archy/docs/adr/004-tor-for-peer-communication.md

# ADR-004: Tor Hidden Services for Peer Communication

**Status**: Accepted
**Date**: 2026-03

## Context

Federated nodes need to communicate directly for state sync, app deployment, and peer verification. Options: direct IP, VPN tunnel, Tor hidden services, I2P.

## Decision

Use Tor hidden services (.onion addresses) for all inter-node communication.

## Consequences

### Positive
- **NAT traversal**: Works behind any firewall or NAT without port forwarding
- **IP privacy**: Nodes never expose their real IP addresses to each other
- **End-to-end encryption**: Tor provides encryption without additional TLS setup
- **Censorship resistance**: Onion routing makes traffic analysis difficult
- **Stable addressing**: .onion addresses persist across IP changes and network migrations
- **No central infrastructure**: No VPN server, STUN/TURN server, or relay needed

### Negative
- **Latency**: Tor adds 200-500ms per hop; 3 hops per direction = noticeable delay
- **Bandwidth**: Tor network has limited bandwidth; not suitable for bulk data transfer
- **Reliability**: Tor circuits can break; connections may need retry logic
- **Setup complexity**: Requires running a Tor daemon (`archy-tor` container)
- **Blocked networks**: Some networks block Tor; bridges can help but add complexity

### Mitigation
- Use Tor only for RPC/control plane; bulk data (container images) pulled from registries
- Implement retry with backoff for Tor connections
- Container `archy-tor` runs automatically with host networking for hidden service access
- Federation sync interval (5 min) tolerates occasional connection failures
refactor: update dependencies and remove unused code - Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`. - Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27. - Removed the `backup.rs` file as it is no longer needed. - Introduced tests for configuration and credential management. - Enhanced the `identity` module to generate W3C compliant DID documents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-12 00:19:30 +00:00			`# ADR-004: Tor Hidden Services for Peer Communication`

			`Status: Accepted`
			`Date: 2026-03`

			`## Context`

			`Federated nodes need to communicate directly for state sync, app deployment, and peer verification. Options: direct IP, VPN tunnel, Tor hidden services, I2P.`

			`## Decision`

			`Use Tor hidden services (.onion addresses) for all inter-node communication.`

			`## Consequences`

			`### Positive`
			`- NAT traversal: Works behind any firewall or NAT without port forwarding`
			`- IP privacy: Nodes never expose their real IP addresses to each other`
			`- End-to-end encryption: Tor provides encryption without additional TLS setup`
			`- Censorship resistance: Onion routing makes traffic analysis difficult`
			`- Stable addressing: .onion addresses persist across IP changes and network migrations`
			`- No central infrastructure: No VPN server, STUN/TURN server, or relay needed`

			`### Negative`
			`- Latency: Tor adds 200-500ms per hop; 3 hops per direction = noticeable delay`
			`- Bandwidth: Tor network has limited bandwidth; not suitable for bulk data transfer`
			`- Reliability: Tor circuits can break; connections may need retry logic`
			- Setup complexity: Requires running a Tor daemon (`archy-tor` container)
			`- Blocked networks: Some networks block Tor; bridges can help but add complexity`

			`### Mitigation`
			`- Use Tor only for RPC/control plane; bulk data (container images) pulled from registries`
			`- Implement retry with backoff for Tor connections`
			- Container `archy-tor` runs automatically with host networking for hidden service access
			`- Federation sync interval (5 min) tolerates occasional connection failures`