MAREF v0.35.0-rc
Pre-release
Pre-release
MAREF v0.35.0-rc — 审计安全修复版本
修复内容
P0 — 阻塞性安全修复:
- B1: 移除 HMAC 密钥硬编码 → 改为环境变量 / keyring (
federated_audit.py) - B2:
transition()添加 RLock 线程锁 → 消除状态机数据竞争 (state_machine.py)
P1 — 同版本修复:
- B3: 补充
@security_critical装饰器到 4 个模块 (cross_instance, economic, trust_boundary, sanitizer) - B4: 私有属性跨模块访问 → 替换为公共 getter (consensus_algorithm, auditor)
- B5: Byzantine 多数人暴政 → 加权投票 + trust_score 阈值 (
consensus_algorithm.py)
验证
- ruff: ✅ All checks passed
- mypy: ✅ 9 source files, 0 issues
- pytest: ✅ 145 passed (相关模块)
- secrets-scan: ✅ 通过
- CodeQL: ✅ 通过
PR
- #65 (待合并)
What's Changed
- feat(p0): add issue config, CODEOWNERS, and enhance PR template by @frankiehot-tech in #28
- fix(ci): repair Security Scan workflow failures by @frankiehot-tech in #29
- fix(ci): repair SonarCloud dependency and ruff lint errors by @frankiehot-tech in #39
- feat(security): add CodeQL analysis workflow by @frankiehot-tech in #40
- chore(deps-dev): bump concurrently from 9.2.1 to 10.0.3 in /gui by @dependabot[bot] in #37
- chore(deps-dev): bump typescript-eslint from 8.59.2 to 8.61.0 in /gui by @dependabot[bot] in #36
- chore(deps): bump lucide-react from 1.14.0 to 1.17.0 in /gui by @dependabot[bot] in #35
- chore(deps-dev): bump @types/node from 24.12.3 to 25.9.2 in /gui by @dependabot[bot] in #33
- chore(deps): bump zustand from 5.0.13 to 5.0.14 in /gui by @dependabot[bot] in #31
- chore(deps): update aiohttp requirement from >=3.9.0 to >=3.14.1 by @dependabot[bot] in #30
- chore(deps): update chromadb requirement from >=1.5.0 to >=1.5.9 by @dependabot[bot] in #1
- fix(ci): repair 3 failing workflows — security-scan, docker, release-gate by @frankiehot-tech in #42
New Contributors
- @dependabot[bot] made their first contribution in #37
Full Changelog: v0.30.0-GA...v0.35.0-rc