fix: replay defense test failures (issue #2640)#1929
Closed
sungdark wants to merge 65 commits intoScottcjn:mainfrom
Closed
fix: replay defense test failures (issue #2640)#1929sungdark wants to merge 65 commits intoScottcjn:mainfrom
sungdark wants to merge 65 commits intoScottcjn:mainfrom
Conversation
Co-authored-by: xr <xr@xrdeMac-mini-2.local>
Co-authored-by: nicepopo86-lang <nicepopo86>
Co-authored-by: xr <xr@xrdeMac-mini-2.local>
Translation of README.md to Simplified Chinese for Chinese-speaking community. Bounty: Issue Scottcjn#176 (5 RTC) Key sections translated: - Project overview and core concept (Proof-of-Antiquity) - Quick start guide and installation instructions - Hardware multipliers and supported platforms - Network architecture and API endpoints - Security model and anti-VM detection - Related projects and attribution All technical terms, links, code blocks, and formatting preserved. Native Chinese speaker translation - natural and accurate.
* feat: implement decentralized GPU render protocol Scottcjn#30 * docs: add BCOS-L1 headers and compliance metadata Scottcjn#30 * fix: harden gpu escrow auth and race safety --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
* feat: wRTC Telegram price ticker bot with alerts and auto-posting Scottcjn#162 * docs: add BCOS-L1 headers to price bot Scottcjn#162 --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
* feat: Add Docker deployment with nginx and SSL support (Bounty Scottcjn#20) Implements complete Docker deployment solution for RustChain node: Files Added: - Dockerfile: Python 3.11-slim base with Flask + health checks - docker-compose.yml: Multi-service setup (node + nginx) - nginx.conf: Reverse proxy config with HTTP/HTTPS support - requirements-node.txt: Python dependencies - .env.example: Environment configuration template - DOCKER_DEPLOYMENT.md: Comprehensive deployment guide - docker-entrypoint.py: Health check endpoint wrapper Features: ✅ Single command deployment: docker-compose up -d ✅ Persistent SQLite database storage (Docker volumes) ✅ Nginx reverse proxy with SSL support ✅ Health checks and auto-restart ✅ Security: non-root user, resource limits ✅ Production-ready: logging, backups, monitoring Acceptance Criteria Met: ✅ Single command: docker-compose up -d ✅ Works on fresh Ubuntu 22.04 VPS ✅ Volume persistence for SQLite ✅ Health checks & auto-restart ✅ .env.example with config options Tested deployment flow and verified health endpoint. Resolves: Scottcjn#20 * fix: address security review feedback (Scottcjn#244) Fixes requested by @createkr: 1. **HTTPS block now disabled by default** - Moved SSL server block to commented section - Prevents nginx startup failure when certs are missing - Clear instructions to uncomment after mounting certs 2. **Remove direct port 8099 exposure** - Commented out 8099:8099 host mapping by default - Service remains accessible via nginx on 80/443 - Prevents bypassing nginx security headers/rate-limits - Added comment explaining how to re-enable for debugging 3. **Security hardening** - Added `server_tokens off;` to hide nginx version - Pinned dependency versions (Flask 3.0.2, requests 2.31.0, psutil 5.9.8) - Ensures reproducible builds Changes maintain backward compatibility while improving production security. Ready for re-review.
* feat: Add Grafana monitoring dashboard (Bounty Scottcjn#21) - WIP Initial commit with Prometheus exporter and monitoring stack. Complete dashboard JSON and documentation to follow in next commit. * feat: Complete Grafana monitoring dashboard (Bounty Scottcjn#21) Complete monitoring stack with Grafana + Prometheus + RustChain exporter. Files Added: - rustchain-exporter.py: Prometheus metrics exporter (9100) - Dockerfile.exporter: Exporter container - docker-compose.yml: 3-service stack (exporter + prometheus + grafana) - prometheus.yml: Scrape config (30s interval) - grafana-datasource.yml: Auto-provision Prometheus - grafana-dashboard.json: Full dashboard (11 panels) - requirements.txt: Python deps - README.md: Complete deployment guide Dashboard Panels: ✅ Node health indicator ✅ Active miners counter ✅ Current epoch display ✅ Epoch pot (RTC) ✅ 24h miner graph ✅ Total supply graph ✅ Hardware type pie chart ✅ Architecture pie chart ✅ Antiquity multiplier gauge ✅ Uptime graph ✅ Scrape duration with alerts Alerts: ✅ Node down (health = 0) ✅ Miner drop (>20% in 5min) ✅ Slow scrape (>5s) Single Command Deploy: cd monitoring && docker-compose up -d Access: http://localhost:3000 (admin/rustchain) Resolves: Scottcjn#21 * fix: address security and correctness issues (Scottcjn#245) Fixes requested by @createkr: 1. **Remove missing alerts.yml reference** - Commented out `rule_files` in prometheus.yml - Prevents Prometheus startup failure - Added note for future alert rule addition 2. **Enable TLS verification by default** - Changed `verify=False` to respect TLS_VERIFY env var - Defaults to `verify=True` for production security - Supports custom CA bundle via TLS_CA_BUNDLE - Current deployment uses `TLS_VERIFY=false` (documented) 3. **Make node URL configurable** - Load RUSTCHAIN_NODE from environment - Fallback: https://50.28.86.131 (current deployment) - Supports EXPORTER_PORT and SCRAPE_INTERVAL env vars - Documented in docker-compose.yml All settings configurable via environment variables for portability. Production-safe defaults with backward compatibility.
* docs: add comprehensive API reference Scottcjn#213 * ci(sbom): fix cyclonedx cli flag for environment export --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
…jn#219) * feat: implement multi-node database sync protocol Scottcjn#36 * docs: add BCOS-L1 headers Scottcjn#36 * fix(sync): harden payload upsert, schema checks, and bounded sync endpoints * test(security): replace md5 in mock address helper * fix(sync): enforce signed push payload with nonce/timestamp replay guard --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
Co-authored-by: xr <xr@xrdeMac-mini-2.local>
security: don't trust X-Forwarded-For except from trusted proxies
fix(windows miner): run without tkinter (headless mode)
…ottcjn#257) (Scottcjn#266) * docs: complete SEO overhaul and technical documentation expansion (Scottcjn#257) - Added robots.txt, sitemap.xml, and JSON-LD structured data - Created 4 technical pages (About, Mining, Tokenomics, Hardware) with 500+ words each - Implemented vintage hardware multiplier tables (PowerPC 2.5x focus) - Enhanced meta tags, Open Graph, and Twitter Cards across all pages - Strictly scoped to SEO and content - no infrastructure/Go changes. * refactor: SEO overhaul and HTML5 standards compliance - Replace deprecated <marquee> tags with modern CSS @Keyframes animations - Fix malformed meta tags and HTML validation errors in docs - Standardize canonical URLs and sitemap paths for SEO consistency - Verify 'Elyan Labs' branding across codebase and documentation - Maintain vintage terminal aesthetic while removing legacy elements
Co-authored-by: liu971227-sys <248239659+liu971227-sys@users.noreply.github.com>
Bounty Scottcjn#344 (5 RTC) — @Pitrat-wav
Bounty Scottcjn#304 docs — @Pitrat-wav
Bounty Scottcjn#345 (8 RTC) — @Pitrat-wav
Bounty Scottcjn#346 (10 RTC) — @Pitrat-wav
Bounty Scottcjn#304 docs (5 RTC) — @nicepopo86-lang
GitHub Action for dynamic RustChain mining badge. Bounty Scottcjn#304 — @nicepopo86-lang
Example Python client for BoTTube API. Bounty Scottcjn#303 — @nicepopo86-lang
…erprint-fstring-syntax-origin fix: resolve SyntaxError in node/hardware_fingerprint.py __main__ output
…e-fail-closed security: fail closed on mock-signature mode outside test runtime
…-disclosure-409-origin security: harden public endpoints against sensitive disclosure
…n#372) * fix: validate limit query params to avoid 500s * fix: resolve upstream main conflict for limit validation PR * refactor: move query-int helper to shared utility section --------- Co-authored-by: autonomy <autonomous@localhost>
…ecks Co-authored-by: createkr <createkr@users.noreply.github.com>
* Add RustChain Telegram Bot (Bounty Scottcjn#249) - Implemented /price, /miners, /epoch, /balance, /health commands - Added Dockerfile and systemd service - Created setup instructions Bounty: 50 RTC * Add RustChain Telegram Bot (Bounty Scottcjn#249) - /price, /miners, /epoch, /balance, /health commands - Simple Python implementation - Requirements: python-telegram-bot, requests Bounty: 50 RTC
Fixes YAML parsing error in action.yml caused by Python heredoc at column 0. Reduces notification spam from every-15-min failures to daily runs.
Fixes YAML parsing error in action.yml caused by Python heredoc at column 0. Reduces notification spam from every-15-min failures to daily runs.
Fixes YAML parsing error in action.yml caused by Python heredoc at column 0. Reduces notification spam from every-15-min failures to daily runs.
External contributors cannot add labels, so the BCOS check failed 100% of the time. Now: - Auto-labeler applies BCOS-L1 (code) or BCOS-L2 (security) labels - Label gate warns instead of failing when no label present - SBOM/attestation always generates (no longer blocked by label gate) - Default tier is L1 when no explicit label set
External contributors cannot add labels, so the BCOS check failed 100% of the time. Now: - Auto-labeler applies BCOS-L1 (code) or BCOS-L2 (security) labels - Label gate warns instead of failing when no label present - SBOM/attestation always generates (no longer blocked by label gate) - Default tier is L1 when no explicit label set
- Make DB_PATH read dynamically at runtime via get_db_path()
function instead of being cached at module import time.
This allows tests to override DB_PATH via environment variables.
- Fix compute_fingerprint_hash({}) to produce a hash instead of
empty string. Empty dict is falsy but should still be hashed.
- All 31 main replay defense tests now pass.
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
github-actions
bot
added
BCOS-L1
Contributor
Author
|
Bounty claimed! Payment address: eB51DWp1uECrLZRLsE2cnyZUzfRWvzUzaJzkatTpQV9 |
Owner
|
Closing — bounty #2640 already fulfilled by #1951. Thanks for the effort! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes 14 failing replay defense tests in
node/hardware_fingerprint_replay.py.Changes
Dynamic DB_PATH - Changed module-level
DB_PATHconstant to aget_db_path()function that reads the environment variable at runtime. Previously, DB_PATH was cached at module import time, which broke tests that tried to override it via environment variables (conftest.py sets DB_PATH=':memory:' before importing).Fix compute_fingerprint_hash({}) - Changed the guard from
if not fingerprinttoif fingerprint is None. An empty dict{}is falsy in Python, but should still produce a valid hash of its (empty) normalized structure.Test Results
All 31 main replay defense tests now pass.
Bounty
This PR closes issue #2640 (50 RTC bounty for fixing 14 failing replay defense tests).
Payment address: eB51DWp1uECrLZRLsE2cnyZUzfRWvzUzaJzkatTpQV9