yakmesh 2.8.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (232) hide show
  1. package/CHANGELOG.md +637 -0
  2. package/CONTRIBUTING.md +42 -0
  3. package/Caddyfile +77 -0
  4. package/README.md +119 -29
  5. package/adapters/adapter-mlv-bible/README.md +124 -0
  6. package/adapters/adapter-mlv-bible/index.js +400 -0
  7. package/adapters/chat-mod-adapter.js +532 -0
  8. package/adapters/content-adapter.js +273 -0
  9. package/content/api.js +50 -41
  10. package/content/index.js +2 -2
  11. package/content/store.js +355 -173
  12. package/dashboard/index.html +19 -3
  13. package/database/replication.js +117 -37
  14. package/docs/CRYPTO-AGILITY.md +204 -0
  15. package/docs/MTLS-RESEARCH.md +367 -0
  16. package/docs/NAMCHE-SPEC.md +681 -0
  17. package/docs/PEERQUANTA-YAKMESH-INTEGRATION.md +407 -0
  18. package/docs/PRECISION-DISCLOSURE.md +96 -0
  19. package/docs/README.md +76 -0
  20. package/docs/ROADMAP-2.4.0.md +447 -0
  21. package/docs/ROADMAP-2.5.0.md +244 -0
  22. package/docs/SECURITY-AUDIT-REPORT.md +306 -0
  23. package/docs/SST-INTEGRATION.md +712 -0
  24. package/docs/STEADYWATCH-IMPLEMENTATION.md +303 -0
  25. package/docs/TERNARY-AUDIT-REPORT.md +247 -0
  26. package/docs/TME-FAQ.md +221 -0
  27. package/docs/WHITEPAPER.md +623 -0
  28. package/docs/adapters.html +1001 -0
  29. package/docs/advanced-systems.html +1045 -0
  30. package/docs/annex.html +1046 -0
  31. package/docs/api.html +970 -0
  32. package/docs/business/response-templates.md +160 -0
  33. package/docs/c2c.html +1225 -0
  34. package/docs/cli.html +1332 -0
  35. package/docs/configuration.html +1248 -0
  36. package/docs/darshan.html +1085 -0
  37. package/docs/dharma.html +966 -0
  38. package/docs/docs-bundle.html +1075 -0
  39. package/docs/docs.css +3120 -0
  40. package/docs/docs.js +556 -0
  41. package/docs/doko.html +969 -0
  42. package/docs/geo-proof.html +858 -0
  43. package/docs/getting-started.html +840 -0
  44. package/docs/gumba-tutorial.html +1144 -0
  45. package/docs/gumba.html +1098 -0
  46. package/docs/index.html +914 -0
  47. package/docs/jhilke.html +1312 -0
  48. package/docs/karma.html +1100 -0
  49. package/docs/katha.html +1037 -0
  50. package/docs/lama.html +978 -0
  51. package/docs/mandala.html +1067 -0
  52. package/docs/mani.html +964 -0
  53. package/docs/mantra.html +967 -0
  54. package/docs/mesh.html +1409 -0
  55. package/docs/nakpak.html +869 -0
  56. package/docs/namche.html +928 -0
  57. package/docs/nav-order.json +53 -0
  58. package/docs/prahari.html +1043 -0
  59. package/docs/prism-bash.min.js +1 -0
  60. package/docs/prism-javascript.min.js +1 -0
  61. package/docs/prism-json.min.js +1 -0
  62. package/docs/prism-tomorrow.min.css +1 -0
  63. package/docs/prism.min.js +1 -0
  64. package/docs/privacy.html +699 -0
  65. package/docs/quick-reference.html +1181 -0
  66. package/docs/sakshi.html +1402 -0
  67. package/docs/sandboxing.md +386 -0
  68. package/docs/seva.html +911 -0
  69. package/docs/sherpa.html +871 -0
  70. package/docs/studio.html +860 -0
  71. package/docs/stupa.html +995 -0
  72. package/docs/tailwind.min.css +2 -0
  73. package/docs/tattva.html +1332 -0
  74. package/docs/terms.html +686 -0
  75. package/docs/time-server-deployment.md +166 -0
  76. package/docs/time-sources.html +1392 -0
  77. package/docs/tivra.html +1127 -0
  78. package/docs/trademark-policy.html +686 -0
  79. package/docs/tribhuj.html +1183 -0
  80. package/docs/trust-security.html +1029 -0
  81. package/docs/tutorials/backup-recovery.html +654 -0
  82. package/docs/tutorials/dashboard.html +604 -0
  83. package/docs/tutorials/domain-setup.html +605 -0
  84. package/docs/tutorials/host-website.html +456 -0
  85. package/docs/tutorials/mesh-network.html +505 -0
  86. package/docs/tutorials/mobile-access.html +445 -0
  87. package/docs/tutorials/privacy.html +467 -0
  88. package/docs/tutorials/raspberry-pi.html +600 -0
  89. package/docs/tutorials/security-basics.html +539 -0
  90. package/docs/tutorials/share-files.html +431 -0
  91. package/docs/tutorials/troubleshooting.html +637 -0
  92. package/docs/tutorials/trust-karma.html +419 -0
  93. package/docs/tutorials/yak-protocol.html +456 -0
  94. package/docs/tutorials.html +1034 -0
  95. package/docs/vani.html +1270 -0
  96. package/docs/webserver.html +809 -0
  97. package/docs/yak-protocol.html +940 -0
  98. package/docs/yak-timeserver-design.md +475 -0
  99. package/docs/yakapp.html +1015 -0
  100. package/docs/ypc27.html +1069 -0
  101. package/docs/yurt.html +1344 -0
  102. package/embedded-docs/bundle.js +334 -74
  103. package/gossip/protocol.js +247 -27
  104. package/identity/key-resolver.js +262 -0
  105. package/identity/machine-seed.js +632 -0
  106. package/identity/node-key.js +669 -368
  107. package/identity/tribhuj-ratchet.js +506 -0
  108. package/knowledge-base.js +37 -8
  109. package/launcher/yakmesh.bat +62 -0
  110. package/launcher/yakmesh.sh +70 -0
  111. package/mesh/annex.js +462 -108
  112. package/mesh/beacon-broadcast.js +113 -1
  113. package/mesh/darshan.js +1718 -0
  114. package/mesh/gumba.js +1567 -0
  115. package/mesh/jhilke.js +651 -0
  116. package/mesh/katha.js +1012 -0
  117. package/mesh/nakpak-routing.js +8 -5
  118. package/mesh/network.js +724 -34
  119. package/mesh/pulse-sync.js +4 -1
  120. package/mesh/rate-limiter.js +127 -15
  121. package/mesh/seva.js +526 -0
  122. package/mesh/sherpa-discovery.js +89 -8
  123. package/mesh/sybil-defense.js +19 -5
  124. package/mesh/temporal-encoder.js +4 -3
  125. package/mesh/vani.js +1364 -0
  126. package/mesh/yurt.js +1340 -0
  127. package/models/entropy-sentinel.onnx +0 -0
  128. package/models/karma-trust.onnx +0 -0
  129. package/models/manifest.json +43 -0
  130. package/models/sakshi-anomaly.onnx +0 -0
  131. package/oracle/code-proof-protocol.js +7 -6
  132. package/oracle/codebase-lock.js +257 -28
  133. package/oracle/index.js +74 -15
  134. package/oracle/ma902-snmp.js +678 -0
  135. package/oracle/module-sealer.js +5 -3
  136. package/oracle/network-identity.js +16 -0
  137. package/oracle/packet-checksum.js +201 -0
  138. package/oracle/sst.js +579 -0
  139. package/oracle/ternary-144t.js +714 -0
  140. package/oracle/ternary-ml.js +481 -0
  141. package/oracle/time-api.js +239 -0
  142. package/oracle/time-source.js +137 -47
  143. package/oracle/validation-oracle-hardened.js +1111 -1071
  144. package/oracle/validation-oracle.js +4 -2
  145. package/oracle/ypc27.js +211 -0
  146. package/package.json +20 -3
  147. package/protocol/yak-handler.js +35 -9
  148. package/protocol/yak-protocol.js +28 -13
  149. package/reference/cpp/yakmesh_mceliece_shard.cpp +168 -0
  150. package/reference/cpp/yakmesh_ypc27.cpp +179 -0
  151. package/sbom.json +87 -0
  152. package/scripts/security-audit.mjs +264 -0
  153. package/scripts/update-docs-nav.js +194 -0
  154. package/scripts/update-docs-sidebar.cjs +164 -0
  155. package/security/crypto-config.js +4 -3
  156. package/security/dharma-moderation.js +517 -0
  157. package/security/doko-identity.js +193 -143
  158. package/security/domain-consensus.js +86 -85
  159. package/security/fs-hardening.js +620 -0
  160. package/security/hardware-attestation.js +5 -3
  161. package/security/hybrid-trust.js +227 -87
  162. package/security/karma-rate-limiter.js +692 -0
  163. package/security/khata-protocol.js +22 -21
  164. package/security/khata-trust-integration.js +277 -150
  165. package/security/memory-safety.js +635 -0
  166. package/security/mesh-auth.js +11 -10
  167. package/security/mesh-revocation.js +373 -5
  168. package/security/namche-gateway.js +298 -69
  169. package/security/sakshi.js +460 -3
  170. package/security/sangha.js +770 -0
  171. package/security/secure-config.js +473 -0
  172. package/security/silicon-parity.js +13 -10
  173. package/security/steadywatch.js +1142 -0
  174. package/security/strike-system.js +32 -3
  175. package/security/temporal-signing.js +488 -0
  176. package/security/trit-commitment.js +464 -0
  177. package/server/crypto/annex.js +247 -0
  178. package/server/darshan-api.js +343 -0
  179. package/server/index.js +3259 -362
  180. package/server/komm-api.js +668 -0
  181. package/utils/accel.js +2273 -0
  182. package/utils/ternary-id.js +79 -0
  183. package/utils/verify-worker.js +57 -0
  184. package/webserver/index.js +95 -5
  185. package/assets/yakmesh-logo.png +0 -0
  186. package/assets/yakmesh-logo.svg +0 -80
  187. package/assets/yakmesh-logo2.png +0 -0
  188. package/assets/yakmesh-logo2sm.png +0 -0
  189. package/assets/ymsm.png +0 -0
  190. package/website/assets/silhouettes/adapters.svg +0 -107
  191. package/website/assets/silhouettes/api-endpoints.svg +0 -115
  192. package/website/assets/silhouettes/atomic-clock.svg +0 -83
  193. package/website/assets/silhouettes/base-camp.svg +0 -81
  194. package/website/assets/silhouettes/bridge.svg +0 -69
  195. package/website/assets/silhouettes/docs-bundle.svg +0 -113
  196. package/website/assets/silhouettes/doko-basket.svg +0 -70
  197. package/website/assets/silhouettes/fortress.svg +0 -93
  198. package/website/assets/silhouettes/gateway.svg +0 -54
  199. package/website/assets/silhouettes/gears.svg +0 -93
  200. package/website/assets/silhouettes/globe-satellite.svg +0 -67
  201. package/website/assets/silhouettes/karma-wheel.svg +0 -137
  202. package/website/assets/silhouettes/lama-council.svg +0 -141
  203. package/website/assets/silhouettes/mandala-network.svg +0 -169
  204. package/website/assets/silhouettes/mani-stones.svg +0 -149
  205. package/website/assets/silhouettes/mantra-wheel.svg +0 -116
  206. package/website/assets/silhouettes/mesh-nodes.svg +0 -113
  207. package/website/assets/silhouettes/nakpak.svg +0 -56
  208. package/website/assets/silhouettes/peak-lightning.svg +0 -73
  209. package/website/assets/silhouettes/sherpa.svg +0 -69
  210. package/website/assets/silhouettes/stupa-tower.svg +0 -119
  211. package/website/assets/silhouettes/tattva-eye.svg +0 -78
  212. package/website/assets/silhouettes/terminal.svg +0 -74
  213. package/website/assets/silhouettes/webserver.svg +0 -145
  214. package/website/assets/silhouettes/yak.svg +0 -78
  215. package/website/assets/yakmesh-logo.png +0 -0
  216. package/website/assets/yakmesh-logo.webp +0 -0
  217. package/website/assets/yakmesh-logo128x140.webp +0 -0
  218. package/website/assets/yakmesh-logo2.png +0 -0
  219. package/website/assets/yakmesh-logo2.svg +0 -51
  220. package/website/assets/yakmesh-logo40x44.webp +0 -0
  221. package/website/assets/yakmesh.gif +0 -0
  222. package/website/assets/yakmesh.ico +0 -0
  223. package/website/assets/yakmesh.jpg +0 -0
  224. package/website/assets/yakmesh.pdf +0 -0
  225. package/website/assets/yakmesh.png +0 -0
  226. package/website/assets/yakmesh.svg +0 -70
  227. package/website/assets/yakmesh128.webp +0 -0
  228. package/website/assets/yakmesh32.png +0 -0
  229. package/website/assets/yakmesh32.svg +0 -65
  230. package/website/assets/yakmesh32o.ico +0 -2
  231. package/website/assets/yakmesh32o.svg +0 -65
  232. package/website/assets/yakmesh32o.svgz +0 -0
package/mesh/beacon-broadcast.js CHANGED
@@ -32,7 +32,10 @@
32
32
  */
33
33
 
34
34
  import { randomBytes, createHash } from 'crypto';
35
- import { sha3_256 } from '@noble/hashes/sha3.js';
35
+ import { sha3_256 as _nobleSha3 } from '@noble/hashes/sha3.js';
36
+
37
+ // ACCEL: Hardware-accelerated SHA3-256 (OpenSSL/SHA-NI — 4.6x faster)
38
+ import { sha3_256 } from '../utils/accel.js';
36
39
  import { bytesToHex, utf8ToBytes } from '@noble/hashes/utils.js';
37
40
 
38
41
  // YPC-27 quantum-hard checksums for packet integrity
@@ -55,11 +58,13 @@ const STUPA_CONFIG = {
55
58
  IMMEDIATE: 2, // Time-sensitive (second tier)
56
59
  FLASH: 3, // Emergency (third tier)
57
60
  CRITICAL: 4, // Life/safety critical (pinnacle)
61
+ REVOCATION: 5, // Identity revocation - highest priority (beyond pinnacle)
58
62
  },
59
63
 
60
64
  // Propagation settings
61
65
  defaultTTL: 10, // Default hop count
62
66
  maxTTL: 50, // Maximum hop count
67
+ revocationTTL: 100, // Extra hops for revocation messages
63
68
  deduplicationWindowMs: 60000, // 1 minute dedup window
64
69
  receiptTimeout: 30000, // 30s to collect receipts
65
70
 
@@ -76,9 +81,20 @@ const STUPA_CONFIG = {
76
81
  IMMEDIATE: 5,
77
82
  FLASH: 10,
78
83
  CRITICAL: 100,
84
+ REVOCATION: 1000, // Revocations bypass most rate limits
79
85
  },
80
86
  };
81
87
 
88
+ /**
89
+ * Revocation broadcast payload types
90
+ */
91
+ export const REVOCATION_BROADCAST_TYPE = Object.freeze({
92
+ ATTESTATION: 'revocation:attestation', // New attestation against a DOKO
93
+ THRESHOLD_MET: 'revocation:threshold', // Revocation threshold reached
94
+ CERTIFICATE: 'revocation:certificate', // Signed revocation certificate
95
+ KEY_COMPROMISE: 'revocation:key_compromise', // Urgent: key compromise notification
96
+ });
97
+
82
98
  // Legacy export for backward compatibility
83
99
  const BEACON_CONFIG = STUPA_CONFIG;
84
100
 
@@ -722,6 +738,102 @@ class StupaBroadcast {
722
738
  });
723
739
  }
724
740
 
741
+ /**
742
+ * Send revocation broadcast - highest priority emergency channel
743
+ *
744
+ * Used for rapid propagation of:
745
+ * - New revocation attestations
746
+ * - Revocation threshold reached
747
+ * - Key compromise notifications
748
+ * - Signed revocation certificates
749
+ *
750
+ * These messages bypass normal rate limits and get maximum TTL
751
+ * to ensure network-wide propagation as fast as possible.
752
+ *
753
+ * @param {string} type - One of REVOCATION_BROADCAST_TYPE
754
+ * @param {Object} revocationData - Revocation-specific payload
755
+ * @param {Object} options - Additional options
756
+ * @returns {Object} Broadcast result with messageId
757
+ */
758
+ sendRevocation(type, revocationData, options = {}) {
759
+ const payload = {
760
+ type,
761
+ ...revocationData,
762
+ urgency: 'MAXIMUM',
763
+ broadcastedAt: Date.now(),
764
+ };
765
+
766
+ console.log(`🚨 STUPA Revocation broadcast: ${type}`, {
767
+ dokoId: revocationData.dokoId,
768
+ reason: revocationData.reason,
769
+ });
770
+
771
+ return this.broadcast(payload, {
772
+ ...options,
773
+ priority: STUPA_CONFIG.priorities.REVOCATION,
774
+ ttl: STUPA_CONFIG.revocationTTL,
775
+ confirmDelivery: true,
776
+ // Mark as non-expiring for longer (10 minutes)
777
+ expiresAt: Date.now() + 10 * 60 * 1000,
778
+ });
779
+ }
780
+
781
+ /**
782
+ * Broadcast a revocation attestation
783
+ * Call this when filing an attestation against a DOKO
784
+ */
785
+ broadcastAttestation(attestation) {
786
+ return this.sendRevocation(REVOCATION_BROADCAST_TYPE.ATTESTATION, {
787
+ dokoId: attestation.dokoId,
788
+ reason: attestation.reason,
789
+ attesterId: attestation.attesterId,
790
+ timestamp: attestation.timestamp,
791
+ evidence: attestation.evidence,
792
+ signature: attestation.signature,
793
+ });
794
+ }
795
+
796
+ /**
797
+ * Broadcast that revocation threshold has been met
798
+ * Call this when 2/3 attestations reached for a DOKO
799
+ */
800
+ broadcastThresholdMet(dokoId, revocationStatus) {
801
+ return this.sendRevocation(REVOCATION_BROADCAST_TYPE.THRESHOLD_MET, {
802
+ dokoId,
803
+ reason: revocationStatus.reason,
804
+ attestationCount: revocationStatus.attestationCount,
805
+ threshold: revocationStatus.threshold,
806
+ activeNodes: revocationStatus.activeNodes,
807
+ confidence: revocationStatus.confidence,
808
+ });
809
+ }
810
+
811
+ /**
812
+ * Broadcast a signed revocation certificate
813
+ * Call this after threshold is met to distribute proof
814
+ */
815
+ broadcastRevocationCertificate(certificate) {
816
+ return this.sendRevocation(REVOCATION_BROADCAST_TYPE.CERTIFICATE, {
817
+ dokoId: certificate.dokoId,
818
+ reason: certificate.reason,
819
+ certificate,
820
+ });
821
+ }
822
+
823
+ /**
824
+ * Broadcast key compromise notification - URGENT
825
+ * Call this when a node's private key has been compromised
826
+ */
827
+ broadcastKeyCompromise(dokoId, compromiseInfo = {}) {
828
+ return this.sendRevocation(REVOCATION_BROADCAST_TYPE.KEY_COMPROMISE, {
829
+ dokoId,
830
+ reason: 'KEY_COMPROMISED',
831
+ reportedBy: this.nodeId,
832
+ compromiseInfo,
833
+ urgentAction: 'IMMEDIATE_REVOCATION_REQUIRED',
834
+ });
835
+ }
836
+
725
837
  /**
726
838
  * Get STUPA statistics
727
839
  */