feat(runtime): harden ZMQ transport security by rylinjames · Pull Request #255 · FastCrest/tether

rylinjames · 2026-06-12T20:16:26Z

Summary

require complete ZMQ security (CURVE + control token) for non-loopback binds unless --zmq-insecure-ok is passed
validate CURVE key length and use constant-time control token comparison
document secure ZMQ defaults and add focused security helper tests

PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src python -m pytest -p pytest_asyncio.plugin tests/test_zmq_security.py tests/test_zmq_policy_server.py tests/test_zmq_client.py tests/test_zmq_factory.py tests/test_zmq_serializers.py (50 passed)
python -m ruff check src/tether/runtime/transports/zmq/security.py src/tether/runtime/transports/zmq/policy_server.py tests/test_zmq_security.py tests/test_zmq_factory.py
PYTHONPATH=src python -m py_compile src/tether/cli.py src/tether/runtime/transports/zmq/security.py src/tether/runtime/transports/zmq/policy_server.py
git diff --check
PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src python -m pytest -p pytest_asyncio.plugin (3140 passed, 61 skipped)

feat(runtime): harden zmq transport security

b95e640

rylinjames enabled auto-merge (squash) June 12, 2026 20:20

rylinjames merged commit 443648a into main Jun 12, 2026
6 checks passed

rylinjames deleted the feat/zmq-secure-transport branch June 12, 2026 20:21