Project Hard Rules
Wiltkey codebase invariants and product development philosophy guidelines.
Technical Invariants
These architectural rules are absolute. Any pull request violating these invariants will be rejected automatically.
All data written to disk (SQLite database or preferences) must be encrypted. Message payloads are encrypted under the One-Time Pad in transit, and stashed under the master AES key at rest. Plaintext strings must exist only in transient RAM variables.
The Go relay server stores zero chat logs. Messages online are routed immediately. Messages offline are buffered in Redis with a strict 24-hour TTL and deleted instantly upon delivery. (Some strictly opt-in future features may store data server-side, but only encrypted and anonymized.)
Themes and widgets must be built strictly on top of WiltkeyTokens and the WiltkeyComponents factory (via context.wk / context.wkc). Hardcoding sizes, paddings, colors, or direct widget overrides is strictly forbidden.
Keystream offsets must only advance forward. Rolled back pointers are only permitted synchronously during failed-message send cancellations to prevent pad gaps. Key reuse compromises information-theoretic security.
Product Philosophy
We build software for the terminally offline. We measure success by how quickly the user returns to the physical world.
Do not design features that encourage long-distance digital relationships at the expense of local meetups. Key exchanges and group additions require physical BLE synchronization for this reason.
Less time spent in the app is better. Design interactions to be highly efficient, offline-first, and distraction-free. The app is a utility to coordinate real-life encounters, not an engagement trap.