ShieldAI

Mike/ShieldAI

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Freno	3192d1a779	Fix JWT security issues in signaling and alert servers (FRE-4497) - Replace custom JWT parser with jsonwebtoken library (timing-safe HMAC) - Prefer Authorization header over URL query for token extraction - Add jsonwebtoken + @types/jsonwebtoken to server dependencies Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-01 09:04:28 -04:00
Michael Freno	ec4565f44c	Implement WebRTC real-time call analysis with security hardening (FRE-4497) - signaling-server.ts: JWT auth, origin validation, JSON schema validation, crypto.randomBytes peer IDs, message size limits, idle timeout, graceful shutdown - alert-server.ts: JWT auth enabled by default, non-empty jwtSecret from env, origin allowlist, per-subscriber callId filtering, bounded alert history with TTL, alert cooldown, graceful shutdown with timeout - call-analysis-engine.ts: Bounded eventBuffer/anomalyBuffer with FIFO eviction, real quality metrics from signal properties, configurable buffer sizes - audio-stream-capture.ts: Proper destroy() lifecycle with awaited stop(), AudioWorklet support with ScriptProcessorNode fallback, bounded frame buffers - Added ws dependency and server tsconfig Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-30 16:49:53 -04:00

Author

SHA1

Message

Date

Michael Freno

3192d1a779

Fix JWT security issues in signaling and alert servers (FRE-4497)

- Replace custom JWT parser with jsonwebtoken library (timing-safe HMAC)
- Prefer Authorization header over URL query for token extraction
- Add jsonwebtoken + @types/jsonwebtoken to server dependencies

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-01 09:04:28 -04:00

Michael Freno

ec4565f44c

Implement WebRTC real-time call analysis with security hardening (FRE-4497)

- signaling-server.ts: JWT auth, origin validation, JSON schema validation,
  crypto.randomBytes peer IDs, message size limits, idle timeout, graceful shutdown
- alert-server.ts: JWT auth enabled by default, non-empty jwtSecret from env,
  origin allowlist, per-subscriber callId filtering, bounded alert history with TTL,
  alert cooldown, graceful shutdown with timeout
- call-analysis-engine.ts: Bounded eventBuffer/anomalyBuffer with FIFO eviction,
  real quality metrics from signal properties, configurable buffer sizes
- audio-stream-capture.ts: Proper destroy() lifecycle with awaited stop(),
  AudioWorklet support with ScriptProcessorNode fallback, bounded frame buffers
- Added ws dependency and server tsconfig

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-30 16:49:53 -04:00

2 Commits