Project Status

Roadmap & Release History

v0.1.0-alpha.1 — pre-alpha2294 tests passing0 CVEs (cargo audit)NOT production ready

Security Audit Status

All CRITICAL and HIGH findings closed.

Original audit: 30 findings. CRYPTO-01/02/03/04/05/06/07/08/09/11/12/13, AUTH-02/03/05/06/07, API-01/02/03/07, INFRA — all closed.

AUTH-04LOWACCEPTED RISK

IPC has no replay counter. DPAPI+PEERCRED+expiry accepted as sufficient mitigation at LOW severity.

AUTH-08LOWACCEPTED RISK

DoH proxy is open resolver to local processes. loopback-only bind + MAX_INFLIGHT=20 is correct mitigation.

API-08LOWACCEPTED RISK

Malformed-packet log flood possible.

Known Limitations

Current technical gaps.

ISP CGNAT

Jio and similar CGNAT networks block UDP responses on ephemeral high-numbered ports. Live WAN circuit tests require non-CGNAT connectivity.

L3+ TLS requirement

At L3+, daemon forces TLS for Circuit[0]. VPS nodes without a TLS listener on port 8443 cause Circuit[0] timeout at L3. Workaround: --connect 2.

Guard DHT replication

Guard node consistently shows 0/1 peers acked on DHT announce. Root cause: ISP ephemeral port blocking. Fallback-to-seeds active.

HS live WAN test

End-to-end hidden service test on WAN not yet completed. 2294 unit tests pass; network test blocked by ISP CGNAT.

daemon.rs size

~2.5k LoC single file. Should be split into circuit.rs, tunnel.rs, health.rs, ipc_server.rs, state.rs.

Release signing

ZERO_RELEASE_PUBKEY_HEX is the all-zeros placeholder. Release signing not yet deployed to https://releases.zero.network.

Roadmap

What's next.

Short-Term (6 weeks)

Fix L3+ Circuit[0] TLS

Configure TLS listener on VPS nodes or adjust use_tls logic for production.

Live WAN hidden service E2E

Complete end-to-end HS test from non-CGNAT network.

Repository hygiene

Remove scratchpads (*.log, *.diff, patch_dns.ps1), fix .gitignore, add tracing crate.

SECURITY.md + CHANGELOG.md + LICENSE

Standard project hygiene files.

wintun.dll SHA-256 pin

Move to build.rs download + verify instead of committed binary.

Fix guard DHT replication

Resolve ephemeral port blocking on guard node ISP.

Mid-Term (3 months)

SOON

Refactor daemon.rs

Split ~2.5k LoC into circuit.rs, tunnel.rs, health.rs, ipc_server.rs, state.rs.

Refactor node.rs

Move ~1200-line main loop to a typed message dispatcher.

Multi-signer directory consensus

Signed key bundle shipped in binary.

Containerize relay

Dockerfile + systemd unit + Helm chart.

Deploy release server

ZERO_RELEASE_URL + ZERO_RELEASE_PUBKEY for enforced upgrade verification.

Loopix-style cell batching

Replace static Poisson cover traffic.

Long-Term (6+ months)

LATER

Full PQ envelope

Per-hop hybrid PQ Sphinx on every hop, client to exit.

Real TLS fronting

Full TLS handshake fronting instead of cosmetic mimic.

Pluggable transports

meek, Snowflake, V2Ray plugins via pluggable-transport trait.

Reputation gossip

Cross-client trust and ban gossip.

Formal verification

Formal verification of the cell-state machine.

External security audit

Cure53, NCC Group, or Trail of Bits.

Release History

19 releases since audit baseline.

PC6F

2026-06-23HS E2E validation attempt; ISP CGNAT blocked live circuit; code verified2,294 tests

PC6E

2026-06-23relay_cells_forwarded_total wired to Sphinx hot path; DHT re-bootstrap fix2,294 tests

PC2

2026-06-21clippy -D warnings enforced; cargo audit 0 CVEs; SBOM 249 packages; CI gate2,294 tests

PC1

2026-06-20node_monitor.rs Prometheus; 7 runbooks; systemd hardening network-online.target2,282 tests

Beta Final

2026-06-20ReleaseDeploymentConfig activated; wintun version check wired in create_tun()2,277 tests

Beta Ph2

2026-06-2079 clippy warnings → 0; CRYPTO-09/11/12 closed; ReleaseDeploymentConfig2,277 tests

Release 20B

2026-06-20WAN bring-up: 4/4 VPS nodes live, gossip active, replay windows non-zero2,236 tests

Release 18

2026-06-20Public alpha ops: OpsAssessment, R18 CLI — CONTROLLED ALPHA READY2,217 tests

Release 16

2026-06-20BootstrapRegistry, network validation CLI, doctor extended to 17 checks2,163 tests

Release 13

2026-06-20PQ Sphinx V2: ML-KEM-768 per-hop, version=0x02, pq_cts array 4352B, NodeAd V21,986 tests

Release 12

2026-06-20Vanguard protection: L2=4 nodes 1–3d, L3=8 nodes 1–7d, persistence1,873 tests

Release 11

2026-06-19ZERO_PROXY removed; HsSphinxCircuit wired; circuit splice in node.rs1,825 tests

Release 10B

2026-06-19IntroCircuitManager + RendezvousCircuitPool; INTRODUCE1/2, RENDEZVOUS1/21,611 tests

Release 9

2026-06-18sodiumoxide removed; SOCKS5 RFC 1929 auth; CRYPTO-08 closed; AUTH-07 closed1,408 tests

Release 6

2026-06-16Node reputation: scoring, decay, path selection, persistence1,172 tests

Release 5

2026-06-16Decentralized directory: 3-tier bootstrap, BootstrapCache, DirectoryMetrics1,103 tests

CRYPTO-03/04

2026-06-11ChaCha20 keystream; deterministic nonce; BLAKE2b keyed MAC659 tests

W2-01/02

2026-06-10CRYPTO-01: reply MAC; CRYPTO-02: strict session lookup341 tests

Audit

2026-06-0330 security findings at HEAD ea9f1bf — all CRITICAL/HIGH now closed

Test progression: 341 (W2) → 659 (CRYPTO-03/04) → 1103 (Rel 5) → 1408 (Rel 9) → 1825 (Rel 11) → 2163 (Rel 16) → 2294 (PC2/PC6E/PC6F). All 2294 tests currently passing. Run: cargo test

← Home Architecture →Cryptography →