Implement the server-time capability (IRCv3.2) that adds @time= tags
to messages for clients that request it. Timestamps are ISO 8601 format
with millisecond precision.

Changes:
- Add CAP_SERVERTIME capability to capab.h
- Add FEAT_CAP_server_time feature flag (default: TRUE)
- Add format_server_time() helper for ISO 8601 timestamps
- Update sendcmdto_channel_* functions to build dual message buffers
  (with and without @time tag) based on client capability
- Update sendcmdto_common_channels_* functions similarly

Functions updated:
- sendcmdto_channel_butserv_butone() - Channel messages
- sendcmdto_channel_capab_butserv_butone() - Capability-filtered channel
- sendcmdto_common_channels_butone() - Common channel notifications
- sendcmdto_common_channels_capab_butone() - Filtered common channels
- sendcmdto_channel_butone() - PRIVMSG/NOTICE to channels

Example output for server-time clients:
@time=2025-12-23T12:30:00.123Z :nick!user@host PRIVMSG #chan :message

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements the IRCv3 echo-message capability which echoes PRIVMSG and
NOTICE messages back to the sender. This is useful for clients to
confirm message delivery and maintain consistent message display.

Changes:
- Add CAP_ECHOMSG to capab.h
- Add FEAT_CAP_echo_message feature flag (default TRUE)
- Register echo-message in capability list in m_cap.c
- Modify relay functions in ircd_relay.c to echo back:
  - relay_channel_message() - channel PRIVMSG
  - relay_channel_notice() - channel NOTICE
  - relay_private_message() - private PRIVMSG
  - relay_private_notice() - private NOTICE

Private message echoes include sptr != acptr check to avoid
duplicate when messaging self.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements the IRCv3 account-tag capability which includes the sender's
account name in message tags (@account=accountname or @account=* for
not logged in).

Changes:
- Add CAP_ACCOUNTTAG to capab.h
- Add FEAT_CAP_account_tag feature flag (default TRUE)
- Register account-tag in capability list in m_cap.c
- Refactor send.c message tag handling:
  - Add format_message_tags() to build combined @time;@account tags
  - Add wants_message_tags() helper for capability checks
  - Rename mb_st to mb_tags for clarity
  - Update 5 send functions to use combined tag handling

The implementation combines server-time and account-tag into a single
tag string, sending both to clients that request either capability
(per IRCv3 spec, clients ignore unknown tags).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements the IRCv3 chghost capability which notifies clients
when a user's hostname or username changes, instead of showing
QUIT/JOIN messages.

Changes:
- Add CAP_CHGHOST capability and FEAT_CAP_chghost feature flag
- Add CMD_CHGHOST to msg.h
- Add SKIP_CHGHOST flag for send functions to skip chghost clients
- Modify hide_hostmask() and unhide_hostmask() in s_user.c to:
  * Send CHGHOST to clients with the capability
  * Skip chghost clients when doing QUIT+JOIN workaround
- Update send.c to handle SKIP_CHGHOST flag

Format: :nick!olduser@old.host CHGHOST newuser new.host

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements the invite-notify capability that notifies channel members
when someone is invited to the channel.

Changes:
- Add CAP_INVITENOTIFY to capab.h
- Add FEAT_CAP_invite_notify feature flag (default: TRUE)
- Register capability in m_cap.c
- Send INVITE notification to channel members with capability
  in both m_invite() (local) and ms_invite() (server) handlers

Format: :inviter!user@host INVITE invitee #channel

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement IRCv3.2 labeled-response capability that allows clients to
correlate commands with server responses using @Label tags.

Changes:
- Add CAP_LABELEDRESP capability and FEAT_CAP_labeled_response feature
- Store label per-connection in con_label[64] field
- Parse @Label=value from client message tags in parse_client()
- Add format_message_tags_for() for recipient-specific tag generation
- Add sendcmdto_one_tags() for sending messages with tags
- Modify send_reply() to include @Label and @time tags
- Update echo-message calls to use sendcmdto_one_tags()

The label is cleared at the start of each command and included in all
responses to that command. Labels are client-side only (no P10 changes).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement IRCv3.2 batch capability for grouping related server responses.
This is required for proper labeled-response support on multi-response
commands.

Changes:
- Add CAP_BATCH capability and FEAT_CAP_batch feature flag
- Add batch state fields to connection (con_batch_id, con_batch_seq)
- Add MSG_BATCH command definition
- Implement send_batch_start() to start a batch with label tag
- Implement send_batch_end() to end an active batch
- Implement has_active_batch() helper function
- Update format_message_tags_for() to use @Batch tag when active
- Update send_reply() to use @Batch instead of @Label when batched

The batch BATCH +id type message includes @Label tag for labeled-response
integration. Messages within a batch use @Batch=id instead of @Label.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement setname capability allowing users to change their realname
(GECOS field) mid-session per IRCv3 specification.

Changes:
- Add CAP_SETNAME capability and FEAT_CAP_setname feature flag
- New P10 token: SE (SN was taken by SVSNICK)
- New m_setname.c with m_setname() and ms_setname() handlers
- P10 format: [USER_NUMERIC] SE :[NEW_REALNAME]
- Notify channel members with setname capability
- Propagate changes S2S

IRCv3 spec: https://ircv3.net/specs/extensions/setname

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Phase 14: Add @bot message tag for users with +B mode
Phase 15: Implement standard-replies capability (FAIL/WARN/NOTE)
Phase 16: Add msgid tag with unique ID generation
Phase 17: Implement TAGMSG command (P10 token: TM)
Phase 13a: Add S2S tag parser foundation (backward compatible)

Features:
- @bot tag added to messages from bot-mode users
- send_fail/warn/note() functions for structured error responses
- Message IDs: <server_numeric>-<startup_ts>-<counter> format
- TAGMSG command for tag-only messages (typing indicators)
- S2S parser silently skips @tags prefix for compatibility

New files:
- ircd/m_tagmsg.c: TAGMSG command handlers

New capabilities:
- standard-replies (CAP_STANDARDREPLIES)

New feature flags:
- FEAT_CAP_standard_replies (default: TRUE)
- FEAT_MSGID (default: TRUE)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add full support for client-only tags (+typing, +reply, etc.) in TAGMSG:

Infrastructure:
- Add con_client_tags[512] field to Connection struct for temp storage
- Extract client-only tags (prefixed with +) in parse_client()
- Add format_message_tags_with_client() for formatting tags to clients
- Add sendcmdto_one_client_tags() for user-targeted TAGMSG
- Add sendcmdto_channel_client_tags() for channel TAGMSG relay

TAGMSG changes:
- m_tagmsg: Extract client tags from cli_client_tags(sptr)
- m_tagmsg: Use new send functions for local delivery with tags
- m_tagmsg: Propagate tags S2S via P10 format: TM @+tag=val #channel
- ms_tagmsg: Parse incoming S2S tags from @+tag=val first parameter
- ms_tagmsg: Relay to local clients and propagate to other servers

P10 Format:
  NUMERIC TM @+typing=active #channel
  NUMERIC TM @+typing=active;+reply=msgid ABAAB

This enables typing indicators and other client-only tags to work
across server boundaries.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…OTICE

Add server-to-server message tag support (FEAT_P10_MESSAGE_TAGS):

Parser changes (parse.c):
- Modified parse_server() to extract @time and @msgid tags from incoming
  S2S messages and store them in cli_s2s_time() and cli_s2s_msgid()
- Tags are preserved during message relay for consistency across network

Client storage (client.h):
- Added con_s2s_time[32] and con_s2s_msgid[64] fields to Connection struct
- Added accessor macros cli_s2s_time() and cli_s2s_msgid()

Send functions (send.c):
- Added format_s2s_tags() function to generate/preserve @time;@msgid tags
- Modified sendcmdto_channel_butone() to include S2S tags in server buffers
- Modified sendcmdto_one() to add S2S tags for PRIVMSG/NOTICE to servers

Build fixes:
- Fixed circular dependency between capab.h and client.h by making capab.h
  self-contained with its own FLAGSET macros and forward declaration
- Renamed MSG_BATCH to MSG_BATCH_CMD to avoid conflict with system socket.h
- Fixed m_tagmsg.c function calls to use MSG_TAGMSG instead of CMD_TAGMSG
  for functions that don't take a token parameter

Feature flag:
- FEAT_P10_MESSAGE_TAGS (default: FALSE) controls S2S tag propagation
- When enabled, all PRIVMSG/NOTICE messages between servers include tags
- Tags are preserved from incoming messages or generated fresh if absent

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…netsplit

Add server-to-server BATCH coordination for netjoin and netsplit events:

- Add ms_batch() handler for BT P10 command (m_batch.c)
- Register BATCH command for servers in parse.c
- Add S2S batch tracking fields to client.h:
  - con_s2s_batch_id: active batch ID from server
  - con_s2s_batch_type: batch type (netjoin, netsplit)
- Add send_s2s_batch_start() and send_s2s_batch_end() to send.c
- Propagate batch markers to local clients with batch capability
- Fix FLAGSET_NBITS redefinition warnings in client.h

P10 format:
  [SERVER] BT +batchid type [server1 server2]  # Start batch
  [SERVER] BT -batchid                          # End batch

Batch types: netjoin, netsplit

Future work: Hook into END_OF_BURST and SQUIT handlers to automatically
trigger batches during net events.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Automatically send IRCv3 batch markers to local clients when:
- Netjoin: Server reconnects (junction detected in m_server.c)
  - Batch start on SetBurst/SetJunction
  - Batch end on END_OF_BURST
- Netsplit: Server disconnects (exit_client in s_misc.c)
  - Batch start/end wraps exit_downlinks

New functions:
- send_netjoin_batch_start/end: Track batch on server struct
- send_netsplit_batch_start/end: Use caller-provided batch ID

Batch ID stored on struct Server for netjoin (persists across burst).
Netsplit uses local variable since it's immediate.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Per IRCv3 spec, all messages inside a batch MUST include the @Batch=id
tag. This commit adds:

- Global active_network_batch_id tracking for network events
- set_active_network_batch() and get_active_network_batch() functions
- format_message_tags_with_network_batch() for @Batch tag formatting
- Modified sendcmdto_common_channels_butone() to use batch tags for
  clients with CAP_BATCH capability during network events

Netsplit: set_active_network_batch() called before exit_downlinks()
Netjoin: set in send_netjoin_batch_start(), cleared in send_netjoin_batch_end()

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add send_fail() calls with CAP_STANDARDREPLIES check to TAGMSG, SETNAME,
and AUTHENTICATE error paths. Clients with standard-replies capability
receive structured FAIL messages in addition to traditional numerics.

Error codes added:
- TAGMSG: NEED_MORE_PARAMS, INVALID_TARGET, CANNOT_SEND
- SETNAME: DISABLED, NEED_MORE_PARAMS
- AUTHENTICATE: TOO_LONG, SASL_FAIL

IRCv3 spec: https://ircv3.net/specs/extensions/standard-replies

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add sasl_server_available() check to CAP LS handling. SASL is now only
advertised when:
- FEAT_SASL_SERVER="*" and at least one server is connected, OR
- The specific configured SASL server is connected

This prevents clients from attempting SASL authentication when X3/services
are not available, improving the connection experience.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add SaslMechanisms global to store mechanism list received from services
- Add set_sasl_mechanisms() and get_sasl_mechanisms() functions
- Handle SASL * * M :mechanisms broadcast in ms_sasl()
- Use dynamic mechanism list in CAP LS 302 instead of hardcoded value
- Falls back to static value if no broadcast received

This allows X3 to announce which SASL mechanisms it actually supports
(PLAIN, EXTERNAL, OAUTHBEARER) based on its configuration.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Previously, broadcast functions like sendcmdto_common_channels_butone()
and sendcmdto_channel_butone() built a single tagged message with all
available tags (server-time, account-tag, bot) and sent it to any client
that requested any tag capability.

This meant a client requesting only server-time would also receive
@account tags, and vice versa. While technically compliant (clients must
ignore unknown tags per IRCv3 spec), it was wasteful and imprecise.

New implementation:
- Added format_message_tags_ex() with explicit TAGS_* flags control
- Added get_client_tag_flags() to determine which tags each client wants
- Updated broadcast functions to use per-capability message buffer cache
- Each unique combination of capabilities gets its own cached message
- Only tags the client actually requested are included

Functions updated:
- sendcmdto_common_channels_butone()
- sendcmdto_common_channels_capab_butone()
- sendcmdto_channel_butserv_butone()
- sendcmdto_channel_capab_butserv_butone()
- sendcmdto_channel_butone()

Performance: Uses lazy caching - message buffers are only built when
first needed for a given tag combination, then reused for all clients
with the same capabilities.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Remove unused format_message_tags() and format_message_tags_with_network_batch()
functions that were replaced by the per-capability message buffer caching.

The new implementation uses format_message_tags_ex() with TAGS_* flags and
get_client_tag_flags() to build per-client message buffers.

Update wants_message_tags() comment to clarify it's now only used for
TAGMSG filtering.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add support for the IRCv3 draft/no-implicit-names extension which allows
clients to suppress automatic NAMES replies after JOIN. This reduces
bandwidth for mobile clients and clients joining many channels.

Changes:
- Add CAP_DRAFT_NOIMPLICITNAMES to capab.h
- Add FEAT_CAP_draft_no_implicit_names feature flag (default: TRUE)
- Add capability to m_cap.c negotiation list
- Skip do_names() in m_join.c when capability is negotiated
- Skip do_names() in m_svsjoin.c when capability is negotiated

Spec: https://ircv3.net/specs/extensions/no-implicit-names

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add support for the IRCv3 draft/extended-isupport extension which allows
clients to request ISUPPORT (005) tokens before completing registration.
This enables early feature discovery during capability negotiation.

Changes:
- Add CAP_DRAFT_EXTISUPPORT to capab.h
- Add FEAT_CAP_draft_extended_isupport feature flag (default: TRUE)
- Add MSG_ISUPPORT/TOK_ISUPPORT/CMD_ISUPPORT to msg.h
- Add m_isupport declaration to handlers.h
- Create new ircd/m_isupport.c command handler
- Register ISUPPORT command in parse.c with MFLG_UNREG
- Add m_isupport.c to Makefile.in

The handler reuses send_supported() from s_user.c. Requires the
draft/extended-isupport capability to be negotiated; otherwise
returns ERR_UNKNOWNCOMMAND.

Spec: https://ircv3.net/specs/extensions/extended-isupport

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements IRCv3 draft/pre-away extension which allows clients to set
their away status before completing connection registration. Useful for
bouncers and mobile clients that connect in the background.

Changes:
- Added CAP_DRAFT_PREAWAY to capab.h
- Added FEAT_CAP_draft_pre_away feature flag (default: TRUE)
- Added con_pre_away and con_pre_away_msg fields to Connection struct
- Added mu_away handler for unregistered clients
- Apply pre-away state in register_user() after connection completes
- AWAY * sets away without message (hidden connection - not broadcast)
- Normal AWAY :message is broadcast to servers after registration

Specification: https://ircv3.net/specs/extensions/pre-away

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement the draft/multiline IRCv3 extension which allows clients to
send multi-line messages as a single unit, solving the code pasting
problem that drives users to Discord/Slack/Matrix.

Features:
- Capability with dynamic value: draft/multiline=max-bytes=4096,max-lines=24
- Client BATCH command handling for draft/multiline type
- Message collection with @Batch= tag interception in PRIVMSG
- Support for draft/multiline-concat tag for line joining
- Batch delivery to supporting clients with proper tags
- Fallback delivery as individual messages for non-supporting clients
- Echo-message support for multiline batches
- IRCv3 standard-replies (FAIL) for error handling
- Configurable limits via MULTILINE_MAX_BYTES and MULTILINE_MAX_LINES

Files modified:
- include/capab.h: Added CAP_DRAFT_MULTILINE
- include/ircd_features.h/c: Added multiline feature flags
- include/client.h: Added batch state fields to Connection struct
- include/handlers.h: Added m_batch declaration
- ircd/m_cap.c: Added capability with dynamic value generation
- ircd/parse.c: Added @Batch and draft/multiline-concat tag parsing
- ircd/m_batch.c: Added client batch handler and delivery logic
- ircd/m_privmsg.c: Added batch interception for multiline messages

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Adds native WebSocket (RFC 6455) support directly in Nefarious, achieving
feature parity with Ergo, InspIRCd, and UnrealIRCd for browser-based clients.

Implementation details:
- New websocket.c with handshake, frame encode/decode functions
- Supports binary.ircv3.net and text.ircv3.net subprotocols
- Integrates with existing event loop (no threading required)
- Uses OpenSSL for SHA1/Base64 (no new dependencies)
- Works with existing SSL/TLS infrastructure
- Gated by FEAT_DRAFT_WEBSOCKET feature flag (enabled by default)

Configuration:
  Port { port = 8080; websocket = yes; ssl = yes; };

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add Makefile dependency rules for files added during the IRCv3 upgrade:
- m_batch.o (draft/multiline)
- m_isupport.o (draft/extended-isupport)
- m_setname.o (setname capability)
- m_tagmsg.o (message-tags)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements IRCv3 draft/chathistory extension for message history:
- LMDB backend for zero-copy reads and MVCC concurrency
- All CHATHISTORY subcommands: LATEST, BEFORE, AFTER, AROUND, BETWEEN, TARGETS
- Channel message storage (enabled by default)
- Private message storage (opt-in via CHATHISTORY_PRIVATE feature)
- Message reference formats: timestamp= and msgid=
- Proper batch responses with server-time and msgid tags
- ISUPPORT tokens: CHATHISTORY, MSGREFTYPES

Configuration:
  CAP_draft_chathistory = TRUE     # Enable capability
  CHATHISTORY_MAX = 100            # Max messages per query
  CHATHISTORY_DB = "history"       # LMDB database directory
  CHATHISTORY_PRIVATE = FALSE      # Enable DM history

Build requires: liblmdb-dev (--with-lmdb or --disable-lmdb)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add REDACT command (P10 token: RD) for message deletion
- Integrate with LMDB chathistory for message lookup/deletion
- Authorization: own messages (time-limited), chanops, opers
- Configurable time windows: REDACT_WINDOW (300s default), REDACT_OPER_WINDOW
- Disabled by default (draft spec) - enable with CAP_draft_message_redaction
- Propagate to channel members with capability and to other servers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement IRCv3 draft/account-registration extension for direct account
registration via IRC protocol. Uses XQUERY/XREPLY as fallback mechanism
for backward compatibility with older X3 versions.

New commands:
- REGISTER <account> <email|*> <password> - Register an account
- VERIFY <account> <code> - Verify registration with code
- REGREPLY (S2S) - Response from services

P10 tokens: RG (REGISTER), VF (VERIFY), RR (REGREPLY)

Feature flag CAP_draft_account_registration disabled by default since
this is a draft specification.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add batch timeout handling per IRCv3 client-batch specification:

- Add con_ml_batch_start timestamp to track when batch started
- Add FEAT_CLIENT_BATCH_TIMEOUT (default 30 seconds)
- Add check_client_batch_timeout() called from check_pings()
- Send FAIL BATCH TIMEOUT when batch exceeds timeout

When a client opens a batch and doesn't close it within the timeout,
the server sends FAIL BATCH TIMEOUT and discards collected messages.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add stats reporting functions for both subsystems accessible via
/STATS chathistory and /STATS metadata (oper-only, word-based access).

CHATHISTORY stats include:
- LMDB backend availability and status
- Database map size
- Entry counts for messages, msgid index, targets, and read markers
- B-tree depth information

METADATA stats include:
- LMDB backend availability and status
- Account metadata database entry count
- X3 services availability status
- Write queue pending count
- MDQ request pending count

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements cache expiry for metadata stored in LMDB to prevent stale
entries from accumulating indefinitely.

Changes:
- Add FEAT_METADATA_CACHE_TTL (default: 4 hours) and
  FEAT_METADATA_PURGE_FREQUENCY (default: 1 hour) feature flags
- Modify LMDB storage format to include timestamp: T<timestamp>|<value>
- Check TTL on read in metadata_account_get() - expired entries return
  "not found"
- Add metadata_account_purge_expired() to periodically clean stale entries
- Add metadata_purge_timer in ircd.c for automatic periodic purging
- Backwards compatible: legacy entries without TTL prefix still work

This complements X3's authoritative metadata TTL handling by ensuring
Nefarious's cache doesn't retain stale entries indefinitely.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add all CMocka test binaries to .gitignore:
- ircd_chattr_cmocka, ircd_string_cmocka, numnicks_cmocka
- ircd_in_addr_cmocka, ircd_compress_cmocka, ircd_cloaking_cmocka
- dbuf_cmocka, ircd_crypt_cmocka, crule_cmocka
- history_cmocka, dnsbl_cmocka, ircd_match_cmocka

Also ignore Makefile.in.tmp and *.o object files.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implement configurable consent modes for private message history storage:
- FEAT_CHATHISTORY_PRIVATE_CONSENT: Controls consent model
  - 0 = Global (store unless either party opts out)
  - 1 = Single-party (store if either opts in, opt-out overrides)
  - 2 = Multi-party (store only if both opt in) - DEFAULT
- FEAT_CHATHISTORY_ADVERTISE_PM: Include pm= in capability value
- FEAT_CHATHISTORY_PM_NOTICE: Send policy notice on connect

Users control preference via METADATA:
  METADATA * SET chathistory.pm * :1  (opt-in)
  METADATA * SET chathistory.pm * :0  (opt-out)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When a client doesn't have the standard-replies capability enabled,
the server now falls back to traditional IRC numerics or NOTICE:

- NEED_MORE_PARAMS -> 461 numeric (ERR_NEEDMOREPARAMS)
- ALREADY_AUTHENTICATED -> 462 numeric (ERR_ALREADYREGISTRED)
- Other codes -> NOTICE with FAIL/WARN/NOTE prefix

Also exports generate_msgid() for use by m_batch.c.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Touch ircd.pem before make install to skip the interactive SSL certificate
generator, then remove it so the entrypoint can generate a fresh one.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When clients support message-tags capability, include proper msgid and
server-time tags in each PRIVMSG within a multiline batch. This ensures
messages can be properly tracked and stored in chat history.

- Add format_time_tag() helper for ISO 8601 timestamps
- Generate unique msgid for each message in the batch
- Conditionally include tags based on CAP_MSGTAGS capability
- Apply to channel messages, echo messages, and private messages

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add normalize_pm_target() function to handle PM history lookups per
the IRCv3 spec where clients can query with just a nickname rather
than the full nick1:nick2 format.

- Parse both plain nick and nick:nick format inputs
- Validate sender is party to the conversation
- Sort nicks alphabetically for consistent LMDB key lookup
- Update check_history_access() to return normalized target

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…nfig

Update base.conf-dist to enable:
- draft/chathistory and draft/metadata-2 capabilities
- PM chathistory with multi-party consent mode (both users must opt in)
- Policy notice on connect informing users about PM logging
- Disable fakelag for testing (fakelagminimum=0, fakelagfactor=0)

Add ircd.conf that includes base.conf, local.conf, and linesync.conf.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add per-connection WebSocket state buffers in client.h:
  - con_ws_frame_buf/len for partial frame buffering
  - con_ws_frag_buf/len/opcode for fragment reassembly
- Update websocket_decode_frame() to return FIN bit status via is_fin param
- Fix SSL_write usage in handshake response
- Add partial frame recovery in s_bsd.c read_packet()
- Add message fragment reassembly for FIN=0 frames
- Initialize WebSocket state in list.c make_connection()
- Clear WebSocket state in packet.c on connection close

This enables proper handling of:
- TCP reads that split WebSocket frames mid-frame
- Fragmented WebSocket messages (multiple frames with FIN=0)
- Interleaved control frames during fragmentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…quests

Don't send Sec-WebSocket-Protocol header unless the client included
one in the handshake request. This completes full RFC 6455 compliance.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add FEAT_TCP_NODELAY_C2S and FEAT_TCP_NODELAY_S2S feature flags to
optionally disable Nagle's algorithm on client and server connections
for lower latency messaging. Both default to FALSE.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add cli_saslstart timestamp field for FD reuse protection
- Reject stale SASL responses older than FEAT_SASL_TIMEOUT
- Reorder metadata loading before account flag in m_sasl.c and m_account.c
- Add error logging for silent failures:
  - Token prefix mismatch (debug)
  - Malformed tokens (protocol_violation)
  - Cookie mismatches (debug)
  - Agent mismatches (warning)
  - metadata_load_account() failures (debug)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Prevents use-after-free when SASL agent server disconnects during auth:
- Validate sender is not dead before storing as agent in ms_sasl()
- Check IsDead() before using agent in abort_sasl()
- Auto-recover to new agent if existing agent becomes dead
- Validate agent in m_authenticate() with fallback to find new agent

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

When the SASL agent server (X3) disconnects, immediately abort all
pending SASL sessions instead of letting them wait for SASL_TIMEOUT.
This provides faster feedback to clients during netsplits or services
restarts.

Changes:
- Modified free_client() to call abort_sasl() for each session using
  the disconnecting server as its agent
- Clients receive ERR_SASLFAIL immediately instead of waiting 90s
- Logs summary count of aborted sessions at INFO level
- Rate-limits DEBUG logging to avoid spam during large netsplits

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Implements comprehensive flood protection for IRCv3 draft/multiline batches
to prevent abuse while still rewarding legitimate multiline usage.

## Multiline Lag Discounting

Instead of applying fake lag immediately for each PRIVMSG in a batch,
lag is accumulated during the batch and applied with a configurable
discount when the batch ends. This recognizes that batched messages are
transmitted simultaneously per the IRCv3 multiline spec.

New features:
- MULTILINE_LAG_DISCOUNT (default 50): Percentage of lag applied for DMs
  - 100 = full lag (no benefit to multiline)
  - 50 = 50% lag (default - rewards multiline while preventing abuse)
  - 0 = no lag (dangerous - allows unlimited flooding)
- MULTILINE_CHANNEL_LAG_DISCOUNT (default 75): Higher discount for channels
  since they affect more users
- MULTILINE_MAX_LAG (default 30): Cap on accumulated lag to prevent
  extremely long batches from building massive lag debt
- MULTILINE_RECIPIENT_DISCOUNT (default TRUE): If all recipients support
  draft/multiline (no fallback needed), halve the discount percentage

## Batch Rate Limiting

- BATCH_RATE_LIMIT (default 10): Maximum batches per minute per client
- Returns FAIL BATCH RATE_LIMIT_EXCEEDED when exceeded

## WebSocket Buffer Limit

- WEBSOCKET_RECVQ (default 8192): Configurable recvq for WebSocket clients
  (typically higher than regular clients since WS frames bundle multiple lines)

## Connection Tracking

New fields in struct Connection:
- con_ml_lag_accum: Accumulated lag during batch
- con_batch_minute: Start of rate limit window
- con_batch_count: Batches in current window
- con_ml_had_fallback: Whether batch needed recipient fallback

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes a race condition where fed_request could be freed while still
referenced by the timer callback. Changes:

- Add `response_sent` flag to prevent double-send if timer fires
  after response was already sent via another code path
- Rename `complete_fed_request()` to `send_fed_response()` to clarify
  that it sends the response but does NOT free the request
- Let timer destroy event handle all request cleanup consistently
- Check `response_sent` early to avoid processing already-handled requests

This prevents potential crashes when federation responses arrive just
as the timeout timer fires.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Adds modern password hashing using OpenSSL 3.0+ EVP_KDF API:
- PBKDF2-SHA256: $PBKDF2$iterations$salt$hash
- PBKDF2-SHA512: $PBKDF2-SHA512$iterations$salt$hash

Parameters:
- 100,000 iterations (OWASP 2023 minimum)
- 16-byte random salt
- Constant-time comparison via CRYPTO_memcmp

Compatible with Keycloak credential import format.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Certificate Expiry Tracking:
- Add ssl_get_cert_expiry() to extract certificate expiration from X509
- Add cli_sslcliexp field to client struct for storing expiry timestamp
- Add FEAT_CERT_EXPIRY_TRACKING feature flag (default: enabled)
- Add MARK_SSLCLIEXP P10 mark type for propagating expiry to services
- Extract expiry at all TLS handshake points (s_bsd.c, m_starttls.c, ssl.c)
- Send expiry via P10 MARK SSLCLIEXP to services (s_user.c, s_serv.c)
- Handle incoming SSLCLIEXP mark in m_mark.c
- Add IAuth SSLCLIEXP handler in s_auth.c

WebSocket Origin Validation:
- Add FEAT_WEBSOCKET_ORIGIN feature flag (string, default: empty)
- Parse Origin header in WebSocket handshake
- Add validate_ws_origin() for pattern matching (exact and wildcard *.domain)
- Return HTTP 403 Forbidden for invalid origins
- Empty string allows all origins, non-empty restricts to listed patterns

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…ture flags

Phase 1.3: Standard-replies WARN notification
- Add fallback_count tracking in process_multiline_batch()
- Send WARN BATCH MULTILINE_FALLBACK to senders when truncation occurs
- Uses existing send_warn() function from standard-replies implementation

Phase 2: +M user mode for legacy users
- Add FLAG_MULTILINE_EXPAND to client.h
- Add 'M' to userModeList in s_user.c
- Add 'M' to infousermodes for ISUPPORT advertisement
- Legacy users with +M receive full expansion (no truncation)

Phase 3A preparation: Storage feature flags
- FEAT_MULTILINE_STORAGE_ENABLED (default: FALSE)
- FEAT_MULTILINE_STORAGE_TTL (default: 3600)
- FEAT_MULTILINE_STORAGE_MAX (default: 10000)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add in-memory storage for truncated multiline messages that allows legacy
clients to retrieve full content via /join &ml-<msgid>:

- ml_storage.h/c: Hash table storage with TTL-based expiry
  - Store/retrieve multiline content by msgid
  - Automatic expiry via timer callback (every 5 minutes)
  - Memory-bounded by FEAT_MULTILINE_STORAGE_MAX entries
  - Statistics tracking for /stats debug output

- m_join.c: Virtual channel interception
  - Intercepts /join &ml-* before normal channel processing
  - Delivers stored content as NOTICEs without creating actual channel
  - Returns ERR_NOSUCHCHANNEL if storage disabled or msgid not found

- m_batch.c: Integration with legacy fallback
  - Store full content when truncating for legacy clients
  - Provide /join &ml-<msgid> hint in truncation notice
  - Falls back to HistServ FETCH hint if storage disabled

- ircd.c: Timer and initialization
  - Initialize ml_storage at startup
  - Register periodic timer for expiry cleanup

This completes Phase 3A of the multiline legacy fallback improvements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Previously used a 3-tier graduated truncation approach:
- Small batches (≤3 lines): send all, no notice
- Medium batches (4-10 lines): truncate, "upgrade client" notice only
- Large batches (11+ lines): truncate, notice with retrieval hint

This was inconsistent - if we're truncating, users should always know
how to retrieve the full content. Simplified to 2-tier approach:
- Small batches (≤threshold): send all, no notice
- Larger batches (>threshold): truncate to max_lines, retrieval hint

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…e messages

New truncation strategy for legacy clients:
- Small (1-5 lines): Send all lines, no notice
- Medium (6-10 lines): Send 4 lines + "[X more lines - ...]"
- Large (11+ lines): No preview, just "[Multiline message (X lines) - ...]"

The large batch message format makes it clear this is a complete multiline
message that needs to be fetched, rather than a partial preview.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Store the label from BATCH +id so that when multiline truncation occurs,
the WARN notification can include the original command's label for proper
client-side correlation.

Changes:
- Add con_ml_label field to Connection struct in client.h
- Add send_standard_reply_ex() and send_warn_with_label() to send.c
- Save label on BATCH +id, clear on BATCH -id in m_batch.c
- Use saved label when sending MULTILINE_FALLBACK WARN

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add send_multiline_fallback() helper to consolidate truncation logic
- Implement 4-tier graceful fallback chain:
  1. Native chathistory (CHATHISTORY AROUND msgid)
  2. HistServ available (/msg HistServ FETCH)
  3. Local &ml- storage (zero dependencies)
- Make preview budget configurable via FEAT_MULTILINE_LEGACY_MAX_LINES

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Phase 6a - WEBIRC Async:
- Add FLAG_WEBIRC_PENDING client flag with Is/Set/Clear macros
- Add find_webirc_conf_by_host() helper for host-only matching
- Refactor m_webirc.c with async password verification support
- Extract apply_webirc_changes() helper for IP/host rewrite logic
- Add webirc_verify_ctx struct and webirc_password_verified() callback

Phase 6b - SpoofHost Async:
- Add FLAG_SETHOST_PENDING client flag with Is/Set/Clear macros
- Add find_shost_conf_by_host() helper for hostmask-only matching
- Add async support to both m_sethost() and mo_sethost() handlers
- Add sethost_verify_ctx struct and sethost_password_verified() callback
- Extract apply_sethost_changes() helper for spoofhost application

Both implementations:
- Use fd-based client lookup for callback reconnection
- Check pending flags to verify same client after async completes
- Fall back to synchronous verification if async fails to start
- Respect IAuth delegation for WEBIRC before local verification

This completes the async rework plan - all ircd_crypt() password
verification paths now support non-blocking operation via thread pool.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>