Files
neuron-tai/.scratch/alpha-hardening/issues/01-c1-gossip-auth_completed.md
2026-07-13 14:14:37 +02:00

42 lines
2.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Status: done
# 01 — C1: Authenticate hive gossip endpoints
## What to build
Add authenticated peer identity to all tracker gossip mutation endpoints. Today any caller can push billing, account, and stats events without verification.
**Code refs:**
- `packages/tracker/meshnet_tracker/server.py``_handle_billing_gossip` (~24142427)
- `packages/tracker/meshnet_tracker/server.py``_handle_accounts_gossip` (~26102623)
- `packages/tracker/meshnet_tracker/server.py``_handle_stats_gossip` (~23552364)
- `packages/tracker/meshnet_tracker/billing.py``apply_events` (~301311)
- `packages/tracker/meshnet_tracker/accounts.py``apply_events` (~220226)
Implement per ADR-0017 §3 using the auth helper/config from issue 02: shared hive HMAC (body + timestamp) or mutual TLS between configured tracker peers. Reject unauthenticated gossip with 401.
**Note:** `/v1/gossip` (node throughput fan-out, `server.py` ~1331) is **not** in scope for this issue — see ADR-0017 §3 out-of-scope note.
## Test-first
1. Red: unauthenticated POST to `/v1/billing/gossip` applies a credit event today — test must fail after fix.
2. Red: authenticated peer with valid HMAC applies events; invalid/missing auth returns 401 and `applied: 0`.
3. Green: wire the issue-02 verifier/config (`--hive-secret` or peer cert paths) into the three hive mutation endpoints.
## Acceptance criteria
- [ ] `/v1/billing/gossip`, `/v1/accounts/gossip`, `/v1/stats/gossip` reject requests without valid hive auth
- [ ] Authenticated peers replicate events as today (id-dedup preserved)
- [ ] Config documented for multi-tracker dev setups
- [ ] Tests cover reject + accept paths without live network
## ADR links
- [ADR-0017](../../docs/adr/0017-tracker-authentication-and-authorization.md)
- [ADR-0016](../../docs/adr/0016-alpha-scope-and-known-limitations.md)
## Blocked by
- `02-a2-unified-auth-boundary_completed.md` — owns shared auth middleware/config. Implement in the same PR if simpler.