Releases: StarlightDaemon/BIND
Releases · StarlightDaemon/BIND
Release list
v2.2.0 — Security Hardening, Dependency Audit & React UI Polish
Security
- Added
X-Content-Type-Options,X-Frame-Options, andReferrer-Policyresponse headers on all routes - Set
SESSION_COOKIE_HTTPONLY,SESSION_COOKIE_SAMESITE=Lax, andPERMANENT_SESSION_LIFETIME=24h - Removed
db_pathfrom unauthenticated/healthresponse (filesystem path disclosure)
Dependencies
- Upgraded
vite5→7.3.5 and@vitejs/plugin-react4→5.2.0, resolving GHSA-67mh-4wv8-2f99 (esbuild dev server cross-origin vulnerability) pip-audit: 0 vulnerabilities in Python dependencies
Maintenance
- Fixed 4 ruff lint errors in
rss_server.py(mid-file imports, UP035typing.Callable) - Removed duplicate comment in
config_manager.py - Codecov integration confirmed live; coverage badge reporting
Tests
- 5 new tests: security headers +
/healthdb_path absence - 405 tests total, 95.96% coverage
v2.1.0 — Coverage gate raised to 75%; storage and resilience test suites
What's New
Test Coverage: 40% → 77%
Coverage gate raised from 40% to 75% (currently passing at 77%). Enforced in both CI and local pytest runs.
tests/test_storage_extended.py — 27 real-SQLite tests via tmp_path (no mocks):
- Schema verification (magnets + scrape_runs tables)
add_magnet: insert, count, duplicate idempotencyhas_hash: true/false/case-insensitiverecent(limit=N): count and orderingsearch(): FTS match and empty-string passthroughstats(): today, last_7_days, last_30_days keysrecord_scrape_run: row insertion and value correctness- WAL probe: succeeds on local filesystem path
tests/test_resilience_extended.py:
retry.py:_parse_retry_afterwith valid/invalid/absent header; 429 uses header wait timemigrate.py:_parse_linevalid/invalid;migrate()no-files, single file, deduplication, wrong filename pattern, multi-filesecurity.py:log_security_eventwrite path and OSError suppression;_rotate_log_if_neededtrim logic;_migrate_credentialsv1→v2 upgrade;get_base_dirbranch
Result
273 tests passing. 77% coverage. mypy clean. ruff clean.
What's Next
- T5: Codecov integration (requires Codecov account setup — see
.raiden/local/prompts/v2-completion/T5-codecov.md)
v2.0.0 — Metrics Dashboard, Domain Resilience, CI Hardening
What's New
Metrics Dashboard (/metrics)
- New auth-gated
/metricspage in the Vesper theme - Shows total records, today, last 7 days, last 30 days, and last collected date
- Color-coded scrape history table (success/failure/empty) with duration and new item counts
- Success rate percentage over last 30 runs
scrape_runstable added to SQLite schema — daemon records every cycle outcome
Domain Change Resilience
BindScraper.probe_target()classifies target domain health:reachable,cloudflare_block,wrong_content,unreachable- Daemon logs a WARNING at startup when the target is unreachable or serving wrong content
/healthendpoint includes a cachedtarget_probefield (5-minute TTL)
CI Hardening
pip-auditnow runs against both production and dev dependencies on every push- Previously only production deps were audited; dev CVEs (e.g. pytest CVE-2025-71176) were missed
Test Suite
223 tests passing. mypy clean. ruff clean.
What's Next
- T4: Raise coverage threshold from 40% → 75% with targeted SQLite storage tests
- T5: Codecov integration (requires external account setup)
v1.7.1 — Docker Hub CI & Polish
What's New
Deployment
- Add
docker/Dockerfile.single+docker/entrypoint.shfor single-container builds - Add
.github/workflows/docker-publish.yml— automatic Docker Hub publishing - Images:
starlightdaemon/bind:latest,1.7.1,1.7 - Add
unraid/bind.xmlcommunity app template
Features
- Flask secret key auto-generates and persists to
data/.secret_key - Cloudscraper egress layer now routes through proxy pool
- Advanced Settings section in UI: proxy list, job timeout, IP filter, auth toggle
Fixes
- Mypy generic type params, ruff F401/I001/UP045/B017
- 198 tests pass
v1.7.0 — SQLite Backend (MagnetStore)
What's New
- SQLite replaces flat-file storage —
MagnetStorewith FTS5 full-text search - 90-day retention cap — automatic pruning of old entries
- Migration tool —
src/core/migrate.pyimports existing.txtmagnet files into SQLite BIND_DB_PATHenv var controls database location (default:data/bind.db)- 193 tests pass
v1.6.1 — Audit Backlog Closed
What's New
- All production readiness audit findings resolved
ARCHITECTURE.mdfully rewritten to reflect current system design- Replaced remaining
print()calls with structured logger BIND_JOB_TIMEOUTdocumented in config- gunicorn pinned for reproducible builds
v1.6.0 — Audit Hardening & Test Coverage
What's New
- Comprehensive test coverage improvements (config manager, security, bind daemon, egress layers)
BIND_PROXIESmulti-proxy support documented and wired- Housekeeping: deps pinned, Dockerfile non-root user, ruff style cleanup
- All CI checks passing (ruff, mypy, pytest) across 3 Python versions
v1.4.0 — Schema Monitor, Multi-Strategy Parser & EgressManager
What's New
- SchemaHealthMonitor — detects and alerts on upstream HTML drift
- Multi-strategy parser — falls back through multiple parse strategies before failing
- EgressManager — unified egress layer: curl_cffi + cloudscraper with proxy pool support
- curl_cffi Session reuse — persistent connection pool for lower latency
- Job timeout wrapper prevents runaway scrape jobs
v1.5.0 — Resilience & Stability
What's New
- Job timeout —
BIND_JOB_TIMEOUTenv var caps runaway scrape jobs - RetryEngine fix — skip sleep on final retry attempt
- Dependency security patches (lxml, flask, curl-cffi)
- Dead code removal (
ScraperMetrics) - CI fully green across Python 3.10 / 3.11 / 3.12
v1.3.0 — Security Hardening & Retry Engine
What's New
- Security hardening — brute-force protection, IP filtering, XFF spoofing fixes, authenticated
/api/stats - RetryEngine — configurable retry logic with exponential backoff across all egress layers
- Gunicorn replaces Flask dev server in production
- Non-root container user (
bind, UID 1001)