yakmesh 2.8.2 → 3.0.0

package/oracle/validation-oracle.js

@@ -30,9 +30,11 @@
  * @deprecated Use validation-oracle-hardened.js
  */
 
-import { sha3_256, sha3_512 } from '@noble/hashes/sha3.js';
+import { sha3_256 as _nobleSha3, sha3_512 } from '@noble/hashes/sha3.js';
 import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js';
 import { ml_dsa65 } from '@noble/post-quantum/ml-dsa.js';
+// ACCEL: Hardware-accelerated crypto
+import { sha3_256, mlDsa65Verify } from '../utils/accel.js';
 import { readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
@@ -491,7 +493,7 @@ export class ValidationOracle {
       const pubKeyBytes = hexToBytes(publicKey);
       
       // ML-DSA65 verify order: (signature, message, publicKey)
-      const valid = ml_dsa65.verify(sigBytes, messageBytes, pubKeyBytes);
+      const valid = mlDsa65Verify(sigBytes, messageBytes, pubKeyBytes);
       
       if (!valid) {
         return ValidationResult.failure('SIGNATURE_INVALID');

package/oracle/ypc27.js

@@ -19,6 +19,7 @@
  */
 
 import { Trit, TritArray, POSITIVE, NEUTRAL, NEGATIVE } from './tribhuj.js';
+import { FIBONACCI_CYCLE_24, getFamily, SSTFamily } from './sst.js';
 
 // =============================================================================
 // CONSTANTS
@@ -369,6 +370,15 @@ export class YPC27Checksum {
     this.#state = Poly27.zero();
   }
 
+  /**
+   * Set internal state directly (for subclass SST override).
+   * @param {Poly27} newState
+   * @protected
+   */
+  _setState(newState) {
+    this.#state = newState;
+  }
+
   /**
    * Compute checksum of data in one call.
    * @param {Uint8Array | string} data 
@@ -394,6 +404,207 @@ export class YPC27Checksum {
   }
 }
 
+// =============================================================================
+// YPC27_SST — SST-Enhanced Checksum with 24-Cycle Seed Rotation
+// =============================================================================
+
+/**
+ * YPC-27 with Synergy Sequence Theory (SST) 24-cycle seed rotation.
+ * 
+ * The seed polynomial rotates based on the Fibonacci digital root cycle:
+ * - Family A (1,4,7): Rotate seed LEFT by fibRoot positions (negative polarity)
+ * - Family B (2,5,8): Rotate seed RIGHT by fibRoot positions (positive polarity)
+ * - Family C (3,6,9): No rotation — singularity/stable point
+ * 
+ * The full hypercycle repeats every LCM(27, 24) = 216 chunks.
+ * This creates 216 unique seed configurations before repeating,
+ * dramatically increasing resistance to pattern analysis attacks.
+ * 
+ * Properties:
+ * - Deterministic: all nodes compute the same rotation for the same data
+ * - Self-synchronizing: rotation state is derived from chunk index, not mutable state
+ * - Compatible: YPC27_SST.verify() can verify its own checksums
+ * - The 3-6-9 governing family acts as a stability anchor (no rotation)
+ * 
+ * @extends YPC27Checksum
+ */
+export class YPC27_SST extends YPC27Checksum {
+  /** @type {number} Current cycle position within the 24-step Fibonacci cycle */
+  #cyclePosition;
+  
+  /** @type {number[]} Original unrotated seed coefficients */
+  #baseSeed;
+
+  /** @type {number} Total chunks processed (for telemetry) */
+  #chunksProcessed;
+
+  /**
+   * Create an SST-enhanced checksum engine.
+   * @param {Poly27 | number[]} [seed] - Network seed, defaults to DEFAULT_SEED
+   */
+  constructor(seed = DEFAULT_SEED) {
+    super(seed);
+    this.#baseSeed = seed instanceof Poly27 ? seed.toArray() : Array.from(seed);
+    this.#cyclePosition = 0;
+    this.#chunksProcessed = 0;
+  }
+
+  /**
+   * Get the rotated seed for the current cycle position.
+   * The rotation direction and magnitude are determined by the
+   * Fibonacci digital root at the current position:
+   * 
+   *   Position → fibRoot → Family → Rotation
+   *   0 → 1 → A → LEFT by 1
+   *   1 → 1 → A → LEFT by 1
+   *   2 → 2 → B → RIGHT by 2
+   *   3 → 3 → C → NONE (singularity)
+   *   ...repeats every 24
+   * 
+   * @returns {number[]} Rotated seed coefficients
+   */
+  #getRotatedSeed() {
+    const fibRoot = FIBONACCI_CYCLE_24[this.#cyclePosition % 24];
+    const family = getFamily(fibRoot);
+    const rotateAmount = fibRoot % N; // Constrain to ring degree
+    
+    switch (family) {
+      case SSTFamily.A:
+        return YPC27_SST.#rotateArray(this.#baseSeed, -rotateAmount); // LEFT
+      case SSTFamily.B:
+        return YPC27_SST.#rotateArray(this.#baseSeed, rotateAmount);  // RIGHT
+      case SSTFamily.C:
+        return this.#baseSeed; // Singularity — no rotation
+      default:
+        return this.#baseSeed;
+    }
+  }
+
+  /**
+   * Rotate an array by n positions.
+   * Positive n = right rotation, negative n = left rotation.
+   * @param {number[]} arr 
+   * @param {number} n 
+   * @returns {number[]}
+   */
+  static #rotateArray(arr, n) {
+    const len = arr.length;
+    const shift = ((n % len) + len) % len; // Normalize to [0, len)
+    if (shift === 0) return arr;
+    return [...arr.slice(len - shift), ...arr.slice(0, len - shift)];
+  }
+
+  /**
+   * Update checksum with data using SST-rotated seeds.
+   * 
+   * Each chunk of 27 trits gets multiplied by a seed that has been
+   * rotated according to the current Fibonacci cycle position.
+   * The cycle advances per chunk, creating a 216-chunk hypercycle.
+   * 
+   * @param {Uint8Array | string} data 
+   */
+  update(data) {
+    const bytes = typeof data === 'string' 
+      ? new TextEncoder().encode(data) 
+      : data;
+    
+    const trits = bytesToTrits(bytes);
+    const numChunks = Math.ceil(trits.length / N);
+    
+    for (let k = 0; k < numChunks; k++) {
+      // Extract chunk
+      const chunkCoeffs = new Int8Array(N);
+      for (let i = 0; i < N; i++) {
+        const idx = k * N + i;
+        chunkCoeffs[i] = idx < trits.length ? trits[idx] : 0;
+      }
+      const chunk = new Poly27(chunkCoeffs);
+      
+      // Get the SST-rotated seed for this chunk's cycle position
+      const rotatedSeed = new Poly27(this.#getRotatedSeed());
+      
+      // State = (State + Chunk) * RotatedSeed
+      // Access parent state via digest/reset pattern
+      this._updateStateWith(chunk, rotatedSeed);
+      
+      // Advance the cycle
+      this.#cyclePosition = (this.#cyclePosition + 1) % 24;
+      this.#chunksProcessed++;
+    }
+  }
+
+  /**
+   * Internal: update state with chunk and rotated seed.
+   * This replaces the parent's update logic for SST mode.
+   * @param {Poly27} chunk 
+   * @param {Poly27} rotatedSeed 
+   */
+  _updateStateWith(chunk, rotatedSeed) {
+    // We need direct access to parent state — use the internal pattern
+    const currentState = this.digest();
+    const newState = currentState.add(chunk).multiply(rotatedSeed);
+    this._setState(newState);
+  }
+
+  /**
+   * Get current cycle position (0-23).
+   * @returns {number}
+   */
+  get cyclePosition() {
+    return this.#cyclePosition;
+  }
+
+  /**
+   * Get hypercycle position (0-215).
+   * LCM(27, 24) = 216 — the full rotation repeats here.
+   * @returns {number}
+   */
+  get hypercyclePosition() {
+    return this.#chunksProcessed % 216;
+  }
+
+  /**
+   * Get total chunks processed.
+   * @returns {number}
+   */
+  get chunksProcessed() {
+    return this.#chunksProcessed;
+  }
+
+  /**
+   * Reset state for reuse.
+   */
+  reset() {
+    super.reset();
+    this.#cyclePosition = 0;
+    this.#chunksProcessed = 0;
+  }
+
+  /**
+   * Compute SST-enhanced checksum in one call.
+   * @param {Uint8Array | string} data 
+   * @param {Poly27 | number[]} [seed] 
+   * @returns {Poly27}
+   */
+  static compute(data, seed = DEFAULT_SEED) {
+    const hasher = new YPC27_SST(seed);
+    hasher.update(data);
+    return hasher.digest();
+  }
+
+  /**
+   * Verify data against an SST-computed checksum.
+   * @param {Uint8Array | string} data 
+   * @param {Poly27} expected 
+   * @param {Poly27 | number[]} [seed] 
+   * @returns {boolean}
+   */
+  static verify(data, expected, seed = DEFAULT_SEED) {
+    const computed = YPC27_SST.compute(data, seed);
+    return computed.equals(expected);
+  }
+}
+
 // =============================================================================
 // CONVENIENCE EXPORTS
 // =============================================================================

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "yakmesh",
-  "version": "2.8.2",
+  "version": "3.0.0",
   "description": "YAKMESH: Yielding Atomic Kernel Modular Encryption Secured Hub - Post-quantum secure P2P mesh network for the 2026 threat landscape",
   "type": "module",
   "main": "server/index.js",
@@ -10,6 +10,7 @@
     "./cli": "./cli/index.js",
     "./oracle": "./oracle/index.js",
     "./oracle/time-source": "./oracle/time-source.js",
+    "./oracle/ma902-snmp": "./oracle/ma902-snmp.js",
     "./oracle/phase-epoch": "./oracle/phase-epoch.js",
     "./oracle/consensus": "./oracle/consensus-engine.js",
     "./oracle/validation": "./oracle/validation-oracle-hardened.js",
@@ -35,6 +36,12 @@
     "./security/khata-trust-integration": "./security/khata-trust-integration.js",
     "./security/geo-proof": "./security/geo-proof.js",
     "./security/strike-system": "./security/strike-system.js",
+    "./security/sangha": "./security/sangha.js",
+    "./security/fs-hardening": "./security/fs-hardening.js",
+    "./security/memory-safety": "./security/memory-safety.js",
+    "./security/temporal-signing": "./security/temporal-signing.js",
+    "./security/karma-rate-limiter": "./security/karma-rate-limiter.js",
+    "./security/secure-config": "./security/secure-config.js",
     "./identity/node-key": "./identity/node-key.js",
     "./mesh/network": "./mesh/network.js",
     "./mesh/rate-limiter": "./mesh/rate-limiter.js",
@@ -48,6 +55,7 @@
     "./mesh/sherpa-discovery": "./mesh/sherpa-discovery.js",
     "./mesh/annex": "./mesh/annex.js",
     "./mesh/temporal-encoder": "./mesh/temporal-encoder.js",
+    "./utils/accel": "./utils/accel.js",
     "./protocol/yak-protocol": "./protocol/yak-protocol.js",
     "./adapters/byond": "./adapters/adapter-byond/index.js",
     "./adapters/byond/topic-client": "./adapters/adapter-byond/topic-client.js",
@@ -75,7 +83,12 @@
     "test:multinode": "node --test tests/multi-node.test.js",
     "test:security": "npx vitest run",
     "test:byond": "node --test adapters/adapter-byond/tests/*.test.js",
-    "test:all": "npm run test:oracle && npm run test:protocol && npm run test:multinode && npm run test:byond && npm run test:security"
+    "test:all": "npm run test:oracle && npm run test:protocol && npm run test:multinode && npm run test:byond && npm run test:security",
+    "audit": "node scripts/security-audit.mjs",
+    "audit:fix": "node scripts/security-audit.mjs --fix",
+    "audit:sbom": "node scripts/security-audit.mjs --sbom",
+    "audit:ci": "node scripts/security-audit.mjs --json",
+    "prerelease": "npm run audit && npm run test:all"
   },
   "dependencies": {
     "@noble/hashes": "^2.0.0",
@@ -85,9 +98,13 @@
     "express": "^4.18.2",
     "express-rate-limit": "^8.2.1",
     "node-forge": "^1.3.3",
+    "onnxruntime-node": "^1.24.2",
     "sql.js": "^1.10.0",
     "ws": "^8.16.0"
   },
+  "optionalDependencies": {
+    "net-snmp": "^3.26.1"
+  },
   "devDependencies": {
     "nodemon": "^3.0.0",
     "vitest": "^4.0.17"
@@ -127,4 +144,4 @@
   "bugs": {
     "url": "https://github.com/peerquanta/yakmesh/issues"
   }
-}
+}

package/protocol/yak-handler.js

@@ -3,10 +3,13 @@
  * Y:// Protocol Handler Executable
  * This script is invoked by the OS when a y:// URL is clicked.
  * 
+ * SECURITY: Uses execFile (no shell) to prevent command injection.
+ * The URL is validated to only produce http://localhost:PORT/... URLs.
+ * 
  * Self-contained - no ES module imports for compatibility.
  */
 
-const { exec } = require('child_process');
+const { execFile } = require('child_process');
 const { platform } = require('os');
 
 const PORT = 3000;
@@ -78,25 +81,48 @@ if (!url || !url.match(/^(y|yak):\/\//i)) {
 // Convert to HTTP URL
 const httpUrl = yakToHttp(url, PORT);
 
-console.log(`🦬 Y Protocol: ${url}`);
-console.log(`   → ${httpUrl}`);
+// SECURITY: Validate the generated URL is actually a localhost HTTP URL.
+// This prevents any crafted yak:// URL from generating a malicious target.
+try {
+  const parsed = new (require('url').URL)(httpUrl);
+  if (!['http:', 'https:'].includes(parsed.protocol)) {
+    console.error('Security: Generated URL has invalid protocol:', parsed.protocol);
+    process.exit(1);
+  }
+  if (parsed.hostname !== 'localhost' && parsed.hostname !== '127.0.0.1') {
+    console.error('Security: Generated URL points to non-local host:', parsed.hostname);
+    process.exit(1);
+  }
+} catch (e) {
+  console.error('Security: Generated URL is malformed:', e.message);
+  process.exit(1);
+}
+
+console.log(`Y Protocol: ${url}`);
+console.log(`   -> ${httpUrl}`);
 
-// Open in default browser
+// Open in default browser using execFile (no shell) to prevent injection.
+// Each OS gets its opener binary called directly with the URL as an argument,
+// never concatenated into a shell string.
 const os = platform();
-let cmd;
+let opener;
+let args;
 
 switch (os) {
   case 'win32':
-    cmd = `start "" "${httpUrl}"`;
+    opener = 'cmd.exe';
+    args = ['/c', 'start', '', httpUrl];
     break;
   case 'darwin':
-    cmd = `open "${httpUrl}"`;
+    opener = '/usr/bin/open';
+    args = [httpUrl];
     break;
   default:
-    cmd = `xdg-open "${httpUrl}"`;
+    opener = '/usr/bin/xdg-open';
+    args = [httpUrl];
 }
 
-exec(cmd, (error) => {
+execFile(opener, args, (error) => {
   if (error) {
     console.error('Failed to open browser:', error.message);
     process.exit(1);

package/protocol/yak-protocol.js

@@ -7,10 +7,12 @@
  * Phase 1: Simple builtin routes + content addressing
  * 
  * Examples:
- *   yak://dashboard          → Node dashboard
- *   yak://site               → Hosted website
- *   yak://peers              → Connected peers
- *   yak://content/<hash>     → Content by hash (immutable)
+ *   yak://dashboard                → Node dashboard
+ *   yak://site                     → Hosted website
+ *   yak://peers                    → Connected peers
+ *   yak://content/<hash>           → Content by hash (immutable)
+ *   yak://qubit-lattice-prism      → Content by iO name (human-readable)
+ *   yak://qubit-lattice-prism/path → Content with path
  * 
  * How it works:
  * 1. Register yak:// protocol with OS (Windows Registry, macOS, Linux)
@@ -22,7 +24,7 @@
  *   yakmesh bookmark add alice <target>
  * 
  * @module protocol/yak-protocol
- * @version 2.2.0
+ * @version 2.3.0
  */
 
 import { existsSync, writeFileSync, mkdirSync, readFileSync } from 'fs';
@@ -31,8 +33,12 @@ import { execSync, spawn } from 'child_process';
 import { platform } from 'os';
 import { fileURLToPath } from 'url';
 
+// Import iO name validation
+import { isValidIoName } from '../oracle/network-identity.js';
+
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
+const peerTag = (id) => id?.split('-pq-').pop() || id?.slice?.(-8) || String(id);
 
 /**
  * Default node port
@@ -349,7 +355,7 @@ export class RemoteBookmarkSync {
     });
     
     this._save();
-    console.log(`📥 Received bookmarks from ${fromNodeId.slice(0, 16)}... (${Object.keys(msg.bookmarks).length} items)`);
+    console.log(`📥 Received bookmarks from ${peerTag(fromNodeId)} (${Object.keys(msg.bookmarks).length} items)`);
   }
 
   /**
@@ -404,7 +410,7 @@ export class RemoteBookmarkSync {
     
     this.subscriptions.add(nodeId);
     this._save();
-    console.log(`📬 Subscribed to bookmarks from ${nodeId.slice(0, 16)}...`);
+    console.log(`📬 Subscribed to bookmarks from ${peerTag(nodeId)}`);
     return true;
   }
 
@@ -417,7 +423,7 @@ export class RemoteBookmarkSync {
     if (this.subscriptions.delete(nodeId)) {
       this.remoteBookmarks.delete(nodeId);
       this._save();
-      console.log(`📭 Unsubscribed from ${nodeId.slice(0, 16)}...`);
+      console.log(`📭 Unsubscribed from ${peerTag(nodeId)}`);
       return true;
     }
     return false;
@@ -582,13 +588,22 @@ export function parseYakUrl(url) {
     };
   }
   
+  // Check for iO name (3-word quantum wordlist pattern like "qubit-lattice-prism")
+  if (isValidIoName(host)) {
+    return {
+      type: 'io-content',
+      ioName: host,
+      path: `/content/${host}${subpath}`,  // Content API resolves iO names to hashes
+    };
+  }
+  
   // Check for "content/" prefix explicitly
   if (host === 'content' && parts.length > 1) {
-    const hash = parts[1];
+    const hashOrName = parts[1];
     return {
       type: 'content',
-      hash: hash,
-      path: `/content/${hash}`,
+      hash: hashOrName,  // Could be hash or iO name - API resolves both
+      path: `/content/${hashOrName}`,
     };
   }
   
@@ -1186,7 +1201,7 @@ export function createProtocolEndpoints(app, handler) {
         target: bm.target,
         yakUrl: `yak://${bm.name}`,
         httpUrl: `http://localhost:${handler.port}${bm.target}`,
-        fromNode: bm.nodeId.slice(0, 16) + '...',
+        fromNode: peerTag(bm.nodeId),
         listName: bm.listName,
         publishedAt: bm.publishedAt,
       })),
@@ -1207,7 +1222,7 @@ export function createProtocolEndpoints(app, handler) {
       target: bm.target,
       yakUrl: `yak://${req.params.name.toLowerCase()}`,
       httpUrl: `http://localhost:${handler.port}${bm.target}`,
-      fromNode: bm.nodeId.slice(0, 16) + '...',
+      fromNode: peerTag(bm.nodeId),
       listName: bm.listName,
       publishedAt: bm.publishedAt,
     });

package/reference/cpp/yakmesh_mceliece_shard.cpp

@@ -0,0 +1,168 @@
+#include <iostream>
+#include <vector>
+#include <cstdint>
+#include <bitset>
+#include <future> // For async parallel processing on Ryzen
+
+// ============================================================================
+// YAKMESH CONCEPT: Distributed McEliece Shard ("Elder Node" Logic)
+// Context: Post-Quantum Identity Verification via FHE
+// ============================================================================
+
+namespace yakmesh {
+
+    // ------------------------------------------------------------------------
+    // MOCK FHE LIBRARY (Concept Wrappers)
+    // In production, replace with TFHE, SEAL, or OpenFHE bindings.
+    // ------------------------------------------------------------------------
+    
+    struct FHE_Ciphertext {
+        // Represents an encrypted bit (LWE sample)
+        std::vector<uint64_t> data; 
+        
+        // Homomorphic Addition: Enc(A) + Enc(B) = Enc(A+B)
+        FHE_Ciphertext operator+(const FHE_Ciphertext& other) const {
+            FHE_Ciphertext res = *this;
+            // Mock logic: combine vectors
+            // In reality: res.data[i] = (this->data[i] + other.data[i]) % modulus
+            return res;
+        }
+    };
+
+    // ------------------------------------------------------------------------
+    // THE DISTRIBUTED SHARD CLASS
+    // ------------------------------------------------------------------------
+
+    class McElieceShard {
+    private:
+        uint32_t shard_id;
+        uint32_t num_cols; // The 'n' in McEliece (length of code)
+        uint32_t num_rows; // The number of rows THIS node manages
+
+        // STORAGE:
+        // We store the binary matrix rows as packed bits for cache efficiency.
+        // Each inner vector represents one row of the matrix H.
+        // Using uint64_t chunks allows for AVX-512 optimization later.
+        std::vector<std::vector<uint64_t>> matrix_rows;
+
+    public:
+        McElieceShard(uint32_t id, uint32_t cols) 
+            : shard_id(id), num_cols(cols), num_rows(0) {}
+
+        // Load a row of the Parity Check Matrix H into this shard.
+        // In Yakmesh, this happens during the "Elder Election" phase.
+        void add_row(const std::vector<uint8_t>& binary_row) {
+            if (binary_row.size() != num_cols) {
+                throw std::invalid_argument("Row length mismatch");
+            }
+
+            std::vector<uint64_t> packed_row;
+            uint64_t current_chunk = 0;
+            for (size_t i = 0; i < binary_row.size(); ++i) {
+                if (binary_row[i]) {
+                    current_chunk |= (1ULL << (i % 64));
+                }
+                // Push chunk when full or at end
+                if ((i + 1) % 64 == 0 || i == binary_row.size() - 1) {
+                    packed_row.push_back(current_chunk);
+                    current_chunk = 0;
+                }
+            }
+            matrix_rows.push_back(packed_row);
+            num_rows++;
+        }
+
+        // --------------------------------------------------------------------
+        // CORE FUNCTION: Blind Syndrome Computation
+        // Input: An encrypted vector 'c' (The Identity Claim)
+        // Output: Encrypted Partial Syndrome bits (S_part)
+        // --------------------------------------------------------------------
+        std::vector<FHE_Ciphertext> compute_blind_syndrome(
+            const std::vector<FHE_Ciphertext>& encrypted_vector
+        ) {
+            if (encrypted_vector.size() != num_cols) {
+                throw std::invalid_argument("Input vector dimension mismatch");
+            }
+
+            std::vector<FHE_Ciphertext> partial_syndrome;
+            partial_syndrome.resize(num_rows);
+
+            // Parallelize processing of rows using std::async (Ryzen optimization)
+            // Each row calculation is independent.
+            // In a real implementation, we would use a thread pool.
+            
+            for (size_t r = 0; r < num_rows; ++r) {
+                // S[r] = DotProduct(Row[r], EncryptedVector)
+                // Since Row[r] is binary, we simply SUM the EncryptedVector elements
+                // where the Row bit is 1.
+                
+                // Initialize accumulator (Encryption of 0)
+                FHE_Ciphertext accumulator; 
+
+                const auto& row_bits = matrix_rows[r];
+
+                for (size_t col = 0; col < num_cols; ++col) {
+                    // Check bit in packed row
+                    bool bit_is_set = (row_bits[col / 64] >> (col % 64)) & 1;
+
+                    if (bit_is_set) {
+                        // Homomorphic Addition: Accumulator += EncryptedVector[col]
+                        // No decryption happens here!
+                        if (col == 0) accumulator = encrypted_vector[col]; // simplified init
+                        else accumulator = accumulator + encrypted_vector[col];
+                    }
+                }
+                partial_syndrome[r] = accumulator;
+            }
+
+            return partial_syndrome;
+        }
+
+        void print_stats() const {
+            std::cout << "[Shard " << shard_id << "] Managing " 
+                      << num_rows << " rows x " << num_cols << " cols." << std::endl;
+            std::cout << "Memory Footprint: " 
+                      << (matrix_rows.size() * matrix_rows[0].size() * 8) / 1024 
+                      << " KB" << std::endl;
+        }
+    };
+}
+
+// ----------------------------------------------------------------------------
+// EXAMPLE USAGE
+// ----------------------------------------------------------------------------
+int main() {
+    using namespace yakmesh;
+
+    // 1. Initialize Shard (e.g., managing 128 rows of a 4096-bit code)
+    McElieceShard elder_node(1, 1024); // n=1024 for demo
+
+    // 2. Load Dummy Matrix Data (The "Shard")
+    // In reality, this comes from the Distributed Key Gen protocol.
+    for(int i=0; i<5; ++i) {
+        std::vector<uint8_t> row(1024, 0);
+        // Create a pattern
+        for(int j=0; j<1024; ++j) if((j+i)%7 == 0) row[j] = 1; 
+        elder_node.add_row(row);
+    }
+
+    elder_node.print_stats();
+
+    // 3. Receive Encrypted Identity (Dummy Data)
+    std::cout << "Receiving FHE-Encrypted Identity Vector..." << std::endl;
+    std::vector<FHE_Ciphertext> encrypted_identity(1024);
+    
+    // 4. Compute Blind Syndrome
+    // This runs entirely on the Elder Node without ever decrypting the input.
+    std::cout << "Computing Blind Syndrome (Homomorphic Dot Product)..." << std::endl;
+    auto result_enc = elder_node.compute_blind_syndrome(encrypted_identity);
+
+    std::cout << "Computation Complete. Generated " << result_enc.size() 
+              << " encrypted syndrome bits." << std::endl;
+
+    // 5. Next Step:
+    // The Elder Node broadcasts 'result_enc' to the network.
+    // Other nodes aggregate these partial syndromes to check validity.
+
+    return 0;
+}