SHERPA
Secure Hidden Endpoint Resolution Path Architecture
Decentralized peer discovery using public web beacons. No central bootstrap servers required.
v2.8.2Overview
SHERPA is YAKMESH's novel peer discovery mechanism that leverages the public web layer to bootstrap mesh connections. Instead of relying on hardcoded bootstrap servers, SHERPA treats every YAKMESH node's public endpoint as a potential discovery beacon.
Key Innovation: "The Web IS the DHT"
- • Each node exposes
/.well-known/yakmesh/beacon - • Discovery crawls known endpoints to find new peers
- • No central authority - truly decentralized bootstrap
- • Works with existing CDN infrastructure
- • Traverses firewalls via standard HTTPS (port 443)
How It Works
┌─────────────────────────────────────────────────┐ │ Public Web Layer │ │ (HTTPS, /.well-known/yakmesh/beacon) │ ├─────────────────────────────────────────────────┤ │ SHERPA Discovery │ │ - Scan known domains/endpoints │ │ - Verify beacon signatures (ML-DSA-65) │ │ - Build scored peer list │ ├─────────────────────────────────────────────────┤ │ Mesh Core │ │ (WebSocket P2P connections) │ └─────────────────────────────────────────────────┘
Beacon Endpoint
Every YAKMESH node automatically exposes a beacon at:
GET /.well-known/yakmesh/beaconBeacon Response
{
"version": "1.0",
"nodeId": "abc123...",
"networkName": "yakmesh-mainnet",
"timestamp": 1737200000000,
"ttl": 3600,
"capabilities": {
"wsPort": 9001,
"httpPort": 443,
"supportsAnnex": true,
"supportsNakpak": true,
"supportsGossip": true
},
"peers": [
{
"nodeId": "def456...",
"endpoint": "https://peer1.example.com",
"wsEndpoint": "wss://peer1.example.com:9001",
"lastSeen": 1737199000000
}
],
"publicKey": "ML-DSA-65 public key (hex)",
"signature": "beacon signature (hex)"
}Configuration
// yakmesh.config.js
export default {
sherpa: {
// Your node's public HTTPS endpoint
selfEndpoint: 'https://mynode.example.com',
// Your node's WebSocket endpoint
wsEndpoint: 'wss://mynode.example.com:9001',
// Seed endpoints to start discovery
seedEndpoints: [
'https://peerquanta.com',
'https://yakmesh.dev'
],
// Discovery settings
crawlInterval: 300000, // 5 minutes
maxPeers: 1000,
}
};Peer Scoring
SHERPA maintains a scored registry of known peers:
| Event | Score Change |
|---|---|
| Successful beacon fetch | +0.2 |
| Failed beacon fetch | -0.3 |
| Per interval decay | ×0.95 |
| Score below 0.1 | Evicted |
Security
- • Signed Beacons - All beacons are signed with ML-DSA-65
- • Network Filtering - Only accept peers from same network
- • Rate Limiting - Max 10 crawls per minute
- • Size Limits - Max beacon size 64KB
- • Timeout Protection - 5 second fetch timeout
- • YPC-27 Checksums - Peer discovery messages include quantum-hard checksums. Learn more →
Etymology
"Sherpas guide travelers through hidden mountain paths, just like SHERPA guides nodes to discover each other through the web."
API
// Access SHERPA from your node
const sherpa = node.sherpa;
// Add a seed endpoint
sherpa.addSeed('https://example.com');
// Start discovery
sherpa.start();
// Get discovered peers
const peers = sherpa.registry.getBestPeers(10);
// Listen for new peers
sherpa.on('peer:discovered', (peer) => {
console.log('Found peer:', peer.nodeId);
});
// Get stats
console.log(sherpa.stats);
// { crawlsCompleted: 5, peersDiscovered: 23, ... }