The MLS gate encryption system requires libprivacy_core.so — a Rust
shared library that was only compiled locally on the dev machine.
Docker users got "active gate identity is not mapped into the MLS
group" because the library was never built or included in the image.
Add a multi-stage Docker build:
- Stage 1: rust:1.87-slim-bookworm compiles privacy-core to .so
- Stage 2: copies libprivacy_core.so into the Python backend image
- Set PRIVACY_CORE_LIB env var so Python finds the library
Also track the privacy-core Rust source (Cargo.toml, Cargo.lock,
src/lib.rs) in git — they were previously untracked, which is why
the Docker build never had access to them.
Add root .dockerignore to exclude build caches and large directories
from the Docker build context.
Gate messages now propagate via the Infonet hashchain as encrypted blobs — every node syncs them
through normal chain sync while only Gate members with MLS keys can decrypt. Added mesh reputation
system, peer push workers, voluntary Wormhole opt-in for node participation, fork recovery,
killwormhole scripts, obfuscated terminology, and hardened the self-updater to protect encryption
keys and chain state during updates.
New features: Shodan search, train tracking, Sentinel Hub imagery, 8 new intelligence layers,
CCTV expansion to 11,000+ cameras across 6 countries, Mesh Terminal CLI, prediction markets,
desktop-shell scaffold, and comprehensive mesh test suite (215 frontend + backend tests passing).
Community contributors: @wa1id, @AlborzNazari, @adust09, @Xpirix, @imqdcr, @csysp, @suranyami,
@chr0n1x, @johan-martensson, @singularfailure, @smithbh, @OrfeoTerkuci, @deuza, @tm-const,
@Elhard1, @ttulttul
Change backend context from . to ./backend in docker-compose.
This is necessary for copying the pyproject.toml and uv.lock files from project root level
In Docker, main.py lives at /app/main.py so Path.parent.parent
resolves to filesystem root /, causing PermissionError on .github
and other dirs. Now detects this case and falls back to cwd.
Also grants backenduser write access to /app for auto-update.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Former-commit-id: 12c8bb5816a70161d5ab5d79f9240e7eab6e6e15
python:3.10-slim now resolves to Debian Trixie where ttf-unifont and
ttf-ubuntu-font-family packages were renamed/removed, causing Playwright's
--with-deps chromium install to fail. Pin to bookworm (Debian 12) for
stable font package availability.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Former-commit-id: 805560e4b7e3df6441ed5d7221f6bf5e9e665438
anoracleofra-code