+ Tesseras
+ Phase 1: Nodes Find Each Other
+2026-02-14
+Tesseras is no longer a local-only tool. Phase 1 delivers the networking layer: +nodes discover each other through a Kademlia DHT, communicate over QUIC, and +publish tessera pointers that any peer on the network can find. A tessera +created on node A is now findable from node C.
+What was built
+tesseras-core (updated) — New network domain types: TesseraPointer
+(lightweight reference to a tessera's holders and fragment locations),
+NodeIdentity (node ID + public key + proof-of-work nonce), NodeInfo
+(identity + address + capabilities), and Capabilities (bitflags for what a
+node supports: DHT, storage, relay, replication).
tesseras-net — The transport layer, built on QUIC via quinn. The Transport
+trait defines the port: send, recv, disconnect, local_addr. Two adapters
+implement it:
-
+
QuinnTransport— real QUIC with self-signed TLS, ALPN negotiation +(tesseras/1), connection pooling via DashMap, and a background accept loop +that handles incoming streams.
+MemTransport+SimNetwork— in-memory channels for deterministic testing +without network I/O. Every integration test in the DHT crate runs against +this.
+
The wire protocol uses length-prefixed MessagePack: a 4-byte big-endian length
+header followed by an rmp-serde payload. WireMessage carries a version byte,
+request ID, and a body that can be a request, response, or protocol-level error.
+Maximum message size is 64 KiB.
tesseras-dht — A complete Kademlia implementation:
+-
+
- Routing table: 160 k-buckets with k=20. Least-recently-seen eviction, +move-to-back on update, ping-check before replacing a full bucket's oldest +entry. +
- XOR distance: 160-bit XOR metric with bucket indexing by highest differing +bit. +
- Proof-of-work: nodes grind a nonce until
BLAKE3(pubkey || nonce)[..20]has +8 leading zero bits (~256 hash attempts on average). Cheap enough for any +device, expensive enough to make Sybil attacks impractical at scale.
+ - Protocol messages: Ping/Pong, FindNode/FindNodeResponse, +FindValue/FindValueResult, Store — all serialized with MessagePack via serde. +
- Pointer store: bounded in-memory store with configurable TTL (24 hours +default) and max entries (10,000 default). When full, evicts pointers furthest +from the local node ID, following Kademlia's distance-based responsibility +model. +
- DhtEngine: the main orchestrator. Handles incoming RPCs, runs iterative
+lookups (alpha=3 parallelism), bootstrap, publish, and find. The
run()+method drives atokio::select!loop with maintenance timers: routing table +refresh every 60 seconds, pointer expiry every 5 minutes.
+
tesd — A full-node binary. Parses CLI args (bind address, bootstrap peers, +data directory), generates a PoW-valid node identity, binds a QUIC endpoint, +bootstraps into the network, and runs the DHT engine. Graceful shutdown on +Ctrl+C via tokio signal handling.
+Infrastructure — OpenTofu configuration for two Hetzner Cloud bootstrap
+nodes (cx22 instances in Falkenstein, Germany and Helsinki, Finland). Cloud-init
+provisioning script creates a dedicated tesseras user, writes a config file,
+and sets up a systemd service. Firewall rules open UDP 4433 (QUIC) and restrict
+metrics to internal access.
Testing — 139 tests across the workspace:
+-
+
- 47 unit tests in tesseras-dht (routing table, distance, PoW, pointer store, +message serialization, engine RPCs) +
- 5 multi-node integration tests (3-node bootstrap, 10-node lookup convergence, +publish-and-find, node departure detection, PoW rejection) +
- 14 tests in tesseras-net (codec roundtrips, transport send/recv, backpressure, +disconnect) +
- Docker Compose smoke tests with 3 containerized nodes communicating over real +QUIC +
- Zero clippy warnings, clean formatting +
Architecture decisions
+-
+
- Transport as a port: the
Transporttrait is the only interface between +the DHT engine and the network. Swapping QUIC for any other protocol means +implementing four methods. All DHT tests use the in-memory adapter, making +them fast and deterministic.
+ - One stream per RPC: each DHT request-response pair uses a fresh +bidirectional QUIC stream. No multiplexing complexity, no head-of-line +blocking between independent operations. QUIC handles the multiplexing at the +connection level. +
- MessagePack over Protobuf: compact binary encoding without code generation +or schema files. Serde integration means adding a field to a message is a +one-line change. Trade-off: no built-in schema evolution guarantees, but at +this stage velocity matters more. +
- PoW instead of stake or reputation: a node identity costs ~256 BLAKE3 +hashes. This runs in under a second on any hardware, including a Raspberry Pi, +but generating thousands of identities for a Sybil attack becomes expensive. +No tokens, no blockchain, no external dependencies. +
- Iterative lookup with routing table updates: discovered nodes are added to +the routing table as they're encountered during iterative lookups, following +standard Kademlia behavior. This ensures the routing table improves +organically as nodes interact. +
What comes next
+-
+
- Phase 2: Replication — Reed-Solomon erasure coding over the network, +fragment distribution, automatic repair loops, bilateral reciprocity ledger +(no blockchain, no tokens) +
- Phase 3: API and Apps — Flutter mobile/desktop app via +flutter_rust_bridge, GraphQL API (async-graphql), WASM browser node +
- Phase 4: Resilience and Scale — ML-DSA post-quantum signatures, advanced +NAT traversal, Shamir's Secret Sharing for heirs, packaging for +Alpine/Arch/Debian/FreeBSD/OpenBSD, CI on SourceHut +
- Phase 5: Exploration and Culture — public tessera browser, institutional +curation, genealogy integration, physical media export +
Nodes can find each other. Next, they learn to keep each other's memories alive.
+ +