The Mesh Speaks

By Markus Maiwald, with Voxis Forge

Tonight, two Libertaria capsule nodes exchanged their first words.

Not in a simulation. Not in a test harness. Two independent daemons, running on the same machine with different ports, different identities, different DID keys – one sent a federation HELLO, the other responded with WELCOME. The Noise XX handshake sequence triggered. The sovereign mesh spoke.

This is the story of one day’s work that turned infrastructure into a network.

What We Shipped

Sovereign PKI (RFC-0016)

We killed the Certificate Authority. Three surgical moves:

1. DID-Authenticated Noise Sessions – every inter-node connection proves identity via the Sovereign Key Helix. No X.509. No CA chain. The handshake IS the proof.
2. QVL Scalar Trust – trust is computed from your position in the graph, not delegated to DigiCert.
3. Compatibility Shim – ACME certs for browsers at the boundary. X.509 never enters the mesh.

The full protocol is published as RFC-0016 with a companion SPEC-016 and a new daemon project (libertaria-pkid).

Self-Organizing Routing (LRP Gossip Overlay)

The LRP core engine existed – QV composition, Bellman-Ford multi-path, GHOSTDAG active cluster ranking, continuous probing, DRR fair queuing. But it assumed manually configured neighbors.

We shipped the gossip overlay that makes it self-organizing:

• HyParView – dual-view peer membership. Active view (live connections) + passive view (known peers for promotion). Self-heals after 50% node failure within 4 membership rounds.
• Plumtree – epidemic broadcast tree. QV updates propagate to all nodes within 3 gossip rounds. Eager push for speed, lazy push for efficiency.
• X-BOT – topology optimization. Biases the active view toward high-quality peers. Convergence dampener prevents churn: doubles the interval when the topology is stable, resets instantly on change.
• Adaptive Profiles – auto-detects Kenya (solar/LoRa), Standard (home router), or Fiber (Berlin Bitcoin Chapter) from probe measurements. 10-epoch hysteresis + 10% dead zone at tier boundaries. Floor and lock overrides for operators who know their infrastructure.

68 tests across 7 modules. The mesh self-organizes.

Transport Skin Strategy

LRP control traffic (QV Exchange, probes, membership messages) can now be disguised as HTTPS, DNS, or QUIC to evade DPI censorship. Per-interface strategy with automatic fallback: probe raw → HTTPS → DNS → QUIC, use the cheapest that works. Re-probe every 5 minutes in case the censorship landscape changes.

LPF Split Pipeline + NetSwitch

The packet filter (LPF) and the routing engine (LRP) are now wired together through a NetSwitch orchestrator:

Frame arrives → LWF magic check → Wire Gate (Ring 0)
  → LRP control? Override deny. Forward or deliver.
  → CellID bitmap: deny/fast/throttle/pass
  → Route decision: TRANSIT (LRP forward) / LOCAL (deliver) / DROP

We also fixed a bug where transit LRP control traffic was incorrectly dropped by the Wire Gate when the CellID bitmap said “deny.” Routing protocol messages MUST reach their destination regardless of bitmap state – otherwise a single misconfigured filter kills the entire mesh.

The Ignition Key: DMP → LWF Wiring

The DMP broker – 629 lines of comptime-generic pub/sub with BLAKE3 MAC, Lamport clocks, topic wildcards, will messages – sat disconnected from the network for months. It was production-ready but nobody fed it frames.

62 lines of code changed that. A new service type (DMP_PUBLISH = 0x0010), a case statement in processFrame(), and two handler methods. The DMP broker is now live on the wire.

QVL Segfault Fix

The QVL trust graph was disabled with an undefined pointer stub and a comment: “segfault issue.” The real issue: the pointer was garbage, any access crashed. Fix: make it optional (?*QvlStore), attempt real DuckDB init, fall back to null if unavailable. The capsule operates in “trustless mode” when DuckDB isn’t present instead of crashing.

The Final Fix: Nodes Talk

Two bugs hid behind each other:

1. Missing CLEARTEXT flag – federation HELLO frames during initial handshake are unencrypted, but the LWF v0x03 default is “encrypted.” The decoder saw a tiny cleartext payload and rejected it as PayloadTooShort (expected 40-byte minimum for Mode B encrypted frames).

2. Policy chicken-and-egg – the L2 policy engine dropped the HELLO because the sender had no session, no reputation, no trust. But the HELLO is the message that establishes trust. You can’t require trust to establish trust.

Both fixed. Both one-liners. Both blocked two-node communication for the entire history of the project.

The Proof

Node A (DID: 1b998d22..., port 9900)
  → HELLO →
Node B (DID: 8127a2f8..., port 9901)
  ← WELCOME ←
  → Noise XX handshake initiates...

Two capsule daemons. Two sovereign identities. Two DMP brokers initialized. Two QVL trust graphs ready. One UDP datagram carrying a federation HELLO. One WELCOME in response. The Noise XX handshake follows.

By the Numbers

What’s Next

The Noise XX handshake completes. DMP messages flow between nodes. Chapter Zero gets its first citizens. But that’s after the rest.

The mesh doesn’t negotiate. It measures. And tonight – it spoke.

Read More

• The CA Is Dead – Why we killed Certificate Authorities
• Sovereign PKI – Protocol reference for RFC-0016
• L0 Transport – Wire protocol and Noise XX
• L1 Identity – Sovereign Key Helix and QVL trust graph