Merged
Conversation
* test: add container app phase 0 compatibility baseline
* test: add deeploy phase 1 compatibility baseline
* feat: add normalized container app exposed ports model
* refactor: drive container app runtime from exposed ports
* feat: add explicit container app semaphore port keys
* test: cover deeploy exposed ports request handling
* feat: translate deeploy dynamic env ui payloads
* fix: update agents.md
* feat: compile plugin value dynamic envs
* docs: clarify deeploy dynamic env contracts
* fix: update AGENTS.md
* feat: add HOST_URL semaphore key for host-accessible URL
Legacy URL uses the container port, which is only reachable inside
Docker's network. HOST_URL uses host_port so consumer plugins on
the host can reach the container without port confusion.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: validate docker image format during config validation
_validate_docker_image_format() was defined but never called, so
invalid image names only failed at container start time. Now checked
early in _validate_runner_config() for clear, immediate feedback.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: soften image validation to non-empty string check only
Docker image references have many valid forms (bare names, custom
registries, digests) that a format regex would struggle to cover.
The Docker daemon validates fully at pull/run time, so we only
guard against missing or blank IMAGE here.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: remove unused _validate_docker_image_format method
The non-empty string check in _validate_runner_config is sufficient;
Docker handles real format validation at pull/run time.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: use app_id__plugin_name as semaphore key, inline resolution
Changes the semaphore key format from sanitize_name("app_id__instance_id")
to "app_id__plugin_name". This makes keys deterministic from request data,
eliminating the need for a separate resolution pass and fixing the UPDATE
pipeline path which previously skipped shmem resolution entirely.
- Replace _resolve_shmem_references() with _resolve_shmem_in_plugins()
that uses plugin_name-based keys and runs inline during prepare
- Delete _compile_dynamic_env_ui() and _translate_dynamic_env_ui_in_instance_payload()
(DYNAMIC_ENV_UI compilation layer no longer needed — UI sends DYNAMIC_ENV directly)
- Remove plugin_semaphore_map from deeploy_specs (no longer needed)
- deeploy_prepare_plugins() now accepts app_id, returns just plugins (no tuple)
- Add duplicate plugin_name validation
- Add unknown shmem provider validation (fail at deploy time, not runtime)
- _autowire_native_container_semaphore() prefers plugin_name when available
- Update path now gets shmem resolution via flattened _resolve_shmem_in_plugins call
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: add exposed ports flattening rollout plan
* docs: clarify exposed ports compatibility scope
* refactor: flatten EXPOSED_PORTS tunnel config, add protocol and retry overrides
Flatten the nested tunnel sub-object into top-level fields on each
port config entry. Accept both flat and legacy nested input for
backward compatibility.
New normalized port config shape:
{ is_main_port, host_port, token, protocol, engine,
max_retries, backoff_initial, backoff_max }
- token: present = tunnel enabled (replaces tunnel.enabled + tunnel.token)
- protocol: tunnel origin scheme, default "http" (was hardcoded)
- engine: default "cloudflare", only cloudflare supported this phase
- Per-port retry overrides with global fallback defaults
- Flat fields win over nested tunnel fields when both present
- _build_tunnel_command uses protocol parameter
- _start_extra_tunnel accepts richer per-port config dicts
- get_cloudflare_protocol() override reads from normalized port config
- _validate_extra_tunnels_config stores rich config objects
- Validation: protocol against allowed set, engine cloudflare-only,
retry non-negative, backoff_max >= backoff_initial
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add HEALTH_CHECK disabled mode, HOST_PROTOCOL export, deprecation markers
- Add HealthCheckMode.DISABLED: app is ready immediately when container
is running, bypasses all probing and delay
- Export HOST_PROTOCOL semaphore key from main port's protocol field
- HOST_URL now uses actual protocol instead of hardcoded http://
- Group deprecated config fields (PORT, CLOUDFLARE_TOKEN, EXTRA_TUNNELS,
CLOUDFLARE_PROTOCOL, TUNNEL_ENGINE_PARAMETERS) at bottom of CONFIG
with @deprecated comments pointing to EXPOSED_PORTS equivalents
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: mark flatten exposed ports plan as implemented
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove per-port tunnel retry overrides (deferred to later phase)
Remove max_retries, backoff_initial, backoff_max from EXPOSED_PORTS
normalization and extra tunnel config. Per-port retry customization
is deferred until a concrete need appears. Global tunnel retry
settings remain unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: guard against None address from failed signature verification
deeploy_verify_and_get_inputs crashed with 'NoneType has no attribute
lower' when signature verification failed. Add null check with a clear
error message before the address comparison.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: add detailed logging for signature verification failures
Log the claimed sender, signature prefix, no_hash flag, and message
prefix before verification. On failure, log a clear diagnostic message
explaining what to check. On mismatch, log both recovered and claimed
addresses.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: move deeploy planning notes to wip
* refactor: move pipeline metadata persistence to background worker
Pipeline CSTORE saves are moved off the request critical path into a
dedicated background thread with retry logic, preventing slow R1FS
operations from blocking deploy responses. Chainstore response keys
are now reset before command dispatch so early confirmations are not
lost.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: validate plugin_name charset before building semaphore keys
plugin_name from request payload was used unsanitized in semaphore key
construction. Now enforced to [a-zA-Z0-9_-]+ in both
_resolve_shmem_in_plugins and deeploy_prepare_plugins.
* chore: increment version
* fix: raise on conflicting SEMAPHORE in _resolve_shmem_in_plugins
If an instance already has an explicit SEMAPHORE that differs from the
derived key, raise ValueError instead of silently overwriting. Matching
values are left untouched.
* fix: guard SEMAPHORE overwrite in _autowire_native_container_semaphore
Apply same conflict check as _resolve_shmem_in_plugins: raise if an
instance already has an explicit SEMAPHORE that differs from the
derived key.
* fix: honor tunnel.enabled=False in EXPOSED_PORTS normalization
nested_token was used as fallback even when tunnel.enabled was
explicitly False, unintentionally enabling tunnels. Now clears
nested_token and nested_engine when enabled is falsy, so only a
flat token can override a disabled nested tunnel.
* fix: only run shmem resolution when shmem entries exist
_resolve_shmem_in_plugins eagerly sets SEMAPHORE on all named
instances, which makes _autowire_native_container_semaphore treat
the config as manually wired and skip adding SEMAPHORED_KEYS to
containerized instances. Gate shmem resolution behind
_has_shmem_dynamic_env in both create and update paths.
* fix: resolve shmem per-node to avoid duplicate plugin_name on multi-node updates
Flattening plugins from all nodes into one list causes
_resolve_shmem_in_plugins to see the same plugin_name repeated
per node and raise a duplicate error. Apply shmem resolution and
autowiring independently per node.
* fix: fix pipelin_to_save typo and extract plugin_name validation
Rename pipelin_to_save to pipeline_to_save so it uses the variable
initialized before the loop, avoiding UnboundLocalError when no
pipelines start. Extract plugin_name uniqueness and charset validation
into _validate_plugin_names so it runs independently of shmem resolution.
* fix: carry legacy CLOUDFLARE_PROTOCOL into normalized EXPOSED_PORTS
_build_exposed_ports_config_from_legacy did not read cfg_cloudflare_protocol,
so legacy deployments with CLOUDFLARE_PROTOCOL: "tcp" normalized to
protocol "http". The main tunnel worked via get_cloudflare_protocol()
fallback, but the normalized state was inconsistent. Now the legacy
protocol is set on the main port entry during normalization.
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add attestation registry submission in redmesh close flow * fix: add execution_id to attestation * Add RedMesh job-start attestation submission flow * fix: set up private key in plugin config * fix: pass history read * fix: add loggign for attestation * feat: user can configure the count of scanning threads on UI * feat: add data models package * feat: keep jo config in r1fs * feat: single aggregation + consolidated pass report (phase 2) * feat: job archive & UI Aggregate (phase 3-4) * feat: fix backend endpoints to work with new cstore structure (phase 5) * fix: use constants everywhere in API (phase 11) * feat: live worker progress endpoints and methods (phase 1) * feat: job deletion & purge (phase 15) * fix: listing endpoint optimization (phase 15) * feat: scan metrics collection (phase 16a) * feat: scan metrics aggregation at node level (phase 16b) * fix: metrics visualization improvements * fix: scan profile simplification * fix: redmesh test * fix: service tests * fix: improve web tests | add cms fingerprinting * feat: add OWASP-10 identification * feat: add erlang_ssh & dns bind to cve db * fix: CVEs for databases * fix: CVEs for CMS & Frameworks * fix: tests CVEs for CMS & Frameworks * fix: Java applications & servers * fix: detected services count calculation * fix: add jetty | fix CVE findings * fix: use running env port for signaling plugin readiness * feat: job hard stop * fix: job stop * fix: PoT * feat: add scanner nodes ips to the report * feat: display thread-level ports info and stats * fix: increase job check timeout * feat: improve per-worker progress loader. Display per-thread status * fix: tests classification * fix: move metrix collector to a separate file * refactor: rename redmesh_utils to pentester_worker * chore: increment version --------- Co-authored-by: Alessandro <defranceschi_a@yahoo.com> Co-authored-by: toderian <vitalii.toderian@ratio1.ai>
* fix: prefer runtime self.port over self.cfg_port in semaphore env * chore: inc version
…e_r1fs is False, but the CID exists
…385) * Enable Safe signature verification in Deeploy manager APIs * simplify * chore: inc ver
cristibleotiu
approved these changes
Apr 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.