anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ac332a6ba907190a89a321a25585e3e09e7b9f0c
DECNET/tests/canary
History
anti 2fc5f1bdc5 feat(canary): auto-deregister fingerprint slug after first valid beacon 
Once a fingerprint canary's HTTP beacon passes all 4 validation layers
and the trigger row lands, the token is immediately set to state=revoked
and canary.<id>.revoked is published on the bus. The slug lookup is
tightened to only return planted tokens, so subsequent requests to the
same URL silently return the transparent GIF without persisting anything
(stealth posture preserved). Plain http/dns canaries with no
fingerprint_nonce are not affected.

Changes:
- sqlmodel_repo/canary.py: add state == "planted" filter to
  get_canary_token_by_slug so revoked slugs resolve to None
- worker.py: after record_canary_trigger, if parsed_fp survived all
  layers and token has a fingerprint_nonce, call
  update_canary_token_state("revoked") + publish CANARY_REVOKED; errors
  are best-effort (trigger row already landed)
- test_worker_http.py: assert state=revoked in test_fp_valid_nonce_persists;
  new test_fp_deregisters_slug_after_valid_hit (second hit records nothing);
  new test_plain_http_canary_not_deregistered (env_file stays planted)
2026-04-29 17:49:31 -04:00
..
__init__.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
conftest.py
feat(canary): API-trashing defense — 4-layer fingerprint validation
2026-04-29 17:41:04 -04:00
test_cli.py
feat(canary): ship Node helper with wheel + install-toolchain CLI
2026-04-29 16:53:27 -04:00
test_cultivator.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_deploy_hook.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_factory.py
fix(canary): include fingerprint_* in KNOWN_GENERATORS stability test
2026-04-29 16:26:09 -04:00
test_fingerprint_generators.py
feat(canary): API-trashing defense — 4-layer fingerprint validation
2026-04-29 17:41:04 -04:00
test_generators.py
feat(canary): fingerprint_html + fingerprint_svg generators
2026-04-29 16:22:18 -04:00
test_instrumenters.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_models.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_obfuscator.py
feat(canary): API-trashing defense — 4-layer fingerprint validation
2026-04-29 17:41:04 -04:00
test_paths.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_planter.py
feat(deckies): generic file drops on fleet + MazeNET deckies
2026-04-28 22:43:34 -04:00
test_repository.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_storage.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_systemd_unit.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_topics.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_worker_dns.py
merge: testing → main (reconcile 2-week divergence)
2026-04-28 18:36:00 -04:00
test_worker_http.py
feat(canary): auto-deregister fingerprint slug after first valid beacon
2026-04-29 17:49:31 -04:00