fix(metablogizer): Auto-sync mitmproxy routes on HAProxy reload

Upload workflow now works without needing to unpublish/expose again.
The reload_haproxy() function now calls mitmproxyctl sync-routes to
ensure mitmproxy picks up new routes immediately after vhost creation.

Root cause: Upload created HAProxy vhost and mitmproxy route file entry,
but mitmproxy never received a reload signal to activate the route.
Running emancipate fixed it because it called mitmproxyctl sync-routes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/HISTORY.md

@@ -3199,3 +3199,35 @@ git checkout HEAD -- index.html
     - **Files:**
       - `luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer`
       - `secubox-app-haproxy/files/usr/sbin/haproxyctl`
+
+40. **ZKP Hamiltonian Cryptographic Library (2026-02-24)**
+    - Created `zkp-hamiltonian` package implementing Zero-Knowledge Proofs based on Hamiltonian Cycle problem (Blum 1986).
+    - **Cryptographic Implementation:**
+      - SHA3-256 commitments via OpenSSL EVP API
+      - Fiat-Shamir heuristic for NIZK transformation
+      - Fisher-Yates shuffle for uniform random permutations
+      - Constant-time memory comparison (timing attack resistant)
+      - Secure memory zeroing with compiler barrier
+    - **Library API:**
+      - `zkp_prove()` - Generate NIZK proof of Hamiltonian cycle knowledge
+      - `zkp_verify()` - Verify proof (stateless, O(n²))
+      - `zkp_generate_graph()` - Generate random graphs with guaranteed Hamiltonian cycle
+      - `zkp_serialize_*()` / `zkp_deserialize_*()` - Binary serialization (big-endian, portable)
+    - **CLI Tools:**
+      - `zkp_keygen` - Generate graph + Hamiltonian cycle (prover secret)
+      - `zkp_prover` - Create proof from graph + key
+      - `zkp_verifier` - Verify proof against graph
+    - **Test Coverage:**
+      - 41 tests across 4 test suites (crypto, graph, protocol, serialize)
+      - Completeness, soundness, tamper detection, anti-replay verification
+    - **Specifications:**
+      - C99, targets OpenWrt ARM64 (MochaBin Cortex-A72)
+      - Graph size: 4-50 nodes (configurable MAX_N=50)
+      - Proof size: ~160KB for n=50
+    - **Files:**
+      - `zkp-hamiltonian/src/{zkp_crypto,zkp_graph,zkp_prove,zkp_verify,zkp_serialize}.c`
+      - `zkp-hamiltonian/include/{zkp_hamiltonian,zkp_crypto,zkp_graph,zkp_types}.h`
+      - `zkp-hamiltonian/tools/{zkp_keygen,zkp_prover,zkp_verifier}.c`
+      - `zkp-hamiltonian/tests/{test_crypto,test_graph,test_protocol,test_serialize}.c`
+      - `zkp-hamiltonian/CMakeLists.txt`
+    - **Commit:** `65539368 feat(zkp-hamiltonian): Add Zero-Knowledge Proof library based on Hamiltonian Cycle`

.claude/WIP.md

@@ -866,6 +866,14 @@ _Last updated: 2026-02-24 (Service Stability Fixes)_
 
 ### Just Completed (2026-02-24)
 
+- **ZKP Hamiltonian Library** — DONE (2026-02-24)
+  - Zero-Knowledge Proof implementation based on Hamiltonian Cycle (Blum 1986)
+  - NIZK via Fiat-Shamir heuristic, SHA3-256 commitments (OpenSSL)
+  - Complete library: prove/verify/serialize + CLI tools (keygen/prover/verifier)
+  - 41 tests passing: completeness, soundness, tamper detection, anti-replay
+  - C99 targeting OpenWrt ARM64, CMake build system
+  - Commit: 65539368
+
 - **Service Stability & LED Pulse Fix** — DONE (2026-02-24)
   - CrowdSec autostart: Fixed machine registration mismatch, downloaded GeoLite2-City.mmdb
   - LED pulse: Fixed HAProxy check to run on host instead of non-existent LXC container

package/secubox/luci-app-metablogizer/root/usr/libexec/rpcd/luci.metablogizer

@@ -101,6 +101,13 @@ reload_haproxy() {
 		[ -d /opt/haproxy/config ] && cp "$src_cfg" /opt/haproxy/config/haproxy.cfg 2>/dev/null
 	fi
 
+	# Sync mitmproxy routes from HAProxy config and trigger reload
+	# This ensures WAF routing is properly configured for new vhosts
+	if command -v mitmproxyctl >/dev/null 2>&1; then
+		mitmproxyctl sync-routes >/dev/null 2>&1
+		logger -t metablogizer "Synced mitmproxy routes"
+	fi
+
 	# Reload HAProxy
 	if [ -x /etc/init.d/haproxy ]; then
 		/etc/init.d/haproxy reload >/dev/null 2>&1