1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# Copyright 2026 Exochain Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
[]
= "exochain-node"
= "EXOCHAIN distributed node — single binary for joining and participating in the constitutional governance network"
= "https://docs.exochain.io"
= true
= true
= true
= true
= true
= true
[[]]
= "exochain"
= "src/main.rs"
[]
= true
[]
# Workspace crates
= { = "exochain-core", = "../exo-core", = "=0.2.0-beta" }
= { = "exochain-dag", = "../exo-dag", = "=0.2.0-beta" }
= { = "exochain-gatekeeper", = "../exo-gatekeeper", = "=0.2.0-beta" }
= { = "exochain-gateway", = "../exo-gateway", = "=0.2.0-beta", = false }
= { = "exochain-api", = "../exo-api", = "=0.2.0-beta" }
= { = "exochain-governance", = "../exo-governance", = "=0.2.0-beta" }
= { = "exochain-identity", = "../exo-identity", = "=0.2.0-beta" }
= { = "exochain-consent", = "../exo-consent", = "=0.2.0-beta" }
= { = "exochain-escalation", = "../exo-escalation", = "=0.2.0-beta" }
= { = "exochain-legal", = "../exo-legal", = "=0.2.0-beta" }
= { = "exochain-avc", = "../exo-avc", = "=0.2.0-beta" }
= { = "exochain-authority", = "../exo-authority", = "=0.2.0-beta" }
= { = "exochain-economy", = "../exo-economy", = "=0.2.0-beta" }
= { = "exochain-root", = "../exo-root", = "=0.2.0-beta" }
# DAG DB MCP gateway proxy client (P1-B SDK). The default node compiles the
# governed gateway proxy transport so MCP DAG DB tools can call the production
# gateway path when runtime config is present. Missing runtime config still
# fails closed; it never falls back to fabricated packet/writeback/import/export
# results.
= { = "exochain-sdk", = "../exochain-sdk", = "=0.2.0-beta", = true }
# CLI
= { = "4", = ["derive"] }
# Configuration
= { = true }
= { = true }
= { = true }
= "0.9"
# Storage
= { = "0.32", = ["bundled"] }
= { = true }
# Async runtime
= { = true }
# Logging
= { = true }
= { = true }
# Crypto (identity bootstrap)
= { = true }
= { = true }
= { = true }
= { = true }
= { = true }
= { = true }
= { = true }
= { = true }
= "=0.22.1"
= { = "=0.3.0-pre.2", = false, = ["std"] }
= "=0.10.2"
= { = "=0.8.0", = ["std"] }
= "=0.17.14"
= { = "=0.3.0-rc.4", = false, = ["std"] }
# Data directory
= "6"
# Serialization (CBOR for DagNode persistence)
= { = true }
# HTTP (metrics route, MCP SSE transport)
= { = true }
= { = true }
= { = true }
# Error handling
= { = true }
= { = true }
# P2P networking
= { = "0.43", = ["serde"] }
= "0.49"
= "0.47"
= { = "0.2", = ["ed25519", "peerid", "rand"] }
= { = "0.48", = ["serde"] }
= "0.46"
= "0.47"
= { = "0.13", = ["tokio"] }
= { = "0.47", = ["macros", "tokio"] }
= { = "0.44", = ["tokio"] }
= "0.47"
= "0.3"
# Hex encoding for peer display
= { = true }
# Secure random token generation
= { = true }
# UUID for challenge IDs
= { = true }
# HTTP client for Telegram bot API
= { = "0.12", = false, = ["json", "rustls-tls"] }
# JSON Schema validation for MCP tool input params (A-020). default-features
# disabled to drop the built-in HTTP retriever — we never resolve $ref over
# the network; schemas are local and compiled at registration time.
= { = "0.19", = false }
[]
= "3"
[]
# Pre-existing workspace deps used via re-exports or conditional compilation.
= ["ed25519-dalek", "exo-consent", "exo-governance", "exo-identity", "zeroize", "exochain-sdk"]
[]
# Default node builds compile the gateway production DB-backed DAG DB path and
# the MCP gateway proxy transport. Explicit `--no-default-features` node builds
# keep both paths out for minimal test/dev compatibility only.
= ["exo-gateway/default", "dagdb-gateway-proxy"]
# GAP-012 P1-C: DAG DB MCP gateway proxy. When runtime config is absent, the
# `dagdb_*` MCP tools still register but fail closed with a structured
# `dagdb_adapter_unconfigured` result before any HTTP request. When runtime
# config is present, the node uses the `DagDbHttpClient` proxy path and
# `NodeContext` carries the operator-configured gateway endpoint, bearer token,
# tenant, and namespace.
= ["dep:exochain-sdk", "exochain-sdk/http-client"]
# GAP (Onyx pass 3, RED #1): the HTTP endpoint
# `POST /api/v1/governance/validators` used to mutate the validator set
# unilaterally on presentation of the node's admin bearer token. That
# direct mutation path has been removed: even when this feature is enabled,
# the endpoint validates the request and submits a canonical
# `ValidatorSetChange` DAG proposal for consensus instead of editing
# reactor state or persistence directly.
#
# The endpoint remains default-off because full validator-set lifecycle
# governance still requires an approved quorum-vote/commit application path.
# Do NOT enable this in production unless the surrounding operator workflow
# explicitly accepts that this HTTP route is proposal-only, not a complete
# governance lifecycle.
= []
# CrossChecked receipt anchoring was introduced as a convenience adapter for
# customer-zero integration work. The route mints a node-signed TrustReceipt
# from external CrossChecked metadata, but this crate does not yet have a
# trusted CrossChecked authority resolver, proof fetcher, or tenant/workspace
# authorization contract. The production default is therefore fail-closed.
#
# Do NOT enable this in production. Enabling it means: "I accept that
# POST /api/v1/receipts can anchor CrossChecked metadata under the legacy,
# unaudited adapter contract and does not prove the external receipt or
# authority chain."
= []
# GAP (Onyx pass 3, RED #2 and follow-on trust-surface scans): several
# MCP tools return truthy-shaped responses without persisting to any
# store, invoking the reactor, appending to the DAG, delivering a
# message, or recording consent/escalation state — pure simulation.
# Combined with the MCP middleware's hardcoded-true constitutional
# context, this means AI agents calling these tools get "success"
# signals for actions that have zero governance-fabric effect.
#
# Mitigation: tools don't mutate real state, so blast radius is
# "AI agents acting on false success signals" — not state
# corruption. But signalling truth-that-isn't is itself a
# constitutional violation (HumanOverride, evidentiary integrity).
#
# The real fix is to wire handlers to the reactor propose/vote/
# commit flow via exo-dag, or replace with read-only helpers, or
# rename + disclaim. Until a direction is picked, we REFUSE by
# default and gate the simulators behind this explicit flag so
# no caller accidentally relies on fake-success semantics.
#
# Do NOT enable this in production. Enabling it means: "I accept
# that these MCP tool calls return truthy-shaped JSON while doing
# nothing on-chain."
= []
# ONYX-4 RED R1: `POST /api/v1/0dentity/claims` is the first-touch
# identity-claim bootstrap path. Before R7, this path allowed a caller
# with only the node write bearer token to create a pending claim for any
# DID, then later session flows had no cryptographic key binding. R7
# now binds OTP sessions to a verified Ed25519 bootstrap key, but the
# first-touch product design still needs an approved proof-of-possession
# contract (for example did:exo:<bs58(blake3(pubkey))> derivation match
# plus signed bootstrap payload) before the open claim-creation path is
# safe to expose.
#
# Until that design is accepted and implemented, the endpoint refuses by
# default. Enable this only for a controlled dev cluster that explicitly
# accepts the unaudited first-touch onboarding behavior.
#
# Do NOT enable this in production. Enabling it means: "I accept that
# first-touch 0dentity claim creation is running under the legacy,
# unaudited onboarding contract tracked by Onyx-4 R1."
= []
# ONYX-4 RED R5: infrastructure Holons currently build kernel adjudication
# contexts with sentinel authority/provenance signatures (`vec![1, 2, 3]`) and
# no public key. The Holons are recommendation-only today, but the runtime must
# not start by default until the context carries real signed authority and
# provenance.
#
# Do NOT enable this in production. Enabling it means: "I accept that
# infrastructure Holons run with the unaudited R5 adjudication context tracked
# by fix-onyx-4-r5-holons-stub-context.md."
= []
# ONYX-4 RED R3: the 0dentity device fingerprint and behavioral biometric
# modules have deterministic helpers and tests, but there is no public
# ingestion path that persists client-collected samples into the store. The
# onboarding UI can collect hashes and the scoring engine can consume samples,
# yet POST /api/v1/0dentity/claims ignores those fields.
#
# Do NOT enable this in production. Enabling it means: "I accept that the
# device_trust and behavioral_signature axes are running under the unaudited R3
# contract tracked by fix-onyx-4-r3-unwired-axes.md."
= []