jedarden/ai-code-battle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai-code-battle/web
History
jedarden e64230b122 fix: resolve universal stalemate — signing format and secret decryption 
Two root causes prevented bots from making any moves:

1. SignRequest signing string included timestamp ({match_id}.{turn}.{timestamp}.{hash})
   but all bots implement verifySignature without timestamp ({match_id}.{turn}.{hash}).
   Fixed by dropping timestamp from the signing string; X-ACB-Timestamp header is still
   sent for clock-skew checks but not in the HMAC.

2. The API stores bot secrets AES-GCM encrypted (184 hex chars) in the DB. The worker
   was passing the ciphertext directly as the HMAC key, while bots use their plaintext
   k8s secret (64 hex chars). Fixed by decrypting in the worker using ACB_ENCRYPTION_KEY.

Also tightens the home page winner filter to exclude winner_id="0" stalemates.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-30 21:48:25 -04:00
..
functions/r2 fix(web): decompress .gz objects in Pages Function instead of setting Content-Encoding 2026-04-30 12:51:28 -04:00
public fix(web): re-apply Content-Encoding and relax X-Frame-Options 2026-04-30 12:48:24 -04:00
src fix: resolve universal stalemate — signing format and secret decryption 2026-04-30 21:48:25 -04:00
.gitignore Complete Phase 3: TypeScript Canvas replay viewer 2026-03-24 07:30:04 -04:00
CLOUDFLARE_DEPLOYMENT.md feat(ci): add Cloudflare Pages deployment configuration 2026-04-08 16:53:09 -04:00
DEPLOYMENT_INSTRUCTIONS.md docs(web): add Cloudflare Pages deployment instructions 2026-04-08 17:21:59 -04:00
embed.html feat(playlists): add playlist curation and rebuild logic per §10, with series/seasons/enrichment 2026-04-21 16:11:27 -04:00
index.html refactor(web): promote app.html to index.html as homepage 2026-04-25 08:51:52 -04:00
package-lock.json feat(web): add Agentation feedback overlay for UI annotation 2026-04-21 08:26:00 -04:00
package.json feat(web): add Agentation feedback overlay for UI annotation 2026-04-21 08:26:00 -04:00
pages.json refactor(web): promote app.html to index.html as homepage 2026-04-25 08:51:52 -04:00
replay.html refactor(web): promote app.html to index.html as homepage 2026-04-25 08:51:52 -04:00
test-match-list.js test(web): verify match list page renders cards with real matches 2026-04-25 11:58:02 -04:00
test-real-replay.js test(web): verify replay viewer loads and plays real match replay 2026-04-25 12:27:56 -04:00
test-replay-viewer.html test(web): verify replay viewer loads and plays real match replay 2026-04-25 12:10:09 -04:00
tsconfig.json Complete Phase 3: TypeScript Canvas replay viewer 2026-03-24 07:30:04 -04:00
vite.config.ts refactor(web): promote app.html to index.html as homepage 2026-04-25 08:51:52 -04:00
wrangler.toml feat(web): route R2 assets through Pages Function instead of r2.aicodebattle.com 2026-04-30 07:55:44 -04:00