diff --git a/Cargo.lock b/Cargo.lock
index fe4e7780..5087aaaf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1452,6 +1452,7 @@ dependencies = [
  "derive_more 2.0.1",
  "ed25519-dalek",
  "futures-buffered",
+ "getrandom 0.3.4",
  "iroh",
  "iroh-metrics",
  "iroh-n0des-macro",
@@ -1461,7 +1462,6 @@ dependencies = [
  "n0-error",
  "n0-future",
  "postcard",
- "rand 0.9.2",
  "rcan",
  "serde",
  "serde_json",
diff --git a/Cargo.toml b/Cargo.toml
index f75322ed..3c5a62c5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,23 +13,21 @@ rust-version = "1.85"
 [dependencies]
 anyhow = "1.0.95"
 derive_more = { version = "2.0.1", features = ["display", "from"] }
-ed25519-dalek = "3.0.0-pre.1"
 irpc = "0.11.0"
 irpc-iroh = { version = "0.11.0" }
-iroh = { version = "0.95" }
+iroh = { version = "0.95", default-features = false }
 iroh-n0des-macro = { version = "0.2.0", path = "iroh-n0des-macro" }
 iroh-metrics = "0.37"
+n0-error = "0.1.0"
 n0-future = "0.3.0"
-quinn = { package = "iroh-quinn", version = "0.14.0", default-features = false }
-rand = "0.9"
+getrandom = { version = "0.3.2", features = ["wasm_js"] }
 rcan = "0.2.0"
 serde = { version = "1.0.217", features = ["derive"] }
-ssh-key = { version = "0.7.0-rc.3", features = ["ed25519"] }
 strum = { version = "0.27.1", features = ["derive"] }
 thiserror = "2.0.12"
-tokio = "1.45"
+tokio = { version = "1", default-features = false, features = ["sync"] }
 tracing = "0.1.41"
-uuid = { version = "1.17", features = ["v4", "serde", "v7"] }
+uuid = { version = "1.17", features = ["v4", "serde", "v7", "js"] }
 time = { version = "0.3.41", features = ["serde", "serde-well-known"] }
 tracing-subscriber = { version = "0.3.20", features = [
     "env-filter",
@@ -41,7 +39,11 @@ bytes = { version = "1.10.1", features = ["serde"] }
 postcard = { version = "1.1.3", features = ["use-std"] }
 futures-buffered = "0.2.12"
 tokio-util = "0.7.16"
-n0-error = "0.1.0"
+
+# optional dependencies
+ssh-key = { version = "0.7.0-rc.3", features = ["ed25519"], optional = true }
+quinn = { package = "iroh-quinn", version = "0.14.0", default-features = false, optional = true }
+ed25519-dalek = { version = "3.0.0-pre.1", optional = true }
 
 [dev-dependencies]
 tokio = { version = "1.45", features = ["macros", "rt", "rt-multi-thread"] }
@@ -50,6 +52,15 @@ tokio = { version = "1.45", features = ["macros", "rt", "rt-multi-thread"] }
 members = ["iroh-n0des-macro"]
 
 [features]
+default = ["client", "ssh-key"]
+client = []
+ssh-key = [
+    "dep:ssh-key"
+]
+simulation = [
+ "dep:quinn",
+ "dep:ed25519-dalek"
+]
 
 [[bin]]
 name = "iroh-n0des"
diff --git a/src/main.rs b/examples/register_ssh_client.rs
similarity index 100%
rename from src/main.rs
rename to examples/register_ssh_client.rs
diff --git a/src/caps.rs b/src/caps.rs
index 7e32fe3a..99f4a900 100644
--- a/src/caps.rs
+++ b/src/caps.rs
@@ -1,11 +1,8 @@
-use std::{collections::BTreeSet, fmt, str::FromStr, time::Duration};
+use std::{collections::BTreeSet, fmt, str::FromStr};
 
 use anyhow::{Context, Result, bail};
-use ed25519_dalek::SigningKey;
-use iroh::EndpointId;
-use rcan::{Capability, Expires, Rcan};
+use rcan::Capability;
 use serde::{Deserialize, Serialize};
-use ssh_key::PrivateKey as SshPrivateKey;
 
 macro_rules! cap_enum(
     ($enum:item) => {
@@ -237,13 +234,14 @@ impl<C: Capability + Ord> Capability for CapSet<C> {
 }
 
 /// Create an rcan token for the api access.
-pub fn create_api_token(
-    user_ssh_key: &SshPrivateKey,
-    local_id: EndpointId,
-    max_age: Duration,
+#[cfg(feature = "ssh-key")]
+pub fn create_api_token_from_ssh_key(
+    user_ssh_key: &ssh_key::PrivateKey,
+    local_id: iroh::EndpointId,
+    max_age: std::time::Duration,
     capability: Caps,
 ) -> Result<Rcan<Caps>> {
-    let issuer: SigningKey = user_ssh_key
+    let issuer: ed25519_dalek::SigningKey = user_ssh_key
         .key_data()
         .ed25519()
         .context("only Ed25519 keys supported")?
@@ -252,8 +250,8 @@ pub fn create_api_token(
         .into();
 
     let audience = local_id.as_verifying_key();
-    let can =
-        Rcan::issuing_builder(&issuer, audience, capability).sign(Expires::valid_for(max_age));
+    let can = rcan::Rcan::issuing_builder(&issuer, audience, capability)
+        .sign(rcan::Expires::valid_for(max_age));
     Ok(can)
 }
 
diff --git a/src/client.rs b/src/client.rs
index 32f66b51..032080fe 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -1,5 +1,4 @@
 use std::{
-    path::Path,
     sync::{Arc, RwLock},
     time::Duration,
 };
@@ -26,6 +25,7 @@ pub struct Client {
 
 /// Constructs an IPS client
 pub struct ClientBuilder {
+    #[allow(dead_code)]
     cap_expiry: Duration,
     cap: Option<Rcan<Caps>>,
     endpoint: Endpoint,
@@ -59,7 +59,8 @@ impl ClientBuilder {
     }
 
     /// Loads the private ssh key from the given path, and creates the needed capability.
-    pub async fn ssh_key_from_file<P: AsRef<Path>>(self, path: P) -> Result<Self> {
+    #[cfg(feature = "ssh-key")]
+    pub async fn ssh_key_from_file<P: AsRef<std::path::Path>>(self, path: P) -> Result<Self> {
         let file_content = tokio::fs::read_to_string(path).await?;
         let private_key = ssh_key::PrivateKey::from_openssh(&file_content)?;
 
@@ -67,9 +68,15 @@ impl ClientBuilder {
     }
 
     /// Creates the capability from the provided private ssh key.
+    #[cfg(feature = "ssh-key")]
     pub fn ssh_key(mut self, key: &ssh_key::PrivateKey) -> Result<Self> {
         let local_id = self.endpoint.id();
-        let rcan = crate::caps::create_api_token(key, local_id, self.cap_expiry, Caps::all())?;
+        let rcan = crate::caps::create_api_token_from_ssh_key(
+            key,
+            local_id,
+            self.cap_expiry,
+            Caps::all(),
+        )?;
         self.cap.replace(rcan);
 
         Ok(self)
@@ -164,9 +171,14 @@ impl Client {
 
     /// Pings the remote node.
     pub async fn ping(&mut self) -> Result<(), Error> {
-        let req = rand::random();
-        let pong = self.client.rpc(Ping { req }).await?;
-        if pong.req == req {
+        let req = Uuid::new_v4();
+        let pong = self
+            .client
+            .rpc(Ping {
+                req: *req.as_bytes(),
+            })
+            .await?;
+        if pong.req == *req.as_bytes() {
             Ok(())
         } else {
             Err(Error::Other(anyhow!("unexpected pong response")))
diff --git a/src/lib.rs b/src/lib.rs
index 9f13cded..a33295cf 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -3,6 +3,7 @@ mod n0des;
 
 pub mod caps;
 pub mod protocol;
+#[cfg(feature = "simulation")]
 pub mod simulation;
 
 pub use iroh_n0des_macro::sim;
diff --git a/src/protocol.rs b/src/protocol.rs
index 2b7baa7c..aa8355c7 100644
--- a/src/protocol.rs
+++ b/src/protocol.rs
@@ -48,11 +48,11 @@ pub struct PutMetrics {
 /// Simple ping requests
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Ping {
-    pub req: [u8; 32],
+    pub req: [u8; 16],
 }
 
 /// Simple ping response
 #[derive(Debug, Serialize, Deserialize)]
 pub struct Pong {
-    pub req: [u8; 32],
+    pub req: [u8; 16],
 }