From 4c03646567eec97016ee08426bad7adfb593e288 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Tue, 13 Dec 2022 18:08:34 +1300
Subject: [PATCH 1/7] HTTP

---
 schemas/http.prs | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 schemas/http.prs

diff --git a/schemas/http.prs b/schemas/http.prs
new file mode 100644
index 0000000..a9069bc
--- /dev/null
+++ b/schemas/http.prs
@@ -0,0 +1,51 @@
+version 1 .
+
+; Assertion in driver DS
+; Causes creation of server and route
+HttpBinding = <http-bind @host HostPattern @port int @method MethodPattern @path PathPattern @handler #!HttpRequest> .
+
+; Assertion in driver DS
+; Describes active server and route
+HttpService = <http-service @host HostPattern @port int @method MethodPattern @path PathPattern> .
+
+; Assertion in driver DS
+; Describes active listener
+HttpListener = <http-listener @port int> .
+
+HostPattern = @host string / @any #f .
+PathPattern = [PathPatternElement ...] .
+PathPatternElement = @label string / @wildcard =_ / @rest =... .
+
+MethodPattern = @any #f / @specific @"Lowercase" symbol .
+
+; Assertion in driver DS
+HttpRequest = <http-request
+               @sequenceNumber int
+               @host string
+               @port int
+               @method @"Lowercase" symbol
+               @path [string ...]
+               @headers Headers
+               @query {symbol: [QueryValue ...] ...:...}
+               @body RequestBody> .
+
+Headers = {@"Lowercase" symbol: string ...:...} .
+QueryValue = @string string / <file @filename string @headers Headers @body bytes> .
+RequestBody = @present bytes / @absent #f .
+
+; Assertion to handler entity
+HttpContext = <request @req HttpRequest @res #!HttpResponse> .
+
+@<TODO "trailers?">
+; Messages
+HttpResponse =
+/ <status @code int @message string>
+/ <header @name symbol @value string>
+/ <chunk @chunk Chunk>
+/ <done @chunk Chunk>
+.
+
+Chunk = @string string / @bytes bytes .
+
+; e.g. text/plain, text/html, application/json
+MimeType = symbol .

From aae53b5525a9b7d452577fd91e4bda06106db98c Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Mon, 16 Jan 2023 15:51:57 +0100
Subject: [PATCH 2/7] Update precompiled form

---
 schema-bundle.bin | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/schema-bundle.bin b/schema-bundle.bin
index 0f38f12..69d1e4b 100644
--- a/schema-bundle.bin
+++ b/schema-bundle.bin
@@ -1,5 +1,10 @@
 ´³bundle·µ³tcp„´³schema·³version‘³definitions·³TcpLocal´³rec´³lit³	tcp-local„´³tupleµ´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„„„„³	TcpRemote´³rec´³lit³
-tcp-remote„´³tupleµ´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„„„„³TcpPeerInfo´³rec´³lit³tcp-peer„´³tupleµ´³named³handle´³embedded³any„„´³named³local´³refµ„³TcpLocal„„´³named³remote´³refµ„³	TcpRemote„„„„„„³embeddedType´³refµ³	EntityRef„³Cap„„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
+tcp-remote„´³tupleµ´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„„„„³TcpPeerInfo´³rec´³lit³tcp-peer„´³tupleµ´³named³handle´³embedded³any„„´³named³local´³refµ„³TcpLocal„„´³named³remote´³refµ„³	TcpRemote„„„„„„³embeddedType´³refµ³	EntityRef„³Cap„„„µ³http„´³schema·³version‘³definitions·³Chunk´³orµµ±string´³atom³String„„µ±bytes´³atom³
+ByteString„„„„³Headers´³dictof´³atom³Symbol„´³atom³String„„³MimeType´³atom³Symbol„³
+QueryValue´³orµµ±string´³atom³String„„µ±file´³rec´³lit³file„´³tupleµ´³named³filename´³atom³String„„´³named³headers´³refµ„³Headers„„´³named³body´³atom³
+ByteString„„„„„„„„³HostPattern´³orµµ±host´³atom³String„„µ±any´³lit€„„„„³HttpBinding´³rec´³lit³	http-bind„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„´³named³handler´³embedded´³refµ„³HttpRequest„„„„„„³HttpContext´³rec´³lit³request„´³tupleµ´³named³req´³refµ„³HttpRequest„„´³named³res´³embedded´³refµ„³HttpResponse„„„„„„³HttpRequest´³rec´³lit³http-request„´³tupleµ´³named³sequenceNumber´³atom³
SignedInteger„„´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„´³named³method´³atom³Symbol„„´³named³path´³seqof´³atom³String„„„´³named³headers´³refµ„³Headers„„´³named³query´³dictof´³atom³Symbol„´³seqof´³refµ„³
+QueryValue„„„„´³named³body´³refµ„³RequestBody„„„„„³HttpService´³rec´³lit³http-service„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„„„„³PathPattern´³seqof´³refµ„³PathPatternElement„„³RequestBody´³orµµ±present´³atom³
+ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³
_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
 later-than„´³tupleµ´³named³msecs´³atom³Double„„„„„³	TimerKind´³orµµ±relative´³lit³relative„„µ±absolute´³lit³absolute„„µ±clear´³lit³clear„„„„³TimerExpired´³rec´³lit³
timer-expired„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„„„„„³embeddedType€„„µ³trace„´³schema·³version‘³definitions·³Oid³any³Name´³orµµ±	anonymous´³rec´³lit³	anonymous„´³tupleµ„„„„µ±named´³rec´³lit³named„´³tupleµ´³named³name³any„„„„„„„³Target´³rec´³lit³entity„´³tupleµ´³named³actor´³refµ„³ActorId„„´³named³facet´³refµ„³FacetId„„´³named³oid´³refµ„³Oid„„„„„³TaskId³any³TurnId³any³ActorId³any³FacetId³any³	TurnCause´³orµµ±turn´³rec´³lit³	caused-by„´³tupleµ´³named³id´³refµ„³TurnId„„„„„„µ±cleanup´³rec´³lit³cleanup„´³tupleµ„„„„µ±linkedTaskRelease´³rec´³lit³linked-task-release„´³tupleµ´³named³id´³refµ„³TaskId„„´³named³reason´³refµ„³LinkedTaskReleaseReason„„„„„„µ±periodicActivation´³rec´³lit³periodic-activation„´³tupleµ´³named³period´³atom³Double„„„„„„µ±delay´³rec´³lit³delay„´³tupleµ´³named³causingTurn´³refµ„³TurnId„„´³named³amount´³atom³Double„„„„„„µ±external´³rec´³lit³external„´³tupleµ´³named³description³any„„„„„„„³	TurnEvent´³orµµ±assert´³rec´³lit³assert„´³tupleµ´³named³	assertion´³refµ„³AssertionDescription„„´³named³handle´³refµ³protocol„³Handle„„„„„„µ±retract´³rec´³lit³retract„´³tupleµ´³named³handle´³refµ³protocol„³Handle„„„„„„µ±message´³rec´³lit³message„´³tupleµ´³named³body´³refµ„³AssertionDescription„„„„„„µ±sync´³rec´³lit³sync„´³tupleµ´³named³peer´³refµ„³Target„„„„„„µ±	breakLink´³rec´³lit³
 break-link„´³tupleµ´³named³source´³refµ„³ActorId„„´³named³handle´³refµ³protocol„³Handle„„„„„„„„³
 ExitStatus´³orµµ±ok´³lit³ok„„µ±Error´³refµ³protocol„³Error„„„„³

From 0f5e033174fb5369f2c298b228e6ae49e0b1f014 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Mon, 16 Jan 2023 15:52:46 +0100
Subject: [PATCH 3/7] noise

---
 schema-bundle.bin |  4 +++-
 schemas/noise.prs | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 schemas/noise.prs

diff --git a/schema-bundle.bin b/schema-bundle.bin
index 69d1e4b..aa7b9ed 100644
--- a/schema-bundle.bin
+++ b/schema-bundle.bin
@@ -4,7 +4,9 @@ ByteString
 QueryValue´³orµµ±string´³atom³String„„µ±file´³rec´³lit³file„´³tupleµ´³named³filename´³atom³String„„´³named³headers´³refµ„³Headers„„´³named³body´³atom³
 ByteString„„„„„„„„³HostPattern´³orµµ±host´³atom³String„„µ±any´³lit€„„„„³HttpBinding´³rec´³lit³	http-bind„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„´³named³handler´³embedded´³refµ„³HttpRequest„„„„„„³HttpContext´³rec´³lit³request„´³tupleµ´³named³req´³refµ„³HttpRequest„„´³named³res´³embedded´³refµ„³HttpResponse„„„„„„³HttpRequest´³rec´³lit³http-request„´³tupleµ´³named³sequenceNumber´³atom³
SignedInteger„„´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„´³named³method´³atom³Symbol„„´³named³path´³seqof´³atom³String„„„´³named³headers´³refµ„³Headers„„´³named³query´³dictof´³atom³Symbol„´³seqof´³refµ„³
 QueryValue„„„„´³named³body´³refµ„³RequestBody„„„„„³HttpService´³rec´³lit³http-service„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„„„„³PathPattern´³seqof´³refµ„³PathPatternElement„„³RequestBody´³orµµ±present´³atom³
-ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³
_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
+ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³
_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³noise„´³schema·³version‘³definitions·³Accept´³rec´³lit³accept„´³tupleµ´³named³	handshake´³atom³
+ByteString„„´³named³responderSession´³embedded³any„„„„„³Connect´³rec´³lit³connect„´³tupleµ´³named³	handshake´³atom³
+ByteString„„´³named³initiatorSession´³embedded³any„„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
 later-than„´³tupleµ´³named³msecs´³atom³Double„„„„„³	TimerKind´³orµµ±relative´³lit³relative„„µ±absolute´³lit³absolute„„µ±clear´³lit³clear„„„„³TimerExpired´³rec´³lit³
timer-expired„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„„„„„³embeddedType€„„µ³trace„´³schema·³version‘³definitions·³Oid³any³Name´³orµµ±	anonymous´³rec´³lit³	anonymous„´³tupleµ„„„„µ±named´³rec´³lit³named„´³tupleµ´³named³name³any„„„„„„„³Target´³rec´³lit³entity„´³tupleµ´³named³actor´³refµ„³ActorId„„´³named³facet´³refµ„³FacetId„„´³named³oid´³refµ„³Oid„„„„„³TaskId³any³TurnId³any³ActorId³any³FacetId³any³	TurnCause´³orµµ±turn´³rec´³lit³	caused-by„´³tupleµ´³named³id´³refµ„³TurnId„„„„„„µ±cleanup´³rec´³lit³cleanup„´³tupleµ„„„„µ±linkedTaskRelease´³rec´³lit³linked-task-release„´³tupleµ´³named³id´³refµ„³TaskId„„´³named³reason´³refµ„³LinkedTaskReleaseReason„„„„„„µ±periodicActivation´³rec´³lit³periodic-activation„´³tupleµ´³named³period´³atom³Double„„„„„„µ±delay´³rec´³lit³delay„´³tupleµ´³named³causingTurn´³refµ„³TurnId„„´³named³amount´³atom³Double„„„„„„µ±external´³rec´³lit³external„´³tupleµ´³named³description³any„„„„„„„³	TurnEvent´³orµµ±assert´³rec´³lit³assert„´³tupleµ´³named³	assertion´³refµ„³AssertionDescription„„´³named³handle´³refµ³protocol„³Handle„„„„„„µ±retract´³rec´³lit³retract„´³tupleµ´³named³handle´³refµ³protocol„³Handle„„„„„„µ±message´³rec´³lit³message„´³tupleµ´³named³body´³refµ„³AssertionDescription„„„„„„µ±sync´³rec´³lit³sync„´³tupleµ´³named³peer´³refµ„³Target„„„„„„µ±	breakLink´³rec´³lit³
 break-link„´³tupleµ´³named³source´³refµ„³ActorId„„´³named³handle´³refµ³protocol„³Handle„„„„„„„„³
 ExitStatus´³orµµ±ok´³lit³ok„„µ±Error´³refµ³protocol„³Error„„„„³
diff --git a/schemas/noise.prs b/schemas/noise.prs
new file mode 100644
index 0000000..94eb6dd
--- /dev/null
+++ b/schemas/noise.prs
@@ -0,0 +1,28 @@
+version 1 .
+
+; Noise_IK_25519_XSalsa20Poly1305_SHA512
+; Noise_NK_25519_XSalsa20Poly1305_SHA512
+;
+; Most noise instantiations use ChaChaPoly (or AESGCM) but because e.g. tweetnacl offers
+; XSalsa20 instead of ChaCha, I think I'll go with that.
+
+; IK:
+;   <- s                    (for us, the object's static key is in the cap ref)
+;   ...
+;   -> e, es, s, ss
+;   <- e, ee, se
+;
+; NK:
+;   <- s                    (for us, the object's static key is in the cap ref)
+;   ...
+;   -> e, es
+;   <- e, ee
+;
+; NKpsk2, IKpsk2
+
+; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
+; (IK) or an encrypted empty payload (NK).
+Connect = <connect @handshake bytes @initiatorSession #!any> .
+
+; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key.
+Accept = <accept @handshake bytes @responderSession #!any> .

From 40b4681a6ecb142a09fea84809be5b1bdef65617 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Mon, 16 Jan 2023 16:21:12 +0100
Subject: [PATCH 4/7] Ugh, xsalsa20poly1305 as an AEAD isn't a thing

---
 schemas/noise.prs | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/schemas/noise.prs b/schemas/noise.prs
index 94eb6dd..16b384b 100644
--- a/schemas/noise.prs
+++ b/schemas/noise.prs
@@ -1,28 +1,28 @@
 version 1 .
 
-; Noise_IK_25519_XSalsa20Poly1305_SHA512
-; Noise_NK_25519_XSalsa20Poly1305_SHA512
-;
-; Most noise instantiations use ChaChaPoly (or AESGCM) but because e.g. tweetnacl offers
-; XSalsa20 instead of ChaCha, I think I'll go with that.
+; Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s, just like Wireguard
+; Noise_NKpsk2_25519_ChaChaPoly_BLAKE2s
 
-; IK:
+; - ephemeral public keys are 32 bytes
+; - pre-shared-keys (PSKs) are 32 bytes
+; - authentication tags (on each AEAD encrypted payload) are 16 bytes each
+
+; IKpsk2:
 ;   <- s                    (for us, the object's static key is in the cap ref)
 ;   ...
 ;   -> e, es, s, ss
-;   <- e, ee, se
+;   <- e, ee, se, psk
 ;
-; NK:
+; NKpsk2:
 ;   <- s                    (for us, the object's static key is in the cap ref)
 ;   ...
 ;   -> e, es
-;   <- e, ee
-;
-; NKpsk2, IKpsk2
+;   <- e, ee, psk
 
 ; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
 ; (IK) or an encrypted empty payload (NK).
 Connect = <connect @handshake bytes @initiatorSession #!any> .
 
-; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key.
+; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key followed by a
+; (differently-)encrypted PSK (which may be all zeros when no PSK is relevant).
 Accept = <accept @handshake bytes @responderSession #!any> .

From e8881f59806fdc145ee4556dee77455b26c1666c Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Thu, 19 Jan 2023 12:18:58 +0100
Subject: [PATCH 5/7] Now I have actually implemented Noise, revise the schema

---
 schema-bundle.bin | 11 +++++---
 schemas/noise.prs | 69 ++++++++++++++++++++++++++++++++---------------
 2 files changed, 56 insertions(+), 24 deletions(-)

diff --git a/schema-bundle.bin b/schema-bundle.bin
index aa7b9ed..f638d10 100644
--- a/schema-bundle.bin
+++ b/schema-bundle.bin
@@ -4,9 +4,14 @@ ByteString
 QueryValue´³orµµ±string´³atom³String„„µ±file´³rec´³lit³file„´³tupleµ´³named³filename´³atom³String„„´³named³headers´³refµ„³Headers„„´³named³body´³atom³
 ByteString„„„„„„„„³HostPattern´³orµµ±host´³atom³String„„µ±any´³lit€„„„„³HttpBinding´³rec´³lit³	http-bind„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„´³named³handler´³embedded´³refµ„³HttpRequest„„„„„„³HttpContext´³rec´³lit³request„´³tupleµ´³named³req´³refµ„³HttpRequest„„´³named³res´³embedded´³refµ„³HttpResponse„„„„„„³HttpRequest´³rec´³lit³http-request„´³tupleµ´³named³sequenceNumber´³atom³
SignedInteger„„´³named³host´³atom³String„„´³named³port´³atom³
SignedInteger„„´³named³method´³atom³Symbol„„´³named³path´³seqof´³atom³String„„„´³named³headers´³refµ„³Headers„„´³named³query´³dictof´³atom³Symbol„´³seqof´³refµ„³
 QueryValue„„„„´³named³body´³refµ„³RequestBody„„„„„³HttpService´³rec´³lit³http-service„´³tupleµ´³named³host´³refµ„³HostPattern„„´³named³port´³atom³
SignedInteger„„´³named³method´³refµ„³
MethodPattern„„´³named³path´³refµ„³PathPattern„„„„„³PathPattern´³seqof´³refµ„³PathPatternElement„„³RequestBody´³orµµ±present´³atom³
-ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³
_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³noise„´³schema·³version‘³definitions·³Accept´³rec´³lit³accept„´³tupleµ´³named³	handshake´³atom³
-ByteString„„´³named³responderSession´³embedded³any„„„„„³Connect´³rec´³lit³connect„´³tupleµ´³named³	handshake´³atom³
-ByteString„„´³named³initiatorSession´³embedded³any„„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
+ByteString„„µ±absent´³lit€„„„„³HttpListener´³rec´³lit³
http-listener„´³tupleµ´³named³port´³atom³
SignedInteger„„„„„³HttpResponse´³orµµ±status´³rec´³lit³status„´³tupleµ´³named³code´³atom³
SignedInteger„„´³named³message´³atom³String„„„„„„µ±header´³rec´³lit³header„´³tupleµ´³named³name´³atom³Symbol„„´³named³value´³atom³String„„„„„„µ±chunk´³rec´³lit³chunk„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„µ±done´³rec´³lit³done„´³tupleµ´³named³chunk´³refµ„³Chunk„„„„„„„„³
MethodPattern´³orµµ±any´³lit€„„µ±specific´³atom³Symbol„„„„³PathPatternElement´³orµµ±label´³atom³String„„µ±wildcard´³lit³
_„„µ±rest´³lit³...„„„„„³embeddedType€„„µ³noise„´³schema·³version‘³definitions·³Accept´³rec´³lit³accept„´³tupleµ´³named³responderSession´³embedded³any„„„„„³Packet´³orµµ±complete´³atom³
+ByteString„„µ±
+fragmented´³seqof´³atom³
+ByteString„„„„„³Connect´³rec´³lit³connect„´³tupleµ´³named³serviceSelector³any„´³named³initiatorSession´³embedded³any„„„„„³Endpoint´³rec´³lit³noise„´³tupleµ´³named³spec´³refµ„³EndpointSpec„„„„„³EndpointRef´³orµµ±present´³dict·³ref´³named³ref´³refµ³sturdy„³	SturdyRef„„„„„µ±invalid´³dict·³ref´³named³ref³any„„„„µ±absent´³dict·„„„„„³EndpointSpec´³andµ´³dict·³key´³named³key´³atom³
+ByteString„„³
+transports´³named³
+transports´³seqof³any„„„„´³named³protocol´³refµ„³EndpointProtocol„„´³named³ref´³refµ„³EndpointRef„„´³named³
preSharedKeys´³refµ„³EndpointPreSharedKeys„„„„³DefaultProtocol´³lit±!Noise_NK_25519_ChaChaPoly_BLAKE2s„³EndpointProtocol´³orµµ±present´³dict·³protocol´³named³protocol´³atom³String„„„„„µ±invalid´³dict·³protocol´³named³protocol³any„„„„µ±absent´³dict·„„„„„³EndpointPreSharedKeys´³orµµ±present´³dict·³
preSharedKeys´³named³
preSharedKeys´³seqof´³atom³
+ByteString„„„„„„µ±invalid´³dict·³
preSharedKeys´³named³
preSharedKeys³any„„„„µ±absent´³dict·„„„„„„³embeddedType€„„µ³timer„´³schema·³version‘³definitions·³SetTimer´³rec´³lit³	set-timer„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„´³named³kind´³refµ„³	TimerKind„„„„„³	LaterThan´³rec´³lit³
 later-than„´³tupleµ´³named³msecs´³atom³Double„„„„„³	TimerKind´³orµµ±relative´³lit³relative„„µ±absolute´³lit³absolute„„µ±clear´³lit³clear„„„„³TimerExpired´³rec´³lit³
timer-expired„´³tupleµ´³named³label³any„´³named³msecs´³atom³Double„„„„„„³embeddedType€„„µ³trace„´³schema·³version‘³definitions·³Oid³any³Name´³orµµ±	anonymous´³rec´³lit³	anonymous„´³tupleµ„„„„µ±named´³rec´³lit³named„´³tupleµ´³named³name³any„„„„„„„³Target´³rec´³lit³entity„´³tupleµ´³named³actor´³refµ„³ActorId„„´³named³facet´³refµ„³FacetId„„´³named³oid´³refµ„³Oid„„„„„³TaskId³any³TurnId³any³ActorId³any³FacetId³any³	TurnCause´³orµµ±turn´³rec´³lit³	caused-by„´³tupleµ´³named³id´³refµ„³TurnId„„„„„„µ±cleanup´³rec´³lit³cleanup„´³tupleµ„„„„µ±linkedTaskRelease´³rec´³lit³linked-task-release„´³tupleµ´³named³id´³refµ„³TaskId„„´³named³reason´³refµ„³LinkedTaskReleaseReason„„„„„„µ±periodicActivation´³rec´³lit³periodic-activation„´³tupleµ´³named³period´³atom³Double„„„„„„µ±delay´³rec´³lit³delay„´³tupleµ´³named³causingTurn´³refµ„³TurnId„„´³named³amount´³atom³Double„„„„„„µ±external´³rec´³lit³external„´³tupleµ´³named³description³any„„„„„„„³	TurnEvent´³orµµ±assert´³rec´³lit³assert„´³tupleµ´³named³	assertion´³refµ„³AssertionDescription„„´³named³handle´³refµ³protocol„³Handle„„„„„„µ±retract´³rec´³lit³retract„´³tupleµ´³named³handle´³refµ³protocol„³Handle„„„„„„µ±message´³rec´³lit³message„´³tupleµ´³named³body´³refµ„³AssertionDescription„„„„„„µ±sync´³rec´³lit³sync„´³tupleµ´³named³peer´³refµ„³Target„„„„„„µ±	breakLink´³rec´³lit³
 break-link„´³tupleµ´³named³source´³refµ„³ActorId„„´³named³handle´³refµ³protocol„³Handle„„„„„„„„³
 ExitStatus´³orµµ±ok´³lit³ok„„µ±Error´³refµ³protocol„³Error„„„„³
diff --git a/schemas/noise.prs b/schemas/noise.prs
index 16b384b..2fc6cd9 100644
--- a/schemas/noise.prs
+++ b/schemas/noise.prs
@@ -1,28 +1,55 @@
 version 1 .
 
-; Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s, just like Wireguard
-; Noise_NKpsk2_25519_ChaChaPoly_BLAKE2s
+; https://noiseprotocol.org/
 
-; - ephemeral public keys are 32 bytes
-; - pre-shared-keys (PSKs) are 32 bytes
-; - authentication tags (on each AEAD encrypted payload) are 16 bytes each
+; Assertion.
+Connect = <connect @serviceSelector any @initiatorSession #!any> .
 
-; IKpsk2:
-;   <- s                    (for us, the object's static key is in the cap ref)
-;   ...
-;   -> e, es, s, ss
-;   <- e, ee, se, psk
+; Assertion (to initiatorSession).
+Accept = <accept @responderSession #!any> .
+
+; Sessions proceed by sending Packets to the initiatorSession and responderSession according to
+; the Noise protocol definition. Each Packet represents a complete logical unit of
+; communication; for example, a complete Turn when layering the Syndicate protocol over Noise.
+; Note well the restriction on Noise messages: no individual complete packet or packet fragment
+; may exceed 65535 bytes (N.B. not 65536!). When `fragmented`, each portion of a Packet is a
+; complete Noise "transport message"; when `complete`, the whole thing is likewise a complete
+; "transport message".
+Packet = @complete bytes / @fragmented [bytes ...] .
+
+; When layering Syndicate protocol over noise,
 ;
-; NKpsk2:
-;   <- s                    (for us, the object's static key is in the cap ref)
-;   ...
-;   -> e, es
-;   <- e, ee, psk
+;  - protocol.Packets MUST be encoded using the machine-oriented Preserves syntax
+;  - zero or more Turns are permitted per noise.Packet
+;  - each Turn must fit inside a single noise.Packet (fragment if needed)
+;  - payloads inside a noise.Packet may be padded at the end with byte 0x80 (128), which
+;    encodes `#f` in the machine-oriented Preserves syntax.
+;
+; In summary, each noise.Packet, once (reassembled and) decrypted, will be a sequence of zero
+; or more machine-encoded protocol.Packets, followed by zero or more 0x80 bytes.
 
-; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
-; (IK) or an encrypted empty payload (NK).
-Connect = <connect @handshake bytes @initiatorSession #!any> .
+Endpoint = <noise @spec EndpointSpec> .
+EndpointSpec = {
+  ; Possible transports, in preference order. Could contain e.g. transportAddress.Tcp values or
+  ; similar. These are just suggestions; it's quite possible the endpoint is reachable by some
+  ; means not listed.
+  transports: [any ...]
+  ; The responder's static public key. If not required (uncommon!), supply the empty ByteString.
+  key: bytes
+}
+& @protocol EndpointProtocol
+& @ref EndpointRef
+& @preSharedKeys EndpointPreSharedKeys
+.
 
-; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key followed by a
-; (differently-)encrypted PSK (which may be all zeros when no PSK is relevant).
-Accept = <accept @handshake bytes @responderSession #!any> .
+; If absent, a default of DefaultProtocol is used. Most endpoints will speak the default.
+EndpointProtocol = @present { protocol: string } / @invalid { protocol: any } / @absent {} .
+DefaultProtocol = "Noise_NK_25519_ChaChaPoly_BLAKE2s" .
+
+; If present, OID 0 at the responder end is a Gatekeeper, and the named ref should be resolvable.
+; If absent, OID 0 at the responder directly denotes the entity of interest.
+EndpointRef = @present { ref: sturdy.SturdyRef } / @invalid { ref: any } / @absent {} .
+
+; If present, Noise pre-shared-keys (PSKs) are drawn from the sequence as required; if the
+; sequence is exhausted or not supplied, an all-zeros key is used each time a PSK is needed.
+EndpointPreSharedKeys = @present { preSharedKeys: [bytes ...] } / @invalid { preSharedKeys: any } / @absent {} .

From 5983cd01f1d0122a34212959f9539e6230380e48 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Mon, 23 Jan 2023 13:08:12 +0100
Subject: [PATCH 6/7] Another note re noise

---
 schemas/noise.prs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/schemas/noise.prs b/schemas/noise.prs
index 2fc6cd9..17c7328 100644
--- a/schemas/noise.prs
+++ b/schemas/noise.prs
@@ -19,6 +19,7 @@ Packet = @complete bytes / @fragmented [bytes ...] .
 
 ; When layering Syndicate protocol over noise,
 ;
+;  - the canonical encoding of the serviceSelector is the prologue
 ;  - protocol.Packets MUST be encoded using the machine-oriented Preserves syntax
 ;  - zero or more Turns are permitted per noise.Packet
 ;  - each Turn must fit inside a single noise.Packet (fragment if needed)

From fff84d4c2af08dde67e760bc33d31816d6b44f4a Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Fri, 27 Jan 2023 12:45:02 +0100
Subject: [PATCH 7/7] Update noise mapping

---
 schema-bundle.bin | Bin 17451 -> 17808 bytes
 schemas/noise.prs |  44 +++++++++++++++++++++++++++-----------------
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/schema-bundle.bin b/schema-bundle.bin
index f638d10898a9850ec8e35773832a8da02f33ac16..cfe864b81c7d7eec6f0510fe7ef38116f8fb1941 100644
GIT binary patch
literal 17808
zcmeHP+jAV{mG72W%)-lN^UR+hsy0=5*hgbKivt+1q--9k*32h+qEYvxyT@ksDF#V1
zy7?*_V{EXo_|(W;!kqx-7GiTV1`<OEESFRP0d}{zCSk)a`#a~m^f#j(S$25XhpnQl
z>C@fkJKwpV^POhCDF^FexhnjNMi<7jQJI!%D_)sz%A~YOj07uAEKJL?7^;Mov=W8M
ziqVA$IZ&!y5tV}KALd78EJ{1^r&>uT>DAsU-8eNrF4KCgDvoD2;b$0(i1L`+6ea2Q
z`7s%!(MVJFr*S3Rcx!&U7RBjaeS4eiuWSrOd0m)_jUt|=B{v8WuM3AFe_AcOLoGYO
z%hqu73$yCS*<pjWDK`bQyB+frQj83Wa#@r|We_%QF;9$3CV3Yl9om}Z+nY0wG_lK(
zC>6WSGm}J5AH$rVA1b;C6WB4ubg37=ZGOzyy$m#JVxJ;wI-8Vh!?cn%`oz$vTpiR}
za<hmNi0#@Velvpr(zN!S`>brgb6dM?|L(sR#^vfw^>Fx!`Rim9Kb-B)T5}1@$?Fu{
z!K^tq*hod<?bb4zl9%FIiM1s!6G0h^--gx7l~NiFIS3jfgHhGF<`t&pWzdfeL7Iv<
zyqgI)n(fQR=SXc9Ex#ihn}Za+mSXnSLwFs#yR;IPp;i88N)%QzY3IFzxat4aD2e}K
zW(BNtbC2TV)~t<`<!NY^>&l2oH$~;^4YF<WN(ShiIcwH}bd$3t9@wNGy4PT9Y4wc{
zJNoOqLwoKMKdp--RSZ}i!D6mS|ETuA9e<#TE$A;l^S0UitJx8=1ex$pi&6gEeI~iZ
zAz`oC-3+t6Pb4)s2cfR6s3fTfMSM~bLAXK0Hdephs=i6M*+tA}%j2-xpWbZGpA_y{
zg?mQf*1PQaox$DnQg)Zw!*-bv6T*^MUxy=zySSQf#a|sVi#Daw21nUh`RC08W0JIB
zA1*;%n~|_lSSdjfltGb7#{z!Jn%D`0Yg}S~apS?RCU?**Lu_LtQ}Unbm46AUb>V2{
zU{r26DxsNvDWL80?)i%CwCA(zbM_QLT2DM36}BnSAdsX4eg$i@yq|UDU5d)0iy*8E
zZ-IwN5^NL>6PY<5VNJyq?`_^t$*!ru&zd!#aKjKqBL@}B<K~=)n~4|BeO~HWc)JpL
zM(=U8(u~^OxMb*pS?F-)VB%Y3g3M~|T2H{Em7`F2k10eH%wQd3l7MG{N0~#vh&NYC
z!hcdBYd42P-z32@>;3)zcU@kGo4lVD>#l5(pFfaI&LuTbsti?1Zd70~PRJ`OBZ6Y0
zBS5}0Egknt4u{R{fDz7a_x9SV7!hGw1Ut!Ooycy0K2(E2QFTdRP1y_jwp6O+QV^HD
z2_@WX<<+wgdkin_O)1c*yyTKgT<h~6WYqr8mkPT6E}$8zRE6hL;6v_Z)rX)?0%X&h
z2}yT4bbi^s#iALL<P(ZQ{j_x4!y~+j`?H&~iMbl~3pN(!2fJaq!64tZ5xhOA*?P#$
zURoKl$f%Nt3-7h*%Y|8c`trA5FEr(<Qc2X(7Zh`>I|vy1fU$!+vZMIPS?NwNkzyBe
zm40{`<VuS&#g;@+4Mi#acZJmk)sh0AHfUeSz03~i7h7h(sN&5i=A6@6mGfyN!d+M0
zA=ikZpk7Tk#8DcRqUwTDoFjAVi4Rw=zx?X&egFIa@Q+uo-W1@!4N<jm^`%#=x_s^T
z5^uZwryv!>Le#LURMc){!iOd@a>n(z+?Yi6O@EOn?v{*iLoE6?1+ge!E*gpd3#E(q
zWUo7NJc&GyQn_C(Y?F{}{`h@{nH}&0fU}tusm+tXTnXW9D`oF~jropF%!Gl()Pb3~
zIh*UyghsFx2=sOo)BJsECp)vJoSi(NAHNf|Oii=bYI+WGd<YxNgAU0@HHsq+it7!v
zIg0LtPAWqC;mZ7nAs<vJ{yo`C8tpR+qjFd@Yz*Y9A~v>+qU|+{TL`aB5rsLJ)8u5P
zZM^C(MjgS5RK;uqTK1GO4;vXn($hPzKF6N9%yM{4k^^^&DJFwB(S#c=4U6<QEVUQ2
zLvW_0Xat31DhmC`(QJBdC=ND~zZPY0NsSwqeNjCXUv`ig6Y!n+X+<XNV5oA9LoCX;
zI0)e);xw7TW>}$_wYMAA0*LJ=&f=P3lWIjWLFeab-rT9|a5klEneJnE_9ev*0FP!n
z=GraU)3x5#tkcHN<ULaa#(2d$)_blv-R?bC+_o?&uYlW#2T(CTt(as>*(%-WO>w6<
zMHxv%Daq|+O;jJOiV4{-(g9lcFAAM4#}bkDGC{vL>hXFuo3oQ6EA!aNrV5vEbZQvY
zox?<4_j15yB>!A{O|1g=_NJo5)+9_tuTVE1H`F|EZq%R`K)a<?-(Vr1&JIF@V*&P6
zHVe;oEDVJ1A`C`Vs9=8AK(42xvnqnvvo^(-XB2fDl*GlKSW#d6Uc0C-zGYz-0wwix
z)`+AOS8DY0f~T3}3y!hVFH@~l7oM)+Y|PW}qEI?6#b%hH4mMk}U2-6ZH^Oqu1NAsu
zOZO<8h_D#5hMyzmkFuR}nl|bg#bHqOURAOtlR<{P6KyPBxwoPp_$!vu#CBau-~Vfu
z`U5l|sRdg??=7_#s|XBr>Kkh)W7umryaREB+H5U(X%s<)LR;2eCo5&AhJ+eK@w&4A
zHWEvE(eqEMm26^3Q2z;I8U6#AtzD;4yT*_z<5-OI9%InkP$VHE9*8#Z<NJAmp(%9Q
zOz>^W%eYG?%_~#tl`~^j6bwYGX@w;)zeRxpW|8)%L7aN0)F#PaKsBZ%-|9uB8mANn
zIbt2nZZqVlDt$jL+5J0v{Q=<w|C(^-8h=#tzEbF|`!wjI+S>;Et7n1T261Xc21yj&
zpjfyy+aZ~N{xm`xi0*s?J0OX{=z?TeZT4eD4ZVcT?qUTI<=zwzs4YKdh<Y+_oT9CY
z`|D9FQx?q??3koWY9eq(L7GG!jqf#K?8)%D@(yw=QH*~oo8k1L&_B*@#eY0|fs~oK
z-<c^ev?x=UlmTHYpyC$jD^l3db67!c#&KvT@kj#3csiI_jV54G`^mH_obJflYbvBM
z=wGzd#@4Cs@gBJ<L5APqLj7%Oug&Z+?3Eh{-hGPs)^Hh0*2+4z*9|m$i^JY=q_$Bl
zfV=V@QSaMQMuDk<WdsK@(n^*G_35oQXEakXr~ep}_F%R%8=Z@Wy-A>jGN8>nd<3+v
zjpHabymT#dT=K1!(lfpLMOx?ItTw(cTR_T!Xj-k5D&!ZS03PL=SZaqf@LmWNHz>SS
z&?Zdt@Wz*fLYXzGbq(#@9EE~IYt@Y`+djt{VxOeOBo^DQ6vsZePhMe-q7NlmkO*Zj
zPcq?;pkSSvD+Oo{R;$P(ZK7g9H$Wm`6ptXRSW&2JWfgy7JfCKF15Xe}VPhmhE9{68
zo<(QxOd9!Z&5nT$EI;pF^|VzLhLYoEN$<&a8%d9`z*)qj@~VnbNwPo+xBkx*8cQZT
zG|mJ*GI-w2ZG2pD$#G{88HEE|cZ@5~=sdyxW?lJ4L(8a)DrF*>-2jtQ5cuEk*cxXF
zFB_7c$w_L$?a(gT918(#cM|6bA`L24H`g=yh4DgK`v)iyS{tTu1C~h?mMm|P)R)9p
zhJa7<b~sM4ki)?vjnq2xS%)jEbPiWE-|Q*Cn5?8?#PLo10RGWl5t$-rULDjEao)qM
zI_KS+J!gEH?&evwDbaJ~-oXapXJxoK>*|JqcU}1oBwCa!hV`0vSZ&>=a2oEYpg)`K
zcA|zh5buA~i<Hp8q-OCC#T6Adkin7>y<rG?r8_|!7i=<MLYSfoeeABL`Cc|VhXzI^
zLenAVocCe}Rpt@)Dk|nspM}|UOXhUq)q|Zv{S@X`MuOh(K2V6QiZIk^TT5Woj+O)h
zzeF;06_r`<tQf!vgwBztDvO>&(vKq=m7^Y0i`vS-+*qE2-@$6+#60vnSkG;&qZsL5
zXZZ17-KE5|+v5iGwMpkXY>f4lvSwyOi@XQ?ctWPhd6AR)lfc@_3#IW~1)R4>Y5ca#
zpQIiRM^f(_MY(lb3jCoV{hiFJ5V8Ujd~f2Hphd+2**4tFG4K)@BGo3bAit0<s(LiM
zs9;zI<~M*@A7Plp(;B0OKV-IfS4Mdd^H;T8&#*%}PDmPIY0+^40T&Eb=U4)%ERM=u
ztyNKDD+1Rbvddu#l-}n`7&d|BJ2<-whhH~1U&<RgNSva2ToQ{N;@JoQ&YP8xop*bU
zyQ~v#)!xJwMlQP5*1i|*Z?AnXd~IPyu0|sO=?PosGpvhGq1A+9o6Obgavnt)LOmSB
zBN!pbGXx8opcF$~i36>>80Br8YE_5wRI56)2hu9VfLZ&bt1(G$`LFV8{;7--BXzWH
zeGy+C030H~kvqwS<88j^%dn&xH_yD|9hRiPMHw$Tag~4Vb^ymo=-^M#zFwS!GI)7D
zY7C<s;c(A(-d#^C`!^7()Wv(HgHQ#2)M(hf+1<t#P!Hl@JC2Z@#Rr^oXh)CxSp{#+
zX67)003}c<t#gX$fZv21%0U`<zg84jaS+hy0_`>Hw@~Ufs!^a)EgO5s<On3Eatk;i
zCCFPbnjoSf@1VkM4}1V~VlD<?m|*|UO6;FzuaPN}@#zR>i6Y>`hADUFC)zGk_B%{*
z=poiGk0qZ%EG4!JPbX{E6D#mbhJq7$2cRich;zmPT-#cjPdjM@2!hh5D+m|9YE74H
zrJC>qz51X9PyEpk@gKRLG~Q=Py>Lo-V&@X<a<Xh{Q?oak)}*pd>Fmtfrl8u1n!%iM
z9LaOpt_Rn%8l4%GV6^Wkbs?=mwzU^MWnzw<m+0kXY#-)9w;Hf?+6;BsOZQ=_pz+Hy
zEDb`+jp9PYE`81po6e!Wd%`;G?>^e@u>bz6g)zCRnkL#R^1?MPauhQ%sB&sW4cDZo
zW78+L#7NGk<tj`Xg>`OH+yLou2IKgX)xl;Fq)p6G(O*+OA4DwI7&r#77jEGQl#yN!
z6DC@@M&w(H_EE%!^qvlX04blT55VPAmv}TLH>?WF&vzh28?7jpK&wp+Ru!^DPaTZ|
zBYK9uI(_j^W;bH9x_^jsZq`fNP^2LB19(KIdgn_jlvSRa7s~2-9>sdwRG(+N@NHni
z0M9^mzjZ<C`Y@V!`HUGyK`_ysJL7lxz~6b7udz8A4%4kC>sx6i>`r65x8`LaIeeZ(
zb8;HZrb)SBHO{0c5$L&5MYY-NeK>v8m!?l^ojzdC8}v`P&7S;>!^x3`Dxz9mN<=Tw
z*jpTX&vc4Cj_)_i+@4Y1$0_7Em!V4`{2fI?9O`;6D~y&g1UzO?-j^reEs1_YToK73
zm@GXMVb&0nc#HWoAvdh4Bs2%1>VndQQXx!3IB^i%T&w3YZ4qPuQ1SIqs{O5HX&9wv
zDX|t!caT@`-&eu*ZS;F4=L~snI%Qxq;KA0wiqEF3&4Z5ZEXnS%odxo{q-<^P5`g>z
zS*`0I=$hf!Y8xEadmwIj4sMV!4eUsm0;7U$6d0g&NFOVyTH}qCpZbjv?DNagcuMqG
zpU@N*IE}?&pp$_PXpl2h;5R$;6U2XE*8DizW$<zHh}DO>?!3e_Do=8_m}#i+sRjFG
zCyjI5whecq$YVDa9gk1R0rR{$_$5V!*FX`e{l9qAQ1<J5G;PV9T8o{wNRXQp(}=p)
zNTuf{<t?tyKG5DmkF8nNhPQaZ5cA7oZ(&cJn;7gNZ$X_n=23x2Ue@m7*$#2Qg%s7Y
z+FdM#@eSiIbnf2fFCH_r-=8@XtlD23Zub`j)Q-u4J~5=L7l$W9gp8A`h0J!?T9RBh
zf<%|_h%s)hmw#cdf0-RY^vJcrbGrOFlnjxGa1D{JyBngFu4{-E*pffSsWTAx_bAVE
zG<yh3jG&71Xfl;|B{MSvb!4fw>L+kX4b%(?67;rdh52kk=`_Z?mqK7iVcXQUd+u|N
zDczPR9u_e+jKrM3A@JwhQ@ZysGqWy4ixutm*Og{k*KgoY8s<Ed4^^qQcizBLNr5wU
zgHA@BCPB`%gMe-nOo`{V&cEG~fBxZi^8e<oh3!1^2FdoTr}YVwJ?Wr9WZdo5$chVP
zeRDm|)R<sG$|qr6k@DTMLpmk<>Y+yXgyJ<d_22-fWn2%>4%sdYbTD_;V6qHtkg(Ly
zwIW$Fr($Kklk`TR<H#Hlsry3B!`Y&20zG}kh+c&5Y|NOo`f>aw@I8oH`6})_Xsxk_
zJ&C&68}Z#ojPBgy9**f}EW7vMDULWzsb14sqZi_3f3G-Z^Hj4A1d)ngnPnbbY8guL
zc^P<VdW%AFO!M30C<1Y<|M(NiKU~X6H=c}Xp2@~-4WOi(i?RI3j4vte9m1IiUa={&
zx~2(}l9`~gR%Rfx=$4?(8)MWE9;xh|tKqmOhAUsQmb3DOcFS3Lh$b|-cl(jztff|U
zbe+7!P8m4eUZ)+cupsK%9KbYUof1wB6-?%5wY)!lr1_enpuLQL%E<H=%P8X=4N^x^
z20e|sm;=EZAsR(25BRX?4HHx`sanoX{@ka!&~*1oHTmwAni@ors-GIa#6rf3MjNj2
z4G_*2LYicyu|i}Nv$+Q5MTeaSF=<5mY+F+gWONCxEqv3$Bl+6#Sv}S5?4q-LGeNAW
zZIcSlFuSZ|CIZbo6$faviQR2e+n920Zlkz4Hv=eJwk&ajv;|VO%tFw85W5@Q_Alz~
zbk#N`h0ZdQy75Iti|WSDI?X$i3LHi@gnbna6%w2eQk*lD<3@3hWlN<1jyK{XSjQVN
z#`cikK7&o)mr;KdqeuAS;Iy@J|G9Q6_nQkXc@>7c<IUo0rGl2D8vLH2_RWm)Q1*|u
z;+|6qJ&OS{yPU4yFomIi*^{aXcyC?`XBr)!__c3lS!W0{*_7M}udHULdvaIS)8Wc`
zCeW6mlI}~jLz@RvR{E~l-fxRa9qX~W4)xk6^3(8+t&z%NY;d#iw{~zC<Lm_g$dK@E
z-Y=fi)8FtG`lPOKBHX5lIcwWns~xnQ1Dm(u6FVHVVbYhi&c8EPrX%gj^k-c5<xhU7
zc5A<LQAm1Omrt54Kb`w-(;Hr-8}^h|Pc1HbpnX^Emase9nNJ0;Dwo0Yq~~S3ho0l@
zd+6D}KvBM2iEdWp+nAFO&}oK@(s!jg>97S5zN$TCw)QQ3Pdg@m6jrX$XU|r3>wr;8
z#zn~?H}9_D8@0~7ds6;b4E9GPL>*{sYj#UgG^j8t>+zzmK9^#1p$AwwXZgJHhIT%m
z|0*2Ms<6RL%nwvP^$tGO8J`=(5G2BH$4ult#Ec<sVQ$m6#wGVK>9f}|k1!*esF#{j
zH8F2OMUDB<Zij^D{J|{0s2Z2~lKl*z6wZ9Qj7@Y{-?&^uZm2WhkQ*urIM&NL`G$6>
zlX8viRQ!KmbE&@Onq~Ag$K)Dx?)2A!)|OEt6=f6Sl4t)MnP@e(@y;|csBdYOcl(wG
zMtKk`gqsI3fHEf{$<3VTn(`wncsD<?z;+v5Rvg8!8Y<~hJr?NW*-w}*n6kEe!Oz-l
zcjYm}(;r5a@H6EiZ9(}Hz(n~+2=VsI?NhmHf=_81LZ#={vEu8}4qq(b>;Hp})i_Mn
zUwq*kmP%=Obv3Ar_^OGQ|1S+n1f|<w8^`$hnO3){b#cGKcE+xi!}AVZ&hU&S2SJ{{
ztKOAUXh3FgaVNx@#uyZ}iQ{~>ZH_TS;SlC9$ye!|dq$zr@b)X&5m`fGiGI?FP)Kis
zMxwu>u#qDH>>0zL$6W?(*%UbinG%n~pe@i2$KUa(PYbm^e~H&~gnf9=f$URkNvC;)
zBJti))OO~T&l(z@$SiGjykO@D@|5N#hxJY`k}1UhWa2+@Sfy9Qhe@Ke$<ur8T+-<R
z*d>V_c8n)qvfH6Eo+cx-Qg@Be0=eG9ldk!aD4J3+wM+dpp>AVGoiZc76w9p0q#T)%
zWp&EzTwO$kzU^{dg#V3o5&jqLF2cVX;T_*+(O09Lb*Baw)twWPc3MQV(&aalDp}zX
cQ|Xg>&VnAx2j)g4bh&fi4qJ*;`5f5tzmzv>2><{9

literal 17451
zcmeHO-EQ2-l}0S~pIWl)nGN=OAD{==0J+#pSyC|0csyFSvbi*<?vll*o9vKm+uExQ
z;0H(^MWBUwz5UKl6|30QQY(`Hd$EFHG*1;zo&R&{RPk%mzg*|@h57lu*{f%(FJGH}
zHM=&;^yg;q(UetI<bP|%b90sDS&fJ4=Vo{@TfHe}>Edg%SDG3AUu1PN!rPMtfq|n}
zuU89mj~{uuH1j68E~@%#lcaUAZ2Hr>%<>OkXr2zQiqZ`qPO}fWnZM3!^TCu~=&u=J
z$#-U1)FxPSpVllH{!dtRj786lDPQMTMX>CUmR(^avS|N0C2@XjhGuzb=5sK=m*%$~
zvpp6PBfPr*(n`~t(ifiGoR)nS$Cu{7BEPs@iAb*Qo6%WbXZ7tnbM>X!J4siVdk@Li
z^-fytom{W;o3G8YqP)Mq>sPF!4VB&B^)7E~Q`v$2S9r4egrWxDn{*Ddff>!SSzTP&
ziT&yA^0FY?=ompW{4rY^;lmEe)Mo!b*QUJvuXM2nkB`xnTxBG7&mtKTQPGfQlHqO8
z;tX<dZP@@m(vs!NQ&MtS%x^7<jvUx%$KS)~&(pd#Wp3$@JHq`P*$9Y-BmIxQ3$?w<
z@;MwOU}{AAoLpig!kJ=Mn*H^Cx*u{jCxQOb)Yrw_nc(4%{H*K*=+gSyO&epv_2#63
zctz>CMf=M4;OL$C^V(Fkn)jGMCj}zFXM_b$rGrxEfzD2d!K^=T!ReU799X9FOgH^N
zNT^nbZ^oxV$qHyVU=3_1<atFj<}>qljR*ji#j3ku%@GwhiFWvD>Iz+mY{Z6GR#Oke
z`A(^kxSh9)<@dl}33J`*;&v4^M9+^&xGhcMK{{)!!hQv}VjVPW22)dh%x0lyiwY_k
zA$%QM_`l`{V5jjt0~D(sl=p8uw>evwrODw6jV}=!Kn5$=FovyJ1%U@~JH3?AHk7b&
zzsaiF<YbLl(WdM}w&aBl#pL*q?GaOf<5&`rJJNa$NAs3aSZs}1F?W%8tCI|trmE5p
zZlbFp$Wp+z#OrWLfyI^#gTG`OnkTN(`zRU5x{~z~Ua2>eH0kjspvXGjT*@JmVToWO
zIhhxEXw?jP8XBk|49r#sK|Z;^8&)eb%dRqL-g2c}14G34ESlaTy)>xv>`N*NApDdq
z=Cib%L*!Kb{pvmQ1ly#5O_06szWa_@4T}||w|fY>$Pj3Es5Se?vzb|iNuZxHEF!5F
zSRXMQ1;`ZUf@;+Z_F9I4q^5tK&Tb5lN=-4G6-!jBR9gz49iQ62D$@_-k_Oyb$BoP+
z)B|L#+{{9P2QvXiC_d64HZ=>pRg^-dGsPENb)#y2n4#fWK3^3XMFrn3t&}&yBUuAa
zC9^!RFHZp#jg2h`wWO7j7kH?$`<Yh4p!$qF(Es<?K-B9JF}xW~`3I0N+WWgfmczF)
zh%woM!)eJ2WinSN3y1{^D7LZ7u-I-4vXZ5UA0ldM_UkguVJBsc7^SmA7zbxZikmcC
zl|^053fcIO>|R(wo$H8~-8_*Xl-r3c42SU$(R_NHmS+Bgxs`}XXn$>IpZmikf#&Gc
zT&3$pZ5M<L;B9yR_Le;A{o5bj|K_*9{rCTPe{!AT-+8gPegEps@egOesUpN~RjtRU
z%EyCrVgZPXDAt?b#o*++Ma6OEx6;}bp)R)p4ho;Z!%40Y7B(<Qb_l_bFw@zoN${(&
z-=VGJ;~VX%sV``9;MSwc)Dw%N>)H~qg(_!dy=7%)urAfyX|cXspv-mS$qlv>E*^|{
z$scHkL4VEYO^O}N1uFP}jQs_HCpF-NsZ)V%S(5QN{8p#K(g0cZk<uZh4);uY8KR;o
z7Hi)5^PqjE!QO0PQW6i1$OF@Sz-yd+US)8tfb2t-+{DOGjB-wSyGc;i^7rDZ;WC}=
zl-~A!%A`NgByV{`Dj8{%=0$$HEILJ03vTHq5+Db*&45t>wG&%y(_Ck_c)jUgq~!<7
zhX`4=HtZwcp_veQzn4;?;>i@N2FLXHdhXd%?+WY-I-c=6dJJal6_f-xU7%M1A%F}a
zq`G;n66s&8%iKQLRhaH(pcv(8L=#Wabp`to`6b9Zp|y@?G(MkP#yEQB5u>XzJrotl
z!1DDfkc|bl!lCK+cP|%Neq-hrX?61s`8*|pJdu7Y!;>20=vwiF7KPJKNDbx&l0$1K
zt*Ee3;r;8I?wap-f@R>Fl_|3V*%oTbKEliNU90DB?f3+0)d>-z`Z8@Jh6v-mIUJb!
z7p?sWD1vEBnm|{Bl;*f_Qg>45r!fC^o71;JOBNiWF@Ua0rv>Stv1R9`nw8m#1P~ZM
zThG}?-co6gDXmbIb=*N<5yT@Iv2rDY|CeJ%0MKc>sOKN9N60#CT&{#Ce$U-Qt30$j
zP^)ySNd-n|*&VUlPI)S`d#ngz?RBZmZQ)N;lT^346qnY-7!pHDEmY40I0#wRN0%`4
z8#3;|to9i^Ay0~6>{rFQ)Ly}s*tDaF5RCTEK4<k*x3Xdx&kCZ3at(fQ+&wEx7Yltw
z_IQApY4$HD8=U1ewM;y5_eiyrCAztDL@5e;=p~}gwv_#N5Kgk%ES+?ZI7+uMfW_Q&
zp*DW@uzJS<1Qeqd_F0sYz0^K9msv%&v6wV+L~b8=1$M$!U4#LaA(6HG&H`ccR3ytm
z+((=nra&oy(DL*gDSwg8vYLdzL6G!#WT71Xiky|2p;1Ea&qW145cv5Db$SkqC{`=!
z$}$3hPKXBr)67E_NoV47272>|){Zm+`(VLEgb?Njh%?9!Jx+8^?`>}M;?Dr2Km@e=
z3ENOFMK*zcNU+W3fEDXtPTfvw(0itBff4F^MnbKc%1bFdkTk&vM`3F>1CvJ(EAW>f
zK2nP5fN3LzywJf3Hq$)%i&j!<<16XlKV+p|wMsvQ6_0=-<R=t7ZDbj|DhjG_JnQi7
z%a&bMDf+IbYKBBs8H-=Qpj>>6){2L-Yjlz>igR`@wOc=ux|HZjgMEJGam+%&MR7ta
zJcOCJyT9ANqB0c$zZ3b!42R=lAi`*}3L5Kb*S10x!2$b7v3DY!EXq;g@4@Y4(k%<S
zQP3*zh?FlS>L#aJze<6+jo%@aud#6NXz>jQTMH>*g@9($--Ey*(IFy<KBRBAC=~g1
z%i@`Be{SkDYg;pIUB^qui!vL<Y|Ga(Yym|`k%6{`L>r@6rHEAlCkl(akHhqMCAzJY
zw?twOgHxr&f_Jo(ds+b5Z$B@}C0E2Wrcc8A?#IQ*u&BG1Ap6noMDimy?xixar^1pm
z`G}Zk>cQOT$W6Us_y&*k8q>SdF03c?zQ7_<ORDU@Az`V9y2k{>C8^=^Pu<q5!XgN_
zsv((jeAK;wS5ew}R;$bi&V4j`>#~4~P}goAGxn!kp0ZAe;4u!)A#A^fM5oXL(xhab
z)@fi`42i5hSf#g%B9-kkjdN3=NtUc9RRL>FD8Q++p|e0w{sd?-%QW2A(5hNQ0!?&^
za)z|8xs@Lg2MhXX!syS?&&fJlGl50ccY8?X{osV(KIWaJ7do~|2$hdBS?h(*79=uq
zG5lf$%}NJK=r^$xs4)<6&(M}3Lap6?StIw4xSD`;OG<C%Z;`uBft<6>FEImmP?X{p
zz%;%PQ_~|0yMwi6{!&80L=P`893k56xE`{0XAo*Sn{%xxcr$Sr;bLs_tx#%DF<XzZ
z#Qs`|wTGFLZBkC?>_ZT{#U7M=XK8FI=+*};YU|SQX`Frld#5MrEzRP8QdH&>l^vq;
z-kXklkf}z9>0~i(!dc7fSW=T5FX*Vm;~9}4g7Y9<aM4Vy+|A9!;GOwYVpB@I!$Fes
zV{JNHLDFGP1nUq57NLz`bQet&<J%$(4SRVJ;~jxgFXd=p82E^q<N}8@0lPFULfL?>
z;qX>)Yg%f0=f}A7W<A!H+v<<@k-|vtcZl6?*U1kA*2b5<;M!o=WCqvdbUXy|`|zB0
zx9VaF%H8(nmcHyk<V`*zwkzxXEmB?YoNgvzpml;|%Z;Q*MBP70KN{j%Qj0YaM$HWz
zXER8I&I)OSpIGfyc^1j={4}fdXc~IMTnAw}t3p)uq8}O<ouBEAJ-2)dk~baOgjJ+K
z1Fb1DWn|a_w)QAsJQ3J=C_(9gfTQyh970pD_7=AwVN*pBh#d_=@u|&d^MK@C;2WYv
zw4!qyx9IRfA+#noY=6W73VVa*{v`@HZ!HQge<jb5QX}5hhi%`Yf`I>yIU?dv^D6s{
zV_SOrZx6riP>;!F^R+gxJADf^Bc>TtJADVT!W9KaIq~LLwT82Qaja{!^6+4+QWqLn
zrS!C2r59FzPP!upV(I!y7x}73wSGl_mTV`D=rLdaDl?1uV_}jkFfFC;+D6_o7SDUs
zLfio#AHN5(W=Mo?G<6V;C^_ieG0wzJKGv00kx)|WftUnyX@=HG{p$t6+T_@grO7rs
zc^^j+6n$_|o}qWrv8k~&1}c2KVsWp^a3fO!eh@LqrdkDCqxz?4)S0dd>KChY6X8Eh
zr(M*LlIK)`=0?`XV_oqFW0iA^FiemsAjo!92?~73hUVL75?)<WGmYP~?td!En;nn!
zU*~A9U@IRmKeW(@?Isjnt<kw0?wB5;H?pP+O0Hn;+&g%X@<Dr#^3gqi4^1P=7MiZP
zN91-F1AU~3*yAD?>yppP1A+TjXwkSA^oa(%J6Pi8_D&WJj&XEb;@%5#kGe1!(Ytj%
zjob|#m+O4eveYfY$2vqEEGMq!KrtzM>a;}rq0XoNA8J>~yi?V0B6ND8GZQbjityNF
zn?qgjr_GiH?ho^g*NL<<p0=d+J6g`3)2&)0aa}Jkxg)y7jIk$+3rJblTafbDlaanu
zY^P>ruxHI@;Wlf3&hTmy-G>fk)O0V<S$Lb#1651>e1e;|XSKWR#eSlT1<}1hlT4p@
zOzLl%VVHkW(i1sH?<6n3`Ps->WT5${HzAx+YoE2XuwHn0E@$5wanPuhXL4gy_w8vm
z#bpcN!5{4fUk%y=1<+tCEH1l9bi}?z9<bJz^Z1C{L{92Q?xfz!@Zk}0cqngA=(nl0
ze;!;dRqZHC{6zeC8X<=4VKKG=XSmmp%gt4NsRc31RxAO}wt*30Iy|}e`6U5b4TRWs
zy<pH0O^ck319>uF2F0ds6LzUyt$m@SvL}O^u{W~cXcq|&8pTRUgq_^TH?~I9WW^cU
zZnw4uKjD&n$=B7|O5Fk@I_PZ0nwM@h?K|LdW?T9?4u*v+<M)!SST@*Dhl>{{`yY^p
zZVUqGPWKKIx6id3gl*gVNKw7F?cS~9%bn%8kk)cV7K!VAUD@JZHvuEE9m!>56na(y
z(d)-<@t9D(UVTeR*G??@=vQ`QT;;%xayh`>Av28MwethtI}k(@Hr@!koBdX$*fD4i
z*dxM?S^f)zWVsA|JfB0%6&8K84BW$)kpbEI>1ek$`X!$>k%cFJ$g|JELdhDCh+Om(
zR&uSYkO>E>u6b4jNKlsn)MBA&qd%I<X(68lc;(--Pb82oUwi9v^P>o0i3vF3>^n#}
zIeqh#J}$GzDfKwNrG_IB1Kv+}_T)~C@&giK8Yo^{`XjB-HF%MC(8j!yHl~b7Q<G9&
zf6lj#?JHg*bC17Ukol4RB^vu)i`A(XNp$;%s93Jj=B2d={oDmR4SQWT=JhTNTRw-U
z8_h%u;Y8jFm=ifaa>e5G#}x}b5qNaE*%NXgR#~{9jlbRAm5=BDJ4aMX`W<`{WXBcN
zLE`E08(fcHmj-<x_gTd*Q84*EKDh}3%l@ALG4ns5I*3LM|DG{T3T|$>veUCrTMO&w
zOw1U<;xyHdMXY@!6(F%CKV3`cBP;B0ESY=)%g!a`q(FqHbM08iFPnk;zDlg`KuZ-`
z0nI%xfX2!q-r*-}m6EiM<9S*6A2Q|m3||BQM>^C6@y(K%$>+yb7TZ^}LfT<P7O`7x
z^fsH_oGj9;y-?YL*xj8**xl)gUTz%WflM6homRr$`auJUcY$b`mY86j(TqqY+GD2i
z_bleBj9=jf*`}SobaFx!=YLFnzyn2og&UaR5#2#fqScX>OyX)2n~lmzUGjAs*$3a>
zZK5YN1W;1P(_%tK9|b-+COAW|<|vjFsUg@kZF<rVE1i6|d*%SgC;Ex6xA{<DD?o>7
PNPZUWA3jMUU%vb=`OA7&

diff --git a/schemas/noise.prs b/schemas/noise.prs
index 17c7328..f14031e 100644
--- a/schemas/noise.prs
+++ b/schemas/noise.prs
@@ -29,28 +29,38 @@ Packet = @complete bytes / @fragmented [bytes ...] .
 ; In summary, each noise.Packet, once (reassembled and) decrypted, will be a sequence of zero
 ; or more machine-encoded protocol.Packets, followed by zero or more 0x80 bytes.
 
-Endpoint = <noise @spec EndpointSpec> .
-EndpointSpec = {
-  ; Possible transports, in preference order. Could contain e.g. transportAddress.Tcp values or
-  ; similar. These are just suggestions; it's quite possible the endpoint is reachable by some
-  ; means not listed.
-  transports: [any ...]
+; A `Route` describes a network path that can be followed to reach some target entity.
+;
+; It starts with zero or more possible non-Syndicate `transports`, in preference order. These
+; could be `transportAddress.Tcp` values or similar. They are just suggestions; it's quite
+; possible the endpoint is reachable by some means not listed. The network outside Syndicate
+; is, after all, pretty diverse! In particular, *zero* `transports` may be provided, in which
+; case some out-of-band means has to be used to make that first connection.
+;
+; The `transports` give instructions for contacting the first entity in the `Route` path. Often
+; this will be a `gatekeeper`, or a `noise` protocol endpoint, or both. Occasionally, it may
+; even be the desired target entity. Subsequent `steps` describe how to proceed from the
+; initial entity to the target.
+Route = <route @transports [any ...] @steps RouteStep ...> .
+RouteStep = NoiseStep / GatekeeperStep .
+
+GatekeeperStep = sturdy.SturdyRef .
+
+NoiseStep = <noise @spec NoiseSpec> .
+NoiseSpec = {
+  ; The `serviceSelector` to use in a `Connect`.
+  service: any,
   ; The responder's static public key. If not required (uncommon!), supply the empty ByteString.
-  key: bytes
+  key: bytes,
 }
-& @protocol EndpointProtocol
-& @ref EndpointRef
-& @preSharedKeys EndpointPreSharedKeys
+& @protocol NoiseProtocol
+& @preSharedKeys NoisePreSharedKeys
 .
 
-; If absent, a default of DefaultProtocol is used. Most endpoints will speak the default.
-EndpointProtocol = @present { protocol: string } / @invalid { protocol: any } / @absent {} .
+; If absent, a default of DefaultProtocol is used. Most services will speak the default.
+NoiseProtocol = @present { protocol: string } / @invalid { protocol: any } / @absent {} .
 DefaultProtocol = "Noise_NK_25519_ChaChaPoly_BLAKE2s" .
 
-; If present, OID 0 at the responder end is a Gatekeeper, and the named ref should be resolvable.
-; If absent, OID 0 at the responder directly denotes the entity of interest.
-EndpointRef = @present { ref: sturdy.SturdyRef } / @invalid { ref: any } / @absent {} .
-
 ; If present, Noise pre-shared-keys (PSKs) are drawn from the sequence as required; if the
 ; sequence is exhausted or not supplied, an all-zeros key is used each time a PSK is needed.
-EndpointPreSharedKeys = @present { preSharedKeys: [bytes ...] } / @invalid { preSharedKeys: any } / @absent {} .
+NoisePreSharedKeys = @present { preSharedKeys: [bytes ...] } / @invalid { preSharedKeys: any } / @absent {} .