diff --git a/.gitignore b/.gitignore index 21e77188..dd6e45f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ -<<<<<<< Updated upstream # AITBC Monorepo ignore rules -# Updated: 2026-03-03 - Project organization workflow completed +# Updated: 2026-03-18 - Security fixes for hardcoded passwords # Development files organized into dev/ subdirectories # =================== @@ -141,7 +140,7 @@ target/ out/ # =================== -# Secrets & Credentials +# Secrets & Credentials (CRITICAL SECURITY) # =================== *.pem *.key @@ -152,6 +151,19 @@ credentials/ .secrets .gitea_token.sh +# Password files (NEVER commit these) +*.password +*.pass +.password.* +keystore/.password +keystore/.password.* + +# Private keys and sensitive files +*_private_key.txt +*_private_key.json +private_key.* +*.private + # =================== # Backup Files (organized) # =================== @@ -180,76 +192,6 @@ backup/README.md # =================== tmp/ temp/ -======= -# Python -__pycache__/ -*.py[cod] -*$py.class -*.so -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# Virtual environments -venv/ -env/ -ENV/ -.venv/ -.env/ - -# IDEs -.vscode/ -.idea/ -*.swp -*.swo -*~ - -# OS -.DS_Store -.DS_Store? -._* -.Spotlight-V100 -.Trashes -ehthumbs.db -Thumbs.db - -# Logs -*.log -logs/ - -# Database -*.db -*.sqlite -*.sqlite3 -*.db-wal -*.db-shm - -# Configuration with secrets -.env -.env.local -.env.*.local -config.json -secrets.json - -# Temporary files -*.tmp -*.temp -*.bak -*.backup # =================== # Environment Files @@ -334,7 +276,7 @@ tests/fixtures/generated/ # GPU miner local configs scripts/gpu/*.local.py -# Deployment secrets +# Deployment secrets (CRITICAL SECURITY) scripts/deploy/*.secret.* infra/nginx/*.local.conf @@ -379,8 +321,10 @@ scripts/service/* infra/nginx/nginx-aitbc*.conf infra/helm/values/prod/ infra/helm/values/prod.yaml -======= + +# =================== # Node.js +# =================== node_modules/ npm-debug.log* yarn-debug.log* @@ -419,7 +363,9 @@ ENV/ env.bak/ venv.bak/ -# AITBC specific +# =================== +# AITBC specific (CRITICAL SECURITY) +# =================== data/ logs/ *.db @@ -427,5 +373,15 @@ logs/ wallet*.json keystore/ certificates/ ->>>>>>> Stashed changes -.gitea_token.sh + +# Guardian contract databases (contain spending limits) +guardian_contracts/ +*.guardian.db + +# Multi-chain wallet data +.wallets/ +.wallets/* + +# Agent protocol data +.agent_data/ +.agent_data/* diff --git a/docs/beginner/01_getting_started/3_cli.md.backup b/docs/beginner/01_getting_started/3_cli.md.backup new file mode 100644 index 00000000..23c4a422 --- /dev/null +++ b/docs/beginner/01_getting_started/3_cli.md.backup @@ -0,0 +1,250 @@ +# AITBC CLI Getting Started Guide + +**Complete Command Line Interface Setup and Usage** + +## 🚀 **Quick Start** + +### Prerequisites +- Linux system (Debian 13+ recommended) +- Python 3.13+ installed +- System access (sudo for initial setup) + +### Installation +```bash +# 1. Load development environment +source /opt/aitbc/.env.dev + +# 2. Test CLI installation +aitbc --help +aitbc version + +# 3. Verify services are running +aitbc-services status +``` + +## 🔧 **Development Environment Setup** + +### Permission Configuration +```bash +# Fix permissions (one-time setup) +sudo /opt/aitbc/scripts/clean-sudoers-fix.sh + +# Test permissions +/opt/aitbc/scripts/test-permissions.sh +``` + +### Environment Variables +```bash +# Load development environment +source /opt/aitbc/.env.dev + +# Available aliases +aitbc-services # Service management +aitbc-fix # Quick permission fix +aitbc-logs # View logs +``` + +## 📋 **Basic Operations** + +### Wallet Management +```bash +# Create new wallet +aitbc wallet create --name "my-wallet" + +# List wallets +aitbc wallet list + +# Check balance +aitbc wallet balance --wallet "my-wallet" + +# Get address +aitbc wallet address --wallet "my-wallet" +``` + +### Exchange Operations +```bash +# Register with exchange +aitbc exchange register --name "Binance" --api-key + +# Create trading pair +aitbc exchange create-pair AITBC/BTC + +# Start trading +aitbc exchange start-trading --pair AITBC/BTC + +# Check exchange status +aitbc exchange status +``` + +### Blockchain Operations +```bash +# Get blockchain info +aitbc blockchain info + +# Check node status +aitbc blockchain status + +# List recent blocks +aitbc blockchain blocks --limit 10 + +# Check balance +aitbc blockchain balance --address
+``` + +## 🛠️ **Advanced Usage** + +### Output Formats +```bash +# JSON output +aitbc --output json wallet balance + +# YAML output +aitbc --output yaml blockchain info + +# Table output (default) +aitbc wallet list +``` + +### Debug Mode +```bash +# Enable debug output +aitbc --debug wallet list + +# Test mode (uses mock data) +aitbc --test-mode exchange status + +# Custom timeout +aitbc --timeout 60 blockchain info +``` + +### Configuration +```bash +# Show current configuration +aitbc config show + +# Get specific config value +aitbc config get coordinator_url + +# Set config value +aitbc config set timeout 30 + +# Edit configuration +aitbc config edit +``` + +## 🔍 **Troubleshooting** + +### Common Issues + +#### Permission Denied +```bash +# Fix permissions +/opt/aitbc/scripts/fix-permissions.sh + +# Test permissions +/opt/aitbc/scripts/test-permissions.sh +``` + +#### Service Not Running +```bash +# Check service status +aitbc-services status + +# Restart services +aitbc-services restart + +# View logs +aitbc-logs +``` + +#### Command Not Found +```bash +# Check CLI installation +which aitbc + +# Load environment +source /opt/aitbc/.env.dev + +# Check PATH +echo $PATH | grep aitbc +``` + +#### API Connection Issues +```bash +# Test with debug mode +aitbc --debug blockchain status + +# Test with custom URL +aitbc --url http://localhost:8000 blockchain info + +# Check service endpoints +curl http://localhost:8000/health +``` + +### Debug Mode +```bash +# Enable debug for any command +aitbc --debug + +# Check configuration +aitbc config show + +# Test service connectivity +aitbc --test-mode blockchain status +``` + +## 📚 **Next Steps** + +### Explore Features +1. **Wallet Operations**: Try creating and managing wallets +2. **Exchange Integration**: Register with exchanges and start trading +3. **Blockchain Operations**: Explore blockchain features +4. **Compliance**: Set up KYC/AML verification + +### Advanced Topics +1. **Market Making**: Configure automated trading +2. **Oracle Integration**: Set up price feeds +3. **Security**: Implement multi-sig and time-lock +4. **Development**: Build custom tools and integrations + +### Documentation +- [Complete CLI Reference](../23_cli/README.md) +- [Testing Procedures](../23_cli/testing.md) +- [Permission Setup](../23_cli/permission-setup.md) +- [Exchange Integration](../19_marketplace/exchange_integration.md) + +## 🎯 **Tips and Best Practices** + +### Development Workflow +```bash +# 1. Load environment +source /opt/aitbc/.env.dev + +# 2. Check services +aitbc-services status + +# 3. Test CLI +aitbc version + +# 4. Start development +aitbc wallet create +``` + +### Security Best Practices +- Use strong passwords for wallet encryption +- Enable multi-sig for large amounts +- Keep API keys secure +- Regular backup of wallets +- Monitor compliance requirements + +### Performance Tips +- Use appropriate output formats for automation +- Leverage test mode for development +- Cache frequently used data +- Monitor service health + +--- + +**Last Updated**: March 8, 2026 +**CLI Version**: 0.1.0 +**Test Coverage**: 67/67 tests passing (100%) diff --git a/pyproject.toml.backup b/pyproject.toml.backup new file mode 100644 index 00000000..f1d69126 --- /dev/null +++ b/pyproject.toml.backup @@ -0,0 +1,181 @@ +[tool.pytest.ini_options] +# Test discovery +python_files = ["test_*.py", "*_test.py"] +python_classes = ["Test*"] +python_functions = ["test_*"] + +# Cache directory - prevent root level cache +cache_dir = "dev/cache/.pytest_cache" + +# Test paths to run - include all test directories across the project +testpaths = [ + "tests", + "apps/blockchain-node/tests", + "apps/coordinator-api/tests", + "apps/explorer-web/tests", + "apps/pool-hub/tests", + "apps/wallet-daemon/tests", + "apps/zk-circuits/test", + "cli/tests", + "contracts/test", + "packages/py/aitbc-crypto/tests", + "packages/py/aitbc-sdk/tests", + "packages/solidity/aitbc-token/test", + "scripts/test" +] + +# Python path for imports +pythonpath = [ + ".", + "packages/py/aitbc-crypto/src", + "packages/py/aitbc-crypto/tests", + "packages/py/aitbc-sdk/src", + "packages/py/aitbc-sdk/tests", + "apps/coordinator-api/src", + "apps/coordinator-api/tests", + "apps/wallet-daemon/src", + "apps/wallet-daemon/tests", + "apps/blockchain-node/src", + "apps/blockchain-node/tests", + "apps/pool-hub/src", + "apps/pool-hub/tests", + "apps/explorer-web/src", + "apps/explorer-web/tests", + "cli", + "cli/tests" +] + +# Additional options for local testing +addopts = [ + "--verbose", + "--tb=short", + "--strict-markers", + "--disable-warnings", + "-ra" +] + +# Custom markers +markers = [ + "unit: Unit tests (fast, isolated)", + "integration: Integration tests (may require external services)", + "slow: Slow running tests", + "cli: CLI command tests", + "api: API endpoint tests", + "blockchain: Blockchain-related tests", + "crypto: Cryptography tests", + "contracts: Smart contract tests", + "e2e: End-to-end tests (full system)", + "performance: Performance tests (measure speed/memory)", + "security: Security tests (vulnerability scanning)", + "gpu: Tests requiring GPU resources", + "confidential: Tests for confidential transactions", + "multitenant: Multi-tenancy specific tests" +] + +# Environment variables for tests +env = [ + "AUDIT_LOG_DIR=/tmp/aitbc-audit", + "DATABASE_URL=sqlite:///./test_coordinator.db", + "TEST_MODE=true", + "SQLITE_DATABASE=sqlite:///./test_coordinator.db" +] + +# Warnings +filterwarnings = [ + "ignore::UserWarning", + "ignore::DeprecationWarning", + "ignore::PendingDeprecationWarning", + "ignore::pytest.PytestUnknownMarkWarning", + "ignore::pydantic.PydanticDeprecatedSince20", + "ignore::sqlalchemy.exc.SADeprecationWarning" +] + +# Asyncio configuration +asyncio_default_fixture_loop_scope = "function" + +# Import mode +import_mode = "append" + +[project] +name = "aitbc-cli" +version = "0.1.0" +description = "AITBC Command Line Interface Tools" +authors = [ + {name = "AITBC Team", email = "team@aitbc.net"} +] +readme = "cli/README.md" +license = "MIT" +requires-python = ">=3.13" +dependencies = [ + "click==8.3.1", + "httpx==0.28.1", + "pydantic==2.12.5", + "pyyaml==6.0.3", + "rich==13.7.0", + "keyring==25.7.0", + "cryptography==46.0.5", + "click-completion==0.5.2", + "tabulate==0.9.0", + "colorama==0.4.6", + "python-dotenv==1.0.0", + "asyncpg==0.31.0", + # Dependencies for service module imports (coordinator-api services) + "numpy>=1.26.0", + "pandas>=2.0.0", + "aiohttp>=3.9.0", + "fastapi>=0.111.0", + "uvicorn[standard]>=0.30.0" +] +classifiers = [ + "Development Status :: 4 - Beta", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Operating System :: OS Independent", + "Topic :: Software Development :: Libraries :: Python Modules", + "Topic :: System :: Distributed Computing", +] + +[project.optional-dependencies] +dev = [ + "pytest==9.0.2", + "pytest-asyncio==0.21.1", + "pytest-cov==7.0.0", + "pytest-mock==3.15.1", + "black==24.3.0", +"isort==8.0.1", + "ruff==0.15.5", + "mypy==1.8.0", + "bandit==1.7.5", + "types-requests==2.31.0", + "types-setuptools==69.0.0", + "types-PyYAML==6.0.12", + "sqlalchemy[mypy]==2.0.25" +] + +[project.scripts] +aitbc = "aitbc_cli.main:cli" + +[project.urls] +Homepage = "https://aitbc.net" +Repository = "https://github.com/aitbc/aitbc" +Documentation = "https://docs.aitbc.net" + +[build-system] +requires = ["setuptools>=61.0", "wheel"] +build-backend = "setuptools.build_meta" + +[tool.setuptools.packages.find] +where = ["cli", "apps/coordinator-api"] +include = ["aitbc_cli*", "aitbc*"] + +[tool.setuptools.package-dir] +"aitbc_cli" = "cli/aitbc_cli" +"aitbc" = "apps/coordinator-api/aitbc" + +[dependency-groups] +dev = [ + "mypy (>=1.19.1,<2.0.0)" +] diff --git a/scripts/deploy/.env.deploy.example b/scripts/deploy/.env.deploy.example new file mode 100644 index 00000000..63a41927 --- /dev/null +++ b/scripts/deploy/.env.deploy.example @@ -0,0 +1,36 @@ +# AITBC Deployment Configuration Template +# Copy this file to .env.deploy and fill in your actual values +# NEVER commit the actual .env.deploy file with real credentials + +# === REQUIRED DEPLOYMENT SETTINGS === +CONTAINER_NAME="aitbc" +CONTAINER_IP="YOUR_CONTAINER_IP" +PROJECT_DIR="/path/to/your/aitbc" +SSH_ALIAS="your-ssh-alias" +SSH_KEY_PATH="/path/to/your/private/key" + +# === OPTIONAL SECURITY SETTINGS === +# SSH connection timeout (seconds) +SSH_TIMEOUT=30 + +# Backup settings +CREATE_BACKUP=true +BACKUP_RETENTION_DAYS=7 + +# Service restart settings +RESTART_SERVICES=true +SERVICE_STARTUP_TIMEOUT=60 + +# === EXAMPLE VALUES === +# CONTAINER_NAME="aitbc" +# CONTAINER_IP="192.168.1.100" +# PROJECT_DIR="/home/user/aitbc" +# SSH_ALIAS="user@container-ip" +# SSH_KEY_PATH="/home/user/.ssh/id_rsa" + +# === SECURITY NOTES === +# 1. Never commit this file with real credentials +# 2. Use SSH keys instead of passwords +# 3. Restrict file permissions: chmod 600 .env.deploy +# 4. Use SSH config file for complex connection settings +# 5. Consider using a secrets management system for production diff --git a/scripts/implement-agent-protocols.sh b/scripts/implement-agent-protocols.sh index 3674d69a..4833bded 100755 --- a/scripts/implement-agent-protocols.sh +++ b/scripts/implement-agent-protocols.sh @@ -352,7 +352,11 @@ class MessageProtocol: def _generate_key(self) -> bytes: """Generate encryption key""" - password = os.environ.get('AITBC_AGENT_PROTOCOL_KEY', b"default-key-change-in-production") + # SECURITY FIX: Use environment variable instead of hardcoded default + password = os.environ.get('AITBC_AGENT_PROTOCOL_KEY') + if not password: + raise ValueError("❌ SECURITY: AITBC_AGENT_PROTOCOL_KEY environment variable required") + salt = os.environ.get('AITBC_AGENT_PROTOCOL_SALT', b"aitbc-salt-agent-protocol") if isinstance(password, str): password = password.encode() diff --git a/scripts/setup_production.py b/scripts/setup_production.py index 6eaeb2ee..2d1daa33 100644 --- a/scripts/setup_production.py +++ b/scripts/setup_production.py @@ -40,9 +40,19 @@ def main(): # 1. Keystore directory and password run(f"mkdir -p {KEYS_DIR}") run(f"chown -R aitbc:aitbc {KEYS_DIR}") + + # SECURITY FIX: Use environment variable instead of hardcoded password if not PASSWORD_FILE.exists(): - run(f"openssl rand -hex 32 > {PASSWORD_FILE}") - run(f"chmod 600 {PASSWORD_FILE}") + password = os.environ.get("AITBC_KEYSTORE_PASSWORD") + if not password: + # Generate secure random password if not provided + run(f"openssl rand -hex 32 > {PASSWORD_FILE}") + run(f"chmod 600 {PASSWORD_FILE}") + else: + # Use provided password from environment + PASSWORD_FILE.write_text(password) + run(f"chmod 600 {PASSWORD_FILE}") + os.environ["KEYSTORE_PASSWORD"] = PASSWORD_FILE.read_text().strip() # 2. Generate keystores