Skip to content

Chore: Release v3.1.0#16

Merged
dev-adamant-im merged 93 commits into
masterfrom
dev
Jul 1, 2026
Merged

Chore: Release v3.1.0#16
dev-adamant-im merged 93 commits into
masterfrom
dev

Conversation

@dev-adamant-im

Copy link
Copy Markdown
Member

Summary

Release ADAMANT Forging Pool v3.1.0 by merging dev into master.

Closes #15.

Diff Summary

Compared with master, dev is ahead by 93 commits and changes 89 files:

  • 24,463 insertions
  • 19,415 deletions

Main merged work included in this release:

Runtime, Dependencies, and Tooling

  • Updates root, server, and web package metadata to v3.1.0
  • Raises the runtime baseline to Node.js 22.13.0+ and npm 10+
  • Refreshes dependencies and lockfiles across root, server, web, and the migration helper
  • Moves ESLint configuration to flat config and removes obsolete .eslintignore / .eslintrc.cjs files
  • Adds Prettier and markdownlint configuration
  • Updates Husky hooks and removes the old commit-msg hook

Storage and Migration

  • Moves runtime storage to MongoDB-backed collections
  • Keeps LowDB support under server/src/repository/lowdb/ for older data and migration tests
  • Adds scripts/migrate-lowdb-mongodb/ with migration logic, tests, and package metadata
  • Adds MongoDB indexes for block, transaction, and voter queries
  • Makes MongoDB connection parameters configurable through the public config reference

Reward, Payout, and Accounting Safety

  • Hardens reward distribution and payout flows with async DB handling and focused tests
  • Persists per-voter block reward progress so retry/crash paths do not duplicate rewards
  • Normalizes pending reward values before payout accounting
  • Improves block parsing, block checking, payout retry behavior, and payout logging
  • Adds tests for reward distribution, payout behavior, block parsing, cron deferral, and store helpers

Secret Safety and Operator Controls

  • Adds optional operator-password-encrypted pool passphrases
  • Adds adm-pool encrypt, unlock, lock, and status CLI commands
  • Adds a local Unix control socket with owner-only runtime directory handling
  • Supports locked startup where block sync and public API stay available while payouts and ADM notifications are paused
  • Adds lock/unlock notifications and passphrase crypto tests

Public API and Monitoring

  • Adds /api/health for secret-free external monitoring
  • Refactors server API routing and public configuration responses
  • Preserves CORS configuration behavior and avoids exposing framework internals
  • Adds public locked-payout status for the dashboard

Dashboard and Web UI

  • Updates the dashboard to Svelte 5 and current Vite tooling
  • Adds voter and transaction filtering by address or name
  • Shows delegate/voter names under addresses when available
  • Fixes numeric sorting and weight percentage formatting
  • Improves dashboard metric layout, table alignment, footer links, and explorer links
  • Adds a theme-aware README logo through GitHub-supported <picture> markup

Documentation and Governance

  • Replaces older repo-local issue templates with organization-level issue forms
  • Adds root CONTRIBUTING.md
  • Adds AGENTS.md with repository-specific AI agent operating rules
  • Rewrites README setup, configuration, security, monitoring, and migration guidance for v3.1.0
  • Updates references from ADAMANT Foundation to ADAMANT developer community where appropriate

Risk Areas

  • Payout and reward accounting: review retry-safe reward distribution, pending reward normalization, and payout updates carefully
  • Secret safety: review encrypted passphrase handling, control socket permissions, prompt behavior, and notification logs
  • Migration: review LowDB-to-MongoDB migration behavior, block limits, and ADM address validation
  • Operations: verify locked-start behavior, adm-pool CLI flows, /api/health, MongoDB config, and deployment startup
  • Dashboard: verify table filtering, sorting, delegate/voter names, mobile layout, and explorer links

Verification

Release PR verification should include:

  • git diff --check master...dev
  • npm run build:web
  • npm --prefix server run lint
  • npm --prefix server test
  • npm --prefix web run lint
  • npm --prefix web run build
  • npm audit
  • npm --prefix server audit
  • npm --prefix web audit
  • npm --prefix scripts/migrate-lowdb-mongodb audit
  • Manual smoke test for locked startup, adm-pool status, dashboard load, /api/health, voter table sorting/filtering, and payout-safe startup logs

Release Notes

After merge, publish v3.1.0 with release notes covering:

  • MongoDB-backed storage and migration from older LowDB data
  • encrypted passphrase and adm-pool operator workflow
  • /api/health monitoring
  • Node.js 22.13.0+ runtime requirement
  • dashboard filtering/sorting/name-display improvements
  • payout/reward accounting hardening and retry safety

massivedev0 and others added 16 commits June 30, 2026 17:49
Feat: Encrypt pool passphrase with operator password, add adm-pool CLI and /api/health
Full security review of server/ and web/ per issue #10. Adds input
validation and fail-closed config checks on the untrusted-node and
payout-destination paths, and hardens the HTTP API. No reward math,
accounting invariants, retry behavior, or signing flow changed.

- validate node-supplied voter addresses and block ids before any MongoDB
  query, DB write, or transaction signing, preventing NoSQL operator
  injection and malformed payout destinations from a malicious/malformed
  node response (new ADM_ADDRESS_REGEX and utils.isAdmAddress)
- validate maintenancewallet/donatewallet ADM address format and
  reward/donate percentage ranges at startup, failing closed on a typo
- default CORS credentials to false (the API is public, read-only, and
  cookieless; a wildcard origin with credentials is an invalid combination)
- add a generic Express error handler so internal errors and stack traces
  are not disclosed to clients, and disable the X-Powered-By banner
- add focused tests for address validation across distribution, payout,
  and block parsing

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Fix: Address security review findings in server and web
@dev-adamant-im dev-adamant-im added Task General task not necessarily related to code JavaScript Frontend or backend code in JavaScript NodeJS Backend logic, APIs, and Node.js environment Web Issues specific to web client app DB Work related to databases (PostgreSQL, MongoDB, migrations, queries) Security Topics about security approaches, cryptography, authentication, or vulnerabilities labels Jul 1, 2026
@dev-adamant-im dev-adamant-im mentioned this pull request Jul 1, 2026
6 tasks
@dev-adamant-im dev-adamant-im linked an issue Jul 1, 2026 that may be closed by this pull request
6 tasks
@dev-adamant-im dev-adamant-im self-assigned this Jul 1, 2026

@al-onyxprotocol al-onyxprotocol left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gw

@dev-adamant-im dev-adamant-im merged commit e11affc into master Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

DB Work related to databases (PostgreSQL, MongoDB, migrations, queries) JavaScript Frontend or backend code in JavaScript NodeJS Backend logic, APIs, and Node.js environment Security Topics about security approaches, cryptography, authentication, or vulnerabilities Task General task not necessarily related to code Web Issues specific to web client app

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Task] Release v3.1.0

5 participants