lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

feat: architecture review fixes, self-update system, CI pipeline, supply chain hardening

Browse Source 
Architecture review (all P0+P1 issues now fixed):
- Add 10s timeout to 6 bare Nostr client.connect() calls
- Pin all 12 crypto deps to exact versions from Cargo.lock
- Pin all 15 floating container image tags to exact patch versions
- Add CI pipeline (cargo fmt + clippy + tests, frontend type-check + build)

Self-update system (git.tx1138.com):
- scripts/self-update.sh: pull, build, install, restart with rollback
- systemd timer checks daily at 3 AM
- update.check RPC does git-based checks when repo is present
- update.git-apply RPC triggers self-update from UI
- Default update URL changed from GitHub to git.tx1138.com
- Git added to ISO package list for fresh installs

Documentation:
- CHANGELOG v1.3.1 with all changes
- README updated (version, update system section)
- BETA-PROGRESS session #6 logged
- architecture-review.html: 4 issues marked FIXED, 8/12 refactoring done

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-25 15:52:26 +00:00
parent 4d1df4a319
commit 207e53144c
19 changed files with 750 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/BETA-PROGRESS.md
View File

@@ -2,7 +2,7 @@
> **Goal**: Flawless beta that works perfectly on every machine we install it on.
> **Freeze started**: 2026-03-18
> **Last updated**: 2026-03-18
> **Last updated**: 2026-03-25
---
@@ -26,7 +26,7 @@ PHASE 3: Beta Live (public release)
Everything in this phase must pass before we hand it to real users.
### Overall Status: IN PROGRESS (~55%)
### Overall Status: IN PROGRESS (~65%)
| Workstream | Status | Completion | Gate-blocking? |
|------------|--------|------------|----------------|
@@ -40,6 +40,8 @@ Everything in this phase must pass before we hand it to real users.
| 1H. UI Polish & Layout | DONE (batch + What's New) | ~90% | No |
| 1I. WebSocket Reliability | NOT STARTED | 0% | No |
| 1J. Quality Baseline Check | NOT STARTED | 0% | No |
| 1K. Architecture Review Fixes | DONE (4/4 items) | 100% | ~~YES~~ |
| 1L. Update System (git.tx1138.com) | DONE | 100% | No |
### 1A. Critical Bugs
@@ -316,6 +318,7 @@ Starts when we hand ISOs to real users on real hardware we don't control.
| 2026-03-18 | #3 | Updated tracking to reflect completed work — TASK-11 done, TASK-8 9/12, UI batch done | TASK-11, TASK-26-30, TASK-32, TASK-34-36, BUG-33 |
| 2026-03-18 | #4 | Rewrote deploy-tailscale.sh (full deploy with split-mode SSH, rootful migration, containers, infra). Fixed first-boot-containers.sh rootless bugs (subnet, UID mapping, prereqs). Dynamic HTTPS certs. | — |
| 2026-03-18 | #5 | BUG-1 CSRF fix, TASK-8 12/12 done, 7 bugs fixed, Argon2id migration, random BTC RPC, RBAC hardened, What's New history, Bitcoin sync gauge. Tagged v1.2.0-alpha.9. | BUG-1, TASK-8, BUG-20/37/40/41, TASK-31/38 |
| 2026-03-25 | #6 | Architecture review audit: all P0s+P1s verified fixed. Fixed remaining items: Nostr timeouts (6 calls), crypto dep pinning (12 deps), container image pinning (15 images), CI pipeline. Update system wired to git.tx1138.com. Cleaned stale branches. Docs updated. | Architecture review 4/4, CI pipeline |
---

42
docs/architecture-review.html
View File

@@ -2116,9 +2116,9 @@ Each node has:
<h3>High Priority <span class="badge badge-yellow">fix soon</span></h3>
<div class="card">
<h4>P1-A. Nostr client.connect() hangs indefinitely (no timeout)</h4>
<p><strong>What:</strong> 4 calls to <code>client.connect().await</code> in <code>nostr_handshake.rs</code> have no timeout wrapper. If a relay is down, peer discovery hangs forever.</p>
<p><strong>Fix:</strong> Wrap all in <code>tokio::time::timeout(Duration::from_secs(10), ...)</code>.</p>
<h4>P1-A. Nostr client.connect() hangs indefinitely (no timeout) <span class="badge badge-green">FIXED</span></h4>
<p><strong>What:</strong> 6 calls to <code>client.connect().await</code> across <code>identity_manager.rs</code>, <code>nostr_discovery.rs</code>, and <code>marketplace.rs</code> had no timeout wrapper. If a relay is down, peer discovery hangs forever.</p>
<p><strong>Fix:</strong> All 6 calls wrapped in <code>tokio::time::timeout(Duration::from_secs(10), ...)</code>. (v1.3.1, 2026-03-25)</p>
</div>
<div class="card">
@@ -2134,10 +2134,10 @@ Each node has:
</div>
<div class="card">
<h4>P1-D. Container images using :latest tag (7 instances)</h4>
<p><strong>What:</strong> Several containers in <code>first-boot-containers.sh</code> and the ISO build pull <code>:latest</code> — no version pinning.</p>
<h4>P1-D. Container images using :latest tag (7 instances) <span class="badge badge-green">FIXED</span></h4>
<p><strong>What:</strong> Several containers in <code>first-boot-containers.sh</code> and the ISO build pulled floating tags — no exact version pinning.</p>
<p><strong>Impact:</strong> Two machines installed a week apart may have different Bitcoin node versions. Supply chain risk.</p>
<p><strong>Fix:</strong> Pin every image to a specific version tag or SHA256 digest.</p>
<p><strong>Fix:</strong> All 15 floating tags in <code>image-versions.sh</code> pinned to exact patch versions (e.g., postgres:15→15.17, redis:7→7.4.8, nginx:alpine→1.29.6-alpine). DWN pinned by SHA256 digest. (v1.3.1, 2026-03-25)</p>
</div>
<div class="card">
@@ -2153,10 +2153,10 @@ Each node has:
</div>
<div class="card">
<h4>5. Cryptographic dependency versions not pinned exactly</h4>
<p><strong>What:</strong> <code>zeroize = "1.7"</code>, <code>chacha20poly1305 = "0.10"</code>, <code>ed25519-dalek = "2.1"</code> use floating versions.</p>
<h4>5. Cryptographic dependency versions not pinned exactly <span class="badge badge-green">FIXED</span></h4>
<p><strong>What:</strong> <code>zeroize = "1.7"</code>, <code>chacha20poly1305 = "0.10"</code>, <code>ed25519-dalek = "2.1"</code> used floating versions.</p>
<p><strong>Why it's bad:</strong> A minor version bump in a crypto library could introduce a vulnerability or behavioral change. The project's own rules require exact pinning for crypto deps.</p>
<p><strong>Fix:</strong> Pin to exact versions: <code>"1.7.0"</code>, <code>"0.10.1"</code>, <code>"2.1.1"</code>.</p>
<p><strong>Fix:</strong> All 12 crypto deps pinned to exact versions from Cargo.lock: ed25519-dalek=2.2.0, zeroize=1.8.2, chacha20poly1305=0.10.1, sha2=0.10.9, hmac=0.12.1, argon2=0.5.3, aes-gcm=0.10.3, etc. (v1.3.1, 2026-03-25)</p>
</div>
<div class="card">
@@ -2189,9 +2189,9 @@ Each node has:
</div>
<div class="card">
<h4>10. CI/CD pipeline is minimal</h4>
<h4>10. CI/CD pipeline is minimal <span class="badge badge-green">FIXED</span></h4>
<p><strong>What:</strong> One GitHub Action builds macOS release binaries on tag push. No tests run in CI. No linting. No Linux build or deploy automation.</p>
<p><strong>Fix:</strong> Add CI that runs <code>cargo clippy</code>, <code>cargo test</code>, <code>npm run type-check</code>, and <code>npm run lint</code> on every push. Add Linux cross-compilation.</p>
<p><strong>Fix:</strong> Added <code>.github/workflows/ci.yml</code> with two parallel jobs: Rust (fmt check + clippy -D warnings + tests) and Frontend (npm ci + type-check + build). Runs on push to main and all PRs. (v1.3.1, 2026-03-25)</p>
</div>
<div class="card">
@@ -2209,7 +2209,7 @@ Each node has:
<!-- ══════════════════════════════════════════════════════ -->
<h2 id="refactor-plan">Refactoring Priorities</h2>
<p>Ordered by impact. <strong>6 of 12 items completed</strong> since the previous review — significant progress:</p>
<p>Ordered by impact. <strong>8 of 12 items completed</strong> since the previous review — significant progress:</p>
<table>
<tr><th>#</th><th>Task</th><th>Impact</th><th>Effort</th><th>Status</th></tr>
@@ -2227,12 +2227,12 @@ Each node has:
<td>2 days</td>
<td><span class="badge badge-green">DONE</span></td>
</tr>
<tr>
<tr style="opacity: 0.5">
<td>3</td>
<td>Add CI pipeline (clippy + type-check + basic tests)</td>
<td><s>Add CI pipeline (clippy + type-check + basic tests)</s></td>
<td><span class="badge badge-red">high</span></td>
<td>1 day</td>
<td><span class="badge badge-red">TODO</span></td>
<td><span class="badge badge-green">DONE</span></td>
</tr>
<tr style="opacity: 0.5">
<td>4</td>
@@ -2241,12 +2241,12 @@ Each node has:
<td>3 days</td>
<td><span class="badge badge-green">DONE</span></td>
</tr>
<tr>
<tr style="opacity: 0.5">
<td>5</td>
<td>Pin all crypto dependency versions exactly</td>
<td><s>Pin all crypto dependency versions exactly</s></td>
<td><span class="badge badge-yellow">medium</span></td>
<td>1 hour</td>
<td><span class="badge badge-yellow">TODO</span></td>
<td><span class="badge badge-green">DONE</span></td>
</tr>
<tr style="opacity: 0.5">
<td>6</td>
@@ -2334,10 +2334,10 @@ Each node has:
<span class="highlight">ARCHITECTURE</span>
<span class="yellow">██████</span> Tests: 74+ files but gaps in integration coverage
<span class="red">██████</span> CI limited to macOS release builds — no test gating
<span class="green">██████</span> CI: cargo fmt + clippy + tests, frontend type-check + build
<span class="yellow">████</span> Manual type sync (Rust ↔ TypeScript)
<span class="yellow">████</span> App integration requires 6+ file changes
<span class="yellow">████</span> Crypto deps use floating versions
<span class="green">████</span> Crypto deps pinned to exact versions
<span class="green">████</span> Security model (pentest completed, rate limiting, CSRF)
<span class="green">████</span> Deploy safety (rollback, manifests, locking, health checks)
<span class="green">████</span> Module architecture (all god files eliminated)
@@ -2346,7 +2346,7 @@ Each node has:
<span class="code-comment">Legend: <span class="red">██</span> Critical <span class="yellow">██</span> Needs attention <span class="green">██</span> Good</span>
<span class="code-comment">Progress: <span class="green">██████████████████████████████████████████</span> ~75% green (was ~40%)</span>
<span class="code-comment">Progress: <span class="green">████████████████████████████████████████████████</span> ~85% green (was ~40%)</span>
</div>
<!-- ══════════════════════════════════════════════════════ -->