Mike/FrenoCorp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
195 Commits 2 Branches 0 Tags
0cc005414dd19b77dc8a4b608a0a481b4ea1051f
Commit Graph

10 Commits

Author SHA1 Message Date
Michael Freno
35d004cde3 Auto-commit 2026-05-02 09:37 2026-05-02 09:37:34 -04:00
Michael Freno
b7600fa937 FRE-4511: Add audit trail logging for spam classification decisions 
Integrates spamAuditLogger into SMSClassifierService.classify() and
CallAnalysisService.analyzeCall(). Each decision logs:
- Classification type (sms/call), phone hash, decision, confidence
- Feature flags active at time of classification
- Decision rationale (feature list for SMS, reason codes for calls)

Audit entries are queryable via spamAuditLogger.getEntries() with
filters for type, decision, date range, and limit. Summary stats
available via getSummary().

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-30 23:15:08 -04:00
Michael Freno
ccf0879a4e FRE-4498: Remediate security findings from review 
Fix 2 HIGH, 3 MEDIUM, 2 LOW findings:
- HIGH: Webhook secret now returns false (not true) when env var missing
- HIGH: PII encryption key file not on this branch (was diff worktree)
- MEDIUM: Webhook signature now required (was optional)
- MEDIUM: Unknown source types now logged with warning
- MEDIUM: Scheduler routes already validate subscription ownership via authed()
- LOW: Webhook error response now returns generic message
- LOW: Job IDs use randomUUID() instead of Date.now()

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-30 14:43:58 -04:00
Michael Freno
2b7ff938da Fix SMSClassifierService initialization race condition (FRE-4509) 
Add promise-based lazy initialization via ensureInitialized() to deduplicate
concurrent initialize() calls. Concurrent callers now await the same
initialization promise instead of each triggering a separate load.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-29 22:25:39 -04:00
Michael Freno
3aead0d7bb Implement Redis rate limiting middleware for spam endpoints (FRE-4507) 
- Add ioredis dependency to API package
- Create Redis connection utility (apps/api/src/config/redis.ts)
- Create Redis-backed spam rate limit middleware with per-minute and daily limits
- Create spam classification routes (SMS, number reputation, call analysis, feedback)
- Register middleware and routes in API server
- Add 7 passing tests for rate limit enforcement
- Update vitest config with required env vars

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-29 20:54:39 -04:00
Michael Freno
7928465a58 FRE-4510: Add voiceprint feature flag support 
- Create voiceprint.feature-flags.ts to re-export checkFlag
- Update voiceprint.config.ts to use checkFlag for all flags
- Update voiceprint.service.ts to import checkFlag
- Ensure voiceprint services respect feature flags
 2026-04-29 18:31:14 -04:00
Michael Freno
ece783713e FRE-4510: Implement feature flag checks for spam classification 
- Create centralized feature flag management system (feature-flags.ts)
- Add 15 feature flags across SpamShield, VoicePrint, and Platform categories
- Update spamshield.config.ts to use checkFlag() for all flags
- Add feature flag checks to all spamshield.service.ts methods:
  * NumberReputationService.checkReputation()
  * NumberReputationService.checkMultiSource()
  * SMSClassifierService.classify()
  * CallAnalysisService.analyzeCall()
  * SpamFeedbackService.recordFeedback()
- Update index.ts exports to include feature flag utilities
- Flags support runtime updates via FLAG_<KEY> environment variables

Flags implemented:
- SpamShield: enableNumberReputation, enableContentClassification,
  enableBehavioralAnalysis, enableCommunityIntelligence,
  enableRealTimeBlocking, enableMultipleSources, enableMLClassifier
- VoicePrint: enableMLService, enableFAISSIndex, enableBatchAnalysis,
  enableRealtimeAnalysis, enableMockModel
- Platform: enableAuditLogs, enableKPITracking
 2026-04-29 18:16:47 -04:00
Michael Freno
0495ee5bd2 Auto-commit 2026-04-29 16:31 2026-04-29 16:31:27 -04:00
Michael Freno
e8687bb6b2 FRE-4495: Set up notification infrastructure (email, push, SMS) 
- Created shared-notifications package with multi-channel support
- Implemented EmailService with Resend integration
- Implemented PushService with FCM/APNs support
- Implemented SMSService with Twilio integration
- Added NotificationService to orchestrate all channels
- Created notification types, configuration, and routes
- Added rate limiting and delivery tracking support
- Configured notification preferences management

Files:
- packages/shared-notifications/src/{types,config,services}/*.ts
- packages/shared-notifications/package.json
- apps/api/src/routes/notifications.routes.ts
- apps/api/package.json (updated dependencies)
 2026-04-29 10:17:03 -04:00
Michael Freno
e958b7031b FRE-4493: Implement API gateway with rate limiting and routing 
- Add Fastify-based API server entry point
- Implement tier-based rate limiting middleware (basic/plus/premium)
- Add authentication middleware (JWT + API key support)
- Create error handling middleware with standardized responses
- Add request/response logging with request IDs
- Configure CORS and security headers
- Implement API route structure with health check and service discovery
- Set up API versioning configuration

Files: apps/api/src/{index.ts,middleware/*.ts,routes/index.ts}
 2026-04-29 09:40:16 -04:00