v0.9.6: InfoNet hashchain, Wormhole gate encryption, mesh reputation, 16 community contributors

Gate messages now propagate via the Infonet hashchain as encrypted blobs — every node syncs them
through normal chain sync while only Gate members with MLS keys can decrypt. Added mesh reputation
system, peer push workers, voluntary Wormhole opt-in for node participation, fork recovery,
killwormhole scripts, obfuscated terminology, and hardened the self-updater to protect encryption
keys and chain state during updates.

New features: Shodan search, train tracking, Sentinel Hub imagery, 8 new intelligence layers,
CCTV expansion to 11,000+ cameras across 6 countries, Mesh Terminal CLI, prediction markets,
desktop-shell scaffold, and comprehensive mesh test suite (215 frontend + backend tests passing).

Community contributors: @wa1id, @AlborzNazari, @adust09, @Xpirix, @imqdcr, @csysp, @suranyami,
@chr0n1x, @johan-martensson, @singularfailure, @smithbh, @OrfeoTerkuci, @deuza, @tm-const,
@Elhard1, @ttulttul

desktop-shell/src/nativeControlRouter.ts

@@ -0,0 +1,105 @@
+import type {
+  DesktopControlCommand,
+  DesktopControlPayloadMap,
+} from '../../frontend/src/lib/desktopControlContract';
+import {
+  controlCommandCapability as resolveCommandCapability,
+  extractGateTargetRef,
+  sessionProfileCapabilities as capabilitiesForProfile,
+} from '../../frontend/src/lib/desktopControlContract';
+import { createSettingsHandlers } from './handlers/settingsHandlers';
+import { createUpdateHandlers } from './handlers/updateHandlers';
+import { createWormholeHandlers } from './handlers/wormholeHandlers';
+import type {
+  NativeControlExecutor,
+  NativeControlHandlerContext,
+  NativeControlHandlerMap,
+  NativeControlInvokeMeta,
+} from './types';
+
+function createHandlerMap(): NativeControlHandlerMap {
+  return {
+    ...createWormholeHandlers(),
+    ...createSettingsHandlers(),
+    ...createUpdateHandlers(),
+  };
+}
+
+export function createNativeControlRouter(
+  ctx: NativeControlHandlerContext,
+  exec: NativeControlExecutor,
+) {
+  const handlers = createHandlerMap();
+  return {
+    async invoke<C extends DesktopControlCommand>(
+      command: C,
+      payload: DesktopControlPayloadMap[C],
+      meta?: NativeControlInvokeMeta,
+    ): Promise<unknown> {
+      const handler = handlers[command];
+      if (!handler) {
+        throw new Error(`native_control_handler_missing:${command}`);
+      }
+      const expectedCapability = resolveCommandCapability(command);
+      const profile = ctx.sessionProfile;
+      const profileCapabilities = profile ? capabilitiesForProfile(profile) : [];
+      const profileAllows =
+        !profile || profileCapabilities.length === 0 || profileCapabilities.includes(expectedCapability);
+      const profileEnforced = Boolean((ctx.enforceSessionProfile || meta?.enforceProfileHint) && profile);
+      const allowedCapabilitiesConfigured =
+        Array.isArray(ctx.allowedCapabilities) && ctx.allowedCapabilities.length > 0;
+      const capabilityDenied =
+        allowedCapabilitiesConfigured && !ctx.allowedCapabilities!.includes(expectedCapability);
+      const targetRef = extractGateTargetRef(command, payload);
+      const auditBase = {
+        command,
+        expectedCapability,
+        declaredCapability: meta?.capability,
+        ...(targetRef ? { targetRef } : {}),
+        sessionProfile: profile,
+        sessionProfileHint: meta?.sessionProfileHint,
+        enforceProfileHint: meta?.enforceProfileHint,
+        profileAllows,
+        allowedCapabilitiesConfigured,
+        enforced: profileEnforced,
+      } as const;
+      if (meta?.capability && meta.capability !== expectedCapability) {
+        ctx.auditControlUse?.({
+          ...auditBase,
+          outcome: 'capability_mismatch',
+        });
+        throw new Error(
+          `native_control_capability_mismatch:${meta.capability}:${expectedCapability}`,
+        );
+      }
+      if (capabilityDenied) {
+        ctx.auditControlUse?.({
+          ...auditBase,
+          outcome: 'capability_denied',
+        });
+        throw new Error(`native_control_capability_denied:${expectedCapability}`);
+      }
+      if (!profileAllows) {
+        const profileMessage = `native_control_profile_mismatch:${profile}:${expectedCapability}`;
+        ctx.auditControlUse?.({
+          ...auditBase,
+          outcome: profileEnforced ? 'profile_denied' : 'profile_warn',
+        });
+        if (profileEnforced) {
+          throw new Error(profileMessage);
+        }
+        console.warn(profileMessage, {
+          command,
+          sessionProfileHint: meta?.sessionProfileHint,
+        });
+      }
+      if (profileAllows) {
+        ctx.auditControlUse?.({
+          ...auditBase,
+          outcome: 'allowed',
+        });
+      }
+      return handler(payload, ctx, exec);
+    },
+  };
+}