7b72f7cba5
Tier 1 — New features: - E2E encrypted friend list: server stores opaque blob (POST/GET /v1/friends), protocol-level encrypt/decrypt with HKDF-derived key, 4 tests - Telegram Bot API compatibility: /bot/register, /bot/:token/getUpdates, sendMessage, getMe — TG-style Update objects with proper message mapping - ETH address resolution: GET /v1/resolve/:address (0x.../alias/@.../fp), bidirectional ETH↔fp mapping stored on key registration - Seed recovery: /seed command in TUI + web client - URL deep links: /message/@alias, /message/0xABC, /group/#ops - Group members with online status in GET /groups/:name/members Tier 2 — UX polish: - TUI: /friend, /friend <addr>, /unfriend <addr> with presence checking - Web: friend commands, showGroupMembers() on group join - Web: ETH address in header, clickable addresses (click→peer or copy) - Bot: full WireMessage→TG Update mapping (encrypted base64, CallSignal, FileHeader, bot_message JSON) Documentation: - USAGE.md rewritten: complete user guide with all commands - SERVER.md rewritten: full admin guide with all 50+ endpoints - CLIENT.md rewritten: architecture, commands, keyboard, storage - LLM_HELP.md created: 1083-word token-optimized reference for helper LLM Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Warzone Messenger (featherChat)
End-to-end encrypted messenger with Signal protocol cryptography, voice/video call integration, and server federation.
Features
- E2E Encrypted DMs — X3DH key exchange + Double Ratchet (forward secrecy)
- Group Messaging — Sender Key protocol (O(1) encryption, fan-out delivery)
- File Transfer — Chunked (64KB), SHA-256 verified, ratchet-encrypted
- Voice/Video Calls — WarzonePhone integration (QUIC SFU relay, ChaCha20-Poly1305 media)
- Federation — Two-server relay with HMAC-authenticated presence sync
- TUI Client — Full-featured terminal UI (ratatui, timestamps, scrolling, receipts)
- Web Client — Identical crypto via WASM (wasm-bindgen)
- Ethereum Identity — Same seed derives messaging keypair + Ethereum address (secp256k1)
- BIP39 Seed — 24-word mnemonic for identity backup/recovery
Architecture
Clients (CLI / TUI / Web)
|
| E2E encrypted (ChaCha20-Poly1305)
|
warzone-server (axum + sled)
|
| Federation (HTTP + HMAC)
|
warzone-server (peer)
|
| Call signaling
|
WarzonePhone Relay (QUIC SFU)
See docs/ARCHITECTURE.md for full architecture with Mermaid diagrams.
Quick Start
Build
cd warzone
cargo build --release
Generate Identity
./target/release/warzone-client init
# Outputs: 24-word BIP39 mnemonic + fingerprint
Start Server
./target/release/warzone-server --bind 0.0.0.0:7700
Start TUI
./target/release/warzone-client tui --server http://localhost:7700
Federation (Two Servers)
Create alpha.json:
{
"server_id": "alpha",
"shared_secret": "your-shared-secret",
"peer": { "id": "bravo", "url": "http://server-b:7700" },
"presence_interval_secs": 5
}
# Server A
warzone-server --bind 0.0.0.0:7700 --federation alpha.json
# Server B
warzone-server --bind 0.0.0.0:7700 --federation bravo.json
Messages automatically route across servers.
TUI Commands
| Command | Description |
|---|---|
/peer <fp> or /p @alias |
Set DM peer |
/g <name> |
Switch to group (auto-join) |
/call <fp> |
Initiate call |
/file <path> |
Send file (max 10MB) |
/contacts |
List contacts with message counts |
/history |
Show conversation history |
/devices |
List active device sessions |
/kick <id> |
Revoke a device session |
/help |
Full command list |
Crates
| Crate | Purpose |
|---|---|
warzone-protocol |
Crypto & message types (X3DH, Double Ratchet, Sender Keys) |
warzone-server |
HTTP/WS server with sled DB, federation, call state |
warzone-client |
CLI + TUI client |
warzone-wasm |
WASM bridge for web client |
warzone-mule |
Physical message delivery (planned) |
Cryptographic Stack
| Primitive | Purpose |
|---|---|
| Ed25519 | Identity signing |
| X25519 | Diffie-Hellman key exchange |
| ChaCha20-Poly1305 | AEAD encryption |
| HKDF-SHA256 | Key derivation |
| Argon2id | Seed encryption at rest |
| secp256k1 | Ethereum-compatible identity |
Security
- Auth enforcement on all write routes (bearer token middleware)
- Session auto-recovery on ratchet corruption
- Per-fingerprint WS connection cap (5 devices)
- Global request concurrency limit (200)
- Device management (list, kick, revoke-all panic button)
- Federation auth: SHA-256(secret || body) on every inter-server request
See docs/SECURITY.md for the full threat model.
Test Suite
72 tests across protocol + client crates (all passing):
- 28 protocol tests (X3DH, Double Ratchet, Sender Keys, crypto, identity)
- 44 TUI tests (rendering, keyboard input, scrolling, state management)
cargo test --workspace
WarzonePhone Integration
All 9 WZP-side integration tasks are complete:
- Shared identity (HKDF alignment, 15 cross-project tests)
- Relay auth (featherChat bearer token validation)
- Signaling bridge (CallSignal through E2E encrypted WS)
- Room access control (hashed room names, ACL)
- Mandatory crypto handshake on all paths
Documentation
| Document | Content |
|---|---|
| ARCHITECTURE.md | Full system architecture with Mermaid diagrams |
| TASK_PLAN.md | Phase-by-phase task plan (FC-P1 through P6) |
| PROGRESS.md | Version history and feature timeline |
| PROTOCOL.md | Wire protocol specification |
| SECURITY.md | Threat model and security analysis |
| FUTURE_TASKS.md | Backlog with questions-before-starting |
License
MIT