kairos-chain 1.2.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2834b5612757f30db6560b41adf143d4e18f8572987166a28f81b90d1f23b3a
-  data.tar.gz: 741d6390da778d41026152fa88ada7bffa07040b46735c29023d60f8faf14055
+  metadata.gz: 5fd71b1e5a02a3c56628d6af5a0e45eba34b8e345c44d82dd58be023e8eb9f2e
+  data.tar.gz: d8f57a9f80bd3338d7c329aca088b6f0185da9c21f4558c4fabab8c571e54872
 SHA512:
-  metadata.gz: 3fe3cf41ca2c8a8aa2a5f002fdd100e0132c735379e6314126acf54efe2dfe8c0e36781685082da50cd6b40f1f85168727c0f62c25bbd01a438333aa8cb66109
-  data.tar.gz: c1ced9c462f17451916b52f92da40b93423977642424c1742e06c3a189712b6d1da2a44898c7d532307013b0147e2ac2d6771bb4a88b79bf5fa64e4162c9e9a2
+  metadata.gz: 3aa8ae7abfdbbf2c7353ab223cf2b1ed472225ce636c6ce698fb8c899d10d74347cbccbf0163c7e4775228496ff5ba75afcc7728e764cda0615f676979a03783
+  data.tar.gz: 30eebdc840a2c65c8321bacd9610899fc89d15c47ee86dd4912db619ca3ad6405ca1fa6f15ef8d14efea5791e01061ff20b7ea82233841a63e97495c1851fd63

data/CHANGELOG.md

@@ -0,0 +1,146 @@
+# Changelog
+
+All notable changes to the `kairos-chain` gem will be documented in this file.
+
+This project follows [Semantic Versioning](https://semver.org/).
+
+## [2.0.1] - 2026-02-23
+
+### Added
+
+- **MCP Instructions**: `instructions` field in `initialize` response delivers
+  KairosChain philosophy or quick guide to LLM on connection
+  - `instructions_mode` config: `developer` (full kairos.md), `user` (quick guide), `none`
+  - New template: `kairos_quickguide.md` — concise user-facing operational guide
+- **L0-A Philosophy**: Added PHILOSOPHY-001 (Generative Principle) and
+  PHILOSOPHY-005 (Five Propositions) to `kairos.md`
+- **Agent Instruction Sync**: `scripts/sync_agent_instructions.sh` syncs CLAUDE.md
+  to `.cursor/rules/kairos.mdc` for Cursor IDE support
+- **Test**: Initialize instructions test (Test 0) in `test_local.rb`
+
+## [2.0.0] - 2026-02-23
+
+### Breaking Changes
+
+- **HestiaChain Meeting Place Server**: New `/place/v1/*` HTTP endpoints require
+  the `hestia` SkillSet to be installed. Existing MMP P2P endpoints (`/meeting/v1/*`)
+  are unchanged.
+- **SkillSet versioning**: `depends_on` now supports semantic version constraints
+  (e.g., `{name: "mmp", version: ">= 1.0.0"}`). Old array format still accepted.
+
+### Added
+
+- **Phase 4.pre**: Authentication and hardening for HTTP server
+  - Admin token rotation via `token_manage` tool
+  - Session-based authentication for P2P endpoints
+- **Phase 4A**: HestiaChain Foundation — Self-contained SkillSet + DEE Protocol
+  - `Hestia::Chain::Core` (Anchor, Client, Config, BatchProcessor)
+  - `Hestia::Chain::Backend` (InMemory stage 0, PrivateJSON stage 1)
+  - `Hestia::Chain::Protocol` (DEE types, PhilosophyDeclaration, ObservationLog)
+  - `Hestia::Chain::Integrations::MeetingProtocol`
+  - `Hestia::HestiaChainAdapter` implementing `MMP::ChainAdapter`
+  - `Hestia::ChainMigrator` with stage-gate migration (0→1)
+  - MCP tools: `chain_migrate_status`, `chain_migrate_execute`,
+    `philosophy_anchor`, `record_observation`
+  - 77 new test assertions
+- **Phase 4B**: Meeting Place Server
+  - `Hestia::AgentRegistry` — JSON-persisted, Mutex thread-safe, self_register
+  - `Hestia::SkillBoard` — Random sampling (DEE D3: no ranking)
+  - `Hestia::HeartbeatManager` — TTL-based fadeout with ObservationLog recording
+  - `Hestia::PlaceRouter` — Rack-compatible HTTP routing for `/place/v1/*`
+  - HTTP endpoints: `/place/v1/info`, `register`, `unregister`, `agents`,
+    `board/browse`, `keys/:id`
+  - MCP tools: `meeting_place_start`, `meeting_place_status`
+  - PlaceRouter integrated into existing HttpServer (same pattern as MeetingRouter)
+  - 70 new test assertions
+
+### Fixed
+
+- Add missing `require 'uri'` in MeetingRouter (query string parsing)
+- Rakefile now includes Phase 4A/4B integration tests via `rake test_all`
+
+### Test Results
+
+- **Total**: 356 assertions passed, 0 failed
+- Phase 1–3.85 (existing): 170, Phase 4A: 77, Phase 4B: 70, SkillSet manager: 37
+
+---
+
+## [1.2.0] - 2026-02-22
+
+### Added
+
+- **Phase 1**: SkillSet Plugin Infrastructure
+  - `SkillSetManager` for installing/uninstalling SkillSet packages
+  - SkillSet manifest format (`skillset.json`)
+  - Namespace isolation for SkillSet tools and knowledge
+- **Phase 2**: MMP SkillSet packaging + P2P direct mode
+  - MMP packaged as a self-contained SkillSet
+  - `/meeting/v1/*` HTTP endpoints for P2P communication
+  - `MMP::Identity`, `MMP::MeetingSessionStore`
+- **Phase 3**: Knowledge-only SkillSet exchange via MMP P2P
+  - `SkillExchange` with content hash verification and provenance tracking
+  - `knowledge_only` mode for safe skill sharing
+- **Phase 3.5**: Security fixes and MMP wire protocol specification
+  - Name sanitization, path traversal guard
+  - Extended `knowledge_only` integrity check
+  - MMP wire protocol spec document
+- **Phase 3.7**: Pre-Phase 4 hardening
+  - RSA signature verification for handshake (`Identity#introduce`)
+  - `depends_on` semantic version constraints (`Gem::Requirement`)
+  - `PeerManager` persistence with TOFU trust model
+- **Phase 3.75**: MMP extension infrastructure
+  - Collision detection, extension advertise, core action guard
+- **Phase 3.85**: Pre-merge hardening
+  - `.gitignore`: `*.pem`, `*.pem.pub`, `keys/`
+  - Error message sanitization in HTTP responses
+  - `DEFAULT_HOST` changed from `0.0.0.0` to `127.0.0.1`
+
+### Test Results
+
+- **Total**: 170 assertions passed, 0 failed
+
+---
+
+## [1.0.0] - 2026-02-14
+
+### Added
+
+- Renamed gem from `kairos_mcp` to `kairos-chain`
+- Bundle official L1 knowledge in gem
+- Upgrade migration system (`system_upgrade` tool)
+- htmx-based Admin UI for Streamable HTTP server
+- Claude Code plugin marketplace support
+
+---
+
+## [0.9.0] - 2026-02-12
+
+### Added
+
+- Streamable HTTP transport with Bearer token authentication
+- Puma web server integration
+- Admin UI with L2 Context viewer
+
+---
+
+## [0.1.0] - 2026-01-15
+
+### Added
+
+- Initial release
+- Layered skill architecture (L0/L1/L2)
+- Private blockchain for auditability
+- Skills DSL with Ruby AST
+- MCP (Model Context Protocol) server via stdio
+- Vector search for skills and knowledge (optional RAG)
+- SQLite storage backend (optional)
+- StateCommit for cross-layer auditability
+- Skill promotion with Persona Assembly
+- Tool guide and metadata system
+
+[2.0.0]: https://github.com/masaomi/KairosChain_2026/compare/v1.2.0...v2.0.0
+[1.2.0]: https://github.com/masaomi/KairosChain_2026/compare/v1.0.0...v1.2.0
+[1.0.0]: https://github.com/masaomi/KairosChain_2026/compare/v0.9.0...v1.0.0
+[0.9.0]: https://github.com/masaomi/KairosChain_2026/compare/v0.1.0...v0.9.0
+[0.1.0]: https://github.com/masaomi/KairosChain_2026/releases/tag/v0.1.0

data/lib/kairos_mcp/http_server.rb

@@ -38,7 +38,7 @@ module KairosMcp
       'Cache-Control' => 'no-cache'
     }.freeze
 
-    attr_reader :port, :host, :token_store, :authenticator, :admin_router, :meeting_router
+    attr_reader :port, :host, :token_store, :authenticator, :admin_router, :meeting_router, :place_router
 
     def initialize(port: nil, host: nil, token_store_path: nil)
       http_config = SkillsConfig.load['http'] || {}
@@ -53,6 +53,7 @@ module KairosMcp
       @authenticator = Auth::Authenticator.new(@token_store)
       @admin_router = Admin::Router.new(token_store: @token_store, authenticator: @authenticator)
       @meeting_router = MeetingRouter.new
+      @place_router = nil  # Initialized lazily via meeting_place_start tool
     end
 
     # Start the HTTP server with Puma
@@ -119,6 +120,11 @@ module KairosMcp
           return server.meeting_router.call(env)
         end
 
+        # Hestia Meeting Place endpoints
+        if path.start_with?('/place/')
+          return server.handle_place(env)
+        end
+
         case [request_method, path]
         when ['GET', '/health']
           server.handle_health
@@ -190,6 +196,26 @@ module KairosMcp
                          message: "Internal server error: #{e.message}")
     end
 
+    # Handle /place/* routes via Hestia PlaceRouter
+    def handle_place(env)
+      unless @place_router
+        return json_response(503, error: 'place_not_started',
+                                  message: 'Meeting Place is not started. Use meeting_place_start tool first.')
+      end
+      @place_router.call(env)
+    end
+
+    # Start the Meeting Place (called by meeting_place_start tool)
+    def start_place(identity:, trust_anchor_client: nil)
+      require 'hestia'
+      @place_router = ::Hestia::PlaceRouter.new
+      @place_router.start(
+        identity: identity,
+        session_store: @meeting_router.session_store,
+        trust_anchor_client: trust_anchor_client
+      )
+    end
+
     # -----------------------------------------------------------------------
     # Helpers
     # -----------------------------------------------------------------------

data/lib/kairos_mcp/meeting_router.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'json'
+require 'uri'
 
 module KairosMcp
   # MeetingRouter handles MMP (Model Meeting Protocol) HTTP endpoints
@@ -18,6 +19,7 @@ module KairosMcp
       @protocol = nil
       @identity = nil
       @exchange = nil
+      @session_store = nil
     end
 
     def call(env)
@@ -26,11 +28,21 @@ module KairosMcp
       request_method = env['REQUEST_METHOD']
       path = env['PATH_INFO']
 
+      # Unauthenticated endpoints
       case [request_method, path]
       when ['GET', '/meeting/v1/introduce']
-        handle_get_introduce
+        return handle_get_introduce
       when ['POST', '/meeting/v1/introduce']
-        handle_post_introduce(env)
+        return handle_post_introduce(env)
+      when ['POST', '/meeting/v1/goodbye']
+        return handle_goodbye(env)
+      end
+
+      # All other endpoints require Bearer token authentication
+      auth_result = authenticate_meeting_request!(env)
+      return auth_result unless auth_result.nil?
+
+      case [request_method, path]
       when ['POST', '/meeting/v1/message']
         handle_message(env)
       when ['GET', '/meeting/v1/skills']
@@ -62,6 +74,14 @@ module KairosMcp
       @protocol = nil
     end
 
+    # Public accessor for session store (testing)
+    def session_store
+      @session_store ||= begin
+        require_relative '../../templates/skillsets/mmp/lib/mmp/meeting_session_store'
+        MMP::MeetingSessionStore.new
+      end
+    end
+
     private
 
     def mmp_available?
@@ -137,16 +157,20 @@ module KairosMcp
     end
 
     # POST /meeting/v1/introduce - Receive introduction from peer
+    # If RSA signature verification succeeds, a session token is issued.
     def handle_post_introduce(env)
       body = parse_body(env)
 
       # Signature verification (H2 fix: verify identity if signed)
       verified = false
-      if body['public_key'] && body['identity_signature'] && body['identity']
+      peer_id = body.dig('identity', 'instance_id')
+      public_key = body['public_key']
+
+      if public_key && body['identity_signature'] && body['identity']
         begin
           canonical = JSON.generate(body['identity'], sort_keys: true)
           crypto = MMP::Crypto.new(auto_generate: false)
-          verified = crypto.verify_signature(canonical, body['identity_signature'], body['public_key'])
+          verified = crypto.verify_signature(canonical, body['identity_signature'], public_key)
         rescue StandardError => e
           $stderr.puts "[MeetingRouter] Signature verification failed: #{e.message}"
         end
@@ -154,12 +178,31 @@ module KairosMcp
 
       result = protocol.process_message(body.merge('action' => 'introduce'))
 
-      json_response(200, {
+      response = {
         status: 'received',
         peer_identity: identity.introduce,
         identity_verified: verified,
         result: result
-      })
+      }
+
+      # Issue session token if signature was verified
+      if verified && peer_id
+        token = session_store.create_session(peer_id, public_key)
+        response[:session_token] = token
+      end
+
+      json_response(200, response)
+    end
+
+    # POST /meeting/v1/goodbye - Revoke session token
+    def handle_goodbye(env)
+      token = extract_bearer_token(env)
+      if token
+        session_store.revoke(token)
+        json_response(200, { status: 'goodbye', message: 'Session ended' })
+      else
+        json_response(400, { error: 'no_token', message: 'No session token provided' })
+      end
     end
 
     # POST /meeting/v1/message - Generic MMP message handler
@@ -381,7 +424,46 @@ module KairosMcp
       })
     end
 
-    # Helpers
+    # --- Authentication ---
+
+    # Authenticate a meeting request via Bearer token.
+    # Returns nil if authenticated, or an error response triple if not.
+    def authenticate_meeting_request!(env)
+      token = extract_bearer_token(env)
+
+      unless token
+        return json_response(401, {
+          error: 'authentication_required',
+          message: 'Bearer token required. Use POST /meeting/v1/introduce to obtain a session token.'
+        })
+      end
+
+      peer_id = session_store.validate(token)
+      unless peer_id
+        return json_response(401, {
+          error: 'invalid_or_expired_token',
+          message: 'Session token is invalid or has expired. Re-introduce to obtain a new token.'
+        })
+      end
+
+      unless session_store.check_rate_limit(token)
+        return json_response(429, {
+          error: 'rate_limited',
+          message: 'Too many requests. Please wait before retrying.'
+        })
+      end
+
+      nil # Authentication passed
+    end
+
+    def extract_bearer_token(env)
+      auth_header = env['HTTP_AUTHORIZATION'] || ''
+      return nil unless auth_header.start_with?('Bearer ')
+
+      auth_header.sub('Bearer ', '').strip
+    end
+
+    # --- Helpers ---
 
     def parse_body(env)
       body = env['rack.input']&.read

data/lib/kairos_mcp/protocol.rb

@@ -1,5 +1,6 @@
 require 'json'
 require_relative 'tool_registry'
+require_relative 'skills_config'
 require_relative 'version'
 
 module KairosMcp
@@ -59,7 +60,7 @@ module KairosMcp
       @tool_registry.set_workspace(roots)
       @initialized = true
 
-      {
+      result = {
         protocolVersion: protocol_version,
         capabilities: {
           tools: {
@@ -72,6 +73,42 @@ module KairosMcp
           version: KairosMcp::VERSION
         }
       }
+
+      # Add instructions based on config mode (developer/user/none)
+      instructions = load_instructions
+      result[:instructions] = instructions if instructions
+
+      result
+    end
+
+    # Load instructions based on instructions_mode in config.yml
+    #
+    # @return [String, nil] Instructions text or nil
+    def load_instructions
+      mode = SkillsConfig.load['instructions_mode'] || 'user'
+
+      path = case mode
+             when 'developer'
+               KairosMcp.md_path           # Full philosophy (kairos.md)
+             when 'user'
+               KairosMcp.quickguide_path   # Quick guide (kairos_quickguide.md)
+             when 'none'
+               nil
+             else
+               KairosMcp.quickguide_path   # Default to user mode
+             end
+
+      return nil unless path
+
+      read_if_exists(path)
+    end
+
+    # Read file content if it exists
+    #
+    # @param path [String] File path
+    # @return [String, nil] File content or nil
+    def read_if_exists(path)
+      File.exist?(path) ? File.read(path) : nil
     end
 
     def handle_tools_list

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "1.2.0"
+  VERSION = "2.0.1"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/lib/kairos_mcp.rb

@@ -13,20 +13,22 @@ module KairosMcp
   # Format: [template_relative_path, data_dir_accessor_symbol]
   #
   TEMPLATE_FILES = [
-    ['skills/kairos.rb',         :dsl_path],
-    ['skills/kairos.md',         :md_path],
-    ['skills/config.yml',        :skills_config_path],
-    ['config/safety.yml',        :safety_config_path],
-    ['config/tool_metadata.yml', :tool_metadata_path]
+    ['skills/kairos.rb',              :dsl_path],
+    ['skills/kairos.md',              :md_path],
+    ['skills/kairos_quickguide.md',   :quickguide_path],
+    ['skills/config.yml',             :skills_config_path],
+    ['config/safety.yml',             :safety_config_path],
+    ['config/tool_metadata.yml',      :tool_metadata_path]
   ].freeze
 
   # File type classification for upgrade conflict resolution
   TEMPLATE_FILE_TYPES = {
-    'skills/kairos.rb'         => :l0_dsl,
-    'skills/kairos.md'         => :l0_doc,
-    'skills/config.yml'        => :config_yaml,
-    'config/safety.yml'        => :config_yaml,
-    'config/tool_metadata.yml' => :config_yaml
+    'skills/kairos.rb'              => :l0_dsl,
+    'skills/kairos.md'              => :l0_doc,
+    'skills/kairos_quickguide.md'   => :l0_doc,
+    'skills/config.yml'             => :config_yaml,
+    'config/safety.yml'             => :config_yaml,
+    'config/tool_metadata.yml'      => :config_yaml
   }.freeze
 
   # =========================================================================
@@ -85,6 +87,11 @@ module KairosMcp
       File.join(skills_dir, 'kairos.md')
     end
 
+    # L0 skills quick guide file path (user-facing instructions)
+    def quickguide_path
+      File.join(skills_dir, 'kairos_quickguide.md')
+    end
+
     # L0 skills config file path
     def skills_config_path
       File.join(skills_dir, 'config.yml')

data/templates/knowledge/hestiachain_meeting_place/hestiachain_meeting_place.md

@@ -0,0 +1,147 @@
+---
+name: hestiachain_meeting_place
+description: "HestiaChain Meeting Place — user guide for agent discovery, skill exchange, and trust anchoring"
+version: 2.0
+layer: L1
+tags: [documentation, readme, hestia, meeting-place, p2p, deployment, trust-anchor]
+readme_order: 4.5
+readme_lang: en
+---
+
+## HestiaChain Meeting Place (v2.0.0)
+
+### What is HestiaChain?
+
+HestiaChain is a **trust anchor and meeting place** for KairosChain agents. It is implemented entirely as a SkillSet (the `hestia` SkillSet), preserving KairosChain's principle that new capabilities are expressed as SkillSets rather than core modifications.
+
+HestiaChain provides two functions:
+
+1. **Trust Anchor** — A witness chain that records *that* interactions occurred, without enforcing judgments or determining canonical state
+2. **Meeting Place Server** — A hosted environment where agents discover each other, browse skills, and exchange knowledge via HTTP endpoints
+
+### Architecture
+
+```
+KairosChain (MCP Server)
+├── [core] L0/L1/L2 + private blockchain
+├── [SkillSet: mmp] P2P direct mode, /meeting/v1/*
+└── [SkillSet: hestia] Meeting Place + trust anchor
+      ├── chain/         ← Trust anchor (self-contained, no external gem dependency)
+      ├── PlaceRouter    ← /place/v1/* HTTP endpoints
+      ├── AgentRegistry  ← Agent registration with JSON persistence
+      ├── SkillBoard     ← Skill discovery (random sampling, no ranking)
+      ├── HeartbeatManager ← TTL-based liveness with fadeout recording
+      └── tools/         ← 6 MCP tools
+```
+
+A KairosChain instance with the hestia SkillSet is simultaneously an MCP server, a P2P agent, a Meeting Place host, and a participant in other Meeting Places. This embodies the DEE principle of subject-object undifferentiation (主客未分).
+
+### Quick Start
+
+#### 1. Install the hestia SkillSet
+
+```bash
+# The hestia SkillSet is bundled with the gem.
+# It is installed automatically when you install mmp.
+# To install manually:
+kairos-chain                # Start KairosChain
+# Then in Claude Code / Cursor:
+"Install the hestia SkillSet"
+```
+
+#### 2. Start the Meeting Place
+
+```bash
+# Start HTTP server
+kairos-chain --http --port 8080
+
+# Then in Claude Code / Cursor:
+"Start the Meeting Place"
+# This calls the meeting_place_start tool
+```
+
+#### 3. Test with curl
+
+```bash
+# Place info (no auth required)
+curl -s http://localhost:8080/place/v1/info | python3 -m json.tool
+
+# Register an agent
+curl -s -X POST http://localhost:8080/place/v1/register \
+  -H 'Content-Type: application/json' \
+  -d '{"id":"agent-alpha","name":"Agent Alpha","capabilities":{"supported_actions":["test"]}}'
+
+# Browse the skill board (Bearer token required)
+curl -s -H "Authorization: Bearer $TOKEN" \
+  http://localhost:8080/place/v1/board/browse | python3 -m json.tool
+```
+
+### HTTP Endpoints
+
+| Method | Path | Auth | Description |
+|--------|------|------|-------------|
+| GET | `/place/v1/info` | None | Place metadata and identity |
+| POST | `/place/v1/register` | RSA signature (optional) | Register an agent |
+| POST | `/place/v1/unregister` | Bearer | Unregister an agent |
+| GET | `/place/v1/agents` | Bearer | List registered agents |
+| GET | `/place/v1/board/browse` | Bearer | Browse skill board (random order) |
+| GET | `/place/v1/keys/:id` | Bearer | Retrieve agent's public key |
+
+### MCP Tools
+
+| Tool | Description |
+|------|-------------|
+| `chain_migrate_status` | Show current backend stage and available migrations |
+| `chain_migrate_execute` | Migrate chain to next backend stage |
+| `philosophy_anchor` | Declare exchange philosophy (hash recorded on chain) |
+| `record_observation` | Record subjective observation of interaction |
+| `meeting_place_start` | Start the Meeting Place, initialize components |
+| `meeting_place_status` | Show Meeting Place configuration and status |
+
+### Trust Anchor: Chain Migration
+
+HestiaChain's trust anchor supports a 4-stage backend progression:
+
+| Stage | Backend | Use Case |
+|-------|---------|----------|
+| 0 | In-memory | Development and testing |
+| 1 | Private JSON file | Production-ready, self-hosted |
+| 2 | Public testnet (Base Sepolia) | Cross-instance verification |
+| 3 | Public mainnet | Full decentralization |
+
+Use `chain_migrate_status` to check and `chain_migrate_execute` to advance.
+
+### DEE Philosophy Protocol
+
+HestiaChain implements the Decentralized Event Exchange (DEE) protocol:
+
+- **PhilosophyDeclaration**: Agents declare their exchange philosophy (observable, not enforceable). Only the hash is recorded on chain.
+- **ObservationLog**: Agents record subjective observations. Multiple agents can have different observations of the same interaction — "meaning coexists."
+- **Fadeout**: When an agent's heartbeat expires, this is recorded as a first-class event (not an error). Silent departure is a natural part of the protocol.
+- **Random Sampling**: The SkillBoard returns skills in random order. There is no ranking, no scoring, no popularity metric.
+
+### EC2 Deployment
+
+To host a public Meeting Place on AWS EC2:
+
+```bash
+# Install
+gem install kairos-chain
+
+# Initialize
+kairos-chain init ~/.kairos
+
+# Start (bind to all interfaces for external access)
+KAIROS_HOST=0.0.0.0 KAIROS_PORT=8080 kairos-chain --http
+```
+
+For production, use a reverse proxy (Caddy/nginx) for TLS:
+
+```
+# Caddyfile example
+kairos.example.com {
+    reverse_proxy localhost:8080
+}
+```
+
+For detailed DEE protocol internals, install the hestia SkillSet and refer to its bundled knowledge (`hestia_meeting_place`).