- Build static musl binaries (work on any Linux distro)
- Redesign ostp-guard with weighted scoring system (threshold: 4 points)
- HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts
- MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars
- Production VPS safe (1-2 points), sandbox blocked (4+ points)
- Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status)
- Deployment packages for Linux + Windows with SHA256 checksums
- osds: Added system DNS forwarder on 127.0.0.1:53
- SystemDnsManager for Windows/Linux DNS configuration
- Auto-restore original DNS on exit
- *.ospab.internal routing to master node
- Encrypted DNS forwarding through OSTP tunnel
- oncp: Implemented node enrollment system
- EnrollmentRegistry with state machine (Pending->Approved->Active)
- SQLite-backed enrollment storage
- Node PSK generation on approval
- REST API endpoints for enrollment workflow
- oncp-master: Added enrollment CLI commands
- 'node pending' - List pending enrollment requests
- 'node approve <id>' - Approve and generate PSK
- 'node reject <id>' - Reject enrollment
- ostp-server: Auto-registration on startup
- Submits enrollment request to master node
- Exits if PSK='AUTO' and awaits approval
- Integrates with ONCP enrollment API
- oncp API: Enhanced CDN steering
- Best nodes by country_code with fallback
- Steering metadata (matched, fallback status)
- Load-based node selection
- Add REST API for node/user management (axum-based)
- Add NodeRegistry for server check-in and load balancing
- Add SniManager for dynamic SNI updates and emergency blocking
- Add CDN Dashboard CLI (oncp-master) with real-time monitoring
- Add ProbeDetector in ostp-guard for active probing detection
- Add iptables/nftables/Windows firewall ban integration
- Extend MimicryEngine with async SNI updates from control plane
- Fix all compilation warnings
- Update author to ospab.team
