The TinyCloud node — a Rocket HTTP server built from the auth, core, and server crates — that hosts spaces, verifies capability chains, and dispatches service invocations.

Node Architecture

A TinyCloud node is the server that hosts spaces and serves their services. It is a Rocket HTTP server assembled from three crates — tinycloud-auth (the authorization primitives), tinycloud-core (the protocol engine), and tinycloud-node-server (the HTTP layer) — and it is deliberately stateless about identity: it authorizes purely from the capability chain a request carries.

Role

The node is the runtime of Layer 1. It is where hosting, chain validation, storage, and service dispatch actually happen — but no business logic: it is a verifier and a store, which is what lets many nodes host the same owner's data interchangeably.

Mechanics (request path)

A request arrives at a Rocket route (tinycloud-node-server/src/routes/mod.rs).
AuthHeaderGetter (auth_guards.rs) lifts the capability headers and runs chain validation before the route body — an unauthorized request never reaches a service.
The validated invocation dispatches to the relevant tinycloud-core service (kv, sql, encryption, …), which reads/writes content-addressed blobs + the metadata DB and orders the write as a space event (epochs-dag).

tinycloud-core (src/lib.rs) holds the state machine, storage, SQL/DuckDB, and encryption; tinycloud-node-server adds routing, config, quota, signed URLs, and TEE glue.

Relationships

Hosts spaces via space-hosting / hosts; gates requests with cacao-chain-validation; runs the services; persists to storage; can run inside a DStack TEE; spoken to by the SDK.

Status & drift

Shipped. Storage backends (FS/S3, SQLite/PG/MySQL) are configurable; the replication subsystem exists but is not mounted.

Sources

tinycloud-node: tinycloud-node-server/src/lib.rs, routes/mod.rs, tinycloud-core/src/lib.rs