Skip to content

Enhance ED2K protocol and Kademlia support with security updates#18

Open
Mika3578 wants to merge 32 commits into
GetEnvy:masterfrom
Mika3578:develop
Open

Enhance ED2K protocol and Kademlia support with security updates#18
Mika3578 wants to merge 32 commits into
GetEnvy:masterfrom
Mika3578:develop

Conversation

@Mika3578

Copy link
Copy Markdown

This pull request introduces a comprehensive set of configuration and documentation files to establish code quality, modernization guidelines, and development workflow standards for the Envy P2P client project. The changes lay out formatting, linting, static analysis, and suppression rules for C++/MFC code, while also providing detailed project context and a modular rules system for maintainability and onboarding.

The most important changes are:

Project Context & Rules Framework

  • Added .cursor/rules/00-project-context.mdc with a detailed overview of the Envy project, including technology stack, directory structure, naming conventions, threading patterns, and development philosophy. This provides essential onboarding and modernization context.
  • Introduced .cursor/rules/00-rules-index.mdc as a master index for all project rules, outlining which rules exist, their scope, and maintenance guidelines to prevent rule drift.

C++/MFC Coding Standards and Patterns

  • Added modular rules files for C++ modernization (01-cpp-standards.mdc), MFC patterns and GUI resource management (02-mfc-patterns.mdc), naming conventions (03-naming-conventions.mdc), error handling (04-error-handling.mdc), performance guidelines (05-performance.mdc), P2P protocol/network security (06-p2p-protocols.mdc), and documentation standards (07-documentation.mdc). Each file is targeted via glob patterns and designed for gradual enforcement. [1] [2] [3] [4] [5] [6] [7]

Development Workflow & Docs Automation

  • Established a development workflow in .cursor/rules/08-dev-workflow.mdc enforcing planning, small PRs, testing gates, and linear history. Also formalized the requirement for documentation updates or explicit no-change statements in every PR, referencing the auto-update rule.

Code Quality Tooling

  • Added project-wide configuration for code formatting (.clang-format), static analysis (.clang-tidy), language server flags (.clangd), and legacy suppressions (.cppcheck-suppressions) tailored for a large, legacy MFC codebase. These configs enforce style, suppress noisy legacy warnings, and prepare for gradual modernization. [1] [2] [3] [4]

These changes collectively establish a strong foundation for code quality, modernization, and maintainability as the project evolves.

Copilot AI review requested due to automatic review settings May 15, 2026 20:51

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of files (300). Try reducing the number of changed files and requesting a review from Copilot again.

Mika3578 and others added 27 commits June 15, 2026 00:14
Exclude local workspace paths, volatile records, and generated plugin headers from version control.
Auxiliary CMake/Clang/CppCheck tooling; Visual Studio solution remains authoritative.
Initial CI scaffold without vcpkg manifest coupling.
Add static-analysis and formatting workflows before toolset migration completes.
Security scanning workflows separated from release publication.
Contributor templates and repository metadata.
Thin pointers to AGENTS.md before final governance alignment.
Retarget all MSBuild projects to v145; remove legacy VS batch scripts.
Introduce vcpkg manifest mode and wire release automation after toolset migration.
Dependabot baseline group bump for VS 2026 migration.
Dependabot baseline group bump.
Dependabot baseline group bump.
Vendor library upgrades and HashLib header refresh.
Kademlia2 packet definitions and protocol entry points.
Routing table storage and host cache integration.
Harden Kademlia publish keyword handling (#27).
ED2K Source Exchange v2, AICH, and crypto provider foundations.
Harden ED2K Source Exchange validation (#30, #33).
BitTorrent v2 SHA-256 Merkle tree and MSE/PE support.
Remote web interface security hardening (#16).
Core memory safety fixes (#23, #21, #33, review series).
Fix HubHorizon allocation handling (#33, 29320f7).
Lazy-load skin resources and integrate shell startup paths (#43).
IPv6 scaffolding and core network stack integration (#17).
Shared test harness and crypto/hash/integration suites.
ED2K Source Exchange parser smoke tests (#44).
Durable technical documentation without intermediate audits or volatile trackers.
Apply adapted #58 governance: branch naming, merge gate, build authority.
dependabot Bot and others added 4 commits June 21, 2026 23:25
Bumps the npm_and_yarn group with 1 update in the /Remote/tests directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.4.1 to 3.4.9
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.1...3.4.9)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.9
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm_and_yarn group with 1 update in the /Remote/tests directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.4.9 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.9...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The Envy pre-build event invoked PreBuild.cmd by bare name. When the
environment defines NoDefaultCurrentDirectoryInExePath (set by hardened
CI runners, containers, and sandboxed agents), cmd.exe does not search
the current directory for the script, so the event fails with exit code
9009 ("'PreBuild.cmd' is not recognized") before any compilation runs,
breaking the whole solution build.

Prefix the command with .\ in all four configurations so the script is
resolved explicitly, independent of that variable, while keeping the
project directory as the working directory for the script's relative
dependency copies. Verified: full Release|x64 solution build now
completes with 0 errors even with NoDefaultCurrentDirectoryInExePath set.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
- build: build only the required Release configs (x64 + Win32) on
  pull_request via a github-context conditional matrix; Debug still
  builds on push to the integration branches, so coverage is unchanged.
- build: cache vcpkg binaries under a stable content-addressed key
  (OS + platform + toolset + manifest hash) so dependencies are
  restored instead of rebuilt from source on every run.
- code-quality: drop the redundant VS 2026 Chocolatey install (the
  runner image already ships it), move the Static Analysis build off
  pull_request to push/schedule/dispatch, and remove the duplicate
  dependency review job. The nightly schedule runs Static Analysis
  only; the lighter jobs are skipped on schedule.
- code-quality, security: scope the concurrency group per PR so only
  superseded PR runs are cancelled, never pushes or scheduled runs.
- dependency-review: also run on PRs targeting master, matching the
  branches used by the other workflows.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants