yakmesh 1.5.0 → 1.6.0

package/CHANGELOG.md

@@ -2,6 +2,68 @@
 
 All notable changes to YAKMESH will be documented in this file.
 
+## [1.6.0] - 2026-01-17
+
+### 🔐 NIST Level 5 (Paranoid Mode) & Cryptographic Unification
+
+This release adds support for NIST Level 5 security and unifies all hash operations to SHA3-256.
+
+#### New Features
+
+##### NIST Level 5 Support
+- Configurable security levels: Level 3 (default) or Level 5 (paranoid)
+- **Level 5 Algorithms:**
+  - ML-DSA-87 (Dilithium5) for signatures - 256-bit classical security
+  - ML-KEM-1024 (Kyber1024) for key encapsulation - 256-bit classical security
+- New `security/crypto-config.js` module for centralized crypto configuration
+- Runtime switchable via `setSecurityLevel(SecurityLevel.LEVEL_5)`
+
+##### Crypto Agility Documentation
+- New `docs/CRYPTO-AGILITY.md` formalizes algorithm upgrade procedures
+- Version negotiation protocol for future algorithm transitions
+- Monitoring list for future algorithm candidates (X-Wing, SLH-DSA, etc.)
+
+##### Post-Quantum Test Suite
+- Comprehensive cryptographic tests in `oracle/tests/crypto.test.js`
+- Tests for ML-DSA-65/87, ML-KEM-768/1024
+- Performance benchmarks for Level 3 vs Level 5 overhead
+- Run with `npm run test:crypto`
+
+#### Changed
+
+##### Unified SHA3-256 Hashing
+All hash operations now use SHA3-256 for post-quantum consistency:
+- `oracle/network-identity.js` - HKDF now uses SHA3-256
+- `oracle/phase-epoch.js` - Phase derivation uses SHA3-256
+- `gossip/protocol.js` - Bloom filters and message IDs use SHA3-256
+- `mesh/temporal-encoder.js` - Temporal hashes use SHA3-256
+- `mesh/phantom-routing.js` - Key derivation uses SHA3-256
+- `mesh/annex.js` - Session key derivation uses SHA3-256
+- `mesh/echo-ranging.js` - Probe key derivation uses SHA3-256
+
+### Added
+- `security/crypto-config.js` - Centralized crypto configuration module
+- `docs/CRYPTO-AGILITY.md` - Algorithm upgrade path documentation
+- `oracle/tests/crypto.test.js` - PQ cryptography test suite
+- `npm run test:crypto` script for running crypto tests
+
+### Technical Details
+- SHA3-256 provides 128-bit post-quantum security (Grover resistance)
+- All symmetric keys derived from PQ-safe shared secrets
+- No vulnerable classical asymmetric crypto in codebase
+
+---
+
+## [1.5.1] - 2026-01-17
+
+### 🔧 Maintenance Release
+- Port fallback system for WebSocket and HTTP servers
+- Process management script (`scripts/start.sh`)
+- Discord webhook integration for releases
+- Minor documentation updates
+
+---
+
 ## [1.5.0] - 2026-01-17
 
 ### 🔧 Critical Fix: Network Identity Unification

package/announcements/discord-v1.5.0.md

@@ -0,0 +1,29 @@
+# Yakmesh v1.5.1
+
+**🦬 Yakmesh v1.5.1 Released**
+
+## 🔧 Fixes & Improvements
+
+### Identity Initialization Fix
+Fixed oracle initialization order so node identity correctly derives from codebase hash as originally designed.
+
+### Automatic Port Fallback
+Nodes now automatically find the next available port if default ports (3000, 9001) are occupied - no more crashes on busy systems.
+
+### Process Management Script
+New `scripts/start.sh` for proper background process management:
+```bash
+./scripts/start.sh start   # Start in background
+./scripts/start.sh stop    # Clean shutdown  
+./scripts/start.sh restart # Stop + start
+./scripts/start.sh status  # Check if running
+./scripts/start.sh logs    # View logs
+```
+
+## 📦 Install/Upgrade
+```bash
+npm install yakmesh@1.5.1
+```
+
+---
+🔗 https://yakmesh.dev | 💬 Discord: https://discord.gg/8mSPfbJB8N

package/announcements/telegram-v1.5.0.md

@@ -0,0 +1,9 @@
+🦬 Yakmesh v1.5.1
+
+• Fixed identity initialization order
+• Auto port fallback when ports busy
+• Process management script for deployments
+
+npm install yakmesh@1.5.1
+
+https://yakmesh.dev

package/announcements/x-v1.5.0.md

@@ -0,0 +1,11 @@
+🦬 Yakmesh v1.5.1
+
+• Fixed identity initialization order
+• Auto port fallback when ports busy  
+• Process management script for deployments
+
+npm install yakmesh@1.5.1
+
+https://yakmesh.dev
+
+#PostQuantum #P2P #DecentralizedWeb #OpenSource

package/gossip/protocol.js

@@ -8,7 +8,7 @@
  * - Bloom filters for efficient seen-message tracking
  */
 
-import { sha256 } from '@noble/hashes/sha2.js';
+import { sha3_256 } from '@noble/hashes/sha3.js';
 import { bytesToHex } from '@noble/hashes/utils.js';
 
 // Message types for gossip protocol
@@ -40,7 +40,7 @@ class BloomFilter {
 
   _hash(value, seed) {
     const data = `${seed}:${value}`;
-    const hash = sha256(new TextEncoder().encode(data));
+    const hash = sha3_256(new TextEncoder().encode(data));
     return new DataView(hash.buffer).getUint32(0, true) % this.size;
   }
 
@@ -448,7 +448,7 @@ export class GossipProtocol {
    */
   _generateMessageId(topic, data) {
     const payload = JSON.stringify({ topic, data, origin: this.identity.identity.nodeId, ts: Date.now() });
-    return bytesToHex(sha256(new TextEncoder().encode(payload))).slice(0, 32);
+    return bytesToHex(sha3_256(new TextEncoder().encode(payload))).slice(0, 32);
   }
 
   /**

package/mesh/annex.js

@@ -295,7 +295,7 @@ class AnnexSession {
    * Derive symmetric encryption key from shared secret
    */
   _deriveEncryptionKey() {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(this.sharedSecret)
       .update(ANNEX_CONFIG.keyDerivationSalt)
       .update(this.sessionId)

package/mesh/echo-ranging.js

@@ -128,7 +128,7 @@ class EchoProbe {
   }
 
   _deriveKey(secret, context) {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(secret)
       .update(context)
       .digest();

package/mesh/phantom-routing.js

@@ -164,7 +164,7 @@ class PhantomLayer {
   }
 
   _deriveEncryptionKey(sharedSecret) {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(sharedSecret)
       .update(PHANTOM_CONFIG.keyDerivationSalt)
       .update(Buffer.from([this.hopIndex]))

package/mesh/temporal-encoder.js

@@ -27,7 +27,7 @@ const TME_CONFIG = {
   maxSlicesPerStream: 256,
   reconstructionWindowNs: 500_000_000,
   timingToleranceNs: 5_000_000,
-  hashAlgorithm: 'sha256',
+  hashAlgorithm: 'sha3-256',  // Post-quantum consistent hashing
   temporalHashLength: 32,
   minSlicesForReconstruction: 0.6,
   maxMissingConsecutive: 3,

package/oracle/network-identity.js

@@ -21,7 +21,7 @@
 
 import { sha3_256 } from '@noble/hashes/sha3.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
+// Using sha3_256 for all hashing operations for post-quantum consistency
 import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js';
 
 // Phase modulation for rotating security
@@ -144,7 +144,7 @@ export function deriveNetworkName(codeHash, wordCount = 3) {
   const salt = utf8ToBytes('quantum-mesh-salt-2025');
   
   // Derive enough bytes for word indices (1 byte per word)
-  const derived = hkdf(sha256, hashBytes, salt, info, wordCount);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, wordCount);
   
   // Map each byte to a word (256 words = 8 bits = 1 byte per word)
   const words = [];
@@ -170,7 +170,7 @@ export function deriveNetworkId(codeHash) {
   const info = utf8ToBytes(IDENTITY_CONFIG.shortIdSalt);
   const salt = utf8ToBytes('mesh-id-salt-2025');
   
-  const derived = hkdf(sha256, hashBytes, salt, info, 4);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, 4);
   
   // Base58-like encoding (no 0, O, I, l to avoid confusion)
   const alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
@@ -196,7 +196,7 @@ export function deriveVerificationPhrase(codeHash) {
   const salt = utf8ToBytes('verify-phrase-salt-2025');
   
   // Derive 5 bytes for a 5-word phrase
-  const derived = hkdf(sha256, hashBytes, salt, info, 5);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, 5);
   
   const templates = [
     'The {0} {1} reflects the {2} {3}',
@@ -251,7 +251,7 @@ export class NetworkIdentity {
     // Stable fingerprint - one-way derivation for comparison
     // NOT the same as the code hash, NEVER changes
     const fpBytes = hkdf(
-      sha256,
+      sha3_256,
       hexToBytes(codeHash),
       utf8ToBytes('fingerprint-salt'),
       utf8ToBytes(IDENTITY_CONFIG.fingerprintSalt),

package/oracle/phase-epoch.js

@@ -23,7 +23,7 @@
 import { sha3_256 } from '@noble/hashes/sha3.js';
 import { bytesToHex, utf8ToBytes } from '@noble/hashes/utils.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
+// Using sha3_256 for all hashing operations for post-quantum consistency
 
 // ============================================================
 // CONFIGURATION
@@ -245,7 +245,7 @@ export function derivePhaseModulated(inputKey, baseSalt, baseInfo, outputLength,
   const salt = modulateSalt(baseSalt, epoch);
   const info = modulateInfo(baseInfo, epoch);
   
-  return hkdf(sha256, inputKey, salt, info, outputLength);
+  return hkdf(sha3_256, inputKey, salt, info, outputLength);
 }
 
 /**
@@ -477,9 +477,9 @@ export default {
   getPhaseStatus,
   formatPhaseId,
 };
-
-
-
+
+
+
 
 // Alias for backward compatibility
-export { setPhaseConfig as setTimeSourceConfig };
+export { setPhaseConfig as setTimeSourceConfig };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "yakmesh",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "YAKMESH: Yielding Atomic Kernel Modular Encryption Secured Hub - Post-quantum secure P2P mesh network for the 2026 threat landscape",
   "type": "module",
   "main": "server/index.js",
@@ -17,6 +17,7 @@
     "./oracle/code-proof": "./oracle/code-proof-protocol.js",
     "./oracle/module-sealer": "./oracle/module-sealer.js",
     "./oracle/codebase-lock": "./oracle/codebase-lock.js",
+    "./security/crypto-config": "./security/crypto-config.js",
     "./mesh/network": "./mesh/network.js",
     "./mesh/rate-limiter": "./mesh/rate-limiter.js",
     "./mesh/message-validator": "./mesh/message-validator.js",
@@ -36,6 +37,7 @@
     "test": "node --test oracle/tests/*.test.js",
     "test:time": "node --test oracle/tests/time-source.test.js",
     "test:phase": "node --test oracle/tests/phase-epoch.test.js",
+    "test:crypto": "node --test oracle/tests/crypto.test.js",
     "test:all": "node test-novel-systems.mjs"
   },
   "dependencies": {

package/yakbot/index.js

@@ -26,7 +26,7 @@ const config = {
   geminiKey: process.env.GEMINI_API_KEY,
   
   // Current version
-  version: '1.5.0',
+  version: '1.6.0',
   
   // Official YAKMESH nodes for health checks
   officialNodes: [