- Create miner/README.md documenting standalone C++ mining tools
- Update miner/core and miner/proxy READMEs with EUPL-1.2 license
- Add GitHub Actions workflow for multi-platform miner releases
- Add Makefile targets: build-miner, build-miner-core, build-miner-proxy
- Update main README with standalone miner usage instructions
The miner/ directory contains standalone CPU/GPU miner and stratum
proxy that can be used independently without the GUI. Pre-built
binaries will be published alongside Go releases.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- HIGH-015: Improve TLS certificate validation
- Enable SSL_VERIFY_PEER with system CA store
- Support certificate pinning via fingerprint
- Chain validation OR fingerprint match required
- HIGH-019: Document libuv single-thread model for Client state
- TOCTOU pattern is safe due to event loop serialization
- MED-005: Fix potential alignment issues in Keccak
- Use memcpy for unaligned uint8_t* to uint64_t access
- Prevents undefined behavior on strict alignment architectures
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security fixes:
- HIGH-014: Use OpenSSL's RAND_bytes() for cryptographic random instead
of std::mt19937 when libsodium not available
- HIGH-021: Use find() instead of operator[] in SimpleSplitter::submit()
to avoid inserting nullptr into map
- HIGH-024: Use CRYPTO_memcmp() for constant-time token comparison in
Httpd::auth() to prevent timing attacks
- HIGH-026: Add overflow detection and slot reuse in Storage::add()
counter to prevent ID collisions after many connections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Critical fixes:
- CRIT-008: Enable TLS peer certificate verification in client connections
- CRIT-010: Add null pointer checks throughout ExtraNonceSplitter
- CRIT-011: Validate JSON error message field before access in Client
- CRIT-013: Make event system thread-safe with atomic<bool> and CAS
- CRIT-018: Add bounds checking in NonceSplitter vector access
High priority fixes:
- HIGH-002: Set 0600 permissions on generated private key files
- HIGH-004: Add strtol error checking and overflow validation
- HIGH-007: Handle integer overflow in ExtraNonceStorage nonce counter
- HIGH-018: Add comprehensive JSON field validation in Miner::parse()
These fixes address TLS security, thread safety, memory safety, and
input validation issues identified during parallel code review.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Security fixes implemented:
- CRIT-001/002: Replace static shared buffer with per-instance buffer in Miner
- CRIT-003: Redact password from API response in ApiRouter
- CRIT-004: Fix TlsContext::setCiphers returning true on failure + TLS hardening
- CRIT-005: Add null check in Controller destructor to prevent double-free
- CRIT-006: Add JSON type validation before member access in BindHost
- CRIT-007: Restrict CORS to localhost + add security headers in HttpApiResponse
- CRIT-014: Add HTTP body/header/URL size limits to prevent DoS
- HIGH-001: Make miner ID generation thread-safe with std::atomic
- HIGH-003: Make all global counters atomic in Counters class
- HIGH-009: Implement rolling window for latency vector (max 10K entries)
These fixes address race conditions, memory exhaustion DoS vectors,
information disclosure, and thread safety issues identified during
parallel code review.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
