yakmesh 2.9.0 → 3.0.0

package/dashboard/index.html

@@ -323,7 +323,7 @@
   </div>
   
   <div class="connection-bar">
-    <input type="text" id="node-url" value="http://localhost:3000" placeholder="Node HTTP URL">
+    <input type="text" id="node-url" placeholder="Node HTTP URL">
     <button onclick="connect()">Connect</button>
     <div class="status-indicator">
       <div class="status-dot" id="status-dot"></div>
@@ -518,10 +518,18 @@
   </div>
 
   <script>
-    let nodeUrl = 'http://localhost:3000';
+    // Default to current origin (where dashboard was loaded from)
+    let nodeUrl = window.location.origin;
     let connected = false;
     let refreshInterval = null;
     
+    // Initialize input field with current origin on load
+    document.addEventListener('DOMContentLoaded', () => {
+      document.getElementById('node-url').value = nodeUrl;
+      // Auto-connect since we're served by the node
+      connect();
+    });
+    
     // Helper function to format bytes
     function formatBytes(bytes) {
       if (bytes === 0) return '0 B';
@@ -617,6 +625,13 @@
               <div style="margin-top: 0.5rem;">
                 Classical: ${crypto.classicalSecurity} | Quantum: ${crypto.quantumSecurity}
               </div>
+              ${crypto.routingSecurity ? `
+              <div style="margin-top: 0.5rem; padding-top: 0.5rem; border-top: 1px solid var(--border);">
+                <span style="color: var(--frost)">144T Routing:</span> 
+                <span style="color: var(--mountain); font-weight: 600;">${crypto.routingSecurity}</span>
+                <div style="font-size: 0.75rem; color: var(--text-dim); margin-top: 0.25rem;">3^144 ≈ 10^68 address space • Grover-resistant</div>
+              </div>
+              ` : ''}
               <div style="margin-top: 0.5rem; font-size: 0.75rem;">
                 ${crypto.nistStandards?.join(' • ') || ''}
               </div>
@@ -715,8 +730,9 @@
                 <div style="width: 12px; height: 12px; border-radius: 50%; background: ${statusColor}; box-shadow: 0 0 8px ${statusColor};"></div>
                 <span style="font-weight: 600; color: ${statusColor}">${website.status?.toUpperCase() || 'INACTIVE'}</span>
               </div>
-              <div>Hosted Websites: <span style="color: var(--accent)">${website.websites || 0}</span></div>
+              <div>Published Manifests: <span style="color: var(--accent)">${website.websites || 0}</span></div>
               <div>.yak Domains: <span style="color: var(--frost)">${website.domains || 0}</span></div>
+              <div>Unique Sites: <span style="color: var(--text)">${website.uniqueSites || website.domains || 0}</span></div>
               <div>Files Served: <span style="color: var(--text)">${website.filesServed || 0}</span></div>
               <div>Bytes Served: <span style="color: var(--text)">${formatBytes(website.bytesServed || 0)}</span></div>
               ${website.status === 'active' ? `

package/database/replication.js

@@ -44,6 +44,7 @@ export class ReplicationEngine {
     this.dbPath = dbPath;
     this.db = null;
     this.nodeId = mesh.identity.identity.nodeId;
+    this.identity = mesh.identity;  // For ML-DSA-65 signing/verification
     this.syncInterval = null;
   }
 
@@ -98,6 +99,13 @@ export class ReplicationEngine {
       // Index already exists
     }
 
+    // Add signature column for ML-DSA-65 authenticated replication
+    try {
+      this.db.run(`ALTER TABLE _replication_log ADD COLUMN signature TEXT`);
+    } catch (e) {
+      // Column already exists
+    }
+
     this._saveDb();
     log.info('Database initialized', { path: this.dbPath });
 
@@ -143,12 +151,20 @@ export class ReplicationEngine {
     if (!REPLICATED_TABLES.includes(tableName)) return;
 
     const vectorClock = this._generateVectorClock();
+    const dataJson = JSON.stringify(data);
+
+    // Sign the change payload (ML-DSA-65) for authenticated replication
+    const sigPayload = JSON.stringify({
+      tableName, rowId: String(rowId), operation, data: dataJson,
+      nodeId: this.nodeId, vectorClock,
+    });
+    const signature = this.identity.sign(sigPayload);
     
     this.db.run(
       `INSERT INTO _replication_log 
-       (table_name, row_id, operation, data, node_id, vector_clock, created_at)
-       VALUES (?, ?, ?, ?, ?, ?, ?)`,
-      [tableName, String(rowId), operation, JSON.stringify(data), this.nodeId, vectorClock, Date.now()]
+       (table_name, row_id, operation, data, node_id, vector_clock, created_at, signature)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+      [tableName, String(rowId), operation, dataJson, this.nodeId, vectorClock, Date.now(), signature]
     );
     
     this._saveDb();
@@ -169,14 +185,20 @@ export class ReplicationEngine {
    * Sync with a specific peer
    */
   async syncWithPeer(peerNodeId) {
-    // Get last sync state for this peer
-    const result = this.db.exec(
-      `SELECT last_sync_at FROM _replication_state WHERE peer_node_id = '${peerNodeId}'`
-    );
-    
-    const lastSyncAt = result.length > 0 && result[0].values.length > 0 
-      ? result[0].values[0][0] 
-      : 0;
+    // Get last sync state for this peer (parameterized to prevent SQL injection)
+    let lastSyncAt = 0;
+    try {
+      const stmt = this.db.prepare(
+        'SELECT last_sync_at FROM _replication_state WHERE peer_node_id = ?'
+      );
+      stmt.bind([peerNodeId]);
+      if (stmt.step()) {
+        lastSyncAt = stmt.get()[0] || 0;
+      }
+      stmt.free();
+    } catch (e) {
+      log.warn('Failed to query sync state', { peer: peerNodeId.slice(0, 12), error: e.message });
+    }
 
     // Request changes from peer since last sync
     try {
@@ -194,15 +216,41 @@ export class ReplicationEngine {
    * Apply a replicated change from another node
    */
   applyChange(change) {
-    const { table_name, row_id, operation, data, node_id, vector_clock, created_at } = change;
+    const { table_name, row_id, operation, data, node_id, vector_clock, created_at, signature } = change;
 
-    // Check if we already have this change
-    const existing = this.db.exec(
-      `SELECT id FROM _replication_log 
-       WHERE table_name = '${table_name}' AND row_id = '${row_id}' AND vector_clock = '${vector_clock}'`
-    );
+    // Verify ML-DSA-65 signature before trusting remote change
+    if (!signature) {
+      log.warn('Rejecting unsigned replication change', { nodeId: node_id?.slice(0, 12), table: table_name });
+      return false;
+    }
+    const peerPubKey = this._getPeerPublicKey(node_id);
+    if (!peerPubKey) {
+      log.warn('Rejecting replication change from unknown node (no public key)', { nodeId: node_id?.slice(0, 12) });
+      return false;
+    }
+    const sigPayload = JSON.stringify({
+      tableName: table_name, rowId: row_id, operation, data,
+      nodeId: node_id, vectorClock: vector_clock,
+    });
+    if (!this.identity.verify(sigPayload, signature, peerPubKey)) {
+      log.warn('Rejecting replication change with invalid signature', { nodeId: node_id?.slice(0, 12), table: table_name });
+      return false;
+    }
+
+    // Check if we already have this change (parameterized)
+    let alreadyExists = false;
+    try {
+      const stmt = this.db.prepare(
+        'SELECT id FROM _replication_log WHERE table_name = ? AND row_id = ? AND vector_clock = ?'
+      );
+      stmt.bind([table_name, row_id, vector_clock]);
+      alreadyExists = stmt.step();
+      stmt.free();
+    } catch (e) {
+      log.warn('Failed to check existing change', { error: e.message });
+    }
 
-    if (existing.length > 0 && existing[0].values.length > 0) {
+    if (alreadyExists) {
       return false; // Already applied
     }
 
@@ -223,26 +271,31 @@ export class ReplicationEngine {
    * Get changes since a timestamp
    */
   getChangesSince(since, tables = REPLICATED_TABLES) {
-    const tableList = tables.map(t => `'${t}'`).join(',');
+    const placeholders = tables.map(() => '?').join(',');
     
-    const result = this.db.exec(
-      `SELECT * FROM _replication_log 
-       WHERE created_at > ${since} AND table_name IN (${tableList})
-       ORDER BY created_at ASC
-       LIMIT 1000`
-    );
-
-    if (result.length === 0) return [];
-
-    // Convert to objects
-    const columns = result[0].columns;
-    return result[0].values.map(row => {
-      const obj = {};
-      columns.forEach((col, i) => {
-        obj[col] = row[i];
-      });
-      return obj;
-    });
+    try {
+      const stmt = this.db.prepare(
+        `SELECT * FROM _replication_log 
+         WHERE created_at > ? AND table_name IN (${placeholders})
+         ORDER BY created_at ASC
+         LIMIT 1000`
+      );
+      stmt.bind([since, ...tables]);
+      
+      const columns = stmt.getColumnNames();
+      const results = [];
+      while (stmt.step()) {
+        const row = stmt.get();
+        const obj = {};
+        columns.forEach((col, i) => { obj[col] = row[i]; });
+        results.push(obj);
+      }
+      stmt.free();
+      return results;
+    } catch (e) {
+      log.warn('Failed to get changes', { error: e.message });
+      return [];
+    }
   }
 
   /**
@@ -264,6 +317,33 @@ export class ReplicationEngine {
 
   // ===== Private Methods =====
 
+  /**
+   * Resolve a peer's public key from mesh state.
+   * Checks WS peers, relay keys, SHERPA registry, and self.
+   */
+  _getPeerPublicKey(nodeId) {
+    // Self
+    if (nodeId === this.nodeId) {
+      return this.identity.identity.publicKey;
+    }
+    // WS peer info
+    if (this.mesh?.peers) {
+      const peer = this.mesh.peers.get(nodeId);
+      if (peer?.identity?.publicKey) return peer.identity.publicKey;
+    }
+    // Relay peer keys (stored during signed registration)
+    if (this.mesh?._relayPeerKeys) {
+      const key = this.mesh._relayPeerKeys.get(nodeId);
+      if (key) return key;
+    }
+    // SHERPA registry
+    if (this.mesh?.sherpa?.registry) {
+      const regPeer = this.mesh.sherpa.registry.get(nodeId);
+      if (regPeer?.publicKey) return regPeer.publicKey;
+    }
+    return null;
+  }
+
   _generateVectorClock() {
     const timestamp = Date.now();
     const random = Math.random().toString(36).slice(2, 8);

package/docs/CRYPTO-AGILITY.md

@@ -0,0 +1,204 @@
+# Cryptographic Agility in Yakmesh
+
+This document formalizes Yakmesh's approach to cryptographic agility—the ability to transition between cryptographic algorithms as standards evolve and new threats emerge.
+
+## Current Cryptographic Stack
+
+| Purpose | Algorithm | Standard | Security Level |
+|---------|-----------|----------|----------------|
+| **Digital Signatures** | ML-DSA-65/87 | FIPS 204 | NIST Level 3/5 |
+| **Key Encapsulation** | ML-KEM-768/1024 | FIPS 203 | NIST Level 3/5 |
+| **Symmetric Encryption** | AES-256-GCM | FIPS 197 | 256-bit |
+| **Hash Functions** | SHA3-256 | FIPS 202 | 256-bit |
+| **Key Derivation** | HKDF-SHA3-256 | RFC 5869 | 256-bit |
+
+## Security Level Selection
+
+Yakmesh supports two NIST security levels:
+
+### Level 3 (Default)
+- **Signature**: ML-DSA-65 (Dilithium3)
+- **KEM**: ML-KEM-768 (Kyber768)
+- **Classical Security**: ~192 bits
+- **Quantum Security**: ~128 bits
+- **Use Case**: Standard operations, good performance
+
+### Level 5 (Paranoid Mode)
+- **Signature**: ML-DSA-87 (Dilithium5)
+- **KEM**: ML-KEM-1024 (Kyber1024)
+- **Classical Security**: ~256 bits
+- **Quantum Security**: ~192 bits
+- **Use Case**: High-security environments, long-term secrets
+
+## Configuration
+
+Set security level in `yakmesh.config.js`:
+
+```javascript
+export default {
+  security: {
+    level: 5,  // 3 = default, 5 = paranoid
+  },
+  // ... other config
+};
+```
+
+Or programmatically:
+
+```javascript
+import { setSecurityLevel, SecurityLevel } from 'yakmesh/security/crypto-config';
+setSecurityLevel(SecurityLevel.LEVEL_5);
+```
+
+## Algorithm Upgrade Path
+
+### When to Upgrade
+
+1. **NIST Recommendations Change**: If NIST deprecates an algorithm
+2. **New Attacks Published**: If cryptanalysis weakens security margins
+3. **Performance Improvements**: When newer algorithms offer better performance
+4. **Standard Updates**: When FIPS standards are revised
+
+### Upgrade Procedure
+
+1. **Announce Deprecation** (T-90 days)
+   - Publish security advisory
+   - Update documentation
+   - Begin dual-algorithm support period
+
+2. **Dual Support Period** (90 days)
+   - Accept both old and new algorithms
+   - Log deprecation warnings for old algorithm usage
+   - Allow nodes to upgrade at their own pace
+
+3. **Cutover** (T+0)
+   - Stop accepting old algorithms for new connections
+   - Existing sessions continue until natural expiry
+   - All new handshakes require new algorithm
+
+4. **Cleanup** (T+30)
+   - Remove old algorithm code
+   - Update minimum version requirements
+
+### Version Negotiation
+
+During handshake, nodes exchange supported algorithms:
+
+```json
+{
+  "supportedAlgorithms": {
+    "signature": ["ML-DSA-87", "ML-DSA-65"],
+    "kem": ["ML-KEM-1024", "ML-KEM-768"]
+  },
+  "preferredLevel": 5
+}
+```
+
+Nodes select the highest mutually-supported level.
+
+## Future Algorithm Candidates
+
+### Monitoring List
+
+| Algorithm | Type | Status | Notes |
+|-----------|------|--------|-------|
+| **X-Wing** | Hybrid KEM | Draft | ML-KEM + X25519 hybrid |
+| **SLH-DSA** | Signature | ✅ **Implemented** | Hash-based backup signatures (v1.7.0) |
+| **HQC** | KEM | Round 4 | Code-based alternative to ML-KEM |
+| **BIKE** | KEM | Round 4 | Code-based alternative |
+
+> **Note (v1.7.0):** SLH-DSA is now implemented as backup signatures! Use `signDual()` and `verifyDual()` for defense-in-depth with both lattice-based (ML-DSA) and hash-based (SLH-DSA) algorithms.
+
+### Hybrid Approach (Future)
+
+When NIST finalizes hybrid standards, Yakmesh will support:
+
+```
+SharedSecret = KDF(ML-KEM-SharedSecret || X25519-SharedSecret)
+```
+
+This provides defense-in-depth: both PQ and classical algorithms must be broken.
+
+## Hash Function Strategy
+
+### Current: SHA3-256 Everywhere
+
+Yakmesh uses SHA3-256 (Keccak) for all hashing:
+- Content addressing
+- Oracle validation  
+- Key derivation context
+- Bloom filter hashing
+
+### Rationale
+
+1. **SHA3 is Grover-resistant**: 256-bit hash provides 128-bit quantum security
+2. **Different construction**: SHA3 uses sponge construction vs SHA2's Merkle-Damgård
+3. **No length-extension**: SHA3 is immune to length-extension attacks
+4. **Future-proof**: Native 256-bit output without truncation
+
+## Backward Compatibility
+
+### Node Identity Continuity
+
+When upgrading algorithms:
+- Node IDs remain stable (derived from codebase hash)
+- Public keys are regenerated with new algorithm
+- Key rotation is transparent to peers
+
+### Message Format
+
+Crypto parameters are included in message headers:
+
+```json
+{
+  "cryptoVersion": "1.6.0",
+  "signatureAlgo": "ML-DSA-65",
+  "kemAlgo": "ML-KEM-768",
+  "hashAlgo": "SHA3-256"
+}
+```
+
+Receivers validate algorithm support before processing.
+
+## Security Considerations
+
+### Key Storage
+
+- Private keys are stored locally in `data/node-key.json`
+- Keys are never transmitted over the network
+- Consider HSM integration for enterprise deployments
+
+### Algorithm Downgrades
+
+- Yakmesh REJECTS algorithm downgrade attempts
+- If peer offers only deprecated algorithms, connection fails
+- Log all downgrade attempts for security monitoring
+
+### Side-Channel Resistance
+
+The `@noble/post-quantum` library includes:
+- Constant-time implementations
+- Memory-hard operations where applicable
+- No branching on secret data
+
+## Audit Trail
+
+All cryptographic changes are logged:
+
+| Version | Date | Change | Rationale |
+|---------|------|--------|-----------|
+| 1.0.0 | 2025-12 | Initial ML-DSA-65/ML-KEM-768 | FIPS 203/204 released |
+| 1.4.0 | 2026-01 | Added ANNEX (ML-KEM-768) | P2P encryption |
+| 1.6.0 | 2026-01 | Added Level 5 option | Paranoid mode |
+
+## References
+
+- [NIST FIPS 203](https://csrc.nist.gov/publications/detail/fips/203/final) - ML-KEM
+- [NIST FIPS 204](https://csrc.nist.gov/publications/detail/fips/204/final) - ML-DSA
+- [NIST FIPS 205](https://csrc.nist.gov/publications/detail/fips/205/final) - SLH-DSA
+- [@noble/post-quantum](https://github.com/paulmillr/noble-post-quantum) - Implementation
+
+---
+
+*Last Updated: 2026-01-17*  
+*Document Version: 1.0*