1 Commits

Author SHA1 Message Date
John Doe 55aa319197 Critical security remediation: EventMesh, Gateway, BFT consensus fixes
- A1: Fixed EventMesh null reference crash at startup
  - Proper client initialization sequence
  - Added try/catch with cleanup on failure

- A2: Fixed Gateway authentication bypass vulnerability
  - Token validation now required for WebSocket connections
  - Auth enabled by default in production

- A3: Fixed JSON.parse unhandled exception
  - Malformed JSON no longer crashes gateway
  - Proper error logging and response

- A4: Fixed BFT consensus blocking loops
  - Replaced busy-wait with event-driven Promise pattern
  - Made BFTConsensus extend EventEmitter

- Added swarm memories migration (003_add_swarm_memories.sql)
- Added REMEDIATION_LOG.md documenting all changes

See audit/SUBREPO_REVIEW_2026-04-04.md for full details
2026-04-04 18:50:31 -04:00