Download ItsGoin

• Active CDN replication — All devices proactively request replication of their recent posts (<72h) to connected peers. Targets prioritized: desktops > anchors > phones. Graceful with small networks (1 peer = 1 replica). ReplicationRequest/Response (0xE1/0xE2) wire messages.
• Device roles — Nodes classified as Intermittent (phones), Available (desktops), or Persistent (anchors). Advertised in InitialExchange. Influences replication target selection and budget defaults.
• Bandwidth budgets — Hourly replication budget (content pulled to cache) and delivery budget (content served). Phones: 100MB/1GB, Desktops: 200MB/2GB, Anchors: 200MB/1GB. Auto-reset hourly. Blob serving declines when delivery budget exhausted.
• Cache management — 1GB default cache limit (configurable 256MB–unlimited). Eviction cycle now active (was implemented but never started). Priority scoring with share-link boost (+100 for 3+ downstream). Cache pressure score (0–255) for future budget advertisement.
• Engagement distribution fix — BlobHeader JSON now rebuilt after processing BlobHeaderDiff ops. Previously reactions/comments stored in tables but header JSON stayed stale, breaking pull-based sync for downstream peers.
• Tombstone system — Deleted reactions/comments are tombstoned (deleted_at timestamp) instead of hard-deleted. Tombstones propagate through pull sync, ensuring deletes reach peers that missed the real-time diff.
• Persistent notifications — Notification tracking backed by seen_engagement and seen_messages tables. Only notifies on genuinely unseen content. Survives app restarts.
• DOS hardening — BlobHeaderDiff fan-out capped at 10 concurrent sends. Blob prefetch capped at 20 per cycle. PostDownstreamRegister capped at 50 per sync. Delivery budget enforcement on blob serving.
• Pull preference — Blob fetches prefer non-anchor sources (phones > desktops > replicas > anchors) to preserve anchor delivery budget for web requests.

• Private blob encryption — Attachments on encrypted posts (Friends, Circle, Direct) are now encrypted with the same CEK as the post text. Public blobs remain plaintext. CID computed on ciphertext preserves content addressing.
• Blob prefetch on sync — When posts are pulled from peers, their attachments are eagerly fetched for offline availability. Previously blobs were only fetched on view.
• Crypto refactoring — Extracted reusable primitives: encrypt_bytes_with_cek, decrypt_bytes_with_cek, unwrap_cek_for_recipient, unwrap_group_cek. Foundation for encrypted blob storage and future chunk-level encryption.
• Intent-based post filtering — Feed, My Posts, and Messages now filter on the author's original visibility intent (intentKind) rather than encryption state.
• Encrypted receipt slots — Private messages get encrypted receipt and comment slots in BlobHeader. Delivery indicators, read receipts, and message reactions.
• Download filename sanitization — Prevents path traversal in downloaded file names.

• Comment edit & delete — Edit or delete your own comments. Trust-based: post authors can also delete comments on their posts. Propagates via BlobHeaderDiff to all holders.
• Native notifications — System notifications via Tauri plugin (works on all platforms). Notifications for messages, new posts, reactions, and comments. Configurable in Settings with button-group toggles.
• Forward-compatible protocol — Unknown BlobHeaderDiffOp variants are silently ignored instead of crashing deserialization. Prevents old nodes from breaking when new features are added.
• Following: Online/Offline — Self removed from following list. Offline follows hidden behind lightbox popup. Shows expanded if no one is online.
• DM filter fix — Sent direct messages no longer appear in My Posts tab.
• Comment threading fix — Comments now work correctly in My Posts tab (duplicate element ID scoping fix).
• Dropdown text fix — Select dropdowns across the app now have legible text in WebKitGTK native popups.

• IPv6 HTTP address fix — Nodes with public IPv6 now correctly advertise their real address for direct browser access, instead of 0.0.0.0. Fixes share link video/image serving for IPv6-reachable nodes.
• Video preload fix — Share link videos and in-app videos from peers now buffer properly for playback (preload="auto"). Previously only the first frame loaded.
• Connection rate limiting — Incoming connections that fail authentication are rate-limited per source IP (3 attempts, then exponential backoff up to ~4 minutes). Prevents CPU exhaustion from rogue or stale nodes spamming auth failures.
• Schema versioning — Database tracks schema version via PRAGMA user_version. Future upgrades can run data migrations automatically. Databases too old to migrate are reset cleanly.
• N2/N3 freshness — TTL reduced from 7 days to 5 hours. Full N1/N2 state re-broadcast every 4 hours catches missed diffs.
• Bootstrap isolation recovery — 24 hours after startup, nodes verify the bootstrap anchor is within N1/N2/N3 reach. If absent, they reconnect and request referrals. Bootstrap is added to sticky N1 for 24 hours so mesh peers discover it via diffs.
• Following: Online/Offline — People tab splits followed peers into Online and Offline sections with “Last online” timestamps.
• DM filter — Direct messages no longer appear in My Posts tab.
• Bidirectional engagement propagation — Reactions and comments now flow both upstream (toward author) and downstream through the CDN tree. Previously only downstream propagation existed, so the post author often never received reactions.
• Auto downstream registration — Nodes that receive a post via pull sync or push notification automatically register as downstream peers. This ensures engagement diffs reach all holders without manual registration.
• Upstream tracking — New post_upstream table records which peer each post was received from, enabling engagement to flow back toward the author hop-by-hop through the CDN tree.
• N2/N3 freshness — TTL reduced from 7 days to 5 hours. Full N1/N2 state re-broadcast every 4 hours catches missed diffs. Disconnect cleanup already removes departed peer's contributions immediately.
• Bootstrap isolation recovery — 24 hours after startup, nodes check if the bootstrap anchor is within their N1/N2/N3 reach. If absent, they reconnect and request referrals. The bootstrap is added to sticky N1 for 24 hours so mesh peers discover it via diffs, bridging isolated network segments back together.
• Following: Online/Offline — People tab splits followed peers into Online and Offline sections with “Last online” timestamps. DMs no longer appear in My Posts.
• Video playback — Videos now play correctly in-app on both desktop and Android.
• On-demand blob fetch — Media attachments that haven't synced locally are fetched from peers when you view them.
• Image loading fix — Asset protocol properly configured for streaming images from disk. Fallback to IPC if asset protocol fails.
• Image lightbox — Click any image to view full-size. Escape or click to close.
• File attachments — Attach any file type to posts. Non-media files show as download buttons with a trust warning prompt.
• Audio player — Audio attachments display with native playback controls.
• Video download — Download button under video player saves to Downloads folder.
• Share link fix — Fixed redirect to 0.0.0.0 — unroutable addresses are now skipped, falling through to QUIC proxy correctly.
• TCP hole punch protocol — New wire messages (TcpPunchRequest/Result) enable direct HTTP serving from nodes to browsers, reducing proxy load on itsgoin.net.
• Tiered web serving — Share links try direct redirect to HTTP-capable post holders before falling back to QUIC proxy.

• Engagement sync — Pull sync now fetches reactions, comments, and policies from peers. Previously these only propagated via real-time push.
• Profile push fix — Name and bio changes now sent to all connected peers immediately, not just audience members.
• Auto-sync on follow — Following someone immediately pulls their posts into your feed.
• Popover UI — Notifications, diagnostics, and message threads open as overlay windows instead of inline sections.
• Notification settings — Configure message, post, and nearby-user notifications from Settings.
• Smart DM polling — Message refresh rate scales with conversation recency (5s–daily).
• Reaction display — Posts show top 5 emoji reactions + total response count.

• Full rename distsoc → ItsGoin — ALPN, crypto contexts, data paths, Android package ID all changed. Clean break — incompatible with prior versions.

• Engagement system — Reactions (public + private encrypted), inline comments with ed25519 signatures, and author-controlled comment/react policies. Full UI with emoji picker, reaction pills, and expandable comment threads.
• CDN tree for all posts — New post_downstream table gives every post (including text-only) a propagation tree. Engagement diffs flow through the file layer via BlobHeaderDiff (0xD0), never mesh.
• 4 new wire messages — BlobHeaderDiff (0xD0), BlobHeaderRequest/Response (0xD1/0xD2), PostDownstreamRegister (0xD3). Policy enforcement in handlers (blocklist, audience-only, permission checks).
• Thread splitting — Headers exceeding 16KB automatically split oldest comments into linked thread posts, keeping engagement propagation lightweight.

• Per-family NAT classification — IPv4 and IPv6 public reachability detected independently. Fixes false "public (v4+v6)" when only IPv6 is public, which was silently breaking IPv4 hole punches.
• STUN always runs — IPv6-only anchors now correctly probe their IPv4 NAT type instead of assuming "Public". Only --bind (explicit server) skips STUN.
• Anchor address fallback — Anchors without --bind or UPnP now advertise their public IPv6 address, so peers save them in known_anchors for preferential reconnection.
• Bootstrap deprioritization — Discovered anchors are tried before hardcoded bootstrap anchors at startup, reducing bootstrap server load as the network grows.

• ConnectionManager actor redesign — Replaced global mutex with actor pattern (ConnHandle + ConnectionActor). Network operations no longer block each other — 14 I/O code paths that previously held the lock for up to 15 seconds now run concurrently.
• 60+ call sites migrated — All network and node code uses the new lock-free ConnHandle API. Public mutex accessor removed.
• I/O extraction — Broadcast, push, pull, relay, anchor register, and address resolution all execute outside state locks.

• NAT filter probe — Anchor probes your NAT filtering type (address-restricted vs port-restricted) by attempting to reach you from a different source port. Eliminates unnecessary port scanning for the majority of connections.
• Role-based NAT traversal — Each side now takes the correct role based on its NAT profile: EIM nodes punch every 2s (stable port), EDM nodes walk outward at 100/sec (opening firewall entries). Previous burst-scan design replaced with steady ~100 ports/sec outward walk.
• IPv4 vs IPv6 public — Public reachability now distinguished by protocol family (v4 only, v6 only, v4+v6). Prevents false assumptions when only one family is public.
• Scanning cleanup — Scan tasks properly cancelled via JoinSet between attempts. Previous design spawned 37K+ fire-and-forget tasks.

• Focused port scanning — Scanning now targets only the anchor-observed IP address instead of all self-reported addresses, reducing wasted scan budget on unreachable VPN/cellular IPs.
• Scan on unknown NAT — Port scanning now triggers when peer NAT type is unknown (e.g. peer running older version), not just when explicitly EDM.

• Anchor self-verification — Nodes with public addresses now verify their reachability via cold-connect probes from N2 strangers. Two consecutive failures revoke anchor status.
• Advanced NAT traversal — Hard+hard NAT pairs are no longer skipped. Port scanning (tiered: ±500, ±2000, full ephemeral range) attempts direct connection before falling back to relay.
• NAT profile sharing — Peers exchange mapping (EIM/EDM) and filtering (open/port-restricted) classification during connection, enabling smarter hole punch decisions.
• Behavioral NAT inference — Filtering type is refined from actual connection outcomes — no unreliable upfront probing needed.

• NAT type detection — STUN probing on startup classifies your NAT as Public, Easy, or Hard. Shared with peers during connection.
• Skip futile hole punches — When both peers are behind hard/symmetric NATs, skip the 30-second hole punch attempt entirely.

• Anchor advertised address — Anchors advertise their stable bind address in initial exchange, so peers always store the correct reconnection address.
• Observed address notification — Peers tell each other "I see you at <ip:port>" during connection — lightweight STUN-like address feedback.

• UPnP port mapping — Devices behind NAT routers automatically request a port forward via UPnP, becoming directly reachable without manual configuration.
• Auto-anchor promotion — Devices with a successful UPnP mapping self-declare as anchors, improving bootstrap diversity for all peers.
• Hole punch fix — Target-side hole punch connections were silently discarded; now properly registered as sessions so both sides of a NAT punch succeed.

• Request Referrals button — On-demand peer referral requesting in Network Diagnostics.
• Docker bridge IP filtering — Peer introductions no longer leak Docker bridge IPs.
• Keepalive fix — Sender-side last_activity update prevents false zombie detection.
• Message threads — DM conversations grouped by partner with expandable thread view.
• Mesh/reach diagnostics — Peer cards show reach level badges (Mesh/N1/N2/N3).

• Audience request button — "Ask to join audience" on followed peers.
• DMs filtered from feed — Direct messages show only in Messages tab.
• Peer bios displayed — Bio text shown below peer names in People tab.
• People tab auto-refresh — Follows, peers, audience refresh every 10 seconds.
• Button feedback — Loading state and toast confirmation on diagnostics refresh.

• Fix connection lock contention — QUIC connect no longer blocks all tasks.
• Image attachments display — Fixed CSP blocking blob: URLs.
• Non-blocking startup — Referral connections run in background.
• Connect timeout — 15-second cap on connection attempts.
• Android foreground service — Mesh stays alive in background.

• IPv4-mapped address fix — Normalized dual-stack addresses for NAT traversal.
• Mesh keepalive — 30-second pings prevent zombie detection on idle connections.
• Audience management — Approve/Deny/Remove audience members.
• Network diagnostics overhaul — Summary grid, peer cards, connection breakdown.
• Manual rebalance — Trigger immediate mesh rebalancing from Settings.
• Reset all data — Clear local data while preserving identity key.

• Reactive mesh growth loop — New peers connect within seconds.
• Anchor matchmaking only — Anchors introduce peers, never proxy bytes.
• Parallel hole punching — NAT traversal tries all addresses simultaneously.
• Relay-observed address injection — Fixes NAT-to-NAT hole punching.
• Growth loop introduction fallback — Bilateral hole punching when direct fails.