[Epic] Chat SDK

[D4nte]

A number of dApp teams in the Ethereum (and other) ecosystem have shown interesting in integrating a web based chat in their dApp.

This is so far the most seek use case for Waku v2 integration.

The Chat SDK aims to fulfill this need.

After reviewing the requirements and technical challenges, we deduced that compatibility with Status Community would allow to deliver the fastest, allowing said project teams, therefor known as community owner, to:

• Create open Communities/chats (e.g. trollbox)
• Create token-based permissioned communities/chats (e.g. access for token holders only)
• Enable end-to-end encrypted communications with Perfect Forward Secrecy and Future (aka backward) Secrecy (see 5/SECURE-TRANSPORT for their community member
• Kick/Ban spammer and scammer from their communities.

Do note that only Community Owners/dApp developers would need to use the Status app (or even be aware that the Status App is used in the background). Chat users would only need access to the chat via the dApp that integrates it.

Output

For each milestone, the deliverable should include:

• Core logic: compatibility layer with Status Communities on top of js-waku (npm package is published)
• React Hooks (npm package is published)
• React components (npm package is published)
• Styled example using all the above (hosted on GitHub pages)
• Guide to describe usage of styled example (published)

Milestones

Here is a roadmap to deliver the Chat SDK, further the milestone, more likely it is to change. As Status Communities is also in development, there is a inter-dependencies that we need to be aware of.

Community Owner both refers to an admin that manager the community on the project team side and the developer that integrates chat-sdk in the dApp.

User refers to a person that joins the community to chat using the dApp that integrates the Chat SDK.

chat refers to the in-dApp chat/trollbox powered by the Chat SDK.

A. Public, open communities, read/write access for members

https://github.com/status-im/dappconnect-sdks/milestone/1

1. As a community owner, I want to be able to create an open community/channel https://github.com/status-im/status-react/issues/12548
2. As a community owner, I want users of the chat to automatically join my community and a unique channel. https://github.com/status-im/dappconnect-sdks/issues/2
3. As a user, I want to be able to create a new identity to participate in the chat. #4
4. As a user, I want to be able to read messages from the chat. https://github.com/status-im/dappconnect-sdks/issues/3
5. As a user, I want to be able to send messages in the chat. #5
6. As a community owner, I want to embed the chat room in my dApp home page (AI floating assistant style + mini div).
7. As a community owner, I want to host the chat room in a separate browser page than my dApp home page (full screen).
8. As a user, I want to be able to share images (memes) that display inline.
9. As a user, I want to see a preview when a link is posted.

B. Spam Control

• TBD

C. Encryption (chat)

• TBD

D. Encryption and private messages)

• TBD

E. Token-based permission

• TBD

[D4nte]

Technical Update 14 Oct 2021

Attendees

• @Szymx95
• @D4nte

Minutes

Next steps:

1. Image Messages
   • Testing blocked by https://github.com/status-im/nim-waku/issues/739
2. Member list
   • how is the list of members updated for an open community? See https://github.com/status-im/dappconnect-chat-sdk/issues/2
   • @D4nte to provide API to check online status of members
3. Connecting with community
   • API is available
   • No community has been created for testing.
     • @D4nte Check with Status Desktop team if anyone can give me an amd64 linux binary
   • Instead of having an API function to instantiate a chat from the Community, instantiate all chats as the community description is pulled. https://github.com/status-im/dappconnect-chat-sdk/issues/69. @D4nte to do it.
4. Identity
   • For first milestone, only try to preserve identity when user open/close page
   • No need for identity to be exported/imported to other browser instance
   • No need for identity to be backed up or recovered
   • @D4nte to track with security team on thought about private key in local storage
   • For first milestone, we consider the private key as throwable until https://github.com/status-im/js-waku/issues/73 is moved forward
   • @D4nte to review whether to provide similar 3-words nick/image than what is done in Status app or just use unsecure custom nick for now
5. Embedding
   • @Szymx95 to provide 2 types of embedded example:
   • static component in a page: Chat is embedded in the dApp UI, layout does not change (chat always visible)
   • dynamic component: the chat can be made to appear/disappear, similar to an "assistant AI" in moth website or the chat feature in Google Meet.

[D4nte]

Next: discuss image chunking

[D4nte]

Technical Update 22 Oct 2021

Attendees

• @Szymx95
• @D4nte

Minutes

1. Online Status

• Not strictly necessary for milestone A but nice to have. It could resolve the identity issue below (needed for milestone B). Chunking of large messages takes priority
• @D4nte thinks there is already a Status protocol for that. ping'd Andrea in https://github.com/status-im/dappconnect-chat-sdk/issues/45 to get details
• Once we get details, if @D4nte is not available, @Szymx95 can implement the protocol in status-communities package and follow-up with @cammellos

2. Nickname

• Current Status protocol only allows ENS name and 3-word nick derived from public key
• Discussions in progress but not concluded with Status security & core regarding usage of custom nick name while preventing impersonation
• For milestone A, having a the chat public key as handle is enough
• For milestone B, we want custom name
• Impersonation does not matter for troll box
• Once we clarify the online status, we could use the displayName field in ChatIdentity to convey a custom nick and see what core team thinks
• Once custom nick is solved on Status core side, we can adopt their solution (which should be impersonation resistant)\

3. Identity

• @Szymx95 to add new flow to
  • setup a password when opening app to save generated private key in local storage
  • OR load private key from local storage with password

4. Chunks

• @Szymx95 to create POC in js-waku to chunk/consolidate message above 60kb at Waku Message level.
• Hard upper limit at 1MB
• See https://github.com/status-im/nim-waku/issues/739#issuecomment-949315460

5. Moving forward
   • @D4nte to be AFK in November, project to continue as per roadmap: https://docs.google.com/document/d/1dT2DCd4DtwtJmZFYPg3-eV05UF87Tzb5xM37lmLBcvo/edit#
   • Use #chat-sdk channel on discord.
   • @cammellos is the PoC for any question re Status protocol. Also to be included for any proposed change to the protocol

[D4nte]

Technical Update 1 Dec 2021

Attendees

• @Szymx95
• @D4nte

Minutes

• nicknames: technical specifications are not ready, hopefully will get details in tonight's meeting. Waiting from Status mobile team.
• Added mentions
• Can nickname other people
• Private chats (group): sorted out the topic but not yet the encryption.
  • @cammellos to confirm whether for asymmetric encryption, Waku version 1 is just used or another encryption is done at application level
• Images: set to 1MB, not testes yet. @Szymx95 to test.

[D4nte]

Technical Update 9 Dec 2021

Attendees

• @Szymx95
• @D4nte

Minutes

• Encryption: not totally clear on how to do DH. @Szymx95 to ask questions to @cammellos in chat. @D4nte to check go code next week if no answer provided
• Set custom nicknames: Should be set in ChatIdentity but it is only used in CommunityDescription, CommunityChat and ContactCodeAdvertisement. Need to clarify if we should implement this advertisement protocols.
• Profile security (figma: https://www.figma.com/file/IPpvkpDWabBKJTeo6bFop0/Kuba%E2%8E%9CDesktop?node-id=662%3A320379)\
  • Not sure how the flow works with untrustworthy. @John-44 do we have documentation for this flow apart from the figma above?
  • Emoji hash. Consensus needs to be reached by security team on number of emojis. PoC: https://github.com/0kok0/emojihash
  • Identicon line: not sure we have a PoC. Is it defined?
• @guylouis I see you were tracking re emoji hash and identicon, what is the current status?

Priorities

• Encryption, emoji hash and identicon are not needed for first version
• Focus in implementing custom nickname first
• Then tidying up code for a release, we can then do an internal demo and review and then organize a demo with synthetix in the new year

[D4nte]

Technical Update 21 Dec 2021

Attendees

• @D4nte
• @Szymx95

Minutes

• Prod fleet is slow
  • @D4nte confirmed with https://status-im.github.io/js-waku/ that it is slow, it takes 5s for messages to propagate
  • [x] to follow up in issue.
• Connect Ethereum Wallet option:L
  • Generate private key using EIP-712
  • fill in the "name" field with website domain (as per EIP). This will allow the user to see if they are signing for "synthetix.io" on website "scamme.com" for example.
  • Add a message field that informs the user "The signature of this message will be use as a private key for message decryption. Please check the domain name you sign matches the dApp you are visiting".
  • Add an optional "password" field that allows the user to add data to be signed to secure the chat key even further.
• Sync with Status profile: do not do it for now. The main use case will be for the Status Mobile/Desktop apps to sync with the Web app, not the opposite.
• When a pop-up shows up, if there are channels available, let's show the channels in the background (designs are not consistent, some show no channel).
• Missing design for throwaway account. Ask Kuba to design it
• Keep one button for "use throwaway account" in left side bar
• If a throwaway account is detected locally show (new) window to enter password (throwaway accounts are encrypted locally).
• Password popup should also contain a red clickable text "Destroy existing account and create new account) or similar
• When clicking to clickable text, it delete throwaway account and start flow to create new throwaway account.
• Custom name:
  • Basis implemented. Still need to sort out in other places such as group chats.
  • Will do profile picture, very similar to custom name
  • One can decide to locally assign a custom name to another user (not yet saved in local storage).
  • ChatIdentity message sent when user set its custom name
  • [x] @Szymx95 to send this message periodically.
• When meeting up on 5th Jan, lock in date/time for internal demo.

[D4nte]

Technical Update 5 Jan 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Emoji hash, color ring: status? @D4nte pinged Guy-Louis who was tracking

• Generate private key using EIP-712: Work In Progress.

• Waku Store queries are slow

  • [x] @D4nte to follow-up

• Currently, decryption keys are added for all content topics

  • Time could be saved by setting decryption key per content topic
  • [x] @Szymx95 to enable debug logs and confirm that decryption is the operation that takes time. Use debug=waku*.

• Example works but it gets much slower when adding few private groups.

• Next: working on the profile, to add image.

• [ ] @D4nte to prepare packages for publication and try to build an example.

• Blocking for demo:

  • Waku Store performance: some days is slow, some day better. Needs to be solved consistently
  • Decryption performance: @Szymx95 to investigate and @D4nte to possibly update API

[D4nte]

Technical Update 13 Jan 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Test fleet works much better.

• Mainly working on performance

• Waiting for @John-44 and Kuba for login flow design

• Open community

  • Design was scrapped for open community? As now, any user could read and write in open community. member list stayed empty.
  • With new design, user need to ask permission to write. Even if admin auto accepts

• [x] @Szymx95 to see if failed attempt to decrypt takes time

• Vote SDK

  • [x] @D4nte to merge https://github.com/status-im/wakuconnect-vote-poll-sdk/pull/17 and publish new packages
  • [x] @Szymx95 to take over https://github.com/vacp2p/docs.wakuconnect.dev/pull/20/files and https://github.com/status-im/wakuconnect-vote-poll-sdk/issues/11

[D4nte]

Technical Update 19 Jan 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Worked on Vote SDK doc
  • confirmed that it can be used from npm packages
  • write doc
  • Issue with @D4nte's smart contract ABI change. Now investigated
  • Proposed to have a doc/example for both useDapp and ethers
    • Let's not do that as we have time constraint and we are not sure who will use the vote SDK. Keep useDapp example only for now
• Chat SDK
  • Focus on fixes + testing publish packages
  • Someone should be able to use the Chat SDK for 1:1 and private groups
  • New Status Communities changes can be done once what has been delivered is confirmed working

[D4nte]

Technical Update 27 Jan 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Modular SDK: Do we need to support several public channels outside of Status Community?
  • For now, not really as the protocol that we want to be able to plug in to dogfood new spam protection protocols only support one non-encrypted chnanel (chat2)
  • However, some projects what encrypted private groups and 1:1 encrypted messages, so we need to be able to import/use the chat sdk in a way that only encrypted groups and 1:1 are encrypted. In this case, the UX to "import" contacts does not matter so do anything that works as most likely the dApp that uses the SDK would have a programmatic way to import the contacts for a user.
• Use published npm packages: Not done yet
• Vote SDK: PR ready, @D4nte to review
• Meeting follow up Monday booked.

[D4nte]

Technical Update 31 January 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Vote SDK: @Szymx95 to check comments from @D4nte on doc PR, GIFs are missing.
• New examples that only use 1:1 and private group chats done and available
• Some issue with test fleet when demoing. Prod fleet bit slower.
• Captcha should never appear for private groups: @Szymx95 to remove it for private groups.
• When a 1:1 window is open, the left hand show all contacts but it's labelled "members" and not "contacts". It is a bit confusing. It is the same display than in a private group chat (only shows "members" of the group chat, which is correct).
• When opening several tabs, it is very slow: is nim-waku throttling the connection?
• Use published packages for examples: postponed to later.
• [ ] @Szymx95 to open some handover issues.
  • Update js-waku to use the key decryption per content topic API
  • Use published packages in examples
  • Review the "contact" sidebar in 1:1 messages
  • Remove captcha when creating private group

[D4nte]

Technical Update 3 February 2022

Attendees

• @D4nte
• @Szymx95

Minutes

• Last meeting!
• Update js-waku to use the key decryption per content topic API: @Szymx95 to do that today
• Use published packages in examples: handed over to @prichodko
• Review the "contact" sidebar in 1:1 messages: done
• Remove captcha when creating private group: handed over to @prichodko