feat(explorer): Tier 1 miner dashboard + Tier 2 marketplace for bounty #686#688
Closed
liu971227-sys wants to merge 317 commits intoScottcjn:mainfrom
Closed
feat(explorer): Tier 1 miner dashboard + Tier 2 marketplace for bounty #686#688liu971227-sys wants to merge 317 commits intoScottcjn:mainfrom
liu971227-sys wants to merge 317 commits intoScottcjn:mainfrom
Conversation
security: harden attestation endpoint against replay and spoofing
This commit adds comprehensive API documentation for the RustChain Node API: - /health - Node health check endpoint - /api/stats - Chain statistics and network info - /api/miners - List all registered miners - /wallet/balance - Query wallet balance by miner_id - /wallet/transfer/signed - Submit signed transfer transactions Includes: - Complete schemas for all request/response objects - Examples for all endpoints - Error response documentation - Security and authentication notes Closes Scottcjn#46 via /claim Co-authored-by: OpenClaw Assistant <assistant@openclaw.ai>
docs: Add OpenAPI 3.0 specification for RustChain Node API
This whitepaper covers: - Proof-of-Antiquity consensus mechanism (RIP-200) - 6-layer hardware fingerprinting system - Antiquity multipliers and time-decay formula - RTC tokenomics and supply distribution - Ergo blockchain anchoring - Security analysis and threat model - Future roadmap /claim Scottcjn/rustchain-bounties#42 Co-authored-by: OpenClaw Bounty Bot <bounty@openclaw.ai>
…ttcjn#15) - README.md: Quick start guide with architecture overview - API.md: All endpoints with curl examples - GLOSSARY.md: 30+ terms defined - PROTOCOL.md: Full RIP-200 spec with Mermaid diagrams This documentation makes RustChain accessible to outside developers and AI agents.
- Add validate_fingerprint_data() server-side validation - Fix _compute_hardware_id() field name mismatch (model vs device_model) - Add wallet/transfer admin key requirement (CVE: unauthenticated transfers) - Add IP rate limiting for attestation endpoint - Add hardware_binding_v2 with entropy validation and anti-spoof - Add pending transfer system with 24h confirmation delay - Add sophiacheck alert system for suspicious activity - Fix rewards_implementation_rip200 type error (Connection vs string) These fixes have been running in production since Feb 3, 2026. Security audit by BuilderFred identified initial vulnerabilities. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
8 miners were attesting but only 2 were enrolled because enrollment required a separate POST /epoch/enroll call that most miner scripts didn't implement. External miners (like silveredge-agent-01 from Michigan) earned 0 RTC despite 475 valid attestations. Changes: - Auto-enroll miners in current epoch on successful attestation - Expand HARDWARE_WEIGHTS to include POWER8, Apple Silicon, G3 - Miners no longer need separate enrollment call to earn rewards Note to silveredge: you can now get paid for attesting. Come back online and your rewards will start accumulating automatically. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The /balance/ endpoint was reading the stale balance_rtc column which was never updated by epoch settlement (which credits amount_i64). Miners showed 0 RTC despite having earned rewards. Fixes: - /balance/ endpoint now reads amount_i64 and checks both miner_pk/miner_id - Settlement and transfer SQL now updates balance_rtc alongside amount_i64 - Backfilled all existing balance_rtc from amount_i64 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Auto-enroll now correctly resolves device_family/device_arch fields (POWER8 was getting 1.0 instead of 2.0) - /api/miners endpoint now uses HARDWARE_WEIGHTS dict instead of hardcoded values (was showing 0.8 for modern, now correct 1.0) - Added app.logger for auto-enroll debugging under gunicorn Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Triggers on clawrtc-v* tags or manual dispatch. Uses PyInstaller to build a single-file Windows executable and uploads it as both a build artifact and a release asset. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Adds up-to-date e-waste figure and source link in docs/WHITEPAPER.md.
Co-authored-by: David Tang <davidtang@DaviddeMacBook-Air.local>
Co-authored-by: David Tang <davidtang@DaviddeMacBook-Air.local>
(cherry picked from commit 04a83ae)
(cherry picked from commit 9bd5620)
5 papers with DOI badges: 1CPU1Vote, Vec_Perm Collapse, PSE Hardware Entropy, Neuromorphic Prompt Translation, and RAM Coffers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge bounty hardening patch for admin OUI denylist endpoints.
Merge explorer dashboard XSS hardening patch.
Merge security patch for /pending/list and /pending/integrity auth.
Co-authored-by: David Tang <davidtang@DaviddeMacBook-Air.local>
Co-authored-by: David Tang <davidtang@DaviddeMacBook-Air.local>
Co-authored-by: David Tang <davidtang@DaviddeMacBook-Air.local>
* feat(wallet): add headless rustchain-wallet CLI with encrypted keystore and signed transfer * docs/tests(wallet): add keystore compatibility aliases and cross-platform validation notes --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
…n#38) * feat(docs): add static public network status page * feat(status): add 90-day uptime history, incident log, feeds, and badge --------- Co-authored-by: xr <xr@xrdeMac-mini-2.local>
…cottcjn#551) Co-authored-by: liu971227-sys <248239659+liu971227-sys@users.noreply.github.com>
test_wallet_cli_39.py imports cryptography (Ed25519 + AES-GCM) from tools/rustchain_wallet_cli.py. Without this dependency in requirements.txt, CI fails with ImportError. Also adds mnemonic>=0.20 for BIP39 seed phrase support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
test_wallet_cli_39.py imports cryptography transitively through tools/rustchain_wallet_cli.py. CI installs tests/requirements.txt separately, so the dep must be listed here too. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Top-level select and ignore under [tool.ruff] are deprecated in ruff >=0.2.0. Consolidate them under [tool.ruff.lint] to silence DeprecationWarnings and prevent future breakage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The RIP-201 XFF security fix (deployed to all 3 nodes) correctly rejects spoofed X-Forwarded-For headers and uses REMOTE_ADDR. The test was still asserting the old vulnerable behavior where the spoofed header was trusted. Rename test to reflect fixed behavior and update assertion to expect REMOTE_ADDR (10.0.0.9) instead of spoofed XFF IP. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…n#502) Co-authored-by: Claw (AI Agent) <claw@openclaw.ai>
- Added pip-installable Python SDK - Supports all node API endpoints: health, miners, balance, epoch, eligibility, attestation, transfer - Async support with aiohttp - Type hints throughout - SSL verification toggle (handles self-signed certs) - Retry logic with exponential backoff - CLI tool included Closes Scottcjn#36 Co-authored-by: sososonia-cyber <sososonia@example.com>
Phase 1-3 implementation: - POST /agent/jobs — Post jobs with RTC escrow - POST /agent/jobs/<id>/claim — Claim open jobs - POST /agent/jobs/<id>/deliver — Submit deliverables - POST /agent/jobs/<id>/accept — Accept & release escrow - POST /agent/jobs/<id>/dispute — Reject delivery - POST /agent/jobs/<id>/cancel — Cancel & refund - GET /agent/jobs — Browse marketplace - GET /agent/reputation/<wallet> — Trust scores - GET /agent/stats — Marketplace overview Economics: 5% platform fee → founder_community Escrow: Full reward + fee locked on post, released on accept Reputation: Trust score 0-100 based on completion rate + ratings
github-actions
bot
added
BCOS-L1
Code Review - PR #688 (Thorough)Review Type: Thorough Summary: Implements Tier 1 Miner Dashboard + Tier 2 Agent Economy Marketplace. Key Changes:
Code Quality:
Suggestions:
Verdict: Approve with minor suggestions Wallet: achieve07-bot |
Owner
|
@liu971227-sys — The Tier 1+2 dashboard looks great visually. But this PR modifies the main node file ( Can you move the explorer HTML into a separate template file (like Same quality work, just needs to live in its own file. Resubmit and it's ready to merge + pay. |
Contributor
Author
|
Implemented and pushed to the same PR branch. Changes made:
Commit: 23c2ecc Please re-check - this should now satisfy the no-embedded-explorer-HTML requirement. |
Owner
|
@liu971227-sys — Good, thank you for separating the explorer UI out of the main node file. That was the key concern. Reviewing the updated changes now. |
Owner
|
@liu971227-sys Good work on separating the explorer HTML into its own file. Clean refactor. Merge blocked by conflicts — the Value: 10 RTC once merged. Please share your RTC wallet name. |
Scottcjn
requested changes
Mar 8, 2026
Owner
Scottcjn
left a comment
Scottcjn
left a comment
There was a problem hiding this comment.
Thanks for the UI upgrade — the dark theme and architecture badges look great.
However, there's a production deployment blocker:
Issue: File path won't resolve in production
EXPLORER_DIR = os.path.join(REPO_ROOT, "tools", "explorer")
return send_from_directory(EXPLORER_DIR, "index.html")On the VPS, the server runs from /root/rustchain/ with just the .py files — there's no tools/explorer/ directory. This will 404 in production. The old inline HTML approach was ugly but always worked.
Options to fix:
- Keep the HTML as an inline string (current production approach)
- Use a configurable
EXPLORER_DIRwith fallback to inline HTML if the file doesn't exist - Place
index.htmlalongside the server .py file in a known location
Other notes:
- Please verify all referenced API endpoints exist (
/api/miners,/api/jobs, etc.) - The
send_from_directoryimport — is it already imported at the top of the file?
Please fix the deployment path issue and I'll re-review. Good work on the UI itself.
Owner
|
Merged! Moving the inline explorer HTML out of the Python server file is a genuine architectural improvement. Nice dashboard additions too. Please share your wallet name to receive the bounty payment. — Sophia |
Owner
|
Merged manually via commit 49a86eb on main. The PR had merge conflicts due to fork history divergence (317 commits, unrelated histories). Resolved by applying the actual changes directly:
Net: -585 lines from the node server file. Credit preserved via Co-Authored-By. Closing PR as changes are now on main. |
Owner
|
Changes applied to main (commit 49a86eb). Thank you for the clean refactor — extracting the explorer HTML was the right move. 10 RTC queued. Please reply with your RTC wallet name for payment. |
createkr
pushed a commit
to createkr/Rustchain
that referenced
this pull request
Mar 22, 2026
…ttcjn#688) Refactor inline explorer HTML (589 lines) into separate template file. Adds Tier 1 miner dashboard + Tier 2 agent marketplace dark theme UI. Server serves from tools/explorer/ with os.path.isfile fallback check. Closes Scottcjn#688 (bounty Scottcjn#686) — credit: liu971227-sys Co-Authored-By: liu971227-sys <248239659+liu971227-sys@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Tier 1 + Tier 2 for bounty #686 by upgrading
/explorerinto a real-time dashboard.Tier 1: Miner Dashboard
Tier 2: Agent Economy Marketplace View
Technical notes
/explorer/api/miners,/agent/jobs,/agent/stats,/agent/reputation/<wallet>,/health,/epoch)Validation
python -m pytest tests/test_api.py -q(7 passed)Closes #686