TLTV CLI v1.0.0

Command-line tool for the TLTV Federation Protocol. Generate channel
identities, sign and verify documents, mine vanity IDs, resolve URIs,
probe nodes, crawl the gossip network, and check streams. Single static
binary, zero dependencies. Validated against all 7 protocol test vector
suites with 55 unit tests and 7 integration tests.

Author: pfarnsworth

.github/workflows/ci.yml

@@ -0,0 +1,46 @@
+name: CI
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Vet
+        run: go vet ./...
+
+      - name: Test
+        run: go test -v -count=1 ./...
+
+      - name: Build (static)
+        run: CGO_ENABLED=0 go build -v -ldflags "-s -w" -o tltv .
+
+      - name: Verify static linkage
+        run: |
+          output=$(ldd ./tltv 2>&1 || true)
+          case "$output" in
+            *"not a dynamic executable"*) echo "OK: static binary" ;;
+            *) echo "ERROR: binary is dynamically linked"; echo "$output"; exit 1 ;;
+          esac
+
+  race:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Test (race detector)
+        run: go test -race -count=1 ./...

.github/workflows/release.yml

@@ -0,0 +1,122 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Vet
+        run: go vet ./...
+
+      - name: Test
+        run: go test -v -count=1 ./...
+
+      - name: Build archives
+        run: |
+          VERSION=${GITHUB_REF_NAME}
+          LDFLAGS="-s -w -X main.version=${VERSION}"
+          mkdir -p dist
+
+          for pair in linux/amd64 linux/arm64 darwin/amd64 darwin/arm64 windows/amd64 windows/arm64 freebsd/amd64; do
+            GOOS=${pair%/*}
+            GOARCH=${pair#*/}
+            BIN=tltv
+            if [ "$GOOS" = "windows" ]; then BIN=tltv.exe; fi
+
+            echo "Building ${GOOS}/${GOARCH}..."
+            CGO_ENABLED=0 GOOS=$GOOS GOARCH=$GOARCH go build -ldflags "$LDFLAGS" -o "dist/${BIN}" .
+
+            ARCHIVE="tltv-cli_${VERSION}_${GOOS}-${GOARCH}"
+            tar -czf "dist/${ARCHIVE}.tar.gz" -C dist "$BIN"
+            rm "dist/${BIN}"
+          done
+
+      - name: Verify Linux amd64 is static
+        run: |
+          CGO_ENABLED=0 go build -ldflags "-s -w" -o tltv-check .
+          output=$(ldd ./tltv-check 2>&1 || true)
+          case "$output" in
+            *"not a dynamic executable"*) echo "OK: static binary" ;;
+            *) echo "ERROR: binary is dynamically linked"; echo "$output"; exit 1 ;;
+          esac
+          rm ./tltv-check
+
+      - name: Create checksums
+        working-directory: dist
+        run: sha256sum * > checksums.txt
+
+      - name: Create release and upload assets
+        env:
+          TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG: ${{ github.ref_name }}
+          REPO: ${{ github.repository }}
+          SERVER: ${{ github.server_url }}
+        run: |
+          # Detect API base (GitHub vs Forgejo/Gitea)
+          if echo "$SERVER" | grep -q "github\.com"; then
+            API_BASE="https://api.github.com/repos/${REPO}"
+            UPLOAD_MODE=github
+          else
+            API_BASE="${SERVER}/api/v1/repos/${REPO}"
+            UPLOAD_MODE=forgejo
+          fi
+
+          # Detect pre-release from tag name
+          PRERELEASE=false
+          if echo "$TAG" | grep -qE '(rc|alpha|beta)'; then
+            PRERELEASE=true
+          fi
+
+          # Create release
+          RESPONSE=$(curl -sS -X POST \
+            -H "Authorization: token ${TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"tag_name\":\"${TAG}\",\"name\":\"tltv-cli ${TAG}\",\"body\":\"Release ${TAG}\",\"draft\":false,\"prerelease\":${PRERELEASE}}" \
+            "${API_BASE}/releases")
+
+          # Extract release ID (works for both APIs -- "id" is always the first integer id field)
+          RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id" *: *[0-9]*' | head -1 | grep -o '[0-9]*')
+
+          if [ -z "$RELEASE_ID" ]; then
+            echo "ERROR: Failed to create release"
+            echo "$RESPONSE"
+            exit 1
+          fi
+
+          echo "Created release ${TAG} (id: ${RELEASE_ID}, prerelease: ${PRERELEASE})"
+
+          # Upload assets
+          for file in dist/*; do
+            filename=$(basename "$file")
+            echo "Uploading ${filename}..."
+
+            if [ "$UPLOAD_MODE" = "github" ]; then
+              # GitHub: raw binary body to uploads.github.com
+              curl -sS -X POST \
+                -H "Authorization: token ${TOKEN}" \
+                -H "Content-Type: application/octet-stream" \
+                --data-binary "@${file}" \
+                "https://uploads.github.com/repos/${REPO}/releases/${RELEASE_ID}/assets?name=${filename}" > /dev/null
+            else
+              # Forgejo/Gitea: multipart form upload
+              curl -sS -X POST \
+                -H "Authorization: token ${TOKEN}" \
+                -F "attachment=@${file}" \
+                "${API_BASE}/releases/${RELEASE_ID}/assets?name=${filename}" > /dev/null
+            fi
+          done
+
+          echo "Uploaded $(ls dist/* | wc -l) assets"

.gitignore

@@ -0,0 +1,10 @@
+# Binary
+tltv
+tltv.exe
+dist/
+
+# Key files (never commit secrets)
+*.key
+
+# Test artifacts
+*.test

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 TLTV
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,37 @@
+BINARY  := tltv
+VERSION := $(shell git describe --tags --always --dirty 2>/dev/null || echo "dev")
+LDFLAGS := -ldflags "-s -w -X main.version=$(VERSION)"
+
+.PHONY: build install test clean release
+
+build:
+	CGO_ENABLED=0 go build $(LDFLAGS) -o $(BINARY) .
+
+install:
+	CGO_ENABLED=0 go install $(LDFLAGS) .
+
+test:
+	go test -v ./...
+
+clean:
+	rm -f $(BINARY)
+	rm -rf dist/
+
+# Cross-compile for all major platforms (static binaries, no cgo).
+# Produces tar.gz archives plus checksums.
+release: clean
+	@mkdir -p dist
+	@for pair in linux/amd64 linux/arm64 darwin/amd64 darwin/arm64 windows/amd64 windows/arm64 freebsd/amd64; do \
+		GOOS=$${pair%/*}; \
+		GOARCH=$${pair#*/}; \
+		BIN=$(BINARY); \
+		if [ "$$GOOS" = "windows" ]; then BIN=$(BINARY).exe; fi; \
+		echo "Building $$GOOS/$$GOARCH..."; \
+		CGO_ENABLED=0 GOOS=$$GOOS GOARCH=$$GOARCH go build $(LDFLAGS) -o dist/$$BIN .; \
+		ARCHIVE=$(BINARY)-cli_$(VERSION)_$$GOOS-$$GOARCH; \
+		tar -czf dist/$$ARCHIVE.tar.gz -C dist $$BIN; \
+		rm dist/$$BIN; \
+	done
+	@cd dist && sha256sum * > checksums.txt
+	@echo "Release archives in dist/"
+	@ls -lh dist/