Audit: - docs/AUDIT-2026-05-25.md: full protocol audit covering 8 findings (4 critical, 2 high, 5 medium, 4 low) with code references and fix effort estimates - vault/Audit/Tasks.md: Obsidian Tasks plugin file tracking all audit items with priorities, due dates, and per-step checklists Architecture docs updated for Wire format v2 and Wave 5/6 features: - ARCHITECTURE.md: adds wzp-video to dependency graph and project structure; wire format updated to v2 (16B header, 5B MiniHeader); relay concurrency section corrected (DashMap+RwLock is current, not a future optimization); test count 571→702; Android note - PROGRESS.md: Wave 5 and Wave 6 sections appended; test count 372→702; current status and open blockers as of 2026-05-25 - ROAD-TO-VIDEO.md: implementation status table inserted (✅/🟡/🔴/🔲 per phase); 6-step critical path to first video call - WZP-SPEC.md: MediaHeader updated to v2 (16B byte-aligned); MiniHeader updated to 5B with seq_delta; codec IDs 9-12 added (H.264/H.265/AV1); version negotiation section added Obsidian vault (vault/): - 114 files across Architecture/, PRDs/, Reports/, Android/, Reference/, Audit/ with YAML frontmatter - 00 - Home.md index note with wiki links - .obsidian/app.json config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
68 lines
2.6 KiB
Markdown
68 lines
2.6 KiB
Markdown
---
|
|
tags: [reference, wzp]
|
|
type: reference
|
|
---
|
|
|
|
# FeatherChat: Voice/Video Calling Integration with Warzone Messenger
|
|
|
|
## Overview
|
|
|
|
Voice/video calling system designed to integrate with the existing E2E encrypted Warzone messenger. Reuses the same identity, addressing, and key exchange infrastructure.
|
|
|
|
## Identity Model (reuse, not duplicate)
|
|
|
|
- **Identity**: 32-byte seed derives both keypairs via HKDF:
|
|
- Ed25519 (signing)
|
|
- X25519 (encryption)
|
|
- **Fingerprint**: `SHA-256(Ed25519 public key)[:16]`, displayed as `xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx`
|
|
- **Backup**: BIP39 mnemonic (24 words) for seed recovery
|
|
- **Storage**: Seed encrypted at rest with Argon2id + ChaCha20-Poly1305
|
|
- **Future**: Ethereum address as fingerprint (secp256k1 derived from same BIP39 seed)
|
|
|
|
## Addressing (reuse)
|
|
|
|
| Method | Format | Resolution |
|
|
|--------|--------|------------|
|
|
| Local alias | `@manwe` | Server resolves to fingerprint |
|
|
| Federated | `@manwe.b1.example.com` | DNS TXT record → fingerprint + server endpoint |
|
|
| ENS | `@manwe.eth` | Ethereum address → fingerprint (Phase 2-3) |
|
|
| Raw fingerprint | `xxxx:xxxx:...` | Direct lookup (always works as fallback) |
|
|
|
|
## Key Exchange (can extend)
|
|
|
|
- **X3DH** for session establishment:
|
|
- Ed25519 identity key
|
|
- X25519 ephemeral key
|
|
- Signed pre-keys
|
|
- **Double Ratchet** for forward secrecy on data channels
|
|
- **Pre-key bundles** stored on server, fetched by callers
|
|
|
|
## Server Infrastructure
|
|
|
|
- **Stack**: Rust (axum), sled DB, WebSocket for real-time
|
|
- **Trust model**: Server is untrusted relay — never sees plaintext
|
|
- **Groups**: Named, auto-created, per-member encryption
|
|
- **Federation**: Via DNS TXT records (Phase 3)
|
|
|
|
## Calling System Requirements
|
|
|
|
1. **Signaling**: Reuse existing WebSocket connection and identity
|
|
2. **Key derivation**: SRTP/DTLS keys derived from existing X3DH shared secret (or new ephemeral exchange per call)
|
|
3. **Call initiation**: `WireMessage::CallOffer`, `CallAnswer`, `CallIceCandidate` variants
|
|
4. **NAT traversal**: STUN/TURN server integration
|
|
5. **Group calls**: SFU (Selective Forwarding Unit) vs mesh topology for up to 50 users
|
|
6. **Codecs**: Opus for audio, VP8/VP9/AV1 for video
|
|
7. **E2E media encryption**: Insertable streams API (WebRTC) or custom SRTP
|
|
8. **Unified addressing**: A user calls `@manwe` the same way they message `@manwe`
|
|
|
|
## Degradation Strategy
|
|
|
|
Calls should degrade gracefully under unreliable/warzone network conditions:
|
|
|
|
```
|
|
Video (full) → Video (low res) → Audio (high quality) → Audio (low bitrate)
|
|
```
|
|
|
|
- Support opportunistic cooperation
|
|
- Fall back to TURN/TCP through the existing WebSocket when UDP is blocked
|