Cete/sipher
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
54 commits 3 branches 0 tags 3 MiB
Find a file
Nixyan e943fe227f feat: add Redis worker connection and improve health check job scheduling 
- Introduced a new Redis worker connection function to manage worker-specific connections, enhancing reliability.
- Updated the health check job scheduling to use a SHA-256 hash for generating safe job IDs, improving uniqueness and security.
- Added a comprehensive README to document the federation background job queue, including job interfaces, exported functions, and usage examples.
- Refactored existing code for better organization and clarity, including updates to job processing and error handling.

This update aims to strengthen the federation's job processing capabilities and improve overall system documentation.
This update also finishes #4
2026-05-06 11:17:40 -03:00
.cursor refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
.vscode Restarting the project once again. 2026-03-05 18:52:46 -03:00
drizzle refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
public/logo feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
src feat: add Redis worker connection and improve health check job scheduling 2026-05-06 11:17:40 -03:00
tests refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
.env.local.example refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
.gitignore feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
bun.lock refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
components.json feat: added auth page and the whole functionallity surrounding it. 2026-03-06 16:21:42 -03:00
drizzle.config.ts Restarting the project once again. 2026-03-05 18:52:46 -03:00
LICENSE Restarting the project once again. 2026-03-05 18:52:46 -03:00
next.config.ts refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
package-lock.json chore(deps): bump next in the npm_and_yarn group across 1 directory 2026-03-17 19:35:23 +00:00
package.json refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
playwright.config.ts feat: enhance federation functionality by reworking the workers. 2026-04-08 10:35:59 -03:00
postcss.config.mjs Restarted the project. 2025-12-03 09:41:21 -03:00
README.md feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00
rotateKeys.ts refactor: modularize plugins with federation and encryption infrastructure 2026-05-05 11:40:14 -03:00
tsconfig.json feat: enhance federation functionality and improve documentation 2026-03-26 11:09:31 -03:00

README.md

SiPher

Silent Whisper — A federated social network built for the modern age.

License Version Status

SiPher is a federated social network. Each server is independent — no central authority, no single point of failure.

Your identity is you@yourserver.com. Your server, your data, your rules.

Roadmap

  • Phase 1 — Core federation. Two servers can follow each other, post, and see each other's posts.
    • — Two servers can follow each other, trust their keys and rotate them.
    • — One server can create posts, have users following each other and dms (unencrypted for now) works.
    • — Two servers can fetch posts, follows and other data from their users, including DMs.
  • Phase 2 — Server trust scoring and a public vouch ledger.
    • — Add a "nuke" endpoint where if a federation loses their old keys and cannot rotate them, it'll nuke everything and make the other federations reset that federation score.
  • Phase 3 — Opt-in relay network for censorship resistance.
  • Phase 4 — End-to-end encryption via TBD.

Instructions

Rotating Federation Keys

Federation identity is tied to two keypairs (Ed25519 for signing, X25519 for encryption). The rotateKeys.ts script walks through every known federation, proves ownership of both the old and new keys via a challenge-response protocol, and updates .env.local when all federations confirm.

You need the old keys in order to run this script, if you lost them, you'll have to use the nuke endpoint. (Yet to be made)

Prerequisites

  • A running database with the server registry populated (at least one peer federation).
  • .env.local with valid FEDERATION_* keys and BETTER_AUTH_URL.

Basic rotation

bun run rotateKeys.ts

The script will:

  1. List all federations in the registry.
  2. Ask for confirmation before proceeding.
  3. For each federation: request a challenge, solve it, and confirm.
  4. On full success: back up .env.local and write the new keys.
  5. On any failure: print a retry command and exit without writing keys.

Retrying after partial failure

If some federations failed while others succeeded, the script prints a ready-to-copy command targeting only the failures:

bun run rotateKeys.ts --resume '<keys-json>' --only '<failed-urls>'
  • --resume <json> — Reuse the new keys from the previous run instead of generating fresh ones (required because successful federations already registered them).
  • --only <urls> — Comma-separated list of federation URLs to retry. Federations not in this list are skipped.

You can also retry all federations with just --resume:

bun run rotateKeys.ts --resume '<keys-json>'

Author

Marcello Brito (Tocka) — tockanest.com

Mirrors

Gitea

GitHub

What is public/private?

Public

There are things that won't be e2ee because there's simply no reason for that to be done, this is a small list of the current (not finished) public data that other federations or even users might fetch and get all of the data:

  • Posts:
    • The whole post object is public, that includes:
      • The content, including images, videos or audios if any
      • Who posted it
      • The federation that has that data

Security

SiPher implements custom federation and cryptographic protocols. I am not a professional cryptographer or security researcher — this system has not been audited and almost certainly contains multiple vulnerabilities I am not aware of.

If you find one, please open an issue or contact me directly at tocka@tockanest.com. Responsible disclosure is appreciated.

Contributions from people with security or cryptography experience are especially welcome, even if just pure criticism.

Do not use SiPher in any context where your physical safety depends on it — not yet.

License

AGPL-3.0