commit 4c1597e0f28c2bea193818a8d84ff2073ea5c08f
from: murilo ijanc <murilo@ijanc.org>
date: Wed Mar 25 20:19:16 2026 UTC

Update README, bump tesseras-dht to 0.1.1, add project docs

- Rewrite README with features, usage, and links
- Bump tesseras-dht dependency from 0.1.0 to 0.1.1
- Add CODE_OF_CONDUCT.md and SECURITY.md

commit - 290f53c38cdacd502eb6dda52f2ad207063e3973
commit + 4c1597e0f28c2bea193818a8d84ff2073ea5c08f
blob - 99b8065d03c5a6617b1dd4dd921694b865a695d5
blob + 1ae78958d077ca52bd2acba7c02055671153ed2c
--- Cargo.lock
+++ Cargo.lock
@@ -546,9 +546,9 @@ dependencies = [
 
 [[package]]
 name = "tesseras-dht"
-version = "0.1.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "791adbfbbca157a854cf8721b466f4fb9b6f818548fa50eea6e3bb33b1e59d1c"
+checksum = "be972dbc85e9a63018117cb3b71cc9d9c094cde5222771c8d3ec8e36e506714c"
 dependencies = [
  "ed25519-dalek",
  "log",
blob - /dev/null
blob + 63e8058c0f43f9ae4110c6077407da5e9e7925eb (mode 644)
--- /dev/null
+++ CODE_OF_CONDUCT.md
@@ -0,0 +1,45 @@
+# Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and maintainers pledge to make participation in
+the tesseras project a welcoming experience for everyone, regardless of age,
+body size, disability, ethnicity, gender identity and expression, level of
+experience, nationality, personal appearance, race, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the project and community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- Trolling, insulting or derogatory comments, and personal attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Scope
+
+This Code of Conduct applies within all project spaces (issue trackers, mailing
+lists, chat channels, code review) and when an individual is representing the
+project in public spaces.
+
+## Enforcement
+
+Instances of unacceptable behavior may be reported by contacting the project
+maintainer at **murilo@ijanc.org**. All complaints will be reviewed and
+investigated and will result in a response deemed necessary and appropriate to
+the circumstances.
+
+## Attribution
+
+This Code of Conduct is adapted from the
+[Contributor Covenant](https://www.contributor-covenant.org), version 2.1.
blob - 8a163fc0241a23b9a558a5bfbd7b0dc4c8ed12fa
blob + 73338d862f43932d47d75861355e447e8a06683c
--- Cargo.toml
+++ Cargo.toml
@@ -24,4 +24,4 @@ env_logger = "=0.11.10"
 log = "=0.4.29"
 
 # tesseras
-tesseras-dht = "=0.1.0"
+tesseras-dht = "=0.1.1"
blob - 26182a02dab729c38ebc6333dae8450202ec64a8
blob + 4daffceb843d192ceb74e89e3871ae01a25d6e38
--- README.md
+++ README.md
@@ -1,5 +1,67 @@
-# tesseras-paste
+# Tesseras-Paste
 
+A decentralized pastebin built on [tesseras-dht](https://crates.io/crates/tesseras-dht). Pastes are encrypted client-side, distributed across the DHT, and served over HTTP.
+
+## Features
+
+- End-to-end encrypted pastes (XChaCha20-Poly1305)
+- Decentralized storage via Kademlia DHT
+- NAT traversal (hole-punching and proxy relay)
+- HTTP serving with content-key URLs
+- TTL-based expiry and pinning
+- Public (unencrypted) paste mode
+- OpenBSD `pledge(2)` sandboxing
+
+## Binaries
+
+**tpd** — daemon that runs a DHT node, stores pastes, and serves HTTP.
+
+```
+usage: tpd [-p port] [-d dir] [-s sock] [-w http_port] [-g] [-n] [-b host:port]
+
+  -p port       UDP port (0 = random)
+  -d dir        data directory
+  -s sock       Unix socket path
+  -w port       HTTP server port
+  -g            global NAT (public server)
+  -n            no auto-bootstrap (skip DNS SRV)
+  -b host:port  bootstrap peer (repeatable)
+```
+
+**tp** — CLI client that talks to the daemon over a Unix socket.
+
+```
+usage: tp [-s sock] <command> [args]
+
+  put [-t ttl] [-p]  read stdin, store paste (-p = public, no encryption)
+  get <key>          retrieve paste to stdout
+  del <key>          delete paste
+  pin <key>          pin (never expires)
+  unpin <key>        unpin
+  status             show daemon status
+```
+
+## Quick start
+
+```sh
+# Start the daemon
+tpd -p 4433 -w 9999 -d /var/tesseras-paste
+
+# Store a paste
+echo "hello" | tp put
+# => Ey2rNiNukhNpqUouaSnnZwTtCgeCgMx2FrCuMr3whBxx
+
+# Retrieve it
+tp get Ey2rNiNukhNpqUouaSnnZwTtCgeCgMx2FrCuMr3whBxx
+```
+
+## Links
+
+- [Website](https://tesseras.net)
+- [Source code](https://got.tesseras.net/?action=summary&path=tesseras-paste.git) (primary)
+- [Source hut mirror](https://git.sr.ht/~ijanc/tesseras-paste)
+- [GitHub mirror](https://github.com/ijanc/tesseras-paste)
+
 ## License
 
-ISC
+ISC — see [LICENSE](LICENSE).
blob - /dev/null
blob + 2c4736fa223be9dc06fe804402d7dcbd67905bd9 (mode 644)
--- /dev/null
+++ SECURITY.md
@@ -0,0 +1,57 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in Tesseras, please report it
+responsibly through the private security mailing list:
+
+**[~ijanc/tesseras-security@lists.sr.ht](mailto:~ijanc/tesseras-security@lists.sr.ht)**
+
+This list is restricted to maintainers. Reports are welcome from anyone.
+
+### Encrypting your report
+
+Please encrypt sensitive reports using the maintainer's GPG key:
+
+- **Key ID:** `882CF78D7F04E7F4`
+- **Fingerprint:** `9C16 D725 0B23 6C1C C21A 46AB 882C F78D 7F04 E7F4`
+- **Key server:** `keys.openpgp.org`
+
+```
+gpg --keyserver keys.openpgp.org --recv-keys 9C16D7250B236C1CC21A46AB882CF78D7F04E7F4
+```
+
+### What to include
+
+- Description of the vulnerability
+- Steps to reproduce
+- Affected components (crate, module, function)
+- Potential impact
+- Suggested fix, if any
+
+### What to expect
+
+- Acknowledgment within 48 hours
+- Status update within 7 days
+- Coordinated disclosure after a fix is available
+
+### Please do NOT
+
+- Open a public issue or pull request for security vulnerabilities
+- Disclose the vulnerability publicly before a fix is available
+- Exploit the vulnerability against other users' nodes or data
+
+## Scope
+
+The following are in scope for security reports:
+
+- Cryptographic issues (key generation, signing, encryption, erasure coding)
+- Network protocol vulnerabilities (DHT, QUIC transport, relay)
+- Authentication and authorization bypasses
+- Data integrity or confidentiality violations
+- Denial of service against individual nodes
+
+## Recognition
+
+Contributors who report valid vulnerabilities will be credited in the
+release notes (unless they prefer to remain anonymous).