chore: initial commit for v0.0.1

DChain single-node blockchain + React Native messenger client. Core: - PBFT consensus with multi-sig validator admission + equivocation slashing - BadgerDB + schema migration scaffold (CurrentSchemaVersion=0) - libp2p gossipsub (tx/v1, blocks/v1, relay/v1, version/v1) - Native Go contracts (username_registry) alongside WASM (wazero) - WebSocket gateway with topic-based fanout + Ed25519-nonce auth - Relay mailbox with NaCl envelope encryption (X25519 + Ed25519) - Prometheus /metrics, per-IP rate limit, body-size cap Deployment: - Single-node compose (deploy/single/) with Caddy TLS + optional Prometheus - 3-node dev compose (docker-compose.yml) with mocked internet topology - 3-validator prod compose (deploy/prod/) for federation - Auto-update from Gitea via /api/update-check + systemd timer - Build-time version injection (ldflags → node --version) - UI / Swagger toggle flags (DCHAIN_DISABLE_UI, DCHAIN_DISABLE_SWAGGER) Client (client-app/): - Expo / React Native / NativeWind - E2E NaCl encryption, typing indicator, contact requests - Auto-discovery of canonical contracts, chain_id aware, WS reconnect on node switch Documentation: - README.md, CHANGELOG.md, CONTEXT.md - deploy/single/README.md with 6 operator scenarios - deploy/UPDATE_STRATEGY.md with 4-layer forward-compat design - docs/contracts/*.md per contract
2026-04-17 14:16:44 +03:00
commit 7e7393e4f8
196 changed files with 55947 additions and 0 deletions
--- a/deploy/single/Caddyfile
+++ b/deploy/single/Caddyfile
@@ -0,0 +1,46 @@
+# Single-node Caddy: TLS terminate + WS upgrade + internal-only /metrics.
+#
+# No load balancing — one node backend. Keeps the file short and easy to
+# audit. For a multi-node deployment see deploy/prod/caddy/Caddyfile.
+{
+    email   {$ACME_EMAIL:admin@example.com}
+    servers {
+        protocols h1 h2 h3
+    }
+}
+
+{$DOMAIN:localhost} {
+    encode zstd gzip
+
+    # WebSocket (single backend; no stickiness concerns).
+    @ws path /api/ws
+    handle @ws {
+        reverse_proxy node:8080
+    }
+
+    # REST API.
+    handle /api/* {
+        reverse_proxy node:8080
+    }
+
+    # /metrics is for the operator's Prometheus only. Block external IPs.
+    @metricsPublic {
+        path /metrics
+        not remote_ip 127.0.0.1 ::1 172.16.0.0/12 192.168.0.0/16 10.0.0.0/8
+    }
+    handle @metricsPublic {
+        respond "forbidden" 403
+    }
+
+    # Anything else → explorer HTML from the node.
+    handle {
+        reverse_proxy node:8080
+    }
+
+    log {
+        output stdout
+        format json
+        level  INFO
+    }
+}
+}