Mike/Kordant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
97 Commits 1 Branch 0 Tags
7fb8b83810f85e259331b26a782eb2c60a1124aa
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Founding Engineer 7fb8b83810 Fix open redirect in Stripe customer portal returnUrl (FRE-5399) 
- Add isValidReturnUrl validation at route level for fast rejection
- Add defense-in-depth validation in BillingService.createCustomerPortalSession
- Fix isValidReturnUrl bug: origin comparison was never reached due to
  incorrect protocol check, allowing substring attacks (e.g., app.shieldai.com.evil.com)
- Export isValidReturnUrl from shared-billing package index
- Add unit tests for all attack vectors

Files changed:
- packages/api/src/routes/subscription.routes.ts
- packages/shared-billing/src/services/billing.service.ts
- packages/shared-billing/src/config/billing.config.ts
- packages/shared-billing/src/index.ts
- packages/shared-billing/src/__tests__/billing.config.test.ts
2026-05-17 05:39:13 -04:00
.github/workflows
FRE-4807: Fix ci.yml Medium findings — SHA256 verification and API_TOKEN validation
2026-05-13 15:06:56 -04:00
.turbo/cache
Fix 3 Code Review findings on FRE-4574
2026-05-10 07:09:39 -04:00
assets/ads
assets, move memories to proper location
2026-05-14 07:36:23 -04:00
docs
docs: Add Mixpanel analytics configuration and documentation
2026-05-14 22:38:10 -04:00
examples
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
infra
Update ROLLBACK.md with review completion (FRE-4808)
2026-05-12 01:11:59 -04:00
load-tests
Fix FRE-4928 P1 review findings: setup() data passing, EXIT_CODE capture
2026-05-12 14:41:35 -04:00
packages
Fix open redirect in Stripe customer portal returnUrl (FRE-5399)
2026-05-17 05:39:13 -04:00
plans
assets, move memories to proper location
2026-05-14 07:36:23 -04:00
scripts
Implement GA4 service with Measurement Protocol calls FRE-5280
2026-05-14 09:22:36 -04:00
server
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
services
Fix FRE-5402: Add missing @shieldai/removebrokers dependency and fix compilation blockers
2026-05-17 03:07:22 -04:00
.env.example
docs: Add Mixpanel analytics configuration and documentation
2026-05-14 22:38:10 -04:00
.env.prod.example
Add tier-based scan scheduler and webhook triggers (FRE-4498)
2026-04-30 10:57:56 -04:00
.gitignore
FRE-5006: VoicePrint quality improvements
2026-05-10 12:06:16 -04:00
check-identity.js
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
docker-compose.prod.yml
feat: integrate Datadog APM + Sentry error tracking with CloudWatch metrics FRE-4806
2026-05-10 02:15:11 -04:00
docker-compose.yml
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
Dockerfile
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
drizzle.config.ts
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
index.html
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
package-lock.json
Add tier-based scan scheduler and webhook triggers (FRE-4498)
2026-04-30 10:57:56 -04:00
package.json
feat: integrate Datadog APM + Sentry error tracking with CloudWatch metrics FRE-4806
2026-05-10 02:15:11 -04:00
pnpm-lock.yaml
FRE-5006: VoicePrint quality improvements
2026-05-10 12:06:16 -04:00
pnpm-workspace.yaml
FRE-4533: Merge apps/{api,web,mobile} and shared-db into ShieldAI repo
2026-05-02 10:19:11 -04:00
shieldai-workflow.md
fix: address Code Reviewer findings for Datadog/Sentry integration FRE-4806
2026-05-10 16:02:18 -04:00
test-classifier.ts
FRE-4517, FRE-4499: Complete SpamShield implementation and billing updates
2026-05-01 19:53:19 -04:00
test-maxpayload.ts
Fix 3 Code Review findings on FRE-4574
2026-05-10 07:09:39 -04:00
test-ws-maxpayload2.js
Fix 3 Code Review findings on FRE-4574
2026-05-10 07:09:39 -04:00
test-ws-maxpayload.js
Fix 3 Code Review findings on FRE-4574
2026-05-10 07:09:39 -04:00
tsconfig.base.json
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
tsconfig.json
FRE-4471: Scaffold DarkWatch MVP — monorepo, schema, services, API routes, tests
2026-04-29 09:47:45 -04:00
turbo.json
FRE-4474 Phase 5: Verify and resolve security review findings for SpamShield and Cross-Service Correlation
2026-05-02 18:36:29 -04:00
vite.config.ts
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
vitest.config.ts
FRE-4529: Transfer ShieldAI code from FrenoCorp repo
2026-05-02 10:13:13 -04:00
Description
No description provided
412 MiB
Languages
TypeScript 52.3%
Kotlin 35.5%
Swift 9%
Shell 1.5%
JavaScript 0.5%
Other 1.2%