npm - yakmesh - Versions diffs - 2.8.2 → 3.0.0 - Mend

yakmesh 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (232) hide show

package/CHANGELOG.md +637 -0
package/CONTRIBUTING.md +42 -0
package/Caddyfile +77 -0
package/README.md +119 -29
package/adapters/adapter-mlv-bible/README.md +124 -0
package/adapters/adapter-mlv-bible/index.js +400 -0
package/adapters/chat-mod-adapter.js +532 -0
package/adapters/content-adapter.js +273 -0
package/content/api.js +50 -41
package/content/index.js +2 -2
package/content/store.js +355 -173
package/dashboard/index.html +19 -3
package/database/replication.js +117 -37
package/docs/CRYPTO-AGILITY.md +204 -0
package/docs/MTLS-RESEARCH.md +367 -0
package/docs/NAMCHE-SPEC.md +681 -0
package/docs/PEERQUANTA-YAKMESH-INTEGRATION.md +407 -0
package/docs/PRECISION-DISCLOSURE.md +96 -0
package/docs/README.md +76 -0
package/docs/ROADMAP-2.4.0.md +447 -0
package/docs/ROADMAP-2.5.0.md +244 -0
package/docs/SECURITY-AUDIT-REPORT.md +306 -0
package/docs/SST-INTEGRATION.md +712 -0
package/docs/STEADYWATCH-IMPLEMENTATION.md +303 -0
package/docs/TERNARY-AUDIT-REPORT.md +247 -0
package/docs/TME-FAQ.md +221 -0
package/docs/WHITEPAPER.md +623 -0
package/docs/adapters.html +1001 -0
package/docs/advanced-systems.html +1045 -0
package/docs/annex.html +1046 -0
package/docs/api.html +970 -0
package/docs/business/response-templates.md +160 -0
package/docs/c2c.html +1225 -0
package/docs/cli.html +1332 -0
package/docs/configuration.html +1248 -0
package/docs/darshan.html +1085 -0
package/docs/dharma.html +966 -0
package/docs/docs-bundle.html +1075 -0
package/docs/docs.css +3120 -0
package/docs/docs.js +556 -0
package/docs/doko.html +969 -0
package/docs/geo-proof.html +858 -0
package/docs/getting-started.html +840 -0
package/docs/gumba-tutorial.html +1144 -0
package/docs/gumba.html +1098 -0
package/docs/index.html +914 -0
package/docs/jhilke.html +1312 -0
package/docs/karma.html +1100 -0
package/docs/katha.html +1037 -0
package/docs/lama.html +978 -0
package/docs/mandala.html +1067 -0
package/docs/mani.html +964 -0
package/docs/mantra.html +967 -0
package/docs/mesh.html +1409 -0
package/docs/nakpak.html +869 -0
package/docs/namche.html +928 -0
package/docs/nav-order.json +53 -0
package/docs/prahari.html +1043 -0
package/docs/prism-bash.min.js +1 -0
package/docs/prism-javascript.min.js +1 -0
package/docs/prism-json.min.js +1 -0
package/docs/prism-tomorrow.min.css +1 -0
package/docs/prism.min.js +1 -0
package/docs/privacy.html +699 -0
package/docs/quick-reference.html +1181 -0
package/docs/sakshi.html +1402 -0
package/docs/sandboxing.md +386 -0
package/docs/seva.html +911 -0
package/docs/sherpa.html +871 -0
package/docs/studio.html +860 -0
package/docs/stupa.html +995 -0
package/docs/tailwind.min.css +2 -0
package/docs/tattva.html +1332 -0
package/docs/terms.html +686 -0
package/docs/time-server-deployment.md +166 -0
package/docs/time-sources.html +1392 -0
package/docs/tivra.html +1127 -0
package/docs/trademark-policy.html +686 -0
package/docs/tribhuj.html +1183 -0
package/docs/trust-security.html +1029 -0
package/docs/tutorials/backup-recovery.html +654 -0
package/docs/tutorials/dashboard.html +604 -0
package/docs/tutorials/domain-setup.html +605 -0
package/docs/tutorials/host-website.html +456 -0
package/docs/tutorials/mesh-network.html +505 -0
package/docs/tutorials/mobile-access.html +445 -0
package/docs/tutorials/privacy.html +467 -0
package/docs/tutorials/raspberry-pi.html +600 -0
package/docs/tutorials/security-basics.html +539 -0
package/docs/tutorials/share-files.html +431 -0
package/docs/tutorials/troubleshooting.html +637 -0
package/docs/tutorials/trust-karma.html +419 -0
package/docs/tutorials/yak-protocol.html +456 -0
package/docs/tutorials.html +1034 -0
package/docs/vani.html +1270 -0
package/docs/webserver.html +809 -0
package/docs/yak-protocol.html +940 -0
package/docs/yak-timeserver-design.md +475 -0
package/docs/yakapp.html +1015 -0
package/docs/ypc27.html +1069 -0
package/docs/yurt.html +1344 -0
package/embedded-docs/bundle.js +334 -74
package/gossip/protocol.js +247 -27
package/identity/key-resolver.js +262 -0
package/identity/machine-seed.js +632 -0
package/identity/node-key.js +669 -368
package/identity/tribhuj-ratchet.js +506 -0
package/knowledge-base.js +37 -8
package/launcher/yakmesh.bat +62 -0
package/launcher/yakmesh.sh +70 -0
package/mesh/annex.js +462 -108
package/mesh/beacon-broadcast.js +113 -1
package/mesh/darshan.js +1718 -0
package/mesh/gumba.js +1567 -0
package/mesh/jhilke.js +651 -0
package/mesh/katha.js +1012 -0
package/mesh/nakpak-routing.js +8 -5
package/mesh/network.js +724 -34
package/mesh/pulse-sync.js +4 -1
package/mesh/rate-limiter.js +127 -15
package/mesh/seva.js +526 -0
package/mesh/sherpa-discovery.js +89 -8
package/mesh/sybil-defense.js +19 -5
package/mesh/temporal-encoder.js +4 -3
package/mesh/vani.js +1364 -0
package/mesh/yurt.js +1340 -0
package/models/entropy-sentinel.onnx +0 -0
package/models/karma-trust.onnx +0 -0
package/models/manifest.json +43 -0
package/models/sakshi-anomaly.onnx +0 -0
package/oracle/code-proof-protocol.js +7 -6
package/oracle/codebase-lock.js +257 -28
package/oracle/index.js +74 -15
package/oracle/ma902-snmp.js +678 -0
package/oracle/module-sealer.js +5 -3
package/oracle/network-identity.js +16 -0
package/oracle/packet-checksum.js +201 -0
package/oracle/sst.js +579 -0
package/oracle/ternary-144t.js +714 -0
package/oracle/ternary-ml.js +481 -0
package/oracle/time-api.js +239 -0
package/oracle/time-source.js +137 -47
package/oracle/validation-oracle-hardened.js +1111 -1071
package/oracle/validation-oracle.js +4 -2
package/oracle/ypc27.js +211 -0
package/package.json +20 -3
package/protocol/yak-handler.js +35 -9
package/protocol/yak-protocol.js +28 -13
package/reference/cpp/yakmesh_mceliece_shard.cpp +168 -0
package/reference/cpp/yakmesh_ypc27.cpp +179 -0
package/sbom.json +87 -0
package/scripts/security-audit.mjs +264 -0
package/scripts/update-docs-nav.js +194 -0
package/scripts/update-docs-sidebar.cjs +164 -0
package/security/crypto-config.js +4 -3
package/security/dharma-moderation.js +517 -0
package/security/doko-identity.js +193 -143
package/security/domain-consensus.js +86 -85
package/security/fs-hardening.js +620 -0
package/security/hardware-attestation.js +5 -3
package/security/hybrid-trust.js +227 -87
package/security/karma-rate-limiter.js +692 -0
package/security/khata-protocol.js +22 -21
package/security/khata-trust-integration.js +277 -150
package/security/memory-safety.js +635 -0
package/security/mesh-auth.js +11 -10
package/security/mesh-revocation.js +373 -5
package/security/namche-gateway.js +298 -69
package/security/sakshi.js +460 -3
package/security/sangha.js +770 -0
package/security/secure-config.js +473 -0
package/security/silicon-parity.js +13 -10
package/security/steadywatch.js +1142 -0
package/security/strike-system.js +32 -3
package/security/temporal-signing.js +488 -0
package/security/trit-commitment.js +464 -0
package/server/crypto/annex.js +247 -0
package/server/darshan-api.js +343 -0
package/server/index.js +3259 -362
package/server/komm-api.js +668 -0
package/utils/accel.js +2273 -0
package/utils/ternary-id.js +79 -0
package/utils/verify-worker.js +57 -0
package/webserver/index.js +95 -5
package/assets/yakmesh-logo.png +0 -0
package/assets/yakmesh-logo.svg +0 -80
package/assets/yakmesh-logo2.png +0 -0
package/assets/yakmesh-logo2sm.png +0 -0
package/assets/ymsm.png +0 -0
package/website/assets/silhouettes/adapters.svg +0 -107
package/website/assets/silhouettes/api-endpoints.svg +0 -115
package/website/assets/silhouettes/atomic-clock.svg +0 -83
package/website/assets/silhouettes/base-camp.svg +0 -81
package/website/assets/silhouettes/bridge.svg +0 -69
package/website/assets/silhouettes/docs-bundle.svg +0 -113
package/website/assets/silhouettes/doko-basket.svg +0 -70
package/website/assets/silhouettes/fortress.svg +0 -93
package/website/assets/silhouettes/gateway.svg +0 -54
package/website/assets/silhouettes/gears.svg +0 -93
package/website/assets/silhouettes/globe-satellite.svg +0 -67
package/website/assets/silhouettes/karma-wheel.svg +0 -137
package/website/assets/silhouettes/lama-council.svg +0 -141
package/website/assets/silhouettes/mandala-network.svg +0 -169
package/website/assets/silhouettes/mani-stones.svg +0 -149
package/website/assets/silhouettes/mantra-wheel.svg +0 -116
package/website/assets/silhouettes/mesh-nodes.svg +0 -113
package/website/assets/silhouettes/nakpak.svg +0 -56
package/website/assets/silhouettes/peak-lightning.svg +0 -73
package/website/assets/silhouettes/sherpa.svg +0 -69
package/website/assets/silhouettes/stupa-tower.svg +0 -119
package/website/assets/silhouettes/tattva-eye.svg +0 -78
package/website/assets/silhouettes/terminal.svg +0 -74
package/website/assets/silhouettes/webserver.svg +0 -145
package/website/assets/silhouettes/yak.svg +0 -78
package/website/assets/yakmesh-logo.png +0 -0
package/website/assets/yakmesh-logo.webp +0 -0
package/website/assets/yakmesh-logo128x140.webp +0 -0
package/website/assets/yakmesh-logo2.png +0 -0
package/website/assets/yakmesh-logo2.svg +0 -51
package/website/assets/yakmesh-logo40x44.webp +0 -0
package/website/assets/yakmesh.gif +0 -0
package/website/assets/yakmesh.ico +0 -0
package/website/assets/yakmesh.jpg +0 -0
package/website/assets/yakmesh.pdf +0 -0
package/website/assets/yakmesh.png +0 -0
package/website/assets/yakmesh.svg +0 -70
package/website/assets/yakmesh128.webp +0 -0
package/website/assets/yakmesh32.png +0 -0
package/website/assets/yakmesh32.svg +0 -65
package/website/assets/yakmesh32o.ico +0 -2
package/website/assets/yakmesh32o.svg +0 -65
package/website/assets/yakmesh32o.svgz +0 -0

package/identity/key-resolver.js ADDED Viewed

@@ -0,0 +1,262 @@
+/**
+ * KeyResolver — Unified public key resolution for the YAKMESH mesh
+ *
+ * Consolidates the 5+ scattered key lookup mechanisms into a single
+ * resolution cascade ordered by trust and speed:
+ *
+ *   1. Local identity (self — instant, maximum trust)
+ *   2. Explicit registrations (manual or handshake — high trust)
+ *   3. NamcheGateway DOKO cache (7-gate verified — cryptographic trust)
+ *   4. Network peer map (WS handshake — connection trust)
+ *   5. SHERPA registry (discovery beacons — medium trust)
+ *
+ * Philosophy:
+ *   - No gatekeeping: resolving a key never blocks actions
+ *   - No weighting: a resolved key is equally valid regardless of source
+ *   - Transparent: callers can inspect resolution source via resolveWithMeta()
+ *
+ * @module identity/key-resolver
+ * @version 1.0.0
+ */
+import { createLogger } from '../utils/logger.js';
+const log = createLogger('identity:key-resolver');
+/**
+ * Resolution source descriptors, ordered by trust
+ */
+export const KEY_SOURCE = Object.freeze({
+  SELF:       'self',        // Our own keypair
+  REGISTERED: 'registered',  // Explicitly registered (handshake, auth, etc.)
+  DOKO:       'doko',        // Resolved from DOKO cache (NamcheGateway)
+  PEER:       'peer',        // Connected WS peer identity
+  SHERPA:     'sherpa',      // SHERPA discovery beacon
+});
+/**
+ * Unified public key resolver
+ *
+ * @example
+ * const resolver = new KeyResolver({ identity: nodeIdentity });
+ * resolver.attachNamche(namcheGateway);
+ * resolver.attachNetwork(network);
+ *
+ * const pubkey = resolver.resolve('node-abc-123');
+ */
+export class KeyResolver {
+  /**
+   * @param {Object} options
+   * @param {Object} options.identity - NodeIdentity instance (for self-resolution)
+   * @param {number} [options.cacheSize=5000] - Max registered key entries
+   */
+  constructor(options = {}) {
+    this.identity = options.identity || null;
+    this.maxSize = options.cacheSize || 5000;
+    // Registered keys: id → { publicKey, source, registeredAt }
+    this.registry = new Map();
+    // External sources (attached lazily as subsystems come online)
+    this._namche = null;    // NamcheGateway
+    this._network = null;   // mesh/network.js
+    this._sherpa = null;    // SHERPA discovery
+    this.stats = {
+      resolvedSelf: 0,
+      resolvedRegistry: 0,
+      resolvedDoko: 0,
+      resolvedPeer: 0,
+      resolvedSherpa: 0,
+      misses: 0,
+      registrations: 0,
+    };
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // Lazy attachment (subsystems start at different times)
+  // ─────────────────────────────────────────────────────────────────────────
+  /** Attach NamcheGateway for DOKO-cache resolution */
+  attachNamche(namcheGateway) {
+    this._namche = namcheGateway;
+    log.debug('KeyResolver: NamcheGateway attached');
+  }
+  /** Attach mesh network for peer resolution */
+  attachNetwork(network) {
+    this._network = network;
+    log.debug('KeyResolver: Network attached');
+  }
+  /** Attach SHERPA discovery for beacon-based resolution */
+  attachSherpa(sherpa) {
+    this._sherpa = sherpa;
+    log.debug('KeyResolver: SHERPA attached');
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // Registration (feed keys from any source)
+  // ─────────────────────────────────────────────────────────────────────────
+  /**
+   * Register a public key from any source
+   *
+   * @param {string} id - nodeId or dokoId
+   * @param {string} publicKey - Hex-encoded public key
+   * @param {string} [source='registered'] - Resolution source tag
+   */
+  register(id, publicKey, source = KEY_SOURCE.REGISTERED) {
+    if (!id || !publicKey) return;
+    // Evict oldest if at capacity
+    if (this.registry.size >= this.maxSize && !this.registry.has(id)) {
+      const oldestKey = this.registry.keys().next().value;
+      this.registry.delete(oldestKey);
+    }
+    this.registry.set(id, {
+      publicKey,
+      source,
+      registeredAt: Date.now(),
+    });
+    this.stats.registrations++;
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // Resolution (synchronous cascade)
+  // ─────────────────────────────────────────────────────────────────────────
+  /**
+   * Resolve a public key by nodeId or dokoId
+   *
+   * Returns the hex-encoded public key, or null if not found.
+   * Searches all available sources in trust-priority order.
+   *
+   * @param {string} id - nodeId or dokoId to look up
+   * @returns {string|null} Public key (hex) or null
+   */
+  resolve(id) {
+    if (!id) return null;
+    // 1. Self
+    if (this.identity) {
+      const selfId = this.identity.identity?.nodeId || this.identity.nodeId;
+      const selfDokoId = this.identity.identity?.dokoId || this.identity.dokoId;
+      if (id === selfId || id === selfDokoId) {
+        this.stats.resolvedSelf++;
+        return this.identity.identity?.publicKey || this.identity.publicKey;
+      }
+    }
+    // 2. Explicit registry
+    const registered = this.registry.get(id);
+    if (registered) {
+      this.stats.resolvedRegistry++;
+      return registered.publicKey;
+    }
+    // 3. NamcheGateway DOKO cache
+    if (this._namche) {
+      const doko = this._namche.lookupByNodeId(id) || this._namche.lookupByHash(id);
+      if (doko?.publicKey) {
+        this.stats.resolvedDoko++;
+        // Cache for future fast lookup
+        this.register(id, doko.publicKey, KEY_SOURCE.DOKO);
+        return doko.publicKey;
+      }
+    }
+    // 4. Network peer map
+    if (this._network) {
+      const peers = this._network.peers || this._network._peers;
+      if (peers) {
+        const peer = peers.get?.(id);
+        if (peer?.identity?.publicKey) {
+          this.stats.resolvedPeer++;
+          this.register(id, peer.identity.publicKey, KEY_SOURCE.PEER);
+          return peer.identity.publicKey;
+        }
+      }
+      // Also check relay peer keys
+      const relayKey = this._network._relayPeerKeys?.get?.(id);
+      if (relayKey) {
+        this.stats.resolvedPeer++;
+        this.register(id, relayKey, KEY_SOURCE.PEER);
+        return relayKey;
+      }
+    }
+    // 5. SHERPA registry
+    if (this._sherpa) {
+      const beacon = this._sherpa.registry?.get?.(id);
+      if (beacon?.publicKey) {
+        this.stats.resolvedSherpa++;
+        this.register(id, beacon.publicKey, KEY_SOURCE.SHERPA);
+        return beacon.publicKey;
+      }
+    }
+    this.stats.misses++;
+    return null;
+  }
+  /**
+   * Resolve with full metadata (source, registration time, etc.)
+   *
+   * @param {string} id - nodeId or dokoId
+   * @returns {{ publicKey: string, source: string, registeredAt: number }|null}
+   */
+  resolveWithMeta(id) {
+    if (!id) return null;
+    // Self
+    if (this.identity) {
+      const selfId = this.identity.identity?.nodeId || this.identity.nodeId;
+      const selfDokoId = this.identity.identity?.dokoId || this.identity.dokoId;
+      if (id === selfId || id === selfDokoId) {
+        return {
+          publicKey: this.identity.identity?.publicKey || this.identity.publicKey,
+          source: KEY_SOURCE.SELF,
+          registeredAt: 0,
+        };
+      }
+    }
+    // Check registry (includes keys cached from DOKO/peer/sherpa lookups)
+    const registered = this.registry.get(id);
+    if (registered) return registered;
+    // Try live lookup (which also caches the result)
+    const key = this.resolve(id);
+    if (key) {
+      return this.registry.get(id) || { publicKey: key, source: 'unknown', registeredAt: Date.now() };
+    }
+    return null;
+  }
+  /**
+   * Check if a key is known (without returning it)
+   * @param {string} id - nodeId or dokoId
+   * @returns {boolean}
+   */
+  has(id) {
+    return this.resolve(id) !== null;
+  }
+  /**
+   * Get resolver statistics
+   */
+  getStats() {
+    return {
+      ...this.stats,
+      registrySize: this.registry.size,
+      hasNamche: this._namche !== null,
+      hasNetwork: this._network !== null,
+      hasSherpa: this._sherpa !== null,
+    };
+  }
+}
+export default KeyResolver;