Enhance ED2K protocol and Kademlia support with security updates#18
Open
Mika3578 wants to merge 32 commits into
Open
Enhance ED2K protocol and Kademlia support with security updates#18Mika3578 wants to merge 32 commits into
Mika3578 wants to merge 32 commits into
Conversation
Exclude local workspace paths, volatile records, and generated plugin headers from version control.
Auxiliary CMake/Clang/CppCheck tooling; Visual Studio solution remains authoritative.
Initial CI scaffold without vcpkg manifest coupling.
Add static-analysis and formatting workflows before toolset migration completes.
Security scanning workflows separated from release publication.
Contributor templates and repository metadata.
Thin pointers to AGENTS.md before final governance alignment.
Retarget all MSBuild projects to v145; remove legacy VS batch scripts.
Introduce vcpkg manifest mode and wire release automation after toolset migration.
Dependabot baseline group bump for VS 2026 migration.
Dependabot baseline group bump.
Dependabot baseline group bump.
Vendor library upgrades and HashLib header refresh.
Kademlia2 packet definitions and protocol entry points.
Routing table storage and host cache integration.
Harden Kademlia publish keyword handling (#27).
ED2K Source Exchange v2, AICH, and crypto provider foundations.
BitTorrent v2 SHA-256 Merkle tree and MSE/PE support.
Remote web interface security hardening (#16).
Lazy-load skin resources and integrate shell startup paths (#43).
IPv6 scaffolding and core network stack integration (#17).
Shared test harness and crypto/hash/integration suites.
ED2K Source Exchange parser smoke tests (#44).
Durable technical documentation without intermediate audits or volatile trackers.
Apply adapted #58 governance: branch naming, merge gate, build authority.
Bumps the npm_and_yarn group with 1 update in the /Remote/tests directory: [dompurify](https://github.com/cure53/DOMPurify). Updates `dompurify` from 3.4.1 to 3.4.9 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.1...3.4.9) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.9 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the /Remote/tests directory: [dompurify](https://github.com/cure53/DOMPurify). Updates `dompurify` from 3.4.9 to 3.4.11 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.9...3.4.11) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.11 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The Envy pre-build event invoked PreBuild.cmd by bare name. When the
environment defines NoDefaultCurrentDirectoryInExePath (set by hardened
CI runners, containers, and sandboxed agents), cmd.exe does not search
the current directory for the script, so the event fails with exit code
9009 ("'PreBuild.cmd' is not recognized") before any compilation runs,
breaking the whole solution build.
Prefix the command with .\ in all four configurations so the script is
resolved explicitly, independent of that variable, while keeping the
project directory as the working directory for the script's relative
dependency copies. Verified: full Release|x64 solution build now
completes with 0 errors even with NoDefaultCurrentDirectoryInExePath set.
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
- build: build only the required Release configs (x64 + Win32) on pull_request via a github-context conditional matrix; Debug still builds on push to the integration branches, so coverage is unchanged. - build: cache vcpkg binaries under a stable content-addressed key (OS + platform + toolset + manifest hash) so dependencies are restored instead of rebuilt from source on every run. - code-quality: drop the redundant VS 2026 Chocolatey install (the runner image already ships it), move the Static Analysis build off pull_request to push/schedule/dispatch, and remove the duplicate dependency review job. The nightly schedule runs Static Analysis only; the lighter jobs are skipped on schedule. - code-quality, security: scope the concurrency group per PR so only superseded PR runs are cancelled, never pushes or scheduled runs. - dependency-review: also run on PRs targeting master, matching the branches used by the other workflows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive set of configuration and documentation files to establish code quality, modernization guidelines, and development workflow standards for the Envy P2P client project. The changes lay out formatting, linting, static analysis, and suppression rules for C++/MFC code, while also providing detailed project context and a modular rules system for maintainability and onboarding.
The most important changes are:
Project Context & Rules Framework
.cursor/rules/00-project-context.mdcwith a detailed overview of the Envy project, including technology stack, directory structure, naming conventions, threading patterns, and development philosophy. This provides essential onboarding and modernization context..cursor/rules/00-rules-index.mdcas a master index for all project rules, outlining which rules exist, their scope, and maintenance guidelines to prevent rule drift.C++/MFC Coding Standards and Patterns
01-cpp-standards.mdc), MFC patterns and GUI resource management (02-mfc-patterns.mdc), naming conventions (03-naming-conventions.mdc), error handling (04-error-handling.mdc), performance guidelines (05-performance.mdc), P2P protocol/network security (06-p2p-protocols.mdc), and documentation standards (07-documentation.mdc). Each file is targeted via glob patterns and designed for gradual enforcement. [1] [2] [3] [4] [5] [6] [7]Development Workflow & Docs Automation
.cursor/rules/08-dev-workflow.mdcenforcing planning, small PRs, testing gates, and linear history. Also formalized the requirement for documentation updates or explicit no-change statements in every PR, referencing the auto-update rule.Code Quality Tooling
.clang-format), static analysis (.clang-tidy), language server flags (.clangd), and legacy suppressions (.cppcheck-suppressions) tailored for a large, legacy MFC codebase. These configs enforce style, suppress noisy legacy warnings, and prepare for gradual modernization. [1] [2] [3] [4]These changes collectively establish a strong foundation for code quality, modernization, and maintainability as the project evolves.