Bibeam is an open source, collaborative, distributed, E2E, non-exhaustive Peer-To-Peer VPN. Inspired by Korean food "Bibimbap". Also interpreted as Bidirectional-Beam (Bi-Beam); loose Privacy-enhancing Network.
Current implementation. The workspace now contains real protocol/control-plane code: typed control messages, PASETO token issuance/verification, discovery HTTP + WebSocket clients, coordinator admission/rate-limiting, transport helpers, and targeted unit/integration coverage. The strict regime is still wired (#![forbid(unsafe_code)], strict clippy, conventional commits via cog verify), and CI runs fmt + clippy + nextest + doc + deny + machete + coverage on every PR.
Still incomplete. End-to-end tunnel bring-up and full daemon boot orchestration are not production-ready yet. The binaries still log bootstrap at startup, and several runtime paths remain scaffolded or feature-gated while the implementation converges.
# install the Phase-1 dev tooling once (prek, nextest, typos, cocogitto, taplo)
just bootstrap
# build the workspace on the latest stable toolchain
cargo build --workspace --all-features
# run the full local CI pipeline (fmt + clippy + tests + doc + deny + machete)
just ciSeven libraries + two role-specific daemons + one ops runner. See docs/architecture.md for the crate boundary map and request flow.
| Crate | Role |
|---|---|
bibeam-core |
Shared types, errors, identity primitives |
bibeam-protocol |
Wire frames + postcard codec |
bibeam-crypto |
WG key generation, AEAD, PASETO session tokens |
bibeam-transport |
WireGuard (boringtun) data plane over UDP + STUN hole-punch |
bibeam-tun |
Cross-platform TUN device + L3 packet pipeline |
bibeam-discovery |
Coordinator client + rendezvous types |
bibeam-runtime |
Tracing, metrics, config, signals, health |
bibeam-node |
Merged data-plane (relay/exit/forwarder) + control-plane (rendezvous/admission/rotation) daemon, gated by is_coordinator flag (per §11 R-1) |
bibeam-cli |
End-user client daemon + CLI |
xtask |
Workspace ops runner (CI, docs, release helpers) |
Per-crate README.md files are generated by cargo run -p xtask -- gen-readmes from each [package].description. Do not hand-edit them; edit Cargo.toml instead. The drift-check runs in pre-commit and CI.
docs/architecture.md— two-plane diagram, crate boundaries, request flow.docs/protocol.md— WG wire format, session tokens, control-plane API, cohort lifecycle.docs/threat-model.md— adversaries, scope, mitigations.docs/operator-runbook.md— bringing up a coordinator or node.CONTRIBUTING.md— strict regime, dep-selection rubric, commit conventions.AGENTS.md— brief for AI coding assistants.docs/plan/init.md— the spec that drove the Phase-1 init scaffold (as-built rationale).
MIT — see LICENSE. Copyright the BiBeam contributors.