# Backlog Operational request tracker. Every user request is captured here before coding begins. **Flow**: `requested` -> `planned` -> `in_progress` -> `done` -> promoted to CHANGELOG.md **CLI**: `python3 scripts/docs/backlog_ops.py ` | Command | Description | |---------|-------------| | `add "Title" --category ` | Create new item (status: requested) | | `plan SR-ID` | Plan item (status: planned) | | `start SR-ID` | Begin work (status: in_progress) | | `done SR-ID` | Mark complete (status: done) | | `promote` | Move done items to CHANGELOG (status: promoted) | | `cancel SR-ID --reason "..."` | Cancel item | | `list [--status S] [--category C]` | List items with optional filters | | `check` | Advisory: is there an active item? | | `validate` | Structural integrity check | **Categories**: `feature`, `fix`, `refactor`, `docs`, `test`, `infra`, `security`, `performance`, `ux` --- ## Active ### SR-2026-06-04-004 - **Title**: Follow-up: migrate raw secret types to secrecy::Secret wrappers (positive-security redaction+zeroize) + audit transient kdf locals - **Status**: `requested` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-04 05:16 GMT ### SR-2026-06-01-015 - **Title**: Android: background message service + minimal-permissions policy (media/camera on-demand only) - **Status**: `requested` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:26 GMT ### SR-2026-05-30-011 - **Title**: Background delivery + wake: Android remoteMessaging FGS over Tor (push-free, opt-in Always-On) + Battery-Saver pull default with jitter/cover; iOS oblivious APNs relay+NSE (opt-in, off for high-threat); direct-first + mailbox-fallback + strict-direct-only toggle; self-hostable mailbox/relay - **Status**: `requested` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-05-30 18:44 GMT ### SR-2026-05-30-010 - **Title**: Hardening: SQLCipher PRAGMAs (kdf_iter>600k, secure_delete, trusted_schema=OFF) + migration tests; hybrid-KEM binding (transcript+pubkeys+ciphertext); central AEAD nonce mgmt; anti-replay; jitter+cover-traffic polling; gating SAS + first-launch boundary screen - **Status**: `in_progress` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-05-30 17:44 GMT ### SR-2026-05-30-009 - **Title**: Tauri desktop hardening (text-only render, strict CSP, deny-by-default IPC, no SVG/remote) + red-team XSS->IPC->key-exfil; evaluate Slint native fallback at M4 - **Status**: `requested` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-05-30 17:44 GMT ### SR-2026-05-30-007 - **Title**: Test + build infra: KAT/Wycheproof vectors, proptest, cargo-fuzz, miri/loom, chutney+arti Tor tests, metadata-leak asserts, Nix reproducible build, CI matrix — docs/TEST_PLAN.md - **Status**: `in_progress` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-05-30 17:32 GMT ### SR-2026-05-30-006 - **Title**: v1 app UI (Chats/Conversation/Invite/Verify/Safety/Settings; trust-first, advisory, honest delivery states) — docs/UI_DESIGN.md - **Status**: `requested` - **Type**: `afk` - **Category**: `ux` - **Priority**: `normal` - **Requested**: 2026-05-30 17:32 GMT ## Done (Pending Promotion) ### SR-2026-06-06-016 - **Title**: Fix: warm-at-launch bootstrapped Tor WITHOUT the bridge and cached it (bridge configured later via invite was ignored → onion always failed on blocked networks). Only warm once a bridge is configured. - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 07:42 GMT - **Completed**: 2026-06-06 07:42 GMT ### SR-2026-06-06-015 - **Title**: Tor onion connect: retry the (flaky) hidden-service circuit up to 6x instead of failing on first attempt; + temporary pvtcoms-tor.log debug logging - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 07:30 GMT - **Completed**: 2026-06-06 07:30 GMT ### SR-2026-06-06-014 - **Title**: Tor bridge support: defeat IP-based Tor blocking via a private bridge on the relay VPS; bridge line carried in the relay config/invite so family clients auto-use it (proven end-to-end on the blocked network) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-06 07:00 GMT - **Completed**: 2026-06-06 07:02 GMT ### SR-2026-06-06-013 - **Title**: Fix: remove-contact reported success even when the persist failed (UI lied); now reports the real result + reason - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 06:08 GMT - **Completed**: 2026-06-06 06:08 GMT ### SR-2026-06-06-012 - **Title**: Windows: don't open duplicate UI windows (tray liveness + debounce); robust Edge app-window detection (registry) so it stays chromeless instead of falling back to the default browser showing 127.0.0.1 - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 05:33 GMT - **Completed**: 2026-06-06 05:33 GMT ### SR-2026-06-06-011 - **Title**: Windows tray UX: double-click reopens (no menu on left-click), right-click = menu; UI window self-closes when the app is quit - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 05:22 GMT - **Completed**: 2026-06-06 05:22 GMT ### SR-2026-06-06-010 - **Title**: GUI/UX: warm Tor at launch + clearer 'connecting over Tor' wait message (reduce first-add latency feel) - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 05:17 GMT - **Completed**: 2026-06-06 05:17 GMT ### SR-2026-06-06-009 - **Title**: Relay-in-invite: invites embed the relay config so one paste auto-configures the relay AND adds the contact (SimpleX-style); answers easy/secure relay onboarding + rotation - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-06 05:05 GMT - **Completed**: 2026-06-06 05:05 GMT ### SR-2026-06-06-008 - **Title**: Release pipeline: link the download site to VERSION — build-windows-release.sh publishes version.json (+ page renders from it) so the website version can't drift - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 04:51 GMT - **Completed**: 2026-06-06 04:51 GMT ### SR-2026-06-06-007 - **Title**: GUI: invite paste field visibly strips whitespace (not just on send) - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 04:48 GMT - **Completed**: 2026-06-06 04:48 GMT ### SR-2026-06-06-006 - **Title**: GUI: configure the relay in-app (Settings paste of pvtcoms.conf) — no manual file placement; live re-read, no restart - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-06 04:43 GMT - **Completed**: 2026-06-06 04:43 GMT ### SR-2026-06-06-005 - **Title**: GUI: invite paste tolerates whitespace/line-wraps + a real Check-for-updates (central manifest, manual, no auto-replace) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-06 04:11 GMT - **Completed**: 2026-06-06 04:12 GMT ### SR-2026-06-02-002 - **Title**: Crisp Mint light theme (replace near-black Forest+Lime per user) - **Status**: `done` - **Type**: `afk` - **Category**: `ux` - **Priority**: `normal` - **Requested**: 2026-06-02 05:38 GMT - **Completed**: 2026-06-06 02:03 GMT ### SR-2026-06-05-008 - **Title**: Config-free reproducible release binary: stop baking the gated-relay config into the exe; ship a sidecar config (or runtime entry) so the PUBLISHED binary itself is byte-reproducible by any third party (today only members with the access key can reproduce the exact published hash). Runtime already reads PVTCOMS_RELAY/_KEY from env. - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 19:39 GMT - **Completed**: 2026-06-06 02:02 GMT ### SR-2026-06-05-001 - **Title**: Cover-deposit traffic: emit dummy relay deposits on a randomized schedule to mask SENDER activity timing (jittered polling already protects receiver cadence via core::cover) - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 03:32 GMT - **Completed**: 2026-06-06 01:57 GMT ### SR-2026-06-06-004 - **Title**: cargo-mutants on relay.rs (oblivious-relay policy engine: freshness/capability/PoW/replay gates, storage caps, deposit/pull/peek codec, export/import — the networked attack surface) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-06 01:14 GMT - **Completed**: 2026-06-06 01:38 GMT ### SR-2026-06-06-003 - **Title**: cargo-mutants on outbox.rs (store-and-forward outbox: retry/ack/expiry state machine + wire codec) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-06 00:24 GMT - **Completed**: 2026-06-06 01:14 GMT ### SR-2026-06-06-002 - **Title**: cargo-mutants on media.rs (chunked media manifest/transfer — untrusted manifest parser + chunk keying) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-06 00:24 GMT - **Completed**: 2026-06-06 01:14 GMT ### SR-2026-06-06-001 - **Title**: cargo-mutants on the remaining thin core modules (identity, pqkem, mailbox, store, keystore, cover, pad, kat, pow) — close the last parser/diagnostic test gaps; six already 0-surviving - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-06 00:03 GMT - **Completed**: 2026-06-06 00:24 GMT ### SR-2026-06-05-015 - **Title**: cargo-mutants on directory.rs (signed + per-contact-sealed + blinded directory records: connect-by-identity, dir token/key separation) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 23:27 GMT - **Completed**: 2026-06-06 00:02 GMT ### SR-2026-06-05-014 - **Title**: cargo-mutants on invite.rs (async onboarding: signed one-time prekey, X3DH-style friend request/accept, SAS derivation) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 23:12 GMT - **Completed**: 2026-06-05 23:26 GMT ### SR-2026-06-05-013 - **Title**: cargo-mutants on prekey.rs (one-time prekey bundles: X3DH-style signed prekeys, X25519+ML-KEM private halves, serialization) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 23:01 GMT - **Completed**: 2026-06-05 23:12 GMT ### SR-2026-06-05-012 - **Title**: cargo-mutants on offline.rs (offline envelope: R-derived AEAD, token derivations, mix-header — densest relay metadata surface) - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 22:38 GMT - **Completed**: 2026-06-05 23:00 GMT ### SR-2026-06-05-011 - **Title**: cargo-mutants on sendchain.rs (offline send-chain crypto: forward secrecy + replay + synthetic nonces): same KDF pattern that revealed the ratchet nonce-reuse blind spot — find + close test gaps in the offline message crypto - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 22:18 GMT - **Completed**: 2026-06-05 22:38 GMT ### SR-2026-06-05-010 - **Title**: cargo-mutants on the crypto protocol core (handshake + ratchet): mutation-test the hybrid X25519+ML-KEM key agreement and the Double Ratchet to find + close test-coverage gaps in the most audit-critical code - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-05 19:43 GMT - **Completed**: 2026-06-05 20:18 GMT ### SR-2026-06-05-009 - **Title**: Reproducible-build honesty: publish the secret-free build recipe (gitignore exception) + make it tolerate missing secrets (config-free build) + document the two verified reproduction modes; the reproducibility claim was unachievable as stated - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 19:40 GMT - **Completed**: 2026-06-05 19:40 GMT ### SR-2026-06-04-002 - **Title**: cargo-mutants mutation testing: kill surviving mutants on wire/contacts/rotation/crypto parsers, document 3 equivalents, scheduled CI job - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-04 02:53 GMT - **Completed**: 2026-06-04 02:53 GMT ### SR-2026-06-04-001 - **Title**: loom concurrency model-checking: extract per-contact lock registry into pvtcoms-concurrency, verify interning under all interleavings - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-04 01:44 GMT - **Completed**: 2026-06-04 01:44 GMT ### SR-2026-06-03-006 - **Title**: Test infra: Wycheproof vectors + cargo-fuzz harness for untrusted parsers; strict Ed25519 verification - **Status**: `done` - **Type**: `afk` - **Category**: `test` - **Priority**: `normal` - **Requested**: 2026-06-03 20:06 GMT - **Completed**: 2026-06-03 20:06 GMT ### SR-2026-06-03-005 - **Title**: Security audit-scope package: scope, crypto spec, claims/limitations, prior-findings log, local testbed, SBOM, data-flow diagram - **Status**: `done` - **Type**: `afk` - **Category**: `docs` - **Priority**: `normal` - **Requested**: 2026-06-03 19:46 GMT - **Completed**: 2026-06-03 19:46 GMT ### SR-2026-06-03-004 - **Title**: Native-app foundation: UniFFI bindings crate (pvtcoms-ffi) — typed Kotlin/Swift surface over the core (opaque Identity, seal/open, safety number, verify) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-03 19:32 GMT - **Completed**: 2026-06-03 19:32 GMT ### SR-2026-06-03-003 - **Title**: macOS Keychain + Linux Secret Service keystore (keyring crate) for the at-rest key; data-safe migration + keyring-unavailable fallback - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-03 19:12 GMT - **Completed**: 2026-06-03 19:12 GMT ### SR-2026-05-30-008 - **Title**: CI security gates: cargo-audit + cargo-deny + osv-scanner + Trivy/Grype on artifacts; verify SQLite>=3.50.2, OpenSSL>=3.5.5, curve25519-dalek>=4.1.3, rustls-webpki>=0.103.10; daily cron, break on High/Critical - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-05-30 17:44 GMT - **Completed**: 2026-06-03 16:45 GMT ### SR-2026-06-03-002 - **Title**: SQLCipher message history (page-encrypted, indexed) — fixes O(N^2) whole-file rewrite; data-safe migration; ADR-010 - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-03 03:49 GMT - **Completed**: 2026-06-03 03:49 GMT ### SR-2026-06-03-001 - **Title**: Windows DPAPI keystore: OS-protect the at-rest key (per-user), data-safe migration from the legacy dev key - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-03 02:54 GMT - **Completed**: 2026-06-03 02:54 GMT ### SR-2026-06-02-008 - **Title**: Message actions (copy + delete-for-me) + window centering/remember + back-button UX + hardening (atomic writes, CSRF guard) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 22:39 GMT - **Completed**: 2026-06-02 22:39 GMT ### SR-2026-06-02-007 - **Title**: App version display + Windows system-tray background shell + privacy-first desktop notifications & unread badges - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 21:48 GMT - **Completed**: 2026-06-02 21:48 GMT ### SR-2026-06-02-006 - **Title**: Message search: find chats by name + messages by content across all conversations - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 21:28 GMT - **Completed**: 2026-06-02 21:28 GMT ### SR-2026-05-30-005 - **Title**: Invite sharing + QR feature (3 transports, fragment-held secret, single-use+TTL, App Links, SAS) — spec docs/specs/invite-sharing.md - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-05-30 17:32 GMT - **Completed**: 2026-06-02 21:17 GMT ### SR-2026-06-02-005 - **Title**: Disappearing messages: per-contact local auto-delete timer (+media) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 16:11 GMT - **Completed**: 2026-06-02 16:19 GMT ### SR-2026-06-02-004 - **Title**: GUI contact-details screen (security ID, verify, remove contact + data) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 07:44 GMT - **Completed**: 2026-06-02 07:48 GMT ### SR-2026-06-02-003 - **Title**: GUI verify/safety-number screen (compare emoji, mark verified) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 07:10 GMT - **Completed**: 2026-06-02 07:31 GMT ### SR-2026-06-01-014 - **Title**: Windows/desktop: system-tray app (minimize-to-tray on close, quit from tray) via Tauri shell - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:26 GMT - **Completed**: 2026-06-02 06:15 GMT ### SR-2026-06-02-001 - **Title**: Persist live-WS (online) chat messages to the per-contact MessageLog (offline path already persists) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-02 04:17 GMT - **Completed**: 2026-06-02 05:05 GMT ### SR-2026-06-01-013 - **Title**: Offline media: out-of-band encrypted bulk lane + manifest; greyed media bubble + centered retry button - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:16 GMT - **Completed**: 2026-06-01 20:18 GMT ### SR-2026-06-01-012 - **Title**: Offline msg UI: sender outbox + retry, deliver-on-ping, ordering/gap/replay - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:16 GMT - **Completed**: 2026-06-01 20:12 GMT ### SR-2026-06-01-011 - **Title**: Offline msg relay: oblivious prekey publish/replenish + mailbox deposit/poll-release - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:16 GMT - **Completed**: 2026-06-01 19:48 GMT ### SR-2026-06-01-008 - **Title**: Single-instance reopen + centered auto-paste add-friend modal + back-nav fix - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-01 19:12 GMT - **Completed**: 2026-06-01 19:43 GMT ### SR-2026-06-01-016 - **Title**: Lime app icon: embedded .exe icon (windres) + scalable browser favicon - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:36 GMT - **Completed**: 2026-06-01 19:36 GMT ### SR-2026-06-01-010 - **Title**: Offline msg core: one-time hybrid prekey bundles + PCS mix-in (X25519+ML-KEM-768) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:16 GMT - **Completed**: 2026-06-01 19:30 GMT ### SR-2026-06-01-009 - **Title**: Offline msg core: per-contact async state + symmetric send-chain + synthetic nonces - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 19:16 GMT - **Completed**: 2026-06-01 19:23 GMT ### SR-2026-06-01-007 - **Title**: Double-click .exe opens GUI (no-arg launch, no console flash); reproducible Windows release + verify page - **Status**: `done` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-01 19:00 GMT - **Completed**: 2026-06-01 19:00 GMT ### SR-2026-06-01-006 - **Title**: Forest+Lime palette, two-step add-by-code, responsive two-pane, last-message preview - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 18:46 GMT - **Completed**: 2026-06-01 18:48 GMT ### SR-2026-06-01-005 - **Title**: GUI for invite + rotate (browser onboarding/rotation panel) - **Status**: `done` - **Type**: `afk` - **Category**: `ux` - **Priority**: `normal` - **Requested**: 2026-06-01 06:19 GMT - **Completed**: 2026-06-01 06:24 GMT ### SR-2026-06-01-004 - **Title**: Swap ml-kem -> libcrux-ml-kem (formally verified) behind pqkem facade + FIPS-203 KAT vectors - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-01 06:00 GMT - **Completed**: 2026-06-01 06:13 GMT ### SR-2026-06-01-003 - **Title**: Pre-audit hardening: fuzz all untrusted-wire parsers + panic-safety audit - **Status**: `done` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-01 05:47 GMT - **Completed**: 2026-06-01 05:47 GMT ### SR-2026-06-01-002 - **Title**: Identity rotation: signed migration record so contacts follow a key change - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 04:23 GMT - **Completed**: 2026-06-01 05:05 GMT ### SR-2026-06-01-001 - **Title**: Async friend-request/accept: establish R offline via single-use invite (X3DH-style prekey) - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-01 04:12 GMT - **Completed**: 2026-06-01 04:23 GMT ### SR-2026-05-31-002 - **Title**: Directory records: signed, per-contact-encrypted, blinded address records over the relay - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-05-31 18:29 GMT - **Completed**: 2026-06-01 03:31 GMT ### SR-2026-05-31-001 - **Title**: Oblivious relay: VPS hardening bundle + PoW anti-spam + allowlist - **Status**: `done` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-05-31 15:58 GMT - **Completed**: 2026-05-31 18:06 GMT ### SR-2026-05-30-001 - **Title**: Decide project license (AGPL-3.0 vs Apache-2.0/MIT) — gates reuse of Signal AGPL SPQR/RingRTC - **Status**: `done` - **Type**: `afk` - **Category**: `infra` - **Priority**: `normal` - **Requested**: 2026-05-30 17:03 GMT - **Completed**: 2026-05-30 17:20 GMT ### SR-2026-05-30-002 - **Title**: Decide target user / positioning (high-threat activist vs privacy daily-driver) - **Status**: `done` - **Type**: `afk` - **Category**: `docs` - **Priority**: `normal` - **Requested**: 2026-05-30 17:03 GMT - **Completed**: 2026-05-30 17:09 GMT ## Promoted ### SR-2026-06-06-024 - **Title**: Ship lyrebird as separate file in a zip (no embedding) to avoid Wacatac!ml AV false positive; download page explains it - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 18:54 GMT - **Completed**: 2026-06-06 18:54 GMT ### SR-2026-06-06-023 - **Title**: Warm Tor at launch keeps looking (persistent connecting banner with spinner) until connected, no contact needed - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 16:39 GMT - **Completed**: 2026-06-06 16:39 GMT ### SR-2026-06-06-022 - **Title**: Tor banner measures real height (push UI down, no overlap on wrap) + more relay-circuit patience for slow obfs4 link - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 16:26 GMT - **Completed**: 2026-06-06 16:26 GMT ### SR-2026-06-06-021 - **Title**: Config layering: obfs4 bridge must win over stale vanilla (separate user conf + obfs4-preference) + banner pushes UI down - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 15:59 GMT - **Completed**: 2026-06-06 15:59 GMT ### SR-2026-06-06-020 - **Title**: Strip quotes from obfs4 bridge line in shipped sidecar + client reader (packaging fix) - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 14:37 GMT - **Completed**: 2026-06-06 14:37 GMT ### SR-2026-06-06-019 - **Title**: obfs4 pluggable transport: defeat DPI that throttles vanilla bridges on censored networks (embedded lyrebird, arti pt-client) - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 14:29 GMT - **Completed**: 2026-06-06 14:30 GMT ### SR-2026-06-06-018 - **Title**: Clearnet-over-Tor relay path: 3-hop exit circuit to relay:80 (onion fallback) — reliable through a single bridge - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 11:24 GMT - **Completed**: 2026-06-06 11:24 GMT ### SR-2026-06-06-017 - **Title**: Reliable onion via single bridge: serialize HS builds, raise connect/HS timeouts, prime circuit + Tor-status banner, optimistic contact add - **Status**: `promoted` - **Type**: `afk` - **Category**: `fix` - **Priority**: `normal` - **Requested**: 2026-06-06 09:27 GMT - **Completed**: 2026-06-06 09:35 GMT ### SR-2026-06-05-007 - **Title**: Accept-new-identity / re-pin flow: when a contact's key legitimately changes (reinstall/new device), let the user explicitly accept the new key — re-pin + re-establish the pairwise root + reset verified=false — instead of the only recourse being delete-and-re-add (loses history). Pair with the key-change warning (SR-2026-06-05-006) - **Status**: `promoted` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-06-05 06:19 GMT - **Completed**: 2026-06-05 12:12 GMT ### SR-2026-06-05-004 - **Title**: Move relay request/response wire codec (parse_request/encode_request/encode_blobs/decode_blobs) from demo into audited core::relay + add a cargo-fuzz target + adversarial parser tests (the #1 audit surface's untrusted-network parser belongs in core) - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 04:00 GMT - **Completed**: 2026-06-05 04:07 GMT ### SR-2026-06-05-006 - **Title**: GUI silently swallows contact-key-CHANGED (possible MITM) warning + shows false 'verified': surface a prominent danger banner on PinCheck::Changed and use honest pinned/verified wording (addresses #1 weakness: TOFU/MITM detection) - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 06:10 GMT - **Completed**: 2026-06-05 06:23 GMT ### SR-2026-06-05-005 - **Title**: Relay anti-DoS storage bounds: cap per-deposit blob size, per-token entry count, and total stored blobs (fail-closed reject when full) so a flooder can't exhaust the live relay's memory; PoW only rate-limits, it doesn't bound storage - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 04:13 GMT - **Completed**: 2026-06-05 04:24 GMT ### SR-2026-06-05-003 - **Title**: Unified message-length padding: extract bucket-padding into core::pad and apply to the live chat path (offline already pads) so live message ciphertext length doesn't leak size / live-vs-offline isn't size-distinguishable - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 03:44 GMT - **Completed**: 2026-06-05 03:51 GMT ### SR-2026-06-05-002 - **Title**: Jittered mailbox-poll cadence (core::cover): randomize poll timing so a fixed interval isn't a traffic-analysis fingerprint; wired into GUI via /api/poll-delay - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-05 03:33 GMT - **Completed**: 2026-06-05 03:33 GMT ### SR-2026-06-01-017 - **Title**: Harden GUI CSP: remove script-src 'unsafe-inline' (nonce/hash or external bundle) - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-01 20:18 GMT - **Completed**: 2026-06-05 03:07 GMT ### SR-2026-06-04-003 - **Title**: No-leak hardening: zeroize live Double-Ratchet key state on drop + enforce secrets-never-reach-output invariant (CI hygiene gate + at-rest no-plaintext tests) - **Status**: `promoted` - **Type**: `afk` - **Category**: `security` - **Priority**: `normal` - **Requested**: 2026-06-04 05:16 GMT - **Completed**: 2026-06-04 05:27 GMT ### SR-2026-05-30-003 - **Title**: M0 walking skeleton: two Rust CLIs exchange a string over a Tor .onion (arti), manual address paste, no crypto - **Status**: `promoted` - **Type**: `afk` - **Category**: `feature` - **Priority**: `normal` - **Requested**: 2026-05-30 17:03 GMT - **Completed**: 2026-05-31 04:31 GMT ### SR-2026-05-30-004 - **Title**: Add LICENSE (AGPL-3.0-or-later verbatim) + App Store additional-permission exception + DCO + TRADEMARK policy + cargo-deny license allowlist - **Status**: `promoted` - **Type**: `afk` - **Category**: `infra` - **Priority**: `normal` - **Requested**: 2026-05-30 17:20 GMT - **Completed**: 2026-05-30 19:05 GMT