# Architecture
The protocol is layered to keep responsibilities isolated:
1. **Message Model** – application payloads become `enigma-packet::Message` instances. Attachment metadata maps 1:1 to `AttachmentInit/Chunk/End` variants.
2. **Session Crypto** – a session bootstrap produces a deterministic ratchet state derived from the pre-shared secret, participant identifiers, and optional remote DH material. Each call to `encrypt_message` or `decrypt_packet` advances the ratchet and yields a fresh AEAD key.
3. **AEAD Envelope** – plaintext bytes are serialized packets. `enigma-aead` wraps them with XChaCha20-Poly1305 using the derived key and the canonical associated data (conversation id + sender + receiver).
4. **Transport** – `Transport` abstracts byte delivery. The in-memory transport backs tests, while real deployments plug in WebRTC, TCP, QUIC, or any other medium.
```
Application Payload
↓
enigma-packet::Message
↓
Ratchet key derivation
↓
enigma-aead envelope
↓
Transport
```