The consolidation release — every v0.1 gap closed:
- Message signing (hypernova signing profile v1): HMAC-SHA256 in the
Part 14 SecurityHeader frame structure — sign at the publisher or at the
boundary relay, verify in Python and Java;require_signeddemands
cryptographic verification (a self-asserted signed bit proves nothing).
Every-bit-flip tamper test; honest limits (no replay window, no
encryption, not yet cross-stack SecurityPolicy) in doc/security.md. - DIP-scale registry: O(1) stream matching (55k publications: 0.33 s to
register, <1 µs lookups), write locking, Prometheus/metrics,
--mirror-offollower convergence, per-endpoint bind isolation. - Arrays end to end, including through supernova C++ servers
(supernova 1.1.0) — a DOUBLE[] round-trips
python→C++ reader→address space→C++ writer→python bit-exact. - Java client (dependency-free, JDK 11+): subscribe/publish by name,
arrays, quality, signature verification — byte-parity with the C++ and
Python codecs on shared golden vectors, plus a live cross-language CI loop. bridge-opcua: publications served as a classic OPC UA server —
any OPC UA client, including commercial SCADA tools, can consume streams (verified with an OPC UA
client end to end).bridge-dip: the migration bridge — republish existing DIP
publications as hypernova streams (CI-tested against a stubbed DIP API;
on-site validation against a live DIP installation still pending).- Soaked and reviewed: 40-minute multi-wrap soak with the registry
subprocess measured (flat RSS/fds, zero loss); second internal
adversarial review — 18 findings, all fixed and regression-locked. - Ops: container build + release workflow (public ghcr publication pending), systemd units, deep-linkable browser,
registry failover via comma-separated URLs.