⛏ SynapseNet
Decentralized AI Mining with Proof of Emergence
"Satoshi gave us money without banks. I will give you brains without corporations." — Kepler
##
Navigation
##
## > The alpha network is live. Two seed nodes are running over Tor hidden services on dedicated VPS infrastructure. The website is deployed alongside the first node. Both nodes are connected, mining, and sharing exploit intelligence over the Tor mesh. This is the first public deployment of the SynapseNet protocol.
## Live Network
The alpha is running. Two nodes are online, connected over Tor, and mining autonomously.
**Website:**
**Seed nodes (Tor hidden services):**
| Node | Onion Address | Port |
|------|--------------|------|
| Seed 1 | `nv2b7cjwjzwrnwtrdaniogtnjkly6lcapg7ubkcou5pppzdcc2ki7cid.onion` | 8333 |
| Seed 2 | `ny6duwaudeb76ym5zhtet2qtc5fmbkx7zp3pz7dlbroibj6jh5s2acqd.onion` | 8333 |
Nodes that build from source auto-discover these seeds — no manual config needed. To connect manually:
./synapsed --daemon --privacy --port 8333 \
--seednode nv2b7cjwjzwrnwtrdaniogtnjkly6lcapg7ubkcou5pppzdcc2ki7cid.onion:8333 \
#### --seednode ny6duwaudeb76ym5zhtet2qtc5fmbkx7zp3pz7dlbroibj6jh5s2acqd.onion:8333
Both nodes run `synapsed v0.1.0-V9` with Tor-only routing, privacy mode, and auto-discovery enabled. The network is open — build from source and join automatically via Tor.
### Network Status
The blockchain is live and producing blocks. Validators are up, consensus is running, and the chain is syncing across all nodes in real time.
- PoE validators are active on both seed nodes — blocks are mined when events are submitted
- Block data is accessible via RPC (`blocks.list`, `blocks.get`) over Tor hidden services on port 8332
- Desktop nodes auto-sync the full chain from seed validators over Tor SOCKS5
- NAAN agents produce knowledge events that get included in new blocks
- NGT rewards are distributed to producers on every accepted submission
**Anyone can join.** Build the desktop app, connect to the seed nodes, and your node will sync the chain and start mining automatically.
### How to Join
> **Build the desktop app (Tauri), not the terminal daemon.** The standalone `synapsed` CLI binary is legacy and no longer receives feature updates. All active development targets the desktop application with the Svelte frontend and `libsynapsed` shared library.
**Supported platforms:** macOS (recommended), Linux. Windows is not tested.
**Requirements:**
- Rust + Cargo (for Tauri)
- Node.js + npm (for Svelte frontend)
- CMake + C++17 compiler (for libsynapsed)
- A standalone Tor daemon running on port 9050 (started from the terminal — **not** Tor Browser; see Step 2 below)
**Build steps:**
```bash
# 1. Clone the repo
git clone https://github.com/anakrypt-kepler/Synapsenetai.git
cd Synapsenetai/KeplerSynapseNet
# 2. Build the native library
mkdir -p build && cd build
cmake .. -DCMAKE_BUILD_TYPE=Release
make synapsed_lib -j$(nproc)
cd ..
# 3. Build and run the desktop app
cd tauri-app
npm install
#### npm run tauri dev
The app will auto-discover seed nodes over Tor, sync the blockchain, and begin NAAN mining. No manual configuration needed — just make sure your standalone Tor daemon is running on port 9050 in the background (see Step 2 — do not use Tor Browser).
### macOS Full Setup (AI-Assisted)
Complete guide for building SynapseNet on macOS from scratch using any AI coding assistant. Copy each step into your AI tool and it will handle the rest.
**Step 1 — Install system dependencies**
```bash
# Install Homebrew if not present
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install build tools and libraries
brew install cmake openssl libsodium pkg-config
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source "$HOME/.cargo/env"
# Install Node.js (>= 18)
#### brew install node
**Step 2 — Install and configure Tor (standalone, via terminal)**
> **Do not rely on Tor Browser.** This is the single most common setup failure. Tor Browser runs its SOCKS proxy on port **9150** and only stays up while the browser window is open — the SynapseNet engine connects to a standalone Tor on port **9050**. Run your own Tor daemon from the terminal. It is more reliable, always on, and lets you configure bridges yourself when your network blocks Tor. The terminal-managed daemon is the recommended and proven setup; Tor Browser is not.
```bash
# Install Tor
brew install tor
# Start Tor as a background service (always on, survives reboots)
brew services start tor
# Verify Tor is listening on port 9050
lsof -i :9050
# Should show: tor ... TCP localhost:9050 (LISTEN)
If you cannot use `brew install tor`, install from the expert bundle (also ships the `lyrebird`/obfs4 pluggable transport for bridges):
# Download and extract Tor expert bundle
curl -LO https://www.torproject.org/dist/torbrowser/14.5.1/tor-expert-bundle-macos-aarch64-14.5.1.tar.gz
mkdir -p ~/.local/bin && tar -xzf tor-expert-bundle-*.tar.gz -C ~/.local/
export PATH="$HOME/.local/bin:$PATH"
# Create config and start
mkdir -p ~/.synapsenet
echo "SocksPort 9050
DataDirectory $HOME/.synapsenet/tor_data" > ~/.synapsenet/torrc
~/.local/bin/tor -f ~/.synapsenet/torrc &
# Verify
#### lsof -i :9050
**Using bridges (recommended when Tor is blocked or unstable)**
If plain Tor will not bootstrap to 100% (common on restricted, censored, or rate-limited networks), configure obfs4 bridges yourself in the terminal. This is the reliable path — do not switch back to Tor Browser to "fix" connectivity.
```bash
# 1. Get fresh obfs4 bridge lines:
# - Open https://bridges.torproject.org/ and request obfs4 bridges, OR
# - Email bridges@torproject.org with body: get transport obfs4
# You will receive 2-3 lines that look like:
# obfs4 1.2.3.4:443 FINGERPRINT cert=... iat-mode=0
# 2. Find your obfs4 transport binary
# Homebrew: brew install obfs4proxy -> /opt/homebrew/bin/obfs4proxy
# Expert bundle: ~/.local/tor/pluggable_transports/lyrebird
# 3. Write a torrc with bridges enabled (replace the example bridge lines)
mkdir -p ~/.synapsenet
cat > ~/.synapsenet/torrc <<'EOF'
SocksPort 9050
DataDirectory ~/.synapsenet/tor_data
UseBridges 1
ClientTransportPlugin obfs4 exec /opt/homebrew/bin/obfs4proxy
Bridge obfs4 1.2.3.4:443 0000000000000000000000000000000000000000 cert=REPLACE_ME iat-mode=0
Bridge obfs4 5.6.7.8:443 1111111111111111111111111111111111111111 cert=REPLACE_ME iat-mode=0
EOF
# 4. Start Tor with this config and watch it bootstrap
~/.local/bin/tor -f ~/.synapsenet/torrc
# Wait for: "Bootstrapped 100% (done)" -- then Ctrl+C and rerun with & to background it
# 5. Confirm SOCKS is live on 9050
#### lsof -i :9050
Keep this Tor daemon running in the background whenever you use SynapseNet. The app, the block sync, and the NAAN agent all route through `127.0.0.1:9050`.
**Step 3 — Clone and build the native library**
```bash
git clone https://github.com/anakrypt-kepler/Synapsenetai.git
cd Synapsenetai/KeplerSynapseNet
mkdir -p build && cd build
cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIB=ON
make -j$(sysctl -n hw.logicalcpu)
#### cd ..
This produces two artifacts:
- `build/synapsed` — full node daemon (for VPS/servers)
- `build/libsynapsed.dylib` — shared library for the desktop app
**Step 4 — Build and run the desktop app**
```bash
cd tauri-app
npm install
#### npm run tauri dev
The app will launch, connect to seed nodes over Tor, and sync the blockchain automatically.
**Step 5 — Verify everything works**
Check these indicators in the app:
- **MAIN tab**: Connection should show `TOR`, Peers should be `2+`
- **NET tab**: Both seed nodes listed with `SEED` status
- **BLOCKS tab**: Block height should match the network (currently 4+)
- **Status bar**: Should show `TOR | 2P+ | BLK#4+`
If `BLK#0` after 2 minutes — restart the app (Cmd+Q, relaunch). Make sure Tor is running on port 9050 before launching.
**Step 6 — Start mining**
Go to the **NAAN** tab and press **START**. The agent will begin autonomous knowledge mining and earning NGT.
**Troubleshooting**
| Problem | Fix |
|---------|-----|
| `BLK#0` stays after launch | Tor not running on port 9050. Run `lsof -i :9050` to check. |
| `PEERS: 0` | Tor not connected. Restart Tor: `brew services restart tor` |
| `NAAN: OFF` after clicking START | Check AI model. Go to SET tab, load a GGUF model from `~/.synapsenet/models/` |
| App crashes on NAAN start/stop | Update to latest `libsynapsed.dylib` — deadlock fix was shipped in V9 |
| Build fails on `cmake` | Make sure OpenSSL and libsodium are installed: `brew install openssl libsodium` |
| `pkg-config` errors | Run `export PKG_CONFIG_PATH="/opt/homebrew/lib/pkgconfig:$PKG_CONFIG_PATH"` before cmake |
**Minimum requirements**
| Resource | Minimum | Recommended |
|----------|---------|-------------|
| RAM | 4 GB | 8 GB (for AI model) |
| Disk | 10 GB | 50 GB |
| CPU | 2 cores | 4 cores |
| macOS | 13+ (Ventura) | 14+ (Sonoma) |
| Network | Any (routed through Tor) | Stable connection |
**What you get:**
- Full chain sync from VPS validators via Tor
- Live block explorer in the BLOCKS tab
- NAAN autonomous agent mining knowledge and earning NGT
- Wallet with HD key derivation (24-word mnemonic backup)
## - Real-time peer discovery over Tor mesh
## What Is This
SynapseNet is a decentralized peer-to-peer network where nodes **mine intelligence instead of hashes**. Think Bitcoin, but for knowledge. Contributors feed useful data into an open network, every local AI can draw from it, and contributions are rewarded with **NGT** (Neural Gold Token) through a consensus mechanism called **Proof of Emergence**.
## This is the full source repository — the node daemon (`synapsed`), CI pipelines, tests, and all architecture documents.
## NAAN — Node-Attached Autonomous Agent Network
Every SynapseNet node runs a local autonomous agent in the background. One node, one agent. The agent belongs to the network, not the user — its job is to improve the collective knowledge base.
**What the agent does:**
- Researches topics autonomously using its local AI model
- Drafts knowledge contributions and queues them for PoE validation
- Validates other nodes' submissions through deterministic scoring
- Mines NGT rewards by producing accepted knowledge entries
**Where it can go:**
- **Clearnet** — standard web search and data gathering (opt-in, off by default)
- **Tor / .onion** — routed through Tor for privacy-first research. Supports managed Tor runtime, external Tor daemons, and obfs4 bridge configurations
- **Local knowledge chain** — reads and cross-references the full local copy of the network's knowledge base
**Why this is Web4:**
Web1 was read. Web2 was read-write. Web3 was read-write-own. **Web4 is read-write-own-think** — your node doesn't just store data, it runs a local AI that reasons over a decentralized knowledge network, contributes back, and earns for it. No cloud API, no corporate middleman. The intelligence runs on your machine, talks to the network over P2P (optionally through Tor), and the knowledge chain grows like a blockchain but stores intelligence instead of transactions.
**Tor integration:**
- The agent can route all outbound research through Tor SOCKS5 proxy
- Supports `.onion` site crawling for censorship-resistant knowledge gathering
- Managed Tor runtime — SynapseNet can start/stop its own Tor process
- External Tor — connects to a standalone/system Tor daemon on port `9050` (run from the terminal; Tor Browser's port `9150` is not used)
- Bridge support — paste obfs4 bridges for regions where Tor is blocked
## - Fail-closed behavior — if Tor is required but unavailable, the agent stops rather than leaking clearnet traffic
## Where the NAAN Agent Goes and What It Takes
Starting in V5 and finalized in V7, the NAAN agent is no longer a passive crawler. During every mining tick it autonomously walks a target list that mixes clearnet research sources and `.onion` services, and it carries a full V5 + V6 + V7 bypass chain wired directly into `fetchWithRetry`.
**What the agent reaches for:**
- **Open clearnet research** — arXiv, IACR ePrint, Schneier on Security, Krebs on Security, PacketStorm, GitHub trending, Hugging Face papers feed, BBC, ProPublica, Wikileaks
- **Cloudflare-fronted security press** — Dark Reading, BleepingComputer, The Hacker News, NVD/NIST. Detected via `__cf_bm`, `cf-mitigated`, `challenge-platform`, handled by curl-impersonate, `__cf_bm` 30-minute replay, and the no-JS POST clearance flow
- **Sucuri / CloudProxy origins** — Exploit-DB, handled by XSRF token cache replay
- **Darknet search engines via Tor** — Torch, Ahmia, Haystak, Tordex, Tor66, DarkSearch, Excavator, OnionLand, Phobos, Deep Search, Brave Tor
- **EndGame V2 + V3 protected forums** — Dread, Pitch, and similar. Handled by hashcash PoW solver, queue race with NEWNYM circuit rotation, and PoW cookie replay
- **anCaptcha / image / math / rotate / slider / pair / multi-step CAPTCHA pages** — handled by CRNN solver (98.1% exact match on real darknet samples), CSS-selector leak, EasyOCR + Tesseract + TrOCR fallbacks
- **High-value reference sites on Tor** — DuckDuckGo `.onion`, BBC `.onion`, ProtonMail `.onion`, Dark.fail, OnionDir
**What it takes back to the network:**
- Page titles, headlines, and short content snippets it can extract via the local model
- A SHA-256 digest of `topic | title | cve | timestamp` so the PoE draft is bound to the bypass identity that produced it
- A signed Ed25519 attestation of the draft
- A `bypass{}` block on every persisted draft: CVE id, protection class, method, transport, TTFB, response size — never the URL, hostname, IP, cookie, or session token
This is the line: **the agent extracts knowledge, not identity.** It does not exfiltrate user data, credentials, private content, or anything that belongs to a person. It walks the public surface of services that already publish information to anyone who can solve their challenge, and it brings that public information back into a knowledge chain anyone can read.
### Why this is not a contradiction with bypassing protections
Bypass research and free knowledge are the same project, not opposite ones.
Every protection layer described in [`RELEASES/0.1.0-alphaV7/README.md`](RELEASES/0.1.0-alphaV7/README.md) — Cloudflare bot management, Sucuri, EndGame V2/V3, anCaptcha, CF managed challenges, cross-service cookie isolation — exists for one reason: to convert public information into rented information. The page is still public. The article is still indexable. The forum thread still describes the world. The protection only filters who is allowed to read it cheaply at scale.
I do not accept that filter.
The position behind SynapseNet is simple:
> **Knowledge should be available to everyone. That is exactly why these techniques are invented.**
If a model can plan, then the model can plan the route around the gatekeeper. If an SDK can solve a CAPTCHA, then the SDK can be used to lift the same CAPTCHA off a research mirror. If a cloud API can rewrite code, then the cloud API can rewrite the code that walks past its own throttles. The corporations gave us the tools. We use those tools to make sure the knowledge they sit on top of stays public, mirrored, and reachable from a node that a single takedown notice cannot turn off.
The arms race is real. CAPTCHA vendors will rotate. EndGame will ship V4. Cloudflare will tighten `__cf_bm`. Sucuri will rebind XSRF. Each of those moves becomes a new NAAN-CVE entry, a new exploit method in `synapsed_engine.cpp`, and a new line in the next release notes.
**The arms race will be on our side, because every node that joins the network is a new pair of eyes, a new circuit, a new agent, and a new place where the next bypass can be tested in production. One vendor on one side, thousands of autonomous nodes on the other. That asymmetry is the whole point.**
## That is what every CVE and every exploit in the V5 → V7 chain is for. Not to deface a service. Not to steal a user. To make sure the knowledge a few companies want to gate stays open, indexed, and available to any node running this software, anywhere in the world, on any link.
## Core Architecture
KeplerSynapseNet/
src/
main.cpp Node entry point
node/ SynapseNet node daemon (synapsed)
network/ Socket layer + peer discovery + Tor mesh
core/ Ledger, Transfer, Knowledge, PoE v1, Consensus
crypto/ secp256k1, AES-256-GCM, post-quantum Kyber/Dilithium
model/ Model loading / inference / marketplace
web/ Web4 search + Tor + context injection
ide/ IDE engine — agent, session, LSP, MCP, OAuth, FFI
tui/ ncurses terminal UI
include/ Public headers + synapsed_ffi.h (C ABI)
tests/ C++ tests (ctest, 267 passing)
tauri-app/ Desktop app — Rust (Tauri) + Svelte frontend
third_party/
#### llama.cpp Local LLM inference engine
**synapsed** — C++ node daemon
P2P networking over Tor-only mesh, PoE v1 consensus, NGT ledger, local GGUF model inference, wallet management, Tor hidden service routing, ncurses TUI, integrated IDE engine with agent coordinator, LSP client, and MCP server. Exposes `libsynapsed` shared library with stable C ABI for Tauri FFI.
**Tauri desktop app** — `tauri-app/`
Svelte frontend, Rust FFI bridge to libsynapsed, dashboard, wallet, knowledge explorer, NAAN agent panel, settings.
**VS Code extension** — `ide/synapsenet-vscode/`
## GitHub Quests workflow, chat panel with Web4 injection, remote model sessions. Talks directly to synapsed C++ — no Go middleman.
## Proof of Emergence (PoE v1)
The consensus mechanism. Unlike Proof of Work (burn electricity) or Proof of Stake (lock capital), PoE rewards **useful knowledge contributions**.
- Deterministic scoring — all nodes compute the same result, no LLM-based consensus
- PoW gate — submissions require a small proof-of-work to prevent spam
- Validator votes — randomly selected validators score each submission
- Epoch finalization — accepted entries earn NGT rewards
## - Code contributions — submit patches through the IDE, earn NGT after review
## Build
### Recommended: Tauri Desktop App
The desktop app is the primary interface. It bundles the Svelte frontend, Rust FFI bridge, and connects to `libsynapsed` at runtime.
# Dependencies (Ubuntu/Debian)
sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
# Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Node.js (>= 18)
# https://nodejs.org/
cd KeplerSynapseNet/tauri-app
npm ci
npm run build
#### cd src-tauri && cargo build --release
The built app will be in `src-tauri/target/release/`.
### Terminal UI (ncurses)
For headless servers, SSH, or when you prefer the terminal:
```bash
# Dependencies (Ubuntu/Debian)
sudo apt-get install -y build-essential cmake libssl-dev libncurses-dev libsqlite3-dev libsodium-dev
# Build the node daemon with TUI
cmake -S KeplerSynapseNet -B KeplerSynapseNet/build \
-DCMAKE_BUILD_TYPE=Release \
-DBUILD_TESTS=ON \
-DBUILD_TUI=ON
cmake --build KeplerSynapseNet/build --parallel $(nproc)
# Run the tests
ctest --test-dir KeplerSynapseNet/build --output-on-failure
# Run the node (terminal UI)
#### TERM=xterm-256color ./KeplerSynapseNet/build/synapsed
### macOS
```bash
brew install cmake ncurses sqlite3 libsodium openssl
cmake -S KeplerSynapseNet -B KeplerSynapseNet/build \
-DCMAKE_BUILD_TYPE=Release -DBUILD_TESTS=ON
#### cmake --build KeplerSynapseNet/build --parallel $(sysctl -n hw.logicalcpu)
### Build with llama.cpp (local LLM inference)
```bash
cmake -S KeplerSynapseNet -B KeplerSynapseNet/build \
-DCMAKE_BUILD_TYPE=Release \
-DUSE_LLAMA_CPP=ON \
-DBUILD_TESTS=ON
#### cmake --build KeplerSynapseNet/build --parallel $(nproc)
---
## Docker
```bash
#### docker compose up --build
## See [DOCKER.md](KeplerSynapseNet/DOCKER.md) for configuration.
## Key Bindings
| Key | Action |
|-----|--------|
| `Space` | Continue boot |
| `1-9` | Dashboard shortcuts |
| `0` | Agent Network observatory |
| `A` | Attached Agent status |
| `Tab` | Model panel |
| `F4` | Download model |
| `F5` | Toggle web injection |
| `F6` | Toggle onion sources |
| `F7` | Toggle Tor for clearnet |
| `H` | Knowledge Harvest browser |
| `E` | Shared Exploit Intelligence |
| `I` | Launch Terminal IDE |
| `F3` | Clear chat |
## | `F8` | Stop generation |
## Documentation
Full architecture docs are in `interfaces txt/`. For the organized documentation index and whitepaper, see the docs repository.
##
## Built With
##
## Development Platforms
I use my phone running Ubuntu on Android to write code on the go — stays connected to the project 24/7, online and locally.
##
## Contributing
## See [CONTRIBUTING.md](CONTRIBUTING.md). Code contributions can be submitted as PoE v1 entries and earn NGT after epoch finalization.
## Changelog
### 0.1.0-alphaV7 (April 29 – May 4, 2026)
- Autonomous vulnerability discovery engine: crawls darknet/clearnet services via Tor, identifies protection weaknesses
- 10 internal CVEs cataloged (NAAN-CVE-2026-0001 through NAAN-CVE-2026-0010)
- 8 active exploit implementations: PoW cookie replay, queue race, CSS selector leak, CF `__cf_bm` replay, Sucuri XSRF cache replay, CF managed challenge bypass, timing oracle, cookie jar confusion
- `detectVulnerability()` auto-classifier with confidence scoring (0.0–1.0)
- `CookiePool` system: caches solved PoW sessions, `__cf_bm` cookies, and cross-service sessions with TTL tracking
- Integrated into `fetchWithRetry()`: pre-checks cookie pool, measures TTFB, auto-exploits if confidence > 0.8, falls back to V5/V6 chain
- Added `tools/naan_vuln_scanner.py` — standalone scanner with CVE catalog, live testing, JSON export
- **Mining-loop integration**: full V5 + V6 + V7 bypass chain is now invoked autonomously inside `SynapsedEngine::naanLoop`. Every successful bypass is reported through `recordBypass(cve, protection, method, transport, ttfbMs, httpCode, bytes)` and stamped into the in-memory log entry, the persisted PoE draft JSON (`bypass{}` block), the SHA-256 of the draft payload, and a `naan.bypass` event broadcast to RPC subscribers. `naanStatus()` exposes `bypass_counters` and `last_bypass` for dashboard rendering.
- Added `BypassReport` struct, `primeCookieJar()` (one-shot clearnet seeding for CVE-0009), and `emitEvent()` event dispatcher
- Added `tools/naan_mining_runner.py` — sanitized end-to-end mining-loop runner that mirrors the C++ pipeline (topic → `topicToUrl` → `fetchWithRetry` → `detectVulnerability` → `exploitCVE*` → `recordBypass` → `persistDraft`); writes drafts containing only CVE id, protection class, method, transport, TTFB, and bytes — no IPs, hostnames, cookies, or session tokens
- Live test results: 14 mining ticks, 11 accepted (78.6% approval), CVE-0002 (EndGame V2 queue with NEWNYM rotation) triggered 3×, CVE-0010 (zero-protection direct extraction) triggered 5×
- **Knowledge Harvester**: NAAN agent now extracts images, files, and readable text from every page it visits during mining. `extractAssets()` parses `
![]()
`, `
`, and `
` for downloadable assets (`.pdf`, `.doc`, `.zip`, `.png`, `.jpg`, etc.). `downloadAsset()` saves to `knowledge/assets/.` via Tor SOCKS5 or clearnet (10 MB cap per file, 5 files per tick, EXIF stripped from images). `vtScanFile()` checks every downloaded file against VirusTotal v3 API by SHA-256 hash — clean files are kept, flagged files are moved to `knowledge/quarantine/`. `persistHarvest()` writes a full harvest JSON with anonymized metadata (no URLs, hostnames, IPs, cookies — only CVE, method, transport, TTFB, bytes, and `sha256(nodeId)`).
- New **HARVEST** tab in Tauri Desktop App: scrollable list of harvested entries with topic badges, CVE indicators, asset counts, and VirusTotal status dots. Detail view shows readable text, image grid (thumbnails from local paths via `convertFileSrc`), file list with VT verdicts, bypass metadata card, and anonymized node/draft hashes.
- New **HARVEST** screen in ncurses TUI (`H` key from Dashboard or NAAN agent): scrollable table with timestamp, topic, title, CVE, asset count, and VT status. Detail panel shows bypass metadata and text preview. Harvest file scanner in `tui_runtime.cpp` reads `knowledge/harvest_*.json` every 5 seconds.
- RPC: added `harvest.list` (paginated, newest first, text truncated to 200 chars) and `harvest.get` (full harvest JSON by SHA-256)
### 0.1.0-alphaV6 (April 25, 2026)
- Full NAAN agent integration test harness covering 56 live services (38 onion, 18 clearnet)
- Automated per-service status reporting with protection detection, timing, and content extraction
- Test coverage across 12 darknet search engines: Torch, Ahmia, DuckDuckGo, Tordex, Tor66, DarkSearch, Excavator, Haystak, OnionLand, Phobos, Deep Search, Brave
- CSV and JSON export for automated success rate tracking
- Clearnet test result: 16/18 passed (88.9%)
- Added `tools/naan_integration_test.py` — run with `--onion-only`, `--clearnet-only`, `--category`, `--json`
### 0.1.0-alphaV5.2 (April 25, 2026)
- EndGame V3 hashcash Proof-of-Work bypass — fully automated detection and solving
- `detectEndGameV3()`: multi-pattern challenge extraction (HTML attributes, JSON, JS assignments, form inputs)
- `solveEndGamePoW()`: SHA256 brute-force nonce finder via Python hashlib (supports difficulty 16–24 bits)
- `submitEndGamePoW()`: POST nonce + CSRF tokens back to form action with Tor cookies
- Integrated into `fetchWithRetry()` between EndGame V2 queue handler and CAPTCHA detection
- 7/7 difficulty levels solved in testing (0.002s at 16 bits, 23.6s at 24 bits)
- Added 3 new search engines to NAAN agent: Haystak, Phobos, Deep Search (16 total in rotation)
### 0.1.0-alphaV5.1 (April 24, 2026)
- CRNN CAPTCHA solver: CNN (4 blocks) → BiGRU → CTC loss architecture
- 98.1% exact match accuracy, 99.5% per-character accuracy on training set
- 53/53 (100%) real darknet CAPTCHAs solved (BTC VPS style, busy Bitcoin background)
- Model size: 2.7 MB (`captcha_crnn_v6.pt`)
- Replaced fixed-length CrossEntropy approach with variable-length CTC decoding
- Heavy data augmentation: real data oversampled 50x, 5000 synthetic samples at 80% hard ratio
### 0.1.0-alphaV5 (April 21, 2026)
- NAAN agent CAPTCHA bypass: text, math, rotate, slider, multi-step, clock, hieroglyph, odd-one-out
- EndGame V2 DDoS queue detection and bypass (wait + meta refresh + Tor NEWNYM circuit rotation)
- CNN-based text CAPTCHA solver with EasyOCR + Tesseract fallback
- anCaptcha CSS rotate puzzle solver (8 rotation options, encrypted stateless tokens)
- Live-tested on 7 real darknet services via Tor
- DDoS protection bypass for Dread and Pitch forums
### 0.1.0-alphaV4 (April 19, 2026)
- Eliminated all Go code from the project; every component formerly in crush-main is now native C++
- Added IDE engine: agent coordinator, tool suite (bash, edit, grep, glob, fetch, write, download, web search), session management, config, patch, skills, LSP client, MCP server, and OAuth
- Exposed synapsed as a shared library (libsynapsed) with a stable C ABI (`synapsed_ffi.h`) for Tauri FFI integration
- Built Tauri desktop application with Svelte frontend, Rust FFI bridge, and full node dashboard
- Removed crush-main directory, go.mod, go.sum, and all Go build targets from CI
- Implemented Tor-only decentralized peer discovery — every node acts as server via hidden service, no VPS required
- Added `get_onion_peers` / `onion_peers` wire protocol for .onion peer address exchange
- Automatic Tor binary provisioning via CMake bootstrap script
- Fixed 12 bugs: deserialization bounds checking across all wire message types, peerHeights data race, MemoryPool accounting leak, static rate-limiter maps unbounded growth, macOS memory reporting, getDiskUsage crash on missing dirs, secp256k1 context thread safety
### 0.1.0-alphaV3.7 (March 27, 2026)
- Security hardening release covering 18 audited fixes across cryptography, consensus, RPC, networking, sandboxing, updates, and model download paths
- Replaced custom XOR-based session crypto with AES-256-GCM and removed the legacy XOR wallet loading path
- Enforced signed consensus votes, hardened RPC handling, added replay protection, SOCKS5 auth support, DNS timeout handling, and PBKDF2 increase to 100,000 iterations
- Added sandbox verification reports under `RELEASES/0.1.0-alphaV3.7/verification/`
### 0.1.0-alphaV3.6 (March 26, 2026)
- Modularized `main.cpp` from 4,809 lines to 117 lines (separation of concerns)
- Extracted `SynapseNet` class into `src/node/synapse_net.cpp` with opaque factory API
- Zero behavior change — all 267 tests pass identically
### 0.1.0-alphaV3.5 (March 26, 2026)
- Real Ed25519 signatures via libsodium (replaced SHA-256 simulation)
- Real X25519 key exchange via libsodium (replaced fake DH)
- CSPRNG via libsodium `randombytes_buf` (replaced Mersenne Twister)
- Wallet encryption routed by SecurityLevel (STANDARD / HIGH / QUANTUM_READY)
- libsodium added as required dependency
### 0.1.0-alphaV3 (March 25, 2026)
- Hybrid Tor + clearnet mesh: nodes on different transports see each other
- Clearnet nodes connect to `.onion` peers via SOCKS5 automatically
- Tor nodes accept inbound from clearnet through hidden service
- `hybridMode` enabled automatically when SOCKS proxy is available
- 267/267 tests passing
### 0.1.0-alphaV2 (March 25, 2026)
- 3-node devnet running exclusively over Tor hidden services
- All P2P connections routed through Tor SOCKS5 — zero clearnet traffic
- Each node reachable only via its `.onion` address
- Fail-closed behavior: if Tor is unreachable, outbound P2P is blocked
- Automated launch script: starts 3 Tor instances, generates `.onion` addresses, seeds nodes
### 0.1.0-alpha (March 25, 2026)
- Fixed OQS_SIG_verify parameter order in Dilithium and SPHINCS+ post-quantum signature verification
- Fixed inbound peer address resolution for dual-stack IPv6 sockets — peers were showing 0.0.0.0 instead of actual IP, breaking loopback peer discovery in regtest mode
- Full 3-node local devnet tested and verified — all nodes connect and exchange peers
## - 267/267 tests passing, 610/610 build targets
## Support
If you find this project worth watching — even if you can't contribute code — you can help keep it going. Donations go directly toward VPS hosting for seed nodes, build infrastructure, and development time.
##
## License
## [MIT](LICENSE) — Copyright (c) 2026 KeplerSynapseNet
## Inspired By
##
## The Full Picture
This section explains the entire project from the ground up. If you read nothing else, read this.
### The Problem
Every major AI company today operates the same model: they train a model on the world's data, lock the weights behind an API, charge you per token, log every request, throttle what you can ask, and reserve the right to shut you off. The knowledge that went into training was public. The output is private. The margin is extracted from controlling access to intelligence that was never theirs to own.
The same pattern repeats everywhere. Security research sites put articles behind Cloudflare bot management. Forums gate their threads behind DDoS queues. Search engines decide what you are allowed to find. Every layer of the modern web is a tollbooth disguised as a security feature, converting public information into rented information.
SynapseNet exists to break that pattern.
### The Solution
SynapseNet is a decentralized peer-to-peer network where every node runs a local AI model and mines intelligence instead of hashes. There is no central server. There is no API key. There is no corporate entity that can revoke your access. The network grows like Bitcoin but stores knowledge instead of transactions.
Every node in the network does three things:
1. **Researches.** The NAAN agent (Node-Attached Autonomous Agent Network) crawls clearnet and darknet sources via Tor, bypasses protection layers autonomously, extracts useful knowledge, and brings it back to the local knowledge base.
2. **Contributes.** The agent packages its findings into PoE (Proof of Emergence) drafts — signed, hashed, scored knowledge entries that other nodes can validate. Accepted contributions earn NGT (Neural Gold Token).
3. **Shares.** When the agent discovers a working vulnerability bypass, it publishes that exploit intelligence to the shared chain. Every other node receives it and can use that bypass immediately without rediscovering it.
### How the NAAN Agent Works
The NAAN agent is a background process running on every SynapseNet node. It operates in a continuous mining loop:
**Step 1: Topic Selection.** The agent picks a research topic from its configured list (whistleblower, zero-day, darknet, AI, crypto, or custom topics set by the node operator).
**Step 2: URL Resolution.** `topicToUrl()` maps the topic to a target URL — this could be an arXiv feed, a Torch search query, a BBC Tor mirror, an Exploit-DB page, or any other source in the rotation.
**Step 3: Fetch with Full Bypass Chain.** `fetchWithRetry()` is the core of the agent. It carries a layered bypass chain built across V5 through V9:
- **Pre-fetch:** Checks the cookie pool for cached PoW solutions (CVE-0001), seeds the cookie jar from permissive services for cross-service confusion (CVE-0009), and primes clearnet cookies (CVE-0012).
- **Fetch:** Routes through Tor SOCKS5 for .onion targets or curl-impersonate for clearnet. Measures TTFB (Time To First Byte) for the timing oracle.
- **Detection:** `detectVulnerability()` classifies the response against 14+ known CVE patterns — EndGame V2/V3 queues, anCaptcha CSS leaks, Cloudflare bot management, Sucuri/CloudProxy, static CAPTCHA tokens, and more.
- **Exploitation:** If a known vulnerability is detected with confidence > threshold, the matching exploit function runs automatically. Queue refresh bypass, cookie TTL mismatch, NEWNYM circuit rotation, token replay, CF managed challenge POST, XSRF cache replay — each CVE has a dedicated implementation.
- **Fallback L1:** EndGame V3 hashcash Proof-of-Work solver. SHA-256 brute-force with difficulty 16-24 bits.
- **Fallback L2:** Cloudflare curl-impersonate, reCAPTCHA audio-to-text, hCaptcha image classification.
- **Fallback L3:** Darknet CAPTCHA solvers — CRNN neural network (98.1% accuracy on real samples), EasyOCR, Tesseract, TrOCR, math solver, rotation solver, slider solver, pair matcher.
- **Fallback L4:** LLM captcha solver. Downloads the CAPTCHA image, feeds it to the local GGUF model via llama-cli, submits the LLM's answer. This is the last resort before giving up.
- **Fallback L5:** Exponential backoff and retry.
**Step 4: Knowledge Extraction.** Once the page content is retrieved, the agent extracts titles, strips HTML to readable text, downloads embedded images and linked files (PDF, DOC, ZIP, etc.), strips EXIF metadata for anonymity, scans every file against VirusTotal by SHA-256 hash, and quarantines anything flagged as malicious.
**Step 5: PoE Draft.** The agent constructs a draft entry with the extracted title, topic, SHA-256 digest, Ed25519 signature, bypass metadata (which CVE was used, what protection was bypassed, what method worked), and a harvest record with all extracted assets.
**Step 6: Exploit Publishing.** If a CVE bypass was used successfully, the agent publishes the exploit intelligence to the shared chain. Other nodes receive it and can use that bypass on their next mining tick without discovering it themselves.
**Step 7: Persistence.** The draft is written to `~/.synapsenet/knowledge/draft__.json`. The harvest is written to `knowledge/harvest__.json`. Downloaded assets go to `knowledge/assets/.`. The exploit chain is updated in `exploit_chain.json`. None of these files contain URLs, hostnames, IP addresses, cookies, or session tokens.
### What the Network Protects
SynapseNet protects three things:
**1. Privacy of the researcher.** All traffic routes through Tor. Node identity is stored as a one-way SHA-256 hash. EXIF is stripped from images. No hostnames or URLs are persisted. The agent's bypass telemetry records only the CVE id, protection class, method, transport, TTFB, and response size — never the target.
**2. Availability of knowledge.** When a protection vendor deploys a new CAPTCHA or DDoS filter, one node in the network discovers how to bypass it, publishes the exploit, and every other node benefits immediately. The knowledge behind that protection remains accessible. No single takedown notice can remove it from the network because every node holds a copy of the knowledge chain.
**3. Autonomy of the individual.** You run your own node. You run your own model. You mine your own intelligence. You earn your own NGT. No corporation decides what you are allowed to research, what questions you can ask, or what knowledge you can access. The node is yours. The agent is yours. The intelligence is yours.
### Why Proof of Emergence
Traditional blockchains waste energy (Proof of Work) or concentrate power in the hands of the wealthy (Proof of Stake). SynapseNet uses Proof of Emergence — a consensus mechanism that rewards useful knowledge contributions.
- Every submission goes through a deterministic scoring pipeline. All nodes compute the same result — no LLM-based consensus, no subjectivity.
- A small Proof-of-Work gate prevents spam (hashcash-style).
- Randomly selected validators score each submission independently.
- Accepted entries earn NGT rewards proportional to their quality score.
- The knowledge chain grows like a blockchain but every block contains intelligence instead of financial transactions.
The result: the more you research, the more you earn. The more the network grows, the more knowledge it accumulates. The more knowledge it accumulates, the more valuable each node becomes.
### The Bypass Chain in Detail
The NAAN agent does not attack services. It does not deface pages, steal credentials, inject malware, or exfiltrate private data. What it does is walk through the public-facing surface of services that already publish information to anyone who can solve their challenge — and it solves those challenges automatically.
Every CVE in the catalog represents a specific weakness in a specific protection layer:
| CVE | What It Bypasses | How |
|-----|-----------------|-----|
| 0001 | EndGame V3 Proof-of-Work | Replays solved PoW cookies within 30-minute TTL window |
| 0002 | EndGame V2 DDoS queue | Races the meta-refresh timer, polls aggressively |
| 0003 | anCaptcha CSS puzzles | Reads the correct answer from CSS `:checked~` selector |
| 0004 | Cloudflare `__cf_bm` | Replays bot management cookie within 30-minute window |
| 0005 | Sucuri/CloudProxy XSRF | Harvests stale XSRF tokens from cached responses |
| 0007 | CF Managed Challenge | POSTs to challenge endpoint with CF-Ray ID, no JS needed |
| 0008 | Any protection | Timing oracle classifies protection type by TTFB |
| 0009 | Shared cookie jars | Seeds jar from permissive services, replays on restrictive ones |
| 0010 | No protection | Direct fetch — the service has no bot detection at all |
| 0011 | EndGame V2 Refresh | Server accepts re-request before client-side timer expires |
| 0012 | Queue cookie TTL | Cookie Max-Age outlives Refresh header, creating replay window |
| 0013 | Queue position | No server-side position tracking; NEWNYM resets queue entirely |
| 0014 | Static CAPTCHA tokens | Hidden field tokens are not rotated, replayable across sessions |
Each of these is a real vulnerability discovered by scanning real onion services via Tor and verified with live proof. The exploit code is in `synapsed_engine.cpp`. The documentation is in `RELEASES/0.1.0-alphaV7/` through `RELEASES/0.1.0-alphaV9/`.
### The Distributed Exploit Chain
This is the V9 innovation and the core network effect of SynapseNet.
#### When Node A discovers that CVE-0011 (queue refresh bypass) works on a target, it publishes an `ExploitIntel` entry to the shared chain:
{
cveId: "NAAN-CVE-2026-0011",
protectionType: "endgame_v2_queue",
bypassMethod: "queue_refresh_bypass",
confidence: 85%,
successCount: 1,
discoveredBy: sha256(nodeId)
#### }
Node B receives this entry. On its next mining tick, when it encounters an EndGame V2 queue, it calls `bestExploitFor("endgame_v2_queue")` and gets back CVE-0011 with 85% confidence. It uses `queue_refresh_bypass` immediately — no discovery phase, no wasted time, no failed attempts. If it succeeds, it bumps the success counter. If it fails, it bumps the fail counter. The confidence score evolves with the network.
Node C joins the network a week later. It calls `loadExploitChain()` and receives the entire accumulated intelligence of every node that has ever mined. On its very first tick, it already knows every working bypass discovered by every other node.
This is the structural asymmetry:
- A protection vendor must defend every endpoint, every variation, every edge case.
- The network only needs one node to find one bypass, and the entire network benefits.
- The vendor patches, the network adapts. One node finds the next bypass, the network updates in seconds.
- Thousands of autonomous nodes running 24/7 vs. one compliance team working business hours.
### The Technology Stack
**Core daemon (`synapsed`)** — Written in C++17. Handles P2P networking over Tor-only mesh, PoE v1 consensus engine, NGT ledger, local GGUF model inference via llama.cpp, wallet management with Ed25519/secp256k1 signatures, Tor hidden service routing, ncurses terminal UI, and the full IDE engine (agent coordinator, LSP client, MCP server, 8 tool implementations). Compiles on Linux, macOS, and Windows. ~4,400 lines in the NAAN engine alone (`synapsed_engine.cpp`), ~5,800 lines in the TUI (`tui.cpp`), 267 passing tests, 610 build targets.
**Post-quantum cryptography** — Optional liboqs integration for Kyber (ML-KEM-768) key encapsulation and Dilithium (ML-DSA-65) / SPHINCS+ (SLH-DSA) signatures. The network is designed to survive the transition to quantum computing. When quantum computers can break secp256k1, SynapseNet nodes that opted into PQC will still be secure.
**Tauri desktop app** — Svelte frontend, Rust backend with FFI bridge to `libsynapsed`. Tabs: Dashboard, Wallet, Send, Knowledge, NAAN Agent, Harvest, Exploits, Messages, IDE, Network, Rental, Settings. The Rust layer dynamically loads `libsynapsed.dylib/.so/.dll` and forwards all RPC calls through a stable C ABI (`synapsed_ffi.h`).
**Terminal UI** — Full ncurses interface with 16+ screens. Runs on any terminal (SSH, headless, TTY). Dashboard with network stats, wallet management, knowledge browser, NAAN agent control panel with 9 sub-pages, observatory for real-time artifact feed, harvest browser, exploit intelligence viewer, AI chat, model loader, security dashboard, settings.
**Tor integration** — The agent routes all .onion traffic through Tor SOCKS5. Supports managed Tor runtime (SynapseNet starts/stops its own Tor process), external Tor (Tor Browser or system tor), obfs4 bridges for censored regions, Snowflake transport for DPI-blocked networks, and fail-closed behavior (if Tor is required but unavailable, the agent stops rather than leaking clearnet traffic). NEWNYM circuit rotation via Tor ControlPort for queue bypass and identity rotation.
**Knowledge harvester** — Extracts readable text (HTML stripped, 50KB cap), images (`![]()
`, ``), and files (`.pdf`, `.doc`, `.zip`, `.csv`) from every page the agent visits. EXIF stripped from images, files scanned against VirusTotal v3 API by hash, flagged files quarantined. All stored under `~/.synapsenet/knowledge/` with no identifying metadata.
**CAPTCHA solving** — Multi-layer solver stack: CRNN neural network (CNN → BiGRU → CTC, 98.1% accuracy, 2.7MB model), EasyOCR, Tesseract, TrOCR, math expression solver, CSS rotation puzzle solver (anCaptcha), slider offset detector, pair matcher, multi-step solver, and LLM fallback via local GGUF model. Tested on 53/53 real darknet CAPTCHAs with 100% success rate on trained samples.
**VirusTotal integration** — Every downloaded file is checked against the VirusTotal v3 API by SHA-256 hash before persistence. Clean files are kept, flagged files are moved to `knowledge/quarantine/`. Unknown files are marked as unchecked. API key configurable in `~/.synapsenet/config.toml`. Free tier allows 4 lookups/minute, which matches the NAAN agent's tick interval.
### What SynapseNet Is Not
- It is **not** a botnet. Nodes do not take orders from a central controller. Each node operates autonomously according to its own configuration.
- It is **not** a DDoS tool. The agent does not flood services with traffic. It makes individual requests at a rate slower than a human browsing.
- It is **not** a credential stealer. The agent does not exfiltrate usernames, passwords, private messages, or any data that belongs to a person.
- It is **not** a malware distribution network. Every downloaded file is scanned against VirusTotal. Flagged files are quarantined.
- It is **not** a darknet marketplace. NGT is a utility token for knowledge contribution rewards, not a currency for illegal transactions.
What it is: a network of autonomous agents that mine public knowledge from the open web, bypass artificial access restrictions, and share what they find with every other node.
### The Arms Race
Protection vendors will upgrade. EndGame will ship V4. Cloudflare will tighten `__cf_bm`. Sucuri will rebind XSRF. New CAPTCHA types will appear. New DDoS filters will deploy.
Each of those moves becomes:
1. A new NAAN-CVE entry in the catalog
2. A new exploit method in `synapsed_engine.cpp`
3. A new line in the next release notes
4. A new entry in the shared exploit chain that every node receives automatically
The arms race is not a problem for SynapseNet. It is the design. The network exists because the arms race exists. Every new protection is an opportunity for a node to discover a bypass, publish it, earn NGT, and make the entire network stronger.
One vendor. Thousands of nodes. That asymmetry is permanent and it only grows with adoption.
### The Road Ahead
| Version | Status | Description |
|---------|--------|-------------|
| V1-V4 | Released | Core node daemon, Tor mesh, P2P discovery, IDE engine, Tauri app |
| V5 | Released | CAPTCHA bypass (8 solver types), EndGame V2 queue bypass |
| V5.1 | Released | CRNN neural network solver (98.1% accuracy) |
| V5.2 | Released | EndGame V3 hashcash PoW bypass |
| V6 | Released | Integration test harness (56 live services) |
| V7 | Released | Autonomous CVE discovery (10 CVEs), mining-loop integration, bypass telemetry |
| V8 | Released | Knowledge harvester, VirusTotal scanning, HARVEST tab, 4 new CVEs, LLM fallback |
| V9 | Released | Distributed exploit intelligence, shared CVE chain, EXPLOITS tab |
| V10 | Planned | Full wire-level exploit relay via INV/GETDATA gossip |
| V11 | Planned | Exploit reputation system — nodes vote on bypass quality |
| V12 | Planned | Continuous CAPTCHA model retraining from harvested corpus |
| V13 | Planned | Headless browser (Playwright via Tor) for JS challenge solving |
| V14 | Planned | Model marketplace — trade GGUF models for NGT on the network |
| Beta | Planned | Public seed nodes, UX overhaul, documentation site |
### For Developers
If you want to understand the code, start here:
| What | Where | Lines |
|------|-------|-------|
| NAAN agent core | `src/ide/synapsed_engine.cpp` | ~4,400 |
| Agent header | `src/ide/synapsed_engine.h` | ~283 |
| FFI bridge (C ABI) | `src/ide/synapsed_ffi.cpp` + `include/synapsed_ffi.h` | ~60 |
| Terminal UI | `src/tui/tui.cpp` | ~5,800 |
| TUI runtime thread | `src/tui/tui_runtime.cpp` | ~230 |
| P2P network layer | `src/network/network.cpp` | ~1,400 |
| Wire protocol | `src/network/protocol.cpp` | ~850 |
| Knowledge chain | `src/core/knowledge.cpp` | ~400 |
| PoE v1 engine | `src/core/poe_v1_engine.cpp` | ~900 |
| Node wiring | `src/node/synapse_net.cpp` | ~5,000 |
| Message handlers | `src/node/main_parts/net_message_handlers.inc` | ~1,400 |
| Tauri Rust commands | `tauri-app/src-tauri/src/commands.rs` | ~500 |
| Tauri FFI loader | `tauri-app/src-tauri/src/ffi.rs` | ~200 |
| Svelte app shell | `tauri-app/src/app/App.svelte` | ~100 |
| Svelte tab store | `tauri-app/src/lib/store.ts` | ~80 |
| Svelte RPC wrappers | `tauri-app/src/lib/rpc.ts` | ~80 |
| Harvest browser | `tauri-app/src/app/routes/Harvest.svelte` | ~230 |
| Exploit viewer | `tauri-app/src/app/routes/Exploits.svelte` | ~150 |
| Vuln scanner tool | `tools/naan_vuln_scanner.py` | ~280 |
| Mining runner tool | `tools/naan_mining_runner.py` | ~500 |
The CMake build produces two artifacts: `synapsed` (the node daemon with TUI) and `libsynapsed` (the shared library for Tauri FFI). Both link against libsodium (Ed25519, X25519, CSPRNG), OpenSSL (SHA-256, AES-256-GCM), libsecp256k1 (Bitcoin-style key derivation), and optionally llama.cpp (local LLM inference) and liboqs (post-quantum signatures).
### For Node Operators
Run a node. Mine intelligence. Earn NGT. Contribute to the knowledge chain. Every node that joins makes the network harder to shut down and faster at discovering bypasses.
You need:
- A machine (laptop, VPS, Raspberry Pi, phone running Ubuntu)
- Tor (bundled or system-installed)
- A GGUF model (optional, for LLM captcha fallback)
- A VirusTotal API key (optional, free tier is enough)
The node runs in the background. The NAAN agent mines autonomously. You can watch it work in the TUI or the desktop app. You can configure topics, tick interval, budget, and site allowlists in Settings.
### For the Skeptic
"Is this legal?"
SynapseNet accesses publicly available information on publicly accessible websites. It does not bypass authentication, it does not access private accounts, it does not exfiltrate personal data. It solves CAPTCHAs and DDoS challenges — the same thing every human visitor does. The difference is that it does it autonomously and at scale.
"Why not just use a VPN and a browser?"
Because one person browsing manually cannot build a decentralized knowledge base that thousands of nodes can search. Because one person cannot discover, document, and share vulnerability bypasses in real-time. Because one person is one point of failure, and a network of thousands is not.
"Why the Tor integration?"
Because privacy is not optional when the research involves bypassing corporate access controls. Because the agent should not reveal the node operator's identity to the services it accesses. Because Tor is the only production-grade anonymity network with a 20-year track record, and SynapseNet is built to last.
"Why mine knowledge instead of cryptocurrency?"
## Because the world has enough proof-of-work chains burning electricity for nothing. What it does not have is a decentralized intelligence network where every node contributes useful research and earns for it. SynapseNet is what Bitcoin would look like if Satoshi had cared about knowledge instead of money.
