yakmesh 1.5.1 → 1.7.0

package/CHANGELOG.md

@@ -2,6 +2,126 @@
 
 All notable changes to YAKMESH will be documented in this file.
 
+## [1.7.0] - 2026-01-18
+
+### 🛡️ SLH-DSA Backup Signatures & Monitoring Dashboard
+
+This release adds defense-in-depth with FIPS 205 hash-based backup signatures and a comprehensive monitoring dashboard.
+
+#### New Features
+
+##### SLH-DSA Backup Signatures (FIPS 205)
+- **Dual Algorithm Support:** ML-DSA (lattice-based) + SLH-DSA (hash-based)
+- **Level 3:** SLH-DSA-SHA2-192f (hash-based, different cryptographic assumptions)
+- **Level 5:** SLH-DSA-SHA2-256f (hash-based, paranoid mode)
+- New functions: `signBackup()`, `verifyBackup()`, `signDual()`, `verifyDual()`
+- Generate dual keypairs with `generateDualSignatureKeyPairs()`
+- Defense-in-depth: if lattice assumptions break, hash-based signatures still hold
+
+##### Monitoring Dashboard
+- Updated `/dashboard` with YAKMESH branding
+- New `/metrics` endpoint aggregates all node status
+- **Oracle Status:** Health, network identity, verified peers
+- **Crypto Info:** Active algorithms, security level, NIST standards
+- **Time Source:** Trust level, stratum, precision indicators
+- **Uptime Tracking:** Human-readable uptime display
+
+##### Dev.to Automation
+- GitHub Actions now posts to Dev.to on major releases
+- Automated article creation with version info
+- Add `DEVTO_API_KEY` to GitHub secrets to enable
+
+#### Technical Details
+
+##### SLH-DSA Key/Signature Sizes
+| Level | Public Key | Secret Key | Signature |
+|-------|------------|------------|-----------|
+| 3 (192f) | 48 bytes | 96 bytes | ~35 KB |
+| 5 (256f) | 64 bytes | 128 bytes | ~50 KB |
+
+##### Performance (SLH-DSA is slower than ML-DSA)
+- Sign: ~100-160ms (vs 3ms for ML-DSA)
+- Verify: ~5-9ms (vs 1ms for ML-DSA)
+- Use dual signatures only for high-value operations
+
+#### Added
+- `signBackup()`, `verifyBackup()` - SLH-DSA standalone operations
+- `signDual()`, `verifyDual()` - Dual signature operations
+- `generateDualSignatureKeyPairs()` - Generate both ML-DSA and SLH-DSA keypairs
+- `getBackupSignatureAlgorithm()`, `getBackupSignatureName()` - Config accessors
+- `/metrics` endpoint for comprehensive node status
+- Dashboard cards for Oracle, Crypto, Time Source
+- Uptime tracking with human-readable formatting
+
+#### Changed
+- `getCryptoSummary()` now includes `backupSignatureAlgorithm` and FIPS 205 in standards
+- Dashboard rebranded from "Lantern Mesh" to "YAKMESH"
+- `discord-release.yml` now includes Dev.to posting job
+
+---
+
+## [1.6.0] - 2026-01-17
+
+### 🔐 NIST Level 5 (Paranoid Mode) & Cryptographic Unification
+
+This release adds support for NIST Level 5 security and unifies all hash operations to SHA3-256.
+
+#### New Features
+
+##### NIST Level 5 Support
+- Configurable security levels: Level 3 (default) or Level 5 (paranoid)
+- **Level 5 Algorithms:**
+  - ML-DSA-87 (Dilithium5) for signatures - 256-bit classical security
+  - ML-KEM-1024 (Kyber1024) for key encapsulation - 256-bit classical security
+- New `security/crypto-config.js` module for centralized crypto configuration
+- Runtime switchable via `setSecurityLevel(SecurityLevel.LEVEL_5)`
+
+##### Crypto Agility Documentation
+- New `docs/CRYPTO-AGILITY.md` formalizes algorithm upgrade procedures
+- Version negotiation protocol for future algorithm transitions
+- Monitoring list for future algorithm candidates (X-Wing, SLH-DSA, etc.)
+
+##### Post-Quantum Test Suite
+- Comprehensive cryptographic tests in `oracle/tests/crypto.test.js`
+- Tests for ML-DSA-65/87, ML-KEM-768/1024
+- Performance benchmarks for Level 3 vs Level 5 overhead
+- Run with `npm run test:crypto`
+
+#### Changed
+
+##### Unified SHA3-256 Hashing
+All hash operations now use SHA3-256 for post-quantum consistency:
+- `oracle/network-identity.js` - HKDF now uses SHA3-256
+- `oracle/phase-epoch.js` - Phase derivation uses SHA3-256
+- `gossip/protocol.js` - Bloom filters and message IDs use SHA3-256
+- `mesh/temporal-encoder.js` - Temporal hashes use SHA3-256
+- `mesh/phantom-routing.js` - Key derivation uses SHA3-256
+- `mesh/annex.js` - Session key derivation uses SHA3-256
+- `mesh/echo-ranging.js` - Probe key derivation uses SHA3-256
+
+### Added
+- `security/crypto-config.js` - Centralized crypto configuration module
+- `docs/CRYPTO-AGILITY.md` - Algorithm upgrade path documentation
+- `oracle/tests/crypto.test.js` - PQ cryptography test suite
+- `npm run test:crypto` script for running crypto tests
+
+### Technical Details
+- SHA3-256 provides 128-bit post-quantum security (Grover resistance)
+- All symmetric keys derived from PQ-safe shared secrets
+- No vulnerable classical asymmetric crypto in codebase
+
+---
+
+## [1.5.1] - 2026-01-17
+
+### 🔧 Maintenance Release
+- Port fallback system for WebSocket and HTTP servers
+- Process management script (`scripts/start.sh`)
+- Discord webhook integration for releases
+- Minor documentation updates
+
+---
+
 ## [1.5.0] - 2026-01-17
 
 ### 🔧 Critical Fix: Network Identity Unification

package/announcements/discord-v1.5.0.md

@@ -1,27 +1,14 @@
-# Yakmesh v1.5.0 - Network Identity Unification
+# Yakmesh v1.5.1
 
-**🦬 Yakmesh v1.5.0 is here!**
+**🦬 Yakmesh v1.5.1 Released**
 
-This release introduces **Network Identity Unification** - a fundamental improvement to how nodes identify themselves and verify they're running the same code.
+## 🔧 Fixes & Improvements
 
-## 🔑 What's New
-
-### Network Identity Unification
-Node IDs now contain TWO components:
-- **Network Name** - Derived from codebase hash (SAME for all nodes on network)
-- **Instance ID** - Derived from public key (UNIQUE per node)
-
-Format: `node-[network-name]-[instance-id]`
-Example: `node-grid-carbide-reveal-pq-QHZx`
-
-**Why this matters:**
-✅ Nodes running identical code share the same network name
-✅ Visual verification: same network name = same code = can trust peer
-✅ Each node still has a unique instance identifier
-✅ Human-readable verification phrases for extra confirmation
+### Identity Initialization Fix
+Fixed oracle initialization order so node identity correctly derives from codebase hash as originally designed.
 
 ### Automatic Port Fallback
-No more "port in use" crashes! If default ports (3000, 9001) are occupied, the node automatically finds the next available port.
+Nodes now automatically find the next available port if default ports (3000, 9001) are occupied - no more crashes on busy systems.
 
 ### Process Management Script
 New `scripts/start.sh` for proper background process management:
@@ -33,12 +20,9 @@ New `scripts/start.sh` for proper background process management:
 ./scripts/start.sh logs    # View logs
 ```
 
-## ⚠️ Breaking Change
-Existing `node-key.json` files will trigger identity regeneration on first v1.5.0 startup. This is expected - the new format ensures network name derivation from codebase hash.
-
 ## 📦 Install/Upgrade
 ```bash
-npm install yakmesh@1.5.0
+npm install yakmesh@1.5.1
 ```
 
 ---

package/announcements/discord-v1.6.0.md

@@ -0,0 +1,49 @@
+# 🔐 YAKMESH v1.6.0 - NIST Level 5 & Cryptographic Unification
+
+**The paranoid mode has arrived.**
+
+## What's New
+
+### 🛡️ NIST Level 5 Support (Paranoid Mode)
+Choose your security level:
+- **Level 3** (default): ML-DSA-65/ML-KEM-768 - ~192-bit classical security  
+- **Level 5** (paranoid): ML-DSA-87/ML-KEM-1024 - ~256-bit classical security
+
+```javascript
+import { setSecurityLevel, SecurityLevel } from 'yakmesh/security/crypto-config';
+setSecurityLevel(SecurityLevel.LEVEL_5);  // Maximum security
+```
+
+### 🔄 SHA3-256 Everywhere
+All hash operations now use SHA3-256 for post-quantum consistency:
+- Bloom filter hashing in gossip protocol
+- Temporal mesh encoding
+- Phantom routing key derivation
+- Annex session keys
+- Echo ranging probes
+
+**Why?** SHA3-256 provides 128-bit quantum security (Grover resistance) with its sponge construction.
+
+### 📋 Crypto Agility Documentation
+New `docs/CRYPTO-AGILITY.md` formalizes our algorithm upgrade path:
+- When to upgrade (NIST recommendations, new attacks, standards updates)
+- 90-day dual-algorithm transition periods
+- Version negotiation between nodes
+
+### ✅ 36-Test PQ Crypto Suite
+Comprehensive validation of all cryptographic operations:
+```bash
+npm run test:crypto
+```
+Tests ML-DSA-65/87, ML-KEM-768/1024, SHA3-256, and full handshake simulations.
+
+## Upgrade
+```bash
+npm install yakmesh@1.6.0
+```
+
+---
+
+**No classical asymmetric crypto. Only post-quantum. Only math.**
+
+🦬 https://yakmesh.dev | 📦 npm: yakmesh

package/announcements/telegram-v1.5.0.md

@@ -1,13 +1,9 @@
-🦬 Yakmesh v1.5.0 Released
+🦬 Yakmesh v1.5.1
 
-Network Identity Unification - nodes now share network names when running identical code.
+• Fixed identity initialization order
+• Auto port fallback when ports busy
+• Process management script for deployments
 
-New ID format: node-[network-name]-[instance-id]
-
-• Same network name = same codebase = can peer
-• Automatic port fallback
-• Process management script
-
-npm install yakmesh@1.5.0
+npm install yakmesh@1.5.1
 
 https://yakmesh.dev

package/announcements/telegram-v1.6.0.md

@@ -0,0 +1,15 @@
+🔐 YAKMESH v1.6.0 - Paranoid Mode
+
+New:
+• NIST Level 5 support (ML-DSA-87/ML-KEM-1024)
+• SHA3-256 unified across all modules
+• Crypto agility documentation
+• 36-test PQ crypto suite
+
+```js
+setSecurityLevel(SecurityLevel.LEVEL_5); // Maximum security
+```
+
+npm install yakmesh@1.6.0
+
+🦬 https://yakmesh.dev

package/announcements/x-v1.5.0.md

@@ -1,17 +1,11 @@
-🦬 Yakmesh v1.5.0: Network Identity Unification
+🦬 Yakmesh v1.5.1
 
-Node IDs now tell you if peers run the same code:
+• Fixed identity initialization order
+• Auto port fallback when ports busy  
+• Process management script for deployments
 
-node-grid-carbide-reveal-pq-QHZx
-     ^^^^^^^^^^^^^^^^^ unique
-     network name      instance
+npm install yakmesh@1.5.1
 
-✅ Same network name = same codebase = trustable peer
-✅ Auto port fallback when ports busy
-✅ Process management script included
-
-Breaking: Nodes regenerate identity on first run (expected)
-
-npm install yakmesh@1.5.0
+https://yakmesh.dev
 
 #PostQuantum #P2P #DecentralizedWeb #OpenSource

package/announcements/x-v1.6.0.md

@@ -0,0 +1,13 @@
+🔐 YAKMESH v1.6.0 - Paranoid Mode
+
+NIST Level 5 support is here:
+• ML-DSA-87 (Dilithium5) - 256-bit classical
+• ML-KEM-1024 (Kyber1024) - 256-bit classical
+
+Plus: SHA3-256 unified across all hashing operations.
+
+No classical asymmetric crypto. Only post-quantum. Only math.
+
+npm i yakmesh@1.6.0
+
+🦬 yakmesh.dev

package/dashboard/index.html

@@ -3,20 +3,22 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Lantern Mesh Network Dashboard</title>
+  <title>YAKMESH Dashboard</title>
   <style>
     :root {
-      --bg-dark: #0a0a0f;
-      --bg-card: #12121a;
-      --bg-hover: #1a1a25;
-      --border: #2a2a35;
-      --text: #e0e0e5;
-      --text-dim: #888;
-      --accent: #f59e0b;
-      --accent-glow: rgba(245, 158, 11, 0.2);
-      --success: #10b981;
-      --warning: #f59e0b;
-      --error: #ef4444;
+      --bg-dark: #0f1419;
+      --bg-card: #1a2027;
+      --bg-hover: #242d38;
+      --border: #2d3a47;
+      --text: #e6edf3;
+      --text-dim: #8b949e;
+      --accent: #4ade80;
+      --accent-glow: rgba(74, 222, 128, 0.2);
+      --mountain: #4ade80;
+      --frost: #38bdf8;
+      --success: #4ade80;
+      --warning: #fbbf24;
+      --error: #f87171;
     }
     
     * {
@@ -27,7 +29,7 @@
     
     body {
       font-family: 'SF Mono', 'Monaco', 'Consolas', monospace;
-      background: var(--bg-dark);
+      background: linear-gradient(135deg, var(--bg-dark) 0%, #0a1520 100%);
       color: var(--text);
       min-height: 100vh;
       padding: 2rem;
@@ -46,8 +48,9 @@
     
     h1 {
       font-size: 1.5rem;
-      font-weight: 500;
-      color: var(--accent);
+      font-weight: 600;
+      color: var(--mountain);
+      letter-spacing: 0.05em;
     }
     
     .subtitle {
@@ -306,10 +309,10 @@
 </head>
 <body>
   <div class="header">
-    <span class="logo">🏮</span>
+    <span class="logo">🦬</span>
     <div>
-      <h1>Lantern Mesh Network</h1>
-      <div class="subtitle">Post-Quantum Secure • Decentralized • Federated</div>
+      <h1>YAKMESH™ Dashboard</h1>
+      <div class="subtitle">Post-Quantum Secure • Sturdy & Secure • v1.7.0</div>
     </div>
   </div>
   
@@ -329,7 +332,7 @@
   <div class="grid">
     <!-- Node Identity -->
     <div class="card">
-      <div class="card-title">🔐 Node Identity</div>
+      <div class="card-title">🦬 Node Identity</div>
       <div id="node-identity">
         <div class="empty-state">Connect to a node to view identity</div>
       </div>
@@ -348,8 +351,8 @@
           <div class="stat-label">Discovered Nodes</div>
         </div>
         <div class="stat">
-          <div class="stat-value" id="replication-log">-</div>
-          <div class="stat-label">Replication Log</div>
+          <div class="stat-value" id="uptime">-</div>
+          <div class="stat-label">Uptime</div>
         </div>
         <div class="stat">
           <div class="stat-value" id="gossip-messages">-</div>
@@ -358,6 +361,30 @@
       </div>
     </div>
     
+    <!-- Oracle Status -->
+    <div class="card">
+      <div class="card-title">🔮 Oracle Status</div>
+      <div id="oracle-status">
+        <div class="empty-state">Connect to view oracle status</div>
+      </div>
+    </div>
+    
+    <!-- Crypto Configuration -->
+    <div class="card">
+      <div class="card-title">🔐 Post-Quantum Cryptography</div>
+      <div id="crypto-info">
+        <div class="empty-state">Connect to view crypto configuration</div>
+      </div>
+    </div>
+    
+    <!-- Time Source -->
+    <div class="card">
+      <div class="card-title">⏱️ Time Source</div>
+      <div id="time-info">
+        <div class="empty-state">Connect to view time source</div>
+      </div>
+    </div>
+    
     <!-- Connected Peers -->
     <div class="card">
       <div class="card-title">
@@ -399,14 +426,6 @@
         <li class="empty-state">No nodes discovered</li>
       </ul>
     </div>
-    
-    <!-- Replication -->
-    <div class="card">
-      <div class="card-title">🔄 Replication Engine</div>
-      <div class="replication-log" id="replication-info">
-        <div class="empty-state">Connect to view replication info</div>
-      </div>
-    </div>
   </div>
 
   <script>
@@ -439,10 +458,10 @@
       
       try {
         // Fetch all data in parallel
-        const [node, peers, replication, gossip, discovered] = await Promise.all([
+        const [node, peers, metrics, gossip, discovered] = await Promise.all([
           fetch(`${nodeUrl}/node`).then(r => r.json()).catch(() => null),
           fetch(`${nodeUrl}/peers`).then(r => r.json()).catch(() => []),
-          fetch(`${nodeUrl}/replication`).then(r => r.json()).catch(() => null),
+          fetch(`${nodeUrl}/metrics`).then(r => r.json()).catch(() => null),
           fetch(`${nodeUrl}/gossip`).then(r => r.json()).catch(() => null),
           fetch(`${nodeUrl}/discovered`).then(r => r.json()).catch(() => []),
         ]);
@@ -464,9 +483,73 @@
         // Update stats
         document.getElementById('peer-count').textContent = peers.length;
         document.getElementById('discovered-count').textContent = discovered.length;
-        document.getElementById('replication-log').textContent = replication?.replicationLogSize ?? '-';
+        document.getElementById('uptime').textContent = metrics?.node?.uptimeFormatted || '-';
         document.getElementById('gossip-messages').textContent = gossip?.seenMessages ?? '-';
         
+        // Update Oracle status
+        if (metrics?.oracle) {
+          const oracle = metrics.oracle;
+          const statusColor = oracle.status === 'healthy' ? 'var(--success)' : 'var(--error)';
+          document.getElementById('oracle-status').innerHTML = `
+            <div style="display: flex; align-items: center; gap: 0.5rem; margin-bottom: 1rem;">
+              <div style="width: 12px; height: 12px; border-radius: 50%; background: ${statusColor}; box-shadow: 0 0 8px ${statusColor};"></div>
+              <span style="font-weight: 600; color: ${statusColor}">${oracle.status.toUpperCase()}</span>
+            </div>
+            <div style="color: var(--text-dim); font-size: 0.85rem;">
+              <div>Network: ${oracle.networkName || 'N/A'}</div>
+              <div>ID: ${oracle.networkId || 'N/A'}</div>
+              <div style="word-break: break-all;">Fingerprint: ${oracle.fingerprint?.slice(0, 24) || 'N/A'}...</div>
+              <div>Verified Peers: ${oracle.verifiedPeers}</div>
+            </div>
+          `;
+        }
+        
+        // Update Crypto info
+        if (metrics?.crypto) {
+          const crypto = metrics.crypto;
+          document.getElementById('crypto-info').innerHTML = `
+            <div style="color: var(--text-dim); font-size: 0.85rem;">
+              <div style="margin-bottom: 0.75rem;">
+                <span style="color: var(--frost)">Security Level:</span> 
+                <span style="color: var(--mountain); font-weight: 600;">${crypto.levelName}</span>
+              </div>
+              <div>Signature: <span style="color: var(--text)">${crypto.signatureAlgorithm}</span></div>
+              <div>Backup Sig: <span style="color: var(--text)">${crypto.backupSignatureAlgorithm || 'N/A'}</span></div>
+              <div>KEM: <span style="color: var(--text)">${crypto.kemAlgorithm}</span></div>
+              <div style="margin-top: 0.5rem;">
+                Classical: ${crypto.classicalSecurity} | Quantum: ${crypto.quantumSecurity}
+              </div>
+              <div style="margin-top: 0.5rem; font-size: 0.75rem;">
+                ${crypto.nistStandards?.join(' • ') || ''}
+              </div>
+            </div>
+          `;
+        }
+        
+        // Update Time info
+        if (metrics?.time) {
+          const time = metrics.time;
+          const trustColors = {
+            ATOMIC: 'var(--success)',
+            GPS: 'var(--success)', 
+            PTP: 'var(--warning)',
+            NTP: 'var(--text-dim)',
+          };
+          const trustColor = trustColors[time.trustLevel] || 'var(--text-dim)';
+          document.getElementById('time-info').innerHTML = `
+            <div style="display: flex; align-items: center; gap: 0.5rem; margin-bottom: 1rem;">
+              <div style="width: 12px; height: 12px; border-radius: 50%; background: ${trustColor}; box-shadow: 0 0 8px ${trustColor};"></div>
+              <span style="font-weight: 600; color: ${trustColor}">${time.trustLevel}</span>
+            </div>
+            <div style="color: var(--text-dim); font-size: 0.85rem;">
+              <div>Stratum: ${time.stratum ?? 'N/A'}</div>
+              <div>Phase Tolerance: ${time.phaseTolerance ? time.phaseTolerance + 'ms' : 'N/A'}</div>
+              <div>Atomic Time: ${time.hasAtomicTime ? '✅ Yes' : '❌ No'}</div>
+              <div>High Precision: ${time.hasHighPrecisionTime ? '✅ Yes' : '❌ No'}</div>
+            </div>
+          `;
+        }
+        
         // Update peer list
         const peerList = document.getElementById('peer-list');
         if (peers.length === 0) {
@@ -508,15 +591,6 @@
           `).join('');
         }
         
-        // Update replication info
-        if (replication) {
-          document.getElementById('replication-info').innerHTML = `
-            <div>Log Entries: ${replication.replicationLogSize}</div>
-            <div>Peer States: ${replication.peerStates}</div>
-            <div>Tables: ${replication.tables?.join(', ') || 'N/A'}</div>
-          `;
-        }
-        
       } catch (e) {
         console.error('Refresh failed:', e);
       }

package/gossip/protocol.js

@@ -8,7 +8,7 @@
  * - Bloom filters for efficient seen-message tracking
  */
 
-import { sha256 } from '@noble/hashes/sha2.js';
+import { sha3_256 } from '@noble/hashes/sha3.js';
 import { bytesToHex } from '@noble/hashes/utils.js';
 
 // Message types for gossip protocol
@@ -40,7 +40,7 @@ class BloomFilter {
 
   _hash(value, seed) {
     const data = `${seed}:${value}`;
-    const hash = sha256(new TextEncoder().encode(data));
+    const hash = sha3_256(new TextEncoder().encode(data));
     return new DataView(hash.buffer).getUint32(0, true) % this.size;
   }
 
@@ -448,7 +448,7 @@ export class GossipProtocol {
    */
   _generateMessageId(topic, data) {
     const payload = JSON.stringify({ topic, data, origin: this.identity.identity.nodeId, ts: Date.now() });
-    return bytesToHex(sha256(new TextEncoder().encode(payload))).slice(0, 32);
+    return bytesToHex(sha3_256(new TextEncoder().encode(payload))).slice(0, 32);
   }
 
   /**

package/mesh/annex.js

@@ -295,7 +295,7 @@ class AnnexSession {
    * Derive symmetric encryption key from shared secret
    */
   _deriveEncryptionKey() {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(this.sharedSecret)
       .update(ANNEX_CONFIG.keyDerivationSalt)
       .update(this.sessionId)

package/mesh/echo-ranging.js

@@ -128,7 +128,7 @@ class EchoProbe {
   }
 
   _deriveKey(secret, context) {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(secret)
       .update(context)
       .digest();

package/mesh/phantom-routing.js

@@ -164,7 +164,7 @@ class PhantomLayer {
   }
 
   _deriveEncryptionKey(sharedSecret) {
-    return createHash('sha256')
+    return createHash('sha3-256')
       .update(sharedSecret)
       .update(PHANTOM_CONFIG.keyDerivationSalt)
       .update(Buffer.from([this.hopIndex]))

package/mesh/temporal-encoder.js

@@ -27,7 +27,7 @@ const TME_CONFIG = {
   maxSlicesPerStream: 256,
   reconstructionWindowNs: 500_000_000,
   timingToleranceNs: 5_000_000,
-  hashAlgorithm: 'sha256',
+  hashAlgorithm: 'sha3-256',  // Post-quantum consistent hashing
   temporalHashLength: 32,
   minSlicesForReconstruction: 0.6,
   maxMissingConsecutive: 3,

package/oracle/network-identity.js

@@ -21,7 +21,7 @@
 
 import { sha3_256 } from '@noble/hashes/sha3.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
+// Using sha3_256 for all hashing operations for post-quantum consistency
 import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js';
 
 // Phase modulation for rotating security
@@ -144,7 +144,7 @@ export function deriveNetworkName(codeHash, wordCount = 3) {
   const salt = utf8ToBytes('quantum-mesh-salt-2025');
   
   // Derive enough bytes for word indices (1 byte per word)
-  const derived = hkdf(sha256, hashBytes, salt, info, wordCount);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, wordCount);
   
   // Map each byte to a word (256 words = 8 bits = 1 byte per word)
   const words = [];
@@ -170,7 +170,7 @@ export function deriveNetworkId(codeHash) {
   const info = utf8ToBytes(IDENTITY_CONFIG.shortIdSalt);
   const salt = utf8ToBytes('mesh-id-salt-2025');
   
-  const derived = hkdf(sha256, hashBytes, salt, info, 4);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, 4);
   
   // Base58-like encoding (no 0, O, I, l to avoid confusion)
   const alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
@@ -196,7 +196,7 @@ export function deriveVerificationPhrase(codeHash) {
   const salt = utf8ToBytes('verify-phrase-salt-2025');
   
   // Derive 5 bytes for a 5-word phrase
-  const derived = hkdf(sha256, hashBytes, salt, info, 5);
+  const derived = hkdf(sha3_256, hashBytes, salt, info, 5);
   
   const templates = [
     'The {0} {1} reflects the {2} {3}',
@@ -251,7 +251,7 @@ export class NetworkIdentity {
     // Stable fingerprint - one-way derivation for comparison
     // NOT the same as the code hash, NEVER changes
     const fpBytes = hkdf(
-      sha256,
+      sha3_256,
       hexToBytes(codeHash),
       utf8ToBytes('fingerprint-salt'),
       utf8ToBytes(IDENTITY_CONFIG.fingerprintSalt),

package/oracle/phase-epoch.js

@@ -23,7 +23,7 @@
 import { sha3_256 } from '@noble/hashes/sha3.js';
 import { bytesToHex, utf8ToBytes } from '@noble/hashes/utils.js';
 import { hkdf } from '@noble/hashes/hkdf.js';
-import { sha256 } from '@noble/hashes/sha2.js';
+// Using sha3_256 for all hashing operations for post-quantum consistency
 
 // ============================================================
 // CONFIGURATION
@@ -245,7 +245,7 @@ export function derivePhaseModulated(inputKey, baseSalt, baseInfo, outputLength,
   const salt = modulateSalt(baseSalt, epoch);
   const info = modulateInfo(baseInfo, epoch);
   
-  return hkdf(sha256, inputKey, salt, info, outputLength);
+  return hkdf(sha3_256, inputKey, salt, info, outputLength);
 }
 
 /**
@@ -477,9 +477,9 @@ export default {
   getPhaseStatus,
   formatPhaseId,
 };
-
-
-
+
+
+
 
 // Alias for backward compatibility
-export { setPhaseConfig as setTimeSourceConfig };
+export { setPhaseConfig as setTimeSourceConfig };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "yakmesh",
-  "version": "1.5.1",
+  "version": "1.7.0",
   "description": "YAKMESH: Yielding Atomic Kernel Modular Encryption Secured Hub - Post-quantum secure P2P mesh network for the 2026 threat landscape",
   "type": "module",
   "main": "server/index.js",
@@ -17,6 +17,7 @@
     "./oracle/code-proof": "./oracle/code-proof-protocol.js",
     "./oracle/module-sealer": "./oracle/module-sealer.js",
     "./oracle/codebase-lock": "./oracle/codebase-lock.js",
+    "./security/crypto-config": "./security/crypto-config.js",
     "./mesh/network": "./mesh/network.js",
     "./mesh/rate-limiter": "./mesh/rate-limiter.js",
     "./mesh/message-validator": "./mesh/message-validator.js",
@@ -36,6 +37,7 @@
     "test": "node --test oracle/tests/*.test.js",
     "test:time": "node --test oracle/tests/time-source.test.js",
     "test:phase": "node --test oracle/tests/phase-epoch.test.js",
+    "test:crypto": "node --test oracle/tests/crypto.test.js",
     "test:all": "node test-novel-systems.mjs"
   },
   "dependencies": {

package/server/index.js

@@ -47,6 +47,19 @@ import {
 } from '../oracle/time-source.js';
 import { setTimeSourceConfig, getActiveConfig } from '../oracle/phase-epoch.js';
 
+// Helper: Format uptime in human-readable format
+function formatUptime(seconds) {
+  const days = Math.floor(seconds / 86400);
+  const hours = Math.floor((seconds % 86400) / 3600);
+  const mins = Math.floor((seconds % 3600) / 60);
+  const secs = seconds % 60;
+  
+  if (days > 0) return `${days}d ${hours}h ${mins}m`;
+  if (hours > 0) return `${hours}h ${mins}m ${secs}s`;
+  if (mins > 0) return `${mins}m ${secs}s`;
+  return `${secs}s`;
+}
+
 // Optional adapter integration (loaded dynamically if enabled)
 let ActiveAdapter = null;
 
@@ -140,6 +153,9 @@ export class YakmeshNode {
 
   async start() {
     console.log('\n🦬 Starting Yakmesh Node...\n');
+    
+    // Record start time for uptime tracking
+    this._startTime = Date.now();
 
     // 0. LOCK THE CODEBASE - Prevent any modifications during runtime
     // This is critical for Code Proof Protocol security
@@ -898,6 +914,81 @@ export class YakmeshNode {
       });
     });
 
+    // =========================================
+    // Metrics Endpoint - Dashboard Data
+    // =========================================
+    
+    app.get('/metrics', (req, res) => {
+      const startTime = this._startTime || Date.now();
+      const uptime = Math.floor((Date.now() - startTime) / 1000);
+      
+      // Crypto configuration (imported at top of file)
+      let cryptoInfo = null;
+      try {
+        // Dynamic import not needed - use the imported module
+        cryptoInfo = this._cryptoSummary || { 
+          levelName: 'NIST Level 3',
+          signatureAlgorithm: 'ML-DSA-65',
+          backupSignatureAlgorithm: 'SLH-DSA-SHA2-192f',
+          kemAlgorithm: 'ML-KEM-768',
+          classicalSecurity: '192-bit',
+          quantumSecurity: '128-bit',
+          nistStandards: ['FIPS 203 (ML-KEM)', 'FIPS 204 (ML-DSA)', 'FIPS 205 (SLH-DSA)'],
+        };
+      } catch (e) {
+        cryptoInfo = { error: 'Could not load crypto config' };
+      }
+      
+      // Time source info
+      let timeInfo = null;
+      if (this.timeSource) {
+        const status = this.timeSource.getStatus();
+        timeInfo = {
+          trustLevel: status.trustLevel,
+          stratum: status.stratum,
+          phaseTolerance: status.phaseTolerance,
+          hasAtomicTime: this.timeSource.hasAtomicTime(),
+          hasHighPrecisionTime: this.timeSource.hasHighPrecisionTime(),
+        };
+      }
+      
+      // Oracle status
+      let oracleInfo = null;
+      if (this.oracle) {
+        const integrity = this.oracle.verifySelfIntegrity();
+        oracleInfo = {
+          status: integrity.valid ? 'healthy' : 'compromised',
+          valid: integrity.valid,
+          networkName: this.genesisNetwork?.networkName || null,
+          networkId: this.genesisNetwork?.networkId || null,
+          fingerprint: this.genesisNetwork?.fingerprint || null,
+          verifiedPeers: this.codeProof?.getVerifiedPeers()?.length || 0,
+        };
+      }
+      
+      // Mesh stats
+      const peerCount = this.mesh?.getPeers()?.length || 0;
+      const gossipStats = this.gossip?.getStats() || null;
+      
+      res.json({
+        node: {
+          id: this.identity?.identity?.nodeId || null,
+          name: this.config?.node?.name || 'unknown',
+          version: '1.7.0',
+          uptime,
+          uptimeFormatted: formatUptime(uptime),
+        },
+        crypto: cryptoInfo,
+        time: timeInfo,
+        oracle: oracleInfo,
+        network: {
+          peers: peerCount,
+          gossip: gossipStats,
+        },
+        timestamp: new Date().toISOString(),
+      });
+    });
+
     // =========================================
     // Time Source Endpoints - Precision Timing
     // =========================================

package/yakbot/index.js

@@ -7,6 +7,7 @@
  * - /changelog - Recent changes
  * - /ask [question] - AI-powered Q&A about YAKMESH
  * - /nodes - Check health of official YAKMESH nodes
+ * - /faq - Frequently asked questions
  * - /ping - Bot latency check
  * - Auto-greet new members
  * 
@@ -26,7 +27,7 @@ const config = {
   geminiKey: process.env.GEMINI_API_KEY,
   
   // Current version
-  version: '1.5.0',
+  version: '1.6.0',
   
   // Official YAKMESH nodes for health checks
   officialNodes: [
@@ -489,6 +490,7 @@ const commands = {
         { name: '📦 `/install`', value: 'Quick installation guide', inline: true },
         { name: '❓ `/ask <question>`', value: 'Ask YakBot about YAKMESH', inline: true },
         { name: '🔗 `/links`', value: 'All social and resource links', inline: true },
+        { name: '❔ `/faq`', value: 'Frequently asked questions', inline: true },
         { name: '🏓 `/ping`', value: 'Check bot latency', inline: true },
         { name: '📈 `/botstats`', value: 'View bot performance metrics', inline: true },
       ],
@@ -497,6 +499,48 @@ const commands = {
     await interaction.reply({ embeds: [embed] });
   },
   
+  // /faq - Frequently asked questions
+  async faq(interaction) {
+    const embed = createEmbed({
+      title: '❔ Frequently Asked Questions',
+      description: 'Common questions about YAKMESH',
+      fields: [
+        { 
+          name: '🦬 What is YAKMESH?', 
+          value: 'YAKMESH (Yielding Atomic Kernel Modular Encryption Secured Hub) is a post-quantum secure P2P mesh network designed for the 2026 threat landscape.',
+          inline: false,
+        },
+        { 
+          name: '🔐 What makes it "post-quantum"?', 
+          value: 'We use ML-DSA-65/87 (NIST FIPS 204) for signatures and ML-KEM-768/1024 (NIST FIPS 203) for key exchange. These algorithms are resistant to quantum computer attacks.',
+          inline: false,
+        },
+        { 
+          name: '💻 What are the requirements?', 
+          value: 'Node.js 18+ is required. Install with `npm install yakmesh`.',
+          inline: false,
+        },
+        { 
+          name: '🌐 How do nodes find each other?', 
+          value: 'Nodes with identical code share the same "network name" derived from the codebase hash. Gossip protocol handles peer discovery.',
+          inline: false,
+        },
+        { 
+          name: '🔒 Is traffic encrypted?', 
+          value: 'Yes! Annex provides ML-KEM768 key exchange + AES-256-GCM encryption with perfect forward secrecy for P2P channels.',
+          inline: false,
+        },
+        { 
+          name: '📦 Is it production ready?', 
+          value: 'YAKMESH is actively developed. Check releases for stable versions. Current: v' + config.version,
+          inline: false,
+        },
+      ],
+      footer: 'More questions? Use /ask <question> or check the docs!',
+    });
+    await interaction.reply({ embeds: [embed] });
+  },
+  
   // /botstats - Bot performance metrics
   async botstats(interaction) {
     const uptime = Date.now() - stats.startTime;

package/yakbot/register-commands.js

@@ -64,6 +64,10 @@ const commands = [
     .setName('help')
     .setDescription('Show all available YakBot commands'),
     
+  new SlashCommandBuilder()
+    .setName('faq')
+    .setDescription('Frequently asked questions about YAKMESH'),
+    
   new SlashCommandBuilder()
     .setName('botstats')
     .setDescription('View YakBot performance metrics and statistics'),