soulprint-network 0.3.9 → 0.4.1

package/dist/blockchain/protocol-thresholds-client.d.ts

@@ -0,0 +1,49 @@
+/**
+ * ProtocolThresholdsClient
+ * Lee los thresholds del protocolo desde Base Sepolia.
+ * - Cache con TTL (10 min por defecto)
+ * - Fallback transparente a constantes locales si la blockchain no es accesible
+ * - Solo el superAdmin puede actualizar on-chain; aquí solo leemos
+ */
+import { ethers } from "ethers";
+export declare const PROTOCOL_THRESHOLDS_ADDRESS = "0xD8f78d65b35806101672A49801b57F743f2D2ab1";
+export declare const PROTOCOL_THRESHOLDS_CHAIN = "Base Sepolia (chainId: 84532)";
+export declare const PROTOCOL_THRESHOLDS_RPC = "https://sepolia.base.org";
+export interface ProtocolThresholds {
+    SCORE_FLOOR: number;
+    VERIFIED_SCORE_FLOOR: number;
+    MIN_ATTESTER_SCORE: number;
+    FACE_SIM_DOC_SELFIE: number;
+    FACE_SIM_SELFIE_SELFIE: number;
+    DEFAULT_REPUTATION: number;
+    IDENTITY_MAX: number;
+    REPUTATION_MAX: number;
+    VERIFY_RETRY_MAX: number;
+    source: "blockchain" | "local_fallback";
+    loadedAt: number;
+    superAdmin?: string;
+}
+export declare class ProtocolThresholdsClient {
+    private provider;
+    private contract;
+    private cache;
+    private cacheTTLMs;
+    private address;
+    constructor(opts?: {
+        rpc?: string;
+        address?: string;
+        cacheTTLMs?: number;
+    });
+    /** Carga thresholds desde blockchain — fallback transparente a local */
+    load(): Promise<ProtocolThresholds>;
+    /** Invalida la cache — el siguiente load() irá a blockchain */
+    invalidate(): void;
+    /** Lee un threshold individual (con cache) */
+    get(name: keyof Omit<ProtocolThresholds, "source" | "loadedAt" | "superAdmin">): Promise<number>;
+    /** Devuelve la dirección del contrato */
+    get contractAddress(): string;
+    /** Acceso directo al contrato para uso en tests */
+    get rawContract(): ethers.Contract;
+}
+/** Instancia global (singleton) para uso en el validador */
+export declare const thresholdsClient: ProtocolThresholdsClient;

package/dist/blockchain/protocol-thresholds-client.js

@@ -0,0 +1,102 @@
+/**
+ * ProtocolThresholdsClient
+ * Lee los thresholds del protocolo desde Base Sepolia.
+ * - Cache con TTL (10 min por defecto)
+ * - Fallback transparente a constantes locales si la blockchain no es accesible
+ * - Solo el superAdmin puede actualizar on-chain; aquí solo leemos
+ */
+import { ethers } from "ethers";
+import { PROTOCOL } from "soulprint-core";
+export const PROTOCOL_THRESHOLDS_ADDRESS = "0xD8f78d65b35806101672A49801b57F743f2D2ab1";
+export const PROTOCOL_THRESHOLDS_CHAIN = "Base Sepolia (chainId: 84532)";
+export const PROTOCOL_THRESHOLDS_RPC = "https://sepolia.base.org";
+const ABI = [
+    "function getThreshold(string calldata name) external view returns (uint256)",
+    "function superAdmin() external view returns (address)",
+    "function pendingSuperAdmin() external view returns (address)",
+    "function getAll() external view returns (string[] memory names, uint256[] memory values)",
+    "event ThresholdUpdated(bytes32 indexed key, uint256 oldValue, uint256 newValue, address indexed by, uint256 timestamp)",
+];
+// Valores locales como fallback
+function localFallback(source = "local_fallback") {
+    return {
+        SCORE_FLOOR: PROTOCOL.SCORE_FLOOR,
+        VERIFIED_SCORE_FLOOR: PROTOCOL.VERIFIED_SCORE_FLOOR,
+        MIN_ATTESTER_SCORE: PROTOCOL.MIN_ATTESTER_SCORE,
+        FACE_SIM_DOC_SELFIE: Math.round(PROTOCOL.FACE_SIM_DOC_SELFIE * 1000),
+        FACE_SIM_SELFIE_SELFIE: Math.round(PROTOCOL.FACE_SIM_SELFIE_SELFIE * 1000),
+        DEFAULT_REPUTATION: PROTOCOL.DEFAULT_REPUTATION,
+        IDENTITY_MAX: PROTOCOL.IDENTITY_MAX,
+        REPUTATION_MAX: PROTOCOL.REPUTATION_MAX,
+        VERIFY_RETRY_MAX: PROTOCOL.VERIFY_RETRY_MAX,
+        source,
+        loadedAt: Date.now(),
+    };
+}
+export class ProtocolThresholdsClient {
+    provider;
+    contract;
+    cache = null;
+    cacheTTLMs;
+    address;
+    constructor(opts) {
+        this.address = opts?.address ?? PROTOCOL_THRESHOLDS_ADDRESS;
+        this.cacheTTLMs = opts?.cacheTTLMs ?? 10 * 60 * 1000; // 10 min
+        const rpc = opts?.rpc ?? PROTOCOL_THRESHOLDS_RPC;
+        this.provider = new ethers.JsonRpcProvider(rpc);
+        this.contract = new ethers.Contract(this.address, ABI, this.provider);
+    }
+    /** Carga thresholds desde blockchain — fallback transparente a local */
+    async load() {
+        // Cache hit
+        if (this.cache && Date.now() - this.cache.loadedAt < this.cacheTTLMs) {
+            return this.cache;
+        }
+        try {
+            const [admin, floor, vfloor, minAtt, faceSim, faceSimSS, defRep, idMax, repMax, retryMax] = await Promise.all([
+                this.contract.superAdmin(),
+                this.contract.getThreshold("SCORE_FLOOR"),
+                this.contract.getThreshold("VERIFIED_SCORE_FLOOR"),
+                this.contract.getThreshold("MIN_ATTESTER_SCORE"),
+                this.contract.getThreshold("FACE_SIM_DOC_SELFIE"),
+                this.contract.getThreshold("FACE_SIM_SELFIE_SELFIE"),
+                this.contract.getThreshold("DEFAULT_REPUTATION"),
+                this.contract.getThreshold("IDENTITY_MAX"),
+                this.contract.getThreshold("REPUTATION_MAX"),
+                this.contract.getThreshold("VERIFY_RETRY_MAX"),
+            ]);
+            this.cache = {
+                SCORE_FLOOR: Number(floor),
+                VERIFIED_SCORE_FLOOR: Number(vfloor),
+                MIN_ATTESTER_SCORE: Number(minAtt),
+                FACE_SIM_DOC_SELFIE: Number(faceSim),
+                FACE_SIM_SELFIE_SELFIE: Number(faceSimSS),
+                DEFAULT_REPUTATION: Number(defRep),
+                IDENTITY_MAX: Number(idMax),
+                REPUTATION_MAX: Number(repMax),
+                VERIFY_RETRY_MAX: Number(retryMax),
+                source: "blockchain",
+                loadedAt: Date.now(),
+                superAdmin: admin,
+            };
+            return this.cache;
+        }
+        catch (err) {
+            console.warn(`[thresholds] ⚠️  Blockchain no disponible — usando fallback local (${err.shortMessage ?? err.message})`);
+            return localFallback("local_fallback");
+        }
+    }
+    /** Invalida la cache — el siguiente load() irá a blockchain */
+    invalidate() { this.cache = null; }
+    /** Lee un threshold individual (con cache) */
+    async get(name) {
+        const t = await this.load();
+        return t[name];
+    }
+    /** Devuelve la dirección del contrato */
+    get contractAddress() { return this.address; }
+    /** Acceso directo al contrato para uso en tests */
+    get rawContract() { return this.contract; }
+}
+/** Instancia global (singleton) para uso en el validador */
+export const thresholdsClient = new ProtocolThresholdsClient();

package/dist/code-hash.json

@@ -1,11 +1,12 @@
 {
-  "codeHash": "d4e94bb11d5974b343bad9b2298c7ab2d3b837a2b5f588dd6570c21aedb3f7c5",
-  "codeHashHex": "0xd4e94bb11d5974b343bad9b2298c7ab2d3b837a2b5f588dd6570c21aedb3f7c5",
-  "computedAt": "2026-02-25T01:22:35.030Z",
-  "fileCount": 19,
+  "codeHash": "ea2e97f6d94c08b616fd9aea8833250624cb38e94d1d07aad7b3104d158abd9b",
+  "codeHashHex": "0xea2e97f6d94c08b616fd9aea8833250624cb38e94d1d07aad7b3104d158abd9b",
+  "computedAt": "2026-02-25T03:34:08.790Z",
+  "fileCount": 20,
   "files": [
     "blockchain/blockchain-anchor.ts",
     "blockchain/blockchain-client.ts",
+    "blockchain/protocol-thresholds-client.ts",
     "code-integrity.ts",
     "consensus/attestation-consensus.ts",
     "consensus/index.ts",

package/dist/p2p.d.ts

@@ -35,3 +35,4 @@ export declare function publishAttestationP2P(node: SoulprintP2PNode, att: BotAt
 export declare function onAttestationReceived(node: SoulprintP2PNode, handler: (att: BotAttestation, fromPeer: string) => void): void;
 export declare function getP2PStats(node: SoulprintP2PNode): P2PStats;
 export declare function stopP2PNode(node: SoulprintP2PNode): Promise<void>;
+export declare function dialP2PPeer(node: SoulprintP2PNode, maddrStr: string, timeoutMs?: number): Promise<boolean>;

package/dist/p2p.js

@@ -114,3 +114,35 @@ export async function stopP2PNode(node) {
     }
     catch { /* ignorar */ }
 }
+// ── dial a peer by multiaddr string (best-effort — HTTP gossip is the primary mechanism) ──
+// Note: in WSL2/NAT environments mDNS multicast doesn't work.
+// This function attempts libp2p TCP dial using the peer's advertised multiaddrs.
+// Falls back gracefully — HTTP gossip layer (known_peers) handles message propagation.
+export async function dialP2PPeer(node, maddrStr, timeoutMs = 5_000) {
+    try {
+        // Extract PeerId from the multiaddr string and add multiaddr to peer store
+        // so libp2p can use its own internal Multiaddr class (avoids version mismatch)
+        const peerIdStr = maddrStr.split("/p2p/")[1];
+        if (!peerIdStr)
+            return false;
+        // Use peer store to register the address, then dial by PeerId
+        // This lets libp2p use its own Multiaddr parsing internally
+        const { peerIdFromString } = await import("@libp2p/peer-id");
+        const peerId = peerIdFromString(peerIdStr);
+        // Register the address in the peer store
+        await node.peerStore.merge(peerId, {
+            multiaddrs: [maddrStr],
+        }).catch(() => {
+            // peerStore.merge signature varies by libp2p version — try patch
+            return node.peerStore.patch(peerId, { multiaddrs: [maddrStr] }).catch(() => { });
+        });
+        await Promise.race([
+            node.dial(peerId),
+            new Promise((_, rej) => setTimeout(() => rej(new Error("dial timeout")), timeoutMs)),
+        ]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/server.js

@@ -11,6 +11,7 @@ import { createSoulprintP2PNode, MAINNET_BOOTSTRAP, stopP2PNode } from "./p2p.js
 // ─── Config ──────────────────────────────────────────────────────────────────
 const HTTP_PORT = parseInt(process.env.SOULPRINT_PORT ?? "4888");
 const P2P_PORT = parseInt(process.env.SOULPRINT_P2P_PORT ?? String(HTTP_PORT + 2000));
+globalThis._startTime = Date.now();
 // Bootstrap nodes: variables de entorno o mainnet predefinidos
 const bootstrapEnv = (process.env.SOULPRINT_BOOTSTRAP ?? "")
     .split(",")
@@ -41,6 +42,39 @@ catch (err) {
     console.warn(`⚠️  P2P no disponible — solo HTTP gossip activo`);
     console.warn(`   Error: ${err?.message ?? String(err)}\n`);
 }
+// ─── HTTP Bootstrap Peers (auto-registro) ─────────────────────────────────────
+// SOULPRINT_BOOTSTRAP_HTTP=http://node1:4888,http://node2:4888
+// Registra peers HTTP automáticamente al arrancar (útil en WSL2 / Docker / cloud)
+const httpBootstraps = (process.env.SOULPRINT_BOOTSTRAP_HTTP ?? "")
+    .split(",").map(s => s.trim()).filter(s => s.startsWith("http"));
+if (httpBootstraps.length > 0) {
+    console.log(`🔗 Bootstrap HTTP: ${httpBootstraps.length} peer(s) configurados`);
+    // Esperar 2s a que el HTTP server esté listo antes de registrar
+    setTimeout(async () => {
+        const PROTOCOL_HASH = process.env.SOULPRINT_PROTOCOL_HASH
+            ?? "dfe1ccca1270ec86f93308dc4b981bab1d6bd74bdcc334059f4380b407ca07ca";
+        for (const peerUrl of httpBootstraps) {
+            try {
+                const r = await fetch(`http://localhost:${HTTP_PORT}/peers/register`, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/json" },
+                    body: JSON.stringify({ url: peerUrl, protocol_hash: PROTOCOL_HASH }),
+                    signal: AbortSignal.timeout(15_000),
+                });
+                const d = await r.json();
+                if (d.ok) {
+                    console.log(`  ✅ Bootstrap peer registrado: ${peerUrl} (total peers: ${d.peers})`);
+                }
+                else {
+                    console.warn(`  ⚠️  Bootstrap peer rechazado: ${peerUrl} — ${d.error ?? d.reason ?? "?"}`);
+                }
+            }
+            catch (e) {
+                console.warn(`  ❌ No se pudo conectar a bootstrap peer: ${peerUrl} — ${e.message}`);
+            }
+        }
+    }, 2_000);
+}
 // ─── Graceful shutdown ────────────────────────────────────────────────────────
 async function shutdown(signal) {
     console.log(`\n${signal} recibido — cerrando...`);

package/dist/validator.d.ts

@@ -1,6 +1,17 @@
 import { IncomingMessage, ServerResponse } from "node:http";
 import { BotAttestation, BotReputation } from "soulprint-core";
 import { type SoulprintP2PNode } from "./p2p.js";
+export declare function getLiveThresholds(): {
+    SCORE_FLOOR: number;
+    VERIFIED_SCORE_FLOOR: number;
+    MIN_ATTESTER_SCORE: number;
+    FACE_SIM_DOC_SELFIE: number;
+    FACE_SIM_SELFIE_SELFIE: number;
+    DEFAULT_REPUTATION: number;
+    IDENTITY_MAX: number;
+    REPUTATION_MAX: number;
+    source: "blockchain" | "local_fallback";
+};
 /**
  * Inyecta el nodo libp2p al validador.
  * Cuando se llama:
@@ -13,7 +24,7 @@ export declare function setP2PNode(node: SoulprintP2PNode): void;
  *
  * PROTOCOL ENFORCEMENT:
  * - Si el bot tiene DocumentVerified, su score total nunca puede caer por
- *   debajo de PROTOCOL.VERIFIED_SCORE_FLOOR (52) - inamovible.
+ *   debajo de liveThresholds.VERIFIED_SCORE_FLOOR (52) - inamovible.
  * - Anti-replay: la misma attestation (mismo issuer + timestamp + context)
  *   no se puede aplicar dos veces.
  *

package/dist/validator.js

@@ -11,9 +11,10 @@ import { selectGossipPeers, routingStats } from "./crypto/peer-router.js";
 import { NullifierConsensus, AttestationConsensus, StateSyncManager } from "./consensus/index.js";
 import { BlockchainAnchor } from "./blockchain/blockchain-anchor.js";
 import { SoulprintBlockchainClient, loadBlockchainConfig, } from "./blockchain/blockchain-client.js";
+import { thresholdsClient, PROTOCOL_THRESHOLDS_ADDRESS, PROTOCOL_THRESHOLDS_CHAIN, } from "./blockchain/protocol-thresholds-client.js";
 import { getCodeIntegrity, logCodeIntegrity, computeRuntimeHash } from "./code-integrity.js";
 import { getMCPEntry, getVerifiedMCPEntries, getAllMCPEntries, getRegistryInfo, verifyMCPOnChain, revokeMCPOnChain, registerMCPOnChain, } from "./mcp-registry-client.js";
-import { publishAttestationP2P, onAttestationReceived, getP2PStats, } from "./p2p.js";
+import { publishAttestationP2P, onAttestationReceived, getP2PStats, dialP2PPeer, } from "./p2p.js";
 // ── Config ────────────────────────────────────────────────────────────────────
 const PORT = parseInt(process.env.SOULPRINT_PORT ?? String(PROTOCOL.DEFAULT_HTTP_PORT));
 const NODE_DIR = join(homedir(), ".soulprint", "node");
@@ -28,9 +29,45 @@ const MAX_BODY_BYTES = 64 * 1024;
 const RATE_LIMIT_MS = PROTOCOL.RATE_LIMIT_WINDOW_MS;
 const RATE_LIMIT_MAX = PROTOCOL.RATE_LIMIT_MAX;
 const CLOCK_SKEW_MAX = PROTOCOL.CLOCK_SKEW_MAX_SECONDS;
-const MIN_ATTESTER_SCORE = PROTOCOL.MIN_ATTESTER_SCORE; // 65 - inamovible
 const ATT_MAX_AGE_SECONDS = PROTOCOL.ATT_MAX_AGE_SECONDS;
 const GOSSIP_TIMEOUT_MS = PROTOCOL.GOSSIP_TIMEOUT_MS;
+// ── Thresholds cargados desde blockchain al arrancar (fallback: local) ────────
+// Usados en runtime — se pueden actualizar solo via superAdmin en el contrato.
+// El validador recarga cada 10 minutos automáticamente.
+let liveThresholds = {
+    SCORE_FLOOR: PROTOCOL.SCORE_FLOOR,
+    VERIFIED_SCORE_FLOOR: PROTOCOL.VERIFIED_SCORE_FLOOR,
+    MIN_ATTESTER_SCORE: PROTOCOL.MIN_ATTESTER_SCORE,
+    FACE_SIM_DOC_SELFIE: PROTOCOL.FACE_SIM_DOC_SELFIE,
+    FACE_SIM_SELFIE_SELFIE: PROTOCOL.FACE_SIM_SELFIE_SELFIE,
+    DEFAULT_REPUTATION: PROTOCOL.DEFAULT_REPUTATION,
+    IDENTITY_MAX: PROTOCOL.IDENTITY_MAX,
+    REPUTATION_MAX: PROTOCOL.REPUTATION_MAX,
+    source: "local_fallback",
+};
+export function getLiveThresholds() { return liveThresholds; }
+async function refreshThresholds() {
+    try {
+        thresholdsClient.invalidate();
+        const t = await thresholdsClient.load();
+        liveThresholds = {
+            SCORE_FLOOR: t.SCORE_FLOOR,
+            VERIFIED_SCORE_FLOOR: t.VERIFIED_SCORE_FLOOR,
+            MIN_ATTESTER_SCORE: t.MIN_ATTESTER_SCORE,
+            FACE_SIM_DOC_SELFIE: t.FACE_SIM_DOC_SELFIE / 1000,
+            FACE_SIM_SELFIE_SELFIE: t.FACE_SIM_SELFIE_SELFIE / 1000,
+            DEFAULT_REPUTATION: t.DEFAULT_REPUTATION,
+            IDENTITY_MAX: t.IDENTITY_MAX,
+            REPUTATION_MAX: t.REPUTATION_MAX,
+            source: t.source,
+        };
+        console.log(`[thresholds] ✅ Cargados desde ${t.source === "blockchain" ? "blockchain" : "fallback local"}`);
+        if (t.source === "blockchain") {
+            console.log(`[thresholds]    SCORE_FLOOR=${t.SCORE_FLOOR} VERIFIED_SCORE_FLOOR=${t.VERIFIED_SCORE_FLOOR} MIN_ATTESTER=${t.MIN_ATTESTER_SCORE}`);
+        }
+    }
+    catch { /* usa los valores actuales */ }
+}
 // ── P2P Node (Phase 5) ────────────────────────────────────────────────────────
 let p2pNode = null;
 /**
@@ -118,7 +155,7 @@ function getReputation(did) {
  *
  * PROTOCOL ENFORCEMENT:
  * - Si el bot tiene DocumentVerified, su score total nunca puede caer por
- *   debajo de PROTOCOL.VERIFIED_SCORE_FLOOR (52) - inamovible.
+ *   debajo de liveThresholds.VERIFIED_SCORE_FLOOR (52) - inamovible.
  * - Anti-replay: la misma attestation (mismo issuer + timestamp + context)
  *   no se puede aplicar dos veces.
  *
@@ -146,11 +183,11 @@ function applyAttestation(att) {
     const hasDocument = existing?.hasDocumentVerified ?? false;
     let finalRepScore = rep.score;
     if (hasDocument) {
-        const minRepForFloor = Math.max(0, PROTOCOL.VERIFIED_SCORE_FLOOR - identityFromStore);
+        const minRepForFloor = Math.max(0, liveThresholds.VERIFIED_SCORE_FLOOR - identityFromStore);
         finalRepScore = Math.max(finalRepScore, minRepForFloor);
         if (finalRepScore !== rep.score) {
             console.log(`[floor] Reputation clamped for ${att.target_did.slice(0, 20)}...: ` +
-                `${rep.score} → ${finalRepScore} (VERIFIED_SCORE_FLOOR=${PROTOCOL.VERIFIED_SCORE_FLOOR})`);
+                `${rep.score} → ${finalRepScore} (VERIFIED_SCORE_FLOOR=${liveThresholds.VERIFIED_SCORE_FLOOR})`);
         }
     }
     repStore[att.target_did] = {
@@ -293,7 +330,7 @@ function handleInfo(res, nodeKeypair) {
  * Expone las constantes de protocolo inamovibles.
  * Los clientes y otros nodos usan este endpoint para:
  *  1. Verificar compatibilidad de versión antes de conectarse
- *  2. Obtener los valores actuales de SCORE_FLOOR y MIN_ATTESTER_SCORE
+ *  2. Obtener los valores actuales de SCORE_FLOOR y liveThresholds.MIN_ATTESTER_SCORE
  *  3. Validar que el nodo no ha sido modificado para bajar los thresholds
  */
 function handleProtocol(res) {
@@ -304,9 +341,9 @@ function handleProtocol(res) {
         // Si PROTOCOL fue modificado (aunque sea un valor), este hash cambia.
         protocol_hash: PROTOCOL_HASH,
         // ── Score limits ────────────────────────────────────────────────────────
-        score_floor: PROTOCOL.SCORE_FLOOR,
-        verified_score_floor: PROTOCOL.VERIFIED_SCORE_FLOOR,
-        min_attester_score: PROTOCOL.MIN_ATTESTER_SCORE,
+        score_floor: liveThresholds.SCORE_FLOOR,
+        verified_score_floor: liveThresholds.VERIFIED_SCORE_FLOOR,
+        min_attester_score: liveThresholds.MIN_ATTESTER_SCORE,
         identity_max: PROTOCOL.IDENTITY_MAX,
         reputation_max: PROTOCOL.REPUTATION_MAX,
         max_score: PROTOCOL.MAX_SCORE,
@@ -346,7 +383,7 @@ function handleGetReputation(res, did) {
  * }
  *
  * Validaciones:
- *   1. service_spt tiene score >= MIN_ATTESTER_SCORE (solo servicios verificados)
+ *   1. service_spt tiene score >= liveThresholds.MIN_ATTESTER_SCORE (solo servicios verificados)
  *   2. service_spt.did == attestation.issuer_did (el emisor es quien dice ser)
  *   3. Firma Ed25519 de la attestation es válida
  *   4. timestamp no tiene más de ATT_MAX_AGE_SECONDS de antigüedad
@@ -422,10 +459,10 @@ async function handleAttest(req, res, ip) {
         const serviceTok = decodeToken(service_spt);
         if (!serviceTok)
             return json(res, 401, { error: "Invalid or expired service_spt" });
-        if (serviceTok.score < MIN_ATTESTER_SCORE) {
+        if (serviceTok.score < liveThresholds.MIN_ATTESTER_SCORE) {
             return json(res, 403, {
-                error: `Service score too low (${serviceTok.score} < ${MIN_ATTESTER_SCORE})`,
-                required: MIN_ATTESTER_SCORE,
+                error: `Service score too low (${serviceTok.score} < ${liveThresholds.MIN_ATTESTER_SCORE})`,
+                required: liveThresholds.MIN_ATTESTER_SCORE,
                 got: serviceTok.score,
             });
         }
@@ -566,6 +603,32 @@ async function handlePeerRegister(req, res) {
     }
     peers.push(url);
     savePeers();
+    // ── Auto-dial libp2p layer ──────────────────────────────────────────────────
+    // WSL2 / NAT: mDNS no funciona → al registrar un peer HTTP, intentamos
+    // conectar también vía libp2p usando sus multiaddrs del /info endpoint.
+    if (p2pNode) {
+        setImmediate(async () => {
+            try {
+                const infoRes = await fetch(`${url}/info`, { signal: AbortSignal.timeout(3_000) });
+                if (infoRes.ok) {
+                    const info = await infoRes.json();
+                    const addrs = info?.p2p?.multiaddrs ?? [];
+                    let dialed = false;
+                    for (const ma of addrs) {
+                        const ok = await dialP2PPeer(p2pNode, ma);
+                        if (ok) {
+                            console.log(`[peer] 🔗 P2P dial OK: ${ma}`);
+                            dialed = true;
+                            break;
+                        }
+                    }
+                    if (!dialed)
+                        console.log(`[peer] ℹ️  P2P dial failed for ${url} (mDNS fallback)`);
+                }
+            }
+            catch { /* non-critical — HTTP gossip is the fallback */ }
+        });
+    }
     json(res, 200, { ok: true, peers: peers.length, protocol_hash: PROTOCOL_HASH });
 }
 // ── GET /peers ─────────────────────────────────────────────────────────────────
@@ -721,7 +784,7 @@ async function handleTokenRenew(req, res, nodeKeypair) {
     const currentRep = repEntry
         ? computeTotalScoreWithFloor(repEntry.identityScore ?? 0, repEntry.score ?? 0, repEntry.hasDocumentVerified ?? false)
         : 0;
-    const scoreFloor = PROTOCOL.VERIFIED_SCORE_FLOOR ?? 52;
+    const scoreFloor = liveThresholds.VERIFIED_SCORE_FLOOR ?? 52;
     if (currentRep < scoreFloor) {
         return json(res, 403, {
             error: "Score por debajo del floor - renovación denegada",
@@ -768,6 +831,14 @@ export function startValidatorNode(port = PORT) {
     loadPeers();
     loadAudit();
     const nodeKeypair = loadOrCreateNodeKeypair();
+    // ── Cargar thresholds desde blockchain al arrancar ────────────────────────
+    // No bloqueante — el nodo arranca con valores locales y los actualiza async
+    refreshThresholds().then(() => {
+        console.log(`[thresholds] 📡 Fuente: ${liveThresholds.source} | SCORE_FLOOR=${liveThresholds.SCORE_FLOOR}`);
+        console.log(`[thresholds]    Contrato: ${PROTOCOL_THRESHOLDS_ADDRESS} (${PROTOCOL_THRESHOLDS_CHAIN})`);
+    });
+    // Refresco automático cada 10 minutos
+    setInterval(refreshThresholds, 10 * 60 * 1000);
     // ── Módulos de consenso P2P (sin EVM, sin gas fees) ──────────────────────
     const nullifierConsensus = new NullifierConsensus({
         selfDid: nodeKeypair.did,
@@ -898,6 +969,52 @@ export function startValidatorNode(port = PORT) {
             return handleInfo(res, nodeKeypair);
         if (cleanUrl === "/protocol" && req.method === "GET")
             return handleProtocol(res);
+        // GET /protocol/thresholds — thresholds live desde blockchain (superAdmin-mutable)
+        if (cleanUrl === "/protocol/thresholds" && req.method === "GET") {
+            return json(res, 200, {
+                source: liveThresholds.source,
+                contract: PROTOCOL_THRESHOLDS_ADDRESS,
+                chain: PROTOCOL_THRESHOLDS_CHAIN,
+                thresholds: {
+                    SCORE_FLOOR: liveThresholds.SCORE_FLOOR,
+                    VERIFIED_SCORE_FLOOR: liveThresholds.VERIFIED_SCORE_FLOOR,
+                    MIN_ATTESTER_SCORE: liveThresholds.MIN_ATTESTER_SCORE,
+                    FACE_SIM_DOC_SELFIE: liveThresholds.FACE_SIM_DOC_SELFIE,
+                    FACE_SIM_SELFIE_SELFIE: liveThresholds.FACE_SIM_SELFIE_SELFIE,
+                    DEFAULT_REPUTATION: liveThresholds.DEFAULT_REPUTATION,
+                    IDENTITY_MAX: liveThresholds.IDENTITY_MAX,
+                    REPUTATION_MAX: liveThresholds.REPUTATION_MAX,
+                },
+                last_loaded: new Date(Date.now()).toISOString(),
+                note: "Solo el superAdmin del contrato puede modificar estos valores on-chain",
+            });
+        }
+        // GET /network/stats — stats públicas para la landing page
+        if (cleanUrl === "/network/stats" && req.method === "GET") {
+            const p2pStats = p2pNode ? getP2PStats(p2pNode) : null;
+            const httpPeers = peers.length;
+            const libp2pPeers = p2pStats?.peers ?? 0;
+            return json(res, 200, {
+                node_did: nodeKeypair.did.slice(0, 20) + "...",
+                version: VERSION,
+                protocol_hash: PROTOCOL_HASH.slice(0, 16) + "...",
+                // identidades y reputación
+                verified_identities: Object.keys(nullifiers).length,
+                reputation_profiles: Object.keys(repStore).length,
+                // peers — HTTP gossip (funciona en todos los entornos)
+                known_peers: httpPeers,
+                // peers — libp2p P2P (requiere multicast/bootstrap; 0 en WSL2)
+                p2p_peers: libp2pPeers,
+                p2p_pubsub_peers: p2pStats?.pubsubPeers ?? 0,
+                p2p_enabled: !!p2pNode,
+                // total = max de ambas capas (HTTP gossip es el piso mínimo garantizado)
+                total_peers: Math.max(httpPeers, libp2pPeers),
+                // estado general
+                uptime_ms: Date.now() - (globalThis._startTime ?? Date.now()),
+                timestamp: Date.now(),
+                mcps_verified: null,
+            });
+        }
         if (cleanUrl === "/verify" && req.method === "POST")
             return handleVerify(req, res, nodeKeypair, ip);
         if (cleanUrl === "/token/renew" && req.method === "POST")

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "soulprint-network",
-  "version": "0.3.9",
+  "version": "0.4.1",
   "description": "Soulprint validator node — HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -42,8 +42,10 @@
     "@libp2p/identify": "3.0.39",
     "@libp2p/kad-dht": "16.1.3",
     "@libp2p/mdns": "11.0.47",
+    "@libp2p/peer-id": "^6.0.4",
     "@libp2p/ping": "2.0.37",
     "@libp2p/tcp": "10.1.19",
+    "@multiformats/multiaddr": "^13.0.1",
     "ethers": "^6.16.0",
     "libp2p": "2.10.0",
     "nodemailer": "^8.0.1",
@@ -68,4 +70,4 @@
       "types": "./dist/index.d.ts"
     }
   }
-}
+}