oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
2,175 Commits 1 Branch 10 Tags
ff2b8c2aed92eb0c7369835c9dec4d96028e0901
Commit Graph

3 Commits

Author SHA1 Message Date
aitbc
13ada12b49 Security fixes: wildcard CORS, JWT auth, zero-address fallback 
Phase 1 security remediation from codebase analysis:

CORS fixes:
- Replace wildcard CORS with safe localhost defaults in agent-coordinator
- Replace wildcard CORS with safe localhost defaults in marketplace
- Fix 8 additional wildcard CORS instances in coordinator-api apps:
  - hermes_enhanced_app.py
  - api_gateway.py
  - modality_optimization_app.py
  - multimodal_app.py
  - gpu_multimodal_app.py
  - marketplace_enhanced_app.py
  - advanced_ai_service.py
  - adaptive_learning_app.py
- Add CORS configuration security tests

Blockchain-node auth fixes:
- JWT authentication now fails closed with clear error message
- X-Wallet-Address already gated behind TRUST_X_WALLET_ADDRESS env var
- Remove zero-address fallback from arbitration vote submission
- Add regression test for zero-address rejection in arbitration

Tests:
- Update dispute auth tests to reflect new JWT error message
- Add test_arbitration_vote_zero_address_rejected
- Add test_cors_configuration.py with 5 CORS validation tests
 2026-05-24 19:31:26 +02:00
aitbc
494bd962b4 Add authentication to dispute endpoints and improve test coverage infrastructure
Some checks failed
Cross-Chain Functionality Tests / test-multi-chain-consensus (push) Has been cancelled
Details
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Details
Documentation Validation / validate-docs (push) Has been cancelled
Details
Documentation Validation / validate-policies-strict (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Has been cancelled
Details
Multi-Chain Island Architecture Tests / test-multi-chain-island (push) Has been cancelled
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Has been cancelled
Details
Node Failover Simulation / failover-test (push) Has been cancelled
Details
P2P Network Verification / p2p-verification (push) Has been cancelled
Details
Package Tests / Python package - aitbc-agent-sdk (push) Has been cancelled
Details
Package Tests / Python package - aitbc-core (push) Has been cancelled
Details
Package Tests / Python package - aitbc-crypto (push) Has been cancelled
Details
Package Tests / Python package - aitbc-sdk (push) Has been cancelled
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Has been cancelled
Details
Package Tests / JavaScript package - aitbc-token (push) Has been cancelled
Details
Python Tests / test-python (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:aitbc-contracts path:contracts]) (push) Has been cancelled
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Has been cancelled
Details
Smart Contract Tests / test-foundry (push) Has been cancelled
Details
Smart Contract Tests / lint-solidity (push) Has been cancelled
Details
Smart Contract Tests / deploy-contracts (push) Has been cancelled
Details
Staking Tests / test-staking-service (push) Has been cancelled
Details
Contract Performance Benchmarks / compare-benchmarks (push) Has been cancelled
Details
Cross-Chain Functionality Tests / aggregate-results (push) Has been cancelled
Details
Staking Tests / test-staking-integration (push) Has been cancelled
Details
Staking Tests / test-staking-contract (push) Has been cancelled
Details
Staking Tests / run-staking-test-runner (push) Has been cancelled
Details
Multi-Node Stress Testing / stress-test (push) Successful in 3s
Details
Cross-Node Transaction Testing / transaction-test (push) Successful in 3s
Details 
- Add get_authenticated_address() helper to extract wallet address from X-Wallet-Address header or JWT token
- Add authentication to dispute filing, evidence submission, verification, voting, and arbitrator authorization endpoints
- Replace hardcoded zero addresses with authenticated addresses from request headers
- Add DEV_MODE fallback for development without authentication
- Add --mock flag to experimental resource
 2026-05-22 23:13:47 +02:00
aitbc
2713951a1b refactor: reorganize aitbc core library into subpackages
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 17s
Details
CLI Tests / test-cli (push) Failing after 3s
Details
Cross-Node Transaction Testing / transaction-test (push) Successful in 3s
Details
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Details
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Details
Node Failover Simulation / failover-test (push) Has been cancelled
Details
Integration Tests / test-service-integration (push) Successful in 2m39s
Details
Package Tests / Python package - aitbc-agent-sdk (push) Failing after 12s
Details
Package Tests / Python package - aitbc-core (push) Successful in 12s
Details
Package Tests / Python package - aitbc-crypto (push) Successful in 10s
Details
Package Tests / Python package - aitbc-sdk (push) Failing after 7s
Details
Package Tests / JavaScript package - aitbc-sdk-js (push) Successful in 6s
Details
Package Tests / JavaScript package - aitbc-token (push) Successful in 14s
Details
Python Tests / test-python (push) Failing after 9s
Details
Security Scanning / security-scan (push) Successful in 15s
Details 
- Create aitbc/crypto/ subpackage (crypto.py, security.py)
- Create aitbc/utils/ subpackage (validation, time_utils, json_utils, paths, env)
- Create aitbc/network/ subpackage (http_client, web3_utils)
- Update all import statements across codebase
- Maintain backward compatibility with __init__.py exports
- Improve code organization and modularity
 2026-05-09 12:25:14 +02:00