Large pastes are split into 8 KiB chunks on the client side, each stored separately in a dedicated chunks/ directory. A version-2 manifest paste lists the chunk hashes and is announced to the DHT; chunks replicate via periodic republish with per-put throttling to avoid rate-limit bans. - New PUTC/PUTM protocol commands for chunks and manifests - Client-side chunking avoids O(n^2) base58 on large content - HTTP handler reassembles chunks directly from store - DHT sync routes incoming chunks to chunks/ directory - Republish interval reduced to 5 min with 200ms throttle - tp.1 updated with new 1.44 MB limit

- Block marker on delete prevents DHT re-import - Remote delete propagation via delete_callback - New index page with project info and man page links - Fix lookups status order (started/completed)

When the routing table drops to zero peers, the daemon now re-joins bootstrap nodes every 60s, unbanning their addresses first so replies are not silently discarded. Both tp and tpd accept -v for debug-level output without needing RUST_LOG environment variable.

- Rewrite README with features, usage, and links - Bump tesseras-dht dependency from 0.1.0 to 0.1.1 - Add CODE_OF_CONDUCT.md and SECURITY.md

- tp: limit stdin to 64 KiB + 1 byte to reject oversized pastes early without unbounded memory allocation - daemon: bound the oversized-line drain to MAX_LINE_SIZE so a client without newlines cannot block beyond the read timeout - tpd: document intentional Arc::into_raw leak in signal handler

- Write identity.key with mode 0600 to prevent other users from reading the Ed25519 private seed - Use destination filename in atomic_write temp path to avoid collisions between concurrent writes to different files - Reject HTTP methods other than GET/HEAD with 405 - Return "Hello Tesseras World" on GET /

Add reference to pledgereq[] in /usr/src/sys/kern/kern_pledge.c and include drm and prot_exec that were missing from the list.

Warn when set_nonblocking or set_read_timeout fails instead of silently disconnecting the client.

A slow connection or DHT lookup (up to 30s) no longer blocks the entire HTTP accept loop. Connections beyond the limit get a 503 response.

Report the actual error instead of silently ignoring it and failing later with a confusing message in PasteStore::open.

- Atomic writes in store (write-to-temp + rename) to prevent corruption on crash - Validate DHT results against requested content hash to reject forged data from malicious nodes - Limit protocol line size to 128 KiB on Unix socket to prevent memory exhaustion - Use saturating_add for TTL expiry to prevent u64 overflow

tpd: unveil data dir (rwc), resolv.conf (r) when DNS needed, then pledge stdio rpath wpath cpath fattr inet unix dns. tp: unveil socket path (rw), then pledge stdio unix rpath.

tpd now queries _tesseras._udp.tesseras.net SRV records to discover bootstrap peers when no -b flag is given. Add -n flag to disable this automatic discovery for seed/isolated nodes.

DHT-backed encrypted pastebin with two binaries (tp/tpd), XChaCha20-Poly1305 encryption, content-addressed storage, and Unix socket + HTTP interfaces.