refactor: move federated server logic to its own service #3

codity-dm · 2026-05-16T21:37:15Z

In federation.go handleConn, if tunnelAddresses is empty (no online nodes), rand.IntN(0) panics with a divide-by-zero, crashing the goroutine and potentially the process; add a length check and close the connection before returning.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online tunnel nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 100-104 Issue Type: security-critical Severity: critical Issue Description: In `federation.go` `handleConn`, if `tunnelAddresses` is empty (no online nodes), `rand.IntN(0)` panics with a divide-by-zero, crashing the goroutine and potentially the process; add a length check and close the connection before returning. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T11:25:56Z

In a non-p2p build, running the federated CLI now always fails with "not implemented" because this caller was switched to FederatedServer.Start while the new implementation exists only in the p2p-only file; trigger: build without the p2p tag and execute the federated command.

Either move the real FederatedServer.Start implementation into an untagged file, add the same build tag to the CLI command so it is unavailable without p2p, or preserve the previous non-tagged implementation path.

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 16-16 Issue Type: functional-critical Severity: critical Issue Description: In a non-p2p build, running the federated CLI now always fails with "not implemented" because this caller was switched to FederatedServer.Start while the new implementation exists only in the p2p-only file; trigger: build without the `p2p` tag and execute the federated command. Current Code: fs := p2p.NewFederatedServer(f.Address, p2p.FederatedID, f.Peer2PeerToken) return fs.Start(context.Background()) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:13:48Z

The new code passes context.Background() instead of the CLI-provided context, so cancellation signals (e.g., SIGINT) from the caller are ignored and the server cannot be gracefully shut down.

Suggested change

return fs.Start(context.Background())

return fs.Start(ctx.Context)

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 18-18 Issue Type: functional-high Severity: high Issue Description: The new code passes `context.Background()` instead of the CLI-provided context, so cancellation signals (e.g., SIGINT) from the caller are ignored and the server cannot be gracefully shut down. Current Code: return fs.Start(context.Background()) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:37:12Z

The new code passes context.Background() instead of the CLI-provided context, so cancellation signals (e.g., SIGINT) from the caller are ignored and the server cannot be gracefully shut down.

Suggested change

return fs.Start(context.Background())

return fs.Start(ctx.Context)

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 18-18 Issue Type: robustness-high Severity: high Issue Description: The new code passes `context.Background()` instead of the CLI-provided context, so cancellation signals (e.g., SIGINT) from the caller are ignored and the server cannot be gracefully shut down. Current Code: return fs.Start(context.Background()) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-17T18:03:12Z

The Run method ignores the incoming ctx parameter and passes context.Background() to fs.Start, preventing proper cancellation or shutdown propagation from the CLI framework.

Suggested change

return fs.Start(context.Background())

return fs.Start(ctx.Context)

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 18-18 Issue Type: functional-high Severity: high Issue Description: The `Run` method ignores the incoming `ctx` parameter and passes `context.Background()` to `fs.Start`, preventing proper cancellation or shutdown propagation from the CLI framework. Current Code: return fs.Start(context.Background()) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T10:37:49Z

This ignores the CLI context and starts the server with a detached background context, so shutdown and cancellation will not propagate; pass the provided context instead.

Suggested change

return fs.Start(context.Background())

return fs.Start(ctx)

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/cli/federated.go Lines: 18-18 Issue Type: functional-high Severity: high Issue Description: This ignores the CLI context and starts the server with a detached background context, so shutdown and cancellation will not propagate; pass the provided context instead. Current Code: return fs.Start(context.Background()) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:13:48Z

The p2p token is stored as a plain string field with no validation or sanitization; an empty or malformed token passed to NewFederatedServer will propagate silently and be used to initialize a network node, potentially allowing unauthenticated federation. Add a non-empty check and return an error or panic early.

Suggested fix

func NewFederatedServer(listenAddr, service, p2pToken string) (*FederatedServer, error) { if p2pToken == "" { return nil, fmt.Errorf("p2pToken must not be empty") } if listenAddr == "" { return nil, fmt.Errorf("listenAddr must not be empty") } return &FederatedServer{ listenAddr: listenAddr, service: service, p2ptoken: p2pToken, }, nil }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federatedServer.go Lines: 7-13 Issue Type: security-high Severity: high Issue Description: The p2p token is stored as a plain string field with no validation or sanitization; an empty or malformed token passed to NewFederatedServer will propagate silently and be used to initialize a network node, potentially allowing unauthenticated federation. Add a non-empty check and return an error or panic early. Current Code: func NewFederatedServer(listenAddr, service, p2pToken string) *FederatedServer { return &FederatedServer{ listenAddr: listenAddr, service: service, p2ptoken: p2pToken, } } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

greptile-apps · 2026-05-16T21:09:39Z

Node started twice before service discovery

FederatedServer.Start calls n.Start(ctx) on line 28, then ServiceDiscoverer → discoveryTunnels (in p2p.go) calls n.Start(ctx) a second time on the same node instance. This mirrors the original FederatedCLI.Run behaviour but is carried forward here. Depending on how edgevpn's node.Start handles duplicate calls (panic, error, or silent no-op), this could result in unexpected runtime behaviour.

codity-dm · 2026-05-16T21:13:48Z

The error returned by node.Ledger() is silently discarded with _; a nil ledger will cause a nil-pointer panic on the subsequent ledger.Announce call.

Suggested fix

ledger, err := node.Ledger() if err != nil { log.Error().Err(err).Msg("Error getting ledger") return err }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 51-51 Issue Type: robustness-high Severity: high Issue Description: The error returned by `node.Ledger()` is silently discarded with `_`; a nil ledger will cause a nil-pointer panic on the subsequent `ledger.Announce` call. Current Code: ledger, _ := node.Ledger() --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:37:13Z

The error from node.Ledger() is silently discarded with _; if ledger acquisition fails, subsequent calls on the nil ledger will panic.

Suggested fix

ledger, err := node.Ledger() if err != nil { log.Error().Err(err).Msg("Error getting ledger") return err }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 51-51 Issue Type: robustness-high Severity: high Issue Description: The error from `node.Ledger()` is silently discarded with `_`; if ledger acquisition fails, subsequent calls on the nil ledger will panic. Current Code: ledger, _ := node.Ledger() --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-17T18:03:12Z

The error return from node.Ledger() is silently discarded; if ledger acquisition fails, subsequent calls on a nil ledger will panic.

Suggested fix

ledger, err := node.Ledger() if err != nil { return fmt.Errorf("getting ledger: %w", err) }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 51-51 Issue Type: robustness-high Severity: high Issue Description: The error return from `node.Ledger()` is silently discarded; if ledger acquisition fails, subsequent calls on a nil ledger will panic. Current Code: ledger, _ := node.Ledger() --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T11:25:56Z

Spawning an unbounded goroutine for every accepted connection allows trivial resource exhaustion, so enforce a concurrency limit or backpressure before launching handleConn.

Suggested fix

select { case sem <- struct{}{}: go func() { defer func() { <-sem }() handleConn(conn) }() default: log.Error().Msg("Too many concurrent connections") conn.Close() }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 87-87 Issue Type: performance-high Severity: high Issue Description: Spawning an unbounded goroutine for every accepted connection allows trivial resource exhaustion, so enforce a concurrency limit or backpressure before launching handleConn. Current Code: go handleConn(conn) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:13:49Z

The proxy accept loop spins in the default branch without blocking, consuming 100% CPU when no connections arrive; l.Accept() already blocks, but the surrounding select with a default case means the goroutine never yields to the scheduler between the context check and the blocking Accept call on a busy loop iteration: replace with a blocking accept and a separate context-cancellation mechanism.

Suggested fix

go func() { <-ctx.Done() l.Close() }() for { conn, err := l.Accept() if err != nil { select { case <-ctx.Done(): return errors.New("context canceled") default: log.Error().Err(err).Msg("Error accepting") continue } } go handleConn(conn) }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 73-89 Issue Type: performance-high Severity: high Issue Description: The `proxy` accept loop spins in the `default` branch without blocking, consuming 100% CPU when no connections arrive; `l.Accept()` already blocks, but the surrounding `select` with a `default` case means the goroutine never yields to the scheduler between the context check and the blocking `Accept` call on a busy loop iteration: replace with a blocking accept and a separate context-cancellation mechanism. Current Code: for { select { case <-ctx.Done(): return errors.New("context canceled") default: log.Debug().Msg("New for connection") conn, err := l.Accept() if err != nil { fmt.Println("Error accepting: ", err.Error()) continue } go handleConn(conn) } } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:37:13Z

When l.Accept() returns an error after context cancellation, the loop continues to the default branch and calls l.Accept() again instead of exiting; check ctx.Done() before retrying or use a non-blocking select with a timeout.

Suggested fix

for { select { case <-ctx.Done(): return errors.New("context canceled") default: } log.Debug().Msg("New for connection") conn, err := l.Accept() if err != nil { select { case <-ctx.Done(): return errors.New("context canceled") default: } log.Error().Err(err).Msg("Error accepting connection") continue } go handleConn(conn) }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 73-89 Issue Type: robustness-medium Severity: medium Issue Description: When `l.Accept()` returns an error after context cancellation, the loop continues to the `default` branch and calls `l.Accept()` again instead of exiting; check `ctx.Done()` before retrying or use a non-blocking select with a timeout. Current Code: for { select { case <-ctx.Done(): return errors.New("context canceled") default: log.Debug().Msg("New for connection") conn, err := l.Accept() if err != nil { fmt.Println("Error accepting: ", err.Error()) continue } go handleConn(conn) } } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-17T18:03:12Z

l.Accept() blocks indefinitely in the default branch, so the ctx.Done() case is never reached while waiting for a connection; use a deadline or a separate goroutine to make context cancellation responsive.

Suggested fix

go func() { <-ctx.Done() l.Close() }() for { conn, err := l.Accept() if err != nil { select { case <-ctx.Done(): return errors.New("context canceled") default: log.Error().Err(err).Msg("Error accepting") continue } } go handleConn(conn) }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 73-89 Issue Type: robustness-medium Severity: medium Issue Description: `l.Accept()` blocks indefinitely in the `default` branch, so the `ctx.Done()` case is never reached while waiting for a connection; use a deadline or a separate goroutine to make context cancellation responsive. Current Code: for { select { case <-ctx.Done(): return errors.New("context canceled") default: log.Debug().Msg("New for connection") // Listen for an incoming connection. conn, err := l.Accept() if err != nil { fmt.Println("Error accepting: ", err.Error()) continue } // Handle connections in a new goroutine, forwarding to the p2p service go handleConn(conn) } } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

greptile-apps · 2026-05-16T21:09:38Z

Panic when no online nodes are available

If all federated nodes are offline, tunnelAddresses is empty and rand.IntN(0) panics at runtime. The refactoring extracted this into a standalone handleConn function, preserving the crash path. Any incoming connection when the cluster has no live members will terminate the goroutine with a panic rather than returning a clean error to the caller.

greptile-apps · 2026-05-16T21:09:40Z

After collecting online addresses, add a guard before calling rand.IntN so an empty slice does not cause a panic. The connection should be closed cleanly with a log message instead.

Suggested change

// open a TCP stream to one of the tunnels

// chosen randomly

// TODO: optimize this and track usage

tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

// open a TCP stream to one of the tunnels

// chosen randomly

// TODO: optimize this and track usage

if len(tunnelAddresses) == 0 {

log.Error().Msg("No online tunnel nodes available")

conn.Close()

return

}

tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

codity-dm · 2026-05-16T21:13:48Z

If tunnelAddresses is empty (no online nodes), rand.IntN(0) panics with a runtime error; add a guard before indexing.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online tunnel nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: If `tunnelAddresses` is empty (no online nodes), `rand.IntN(0)` panics with a runtime error; add a guard before indexing. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:37:11Z

If tunnelAddresses is empty, rand.IntN(0) panics with a runtime error; add a guard to close the connection and return early when no online nodes are available.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online tunnel nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: If `tunnelAddresses` is empty, `rand.IntN(0)` panics with a runtime error; add a guard to close the connection and return early when no online nodes are available. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-17T18:03:12Z

tunnelAddresses may be empty when no nodes are online, causing rand.IntN(0) to panic with an index-out-of-range; add a guard before indexing.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online tunnel nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: `tunnelAddresses` may be empty when no nodes are online, causing `rand.IntN(0)` to panic with an index-out-of-range; add a guard before indexing. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-19T02:58:32Z

Selecting a random tunnel without checking for an empty list can panic, so return early when no online federated nodes are available.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online federated nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: Selecting a random tunnel without checking for an empty list can panic, so return early when no online federated nodes are available. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T10:22:45Z

Selecting a random tunnel without checking for an empty slice will panic, so return early when no online nodes are available.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online federated nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: Selecting a random tunnel without checking for an empty slice will panic, so return early when no online nodes are available. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T10:37:49Z

Selecting a random tunnel from an empty slice panics, so return early when no online federated nodes are available.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online federated nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: Selecting a random tunnel from an empty slice panics, so return early when no online federated nodes are available. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T11:25:56Z

Selecting a tunnel with rand.IntN(len(tunnelAddresses)) panics when no online federated nodes are available, so guard the empty slice and close the client connection cleanly.

Suggested fix

if len(tunnelAddresses) == 0 { log.Error().Msg("No online federated nodes available") conn.Close() return } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))]

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 106-106 Issue Type: functional-critical Severity: critical Issue Description: Selecting a tunnel with rand.IntN(len(tunnelAddresses)) panics when no online federated nodes are available, so guard the empty slice and close the client connection cleanly. Current Code: tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:13:49Z

TunnelAddress values sourced from the distributed ledger (untrusted peers) are passed directly to net.Dial without validation, allowing a malicious peer to redirect connections to arbitrary internal hosts (SSRF).

Suggested fix

// Validate that tunnelAddr resolves to an expected loopback/VPN range before dialing. // Example: parse host and verify it is within the allowed CIDR before appending. host, _, err := net.SplitHostPort(v.TunnelAddress) if err != nil { log.Warn().Msgf("Skipping invalid tunnel address %s", v.TunnelAddress) continue } ip := net.ParseIP(host) if ip == nil || !allowedCIDR.Contains(ip) { log.Warn().Msgf("Tunnel address %s outside allowed range, skipping", v.TunnelAddress) continue } tunnelAddresses = append(tunnelAddresses, v.TunnelAddress)

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 97-108 Issue Type: security-high Severity: high Issue Description: `TunnelAddress` values sourced from the distributed ledger (untrusted peers) are passed directly to `net.Dial` without validation, allowing a malicious peer to redirect connections to arbitrary internal hosts (SSRF). Current Code: tunnelAddresses = append(tunnelAddresses, v.TunnelAddress) } } tunnelAddr := tunnelAddresses[rand.IntN(len(tunnelAddresses))] tunnelConn, err := net.Dial("tcp", tunnelAddr) --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-19T02:58:32Z

The accepted client connection is left open on dial failure, so close it before returning.

Suggested fix

tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") conn.Close() return }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 108-111 Issue Type: robustness-high Severity: high Issue Description: The accepted client connection is left open on dial failure, so close it before returning. Current Code: tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") return } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T10:22:45Z

The accepted client connection is leaked when net.Dial fails, so close conn before returning on this error path.

Suggested fix

tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") conn.Close() return }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 108-111 Issue Type: robustness-high Severity: high Issue Description: The accepted client connection is leaked when net.Dial fails, so close conn before returning on this error path. Current Code: tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") return } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T10:37:49Z

The accepted client connection is leaked on dial failure, so close conn before returning.

Suggested fix

tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") conn.Close() return }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 108-111 Issue Type: robustness-high Severity: high Issue Description: The accepted client connection is leaked on dial failure, so close conn before returning. Current Code: tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") return } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-21T11:25:56Z

The accepted client connection is leaked on tunnel dial failure, so close conn before returning from the error path.

Suggested fix

tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") conn.Close() return }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 108-111 Issue Type: robustness-high Severity: high Issue Description: The accepted client connection is leaked on tunnel dial failure, so close conn before returning from the error path. Current Code: tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") return } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-17T18:03:12Z

When handleConn returns early after a dial error, conn is never closed, leaking the accepted connection.

Suggested fix

tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") conn.Close() return }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 108-112 Issue Type: robustness-high Severity: high Issue Description: When `handleConn` returns early after a dial error, `conn` is never closed, leaking the accepted connection. Current Code: tunnelConn, err := net.Dial("tcp", tunnelAddr) if err != nil { log.Error().Err(err).Msg("Error connecting to tunnel") return } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

codity-dm · 2026-05-16T21:13:49Z

io.Copy errors are silently ignored in copyStream; log or surface the error so connection failures are observable.

Suggested fix

func copyStream(closer chan struct{}, dst io.Writer, src io.Reader) { defer func() { closer <- struct{}{} }() // connection is closed, send signal to stop proxy if _, err := io.Copy(dst, src); err != nil { log.Debug().Err(err).Msg("copyStream error") } }

Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert go developer with deep knowledge of security, performance, and best practices. ### Context File: core/p2p/federation.go Lines: 124-127 Issue Type: robustness-medium Severity: medium Issue Description: `io.Copy` errors are silently ignored in `copyStream`; log or surface the error so connection failures are observable. Current Code: func copyStream(closer chan struct{}, dst io.Writer, src io.Reader) { defer func() { closer <- struct{}{} }() // connection is closed, send signal to stop proxy io.Copy(dst, src) } --- ### Instructions 1. Fix the issue described above 2. Maintain the exact indentation and code style from the original 3. Follow go best practices and language-specific idioms 4. Ensure the fix addresses the root cause, not just the symptoms 5. Add brief inline comments explaining the fix if needed ### Constraints - Do not change functionality beyond fixing the identified issue - Preserve existing variable names and function signatures unless they are part of the problem - Ensure the fix is production-ready ---

-Original file line number
+Diff line change
@@ -0,0 +1,13 @@
+    package p2p
+    type FederatedServer struct {
+    	listenAddr, service, p2ptoken string
+    }
+    func NewFederatedServer(listenAddr, service, p2pToken string) *FederatedServer {
+    	return &FederatedServer{
+    		listenAddr: listenAddr,
+    		service:    service,
+    		p2ptoken:   p2pToken,
+    	}
+    }

-Original file line number
+Diff line change
@@ Expand Up / @@ -7,7 +7,6 @@ import ( @@
     	"context"
     	"errors"
     	"fmt"
-    	"io"
     	"net"
     	"os"
     	"sync"
@@ Expand Down Expand Up @@
     }
-    func copyStream(closer chan struct{}, dst io.Writer, src io.Reader) {
-    	defer func() { closer <- struct{}{} }() // connection is closed, send signal to stop proxy
-    	io.Copy(dst, src)
-    }
     // This is the main of the server (which keeps the env variable updated)
     // This starts a goroutine that keeps LLAMACPP_GRPC_SERVERS updated with the discovered services
     func ServiceDiscoverer(ctx context.Context, n *node.Node, token, servicesID string, discoveryFunc func()) error {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -14,6 +14,10 @@ func GenerateToken() string { @@
     	return "not implemented"
     }
+    func (fs *FederatedServer) Start(ctx context.Context) error {
+    	return fmt.Errorf("not implemented")
+    }
     func ServiceDiscoverer(ctx context.Context, node *node.Node, token, servicesID string, fn func()) error {
     	return fmt.Errorf("not implemented")
     }
@@ Expand Down @@

refactor: move federated server logic to its own service #3

Are you sure you want to change the base?

Uh oh!

refactor: move federated server logic to its own service #3

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 17, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

greptile-apps Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 17, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 17, 2026

Choose a reason for hiding this comment

Uh oh!

greptile-apps Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

greptile-apps Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 16, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 17, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 19, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment

Uh oh!

codity-dm Bot May 21, 2026

Choose a reason for hiding this comment