Code Architecture
A Rust core with platform-native shells.
Design Philosophy
RVNT follows a strict architecture principle: all security-critical code lives in Rust. The cryptographic primitives, the Double Ratchet, the sealed sender, the key management, the storage encryption -- all of it is implemented in Rust, compiled once, and shared across every platform. The UI layers (desktop and mobile) are thin shells that call into the Rust core via FFI. This ensures that there is exactly one implementation of the security-critical path, regardless of platform.
┌─────────────────────────────────────────────────────────┐
│ PLATFORM LAYER │
│ │
│ ┌───────────┐ ┌────────────┐ ┌────────────────────┐ │
│ │ Desktop │ │ iOS │ │ Android │ │
│ │ Tauri + │ │ React │ │ React │ │
│ │ React │ │ Native │ │ Native │ │
│ └─────┬─────┘ └─────┬──────┘ └──────┬─────────────┘ │
│ │ │ │ │
│ ┌─────▼───────────────▼────────────────▼─────────────┐ │
│ │ rvnt-ffi │ │
│ │ C ABI / UniFFI bindings │ │
│ └─────────────────────┬──────────────────────────────┘ │
└────────────────────────┼────────────────────────────────┘
│
┌────────────────────────▼────────────────────────────────┐
│ RUST CORE │
│ │
│ ┌────────────┐ ┌────────────┐ ┌──────────────────┐ │
│ │ rvnt-crypto│ │rvnt-network│ │ rvnt-storage │ │
│ │ │ │ │ │ │ │
│ │ X3DH │ │ libp2p │ │ SQLCipher │ │
│ │ Ratchet │ │ Tor (arti) │ │ Key-value store │ │
│ │ Sealed │ │ Mesh │ │ Media cache │ │
│ │ ML-KEM │ │ DHT │ │ │ │
│ └────────────┘ └────────────┘ └──────────────────┘ │
│ │
│ ┌────────────┐ ┌────────────┐ ┌──────────────────┐ │
│ │rvnt-identity│ │rvnt-protocol│ │ rvnt-wallet │ │
│ │ │ │ │ │ │ │
│ │ Key mgmt │ │ Message │ │ Lightning (LDK) │ │
│ │ PIN/auth │ │ serializer │ │ On-chain (SPV) │ │
│ │ Panic mode │ │ Status │ │ Key derivation │ │
│ │ Biometric │ │ Typing │ │ │ │
│ └────────────┘ └────────────┘ └──────────────────┘ │
└─────────────────────────────────────────────────────────┘
Rust Workspace Structure
rvnt/
├── Cargo.toml # Workspace root
├── Cargo.lock # Locked dependencies
│
├── crates/
│ ├── rvnt-crypto/ # Cryptographic primitives and protocols
│ ├── rvnt-network/ # Networking (libp2p, Tor, mesh)
│ ├── rvnt-storage/ # Encrypted local storage
│ ├── rvnt-identity/ # Identity management, PIN, panic mode
│ ├── rvnt-protocol/ # Message format, serialization, status
│ ├── rvnt-wallet/ # Lightning Network wallet
│ └── rvnt-ffi/ # FFI bindings for desktop and mobile
│
├── desktop/ # Tauri + React desktop application
│ ├── src-tauri/ # Tauri backend (Rust, calls rvnt-ffi)
│ ├── src/ # React frontend
│ └── package.json
│
├── mobile/ # React Native mobile application
│ ├── ios/ # iOS-specific native code
│ ├── android/ # Android-specific native code
│ ├── src/ # React Native shared UI
│ └── package.json
│
├── server/ # Identity server
│ ├── src/ # Axum web server
│ └── Cargo.toml
│
├── proofs/ # Formal verification (ProVerif)
│ ├── x3dh.pv
│ ├── ratchet.pv
│ └── sealed_sender.pv
│
└── tests/ # Integration and fuzz tests
├── integration/
└── fuzz/Crate Responsibilities
rvnt-crypto
The cryptographic foundation. Every cryptographic operation in RVNT goes through this crate. No other crate directly calls cryptographic primitives.
rvnt-crypto/
├── src/
│ ├── x3dh.rs # Hybrid X3DH key exchange
│ ├── ratchet.rs # Double Ratchet implementation
│ ├── sealed_sender.rs # Sealed sender envelope
│ ├── keys.rs # Key types, generation, serialization
│ ├── kdf.rs # HKDF, HMAC-SHA256 wrappers
│ ├── aead.rs # AES-256-GCM encrypt/decrypt
│ ├── pq_kem.rs # ML-KEM-768 wrapper
│ ├── signature.rs # Ed25519 signing/verification
│ ├── hash.rs # BLAKE3, SHA-256 wrappers
│ └── zeroize.rs # Secure memory zeroing utilities
│
├── tests/
│ ├── x3dh_tests.rs # Key exchange test vectors
│ ├── ratchet_tests.rs # Ratchet state machine tests
│ ├── sealed_sender_tests.rs
│ └── interop_tests.rs # Cross-platform compatibility
│
└── Cargo.toml
Dependencies:
x25519-dalek, ed25519-dalek, aes-gcm,
hkdf, sha2, ml-kem, blake3, zeroize, randrvnt-network
All networking code. Handles peer discovery, connection management, Tor integration, and mesh networking.
rvnt-network/
├── src/
│ ├── transport.rs # libp2p transport configuration
│ ├── discovery.rs # Peer discovery (mDNS, DNS-SD, DHT)
│ ├── tor.rs # arti-client integration
│ ├── mesh.rs # Bluetooth/WiFi mesh layer
│ ├── mixnet.rs # Batch shuffling, cover traffic
│ ├── connection.rs # Connection lifecycle management
│ └── protocol.rs # libp2p protocol handler
│
└── Cargo.toml
Dependencies:
libp2p, arti-client, tokio, quinn (QUIC)rvnt-storage
Encrypted local storage. Wraps SQLCipher and manages the media cache.
rvnt-storage/
├── src/
│ ├── database.rs # SQLCipher database wrapper
│ ├── schema.rs # Database schema and migrations
│ ├── messages.rs # Message CRUD operations
│ ├── contacts.rs # Contact storage
│ ├── sessions.rs # Ratchet session state persistence
│ ├── prekeys.rs # Prekey storage and management
│ ├── media_cache.rs # Encrypted media file cache
│ └── backup.rs # Local backup creation
│
└── Cargo.toml
Dependencies:
sqlcipher (via rusqlite), serde, protobufrvnt-identity
Identity management, authentication, and emergency data destruction.
rvnt-identity/
├── src/
│ ├── identity.rs # Identity keypair management
│ ├── pin.rs # Argon2id key derivation
│ ├── duress.rs # Duress PIN and decoy state
│ ├── panic.rs # Panic mode destruction sequence
│ ├── biometric.rs # Secure Enclave / StrongBox integration
│ ├── lockout.rs # Lockout escalation
│ └── travel_mode.rs # Travel mode (conversation hiding)
│
└── Cargo.toml
Dependencies:
argon2, security-framework (macOS),
keystore (Android), zeroizervnt-protocol
Message format definitions, serialization, and status tracking.
rvnt-protocol/
├── src/
│ ├── message.rs # Message types and serialization
│ ├── status.rs # Message status state machine
│ ├── typing.rs # Typing indicator protocol
│ ├── presence.rs # Online status management
│ ├── file.rs # File transfer protocol
│ └── payment.rs # Payment message types
│
├── proto/
│ ├── message.proto # Protobuf message definitions
│ └── status.proto # Protobuf status definitions
│
└── Cargo.toml
Dependencies:
prost (protobuf), zstd (compression)rvnt-wallet
Lightning Network wallet implementation using LDK.
rvnt-wallet/
├── src/
│ ├── wallet.rs # Wallet state and balance
│ ├── channels.rs # Lightning channel management
│ ├── payments.rs # Send/receive payment logic
│ ├── invoice.rs # BOLT 11 invoice generation/parsing
│ ├── onchain.rs # On-chain operations (funding, closing)
│ └── keys.rs # BIP-32 key derivation from identity
│
└── Cargo.toml
Dependencies:
ldk (lightning), bdk (bitcoin-dev-kit)rvnt-ffi
Foreign Function Interface layer. Exposes the Rust core to desktop (Tauri) and mobile (React Native) platforms.
rvnt-ffi/
├── src/
│ ├── lib.rs # UniFFI interface definitions
│ ├── api.rs # High-level API surface
│ ├── callbacks.rs # Event callbacks to UI layer
│ ├── types.rs # FFI-safe type conversions
│ └── error.rs # Error type mapping
│
├── uniffi.toml # UniFFI configuration
│
└── Cargo.toml
Dependencies:
uniffi, rvnt-crypto, rvnt-network,
rvnt-storage, rvnt-identity, rvnt-protocol, rvnt-wallet
Generated bindings:
Swift: mobile/ios/RvntCore.swift
Kotlin: mobile/android/RvntCore.kt
TypeScript: (via Tauri command system, not direct FFI)Dependency Graph
rvnt-ffi
├── rvnt-protocol
│ ├── rvnt-crypto
│ └── (prost, zstd)
├── rvnt-network
│ ├── rvnt-crypto
│ └── (libp2p, arti-client, tokio)
├── rvnt-storage
│ ├── rvnt-crypto
│ └── (rusqlite/sqlcipher)
├── rvnt-identity
│ ├── rvnt-crypto
│ ├── rvnt-storage
│ └── (argon2, security-framework)
└── rvnt-wallet
├── rvnt-crypto
└── (ldk, bdk)
Key dependency: rvnt-crypto is the foundation.
Every other crate depends on it.
No circular dependencies.
Desktop App (Tauri)
Desktop architecture:
React UI (TypeScript)
│
│ Tauri IPC (invoke/listen)
│ JSON serialized commands
│
Tauri Backend (Rust)
│
│ Direct Rust function calls
│
rvnt-ffi → rvnt-* crates
Tauri commands (subset):
send_message(conversation_id, content)
fetch_messages(conversation_id, limit, offset)
create_identity(username, pin)
add_contact(username_or_qr_data)
verify_safety_number(contact_id)
send_payment(contact_id, amount_sats, memo)
activate_panic_mode()
set_duress_pin(pin)
export_identity(pin)
Build:
cargo tauri build # Produces .dmg (macOS), .deb/.AppImage (Linux), .msi (Windows)Mobile App (React Native)
Mobile architecture:
React Native UI (TypeScript)
│
│ Native Module bridge
│ (NativeModules.RvntCore.methodName)
│
Native Module (Swift / Kotlin)
│
│ UniFFI generated bindings
│
rvnt-ffi (compiled as .xcframework / .so)
iOS build:
cargo build --target aarch64-apple-ios --release
# Produces librvnt_ffi.a → packaged into RvntCore.xcframework
Android build:
cargo ndk --target aarch64-linux-android --platform 34 build --release
# Produces librvnt_ffi.so → packaged into jniLibs/arm64-v8a/
React Native bridge:
// iOS: RvntCoreModule.swift (calls UniFFI-generated Swift bindings)
// Android: RvntCoreModule.kt (calls UniFFI-generated Kotlin bindings)Testing Strategy
Test layers:
Unit tests: cargo test (per crate)
Integration: tests/integration/ (cross-crate scenarios)
Fuzz testing: tests/fuzz/ (cargo-fuzz, 500M+ iterations)
Property testing: proptest (randomized invariant checking)
Formal proofs: proofs/ (ProVerif models)
Current coverage:
rvnt-crypto: ~92% line coverage
rvnt-protocol: ~88% line coverage
rvnt-identity: ~85% line coverage
Overall: ~87% line coverage
CI pipeline:
1. cargo fmt --check (formatting)
2. cargo clippy (linting)
3. cargo test (all crates)
4. cargo test --release (release mode)
5. cargo fuzz (continuous, time-boxed)
6. cargo audit (dependency vulnerability scan)
7. cargo deny (license compliance)Further Reading
- Build from Source -- How to compile RVNT yourself
- Contributing -- How to contribute to the codebase
- Protocol Specification -- The protocol that rvnt-crypto implements