Integrate BACKBEAT SDK and resolve KACHING license validation

Major integrations and fixes:
- Added BACKBEAT SDK integration for P2P operation timing
- Implemented beat-aware status tracking for distributed operations
- Added Docker secrets support for secure license management
- Resolved KACHING license validation via HTTPS/TLS
- Updated docker-compose configuration for clean stack deployment
- Disabled rollback policies to prevent deployment failures
- Added license credential storage (CHORUS-DEV-MULTI-001)

Technical improvements:
- BACKBEAT P2P operation tracking with phase management
- Enhanced configuration system with file-based secrets
- Improved error handling for license validation
- Clean separation of KACHING and CHORUS deployment stacks

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/dial.go

@@ -0,0 +1,62 @@
+package reuseport
+
+import (
+	"context"
+
+	ma "github.com/multiformats/go-multiaddr"
+	manet "github.com/multiformats/go-multiaddr/net"
+)
+
+// Dial dials the given multiaddr, reusing ports we're currently listening on if
+// possible.
+//
+// Dial attempts to be smart about choosing the source port. For example, If
+// we're dialing a loopback address and we're listening on one or more loopback
+// ports, Dial will randomly choose one of the loopback ports and addresses and
+// reuse it.
+func (t *Transport) Dial(raddr ma.Multiaddr) (manet.Conn, error) {
+	return t.DialContext(context.Background(), raddr)
+}
+
+// DialContext is like Dial but takes a context.
+func (t *Transport) DialContext(ctx context.Context, raddr ma.Multiaddr) (manet.Conn, error) {
+	network, addr, err := manet.DialArgs(raddr)
+	if err != nil {
+		return nil, err
+	}
+	var d *dialer
+	switch network {
+	case "tcp4":
+		d = t.v4.getDialer(network)
+	case "tcp6":
+		d = t.v6.getDialer(network)
+	default:
+		return nil, ErrWrongProto
+	}
+	conn, err := d.DialContext(ctx, network, addr)
+	if err != nil {
+		return nil, err
+	}
+	maconn, err := manet.WrapNetConn(conn)
+	if err != nil {
+		conn.Close()
+		return nil, err
+	}
+	return maconn, nil
+}
+
+func (n *network) getDialer(network string) *dialer {
+	n.mu.RLock()
+	d := n.dialer
+	n.mu.RUnlock()
+	if d == nil {
+		n.mu.Lock()
+		defer n.mu.Unlock()
+
+		if n.dialer == nil {
+			n.dialer = newDialer(n.listeners)
+		}
+		d = n.dialer
+	}
+	return d
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/dialer.go

@@ -0,0 +1,114 @@
+package reuseport
+
+import (
+	"context"
+	"fmt"
+	"math/rand"
+	"net"
+
+	"github.com/libp2p/go-netroute"
+)
+
+type dialer struct {
+	// All address that are _not_ loopback or unspecified (0.0.0.0 or ::).
+	specific []*net.TCPAddr
+	// All loopback addresses (127.*.*.*, ::1).
+	loopback []*net.TCPAddr
+	// Unspecified addresses (0.0.0.0, ::)
+	unspecified []*net.TCPAddr
+}
+
+func (d *dialer) Dial(network, addr string) (net.Conn, error) {
+	return d.DialContext(context.Background(), network, addr)
+}
+
+func randAddr(addrs []*net.TCPAddr) *net.TCPAddr {
+	if len(addrs) > 0 {
+		return addrs[rand.Intn(len(addrs))]
+	}
+	return nil
+}
+
+// DialContext dials a target addr.
+//
+// In-order:
+//
+//  1. If we're _explicitly_ listening on the prefered source address for the destination address
+//     (per the system's routes), we'll use that listener's port as the source port.
+//  2. If we're listening on one or more _unspecified_ addresses (zero address), we'll pick a source
+//     port from one of these listener's.
+//  3. Otherwise, we'll let the system pick the source port.
+func (d *dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
+	// We only check this case if the user is listening on a specific address (loopback or
+	// otherwise). Generally, users will listen on the "unspecified" address (0.0.0.0 or ::) and
+	// we can skip this section.
+	//
+	// This lets us avoid resolving the address twice, in most cases.
+	if len(d.specific) > 0 || len(d.loopback) > 0 {
+		tcpAddr, err := net.ResolveTCPAddr(network, addr)
+		if err != nil {
+			return nil, err
+		}
+		ip := tcpAddr.IP
+		if !ip.IsLoopback() && !ip.IsGlobalUnicast() {
+			return nil, fmt.Errorf("undialable IP: %s", ip)
+		}
+
+		// If we're listening on some specific address and that specific address happens to
+		// be the preferred source address for the target destination address, we try to
+		// dial with that address/port.
+		//
+		// We skip this check if we _aren't_ listening on any specific addresses, because
+		// checking routing tables can be expensive and users rarely listen on specific IP
+		// addresses.
+		if len(d.specific) > 0 {
+			if router, err := netroute.New(); err == nil {
+				if _, _, preferredSrc, err := router.Route(ip); err == nil {
+					for _, optAddr := range d.specific {
+						if optAddr.IP.Equal(preferredSrc) {
+							return reuseDial(ctx, optAddr, network, addr)
+						}
+					}
+				}
+			}
+		}
+
+		// Otherwise, if we are listening on a loopback address and the destination is also
+		// a loopback address, use the port from our loopback listener.
+		if len(d.loopback) > 0 && ip.IsLoopback() {
+			return reuseDial(ctx, randAddr(d.loopback), network, addr)
+		}
+	}
+
+	// If we're listening on any uspecified addresses, use a randomly chosen port from one of
+	// these listeners.
+	if len(d.unspecified) > 0 {
+		return reuseDial(ctx, randAddr(d.unspecified), network, addr)
+	}
+
+	// Finally, just pick a random port.
+	var dialer net.Dialer
+	return dialer.DialContext(ctx, network, addr)
+}
+
+func newDialer(listeners map[*listener]struct{}) *dialer {
+	specific := make([]*net.TCPAddr, 0)
+	loopback := make([]*net.TCPAddr, 0)
+	unspecified := make([]*net.TCPAddr, 0)
+
+	for l := range listeners {
+		addr := l.Addr().(*net.TCPAddr)
+		if addr.IP.IsLoopback() {
+			loopback = append(loopback, addr)
+		} else if addr.IP.IsUnspecified() {
+			unspecified = append(unspecified, addr)
+		} else {
+			specific = append(specific, addr)
+		}
+	}
+	return &dialer{
+		specific:    specific,
+		loopback:    loopback,
+		unspecified: unspecified,
+	}
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/listen.go

@@ -0,0 +1,80 @@
+package reuseport
+
+import (
+	"net"
+
+	"github.com/libp2p/go-reuseport"
+	ma "github.com/multiformats/go-multiaddr"
+	manet "github.com/multiformats/go-multiaddr/net"
+)
+
+type listener struct {
+	manet.Listener
+	network *network
+}
+
+func (l *listener) Close() error {
+	l.network.mu.Lock()
+	delete(l.network.listeners, l)
+	l.network.dialer = nil
+	l.network.mu.Unlock()
+	return l.Listener.Close()
+}
+
+// Listen listens on the given multiaddr.
+//
+// If reuseport is supported, it will be enabled for this listener and future
+// dials from this transport may reuse the port.
+//
+// Note: You can listen on the same multiaddr as many times as you want
+// (although only *one* listener will end up handling the inbound connection).
+func (t *Transport) Listen(laddr ma.Multiaddr) (manet.Listener, error) {
+	nw, naddr, err := manet.DialArgs(laddr)
+	if err != nil {
+		return nil, err
+	}
+	var n *network
+	switch nw {
+	case "tcp4":
+		n = &t.v4
+	case "tcp6":
+		n = &t.v6
+	default:
+		return nil, ErrWrongProto
+	}
+
+	if !reuseport.Available() {
+		return manet.Listen(laddr)
+	}
+	nl, err := reuseport.Listen(nw, naddr)
+	if err != nil {
+		return manet.Listen(laddr)
+	}
+
+	if _, ok := nl.Addr().(*net.TCPAddr); !ok {
+		nl.Close()
+		return nil, ErrWrongProto
+	}
+
+	malist, err := manet.WrapNetListener(nl)
+	if err != nil {
+		nl.Close()
+		return nil, err
+	}
+
+	list := &listener{
+		Listener: malist,
+		network:  n,
+	}
+
+	n.mu.Lock()
+	defer n.mu.Unlock()
+
+	if n.listeners == nil {
+		n.listeners = make(map[*listener]struct{})
+	}
+	n.listeners[list] = struct{}{}
+	n.dialer = nil
+
+	return list, nil
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/reuseport.go

@@ -0,0 +1,35 @@
+package reuseport
+
+import (
+	"context"
+	"net"
+
+	"github.com/libp2p/go-reuseport"
+)
+
+var fallbackDialer net.Dialer
+
+// Dials using reuseport and then redials normally if that fails.
+func reuseDial(ctx context.Context, laddr *net.TCPAddr, network, raddr string) (con net.Conn, err error) {
+	if laddr == nil {
+		return fallbackDialer.DialContext(ctx, network, raddr)
+	}
+
+	d := net.Dialer{
+		LocalAddr: laddr,
+		Control:   reuseport.Control,
+	}
+
+	con, err = d.DialContext(ctx, network, raddr)
+	if err == nil {
+		return con, nil
+	}
+
+	if reuseErrShouldRetry(err) && ctx.Err() == nil {
+		// We could have an existing socket open or we could have one
+		// stuck in TIME-WAIT.
+		log.Debugf("failed to reuse port, will try again with a random port: %s", err)
+		con, err = fallbackDialer.DialContext(ctx, network, raddr)
+	}
+	return con, err
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/reuseport_plan9.go

@@ -0,0 +1,44 @@
+package reuseport
+
+import (
+	"net"
+	"os"
+)
+
+const (
+	EADDRINUSE   = "address in use"
+	ECONNREFUSED = "connection refused"
+)
+
+// reuseErrShouldRetry diagnoses whether to retry after a reuse error.
+// if we failed to bind, we should retry. if bind worked and this is a
+// real dial error (remote end didnt answer) then we should not retry.
+func reuseErrShouldRetry(err error) bool {
+	if err == nil {
+		return false // hey, it worked! no need to retry.
+	}
+
+	// if it's a network timeout error, it's a legitimate failure.
+	if nerr, ok := err.(net.Error); ok && nerr.Timeout() {
+		return false
+	}
+
+	e, ok := err.(*net.OpError)
+	if !ok {
+		return true
+	}
+
+	e1, ok := e.Err.(*os.PathError)
+	if !ok {
+		return true
+	}
+
+	switch e1.Err.Error() {
+	case EADDRINUSE:
+		return true
+	case ECONNREFUSED:
+		return false
+	default:
+		return true // optimistically default to retry.
+	}
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/reuseport_posix.go

@@ -0,0 +1,36 @@
+//go:build !plan9
+
+package reuseport
+
+import (
+	"net"
+	"syscall"
+)
+
+// reuseErrShouldRetry diagnoses whether to retry after a reuse error.
+// if we failed to bind, we should retry. if bind worked and this is a
+// real dial error (remote end didnt answer) then we should not retry.
+func reuseErrShouldRetry(err error) bool {
+	if err == nil {
+		return false // hey, it worked! no need to retry.
+	}
+
+	// if it's a network timeout error, it's a legitimate failure.
+	if nerr, ok := err.(net.Error); ok && nerr.Timeout() {
+		return false
+	}
+
+	errno, ok := err.(syscall.Errno)
+	if !ok { // not an errno? who knows what this is. retry.
+		return true
+	}
+
+	switch errno {
+	case syscall.EADDRINUSE, syscall.EADDRNOTAVAIL:
+		return true // failure to bind. retry.
+	case syscall.ECONNREFUSED:
+		return false // real dial error
+	default:
+		return true // optimistically default to retry.
+	}
+}

vendor/github.com/libp2p/go-libp2p/p2p/net/reuseport/transport.go

@@ -0,0 +1,35 @@
+// Package reuseport provides a basic transport for automatically (and intelligently) reusing TCP ports.
+//
+// To use, construct a new Transport and configure listeners tr.Listen(...).
+// When dialing (tr.Dial(...)), the transport will attempt to reuse the ports it's currently listening on,
+// choosing the best one depending on the destination address.
+//
+// It is recommended to set SO_LINGER to 0 for all connections, otherwise
+// reusing the port may fail when re-dialing a recently closed connection.
+// See https://hea-www.harvard.edu/~fine/Tech/addrinuse.html for details.
+package reuseport
+
+import (
+	"errors"
+	"sync"
+
+	logging "github.com/ipfs/go-log/v2"
+)
+
+var log = logging.Logger("reuseport-transport")
+
+// ErrWrongProto is returned when dialing a protocol other than tcp.
+var ErrWrongProto = errors.New("can only dial TCP over IPv4 or IPv6")
+
+// Transport is a TCP reuse transport that reuses listener ports.
+// The zero value is safe to use.
+type Transport struct {
+	v4 network
+	v6 network
+}
+
+type network struct {
+	mu        sync.RWMutex
+	listeners map[*listener]struct{}
+	dialer    *dialer
+}