feat(dist): add distribution packages with docs and checksums

Linux Server Package (ostp-server-linux-x64.tar.gz - 5.94 MB):
- ostp-server (9.2 MB) + oncp-master (4.8 MB)
- Automated deploy.sh script with systemd integration
- README.md with quick start guide
- systemd service units (ostp-server.service, oncp-master.service)
- Config examples (server.json, server-enrollment.json)
- SHA256SUMS for integrity verification

Windows Client Package (ostp-client-windows-x64.zip - 1.29 MB):
- ostp-client.exe (1.64 MB) - CLI client
- ostp-daemon.exe (0.53 MB) - Windows Service
- ostp-installer.exe (0.37 MB) - Setup wizard
- README.md with GUI/CLI usage guide
- SHA256SUMS.txt for integrity verification

Deploy Script Features:
- Automated PSK generation
- Systemd service installation
- Firewall configuration (ufw)
- OTP token generation (60 min)
- Network validation (10.X.0.0/16)
- Security hardening (NoNewPrivileges, ProtectSystem)

Documentation includes:
- Installation instructions
- Configuration examples
- Troubleshooting guides
- Security best practices
- API reference

dist/windows-x64/README.md

@@ -0,0 +1,289 @@
+# OSTP Client - Windows x64 Distribution
+
+Windows native client with GUI, daemon service, and automated installer.
+
+## 📦 Contents
+
+- **ostp-installer.exe** (0.37 MB) - Setup wizard with admin privileges
+- **ostp-daemon.exe** (0.53 MB) - Windows Service for VPN tunnel management
+- **ostp-client.exe** (1.64 MB) - Command-line client for advanced users
+- **SHA256SUMS.txt** - Integrity verification checksums
+
+## 🚀 Quick Start (Recommended)
+
+### 1. Verify Integrity
+
+Open PowerShell:
+```powershell
+Get-Content SHA256SUMS.txt | ForEach-Object {
+    $hash, $file = $_ -split '\s+', 2
+    $computed = (Get-FileHash $file -Algorithm SHA256).Hash.ToLower()
+    if ($hash -eq $computed) { "✓ $file" } else { "✗ $file MISMATCH!" }
+}
+```
+
+### 2. Run Installer
+
+**Right-click `ostp-installer.exe` → Run as Administrator**
+
+The installer will:
+- Install Wintun driver (TAP network adapter)
+- Register `OspabGuard` Windows Service
+- Configure firewall rules
+- Install GUI to Start Menu
+- Create desktop shortcut
+
+### 3. Launch GUI
+
+After installation, open **OSTP VPN** from Start Menu or desktop.
+
+## 🖥️ GUI Interface
+
+Dark stealth theme interface (450×600):
+- **Server Selection** - Choose country from dropdown (auto-fetch from Master Node)
+- **Connect/Disconnect** - One-click VPN toggle
+- **Real-time Stats** - Upload/download speeds, ping, connection time
+- **System Tray** - Minimize to tray for background operation
+
+### Settings
+- Auto-connect on startup
+- Kill switch (block all traffic when VPN disconnects)
+- Protocol selection (TCP/UDP)
+- Custom DNS servers
+
+## 🔧 Command-Line Client (Advanced)
+
+### ostp-client.exe
+
+For advanced users who prefer CLI or scripting:
+
+```cmd
+# Interactive wizard
+ostp-client.exe setup
+
+# Connect to specific server
+ostp-client.exe connect --server 1.2.3.4:443 --psk YOUR_PSK --country RU
+
+# List profiles
+ostp-client.exe profiles
+
+# Connect using saved profile
+ostp-client.exe connect --profile "US-West"
+
+# Disconnect
+ostp-client.exe disconnect
+
+# Show status
+ostp-client.exe status
+```
+
+### Configuration File
+
+Located at: `%APPDATA%\Ospab\OSTP\config.json`
+
+```json
+{
+  "profiles": [
+    {
+      "name": "US-West",
+      "server": "1.2.3.4:443",
+      "psk": "64_char_hex_psk",
+      "country_code": "US"
+    }
+  ],
+  "auto_connect": false,
+  "kill_switch": true
+}
+```
+
+## 🛠️ Service Management
+
+### ostp-daemon.exe
+
+Runs as Windows Service (`OspabGuard`):
+
+```cmd
+# Check service status
+sc query OspabGuard
+
+# Start service
+sc start OspabGuard
+
+# Stop service
+sc stop OspabGuard
+
+# View service logs
+type C:\ProgramData\Ospab\OSTP\ostp-daemon.log
+```
+
+### IPC Communication
+
+GUI communicates with daemon via Named Pipe: `\\.\pipe\ostp-daemon`
+
+Commands:
+- `CONNECT\n` - Establish VPN tunnel
+- `DISCONNECT\n` - Close VPN tunnel
+- `STATUS\n` - Get JSON status response
+
+## 🔐 Security Features
+
+### Anti-Reverse Engineering
+- **ostp-guard** analysis tool detection (IDA Pro, x64dbg, Ghidra, etc.)
+- VM environment detection (VirtualBox, VMware, QEMU)
+- Debugger detection (IsDebuggerPresent, remote debuggers)
+- Weighted scoring system (4+ points = environment rejected)
+- Error code masking (`0xE0000001` for all security blocks)
+
+### Stealth Mode
+- TLS 1.3 ClientHello mimicry (randomized JA3 fingerprint)
+- Geo-specific SNI selection (cloudflare.com, google.com, etc.)
+- UDP-over-TCP framing with random padding
+- No identifiable protocol signatures
+
+### Encryption
+- **AEAD:** ChaCha20-Poly1305
+- **Key Exchange:** X25519 Elliptic Curve Diffie-Hellman
+- **PSK Validation:** HMAC-SHA256 with silent drop on failure
+
+## 📊 Network Configuration
+
+After connection:
+- **Client IP:** Assigned by Master Node (10.X.Y.Z)
+- **Gateway:** Master Node (10.X.0.1)
+- **DNS:** 1.1.1.1, 8.8.8.8 (configurable)
+- **MTU:** 1420 (optimized for tunneling overhead)
+
+## 🪟 System Requirements
+
+- **OS:** Windows 10/11 (x64) or Windows Server 2019+
+- **RAM:** 256 MB minimum
+- **CPU:** 1 core minimum
+- **Network:** Internet connection (any speed)
+- **Privileges:** Administrator required for installation
+
+## 🔧 Troubleshooting
+
+### Connection Issues
+
+1. **Check service status:**
+   ```cmd
+   sc query OspabGuard
+   ```
+
+2. **View logs:**
+   ```cmd
+   type C:\ProgramData\Ospab\OSTP\ostp-daemon.log
+   ```
+
+3. **Test connectivity:**
+   ```cmd
+   ping 1.1.1.1
+   tracert 1.1.1.1
+   ```
+
+### Firewall Conflicts
+
+If Windows Firewall blocks connection:
+```cmd
+netsh advfirewall firewall add rule name="OSTP VPN" dir=out action=allow program="C:\Program Files\Ospab\OSTP\ostp-daemon.exe"
+```
+
+### Wintun Driver Issues
+
+Reinstall Wintun:
+1. Uninstall via Device Manager (Network adapters → Wintun)
+2. Run `ostp-installer.exe` again
+3. Reboot system
+
+### Service Won't Start
+
+Check Event Viewer:
+```
+Event Viewer → Windows Logs → Application → Filter by "OspabGuard"
+```
+
+## 🔄 Updates
+
+### Automatic Updates (via GUI)
+1. GUI checks for updates on startup
+2. Prompts user to download latest version
+3. Downloads installer from official server
+4. Verifies SHA256 checksum
+5. Runs installer (requires admin)
+
+### Manual Update
+1. Download latest release
+2. Close GUI and stop service: `sc stop OspabGuard`
+3. Run new installer
+4. Restart service: `sc start OspabGuard`
+
+## 🗑️ Uninstallation
+
+### Via Installer
+Run `ostp-installer.exe` and select "Uninstall" option.
+
+### Manual Removal
+```cmd
+# Stop and remove service
+sc stop OspabGuard
+sc delete OspabGuard
+
+# Remove files
+rmdir /s /q "C:\Program Files\Ospab"
+rmdir /s /q "C:\ProgramData\Ospab"
+rmdir /s /q "%APPDATA%\Ospab"
+
+# Uninstall Wintun driver
+pnputil /enum-devices /class net | findstr "Wintun"
+pnputil /remove-device <device-id>
+```
+
+## 🧪 Debug Mode
+
+Enable debug logging:
+```cmd
+# Set registry key
+reg add "HKLM\SOFTWARE\Ospab\OSTP" /v DebugMode /t REG_DWORD /d 1 /f
+
+# Restart service
+sc stop OspabGuard
+sc start OspabGuard
+
+# View debug logs
+type C:\ProgramData\Ospab\OSTP\debug.log
+```
+
+## 📚 Documentation
+
+- Project Repository: https://github.com/ospab/ospab.network
+- Issue Tracker: https://github.com/ospab/ospab.network/issues
+- Architecture: See `prompt.md` in repository
+
+## ⚠️ Known Issues
+
+- **Windows Defender SmartScreen:** May show warning on first run (normal for unsigned binaries)
+- **Antivirus False Positives:** ostp-guard detection may trigger AV heuristics (whitelist required)
+- **VirtualBox:** VM detection may prevent execution (expected behavior)
+
+## 🆘 Support
+
+For issues and questions:
+- GitHub Issues: https://github.com/ospab/ospab.network/issues
+- Email Support: support@ospab.network
+- Telegram: @ospab_support
+
+## 📋 Version History
+
+- **0.1.0** (January 2, 2026)
+  - Initial release
+  - Windows Service implementation
+  - GUI with dark stealth theme
+  - OTP enrollment token support
+  - Dynamic IPAM (10.X.0.0/16)
+
+---
+
+**Version:** 0.1.0  
+**Build Date:** January 2, 2026  
+**License:** Proprietary  
+**Copyright:** © 2026 Ospab Network

dist/windows-x64/SHA256SUMS.txt

@@ -0,0 +1,3 @@
+94400a0ab3a50a57d3914a905d79e1794a6e9642e63278854a9d492dd4f722ee  ostp-client.exe
+2e5c4dda1b0e9d1807892a3de587e4875906bdbe5343d5b83b5f33488d6e6696  ostp-daemon.exe
+9817c74e41427780cffb3070bfb22afec0f18a570f57e5c6b1cd9a76117c4001  ostp-installer.exe