Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: StarlightDaemon/BIND

v2.2.0 — Security Hardening, Dependency Audit & React UI Polish

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 04 Jun 19:32

Security

  • Added X-Content-Type-Options, X-Frame-Options, and Referrer-Policy response headers on all routes
  • Set SESSION_COOKIE_HTTPONLY, SESSION_COOKIE_SAMESITE=Lax, and PERMANENT_SESSION_LIFETIME=24h
  • Removed db_path from unauthenticated /health response (filesystem path disclosure)

Dependencies

  • Upgraded vite 5→7.3.5 and @vitejs/plugin-react 4→5.2.0, resolving GHSA-67mh-4wv8-2f99 (esbuild dev server cross-origin vulnerability)
  • pip-audit: 0 vulnerabilities in Python dependencies

Maintenance

  • Fixed 4 ruff lint errors in rss_server.py (mid-file imports, UP035 typing.Callable)
  • Removed duplicate comment in config_manager.py
  • Codecov integration confirmed live; coverage badge reporting

Tests

  • 5 new tests: security headers + /health db_path absence
  • 405 tests total, 95.96% coverage

v2.1.0 — Coverage gate raised to 75%; storage and resilience test suites

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 04 Jun 07:25

What's New

Test Coverage: 40% → 77%

Coverage gate raised from 40% to 75% (currently passing at 77%). Enforced in both CI and local pytest runs.

tests/test_storage_extended.py — 27 real-SQLite tests via tmp_path (no mocks):

  • Schema verification (magnets + scrape_runs tables)
  • add_magnet: insert, count, duplicate idempotency
  • has_hash: true/false/case-insensitive
  • recent(limit=N): count and ordering
  • search(): FTS match and empty-string passthrough
  • stats(): today, last_7_days, last_30_days keys
  • record_scrape_run: row insertion and value correctness
  • WAL probe: succeeds on local filesystem path

tests/test_resilience_extended.py:

  • retry.py: _parse_retry_after with valid/invalid/absent header; 429 uses header wait time
  • migrate.py: _parse_line valid/invalid; migrate() no-files, single file, deduplication, wrong filename pattern, multi-file
  • security.py: log_security_event write path and OSError suppression; _rotate_log_if_needed trim logic; _migrate_credentials v1→v2 upgrade; get_base_dir branch

Result

273 tests passing. 77% coverage. mypy clean. ruff clean.

What's Next

  • T5: Codecov integration (requires Codecov account setup — see .raiden/local/prompts/v2-completion/T5-codecov.md)

v2.0.0 — Metrics Dashboard, Domain Resilience, CI Hardening

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 04 Jun 07:16

What's New

Metrics Dashboard (/metrics)

  • New auth-gated /metrics page in the Vesper theme
  • Shows total records, today, last 7 days, last 30 days, and last collected date
  • Color-coded scrape history table (success/failure/empty) with duration and new item counts
  • Success rate percentage over last 30 runs
  • scrape_runs table added to SQLite schema — daemon records every cycle outcome

Domain Change Resilience

  • BindScraper.probe_target() classifies target domain health: reachable, cloudflare_block, wrong_content, unreachable
  • Daemon logs a WARNING at startup when the target is unreachable or serving wrong content
  • /health endpoint includes a cached target_probe field (5-minute TTL)

CI Hardening

  • pip-audit now runs against both production and dev dependencies on every push
  • Previously only production deps were audited; dev CVEs (e.g. pytest CVE-2025-71176) were missed

Test Suite

223 tests passing. mypy clean. ruff clean.

What's Next

  • T4: Raise coverage threshold from 40% → 75% with targeted SQLite storage tests
  • T5: Codecov integration (requires external account setup)

v1.7.1 — Docker Hub CI & Polish

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:32

What's New

Deployment

  • Add docker/Dockerfile.single + docker/entrypoint.sh for single-container builds
  • Add .github/workflows/docker-publish.yml — automatic Docker Hub publishing
  • Images: starlightdaemon/bind:latest, 1.7.1, 1.7
  • Add unraid/bind.xml community app template

Features

  • Flask secret key auto-generates and persists to data/.secret_key
  • Cloudscraper egress layer now routes through proxy pool
  • Advanced Settings section in UI: proxy list, job timeout, IP filter, auth toggle

Fixes

  • Mypy generic type params, ruff F401/I001/UP045/B017
  • 198 tests pass

v1.7.0 — SQLite Backend (MagnetStore)

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:32

What's New

  • SQLite replaces flat-file storageMagnetStore with FTS5 full-text search
  • 90-day retention cap — automatic pruning of old entries
  • Migration toolsrc/core/migrate.py imports existing .txt magnet files into SQLite
  • BIND_DB_PATH env var controls database location (default: data/bind.db)
  • 193 tests pass

v1.6.1 — Audit Backlog Closed

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:31

What's New

  • All production readiness audit findings resolved
  • ARCHITECTURE.md fully rewritten to reflect current system design
  • Replaced remaining print() calls with structured logger
  • BIND_JOB_TIMEOUT documented in config
  • gunicorn pinned for reproducible builds

v1.6.0 — Audit Hardening & Test Coverage

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:31

What's New

  • Comprehensive test coverage improvements (config manager, security, bind daemon, egress layers)
  • BIND_PROXIES multi-proxy support documented and wired
  • Housekeeping: deps pinned, Dockerfile non-root user, ruff style cleanup
  • All CI checks passing (ruff, mypy, pytest) across 3 Python versions

v1.4.0 — Schema Monitor, Multi-Strategy Parser & EgressManager

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:31

What's New

  • SchemaHealthMonitor — detects and alerts on upstream HTML drift
  • Multi-strategy parser — falls back through multiple parse strategies before failing
  • EgressManager — unified egress layer: curl_cffi + cloudscraper with proxy pool support
  • curl_cffi Session reuse — persistent connection pool for lower latency
  • Job timeout wrapper prevents runaway scrape jobs

v1.5.0 — Resilience & Stability

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:31

What's New

  • Job timeoutBIND_JOB_TIMEOUT env var caps runaway scrape jobs
  • RetryEngine fix — skip sleep on final retry attempt
  • Dependency security patches (lxml, flask, curl-cffi)
  • Dead code removal (ScraperMetrics)
  • CI fully green across Python 3.10 / 3.11 / 3.12

v1.3.0 — Security Hardening & Retry Engine

Choose a tag to compare

@StarlightDaemon StarlightDaemon released this 13 May 04:31

What's New

  • Security hardening — brute-force protection, IP filtering, XFF spoofing fixes, authenticated /api/stats
  • RetryEngine — configurable retry logic with exponential backoff across all egress layers
  • Gunicorn replaces Flask dev server in production
  • Non-root container user (bind, UID 1001)