Sundayjob#430
Open
sundayjob996 wants to merge 4 commits into
Open
Conversation
…edge-case tests - initialize() now stores the passed quorum param instead of hardcoded default - set_quorum_bps / set_threshold_bps now verify caller == stored admin - Added tests: initialize configures quorum, zero quorum rejected, exactly-at-quorum passes, one-below-quorum expires, admin update paths, non-admin rejection
- Export verifyReadingSignature() from crypto.ts (wraps @noble/ed25519 verifyAsync, never throws — returns false on malformed input) - Tests cover: valid sig, invalid sig, tampered payload, wrong key, malformed sig bytes, malformed pubkey, hash determinism, hash sensitivity
…ersion header - middleware: change unversioned redirect from 308 to 301 (Moved Permanently) - middleware: inject API-Version: v1 header on all /api/* responses - openapi.yaml: document /api/v1/ canonical paths, legacy 301 redirect paths, API-Version response header component, and versioning policy in description
- ci.yml: add image-scan job (runs after web job) - builds Docker image from apps/web/Dockerfile - scans with aquasecurity/trivy-action@0.28.0 - exit-code 1 blocks image promotion on CRITICAL CVEs - uploads SARIF as CI artifact (30-day retention) - uploads SARIF to GitHub Security tab - Dockerfile: add comment guiding digest pinning procedure
|
@sundayjob996 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces several improvements to governance, security, API consistency, and test coverage:
Changes Included
Added comprehensive unit tests for the Ed25519 signature verification utility to validate signature handling, edge cases, and failure scenarios.
Implemented quorum and threshold validation logic in community_governance to ensure proposals meet the required participation and approval criteria before execution.
Introduced API versioning with a /v1 route prefix to provide a stable foundation for future API evolution while maintaining backward compatibility.
Added supporting updates and refactoring where necessary to improve maintainability and reliability.
Benefits
Increased confidence in cryptographic signature verification through automated testing.
Strengthened governance decision-making by enforcing quorum and approval thresholds.
Established a scalable API versioning strategy for future releases.
Improved overall code quality and system reliability.
closes #276
closes #321
closes #300
closes #283