What we are working on
Active issues for the SecureChat public beta. Items that have been resolved are kept below the active list for one cycle so beta users can see what changed.
The relay and the iOS app have been hardened and the production-hardening story is in place (HTTPS-only, auth, signed envelopes, replay protection, rate limit, storage cap), but an independent security audit has not yet been performed. The SECURITY.md file calls this out explicitly. We recommend that high-assurance use cases wait for an audit before deploying.
planned workstream: audit & assurance
The current public beta supports one iOS device per identity. If you install on a second device, the iOS Keychain will generate a new Curve25519 keypair and your historical messages will not be visible (they live in the on-device encrypted store). Multi-device sync requires a server-side mailbox; that workstream is tracked separately.
planned
Items below were marked resolved in the current build. They are retained here for one cycle so beta users can see what changed. For the canonical changelog, see CHANGELOG.md.
/health leaked operational knobs
Resolved. The public /healthz endpoint now returns
only {status, uptimeSeconds, version}. The detailed
health response (store type, max packet bytes, auth-required
flag, etc.) moved to the operator-only
/healthz/internal endpoint, gated by
X-Securechat-Ops-Token. The legacy
/health route is retained for internal use.
chatsecure.ddns.net and any other pre-public-beta
hostname now respond with 308 Permanent Redirect to
https://securechat.team{uri}. The DNS A record was
removed at the registrar; verified NXDOMAIN on 22 June 2026
against 8.8.8.8, the server's local resolver, and the build
host. See the
CURRENT-ENDPOINTS.md
file for the canonical legacy-host list.