wz-phone/docs/INTEGRATION_TASKS.md

WZP Integration Tasks

Based on featherChat commit 65f6390 — FUTURE_TASKS.md with WZP integration items.

Status Key

• DONE = implemented and tested
• PARTIAL = code exists but not wired into live path
• TODO = not started

---

WZP-Side Tasks (our responsibility)

WZP-S-1. HKDF Salt/Info String Alignment — DONE

• HKDF info strings aligned: warzone-ed25519 / warzone-x25519
• Salt: both use None (featherChat converts b"" → None). No mismatch.
• Commit: ac3b997

WZP-S-2. Accept featherChat Bearer Token on Relay — TODO (HIGH)

• Add --auth-url flag to wzp-relay (e.g., --auth-url https://chat.example.com/v1/auth/validate)
• On new QUIC connection: expect first signaling message to contain a bearer token
• Relay calls featherChat's /v1/auth/validate to verify
• Reject connection if token invalid
• Files: wzp-relay/src/main.rs, new wzp-relay/src/auth.rs

WZP-S-3. Signaling Bridge Mode — TODO (HIGH)

• Client should be able to send/receive SignalMessage through featherChat's WebSocket
• New WireMessage::CallSignal variant wraps opaque JSON SignalMessage
• Client connects to featherChat WS, sends CallOffer, receives CallAnswer
• Then uses the relay address from the answer to connect QUIC for media
• Files: new wzp-client/src/featherchat.rs

WZP-S-4. Room Access Control — TODO (MEDIUM)

• Relay should verify room membership before allowing join
• Room name should be opaque hash (not human-readable group name)
• room_id = SHA-256("featherchat-group:" + group_name)[:16]
• Files: wzp-relay/src/room.rs

WZP-S-5. Wire Crypto Handshake into Live Path — PARTIAL

• handshake.rs exists in both client and relay
• Not used in CLI live mode, file mode, or web bridge
• Need to make handshake mandatory before media flows
• Files: wzp-client/src/cli.rs, wzp-web/src/main.rs

WZP-S-6. Web Bridge + featherChat Web Client — TODO (MEDIUM)

• featherChat has a WASM web client (warzone-wasm crate)
• Web bridge should accept featherChat session tokens
• Share authentication with featherChat web login
• Files: wzp-web/src/main.rs

WZP-S-7. Publish wzp-proto for featherChat — TODO (LOW)

• featherChat needs wzp_proto::SignalMessage type for CallSignal variant
• Option A: publish wzp-proto to private registry
• Option B: featherChat uses JSON schema, WZP serializes to JSON
• Option C: git submodule / path dependency

WZP-S-8. CLI Seed Input — TODO (LOW)

• Add --seed <hex> or --mnemonic <words> flag to wzp-client
• Derive identity from seed, use for handshake
• Files: wzp-client/src/cli.rs

WZP-S-9. Fix Hardcoded Assumptions — TODO

1. No auth on relay — fix via WZP-S-2
2. Room names from SNI visible to network — fix via WZP-S-4 (use hashed names)
3. No signaling before media — fix via WZP-S-5
4. Self-signed TLS — acceptable for relay-to-relay; need real certs for web
5. No codec negotiation in web bridge — fix: add profile exchange in WS
6. No connection to featherChat key registry — fix via WZP-S-2/S-3

---

featherChat-Side Tasks (their responsibility, we support)

WZP-FC-1. Add CallSignal WireMessage variant — 2-4h

WZP-FC-2. Call state management + sled tree — 1-2d

WZP-FC-3. WS handler for call signaling — 0.5d

WZP-FC-4. Auth token validation endpoint — 2-4h

WZP-FC-5. Group-to-room mapping — 1d

WZP-FC-6. Presence/online status API — 0.5-2d

WZP-FC-7. Missed call notifications — 0.5d

WZP-FC-8. Cross-project identity verification test — 2-4h (CRITICAL)

WZP-FC-9. HKDF salt investigation — VERIFIED: no mismatch

WZP-FC-10. Web bridge shared auth — 1-2d

---

Integration Priority Order

1. WZP-FC-8 + WZP-S-1 — Cross-project identity test (DONE on WZP side)
2. WZP-S-8 — CLI seed input (enables identity testing)
3. WZP-FC-1 — CallSignal WireMessage (featherChat side)
4. WZP-S-3 — Signaling bridge in client
5. WZP-FC-4 + WZP-S-2 — Auth tokens (both sides)
6. WZP-S-5 — Wire handshake into live path
7. WZP-FC-5 + WZP-S-4 — Group-to-room mapping + access control
8. WZP-FC-2/3 — Call state management
9. WZP-S-6 + WZP-FC-10 — Web integration