Skip to content

MAREF v0.35.0-rc

Pre-release
Pre-release

Choose a tag to compare

@frankiehot-tech frankiehot-tech released this 25 Jun 10:35

MAREF v0.35.0-rc — 审计安全修复版本

修复内容

P0 — 阻塞性安全修复:

  • B1: 移除 HMAC 密钥硬编码 → 改为环境变量 / keyring (federated_audit.py)
  • B2: transition() 添加 RLock 线程锁 → 消除状态机数据竞争 (state_machine.py)

P1 — 同版本修复:

  • B3: 补充 @security_critical 装饰器到 4 个模块 (cross_instance, economic, trust_boundary, sanitizer)
  • B4: 私有属性跨模块访问 → 替换为公共 getter (consensus_algorithm, auditor)
  • B5: Byzantine 多数人暴政 → 加权投票 + trust_score 阈值 (consensus_algorithm.py)

验证

  • ruff: ✅ All checks passed
  • mypy: ✅ 9 source files, 0 issues
  • pytest: ✅ 145 passed (相关模块)
  • secrets-scan: ✅ 通过
  • CodeQL: ✅ 通过

PR

  • #65 (待合并)

What's Changed

  • feat(p0): add issue config, CODEOWNERS, and enhance PR template by @frankiehot-tech in #28
  • fix(ci): repair Security Scan workflow failures by @frankiehot-tech in #29
  • fix(ci): repair SonarCloud dependency and ruff lint errors by @frankiehot-tech in #39
  • feat(security): add CodeQL analysis workflow by @frankiehot-tech in #40
  • chore(deps-dev): bump concurrently from 9.2.1 to 10.0.3 in /gui by @dependabot[bot] in #37
  • chore(deps-dev): bump typescript-eslint from 8.59.2 to 8.61.0 in /gui by @dependabot[bot] in #36
  • chore(deps): bump lucide-react from 1.14.0 to 1.17.0 in /gui by @dependabot[bot] in #35
  • chore(deps-dev): bump @types/node from 24.12.3 to 25.9.2 in /gui by @dependabot[bot] in #33
  • chore(deps): bump zustand from 5.0.13 to 5.0.14 in /gui by @dependabot[bot] in #31
  • chore(deps): update aiohttp requirement from >=3.9.0 to >=3.14.1 by @dependabot[bot] in #30
  • chore(deps): update chromadb requirement from >=1.5.0 to >=1.5.9 by @dependabot[bot] in #1
  • fix(ci): repair 3 failing workflows — security-scan, docker, release-gate by @frankiehot-tech in #42

New Contributors

Full Changelog: v0.30.0-GA...v0.35.0-rc