npm - yakmesh - Versions diffs - 2.8.2 → 3.0.0 - Mend

yakmesh 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (232) hide show

package/CHANGELOG.md +637 -0
package/CONTRIBUTING.md +42 -0
package/Caddyfile +77 -0
package/README.md +119 -29
package/adapters/adapter-mlv-bible/README.md +124 -0
package/adapters/adapter-mlv-bible/index.js +400 -0
package/adapters/chat-mod-adapter.js +532 -0
package/adapters/content-adapter.js +273 -0
package/content/api.js +50 -41
package/content/index.js +2 -2
package/content/store.js +355 -173
package/dashboard/index.html +19 -3
package/database/replication.js +117 -37
package/docs/CRYPTO-AGILITY.md +204 -0
package/docs/MTLS-RESEARCH.md +367 -0
package/docs/NAMCHE-SPEC.md +681 -0
package/docs/PEERQUANTA-YAKMESH-INTEGRATION.md +407 -0
package/docs/PRECISION-DISCLOSURE.md +96 -0
package/docs/README.md +76 -0
package/docs/ROADMAP-2.4.0.md +447 -0
package/docs/ROADMAP-2.5.0.md +244 -0
package/docs/SECURITY-AUDIT-REPORT.md +306 -0
package/docs/SST-INTEGRATION.md +712 -0
package/docs/STEADYWATCH-IMPLEMENTATION.md +303 -0
package/docs/TERNARY-AUDIT-REPORT.md +247 -0
package/docs/TME-FAQ.md +221 -0
package/docs/WHITEPAPER.md +623 -0
package/docs/adapters.html +1001 -0
package/docs/advanced-systems.html +1045 -0
package/docs/annex.html +1046 -0
package/docs/api.html +970 -0
package/docs/business/response-templates.md +160 -0
package/docs/c2c.html +1225 -0
package/docs/cli.html +1332 -0
package/docs/configuration.html +1248 -0
package/docs/darshan.html +1085 -0
package/docs/dharma.html +966 -0
package/docs/docs-bundle.html +1075 -0
package/docs/docs.css +3120 -0
package/docs/docs.js +556 -0
package/docs/doko.html +969 -0
package/docs/geo-proof.html +858 -0
package/docs/getting-started.html +840 -0
package/docs/gumba-tutorial.html +1144 -0
package/docs/gumba.html +1098 -0
package/docs/index.html +914 -0
package/docs/jhilke.html +1312 -0
package/docs/karma.html +1100 -0
package/docs/katha.html +1037 -0
package/docs/lama.html +978 -0
package/docs/mandala.html +1067 -0
package/docs/mani.html +964 -0
package/docs/mantra.html +967 -0
package/docs/mesh.html +1409 -0
package/docs/nakpak.html +869 -0
package/docs/namche.html +928 -0
package/docs/nav-order.json +53 -0
package/docs/prahari.html +1043 -0
package/docs/prism-bash.min.js +1 -0
package/docs/prism-javascript.min.js +1 -0
package/docs/prism-json.min.js +1 -0
package/docs/prism-tomorrow.min.css +1 -0
package/docs/prism.min.js +1 -0
package/docs/privacy.html +699 -0
package/docs/quick-reference.html +1181 -0
package/docs/sakshi.html +1402 -0
package/docs/sandboxing.md +386 -0
package/docs/seva.html +911 -0
package/docs/sherpa.html +871 -0
package/docs/studio.html +860 -0
package/docs/stupa.html +995 -0
package/docs/tailwind.min.css +2 -0
package/docs/tattva.html +1332 -0
package/docs/terms.html +686 -0
package/docs/time-server-deployment.md +166 -0
package/docs/time-sources.html +1392 -0
package/docs/tivra.html +1127 -0
package/docs/trademark-policy.html +686 -0
package/docs/tribhuj.html +1183 -0
package/docs/trust-security.html +1029 -0
package/docs/tutorials/backup-recovery.html +654 -0
package/docs/tutorials/dashboard.html +604 -0
package/docs/tutorials/domain-setup.html +605 -0
package/docs/tutorials/host-website.html +456 -0
package/docs/tutorials/mesh-network.html +505 -0
package/docs/tutorials/mobile-access.html +445 -0
package/docs/tutorials/privacy.html +467 -0
package/docs/tutorials/raspberry-pi.html +600 -0
package/docs/tutorials/security-basics.html +539 -0
package/docs/tutorials/share-files.html +431 -0
package/docs/tutorials/troubleshooting.html +637 -0
package/docs/tutorials/trust-karma.html +419 -0
package/docs/tutorials/yak-protocol.html +456 -0
package/docs/tutorials.html +1034 -0
package/docs/vani.html +1270 -0
package/docs/webserver.html +809 -0
package/docs/yak-protocol.html +940 -0
package/docs/yak-timeserver-design.md +475 -0
package/docs/yakapp.html +1015 -0
package/docs/ypc27.html +1069 -0
package/docs/yurt.html +1344 -0
package/embedded-docs/bundle.js +334 -74
package/gossip/protocol.js +247 -27
package/identity/key-resolver.js +262 -0
package/identity/machine-seed.js +632 -0
package/identity/node-key.js +669 -368
package/identity/tribhuj-ratchet.js +506 -0
package/knowledge-base.js +37 -8
package/launcher/yakmesh.bat +62 -0
package/launcher/yakmesh.sh +70 -0
package/mesh/annex.js +462 -108
package/mesh/beacon-broadcast.js +113 -1
package/mesh/darshan.js +1718 -0
package/mesh/gumba.js +1567 -0
package/mesh/jhilke.js +651 -0
package/mesh/katha.js +1012 -0
package/mesh/nakpak-routing.js +8 -5
package/mesh/network.js +724 -34
package/mesh/pulse-sync.js +4 -1
package/mesh/rate-limiter.js +127 -15
package/mesh/seva.js +526 -0
package/mesh/sherpa-discovery.js +89 -8
package/mesh/sybil-defense.js +19 -5
package/mesh/temporal-encoder.js +4 -3
package/mesh/vani.js +1364 -0
package/mesh/yurt.js +1340 -0
package/models/entropy-sentinel.onnx +0 -0
package/models/karma-trust.onnx +0 -0
package/models/manifest.json +43 -0
package/models/sakshi-anomaly.onnx +0 -0
package/oracle/code-proof-protocol.js +7 -6
package/oracle/codebase-lock.js +257 -28
package/oracle/index.js +74 -15
package/oracle/ma902-snmp.js +678 -0
package/oracle/module-sealer.js +5 -3
package/oracle/network-identity.js +16 -0
package/oracle/packet-checksum.js +201 -0
package/oracle/sst.js +579 -0
package/oracle/ternary-144t.js +714 -0
package/oracle/ternary-ml.js +481 -0
package/oracle/time-api.js +239 -0
package/oracle/time-source.js +137 -47
package/oracle/validation-oracle-hardened.js +1111 -1071
package/oracle/validation-oracle.js +4 -2
package/oracle/ypc27.js +211 -0
package/package.json +20 -3
package/protocol/yak-handler.js +35 -9
package/protocol/yak-protocol.js +28 -13
package/reference/cpp/yakmesh_mceliece_shard.cpp +168 -0
package/reference/cpp/yakmesh_ypc27.cpp +179 -0
package/sbom.json +87 -0
package/scripts/security-audit.mjs +264 -0
package/scripts/update-docs-nav.js +194 -0
package/scripts/update-docs-sidebar.cjs +164 -0
package/security/crypto-config.js +4 -3
package/security/dharma-moderation.js +517 -0
package/security/doko-identity.js +193 -143
package/security/domain-consensus.js +86 -85
package/security/fs-hardening.js +620 -0
package/security/hardware-attestation.js +5 -3
package/security/hybrid-trust.js +227 -87
package/security/karma-rate-limiter.js +692 -0
package/security/khata-protocol.js +22 -21
package/security/khata-trust-integration.js +277 -150
package/security/memory-safety.js +635 -0
package/security/mesh-auth.js +11 -10
package/security/mesh-revocation.js +373 -5
package/security/namche-gateway.js +298 -69
package/security/sakshi.js +460 -3
package/security/sangha.js +770 -0
package/security/secure-config.js +473 -0
package/security/silicon-parity.js +13 -10
package/security/steadywatch.js +1142 -0
package/security/strike-system.js +32 -3
package/security/temporal-signing.js +488 -0
package/security/trit-commitment.js +464 -0
package/server/crypto/annex.js +247 -0
package/server/darshan-api.js +343 -0
package/server/index.js +3259 -362
package/server/komm-api.js +668 -0
package/utils/accel.js +2273 -0
package/utils/ternary-id.js +79 -0
package/utils/verify-worker.js +57 -0
package/webserver/index.js +95 -5
package/assets/yakmesh-logo.png +0 -0
package/assets/yakmesh-logo.svg +0 -80
package/assets/yakmesh-logo2.png +0 -0
package/assets/yakmesh-logo2sm.png +0 -0
package/assets/ymsm.png +0 -0
package/website/assets/silhouettes/adapters.svg +0 -107
package/website/assets/silhouettes/api-endpoints.svg +0 -115
package/website/assets/silhouettes/atomic-clock.svg +0 -83
package/website/assets/silhouettes/base-camp.svg +0 -81
package/website/assets/silhouettes/bridge.svg +0 -69
package/website/assets/silhouettes/docs-bundle.svg +0 -113
package/website/assets/silhouettes/doko-basket.svg +0 -70
package/website/assets/silhouettes/fortress.svg +0 -93
package/website/assets/silhouettes/gateway.svg +0 -54
package/website/assets/silhouettes/gears.svg +0 -93
package/website/assets/silhouettes/globe-satellite.svg +0 -67
package/website/assets/silhouettes/karma-wheel.svg +0 -137
package/website/assets/silhouettes/lama-council.svg +0 -141
package/website/assets/silhouettes/mandala-network.svg +0 -169
package/website/assets/silhouettes/mani-stones.svg +0 -149
package/website/assets/silhouettes/mantra-wheel.svg +0 -116
package/website/assets/silhouettes/mesh-nodes.svg +0 -113
package/website/assets/silhouettes/nakpak.svg +0 -56
package/website/assets/silhouettes/peak-lightning.svg +0 -73
package/website/assets/silhouettes/sherpa.svg +0 -69
package/website/assets/silhouettes/stupa-tower.svg +0 -119
package/website/assets/silhouettes/tattva-eye.svg +0 -78
package/website/assets/silhouettes/terminal.svg +0 -74
package/website/assets/silhouettes/webserver.svg +0 -145
package/website/assets/silhouettes/yak.svg +0 -78
package/website/assets/yakmesh-logo.png +0 -0
package/website/assets/yakmesh-logo.webp +0 -0
package/website/assets/yakmesh-logo128x140.webp +0 -0
package/website/assets/yakmesh-logo2.png +0 -0
package/website/assets/yakmesh-logo2.svg +0 -51
package/website/assets/yakmesh-logo40x44.webp +0 -0
package/website/assets/yakmesh.gif +0 -0
package/website/assets/yakmesh.ico +0 -0
package/website/assets/yakmesh.jpg +0 -0
package/website/assets/yakmesh.pdf +0 -0
package/website/assets/yakmesh.png +0 -0
package/website/assets/yakmesh.svg +0 -70
package/website/assets/yakmesh128.webp +0 -0
package/website/assets/yakmesh32.png +0 -0
package/website/assets/yakmesh32.svg +0 -65
package/website/assets/yakmesh32o.ico +0 -2
package/website/assets/yakmesh32o.svg +0 -65
package/website/assets/yakmesh32o.svgz +0 -0

package/mesh/annex.js CHANGED Viewed

@@ -27,10 +27,32 @@
 import { randomBytes, createCipheriv, createDecipheriv, createHash } from 'crypto';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem.js';
-import { sha3_256 } from '@noble/hashes/sha3.js';
+import { sha3_256 as _nobleSha3 } from '@noble/hashes/sha3.js';
 import { bytesToHex, hexToBytes, utf8ToBytes } from '@noble/hashes/utils.js';
 import { createLogger } from '../utils/logger.js';
+// ACCEL: Hardware-accelerated crypto (native SHA3, native KEM via liboqs/AVX-512)
+import { sha3_256, mlKem768Keygen, mlKem768Encapsulate, mlKem768Decapsulate } from '../utils/accel.js';
+// STEADYWATCH: Quantum-hardware-validated entropy seeds (Hurwitz quaternion, IBM Quantum)
+import { getHybridSeed, seedStore as steadywatchStore } from '../security/steadywatch.js';
+// ═══ TRIBHUJ — Balanced ternary for channel lifecycle ═══
+// POSITIVE: ESTABLISHED (secure channel active)
+// NEUTRAL:  NEGOTIATING (key exchange in progress)
+// NEGATIVE: CLOSED (session terminated or expired)
+import { POSITIVE, NEUTRAL, NEGATIVE } from '../oracle/tribhuj.js';
+/** ANNEX channel lifecycle states (TRIBHUJ trits) */
+export const ChannelState = Object.freeze({
+  CLOSED: NEGATIVE,       // -1: Session terminated or expired
+  NEGOTIATING: NEUTRAL,   //  0: Key exchange in progress
+  ESTABLISHED: POSITIVE,  // +1: Secure channel active
+});
+/** Extract unique peer suffix from nodeId (e.g. 'node-net-name-pq-kEEU' → 'kEEU') */
+const peerTag = (id) => id?.split('-pq-').pop() || id?.slice?.(-8) || String(id);
 const log = createLogger('mesh:annex');
 const ANNEX_CONFIG = {
@@ -144,36 +166,77 @@ class AnnexSession {
     this.kemKeyPair = null;      // Our ephemeral KEM key pair
     this.sharedSecret = null;    // Derived shared secret
     this.encryptionKey = null;   // Current symmetric key
+    this.pendingEncryptionKey = null; // Future key awaiting implicit ack (bootstrap→KEM upgrade only)
+    this.bootstrapped = false;   // JHILKE: true if using deterministic bootstrap key (not yet KEM-backed)
+    this.rekeyEpoch = 0;         // JHILKE: deterministic rekey epoch (incremented on each cricket-coordinated switch)
     this.sendSequence = 0;       // Outbound message counter
-    this.recvSequence = 0;       // Inbound message counter
+    this.recvSequence = -1;      // Inbound message counter (-1 so first msg seq 0 passes)
     this.messageCount = 0;       // Total messages with current key
     // State
     this.established = false;
+    this.channelState = ChannelState.NEGOTIATING;  // TRIBHUJ trit lifecycle
     this.createdAt = Date.now();
     this.lastActivity = Date.now();
     this.lastRekey = null;
   }
   /**
-   * Generate ephemeral KEM key pair for this session
+   * JHILKE deterministic rekey — both nodes derive the same key simultaneously.
+   * No KEM round-trip, no pending key, no race condition.
+   * Called by JhilkeCoordinator._executeSwitch() after cricket coordination.
+   */
+  deterministicRekey(newKey, epoch) {
+    this.encryptionKey = newKey;
+    this.rekeyEpoch = epoch;
+    this.messageCount = 0;
+    this.lastRekey = Date.now();
+    this.lastActivity = Date.now();
+  }
+  /**
+   * Generate ephemeral KEM key pair for this session.
+   *
+   * ACCEL: Routes through mlKem768Keygen() for native liboqs AVX-512 NTT
+   * acceleration when available (previously called noble directly — bypassed ACCEL).
+   *
+   * STEADYWATCH: If quantum satellite seeds are loaded, uses hybrid entropy:
+   *   hybridSeed = SHA3(satelliteSeed || EXPAND) ⊕ randomBytes(64)
+   * Two-source extractor: even if one source is compromised, keys are safe.
    */
-  generateKeyPair() {
-    const seed = randomBytes(64);
-    this.kemKeyPair = ml_kem768.keygen(seed);
+  async generateKeyPair() {
+    // STEADYWATCH hybrid seed (quantum + CSPRNG) or pure CSPRNG fallback
+    const seed = steadywatchStore.initialized
+      ? getHybridSeed()
+      : randomBytes(64);
+    // Route through ACCEL for native liboqs/AVX-512 acceleration
+    this.kemKeyPair = await mlKem768Keygen(seed);
     return bytesToHex(this.kemKeyPair.publicKey);
   }
   /**
    * Complete key exchange as initiator (encapsulate with peer's public key)
    */
-  encapsulate(peerPublicKey) {
+  encapsulate(peerPublicKey, { defer = false } = {}) {
     const publicKeyBytes = hexToBytes(peerPublicKey);
-    const result = ml_kem768.encapsulate(publicKeyBytes);
+    const result = mlKem768Encapsulate(publicKeyBytes);
     this.sharedSecret = result.sharedSecret;
-    this.encryptionKey = this._deriveEncryptionKey();
+    const newKey = this._deriveEncryptionKey();
+    if (defer && this.encryptionKey) {
+      // Rekey responder: store new key as pending, keep current active.
+      // PFS-safe: we only hold the FUTURE key, never the past key.
+      // Activation happens implicitly when we receive a message encrypted
+      // with the new key (see decrypt()).
+      this.pendingEncryptionKey = newKey;
+    } else {
+      // Initial handshake or initiator: switch immediately
+      this.encryptionKey = newKey;
+    }
     this.established = true;
+    this.channelState = ChannelState.ESTABLISHED;
     this.lastRekey = Date.now();
     return bytesToHex(result.cipherText);
@@ -188,9 +251,34 @@ class AnnexSession {
     }
     const ciphertextBytes = hexToBytes(ciphertext);
-    this.sharedSecret = ml_kem768.decapsulate(ciphertextBytes, this.kemKeyPair.secretKey);
+    this.sharedSecret = mlKem768Decapsulate(ciphertextBytes, this.kemKeyPair.secretKey);
+    // Zero ephemeral KEM secret key — shared secret is extracted, secret key is
+    // no longer needed. Minimizes exposure window if memory is later compromised.
+    if (this.kemKeyPair.secretKey instanceof Uint8Array) {
+      this.kemKeyPair.secretKey.fill(0);
+    }
+    this.kemKeyPair = null; // Release reference entirely
+    // Bootstrap→KEM upgrade bridge: briefly retain old key for in-flight messages.
+    // The responder still encrypts with bootstrap key until implicit ack arrives.
+    // Without this bridge, those in-flight messages cause AEAD auth failures.
+    // Auto-expires after 5s — NOT a permanent "previous key" (PFS preserved).
+    if (this.encryptionKey) {
+      this._transitionKey = this.encryptionKey;
+      this._transitionKeyTimer = setTimeout(() => {
+        this._transitionKey = null;
+        this._transitionKeyTimer = null;
+      }, 5000);
+    }
+    // Initiator receiving KEY_RESPONSE: switch immediately to KEM key.
+    // The initiator is always "first mover" — its next message triggers
+    // the responder to promote pendingEncryptionKey.
     this.encryptionKey = this._deriveEncryptionKey();
+    this.pendingEncryptionKey = null; // Clear any pending state
     this.established = true;
+    this.channelState = ChannelState.ESTABLISHED;
     this.lastRekey = Date.now();
     return true;
@@ -237,28 +325,21 @@ class AnnexSession {
   /**
    * Decrypt a message for this session
    */
-  decrypt(encryptedData, expectedSequence) {
-    if (!this.established || !this.encryptionKey) {
-      throw new Error('Session not established');
-    }
-    // Replay protection: sequence must be greater than last received
-    if (expectedSequence <= this.recvSequence && this.recvSequence > 0) {
-      throw new Error(`Replay detected: sequence ${expectedSequence} <= ${this.recvSequence}`);
-    }
+  /**
+   * Decrypt with a specific key (internal helper)
+   */
+  _decryptWithKey(key, encryptedData, expectedSequence) {
     const nonce = Buffer.from(encryptedData.nonce, 'hex');
     const ciphertext = Buffer.from(encryptedData.ciphertext, 'hex');
     const authTag = Buffer.from(encryptedData.authTag, 'hex');
     const decipher = createDecipheriv(
       ANNEX_CONFIG.symmetricAlgorithm,
-      this.encryptionKey,
+      key,
       nonce,
       { authTagLength: ANNEX_CONFIG.authTagLength }
     );
-    // Verify AAD
     const aad = Buffer.from(`${this.sessionId}:${expectedSequence}`);
     decipher.setAAD(aad);
     decipher.setAuthTag(authTag);
@@ -268,12 +349,66 @@ class AnnexSession {
       decipher.final(),
     ]);
-    this.recvSequence = expectedSequence;
-    this.lastActivity = Date.now();
     return decrypted.toString('utf8');
   }
+  decrypt(encryptedData, expectedSequence) {
+    if (!this.established || !this.encryptionKey) {
+      throw new Error('Session not established');
+    }
+    // Replay protection: sequence must be greater than last received
+    if (typeof expectedSequence !== 'number' || expectedSequence <= this.recvSequence) {
+      throw new Error(`Replay detected: sequence ${expectedSequence} <= ${this.recvSequence}`);
+    }
+    try {
+      // Try current key first
+      const result = this._decryptWithKey(this.encryptionKey, encryptedData, expectedSequence);
+      this.recvSequence = expectedSequence;
+      this.lastActivity = Date.now();
+      return result;
+    } catch (err) {
+      // During rekey transition, the initiator has switched to the new key
+      // but the responder is still on the old key. Try the PENDING (future)
+      // key — if it works, promote it to current. This is the implicit ack.
+      //
+      // Security note: we only ever store the FUTURE key as fallback, never
+      // the PAST key. An attacker who dumps memory gets a key they'd have
+      // gotten anyway once activated. PFS of past messages is never at risk.
+      if (this.pendingEncryptionKey) {
+        try {
+          const result = this._decryptWithKey(this.pendingEncryptionKey, encryptedData, expectedSequence);
+          // Implicit ack: promote pending → current, zero old key
+          this.encryptionKey = this.pendingEncryptionKey;
+          this.pendingEncryptionKey = null;
+          this.recvSequence = expectedSequence;
+          this.lastActivity = Date.now();
+          log.info('Rekey activated via implicit ack', { sessionId: this.sessionId?.slice(0, 16) });
+          return result;
+        } catch {
+          // pending key also failed — fall through to transition key
+        }
+      }
+      // Bootstrap→KEM upgrade bridge: the responder may still send messages
+      // encrypted with the bootstrap key between our KEM switch and their
+      // implicit-ack promotion. Try the briefly-retained old key.
+      // NO promotion — this key is being phased out (auto-expires via timer).
+      if (this._transitionKey) {
+        const result = this._decryptWithKey(this._transitionKey, encryptedData, expectedSequence);
+        this.recvSequence = expectedSequence;
+        this.lastActivity = Date.now();
+        log.info('Bootstrap→KEM transition: decoded in-flight message with old key', {
+          sessionId: this.sessionId?.slice(0, 16),
+        });
+        return result;
+      }
+      throw err;
+    }
+  }
   /**
    * Check if session needs re-keying for perfect forward secrecy
    */
@@ -298,12 +433,15 @@ class AnnexSession {
    * Derive symmetric encryption key from shared secret
    */
   _deriveEncryptionKey() {
+    // Sort nodeIds so both sides derive the same key
+    // (localNodeId and remoteNodeId are swapped between initiator/responder)
+    const [first, second] = [this.localNodeId, this.remoteNodeId].sort();
     return createHash('sha3-256')
       .update(this.sharedSecret)
       .update(ANNEX_CONFIG.keyDerivationSalt)
       .update(this.sessionId)
-      .update(this.localNodeId)
-      .update(this.remoteNodeId)
+      .update(first)
+      .update(second)
       .digest();
   }
 }
@@ -322,6 +460,9 @@ export class Annex {
     this.pendingHandshakes = new Map();
     this.messageHandlers = new Map();
+    // JHILKE coordinator reference (set by network.js after initialization)
+    this.jhilke = null;
     // Stats
     this.stats = {
       sessionsCreated: 0,
@@ -331,31 +472,90 @@ export class Annex {
       replaysBlocked: 0,
     };
+    // Deferred message queue — buffer ANNEX messages from peers whose
+    // public key hasn't arrived yet (HELLO/WELCOME still in flight).
+    // Max 10 senders, 1 message per sender, 3s timeout.
+    this._deferredMessages = new Map();  // senderId -> { envelope, origin, timer }
+    this._maxDeferredSenders = 10;
+    this._deferTimeoutMs = 3000;
     // Register mesh handler for ANNEX messages
     if (this.mesh) {
       this._registerMeshHandlers();
     }
   }
+  /**
+   * Create a bootstrap session with a deterministic key.
+   * JHILKE derives this key from the shared code hash + both node IDs.
+   * Both sides compute the same key independently.
+   *
+   * The bootstrap session enables encrypted communication from message #1,
+   * eliminating plaintext KEM exchange. It is immediately upgraded to a
+   * proper KEM-backed session with full PFS.
+   */
+  bootstrapSession(peerId, bootstrapKey) {
+    // Deterministic sessionId — both sides MUST agree on AES-GCM AAD.
+    // AAD = "${sessionId}:${sequence}", so random sessionId = instant auth failure.
+    const localNodeId = this.identity.identity.nodeId;
+    const [first, second] = [localNodeId, peerId].sort();
+    const deterministicSessionId = createHash('sha3-256')
+      .update(`yakmesh-annex-bootstrap-session:${first}:${second}`)
+      .digest('hex')
+      .slice(0, 32); // same length as bytesToHex(randomBytes(16))
+    const session = new AnnexSession({
+      sessionId: deterministicSessionId,
+      localNodeId,
+      remoteNodeId: peerId,
+    });
+    session.encryptionKey = bootstrapKey;
+    session.established = true;
+    session.bootstrapped = true;
+    session.channelState = ChannelState.ESTABLISHED;
+    session.lastRekey = Date.now();
+    this.sessions.set(peerId, session);
+    log.info('JHILKE bootstrap session created (encrypted from message #1)', {
+      peerId: peerTag(peerId),
+      sessionId: deterministicSessionId.slice(0, 8) + '...',
+    });
+    return session;
+  }
   /**
    * Initialize or get secure session with a peer (annex territory)
+   *
+   * JHILKE integration: If a bootstrap session exists, this method
+   * upgrades it to a KEM-backed session by performing the key exchange
+   * THROUGH the bootstrap-encrypted channel (no plaintext KEM).
    */
   async openChannel(remoteNodeId) {
     // Check for existing session
     let session = this.sessions.get(remoteNodeId);
-    if (session && session.established && !session.isExpired()) {
+    // Return existing FULL (non-bootstrap) session
+    if (session && session.established && !session.isExpired() && !session.bootstrapped) {
       return session;
     }
-    // Create new session
-    session = new AnnexSession({
-      localNodeId: this.identity.identity.nodeId,
-      remoteNodeId,
-      initiator: true,
-    });
+    // Bootstrap upgrade: reuse existing session, add KEM negotiation
+    const isBootstrapUpgrade = session?.bootstrapped;
+    if (isBootstrapUpgrade) {
+      session.initiator = true;
+      log.info('JHILKE: upgrading bootstrap → KEM', { peer: peerTag(remoteNodeId) });
+    } else {
+      // Create new session
+      session = new AnnexSession({
+        localNodeId: this.identity.identity.nodeId,
+        remoteNodeId,
+        initiator: true,
+      });
+    }
-    // Generate our key pair
-    const ourPublicKey = session.generateKeyPair();
+    // Generate our key pair (ACCEL: native liboqs/AVX-512, STEADYWATCH: quantum seed)
+    const ourPublicKey = await session.generateKeyPair();
     // Store pending handshake
     this.pendingHandshakes.set(remoteNodeId, session);
@@ -372,8 +572,8 @@ export class Annex {
     // Sign the envelope
     envelope.signature = this.identity.sign(envelope.getSigningPayload());
-    // Send via mesh
-    await this._sendToMesh(remoteNodeId, envelope);
+    // JHILKE: Send via secure channel if bootstrap exists, else raw
+    await this._sendControlSecure(remoteNodeId, envelope);
     // Wait for response (with timeout)
     return new Promise((resolve, reject) => {
@@ -406,9 +606,14 @@ export class Annex {
       session = await this.openChannel(remoteNodeId);
     }
-    // Check for re-key need
-    if (session.needsRekey()) {
-      await this._rekey(session);
+    // Check for re-key need — JHILKE handles all rekeys deterministically.
+    // Both sides derive the same key after cricket coordination (no KEM round-trip).
+    if (!options._skipRekeyCheck && session.needsRekey()) {
+      if (this.jhilke) {
+        this.jhilke.initiateRekey(remoteNodeId);
+      }
+      // No fallback — JHILKE is the only rekey path. If unavailable,
+      // the session continues until timeout/reconnect.
     }
     // Encrypt the payload
@@ -469,7 +674,18 @@ export class Annex {
     envelope.signature = this.identity.sign(envelope.getSigningPayload());
     await this._sendToMesh(remoteNodeId, envelope);
+    session.channelState = ChannelState.CLOSED;
     this.sessions.delete(remoteNodeId);
+    // Clean up any deferred messages from this peer
+    const deferred = this._deferredMessages?.get(remoteNodeId);
+    if (deferred) {
+      clearTimeout(deferred.timer);
+      if (deferred.onRegistered) {
+        this.mesh.off('peer-registered', deferred.onRegistered);
+      }
+      this._deferredMessages.delete(remoteNodeId);
+    }
   }
   /**
@@ -482,6 +698,7 @@ export class Annex {
     return {
       sessionId: session.sessionId,
       established: session.established,
+      channelState: session.channelState,  // TRIBHUJ trit: ESTABLISHED/NEGOTIATING/CLOSED
       createdAt: session.createdAt,
       lastActivity: session.lastActivity,
       messageCount: session.messageCount,
@@ -500,6 +717,7 @@ export class Annex {
         nodeId,
         sessionId: session.sessionId,
         established: session.established,
+        channelState: session.channelState,  // TRIBHUJ trit
         createdAt: session.createdAt,
         lastActivity: session.lastActivity,
         messageCount: session.messageCount,
@@ -531,12 +749,21 @@ export class Annex {
   async _handleAnnexMessage(envelope, origin) {
     try {
-      // Verify signature
-      const sigPayload = AnnexEnvelope.fromJSON(envelope).getSigningPayload();
+      // Verify ML-DSA-65 signature — MANDATORY for all ANNEX messages.
+      // "Changes pass through math alone" — no key, no entry.
       const peerPublicKey = this._getPeerPublicKey(envelope.senderId);
-      if (peerPublicKey && !this.identity.verify(sigPayload, envelope.signature, peerPublicKey)) {
-        log.warn('Invalid signature from peer', { peerId: envelope.senderId?.slice(0, 16) });
+      if (!peerPublicKey) {
+        // Peer's public key isn't registered yet — their HELLO/WELCOME
+        // may still be in flight. Defer the message and replay it once
+        // the mesh emits 'peer-registered' for this sender.
+        this._deferMessage(envelope, origin);
+        return;
+      }
+      const sigPayload = AnnexEnvelope.fromJSON(envelope).getSigningPayload();
+      if (!this.identity.verify(sigPayload, envelope.signature, peerPublicKey)) {
+        log.warn('Invalid ML-DSA-65 signature from peer', { peerId: peerTag(envelope.senderId) });
         return;
       }
@@ -553,14 +780,13 @@ export class Annex {
           await this._handleEncrypted(envelope);
           break;
-        case ANNEX_CONFIG.messageTypes.REKEY:
-          await this._handleRekey(envelope);
-          break;
-        case ANNEX_CONFIG.messageTypes.CLOSE:
+        case ANNEX_CONFIG.messageTypes.CLOSE: {
+          const closedSession = this.sessions.get(envelope.senderId);
+          if (closedSession) closedSession.channelState = ChannelState.CLOSED;
           this.sessions.delete(envelope.senderId);
-          log.info('Channel closed by peer', { peerId: envelope.senderId?.slice(0, 16) });
+          log.info('Channel closed by peer', { peerId: peerTag(envelope.senderId) });
           break;
+        }
       }
     } catch (err) {
       log.error('Error handling ANNEX message', { error: err.message });
@@ -568,23 +794,40 @@ export class Annex {
   }
   async _handleKeyExchange(envelope) {
-    log.info('Key exchange from peer', { peerId: envelope.senderId?.slice(0, 16) });
+    log.info('Key exchange from peer', { peerId: peerTag(envelope.senderId) });
-    // Create responding session
-    const session = new AnnexSession({
-      sessionId: envelope.sessionId,
-      localNodeId: this.identity.identity.nodeId,
-      remoteNodeId: envelope.senderId,
-      initiator: false,
-    });
+    // JHILKE: Check for existing bootstrap session to upgrade
+    let session = this.sessions.get(envelope.senderId);
+    const isBootstrapUpgrade = session?.bootstrapped;
+    if (isBootstrapUpgrade) {
+      // Upgrade existing bootstrap session — keep bootstrap key as current
+      session.sessionId = envelope.sessionId;
+      session.initiator = false;
+      log.info('JHILKE: upgrading bootstrap → KEM (responder)', { peerId: peerTag(envelope.senderId) });
+    } else {
+      // Create responding session
+      session = new AnnexSession({
+        sessionId: envelope.sessionId,
+        localNodeId: this.identity.identity.nodeId,
+        remoteNodeId: envelope.senderId,
+        initiator: false,
+      });
+    }
     // Generate our key pair and encapsulate with peer's public key
-    session.generateKeyPair();
-    const kemCiphertext = session.encapsulate(envelope.kemPublicKey);
+    // ACCEL: native liboqs/AVX-512, STEADYWATCH: quantum seed
+    await session.generateKeyPair();
+    // CRITICAL: For bootstrap upgrades, DEFER the KEM key.
+    // Keep bootstrap key active for the KEY_RESPONSE message.
+    // The KEM key activates via implicit ack when we receive
+    // a message encrypted with it from the initiator.
+    const kemCiphertext = session.encapsulate(envelope.kemPublicKey, { defer: isBootstrapUpgrade });
     // Store session
     this.sessions.set(envelope.senderId, session);
-    this.stats.sessionsCreated++;
+    if (!isBootstrapUpgrade) this.stats.sessionsCreated++;
     // Send response with our public key and the KEM ciphertext
     const response = new AnnexEnvelope({
@@ -597,27 +840,34 @@ export class Annex {
     });
     response.signature = this.identity.sign(response.getSigningPayload());
-    await this._sendToMesh(envelope.senderId, response);
-    log.info('Channel established with peer', { peerId: envelope.senderId?.slice(0, 16) });
+    // JHILKE: Send via secure channel (encrypted through bootstrap or current key)
+    await this._sendControlSecure(envelope.senderId, response);
+    log.info('Channel established with peer', { peerId: peerTag(envelope.senderId) });
   }
   async _handleKeyResponse(envelope) {
+    // KEY_RESPONSE is only used during initial handshake or bootstrap→KEM upgrade.
+    // All subsequent rekeys are deterministic via JHILKE (no KEM round-trip).
     const session = this.pendingHandshakes.get(envelope.senderId);
     if (!session) {
-      log.warn('Unexpected key response', { peerId: envelope.senderId?.slice(0, 16) });
+      log.warn('Unexpected key response (no pending handshake)', { peerId: peerTag(envelope.senderId) });
       return;
     }
     // Decapsulate to get shared secret
     session.decapsulate(envelope.kemCiphertext);
-    // Move to active sessions
+    // JHILKE: Clear bootstrap flag — now KEM-backed with full PFS
+    session.bootstrapped = false;
+    // Move from pending to active
     this.pendingHandshakes.delete(envelope.senderId);
     this.sessions.set(envelope.senderId, session);
     this.stats.sessionsCreated++;
-    log.info('Channel established with peer', { peerId: envelope.senderId?.slice(0, 16) });
+    log.info('Channel established with peer', { peerId: peerTag(envelope.senderId) });
     // Resolve the handshake promise
     if (session._resolveHandshake) {
@@ -628,7 +878,7 @@ export class Annex {
   async _handleEncrypted(envelope) {
     const session = this.sessions.get(envelope.senderId);
     if (!session || !session.established) {
-      log.warn('No session for encrypted message', { peerId: envelope.senderId?.slice(0, 16) });
+      log.warn('No session for encrypted message', { peerId: peerTag(envelope.senderId) });
       return;
     }
@@ -653,6 +903,13 @@ export class Annex {
         payload = plaintext;
       }
+      // JHILKE: Intercept secure ANNEX control messages routed through
+      // the encrypted channel (bootstrap upgrade, encrypted rekey, etc.)
+      if (payload && payload._annexControl) {
+        await this._handleAnnexControl(payload._annexControl, envelope.senderId);
+        return;
+      }
       // Dispatch to handlers
       for (const handler of this.messageHandlers.values()) {
         try {
@@ -675,48 +932,58 @@ export class Annex {
       }
     }
   }
-  async _handleRekey(envelope) {
-    const session = this.sessions.get(envelope.senderId);
-    if (!session) return;
-    log.debug('Re-keying with peer', { peerId: envelope.senderId?.slice(0, 16) });
-    // Respond to re-key with new key exchange
-    session.generateKeyPair();
-    const kemCiphertext = session.encapsulate(envelope.kemPublicKey);
-    session.messageCount = 0;
-    const response = new AnnexEnvelope({
-      type: ANNEX_CONFIG.messageTypes.KEY_RESPONSE,
-      senderId: this.identity.identity.nodeId,
-      recipientId: envelope.senderId,
-      sessionId: session.sessionId,
-      kemPublicKey: bytesToHex(session.kemKeyPair.publicKey),
-      kemCiphertext,
-    });
-    response.signature = this.identity.sign(response.getSigningPayload());
-    await this._sendToMesh(envelope.senderId, response);
+  // KEM-based _handleRekey and _rekey REMOVED — JHILKE handles all rekeys
+  // deterministically via deriveRekeyKey(). Both nodes compute the same key
+  // after cricket coordination. No encapsulate/decapsulate dance needed.
+  /**
+   * Send an ANNEX control message securely through the existing encrypted channel.
+   * When a session exists, wraps the control message inside an encrypted payload.
+   * Falls back to raw transport only when no session exists (pre-bootstrap).
+   *
+   * This eliminates plaintext KEM exchange after bootstrap — all ANNEX control
+   * messages (KEY_EXCHANGE, KEY_RESPONSE, REKEY) are encrypted on the wire.
+   */
+  async _sendControlSecure(remoteNodeId, controlEnvelope) {
+    const session = this.sessions.get(remoteNodeId);
+    if (session?.established) {
+      // Wrap control message inside encrypted ANNEX payload
+      // _skipRekeyCheck prevents recursive rekey triggers
+      await this.send(remoteNodeId, { _annexControl: controlEnvelope.toJSON() }, { _skipRekeyCheck: true });
+    } else {
+      // No session yet — raw transport (only during pre-JHILKE or HELLO/WELCOME phase)
+      await this._sendToMesh(remoteNodeId, controlEnvelope);
+    }
   }
-  async _rekey(session) {
-    log.debug('Initiating re-key with peer', { peerId: session.remoteNodeId?.slice(0, 16) });
-    // Generate new ephemeral keys
-    const newPublicKey = session.generateKeyPair();
-    session.messageCount = 0;
-    const envelope = new AnnexEnvelope({
-      type: ANNEX_CONFIG.messageTypes.REKEY,
-      senderId: this.identity.identity.nodeId,
-      recipientId: session.remoteNodeId,
-      sessionId: session.sessionId,
-      kemPublicKey: newPublicKey,
+  /**
+   * Handle a secure ANNEX control message received through the encrypted channel.
+   * The outer AEAD encryption guarantees authenticity — no separate signature
+   * check needed (only the session peer could have encrypted it).
+   */
+  async _handleAnnexControl(controlData, senderId) {
+    log.debug('Processing secure ANNEX control', {
+      type: controlData.type,
+      from: peerTag(senderId),
     });
-    envelope.signature = this.identity.sign(envelope.getSigningPayload());
-    await this._sendToMesh(session.remoteNodeId, envelope);
+    switch (controlData.type) {
+      case ANNEX_CONFIG.messageTypes.KEY_EXCHANGE:
+        await this._handleKeyExchange(controlData);
+        break;
+      case ANNEX_CONFIG.messageTypes.KEY_RESPONSE:
+        await this._handleKeyResponse(controlData);
+        break;
+      case ANNEX_CONFIG.messageTypes.CLOSE: {
+        const closedSession = this.sessions.get(controlData.senderId);
+        if (closedSession) closedSession.channelState = ChannelState.CLOSED;
+        this.sessions.delete(controlData.senderId);
+        log.info('Channel closed by peer (secure)', { peerId: peerTag(controlData.senderId) });
+        break;
+      }
+    }
   }
   async _sendToMesh(remoteNodeId, envelope) {
@@ -730,11 +997,98 @@ export class Annex {
     });
   }
+  /**
+   * Buffer an ANNEX message whose sender key hasn't arrived yet.
+   * Replays automatically when 'peer-registered' fires, or discards
+   * after _deferTimeoutMs (preventing memory leaks from spoofed senderIds).
+   */
+  _deferMessage(envelope, origin) {
+    const senderId = envelope.senderId;
+    // Already deferring a message from this sender — discard the older one
+    if (this._deferredMessages.has(senderId)) {
+      const existing = this._deferredMessages.get(senderId);
+      clearTimeout(existing.timer);
+      if (existing.onRegistered) {
+        this.mesh.off('peer-registered', existing.onRegistered);
+      }
+      this._deferredMessages.delete(senderId);
+    }
+    // Cap total deferred senders to prevent memory abuse
+    if (this._deferredMessages.size >= this._maxDeferredSenders) {
+      log.debug('Deferred ANNEX queue full, dropping message from unknown peer', {
+        peerId: peerTag(senderId),
+        type: envelope.type,
+      });
+      return;
+    }
+    log.debug('Deferring ANNEX message until peer key arrives', {
+      peerId: peerTag(senderId),
+      type: envelope.type,
+    });
+    // Event listener: replay when peer registers
+    const onRegistered = (registeredNodeId) => {
+      if (registeredNodeId === senderId) {
+        this._replayDeferred(senderId);
+      }
+    };
+    // Safety timeout: if key never arrives, discard silently
+    const timer = setTimeout(() => {
+      if (this._deferredMessages.has(senderId)) {
+        this.mesh.off('peer-registered', onRegistered);
+        this._deferredMessages.delete(senderId);
+        log.debug('Deferred ANNEX message expired (peer key never arrived)', {
+          peerId: peerTag(senderId),
+          type: envelope.type,
+        });
+      }
+    }, this._deferTimeoutMs);
+    this._deferredMessages.set(senderId, { envelope, origin, timer, onRegistered });
+    this.mesh.on('peer-registered', onRegistered);
+  }
+  /**
+   * Replay a deferred ANNEX message now that the sender's key is available.
+   */
+  _replayDeferred(senderId) {
+    const deferred = this._deferredMessages.get(senderId);
+    if (!deferred) return;
+    clearTimeout(deferred.timer);
+    this.mesh.off('peer-registered', deferred.onRegistered);
+    this._deferredMessages.delete(senderId);
+    log.debug('Replaying deferred ANNEX message (peer key arrived)', {
+      peerId: peerTag(senderId),
+      type: deferred.envelope.type,
+    });
+    // Re-enter the handler — this time _getPeerPublicKey should succeed
+    this._handleAnnexMessage(deferred.envelope, deferred.origin).catch(err => {
+      log.warn('Deferred ANNEX replay failed', { peerId: peerTag(senderId), error: err.message });
+    });
+  }
   _getPeerPublicKey(nodeId) {
-    // Get from mesh peer info
+    // Get from WS peer info first
     if (this.mesh && this.mesh.peers) {
       const peer = this.mesh.peers.get(nodeId);
-      return peer?.identity?.publicKey || null;
+      if (peer?.identity?.publicKey) return peer.identity.publicKey;
+    }
+    // Fallback: relay peer keys stored during signed registration
+    if (this.mesh && this.mesh._relayPeerKeys) {
+      const key = this.mesh._relayPeerKeys.get(nodeId);
+      if (key) return key;
+    }
+    // Fallback: SHERPA registry (populated during relay registration)
+    if (this.mesh && this.mesh.sherpa?.registry) {
+      const regPeer = this.mesh.sherpa.registry.get(nodeId);
+      if (regPeer?.publicKey) return regPeer.publicKey;
     }
     return null;
   }