esbuild's Go binary crashes with lfstack.push on kernels with 5-level
paging or high-entropy ASLR (memory mapped above 47-bit addresses).
Disabling ASLR via the personality syscall for the build process keeps
allocations at low addresses without requiring host changes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Alpine (musl) + esbuild's Go binary crashes with lfstack.push on
high-entropy ASLR kernels. Debian (glibc) uses a different memory
allocator that avoids the issue.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
esbuild ships a pre-compiled Go binary that crashes with
"lfstack.push invalid packing" on Linux kernels with 5-level paging
or high-entropy ASLR, which place memory above 47-bit addresses.
Limiting glibc arena count keeps allocations in the lower address range.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
golang:1.24-alpine may resolve to 1.24.0 which triggers Go's toolchain
auto-download when go.mod specifies go 1.24.1, failing in restricted
Docker build environments.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace the flat circular buffer with NodeAwareCache, a smarter eviction
strategy for historical mesh packet data:
- Packets younger than 1 hour are never evicted (recent traffic preserved)
- Under pressure, evict from the lowest-priority type first (neighbor-info
outlasts node-info; chat messages outlast everything)
- Within a priority tier, evict from the most recently active source node —
that node will resend soonest, so its old packet is cheapest to lose
(Bélády approximation; protects flaky/distant node history)
- Node retention window still applies: silent nodes' packets are excluded
from GetAll and pruned proactively before priority eviction runs
Also:
- Add --cache-retention flag (default 3h) and raise --cache-size default to 5000
- Fix decoder error strings (replace verbose Go errors with short codes)
- Add HTTP security headers middleware to server
- Fix broker dispatchLoop deadlock on source channel close
- Fix make gen-proto scanning web/node_modules for .proto files
- Fix tools target always reinstalling protoc-gen-go (handles stale arch binary)
- Move server port from 8080 to 5446; update Dockerfile, docker-compose, moat.yaml
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
