Feature: Direct Messages & Private Channels (server-brokered, ACL-driven) #114
Labels
No labels
area:api
area:core
area:docs
area:infra
area:ux
dependencies
documentation
duplicate
good first issue
help wanted
invalid
question
rust
status:complete
status:partial
status:planned
type:bug
type:design
type:feature
type:infra
type:refactor
type:refactor
type:research
type:ux
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
icub3d/decentcom#114
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
status:partial
Overview
Private 1:1 chats, private group chats, and (later) private group calls, modeled
as access-controlled channels on a shared server. There is no global DM
infrastructure and no cross-server federation: a private conversation lives on a
server all its participants are members of, and that server brokers it exactly
as it brokers public channels.
This is a deliberate pivot away from the E2EE-mailbox model in #16. This issue
covers the v1 transport/UX layer (server-brokered, trust-the-operator, plaintext
storage). End-to-end encryption of DM text and media is tracked separately as a
future hardening epic in #16 and layers on top of this work.
Full design:
docs/design/direct-messages.mdPrinciples
three servers with someone means three separate DM contexts. Keeps identity
portable (the Ed25519 pubkey) while keeping conversations local, and avoids
reintroducing a central home-server anchor.
DMs, group chats, and group calls are the same primitive with different
channel_type/ feature bits — no new storage model, routing, or transport.can disable DMs via a feature flag and do less work.
Punchlist
Phase 0 — Design sign-off
channel_typenames (dm,group_dm); decide if group DMs are v1 or deferredrequire_invite_for_dmconfig knobPhase 1 — Data model & storage
channel_typevaluesdm/group_dm(field exists, hardcoded totexttoday)channel_membersACL table:(channel_id, pubkey, added_at){A,B}pair maps to a single channel (idempotent open)Phase 2 — Feature flag & config
direct_messagesfeature flag (default enabled) toFeatureFlagsrequire_feature(direct_messages)require_invite_for_dm(already documented in server-model.md)allow_group_dms,max_group_dm_memberscontent-policy knobsPhase 3 — REST API
POST /api/v1/dms— open or fetch the 1:1 DM with a target pubkeyGET /api/v1/dms— list the caller's private channels on this serverPOST /api/v1/group-dms— create a group DM with N membersPOST /api/v1/group-dms/{id}/members/DELETE .../{pubkey}— manage membershipPhase 4 — Gateway & visibility
MESSAGE_CREATE(and friends) in a private channel only to connected sessions in the ACLDM_CHANNEL_CREATE,DM_CHANNEL_MEMBER_ADD/_REMOVEPhase 5 — Private voice / video / screen share
dm/group_dmchannel with voice enabled; room ACL = channel ACLdirect_messagesandvoice_channels(+video/screen_share)Phase 6 — Client UX
Out of scope (tracked elsewhere)
Open questions
require_invite_for_dmsemantics: "must be a server member" vs. "must have an explicit invite relationship"?