5 Commits

Author	SHA1	Message	Date
Max	f1f4dee7ab	feat(cost): add zombie hunter, Slack interactions, composite scoring ... - Zombie resource hunter: detects idle EC2/RDS/EBS/EIP/NAT resources - Slack interactive handler: acknowledge, snooze, create-ticket actions - Composite anomaly scorer: Z-Score + rate-of-change + pattern + novelty - Cold-start fast path for new resources (<7 days data) - 005_zombies.sql migration	2026-03-03 06:39:20 +00:00
Protocol dd0c Agent	76715d169e	fix: RLS auth bypass for signup/login flows ... - Add set_config('app.tenant_id') before user INSERT in signup tx - Add 004_auth_rls_fix.sql: permissive SELECT on users/api_keys for auth lookups, INSERT on users with tenant context check - db-setup now runs migrations on every up (idempotent)	2026-03-03 05:38:25 +00:00
Max Mayfield	eb953cdea5	Security hardening: auth encapsulation, pool restriction, rate limiting, invites, async webhooks ... Phase 1 (Security Critical): - Auth plugin encapsulation: replaced global addHook with Fastify plugin scope - Removed startsWith URL matching; public routes registered outside auth scope - JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion) - Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead - withTenant() remains primary tenant-scoped query path Phase 2 (Infrastructure): - docker-compose.yml: all secrets via env var substitution (${VAR:-default}) - Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh - .env.example with all configurable secrets - build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded - .gitignore excludes .env files - @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup - CORS_ORIGIN default changed from '*' to 'http://localhost:5173' Phase 3 (Product): - Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id - Signup accepts optional invite_token to join existing tenant - Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue Console: - All 5 product modules wired: drift, alert, portal, cost, run - PageHeader accepts children prop - 71 modules, 70KB gzipped production build All 6 projects compile clean (tsc --noEmit).	2026-03-02 23:53:55 +00:00
Max Mayfield	5ee869b9d8	Implement auth: login/signup (scrypt), API key generation, shared migration ... - Login: email + password lookup, scrypt verify, JWT token - Signup: create tenant + owner user in transaction, slug generation - API key: dd0c_ prefix, SHA-256 hash (not bcrypt — faster for API key lookups), prefix index - Scrypt over bcrypt: zero native deps, Node.js built-in crypto - Auth routes skip JWT middleware (login/signup are public) - 002_auth.sql: users + api_keys tables with RLS, copied to all products - Synced auth middleware to P3/P4/P5/P6	2026-03-01 03:19:18 +00:00
Max Mayfield	57e7083986	Scaffold dd0c/run: Rust agent (classifier, executor, audit) + TypeScript SaaS ... - Rust agent: clap CLI, command classifier (read-only/modifying/destructive), executor with approval gates, audit log entries - Classifier: pattern-based safety classification for shell, AWS, kubectl, terraform/tofu commands - 6 Rust tests: read-only, destructive, modifying, empty, terraform apply, tofu destroy - SaaS backend: Fastify server, runbook CRUD API, approval API, Slack interactive handler - Slack integration: signature verification, block_actions for approve/reject buttons - PostgreSQL schema with RLS: runbooks, executions, audit_entries (append-only), agents - Dual Dockerfiles: Rust multi-stage (agent), Node multi-stage (SaaS) - Gitea Actions CI: Rust test+clippy, Node typecheck+test - Fly.io config for SaaS	2026-03-01 03:03:29 +00:00