doublegate
diff --git a/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 15 additions & 7 deletions b/‎README.md‎
Lines changed: 15 additions & 7 deletions
diff --git a/‎crates/wraith-core/benches/frame_bench.rs‎
Lines changed: 232 additions & 2 deletions b/‎crates/wraith-core/benches/frame_bench.rs‎
Lines changed: 232 additions & 2 deletions
@@ -17,6 +17,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - 34 integration tests for v2 crypto pipeline (hybrid, ratchet, KDF, suite, full pipeline)
 - 18 new v2 crypto benchmarks (hybrid KEM, packet ratchet, KDF, suite, context)
 - v2 Migration Strategy report and 9-phase sprint planning documentation
+- **v2 128-bit ConnectionIdV2**: Cryptographically random 128-bit connection IDs with v1 migration helpers and CID rotation support (`connection_id.rs`)
+- **v2 24-byte FrameHeaderV2**: Compact header with SIMD-accelerated decode (AVX2/SSE4.2/NEON), 128-bit CID, stream ID, sequence, offset, payload length, frame type, flags (`header_v2.rs`)
+- **v2 Polymorphic Wire Format**: Session-derived field permutation and XOR masking for traffic analysis resistance (`polymorphic.rs`)
+- **v2 Compatibility Layer**: Automatic v1/v2 format detection (~1 ns), version negotiation, bidirectional frame conversion (`compat.rs`)
+- **v2 Extended Frame Types**: FrameTypeV2 with 30 types across 7 categories (core, stream, path, security, file, diagnostic, reserved) and FlagsV2 with 8 flags (`types_v2.rs`)
+- 58 integration tests for v2 wire format (connection ID, header, polymorphic, compat, full pipeline)
+- 28 new v2 wire format benchmarks (header encode/decode, polymorphic, CID generation, format detection, frame type validation)
+
+### Changed
+- ml-dsa upgraded from 0.0.4 to 0.1.0-rc.5 (CI compatibility fix)
 
 ### Performance (v2 Crypto Benchmarks)
 - Hybrid KEM keygen: 69.56 us
@@ -26,6 +36,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - v2 session key derivation: 442 ns (4 directional keys)
 - Classical-only fallback ~40% faster than hybrid
 
+### Performance (v2 Wire Format Benchmarks)
+- FrameHeaderV2 encode_into: 2.41 ns / 9.27 GiB/s
+- FrameHeaderV2 decode: 3.25 ns / 6.88 GiB/s
+- FrameHeaderV2 decode_simd: 3.24 ns / 6.91 GiB/s
+- Polymorphic encode: 7.12 ns / 3.14 GiB/s
+- Polymorphic decode: 10.73 ns / 2.08 GiB/s
+- ConnectionIdV2 generate: 24 ns
+- Format detection: ~1.0 ns
+- FrameTypeV2 validation: 421 ps
+
 ---
 
 ## [2.3.7] - 2026-02-01 - Testing Infrastructure & CI Stability
 
@@ -38,7 +38,7 @@ WRAITH Protocol is a privacy-focused, high-performance file transfer protocol de
 
 | Metric            | Value                                                                     |
 | ----------------- | ------------------------------------------------------------------------- |
-| **Tests**         | 2,723 passing (2,690 workspace + 19 spectre-implant + 14 doc), 16 ignored |
+| **Tests**         | 2,839 passing (2,828 workspace + 11 spectre-implant), 16 ignored |
 | **Code**          | ~141,000 lines Rust (protocol + clients) + ~36,600 lines TypeScript       |
 | **Documentation** | 114 files, ~62,800 lines                                                  |
 | **Security**      | Grade A+ (zero vulnerabilities, 295 audited dependencies)                 |
@@ -330,7 +330,7 @@ WRAITH Protocol uses a six-layer design optimized for security and performance:
 
 | Crate                  | Description                                                  | Tests |
 | ---------------------- | ------------------------------------------------------------ | ----- |
-| **wraith-core**        | Frame parsing (SIMD), sessions, congestion control, Node API | 526   |
+| **wraith-core**        | Frame parsing (SIMD), sessions, congestion control, Node API, v2 wire format (128-bit CID, 24B header, polymorphic encoding, v1 compat) | 606   |
 | **wraith-crypto**      | Ed25519, X25519+Elligator2, AEAD, Noise_XX, Double Ratchet, v2 Hybrid KEM, PQ Signatures | 293   |
 | **wraith-transport**   | AF_XDP, io_uring, UDP sockets, worker pools                  | 226   |
 | **wraith-obfuscation** | Padding, timing, cover traffic, protocol mimicry             | 140   |
@@ -390,6 +390,14 @@ Measured on production hardware (Intel i9-10850K, 64 GB RAM) with `cargo bench -
 | Per-Packet Ratchet  | 136 ns (~7.3M keys/sec)                    | BLAKE3 symmetric ratchet advance                        |
 | v2 Session KDF      | 442 ns (4 directional keys)                | Domain-separated i2r/r2i traffic keys                   |
 | Suite Negotiation   | 2.79 ns                                    | Strongest-common suite selection                        |
+| FrameHeaderV2 Encode| 2.41 ns (9.27 GiB/s)                       | 24-byte v2 header via `encode_into`                     |
+| FrameHeaderV2 Decode| 3.25 ns (6.88 GiB/s)                       | Standard v2 header decode                               |
+| FrameHeaderV2 SIMD  | 3.24 ns (6.91 GiB/s)                       | SIMD-accelerated v2 header decode                       |
+| Polymorphic Encode  | 7.12 ns (3.14 GiB/s)                       | Session-derived field permutation + XOR masking          |
+| Polymorphic Decode  | 10.73 ns (2.08 GiB/s)                      | Polymorphic wire format decode                          |
+| ConnectionIdV2 Gen  | 24 ns                                      | 128-bit connection ID generation                        |
+| Format Detection    | ~1.0 ns                                    | v1/v2 wire format auto-detection                        |
+| FrameTypeV2 Valid   | 421 ps                                     | Frame type validation (30 types)                        |
 
 ### Optimization Highlights (v2.3.4)
 
@@ -476,7 +484,7 @@ Measured on production hardware (Intel i9-10850K, 64 GB RAM) with `cargo bench -
 
 **Validation:**
 
-- Comprehensive test coverage (2,723 tests across all components)
+- Comprehensive test coverage (2,839 tests across all components)
 - DPI evasion validation (Wireshark, Zeek, Suricata, nDPI)
 - 5 libFuzzer targets
 - Property-based tests
@@ -708,12 +716,12 @@ WRAITH Protocol v2.3.7 represents 2,740+ story points across 24 development phas
 - Conductor project management system with code style guides for development workflow tracking
 - RedOps workspace integration: team-server and operator-client as workspace members (spectre-implant excluded for no_std compatibility)
 - v2.3.6 RedOps Advanced Tradecraft: Signal Double Ratchet C2 ratcheting, 4 new MITRE ATT&CK techniques (T1134, T1140, T1574.002, T1105), Runner source-build, operator UX polish, team server safety hardening
-- Comprehensive documentation (114 files, ~62,800 lines) and testing (2,723 tests across all components)
+- Comprehensive documentation (114 files, ~62,800 lines) and testing (2,839 tests across all components)
 - CI/CD infrastructure with multi-platform releases
 
 ### Future Development
 
-- **v2 Protocol Migration** - Phase 1 complete (hybrid KEM, per-packet ratchet, suite negotiation); Phases 2-9 in progress
+- **v2 Protocol Migration** - Phase 1 (crypto foundation) and Phase 2 (wire format) complete; Phases 3-9 in progress
 - **Post-quantum cryptography** - Hybrid X25519 + ML-KEM-768 (Phase 1 complete), ML-DSA-65 signatures (optional)
 - **Formal verification** - Cryptographic protocol proofs
 - **XDP/eBPF implementation** - Full kernel bypass (wraith-xdp crate)
@@ -786,6 +794,6 @@ WRAITH Protocol builds on excellent projects and research:
 
 **WRAITH Protocol** - _Secure. Fast. Invisible._
 
-**Version:** 2.3.7 | **License:** MIT | **Language:** Rust 2024 (MSRV 1.88) | **Tests:** 2,723 passing (2,690 workspace + 19 spectre-implant + 14 doc) | **Clients:** 12 applications (9 desktop + 2 mobile + 1 server)
+**Version:** 2.3.7 | **License:** MIT | **Language:** Rust 2024 (MSRV 1.88) | **Tests:** 2,839 passing (2,828 workspace + 11 spectre-implant) | **Clients:** 12 applications (9 desktop + 2 mobile + 1 server)
 
-**Last Updated:** 2026-02-01
+**Last Updated:** 2026-02-02
@@ -1,6 +1,11 @@
 use criterion::{Criterion, Throughput, criterion_group, criterion_main};
 use std::hint::black_box;
-use wraith_core::{FRAME_HEADER_SIZE, Frame, FrameBuilder, FrameType, build_into_from_parts};
+use wraith_core::frame::compat::{v1_header_to_v2, v2_header_to_v1};
+use wraith_core::{
+    ConnectionId, ConnectionIdV2, FRAME_HEADER_SIZE, FlagsV2, FormatNegotiation, Frame,
+    FrameBuilder, FrameFlags, FrameHeaderV2, FrameType, FrameTypeV2, PolymorphicFormat,
+    build_into_from_parts, detect_format,
+};
 
 fn bench_frame_parse(c: &mut Criterion) {
     let frame_data = FrameBuilder::new()
@@ -340,6 +345,221 @@ fn bench_frame_build_into_from_parts(c: &mut Criterion) {
     group.finish();
 }
 
+// ============================================================================
+// v2 Wire Format Benchmarks
+// ============================================================================
+
+fn bench_connection_id_v2(c: &mut Criterion) {
+    let mut group = c.benchmark_group("connection_id_v2");
+
+    group.bench_function("generate", |b| {
+        b.iter(|| black_box(ConnectionIdV2::generate()))
+    });
+
+    let v1 = ConnectionId::from_bytes([0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0]);
+    group.bench_function("from_v1", |b| {
+        b.iter(|| black_box(ConnectionIdV2::from_v1(black_box(v1))))
+    });
+
+    let cid = ConnectionIdV2::from_bytes([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]);
+    group.bench_function("rotate", |b| {
+        b.iter(|| black_box(black_box(cid).rotate(black_box(0x1111111111111111u64))))
+    });
+
+    group.bench_function("write_read_roundtrip", |b| {
+        let cid = ConnectionIdV2::generate();
+        let mut buf = [0u8; 16];
+        b.iter(|| {
+            black_box(cid).write_to(black_box(&mut buf));
+            black_box(ConnectionIdV2::read_from(black_box(&buf)))
+        })
+    });
+
+    group.bench_function("is_valid", |b| {
+        b.iter(|| black_box(black_box(cid).is_valid()))
+    });
+
+    group.bench_function("is_migrated_v1", |b| {
+        let migrated = ConnectionIdV2::from_v1(v1);
+        b.iter(|| black_box(black_box(migrated).is_migrated_v1()))
+    });
+
+    group.finish();
+}
+
+fn test_header_v2() -> FrameHeaderV2 {
+    FrameHeaderV2 {
+        version: 0x20,
+        frame_type: FrameTypeV2::StreamData,
+        flags: FlagsV2::empty().with(FlagsV2::SYN).with(FlagsV2::ECN),
+        sequence: 0x0123_4567_89AB_CDEF,
+        length: 1400,
+        stream_id: 42,
+        reserved: 0,
+    }
+}
+
+fn bench_header_v2(c: &mut Criterion) {
+    let mut group = c.benchmark_group("header_v2");
+    group.throughput(Throughput::Bytes(24));
+
+    let header = test_header_v2();
+
+    group.bench_function("encode", |b| {
+        b.iter(|| black_box(black_box(header).encode()))
+    });
+
+    let encoded = header.encode();
+    group.bench_function("decode", |b| {
+        b.iter(|| FrameHeaderV2::decode(black_box(&encoded)))
+    });
+
+    #[cfg(feature = "simd")]
+    group.bench_function("decode_simd", |b| {
+        b.iter(|| FrameHeaderV2::decode_simd(black_box(&encoded)))
+    });
+
+    group.bench_function("roundtrip", |b| {
+        b.iter(|| {
+            let enc = black_box(header).encode();
+            black_box(FrameHeaderV2::decode(black_box(&enc)))
+        })
+    });
+
+    group.bench_function("encode_into", |b| {
+        let mut buf = [0u8; 24];
+        b.iter(|| header.encode_into(black_box(&mut buf)))
+    });
+
+    group.bench_function("new", |b| {
+        b.iter(|| black_box(FrameHeaderV2::new(black_box(FrameTypeV2::Data))))
+    });
+
+    group.finish();
+}
+
+fn bench_polymorphic(c: &mut Criterion) {
+    let mut group = c.benchmark_group("polymorphic");
+    let secret = [0x42u8; 32];
+
+    group.bench_function("derive", |b| {
+        b.iter(|| black_box(PolymorphicFormat::derive(black_box(&secret))))
+    });
+
+    let fmt = PolymorphicFormat::derive(&secret);
+    let header = test_header_v2();
+
+    group.throughput(Throughput::Bytes(24));
+
+    group.bench_function("encode_header", |b| {
+        b.iter(|| black_box(fmt.encode_header(black_box(&header))))
+    });
+
+    let encoded = fmt.encode_header(&header);
+    group.bench_function("decode_header", |b| {
+        b.iter(|| fmt.decode_header(black_box(&encoded)))
+    });
+
+    group.bench_function("roundtrip", |b| {
+        b.iter(|| {
+            let enc = fmt.encode_header(black_box(&header));
+            black_box(fmt.decode_header(black_box(&enc)))
+        })
+    });
+
+    group.finish();
+}
+
+fn bench_compat(c: &mut Criterion) {
+    let mut group = c.benchmark_group("compat");
+
+    // detect_format with v2 data
+    let v2_data = test_header_v2().encode();
+    group.bench_function("detect_format_v2", |b| {
+        b.iter(|| black_box(detect_format(black_box(&v2_data))))
+    });
+
+    // detect_format with v1 data
+    let mut v1_data = vec![0u8; 28];
+    v1_data[8] = 0x01; // Data frame type for v1
+    group.bench_function("detect_format_v1", |b| {
+        b.iter(|| black_box(detect_format(black_box(&v1_data))))
+    });
+
+    // v1_header_to_v2
+    let v1_header = wraith_core::frame::FrameHeader {
+        frame_type: FrameType::Data,
+        flags: FrameFlags::new().with_syn(),
+        stream_id: 42,
+        sequence: 1000,
+        offset: 8192,
+        payload_len: 1400,
+    };
+    group.bench_function("v1_header_to_v2", |b| {
+        b.iter(|| black_box(v1_header_to_v2(black_box(&v1_header))))
+    });
+
+    // v2_header_to_v1
+    let v2_header = test_header_v2();
+    group.bench_function("v2_header_to_v1", |b| {
+        b.iter(|| black_box(v2_header_to_v1(black_box(&v2_header))))
+    });
+
+    // FormatNegotiation
+    let local = FormatNegotiation::default();
+    let remote = FormatNegotiation::default();
+    group.bench_function("negotiate", |b| {
+        b.iter(|| black_box(black_box(local).negotiate(black_box(&remote))))
+    });
+
+    group.finish();
+}
+
+fn bench_frame_type_v2(c: &mut Criterion) {
+    let mut group = c.benchmark_group("frame_type_v2");
+
+    group.bench_function("try_from_valid", |b| {
+        b.iter(|| FrameTypeV2::try_from(black_box(0x31u8))) // StreamData
+    });
+
+    group.bench_function("try_from_invalid", |b| {
+        b.iter(|| FrameTypeV2::try_from(black_box(0xFFu8)))
+    });
+
+    group.bench_function("is_valid_byte", |b| {
+        b.iter(|| FrameTypeV2::is_valid_byte(black_box(0x31u8)))
+    });
+
+    group.bench_function("category", |b| {
+        let ft = FrameTypeV2::StreamData;
+        b.iter(|| black_box(black_box(ft).category()))
+    });
+
+    group.bench_function("is_data", |b| {
+        let ft = FrameTypeV2::Data;
+        b.iter(|| black_box(black_box(ft).is_data()))
+    });
+
+    // FlagsV2 operations
+    group.bench_function("flags_with", |b| {
+        b.iter(|| {
+            black_box(
+                FlagsV2::empty()
+                    .with(FlagsV2::SYN)
+                    .with(FlagsV2::ECN)
+                    .with(FlagsV2::CMP),
+            )
+        })
+    });
+
+    group.bench_function("flags_contains", |b| {
+        let flags = FlagsV2::from_bits(0x00FF);
+        b.iter(|| black_box(black_box(flags).contains(black_box(FlagsV2::ECN))))
+    });
+
+    group.finish();
+}
+
 criterion_group!(
     benches,
     bench_frame_parse,
@@ -355,4 +575,14 @@ criterion_group!(
     bench_frame_build_into_from_parts,
     bench_frame_full_pipeline
 );
-criterion_main!(benches);
+
+criterion_group!(
+    v2_benches,
+    bench_connection_id_v2,
+    bench_header_v2,
+    bench_polymorphic,
+    bench_compat,
+    bench_frame_type_v2
+);
+
+criterion_main!(benches, v2_benches);