Skip to content

merging master into experiimental#351

Open
dellams wants to merge 651 commits into
Experimentalfrom
master
Open

merging master into experiimental#351
dellams wants to merge 651 commits into
Experimentalfrom
master

Conversation

@dellams

@dellams dellams commented Dec 22, 2025

Copy link
Copy Markdown
Collaborator

Note

Medium Risk
Moderate risk because it changes CI orchestration by adding a new test-starapi-client job and making release builds depend on it; failures or environment assumptions in the PowerShell test suite could block packaging. Other changes are documentation and .gitignore hygiene with minimal runtime impact.

Overview
CI now runs the STARAPIClient automated suite by adding a new test-starapi-client job that executes OASIS Omniverse/STARAPIClient/run_star_api_test_suite.ps1, uploads TestResults/ artifacts, and is required for build-and-package.

Repo hygiene and docs were expanded: .gitignore now excludes common deployment secrets/config (e.g. .env, hardhat.config.js, deployed-addresses.json, *.key/*.pem) and STAR CLI publish/install artifacts; a stale Dockerfile.star-api.new was removed; and multiple new Docs/Devs/* guides were added/linked covering smart-contract deployment and cross-platform getting-started/installer workflows.

Written by Cursor Bugbot for commit d69b90f. This will update automatically on new commits. Configure here.

Comment thread OASIS Architecture/NextGenSoftware.OASIS.OASISBootLoader/OASISBootLoader.cs Outdated
Comment thread OASIS Architecture/NextGenSoftware.OASIS.API.Core/Enums/HolonType.cs Outdated
Comment thread .gitignore Outdated
Comment thread OASIS Architecture/NextGenSoftware.OASIS.API.Core/Enums/HolonType.cs Outdated
Comment thread .gitignore
Comment thread .github/workflows/ci-cd.yml
Comment thread .gitignore
Comment thread .gitignore
Comment thread Docs/Devs/CONTRACT_DEPLOYMENT.md Outdated
npx hardhat run scripts/deploy.js --network optimism
# ... etc for each chain
```

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation references non-existent script directory paths

High Severity

The deployment documentation instructs users to run commands like node scripts/deploy-evm-chain.js and cp scripts/hardhat.config.template.js hardhat.config.js, but these scripts are actually located at Scripts/Smart Contracts/, not scripts/. Every command users run following the documentation will fail with "file not found" errors. The deployment scripts exist but at the wrong path documented.

Additional Locations (2)

Fix in Cursor Fix in Web

npm run deploy:all:testnet
npm run deploy:aptos:testnet
npm run deploy:sui:mainnet
# ... see package.json for all scripts

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing npm scripts referenced in documentation

High Severity

The documentation claims users can run npm scripts like npm run check-status, npm run deploy:ethereum:testnet, and npm run deploy:all:testnet, but the root package.json contains no scripts section at all—only a devDependency for mermaid-cli. Users attempting to run these documented commands will get "missing script" errors.

Additional Locations (1)

Fix in Cursor Fix in Web

3. **Checklist**: `DEPLOYMENT_CHECKLIST.md` - Step-by-step checklist
4. **Status**: `DEPLOYMENT_STATUS.md` - Current deployment status
5. **Scripts**: `scripts/README.md` - Scripts documentation
6. **Summary**: `scripts/DEPLOYMENT_AUTOMATION_SUMMARY.md` - Automation overview

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Documentation index references non-existent files

Medium Severity

The documentation index references scripts/QUICK_START.md and scripts/README.md as available documentation files, but these files don't exist at the specified paths. Users looking for the Quick Start guide or Scripts documentation will encounter broken references.

Additional Locations (1)

Fix in Cursor Fix in Web

shell: pwsh
run: |
& "OASIS Omniverse/STARAPIClient/run_star_api_test_suite.ps1" -Configuration Release -KillStaleTestHosts $true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

STARAPIClient tests likely fail on Ubuntu

High Severity

The new test-starapi-client job runs run_star_api_test_suite.ps1 on ubuntu-latest via pwsh, but related STARAPIClient scripts in the same area use Windows-only tooling/paths (e.g., C:\..., MSVC). If run_star_api_test_suite.ps1 has similar assumptions, the workflow will fail and block build-and-package via needs.

Additional Locations (1)

Fix in Cursor Fix in Web

Comment thread .gitignore
STAR ODK/NextGenSoftware.OASIS.STAR.CLI/publish/linux-arm64/DNA/Default/OASIS_DNA.json
STAR ODK/NextGenSoftware.OASIS.STAR.CLI/publish/linux-arm64/DNA/CelestialBodyDNA.json
STAR ODK/NextGenSoftware.OASIS.STAR.CLI/publish/linux-arm64/Cosmos.CRTCompat.dll
STAR ODK/NextGenSoftware.OASIS.STAR.CLI/publish/installers/star-cli-3.4.0-win-x64.exe

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Entire publish gitignore block duplicated from merge

Low Severity

The entire block of publish directory entries (lines 315–877) is exactly duplicated at lines 878–1440, adding ~560 redundant lines from what appears to be a merge artifact. Additionally, most entries under publish/ subdirectories are already covered by the existing publish/ pattern on line 139, making them doubly unnecessary. Only the publishwin-x64/ entries aren't covered by the existing pattern.

Additional Locations (1)

Fix in Cursor Fix in Web

@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 26, 2026 05:10 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 06:43 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 08:12 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 19:04 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 19:11 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 20:29 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 20:31 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 20:31 Inactive
@railway-app
railway-app Bot temporarily deployed to invigorating-recreation / production February 27, 2026 21:04 Inactive
dellams and others added 30 commits July 14, 2026 23:37
- 9 tests in ONETControllerLifecycleTests: singleton caching, GetNetworkStatus,
  StartNetwork, StopNetwork, GetNetworkStats, GetNetworkTopology, null-body 400s,
  GetConnectedNodes without signature headers
- 12 tests in ONODEControllerLifecycleTests: singleton caching, GetNodeStatus,
  GetNodeInfo, StartNode, StopNode (not running → 400), RestartNode, GetNodeMetrics,
  GetNodeLogs, GetConnectedPeers, GetNodeStats, GetNodeConfig, null-body 400s
- Updated ONET-ONODE-SESSION-NOTES.md with Phase 5-7 entries and revised TODO list
… success is not masked by Solana send retries
…comments in Avalanche/Base/Cosmos/EOSIO

ParkManager second constructor: base class handles all init, comment was vestigial.
OAPPManager.PublishToDotNet: remove dead draft comments above working Process.Start call.
Avalanche/Base/Cosmos/EOSIO GenerateKeyPair: replace misleading TODO with explanatory
comment — provider-specific secp256k1 key generation already done via Nethereum above
the KeyHelper call (which is used only as an IKeyPairAndWallet container).
- Add LeelaAI to AIProviderType enum
- Add LeelaAISettings class and Web6Settings.LeelaAI property to OASISDNA
- Add LeelaAI API key field to Web6ApiKeysSettings (env: LEELA_API_KEY)
- Wire up key loading and Lambda endpoint in AIProviderManager
- Suppress tool definitions for LeelaAI (API returns 400 if tools present)
- Model fixed to "leela" per OpenAPI spec; endpoint appends /v1/chat/completions

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…NFT mint

When the NFT founders flow auto-creates an avatar, RegisterAsync now accepts
suppressVerificationEmail=true so the OASIS verification email is skipped —
the mint confirmation email with the activation link is the only email sent.

Co-Authored-By: David Ellams <davidellams@hotmail.com>
… SetProviderConfig, OASISResultHelper

HolonManager.SendHolon<T>: load from sourceProviderType, save to destinationProviderType with error handling.
AvatarManager-Private MergeAvatarDetail: add missing Strength/Speed/Dexterity/Toughness/Vitality/Endurance attribute copies.
ProviderController.SetProviderConfig: add cases for all providers with ConnectionString (was MongoDB only).
OASISResultHelper CopyResult: copy StackTraces alongside InnerMessages in all overloads (was missing).
The async RegisterAsync overload already had this parameter but the sync
Register method was missing it, causing a build error at line 302.
AptosOASIS:
- SaveHolonsAsync: was returning holons unchanged with fake success; now loops SaveHolonAsync for each holon with proper error handling and continueOnError support
- DeleteHolonAsync(Guid): was fabricating a Holon from the id without any chain call; now delegates to the string-based overload that calls the Aptos Move delete_holon SC
- ImportAsync: was unconditionally returning true without writing anything; now calls SaveHolonsAsync to actually persist holons to Aptos

ElrondOASIS:
- MintTokenAsync: implements MultiversX ESDTLocalMint via /transaction/send endpoint
- BurnTokenAsync: implements MultiversX ESDTNFTBurn via /transaction/send endpoint
- LockTokenAsync: sends ESDTNFTTransfer to MultiversX bridge contract with lock argument
- UnlockTokenAsync: calls bridge SC unlock function with token identifier

OASISBootLoader:
- Uncomment NEAROASIS project reference in .csproj (Ed25519 uses System.Security.Cryptography built-ins, no external package required)
- Add using NextGenSoftware.OASIS.API.Providers.NEAROASIS
- Uncomment NEAROASIS init block so provider can be activated via OASISDNA config
…ry, Avalonia tray app, CLI extensions, Web4 Holon bridge endpoints
…tarManager

Revert BCrypt.HashPassword from three update endpoints in AvatarController
and instead hash in SaveAvatarAsync (AvatarManager-Save.cs) so all code
paths — register, update-by-id, update-by-email, update-by-username — go
through the same hashing logic. Plaintext passwords are detected by the
absence of the $2 bcrypt prefix.
Password encryption (PasswordEncryptionHelper):
- Layer 1: BCrypt (existing, adaptive cost hash)
- Layer 2: Rijndael-256 / AES-256-CBC (now wired in, key from OASISDNA)
- Layer 3: Quantum-resistant AES-256-GCM AEAD (new, key from OASISDNA)
- All 3 layers are individually toggleable in OASISDNA.Security.AvatarPassword
- Added QuantumEncryptionKey field to EncryptionSettings
- SaveAvatarAsync, SaveAvatar, ProcessAvatarLogin and ResetPassword now
  route through PasswordEncryptionHelper instead of bare BCrypt calls
- IsAlreadyHashed() detects qpq:/r256:/$2 prefixes to avoid double-hashing
- Default DNA sets Rijndael/Quantum disabled until keys are configured

DID (Decentralized Identifier) support:
- IAvatar + Avatar gain DID (auto-derives as did:oasis:<Id>) and DIDPublicKey
- SecuritySettings gains DIDEnabled flag in OASISDNA
- JWT tokens include a did claim when DIDEnabled = true
- New AuthenticateWithDIDAsync in AvatarManager verifies ECDsa P-256
  challenge-response signatures against the stored DIDPublicKey
- POST /api/avatar/authenticate-did endpoint wired in AvatarController
- AuthenticateWithDIDRequest model (DID, Challenge, Signature)
- DIDChallengeStore: thread-safe in-memory nonce store with 5-minute TTL and
  single-use consumption to prevent replay attacks
- AvatarManager.GenerateDIDChallenge: issues a cryptographically random nonce
  tied to the DID; replaces any previous pending nonce for that DID
- AuthenticateWithDIDAsync: now validates the challenge was server-issued and
  not expired/replayed before checking the signature
- GET /api/avatar/did-challenge/{did} endpoint wired in AvatarController
- Docs updated: GET /did-challenge/{did} section, two-step flow description,
  and C#/JS client examples updated to show the server-nonce pattern
…uto-update, SkiaSharp icon generation, rate limiting, audit log, active-nodes endpoint, provider management, and GitHub Actions release workflow
- IDIDChallengeStore interface in Core.Helpers (no new deps on Core)
- InMemoryDIDChallengeStore: ConcurrentDictionary with expiry sweep, default
- DIDChallengeStore: static facade with SetProvider() for startup injection
- RedisDIDChallengeStore (WebAPI only): atomic Lua GET+DEL for replay
  protection, native Redis TTL, StackExchange.Redis 3.0.17
- DIDChallengeStoreSettings added to OASISDNA: Provider/RedisConnectionString/
  RedisKeyPrefix/NonceTtlSeconds
- Startup.cs reads DNA config and calls SetProvider() before first request
- Docs: nonce store section, provider comparison table, extension point guide
…lient to sln

- ONODEWebSocketHub.cs: add explicit using directives (System, Generic, Linq,
  Threading) and WS alias for System.Net.WebSockets.WebSocket to resolve
  'WebSocket is a namespace' ambiguity, missing List<>/ArraySegment<>/
  CancellationToken errors, and ConcurrentBag Except/Count(pred) issues
- STAR.WebUI.csproj: bump AutoMapper 12.0.0 → 16.2.0 to match API.Core's
  requirement and eliminate WarningAsError NU1107 downgrade error
- The OASIS.sln: add ONODE.Client project (referenced by STAR.CLI and
  ONODE.Manager but missing from solution)
- Startup.cs: add using System.Threading for CancellationToken
- ONODEController.cs: add using System.IO for Path; initialise
  providersEl to default to satisfy definite-assignment analysis
…, adding ONODE client, manager and service (part of the new ONODE/ONET upgrades)
… OASIS-HyperDrive-Client

Update root folder references in both the Design Spec and Implementation doc
to match the actual repo location at C:\Source\OASIS-HyperDrive-Client.
Project/solution file names (OasisHyperDriveClient.*) and AppData paths are
unchanged as they reflect the assembly name, not the folder name.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant