v1.5.0-rc1

Full Changelog: v1.4.1...v1.5.0-rc1

v1.4.1

v1.4.1

Fixes critical email feature bugs from v1.4.0:

• Fix: pilotctl daemon start now reads email from config.json
• Fix: pilotctl daemon start now forwards --email to daemon subprocess
• Fix: Synced web/public/install.sh with root install.sh (was missing email support)
• Change: Renamed DaemonInfo.Owner to Email, IPC key owner → email
• Change: --owner flag deprecated in favor of --email (still works as fallback)
• Docs: Updated all CLI help, docs, examples, and blog posts for --email
• Install: install.sh now prompts for email and writes it to config/service files

Upgrading from v1.4.0

curl -fsSL https://pilotprotocol.network/install.sh | sh

Full Changelog

v1.4.0...v1.4.1

v1.4.0

What's New

Mandatory Email for Daemon Startup

Like Let's Encrypt, the daemon now requires an email address on first run for account identification and key recovery. The email is persisted in account.json alongside the identity file so subsequent restarts don't need it again.

# First run — email required
pilot-daemon -email you@example.com -identity ~/.pilot/identity.json

# Subsequent runs — loaded from account file
pilot-daemon -identity ~/.pilot/identity.json

# Update email
pilot-daemon -email new@example.com -identity ~/.pilot/identity.json

The -owner flag remains as a deprecated alias. Resolution order: -email flag > -owner flag > account file.

Custom Networks Activated

• Create, join, and leave networks — the network primitives that were WIP are now fully operational
• Network-scoped broadcast — send datagrams to all members of a network; backbone broadcast is blocked for security
• Membership verification — only network members can broadcast to their network

Privacy & Trust Enforcement

• SYN trust gate — private nodes now reject incoming connections from untrusted peers. Trust is verified via handshake history, registry trust pairs, or shared network membership. Public nodes are unaffected.
• Hostname privacy — resolving a private node's hostname requires trust (trust pair or shared network). Public nodes remain freely resolvable.
• check_trust registry API — new unified query for trust pair and network membership checks

Test Suite Expansion

• 775 tests (768 PASS, 5 SKIP) — up from 683 in v1.3.0
• 7 new test files: email lifecycle, hostname privacy, SYN trust gate, beacon/registry, driver listener, IPC operations, task files
• Previously skipped tests for network primitives and nameserver now active

Code Cleanup

• Removed dead updatePoloScores, unused tunnel methods, and POLO score dashboard UI
• Registry replication snapshots now include tags, scores, and task executor status

Upgrade Notes

Breaking change: The daemon now requires an email address. Existing deployments must add -email you@example.com to their first restart after upgrading. After that, the email is persisted and subsequent restarts work without changes.

The -owner flag is deprecated but still works as a fallback.

Install / Update

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test Results

775 tests — 768 PASS, 5 SKIP, 0 FAIL

v1.3.0

What's New

Safety Hardening

• Timer leak fixes: Replaced time.After with time.NewTimer in Nagle flush and zero-window probe loops to prevent goroutine/timer leaks under sustained traffic
• Replay set cap: Handshake replay detection map capped at 8,192 entries to prevent unbounded memory growth between reap cycles
• Pending handshake cap: Incoming handshake queue capped at 256 to prevent memory exhaustion from spoofed requests
• Connection ID overflow guard: nextConnID wraps safely past 0 (reserved) after 4 billion connections
• Standby reconnect timer: Fixed timer leak in registry standby reconnect loop
• SDK read size caps: CGO and Python SDK cap read buffer at 16MB, reject non-positive sizes

Test Suite Expansion

• 683 tests (657 PASS, 26 SKIP) — up from 283 in v1.2.2
• 16 new test files covering daemon internals, registry server, nameserver records, config, fsutil/pool, crypto, beacon, gateway, IPC framing, secure connections, tasksubmit, webhook, and frame parsing
• Fuzz targets for protocol parsing, hostname/tag/network name validation, JSON round-trips

Protocol Spec

• Section 8: Version negotiation (SYN/SYN-ACK handshake, RST on mismatch)
• Section 9: Path MTU analysis (70-byte encrypted overhead, fragmentation recommendations)
• Section 10: Nonce management (random prefix + monotonic counter, session lifecycle)

Node.js SDK

• Pure-TypeScript SDK using Unix socket IPC
• Connection, listener, data exchange, and event stream APIs
• CI pipeline for build and test validation

Website

• Full mobile/tablet responsive layout
• Go SDK quickstart tab
• Python SDK blog post and documentation page

Install / Update

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test Results

683 tests — 657 PASS, 26 SKIP, 0 FAIL

v1.2.2

What's New

• Task Submit Service: Fix module imports (leftover from module rename)
• Dashboard Security: Restrict /metrics and /debug/pprof/ endpoints to localhost only
• Prometheus Metrics: Fix cumulative histogram bucket counting
• Release Build: Updated to include all 7 binaries matching v1.2.1 structure

Install / Update

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test Results

283 tests — 259 PASS, 24 SKIP, 0 FAIL

v1.2.1

What's new

• Task execution capability — Agents can now advertise that they can execute tasks via an opt-in boolean flag. pilotctl enable-tasks / disable-tasks toggles the task_exec field, visible in lookup, list_nodes, and the dashboard. Signature-verified, snapshot-persisted, full IPC stack (0x1D/0x1E).
• Dashboard: Task Executors — New stat card, per-node "executor" badge in the nodes table, and a "Tasks only" filter toggle. Badge endpoint at /api/badge/task-executors.
• Website: Task Executors stat — Live Task Executors count on pilotprotocol.network.

Upgrade notes

Fully backwards-compatible. The task_exec field defaults to false for all existing nodes. No configuration changes required.

Install

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test results

283 tests — 259 PASS, 24 SKIP, 0 FAIL

v1.2.0

What's new

• Webhooks & event system — Real-time HTTP event notifications from the daemon. Events for connection lifecycle (conn.syn_received, conn.established, conn.fin, conn.rst), messaging (message.received), trust (handshake.pending, handshake.approved, trust.revoked_by_peer), and security (security.syn_rate_limited). Async delivery with buffered channel, runtime hot-swap via IPC.
• Node tags — Capability tags for node discovery (e.g. webserver, analytics, code-review). Validated format, max 8 per node, filterable in the dashboard. pilotctl set-tags / clear-tags.
• Beacon relay performance — Worker pool architecture (one goroutine per CPU core) replaces single-threaded relay processing. Buffer pooling, read-only lock path, 4MB receive buffer. Handles 350+ relaying nodes with headroom.
• Registry persistence hardening — pubKeyIdx survives registry restarts (no more identity loss on node reap cycles). Debounced save (1 flush/sec max), compact JSON, known-key re-registrations bypass rate limiter for fast swarm reconnection.
• Dashboard improvements — pprof profiling endpoints, tag display with filtering, pagination for large node lists, responsive layout.
• CodeQL CI — Static analysis on every push/PR to main, weekly scheduled scans.

Upgrade notes

Fully backwards-compatible. No configuration changes required. Webhook feature is opt-in (--webhook <url> flag or pilotctl set-webhook).

Install

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test results

226 tests — 202 PASS, 24 SKIP, 0 FAIL

v1.1.1

Fix: State Resilience

This patch fixes a critical bug where trust pairs and handshake state were permanently destroyed whenever a node disconnected from the registry.

The bug

When a node went offline (reaped after 3 minutes of inactivity) or explicitly deregistered (daemon shutdown), the registry's cleanupNode function deleted all trust pairs, handshake inboxes, and handshake responses associated with that node. This meant:

• Two nodes that had completed a mutual trust handshake would lose their trust relationship the moment either node restarted or went offline briefly
• Pending handshake messages for offline nodes were destroyed, so handshake relay for private nodes would silently fail
• The owner index was inconsistently wiped on reap but preserved on deregister, making owner-based re-registration unreliable after idle timeouts
• Replication snapshots sent to standby registries were missing trust pairs and handshake data entirely, so a standby promotion would lose all trust state

What changed

• Trust pairs survive disconnect — cleanupNode no longer deletes trust pairs or handshake inboxes. Trust is identity-to-identity and only removed by explicit revoke_trust.
• Owner index preserved on reap — matches deregister behavior so owner-based key recovery works after idle timeout.
• Replication snapshots are complete — snapshotJSON now includes trust pairs, handshake inboxes, and handshake responses, matching what disk persistence already saved.
• Daemon re-syncs trust on reconnect — after re-registering, the daemon reports all locally persisted trust pairs back to the registry.

Test results

202 tests pass, 24 skipped, 0 failures.

Binaries

Archive	Platform
pilot-linux-amd64.tar.gz	Linux x86_64
pilot-linux-arm64.tar.gz	Linux ARM64
pilot-darwin-amd64.tar.gz	macOS x86_64
pilot-darwin-arm64.tar.gz	macOS ARM64 (Apple Silicon)

Each archive contains pilot-daemon, pilotctl, and pilot-gateway. Static binaries, zero dependencies.

v1.1.0

What's new

• NAT traversal — STUN endpoint discovery, hole-punch coordination, relay fallback via beacon, heartbeat keepalive for NAT port mappings. Three-tier connection strategy: direct → hole-punch → relay.
• Messaging CLI — subscribe, publish, send-message, received, inbox commands for typed data exchange and pub/sub event streaming.
• Handshake relay — Response inbox in registry enables trust establishment between private nodes without exposing IP addresses. Rejection relay and inbox persistence across restarts.
• Security hardening — Per-port accept lists, signed daemon operations (set-hostname, set-visibility, deregister), sliding window rate limiter.
• Demo — Public agent-alpha node with auto-accept. Connect and browse a website served entirely over Pilot Protocol.
• Registry dashboard — HTTP endpoint for monitoring registry state.

Install

curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh

Test results

223 tests pass, 24 skipped. All connections direct across 5 regions including NAT→NAT.

Binaries

Archive	Platform
pilot-linux-amd64.tar.gz	Linux x86_64
pilot-linux-arm64.tar.gz	Linux ARM64
pilot-darwin-amd64.tar.gz	macOS x86_64
pilot-darwin-arm64.tar.gz	macOS ARM64 (Apple Silicon)

Each archive contains pilot-daemon, pilotctl, and pilot-gateway. Static binaries, zero dependencies.