Mining

Snider/Mining

Fork 0

Commit graph

Author	SHA1	Message	Date
snider	4072bdaf0d	fix: Address 16 security findings from parallel code review Critical fixes (6): - CRIT-001/002: Add safeKeyPrefix() to prevent panic on short public keys - CRIT-003/004: Add sync.Once pattern for thread-safe singleton initialization - CRIT-005: Harden console ANSI parser with length limits and stricter validation - CRIT-006: Add client-side input validation for profile creation High priority fixes (10): - HIGH-001: Add secondary timeout in TTMiner to prevent goroutine leak - HIGH-002: Verify atomic flag prevents timeout middleware race - HIGH-004: Add LimitReader (100MB) to prevent decompression bombs - HIGH-005: Add Lines parameter validation (max 10000) in worker - HIGH-006: Add TLS 1.2+ config with secure cipher suites - HIGH-007: Add pool URL format and wallet length validation - HIGH-008: Add SIGHUP handling and force cleanup on Stop() failure - HIGH-009: Add WebSocket message size limit and event type validation - HIGH-010: Refactor to use takeUntil(destroy$) for observable cleanup - HIGH-011: Add sanitizeErrorDetails() with debug mode control 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-31 17:44:49 +00:00
snider	d61a8aff8b	refactor: Remove unused code and fix nil dereference issues - Remove unused exported functions from pkg/database (session tracking, bulk hashrate inserts, various query helpers) - Remove unused exported functions from pkg/node (identity management, bundle operations, controller methods) - Make internal-only functions unexported in config_manager.go and database.go - Remove unused EventProfile* constants from events.go - Add GetCommit() and GetBuildDate() to expose version.go variables - Fix potential nil dereference issues flagged by Qodana: - Add nil checks for GetIdentity() in controller.go, transport.go, worker.go - Add nil checks for GetPeer() in peer_test.go - Add nil checks in worker_test.go 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-31 09:24:12 +00:00
snider	9a781ae3f0	feat: Add multi-node P2P mining management system Implement secure peer-to-peer communication between Mining CLI instances for remote control of mining rigs. Uses Borg library for encryption (SMSG, STMF, TIM) and Poindexter for KD-tree based peer selection. Features: - Node identity management with X25519 keypairs - Peer registry with multi-factor optimization (ping/hops/geo/score) - WebSocket transport with SMSG encryption - Controller/Worker architecture for remote operations - TIM/STIM encrypted bundles for profile/miner deployment - CLI commands: node, peer, remote - REST API endpoints for node/peer/remote operations - Docker support for P2P testing with multiple nodes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-29 19:49:33 +00:00

Author

SHA1

Message

Date

snider

4072bdaf0d

fix: Address 16 security findings from parallel code review

Critical fixes (6):
- CRIT-001/002: Add safeKeyPrefix() to prevent panic on short public keys
- CRIT-003/004: Add sync.Once pattern for thread-safe singleton initialization
- CRIT-005: Harden console ANSI parser with length limits and stricter validation
- CRIT-006: Add client-side input validation for profile creation

High priority fixes (10):
- HIGH-001: Add secondary timeout in TTMiner to prevent goroutine leak
- HIGH-002: Verify atomic flag prevents timeout middleware race
- HIGH-004: Add LimitReader (100MB) to prevent decompression bombs
- HIGH-005: Add Lines parameter validation (max 10000) in worker
- HIGH-006: Add TLS 1.2+ config with secure cipher suites
- HIGH-007: Add pool URL format and wallet length validation
- HIGH-008: Add SIGHUP handling and force cleanup on Stop() failure
- HIGH-009: Add WebSocket message size limit and event type validation
- HIGH-010: Refactor to use takeUntil(destroy$) for observable cleanup
- HIGH-011: Add sanitizeErrorDetails() with debug mode control

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-31 17:44:49 +00:00

snider

d61a8aff8b

refactor: Remove unused code and fix nil dereference issues

- Remove unused exported functions from pkg/database (session tracking,
  bulk hashrate inserts, various query helpers)
- Remove unused exported functions from pkg/node (identity management,
  bundle operations, controller methods)
- Make internal-only functions unexported in config_manager.go and database.go
- Remove unused EventProfile* constants from events.go
- Add GetCommit() and GetBuildDate() to expose version.go variables
- Fix potential nil dereference issues flagged by Qodana:
  - Add nil checks for GetIdentity() in controller.go, transport.go, worker.go
  - Add nil checks for GetPeer() in peer_test.go
  - Add nil checks in worker_test.go

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-31 09:24:12 +00:00

snider

9a781ae3f0

feat: Add multi-node P2P mining management system

Implement secure peer-to-peer communication between Mining CLI instances
for remote control of mining rigs. Uses Borg library for encryption
(SMSG, STMF, TIM) and Poindexter for KD-tree based peer selection.

Features:
- Node identity management with X25519 keypairs
- Peer registry with multi-factor optimization (ping/hops/geo/score)
- WebSocket transport with SMSG encryption
- Controller/Worker architecture for remote operations
- TIM/STIM encrypted bundles for profile/miner deployment
- CLI commands: node, peer, remote
- REST API endpoints for node/peer/remote operations
- Docker support for P2P testing with multiple nodes

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-29 19:49:33 +00:00

3 commits