- Security criticals: deterministic RNG, constant-time auth, key zeroing, job dispatch panic
- Lint discipline: removed 5 dangerous workspace-wide allows
- Panic elimination: keystore, eigenlayer registration, runner config
- Result: 5.5 → 6.5/10
Date: 2026-04-04 Status: building
Seal every crack, harden every surface. Gen 1 stopped the bleeding. Gen 2 closes every remaining HIGH and MEDIUM finding, fixes the structural bloat, and adds the missing production hardening. Target: 9/10 across all categories.
- Add
// SAFETY:comments tounsafe impl Send/Syncin runner + manager, or eliminate them - Fix
unsafeenv var mutation in remote-providers (use Mutex or scoped approach) - Fix TOCTOU on key file permissions (create with restricted permissions from the start)
- Fix
transmuteendianness in JobId (usefrom_le_bytes/to_le_bytes)
- Add per-peer rate limiting to P2P protocol (request + gossip)
- Add size-bounded deserialization for bincode on network messages
- Replace SSH command denylist with allowlist pattern
- Replace QoS busy-wait polling with
tokio::sync::watchchannel - Add backpressure to producer/consumer pipeline (bounded channels)
- Audit remaining ~100 suppressed clippy lints — remove unjustified, fix warnings
- Target: only genuinely stylistic lints remain suppressed
- Audit all TODO/FIXME in production code — resolve meaningful ones, delete stale ones
- Remove dead code surfaced by lint changes
- Clean up hardcoded values (service_id=1, blueprint_id=1 in QoS)
- Populate workspace-hack with hakari output for compile-time dedup
- Audit and document the meta-crate strategy (keep/merge decision with rationale)
- Key rotation for operators
- Pre-submission slashing protection
- MEV-protected result submission
cargo tangle devzero-config mode