npm - yakmesh - Versions diffs - 1.3.0 → 1.3.2 - Mend

yakmesh 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/CHANGELOG.md +52 -1
package/README.md +191 -185
package/announcements/discord-v1.3.1.md +55 -0
package/content/api.js +348 -0
package/content/index.js +19 -0
package/content/store.js +670 -0
package/discord.md +78 -73
package/identity/node-key.js +31 -4
package/mesh/network.js +64 -4
package/mesh/temporal-encoder.js +383 -383
package/oracle/codebase-lock.js +256 -0
package/oracle/index.js +16 -7
package/oracle/network-identity.js +418 -439
package/oracle/phase-epoch.js +3 -0
package/oracle/time-source.js +76 -56
package/oracle/validation-oracle-hardened.js +96 -6
package/package.json +3 -2
package/server/index.js +1004 -933
package/yakmesh.config.js +8 -0
package/.github/workflows/ci.yml +0 -67
package/test-crypto.mjs +0 -28
package/test-novel-systems.mjs +0 -398
package/test-security.mjs +0 -223
package/test-stress.mjs +0 -198
package/test-suite.mjs +0 -198
package/test-tme.mjs +0 -383

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,44 @@
 All notable changes to YAKMESH will be documented in this file.
+## [1.3.2] - 2026-01-17
+### Added
+- **Public Content Delivery API** - Content-addressed storage for decentralized website hosting
+- `GET /content` - List available content with stats
+- `GET /content/:hash` - Fetch content by hash with optional proof
+- `POST /content` - Publish content with consensus verification
+- Content gossip via mesh for cross-node synchronization
+- Consensus proof system for verified content
+### Fixed
+- Gossip protocol method calls (use `spreadRumor()` instead of `broadcast()`)
+- Direct messaging via mesh instead of non-existent gossip.sendTo()
+### Community
+- Added social links: Discord, Telegram, X (Twitter)
+- Created Discord announcement template
+---
+## [1.3.1] - 2026-01-16
+### Security
+- Hardened peer handshake protocol validation
+- Enhanced network fingerprint verification in HELLO/WELCOME exchange
+- Added CodebaseLock module for runtime source integrity
+### Added
+- 3-node test infrastructure for protocol verification
+- iO-style (indistinguishability obfuscation) network identity derivation
+- Human-readable network names from codebase fingerprint
+### Fixed
+- Config path resolution for relative/absolute paths
+- Test suite node ID prefix assertion
+---
 ## [1.3.0] - 2026-01-15
 ### 🌟 Major New Systems - "A Beacon in the Darkness"
@@ -40,6 +78,19 @@ All notable changes to YAKMESH will be documented in this file.
 - Timing attack resistance in PHANTOM
 - Improved rate limiting integration
+### 🛡️ Code Proof Protocol Hardening
+- **CRITICAL FIX**: HELLO message now includes `networkFingerprint`
+- **CRITICAL FIX**: WELCOME handler validates fingerprint, rejects mismatches (code 1008)
+- Added `CodebaseLock` module for runtime source file protection
+- Fixed config loading for relative/absolute path handling
+- Comprehensive 3-node test suite: 17/17 tests passing
+  - Same-codebase peering verification
+  - Cross-codebase rejection (bidirectional)
+  - N-way fingerprint isolation matrix
+  - Empty/partial fingerprint attack blocking
+  - Flood attack resistance (20 simultaneous rejected)
+  - Fingerprint spoofing prevention
 ---
 ## [1.2.0] - 2026-01-15
@@ -79,4 +130,4 @@ All notable changes to YAKMESH will be documented in this file.
 - ML-DSA-65 post-quantum signatures
 - SQLite-based distributed oracle
 - WebSocket mesh networking
-- Phase-based consensus timing
+- Phase-based consensus timing

package/README.md CHANGED Viewed

@@ -1,185 +1,191 @@
-<div align="center">
-  <img src="https://yakmesh.dev/assets/yakmesh-logo2.png" alt="YAKMESH" width="200">
-  <h1>🏔️ YAKMESH™: Sturdy & Secure</h1>
-  <p><strong>Yielding Atomic Kernel Modular Encryption Secured Hub</strong></p>
-  <p>
-    <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
-    <a href="https://nodejs.org"><img src="https://img.shields.io/badge/Node.js-18+-green.svg" alt="Node.js"></a>
-    <a href="https://csrc.nist.gov/projects/post-quantum-cryptography"><img src="https://img.shields.io/badge/Crypto-Post--Quantum-blue.svg" alt="Post-Quantum"></a>
-    <a href="https://www.npmjs.com/package/yakmesh"><img src="https://img.shields.io/npm/v/yakmesh.svg" alt="npm version"></a>
-  </p>
-</div>
----
-YAKMESH is a high-resiliency, decentralized networking layer designed for the 2026 threat landscape. Built with quantum-resistant cryptography at its core and anchored by PCIe atomic timing synchronization, YAKMESH provides a "sturdy" substrate for distributed systems that cannot afford to fail.
-## Why YAKMESH?
-In an era where traditional ECDSA is increasingly vulnerable and network jitter can desynchronize global state, YAKMESH offers a three-pillar solution:
-🌿 **Yielding Resilience**: A self-healing mesh topology that adapts to node failure and adversarial interference without central authority.
-⚛️ **Atomic Precision**: Integrated support for PCIe atomic clock hardware, enabling nanosecond-level hardware timestamping for low-latency synchronization.
-🔐 **Quantum Hardened**: Fully compatible with Project Zond and the QRL (Quantum Resistant Ledger) ecosystem, utilizing stateless lattice-based signatures (ML-DSA) from Genesis.
----
-## The Y.A.K.M.E.S.H. Philosophy
-| Letter | Principle | Description |
-|--------|-----------|-------------|
-| **Y** | **Yielding** | Not brittle; flexible enough to absorb network shocks |
-| **A** | **Atomic** | Grounded in the absolute truth of physical time |
-| **K** | **Kernel** | The essential, innermost part of the secure stack |
-| **M** | **Modular** | Swap out encryption primitives or transport layers as tech evolves |
-| **E** | **Encryption** | Privacy and integrity by default |
-| **S** | **Secured** | Hardened against both classical and quantum vectors |
-| **H** | **Hub** | A nexus for decentralized data and peer-to-peer logic |
----
-## Features
-- 🔒 **Post-Quantum Secure** - ML-DSA-65 (NIST FIPS 204) signatures
-- 🔮 **Self-Verifying Oracle** - Deterministic validation without external trust
-- 🌐 **Mesh Networking** - P2P WebSocket communication with gossip protocol
-- ⏱️ **Precision Timing** - Support for atomic clocks, GPS, PTP, NTP
-- 🔌 **Plugin Architecture** - Adapters for any database or API
-- 🛡️ **Phase Modulation** - Time-based anti-replay protection
-## Quick Start
-```bash
-npm install yakmesh
-```
-```javascript
-import { YakmeshNode } from 'yakmesh';
-const node = new YakmeshNode({
-  node: { name: 'My Node' },
-  network: { httpPort: 3000, wsPort: 9001 },
-});
-await node.start();
-```
-## CLI
-```bash
-# Initialize a new node
-npx yakmesh init
-# Start the node
-npx yakmesh start
-# Check status
-npx yakmesh status
-```
-## Documentation
-Full documentation available at **[yakmesh.dev](https://yakmesh.dev)**
-## Architecture
-```
-yakmesh/
-├── oracle/           # Self-verifying validation engine
-├── mesh/             # WebSocket P2P networking
-├── gossip/           # Epidemic-style message propagation
-├── identity/         # Post-quantum key management
-├── database/         # SQLite replication engine
-├── adapters/         # Platform integration plugins
-├── webserver/        # Embedded Caddy web server
-└── server/           # HTTP/WS server
-```
-## Network Identity
-Each YAKMESH network has a unique identity derived from configurable salts:
-```javascript
-import { setIdentityConfig } from 'yakmesh/oracle/network-identity.js';
-setIdentityConfig({
-  networkPrefix: 'my',           // Network ID prefix
-  identitySalt: 'my-app-v1',     // Unique network salt
-});
-// Different salt = different network (cannot interoperate)
-```
-## Time Source Trust Levels
-| Level | Source | Tolerance | Oracle Capable |
-|-------|--------|-----------|----------------|
-| ATOMIC | PCIe atomic clock | ±100ms | ✅ Yes |
-| GPS | GPS with PPS | ±500ms | ✅ Yes |
-| PTP | IEEE 1588 (Meinberg) | ±500ms | ⚠️ Partial |
-| NTP | Standard NTP | ±5000ms | ❌ No |
-## Adapters
-Create custom adapters by extending `BaseAdapter`:
-```javascript
-import { BaseAdapter } from 'yakmesh/adapters/base-adapter.js';
-class MyAdapter extends BaseAdapter {
-  async init() { /* Connect to your database */ }
-  getSchema() { return { tables: ['users', 'orders'] }; }
-  async fetchChanges(since) { /* Return changed records */ }
-  async applyChange(table, record, op) { /* Write to database */ }
-}
-```
-### Official Adapters
-- `@yakmesh/adapter-peerquanta` - PeerQuanta phpBB marketplace
-## API Endpoints
-| Endpoint | Method | Description |
-|----------|--------|-------------|
-| `/health` | GET | Node health status |
-| `/node` | GET | Node identity info |
-| `/peers` | GET | Connected peers |
-| `/oracle/status` | GET | Oracle integrity check |
-| `/network/identity` | GET | Network identity (hash obfuscated) |
-| `/time/status` | GET | Time source detection |
-| `/time/capabilities` | GET | Time oracle eligibility |
-| `/connect` | POST | Connect to a peer |
-## Pro Features
-YAKMESH Pro includes additional security features:
-- 🔐 **WebSocket Authentication** - Challenge-response auth with signatures
-- 🔒 **Message Encryption** - XChaCha20-Poly1305 encrypted messages
-- 📋 **Peer Allowlist/Blocklist** - Access control for private networks
-- 🛡️ **Connection Rate Limiting** - DDoS protection
-## License
-- **Community Edition**: MIT License (see [LICENSE](LICENSE))
-- **Pro Edition**: Proprietary License
-See [TRADEMARK.md](TRADEMARK.md) for trademark usage policy.
----
-<div align="center">
-  <sub>Built with quantum principles. Secured by math.</sub>
-  <br><br>
-  <strong><a href="https://yakmesh.dev">yakmesh.dev</a></strong>
-  <br><br>
-  <sub>© 2026 YAKMESH™ Project. Sturdy & Secure.</sub>
-  <br>
-  <sub>YAKMESH™ is a trademark of PeerQuanta, application pending (Serial No. 99594620).</sub>
-</div>
+<div align="center">
+  <img src="https://yakmesh.dev/assets/yakmesh-logo2.png" alt="YAKMESH" width="200">
+  <h1>🏔️ YAKMESH™: Sturdy & Secure</h1>
+  <p><strong>Yielding Atomic Kernel Modular Encryption Secured Hub</strong></p>
+  <p>
+    <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"></a>
+    <a href="https://nodejs.org"><img src="https://img.shields.io/badge/Node.js-18+-green.svg" alt="Node.js"></a>
+    <a href="https://csrc.nist.gov/projects/post-quantum-cryptography"><img src="https://img.shields.io/badge/Crypto-Post--Quantum-blue.svg" alt="Post-Quantum"></a>
+    <a href="https://www.npmjs.com/package/yakmesh"><img src="https://img.shields.io/npm/v/yakmesh.svg" alt="npm version"></a>
+  </p>
+</div>
+---
+YAKMESH is a high-resiliency, decentralized networking layer designed for the 2026 threat landscape. Built with quantum-resistant cryptography at its core and anchored by PCIe atomic timing synchronization, YAKMESH provides a "sturdy" substrate for distributed systems that cannot afford to fail.
+## Why YAKMESH?
+In an era where traditional ECDSA is increasingly vulnerable and network jitter can desynchronize global state, YAKMESH offers a three-pillar solution:
+🌿 **Yielding Resilience**: A self-healing mesh topology that adapts to node failure and adversarial interference without central authority.
+⚛️ **Atomic Precision**: Integrated support for PCIe atomic clock hardware, enabling hardware timestamping with support for high-precision time sources for low-latency synchronization.
+🔐 **Quantum Hardened**: Fully compatible with Project Zond and the QRL (Quantum Resistant Ledger) ecosystem, utilizing stateless lattice-based signatures (ML-DSA) from Genesis.
+---
+## The Y.A.K.M.E.S.H. Philosophy
+| Letter | Principle | Description |
+|--------|-----------|-------------|
+| **Y** | **Yielding** | Not brittle; flexible enough to absorb network shocks |
+| **A** | **Atomic** | Grounded in the absolute truth of physical time |
+| **K** | **Kernel** | The essential, innermost part of the secure stack |
+| **M** | **Modular** | Swap out encryption primitives or transport layers as tech evolves |
+| **E** | **Encryption** | Privacy and integrity by default |
+| **S** | **Secured** | Hardened against both classical and quantum vectors |
+| **H** | **Hub** | A nexus for decentralized data and peer-to-peer logic |
+---
+## Features
+- 🔒 **Post-Quantum Secure** - ML-DSA-65 (NIST FIPS 204) signatures
+- 🔮 **Self-Verifying Oracle** - Deterministic validation without external trust
+- 🌐 **Mesh Networking** - P2P WebSocket communication with gossip protocol
+- ⏱️ **Precision Timing** - Support for atomic clocks, GPS, PTP, NTP
+- 🔌 **Plugin Architecture** - Adapters for any database or API
+- 🛡️ **Phase Modulation** - Time-based anti-replay protection
+## Quick Start
+```bash
+npm install yakmesh
+```
+```javascript
+import { YakmeshNode } from 'yakmesh';
+const node = new YakmeshNode({
+  node: { name: 'My Node' },
+  network: { httpPort: 3000, wsPort: 9001 },
+});
+await node.start();
+```
+## CLI
+```bash
+# Initialize a new node
+npx yakmesh init
+# Start the node
+npx yakmesh start
+# Check status
+npx yakmesh status
+```
+## Documentation
+Full documentation available at **[yakmesh.dev](https://yakmesh.dev)**
+## Architecture
+```
+yakmesh/
+├── oracle/           # Self-verifying validation engine
+├── mesh/             # WebSocket P2P networking
+├── gossip/           # Epidemic-style message propagation
+├── identity/         # Post-quantum key management
+├── database/         # SQLite replication engine
+├── adapters/         # Platform integration plugins
+├── webserver/        # Embedded Caddy web server
+└── server/           # HTTP/WS server
+```
+## Network Identity
+Each YAKMESH network has a unique identity derived from configurable salts:
+```javascript
+import { setIdentityConfig } from 'yakmesh/oracle/network-identity.js';
+setIdentityConfig({
+  networkPrefix: 'my',           // Network ID prefix
+  identitySalt: 'my-app-v1',     // Unique network salt
+});
+// Different salt = different network (cannot interoperate)
+```
+## Time Source Trust Levels
+| Level | Source | Tolerance | Oracle Capable |
+|-------|--------|-----------|----------------|
+| ATOMIC | PCIe atomic clock | ±100ms | ✅ Yes |
+| GPS | GPS with PPS | ±500ms | ✅ Yes |
+| PTP | IEEE 1588 (Meinberg) | ±500ms | ⚠️ Partial |
+| NTP | Standard NTP | ±5000ms | ❌ No |
+## Adapters
+Create custom adapters by extending `BaseAdapter`:
+```javascript
+import { BaseAdapter } from 'yakmesh/adapters/base-adapter.js';
+class MyAdapter extends BaseAdapter {
+  async init() { /* Connect to your database */ }
+  getSchema() { return { tables: ['users', 'orders'] }; }
+  async fetchChanges(since) { /* Return changed records */ }
+  async applyChange(table, record, op) { /* Write to database */ }
+}
+```
+### Official Adapters
+- `@yakmesh/adapter-peerquanta` - PeerQuanta phpBB marketplace
+## API Endpoints
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/health` | GET | Node health status |
+| `/node` | GET | Node identity info |
+| `/peers` | GET | Connected peers |
+| `/oracle/status` | GET | Oracle integrity check |
+| `/network/identity` | GET | Network identity (hash obfuscated) |
+| `/time/status` | GET | Time source detection |
+| `/time/capabilities` | GET | Time oracle eligibility |
+| `/connect` | POST | Connect to a peer |
+## Pro Features
+YAKMESH Pro includes additional security features:
+- 🔐 **WebSocket Authentication** - Challenge-response auth with signatures
+- 🔒 **Message Encryption** - XChaCha20-Poly1305 encrypted messages
+- 📋 **Peer Allowlist/Blocklist** - Access control for private networks
+- 🛡️ **Connection Rate Limiting** - DDoS protection
+## License
+- **Community Edition**: MIT License (see [LICENSE](LICENSE))
+- **Pro Edition**: Proprietary License
+See [TRADEMARK.md](TRADEMARK.md) for trademark usage policy.
+---
+<div align="center">
+  <sub>Built with quantum principles. Secured by math.</sub>
+  <br><br>
+  <strong><a href="https://yakmesh.dev">yakmesh.dev</a></strong>
+  <br><br>
+  <p>
+    <a href="https://discord.gg/E62tAE2wGh">💬 Discord</a> •
+    <a href="https://t.me/yakmesh">📱 Telegram</a> •
+    <a href="https://x.com/yakmesh">𝕏 Twitter</a>
+  </p>
+  <br>
+  <sub>© 2026 YAKMESH™ Project. Sturdy & Secure.</sub>
+  <br>
+  <sub>YAKMESH™ is a trademark of PeerQuanta, application pending (Serial No. 99594620).</sub>
+</div>

package/announcements/discord-v1.3.1.md ADDED Viewed

@@ -0,0 +1,55 @@
+# 🦬 YAKMESH v1.3.1 — Public Content Delivery + Mesh Peering Confirmed!
+Hey everyone! Big update today:
+## ✅ What's New
+### 🌐 Public Content Delivery API
+We've added a complete **content-addressed storage system** with public delivery:
+```
+GET /content/:hash          → Fetch any content by its hash
+GET /content/:hash/proof    → Get consensus proof for verification
+POST /content/publish       → Store and gossip content to mesh
+```
+**Key features:**
+- Content addressed by SHA3-256 hash (trustless verification)
+- Consensus proofs for light client verification
+- LRU caching for instant edge delivery
+- Automatic mesh sync via gossip protocol
+### 🔗 First Successful LAN Mesh Peering
+Tested and confirmed: **two Yakmesh nodes successfully peered** with matching network fingerprints. The Code Proof Protocol verified both were running identical codebases before allowing the connection.
+**Connection is as simple as:**
+```powershell
+POST http://localhost:3000/connect
+{ "address": "ws://192.168.1.178:9001" }
+```
+### 📱 New Social Channels
+We're now on:
+- 💬 **Discord**: https://discord.gg/E62tAE2wGh
+- 📱 **Telegram**: https://t.me/yakmesh
+- 𝕏 **Twitter**: https://x.com/yakmesh
+## 📦 Install
+```bash
+npm install yakmesh@1.3.1
+```
+## 🔗 Links
+- 🌐 Website: https://yakmesh.dev
+- 📖 GitHub: https://github.com/yakmesh/yakmesh
+- 📦 npm: https://npmjs.com/package/yakmesh
+---
+**What's next?**
+- Multi-node cluster testing
+- Production deployment
+- Website/webapp hosting demos
+Questions? Drop them here! 🦬