49 Commits

Author	SHA1	Message	Date
Max	f133ca8ff6	feat(drift): add normalizer, chunk assembly, daily digest, Slack interactions, analytics ... - Canonical schema normalizer: cross-provider resource type mapping - Chunked report reassembly via Redis (10min TTL, out-of-order safe) - Daily drift digest worker with Slack Block Kit summary - Slack interactive handler: remediate + accept drift actions - Analytics API: drift trends and health summary - 005_drift_features.sql migration (remediations, acceptances, indexes)	2026-03-03 06:56:44 +00:00
Max	47a64d53fd	fix: align backend API routes with console frontend contract	2026-03-03 06:09:41 +00:00
Protocol dd0c Agent	76715d169e	fix: RLS auth bypass for signup/login flows ... - Add set_config('app.tenant_id') before user INSERT in signup tx - Add 004_auth_rls_fix.sql: permissive SELECT on users/api_keys for auth lookups, INSERT on users with tenant context check - db-setup now runs migrations on every up (idempotent)	2026-03-03 05:38:25 +00:00
Protocol dd0c Agent	1d068c3f75	fix: add maxmem to scrypt params (128MB) ... Node's OpenSSL defaults to 32MB scrypt memory limit but N=65536/r=8/p=1 needs ~64MB. Adds maxmem: 128*1024*1024 to all 5 services' hash and verify functions.	2026-03-03 05:11:37 +00:00
Max Mayfield	5792f95d7c	Fix BMad adversarial security review findings ... Resolves 11 of the 13 findings: - [CRITICAL] SQLi in RLS: replaced SET LOCAL with parameterized set_config() - [CRITICAL] Rate Limiting: installed and registered @fastify/rate-limit in all 5 apps - [CRITICAL] Invite Hijacking: added email verification check to invite lookup - [HIGH] Webhook HMAC: added Fastify rawBody parser to fix JSON.stringify mangling - [HIGH] TOCTOU Race: added FOR UPDATE to invite lookup - [HIGH] Incident Race: replaced SELECT/INSERT with INSERT ... ON CONFLICT - [MEDIUM] Grafana Timing Attack: replaced === with crypto.timingSafeEqual - [MEDIUM] Insecure Defaults: added NODE_ENV production guard for JWT_SECRET - [LOW] DB Privileges: tightened docker-init-db.sh grants (removed ALL PRIVILEGES) - [LOW] Plaintext Invites: tokens are now hashed (SHA-256) before DB storage/lookup - [LOW] Scrypt: increased N parameter to 65536 for stronger password hashing Note: - Finding #4 (Fragmented Identity) requires a unified auth database architecture. - Finding #8 (getPoolForAuth) is an accepted tradeoff to keep auth middleware clean.	2026-03-03 00:14:39 +00:00
Max Mayfield	eb953cdea5	Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks ... Phase 1 (Security Critical): - Auth plugin encapsulation: replaced global addHook with Fastify plugin scope - Removed startsWith URL matching; public routes registered outside auth scope - JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion) - Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead - withTenant() remains primary tenant-scoped query path Phase 2 (Infrastructure): - docker-compose.yml: all secrets via env var substitution (${VAR:-default}) - Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh - .env.example with all configurable secrets - build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded - .gitignore excludes .env files - @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup - CORS_ORIGIN default changed from '*' to 'http://localhost:5173' Phase 3 (Product): - Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id - Signup accepts optional invite_token to join existing tenant - Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue Console: - All 5 product modules wired: drift, alert, portal, cost, run - PageHeader accepts children prop - 71 modules, 70KB gzipped production build All 6 projects compile clean (tsc --noEmit).	2026-03-02 23:53:55 +00:00
Max Mayfield	be3f37cfdd	Fix CRITICAL auth bypass: exact match for login/signup paths ... startsWith('/api/v1/auth/login') allowed any path with that prefix to bypass authentication (e.g. /api/v1/auth/login-anything). Changed to exact path match with query string stripping. Fixed across all 5 products + shared/auth.ts.	2026-03-02 20:35:28 +00:00
Max Mayfield	3be37d1293	Skip auth on /version endpoint (same as /health)	2026-03-02 13:54:46 +00:00
Max Mayfield	5bad2481ae	Add /version endpoint to all products + BUILD_SHA/BUILD_TIME in Dockerfiles	2026-03-02 13:53:15 +00:00
Max Mayfield	c4ec43cb76	Add CI build-push jobs targeting reg.dd0c.net with docker login + deploy	2026-03-02 13:48:10 +00:00
Max Mayfield	18d476f7a0	Target Nas runner (ubuntu-24.04) for build-push jobs — sandbox lacks Docker	2026-03-02 05:32:04 +00:00
Max Mayfield	2df0ce2fff	Trigger CI build+push to populate registry at 192.168.86.11:30095	2026-03-02 05:29:03 +00:00
Max Mayfield	c537022fa8	Add drift report submission + stack deletion endpoints to P2	2026-03-02 05:03:34 +00:00
Max Mayfield	4eda9d7be3	Add .dockerignore to all Node products (skip node_modules/dist/tests in build context)	2026-03-02 04:45:57 +00:00
Max Mayfield	d175c3a6e7	Clean up drift: restore Dockerfile name, remove cache bust artifacts	2026-03-02 04:45:12 +00:00
Max Mayfield	e0b84f5481	Fix drift SET LOCAL: use string interpolation with UUID validation (SET doesn't support params)	2026-03-02 03:59:26 +00:00
Max Mayfield	364e411e69	Nuclear cache bust: rename drift Dockerfile to Dockerfile.v2	2026-03-02 00:14:43 +00:00
Max Mayfield	00aaf1a941	Force drift rebuild: add CACHE_BUST build arg to Dockerfile + docker-compose	2026-03-01 23:06:19 +00:00
Max Mayfield	cbc9e01807	Cache bust: force drift image rebuild to pick up auth middleware	2026-03-01 22:59:34 +00:00
Max Mayfield	81d03c1735	Fix tenant slug collision: append random hex suffix to prevent 23505 on duplicate tenant names	2026-03-01 22:36:21 +00:00
Max Mayfield	e0d3a3c043	Add auth middleware to P2 Drift (signup/login/API keys), remove pino-pretty dev transport	2026-03-01 22:24:18 +00:00
Max Mayfield	362c94af33	Fix Node Dockerfiles: npm ci --include=dev so tsc is available in builder stage	2026-03-01 19:31:44 +00:00
Max Mayfield	1af409ad7e	Trigger P2 CI to pick up the Go sudo fix	2026-03-01 16:55:52 +00:00
Max Mayfield	5346e88331	CI: fix Go agent test by ensuring go mod tidy runs correctly	2026-03-01 07:07:02 +00:00
Max Mayfield	1bafad5a86	CI: add go mod tidy to Go agent workflow to fix missing go.sum	2026-03-01 07:03:51 +00:00
Max Mayfield	d7f771e712	Remove accidental cmd/main.go (real entry is cmd/drift/main.go)	2026-03-01 07:01:44 +00:00
Max Mayfield	bd665ea643	Trigger CI for P1 Rust and P2 Go agent	2026-03-01 06:59:03 +00:00
Max Mayfield	27a89ee2b7	Trigger CI with tsc fix	2026-03-01 06:56:00 +00:00
Max Mayfield	3e68e8871d	Trigger CI for P2-SaaS, P4, P5, P6	2026-03-01 06:52:14 +00:00
Max Mayfield	6403e7a3bf	Move CI workflows to repo root .gitea/workflows/ (Gitea requires root location) ... - 6 per-product CI workflows with path filters - P1: Rust (cargo test + clippy + fmt) - P2: Go agent (go test + vet) + Node SaaS (tsc + npm test) - P3-P6: Node (npm ci + tsc + npm test) - Removed old per-product .gitea dirs (Gitea ignores non-root workflows)	2026-03-01 06:19:42 +00:00
Max Mayfield	b9c480c06b	Copy shared auth migration (002_auth.sql) to P1 route and P2 drift	2026-03-01 06:12:36 +00:00
Max Mayfield	5e0065e73e	Fix P2 SaaS compilation: wire dispatchNotifications correctly, add P1/P2 Dockerfiles ... - P2 processor: use correct dispatchNotifications signature (channels, notification, severity) - P2 processor: pass pool to withTenant, fix implicit any types - P1 Dockerfile: multi-stage Rust build for proxy/api/worker binaries - P2 agent Dockerfile: multi-stage Go build - P2 SaaS package-lock.json generated - All 6 products now compile cleanly	2026-03-01 06:10:21 +00:00
Max Mayfield	b351f2f46b	Implement P2 Resend email + PagerDuty Events v2 + Slack retry backoff ... - Resend: HTML email with drift summary table and CTA button - PagerDuty: Events API v2 with dedup_key, severity mapping, custom_details - Slack: setTimeout retry on 429 rate limit instead of dropping	2026-03-01 05:51:28 +00:00
Max Mayfield	e1b22e5309	Wire up remaining TODO stubs: P3 test notifications, P2 drift notification trigger ... - P3: test notification endpoint now instantiates real Slack/Email/Webhook notifiers - P2: drift processor triggers notification service when drift_score > 0 (non-fatal on failure)	2026-03-01 04:14:26 +00:00
Max Mayfield	2c112b2fb1	Add vitest configs for P2-P6	2026-03-01 03:16:58 +00:00
Max Mayfield	2ceeac1a11	Add P2 SaaS CI, P4 scheduled discovery, P6 agent bridge (Redis pub/sub), Caddyfile ... - P2: Gitea Actions CI for SaaS backend (separate from Go agent CI) - P4: ScheduledDiscovery with Redis distributed lock to prevent concurrent scans - P6: AgentBridge — Redis pub/sub for SaaS↔agent communication (approvals + step results) - Caddyfile: self-hosted reverse proxy with auto-TLS for all 6 products	2026-03-01 03:16:33 +00:00
Max Mayfield	bbbea3519e	Add unit tests for P2 SaaS, P3 notifications, P4 search, P5 ingestion, P6 API ... - P2: nonce validation, severity levels, RLS withTenant - P3: notification dispatcher severity gating, Slack Block Kit emoji mapping - P4: Meilisearch fallback, service CRUD validation, staged update actions - P5: cost ingestion validation, snooze range, optimistic locking - P6: runbook API validation, approval decisions, execution status machine, Slack signature	2026-03-01 03:15:31 +00:00
Max Mayfield	3326d9a714	Add .gitignore files for P2-P6	2026-03-01 03:14:37 +00:00
Max Mayfield	5d67de6486	Add dd0c/drift notifications, infra, CI: Slack Block Kit, Dockerfiles, Gitea Actions ... - Notification service: Slack Block Kit (remediate/accept buttons), webhook delivery, rate limit handling - Dispatcher with severity-based channel filtering - Agent Dockerfile: multi-stage Go build, static binary - SaaS Dockerfile: multi-stage Node build - Fly.io config: scale-to-zero, shared-cpu - Gitea Actions: Go test+vet, Node typecheck+test, cross-compile agent (linux/darwin/windows)	2026-03-01 02:46:47 +00:00
Max Mayfield	e67cef518e	Scaffold dd0c/drift SaaS backend: Fastify, RLS, ingestion, dashboard API ... - Fastify server with Zod validation, pino logging, CORS/helmet - Drift report ingestion endpoint with nonce replay prevention - Dashboard API: stacks list, drift history, report detail, summary stats - PostgreSQL schema with RLS: tenants, users, agent_keys, drift_reports, remediation_actions - withTenant() helper for safe connection pool tenant context management - Config via Zod-validated env vars	2026-03-01 02:45:33 +00:00
Max Mayfield	31cb36fb77	Scaffold dd0c/drift Go agent: CLI, scanner, scrubber, reporter, models ... - cobra CLI: check (one-shot), watch (SQS consumer), version - models: DriftReport, DriftedResource, severity classification (critical/high/medium/low) - scanner: Terraform v4 state parser, resource counter - scrubber: regex + Shannon entropy secret detection (strict/permissive/off modes) - reporter: mTLS HTTP client with nonce replay prevention - tests: severity classification (8 cases), scrubber (AWS keys, RSA, entropy, attributes)	2026-03-01 02:42:53 +00:00
Max Mayfield	72a0f26a7b	Add BMad review epic addendums for all 6 products ... Per-product surgical additions to existing epics (not cross-cutting): - P1 route: 8pts (key redaction, SSE billing, token math, CI runner) - P2 drift: 12pts (mTLS revocation, state lock recovery, pgmq visibility, RLS leak, entropy scrubber) - P3 alert: 10pts (HMAC replay, claim-check, out-of-order correlation, free tier, tenant isolation) - P4 portal: 9pts (partial scan recovery, ownership conflicts, Meilisearch rebuild, VCR freshness, free tier) - P5 cost: 7pts (concurrent baselines, remediation RBAC, Clock interface, property tests, Redis fallback) - P6 run: 15pts (shell AST parsing, canary suite, intervention TTL, streaming audit, crypto signatures) Total: 61 story points across 30 new stories	2026-03-01 02:27:55 +00:00
Max Mayfield	d038cd9c5c	Implement BMad Must-Have Before Launch fixes for all 6 products ... P1: API key redaction, SSE billing leak, token math edge cases, CI runner config P2: mTLS revocation lockout, terraform state lock recovery, RLS pool leak, entropy scrubber, pgmq visibility P3: HMAC replay prevention, cross-tenant negative tests, correlation window edge cases, SQS claim-check, free tier P4: Discovery partial failure recovery, ownership conflict integration test, VCR freshness CI, Meilisearch rebuild, Cmd+K latency P5: Concurrent baseline conflicts, remediation RBAC, Clock interface for governance, 10K property-based runs, Redis panic fallback P6: Cryptographic agent update signatures, streaming audit logs with WAL, shell AST parsing (mvdan/sh), intervention deadlock TTL, canary suite CI gate	2026-03-01 02:14:04 +00:00
Max Mayfield	b24cfa7c0d	BMad code reviews complete for all 6 products ... P1 route: Gemini — 'Ship the proxy, stop writing tests for the tests' P2 drift: Gemini — mTLS revocation, state lock corruption, RLS pool leak P3 alert: Gemini — replay attacks, trace propagation, SQS claim-check P4 portal: Manual — discovery reliability is existential risk P5 cost: Manual — concurrent baselines, remediation RBAC, pricing staleness P6 run: Gemini — policy update loophole, AST parsing, audit streaming	2026-03-01 02:09:19 +00:00
Max Mayfield	c3bafa238a	Add dual-mode deployment addendums for all 6 products ... P1 route: 16 pts (template, full docker-compose + install script) P2 drift: 17 pts (pgmq, local CA for mTLS) P3 alert: 19 pts (Lambda→Fastify, DynamoDB→PG JSONB) P4 portal: 18 pts (Step Functions→cron, Aurora→PG+pgvector) P5 cost: 19 pts (EventBridge→agent/polling, DynamoDB→PG JSONB) P6 run: 15 pts (easiest — already PG-native, no AWS deps in core) Total self-hosted effort: ~104 story points across all 6 products	2026-03-01 02:00:00 +00:00
Max Mayfield	4938674c20	Phase 3: BDD acceptance specs for P2 (drift), P3 (alert), P6 (run) ... P2: 2,245 lines, 10 epics — Sonnet subagent (8min) P3: 1,653 lines, 10 epics — Sonnet subagent (6min) P6: 2,303 lines, 262 scenarios, 10 epics — Sonnet subagent (7min) P4 (portal) still in progress	2026-03-01 01:54:35 +00:00
Max Mayfield	03bfe931fc	Implement review remediation + PLG analytics SDK ... - All 6 test architectures patched with Section 11 addendums - P5 (cost) fully rewritten from 232 to ~600 lines - PLG brainstorm + party mode advisory board results - Analytics SDK v2 (PostHog Cloud, Zod strict, Lambda-safe) - Analytics tests v2 (safeParse, no , no timestamp, no PII) - Addresses all Gemini review findings across P1-P6	2026-03-01 01:42:49 +00:00
Max Mayfield	2fe0ed856e	Add Gemini TDD reviews for all 6 products ... P1, P2, P3, P4, P6 reviewed by Gemini subagents. P5 reviewed manually (Gemini credential errors). All reviews flag coverage gaps, anti-patterns, and Transparent Factory tenet gaps.	2026-03-01 00:29:24 +00:00
Max Mayfield	5ee95d8b13	dd0c: full product research pipeline - 6 products, 8 phases each ... Products: route, drift, alert, portal, cost, run Phases: brainstorm, design-thinking, innovation-strategy, party-mode, product-brief, architecture, epics (incl. Epic 10 TF compliance), test-architecture (TDD strategy) Brand strategy and market research included.	2026-02-28 17:35:02 +00:00