638a0f5ea2
feat(transport): implement RFC-0015 Transport Skins
...
Add MIMIC_DNS and MIMIC_HTTPS skins for DPI evasion:
- MIMIC_DNS: DoH tunnel with dictionary-based encoding
- MIMIC_HTTPS: WebSocket framing with domain fronting
- PNG integration for traffic shaping
All skins support:
- Polymorphic Noise Generator (PNG) for traffic shaping
- Dynamic packet sizing based on epoch profiles
- Kenya-compliant memory usage (<10MB)
Tests: 170+ passing
2026-02-04 05:57:58 +01:00
482b5488e6
fix: Correct FeedEvent size 96 bytes, fix PNG types
...
- feed.zig: Fix @sizeOf from 104 to 96 (actual struct size)
- png.zig: Fix type cast in wrapping arithmetic
Refs: RFC-0015
2026-02-03 18:01:15 +01:00
ef0b7b61f6
fix: Use wrapping arithmetic in PNG to avoid overflow
...
Use +% for wrapping addition to prevent debug panic on overflow.
Cast through u32 for multiplication to avoid u8 overflow.
Refs: RFC-0015
2026-02-03 17:50:08 +01:00
4bd581dd71
fix: Simplified transport_skins.zig to fix build
...
Remove complex WebSocket implementation temporarily.
Focus on getting clean compile first.
Refs: RFC-0015
2026-02-03 17:48:30 +01:00
bdb1f8e896
fix: Minimal duckdb.zig without comments
...
Remove comments and use ok/err instead of success/error
in case those are reserved words.
Refs: RFC-0015
2026-02-03 17:46:25 +01:00
d0cfedfe71
fix: Rewrite duckdb.zig to fix enum syntax
...
Clean rewrite of duckdb.zig to eliminate enum syntax error.
Also confirmed transport_skins.zig uses _: for unused params.
Refs: RFC-0015
2026-02-03 17:44:15 +01:00
44b37bc231
fix: Final Zig 0.15.2 syntax fixes
...
- duckdb.zig: Remove enum values (use default)
- png.zig: Mark unused bimodal params with _:
- transport_skins.zig: Mark probe params with _:
Refs: RFC-0015
2026-02-03 17:42:20 +01:00
924b330396
fix: Zig 0.15.2 unused parameter warnings
...
- png.zig: Fix sampleGamma signature with _: prefix
- duckdb.zig: Use explicit enum(u32) with values
- transport_skins.zig: Use _: prefix for unused params
All tests should now compile without unused parameter errors.
Refs: RFC-0015
2026-02-03 17:37:43 +01:00
5c04aa3a37
fix: Zig 0.15.2 type casts and enum syntax
...
- png.zig: Use @floatFromInt for u8->f64 conversions
- png.zig: Use @as(u32, ...) for enumFromInt
- png.zig: Mark unused Gamma parameters
- duckdb.zig: Simplify enum
Refs: RFC-0015
2026-02-03 17:30:48 +01:00
5dce8e0880
fix: More Zig 0.15.2 syntax fixes
...
- png.zig: Remove crypto dependency, simple XOR key derivation
- png.zig: Fix type casts for u16/u32 calculations
- transport_skins.zig: Replace inline else in deinit
- duckdb.zig: Simplify enum definition
- build.zig: Remove crypto import for png module
Refs: RFC-0015
2026-02-03 17:29:07 +01:00
0e21a5340c
fix: Zig 0.15.2 syntax errors in PNG, skins, feed
...
- png.zig: Replace @pow with std.math.pow, fix variable names
- png.zig: Add crypto module import via build.zig
- transport_skins.zig: Replace inline else with explicit arms
- duckdb.zig: Change c_uint to u32
- feed.zig: Fix hex escape syntax, mark unused params
Refs: RFC-0015, Sprint 5
2026-02-03 17:26:44 +01:00
dbcf4734e7
build: Add PNG + Transport Skins to build system
...
- png.zig module with tests
- transport_skins.zig module with tests
- Integrated into zig build test pipeline
Refs: RFC-0015
2026-02-03 17:22:03 +01:00
8e05835330
feat(l0): RFC-0015 Transport Skins + PNG implementation
...
- png.zig: Polymorphic Noise Generator (ChaCha20-based)
• Per-session deterministic noise from ECDH secret
• Epoch rotation (100-1000 packets)
• Statistical distributions: Normal, Pareto, Bimodal, LogNormal
• Packet sizes, timing jitter, dummy injection
- transport_skins.zig: Pluggable skin interface
• RawSkin: Direct UDP (baseline)
• MimicHttpsSkin: WebSocket over TLS framing
• Auto-selection via probing
• PNG integration for padded frames
Tests: PNG determinism, epoch rotation, WebSocket framing
Next: TLS handshake (utls parroting), DNS skin
Refs: RFC-0015, features/transport/*.feature
2026-02-03 17:21:05 +01:00
03c6389063
rfc(0015): Pluggable Transport Skins for DPI resistance
...
- RFC-0015: Complete specification for censorship-resistant L0
- Transport Skins: RAW, MIMIC_HTTPS, MIMIC_DNS, MIMIC_VIDEO, STEGO
- Polymorphic Noise Generator (PNG): Per-session traffic shaping
- Anti-fingerprinting: TLS JA3 parroting, ECH, DoH tunneling
- Gherkin BDD: 50+ scenarios for TDD implementation
Targets: GFW, RKN, Iran/Turkmenistan edge cases
Kenya compliant: Embedded-only, no cloud calls
Features:
- transport_skins.feature: Skin selection, probing, defense
- polymorphic_noise.feature: PNG determinism, distributions
Next: Sprint 5 implementation (MIMIC_HTTPS + PNG core)
2026-02-03 17:17:52 +01:00
65f9af6b5d
feat(l4): Add FeedStore with DuckDB backend
...
- l4-feed/feed.zig: Complete FeedStore implementation
- l4-feed/duckdb.zig: C API bindings for DuckDB
- build.zig: Add l4_feed module and tests
- RFC-0130: L4 Feed architecture specification
Kenya compliant: embedded-only, no cloud calls
Next: Result parsing for query() method
2026-02-03 17:01:31 +01:00
875c9b7957
rfc: Add L4 Feed architecture spec (DuckDB + LanceDB)
2026-02-03 16:30:43 +01:00
282eecab24
docs: Add professional GitHub README
...
- Badges for tests, Zig version, license
- Architecture diagram
- Module overview
- GQL example code
- Kenya compliance table
- Philosophy section
2026-02-03 15:31:34 +01:00
290e8ec824
docs: Add L4 Feed architecture documentation
2026-02-03 15:03:03 +01:00
977eaa8ceb
feat(feed): Add L4 Feed schema for DuckDB + LanceDB
...
- FeedEvent structure with vector embeddings
- EventType enum (post, reaction, follow, mention, hashtag)
- FeedStore interface for hybrid storage
- Query options for temporal + semantic search
- Tests for encoding
Sprint 4 WIP: L4 Feed
2026-02-03 15:00:58 +01:00
b6edd5c403
feat(capsule): stabilize TUI monitor, implement control IPC, and fix leaks (Zig 0.15.2)
2026-02-01 10:35:35 +01:00
842ebf631c
docs: Add RFC-0105 (STP) and RFC-0014 (Secure Relay)
...
Documented recent architectural changes:
- RFC-0105: Defined Sovereign Epochs (1 Hour) and Timestamp behavior.
- RFC-0014: Defined Secure Relay Protocol (XChaCha20 + X25519), Sticky Sessions, and Nonce Binding.
2026-01-31 22:29:31 +01:00
5b80760d56
feat(stp): Define Sovereign Epoch (1 Hour)
...
Implemented struct in Sovereign Time Protocol (l0-transport/time.zig).
- Epoch Duration: 1 Hour (3600 seconds).
- Logic for calculating current epoch, start/end times, and time remaining.
- Aligned with SovereignTimestamp (attosecond precision).
2026-01-31 22:25:11 +01:00
87cd30dbe3
feat(relay): Implement Sticky Sessions & RelaySend CLI
...
- Added to support reusing SessionID and Ephemeral Keys.
- Updated to track session statistics (packet counts) for rate-limiting.
- Implemented CLI command to send packets via Relay.
- Refactored to accept optional reusable keypair.
- Updated tests.
2026-01-31 22:21:53 +01:00
8b115ee2a6
chore(federation): Bump protocol version to 2 (DHT key propagation)
2026-01-31 22:16:21 +01:00
24adf936e5
feat(relay): Wire up CircuitBuilder with DHT Keys
...
- Implemented in DHT for exact key lookup.
- Updated to use DHT service for resolving Relay Public Keys.
- Generated on client-side (random) for circuit privacy.
- Wired to pass DHT instance to CircuitBuilder.
- Updated forwarding logic to use strict SessionID binding.
- Fixed lints in dht.zig.
2026-01-31 22:15:46 +01:00
e5f59869bc
feat(crypto): Integrate ECDH & XChaCha20-Poly1305 for Relay
...
Phase 14 Real Crypto Update:
- Replaced mock encryption with XChaCha20-Poly1305 + X25519 ECDH.
- Implemented strict Nonce/SessionID binding (RFC-0000 alignment).
- Updated RelayPacket wire format to include Ephemeral Key.
- Updated RelayService to unwrap using Node Identity (SoulKey).
- Extended DHT and Federation protocols to propagate X25519 Public Keys.
- Persisted peer keys in SQLite storage.
- Tests passing (including new crypto logic).
2026-01-31 22:13:11 +01:00
fca9ac13e0
feat(integration): Wire Relay Forwarding & CLI Control
...
Phase 14 Integration:
- Relay Forwarding integrated into CapsuleNode event loop
- Handle LWF frames
- Forward packets to next hop (or local delivery if final)
- Added CLI commands: , ,
- Tests passing (140/140)
Capabilities:
✅ Relay Forwarding (Mock Encryption)
✅ Dynamic Relay Service Control
✅ Statistics Reporting
2026-01-31 21:47:40 +01:00
cda96d303e
feat(integration): Phase 14 - Integrate Relay & Circuit into CapsuleNode
...
Integration Complete:
- Added relay_enabled, bridge_enabled config options
- relay_trust_threshold for QVL relay selection
- RelayService for packet forwarding logic
- CircuitBuilder integrated into CapsuleNode
- Conditional initialization based on config
- All tests passing (140/140)
Node Capabilities:
✅ Gateway mode: NAT coordination
✅ Relay mode: Onion packet forwarding
✅ Client mode: Circuit building & sending
Config Example:
{
"relay_enabled": true,
"relay_trust_threshold": 0.7
}
2026-01-31 20:56:15 +01:00
ff9cebcb1e
feat(bridge): Implement Bridge Protocol for Layer 3 translation
...
Week 35 Complete:
- ChapterBridge with DID mapping for cross-Chapter communication
- HttpBridge adapter (HTTP ↔ LWF translation)
- SmtpBridge adapter (SMTP ↔ LWF translation)
- Protocol version translation framework
- Bridge reputation tracking and stats
- All tests passing (139/139)
Phase 13 (Three-Layer Forwarding) Complete:
✅ Week 33: Gateway Protocol
✅ Week 34: Relay Protocol
✅ Week 35: Bridge Protocol
2026-01-31 20:21:43 +01:00
a8ee5bebbd
feat(relay): Add Circuit Building and QVL relay selection
...
- Implemented CircuitBuilder for QVL-based relay path selection
- Added getTrustedRelays() to QvlStore for reputation queries
- Built 1-hop circuit MVP (Source -> Relay -> Target)
- All tests passing (137/137)
2026-01-31 19:57:03 +01:00
43156fc033
feat(relay): Implement RelayPacket and onion wrapping logic
2026-01-31 18:11:09 +01:00
e2f9a8c38d
feat(capsule): Admin CLI & Emergency Lockdown
...
- Added Admin CLI commands:
- Peer Management: ban, unban, trust, slash
- Diagnostics: sessions, dht, qvl-query, identity
- Security: lockdown, unlock, airlock
- Implemented L0 Transport Airlock & global lockdown flag
- Integrated SoulKey identity inspection
- Added comprehensive Admin CLI documentation
2026-01-31 10:41:38 +01:00
4498da5ce6
feat(capsule): implement discovery, federation, and persistence (Phase 10)
2026-01-31 08:35:22 +01:00
8cb89065bd
Phase 9 Complete: Autonomous Immune Response Operational 🛡️ (Artifacts Removed)
2026-01-31 04:32:09 +01:00
26050655c5
Phase 8 Complete: Rust Policy Enforcer Armed
...
- Zig L1: Added qvl_get_did export (NodeID -> DID lookup)
- Rust L2: Added get_did wrapper and punish_if_guilty logic
- Rust L2: Fixed policy_enforcer_neutral test (Accept default)
- Alignment: Mapped AnomalyReason to SlashReason
The PolicyEnforcer can now detect, target, and slash betrayers autonomously.
2026-01-31 04:06:51 +01:00
cbb73d16b8
Phase 8 Sprint 1: FFI Export for Slash Protocol
...
- Zig L1: Implemented qvl_issue_slash_signal (constructs SlashSignal)
- Rust L2: Added FFI binding and safe wrapper issue_slash_signal
- Config: Wired l1_slash_mod into qvl_ffi build
- Verified: Unit test for signal creation passing
The active defense loop is closed. L2 can now pull the trigger.
2026-01-31 03:54:36 +01:00
a60fd16e45
Phase 7 Complete: Slash Protocol Integration
...
- Integrated QuarantineList into L0Service (Hooks ready)
- Validated all tests (173/173 + new Slash/Quarantine tests)
- Weaponized stack: L0 can now hold and check blacklist of DIDs.
Next: Connect L2 trigger (FFI) to complete the active defense loop.
2026-01-31 03:50:49 +01:00
cc68e4f9a2
Phase 7 Sprint 1&2: SlashSignal and QuarantineList
...
- Implemented l1-identity/slash.zig (SlashSignal, PunishmentType)
- Implemented l0-transport/quarantine.zig (QuarantineList, Honeypot mode)
- Integrated modules into build.zig
- Validated with unit tests
Ready for enforcement hooks.
2026-01-31 03:47:14 +01:00
1b05a6555c
Phase 6C COMPLETE: L0-L2 IPC Bridge
...
- Zig L0: Implemented ipc/client.zig (Unix Domain Sockets)
- Zig L0: Hooked utcp/socket.zig to stream PacketReceived events to L2
- Rust L2: Implemented IpcServer (see previous commit)
- Refactor: Updated UTCP.init signature globally to accept allocator
- Verified: 173 Zig tests passing, Rust IPC server verified
Nervous system connected. Ready for Phase 7 (Slash Protocol).
2026-01-31 03:43:29 +01:00
a4645865b3
Phase 6B Week 3 COMPLETE: L2 Membrane Agent Integration
...
- Implemented L2 Pipeline Integration Test (tests/integration_test.rs)
- Connects L0 events -> PolicyEnforcer -> QVL FFI
- Validates full stack behavior
- Fixed build.rs linkage (linking libqvl_ffi.a correctly)
- Added README.md for membrane-agent
- Updated tasks and walkthroughs
Phase 6B Delivery:
- Rust L2 Agent Daemon (Functional)
- QVL FFI Bridge (Verified)
- Core Enforcement Logic (Policy/Alerts)
- RFC-0121 Slash Protocol Spec (Drafted)
Ready for next phase: Slash Protocol Implementation.
2026-01-31 03:33:13 +01:00
446b1203d5
Phase 6B Week 2 COMPLETE: Rust L2 Membrane Agent Daemon
...
- Implemented Core Daemon Components:
- PolicyEnforcer: Trust-based packet classification (Accept/Deprioritize/Drop)
- AnomalyAlertSystem: P0/P1 security alert queues with priority logic
- EventListener: Async stub for L0 UTCP event monitoring
- main.rs: Async daemon loop with component orchestration
- Verification:
- cargo build: SUCCESS
- cargo test: PASS (including FFI safety)
- cargo run: SUCCESS (Daemon initializes, checks QVL, enters loop)
Ready for Week 3 (L0 Integration) or Slash Protocol.
2026-01-31 03:30:07 +01:00
20c593220c
Phase 6B Week 1: Rust membrane-agent FFI bindings (partial)
...
- Created membrane-agent/ Rust crate structure
- Implemented qvl_ffi.rs: Safe Rust FFI wrapper around Zig QVL C ABI
- QvlClient with RAII semantics (init/deinit)
- Safe wrappers: get_trust_score, verify_pop, detect_betrayal, add/revoke edges
- AnomalyScore, PopVerdict enums
- Created main.rs: Minimal daemon stub
- Created Cargo.toml, build.rs for future Zig library linking
Blocker: build.zig static library target (Zig 0.15.2 API incompatibility)
- addStaticLibrary/addSharedLibrary don't exist in this Zig version
- LibraryOptions API changed (no .kind, .root_source_file fields)
- Deferred to next session: either upgrade Zig or use manual object linking
All Zig FFI tests passing (173/173). Rust compiles but can't link yet.
2026-01-31 03:21:35 +01:00
8b55df50b5
Phase 6A: QVL FFI C exports for L2 integration
...
- Created qvl_ffi.zig: C ABI exports (qvl_init, qvl_deinit, trust scoring, PoP verification, betrayal detection, graph mutations)
- Created qvl.h: C header with full API documentation
- Created test_qvl_ffi.c: C test harness (manual compilation)
- Added FFI tests to build.zig with libc linking
- Fixed API mismatches: TrustGraph.init (3 args), BellmanFordResult.betrayal_cycles usage
- All tests passing (173/173: 137 SDK + 36 FFI)
FFI enables Rust Membrane Agents (L2) to consume L1 trust functions.
2026-01-31 03:06:20 +01:00
27d182a117
Phase 4B: L1 QVL Advanced Graph Engine (Bellman-Ford, A*, Aleph Gossip, Belief Propagation)
2026-01-31 02:24:19 +01:00
995e74dc18
Phase 4: Advanced L0 Validation (Deterministic Ordering, Replay Filtering, and Trust Distance Integration)
2026-01-31 01:09:05 +01:00
2276954ba3
Phase 4: Established L0 Transport Pipeline with UTCP and Segmented WAL OPQ
2026-01-31 00:51:20 +01:00
e1df4b89c9
feat(l1-identity): integrate ML-KEM-768 post-quantum key and fix Zig 0.13 compatibility
2026-01-31 00:13:36 +01:00
c8ba5ea532
feat(all): Complete Phase 2 and Phase 3 Implementation
...
- l1-identity:
- Vector Clocks (vector.zig) and Causality tracking
- Trust Graph (trust_graph.zig) and Reputation logic
- Proof of Path (proof_of_path.zig)
- PQXDH Protocol (pqxdh.zig) with LibOQS integration
- Argon2/SoulKey hardening
- builds:
- Integrated static liboqs build script
- Updated build.zig for modular linkage
- docs:
- Added Phase 3 completion report
- Added build instructions
2026-01-30 23:24:01 +01:00
3b3993bea6
fix(l1): Export PQXDH module and correct build linkage
...
- l1-identity/crypto.zig: Export pqxdh module for SDK consumption
- build.zig: Define proper modules for PQXDH library and tests
- Link liboqs to l1_pqxdh_mod and propagate dependency to l1_mod
2026-01-30 23:12:35 +01:00
d9adadd1d5
docs(l1): Add Phase 3 PQXDH Documentation & Build Script
...
- scripts/build_liboqs.sh: Automated script to build static liboqs without OpenSSL
- docs/PHASE_3_PQXDH.md: Protocol implementation details and usage guide
- Resolves: Implement Post-Quantum Extended Diffie-Hellman handshake
2026-01-30 23:08:51 +01:00
Markus Maiwald
