- Go 99.1%
- Dockerfile 0.9%
The deleteOrInsert callback, hashVault struct, and all its methods are now provided by papirus.HashSet. hashstore.go drops from 149 to 19 lines — only the newHashVault constructor remains, routing to papirus.NewMemoryHashSet or papirus.NewFileHashSet. State fields (Members, Captions, Attorneys) change type from *hashVault to *papirus.HashSet. Method names follow the papirus convention: ExistsHash→Exists, InsertHash→Insert, RemoveHash→Remove. No changes to public API — HasMember, HasHandle, PowerOfAttorney, Incorporate, Serialize, Clone all keep the same signatures. |
||
|---|---|---|
| docker/apelido | ||
| node | ||
| .dockerignore | ||
| .gitignore | ||
| actions.go | ||
| actions_test.go | ||
| doc.go | ||
| docker-compose.yml | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| hashstore.go | ||
| LICENSE | ||
| mutations.go | ||
| reader.go | ||
| reader_test.go | ||
| README.md | ||
| state.go | ||
| validator.go | ||
Apelido
Identity registry protocol for the brisa network.
Apelido is a sub-chain that filters the brisa block stream for identity operations and maintains a registry of members, handles (nicknames), and powers of attorney. It runs as a node/social.SocialNode parameterised on the apelido state machine.
Architecture
brisa validators ──blocks──> relay ──blocks──> apelido-node (tier-1)
│
SocialSyncGateway
│
apelido-node (tier-2+)
- Tier-1 node connects directly to a brisa relay and processes main-chain
CommitBlocks viaProcessMainChainBlock. An external bridge readsSyncMsgNewBlock,SyncMsgChecksumConfirm, andSyncMsgRollbackfrom the relay and dispatches them to the node. - Tier-2+ nodes connect to an upstream apelido node via the
SocialSyncMsgprotocol (0x40-0x46) and receive pre-filteredSubChainBlocks.
Both tiers support automatic rollback: confirmed blocks are persisted, tentative blocks stay in memory, and state snapshots enable recovery on rollback.
State
The registry tracks three sets, each backed by a papirus HashStore:
| Set | Contents |
|---|---|
| Members | Registered identity tokens (hashes) |
| Captions | Claimed handle strings (hashes) |
| Attorneys | Active (member, attorney) delegation pairs (hashes) |
Actions
All actions are carried inside brisa.Void with Protocol = 0x4150454C ("APEL").
| Action | Kind | Description |
|---|---|---|
JoinNetwork |
0x01 | Register a new identity and claim a handle |
UpdateInfo |
0x02 | Update handle details (author or attorney signed) |
GrantPowerOfAttorney |
0x03 | Delegate signing rights to another token |
RevokePowerOfAttorney |
0x04 | Cancel a delegation |
Building
cd apelido
go build ./cmd/apelido-node/
Or with Docker (run from the parent directory containing both brisa/ and apelido/):
docker build -f apelido/Dockerfile -t apelido-node .
Quick Start
# Generate example config
./apelido-node -example > apelido-node.yaml
# Edit the upstream section with the relay token and address
# vim apelido-node.yaml
# Start the node (generates a keystore on first run)
export APELIDO_PASSWORD=yourpassword
./apelido-node -config apelido-node.yaml
Configuration
Flags
| Flag | Default | Description |
|---|---|---|
-config |
apelido-node.yaml |
Path to YAML configuration file |
-example |
Print example configuration and exit | |
-help |
Show help message |
YAML structure
node:
db_path: "./data" # Directory for sub-chain block store and apelido state
db_name: "apelido" # Database name prefix
upstream:
token: "" # 64-char hex token of the relay or upstream apelido node
addr: "localhost:9200" # Address of the upstream
sync:
listen: "" # Port for serving downstream apelido nodes (empty = disabled)
authorized_nodes: [] # Tokens allowed to sync (empty = open)
credentials:
keystore: "./keystore.json"
password_env: "APELIDO_PASSWORD"
generate: true
reconnect:
initial_delay: "1s"
max_delay: "60s"
multiplier: 2.0
Credentials
Three options, checked in order:
- Environment variable (
private_key_env): raw 64-char hex private key. For dev/containers only. - Keystore file (
keystore): encrypted with scrypt. Password frompassword_envenv var or interactive prompt. - Auto-generate (
generate: true): creates a new keystore if one doesn't exist.
Docker Deployment
Single node
# From the parent directory containing both brisa/ and apelido/
docker build -f apelido/Dockerfile -t apelido-node .
docker run -d \
-e APELIDO_PASSWORD=yourpassword \
-v ./config.yaml:/config/config.yaml:ro \
-v ./data:/data \
apelido-node -config /config/config.yaml
Multi-node with docker-compose
The included docker-compose.yml sets up two apelido nodes:
- apelido-node1 (tier-1): connects to an external brisa relay
- apelido-node2 (tier-2): syncs from apelido-node1
# Generate keystores first
export APELIDO_PASSWORD=testpass
./apelido-node -config docker/apelido/node1.yaml # generates keystore on first run
./apelido-node -config docker/apelido/node2.yaml
# Start the stack
docker-compose up -d
Note: The
upstream.tokenin each config must match the public token of the upstream node. Runapelido-node -config <file>once to see the generated token, then update the downstream config.
Testing
go test ./...
16 tests covering:
- Action serialization/deserialization and signature verification
- Validator preconditions (duplicates, missing prerequisites, delegation)
- brisa Void wrapping and protocol filtering
- Node construction and end-to-end block processing
- Rollback end-to-end: join + grant + rollback + rejoin, verifying state consistency
Package Structure
apelido/
actions.go Four action types (join, update, grant, revoke)
mutations.go Per-block state diff container
state.go State (chain.Stateful): members, captions, attorneys
validator.go MutatingState (chain.Blocker): action validation
reader.go brisa.Void adapter layer
hashstore.go papirus HashStore wrapper
doc.go Package documentation
node/
node.go SocialNode type alias and constructor
cmd/
apelido-node/
main.go CLI entry point
config.go YAML configuration