v0.2.1: Security hardening, ZK Ristretto255, and resilience fixes#38
Merged
ApiliumDevTeam merged 15 commits intomainfrom Mar 14, 2026
Merged
v0.2.1: Security hardening, ZK Ristretto255, and resilience fixes#38ApiliumDevTeam merged 15 commits intomainfrom
ApiliumDevTeam merged 15 commits intomainfrom
Conversation
Add mayros_memory_conflicts and mayros_memory_digest as MCP tools and CLI commands for proactive memory maintenance. Conflicts tool detects exact duplicates and graph-level contradictions. Digest tool provides category distribution, recent entries, and DAG statistics. Bump version to 0.2.1.
Prevent unbounded exponential backoff by capping retry delay at 60s. Move clearTimeout to finally block so timers are always cleaned up on network errors. Add clampPositive() to reject invalid resilience config values (negative timeouts, zero circuit thresholds).
Increase marker ID from 8 to 16 random bytes (64 to 128 bits) to reduce collision probability in adversarial content sanitization.
Detect <(...) and >(...) process substitution patterns outside quotes. These can execute arbitrary commands and bypass blocklist checks, so they now trigger the same subshell warning as $(...) and backticks.
Switch dagVerify from GET query string to POST body to match the Cortex v0.6.1 API. Extract fetchDag() helper to reduce repetition across 10 MCP DAG tools. Fix parseInt radix in dag prune CLI.
Move conflict detection and digest tools from memory-tools.ts to memory-health-tools.ts for cleaner separation. Register in MCP server alongside existing memory and DAG tools.
Increment counter before any await to prevent concurrent callers from exceeding the assertion limit. Release the slot on failure so it can be retried.
Switch from Ed25519 CompressedEdwardsY to Ristretto255 CompressedRistretto to match Cortex's curve25519-dalek format. Align Schnorr protocol with aingle_zk::verify_knowledge_proof (commitment=public key, challenge=H(R||P), response=k+cx). Use length-prefixed encoding in secret derivation to prevent concatenation collisions. Route membership proofs through Knowledge type since Cortex Membership requires Merkle trees.
List all 21 MCP tools including DAG and memory health tools added in v0.2.0-v0.2.1. Add coming-soon section for Gemini CLI and GitHub Copilot CLI MCP integration.
Wrap engine.publish() and proofClient.requestZkProof() calls in try/catch so Cortex connection failures return error messages instead of crashing the MCP tool handler.
Cap resilience config values at sane maximums (300s for timeouts, 20 for counts) to prevent DoS via extreme config values. Scope the memory conflict scanner to the tool's namespace to enforce cross-namespace isolation.
Use crypto.getRandomValues() for retry jitter instead of predictable Math.random(). Add dummy scalar computation with random inputs in Schnorr proof generation to obscure timing of secret-dependent BigInt operations.
undici 7.22.0 -> 7.24.2: fixes WebSocket memory exhaustion, CRLF injection, HTTP smuggling, and 64-bit length overflow (6 CVEs). file-type 21.3.1 -> 21.3.2: fixes ZIP decompression bomb DoS.
Prevents accidental commitment of sensitive files. Enhances security by ensuring confidential data remains out of version control.
Bump minimum Cortex version for v0.2.1 compatibility (dagVerify POST body, ZK Ristretto255 proofs).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
aingle_zk::verify_knowledge_proof. Add length-prefixed encoding to prevent concatenation collisionsMath.random()with CSPRNG for retry jitter, add timing side-channel mitigation in Schnorr proof generationclearTimeouttofinallyblock, add upper bounds to resilience config (300s/20 max), validate config withclampPositive()<(...)and>(...)process substitution outside quotesdagVerifyfrom GET query string to POST body, extractfetchDag()helper to reduce duplication across 10 MCP toolsengine.publish()andproofClient.requestZkProof()in try/catch to prevent MCP tool handler crashes when Cortex is unavailableTest plan
npx vitest run)valid: trueby live Cortexclaude mcp listshowsmayros: Connected)