TATTVA तत्त्व

v1.1.0

Fundamental Truth Engine — Self-verifying distributed truth through mathematical proof

The YAKMESH TATTVA System is the cryptographic foundation of network identity and verified truth. Every node runs provably-correct code that independently arrives at the same essential truth.

"Code reveals tattva — the essential truth."

Every node running the same provably-correct code will independently arrive at the same fundamental reality. Mathematical inevitability replaces social trust. There is no authority — only verified truth.

iO IDENTITY OBFUSCATION — CRITICAL SECURITY PRIMITIVE

ALL user-facing and network-exposed identifiers MUST use the iO system. NEVER expose raw hashes in node IDs, API responses, or logs. 

import { deriveNetworkName, deriveNetworkId } from './oracle/index.js';

// For human-readable names
const name = deriveNetworkName(hash, 3);  // "qubit-lattice-prism"

// For short identifiers  
const id = deriveNetworkId(hash);  // "pq-a7x9"

// For verification phrases
const phrase = deriveVerificationPhrase(hash);  // "quantum tiger mesa echo"

Raw hashes (e.g., "7f3a9b2c...") enable fingerprinting attacks, precomputation attacks, and correlation attacks. See oracle/network-identity.js and SECURITY.md for details.

Quick Start

Create a fully configured oracle system for your YAKMESH node: 

import { createOracleSystem } from './oracle/index.js';

const system = createOracleSystem(nodeIdentity, options);

// Returns:
// {
//   oracle,           // ValidationOracle instance
//   codeProof,        // CodeProofProtocol instance
//   consensus,        // ConsensusEngine instance
//   validate,         // (type, content) => ValidationResult
//   submit,           // (type, content, metadata) => SubmissionResult
//   generateChallenge,// (peerId) => Challenge
//   verifyPeer,       // (proof) => boolean
//   getStats,         // () => { oracle, consensus, codeProof }
// }

// Validate content
const result = system.validate('listing', contentData);

// Submit to consensus
const submission = system.submit('qcoa', certData, { signature, pubkey });

// Challenge a peer
const challenge = system.generateChallenge(peerId);

// Verify peer proof
const verified = system.verifyPeer(peerProof);

Core Exports

The oracle system exports these core components from oracle/index.js:

Export Source Description
ValidationOracle validation-oracle-hardened.js Self-verifying validation engine
ValidationResult validation-oracle-hardened.js Immutable validation result type
getOracle validation-oracle-hardened.js Singleton oracle accessor
contentHash validation-oracle-hardened.js SHA3-256 content addressing
deterministicStringify validation-oracle-hardened.js Canonical JSON serialization
CodeProofProtocol code-proof-protocol.js Peer verification protocol
ProofState code-proof-protocol.js Challenge-response states
mutualVerification code-proof-protocol.js Bi-directional verification
ConsensusEngine consensus-engine.js Distributed consensus mechanism
ContentState consensus-engine.js Content consensus states
ModuleSealer module-sealer.js Cryptographic module sealing
SealedModule module-sealer.js Sealed module structure
GenesisNetwork genesis-network.js Code-hash network identity
GenesisNetworkV2 genesis-network-v2.js iO-obfuscated version
NetworkIdentity network-identity.js iO identity derivation
deriveNetworkName network-identity.js Human-readable name derivation
deriveNetworkId network-identity.js Short ID derivation
CodebaseLock codebase-lock.js Runtime source protection
lockCodebase codebase-lock.js Lock source files
unlockCodebase codebase-lock.js Unlock source files

Ternary ValidationResult v2.8.0

As of v2.8.0, TATTVA's ValidationResult uses balanced ternary internally, mapping naturally to VALID (+1), INVALID (−1), and PENDING (0). This enables mathematical consensus via TRIBHUJ operations.

Ternary Mapping

T
INVALID (−1)
0
PENDING (0)
1
VALID (+1)
import { ValidationResult, toTrit, fromTrit } from './oracle/validation-oracle-hardened.js';
import { Trit } from './oracle/tribhuj.js';

// Convert to trit for mathematical operations
const result = oracle.validateListing(data);
const trit = toTrit(result);  // → Trit.POS, Trit.NEG, or Trit.ZERO

// Ternary consensus across multiple validations
import { ternaryConsensus } from './oracle/tribhuj.js';
const multiResults = [result1, result2, result3].map(toTrit);
const consensusTrit = ternaryConsensus(multiResults);

// Convert back to ValidationResult
const consensusResult = fromTrit(consensusTrit);  // → VALID, INVALID, or PENDING

See TRIBHUJ for full balanced ternary math, and LAMA for ternary consensus in practice.

Oracle Modules

The oracle system is composed of specialized modules, each handling a critical aspect of distributed trust.

ValidationOracle

validation-oracle-hardened.js

Security-hardened self-verifying oracle with protection against runtime tampering, prototype pollution, and race conditions. The cryptographic foundation of network identity. 

import { getOracle, contentHash, ValidationResult } from './oracle/index.js';

const oracle = getOracle();
const result = oracle.validateListing(listingData);
const hash = contentHash(content);  // SHA3-256 content address
SHA3-256 ML-DSA65 Object.freeze Null Prototype

CodeProofProtocol

code-proof-protocol.js

Challenge-response protocol for nodes to verify they are running identical validation code. Includes phase-modulated challenges (Star Trek TNG inspired) for replay protection. 

import { CodeProofProtocol, ProofState } from './oracle/index.js';

const codeProof = new CodeProofProtocol(nodeIdentity);
const challenge = codeProof.generateChallenge(peerId);
// ProofState: PENDING, VERIFIED, FAILED, TIMEOUT
Challenge-Response Phase Modulation Outlier Detection

ConsensusEngine

consensus-engine.js

Distributed consensus where all nodes independently arrive at the same truth. Features deterministic conflict resolution (no voting needed), content-addressed storage, and automatic outlier rejection. 

import { ConsensusEngine, ContentState } from './oracle/index.js';

const consensus = new ConsensusEngine(nodeIdentity, { minAttestations: 1 });
const result = consensus.submitContent('listing', content, metadata);
// ContentState: PENDING, VALIDATED, CONSENSUS, REJECTED, CONFLICT
Deterministic Content-Addressed No Voting

ModuleSealer

module-sealer.js

Creates cryptographic seals binding source code hash, behavior fingerprint, function hashes, genesis timestamp, and creator signatures. Sealed modules are provably authentic and tamper-evident. 

import { ModuleSealer, SealedModule } from './oracle/index.js';

const sealer = new ModuleSealer();
const sealed = sealer.sealModule(sourceCode);
const isValid = sealed.verifySealIntegrity();
Tamper-Evident Multi-Attestation Behavior Fingerprint

NetworkIdentity

network-identity.js

iO-inspired (indistinguishability obfuscation) identity derivation. Derives human-readable, deterministic, but opaque identifiers. Uses a 256-word quantum/crypto themed wordlist. 

import { 
  deriveNetworkName, 
  deriveNetworkId, 
  deriveVerificationPhrase,
  QUANTUM_WORDLIST 
} from './oracle/index.js';

deriveNetworkName(hash, 3);  // "qubit-lattice-prism"
deriveNetworkId(hash);        // "pq-a7x9"
deriveVerificationPhrase(hash); // "quantum tiger mesa echo"
iO Obfuscation Deterministic One-Way 256-Word List

GenesisNetwork

genesis-network.js / genesis-network-v2.js

Network identity derived purely from code hash. Same code → Same hash → Same network. No permission needed. No governance needed. Physics enforces the boundary. 

import { 
  createGenesisNetwork,    // v1: Direct hash
  createGenesisNetworkV2   // v2: iO obfuscated
} from './oracle/index.js';

const network = createGenesisNetwork(oracleHash);
const compatible = network.isCompatible(peerHash);
network.registerPeer(peerId, peerHash);
Code = Identity No Authority Upgrade Proposals

CodebaseLock

codebase-lock.js

Prevents source code modification during runtime by opening exclusive file handles. Critical security measure for the Code Proof Protocol. Platform-aware (Windows/Unix). 

import { lockCodebase, unlockCodebase, setupUnlockOnExit } from './oracle/index.js';

// Lock all source files
const lockResult = lockCodebase();
console.log(`Locked ${lockResult.fileCount} files`);

// Unlock on exit
setupUnlockOnExit();

// Manual unlock
unlockCodebase();
Exclusive Handles Windows Sharing Unix Permissions

Oracle Directory Files

File Purpose Key Exports
index.js Main entry point, aggregates all exports createOracleSystem, VERSION
validation-oracle-hardened.js Hardened validation with security protections ValidationOracle, getOracle, contentHash
code-proof-protocol.js Challenge-response peer verification CodeProofProtocol, ProofState
consensus-engine.js Distributed consensus mechanism ConsensusEngine, ContentState
module-sealer.js Cryptographic module sealing ModuleSealer, SealedModule
genesis-network.js Code-hash network identity (v1) GenesisNetwork, createGenesisNetwork
genesis-network-v2.js iO-obfuscated version (v2) GenesisNetworkV2, createGenesisNetworkV2
network-identity.js iO identity derivation system deriveNetworkName, deriveNetworkId
codebase-lock.js Runtime source file protection CodebaseLock, lockCodebase, unlockCodebase
time-source.js Precision time source detection TimeSourceDetector, TimeTrustLevel
phase-epoch.js Phase modulation for rotating security getCurrentEpoch, createPhasedChallenge

Security Properties

Identity Obfuscation (iO) Properties

  • Deterministic: Same hash → Same name (always reproducible)
  • One-way: Cannot reverse name → hash (preimage resistant)
  • Collision-resistant: Different hashes → Different names
  • Human-memorable: Easy to verify verbally
  • Fingerprint-safe: Cannot fingerprint nodes by hash patterns

Where to Use iO

USE iO For:

  • • Node IDs (identity/node-key.js)
  • • Network names (genesis-network-v2.js)
  • • DOKO identity IDs
  • • Any user-facing identifier
  • • Network-exposed identifiers
  • • API responses, logs

DO NOT USE iO For:

  • • Content hashes (content's address by design)
  • • Internal DHT keys (lookup efficiency)
  • • Signature verification (needs original hash)
  • • Cryptographic operations

QUANTUM_WORDLIST

The identity system uses a 256-word quantum/crypto themed wordlist curated for uniqueness, pronounceability, and thematic consistency. Categories include:

Quantum Physics (64)

qubit, photon, hadron, lepton, boson, fermion, entangle, superpose...

Cryptography (64)

cipher, lattice, merkle, kyber, falcon, sphincs, dilith, isogeny...

Network/Mesh (64)

node, edge, vertex, graph, mesh, torus, manifold, simplex...

Elements/Materials (64)

crystal, prism, lens, fiber, resonator, graphene, topologic...

Related Documentation

Continue the Journey

← Previous
KARMA

Reputation system
Next →
TRIBHUJ

Triangle verification