Replace Antminer plugin with ASIC-RS

[ankitgoswami]

Summary

• Remove the Go Antminer plugin and make plugin/asicrs the stock Antminer driver.
• Pin ASIC-RS dependencies to upstream master commit 43d706ef31aa154f8bea0bd7ef8e81caa9cbe491 and enable stock Antminer support.
• Implement ASIC-RS stock Antminer maintenance RPCs for logs download, miner password update, and firmware update.
• Add migration 000087 to move active driver_name = 'antminer' discovered devices to asicrs and normalize stock Antminer discovery port from 4028 to 80.
• Remove Antminer plugin build/install/runtime references and update docs, fixtures, and contract tests.
• Address review feedback by exercising the real migration files, verifying current-password changes, bounding/paging log downloads, avoiding duplicate firmware payloads, and building a native contract-test ASIC-RS plugin.

Test Plan

• cargo check in plugin/asicrs
• cargo test in plugin/asicrs
• just rebuild-plugin asicrs
• just test-contract
• DB_PASSWORD=fleet go test ./internal/domain/stores/sqlstores -run TestMigration000087_MigratesPairedAntminerDiscoveredDevicesToAsicrs -count=1
• go test ./internal/domain/plugins -count=1
• go test ./cmd/fleetnode ./internal/domain/plugins ./internal/domain/telemetry
• go test ./internal/domain/miner -run 'TestEffectiveCapabilitiesForDevice'
• go test ./internal/domain/fleetmanagement -run 'TestListMinerStateSnapshots_PopulatesSiteIDAndLabel'
• go test ./internal/domain/pairing -run 'TestHandleAuthenticationRequiredPairing|TestCanonicalCIDR|TestMergeAutoDiscoveryTargets|TestResolveNmapTargets|TestValidateNmapTargets|TestShouldSkipNetworkOrGatewayAddress'
• go test ./internal/domain/command -run 'TestUpdateMinerPassword|TestCapability|TestHasAnyCapability'
• go work sync
• git diff --check
• Real-miner smoke testing still needs hardware plus a controlled maintenance window.

[github-actions]

🔐 Codex Security Review

Note: This is an automated security-focused code review generated by Codex.
It should be used as a supplementary check alongside human review.
False positives are possible - use your judgment.

Scope summary

• Reviewed pull request diff only (31ded4e115e27faf7b59672672002712d4feab1d...0ac71af0ba4295aba5cde5b046ddb53bfa85e137, exact PR three-dot diff)
• Model: gpt-5.5

💡 Click "edited" above to see previous reviews for this PR.

---

Review Summary

Overall Risk: MEDIUM

Findings

[MEDIUM] Stock Antminer Firmware Upload Uses the Wrong Multipart Field

• Category: Plugin
• Location: plugin/asicrs/src/device.rs:1013
• Description: The new stock Antminer fallback posts the firmware image as multipart field firmware. The removed Go Antminer uploader used field file, which is the established CGI contract for /cgi-bin/upgrade.cgi. The new mock accepts upgrade requests without validating the multipart field, so this can pass contract tests while real miners reject the upload.
• Impact: Firmware updates for migrated stock Antminers can fail in production, leaving the command queue reporting failures for an important maintenance operation.
• Recommendation: Use the legacy file multipart field for stock Antminer uploads, or explicitly support both only if verified against real firmware. Update the contract mock to require digest auth and validate the multipart field name.

[MEDIUM] Firmware Upload Buffers Large Images and Error Bodies in Memory

• Category: Reliability
• Location: plugin/asicrs/src/device.rs:923
• Description: FirmwareImage::from_file_async reads the full firmware file into memory before upload, and the allowed size is 500 MB. The same path later reads the entire HTTP response body with .text() before returning errors.
• Impact: A large firmware update, parallel updates, or a miner returning a large error body can cause substantial memory pressure or OOM the asicrs plugin process.
• Recommendation: Stream firmware from tokio::fs::File into the multipart body instead of materializing it as bytes, and cap response bodies used for error messages to a small fixed size.

[MEDIUM] Log Download Caps gRPC Pages but Not Total Log Memory

• Category: Reliability
• Location: plugin/asicrs/src/device.rs:824
• Description: The plugin reads the complete miner log string before chunking it to 512 KiB pages. Oversized remainders are retained in log_batches, and the server wrapper concatenates paged responses before saving.
• Impact: A malicious or faulty miner can return very large logs and force high memory use in both the plugin and Fleet server, potentially disrupting telemetry and command execution.
• Recommendation: Enforce a total byte limit before retaining or returning logs, add TTL/size accounting for continuation batches, and prefer streaming directly to the log file sink rather than concatenating all pages in memory.

Notes

No hardcoded wallet, payout address, or pool hijack logic was found in the reviewed diff. No new SQL injection or authentication bypass findings stood out in the changed hunks.

---

_{Generated by Codex Security Review |
Triggered by: @ankitgoswami |
Review workflow run}