Pre-audit internal hardening · attack surface reduced.
Security
Closed a ratchet message-key reuse window under fast successive sends.
Security
Closed a TOCTOU on the SecureString constant-time compare.
Changed
Argon2id parameters increased: m_cost 32 MiB → 64 MiB, t_cost 2 → 3.
Added
Hardened the release build pipeline; artefacts are now signed with SHA-256 + ML-DSA-65.
Added
Sealed-sender disambiguation: relay no longer sees recipient timing patterns.
Fixed
Fixed a disappearing-message race that could skip the prekey wipe.
Removed
Dev-mode verbose envelope error log (was leaking envelope size in debug builds).