1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
//! Peer capability bits (huddle 2.2 / M-C4).
//!
//! A peer advertises which **new wire forms** it understands so a sender can
//! retire a legacy/cleartext form *only* once the other end is known-capable —
//! the additive way to make an otherwise non-additive wire change. Caps ride in
//! the signed `MemberAnnounce` (per-member, in-room) and in `RoomAnnouncement`
//! (the announcer's caps, learned at discovery time). Because the carrying
//! `MemberAnnounce` is signed end-to-end, a relay can't forge or strip caps
//! without breaking the signature.
//!
//! Encoded as a `u32` bitset. Unknown/absent → `0` (a legacy peer), so a missing
//! field decodes to "supports nothing new" and every gate below stays false.
//! New bits are append-only; never renumber an existing bit.
/// Code-join v2 (audit PA-1): the peer sends an Argon2 *proof of knowledge* of
/// the join code bound to its ephemeral X25519 key + room id, instead of the
/// cleartext bearer code. A v2 joiner omits the cleartext code entirely, so a
/// malicious relay can no longer read it and rebind it to a forged ephemeral.
pub const CODE_JOIN_V2: u32 = 1 << 0;
/// Private file metadata (audit FILES-2): the peer accepts a keyed-MAC content
/// commitment (`EncryptedFileMeta.content_mac_b64`) in place of the plaintext
/// `content_hash = SHA256(plaintext)`, so the relay no longer sees a
/// plaintext-confirmation oracle for attachments.
pub const FILE_META_PRIVATE: u32 = 1 << 1;
/// Everything THIS build implements — advertised in our announces.
pub const OURS: u32 = CODE_JOIN_V2 | FILE_META_PRIVATE;
/// True iff `caps` advertises `bit`.