Pin bump 5ee014dd -> c9c2d19 picks up the 8 simplexmq commits since the
last bump (parseBare lowercase fix, forwarded-param cleanup, ServerTests
+ agent end-to-end tests, TldRegistries removal, SNRC ABI decoder,
NameRecord/NameOwner module extraction).
Adds a brief comment on clearConflictingContactProfileSimplexName_
explaining why the audit's flagged cross-table collision (between
contact_profiles.simplex_name and group_profiles.simplex_name) is
structurally impossible: SimplexNameInfo's strEncode prefixes contact
names with '@' and group names with '#', so the stored bytes never
overlap between the two tables.
Query-plan regen deferred (the test is non-deterministic in CI / dev
sandbox — see prior 6c990696c).
Addresses the TOFU vulnerability where peer-claimed simplex_name was
accepted unverified. Adds:
- contacts.simplex_name_verified_at + groups.simplex_name_verified_at
(M20260606_simplex_name_verified)
- APIVerifySimplexName ChatRef command: RSLV-resolves the claimed name
and compares the resolved link to the peer's stored connection link;
on match writes verified_at and emits CEvtSimplexNameVerified;
on mismatch emits CEvtSimplexNameVerifyFailed
- CEvtSimplexNameUnverified passive warning emitted on incoming XInfo /
XGrpInfo when a name claim arrives without a current verification
- updateContactProfileWithConflict / updateGroupProfileWithConflict
clear simplex_name_verified_at whenever the peer's claim transitions
(any value change including Nothing<->Just): the prior verification
was bound to the prior claim.
UI can surface the unverified indicator next to a contact / group's
name, and prompt the user to invoke the verify command. This shifts
the security model from "TOFU + last-writer-wins" to "TOFU + on-demand
RSLV verification".
Audit flagged the column as "INSERTed but never UPDATEd". This is by
design per the prior plan's connect-via-plan flow: the column is a
transient carrier between connection-creation and contact-creation.
After the Contact row is created via XInfo handling, contacts.simplex_name
is the source of truth and the connections value is a historical snapshot.
Documents the intent so future readers don't reflag it.
- updateUserProfile no longer writes contact_profiles.simplex_name on
the user's own row (the column is reserved for peer claims; the user's
broadcastable name lives on contacts.simplex_name via uct.simplex_name).
- updateMemberContactProfile_'/Reset_' now write simplex_name; new
updateMemberProfileWithConflict / updateContactMemberProfileWithConflict
variants run conflict-clear and return the displaced name, with
processMemberProfileUpdate emitting CEvtSimplexNameConflict.
- createContact_ runs conflict-clear before INSERT to avoid UNIQUE
constraint violations on first-write peer collisions, returning the
displaced name; createPreparedContact / createDirectContact thread it
through to APIPrepareContact and saveConnInfo XInfo for event emission.
- groups conflict-clear takes ProfileId directly (avoids the NOT IN (NULL)
silent-noop edge case when groups.group_profile_id is ON DELETE SET NULL).
- Moves clearConflictingContactProfileSimplexName_ to Shared.hs so
createContact_ can call it without inducing a circular import.
Write paths:
- updateContactProfile_' / updateGroupProfile_ now set the new
contact_profiles.simplex_name / group_profiles.simplex_name columns
from Profile.simplexName / GroupProfile.simplexName respectively.
- createContact_ INSERT writes Profile.simplexName to the new
contact_profiles column (separate from the existing simplexName arg,
which still writes contacts.simplex_name — the user's locally-known
label).
Read paths (closing Task 2's deferred sites):
- toContact splits simplex_name reads: Contact.simplexName from
contacts.simplex_name (existing); LocalProfile.simplexName from
contact_profiles.simplex_name (new column).
- toGroupInfo similarly splits: GroupInfo.simplexName from
groups.simplex_name; groupProfile.simplexName from
group_profiles.simplex_name.
- ProfileRow / rowToLocalProfile, toContactRequest, getUserContactProfiles,
toGroupProfile, getProfileById, groupMemberQuery, getGroupAndMember_,
saveRcvChatItem-related quotes — all extended to read p.simplex_name
and decode it into LocalProfile.simplexName / GroupProfile.simplexName.
Conflict handling (Decision B):
- clearConflictingContactProfileSimplexName_ / *Group* helpers do an
atomic UPDATE-with-RETURNING that NULLs simplex_name on any other
row in the same user that would collide on the partial UNIQUE index,
returning the displaced row's display_name.
- updateContactProfileWithConflict / updateGroupProfileWithConflict
bundle clear+update in one transaction.
- processContactProfileUpdate / xGrpInfo invoke the *WithConflict
variants and emit CEvtSimplexNameConflict when a displacement
happened (with the claiming and displaced display names).
Adds ChatEvent CEvtSimplexNameConflict and SimplexNameConflictEntity
(SNCEContact / SNCEGroup) with JSON instances and View.hs rendering.
Drop the asymmetric toContact comment (the mirror is now obvious post-Task-1)
and rewrite the toGroupInfo stopgap comment to reflect the actual semantics:
groups.simplex_name is per-user locally-known, mirrored into groupProfile as a
stopgap until group_profiles.simplex_name lands.
Populate the embedded LocalProfile.simplexName field for the user's own
profile and for peer Contact / GroupInfo from the existing simplex_name
columns on contacts and groups. Previously every DB read set this field
to Nothing (Task 1 placeholder), so downstream consumers that work off
LocalProfile / GroupProfile (e.g., userProfileDirect / userProfileInGroup
that build outgoing XInfo / XGrpInfo via fromLocalProfile) saw Nothing
unconditionally.
Scope is limited to the rows where the simplex_name column actually
exists: contacts (per-user) and groups (per-user). Sites that only read
contact_profiles / group_profiles (toContactRequest, toContactProfile,
toGroupProfile, rowToLocalProfile) remain Nothing; Task 3 adds the
profile-table columns and wires them up.
Adds a Maybe SimplexNameInfo field to the wire-level Profile and
GroupProfile (and their DB sibling LocalProfile). JSON instances are
TH-derived with omitNothingFields = True, so the new optional field is
auto-handled and old peers / old JSON without the key decode as Nothing.
Existing record-construction sites are set to simplexName = Nothing as
a placeholder. Outgoing dissemination (userProfileDirect /
userProfileInGroup) and incoming persistence wire-up land in follow-up
commits. redactedMemberProfile passes the field through, matching how
peerType is preserved.
The comment described "@alice.simplex" as the column's surface form,
but ToField SimplexNameInfo writes the canonical strEncode output
("simplex:/name@alice.simplex"). Aligns the docstring with what the
column actually holds.
createPreparedContact/createPreparedGroup gain a Maybe SimplexNameInfo
parameter that they write to contacts.simplex_name / groups.simplex_name
directly. createConnection_ writes to connections.simplex_name as a
transient carrier for the connect-via-plan path. The XInfo handler
in Library/Subscriber.hs reads the connection's simplexName and passes
it to createDirectContact so the final contact row captures the name.
All current callers pass Nothing; the actual flow lights up when
APIConnectPlan accepts ConnectTarget and connectPlanName threads the
name through (later commits in this branch).
Uses the upstream ToField SimplexNameInfo (simplexmq 0b334b66) for
writes; reads continue to go via the soft-degradation helper.
Two helpers redundantly maintain the same g.* column list. A future
g.* addition must be applied to both sites; the cross-reference
comments flag this for maintainers. A proper refactor (reusing
groupInfoQueryFields from Connections.hs's inline SELECT) is out of
scope for this branch.
Adds `simplexName :: Maybe SimplexNameInfo` to the three records and
extends every SELECT path that reconstructs them to read the new
column. Decoded via eitherToMaybe . strDecode . encodeUtf8 (the
codebase's established pattern for Maybe Text -> typed-decode fields),
extracted as decodeSimplexName helper since the chain appears in
toContact / toContact' / toGroupInfo / toConnection. INSERT paths
still write Nothing - the write-side wiring lands in the next commit
(Task 7).
* plan: web previews for channels
* types for recipient side to support channel web previews and domain names
* fix
* migrations
* update schema and api types
* update schema
* rename migrations
* core: check member role
---------
Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
* core: update simplexmq
* update agent api
* update simplexmq
* core: add flag to User to use client services
* update simplexmq
* cli command to toggle service for a user
* test, fix
* query plans, core/bot api types
* remove local package reference
* increase server queue size in tests
* show client service status in users list
* update query plans
* cli: fix redraw slowness (#6735)
* cli: add pland to fix redraw slowness
* updtae doc
* cli: decouple key reading from processing via TQueue
* schema and bot types
---------
Co-authored-by: sh <37271604+shumvgolove@users.noreply.github.com>
* rfc: add shared group ID to profile (the same as linkEntityId and sha256(rootKey))
* implement group ID
* fix
* update simplexmq
* line
* toGroupKeys
* fix test
* fix bot api
* check group ID in other cases
* fix
---------
Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
* core: prepare group link before creating the group
* update group creation flow
* refactor
* comments
* update plan, schema, api docs/types
* store shared group ID and keys when joining relay groups
* query plans, api docs
* core: add custom indexed columns to groups and contacts
* directory: use database (TODO search/listing)
* triggers to maintain current member count
* update simplexmq, fix tests, use summary from GroupInfo
* fix all directory tests
* remove acceptance fields from group reg
* enable all tests
* clean up
* postgres migrations, fixes
* query plans
* use function in postgres triggers, improve sqlite query
* fix export/import
* update schema
* prevent admins from promoting groups when approving
* update listing every 5 minutes
* rfc: bot messages and buttons
* update
* update bot rfc
* core: add bot commands to chat preferences and peer type to profile
* update postgresql schema
* update query plans
* chat sessions preference
* markdown for bot commands
* schema
* core: file preference, options to create bot from CLI
* core: different command type
* ios: commands menu
* update types
* update ios
* improve command markdown
* core, ios: update types
* android, desktop: clickable commands in messages in chats with bots
* android, desktop: commands menu
* command menu button, bot icon
* ios: connect flow for bots
* android, desktop: connect flow for bots
* icon
* CLI commands to view and set commands, remove "hidden" property of command, bot api docs
* corrections
* fix inheriting profile preferences to business groups
* note on business address
* ios: export localizations
* fix test
* commands to set file preference on user/contact, tidy up layout and display of command and attachment buttons
* core: short bio/description for contact and group profiles
* use short description in commands
* fix tests
* query plans
* ios: show contact and group profile descriptions
* android, desktop: short description/bio
* ui: layout for chat info, correct copy
* comment out fields to add/edit short descriptions
* remove short description from events
* postgres schema
* core: add/send contact address and request messages, ios: use auto-reply as welcome message
* revert event type change
* fix test, type
* multiplatform: update type
* fix query
* ios: hide keyboard when sending the message
* failing test for business chat with a welcome message
* retry joining via contact address
* query plans
* do not send history to the first member (the original customer) of business chat
* correctly handle retries when joining groups, do not create a new connection on retry
* failing test for group welcome message and feature items
* do not send history item if member saw it during joining (based on welcomeSharedMsgId in join request)
* correct fields in PendingContactConnection, update plans
* prevent duplicate group description created in chat, while ensuring that it is created
* fix query