# __PROJECT_NAME__

A Shade-enabled Bun + Hono server. Encrypted messages in/out via two HTTP endpoints.

## Prerequisites

A running Shade prekey server. The default is `__PREKEY_SERVER__`. You can either:
- Run one locally: `docker run -p 3900:3900 shade-prekey-server`
- Override with `SHADE_PREKEY_SERVER=...` in `.env`

## Run

```bash
bun install
bun run start
```

The server registers itself with the prekey server on startup.

## Endpoints

### Send an encrypted message

```bash
curl -X POST http://localhost:3000/send \
  -H "Content-Type: application/json" \
  -d '{"to": "peer-name", "message": "hello"}'
```

Returns a `ShadeEnvelope` you can forward to the peer via any transport.

### Receive an encrypted envelope

```bash
curl -X POST http://localhost:3000/receive \
  -H "Content-Type: application/json" \
  -d '{"from": "peer-name", "envelope": {...}}'
```

Returns the decrypted plaintext.

## Stream-state retention

Resumable file transfers persist a per-stream record. The template runs
a daily cron that drops anything idle for more than
`SHADE_STREAM_RETENTION_DAYS` days (default **14**). Override at
deploy:

```bash
SHADE_STREAM_RETENTION_DAYS=7 bun run start
```

See [`docs/streams.md`](../../../../docs/streams.md) § Retention for the
full guidance and tuning per use case.

## Next steps

- Wire a real delivery layer (WebSocket, HTTP push, etc.)
- Run `shade dashboard` to watch live activity
- Compare fingerprints with peers out-of-band before trusting sessions
- Walk through [`docs/PRODUCTION-CHECKLIST.md`](../../../../docs/PRODUCTION-CHECKLIST.md) before going live