ProjectTempest

A modern Discord style chat platform built around four hard requirements:

1. Far better support for server bots and plugins, including an in platform WASM sandbox so authors can ship bots that we host with hard CPU, memory, time, and network limits.
2. A permission system with 80 fine grained bits, deny / allow overrides at server, category, channel, and thread scopes, and per user overrides on top of role overrides.
3. Authentication that resists token theft. Passkeys only, no passwords. Access and refresh tokens are DPoP bound to a non extractable per device key. Refresh tokens use family rotation with reuse detection.
4. End to end encryption for direct messages using MLS. The server sees ciphertext only.

Layout

crates/
  tempest-core           shared domain types, snowflake IDs, errors
  tempest-perms          80 bit permission mask + resolution algorithm
  tempest-db             sqlx queries against Postgres
  tempest-auth           WebAuthn, DPoP, JWT issuance, sessions
  tempest-protocol       CBOR framed gateway opcodes
  tempest-mls            server side MLS state, handshake + welcome handling
  tempest-search         Meilisearch indexer
  tempest-api            Axum HTTP server (REST)
  tempest-gateway        WebSocket gateway with resume buffer
  tempest-bot-runtime    Wasmtime sandbox + ~31 host imports
  tempest-bot-sdk        Rust SDK for bot authors (compiles to wasm32-wasi)
migrations/              Postgres migrations (init, messages, bots, mls, audit)
apps/
  web                    React 19 + Vite client
  desktop                Tauri 2 shell with OS keychain
infra/
  Dockerfile             Multi stage build for the three Rust services
  Dockerfile.web         Web client + nginx
  docker-compose.yml     Local dev stack
  railway.toml           Railway deployment topology

Local development

One step:

./scripts/dev-up.sh

This generates fresh hex secrets if .env still has the placeholder values, brings up Postgres, Redis, and Meilisearch in Docker, builds the workspace, starts the three Rust services in the background with logs in dev/logs/, and runs pnpm install then vite dev for the web client. Open http://localhost:5173, register a passkey, create a server.

Stop everything with ./scripts/dev-down.sh.

Tests

cargo test -p tempest-perms        # >50 unit + property tests for the resolver
cargo test -p tempest-core         # snowflake monotonicity + ser/de
cargo test -p tempest-bot-runtime  # capability parser + matcher
cargo test -p tempest-auth         # DPoP htu, JWK thumbprint, JWT round trip

Deployment

Pure dashboard, no CLI. Walk through is in RAILWAY.md. High level:

1. Generate three random hex secrets. ./scripts/gen-secrets.sh prints them in the order you'll paste them, or grab the one liners in RAILWAY.md if you don't have a shell handy.
2. In the Railway dashboard, create a new project from this GitHub repo and add Postgres + Redis from the database catalog.
3. Add five services (four app services and Meilisearch). For each one, set the Dockerfile path, start command, and env vars from RAILWAY.md.
4. Attach a public domain to tempest-web and reuse it for TEMPEST_RP_ID on the api service.
5. Front the three public services with Cloudflare path routing OR sibling subdomains, both options documented.