FederationHandle Federation — key proxy fix: - Remote bundles no longer cached locally (stale cache caused decrypt failures) - Local vs remote determined by device: prefix in keys DB Client fixes: - Self-messaging blocked ("Cannot send messages to yourself") - /peer <self> blocked - last_dm_peer never set to self - /r <message> sends reply inline (switches peer + sends in one command) Deploy tooling: - scripts/build-linux.sh with --ship (build + deploy + destroy) - --update-all, --status, --logs commands - WASM rebuilt on Hetzner VM before server binary - deploy/ directory: systemd service, federation configs, setup script - Journald log cap (50MB, 7-day retention) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 22:59:19 +04:00
Siavash Sameni	f8eaf30bb4	refactor: federation uses persistent WS instead of HTTP polling - Server-to-server communication via WebSocket at /v1/federation/ws - Auth as first WS frame (shared secret), presence + forwards over same connection - Auto-reconnect every 3s on disconnect, instant presence push on connect - Replaces HTTP REST polling (no more 5s intervals, lower latency) - Removed dead HMAC helpers (auth is now direct secret comparison over WS) - Simplified ARCHITECTURE.md mermaid diagrams for Gitea rendering Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 16:56:13 +04:00
Siavash Sameni	3e0889e5dc	v0.0.21: TUI overhaul, WZP call infrastructure, security hardening, federation TUI: - Split 1,756-line app.rs monolith into 7 modules (types, draw, commands, input, file_transfer, network, mod) - Message timestamps [HH:MM], scrolling (PageUp/Down/arrows), connection status dot, unread badge - /help command, terminal bell on incoming DM, /devices + /kick commands - 44 unit tests (types, input, draw with TestBackend) Server — WZP Call Infrastructure (FC-2/3/5/6/7/10): - Call state management (CallState, CallStatus, active_calls, calls + missed_calls sled trees) - WS call signal awareness (Offer/Answer/Hangup update state, missed call on offline) - Group call endpoint (POST /groups/:name/call with SHA-256 room ID, fan-out) - Presence API (GET /presence/:fp, POST /presence/batch) - Missed call flush on WS reconnect - WZP relay config + CORS Server — Security (FC-P1): - Auth enforcement middleware (AuthFingerprint extractor on 13 write handlers) - Session auto-recovery (delete corrupted ratchet, show [session reset]) - WS connection cap (5/fingerprint) + global concurrency limit (200) - Device management (GET /devices, POST /devices/:id/kick, POST /devices/revoke-all) Server — Federation: - Two-server federation via JSON config (--federation flag) - Periodic presence sync (every 5s, full-state, self-healing) - Message forwarding via HTTP POST with SHA-256(secret\|\|body) auth - Graceful degradation (peer down = queue locally) - deliver_or_queue() replaces push-or-queue in ws.rs + messages.rs Client — Group Messaging: - SenderKeyDistribution storage + GroupSenderKey decryption in TUI - sender_keys sled tree in LocalDb WASM: - All 8 WireMessage variants handled (no more "unsupported") - decrypt_group_message() + create_sender_key_from_distribution() exports - CallSignal parsing with signal_type mapping Docs: - ARCHITECTURE.md rewritten with Mermaid diagrams - README.md created - TASK_PLAN.md with FC-P{phase}-T{task} naming - PROGRESS.md updated to v0.0.21 WZP submodule updated to 6f4e8eb (IAX2 trunking, adaptive quality, metrics, all S-tasks done) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 16:45:58 +04:00

Author

SHA1

Message

Date

Siavash Sameni

dbf5d136cf

fix: WASM double-X3DH bug, federated aliases, deploy tooling

WASM fix (critical):
- encrypt_key_exchange_with_id was calling x3dh::initiate a second time,
  generating a new ephemeral key that didn't match the ratchet — receiver
  always failed to decrypt. Now stores X3DH result from initiate() and
  reuses it. Added 2 protocol tests confirming the fix + the bug.
- Bumped service worker cache to wz-v2 to force browsers to re-fetch.
- Disabled wasm-opt for Hetzner builds (libc compat issue).

Federation — alias support:
- resolve_alias falls back to federation peer if not found locally
- register_alias checks peer server before allowing — globally unique aliases
- Added resolve_remote_alias() and is_alias_taken_remote() to FederationHandle

Federation — key proxy fix:
- Remote bundles no longer cached locally (stale cache caused decrypt failures)
- Local vs remote determined by device: prefix in keys DB

Client fixes:
- Self-messaging blocked ("Cannot send messages to yourself")
- /peer <self> blocked
- last_dm_peer never set to self
- /r <message> sends reply inline (switches peer + sends in one command)

Deploy tooling:
- scripts/build-linux.sh with --ship (build + deploy + destroy)
- --update-all, --status, --logs commands
- WASM rebuilt on Hetzner VM before server binary
- deploy/ directory: systemd service, federation configs, setup script
- Journald log cap (50MB, 7-day retention)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 22:59:19 +04:00

Siavash Sameni

f8eaf30bb4

refactor: federation uses persistent WS instead of HTTP polling

- Server-to-server communication via WebSocket at /v1/federation/ws
- Auth as first WS frame (shared secret), presence + forwards over same connection
- Auto-reconnect every 3s on disconnect, instant presence push on connect
- Replaces HTTP REST polling (no more 5s intervals, lower latency)
- Removed dead HMAC helpers (auth is now direct secret comparison over WS)
- Simplified ARCHITECTURE.md mermaid diagrams for Gitea rendering

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 16:56:13 +04:00

Siavash Sameni

3e0889e5dc

v0.0.21: TUI overhaul, WZP call infrastructure, security hardening, federation

TUI:
- Split 1,756-line app.rs monolith into 7 modules (types, draw, commands, input, file_transfer, network, mod)
- Message timestamps [HH:MM], scrolling (PageUp/Down/arrows), connection status dot, unread badge
- /help command, terminal bell on incoming DM, /devices + /kick commands
- 44 unit tests (types, input, draw with TestBackend)

Server — WZP Call Infrastructure (FC-2/3/5/6/7/10):
- Call state management (CallState, CallStatus, active_calls, calls + missed_calls sled trees)
- WS call signal awareness (Offer/Answer/Hangup update state, missed call on offline)
- Group call endpoint (POST /groups/:name/call with SHA-256 room ID, fan-out)
- Presence API (GET /presence/:fp, POST /presence/batch)
- Missed call flush on WS reconnect
- WZP relay config + CORS

Server — Security (FC-P1):
- Auth enforcement middleware (AuthFingerprint extractor on 13 write handlers)
- Session auto-recovery (delete corrupted ratchet, show [session reset])
- WS connection cap (5/fingerprint) + global concurrency limit (200)
- Device management (GET /devices, POST /devices/:id/kick, POST /devices/revoke-all)

Server — Federation:
- Two-server federation via JSON config (--federation flag)
- Periodic presence sync (every 5s, full-state, self-healing)
- Message forwarding via HTTP POST with SHA-256(secret||body) auth
- Graceful degradation (peer down = queue locally)
- deliver_or_queue() replaces push-or-queue in ws.rs + messages.rs

Client — Group Messaging:
- SenderKeyDistribution storage + GroupSenderKey decryption in TUI
- sender_keys sled tree in LocalDb

WASM:
- All 8 WireMessage variants handled (no more "unsupported")
- decrypt_group_message() + create_sender_key_from_distribution() exports
- CallSignal parsing with signal_type mapping

Docs:
- ARCHITECTURE.md rewritten with Mermaid diagrams
- README.md created
- TASK_PLAN.md with FC-P{phase}-T{task} naming
- PROGRESS.md updated to v0.0.21

WZP submodule updated to 6f4e8eb (IAX2 trunking, adaptive quality, metrics, all S-tasks done)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 16:45:58 +04:00

3 Commits