yakmesh 2.8.2 → 3.0.0

package/utils/ternary-id.js

@@ -0,0 +1,79 @@
+/**
+ * TERNARY-ID — Balanced ternary identifier generation for YAKMESH
+ * 
+ * Generates random identifiers using balanced ternary encoding (TRIBHUJ convention).
+ * Output alphabet: { T, 0, 1 } — the sequence '666' is IMPOSSIBLE BY DESIGN.
+ * 
+ * T = negative (-1), 0 = neutral, 1 = positive
+ * 
+ * Math: Each byte maps to 5 balanced trits (3⁵ = 243 ≈ 256).
+ * 16 random bytes → 80-trit identifier (128 bits entropy).
+ * 32 random bytes → 160-trit identifier (256 bits entropy).
+ * 
+ * Why balanced ternary?
+ * - Optimal radix economy (closest integer to e ≈ 2.718)
+ * - Native to YAKMESH's TRIBHUJ, YPC-27, and SST systems
+ * - Self-inverting negation (no complement overhead)
+ * - Eliminates adversarial number sequences at the encoding level
+ * 
+ * @module utils/ternary-id
+ * @license MIT
+ * @copyright 2026 YAKMESH™ Contributors
+ */
+
+import { randomBytes } from '@noble/hashes/utils.js';
+
+// TRIBHUJ convention: -1 → 'T', 0 → '0', 1 → '1'
+// Index maps mod-3 remainder: 0→'0', 1→'1', 2→'T' (balanced -1)
+const TRIT_CHARS = ['0', '1', 'T'];
+
+/**
+ * Convert raw bytes to a balanced ternary string (TRIBHUJ notation).
+ * Each byte → 5 trits via mod-243 decomposition.
+ * 
+ * @param {Uint8Array} bytes - Raw bytes to encode
+ * @returns {string} Balanced ternary string using {T, 0, 1}
+ */
+export function bytesToTernary(bytes) {
+    let result = '';
+    for (let i = 0; i < bytes.length; i++) {
+        let val = bytes[i] % 243; // 3⁵ = 243, handle 243-255 range
+        for (let k = 0; k < 5; k++) {
+            result += TRIT_CHARS[val % 3];
+            val = Math.floor(val / 3);
+        }
+    }
+    return result;
+}
+
+/**
+ * Generate a random balanced ternary identifier.
+ * 
+ * Output is TRIBHUJ-notation: only chars {T, 0, 1}.
+ * The substring '666' cannot appear — guaranteed by alphabet.
+ * 
+ * @param {number} [nBytes=16] - Bytes of randomness (16 = 128-bit, 32 = 256-bit)
+ * @returns {string} Random ternary identifier (nBytes × 5 chars)
+ * 
+ * @example
+ * ternaryId(16)  // → "T01100T1010T0110T01T01001T10T..." (80 chars)
+ * ternaryId(32)  // → 160-char identifier
+ */
+export function ternaryId(nBytes = 16) {
+    return bytesToTernary(randomBytes(nBytes));
+}
+
+/**
+ * Convert an existing hex string to balanced ternary.
+ * Useful for migrating hash displays or existing hex IDs.
+ * 
+ * @param {string} hex - Hex string to convert
+ * @returns {string} Balanced ternary representation
+ */
+export function hexToTernary(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
+    }
+    return bytesToTernary(bytes);
+}

package/utils/verify-worker.js

@@ -0,0 +1,57 @@
+/**
+ * ACCEL Verify Worker — ML-DSA-65 Batch Verification Worker Thread
+ * 
+ * Receives chunks of signature/message/publicKey triples from the
+ * BatchVerifyQueue and verifies them using @noble/post-quantum.
+ * Each worker runs in its own V8 isolate for true CPU parallelism.
+ * 
+ * The parent thread distributes batch chunks across a pool of these
+ * workers (sized to CPU core count), achieving near-linear speedup
+ * for large verification batches on multi-core processors.
+ * 
+ * Architecture:
+ *   BatchVerifyQueue._flush()
+ *     → splits batch into N chunks (N = available workers)
+ *     → postMessage({ id, items }) to each worker
+ *     → worker verifies chunk and postMessage({ id, results }) back
+ *     → parent resolves/rejects the original enqueue() promises
+ * 
+ * Note: This worker uses @noble/post-quantum directly. If a native
+ * PQ addon (liboqs) is installed, the main thread's sequential
+ * fallback path will use it, but workers use pure JS. A future
+ * enhancement could probe and load native PQ in each worker.
+ * 
+ * @module utils/verify-worker
+ * @version 1.0.0
+ */
+
+import { parentPort } from 'worker_threads';
+import { ml_dsa65 } from '@noble/post-quantum/ml-dsa.js';
+
+/**
+ * Process a batch of ML-DSA-65 verification requests.
+ * 
+ * @message {{ id: number, items: Array<{ signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array }> }}
+ * @response {{ id: number, results: Array<{ ok: boolean, err: string|null }> }}
+ */
+parentPort.on('message', ({ id, items }) => {
+  const results = new Array(items.length);
+
+  for (let i = 0; i < items.length; i++) {
+    const { signature, message, publicKey } = items[i];
+    try {
+      results[i] = {
+        ok: ml_dsa65.verify(
+          new Uint8Array(signature),
+          new Uint8Array(message),
+          new Uint8Array(publicKey)
+        ),
+        err: null,
+      };
+    } catch (err) {
+      results[i] = { ok: false, err: err.message };
+    }
+  }
+
+  parentPort.postMessage({ id, results });
+});

package/webserver/index.js

@@ -37,7 +37,7 @@ export class YakmeshWebServer {
   constructor(config = {}) {
     this.config = {
       port: config.port || 8080,
-      httpsPort: config.httpsPort || 8443,
+      httpsPort: config.httpsPort || 443,
       root: config.root || './htdocs',
       logPath: config.logPath || './logs',
       caddyPath: config.caddyPath || join(__dirname, 'bin'),
@@ -45,6 +45,11 @@ export class YakmeshWebServer {
       domain: config.domain || null,
       phpEnabled: config.phpEnabled ?? false,
       phpPort: config.phpPort || 9000,
+      // Yakmesh node proxy settings
+      nodeProxy: config.nodeProxy ?? true,
+      nodeHttpPort: config.nodeHttpPort || 3080,
+      nodeWsPort: config.nodeWsPort || 9080,
+      acmeEmail: config.acmeEmail || null,
       ...config
     };
     
@@ -102,30 +107,92 @@ export class YakmeshWebServer {
         reverse_proxy localhost:${this.config.phpPort}
     }` : '';
     
+    // Yakmesh node reverse proxy with WebSocket support
+    const nodeProxyBlock = this.config.nodeProxy ? `
+    # Yakmesh mesh WebSocket endpoint (priority)
+    @meshWs {
+        path /mesh/ws
+        header Connection *Upgrade*
+        header Upgrade websocket
+    }
+    handle @meshWs {
+        reverse_proxy localhost:${this.config.nodeWsPort}
+    }
+    
+    # Yakmesh mesh HTTP endpoints
+    @meshHttp {
+        path /mesh/*
+        path /health
+        path /beacon
+        path /.well-known/yakmesh/*
+        path /api/*
+        path /komm/*
+        path /darshan/*
+        path /rumors
+        path /gossip/*
+        path /dashboard
+        path /dashboard/*
+        path /docs
+        path /docs/*
+    }
+    handle @meshHttp {
+        reverse_proxy localhost:${this.config.nodeHttpPort}
+    }
+    
+    # KOMM WebSocket
+    @kommWs {
+        path /komm/ws
+        header Connection *Upgrade*
+        header Upgrade websocket
+    }
+    handle @kommWs {
+        reverse_proxy localhost:${this.config.nodeHttpPort}
+    }` : '';
+    
     if (this.config.domain && this.config.autoHttps) {
+      const acmeBlock = this.config.acmeEmail ? `
+{
+    email ${this.config.acmeEmail}
+}
+` : '';
       return `# Yakmesh Web Server - ${this.config.domain}
+# Auto-HTTPS via Let's Encrypt
+${acmeBlock}
 ${this.config.domain} {
+    ${nodeProxyBlock}
+    ${phpBlock}
+    
+    # Static files fallback
     root * ${this.config.root}
     file_server
-    ${phpBlock}
     
     header {
         X-Content-Type-Options nosniff
         X-Frame-Options DENY
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    }
+    
+    log {
+        output file ${this.config.logPath}/access.log
+        format json
     }
 }`;
     }
     
-    return `# Yakmesh Web Server
+    // Local/dev mode without HTTPS
+    return `# Yakmesh Web Server (Local Mode)
 {
     admin off
     auto_https off
 }
 
 :${this.config.port} {
+    ${nodeProxyBlock}
+    ${phpBlock}
+    
+    # Static files fallback
     root * ${this.config.root}
     file_server
-    ${phpBlock}
     
     header {
         X-Content-Type-Options nosniff
@@ -163,7 +230,30 @@ const caddyfilePath = this.writeCaddyfile();
     });
     
     this.process.stdout.on('data', (d) => log.debug('Caddy output', { message: d.toString().trim() }));
-    this.process.stderr.on('data', (d) => log.error('Caddy error', { message: d.toString().trim() }));
+    
+    // Caddy writes JSON logs to stderr - parse level and route appropriately
+    this.process.stderr.on('data', (d) => {
+      const msg = d.toString().trim();
+      // Each line may be a separate JSON log entry
+      for (const line of msg.split('\n')) {
+        try {
+          const parsed = JSON.parse(line);
+          const level = parsed.level || 'info';
+          const logMsg = parsed.msg || line;
+          if (level === 'error' || level === 'fatal') {
+            log.error('Caddy', { level, msg: logMsg });
+          } else if (level === 'warn') {
+            log.warn('Caddy', { level, msg: logMsg });
+          } else {
+            log.debug('Caddy', { level, msg: logMsg });
+          }
+        } catch {
+          // Not JSON - log as debug (probably startup banner)
+          log.debug('Caddy', { message: line });
+        }
+      }
+    });
+    
     this.process.on('close', (code) => { this.running = false; });
     
     this.running = true;