Merge pull request #24 from saorsa-labs/security-hardening-and-test-coverage

feat: security hardening and comprehensive test coverage

Author: dirvine

Cargo.toml

@@ -142,6 +142,7 @@ quickcheck = "1.0"
 quickcheck_macros = "1.0"
 approx = "0.5"
 tokio-test = "0.4"
+semver = "1.0"
 
 # All features are now enabled by default - no feature flags needed
 

README.md

@@ -34,7 +34,7 @@ Key design decisions are documented in [docs/adr/](docs/adr/):
 
 ## Features
 
-- **P2P NAT Traversal**: True peer-to-peer connectivity with automatic NAT traversal (ant-quic 0.10.0+)
+- **P2P NAT Traversal**: True peer-to-peer connectivity with automatic NAT traversal (ant-quic 0.21.x)
 - **DHT (Distributed Hash Table)**: Peer phonebook and routing with adaptive scoring and geographic awareness
 - **Placement System**: Intelligent shard placement with EigenTrust integration
 - **QUIC Transport**: High-performance networking with ant-quic
@@ -52,7 +52,7 @@ Add this to your `Cargo.toml`:
 
 ```toml
 [dependencies]
-saorsa-core = "0.5.0"
+saorsa-core = "0.11.0"
 ```
 
 ### Basic P2P Node
@@ -108,7 +108,7 @@ tokio::spawn(async move {
 
 ### Core Components
 
-1. **Network Layer**: QUIC-based P2P networking with automatic NAT traversal (ant-quic 0.10.0+)
+1. **Network Layer**: QUIC-based P2P networking with automatic NAT traversal (ant-quic 0.21.x)
 2. **DHT**: S/Kademlia-based peer phonebook with adaptive routing and geographic awareness
 3. **Placement System**: Intelligent shard placement with weighted selection algorithms
 4. **Identity**: Post‑quantum cryptographic identities with ML‑DSA‑65 signatures (no PoW; no embedded four‑word address)
@@ -387,7 +387,7 @@ For commercial licensing, contact: david@saorsalabs.com
 - `tracing` - Logging
 
 ### Networking
-- `ant-quic` (0.10.0+) - QUIC transport with P2P NAT traversal
+- `ant-quic` (0.21.x) - QUIC transport with P2P NAT traversal
 - `four-word-networking` - Human-readable addresses
 
 ### Cryptography

docs/API.md

@@ -484,7 +484,7 @@ Enable optional features in `Cargo.toml`:
 
 ```toml
 [dependencies]
-saorsa-core = { version = "0.5", features = ["metrics"] }
+saorsa-core = { version = "0.11", features = ["metrics"] }
 ```
 
 | Feature | Description |
@@ -515,8 +515,9 @@ spawn(async move {
 
 | saorsa-core | ant-quic | Rust | Features |
 |-------------|----------|------|----------|
-| 0.5.x | 0.14.x | 1.75+ | Full PQC, unified config |
-| 0.4.x | 0.10.x | 1.70+ | NAT traversal |
+| 0.11.x | 0.21.x | 1.75+ | Full PQC, placement system, threshold crypto |
+| 0.10.x | 0.20.x | 1.75+ | Full PQC, unified config |
+| 0.5.x | 0.14.x | 1.75+ | Legacy stable |
 
 ---
 

docs/adr/ADR-002-delegated-transport.md

@@ -132,9 +132,10 @@ We track ant-quic versions explicitly and test against specific releases:
 
 | saorsa-core | ant-quic | Features |
 |-------------|----------|----------|
+| 0.11.x      | 0.21.x   | Full PQC, placement system, threshold crypto |
+| 0.10.x      | 0.20.x   | Full PQC, unified config |
+| 0.5.x       | 0.14.x   | Unified config, PQC integration |
 | 0.3.x       | 0.10.x   | Basic QUIC, NAT traversal |
-| 0.4.x       | 0.14.x   | Unified config, PQC integration |
-| Future      | 0.15+    | Enhanced relay support |
 
 ## Consequences
 

docs/examples/saorsa-node-trust-integration.md

@@ -9,7 +9,7 @@ Add saorsa-core dependency in your `Cargo.toml` with the `adaptive-ml` feature e
 
 ```toml
 [dependencies]
-saorsa-core = { version = "0.10", features = ["adaptive-ml"] }
+saorsa-core = { version = "0.11.0", features = ["adaptive-ml"] }
 ```
 
 Note: The `adaptive-ml` feature is required for trust API methods (`report_peer_success`,

docs/trust-signals-api.md

@@ -17,7 +17,7 @@ The trust API requires the `adaptive-ml` feature to be enabled:
 
 ```toml
 [dependencies]
-saorsa-core = { version = "0.10", features = ["adaptive-ml"] }
+saorsa-core = { version = "0.11.0", features = ["adaptive-ml"] }
 ```
 
 ## Quick Start

src/adaptive/hyperbolic_greedy.rs

@@ -617,12 +617,10 @@ fn deterministic_distance(peer1: &PeerId, peer2: &PeerId) -> f64 {
 /// It measures distances between peers and optimizes coordinates using gradient descent.
 pub async fn embed_snapshot(peers: &[PeerId]) -> Result<Embedding> {
     // Create a temporary router for embedding
-    let local_id = if !peers.is_empty() {
-        peers[0].clone()
-    } else {
-        // Generate a random PeerId
-        format!("peer_{}", rand::random::<u64>())
-    };
+    let local_id = peers
+        .first()
+        .cloned()
+        .unwrap_or_else(|| format!("peer_{}", rand::random::<u64>()));
 
     let router = HyperbolicGreedyRouter::new(local_id);
     router.embed_snapshot(peers).await

src/adaptive/storage.rs

@@ -447,7 +447,11 @@ impl ChunkManager {
             return Err(anyhow::anyhow!("No chunks provided"));
         }
 
-        let total_chunks = sorted_chunks[0].metadata.total_chunks;
+        let total_chunks = sorted_chunks
+            .first()
+            .ok_or_else(|| anyhow::anyhow!("No chunks provided for reconstruction"))?
+            .metadata
+            .total_chunks;
         if sorted_chunks.len() != total_chunks as usize {
             return Err(anyhow::anyhow!(
                 "Missing chunks: have {}, need {}",

src/adaptive/transport.rs

@@ -18,14 +18,19 @@
 
 use super::*;
 use async_trait::async_trait;
+use lru::LruCache;
 use std::collections::HashMap;
 use std::net::SocketAddr;
+use std::num::NonZeroUsize;
 use std::sync::Arc;
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio::net::{TcpListener, TcpStream};
 use tokio::sync::RwLock;
 use tracing;
 
+/// Maximum number of cached TCP connections to prevent memory exhaustion
+const MAX_TCP_CONNECTIONS: usize = 1_000;
+
 /// Transport protocol types
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
 pub enum TransportProtocol {
@@ -83,8 +88,8 @@ pub trait TransportConnection: AsyncRead + AsyncWrite + Send + Sync + Unpin {
 
 /// TCP transport implementation
 pub struct TcpTransport {
-    /// Connection pool for reuse
-    connections: Arc<RwLock<HashMap<SocketAddr, Arc<RwLock<TcpStream>>>>>,
+    /// Connection pool for reuse (bounded LRU to prevent memory DoS)
+    connections: Arc<RwLock<LruCache<SocketAddr, Arc<RwLock<TcpStream>>>>>,
 }
 
 impl Default for TcpTransport {
@@ -96,7 +101,9 @@ impl Default for TcpTransport {
 impl TcpTransport {
     pub fn new() -> Self {
         Self {
-            connections: Arc::new(RwLock::new(HashMap::new())),
+            connections: Arc::new(RwLock::new(LruCache::new(
+                NonZeroUsize::new(MAX_TCP_CONNECTIONS).unwrap_or(NonZeroUsize::MIN),
+            ))),
         }
     }
 }
@@ -112,10 +119,10 @@ impl Transport for TcpTransport {
     }
 
     async fn connect(&self, addr: SocketAddr) -> Result<Box<dyn TransportConnection>> {
-        // Check connection pool first
+        // Check connection pool first (use peek to avoid mutating LRU order with read lock)
         {
             let connections = self.connections.read().await;
-            if let Some(_conn) = connections.get(&addr) {
+            if let Some(_conn) = connections.peek(&addr) {
                 // TODO: Check if connection is still alive
                 // For now, always create new connection
             }
@@ -390,7 +397,11 @@ impl TransportManager {
 
         // For now, just try the first listener
         // TODO: Implement proper multiplexing
-        listeners[0].accept().await
+        listeners
+            .first()
+            .ok_or_else(|| AdaptiveNetworkError::Other("No listeners available".to_string()))?
+            .accept()
+            .await
     }
 }
 

src/bootstrap/manager.rs

@@ -191,7 +191,14 @@ impl BootstrapManager {
             )));
         }
 
-        let ip = addresses[0].ip();
+        let ip = addresses
+            .first()
+            .ok_or_else(|| {
+                P2PError::Bootstrap(BootstrapError::InvalidData(
+                    "No addresses provided".to_string().into(),
+                ))
+            })?
+            .ip();
 
         // Rate limiting check
         self.rate_limiter.check_join_allowed(&ip).map_err(|e| {