Audit: - docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings (4 critical, 2 high, 5 medium, 4 low) with code references and fix effort estimates - vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit items with priorities, due dates, and per-step checklists Architecture docs updated for Wire format v2 and Wave 5/6 features: - ARCHITECTURE.md: adds wzp-video to dependency graph and project structure; wire format updated to v2 (16B header, 5B MiniHeader); relay concurrency section corrected (DashMap+RwLock is current, not a future optimization); test count 571→702; Android note - PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702; current status and open blockers as of 2026-05-25 - ROAD-TO-VIDEO.md: implementation status table inserted (✅/🟡/🔴/🔲 per phase); 6-step critical path to first video call - WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1); version negotiation section added Obsidian vault (vault/): - 114 files across Architecture/, PRDs/, Reports/, Android/, Reference/, Audit/ with YAML frontmatter - 00 - Home.md index note with wiki links - .obsidian/app.json config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2.6 KiB
2.6 KiB
tags, type
| tags | type | ||
|---|---|---|---|
|
reference |
FeatherChat: Voice/Video Calling Integration with Warzone Messenger
Overview
Voice/video calling system designed to integrate with the existing E2E encrypted Warzone messenger. Reuses the same identity, addressing, and key exchange infrastructure.
Identity Model (reuse, not duplicate)
- Identity: 32-byte seed derives both keypairs via HKDF:
- Ed25519 (signing)
- X25519 (encryption)
- Fingerprint:
SHA-256(Ed25519 public key)[:16], displayed asxxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx - Backup: BIP39 mnemonic (24 words) for seed recovery
- Storage: Seed encrypted at rest with Argon2id + ChaCha20-Poly1305
- Future: Ethereum address as fingerprint (secp256k1 derived from same BIP39 seed)
Addressing (reuse)
| Method | Format | Resolution |
|---|---|---|
| Local alias | @manwe |
Server resolves to fingerprint |
| Federated | @manwe.b1.example.com |
DNS TXT record → fingerprint + server endpoint |
| ENS | @manwe.eth |
Ethereum address → fingerprint (Phase 2-3) |
| Raw fingerprint | xxxx:xxxx:... |
Direct lookup (always works as fallback) |
Key Exchange (can extend)
- X3DH for session establishment:
- Ed25519 identity key
- X25519 ephemeral key
- Signed pre-keys
- Double Ratchet for forward secrecy on data channels
- Pre-key bundles stored on server, fetched by callers
Server Infrastructure
- Stack: Rust (axum), sled DB, WebSocket for real-time
- Trust model: Server is untrusted relay — never sees plaintext
- Groups: Named, auto-created, per-member encryption
- Federation: Via DNS TXT records (Phase 3)
Calling System Requirements
- Signaling: Reuse existing WebSocket connection and identity
- Key derivation: SRTP/DTLS keys derived from existing X3DH shared secret (or new ephemeral exchange per call)
- Call initiation:
WireMessage::CallOffer,CallAnswer,CallIceCandidatevariants - NAT traversal: STUN/TURN server integration
- Group calls: SFU (Selective Forwarding Unit) vs mesh topology for up to 50 users
- Codecs: Opus for audio, VP8/VP9/AV1 for video
- E2E media encryption: Insertable streams API (WebRTC) or custom SRTP
- Unified addressing: A user calls
@manwethe same way they message@manwe
Degradation Strategy
Calls should degrade gracefully under unreliable/warzone network conditions:
Video (full) → Video (low res) → Audio (high quality) → Audio (low bitrate)
- Support opportunistic cooperation
- Fall back to TURN/TCP through the existing WebSocket when UDP is blocked