The weft network

A tiny alternative internet — its own TCP protocol, its own browser, and an application-layer firewall you can drive right here in your browser.

pure python stdlib not HTTP ~600 lines zero deps

What it is

A protocol of its own

One request line over raw TCP, four status codes. Addresses look like weft://host:port/path. No cookies, no scripts, no surveillance surface.

Nodes & a browser

A node serves a folder of hand-written .weft pages; a terminal browser hops between nodes. Three of them form a little ring.

A real firewall

An application-layer gateway filters every connection by source & path, enforces a default policy and rate limits, and logs every decision. Try it below.

The protocol, on a postcard

Connect over TCP, send one line, read a status line then the body. That's the whole spec.

# request
GET /path

# response: a status line, then the body
20 text/weft     ok, body follows
30 <address>     redirect
40 not found
50 server error

Interactive firewall

This is the same rule engine as firewall.py, reimplemented in JavaScript. Edit the ruleset on the left (editing = a live kill -HUP reload), fire requests on the right, and watch each ALLOW / DENY decision with the exact rule that fired.

firewall.rules
request consoleready
No requests yet. Hit a preset, or Send GET.

Rate limits use real wall-clock time — the per-path cap on /search (2 per 10s) resets after ten seconds. Globs use shell wildcards; CIDRs match by prefix, exactly like the Python version.

Run the real thing

The browser demo is a faithful model; the actual network is just as small.

# clone / cd into the project, then:
./run.sh            # 3 nodes + the terminal browser
./firewall_demo.sh  # a node behind the firewall, with live traffic

# edit firewall.rules and reload with no restart:
kill -HUP <pid>