Harden CHORUS security and messaging stack

2025-09-20 23:21:35 +10:00
parent 57751f277a
commit 1bb736c09a
25 changed files with 2793 additions and 2474 deletions
--- a/internal/logging/hypercore.go
+++ b/internal/logging/hypercore.go
@@ -1,6 +1,7 @@
 package logging

 import (
+	"context"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -8,6 +9,7 @@ import (
 	"sync"
 	"time"

+	"chorus/pkg/shhh"
 	"github.com/libp2p/go-libp2p/core/peer"
 )

@@ -23,12 +25,14 @@ type HypercoreLog struct {
 	entries []LogEntry
 	mutex   sync.RWMutex
 	peerID  peer.ID
-	
+
 	// Verification chain
 	headHash string
-	
+
 	// Replication
 	replicators map[peer.ID]*Replicator
+
+	redactor *shhh.Sentinel
 }

 // LogEntry represents a single entry in the distributed log
@@ -48,12 +52,12 @@ type LogType string

 const (
 	// Bzzz coordination logs
-	TaskAnnounced  LogType = "task_announced"
-	TaskClaimed    LogType = "task_claimed"
-	TaskProgress   LogType = "task_progress"
-	TaskCompleted  LogType = "task_completed"
-	TaskFailed     LogType = "task_failed"
-	
+	TaskAnnounced LogType = "task_announced"
+	TaskClaimed   LogType = "task_claimed"
+	TaskProgress  LogType = "task_progress"
+	TaskCompleted LogType = "task_completed"
+	TaskFailed    LogType = "task_failed"
+
 	// HMMM meta-discussion logs
 	PlanProposed      LogType = "plan_proposed"
 	ObjectionRaised   LogType = "objection_raised"
@@ -65,17 +69,17 @@ const (
 	TaskHelpReceived  LogType = "task_help_received"

 	// System logs
-	PeerJoined     LogType = "peer_joined"
-	PeerLeft       LogType = "peer_left"
+	PeerJoined      LogType = "peer_joined"
+	PeerLeft        LogType = "peer_left"
 	CapabilityBcast LogType = "capability_broadcast"
-	NetworkEvent   LogType = "network_event"
+	NetworkEvent    LogType = "network_event"
 )

 // Replicator handles log replication with other peers
 type Replicator struct {
-	peerID       peer.ID
+	peerID        peer.ID
 	lastSyncIndex uint64
-	connected    bool
+	connected     bool
 }

 // NewHypercoreLog creates a new distributed log for a peer
@@ -88,6 +92,13 @@ func NewHypercoreLog(peerID peer.ID) *HypercoreLog {
 	}
 }

+// SetRedactor wires the SHHH sentinel so log payloads are sanitized before persistence.
+func (h *HypercoreLog) SetRedactor(redactor *shhh.Sentinel) {
+	h.mutex.Lock()
+	defer h.mutex.Unlock()
+	h.redactor = redactor
+}
+
 // AppendString is a convenience method for string log types (to match interface)
 func (h *HypercoreLog) AppendString(logType string, data map[string]interface{}) error {
 	_, err := h.Append(LogType(logType), data)
@@ -98,38 +109,40 @@ func (h *HypercoreLog) AppendString(logType string, data map[string]interface{})
 func (h *HypercoreLog) Append(logType LogType, data map[string]interface{}) (*LogEntry, error) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
-	
+
 	index := uint64(len(h.entries))
-	
+
+	sanitized := h.redactData(logType, data)
+
 	entry := LogEntry{
 		Index:     index,
 		Timestamp: time.Now(),
 		Author:    h.peerID.String(),
 		Type:      logType,
-		Data:      data,
+		Data:      sanitized,
 		PrevHash:  h.headHash,
 	}
-	
+
 	// Calculate hash
 	entryHash, err := h.calculateEntryHash(entry)
 	if err != nil {
 		return nil, fmt.Errorf("failed to calculate entry hash: %w", err)
 	}
 	entry.Hash = entryHash
-	
+
 	// Add simple signature (in production, use proper cryptographic signatures)
 	entry.Signature = h.createSignature(entry)
-	
+
 	// Append to log
 	h.entries = append(h.entries, entry)
 	h.headHash = entryHash
-	
-	fmt.Printf("📝 Log entry appended: %s [%d] by %s\n", 
+
+	fmt.Printf("📝 Log entry appended: %s [%d] by %s\n",
 		logType, index, h.peerID.ShortString())
-	
+
 	// Trigger replication to connected peers
 	go h.replicateEntry(entry)
-	
+
 	return &entry, nil
 }

@@ -137,11 +150,11 @@ func (h *HypercoreLog) Append(logType LogType, data map[string]interface{}) (*Lo
 func (h *HypercoreLog) Get(index uint64) (*LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	if index >= uint64(len(h.entries)) {
 		return nil, fmt.Errorf("entry %d not found", index)
 	}
-	
+
 	return &h.entries[index], nil
 }

@@ -149,7 +162,7 @@ func (h *HypercoreLog) Get(index uint64) (*LogEntry, error) {
 func (h *HypercoreLog) Length() uint64 {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	return uint64(len(h.entries))
 }

@@ -157,22 +170,22 @@ func (h *HypercoreLog) Length() uint64 {
 func (h *HypercoreLog) GetRange(start, end uint64) ([]LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	if start >= uint64(len(h.entries)) {
 		return nil, fmt.Errorf("start index %d out of range", start)
 	}
-	
+
 	if end > uint64(len(h.entries)) {
 		end = uint64(len(h.entries))
 	}
-	
+
 	if start > end {
 		return nil, fmt.Errorf("invalid range: start %d > end %d", start, end)
 	}
-	
+
 	result := make([]LogEntry, end-start)
 	copy(result, h.entries[start:end])
-	
+
 	return result, nil
 }

@@ -180,14 +193,14 @@ func (h *HypercoreLog) GetRange(start, end uint64) ([]LogEntry, error) {
 func (h *HypercoreLog) GetEntriesByType(logType LogType) ([]LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	var result []LogEntry
 	for _, entry := range h.entries {
 		if entry.Type == logType {
 			result = append(result, entry)
 		}
 	}
-	
+
 	return result, nil
 }

@@ -195,14 +208,14 @@ func (h *HypercoreLog) GetEntriesByType(logType LogType) ([]LogEntry, error) {
 func (h *HypercoreLog) GetEntriesByAuthor(author string) ([]LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	var result []LogEntry
 	for _, entry := range h.entries {
 		if entry.Author == author {
 			result = append(result, entry)
 		}
 	}
-	
+
 	return result, nil
 }

@@ -210,20 +223,20 @@ func (h *HypercoreLog) GetEntriesByAuthor(author string) ([]LogEntry, error) {
 func (h *HypercoreLog) GetRecentEntries(count int) ([]LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	totalEntries := len(h.entries)
 	if count <= 0 || totalEntries == 0 {
 		return []LogEntry{}, nil
 	}
-	
+
 	start := 0
 	if totalEntries > count {
 		start = totalEntries - count
 	}
-	
+
 	result := make([]LogEntry, totalEntries-start)
 	copy(result, h.entries[start:])
-	
+
 	return result, nil
 }

@@ -231,14 +244,14 @@ func (h *HypercoreLog) GetRecentEntries(count int) ([]LogEntry, error) {
 func (h *HypercoreLog) GetEntriesSince(sinceIndex uint64) ([]LogEntry, error) {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	if sinceIndex >= uint64(len(h.entries)) {
 		return []LogEntry{}, nil
 	}
-	
+
 	result := make([]LogEntry, len(h.entries)-int(sinceIndex))
 	copy(result, h.entries[sinceIndex:])
-	
+
 	return result, nil
 }

@@ -246,27 +259,27 @@ func (h *HypercoreLog) GetEntriesSince(sinceIndex uint64) ([]LogEntry, error) {
 func (h *HypercoreLog) VerifyIntegrity() error {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	var prevHash string
 	for i, entry := range h.entries {
 		// Verify previous hash link
 		if entry.PrevHash != prevHash {
 			return fmt.Errorf("integrity error at entry %d: prev_hash mismatch", i)
 		}
-		
+
 		// Verify entry hash
 		calculatedHash, err := h.calculateEntryHash(entry)
 		if err != nil {
 			return fmt.Errorf("failed to calculate hash for entry %d: %w", i, err)
 		}
-		
+
 		if entry.Hash != calculatedHash {
 			return fmt.Errorf("integrity error at entry %d: hash mismatch", i)
 		}
-		
+
 		prevHash = entry.Hash
 	}
-	
+
 	return nil
 }

@@ -274,13 +287,13 @@ func (h *HypercoreLog) VerifyIntegrity() error {
 func (h *HypercoreLog) AddReplicator(peerID peer.ID) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
-	
+
 	h.replicators[peerID] = &Replicator{
-		peerID:       peerID,
+		peerID:        peerID,
 		lastSyncIndex: 0,
-		connected:    true,
+		connected:     true,
 	}
-	
+
 	fmt.Printf("🔄 Added replicator: %s\n", peerID.ShortString())
 }

@@ -288,7 +301,7 @@ func (h *HypercoreLog) AddReplicator(peerID peer.ID) {
 func (h *HypercoreLog) RemoveReplicator(peerID peer.ID) {
 	h.mutex.Lock()
 	defer h.mutex.Unlock()
-	
+
 	delete(h.replicators, peerID)
 	fmt.Printf("🔄 Removed replicator: %s\n", peerID.ShortString())
 }
@@ -303,10 +316,10 @@ func (h *HypercoreLog) replicateEntry(entry LogEntry) {
 		}
 	}
 	h.mutex.RUnlock()
-	
+
 	for _, replicator := range replicators {
 		// In a real implementation, this would send the entry over the network
-		fmt.Printf("🔄 Replicating entry %d to %s\n", 
+		fmt.Printf("🔄 Replicating entry %d to %s\n",
 			entry.Index, replicator.peerID.ShortString())
 	}
 }
@@ -322,16 +335,75 @@ func (h *HypercoreLog) calculateEntryHash(entry LogEntry) (string, error) {
 		Data:      entry.Data,
 		PrevHash:  entry.PrevHash,
 	}
-	
+
 	entryBytes, err := json.Marshal(entryForHash)
 	if err != nil {
 		return "", err
 	}
-	
+
 	hash := sha256.Sum256(entryBytes)
 	return hex.EncodeToString(hash[:]), nil
 }

+func (h *HypercoreLog) redactData(logType LogType, data map[string]interface{}) map[string]interface{} {
+	cloned := cloneLogMap(data)
+	if cloned == nil {
+		return nil
+	}
+	if h.redactor != nil {
+		labels := map[string]string{
+			"source":   "hypercore",
+			"log_type": string(logType),
+		}
+		h.redactor.RedactMapWithLabels(context.Background(), cloned, labels)
+	}
+	return cloned
+}
+
+func cloneLogMap(in map[string]interface{}) map[string]interface{} {
+	if in == nil {
+		return nil
+	}
+	out := make(map[string]interface{}, len(in))
+	for k, v := range in {
+		out[k] = cloneLogValue(v)
+	}
+	return out
+}
+
+func cloneLogValue(v interface{}) interface{} {
+	switch tv := v.(type) {
+	case map[string]interface{}:
+		return cloneLogMap(tv)
+	case map[string]any:
+		converted := make(map[string]interface{}, len(tv))
+		for k, val := range tv {
+			converted[k] = cloneLogValue(val)
+		}
+		return converted
+	case []interface{}:
+		return cloneLogSlice(tv)
+	case []any:
+		converted := make([]interface{}, len(tv))
+		for i, val := range tv {
+			converted[i] = cloneLogValue(val)
+		}
+		return converted
+	case []string:
+		return append([]string(nil), tv...)
+	default:
+		return tv
+	}
+}
+
+func cloneLogSlice(in []interface{}) []interface{} {
+	out := make([]interface{}, len(in))
+	for i, val := range in {
+		out[i] = cloneLogValue(val)
+	}
+	return out
+}
+
 // createSignature creates a simplified signature for the entry
 func (h *HypercoreLog) createSignature(entry LogEntry) string {
 	// In production, this would use proper cryptographic signatures
@@ -345,21 +417,21 @@ func (h *HypercoreLog) createSignature(entry LogEntry) string {
 func (h *HypercoreLog) GetStats() map[string]interface{} {
 	h.mutex.RLock()
 	defer h.mutex.RUnlock()
-	
+
 	typeCount := make(map[LogType]int)
 	authorCount := make(map[string]int)
-	
+
 	for _, entry := range h.entries {
 		typeCount[entry.Type]++
 		authorCount[entry.Author]++
 	}
-	
+
 	return map[string]interface{}{
-		"total_entries":  len(h.entries),
-		"head_hash":      h.headHash,
-		"replicators":    len(h.replicators),
-		"entries_by_type": typeCount,
+		"total_entries":     len(h.entries),
+		"head_hash":         h.headHash,
+		"replicators":       len(h.replicators),
+		"entries_by_type":   typeCount,
 		"entries_by_author": authorCount,
-		"peer_id":        h.peerID.String(),
+		"peer_id":           h.peerID.String(),
 	}
-}
+}