fix(pulse, security): resolve critical DMS pulse and harden system

This release addresses critical Dead Man's Switch (DMS) pulse bugs,
implements significant security enhancements, and refines the warrant
canary.

Fixed:
- Critical DMS pulse bug causing 500 errors on subsequent pulses
- Pulse token URL encoding issues leading to 404 errors
- Public pulse URL security leak from vault page
- Nonce validation reordered after token validation to prevent DoS
- Incorrect pulse interval calculation
- Transaction safety for seal creation and burn operations
- MockDatabase consistency with production behavior

Added:
- Comprehensive error logging with ErrorLogger utility
- New pulse token generation after each successful pulse
- URL encoding for pulse tokens in display contexts
- Transaction rollback for database operations
- Enhanced warrant canary page with detailed explanations
- Input validation for pulse interval (1-30 days)

Removed:
- Admin canary update endpoint and management page
- Public pulse URL display from vault page

Author: teycir

README.md

@@ -194,6 +194,26 @@ sequenceDiagram
 
 See [HARDENING.md](docs/HARDENING.md) for full details.
 
+### 🕊️ Warrant Canary - Transparency by Design
+
+**What is it?** A warrant canary is a method to inform users that a service has NOT received secret government requests. If the canary disappears or stops updating, it signals potential compromise.
+
+**How it works:**
+- Visit [/canary](https://timeseal.dev/canary) to see live transparency status
+- Page auto-generates with current date on every visit
+- Lists all security checkpoints (no warrants, no gag orders, no data requests, etc.)
+- If page shows outdated date or returns error, assume compromise
+
+**Why it matters:** Some government requests come with gag orders preventing disclosure. By regularly stating we have NOT received such requests, we can signal compromise by simply stopping updates (which is legal even under gag orders).
+
+**Technical implementation:**
+- Server-side rendered on every request (no stored file to tamper with)
+- No database or manual updates required
+- Open source code publicly auditable
+- Distributed on Cloudflare Workers edge network
+
+**Verification:** Bookmark the canary page and check it monthly. The date should always be current.
+
 ---
 
 ### "Can I just change my computer's clock to unlock it early?"
@@ -332,7 +352,15 @@ See [LICENSE](LICENSE) for full terms.
 
 ## 🔮 Roadmap
 
-**Recently Implemented (v0.6.0):**
+**Recently Implemented (v0.6.1):**
+- ✅ Dead Man's Switch Pulse Fix - Resolved 500 error on repeated pulses
+- ✅ Pulse Token URL Encoding - Fixed 404 errors with special characters
+- ✅ Security Hardening - Removed public pulse URL exposure
+- ✅ Error Logging System - Comprehensive debugging with ErrorLogger
+- ✅ Transaction Safety - Rollback mechanisms for database operations
+- ✅ Warrant Canary Cleanup - Removed broken admin endpoints
+
+**Recently Implemented (v0.6.0):****
 - ✅ Security Hardening - Memory protection, extension detection, warrant canary
 - ✅ Built-in Warrant Canary - Auto-updating transparency at /canary
 - ✅ Security Dashboard - Real-time browser extension warnings

app/admin/canary/page.tsx

@@ -4,7 +4,11 @@ import { jsonResponse } from "@/lib/apiHandler";
 export async function GET(request: NextRequest) {
   // Verify cron secret
   const authHeader = request.headers.get("authorization");
-  const cronSecret = process.env.CRON_SECRET || "change-me";
+  const cronSecret = process.env.CRON_SECRET;
+  
+  if (!cronSecret || cronSecret === '' || cronSecret === 'change-me') {
+    return jsonResponse({ error: "CRON_SECRET not configured" }, 500);
+  }
 
   if (authHeader !== `Bearer ${cronSecret}`) {
     return jsonResponse({ error: "Unauthorized" }, 401);

app/api/admin/update-canary/route.ts

@@ -4,7 +4,7 @@ import { handleMetricsRequest } from '@/lib/metrics';
 const METRICS_SECRET = process.env.METRICS_SECRET;
 
 export async function GET(request: NextRequest) {
-  if (!METRICS_SECRET || METRICS_SECRET === 'dev-secret') {
+  if (!METRICS_SECRET || METRICS_SECRET === '' || METRICS_SECRET === 'dev-secret') {
     return new Response('Metrics disabled', { status: 404 });
   }
 

app/api/cron/route.ts

@@ -12,6 +12,13 @@ export async function POST(request: NextRequest) {
       return createErrorResponse(ErrorCode.INVALID_INPUT, 'Pulse token required');
     }
 
+    // Validate newInterval if provided
+    if (newInterval !== undefined) {
+      if (typeof newInterval !== 'number' || newInterval <= 0 || newInterval > 30) {
+        return createErrorResponse(ErrorCode.INVALID_INPUT, 'Pulse interval must be between 1 and 30 days');
+      }
+    }
+
     const sealService = container.sealService;
     const result = await sealService.pulseSeal(pulseToken, ip, newInterval);
 

app/api/metrics/route.ts

@@ -55,16 +55,12 @@ export async function GET(
           const jitter = Math.floor(Math.random() * 100);
           await new Promise(resolve => setTimeout(resolve, jitter));
 
-          const pulseToken = metadata.isDMS ? (await container.database.getSeal(sealId))?.pulseToken : undefined;
-          const pulseUrl = pulseToken ? `${new URL(request.url).origin}/pulse/${pulseToken}` : undefined;
-          
           return jsonResponse({
             id: sealId,
             isLocked: true,
             unlockTime: metadata.unlockTime,
             timeRemaining: metadata.unlockTime - Date.now(),
             isDMS: metadata.isDMS,
-            pulseUrl,
           });
         }
 

app/api/pulse/route.ts

@@ -61,17 +61,31 @@ export default function CanaryPage() {
         </div>
 
         {/* Info */}
-        <div className="cyber-card p-6 bg-dark-bg/50">
+        <div className="cyber-card p-6 bg-dark-bg/50 mb-6">
           <div className="flex items-start gap-3">
             <AlertTriangle className="w-5 h-5 text-neon-green/60 flex-shrink-0 mt-0.5" />
             <div className="text-sm text-neon-green/60 space-y-2">
-              <p><strong className="text-neon-green">How this works:</strong> This page is automatically generated. If you can see this page, TimeSeal infrastructure is operational and uncompromised.</p>
-              <p><strong className="text-neon-green">What to watch for:</strong> If this page returns an error, shows outdated information, or any checkmark is missing, assume compromise.</p>
-              <p><strong className="text-neon-green">Verification:</strong> This canary updates automatically with each page load. The date above should always be current.</p>
+              <p><strong className="text-neon-green">What is a Warrant Canary?</strong> A warrant canary is a method to inform users that a service has NOT received secret government requests (warrants, subpoenas, gag orders). If the canary disappears or stops updating, it signals potential compromise.</p>
+              <p><strong className="text-neon-green">How this works:</strong> This page is automatically generated on every visit with the current date. No manual updates needed. If you can see this page with today&apos;s date, TimeSeal infrastructure is operational and uncompromised.</p>
+              <p><strong className="text-neon-green">What to watch for:</strong> If this page returns an error, shows outdated information, any checkmark is missing, or the date is not current, assume compromise.</p>
+              <p><strong className="text-neon-green">Why it matters:</strong> Some government requests come with gag orders preventing disclosure. By regularly stating we have NOT received such requests, we can signal compromise by simply stopping updates (which is legal even under gag orders).</p>
+              <p><strong className="text-neon-green">Verification:</strong> Bookmark this page and check it monthly. The date should always be current when you visit.</p>
             </div>
           </div>
         </div>
 
+        {/* Technical Details */}
+        <div className="cyber-card p-6 bg-dark-bg/50">
+          <h3 className="text-lg font-bold text-neon-green mb-4">Technical Implementation</h3>
+          <div className="text-sm text-neon-green/60 space-y-2">
+            <p>• <strong className="text-neon-green">Auto-Generated:</strong> This page is rendered server-side on every request with the current timestamp</p>
+            <p>• <strong className="text-neon-green">No Database:</strong> No stored canary file that could be seized or tampered with</p>
+            <p>• <strong className="text-neon-green">Open Source:</strong> Code is publicly auditable on GitHub</p>
+            <p>• <strong className="text-neon-green">Edge Deployed:</strong> Runs on Cloudflare Workers distributed infrastructure</p>
+            <p>• <strong className="text-neon-green">Legal Compliance:</strong> Stopping updates is legal even under gag orders (we simply don&apos;t make false statements)</p>
+          </div>
+        </div>
+
         {/* Footer */}
         <div className="mt-8 text-center">
           <a href="/" className="text-neon-green/60 hover:text-neon-green text-sm transition-colors">