hack-house

History

leetcrypt 2c4a4f9a22 Some checks are pending CI / rust client (hh) (macos-latest) (push) Waiting to run Details CI / rust client (hh) (ubuntu-latest) (push) Waiting to run Details CI / rust coverage (push) Waiting to run Details CI / python server (3.10) (push) Waiting to run Details CI / python server (3.11) (push) Waiting to run Details CI / python server (3.12) (push) Waiting to run Details CI / headless e2e smoke (push) Waiting to run Details CI / dependency audit (push) Waiting to run Details CI / secret scanning (push) Waiting to run Details harden(ft,auth,net): cap transfers/frames, evict stale SRP, distrust XFF M1: enforce the declared transfer size (clamped to MAX_SIZE) on chunk receipt in both the Rust and Python clients — a malicious sender can no longer grow the receive buffer unboundedly. M2: only honor X-Forwarded-For when TRUST_PROXY is set, so a direct client can't spoof a source IP to dodge the per-IP rate limiter. M3: evict unverified SRP sessions after a 60s TTL on each new handshake, preventing half-finished auths from exhausting memory. M4: drop WS frames larger than 256 KB before they hit the store or broadcast, bounding per-message memory and flood blast radius. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-06-05 06:59:16 -07:00
..
agent	feat(sbx,ui): VM snapshot save/load + collapsible clustered help menu	2026-06-02 23:03:00 -07:00
client	harden(ft,auth,net): cap transfers/frames, evict stale SRP, distrust XFF	2026-06-05 06:59:16 -07:00
server	harden(ft,auth,net): cap transfers/frames, evict stale SRP, distrust XFF	2026-06-05 06:59:16 -07:00
__init__.py	fix(security): comprehensive security hardening — TLS, HMAC WS auth, rate limiting, IP leak prevention	2026-05-25 20:30:40 -07:00