Commit Graph

900 Commits

Author SHA1 Message Date
shum e9656d0b18 Merge origin/master into sh/namespace
The names (simplex_name / RSLV) feature and master's badge feature both
extended the contact/group profile row layer. Resolution keeps both, with
simplex_name ordered last (chronological - it is the newer column):
- Profile/LocalProfile gain badge + simplex_name; simplex_name last in the
  data types, record builds, schema, and SQL row types/SELECTs/INSERTs
- SQL row types, SELECTs and INSERT/UPDATE lists carry both badge_* and
  simplex_name columns (simplex_name after badge)
- migration lists ordered by date (master 0601/0602 before names 0603+)
- SQLite chat_schema.sql regenerated; Postgres chat_schema.sql hand-merged

Verified: lib + test suite build; SchemaDump, Operators, Protocol and
direct/group profile round-trip tests pass.
2026-06-23 12:28:56 +00:00
shum 7fe951fbc6 test(operators): expect USWNoNamesServers warning in no-servers cases 2026-06-23 09:59:17 +00:00
spaced4ndy 0e09b38ea6 core: public groups - roster of privileged members (#7017) 2026-06-22 10:15:41 +00:00
Evgeny Poberezkin f64030f704 Merge branch 'stable' 2026-06-21 23:37:47 +01:00
Evgeny 6cde614e51 core: fix group link use after admin demotion (#7111)
* Fix group link use after admin demotion

* fix: group role change

* size limit

* fix

* allow delete

* do not remove link

* query plan

* relay test

* refactor

---------

Co-authored-by: Paul Bottinelli <paul.bottinelli@trailofbits.com>
Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-06-21 23:36:15 +01:00
Evgeny c42c121a36 core: improve short link decompression (#7110)
* fix: bound short-link decompression

* core: improve short link decompression

---------

Co-authored-by: Paul Bottinelli <paul.bottinelli@trailofbits.com>
2026-06-21 13:03:57 +01:00
Evgeny Poberezkin 3c68ba4803 Merge branch 'stable' 2026-06-20 20:55:10 +01:00
Evgeny 8c4580ee00 core: block obfuscated simplex links if the group does not allow them (#7107)
* core: block obfuscated simplex links if the group does not allow them

* remove newlines

* remove renames

* name

* more efficient parser

* remove comment

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-06-20 20:54:34 +01:00
Evgeny Poberezkin e11cf1b82e Merge branch 'stable' 2026-06-17 19:13:51 +01:00
Evgeny 80538850f1 ui: show badges in more contexts (#7084)
* core: fix delivery cursor not advancing to maximum group member id for posgtgres (#7043)

* ui: show badge in user picker above message entry

* core: send badge with channel owner profile

---------

Co-authored-by: spaced4ndy <8711996+spaced4ndy@users.noreply.github.com>
Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-06-17 19:10:37 +01:00
Evgeny adb3fb8cb2 core: render web previews for channels (#7029)
* plan: web previews for channels

* types for recipient side to support channel web previews and domain names

* fix

* migrations

* update schema and api types

* update schema

* rename migrations

* core: render channel preview data

* core: render channel preview data in relays

* website: use cpp to inject JS functions

* JSC files

* remove directory.js

* channel preview renderer

* Revert "cli: fix redraw slowness (#6735)"

This reverts commit b801d77c74.

* sample channel page

* default avatar

* rename options

* better layout

* layout

* images

* some fixes

* tails

* markdown colors

* image sizes

* reactions

* fix reactions

* fewer avatars

* forward icon

* command to change group access parameters

* view public group access changes in CLI

* media metadata color

* ios: group web access ui

* update ui

* add init

* kotlin, labels

* update page

* update relay base URL

* fix

* ios update channel web page info

* update kotlin layout

* use cards

* update layout

* use domains for relay data, path is fixed

* update embed code

* fix bots api

* include only history items and senders

* update preview JS/HTML

* show different error if link is different

* remove stale json files

* better layout

* layout fixes

* improve layout

* improve layout

* update embed code

* web cta

* better layout

* buttons

* layout

* paddings

* desktop cta

* desktop cta

* cta layout

* fonts

* paddings

* paddings

* more paddings

* copy link

* read more

* hide avatar and placeholder when all messages are from channel

* color scheme

* fix color

* improve

* layout

* welcome message

* dark mode colors

* padding

* font size

* overscroll

* font

* logo on button

* better join

* buttons

* refactor

* another logo

* text

* desktop button

* button text

* center

* fix svg

* padding

* smaller gap

* render channel on any message changes etc

* fixes

* atomic file updates, escape attributes

* fix tests

* more tests

* more efficient rendering

* improve security

* sanitize links, include mentioned members

* schema

* fixes

* improve rendering

* fix showing correct subscribers count

* fix member names

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-06-16 14:36:55 +01:00
Evgeny Poberezkin 37f7ed3126 Merge branch 'stable' 2026-06-16 07:40:58 +01:00
Evgeny ad23da63d0 core: supporter badges using anonymous BBS credentials (#7040)
* core: supporter badges using anonymous BBS credentials

* badges in profiles

* badge in profiles

* process badges

* update simplexmq

* update simplexmq

* change types

* fix migration

* migration

* update simplexmq

* fix bot API, schema

* fix postgresql build

* refactor

* postgresql schema

* correctly set badges in all cases

* badges ffi

* plan, bot types

* FFI

* FFI: export badge symbols

* add extra field

* refactor badge types to GADT

* configurable badge key

* add badge to profile, test

* ui: badge images

* generate badge key and sign badge

* badge sign in CLI

* fix commands, ui

* rename badges

* Binary

* image size, migration

* update badge images, add public key

* send badges in more cases

* update UI, tests

* bot types, schema

* postgres schema

* tone down badges

* revert formula

* refactor badges

* smaller badges

* badge position

* better badge position

* simpler

* position

* move position

* update simplexmq

* show badge after name

* badge layout

* fix badge

* debug badge height

* shift badge

* fix badge in member name

* bigger badge

* badge layout

* differentiate badge colors

* more avatars for the user's profiles

* refactor

* remove color filter

* alerts

* multiple keys, old expired

* use new BBS api

* update badge keys, bot api

* presentation header

* simplify

* parser

* update iOS images

* update public keys

* query plans

* update simplexmq

* refactor badge types

* simplexmq

* bot api types

* update simplexmq - commoncrypto flag

* update simplexmq

* pass commoncrypto flag to simplexmq in nix iOS build

* ios ui

* update core library, fixes

* badge layout

* badge size

* badge gap

* remove extensions

* simplify

* share badge in more events, reverify badge if verification failed

* larger files with badges

* allow sending larger files

* simpler

* update simplexmq

* better decoder for badge keys

* update simplexmq

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
Co-authored-by: shum <github.shum@liber.li>
2026-06-15 22:25:08 +01:00
shum 69dee10bd7 refactor(names): agent resolution + one error type
Adopt the simplexmq names rework (PR #7045): name resolution is now
owned by the agent (resolveSimplexName picks a names-role server), so
the chat-side iteration is removed - delete ResolveError,
iterateResolvers, resolveOnUserServers, enabledSMPServersForUser and
resolveErrorToChatError.

One error type: resolver/agent failures flow through ChatErrorAgent;
remove the CEvtSimplexName* events, SimplexNameVerifyFailReason,
SimplexNameConflictEntity and CESimplexNameResolverUnavailable.
APIVerifySimplexName returns CRSimplexNameVerified (verified::Bool),
mirroring CRConnectionVerified. connectPlan handles the name target
directly; updateProfile WithConflict aliases collapsed into the plain
functions.

Add the per-operator "names" SMP server role (migration
20260612_smp_role_names, official operator on by default) feeding
ServerRoles.names -> UserServers.nameSrvs.

Bump simplexmq pin to ce69adfd and regenerate sha256map.nix.
2026-06-13 07:40:36 +00:00
shum 7836f71d7a core: align resolver docs/tests with RSLV errors 2026-06-11 15:11:55 +00:00
shum a580698584 core: iterate past RSLV-unsupported name servers 2026-06-11 15:11:55 +00:00
spaced4ndy b9d1f0c0a3 core: fix delivery batching (#7065) 2026-06-09 16:58:17 +00:00
spaced4ndy 931881c860 core: validate user chat ownership for chat tag and TTL APIs (#7063) 2026-06-09 13:03:51 +00:00
shum 613eb421da Merge remote-tracking branch 'origin/master' into sh/namespace
# Conflicts:
#	src/Simplex/Chat/Library/Commands.hs
#	src/Simplex/Chat/Library/Subscriber.hs
#	src/Simplex/Chat/Store/Direct.hs
#	src/Simplex/Chat/Store/Groups.hs
#	src/Simplex/Chat/Store/Shared.hs
2026-06-08 16:06:27 +00:00
shum 5ce9e852a3 deps: bump simplexmq for HTTP resolver; adapt NameRecord consumers
simplexmq 92b3d049 reshaped NameRecord text fields from Maybe Text to
Text (empty string sentinel). Adapt firstNameLink to take Text directly
and treat T.null as "absent". dispatchResolvedRecord destructure
unchanged; passes the text values straight through. apiVerifySimplexName
switches from Just/Nothing pattern to a T.null guard with the same UX.
Test fixtures updated.
2026-06-08 11:49:07 +00:00
Evgeny Poberezkin adbffe2d1b Merge branch 'stable' 2026-06-06 21:18:42 +01:00
Evgeny 5b93cb0e3f core: store context to pass configuration parameters (#7057)
* core: store context to pass configuration parameters

* fix directory

* fix test

* comment

* order

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-06-06 20:48:11 +01:00
shum ebe90f7169 chat: APIVerifySimplexName command + CEvtSimplexNameUnverified warning
Addresses the TOFU vulnerability where peer-claimed simplex_name was
accepted unverified. Adds:

- contacts.simplex_name_verified_at + groups.simplex_name_verified_at
  (M20260606_simplex_name_verified)
- APIVerifySimplexName ChatRef command: RSLV-resolves the claimed name
  and compares the resolved link to the peer's stored connection link;
  on match writes verified_at and emits CEvtSimplexNameVerified;
  on mismatch emits CEvtSimplexNameVerifyFailed
- CEvtSimplexNameUnverified passive warning emitted on incoming XInfo /
  XGrpInfo when a name claim arrives without a current verification
- updateContactProfileWithConflict / updateGroupProfileWithConflict
  clear simplex_name_verified_at whenever the peer's claim transitions
  (any value change including Nothing<->Just): the prior verification
  was bound to the prior claim.

UI can surface the unverified indicator next to a contact / group's
name, and prompt the user to invoke the verify command. This shifts
the security model from "TOFU + last-writer-wins" to "TOFU + on-demand
RSLV verification".
2026-06-06 08:33:25 +00:00
shum 63a9d22148 chat: resolveOnUserServers iterates only on transport errors
Privacy: every miss previously broadcast the candidate name to every
enabled SMP server. Now only NETWORK / TIMEOUT failures fall through
to the next server; definite resolver answers (NAME / AUTH / CMD
PROHIBITED / other ERR) stop iteration.
2026-06-05 10:29:01 +00:00
shum 1cf96fc291 deps: bump simplexmq for NameRecord reshape; update consumers
simplexmq 5ee014dd reshaped NameRecord to align with the Python resolver
JSON: nrChannelLinks/nrContactLinks (lists of NameLink) became
nrSimplexChannel/nrSimplexContact (Maybe Text); nrDisplayName became
nrName; nrResolver was added; the NameLink wrapper type and nrIsTest/
nrExpiry/nrAdminAddress/nrAdminEmail fields were dropped.

Update dispatchResolvedRecord destructure and firstNameLink signature
to the new Maybe Text shape, and refresh the ResolveNameTests fixtures
and assertions accordingly.
2026-06-05 10:09:02 +00:00
shum 1f9b6e29de chat: RSLV-resolved NameRecord dispatched through prepared row
dispatchResolvedRecord now picks the first nrContactLinks (NTContact) or
nrChannelLinks (NTPublicGroup) entry from the resolved record, decodes it
as AConnShortLink, fetches the short-link data, and eagerly calls
createPreparedContact / createPreparedGroup with the simplex_name set.

Returning CPContactAddress (CAPKnown ct) / CPGroupLink (GLPKnown g ...)
mirrors the local-store-hit branch of connectPlanName: hit and miss
converge on the same plan shape, so the connectWithPlan caller cannot
distinguish where the prepared row came from. Threading uses the
existing Maybe SimplexNameInfo parameter added in c6f26150 for the
local-prepare path -- no new write path or transient carrier.

Pure helper firstNameLink is extracted and exported so the link-picker
contract is testable without a DB / agent. ResolveNameTests gains five
cases covering the per-type selection, the first-link policy, and the
empty-list to CESimplexNameNotFound collapse.
2026-06-04 18:49:57 +00:00
shum 0ec3b101b9 chat: connectPlanName falls back to RSLV when local lookup misses 2026-06-04 18:32:02 +00:00
shum 5fe584b522 chat: resolveOnUserServers iterates user SMP servers for RSLV 2026-06-04 18:13:35 +00:00
shum cf3c7d152a chat: test outgoing Profile carries simplexName from User profile
userProfileDirect, userProfileInGroup' and redactedMemberProfile already
pass simplexName through via fromLocalProfile (Task 1) once the embedded
LocalProfile field is populated (previous commit). Lock that behavior in
with focused unit tests:

- userProfileDirect with Just simplexName -> wire Profile.simplexName Just
- userProfileDirect with Nothing -> wire Nothing
- userProfileDirect with an incognito Profile overlay -> wire Nothing
  (incognito identity must not leak the user's registered name)
- userProfileInGroup' pass-through
- redactedMemberProfile pass-through (forwarded member profiles)
2026-06-04 16:07:12 +00:00
shum 212c9d43fb chat: simplexName field on Profile, GroupProfile, LocalProfile
Adds a Maybe SimplexNameInfo field to the wire-level Profile and
GroupProfile (and their DB sibling LocalProfile). JSON instances are
TH-derived with omitNothingFields = True, so the new optional field is
auto-handled and old peers / old JSON without the key decode as Nothing.

Existing record-construction sites are set to simplexName = Nothing as
a placeholder. Outgoing dissemination (userProfileDirect /
userProfileInGroup) and incoming persistence wire-up land in follow-up
commits. redactedMemberProfile passes the field through, matching how
peerType is preserved.
2026-06-04 15:45:42 +00:00
shum 48a4221ed6 chat: share/copy output prefers simplexName when present
When a contact or group has a simplex_name stored, the share-link
render path emits the canonical simplex:/name... URI (via strEncode)
instead of the underlying connection link. Falls back to the existing
link rendering when simplexName is Nothing.

Final commit of the ConnectTarget plumbing chain: end-to-end users
can now (a) connect via @alice.simplex / #group.simplex with the
agent layer carrying the name, (b) see the simplex name on the
contact/group records and in viewConnectionPlan, (c) share the
contact using the namespace-canonical form rather than the raw URI.
2026-06-03 18:26:35 +00:00
shum c112800081 tests: provide namesConfig = Nothing in smpServerCfg
Follow-up to the simplexmq pin bump (ee0a45e9). The new
namesConfig :: Maybe NamesConfig field on ServerConfig (introduced
in simplexmq's namespace branch) needs to appear in the test
fixture's record literal, otherwise the test suite fails to compile
under -Werror. Disabled by default (Nothing).
2026-06-03 15:23:28 +00:00
Evgeny Poberezkin 60e75aa398 Merge branch 'stable' 2026-05-31 17:33:52 +01:00
Evgeny 9bb2bec3fa plan: web previews for channels (#7022)
* plan: web previews for channels

* types for recipient side to support channel web previews and domain names

* fix

* migrations

* update schema and api types

* update schema

* rename migrations

* core: check member role

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-05-31 17:12:12 +01:00
Evgeny 16982b6111 core: rename migrations (#7028) 2026-05-30 17:16:56 +01:00
Evgeny Poberezkin 9f93e87f56 Merge branch 'stable' 2026-05-30 16:01:27 +01:00
sh 68fc1b5d22 core, ui: split SimplexNameDomain out of SimplexNameInfo (#7024)
* core, ui: split SimplexNameDomain out of SimplexNameInfo

* core: bump simplexmq to b3f28948 (SimplexNameDomain split)

* core: bump simplexmq to 4e2c9fc3 (StrEncoding split)

* core: bump simplexmq to ee2ff402 (#1788 squash merge)

* update sha256map.nix
2026-05-30 09:39:14 +01:00
Narasimha-sc 5aace8401c core: fix /start remote host parser when iface name contains a space (#7025)
* core: fix /start remote host parser when iface name contains a space

The iface= field used jsonP (which calls takeByteString and strict-decodes
the entire remaining input as JSON). When port= followed iface=, the strict
decode failed on the trailing data and the text1P fallback stopped at the
first space inside the JSON-quoted interface name (e.g. "Ethernet 2"),
leaving unparseable junk and producing "Failed reading: empty".

Replace jsonP with a bounded quotedP that consumes only up to the closing
quote, leaving port=… for the next parser.

* plan: document fix for /start remote host iface-with-space parser bug
2026-05-30 07:33:10 +01:00
Evgeny Poberezkin 507a4de61c Merge branch 'stable' 2026-05-28 23:19:54 +01:00
Evgeny 68abd805d4 rfc: namespace (#7001)
* rfc: namespace

* update rfc

* markdown for names

* record type, app "upgrade" alerts

* update api types

* rfc: change namespace syntax - now it is the usual namespace

* update bot types

* move types to simplexmq

* core: refactore markdown

* update simplexmq

* better names

* new names

* update nix content hashes

* fix

* change valid name function

* update simplexq, update valid name conditions

* fixes

Co-authored-by: simplex-chat-agent[bot] <287173099+simplex-chat-agent[bot]@users.noreply.github.com>

* update simplexmq

* fix localization

* simpler

* refactor

* refactor

* fix

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
Co-authored-by: simplex-chat-agent[bot] <287173099+simplex-chat-agent[bot]@users.noreply.github.com>
2026-05-28 08:44:43 +01:00
spaced4ndy 037c05cd29 core: fix races on member removal / delivery of their messages (#7010) 2026-05-26 09:07:26 +00:00
spaced4ndy c017c25d0f core, ui: member full delete with messages (#6994) 2026-05-25 10:43:36 +00:00
Evgeny fe6b5186e1 core: update simplexmq (receiving services) (#6212)
* core: update simplexmq

* update agent api

* update simplexmq

* core: add flag to User to use client services

* update simplexmq

* cli command to toggle service for a user

* test, fix

* query plans, core/bot api types

* remove local package reference

* increase server queue size in tests

* show client service status in users list

* update query plans

* cli: fix redraw slowness (#6735)

* cli: add pland to fix redraw slowness

* updtae doc

* cli: decouple key reading from processing via TQueue

* schema and bot types

---------

Co-authored-by: sh <37271604+shumvgolove@users.noreply.github.com>
2026-05-25 10:37:13 +01:00
spaced4ndy 2b48b55190 core: deliver member profiles via relay (#6953) 2026-05-22 20:52:01 +00:00
spaced4ndy 92e9640e4f core, ui: relay reject rejoin (#6978) 2026-05-18 09:06:25 +00:00
Narasimha-sc 3b4bf92015 core: include trailing "_" and "!" characters in links (#6973)
* core: include trailing "_" and "!" characters in links

* docs: plan for keeping trailing "_" and "!" in links
2026-05-13 16:45:39 +01:00
Evgeny 7497b90e7c core, ui: allow indefinite deletion from history for public channel/group owners/moderators (#6972)
* Revert "core: forward compatible support for owners/admins/moderations deleting channel and public group messages without limitations (#6962)"

This reverts commit 08108ebabb.

* core, ui: allow indefinite deletion from history for public channel/group owners/moderators

* style

Co-authored-by: Evgeny <evgeny@poberezkin.com>

* refactor

* show error on deletion

* better alerts

* test

* plan

* simplify test

* bot api docs

* refactor

* test that removed from history is not delivered to the new subscribers

* fix, refactor

* fix

* rename

* rename predicate in UI

* rename

* do not forward channel deletions from history

* remove redundant check

---------

Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
2026-05-13 15:24:52 +01:00
spaced4ndy 24859e1281 core: announce added relay (#6956) 2026-05-12 12:36:23 +00:00
sh e63c403623 simplex-chat-python: add python library (#6954)
* docs: simplex-chat-python design and implementation plan

* bots: Python wire types codegen

* simplex-chat-python: package scaffold

* simplex-chat-python: native libsimplex loader

* simplex-chat-python: async FFI wrappers

* simplex-chat-python: ChatApi with 49 api methods

* simplex-chat-python: Bot class with decorators and dispatch

* simplex-chat-python: install CLI, example bot, README

* simplex-chat-python: audit fixes

* bots: regenerate API docs and types

Catches up the markdown, TypeScript and Python codegen outputs with two
upstream schema changes:

- APIConnectPlan.connectionLink became optional (from sh/python-lib audit
  fixes); cmdString and EBNF syntax now reflect optional parameter.
- APIAddGroupRelays command and CRGroupRelaysAdded/CRGroupRelaysAddFailed
  responses added in #6917 (relay management). The TS and markdown outputs
  were regenerated when #6917 landed but the Python types module only got
  the new entries with this regeneration.

* core: refresh SQLite query plans after relay_inactive_at migration

The M20260507_relay_inactive_at migration (#6917 / #6952) shifted the
query plans that 'Save query plans' verifies. Regenerated via the test
that owns those snapshots; no behavioral change.

* bots: keep APIConnectPlan connectionLink as required parameter

The prior audit-fixes commit changed the syntax expression to `Optional ...`
because the Haskell field is `connectionLink :: Maybe AConnectionLink`.
That misrepresents the API contract: the `Maybe` is purely an internal
signal for link-parsing failure (the handler returns `CEInvalidConnReq`
on `Nothing`), not API-level optionality. Callers MUST always pass a
connection link.

Revert the syntax expression to `Param "connectionLink"` and add a
comment so the intent is preserved next time someone audits.

Regenerates COMMANDS.md, commands.ts and _commands.py to match.
2026-05-12 12:32:01 +01:00
Narasimha-sc eb4f601c8b core: keep whitelisted query parameters when removing link tracking (#6965)
* core: keep whitelisted query parameters when removing link tracking

In safe mode, "remove link tracking" stripped any query parameter whose
name started with a known tracking prefix in qsSafeBlacklist, ignoring
qsWhitelist. So "list" (e.g. YouTube playlist links) was dropped because
"li" (LinkedIn) is a prefix of it, and github's "ref" was dropped too.
Make the safe-mode filter consult the whitelist, like the other branches.

* docs: plan for keeping whitelisted query parameters when removing link tracking

Design doc for the safe-mode sanitizeUri change (PR #6965): why "?list=" was
stripped from YouTube links, the root cause (safe mode ignoring qsWhitelist),
the fix, what it does/doesn't change, and alternatives considered.
2026-05-12 10:11:26 +01:00