protocol-zmtp 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6eac99ed3115e12e24bfc7545fd235cbeddecf9acbf6e80363247f6d85c1ed37
+  data.tar.gz: 58f81f079d7b5785baf7fa8b15f00224ac93c9505ed2f0b00d9f6bcc12147f55
+SHA512:
+  metadata.gz: ff813236409d769b319b712c120995ed1bbf5e0c51dcb772a9a3e86f3130a379a1aac64843425e67a76277f91e4c74b44450b4fbe60e5a8f1173bdefa051d50c
+  data.tar.gz: 208791933fd0006915a7155ba0a18c32ec81f84854df0d77f39314e598fcc4fad3b1eb69cc341365685a3eae55928c662d767bce4331d5958c2e8d8039e84fc5

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2026, Patrik Wenger
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

data/README.md

@@ -0,0 +1,61 @@
+# Protocol::ZMTP
+
+[![Gem Version](https://img.shields.io/gem/v/protocol-zmtp)](https://rubygems.org/gems/protocol-zmtp)
+[![CI](https://github.com/paddor/protocol-zmtp/actions/workflows/ci.yml/badge.svg)](https://github.com/paddor/protocol-zmtp/actions/workflows/ci.yml)
+
+ZMTP 3.1 wire protocol — codec, connection, NULL and CURVE mechanisms.
+No runtime dependencies.
+
+## What's in the box
+
+- **Codec::Frame** — ZMTP frame encode/decode (flags, size, body)
+- **Codec::Greeting** — 64-byte greeting exchange
+- **Codec::Command** — READY, PING/PONG, SUBSCRIBE, etc.
+- **Connection** — per-connection frame I/O, handshake, PING/PONG
+- **Mechanism::Null** — NULL security (no encryption)
+- **Mechanism::Curve** — CurveZMQ (RFC 26) with pluggable crypto backend
+- **Z85** — ZeroMQ RFC 32 encoding
+
+## Usage
+
+```ruby
+require "protocol/zmtp"
+
+# NULL mechanism — no encryption
+conn = Protocol::ZMTP::Connection.new(
+  io,
+  socket_type: "REQ",
+  mechanism: Protocol::ZMTP::Mechanism::Null.new,
+)
+conn.handshake!
+conn.send_message(["hello"])
+msg = conn.receive_message
+
+# CURVE mechanism — pass any NaCl-compatible backend
+require "protocol/zmtp/mechanism/curve"
+require "nuckle"  # or: require "rbnacl"
+
+server_mech = Protocol::ZMTP::Mechanism::Curve.server(
+  public_key, secret_key, crypto: Nuckle,
+)
+```
+
+## CURVE crypto backend
+
+`Mechanism::Curve` accepts a `crypto:` parameter — any module that
+provides the NaCl API:
+
+```ruby
+# RbNaCl (libsodium, fast, constant-time)
+Protocol::ZMTP::Mechanism::Curve.server(pub, sec, crypto: RbNaCl)
+
+# Nuckle (pure Ruby, no C dependencies, don't use in production)
+Protocol::ZMTP::Mechanism::Curve.server(pub, sec, crypto: Nuckle)
+```
+
+The backend must provide: `PrivateKey`, `PublicKey`, `Box`, `SecretBox`,
+`Random`, `Util`, and `CryptoError`.
+
+## License
+
+ISC

data/lib/protocol/zmtp/codec/command.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    module Codec
+      # ZMTP command encode/decode.
+      #
+      # Command frame body format:
+      #   1 byte:    command name length
+      #   N bytes:   command name
+      #   remaining: command data
+      #
+      # READY command data = property list:
+      #   1 byte:  property name length
+      #   N bytes: property name
+      #   4 bytes: property value length (big-endian)
+      #   N bytes: property value
+      #
+      class Command
+        # @return [String] command name (e.g. "READY", "SUBSCRIBE")
+        attr_reader :name
+
+        # @return [String] command data (binary)
+        attr_reader :data
+
+        # @param name [String] command name
+        # @param data [String] command data
+        def initialize(name, data = "".b)
+          @name = name
+          @data = data.b
+        end
+
+        # Encodes as a command frame body.
+        #
+        # @return [String] binary body (name-length + name + data)
+        def to_body
+          name_bytes = @name.b
+          name_bytes.bytesize.chr.b + name_bytes + @data
+        end
+
+        # Encodes as a complete command Frame.
+        #
+        # @return [Frame]
+        def to_frame
+          Frame.new(to_body, command: true)
+        end
+
+        # Decodes a command from a frame body.
+        #
+        # @param body [String] binary frame body
+        # @return [Command]
+        # @raise [Error] on malformed command
+        def self.from_body(body)
+          body = body.b
+          raise Error, "command body too short" if body.bytesize < 1
+
+          name_len = body.getbyte(0)
+
+          raise Error, "command name truncated" if body.bytesize < 1 + name_len
+
+          name = body.byteslice(1, name_len)
+          data = body.byteslice(1 + name_len..)
+          new(name, data)
+        end
+
+        # Builds a READY command with Socket-Type and Identity properties.
+        def self.ready(socket_type:, identity: "")
+          props = encode_properties(
+            "Socket-Type" => socket_type,
+            "Identity"    => identity,
+          )
+          new("READY", props)
+        end
+
+        # Builds a SUBSCRIBE command.
+        def self.subscribe(prefix)
+          new("SUBSCRIBE", prefix.b)
+        end
+
+        # Builds a CANCEL command (unsubscribe).
+        def self.cancel(prefix)
+          new("CANCEL", prefix.b)
+        end
+
+        # Builds a JOIN command (RADIO/DISH group subscription).
+        def self.join(group)
+          new("JOIN", group.b)
+        end
+
+        # Builds a LEAVE command (RADIO/DISH group unsubscription).
+        def self.leave(group)
+          new("LEAVE", group.b)
+        end
+
+        # Builds a PING command.
+        #
+        # @param ttl [Numeric] time-to-live in seconds (sent as deciseconds)
+        # @param context [String] optional context bytes (up to 16 bytes)
+        def self.ping(ttl: 0, context: "".b)
+          ttl_ds = (ttl * 10).to_i
+          new("PING", [ttl_ds].pack("n") + context.b)
+        end
+
+        # Builds a PONG command.
+        def self.pong(context: "".b)
+          new("PONG", context.b)
+        end
+
+        # Extracts TTL (in seconds) and context from a PING command's data.
+        #
+        # @return [Array(Numeric, String)] [ttl_seconds, context_bytes]
+        def ping_ttl_and_context
+          ttl_ds  = @data.unpack1("n")
+          context = @data.bytesize > 2 ? @data.byteslice(2..) : "".b
+          [ttl_ds / 10.0, context]
+        end
+
+        # Parses READY command data as a property list.
+        def properties
+          self.class.decode_properties(@data)
+        end
+
+        # Encodes a hash of properties into ZMTP property list format.
+        def self.encode_properties(props)
+          parts = props.map do |name, value|
+            name_bytes  = name.b
+            value_bytes = value.b
+            name_bytes.bytesize.chr.b + name_bytes + [value_bytes.bytesize].pack("N") + value_bytes
+          end
+          parts.join
+        end
+
+        # Decodes a ZMTP property list from binary data.
+        def self.decode_properties(data)
+          result = {}
+          offset = 0
+
+          while offset < data.bytesize
+            raise Error, "property name truncated" if offset + 1 > data.bytesize
+            name_len = data.getbyte(offset)
+            offset += 1
+
+            raise Error, "property name truncated" if offset + name_len > data.bytesize
+            name = data.byteslice(offset, name_len)
+            offset += name_len
+
+            raise Error, "property value length truncated" if offset + 4 > data.bytesize
+            value_len = data.byteslice(offset, 4).unpack1("N")
+            offset += 4
+
+            raise Error, "property value truncated" if offset + value_len > data.bytesize
+            value = data.byteslice(offset, value_len)
+            offset += value_len
+
+            result[name] = value
+          end
+
+          result
+        end
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/codec/frame.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    module Codec
+      # ZMTP frame encode/decode.
+      #
+      # Wire format:
+      #   Byte 0:   flags (bit 0=MORE, bit 1=LONG, bit 2=COMMAND)
+      #   Next 1-8: size (1-byte if short, 8-byte big-endian if LONG)
+      #   Next N:   body
+      #
+      class Frame
+        FLAGS_MORE    = 0x01
+        FLAGS_LONG    = 0x02
+        FLAGS_COMMAND = 0x04
+
+        # Short frame: 1-byte size, max body 255 bytes.
+        SHORT_MAX = 255
+
+        # @return [String] frame body (binary)
+        attr_reader :body
+
+        # @param body [String] frame body
+        # @param more [Boolean] more frames follow
+        # @param command [Boolean] this is a command frame
+        def initialize(body, more: false, command: false)
+          @body    = body.b
+          @more    = more
+          @command = command
+        end
+
+        # @return [Boolean] true if more frames follow in this message
+        def more?    = @more
+
+        # @return [Boolean] true if this is a command frame
+        def command? = @command
+
+        # Encodes to wire bytes.
+        #
+        # @return [String] binary wire representation (flags + size + body)
+        def to_wire
+          size  = @body.bytesize
+          flags = 0
+          flags |= FLAGS_MORE if @more
+          flags |= FLAGS_COMMAND if @command
+
+          if size > SHORT_MAX
+            (flags | FLAGS_LONG).chr.b + [size].pack("Q>") + @body
+          else
+            flags.chr.b + size.chr.b + @body
+          end
+        end
+
+        # Reads one frame from an IO-like object.
+        #
+        # @param io [#read_exactly] must support read_exactly(n)
+        # @return [Frame]
+        # @raise [Error] on invalid frame
+        # @raise [EOFError] if the connection is closed
+        def self.read_from(io)
+          flags = io.read_exactly(1).getbyte(0)
+
+          more    = (flags & FLAGS_MORE) != 0
+          long    = (flags & FLAGS_LONG) != 0
+          command = (flags & FLAGS_COMMAND) != 0
+
+          size = if long
+                   io.read_exactly(8).unpack1("Q>")
+                 else
+                   io.read_exactly(1).getbyte(0)
+                 end
+
+          body = size > 0 ? io.read_exactly(size) : "".b
+
+          new(body, more: more, command: command)
+        end
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/codec/greeting.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    module Codec
+      # ZMTP 3.1 greeting encode/decode.
+      #
+      # The greeting is always exactly 64 bytes:
+      #   Offset  Bytes  Field
+      #   0       1      0xFF (signature start)
+      #   1-8     8      0x00 padding
+      #   9       1      0x7F (signature end)
+      #   10      1      major version
+      #   11      1      minor version
+      #   12-31   20     mechanism (null-padded ASCII)
+      #   32      1      as-server flag (0x00 or 0x01)
+      #   33-63   31     filler (0x00)
+      #
+      module Greeting
+        SIZE             = 64
+        SIGNATURE_START  = 0xFF
+        SIGNATURE_END    = 0x7F
+        VERSION_MAJOR    = 3
+        VERSION_MINOR    = 1
+        MECHANISM_OFFSET = 12
+        MECHANISM_LENGTH = 20
+        AS_SERVER_OFFSET = 32
+
+        # Encodes a ZMTP 3.1 greeting.
+        #
+        # @param mechanism [String] security mechanism name (e.g. "NULL")
+        # @param as_server [Boolean] whether this peer is the server
+        # @return [String] 64-byte binary greeting
+        def self.encode(mechanism: "NULL", as_server: false)
+          buf = "\xFF".b + ("\x00" * 8) + "\x7F".b
+          buf << [VERSION_MAJOR, VERSION_MINOR].pack("CC")
+          buf << mechanism.b.ljust(MECHANISM_LENGTH, "\x00")
+          buf << (as_server ? "\x01" : "\x00")
+          buf << ("\x00" * 31)
+        end
+
+        # Decodes a ZMTP greeting.
+        #
+        # @param data [String] 64-byte binary greeting
+        # @return [Hash] { major:, minor:, mechanism:, as_server: }
+        # @raise [Error] on invalid greeting
+        def self.decode(data)
+          raise Error, "greeting too short (#{data.bytesize} bytes)" if data.bytesize < SIZE
+
+          data = data.b
+
+          unless data.getbyte(0) == SIGNATURE_START && data.getbyte(9) == SIGNATURE_END
+            raise Error, "invalid greeting signature"
+          end
+
+          major = data.getbyte(10)
+          minor = data.getbyte(11)
+
+          unless major >= 3
+            raise Error, "unsupported ZMTP version #{major}.#{minor} (need >= 3.0)"
+          end
+
+          mechanism = data.byteslice(MECHANISM_OFFSET, MECHANISM_LENGTH).delete("\x00")
+          as_server = data.getbyte(AS_SERVER_OFFSET) == 1
+
+          {
+            major:     major,
+            minor:     minor,
+            mechanism: mechanism,
+            as_server: as_server,
+          }
+        end
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/codec.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    # ZMTP 3.1 wire protocol codec.
+    module Codec
+    end
+  end
+end
+
+require_relative "codec/greeting"
+require_relative "codec/frame"
+require_relative "codec/command"

data/lib/protocol/zmtp/connection.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    # Manages one ZMTP peer connection over any transport IO.
+    #
+    # Delegates the security handshake to a Mechanism object (Null, Curve, etc.),
+    # then provides message send/receive and command send/receive on top of the
+    # framing codec.
+    #
+    # Heartbeat timing is tracked but not driven — the caller (e.g. an engine)
+    # is responsible for periodically sending PINGs and checking expiry.
+    #
+    class Connection
+      # @return [String] peer's socket type (from READY handshake)
+      attr_reader :peer_socket_type
+
+      # @return [String] peer's identity (from READY handshake)
+      attr_reader :peer_identity
+
+      # @return [Object] transport IO (#read_exactly, #write, #flush, #close)
+      attr_reader :io
+
+      # @return [Float, nil] monotonic timestamp of last received frame
+      attr_reader :last_received_at
+
+      # @param io [#read_exactly, #write, #flush, #close] transport IO
+      # @param socket_type [String] our socket type name (e.g. "REQ")
+      # @param identity [String] our identity
+      # @param as_server [Boolean] whether we are the server side
+      # @param mechanism [Mechanism::Null, Mechanism::Curve] security mechanism
+      # @param max_message_size [Integer, nil] max frame size in bytes, nil = unlimited
+      def initialize(io, socket_type:, identity: "", as_server: false,
+                     mechanism: nil, max_message_size: nil)
+        @io               = io
+        @socket_type      = socket_type
+        @identity         = identity
+        @as_server        = as_server
+        @mechanism        = mechanism || Mechanism::Null.new
+        @peer_socket_type = nil
+        @peer_identity    = nil
+        @mutex            = Mutex.new
+        @max_message_size = max_message_size
+        @last_received_at = nil
+      end
+
+      # Performs the full ZMTP handshake via the configured mechanism.
+      #
+      # @return [void]
+      # @raise [Error] on handshake failure
+      def handshake!
+        result = @mechanism.handshake!(
+          @io,
+          as_server:   @as_server,
+          socket_type: @socket_type,
+          identity:    @identity,
+        )
+
+        @peer_socket_type = result[:peer_socket_type]
+        @peer_identity    = result[:peer_identity]
+
+        unless @peer_socket_type
+          raise Error, "peer READY missing Socket-Type"
+        end
+
+        unless VALID_PEERS[@socket_type.to_sym]&.include?(@peer_socket_type.to_sym)
+          raise Error,
+                "incompatible socket types: #{@socket_type} cannot connect to #{@peer_socket_type}"
+        end
+      end
+
+      # Sends a multi-frame message (write + flush).
+      #
+      # @param parts [Array<String>] message frames
+      # @return [void]
+      def send_message(parts)
+        @mutex.synchronize do
+          write_frames(parts)
+          @io.flush
+        end
+      end
+
+      # Writes a multi-frame message to the buffer without flushing.
+      # Call {#flush} after batching writes.
+      #
+      # @param parts [Array<String>] message frames
+      # @return [void]
+      def write_message(parts)
+        @mutex.synchronize do
+          write_frames(parts)
+        end
+      end
+
+      # Flushes the write buffer to the underlying IO.
+      def flush
+        @mutex.synchronize do
+          @io.flush
+        end
+      end
+
+      # Receives a multi-frame message.
+      # PING/PONG commands are handled automatically by #read_frame.
+      #
+      # @return [Array<String>] message frames
+      # @raise [EOFError] if connection is closed
+      def receive_message
+        frames = []
+        loop do
+          frame = read_frame
+          if frame.command?
+            yield frame if block_given?
+            next
+          end
+          frames << frame.body.freeze
+          break unless frame.more?
+        end
+        frames.freeze
+      end
+
+      # Sends a command.
+      #
+      # @param command [Codec::Command]
+      # @return [void]
+      def send_command(command)
+        @mutex.synchronize do
+          if @mechanism.encrypted?
+            @io.write(@mechanism.encrypt(command.to_body, command: true))
+          else
+            @io.write(command.to_frame.to_wire)
+          end
+          @io.flush
+        end
+      end
+
+      # Reads one frame from the wire. Handles PING/PONG automatically.
+      # When using an encrypted mechanism, MESSAGE commands are decrypted
+      # back to ZMTP frames transparently.
+      #
+      # @return [Codec::Frame]
+      # @raise [EOFError] if connection is closed
+      def read_frame
+        loop do
+          frame = Codec::Frame.read_from(@io)
+          touch_heartbeat
+
+          if @mechanism.encrypted? && frame.body.bytesize > 8 && frame.body.byteslice(0, 8) == "\x07MESSAGE".b
+            frame = @mechanism.decrypt(frame)
+          end
+
+          if @max_message_size && !frame.command? && frame.body.bytesize > @max_message_size
+            close
+            raise Error, "frame size #{frame.body.bytesize} exceeds max_message_size #{@max_message_size}"
+          end
+
+          if frame.command?
+            cmd = Codec::Command.from_body(frame.body)
+            case cmd.name
+            when "PING"
+              _, context = cmd.ping_ttl_and_context
+              send_command(Codec::Command.pong(context: context))
+              next
+            when "PONG"
+              next
+            end
+          end
+          return frame
+        end
+      end
+
+      # Records that a frame was received (for heartbeat expiry tracking).
+      def touch_heartbeat
+        @last_received_at = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      end
+
+      # Returns true if no frame has been received within +timeout+ seconds.
+      #
+      # @param timeout [Numeric] seconds
+      # @return [Boolean]
+      def heartbeat_expired?(timeout)
+        return false unless @last_received_at
+        (Process.clock_gettime(Process::CLOCK_MONOTONIC) - @last_received_at) > timeout
+      end
+
+      # Closes the connection.
+      def close
+        @io.close
+      rescue IOError
+        # already closed
+      end
+
+      private
+
+      # Writes message parts as ZMTP frames, encrypting if needed.
+      def write_frames(parts)
+        parts.each_with_index do |part, i|
+          more = i < parts.size - 1
+          if @mechanism.encrypted?
+            @io.write(@mechanism.encrypt(part.b, more: more))
+          else
+            @io.write(Codec::Frame.new(part, more: more).to_wire)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/error.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    # Raised on ZMTP protocol violations.
+    class Error < RuntimeError; end
+  end
+end

data/lib/protocol/zmtp/mechanism/curve.rb

@@ -0,0 +1,467 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    module Mechanism
+      # CurveZMQ security mechanism (RFC 26).
+      #
+      # Provides Curve25519-XSalsa20-Poly1305 encryption and authentication
+      # for ZMTP 3.1 connections.
+      #
+      # Crypto-backend-agnostic: pass any module that provides the NaCl API
+      # (RbNaCl or Nuckle) via the +crypto:+ parameter.
+      #
+      # The crypto backend must provide:
+      #   backend::PrivateKey.new(bytes) / .generate
+      #   backend::PublicKey.new(bytes)
+      #   backend::Box.new(peer_pub, my_secret)  → #encrypt(nonce, pt) / #decrypt(nonce, ct)
+      #   backend::SecretBox.new(key)             → #encrypt(nonce, pt) / #decrypt(nonce, ct)
+      #   backend::Random.random_bytes(n)
+      #   backend::Util.verify32(a, b) / .verify64(a, b)
+      #   backend::CryptoError (exception class)
+      #
+      class Curve
+        MECHANISM_NAME = "CURVE"
+
+        # Nonce prefixes.
+        NONCE_PREFIX_HELLO     = "CurveZMQHELLO---"
+        NONCE_PREFIX_WELCOME   = "WELCOME-"
+        NONCE_PREFIX_INITIATE  = "CurveZMQINITIATE"
+        NONCE_PREFIX_READY     = "CurveZMQREADY---"
+        NONCE_PREFIX_MESSAGE_C = "CurveZMQMESSAGEC"
+        NONCE_PREFIX_MESSAGE_S = "CurveZMQMESSAGES"
+        NONCE_PREFIX_VOUCH     = "VOUCH---"
+        NONCE_PREFIX_COOKIE    = "COOKIE--"
+
+        BOX_OVERHEAD = 16
+        MAX_NONCE    = (2**64) - 1
+
+        # Creates a CURVE server mechanism.
+        #
+        # @param public_key [String] 32 bytes
+        # @param secret_key [String] 32 bytes
+        # @param crypto [Module] NaCl-compatible backend (RbNaCl or Nuckle)
+        # @param authenticator [#include?, #call, nil] client key authenticator
+        # @return [Curve]
+        def self.server(public_key, secret_key, crypto:, authenticator: nil)
+          new(public_key:, secret_key:, crypto:, as_server: true, authenticator:)
+        end
+
+        # Creates a CURVE client mechanism.
+        #
+        # @param public_key [String] 32 bytes
+        # @param secret_key [String] 32 bytes
+        # @param server_key [String] 32 bytes
+        # @param crypto [Module] NaCl-compatible backend (RbNaCl or Nuckle)
+        # @return [Curve]
+        def self.client(public_key, secret_key, server_key:, crypto:)
+          new(public_key:, secret_key:, server_key:, crypto:, as_server: false)
+        end
+
+        def initialize(server_key: nil, public_key:, secret_key:, crypto:, as_server: false, authenticator: nil)
+          validate_key!(public_key, "public_key")
+          validate_key!(secret_key, "secret_key")
+
+          @crypto           = crypto
+          @permanent_public = crypto::PublicKey.new(public_key.b)
+          @permanent_secret = crypto::PrivateKey.new(secret_key.b)
+          @as_server        = as_server
+          @authenticator    = authenticator
+
+          if as_server
+            @cookie_key = crypto::Random.random_bytes(32)
+          else
+            validate_key!(server_key, "server_key")
+            @server_public = crypto::PublicKey.new(server_key.b)
+          end
+
+          @session_box = nil
+          @send_nonce  = 0
+          @recv_nonce  = -1
+        end
+
+        def initialize_dup(source)
+          super
+          @session_box    = nil
+          @send_nonce     = 0
+          @recv_nonce     = -1
+          @send_nonce_buf = nil
+          @recv_nonce_buf = nil
+        end
+
+        def encrypted? = true
+
+        def handshake!(io, as_server:, socket_type:, identity:)
+          if @as_server
+            server_handshake!(io, socket_type:, identity:)
+          else
+            client_handshake!(io, socket_type:, identity:)
+          end
+        end
+
+        def encrypt(body, more: false, command: false)
+          flags = 0
+          flags |= 0x01 if more
+          flags |= 0x04 if command
+
+          plaintext = String.new(encoding: Encoding::BINARY, capacity: 1 + body.bytesize)
+          plaintext << flags << body
+
+          nonce       = make_send_nonce
+          ciphertext  = @session_box.encrypt(nonce, plaintext)
+          short_nonce = nonce.byteslice(16, 8)
+
+          msg_body_size = 16 + ciphertext.bytesize
+          if msg_body_size > 255
+            wire = String.new(encoding: Encoding::BINARY, capacity: 9 + msg_body_size)
+            wire << "\x02" << [msg_body_size].pack("Q>")
+          else
+            wire = String.new(encoding: Encoding::BINARY, capacity: 2 + msg_body_size)
+            wire << "\x00" << msg_body_size
+          end
+          wire << "\x07MESSAGE" << short_nonce << ciphertext
+        end
+
+        MESSAGE_PREFIX      = "\x07MESSAGE".b.freeze
+        MESSAGE_PREFIX_SIZE = MESSAGE_PREFIX.bytesize
+
+        def decrypt(frame)
+          body = frame.body
+          unless body.start_with?(MESSAGE_PREFIX)
+            raise Error, "expected MESSAGE command"
+          end
+
+          data = body.byteslice(MESSAGE_PREFIX_SIZE..)
+          raise Error, "MESSAGE too short" if data.bytesize < 8 + BOX_OVERHEAD
+
+          short_nonce = data.byteslice(0, 8)
+          ciphertext  = data.byteslice(8..)
+
+          nonce_value = short_nonce.unpack1("Q>")
+          unless nonce_value > @recv_nonce
+            raise Error, "MESSAGE nonce not strictly incrementing"
+          end
+          @recv_nonce = nonce_value
+
+          @recv_nonce_buf[16, 8] = short_nonce
+          begin
+            plaintext = @session_box.decrypt(@recv_nonce_buf, ciphertext)
+          rescue @crypto::CryptoError
+            raise Error, "MESSAGE decryption failed"
+          end
+
+          flags = plaintext.getbyte(0)
+          body  = plaintext.byteslice(1..) || "".b
+          Codec::Frame.new(body, more: (flags & 0x01) != 0, command: (flags & 0x04) != 0)
+        end
+
+        private
+
+        # ----------------------------------------------------------------
+        # Client-side handshake
+        # ----------------------------------------------------------------
+
+        def client_handshake!(io, socket_type:, identity:)
+          cn_secret = @crypto::PrivateKey.generate
+          cn_public = cn_secret.public_key
+
+          io.write(Codec::Greeting.encode(mechanism: MECHANISM_NAME, as_server: false))
+          io.flush
+          peer_greeting = Codec::Greeting.decode(io.read_exactly(Codec::Greeting::SIZE))
+          unless peer_greeting[:mechanism] == MECHANISM_NAME
+            raise Error, "expected CURVE mechanism, got #{peer_greeting[:mechanism]}"
+          end
+
+          # --- HELLO ---
+          short_nonce = [1].pack("Q>")
+          nonce       = NONCE_PREFIX_HELLO + short_nonce
+          hello_box   = @crypto::Box.new(@server_public, cn_secret)
+          signature   = hello_box.encrypt(nonce, "\x00" * 64)
+
+          hello = "".b
+          hello << "\x05HELLO"
+          hello << "\x01\x00"
+          hello << ("\x00" * 72)
+          hello << cn_public.to_s
+          hello << short_nonce
+          hello << signature
+
+          io.write(Codec::Frame.new(hello, command: true).to_wire)
+          io.flush
+
+          # --- Read WELCOME ---
+          welcome_frame = Codec::Frame.read_from(io)
+          raise Error, "expected command frame" unless welcome_frame.command?
+          welcome_cmd = Codec::Command.from_body(welcome_frame.body)
+          raise Error, "expected WELCOME, got #{welcome_cmd.name}" unless welcome_cmd.name == "WELCOME"
+
+          wdata = welcome_cmd.data
+          raise Error, "WELCOME wrong size" unless wdata.bytesize == 16 + 144
+
+          w_short_nonce = wdata.byteslice(0, 16)
+          w_box_data    = wdata.byteslice(16, 144)
+          w_nonce       = NONCE_PREFIX_WELCOME + w_short_nonce
+
+          begin
+            w_plaintext = @crypto::Box.new(@server_public, cn_secret).decrypt(w_nonce, w_box_data)
+          rescue @crypto::CryptoError
+            raise Error, "WELCOME decryption failed"
+          end
+
+          sn_public = @crypto::PublicKey.new(w_plaintext.byteslice(0, 32))
+          cookie    = w_plaintext.byteslice(32, 96)
+
+          session = @crypto::Box.new(sn_public, cn_secret)
+
+          # --- INITIATE ---
+          vouch_nonce     = NONCE_PREFIX_VOUCH + @crypto::Random.random_bytes(16)
+          vouch_plaintext = cn_public.to_s + @server_public.to_s
+          vouch           = @crypto::Box.new(sn_public, @permanent_secret).encrypt(vouch_nonce, vouch_plaintext)
+
+          metadata = Codec::Command.encode_properties(
+            "Socket-Type" => socket_type,
+            "Identity"    => identity,
+          )
+
+          initiate_box_plaintext = "".b
+          initiate_box_plaintext << @permanent_public.to_s
+          initiate_box_plaintext << vouch_nonce.byteslice(8, 16)
+          initiate_box_plaintext << vouch
+          initiate_box_plaintext << metadata
+
+          init_short_nonce = [1].pack("Q>")
+          init_nonce       = NONCE_PREFIX_INITIATE + init_short_nonce
+          init_ciphertext  = session.encrypt(init_nonce, initiate_box_plaintext)
+
+          initiate = "".b
+          initiate << "\x08INITIATE"
+          initiate << cookie
+          initiate << init_short_nonce
+          initiate << init_ciphertext
+
+          io.write(Codec::Frame.new(initiate, command: true).to_wire)
+          io.flush
+
+          # --- Read READY ---
+          ready_frame = Codec::Frame.read_from(io)
+          raise Error, "expected command frame" unless ready_frame.command?
+          ready_cmd = Codec::Command.from_body(ready_frame.body)
+          raise Error, "expected READY, got #{ready_cmd.name}" unless ready_cmd.name == "READY"
+
+          rdata = ready_cmd.data
+          raise Error, "READY too short" if rdata.bytesize < 8 + BOX_OVERHEAD
+
+          r_short_nonce = rdata.byteslice(0, 8)
+          r_ciphertext  = rdata.byteslice(8..)
+          r_nonce       = NONCE_PREFIX_READY + r_short_nonce
+
+          begin
+            r_plaintext = session.decrypt(r_nonce, r_ciphertext)
+          rescue @crypto::CryptoError
+            raise Error, "READY decryption failed"
+          end
+
+          props            = Codec::Command.decode_properties(r_plaintext)
+          peer_socket_type = props["Socket-Type"]
+          peer_identity    = props["Identity"] || ""
+
+          @session_box = session
+          @send_nonce  = 1
+          @recv_nonce  = 0
+          init_nonce_buffers!
+
+          { peer_socket_type: peer_socket_type, peer_identity: peer_identity }
+        end
+
+        # ----------------------------------------------------------------
+        # Server-side handshake
+        # ----------------------------------------------------------------
+
+        def server_handshake!(io, socket_type:, identity:)
+          io.write(Codec::Greeting.encode(mechanism: MECHANISM_NAME, as_server: true))
+          io.flush
+          peer_greeting = Codec::Greeting.decode(io.read_exactly(Codec::Greeting::SIZE))
+          unless peer_greeting[:mechanism] == MECHANISM_NAME
+            raise Error, "expected CURVE mechanism, got #{peer_greeting[:mechanism]}"
+          end
+
+          # --- Read HELLO ---
+          hello_frame = Codec::Frame.read_from(io)
+          raise Error, "expected command frame" unless hello_frame.command?
+          hello_cmd = Codec::Command.from_body(hello_frame.body)
+          raise Error, "expected HELLO, got #{hello_cmd.name}" unless hello_cmd.name == "HELLO"
+
+          hdata = hello_cmd.data
+          raise Error, "HELLO wrong size (#{hdata.bytesize})" unless hdata.bytesize == 194
+
+          cn_public     = @crypto::PublicKey.new(hdata.byteslice(74, 32))
+          h_short_nonce = hdata.byteslice(106, 8)
+          h_signature   = hdata.byteslice(114, 80)
+
+          h_nonce = NONCE_PREFIX_HELLO + h_short_nonce
+          begin
+            plaintext = @crypto::Box.new(cn_public, @permanent_secret).decrypt(h_nonce, h_signature)
+          rescue @crypto::CryptoError
+            raise Error, "HELLO signature verification failed"
+          end
+          unless @crypto::Util.verify64(plaintext, "\x00" * 64)
+            raise Error, "HELLO signature content invalid"
+          end
+
+          # --- WELCOME ---
+          sn_secret = @crypto::PrivateKey.generate
+          sn_public = sn_secret.public_key
+
+          cookie_nonce     = NONCE_PREFIX_COOKIE + @crypto::Random.random_bytes(16)
+          cookie_plaintext = cn_public.to_s + sn_secret.to_s
+          cookie           = cookie_nonce.byteslice(8, 16) +
+                             @crypto::SecretBox.new(@cookie_key).encrypt(cookie_nonce, cookie_plaintext)
+
+          w_plaintext   = sn_public.to_s + cookie
+          w_short_nonce = @crypto::Random.random_bytes(16)
+          w_nonce       = NONCE_PREFIX_WELCOME + w_short_nonce
+          w_ciphertext  = @crypto::Box.new(cn_public, @permanent_secret).encrypt(w_nonce, w_plaintext)
+
+          welcome = "".b
+          welcome << "\x07WELCOME"
+          welcome << w_short_nonce
+          welcome << w_ciphertext
+
+          io.write(Codec::Frame.new(welcome, command: true).to_wire)
+          io.flush
+
+          # --- Read INITIATE ---
+          init_frame = Codec::Frame.read_from(io)
+          raise Error, "expected command frame" unless init_frame.command?
+          init_cmd = Codec::Command.from_body(init_frame.body)
+          raise Error, "expected INITIATE, got #{init_cmd.name}" unless init_cmd.name == "INITIATE"
+
+          idata = init_cmd.data
+          raise Error, "INITIATE too short" if idata.bytesize < 96 + 8 + BOX_OVERHEAD
+
+          recv_cookie   = idata.byteslice(0, 96)
+          i_short_nonce = idata.byteslice(96, 8)
+          i_ciphertext  = idata.byteslice(104..)
+
+          cookie_short_nonce   = recv_cookie.byteslice(0, 16)
+          cookie_ciphertext    = recv_cookie.byteslice(16, 80)
+          cookie_decrypt_nonce = NONCE_PREFIX_COOKIE + cookie_short_nonce
+          begin
+            cookie_contents = @crypto::SecretBox.new(@cookie_key).decrypt(cookie_decrypt_nonce, cookie_ciphertext)
+          rescue @crypto::CryptoError
+            raise Error, "INITIATE cookie verification failed"
+          end
+
+          cn_public = @crypto::PublicKey.new(cookie_contents.byteslice(0, 32))
+          sn_secret = @crypto::PrivateKey.new(cookie_contents.byteslice(32, 32))
+
+          session = @crypto::Box.new(cn_public, sn_secret)
+          i_nonce = NONCE_PREFIX_INITIATE + i_short_nonce
+
+          begin
+            i_plaintext = session.decrypt(i_nonce, i_ciphertext)
+          rescue @crypto::CryptoError
+            raise Error, "INITIATE decryption failed"
+          end
+
+          raise Error, "INITIATE plaintext too short" if i_plaintext.bytesize < 32 + 16 + 80
+
+          client_permanent  = @crypto::PublicKey.new(i_plaintext.byteslice(0, 32))
+          vouch_short_nonce = i_plaintext.byteslice(32, 16)
+          vouch_ciphertext  = i_plaintext.byteslice(48, 80)
+          metadata_bytes    = i_plaintext.byteslice(128..) || "".b
+
+          vouch_nonce = NONCE_PREFIX_VOUCH + vouch_short_nonce
+          begin
+            vouch_plaintext = @crypto::Box.new(client_permanent, sn_secret).decrypt(vouch_nonce, vouch_ciphertext)
+          rescue @crypto::CryptoError
+            raise Error, "INITIATE vouch verification failed"
+          end
+
+          raise Error, "vouch wrong size" unless vouch_plaintext.bytesize == 64
+
+          vouch_cn     = vouch_plaintext.byteslice(0, 32)
+          vouch_server = vouch_plaintext.byteslice(32, 32)
+
+          unless @crypto::Util.verify32(vouch_cn, cn_public.to_s)
+            raise Error, "vouch client transient key mismatch"
+          end
+          unless @crypto::Util.verify32(vouch_server, @permanent_public.to_s)
+            raise Error, "vouch server key mismatch"
+          end
+
+          if @authenticator
+            client_key = client_permanent.to_s
+            allowed    = if @authenticator.respond_to?(:include?)
+                           @authenticator.include?(client_key)
+                         else
+                           @authenticator.call(client_key)
+                         end
+            raise Error, "client key not authorized" unless allowed
+          end
+
+          # --- READY ---
+          ready_metadata = Codec::Command.encode_properties(
+            "Socket-Type" => socket_type,
+            "Identity"    => identity,
+          )
+
+          r_short_nonce = [1].pack("Q>")
+          r_nonce       = NONCE_PREFIX_READY + r_short_nonce
+          r_ciphertext  = session.encrypt(r_nonce, ready_metadata)
+
+          ready = "".b
+          ready << "\x05READY"
+          ready << r_short_nonce
+          ready << r_ciphertext
+
+          io.write(Codec::Frame.new(ready, command: true).to_wire)
+          io.flush
+
+          props = Codec::Command.decode_properties(metadata_bytes)
+
+          @session_box = session
+          @send_nonce  = 1
+          @recv_nonce  = 0
+          init_nonce_buffers!
+
+          {
+            peer_socket_type: props["Socket-Type"],
+            peer_identity:    props["Identity"] || "",
+          }
+        end
+
+        # ----------------------------------------------------------------
+        # Nonce helpers
+        # ----------------------------------------------------------------
+
+        def init_nonce_buffers!
+          send_pfx = @as_server ? NONCE_PREFIX_MESSAGE_S : NONCE_PREFIX_MESSAGE_C
+          recv_pfx = @as_server ? NONCE_PREFIX_MESSAGE_C : NONCE_PREFIX_MESSAGE_S
+          @send_nonce_buf = String.new(send_pfx + ("\x00" * 8), encoding: Encoding::BINARY)
+          @recv_nonce_buf = String.new(recv_pfx + ("\x00" * 8), encoding: Encoding::BINARY)
+        end
+
+        def make_send_nonce
+          @send_nonce += 1
+          raise Error, "nonce counter exhausted" if @send_nonce > MAX_NONCE
+          n = @send_nonce
+          @send_nonce_buf.setbyte(23, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(22, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(21, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(20, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(19, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(18, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(17, n & 0xFF); n >>= 8
+          @send_nonce_buf.setbyte(16, n & 0xFF)
+          @send_nonce_buf
+        end
+
+        def validate_key!(key, name)
+          raise ArgumentError, "#{name} is required" if key.nil?
+          raise ArgumentError, "#{name} must be 32 bytes (got #{key.b.bytesize})" unless key.b.bytesize == 32
+        end
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/mechanism/null.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    module Mechanism
+      # NULL security mechanism — no encryption, no authentication.
+      #
+      # Performs the ZMTP 3.1 greeting exchange and READY command handshake.
+      #
+      class Null
+        MECHANISM_NAME = "NULL"
+
+        # Performs the full NULL handshake over +io+.
+        #
+        # 1. Exchange 64-byte greetings
+        # 2. Validate peer greeting (version, mechanism)
+        # 3. Exchange READY commands (socket type + identity)
+        #
+        # @param io [#read_exactly, #write, #flush] transport IO
+        # @param as_server [Boolean]
+        # @param socket_type [String]
+        # @param identity [String]
+        # @return [Hash] { peer_socket_type:, peer_identity: }
+        # @raise [Error]
+        def handshake!(io, as_server:, socket_type:, identity:)
+          io.write(Codec::Greeting.encode(mechanism: MECHANISM_NAME, as_server: as_server))
+          io.flush
+
+          greeting_data = io.read_exactly(Codec::Greeting::SIZE)
+          peer_greeting = Codec::Greeting.decode(greeting_data)
+
+          unless peer_greeting[:mechanism] == MECHANISM_NAME
+            raise Error, "unsupported mechanism: #{peer_greeting[:mechanism]}"
+          end
+
+          ready_cmd = Codec::Command.ready(socket_type: socket_type, identity: identity)
+          io.write(ready_cmd.to_frame.to_wire)
+          io.flush
+
+          frame = Codec::Frame.read_from(io)
+          unless frame.command?
+            raise Error, "expected command frame, got data frame"
+          end
+
+          peer_cmd = Codec::Command.from_body(frame.body)
+          unless peer_cmd.name == "READY"
+            raise Error, "expected READY command, got #{peer_cmd.name}"
+          end
+
+          props            = peer_cmd.properties
+          peer_socket_type = props["Socket-Type"]
+          peer_identity    = props["Identity"] || ""
+
+          unless peer_socket_type
+            raise Error, "peer READY missing Socket-Type"
+          end
+
+          { peer_socket_type: peer_socket_type, peer_identity: peer_identity }
+        end
+
+        # @return [Boolean] false — NULL does not encrypt frames
+        def encrypted? = false
+      end
+    end
+  end
+end

data/lib/protocol/zmtp/valid_peers.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    # Valid socket type peer combinations per ZMTP spec.
+    VALID_PEERS = {
+      PAIR:    %i[PAIR].freeze,
+      REQ:     %i[REP ROUTER].freeze,
+      REP:     %i[REQ DEALER].freeze,
+      DEALER:  %i[REP DEALER ROUTER].freeze,
+      ROUTER:  %i[REQ DEALER ROUTER].freeze,
+      PUB:     %i[SUB XSUB].freeze,
+      SUB:     %i[PUB XPUB].freeze,
+      XPUB:    %i[SUB XSUB].freeze,
+      XSUB:    %i[PUB XPUB].freeze,
+      PUSH:    %i[PULL].freeze,
+      PULL:    %i[PUSH].freeze,
+      CLIENT:  %i[SERVER].freeze,
+      SERVER:  %i[CLIENT].freeze,
+      RADIO:   %i[DISH].freeze,
+      DISH:    %i[RADIO].freeze,
+      SCATTER: %i[GATHER].freeze,
+      GATHER:  %i[SCATTER].freeze,
+      PEER:    %i[PEER].freeze,
+      CHANNEL: %i[CHANNEL].freeze,
+    }.freeze
+  end
+end

data/lib/protocol/zmtp/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    VERSION = "0.1.0"
+  end
+end

data/lib/protocol/zmtp/z85.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Protocol
+  module ZMTP
+    # Z85 encoding/decoding (ZeroMQ RFC 32).
+    #
+    # Encodes binary data in printable ASCII using an 85-character alphabet.
+    # Input length must be a multiple of 4 bytes; output is 5/4 the size.
+    #
+    module Z85
+      CHARS = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-:+=^!/*?&<>()[]{}@%$#".freeze
+      DECODE = Array.new(128, -1)
+      CHARS.each_byte.with_index { |b, i| DECODE[b] = i }
+      DECODE.freeze
+
+      BASE = 85
+
+      def self.encode(data)
+        data = data.b
+        raise ArgumentError, "data length must be a multiple of 4 (got #{data.bytesize})" unless (data.bytesize % 4).zero?
+
+        out = String.new(capacity: data.bytesize * 5 / 4)
+        i = 0
+        while i < data.bytesize
+          value = data.getbyte(i) << 24 | data.getbyte(i + 1) << 16 |
+                  data.getbyte(i + 2) << 8 | data.getbyte(i + 3)
+          4.downto(0) do |j|
+            out << CHARS[(value / (BASE**j)) % BASE]
+          end
+          i += 4
+        end
+        out
+      end
+
+      def self.decode(string)
+        raise ArgumentError, "string length must be a multiple of 5 (got #{string.bytesize})" unless (string.bytesize % 5).zero?
+
+        out = String.new(capacity: string.bytesize * 4 / 5, encoding: Encoding::BINARY)
+        i = 0
+        while i < string.bytesize
+          value = 0
+          5.times do |j|
+            byte = string.getbyte(i + j)
+            d = byte < 128 ? DECODE[byte] : -1
+            raise ArgumentError, "invalid Z85 character: #{string[i + j].inspect}" if d == -1
+            value = value * BASE + d
+          end
+          out << ((value >> 24) & 0xFF).chr
+          out << ((value >> 16) & 0xFF).chr
+          out << ((value >> 8) & 0xFF).chr
+          out << (value & 0xFF).chr
+          i += 5
+        end
+        out
+      end
+    end
+  end
+end

data/lib/protocol/zmtp.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative "zmtp/version"
+require_relative "zmtp/error"
+require_relative "zmtp/valid_peers"
+require_relative "zmtp/codec"
+require_relative "zmtp/connection"
+require_relative "zmtp/mechanism/null"
+require_relative "zmtp/z85"
+
+module Protocol
+  module ZMTP
+    # Autoload CURVE mechanism — requires a crypto backend (rbnacl or nuckle).
+    autoload :Curve, File.expand_path("zmtp/mechanism/curve", __dir__)
+  end
+end

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification
+name: protocol-zmtp
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Patrik Wenger
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: Pure Ruby implementation of the ZMTP 3.1 wire protocol (ZeroMQ Message
+  Transport Protocol). Includes frame codec, greeting, commands, NULL and CURVE mechanisms,
+  and connection management. No runtime dependencies.
+email:
+- paddor@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/protocol/zmtp.rb
+- lib/protocol/zmtp/codec.rb
+- lib/protocol/zmtp/codec/command.rb
+- lib/protocol/zmtp/codec/frame.rb
+- lib/protocol/zmtp/codec/greeting.rb
+- lib/protocol/zmtp/connection.rb
+- lib/protocol/zmtp/error.rb
+- lib/protocol/zmtp/mechanism/curve.rb
+- lib/protocol/zmtp/mechanism/null.rb
+- lib/protocol/zmtp/valid_peers.rb
+- lib/protocol/zmtp/version.rb
+- lib/protocol/zmtp/z85.rb
+homepage: https://github.com/paddor/protocol-zmtp
+licenses:
+- ISC
+metadata: {}
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.6
+specification_version: 4
+summary: ZMTP 3.1 wire protocol codec and connection
+test_files: []