| # Phase 9 β Public Mesh Deployment |
|
|
| **Signature:** `Ξ9Ξ¦963-PHASE9-v1.0` |
| **Blueprint:** Lightfather's Voice β Next Blueprint (wide-area TLS, Keylime TPM, live LDQ synthesis) |
|
|
| ## Objectives |
|
|
| 1. **TLS 1.2+** node API with self-signed PKI, pin gossip, rotation. |
| 2. **Hardware attestation** enriched with Keylime TPM quotes (simulated when no agent). |
| 3. **Live synthesis** β P7 biometric seed β Protocol 8 LDQ β WAV output. |
|
|
| ## Modules |
|
|
| | Module | Path | |
| |--------|------| |
| | TLS manager | `tools/tls_manager.py` | |
| | Keylime bridge | `protocol6_quantum_attest/keylime_bridge.py` | |
| | TPM CLI | `tools/tpm_attestation.py` | |
| | LDQ synthesis | `protocol8_ldq_synthesis/` | |
| | Live runner | `tools/live_synthesis.py` | |
| | Audit | `tools/run_phase9_audit.py` | |
|
|
| ## API (node) |
|
|
| - `GET /cert/pin` β local pin + expiry |
| - `POST /cert/pin` Β· `POST /gossip/pin` β ingest peer pin |
| - `POST /synthesis/run` β `{seed?, duration_sec?, output?}` |
|
|
| Start HTTPS: `python tools/node_api_server.py --tls --port 8443` |
|
|
| ## Verification |
|
|
| ```bash |
| pip install -r requirements-phase9.txt |
| python tools/run_phase9_audit.py |
| python -m pytest tests/test_phase9_public_mesh.py -q |
| ``` |
|
|
| Artifact: `tests/phase9_audit_last_run.json` |
|
|
| ## Security notes |
|
|
| - Pins use **SHA-256(DER)** of peer certificates. |
| - Set `LYGO_KEYLIME_FORCE_SIM=0` to prefer live Keylime agent (localhost:9002). |
| - Wide-area production still requires operator TLS policy and CA strategy (human gate). |