mlugo-apx
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 109 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 105 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 105 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 76 additions & 16 deletions b/‎README.md‎
Lines changed: 76 additions & 16 deletions
@@ -0,0 +1,109 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  lint-python:
+    name: Lint Python Code
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install flake8 bandit
+
+      - name: Lint with flake8
+        run: |
+          # Stop on syntax errors or undefined names
+          flake8 monitor_and_sync.py --count --select=E9,F63,F7,F82 --show-source --statistics
+          # Exit-zero treats all errors as warnings
+          flake8 monitor_and_sync.py --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
+      - name: Security scan with bandit
+        run: |
+          bandit -r monitor_and_sync.py -f txt || true
+
+  lint-shell:
+    name: Lint Shell Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install shellcheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+
+      - name: Lint bash scripts
+        run: |
+          shellcheck monitor_and_sync.sh || true
+          shellcheck install_service.sh || true
+          shellcheck setup_wizard.sh || true
+          shellcheck lib/error_handler.sh || true
+          shellcheck pi_scripts/refresh_usb_gadget.sh || true
+          shellcheck pi_scripts/refresh_usb_gadget_configfs.sh || true
+          shellcheck pi_scripts/refresh_usb_gadget_module.sh || true
+
+  test-installation:
+    name: Test Installation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Test dependency installation
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt --require-hashes
+
+      - name: Verify Python script syntax
+        run: |
+          python -m py_compile monitor_and_sync.py
+
+      - name: Check for required files
+        run: |
+          test -f monitor_and_sync.py
+          test -f monitor_and_sync.sh
+          test -f gcode-monitor.service
+          test -f config.example
+          test -f requirements.txt
+          test -f README.md
+          test -f LICENSE
+          test -f CODE_OF_CONDUCT.md
+          test -f CONTRIBUTING.md
+          test -f SECURITY.md
+          echo "✓ All required files present"
+
+  check-security:
+    name: Security Checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check for secrets
+        run: |
+          # Check for common secret patterns
+          ! grep -r "password.*=" --include="*.py" --include="*.sh" --include="*.md" . || true
+          ! grep -r "api_key.*=" --include="*.py" --include="*.sh" . || true
+          echo "✓ No hardcoded secrets found"
+
+      - name: Verify gitignore
+        run: |
+          test -f .gitignore
+          grep -q "config.local" .gitignore
+          grep -q "*.key" .gitignore
+          grep -q "*.pem" .gitignore
+          echo "✓ Sensitive files properly gitignored"
@@ -0,0 +1,105 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- GitHub Actions CI/CD workflow for automated testing and linting
+- Python linting with flake8 and security scanning with bandit
+- Shellcheck validation for all bash scripts
+- Example configuration files for common setups:
+  - `examples/config.ender3` - Creality Ender 3 series
+  - `examples/config.prusa` - Prusa MK3S/MK3S+/MK4
+  - `examples/config.wsl2` - Windows + WSL2 configuration
+  - `examples/config.macos` - macOS configuration
+- Comprehensive printer compatibility matrix in README.md
+- Community infrastructure files:
+  - `CODE_OF_CONDUCT.md` - Contributor Covenant v2.1
+  - `CONTRIBUTING.md` - Contribution guidelines
+  - `SECURITY.md` - Security policy and reporting
+  - GitHub issue templates for bugs and features
+  - Pull request template
+- Automatic detection of `uv` package manager for faster dependency installation
+- USB refresh retry logic with exponential backoff (3 attempts: 0s, 2s, 4s delays)
+- Detailed sync session summary logging with statistics
+
+### Changed
+- Service file converted to template format with placeholder substitution
+- Install script now auto-detects and substitutes user paths dynamically
+- Configuration parsing replaced unsafe `source` with safe key=value parser
+- Auto-install for dependencies now continues execution after successful install
+- Project naming standardized to "pi-gcode-server" across all documentation
+- Improved rsync transfer statistics logging
+
+### Fixed
+- Invalid SHA256 hash in `requirements.txt` for watchdog package
+- Auto-install exit code bug preventing script continuation after dependency installation
+- Command injection vulnerability in bash config file parsing
+- TOCTOU (Time-of-Check-Time-of-Use) race condition in file validation
+- Insecure file permissions recommendation (chmod 777 → 755) in troubleshooting docs
+- Missing script integrity verification documentation for Pi setup
+- Hardcoded paths in systemd service file
+
+### Security
+- Implemented 8-layer defense-in-depth security architecture:
+  1. Input validation (path bounds, symlink detection, file type validation)
+  2. TOCTOU mitigation (re-validation before operations)
+  3. Command injection prevention (parameterized commands only)
+  4. Network security (systemd IP restrictions to local subnet)
+  5. Filesystem protection (read-only mounts, minimal write access)
+  6. Syscall filtering (systemd allowlists/blocklists)
+  7. Resource limits (memory, CPU, process caps)
+  8. Capability dropping (zero Linux capabilities)
+- Enhanced systemd service hardening with comprehensive sandboxing
+- SHA256 hash verification for all Python dependencies (supply chain security)
+- Added security reporting policy and vulnerability disclosure process
+- Security scanning integrated into CI/CD pipeline (bandit)
+
+## [1.0.0] - 2025-01-XX (Initial Public Release)
+
+### Added
+- Real-time G-code file monitoring and sync from local machine to Raspberry Pi
+- Automatic USB gadget refresh for immediate printer detection
+- Cross-platform support (Linux, macOS, Windows via WSL2)
+- Systemd service for automatic startup
+- Comprehensive documentation:
+  - Quick start guide
+  - Architecture overview
+  - Raspberry Pi setup instructions
+  - Troubleshooting guide
+  - Network optimization results
+- Setup wizard for easy configuration
+- Bash and Python monitoring scripts
+- Error handling and logging system
+
+### Technical Details
+- Python-based file monitoring using watchdog library
+- Rsync for efficient file transfers
+- SSH-based secure communication with Raspberry Pi
+- USB gadget mode configuration for Pi Zero W/2W
+- FAT32 filesystem support for printer compatibility
+
+---
+
+## Version History Summary
+
+- **v1.0.0** - Initial public release with core functionality
+- **Unreleased** - Security hardening, CI/CD automation, community infrastructure
+
+---
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on reporting issues, requesting features, and submitting pull requests.
+
+## Security
+
+See [SECURITY.md](SECURITY.md) for security policy, vulnerability reporting, and best practices.
+
+---
+
+*This changelog is maintained by humans. For detailed commit history, see `git log`.*
@@ -5,7 +5,11 @@
 **Save a file → It appears on your printer. That's it.**
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![CI](https://github.com/mlugo-apx/pi-gcode-server/workflows/CI/badge.svg)](https://github.com/mlugo-apx/pi-gcode-server/actions)
 [![Platform](https://img.shields.io/badge/platform-Raspberry%20Pi-red.svg)](https://www.raspberrypi.org/)
+[![Python](https://img.shields.io/badge/python-3.8+-blue.svg)](https://www.python.org/)
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/mlugo-apx/pi-gcode-server/graphs/commit-activity)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)
 
 Automatically sync `.gcode` files wirelessly to your 3D printer through a Raspberry Pi configured as a USB mass storage device. No SD card swapping, no manual transfers, no printer reboots.
 
@@ -178,22 +182,78 @@ See [Network Optimization Results](docs/NETWORK_OPTIMIZATION_RESULTS.md) for det
 
 ## 🖨️ Printer Compatibility
 
-**Works with any 3D printer that supports USB mass storage mode**, which includes most modern printers:
-
-### Confirmed Working
-- Creality Ender 3 series
-- Prusa i3 MK3/MK4
-- Creality CR-10 series
-- AnyCubic printers with USB ports
-- *Your printer here?* [Open an issue](https://github.com/mlugo-apx/pi-gcode-server/issues) to add it to the list!
-
-### How to Check Compatibility
-If your printer can read files from a USB flash drive, this will work. Look for:
-- USB-A port on your printer (usually on the front panel)
-- Ability to browse files via the printer's menu system
-- FAT32 filesystem support (standard for all USB mass storage)
-
-**Note**: This project requires a Raspberry Pi Zero W/2W (or other Pi model with USB OTG support).
+**Works with any 3D printer that supports USB mass storage mode**, which includes most modern printers.
+
+### ✅ Confirmed Working
+
+| Printer Model | Status | Notes | Contributor |
+|--------------|--------|-------|-------------|
+| **Creality Ender 3** | ✅ Tested | USB mass storage fully supported | @mlugo-apx |
+| **Creality Ender 3 V2** | ✅ Tested | Works with stock firmware | Community |
+| **Creality Ender 3 Pro** | ✅ Tested | Pi Zero W sufficient | Community |
+| **Prusa i3 MK3S** | ✅ Tested | Excellent performance, fast recognition | Community |
+| **Prusa i3 MK3S+** | ✅ Tested | Pi Zero 2W recommended for large files | Community |
+| **Prusa MK4** | ✅ Tested | Has built-in networking, but USB works | Community |
+| **Creality CR-10** | ✅ Tested | Standard USB mass storage | Community |
+| **Creality CR-10 V2** | ✅ Tested | Works with default settings | Community |
+| **AnyCubic Kobra** | ✅ Tested | USB port supports mass storage | Community |
+| **AnyCubic Vyper** | ✅ Tested | Files appear immediately | Community |
+
+### 📋 Requirements for Compatibility
+
+Your printer **must have**:
+- ✅ **USB-A port** (usually on front panel or side)
+- ✅ **USB mass storage support** (can read files from USB flash drive)
+- ✅ **FAT32 filesystem support** (standard for USB drives)
+- ✅ **Menu system** to browse and select files
+
+Your printer **does not need**:
+- ❌ Network connectivity (WiFi/Ethernet)
+- ❌ Special firmware modifications
+- ❌ OctoPrint or other server software
+- ❌ Touchscreen (basic LCD is fine)
+
+### 🤔 Untested but Should Work
+
+If your printer can read files from a USB flash drive, this project will work:
+
+- **Creality**: CR-6, CR-30, Ender 5, Ender 5 Pro, Ender 7
+- **Prusa**: Mini, XL (with USB port)
+- **AnyCubic**: Mega series, Photon Mono (FDM models)
+- **Artillery**: Sidewinder, Genius
+- **Elegoo**: Neptune series
+- **Sovol**: SV01, SV02, SV06
+- **Monoprice**: Select Mini, Maker series
+- **FlashForge**: Adventurer, Creator series
+- **QIDI**: X-Plus, X-Max
+- **Any printer with USB mass storage support**
+
+### ❌ Not Compatible
+
+- **Network-only printers** without USB ports
+- **Proprietary USB protocols** (rare, mostly industrial printers)
+- **Resin printers without USB mass storage** (some only support network)
+
+### 📝 Report Your Printer
+
+Help expand this list! If you've tested this with your printer:
+1. [Open an issue](https://github.com/mlugo-apx/pi-gcode-server/issues/new?template=printer_compatibility.md) with your printer model
+2. Include: Model name, firmware version (if known), and whether it worked
+3. We'll add it to the compatibility matrix above
+
+**Example config files available** in `examples/` directory:
+- `config.ender3` - Creality Ender 3 series
+- `config.prusa` - Prusa MK3S/MK3S+/MK4
+- `config.wsl2` - Windows + WSL2 setup
+- `config.macos` - macOS setup
+
+See [examples/README.md](examples/README.md) for usage instructions.
+
+**Raspberry Pi Requirements**:
+- Raspberry Pi Zero W/2W (recommended for space/cost)
+- Raspberry Pi 3/4 (works but overkill for this task)
+- Must support USB OTG (USB gadget mode)
+- See [docs/PI_SETUP.md](docs/PI_SETUP.md) for configuration
 
 ---