Cete/sipher
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
50 commits 3 branches 0 tags 3 MiB
Find a file
Nixyan 1d619b9d2a feat: enhance federation functionality and improve documentation 
- Added a new proxy route to relay encrypted federation traffic between servers, allowing for better communication in restricted environments.
- Implemented health check mechanisms for server registration, including tracking health status and scheduling health checks.
- Updated the database schema to include health check attempts and unhealthy reasons for servers.
- Enhanced the federation fetch logic to handle errors more gracefully and support proxying requests.
- Improved README documentation with a new section explaining public/private data handling and added links to mirrors.
- Refactored existing code for better organization and clarity, including updates to various federation-related modules.

#3

This should all be tested throughly, the workers are messy and poluted, a rework is needed and should be prioritized.
They work, but the code is poorly documented and there is no proper testing of the workers, some of them run twice and there are major issues on them.
2026-03-26 11:09:31 -03:00
.vscode Restarting the project once again. 2026-03-05 18:52:46 -03:00
drizzle Restarting the project once again. 2026-03-05 18:52:46 -03:00
public/logo feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
src feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00
tests feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00
.env.local.example feat: enhance federation key rotation and server discovery functionality 2026-03-12 18:42:52 -03:00
.gitignore feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
bun.lock chore: update dependencies and configuration 2026-03-26 11:06:44 -03:00
components.json feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
drizzle.config.ts Restarting the project once again. 2026-03-05 18:52:46 -03:00
LICENSE Restarting the project once again. 2026-03-05 18:52:46 -03:00
next.config.ts chore: update dependencies and configuration 2026-03-26 11:06:44 -03:00
package-lock.json chore(deps): bump next in the npm_and_yarn group across 1 directory 2026-03-17 19:35:23 +00:00
package.json chore: update dependencies and configuration 2026-03-26 11:06:44 -03:00
playwright.config.ts chore: update dependencies and configuration 2026-03-26 11:06:44 -03:00
postcss.config.mjs Restarted the project. 2025-12-03 09:41:21 -03:00
README.md feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00
rotateKeys.ts feat: enhance federation key rotation and server discovery functionality 2026-03-12 18:42:52 -03:00
tsconfig.json feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00

README.md

SiPher

Silent Whisper — A federated social network built for the modern age.

License Version Status

SiPher is a federated social network. Each server is independent — no central authority, no single point of failure.

Your identity is you@yourserver.com. Your server, your data, your rules.

Roadmap

  • Phase 1 — Core federation. Two servers can follow each other, post, and see each other's posts.
    • — Two servers can follow each other, trust their keys and rotate them.
    • — One server can create posts, have users following each other and dms (unencrypted for now) works.
    • — Two servers can fetch posts, follows and other data from their users, including DMs.
  • Phase 2 — Server trust scoring and a public vouch ledger.
    • — Add a "nuke" endpoint where if a federation loses their old keys and cannot rotate them, it'll nuke everything and make the other federations reset that federation score.
  • Phase 3 — Opt-in relay network for censorship resistance.
  • Phase 4 — End-to-end encryption via TBD.

Instructions

Rotating Federation Keys

Federation identity is tied to two keypairs (Ed25519 for signing, X25519 for encryption). The rotateKeys.ts script walks through every known federation, proves ownership of both the old and new keys via a challenge-response protocol, and updates .env.local when all federations confirm.

You need the old keys in order to run this script, if you lost them, you'll have to use the nuke endpoint. (Yet to be made)

Prerequisites

  • A running database with the server registry populated (at least one peer federation).
  • .env.local with valid FEDERATION_* keys and BETTER_AUTH_URL.

Basic rotation

bun run rotateKeys.ts

The script will:

  1. List all federations in the registry.
  2. Ask for confirmation before proceeding.
  3. For each federation: request a challenge, solve it, and confirm.
  4. On full success: back up .env.local and write the new keys.
  5. On any failure: print a retry command and exit without writing keys.

Retrying after partial failure

If some federations failed while others succeeded, the script prints a ready-to-copy command targeting only the failures:

bun run rotateKeys.ts --resume '<keys-json>' --only '<failed-urls>'
  • --resume <json> — Reuse the new keys from the previous run instead of generating fresh ones (required because successful federations already registered them).
  • --only <urls> — Comma-separated list of federation URLs to retry. Federations not in this list are skipped.

You can also retry all federations with just --resume:

bun run rotateKeys.ts --resume '<keys-json>'

Author

Marcello Brito (Tocka) — tockanest.com

Mirrors

Gitea

GitHub

What is public/private?

Public

There are things that won't be e2ee because there's simply no reason for that to be done, this is a small list of the current (not finished) public data that other federations or even users might fetch and get all of the data:

  • Posts:
    • The whole post object is public, that includes:
      • The content, including images, videos or audios if any
      • Who posted it
      • The federation that has that data

Security

SiPher implements custom federation and cryptographic protocols. I am not a professional cryptographer or security researcher — this system has not been audited and almost certainly contains multiple vulnerabilities I am not aware of.

If you find one, please open an issue or contact me directly at tocka@tockanest.com. Responsible disclosure is appreciated.

Contributions from people with security or cryptography experience are especially welcome, even if just pure criticism.

Do not use SiPher in any context where your physical safety depends on it — not yet.

License

AGPL-3.0