feat: M5 Prekey Server + M7 Wire Format

M5: Shade Prekey Server (Hono) - REST API: register, fetch bundle, replenish, count, delete - MemoryPrekeyStore for testing/embedded use - Standalone Docker deployment (Dockerfile + standalone.ts) - One-time prekey consumption on bundle fetch M7: Compact binary wire format - Version-tagged envelopes (PreKeyMessage, RatchetMessage) - Length-prefixed byte arrays, big-endian integers - Significantly smaller than JSON (no base64 bloat) - Roundtrip encode/decode for all message types 100 tests, 0 failures across M1-M5+M7. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-09 20:16:41 +02:00
parent a60ff9d6e8
commit 740a652d51
14 changed files with 898 additions and 2 deletions
--- a/packages/shade-server/src/store.ts
+++ b/packages/shade-server/src/store.ts
@@ -0,0 +1,48 @@
+/**
+ * PrekeyStore — server-side storage interface for prekey bundles.
+ *
+ * The prekey server stores public keys only (never private keys).
+ */
+export interface PrekeyStore {
+  /** Save or update an identity for an address */
+  saveIdentity(
+    address: string,
+    identitySigningKey: Uint8Array,
+    identityDHKey: Uint8Array,
+  ): Promise<void>;
+
+  /** Get an identity by address */
+  getIdentity(
+    address: string,
+  ): Promise<{ identitySigningKey: Uint8Array; identityDHKey: Uint8Array } | null>;
+
+  /** Save or update a signed prekey for an address */
+  saveSignedPreKey(
+    address: string,
+    keyId: number,
+    publicKey: Uint8Array,
+    signature: Uint8Array,
+  ): Promise<void>;
+
+  /** Get the current signed prekey for an address */
+  getSignedPreKey(
+    address: string,
+  ): Promise<{ keyId: number; publicKey: Uint8Array; signature: Uint8Array } | null>;
+
+  /** Add one-time prekeys for an address */
+  saveOneTimePreKeys(
+    address: string,
+    keys: Array<{ keyId: number; publicKey: Uint8Array }>,
+  ): Promise<void>;
+
+  /** Consume (pop) one one-time prekey for an address. Returns null if none left. */
+  consumeOneTimePreKey(
+    address: string,
+  ): Promise<{ keyId: number; publicKey: Uint8Array } | null>;
+
+  /** Get remaining one-time prekey count for an address */
+  getOneTimePreKeyCount(address: string): Promise<number>;
+
+  /** Delete all keys for an address */
+  deleteAll(address: string): Promise<void>;
+}