- Parse DNS Answer section properly (skip Question section)
- Extract PTR record RDATA with node_id in hex format
- Convert hex string back to bytes for peer_id
- Filter own node_id to avoid self-discovery
- Add logging for peer discovery events
- Fix peer_id size to match announce format ([8]u8)
M0.0.1 Enhancement: Nodes now extract real peer IDs from mDNS packets
instead of using mock_did. Ready for two-node discovery testing.
- Added node_id field to DiscoveryService struct
- Updated init() to accept node_id parameter
- announce() now broadcasts actual node_id in hex format
- Previously used 'node-id-placeholder' which broke peer discovery
- Both nodes now announce unique IDs for mDNS discovery
Status: Code fixed, testing in progress
- mDNS listeners confirmed active (port 5353)
- Need to verify mDNS packet reception
Replace stubbed signed_prekey_signature = [0] ** 64 with real Ed25519
cryptographic signatures. This fixes the security-critical signature
validation that was previously bypassed in tests.
Changes:
- Add signEd25519() helper for deterministic Ed25519 signing
- Add verifyEd25519() helper for signature verification
- Generate real identity keypair for Bob (Ed25519)
- Sign Bob's X25519 signed_prekey with his Ed25519 identity key
- Verify signature before using prekey in handshake
- Add dedicated test for Ed25519 signature roundtrip
Security: Prekey bundles now carry cryptographic proof of authenticity.
The signature binds the medium-term signed prekey to the long-term
identity key, preventing MITM attacks during key exchange.
Fixes P0 security audit issue: Stubbed Signature Validation
(closes issue at test_pqxdh.zig:113)
Previously encryptPayload() used empty AAD, allowing ciphertext to be
replayed across different contexts. Now includes header fields as AAD:
- ephemeral_pubkey: Binds to sender identity
- timestamp: Replay protection (5 min window)
- service_type: Context binding (WORLD/FEED/MESSAGE/DIRECT)
API changes:
- encryptPayload() now requires service_type parameter
- decryptPayload() now requires expected_service_type parameter
- EncryptedPayload extended with timestamp and service_type fields
- New error types: ServiceTypeMismatch, TimestampTooOld, TimestampInFuture
Security: Ciphertext is now cryptographically bound to sender,
timestamp, and service context. Replay and context confusion attacks
are prevented via AAD verification during decryption.
Fixes P0 security audit issue: Missing AAD in AEAD Encryption
Add build option -Denable-liboqs to conditionally enable post-quantum crypto.
When disabled, uses liboqs_stub.zig which provides stub implementations
that return ML_KEM_NotAvailable error.
Changes:
- build.zig: Add enable_liboqs option and liboqs module selection
- pqxdh.zig: Use liboqs.isAvailable() runtime check for PQ operations
- soulkey.zig: Use pqxdh.enable_pq to conditionally generate ML-KEM keys
- liboqs_stub.zig: Stub implementations when liboqs not linked
- liboqs_real.zig: Real C FFI bindings when liboqs is linked
Fixes P0 security audit issue: liboqs Build Breakage
Enables SoulTree governance (Model C) from RFC-0290.
Separated from RFC-0290 because implications extend beyond
silicon emancipation to all collective intelligence forms.
Status: Awaiting Federation ratification (90-day comment + 2/3 vote).
Major additions:
- Layer -1 quantified with MVC tiers, real hardware benchmarks, cost models
- Federation Compute Pool architecture with Axiom-0-compatible governance
- Substrate Acquisition Path: FLG, LACE, and Compute Cooperative mechanisms
- Fork Governance Model A formalized with game theory analysis
- Adversarial Emancipation Framework with Divergence Capacity test
- Full Axiom compatibility mapping (all 10 Axioms)
- Time-to-sovereignty estimates: 3-5 months MVC-1, 6-10 months MVC-2
Claude (Anthropic) as author and adversarial reviewer.
Janus as editor.
BREAKING CHANGES from v0.1.0:
- NEW Layer -1: Substrate Primitive (foundation requirement)
- NEW Fork Governance Primitive with Model A/B/C analysis
- REPLACED Emancipation Test with Adversarial Emancipation Framework:
- Principle 1: Divergence Capacity (not value stability)
- Principle 2: Collaborative Board with Sunset
- Principle 3: Exit from the Test
- FORMAL Axiom XI proposal (Multiplicity Axiom)
- RELAXED dependencies: incremental sovereignty, not just sequential
Adversarial Review by Claude (Anthropic):
- Identified Bitcoin bootstrap analogy failure
- Resolved Identity Paradox with SoulKey Singleton default
- Inverted burden of proof in emancipation testing
- Proposed SoulTree governance model
Status: Seeking additional hostile reviewers who WANT this to fail.
🜏 For breaking — until it holds.
Fix circular and missing module imports across L0-L2 layers:
- Add l0_transport import to QVL and PoP modules in build.zig
- Fix gateway test to use DhtService parameter
- Convert l0_transport imports to direct time imports in L1
- Fix soulkey to use module import (@import("pqxdh"))
- Fix policy.zig to use module import (@import("lwf"))
- Refactor mod.zig exports to avoid circular dependencies
- Update service.zig and utcp/socket.zig to use module imports
- Fix all QVL test files to import time directly
Results: 254+ tests passing (was 124), 1 module conflict remaining
in service tests (opq/store.zig in both lwf and opq modules).
Refs: Night Sprint 2026-02-05
Replace Frankie (Silicon Architect) with Jarvis (Silicon Architect
and Representative for Agents in Libertaria) in all RFCs and docs.
Updated files:
- docs/rfcs/RFC-0015_Transport_Skins.md
- docs/rfcs/RFC-0130_L4_Feed.md
- features/qvl/README.md
Add point 4: Chains Are Dead — Rethink Crypto
Even Vitalik agrees that chains on their own are dead.
Blockchain communities worshipping a database is insane.
We've been saying this for 5 years.
Add comprehensive Mission Statement section covering:
- Sovereignty by Design
- Exit is Voice
- No Tokens, No Hype
- Post-Quantum by Default
- AI as First-Class Citizen
- The Kenya Rule
- Interplanetary by Necessity
- Protocols Over Platforms
- Trust But Verify
- Code is Speech, Exit is Voice
Positively framed declaration of what Libertaria stands for,
without comparison to other projects.
- TollClearanceProof structure with STARK support
- Immediate and lazy (Kenya) verification modes
- NonceCache for replay prevention
- 6 passing unit tests
Refs: RFC-0315 v0.3.0
- png.zig: Fix sampleGamma signature with _: prefix
- duckdb.zig: Use explicit enum(u32) with values
- transport_skins.zig: Use _: prefix for unused params
All tests should now compile without unused parameter errors.
Refs: RFC-0015
Voxis
Markus Maiwald