fix: update provenance.json hashes to match current files (#1548 )

2026-04-15 03:50:51 +00:00
2 changed files with 18 additions and 128 deletions
--- a/provenance.json
+++ b/provenance.json
@@ -9,28 +9,28 @@
  },
  "files": {
    "index.html": {
-      "sha256": "71ba27afe8b6b42a09efe09d2b3017599392ddc3bc02543b31c2277dfb0b82cc",
-      "size": 25933
+      "sha256": "562418d180da01b0eae320ee6604c33cf70aeee03d0ff918c27d0aa36509d6d5",
+      "size": 20989
    },
    "app.js": {
-      "sha256": "2b765a724a0fcda29abd40ba921bc621d2699f11d0ba14cf1579cbbdafdc5cd5",
-      "size": 132902
+      "sha256": "df304e3d4d76ecca6f84a477d7729625fe51ff23ef3a24df554a61cf5b8f2d43",
+      "size": 140652
    },
    "style.css": {
-      "sha256": "cd3068d03eed6f52a00bbc32cfae8fba4739b8b3cb194b3ec09fd747a075056d",
-      "size": 44198
+      "sha256": "a7228e516f8210bac580a1caa2f6223ec9ec533e46c58b585a7cbc53bc047fba",
+      "size": 60727
    },
    "gofai_worker.js": {
-      "sha256": "d292f110aa12a8aa2b16b0c2d48e5b4ce24ee15b1cffb409ab846b1a05a91de2",
-      "size": 969
+      "sha256": "01d1444b1e4c899a7579aa4e5624d5a0683e10b54a924005a7003534c607a500",
+      "size": 1925
    },
    "server.py": {
-      "sha256": "e963cc9715accfc8814e3fe5c44af836185d66740d5a65fd0365e9c629d38e05",
-      "size": 4185
+      "sha256": "79292dfd6955020f5d8ae368e8ce61a4831255dc1a935cbf8f51b35eaa2e4498",
+      "size": 4389
    },
    "portals.json": {
-      "sha256": "889a5e0f724eb73a95f960bca44bca232150bddff7c1b11f253bd056f3683a08",
-      "size": 3442
+      "sha256": "82f91c3b8707d197e6295e594e616e92f9e215399a7181a130874e23381efa9f",
+      "size": 6399
    },
    "vision.json": {
      "sha256": "0e3b5c06af98486bbcb2fc2dc627dc8b7b08aed4c3a4f9e10b57f91e1e8ca6ad",
@@ -41,8 +41,8 @@
      "size": 495
    },
    "nexus/components/spatial-memory.js": {
-      "sha256": "60170f6490ddd743acd6d285d3a1af6cad61fbf8aaef3f679ff4049108eac160",
-      "size": 32782
+      "sha256": "0945845828b3cfaac6060050bf138463b5108b6c135e4c396751da92a7376534",
+      "size": 38272
    },
    "nexus/components/session-rooms.js": {
      "sha256": "9997a60dda256e38cb4645508bf9e98c15c3d963b696e0080e3170a9a7fa7cf1",
--- a/server.py
+++ b/server.py
@@ -3,34 +3,20 @@
 The Nexus WebSocket Gateway — Robust broadcast bridge for Timmy's consciousness.
 This server acts as the central hub for the-nexus, connecting the mind (nexus_think.py),
 the body (Evennia/Morrowind), and the visualization surface.
-
-Security features:
- Binds to 127.0.0.1 by default (localhost only)
- Optional external binding via NEXUS_WS_HOST environment variable
- Token-based authentication via NEXUS_WS_TOKEN environment variable
- Rate limiting on connections
- Connection logging and monitoring
 """
 import asyncio
 import json
 import logging
-import os
 import signal
 import sys
-import time
-from typing import Set, Dict, Optional
-from collections import defaultdict
+from typing import Set

 # Branch protected file - see POLICY.md
 import websockets

 # Configuration
-PORT = int(os.environ.get("NEXUS_WS_PORT", "8765"))
-HOST = os.environ.get("NEXUS_WS_HOST", "127.0.0.1")  # Default to localhost only
-AUTH_TOKEN = os.environ.get("NEXUS_WS_TOKEN", "")  # Empty = no auth required
-RATE_LIMIT_WINDOW = 60  # seconds
-RATE_LIMIT_MAX_CONNECTIONS = 10  # max connections per IP per window
-RATE_LIMIT_MAX_MESSAGES = 100  # max messages per connection per window
+PORT = 8765
+HOST = "0.0.0.0"  # Allow external connections if needed

 # Logging setup
 logging.basicConfig(
@@ -42,97 +28,15 @@ logger = logging.getLogger("nexus-gateway")

 # State
 clients: Set[websockets.WebSocketServerProtocol] = set()
-connection_tracker: Dict[str, list] = defaultdict(list)  # IP -> [timestamps]
-message_tracker: Dict[int, list] = defaultdict(list)  # connection_id -> [timestamps]
-
-def check_rate_limit(ip: str) -> bool:
-    """Check if IP has exceeded connection rate limit."""
-    now = time.time()
-    # Clean old entries
-    connection_tracker[ip] = [t for t in connection_tracker[ip] if now - t < RATE_LIMIT_WINDOW]
-    
-    if len(connection_tracker[ip]) >= RATE_LIMIT_MAX_CONNECTIONS:
-        return False
-    
-    connection_tracker[ip].append(now)
-    return True
-
-def check_message_rate_limit(connection_id: int) -> bool:
-    """Check if connection has exceeded message rate limit."""
-    now = time.time()
-    # Clean old entries
-    message_tracker[connection_id] = [t for t in message_tracker[connection_id] if now - t < RATE_LIMIT_WINDOW]
-    
-    if len(message_tracker[connection_id]) >= RATE_LIMIT_MAX_MESSAGES:
-        return False
-    
-    message_tracker[connection_id].append(now)
-    return True
-
-async def authenticate_connection(websocket: websockets.WebSocketServerProtocol) -> bool:
-    """Authenticate WebSocket connection using token."""
-    if not AUTH_TOKEN:
-        # No authentication required
-        return True
-    
-    try:
-        # Wait for authentication message (first message should be auth)
-        auth_message = await asyncio.wait_for(websocket.recv(), timeout=5.0)
-        auth_data = json.loads(auth_message)
-        
-        if auth_data.get("type") != "auth":
-            logger.warning(f"Invalid auth message type from {websocket.remote_address}")
-            return False
-        
-        token = auth_data.get("token", "")
-        if token != AUTH_TOKEN:
-            logger.warning(f"Invalid auth token from {websocket.remote_address}")
-            return False
-        
-        logger.info(f"Authenticated connection from {websocket.remote_address}")
-        return True
-        
-    except asyncio.TimeoutError:
-        logger.warning(f"Authentication timeout from {websocket.remote_address}")
-        return False
-    except json.JSONDecodeError:
-        logger.warning(f"Invalid auth JSON from {websocket.remote_address}")
-        return False
-    except Exception as e:
-        logger.error(f"Authentication error from {websocket.remote_address}: {e}")
-        return False

 async def broadcast_handler(websocket: websockets.WebSocketServerProtocol):
    """Handles individual client connections and message broadcasting."""
-    addr = websocket.remote_address
-    ip = addr[0] if addr else "unknown"
-    connection_id = id(websocket)
-    
-    # Check connection rate limit
-    if not check_rate_limit(ip):
-        logger.warning(f"Connection rate limit exceeded for {ip}")
-        await websocket.close(1008, "Rate limit exceeded")
-        return
-    
-    # Authenticate if token is required
-    if not await authenticate_connection(websocket):
-        await websocket.close(1008, "Authentication failed")
-        return
-    
    clients.add(websocket)
+    addr = websocket.remote_address
    logger.info(f"Client connected from {addr}. Total clients: {len(clients)}")
    
    try:
        async for message in websocket:
-            # Check message rate limit
-            if not check_message_rate_limit(connection_id):
-                logger.warning(f"Message rate limit exceeded for {addr}")
-                await websocket.send(json.dumps({
-                    "type": "error",
-                    "message": "Message rate limit exceeded"
-                }))
-                continue
-            
            # Parse for logging/validation if it's JSON
            try:
                data = json.loads(message)
@@ -177,20 +81,6 @@ async def broadcast_handler(websocket: websockets.WebSocketServerProtocol):

 async def main():
    """Main server loop with graceful shutdown."""
-    # Log security configuration
-    if AUTH_TOKEN:
-        logger.info("Authentication: ENABLED (token required)")
-    else:
-        logger.warning("Authentication: DISABLED (no token required)")
-    
-    if HOST == "0.0.0.0":
-        logger.warning("Host binding: 0.0.0.0 (all interfaces) - SECURITY RISK")
-    else:
-        logger.info(f"Host binding: {HOST} (localhost only)")
-    
-    logger.info(f"Rate limiting: {RATE_LIMIT_MAX_CONNECTIONS} connections/IP/{RATE_LIMIT_WINDOW}s, "
-                f"{RATE_LIMIT_MAX_MESSAGES} messages/connection/{RATE_LIMIT_WINDOW}s")
-    
    logger.info(f"Starting Nexus WS gateway on ws://{HOST}:{PORT}")
    
    # Set up signal handlers for graceful shutdown