Initial commit — encrypted chat server + Python clients (v0.8.5)

E2E encrypted chat (X3DH + Double Ratchet, Signal Protocol).
Server: asyncio TCP + TLS, MySQL. Clients: PyQt6 GUI + CLI.
Secrets (.env, TLS keys, Cloudflare token), runtime data and
mobile clients (separate repos) are gitignored.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

Dockerfile

@@ -0,0 +1,44 @@
+# Encrypted Chat Server — Docker image
+# Builds only the server-side components (server.py, db.py, crypto_utils.py, protocol.py)
+# GUI/iOS client files are not included.
+
+FROM python:3.12-slim
+
+# Install system deps needed by pyzbar (libzbar) and Pillow
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libzbar0 \
+    libjpeg62-turbo \
+    libpng16-16 \
+    default-libmysqlclient-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Install Python deps — separate layer so code changes don't bust the cache
+COPY requirements.txt .
+# Install server-only deps (skip PyQt6, pyzbar, qrcode — not needed server-side)
+RUN pip install --no-cache-dir \
+    cryptography \
+    "mysql-connector-python>=8.3.0" \
+    "python-dotenv>=1.0.0" \
+    "Pillow>=10.0.0"
+
+# Copy server source files
+COPY server.py db.py crypto_utils.py protocol.py schema.sql ./
+
+# Optional: copy .env if it exists (overridden at runtime via env vars or mounted file)
+# COPY .env .
+
+# Create uploads directory
+RUN mkdir -p /app/uploads && chmod 700 /app/uploads
+
+# Expose the default server port
+EXPOSE 5000
+
+# Health check: attempt TCP connection to the server port
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+    CMD python -c "import socket,sys; s=socket.socket(); s.settimeout(3); s.connect(('localhost', int(__import__('os').getenv('SERVER_PORT','5000')))); s.close()" || exit 1
+
+ENV PYTHONUNBUFFERED=1
+
+CMD ["python", "server.py"]