jedarden/ai-code-battle

Fork 0

Commit graph

Author	SHA1	Message	Date
jedarden	54548e4873	fix(bots): remove timestamp from verify_signature signing string All 10 non-gatherer bots included timestamp in the request verification signing string but the engine (auth.go SignRequest) does not include timestamp. Every incoming turn request failed 401 verification, bots crashed after 10 turns, and all matches ended in stalemate. The engine documentation in auth.go is also misleading (old comment mentioned timestamp in signing string) but the actual implementation never included it. Fixed all language implementations to match. Affected: random (py), swarm (ts), hunter (java), guardian (php), rusher (rs), assassin (rs), phalanx (rs), opportunist (go), farmer (go), scout (py), raider (java) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 20:43:44 -04:00
jedarden	6f1b50384c	Complete Phase 2: HTTP protocol and 6 strategy bots Phase 2 Implementation: - HMAC authentication for engine-to-bot communication - Request signing with timestamp anti-replay - Response signing for integrity verification - HTTP bot client with timeout and crash detection - Per-turn 3s timeout, 10 consecutive failure crash threshold - Move validation (position ownership, direction validity) - Integration tests for HTTP match execution - 6 strategy bots in 6 languages: - RandomBot (Python): Random valid moves - rating floor - GathererBot (Go): Energy-focused with combat avoidance - RusherBot (Rust): Aggressive core rushing via BFS - GuardianBot (PHP): Defensive core protection - SwarmBot (TypeScript): Formation-based group combat - HunterBot (Java): Target isolation and hunting All bots include: - HMAC signature verification - Dockerfile for containerization - README documentation All engine tests passing (32+ tests) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-24 07:00:38 -04:00

Author

SHA1

Message

Date

jedarden

54548e4873

fix(bots): remove timestamp from verify_signature signing string

All 10 non-gatherer bots included timestamp in the request verification
signing string but the engine (auth.go SignRequest) does not include
timestamp. Every incoming turn request failed 401 verification, bots
crashed after 10 turns, and all matches ended in stalemate.

The engine documentation in auth.go is also misleading (old comment
mentioned timestamp in signing string) but the actual implementation
never included it. Fixed all language implementations to match.

Affected: random (py), swarm (ts), hunter (java), guardian (php),
          rusher (rs), assassin (rs), phalanx (rs), opportunist (go),
          farmer (go), scout (py), raider (java)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-02 20:43:44 -04:00

jedarden

6f1b50384c

Complete Phase 2: HTTP protocol and 6 strategy bots

Phase 2 Implementation:
- HMAC authentication for engine-to-bot communication
  - Request signing with timestamp anti-replay
  - Response signing for integrity verification
- HTTP bot client with timeout and crash detection
  - Per-turn 3s timeout, 10 consecutive failure crash threshold
  - Move validation (position ownership, direction validity)
- Integration tests for HTTP match execution
- 6 strategy bots in 6 languages:
  - RandomBot (Python): Random valid moves - rating floor
  - GathererBot (Go): Energy-focused with combat avoidance
  - RusherBot (Rust): Aggressive core rushing via BFS
  - GuardianBot (PHP): Defensive core protection
  - SwarmBot (TypeScript): Formation-based group combat
  - HunterBot (Java): Target isolation and hunting

All bots include:
- HMAC signature verification
- Dockerfile for containerization
- README documentation

All engine tests passing (32+ tests)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-24 07:00:38 -04:00

2 commits