Vantz Stockwell 6b3e805ac2 feat(host-agent): Phase 3a signed self-update (minisign) + CI signing gate ...

Agent only ever runs a binary whose minisign signature verifies against
the EMBEDDED public key. NATS host.cmd func 'update' {url}: download
binary + .minisig from the CDN -> verify against embedded pubkey ->
atomic swap (.old rollback) -> relaunch. URL allowlist (https + cdn.
corrosionmgmt.com only, rejects userinfo-bypass), 100MiB cap. Closes the
supply-chain hole: even a malicious CDN upload can't run unsigned.

CI: build-host-agent.yml signs every artifact with MINISIGN_SECRET_KEY
(Gitea secret) and publishes .minisig alongside; the step FAILS the
build if the secret is absent (refuses to ship unsigned). Bumped to
alpha.6.

6 deterministic tests (accept valid / reject tampered+garbage+empty sig,
URL allowlist incl userinfo-bypass, atomic swap+rollback). Fixtures
signed with the real release key so tests need no key at runtime. Full
suite 50/50 green; musl + native build clean.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-11 20:00:36 -04:00

.claude

docs: Add CLAUDE.md and Claude Code settings

2026-02-15 12:28:16 -05:00

.gitea/workflows

feat(host-agent): Phase 3a signed self-update (minisign) + CI signing gate

2026-06-11 20:00:36 -04:00

backend

feat(api): fleet data model Phase A — License -> Host -> Instance

2026-06-11 12:00:52 -04:00

backend-nest

feat(api): complete per-instance file op-set (delete/rename/mkdir/mkfile/move/copy)

2026-06-11 19:24:31 -04:00

companion-agent

fix(panel): real auto-updating version + remove fake agent footer; rename companion -> Corrosion host agent

2026-06-11 09:03:37 -04:00

contract-tests

ci: full test gate — types, frontend build, agent tests, agent<->backend contract suite

2026-06-11 10:59:44 -04:00

corrosion-host-agent

feat(host-agent): Phase 3a signed self-update (minisign) + CI signing gate

2026-06-11 20:00:36 -04:00

docker

fix(nats): no_auth_user is top-level, not inside authorization{} — broke broker startup

2026-06-11 12:47:14 -04:00

docs

feat: Add Phase 5 store configuration UI

2026-02-15 14:57:30 -05:00

frontend

chore(frontend): bump version 1.0.0 -> 1.0.1

2026-06-11 19:38:52 -04:00

infra

fix: Remove Gitea env var pre-config (let wizard handle it)

2026-02-15 13:32:20 -05:00

plugin

feat: Add CorrosionTeleportGUI uMod plugin — in-game teleport CUI

2026-02-22 01:12:34 -05:00

scripts

fix(nats): no_auth_user is top-level, not inside authorization{} — broke broker startup

2026-06-11 12:47:14 -04:00

.env.example

fix(frontend): env-driven marketing host detection

2026-06-11 10:47:15 -04:00

.gitignore

chore: Update .gitignore — protect MCP credentials, add NestJS outputs

2026-02-16 00:45:10 -05:00

AGENTS.md

fix(marketing): strip dead Discord invite from footer; docs: Scout tier -> sonnet[1m]

2026-06-11 09:28:06 -04:00

CHANGELOG.md

feat(seo): per-route titles + meta descriptions; ci: honest runner test

2026-06-11 10:35:58 -04:00

CLAUDE.md

docs(claude): Lesson 27 — lint infra config before deploy; compose up -d recreates changed deps

2026-06-11 12:53:06 -04:00

corrosion-final-push.md

chore: Wave 5 — marketing copy fix + operation log

2026-02-21 13:36:44 -05:00

deploy-remote.sh

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

generate-sqlx-cache.sh

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

hardpush.log

feat: Implement Phase 6 B2B hosting integration (minimal viable B2B)

2026-02-15 15:05:17 -05:00

PHASE456_AUDIT.md

fix: Schema alignment and code corrections (COA 2)

2026-02-15 18:23:33 -05:00

Description

Corrosion Admin Panel repository

41 MiB

Releases 18

Corrosion Host Agent v1.0.9 Latest

2026-06-11 09:03:37 -04:00

Languages

Vue 40.1%

TypeScript 25.8%

Rust 24.8%

Go 4%

C# 2.8%

Other 2.3%