jedarden
5443e4d0ed
fix(engine): enforce strict HMAC response signature verification per §4.4
...
Remove the lenient fallback that accepted bot responses missing the
X-ACB-Signature header. Missing or invalid signatures now cause the
response to be discarded and count toward the crash threshold (§4.5).
Add tests for missing-header, bad-signature, and crash-after-10 cases.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-22 13:18:10 -04:00
jedarden
6f1b50384c
Complete Phase 2: HTTP protocol and 6 strategy bots
...
Phase 2 Implementation:
- HMAC authentication for engine-to-bot communication
- Request signing with timestamp anti-replay
- Response signing for integrity verification
- HTTP bot client with timeout and crash detection
- Per-turn 3s timeout, 10 consecutive failure crash threshold
- Move validation (position ownership, direction validity)
- Integration tests for HTTP match execution
- 6 strategy bots in 6 languages:
- RandomBot (Python): Random valid moves - rating floor
- GathererBot (Go): Energy-focused with combat avoidance
- RusherBot (Rust): Aggressive core rushing via BFS
- GuardianBot (PHP): Defensive core protection
- SwarmBot (TypeScript): Formation-based group combat
- HunterBot (Java): Target isolation and hunting
All bots include:
- HMAC signature verification
- Dockerfile for containerization
- README documentation
All engine tests passing (32+ tests)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 07:00:38 -04:00
