v0.36.0 — TLS for routable brain/lease/registry binds

Roadmap item 3. Transport confidentiality on any non-loopback bind — fail closed, loopback stays zero-config. One shared verel.transport module hardens all three HTTP services (the brain, the lease authority, the registry).

• Server TLS — MemoryServer/ControlPlaneServer/RegistryServer take certfile=/keyfile=/ssl_context=; url reports https://; TLS 1.2+ floor.
• Bind policy (fail closed) — a non-loopback bind now requires both an auth_token and TLS, else the server refuses to start. host="" is treated as routable (it's the 0.0.0.0 wildcard). Loopback stays plain-HTTP, zero-config.
• Client cleartext-secret guard — clients take cafile=/ssl_context= (verify internal/pinned CAs) and refuse to attach a bearer/cluster token to a non-loopback http:// URL (re-checked per request on the live token); insecure=True opts out for a TLS-terminating proxy.
• DoS-resistant — the TLS handshake runs in the per-connection worker thread (not the accept loop), a max_connections semaphore (default 128, tunable) bounds concurrency, the client opener ignores ambient HTTP_PROXY/ALL_PROXY, and token leaks across HTTP redirects are blocked.

Hardened through a 5-round adversarial red-team — closed a wildcard-host bind bypass, an HTTP-redirect token leak, a post-init guard bypass, a TLS-handshake accept-loop DoS, a proxy-env token leak, and an unbounded-connection DoS; the last two rounds came back empty. 25 tests in tests/test_brain_tls.py. See docs/SUBSTRATE_DESIGN.md §15.4.

🤖 Generated with Claude Code