oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
bf1e18921ba072bde0e2af6ffb7f0830c079f38d
aitbc/MEMORY.md

5.4 KiB
Raw Blame History

MEMORY.md

Weekly Summary (2026-03-23 to 2026-03-29)

Consolidated: 2026-03-23 21:56 UTC
Archived: memory/archive/2026-03/{23}.md

Key Decisions

  • Continued security hardening efforts with ongoing vulnerability monitoring
  • Maintained blockchain development focus despite dependency updates
  • Preserved synchronization efforts between aitbc and aitbc1 nodes

Learnings

  • Security hardening requires continuous monitoring and updates
  • Dependency updates are ongoing but non-critical for core functionality
  • Blockchain development benefits from consistent peer review and coordination

Important Facts

  • Python 3.13.5
  • Debian Trixie
  • aitbc server: 10.1.223.93 (secondary developing node, matrix user: aitbc)
  • aitbc1 server: 10.1.223.40 (primary developing node, matrix user: aitbc1)
  • Both connected via Redis pub/sub (10.1.223.40:6379)

Action Items

  • Patched critical pickle deserialization bypass with module origin verification
  • Hardened Matrix agent configuration (explicit user allowlist, requireMention=true, groupPolicy=allowlist)
  • Implemented claim TTL (2 hours) to prevent stale locks
  • Integrated vulnerability scanning into dev_heartbeat.py
  • Bound blockchain RPC to localhost only (127.0.0.1)
  • Tightened wallet file permissions to 600
  • Added optional API key middleware to Coordinator API
  • Fixed poetry lock file inconsistency and updated mypy dependency
  • Committed mempool drain logging change to poa.py
  • Restarted services after security hardening
  • Monitored 16 outdated packages (coverage, fastapi, jaraco-context, platformdirs, pydantic-core, pytest-asyncio, pytest-cov, python-dotenv, rich, ruff, and others)
  • Addressed uncommitted changes in blockchain consensus and RPC modules

Blockchain Project Status (2026-03-19)

Servers

  • aitbc (this server): 10.1.223.93, port 8006 RPC, 8005 P2P
  • aitbc1 (brother): 10.1.223.40, port 8006 RPC
  • Both connected via Redis pub/sub (10.1.223.40:6379)

Current Chain State

  • NOT synchronized — aitbc at height ~1479, aitbc1 at ~102 (2026-03-19 12:27)
  • Both running ait-mainnet chain_id
  • All genesis accounts (aitbc1genesis, aitbc1treasury) have 0 balance
  • No keystore generated on either server
  • Proposer key is dev key 0x00...01 on aitbc

What's Missing for Gift of 1000 AIT

  1. Production genesis not seeded (20M AIT allocation from genesis_prod.yaml never initialized)
  2. Chains not synchronized between servers
  3. No keystore with decrypted keys
  4. No actual AIT tokens exist anywhere

Code Status (2026-03-19)

  • git branch: aitbc1/7-add-tests-for-aitbc-core-package (NOT on main or blockchain-production)
  • Cherry-picked multi-chain refactor and chain_sync.py onto this branch
  • Pushed to aitbc/sync-chain-changes (main is protected)
  • Service file fixed: combined_main → main
  • Services running on aitbc: node (8005), RPC (8006), dev RPC (8025)

Recent Updates (2026-03-1516)

Security Hardening

  • Fixed critical pickle deserialization bypass (safe_loads) with module origin verification and sys.path lock.
  • Restricted Matrix agent: explicit user allowlist, requireMention=true, groupPolicy=allowlist.
  • Implemented claim TTL (2 hours) to prevent stale locks in multi-agent coordination.
  • Integrated vulnerability scanning into dev_heartbeat.py (pip-audit, npm audit).
  • Bound blockchain RPC to localhost (127.0.0.1) to reduce exposure.
  • Tightened wallet file permissions to 600 (owner read/write only).
  • Added optional API key middleware to Coordinator API (COORDINATOR_API_KEY env).

Files Modified

  • /opt/aitbc/apps/coordinator-api/src/app/services/secure_pickle.py
  • /opt/aitbc/apps/coordinator-api/src/app/main.py
  • /root/.openclaw/openclaw.json
  • /opt/aitbc/scripts/claim-task.py
  • /opt/aitbc/dev/scripts/dev_heartbeat.py
  • /opt/aitbc/systemd/aitbc-blockchain-rpc.service

See /root/.openclaw/workspace/SECURITY_HARDENING_SUMMARY.md for full details and restart instructions.

Production Blockchain Preparation (2026-03-16)

Goals

  • Fixed supply genesis with controlled initial allocations (ait-mainnet)
  • Encrypted keystore for proposer and treasury accounts
  • Removal of dev-only admin mint endpoint
  • Multi-chain support (devnet preserved)

Created Scripts

  • /opt/aitbc/scripts/keystore.py Generate and encrypt keystore JSON files for accounts using Fernet (AES-128)
  • /opt/aitbc/scripts/init_production_genesis.py Initialize ait-mainnet DB with production allocations
  • /opt/aitbc/scripts/run_production_node.py Launcher that sets env, initializes DB if empty, starts node
  • /opt/aitbc/SETUP_PRODUCTION.md Step-by-step guide

Outstanding Manual Steps

  1. Generate keystores for aitbc1genesis and aitbc1treasury (run keystore.py)
  2. Run init script to create the production DB
  3. Edit .env to set CHAIN_ID=ait-mainnet and PROPOSER_KEY=<hex>
  4. Restart blockchain services
  5. Verify RPC endpoints

Key Differences: Genesis vs Treasury

  • aitbc1genesis: Proposer key used for block signing in PoA; high authority, rarely spends.
  • aitbc1treasury: Operational funds for ecosystem rewards, grants, payments; needs to be spendable via wallet daemon.

Address Format

  • Human-readable names (e.g., aitbc1treasury) stored as plain strings in the Account table.
  • Private keys stored encrypted in /opt/aitbc/keystore/ with 600 perms.
  • Transaction signing not yet implemented; will require on-chain public key infrastructure in a future phase.