A tiny alternative internet — its own TCP protocol, its own browser, and an application-layer firewall you can drive right here in your browser.
One request line over raw TCP, four status codes. Addresses look like
weft://host:port/path. No cookies, no scripts, no surveillance surface.
A node serves a folder of hand-written .weft pages;
a terminal browser hops between nodes. Three of them form a little ring.
An application-layer gateway filters every connection by source & path, enforces a default policy and rate limits, and logs every decision. Try it below.
Connect over TCP, send one line, read a status line then the body. That's the whole spec.
# request GET /path # response: a status line, then the body 20 text/weft ok, body follows 30 <address> redirect 40 not found 50 server error
This is the same rule engine as firewall.py, reimplemented in JavaScript.
Edit the ruleset on the left (editing = a live kill -HUP reload), fire requests on the
right, and watch each ALLOW /
DENY decision with the exact rule that fired.
Rate limits use real wall-clock time — the per-path cap on /search (2 per 10s)
resets after ten seconds. Globs use shell wildcards; CIDRs match by prefix, exactly like the Python version.
The browser demo is a faithful model; the actual network is just as small.
# clone / cd into the project, then: ./run.sh # 3 nodes + the terminal browser ./firewall_demo.sh # a node behind the firewall, with live traffic # edit firewall.rules and reload with no restart: kill -HUP <pid>