Node Zero

01. Architecture

Node Zero is the atomic unit of the Kenosis mesh — a pure TypeScript library with zero runtime dependencies. Every Cloudflare Worker in the Kenosis topology is effectively a Node Zero instance. It provides all the primitives needed for a sovereign, cryptographically-identified mesh participant.

• ▸
  WebCrypto Identity (src/backends/webcrypto-identity.ts) Ed25519 key generation via the Web Cryptography API. Private keys are non-exportable — they never leave the secure context. Works identically in Cloudflare Workers, browsers, and Node 20+.
• ▸
  Channel Manager (src/primitives/channel-manager.ts) Multiplexed logical channels over a single transport connection. Each bond relationship, spoon event, and telemetry stream runs on its own isolated channel.
• ▸
  Vault Store (src/primitives/vault-store.ts) Encrypted IndexedDB storage for key material, bond records, and session tokens. AES-GCM encryption with keys derived from the WebCrypto identity. Data is unreadable without the local identity key.
• ▸
  Transport Adapters (src/transports/) Pluggable transport layer. WebSocket transport included. Workers use the fetch transport. The same node logic runs on any transport without modification.
• ▸
  Forwarder (src/forwarder.ts) Mesh packet routing with TTL management and loop detection. Implements the Delta topology routing rules — packets travel the K₄ shortest path, not through a hub.

02. PWA & Demos

Node Zero ships with a full PWA subdirectory (pwa/) — a production-ready Vite + React 19 + Cloudflare Pages deployment demonstrating the mesh node in a browser context.