| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
ModInverse nil check
- Derive symmetric key via HKDF-SHA256 instead of using raw X25519 shared secret
- Bind sender + recipient pubkeys as ChaCha20-Poly1305 associated data to prevent key-confusion attacks
- Guard against ModInverse panic on degenerate public keys (y=1)
- Wrap DecryptDM error instead of swallowing it
- Update JS client to match Go implementation
- Document encryption details in PROTOCOL.md
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CLI (cmd/axon):
- Add explicit Unsubscribe on req exit (after EOSE and on Ctrl-C)
- Add reconnect with exponential backoff (1s→30s) for req --stream
JS library (js/axon.js):
- Canonical tag encoding and payload construction matching Go byte-for-byte
- Ed25519 sign/verify, keypair generation, challenge signing
- AxonClient: WebSocket connect with auth handshake, publish, subscribe,
unsubscribe, reconnect-ready callback API
- encryptDM/decryptDM: X25519 ECDH (Ed25519 key conversion) + ChaCha20-Poly1305
- runVectors: validates all 6 Phase 1 test vectors against Go ground truth
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- cmd/axon: new CLI module with keygen, pub, and req subcommands
- keygen: generate Ed25519 keypair, print hex seed and pubkey
- pub: sign and publish an event; accepts --kind, --content, --tag
- req: query/stream events as JSON lines; accepts --kind, --author,
--tag, --since, --until, --limit, --stream
- key loaded from --key flag or AXON_KEY env var
- relay/websocket: add Dial() for client-side WebSocket handshake
(ws:// and wss://, RFC 6455 masking via client:true)
- relay/server: fix broken-pipe on auth by switching hijacked conn
goroutine from r.Context() to context.Background(); r.Context() is
cancelled by net/http immediately after Hijack is called
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Implement the Axon relay as relay/ (module axon/relay). Includes:
- WebSocket framing (RFC 6455, no external deps) in relay/websocket/
- Per-connection auth: challenge/response with ed25519 + allowlist check
- Ingest pipeline: sig verify, dedup, ephemeral fanout, SQLite persistence
- Subscription manager with prefix-matching filter fanout in relay/subscription/
- SQLite storage with WAL/cache config and UNION query builder in relay/storage/
- Graceful shutdown on SIGINT/SIGTERM
- Filter/TagFilter types added to axon core package (required by relay)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the foundational Go package implementing the full Axon protocol
signing and crypto spec per PROTOCOL.md:
- Event/Tag structs and all kind constants (KindProfile through KindJobFeedback)
- Byte-exact canonical_payload construction per the PROTOCOL.md layout table
- Tag sorting and canonical_tags SHA256 hash (duplicate detection included)
- Ed25519 sign/verify, challenge sign/verify
- X25519 key conversion from Ed25519 keypair (RFC 8032 §5.1.5 clamping +
birational Edwards→Montgomery map for pubkeys)
- ChaCha20-Poly1305 encrypt/decrypt for DMs (nonce prepended)
- MessagePack encode/decode for events and wire messages
Test vectors written first in testdata/vectors.json covering canonical_tags,
canonical_payload, event_id, and signature verification — all deterministic
known-input → known-output pairs for cross-language validation in Phase 4.
13 tests, all passing.
|
| | |
|
| |
|
