A sovereign, peer-to-peer application stack — from cryptographic identity to media streaming — compiled to native binaries via a self-hosting programming language.
ErnosDecent replaces the centralised internet stack — identity, networking, storage, messaging, social publishing, hosting, finance, AI, and media — with a single, auditable, natively compiled codebase.
No cloud. No platform. No intermediary.
ErnosDecent is a ground-up reimplementation of the services people depend on every day — identity, messaging, social media, hosting, payments, AI inference, and live media — as a unified peer-to-peer system. Every module is written in Ernos, a compiled programming language with plain English syntax that transpiles to C and compiles to native binaries via Clang.
This is not a framework. This is not a wrapper around existing libraries. This is the stack itself, built from cryptographic primitives upward.
Every service on the current internet requires you to trust a third party with your data, your identity, and your relationships. ErnosDecent eliminates that requirement. Your keys are yours. Your data stays on your machine. Your connections are direct. Your compute is local.
v1.0.0-beta. The core architecture is implemented and verified across 15 build phases. 48 source modules and 20 integration test suites produce 191 passing tests across 16 subsystems. The code compiles and runs. It is served with a local control CLI client and a premium glassmorphic Web UI dashboard.
| You get... | Instead of... |
|---|---|
| 🔑 Self-sovereign identity — Ed25519 keys, W3C DIDs, capability tokens | Google/Apple sign-in, OAuth |
| 🌐 Encrypted P2P networking — Noise XX handshake, Kademlia DHT | AWS, Cloudflare, centralised DNS |
| 💾 Content-addressed storage — BLAKE3 hashing, CRDT sync | Google Drive, iCloud, Dropbox |
| 💬 End-to-end encrypted messaging — direct and group channels | iMessage, WhatsApp, Telegram |
| 📢 Federated social publishing — Nostr + ActivityPub | Twitter/X, Instagram, Facebook |
| 🏠 Self-hosted services — HTTP, email, Git, DNS | GitHub, Gmail, GoDaddy |
| 💰 Native financial system — HD wallets, UTXO ledger, DEX, smart contracts | Ethereum, Coinbase, PayPal |
| 🤖 Local AI inference — GGUF transformer, embeddings, speech-to-text | OpenAI, Anthropic, Google Cloud AI |
| 📡 P2P media streaming — WebRTC, adaptive HLS, codec layer, CDN | YouTube, Twitch, Zoom |
| 🕵️ Anonymity layer — onion routing, mix networks | Tor (external), VPNs |
| 🔍 Decentralised search — crawler, BM25 + PageRank ranking | Google Search |
| 🤝 Resource pooling — bandwidth sharing, compute delegation | AWS Lambda, Cloudflare Workers |
| 🗳️ Consensus — Raft leader election, replicated log | Centralised databases |
| 🖥️ Dashboard UI — glassmorphic SPA with real-time telemetry | Cloud consoles |
Every feature runs on your hardware, under your keys, with direct connections to the people you choose.
- Ernos compiler (Rust —
cargo build --release) - Clang (C compiler backend)
- libsodium (
brew install libsodiumon macOS,apt install libsodium-devon Linux)
# Clone
git clone https://github.com/MettaMazza/ErnosDecent.git
cd ErnosDecent
# Symlink the standard library
ln -s /path/to/Ernos-Programming-Language/stdlib ./stdlib
# Build the sovereign node daemon (cross-platform)
bash build.sh
# Launch — starts IPC on port 5000, Web UI on port 8080
./node
# Open the dashboard
open http://localhost:8080# Start the seed node (default ports)
./node &
# Start a second node, bootstrapped to the seed
./node --port 9200 --seed 127.0.0.1:9101 &
# Start a third node
./node --port 9400 --seed 127.0.0.1:9101 &
# Verify cluster formation
echo "STATUS" | nc -w2 127.0.0.1 5000 # Node 1: dht_size >= 1
echo "STATUS" | nc -w2 127.0.0.1 9300 # Node 2: peers:1, dht_size:1
echo "STATUS" | nc -w2 127.0.0.1 9500 # Node 3: peers:1, dht_size:1Port layout: --port BASE sets P2P=BASE, DHT=BASE+1, Relay=BASE+2, Raft=BASE+3, IPC=BASE+100, Web=BASE+80.
# Unit + integration tests (per-subsystem)
for test in decent_*/test_*.ep; do
ernos "$test" && "./${test%.ep}" || echo "FAIL: $test"
done
# Live E2E tests (requires running daemon)
bash test_live_e2e.sh
# Multi-node stress tests (starts 3-node cluster)
bash test_multinode_live.shErnosDecent is organised into 16 subsystems, each in its own directory. Every .ep file is a self-contained module compiled to a native binary.
ErnosDecent/
├── decent_id/ Cryptographic identity — keys, DIDs, authentication
├── decent_net/ Peer-to-peer networking — Noise protocol, Kademlia DHT, relays
├── decent_store/ Storage — content-addressed store, CRDTs
├── decent_msg/ Messaging — E2E encrypted direct and group channels
├── decent_social/ Social publishing — Nostr, ActivityPub, unified feeds
├── decent_name/ Naming — decentralised DNS, .ernos TLD registry
├── decent_host/ Hosting — HTTP server, static content, SMTP, Git
├── decent_money/ Finance — HD wallets, UTXO ledger, tokens, NFTs, DEX, smart contracts
├── decent_ai/ AI — GGUF model parser, transformer inference, embeddings, speech-to-text
├── decent_agent/ Cognitive Agent — prompt context builder, ReAct loop, Hebbian memory graph, Turing grid workspace, quality gate observer
├── decent_media/ Media — WebRTC, adaptive streaming, codecs, P2P CDN
├── decent_anon/ Privacy — onion routing, mixnet traffic analysis resistance
├── decent_search/ Search — distributed crawler, BM25 & PageRank ranking engine, query merge
├── decent_pool/ Resource pooling — bandwidth tiers, compute job queue, symbiotic mesh
├── decent_consensus/ Raft consensus — election loops, replicated log state
├── decent_cli/ Daemon CLI — node control CLI client & integration tests
├── decent_web/ Web UI — glassmorphic dashboard & HTTP/WebSocket server
└── node.ep Sovereign Node Daemon — central coordinator
┌─────────────────────────────────────────────────────────────┐
│ decent_web / decent_cli │
│ Sovereign Dashboard & CLI Control │
├─────────────────────────────────────────────────────────────┤
│ decent_agent │
│ Cognitive ReAct Agent & Hebbian Memory │
├─────────────────────────────────────────────────────────────┤
│ decent_pool │
│ Symbiotic Bandwidth & Compute Pooling │
├──────────────────────────┬──────────────────────────────────┤
│ decent_anon │ decent_search │
│ Onion Routing · Mixnet │ Crawler · Rank · Query │
├──────────────────────────┴──────────────────────────────────┤
│ decent_media │
│ WebRTC · HLS · Codecs · CDN │
├──────────────────────────┬──────────────────────────────────┤
│ decent_ai │ decent_money │
│ Inference · Embeddings │ Wallet · Ledger · DEX · Contracts│
├──────────────────────────┼──────────────────────────────────┤
│ decent_social │ decent_host │
│ Nostr · ActivityPub │ HTTP · Email · Git · DNS │
├──────────────────────────┤ decent_name │
│ decent_msg │ DNS Resolver · Registry │
│ E2E Messages · Channels │ │
├──────────────────────────┴──────────────────────────────────┤
│ decent_consensus │
│ Raft Election · Replicated Log State │
├─────────────────────────────────────────────────────────────┤
│ decent_store │
│ Content-Addressed Storage · CRDTs │
├─────────────────────────────────────────────────────────────┤
│ decent_net │
│ Noise XX Handshake · Kademlia DHT · Relays │
├─────────────────────────────────────────────────────────────┤
│ decent_id │
│ Libsodium Crypto · DID:key · DID:peer · Auth │
└─────────────────────────────────────────────────────────────┘
| Module | What it does |
|---|---|
keys.ep |
Ed25519 signing, X25519 encryption, XChaCha20-Poly1305 symmetric encryption, HKDF key derivation, Argon2id password-protected keystores. All via libsodium FFI. |
did.ep |
W3C DID Core v1.0. Base58btc codec, did:key creation/resolution, did:peer for private connections, challenge-response authentication. |
auth.ep |
Signed TTL-bound session tokens, capability-based delegation with fine-grained action checks, cross-device authorisation flows. |
mem.ep |
Raw C heap memory allocator wrappers (calloc/free/memset) for libsodium FFI. |
sodium_ffi.ep |
Low-level libsodium FFI function pointer bridge logic. |
Tests: 41/41 passing.
| Module | What it does |
|---|---|
noise.ep |
Full Noise_XX handshake (Revision 34) over UDP. X25519 DH, ChaChaPoly1305 AEAD, HMAC-SHA256, Noise-spec HKDF, complete state machine. |
dht.ep |
Kademlia DHT. XOR distance metrics, k-bucket routing, FIND_NODE, FIND_VALUE, STORE, PING RPCs, iterative closest-node lookup. |
relay.ep |
Encrypted relay circuits. Relay registration/discovery via DHT, circuit creation for anonymous routing, data forwarding for symmetric NAT traversal. |
transport.ep |
Generic raw TCP/UDP socket creation and socket write/read abstractions. |
dht_transport.ep |
DHT socket loop listening for FIND_NODE/STORE/PING query packets. |
noise_transport.ep |
Noise XX packet framing, transmission, and decryption loop. |
relay_transport.ep |
Encrypted relay data framing and multi-hop transport circuits. |
security.ep |
Core security gate enforcing IP rate limits, ban timers, and query argument validators. |
Tests: 39/39 passing.
| Module | What it does |
|---|---|
content.ep |
Content-addressed storage engine. BLAKE3 hashing, deduplication, SQLite-backed chunk storage, garbage collection, CAR archive export/import, Merkle tree generation. |
crdt.ep |
Conflict-free Replicated Data Types. G-Counter, PN-Counter, LWW-Register, OR-Set, MV-Register — deterministic merging for eventual consistency. |
Tests: 28/28 passing.
| Module | What it does |
|---|---|
message.ep |
E2E encrypted direct messaging. Message signing/verification, body encryption/decryption, conversation histories with unread tracking and pagination. |
channel.ep |
Group messaging with secure membership. Channel creation, member management, group symmetric encryption, key distribution envelopes. |
Tests: 23/23 passing.
| Module | What it does |
|---|---|
nostr.ep |
Nostr event creation, stable serialisation, Ed25519 signing/verification, subscription filters. |
activitypub.ep |
ActivityPub actor profiles, activity wrappers (Create, Follow, Accept, Like), inbox/outbox delivery. |
feed.ep |
Unified feed aggregation normalising Nostr events and ActivityPub activities into chronological order. |
publish.ep |
Multi-protocol broadcasting to target feeds with publisher follow flows. |
Tests: 8/8 passing.
| Module | What it does |
|---|---|
resolver.ep |
Local DNS caching resolver with TTL validation and record eviction. |
registry.ep |
Decentralised .ernos TLD name registrar mapping human-readable names to owner DIDs. |
| Module | What it does |
|---|---|
http.ep |
Native HTTP server. Request path parsing, response building, single-connection socket handling. |
static.ep |
Static route mapper for serving content by path. |
email.ep |
SMTP/IMAP protocol hosting. Maps email addresses to DIDs and cryptographically verifies signatures. |
git.ep |
Secure P2P git repository hosting. Authorizes collaborator roles and verifies commit signatures. |
Tests (combined with naming): 21/21 passing. (Email and Git verified in decent_consensus/test_consensus.ep).
| Module | What it does |
|---|---|
wallet.ep |
BIP39/BIP44 HD wallet. 24-word mnemonic generation, PBKDF2-HMAC-SHA512 seed derivation, HD keypair derivation, encrypted keystore. |
ledger.ep |
UTXO-based distributed ledger. Genesis blocks, transaction validation, Merkle trees, block consensus signing, Proof-of-Stake validator election. |
token.ep |
Fungible token standard (ERC-20 equivalent). Metadata, minting, balances, approvals, allowance transfers. |
nft.ep |
Non-fungible token standard (ERC-721 equivalent). Collections, minting, ownership, transfers, royalty distribution. |
exchange.ep |
Hybrid DEX. Constant-product AMM liquidity pools and price-time priority orderbook matching. |
contracts.ep |
Smart contract execution engine. Persistent state, variable evaluation, event logging, instruction execution, state rollback on REVERT. |
Tests: 6/6 passing.
| Module | What it does |
|---|---|
models.ep |
Model registry with SHA-256 hash verification via libc/OpenSSL FFI. |
inference.ep |
GGUF v3 binary parser and fixed-point transformer executor. Token-by-token text generation with attention, feedforward networks, ReLU, and softmax. |
embeddings.ep |
Vector embedding generator with fixed-point cosine similarity. |
speech.ep |
Speech-to-text transcription. Audio feature pooling, vocabulary projection, CTC decoding. |
Tests: 6/6 passing.
| Module | What it does |
|---|---|
prompt.ep |
Assembles prompt context, combining core identity instructions, task details, and relevant memory tiers. |
react_loop.ep |
ReAct reasoning coordinator. Manages reasoning steps, local model server dispatch (LM Studio/Ollama), and observation feedback. |
memory.ep |
7-Tier Cognitive Memory. Handles scratchpad (Tier 1), lessons learned (Tier 2), timeline event logs (Tier 3), and Hebbian Synaptic Graph association updates (Tier 4). |
tools.ep |
Schema registry and execution dispatcher for 11+ system tools (DHT, Name, Wallet, Turing Grid, Command, Files). |
turing_grid.ep |
3D Turing Grid machine tape workspace. Tracks active HEAD position across (X, Y, Z) space and reads/writes cell states. |
observer.ep |
Multi-rule quality audit gate. Intercepts agent replies to enforce safety constraints and prevent reasoning trace leaks to the user. |
Tests: 5/5 passing.
| Module | What it does |
|---|---|
webrtc.ep |
SDP parsing/serialisation, STUN binding request/response, DTLS fingerprint derivation, SRTP encryption/decryption. |
stream.ep |
Adaptive bitrate segmenter with HLS manifest generation and LRU segment cache. |
codec.ep |
Opus/VP8 FFI wrappers with native IMA-ADPCM audio and RLE video fallbacks. |
cdn.ep |
P2P content delivery. DHT-based piece announcement, peer discovery, concurrent chunk download with hash verification. |
Tests: 7/7 passing.
| Module | What it does |
|---|---|
onion.ep |
Multi-hop layered onion routing. Ephemeral X25519 shared key agreement, packet wrapping/unwrapping, and exit destination relaying. |
mixnet.ep |
Traffic mixing and packet delay jitter. Fisher-Yates packet queue shuffling and randomized delays to prevent timing correlation attacks. |
Tests: 2/2 passing.
| Module | What it does |
|---|---|
crawl.ep |
Distributed network crawler. Tokenizes page HTML/text, extracts outgoing links, and populates the local inverted index database. |
rank.ep |
Search ranking engine. Computes BM25 keyword relevance and PageRank authority scores via power iteration using fixed-point math. |
query.ep |
Query merging and result formatting. Parses search query terms, calculates combined BM25+PageRank scores, and merges de-duplicated local/remote P2P results. |
Tests: 1/1 passing.
| Module | What it does |
|---|---|
bandwidth.ep |
Bandwidth sharing. Manages bandwidth tiers (free, emergency, premium), uploaded/downloaded byte counters, dynamic contribution scoring, rate limits, and anonymous routing proxy simulation. |
compute.ep |
Compute pooling manager. Job submission queue, worker scheduling, contribution tracking, and redundant execution consensus verification. |
mesh.ep |
Symbiotic mesh coordinate layer. Orchestrates bandwidth sharing, compute delegation, and onion-routed anonymous AI inference execution. |
Tests: 3/3 passing.
| Module | What it does |
|---|---|
raft.ep |
Raft state machine handling RequestVote and AppendEntries RPCs. |
state.ep |
Replicated log state. Features log entry serialization, state machine execution, and log rollbacks on leadership change. |
election.ep |
Election loops with randomized timeouts, heartbeats, and candidate transitions. |
raft_transport.ep |
TCP socket handling, connection pooling, and log updates delivery for Raft cluster peers. |
Tests: 4/4 passing.
| Module | What it does |
|---|---|
node.ep |
Sovereign Node Daemon coordinating all subsystems, exposing port 5000 IPC and port 8080 Web Server. |
decent_cli/decent_cli.ep |
Command-line control client querying the daemon via local socket IPC. |
decent_cli/test_cli.ep |
Integration test spawning the daemon and running command queries. |
decent_web/index.html |
Premium glassmorphic Single-Page Application (SPA) dashboard layout. |
decent_web/style.css |
Obsidian and neon-accented responsive stylesheet. |
decent_web/app.js |
WebSocket client logic connecting all UI panels to live daemon data. |
decent_web/web_server.ep |
Native HTTP & WebSocket gateway serving Web UI assets, REST JSON APIs, and WS handlers for DHT/Name/Wallet/AI/Messaging. |
Tests: 2/2 passing.
These root-level .ep libraries provide base infrastructure shared by all components:
| Module | What it does |
|---|---|
config.ep |
Configuration parser loading seeds, ports, and node options from config.toml. |
health.ep |
Automated sanity checking routing queries through the DHT and Raft consensus engines to test node health. |
logging.ep |
Thread-safe logging engine that writes formatted console logs to ernosdecent.log. |
platform.ep |
Cross-platform utilities for local folder creation and path mapping. |
protocol_server.ep |
Daemon-spawning protocol socket listener orchestrating DHT and Relay servers. |
storage.ep |
SQLite client opening node.db and validating consensus, transaction, and name registry schemas. |
ErnosDecent is written in Ernos — a compiled, statically-typed programming language with plain English syntax. Ernos is self-hosting: the compiler is written in Ernos.
define greet with name as Str returning Int:
display f"Hello, {name}!"
return 0
define main:
greet("world")
return 0
Compilation pipeline: .ep source → Ernos compiler → C → Clang → native binary.
Key features:
- Hindley-Milner type inference with optional explicit annotations
- Ownership and move semantics for memory safety
- Built-in concurrency via channels and
spawn - FFI interop via
ep_dlopen/ep_dlsymfor C library access - 23 standard library modules and 29 FFI bridge libraries
See ERNOS_REFERENCE.md for the full language specification.
| Metric | Value |
|---|---|
| Source modules | 48 |
| Test suites | 20 + 2 live test harnesses |
Total .ep files |
68 |
| Source lines (non-test) | 11,726 |
| Test lines | 7,453 |
| Total lines | 19,179 |
| Unit/integration tests | 191/191 |
| Live E2E assertions | 100+ |
| Stress tests | 5/5 |
| Multi-node stress tests | 50+ assertions |
| Build phases completed | 15/15 |
| External dependencies | libsodium |
| Target platforms | macOS (ARM64, x86_64), Linux (x86_64, aarch64) |
v1.0.0-beta is the first public release. The architecture is proven and verified. What comes next:
- Sovereign Node Daemon — unified coordinator for all subsystems
- Web Dashboard — glassmorphic SPA with real-time telemetry
- CLI Control Client — local IPC command interface
- Raft Consensus — cluster coordination with leader election
- Onion Routing — multi-hop anonymity with mix networks
- Distributed Search — crawl, rank, and query the decentralised web
- Resource Pooling — bandwidth sharing, compute delegation, symbiotic mesh
- Email & Git Hosting — SMTP/IMAP and Git over the P2P layer
- Multi-Node Bootstrap — CLI
--seed/--port, DHT discovery, Raft peer sync - Real UTXO Transfers — Ed25519-signed transactions, overdraft protection
- DHT Key-Value Store — store/get via IPC and Web UI
- Decentralised Name Registry — register/resolve via IPC and Web UI
- Cross-Platform Build —
build.shauto-detects macOS/Linux, Homebrew/system paths - Live E2E Test Suite — 100+ assertions covering all user-facing features
- Multi-Node Stress Tests — 3-node cluster formation, failure recovery, concurrent ops
- QUIC Transport — production UDP transport replacing simulated connections
- NAT Traversal — STUN/TURN integration for direct peer connections
- Double Ratchet — Signal-protocol-grade forward secrecy for messaging
- Windows Support — partial platform.ep abstraction exists; untested, no CI
- Mobile Clients — iOS and Android companion apps
- Plugin System — third-party module loading
ErnosDecent is not built to compete with existing platforms. It is built to make them unnecessary.
The current internet requires you to rent your identity from a corporation, store your data on someone else's computer, route your messages through someone else's server, and pay someone else for the privilege of being surveilled. This is not a technical limitation. It is an architectural choice made by the people who built the platforms.
ErnosDecent makes a different architectural choice: everything runs on your hardware, under your keys, with direct connections to the people you choose. No server you don't control. No key you don't hold. No intermediary you didn't invite.
The language it's written in — Ernos — exists because the tools should be auditable by the people who use them. Plain English syntax is not a gimmick. It is a design decision: the code should be readable by anyone who cares enough to look.
See CONTRIBUTING.md for development guidelines, coding standards, and how to submit changes.
See SECURITY.md for reporting security vulnerabilities.
ErnosDecent is licensed under the GNU Affero General Public License v3.0. This means:
- You can use, modify, and distribute this software freely
- If you modify it and run it as a network service, you must release your modifications
- All derivative works must remain open source under the same license
Maria Smith — Scotland, 2026.
Built in operational symbiosis with AI. Named openly.
The architecture's own product builds the exit from the architecture.