packages/shade-cli/templates/bun-server/README.md

# __PROJECT_NAME__

A Shade-enabled Bun + Hono server. Encrypted messages in/out via two HTTP endpoints.

## Prerequisites

A running Shade prekey server. The default is `__PREKEY_SERVER__`. You can either:
- Run one locally: `docker run -p 3900:3900 shade-prekey-server`
- Override with `SHADE_PREKEY_SERVER=...` in `.env`

## Run

```bash
bun install
bun run start
```

The server registers itself with the prekey server on startup.

## Endpoints

### Send an encrypted message

```bash
curl -X POST http://localhost:3000/send \
  -H "Content-Type: application/json" \
  -d '{"to": "peer-name", "message": "hello"}'
```

Returns a `ShadeEnvelope` you can forward to the peer via any transport.

### Receive an encrypted envelope

```bash
curl -X POST http://localhost:3000/receive \
  -H "Content-Type: application/json" \
  -d '{"from": "peer-name", "envelope": {...}}'
```

Returns the decrypted plaintext.

## Stream-state retention

Resumable file transfers persist a per-stream record. The template runs
a daily cron that drops anything idle for more than
`SHADE_STREAM_RETENTION_DAYS` days (default **14**). Override at
deploy:

```bash
SHADE_STREAM_RETENTION_DAYS=7 bun run start
```

See [`docs/streams.md`](../../../../docs/streams.md) § Retention for the
full guidance and tuning per use case.

## Next steps

- Wire a real delivery layer (WebSocket, HTTP push, etc.)
- Run `shade dashboard` to watch live activity
- Compare fingerprints with peers out-of-band before trusting sessions
- Walk through [`docs/PRODUCTION-CHECKLIST.md`](../../../../docs/PRODUCTION-CHECKLIST.md) before going live
feat(cli): M-Tool 1-3 — CLI, templates, Gitea publishing pipeline Phase B complete: Shade now has a full developer tooling story. @shade/cli - shade init with project scaffolding from templates - shade fingerprint (own or peer) - shade publish (re-upload bundle) - shade rotate (--identity for full rotation, otherwise signed prekey) - shade peer add/list/verify/remove - shade dashboard (opens observer in browser) - shade doctor (diagnose config, storage, prekey server reachability) - Config from .shaderc.json or SHADE_* env vars Templates (in packages/shade-cli/templates/) - bun-server — Bun + Hono backend with /send + /receive endpoints - chat-demo — Two-process Alice/Bob chat over HTTP Publishing pipeline (Gitea npm registry) - .gitea/workflows/test.yml — CI on push/PR with PostgreSQL service - .gitea/workflows/publish.yml — publish on git tag v* - scripts/publish-all.ts — local publish helper with DRY_RUN support - scripts/bump-version.ts — lockstep version bump across all packages - Root package.json scripts: version, publish:dry, publish:all Also: /health endpoint now lives in createPrekeyRoutes so doctor can probe it without needing the full standalone setup. Dry-run verified: all 11 packages pack cleanly. 246 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-11 00:38:00 +02:00			`# __PROJECT_NAME__`

			`A Shade-enabled Bun + Hono server. Encrypted messages in/out via two HTTP endpoints.`

			`## Prerequisites`

			A running Shade prekey server. The default is `__PREKEY_SERVER__`. You can either:
			- Run one locally: `docker run -p 3900:3900 shade-prekey-server`
			- Override with `SHADE_PREKEY_SERVER=...` in `.env`

			`## Run`

			```bash
			`bun install`
			`bun run start`
			```

			`The server registers itself with the prekey server on startup.`

			`## Endpoints`

			`### Send an encrypted message`

			```bash
			`curl -X POST http://localhost:3000/send \`
			`-H "Content-Type: application/json" \`
			`-d '{"to": "peer-name", "message": "hello"}'`
			```

			Returns a `ShadeEnvelope` you can forward to the peer via any transport.

			`### Receive an encrypted envelope`

			```bash
			`curl -X POST http://localhost:3000/receive \`
			`-H "Content-Type: application/json" \`
			`-d '{"from": "peer-name", "envelope": {...}}'`
			```

			`Returns the decrypted plaintext.`

release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-03 18:35:35 +02:00			`## Stream-state retention`

			`Resumable file transfers persist a per-stream record. The template runs`
			`a daily cron that drops anything idle for more than`
			`SHADE_STREAM_RETENTION_DAYS` days (default 14). Override at
			`deploy:`

			```bash
			`SHADE_STREAM_RETENTION_DAYS=7 bun run start`
			```

			See [`docs/streams.md`](../../../../docs/streams.md) § Retention for the
			`full guidance and tuning per use case.`

feat(cli): M-Tool 1-3 — CLI, templates, Gitea publishing pipeline Phase B complete: Shade now has a full developer tooling story. @shade/cli - shade init with project scaffolding from templates - shade fingerprint (own or peer) - shade publish (re-upload bundle) - shade rotate (--identity for full rotation, otherwise signed prekey) - shade peer add/list/verify/remove - shade dashboard (opens observer in browser) - shade doctor (diagnose config, storage, prekey server reachability) - Config from .shaderc.json or SHADE_* env vars Templates (in packages/shade-cli/templates/) - bun-server — Bun + Hono backend with /send + /receive endpoints - chat-demo — Two-process Alice/Bob chat over HTTP Publishing pipeline (Gitea npm registry) - .gitea/workflows/test.yml — CI on push/PR with PostgreSQL service - .gitea/workflows/publish.yml — publish on git tag v* - scripts/publish-all.ts — local publish helper with DRY_RUN support - scripts/bump-version.ts — lockstep version bump across all packages - Root package.json scripts: version, publish:dry, publish:all Also: /health endpoint now lives in createPrekeyRoutes so doctor can probe it without needing the full standalone setup. Dry-run verified: all 11 packages pack cleanly. 246 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-11 00:38:00 +02:00			`## Next steps`

			`- Wire a real delivery layer (WebSocket, HTTP push, etc.)`
			- Run `shade dashboard` to watch live activity
			`- Compare fingerprints with peers out-of-band before trusting sessions`
release(v4.0.0): Shade GA — V3.x consolidation + audit prep V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-03 18:35:35 +02:00			- Walk through [`docs/PRODUCTION-CHECKLIST.md`](../../../../docs/PRODUCTION-CHECKLIST.md) before going live