{"id":28563822,"url":"https://github.com/twisted/vertex","last_synced_at":"2026-03-02T05:31:19.261Z","repository":{"id":9163951,"uuid":"10960926","full_name":"twisted/vertex","owner":"twisted","description":"Vertex is a generalized, secure, peer-to-peer communications platform; formerly of the divmod.org project (https://code.launchpad.net/divmod.org/)","archived":false,"fork":false,"pushed_at":"2018-11-01T22:11:53.000Z","size":473,"stargazers_count":75,"open_issues_count":19,"forks_count":23,"subscribers_count":31,"default_branch":"master","last_synced_at":"2025-11-28T13:09:09.178Z","etag":null,"topics":["alice","bob","internet","python","vertex"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/twisted.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-06-26T07:05:04.000Z","updated_at":"2025-11-26T15:59:30.000Z","dependencies_parsed_at":"2022-08-30T12:31:30.237Z","dependency_job_id":null,"html_url":"https://github.com/twisted/vertex","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/twisted/vertex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twisted%2Fvertex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twisted%2Fvertex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twisted%2Fvertex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twisted%2Fvertex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/twisted","download_url":"https://codeload.github.com/twisted/vertex/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/twisted%2Fvertex/sbom","scorecard":{"id":904008,"data":{"date":"2025-08-18","repo":{"name":"github.com/twisted/vertex","commit":"feb591aa1b9a3b2b8fdcf53e4962dad2a0bc38ca"},"scorecard":{"version":"v5.2.1-41-g40576783","commit":"40576783fda6698350fcbbeaea760ff827433034"},"score":4.3,"checks":[{"name":"Code-Review","score":8,"reason":"Found 5/6 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: pipCommand not pinned by hash: .travis/run.sh:5","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T16:41:45.731Z","repository_id":9163951,"created_at":"2025-08-24T16:41:45.731Z","updated_at":"2025-08-24T16:41:45.731Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29993376,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alice","bob","internet","python","vertex"],"created_at":"2025-06-10T13:08:44.800Z","updated_at":"2026-03-02T05:31:19.246Z","avatar_url":"https://github.com/twisted.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/twisted/vertex.png?branch=master)](https://travis-ci.org/twisted/vertex)\n[![codecov.io](https://codecov.io/github/twisted/vertex/coverage.svg?branch=master)](https://codecov.io/github/twisted/vertex?branch=master)\n# Divmod Vertex #\n\nPull up a chair, and let me tell you a story of the once and future Internet.\n\n## The Age of Innocence ##\n\nIn the beginning of the Internet, all networking was “peer to peer”.\nIf you were lucky enough to have an Internet-connected computer, you could talk to any other Internet-connected computer; in fact, being able to do so  was practically the definition of “Internet connected”.\n\nHowever, many of these computers were the size of a large truck and required a full time staff to operate.\nIn the fullness of time, the Internet would grow to include much smaller devices, computers owned by individuals.\n\n## The Sundering ##\n\nThe growing number of connected devices created a number of problems.\nAll these new devices needed IP addresses; at first, this was simply a logistical problem that you'd want to avoid, since you might want to connect multiple computers to your home network, and later, there weren't enough IP addresses to go around any more.\nSo some clever folks came up with Network Address Translation.\nAs far as the Internet was concerned, your whole network was a single device, with one address; internally, of course, each computer would have its own network address, but a device on the border of the network would hide all that.\nThis meant that you could connect as many devices to your network as you liked, and you didn't have to ask permission, and nobody outside could even necessarily tell that you'd done so.\nNAT was therefore a great innovation - it allowed billions more devices to get connected to the internet.\n\nBut NAT also effectively means that as a “consumer” of Internet services, you can make outgoing requests but can not accept incoming ones.\nIn other words, you can subscribe but you can't publish; you can listen but you can't speak.\nSlowly, this began to break things:\nInternet telephones that expected to be able to call each other.\nGames that expected to be able to make a direct connection between two players.\nEven things as simple as file transfer programs that allowed you to send information directly to another person.\nAll of this can be worked around, of course, but there are few standards for how NAT devices behave, inconsistently implemented.\nMost require users to become experts at networking, or endure poor performance, security problems.\nEven basic tasks like [updating a video game](https://us.battle.net/support/en/article/firewall-proxy-router-and-port-configuration) require memorization of long lists of numbers and familiarity with network administration.\n\nNevertheless, even as all of this is happening, as all of this functionality is disappearing, the Internet's popularity is exploding.\nWhat it *does* enable is so amazing that we all forget the even *more* amazing promise we've lost.\n\nThe Internet is Broken: Long Live the Internet.\n\n## The Desert Of The Now ##\n\nToday, almost all basic Internet-connected functionailty takes the form of a server - almost always a web site - controlled by a third party, rather than a program you can control on your own computer.\nThere's nothing wrong with web sites, of course; the web has been a fantastic innovation in its own right.\nBut there *is* something wrong with *needing* to put your information under someone else's control just because that's the only way to get it from Point A to Point B, where Point A is your house and Point B is your friend's house.\n\nEspecially when there are other ways.\n\nTeleconferencing software, video games, and file sharing networks have all *had* to solve this problem in order for their basic functionality to work.\nSo it's possible to do.\nBut they've all solved these problems in vastly different, application-specific ways, and none of them share any common infrastructure. for direct communication.\nIf you want to create a new application that makes use of direct connectivity, you have to become an expert in [about ten times as much technology](https://tools.ietf.org/html/rfc5389) as if you wanted to create a [basic web site](https://www.djangoproject.com/).\n\n## A False Hope ##\n\nIPv6 is coming, of course, and in principle it could free us from all this.\n\nBut in practice, it won't.\n\nAfter two decades of depending on NAT for security, home computers are not prepared for the onslaught of the public Internet.\nWhen IPv6 rolls out to the general public, it will need to be done in such a way that prevents incoming traffic by default.\nWithout a secure way to allow incoming traffic, networked devices will stay shut off in the way.\n\n# Okay, What Is Vertex, Already?! #\n\nVertex is a general purpose system for securely connecting to a program running on behalf of another person, with a trust model based on Trust On First Use (TOFU) and Persistence of Pseudonym (POP).\n\nCurrently, when a program wants to connect somewhere over the Internet, it gives the name of the machine, and a port number.\nSomething like:\n\n    example.com 443\n    ^ computer  ^ port\n\nWith Vertex, instead, a program identifies a *person* and a *purpose*.\nLike this:\n\n    bob@b.example.com/messaging\n    ^ person          ^ purpose\n        ^ server\n\nLet's say Alice has a chat program that she wants to use to talk to Bob.\nAlice puts in an identifier like the one above into her that program, and using Vertex, it can talk directly to the same program on Bob's computer; all communication is therefore secured.\n\n## What's the point? ##\n\nIf you want to have a program on your computer (or, potentially, your mobile device) communicate some information directly to another, you should be able to do it:\n\n1. easily,\n2. securely,\n3. quickly, and\n4. directly.\n\nVertex attempts to enable all of this, taking care of the details of networking so that applications can just communicate.\n\n## How's this supposed to work? ##\n\nAlice runs a local Vertex agent, which she registers with a Vertex server on a.example.com as alice@a.example.com; she gets a certificate signed by a.example.com, and then maintains a connection to that server.\nBob registers with a Vertex server on b.example.com as bob@b.example.com; he gets a certificate from b.example.com and maintains a connection to that server.\n\nAlice then connects to b.example.com; since she's never talked to it before, she requests its certificate.\n(Alice can also ask a.example.com, or any of her existing connections to other Vertex clients or servers, to double-check on b.example.com's certificate, to make sure that they get the same result, potentially automating the usual call-somebody-up-to-ask-if-the-SSH-server's-key-really-changed workflow we all go through.)\n\nAlice secures her connection to b.example.com with the certificate that a.example.com previously signed; b.example.com verifies it by talking to a.example.com.\nOn that connection, she asks to speak to Bob.\n\nAt this point, b.example.com talks to Bob and sends along Alice's certificate.\nIf Bob approves of Alice's connection, then (and only then!) b.example.com sends along instructions for how to connect to Bob.\n\nThese instructions are a *list* of potential connection techniques; TCPv4, TCPv6, multiple different UDP hole punching techniques, local (behind NAT) addresses, addresses discovered by talking to Vertex servers, and so on.\nAll of these are attempted, and the best connection is used.\nRegardless of which connection is selected, the local Vertex agents on Alice and Bob's computers should use the same TLS certificates to communicate with each other, and the traffic should be encrypted.\n\n## Wow, this sounds great, what kind of shape is it in? ##\n\nSadly, Vertex's current status is that of \"proof of concept\".\nMany of the things in the story above say \"should\" instead of \"does\" because it doesn't actually do those things yet.\nIt can make some connections over the Internet and transfer some bytes, but:\n\n- It doesn't yet implement a workable trust model, or any way to revoke certificates.\n- There's no mechanism to ask your peers to tell you about a certificate to guard aganst DNS cache poisoning on first use.\n- Despite all the fancy certificate memory stuff, fundamentally trust is established by plain passwords.\n- It stores user passwords in plaintext.\n- There's no UI for the local agent, and no real persistence of the \"buddy list\".\n- There's no support for UPnP, or any other kind of automatic router configuration.\n- Its UDP-over-TCP implementation doesn't implement [window scaling](https://en.wikipedia.org/wiki/TCP_window_scale_option), among other things; it is *very* slow.\n- When using UDP tunnelling, it doesn't currently use encryption at all.  This is actually due to a design flaw, long since fixed, in Twisted's implementation of TLS; Vertex is one of the reasons that [this flaw was fixed](https://twistedmatrix.com/trac/ticket/593).\n- There's no defined protocol for an agent to talk to other applications; each agent currently contains all of the code for the applications that want to speak to other nodes.\n\nBut all these flaws and all this unfinished work are just a chance for you to be a hero and improve Vertex's functionality until it's actually useful!\n\n### What's \"Divmod\"? ###\n\nDivmod is a now-defunct start-up company that open sourced many projects in the Twisted ecosystem, including this one.\nAll the Divmod projects were therefore named “Divmod X”.\nAs an acknowledgement of Divmod’s contributions, the current maintainers (some of whom worked for Divmod at the time) are preserving that nomenclature.\n\n### Why \"Vertex\"? ###\n\nThe Divmod projects are all named for various mathematical concepts.\n\nThe vertex of an angle is where two rays begin or meet, and Vertex is meant to be the meeting point for your network communications.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftwisted%2Fvertex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftwisted%2Fvertex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftwisted%2Fvertex/lists"}