From 4e772b72dba206c64dd1cecfe0fbb06dc299f9f3 Mon Sep 17 00:00:00 2001
From: dave <futurechimp@users.noreply.github.com>
Date: Sat, 4 Apr 2026 20:45:00 +0000
Subject: [PATCH] huskies: create
 480_story_cryptographic_node_auth_for_distributed_mesh

---
 ...ographic_node_auth_for_distributed_mesh.md | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .huskies/work/1_backlog/480_story_cryptographic_node_auth_for_distributed_mesh.md

diff --git a/.huskies/work/1_backlog/480_story_cryptographic_node_auth_for_distributed_mesh.md b/.huskies/work/1_backlog/480_story_cryptographic_node_auth_for_distributed_mesh.md
new file mode 100644
index 00000000..9d37dc6e
--- /dev/null
+++ b/.huskies/work/1_backlog/480_story_cryptographic_node_auth_for_distributed_mesh.md
@@ -0,0 +1,21 @@
+---
+name: "Cryptographic node auth for distributed mesh"
+---
+
+# Story 480: Cryptographic node auth for distributed mesh
+
+## User Story
+
+As a user running a distributed huskies mesh, I want nodes authenticated by Ed25519 keypairs so only trusted machines can join and see pipeline state.
+
+## Acceptance Criteria
+
+- [ ] Each node has an Ed25519 keypair (generated on first run or via CLI command)
+- [ ] Trusted nodes defined by a list of known public keys in config
+- [ ] Nodes authenticate on WebSocket connect by signing a challenge
+- [ ] CRDT node ID derived from public key (already built into bft-json-crdt crate)
+- [ ] Unauthorised nodes rejected on connect
+
+## Out of Scope
+
+- TBD