release(v4.0.0): Shade GA — V3.x consolidation + audit prep

V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
parent 8b055912b7
commit e6fdf31b49
298 changed files with 37909 additions and 256 deletions
--- a/packages/shade-inbox-server/src/index.ts
+++ b/packages/shade-inbox-server/src/index.ts
@@ -0,0 +1,60 @@
+import type { Hono } from 'hono';
+import type { CryptoProvider } from '@shade/core';
+import { createInboxRoutes, type InboxRoutesOptions } from './routes.js';
+import { MemoryInboxStore } from './memory-store.js';
+import type { InboxStore } from './store.js';
+import { InboxServerEvents } from './events.js';
+
+export { createInboxRoutes } from './routes.js';
+export type { InboxRoutesOptions } from './routes.js';
+export { MemoryInboxStore } from './memory-store.js';
+export type { InboxStore } from './store.js';
+export {
+  InboxServerEvents,
+  shortHash as inboxShortHash,
+} from './events.js';
+export type {
+  InboxServerEvent,
+  InboxServerEventName,
+  InboxServerEventMap,
+  InboxServerEventListener,
+} from './events.js';
+export { InboxPruneTask } from './cleanup.js';
+export {
+  computeMsgId,
+  isValidMsgId,
+  constantTimeStringEqual,
+} from './msg-id.js';
+export {
+  DEFAULT_INBOX_QUOTA,
+  clampTtl,
+} from './quota.js';
+export type { InboxQuotaConfig } from './quota.js';
+export { createBridgeRoutes } from './bridge.js';
+export type { BridgeRoutesOptions, BridgeKind } from './bridge.js';
+
+/**
+ * Create a standalone Shade Inbox Server.
+ *
+ *   const crypto = new SubtleCryptoProvider();
+ *   const inbox = createInboxServer({ crypto });
+ *   export default { port: 3901, fetch: inbox.fetch };
+ *
+ * Or compose into an existing Hono app:
+ *   const app = new Hono();
+ *   app.route('/', createInboxServer({ crypto }));
+ */
+export function createInboxServer(options: {
+  crypto: CryptoProvider;
+  store?: InboxStore;
+  disableRateLimit?: boolean;
+  events?: InboxServerEvents;
+} & Pick<InboxRoutesOptions, 'observability' | 'quota'>): Hono {
+  const store = options.store ?? new MemoryInboxStore();
+  const routesOptions: InboxRoutesOptions = {};
+  if (options.disableRateLimit !== undefined) routesOptions.disableRateLimit = options.disableRateLimit;
+  if (options.events !== undefined) routesOptions.events = options.events;
+  if (options.observability !== undefined) routesOptions.observability = options.observability;
+  if (options.quota !== undefined) routesOptions.quota = options.quota;
+  return createInboxRoutes(store, options.crypto, routesOptions);
+}