refactor(ports): standardize service ports to 8000-8017 range and update CORS configurations across all services

- Update CORS allow_origins in blockchain-node app.py and gossip relay.py to use new port logic (8000-8016) - Update coordinator-api config.py and config_pg.py with standardized port ranges and service labels - Update coordinator-api health check script from port 18000 to 8000 - Update geo_load_balancer.py to use configurable host/port (default 0.0.0.0:8017) - Update agent_security.py sandbox
2026-03-04 15:43:17 +01:00
parent 3df0a9ed62
commit 5534226895
57 changed files with 9690 additions and 126 deletions
--- a/apps/coordinator-api/src/app/services/agent_security.py
+++ b/apps/coordinator-api/src/app/services/agent_security.py
@@ -586,7 +586,7 @@ class AgentSandboxManager:
                "blocked_file_paths": ["/etc", "/root", "/home", "/var"],
                "allowed_domains": ["*.internal.com", "*.api.internal"],
                "blocked_domains": ["malicious.com", "*.suspicious.net"],
-                "allowed_ports": [80, 443, 8080, 3000],
+                "allowed_ports": [80, 443, 8000, 8001, 8002, 8003, 8010, 8011, 8012, 8013, 8014, 8015, 8016],
                "max_execution_time": 7200,
                "idle_timeout": 600,
                "enable_monitoring": True,
@@ -606,7 +606,7 @@ class AgentSandboxManager:
                "blocked_file_paths": ["/etc", "/root", "/home", "/var", "/sys", "/proc"],
                "allowed_domains": ["*.internal.com", "*.api.internal", "*.trusted.com"],
                "blocked_domains": ["malicious.com", "*.suspicious.net", "*.evil.org"],
-                "allowed_ports": [80, 443, 8080, 3000, 8000, 9000],
+                "allowed_ports": [80, 443, 8000, 8001, 8002, 8003, 8010, 8011, 8012, 8013, 8014, 8015, 8016],
                "max_execution_time": 14400,
                "idle_timeout": 1800,
                "enable_monitoring": True,
@@ -626,7 +626,7 @@ class AgentSandboxManager:
                "blocked_file_paths": ["/etc", "/root", "/home", "/var", "/sys", "/proc", "/boot"],
                "allowed_domains": ["*.internal.com", "*.api.internal", "*.trusted.com", "*.partner.com"],
                "blocked_domains": ["malicious.com", "*.suspicious.net", "*.evil.org"],
-                "allowed_ports": [80, 443, 8080, 3000, 8000, 9000, 22, 25, 443],
+                "allowed_ports": [80, 443, 8000, 8001, 8002, 8003, 8010, 8011, 8012, 8013, 8014, 8015, 8016, 22, 25],
                "max_execution_time": 28800,
                "idle_timeout": 3600,
                "enable_monitoring": True,
--- a/apps/coordinator-api/src/app/services/zk_proofs.py
+++ b/apps/coordinator-api/src/app/services/zk_proofs.py
@@ -27,8 +27,8 @@ class ZKProofService:
        self.circuits = {
            "receipt_simple": {
                "zkey_path": self.circuits_dir / "receipt_simple_0001.zkey",
-                "wasm_path": self.circuits_dir / "receipt_simple.wasm",
-                "vkey_path": self.circuits_dir / "verification_key.json"
+                "wasm_path": self.circuits_dir / "receipt_simple_js" / "receipt_simple.wasm",
+                "vkey_path": self.circuits_dir / "receipt_simple_js" / "verification_key.json"
            },
            "ml_inference_verification": {
                "zkey_path": self.circuits_dir / "ml_inference_verification_0000.zkey",