From acd3ebe7f2f4aef2842e68edfa70860474915417 Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Sat, 25 Apr 2026 03:38:45 +0100 Subject: [PATCH] =?UTF-8?q?docs(chat):=20adopt=20existing=20SilverVPN.Clie?= =?UTF-8?q?nt.Chat=20as=20SilverChat=20=E2=80=94=20promote=20to=20v1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Inspection of ../SilverVPN/clients/SilverVPN.Client.Chat reveals a mature, production-grade SilverChat implementation: - Cross-platform MAUI client (Windows / macOS / Android / iOS) - 13 ViewModels + 13 Views — feature-complete UX (contacts, conversations, group chat, invites, safety numbers, settings, login) - Signal Protocol crypto: Double Ratchet, X3DH (PreKey + Identity stores), Safety Numbers, encrypted attachments - VpnChatTransport — chat carried over the SilverVPN tunnel itself, eliminating third-party metadata exposure - Server-side already in SilverVPN.Api: ChatHub (SignalR), ChatController, ChatAttachmentController, ContactsController - Windows MSI installer wired (installer/silverchat/SilverChat.wxs) Decision: adopt-as-is, do not duplicate. SilverChat is more advanced than the v1.1 plan (which considered Matrix / Signal-fork) — three wins: 1. Signal Protocol natively, not a tentative fork 2. Chat over the VPN tunnel — better metadata hygiene 3. Cross-platform on day one Changes: - stack/chat/README.md rewritten as integration pointer (mirror of stack/vpn/) - stack/README.md status table updated; SilverChat promoted v1.1 → v1 - docs/roadmap.md: new milestone 1.9 (Chat integration into Linux v1); Phase 1.1 alignment-review milestone removed (resolved by this finding); remaining 1.1 milestones renumbered - root README.md: Stack table + Status table updated Co-Authored-By: Claude Opus 4.7 (1M context) --- README.md | 3 +- docs/roadmap.md | 19 +++++----- stack/README.md | 14 ++++--- stack/chat/README.md | 90 ++++++++++++++++++++++++++++++++++---------- 4 files changed, 90 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index ea40ded..e93e868 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ Both lines ship the **SilverLABS Application Stack** — a suite of cross-platfo | **SilverBrowser** | v1 (Linux MVP) | De-Googled, telemetry-free, fingerprint-resistant browser | | **SilverVPN** | **Existing** — see [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) | Always-on, no-logs VPN with our own infrastructure | | **SilverSync** | v1 (Linux MVP) | Private replacement for iCloud / Google Drive / OneDrive | -| **SilverChat** | v1.1 (may overlap with `SilverVPN.Client.Chat`) | E2EE messenger | +| **SilverChat** | **Existing** — `SilverVPN.Client.Chat`, Signal Protocol over VPN transport. Promoted from v1.1 to v1 | E2EE messenger | | **SilverDuress** | v1.1 | Duress password / panic-wipe / anti-coercion | | **SilverKeys** | v1.1 | Zero-knowledge password + 2FA manager | @@ -57,6 +57,7 @@ Download the **free SilverLABS Stack** + the **SilverMetal OS or Enhanced packag | SilverMetal OS — Linux v1 | Phase 1 — moving to milestone 1.1 (build pipeline) | | SilverLABS Stack v1 (Browser + Sync) | Planning | | SilverVPN | Existing product, integration into v1 ISO planned | +| SilverChat | Existing product (`SilverVPN.Client.Chat`); promoted to v1, integration into v1 ISO planned | | Other OS/Enhanced flavours | Planning, post-Linux v1 | See [`docs/roadmap.md`](docs/roadmap.md) for the milestone-driven plan. diff --git a/docs/roadmap.md b/docs/roadmap.md index 695575c..5731a2d 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -33,10 +33,11 @@ The two product lines (**SilverMetal OS** and **SilverMetal Enhanced**) share th | 1.6 | SilverBrowser v1 integrated (ungoogled-chromium rebrand) | Default browser, no Google services, fingerprint defences validated | | 1.7 | SilverVPN integrated into image | Existing `SilverLABS/SilverVPN` Linux client + tunnel service preinstalled, always-on default; kill-switch verified | | 1.8 | SilverSync v1 integrated (Nextcloud backbone, client-side encryption) | Contacts/calendar/files sync end-to-end; server cannot read content | -| 1.9 | Update server + signing ceremony complete | First signed update delivered through alpha channel; rollback verified | -| 1.10 | Public alpha ISO + SBOM + build attestation published | Download page live; reproducible-build instructions documented | -| 1.11 | External privacy-engineering review | One independent reviewer (Kicksecure / Whonix community) signs off on threat-model fidelity | -| 1.12 | Hardware SKU pilot batch | 10 preflashed Coreboot-supported laptops shipped and validated | +| 1.9 | SilverChat integrated into image | Existing `SilverVPN.Client.Chat` packaged for Linux and integrated; SignalR hub reachable; first message sent and received over VPN tunnel transport | +| 1.10 | Update server + signing ceremony complete | First signed update delivered through alpha channel; rollback verified | +| 1.11 | Public alpha ISO + SBOM + build attestation published | Download page live; reproducible-build instructions documented | +| 1.12 | External privacy-engineering review | One independent reviewer (Kicksecure / Whonix community) signs off on threat-model fidelity | +| 1.13 | Hardware SKU pilot batch | 10 preflashed Coreboot-supported laptops shipped and validated | **Exit criteria for Phase 1**: alpha is publicly downloadable, all verification gates green, hardware SKU available for purchase. @@ -46,13 +47,13 @@ The two product lines (**SilverMetal OS** and **SilverMetal Enhanced**) share th **Goal**: complete the SilverLABS Application Stack so v1.1 ships with the full suite. +> **Note**: SilverChat was originally a Phase 1.1 milestone but has been **promoted to Phase 1** (milestone 1.9) — the existing `SilverVPN.Client.Chat` implementation is production-grade (Signal Protocol over VPN transport) and ready to integrate now. + | # | Milestone | Done when | |---|---|---| -| 1.1.1 | SilverChat v1 — alignment review | Decide whether to pull `SilverVPN.Client.Chat` in, fork it, or scope SilverChat as a separate effort. Outcome documented in `docs/decisions/` | -| 1.1.2 | SilverChat v1 client + homeserver | Cross-platform clients functional; account-number onboarding | -| 1.1.3 | SilverDuress v1 | Linux PAM module + Android duress PIN + iOS Shortcuts/MDM trigger + Windows Group Policy + macOS profile — all verified | -| 1.1.4 | SilverKeys v1 | Bitwarden-derived client + SilverSync backend; per-platform clients | -| 1.1.5 | Atomic root experiment | ostree-based variant builds; v1.2 candidate if successful | +| 1.1.1 | SilverDuress v1 | Linux PAM module + Android duress PIN + iOS Shortcuts/MDM trigger + Windows Group Policy + macOS profile — all verified | +| 1.1.2 | SilverKeys v1 | Bitwarden-derived client + SilverSync backend; per-platform clients | +| 1.1.3 | Atomic root experiment | ostree-based variant builds; v1.2 candidate if successful | --- diff --git a/stack/README.md b/stack/README.md index 3cab79f..24a707c 100644 --- a/stack/README.md +++ b/stack/README.md @@ -9,7 +9,7 @@ The cross-platform spine of SilverMetal. These apps replace the cloud services y | [`browser/`](browser/) — **SilverBrowser** | v1 (Linux MVP) | De-Googled, telemetry-free browser | | [`vpn/`](vpn/) — **SilverVPN** | **Existing** — see [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN). This directory tracks integration only | Always-on, no-logs VPN with our infrastructure | | [`sync/`](sync/) — **SilverSync** | v1 (Linux MVP) | Private replacement for iCloud/Google/OneDrive | -| [`chat/`](chat/) — **SilverChat** | v1.1 — *may overlap with `SilverVPN.Client.Chat`; alignment decision pending* | E2EE messenger | +| [`chat/`](chat/) — **SilverChat** | **Existing** — `SilverVPN.Client.Chat` is already production-grade (Signal Protocol, MAUI cross-platform, transport-over-VPN). Promoted from v1.1 to **v1**. This directory tracks integration only | E2EE messenger | | [`duress/`](duress/) — **SilverDuress** | v1.1 | Duress password / panic-wipe | | [`keys/`](keys/) — **SilverKeys** | v1.1 | Zero-knowledge password + 2FA manager | | [`shared/`](shared/) — common code | ongoing | Account SDK, crypto primitives, branding | @@ -28,7 +28,7 @@ Each app is built natively per platform — no Electron sprawl where avoidable: - **macOS**: universal binary `.pkg` (notarised) - **iOS**: App Store -Where a single codebase (e.g., MAUI as SilverVPN already does, or Tauri/Rust core for Browser/Sync/Keys) lets us hit multiple platforms with thin native UI shells, we use it. We avoid Electron unless the cost of native is unjustifiable. +SilverVPN's MAUI base already covers Windows / macOS / Android / iOS for VPN and Chat. For SilverBrowser / SilverSync / SilverKeys we'll evaluate per-app whether MAUI, Tauri/Rust, or native is the right pick. ## v1 ship order @@ -37,15 +37,17 @@ For SilverMetal OS — Linux v1: 1. **SilverBrowser** — ungoogled-chromium-derived, our defaults, our update channel 2. **SilverVPN** integration — existing product, integrated into our ISO with always-on defaults and kill-switch 3. **SilverSync** — Nextcloud-backed (server side), client-side encryption, native Linux client +4. **SilverChat** integration — existing product (Signal Protocol over the VPN tunnel); was originally v1.1 but the upstream is mature enough to ship in v1 -These three ship with SilverMetal OS — Linux v1. v1.1 adds Chat, Duress, Keys. +**Promoted from v1.1 → v1**: SilverChat — because the existing implementation in `SilverVPN.Client.Chat` is far more mature than what we'd build from scratch. + +v1.1 still adds Duress and Keys. ## Server side Server components live in separate repositories: -- `SilverLABS/SilverVPN` — already exists; includes server stack +- `SilverLABS/SilverVPN` — already exists; includes both VPN server stack **and** SilverChat backend (`Hubs/ChatHub.cs` + `Controllers/Chat*`) - `SilverLABS/silver-sync-server` *(to be created)* — Nextcloud + Radicale + Baïkal stack -- `SilverLABS/silver-chat-homeserver` *(to be created OR may live under SilverVPN)* — depends on v1.1.1 alignment decision -- `SilverLABS/silver-account` *(to be created)* — account-number issuance + auth gateway +- `SilverLABS/silver-account` *(to be created OR may live under SilverVPN)* — account-number issuance + auth gateway Self-hostable counterparts are documented for users who don't want to use SilverLABS infrastructure. diff --git a/stack/chat/README.md b/stack/chat/README.md index 111df77..dbfd6ff 100644 --- a/stack/chat/README.md +++ b/stack/chat/README.md @@ -1,32 +1,82 @@ -# SilverChat +# SilverChat — Integration Pointer -**Status**: v1.1 (planning) +> **The SilverChat component already exists as a mature implementation inside the SilverVPN repo.** +> This directory does not re-implement it; it tracks the integration of the existing SilverChat into SilverMetal OS images and Enhanced packages. -End-to-end encrypted messenger. Ships post-MVP. +## Where SilverChat lives -## Approach (tentative — to be finalised before v1.1) +- **Client**: [`SilverLABS/SilverVPN/clients/SilverVPN.Client.Chat`](https://git.silverlabs.uk/SilverLABS/SilverVPN) — local checkout typically at `../SilverVPN/clients/SilverVPN.Client.Chat/` +- **Server**: part of `SilverVPN.Api` — `Hubs/ChatHub.cs`, `Controllers/ChatController.cs`, `Controllers/ChatAttachmentController.cs`, `Controllers/ContactsController.cs` +- **Windows installer**: `../SilverVPN/installer/silverchat/` (WiX-based MSI) +- The brand "SilverChat" is already in use in shipped artefacts -Two candidate paths: +## What's already built -1. **Matrix-based** — Synapse or Dendrite homeserver, custom client per platform. Pros: federated, mature, large existing ecosystem. Cons: metadata leakage in federation, complex protocol. -2. **Signal-protocol-based** — fork the Signal codebase, run own server. Pros: gold-standard cryptography, simpler client. Cons: forking the Signal protocol is socially fraught; less feature-rich than Matrix. +**Client (MAUI cross-platform — Windows / macOS / Android / iOS / Linux)**: +- 13 ViewModels covering: contacts, conversations, group chat, invites, safety numbers, settings, login, contact details +- 13 XAML Views — feature-complete UX +- **Signal Protocol** crypto layer (the gold standard for E2EE): + - `DoubleRatchet.cs` — Signal's Double Ratchet algorithm + - `SignalSessionManager.cs`, `IdentityKeyStore.cs`, `PreKeyStore.cs`, `SessionStore.cs` — full identity / prekey / session machinery + - `SafetyNumber.cs` — Signal-style verification + - `ChatAttachmentCrypto.cs` — encrypted attachments + - `GroupChatEventService.cs` — group chat +- **`VpnChatTransport.cs`** — chat is carried over the SilverVPN tunnel itself, eliminating third-party metadata exposure +- `MauiSecretKeyProvider.cs` — platform key storage abstraction +- Token refresh, routing prefs, inbound policy enforcement -Decision documented in `docs/decisions/` once made. +**Server (in `SilverVPN.Api`)**: +- `Hubs/ChatHub.cs` — SignalR realtime hub +- `Controllers/ChatController.cs` — REST API +- `Controllers/ChatAttachmentController.cs` — attachment handling +- `Controllers/ContactsController.cs` — contacts API -## Non-negotiables +This is **more mature than SilverMetal's original v1.1 plan** in three ways: +1. Signal Protocol natively, not a Matrix/Signal-fork tentative +2. Chat transported over the SilverVPN tunnel — better metadata hygiene than otherwise possible +3. Cross-platform via MAUI on day one — covers all SilverMetal flavours -- Account-number-based identity (not phone, not email) -- E2EE by default, no opt-out -- Self-hostable server -- No telemetry from client -- Forward secrecy -- Backup keys remain on user devices +## Decision -## Per-platform clients +**Adopt-as-is, do not duplicate.** SilverChat is no longer a v1.1 effort; it is alpha-ready today and ships in **SilverMetal OS — Linux v1**. -To be defined post-decision. Likely Tauri-based or per-platform-native depending on protocol choice. +This supersedes the earlier (deferred) plan to evaluate Matrix vs. Signal Protocol forks. -## Out of scope (for now) +## SilverMetal's responsibility -- Voice/video calling — v1.2+ -- Group sizes >100 — Matrix supports, but we may cap at 100 for v1.1 simplicity +Like `stack/vpn/`, this directory tracks **integration**, not development. + +### SilverMetal OS — Linux v1 +- [ ] Build `SilverVPN.Client.Chat` for Linux (MAUI on Linux is constrained — likely a Linux-native Avalonia/WPF-port branch may be needed; or fall back to web client until MAUI Linux support firms up) +- [ ] Package as `silverchat` `.deb` from a `build-deb-chat.sh` (mirror of `build-deb.sh`) +- [ ] Include in `linux/packages/include.list` +- [ ] Configure to pair via SilverVPN account number — single-sign-on across VPN + Chat + +### SilverMetal OS — Pixel / Samsung / Motorola +- [ ] Bundle SilverChat MAUI Android client as system app in ROM +- [ ] First-run wires SilverChat to the user's account-number-derived identity + +### SilverMetal Enhanced — Windows +- [ ] Use existing `installer/silverchat/SilverChat.wxs` MSI as-is or roll into the Enhanced installer +- [ ] Auto-launch on first login + +### SilverMetal Enhanced — macOS +- [ ] Bundle MAUI macOS build into setup `.pkg` + +### SilverMetal Enhanced — iOS +- [ ] App Store listing referenced in iOS setup guide +- [ ] MDM profile pre-configures SilverChat + +### SilverMetal Enhanced — Android (generic) +- [ ] APK referenced as required install in profile + +## Coordination + +Changes to chat protocol, server APIs, or transport that affect SilverMetal integration should be flagged in this directory's CHANGELOG (to be created when first integration milestone starts). + +Cross-repo issues that touch both projects should be opened in whichever repo owns the change, with a back-reference in the other. + +## Not in scope here + +- Voice / video calling — out of scope for v1; revisit post-Linux-v1 +- Federation with Matrix / XMPP / etc. — not planned; SilverChat is a closed-network E2EE messenger by design (account-number-based, no public federation)