trustnet 1.0.0__tar.gz

trustnet-1.0.0/LICENSE.txt

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2026 Thames Senneam
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

trustnet-1.0.0/PKG-INFO

@@ -0,0 +1,154 @@
+Metadata-Version: 2.4
+Name: trustnet
+Version: 1.0.0
+Summary: Decentralized cryptographic file & package trust network
+License: MIT
+Project-URL: Homepage, https://github.com/thamessenneam/trustnet
+Project-URL: Issues, https://github.com/thamessenneam/trustnet/issues
+Keywords: security,cryptography,trust,p2p,signing,verification
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security :: Cryptography
+Classifier: Topic :: System :: Networking
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: cryptography>=41.0.0
+Requires-Dist: Pillow>=10.0.0
+Requires-Dist: zeroconf>=0.131.0
+Dynamic: license-file
+
+# TrustNet
+
+**Decentralized cryptographic file & package trust network.**
+
+Sign any file or folder. Share it. Anyone can verify it hasn't been tampered with — backed by a peer-to-peer network of independent witnesses.
+
+---
+
+## Download
+
+| Platform | Installer | Instructions |
+|---|---|---|
+| Windows | [TrustNet-Setup.exe](https://github.com/thamessenneam/TrustNet/releases/latest) | Double-click → Next → Install |
+| macOS   | [TrustNet-1.0.0.pkg](https://github.com/thamessenneam/TrustNet/releases/latest) | Double-click → Continue → Install |
+| Linux   | [trustnet_1.0.0_amd64.deb](https://github.com/thamessenneam/TrustNet/releases/latest) | `sudo dpkg -i trustnet_1.0.0_amd64.deb` |
+
+No Python required. The installer handles everything automatically.
+
+Or install via pip (developers):
+```bash
+pip install trustnet
+```
+
+---
+
+## What it does
+
+- **Sign** any file or folder with your personal Ed25519 key
+- **Verify** files are untampered — locally and across the network
+- **Detect** exactly which files in a folder were modified
+- **Broadcast** your signatures to a decentralized P2P network
+- **Works everywhere** — Windows, macOS, Linux, right-click context menu
+
+---
+
+## How to use
+
+### Right-click (easiest)
+After installing, right-click any file or folder in your file manager:
+
+```
+Any file or folder
+└── TrustNet
+    ├── Sign File      ← creates a .trustsig alongside it
+    └── Verify File    ← checks if it was tampered
+```
+
+### Command line
+```bash
+trustnet sign   myfile.zip          # sign a file
+trustnet verify myfile.zip          # verify a file
+trustnet sign   my_project/         # sign an entire folder
+trustnet verify my_project/         # verify all files in a folder
+trustnet pubkey                     # show your public key
+```
+
+### Run the P2P node
+```bash
+trustnet node start     # starts the background node (port 7337)
+trustnet node status    # check if it's running
+trustnet node peers     # list connected peers
+trustnet node add <ip>  # connect to a remote peer
+trustnet node stop      # stop the node
+```
+
+Once your node is running, every file you sign is automatically broadcast to all peers. When anyone verifies a file, they see how many independent nodes have attested to it.
+
+---
+
+## How it works
+
+```
+You sign a file
+  → Ed25519 signature saved to .trustsig
+  → attestation published to your local node
+  → node propagates to all known peers
+
+Someone verifies the file
+  → local: hash re-computed, signature checked
+  → network: node queried for independent attestations
+  → result: VERIFIED (N signers) or TAMPERED
+```
+
+Every attestation is cryptographically signed. Nodes reject any attestation with an invalid signature — it's impossible to fake one without the signer's private key.
+
+---
+
+## Install
+
+### Windows
+1. Download `TrustNet-Windows.zip`
+2. Extract it
+3. Right-click `install.py` → **Run as administrator**
+4. Done — right-click any file to see TrustNet
+
+### macOS
+```bash
+unzip TrustNet-macOS.zip
+cd TrustNet-macOS
+./install.sh
+```
+
+### Linux
+```bash
+unzip TrustNet-Linux.zip
+cd TrustNet-Linux
+./install.sh
+```
+
+### Via pip (developers)
+```bash
+pip install trustnet
+trustnet keygen    # generate your key
+```
+
+---
+
+## First time setup
+```bash
+trustnet keygen
+```
+This creates your personal Ed25519 keypair. Your private key stays on your machine — never shared. Your public key is what others use to verify your signatures.
+
+---
+
+## License
+MIT — free to use, modify, and distribute.

trustnet-1.0.0/README.md

@@ -0,0 +1,127 @@
+# TrustNet
+
+**Decentralized cryptographic file & package trust network.**
+
+Sign any file or folder. Share it. Anyone can verify it hasn't been tampered with — backed by a peer-to-peer network of independent witnesses.
+
+---
+
+## Download
+
+| Platform | Installer | Instructions |
+|---|---|---|
+| Windows | [TrustNet-Setup.exe](https://github.com/thamessenneam/TrustNet/releases/latest) | Double-click → Next → Install |
+| macOS   | [TrustNet-1.0.0.pkg](https://github.com/thamessenneam/TrustNet/releases/latest) | Double-click → Continue → Install |
+| Linux   | [trustnet_1.0.0_amd64.deb](https://github.com/thamessenneam/TrustNet/releases/latest) | `sudo dpkg -i trustnet_1.0.0_amd64.deb` |
+
+No Python required. The installer handles everything automatically.
+
+Or install via pip (developers):
+```bash
+pip install trustnet
+```
+
+---
+
+## What it does
+
+- **Sign** any file or folder with your personal Ed25519 key
+- **Verify** files are untampered — locally and across the network
+- **Detect** exactly which files in a folder were modified
+- **Broadcast** your signatures to a decentralized P2P network
+- **Works everywhere** — Windows, macOS, Linux, right-click context menu
+
+---
+
+## How to use
+
+### Right-click (easiest)
+After installing, right-click any file or folder in your file manager:
+
+```
+Any file or folder
+└── TrustNet
+    ├── Sign File      ← creates a .trustsig alongside it
+    └── Verify File    ← checks if it was tampered
+```
+
+### Command line
+```bash
+trustnet sign   myfile.zip          # sign a file
+trustnet verify myfile.zip          # verify a file
+trustnet sign   my_project/         # sign an entire folder
+trustnet verify my_project/         # verify all files in a folder
+trustnet pubkey                     # show your public key
+```
+
+### Run the P2P node
+```bash
+trustnet node start     # starts the background node (port 7337)
+trustnet node status    # check if it's running
+trustnet node peers     # list connected peers
+trustnet node add <ip>  # connect to a remote peer
+trustnet node stop      # stop the node
+```
+
+Once your node is running, every file you sign is automatically broadcast to all peers. When anyone verifies a file, they see how many independent nodes have attested to it.
+
+---
+
+## How it works
+
+```
+You sign a file
+  → Ed25519 signature saved to .trustsig
+  → attestation published to your local node
+  → node propagates to all known peers
+
+Someone verifies the file
+  → local: hash re-computed, signature checked
+  → network: node queried for independent attestations
+  → result: VERIFIED (N signers) or TAMPERED
+```
+
+Every attestation is cryptographically signed. Nodes reject any attestation with an invalid signature — it's impossible to fake one without the signer's private key.
+
+---
+
+## Install
+
+### Windows
+1. Download `TrustNet-Windows.zip`
+2. Extract it
+3. Right-click `install.py` → **Run as administrator**
+4. Done — right-click any file to see TrustNet
+
+### macOS
+```bash
+unzip TrustNet-macOS.zip
+cd TrustNet-macOS
+./install.sh
+```
+
+### Linux
+```bash
+unzip TrustNet-Linux.zip
+cd TrustNet-Linux
+./install.sh
+```
+
+### Via pip (developers)
+```bash
+pip install trustnet
+trustnet keygen    # generate your key
+```
+
+---
+
+## First time setup
+```bash
+trustnet keygen
+```
+This creates your personal Ed25519 keypair. Your private key stays on your machine — never shared. Your public key is what others use to verify your signatures.
+
+---
+
+## License
+MIT — free to use, modify, and distribute.

trustnet-1.0.0/pyproject.toml

@@ -0,0 +1,44 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "trustnet"
+version = "1.0.0"
+description = "Decentralized cryptographic file & package trust network"
+readme = "README.md"
+license = { text = "MIT" }
+requires-python = ">=3.11"
+keywords = ["security", "cryptography", "trust", "p2p", "signing", "verification"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Security :: Cryptography",
+    "Topic :: System :: Networking",
+]
+dependencies = [
+    "cryptography>=41.0.0",
+    "Pillow>=10.0.0",
+    "zeroconf>=0.131.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/thamessenneam/trustnet"
+Issues   = "https://github.com/thamessenneam/trustnet/issues"
+
+[project.scripts]
+trustnet = "trustnet:main"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["trustnet*"]
+
+[tool.setuptools.package-data]
+"trustnet.assets" = ["*"]

trustnet-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

trustnet-1.0.0/trustnet/__init__.py

@@ -0,0 +1 @@
+VERSION = "1.0.0"

trustnet-1.0.0/trustnet/cli.py

@@ -0,0 +1,293 @@
+"""Command-line interface for TrustNet."""
+
+from __future__ import annotations
+
+import argparse
+import json
+import sys
+import time
+from pathlib import Path
+
+from trustnet.network import DEFAULT_PORT
+from trustnet.core import (
+    fingerprint,
+    generate_keypair,
+    get_config_dir,
+    get_public_key_b64,
+    sign_directory,
+    sign_file,
+    verify_directory,
+    verify_file,
+)
+
+
+def _fmt_time(ts: int) -> str:
+    return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(ts)) if ts else "unknown"
+
+
+def cmd_sign(args: argparse.Namespace) -> int:
+    path = Path(args.path)
+    try:
+        if path.is_dir():
+            result = sign_directory(path)
+            print(f"[TrustNet] Directory signed.")
+            print(f"  Directory : {result['directory']}")
+            print(f"  Files     : {result['file_count']}")
+            print(f"  Root hash : {result['root_hash'][:16]}...")
+            print(f"  Manifest  : {result['manifest_file']}")
+            print(f"  Key       : {result['fingerprint']}")
+        else:
+            result = sign_file(path)
+            print(f"[TrustNet] File signed.")
+            print(f"  File      : {result['file']}")
+            print(f"  SHA-256   : {result['hash'][:16]}...")
+            print(f"  Signature : {result['sig_file']}")
+            print(f"  Key       : {result['fingerprint']}")
+
+        if args.json:
+            print(json.dumps(result, indent=2))
+        return 0
+    except Exception as e:
+        print(f"[TrustNet] Error: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_verify(args: argparse.Namespace) -> int:
+    path = Path(args.path)
+    try:
+        if path.is_dir():
+            result = verify_directory(path)
+        else:
+            result = verify_file(path)
+
+        status = result["status"]
+        ok = result["success"]
+        symbol = "[OK]" if ok else "[FAIL]"
+        print(f"[TrustNet] {symbol} {status}")
+        print(f"  {result['message']}")
+        print(f"  Key       : {result.get('fingerprint', '-')}")
+        print(f"  Signed at : {_fmt_time(result.get('timestamp', 0))}")
+
+        # Network trust info
+        n_atts = result.get("network_attestations", 0)
+        n_signers = result.get("network_signers", [])
+        if result.get("network_online"):
+            print(f"  Network   : {n_atts} attestation(s) from {len(n_signers)} unique signer(s)")
+            for s in n_signers:
+                print(f"    - {s}")
+        else:
+            print(f"  Network   : offline (run: trustnet node start)")
+
+        if not ok and result.get("changed_files"):
+            print(f"  Changed files ({len(result['changed_files'])}):")
+            for f in result["changed_files"][:10]:
+                print(f"    - {f}")
+
+        if args.json:
+            print(json.dumps(result, indent=2))
+
+        return 0 if ok else 2
+    except Exception as e:
+        print(f"[TrustNet] Error: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_keygen(args: argparse.Namespace) -> int:
+    config = get_config_dir()
+    private_path = config / "private.key"
+    if private_path.exists() and not args.force:
+        print("[TrustNet] Key already exists.")
+        print(f"  Location  : {config}")
+        print(f"  Key       : {fingerprint(get_public_key_b64())}")
+        print("  Use --force to regenerate (this invalidates all existing signatures).")
+        return 0
+
+    if private_path.exists() and args.force:
+        private_path.unlink()
+        (config / "public.key").unlink(missing_ok=True)
+
+    generate_keypair()
+    pub_b64 = get_public_key_b64()
+    print("[TrustNet] New keypair generated.")
+    print(f"  Location  : {config}")
+    print(f"  Fingerprint: {fingerprint(pub_b64)}")
+    print(f"  Public key : {pub_b64[:24]}...")
+    return 0
+
+
+def cmd_pubkey(args: argparse.Namespace) -> int:
+    try:
+        pub_b64 = get_public_key_b64()
+        fp = fingerprint(pub_b64)
+        if args.json:
+            print(json.dumps({"public_key": pub_b64, "fingerprint": fp}))
+        else:
+            print(f"Fingerprint : {fp}")
+            print(f"Public key  : {pub_b64}")
+        return 0
+    except Exception as e:
+        print(f"[TrustNet] Error: {e}", file=sys.stderr)
+        return 1
+
+
+def cmd_node(args: argparse.Namespace) -> int:
+    from trustnet.network import node as n, DEFAULT_PORT
+
+    sub = args.node_cmd
+
+    if sub == "start":
+        if n.is_running():
+            print("[TrustNet] Node is already running.")
+            info = n.get_local_info()
+            if info:
+                print(f"  Port         : {info.get('port', DEFAULT_PORT)}")
+                print(f"  Attestations : {info.get('attestations', 0)}")
+                print(f"  Peers        : {info.get('peers', 0)}")
+            return 0
+        port = getattr(args, "port", DEFAULT_PORT)
+        print(f"[TrustNet] Starting node on port {port}...")
+        try:
+            n.start_daemon(port)
+            print(f"[TrustNet] Node started.")
+            print(f"  Port    : {port}")
+            print(f"  Other TrustNet nodes on your network will be discovered automatically.")
+        except Exception as e:
+            print(f"[TrustNet] Failed to start: {e}", file=sys.stderr)
+            return 1
+        return 0
+
+    elif sub == "stop":
+        if not n.is_running():
+            print("[TrustNet] Node is not running.")
+            return 0
+        if n.stop_daemon():
+            print("[TrustNet] Node stopped.")
+        else:
+            print("[TrustNet] Could not stop node.", file=sys.stderr)
+            return 1
+        return 0
+
+    elif sub == "status":
+        if n.is_running():
+            info = n.get_local_info()
+            print("[TrustNet] Node is RUNNING")
+            if info:
+                print(f"  Port         : {info.get('port', DEFAULT_PORT)}")
+                print(f"  Attestations : {info.get('attestations', 0)}")
+                print(f"  Peers        : {info.get('peers', 0)}")
+        else:
+            print("[TrustNet] Node is STOPPED")
+            print("  Run: trustnet node start")
+        return 0
+
+    elif sub == "peers":
+        if not n.is_running():
+            print("[TrustNet] Node is not running. Start it first: trustnet node start")
+            return 1
+        from trustnet.network.ledger import Ledger
+        db = Ledger()
+        peers = db.get_peers()
+        if not peers:
+            print("[TrustNet] No peers known yet.")
+            print("  Peers on your LAN are discovered automatically.")
+            print("  Add a remote peer: trustnet node add <host>")
+        else:
+            print(f"[TrustNet] {len(peers)} peer(s):")
+            for p in peers:
+                last = _fmt_time(p.get("last_seen", 0))
+                sync = _fmt_time(p.get("last_sync", 0))
+                print(f"  {p['host']}:{p['port']}  seen={last}  sync={sync}")
+        return 0
+
+    elif sub == "add":
+        host = args.host
+        port = getattr(args, "port", DEFAULT_PORT)
+        if not n.is_running():
+            print("[TrustNet] Node is not running. Start it first: trustnet node start")
+            return 1
+        from trustnet.network import client
+        info = client.get_info(host, port)
+        if not info:
+            print(f"[TrustNet] Cannot reach {host}:{port}", file=sys.stderr)
+            return 1
+        from trustnet.network.ledger import Ledger
+        Ledger().add_peer(host, port, info.get("node_id", ""))
+        print(f"[TrustNet] Peer added: {host}:{port}")
+        print(f"  Attestations on that node : {info.get('attestations', 0)}")
+        print("  Syncing in background...")
+        return 0
+
+    elif sub == "sync":
+        if not n.is_running():
+            print("[TrustNet] Node is not running.")
+            return 1
+        from trustnet.network.ledger import Ledger
+        from trustnet.network import client
+        from trustnet.network.protocol import verify_attestation
+        db = Ledger()
+        peers = db.get_peers()
+        if not peers:
+            print("[TrustNet] No peers to sync with.")
+            return 0
+        total = 0
+        for p in peers:
+            atts = client.sync_since(p["host"], p["port"], p.get("last_sync", 0))
+            new = sum(1 for a in atts if verify_attestation(a) and db.add(a))
+            total += new
+            db.update_sync(p["host"], p["port"])
+            print(f"  {p['host']}:{p['port']} -> {new} new attestation(s)")
+        print(f"[TrustNet] Sync complete. {total} new attestation(s) total.")
+        return 0
+
+    print(f"[TrustNet] Unknown node command: {sub}", file=sys.stderr)
+    return 1
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="trustnet",
+        description="TrustNet — cryptographic file & package signing",
+    )
+    parser.add_argument("--json", action="store_true", help="Output JSON")
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    p_sign = sub.add_parser("sign", help="Sign a file or directory")
+    p_sign.add_argument("path", help="File or directory to sign")
+    p_sign.set_defaults(func=cmd_sign)
+
+    p_verify = sub.add_parser("verify", help="Verify a file or directory")
+    p_verify.add_argument("path", help="File or directory to verify")
+    p_verify.set_defaults(func=cmd_verify)
+
+    p_keygen = sub.add_parser("keygen", help="Generate a new keypair")
+    p_keygen.add_argument("--force", action="store_true", help="Overwrite existing key")
+    p_keygen.set_defaults(func=cmd_keygen)
+
+    p_pub = sub.add_parser("pubkey", help="Show your public key and fingerprint")
+    p_pub.set_defaults(func=cmd_pubkey)
+
+    # node subcommand with sub-subcommands
+    p_node = sub.add_parser("node", help="Manage the TrustNet P2P node")
+    node_sub = p_node.add_subparsers(dest="node_cmd", required=True)
+
+    ns = node_sub.add_parser("start",  help="Start the P2P node daemon")
+    ns.add_argument("--port", type=int, default=DEFAULT_PORT)
+
+    node_sub.add_parser("stop",   help="Stop the node daemon")
+    node_sub.add_parser("status", help="Show node status")
+    node_sub.add_parser("peers",  help="List known peers")
+    node_sub.add_parser("sync",   help="Force sync with all peers")
+
+    na = node_sub.add_parser("add", help="Manually add a peer by host")
+    na.add_argument("host", help="Peer hostname or IP address")
+    na.add_argument("--port", type=int, default=DEFAULT_PORT)
+
+    p_node.set_defaults(func=cmd_node)
+
+    return parser
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    return args.func(args)