WithAutonomi · dirvine · Mar 6, 2026 · Feb 25, 2026 · Feb 26, 2026 · Feb 27, 2026
diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -47,6 +47,19 @@ RUST_LOG=debug cargo run --release -- --listen 0.0.0.0:10000
 - No `panic!()` - Return `Result` instead
 - **Exception**: Test code may use these for assertions
 
+### Payment Verification Policy
+**Production nodes require payment by default.**
+
+- All new chunk storage requires EVM payment verification on Arbitrum
+- Payment verification is **enabled by default** via `PaymentConfig::default()`
+- Test environments can disable payment via:
+  - CLI flag: `--disable-payment-verification`
+  - Config: `PaymentVerifierConfig { evm: EvmVerifierConfig { enabled: false, .. }, .. }`
+- Previously-paid chunks are cached and do not require re-verification
+- Test utilities (e.g., `create_test_protocol()`) explicitly disable EVM verification
+
+See `src/payment/verifier.rs` for implementation details.
+
 ---
 
 ## 🚨 CRITICAL: Saorsa Network Infrastructure & Port Isolation

diff --git a/Cargo.toml b/Cargo.toml
@@ -27,18 +27,20 @@ name = "saorsa-devnet"
 path = "src/bin/saorsa-devnet/main.rs"
 
 [[bin]]
-name = "saorsa-client"
-path = "src/bin/saorsa-client/main.rs"
+name = "saorsa-cli"
+path = "src/bin/saorsa-cli/main.rs"
 
 [dependencies]
 # Core (provides EVERYTHING: networking, DHT, security, trust, storage)
-saorsa-core = "0.12.1"
+saorsa-core = "0.13.0"
 saorsa-pqc = "0.4.0"
 
 # Payment verification - autonomi network lookup + EVM payment
 ant-evm = "0.1.19"
 evmlib = "0.4.7"
 xor_name = "5"
+libp2p = "0.56"  # For PeerId in payment proofs
+multihash = "0.19"  # For identity multihash in PeerId construction
 
 # Caching - LRU cache for verified XorNames
 lru = "0.16.3"
@@ -100,6 +102,7 @@ postcard = { version = "1.1.3", features = ["use-std"] }
 tokio-test = "0.4"
 proptest = "1"
 alloy = { version = "1", features = ["node-bindings"] }
+serial_test = "3"
 
 # E2E test infrastructure
 [[test]]

diff --git a/README.md b/README.md
@@ -983,7 +983,7 @@ RUST_LOG=saorsa_node=debug,saorsa_core=debug ./saorsa-node
 |---------|-------------|------------|
 | **saorsa-core** | Core networking and security library | [github.com/dirvine/saorsa-core](https://github.com/dirvine/saorsa-core) |
 | **saorsa-pqc** | Post-quantum cryptography primitives | [github.com/dirvine/saorsa-pqc](https://github.com/dirvine/saorsa-pqc) |
-| **saorsa-client** | Client library for applications | [github.com/dirvine/saorsa-client](https://github.com/dirvine/saorsa-client) |
+| **saorsa-cli** | Unified CLI for file and chunk operations with EVM payments | Built into saorsa-node |
 
 ---
 

diff --git a/config/production.toml b/config/production.toml
@@ -0,0 +1,70 @@
+# Production Configuration for saorsa-node
+#
+# This file matches the NodeConfig struct schema.
+# See src/config.rs for all available fields and defaults.
+
+# Root directory for node data
+root_dir = "/var/lib/saorsa-node"
+
+# Listening port (10000-10999 for production)
+port = 10000
+
+# IP version: "ipv4", "ipv6", or "dual"
+ip_version = "dual"
+
+# Bootstrap peer addresses (socket addrs)
+bootstrap = []
+
+# Network mode: "production", "testnet", or "development"
+network_mode = "production"
+
+# Log level: "trace", "debug", "info", "warn", "error"
+log_level = "info"
+
+# Maximum application-layer message size in bytes (default: 5 MiB)
+# max_message_size = 5242880
+
+# --- Payment verification ---
+# Production nodes require payment by default.
+[payment]
+# DO NOT set enabled = false in production
+enabled = true
+
+# Cache capacity for verified content addresses
+cache_capacity = 100000
+
+# REQUIRED: Set to your Arbitrum wallet address before running in production.
-# REQUIRED: Set to your Arbitrum wallet address before running in production.
+# REQUIRED: Uncomment and set this to your Arbitrum wallet address before running in production.
-# REQUIRED: Set to your Arbitrum wallet address before running in production.
+# REQUIRED: Uncomment and set this to your Arbitrum wallet address before running in production.
+# rewards_address = "0xYourAddressHere"
+
+# EVM network: "arbitrum-one" or "arbitrum-sepolia"
+evm_network = "arbitrum-one"
+
+# Prometheus metrics port (0 to disable)
+metrics_port = 9100
+
+# --- Storage ---
+[storage]
+enabled = true
+
+# Maximum number of chunks to store (0 = unlimited)
+max_chunks = 0
+
+# Verify content hash on read
+verify_on_read = true
+
+# Maximum LMDB database size in GiB (0 = default 32 GiB)
+db_size_gb = 0
+
+# --- Upgrade ---
+[upgrade]
+enabled = false
+channel = "stable"
+check_interval_hours = 1
+github_repo = "dirvine/saorsa-node"
+staged_rollout_hours = 1
+
+# --- Bootstrap cache ---
+[bootstrap_cache]
+enabled = true
+max_contacts = 10000
+stale_threshold_days = 7
diff --git a/docs/DESIGN.md b/docs/DESIGN.md
@@ -14,7 +14,7 @@ Build a **pure quantum-proof network node** (`saorsa-node`) that:
 
 **Clean separation of concerns:**
 - **saorsa-node** = Pure quantum-proof node (no legacy baggage)
-- **saorsa-client** = Bridge layer (reads old network, writes new network)
+- **saorsa-cli** = Client layer (file/chunk operations with EVM payments)
 - **Auto-migration** = Nodes discover and upload local ant-node data
 - **Dual IP DHT** = IPv4 and IPv6 close groups for resilience
 
@@ -34,8 +34,8 @@ This avoids the complexity of bridge nodes by pushing migration logic to:
 ├─────────────────────────────────────────────────────────────────┤
 │                                                                 │
 │   ┌─────────────┐         ┌─────────────────┐                  │
-│   │ ant-network │ ◄─────► │  saorsa-client  │                  │
-│   │ (classical) │  read   │  (bridge layer) │                  │
+│   │ ant-network │ ◄─────► │   saorsa-cli    │                  │
+│   │ (classical) │  read   │ (client layer)  │                  │
 │   └─────────────┘         └────────┬────────┘                  │
 │                                    │ write                      │
 │                                    ▼                            │
@@ -451,7 +451,7 @@ pub struct NodeLifecycle {
 
 ### 1. Node Architecture: Pure Quantum-Proof (No Legacy)
 - **No libp2p** - saorsa-node is clean, uses only ant-quic + saorsa-core
-- **Client is the bridge** - saorsa-client handles reading from ant-network
+- **Client is the bridge** - saorsa-cli handles reading from ant-network
 - **Node auto-migrates** - scans local ant-node data and uploads to network
 - **Rationale**: Simpler node, cleaner security model, easier maintenance
 

diff --git a/docs/infrastructure/INFRASTRUCTURE.md b/docs/infrastructure/INFRASTRUCTURE.md
@@ -218,6 +218,18 @@ cd /opt/communitas
 ./communitas-headless --listen 0.0.0.0:11000 --bootstrap
 ```
 
+## Production Configuration
+
+Before deploying, create `/etc/saorsa/production.toml` based on the template in `config/production.toml`:
+
+```bash
+sudo mkdir -p /etc/saorsa
+sudo cp config/production.toml /etc/saorsa/production.toml
+sudo nano /etc/saorsa/production.toml  # Set your rewards_address
+```
+
+**CRITICAL**: Ensure `payment.enabled = true` in the config file.
+
 ## Systemd Service Templates
 
 ### ant-quic Bootstrap Service
@@ -248,7 +260,8 @@ After=network.target
 [Service]
 Type=simple
 User=root
-ExecStart=/opt/saorsa-node/saorsa-node --listen 0.0.0.0:10000 --bootstrap
+ExecStart=/opt/saorsa-node/saorsa-node --config /etc/saorsa/production.toml --listen 0.0.0.0:10000 --bootstrap
+# CRITICAL: DO NOT add --disable-payment-verification flag in production
 Restart=always
 RestartSec=10