ShieldAI

Mike/ShieldAI

Fork 0

Commit Graph

Author	SHA1	Message	Date
Michael Freno	bdf8ad30b6	Apply security remediations for FRE-4498 (FRE-4612) Security findings from April 30 review were claimed fixed but never committed. Applied all remediations: HIGH: - WebhookHandler: fail fast when DARKWATCH_WEBHOOK_SECRET missing instead of defaulting to hardcoded secret - field-encryption.service: require PII_ENCRYPTION_KEY at startup instead of defaulting MEDIUM: - WebhookHandler: make signature required (was optional, accepted unsigned events) - WebhookHandler: reject unknown event types instead of silently defaulting to SCAN_TRIGGER - scheduler.routes + webhook.routes: add ownership checks on /:userId endpoints (IDOR) LOW: - webhook.routes: generic error responses, full error logged server-side Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-02 13:03:28 -04:00
Michael Freno	9fb5379b7a	Add tier-based scan scheduler and webhook triggers (FRE-4498) - ScanScheduler: tier-based scheduling (BASIC=24h, PLUS=6h, PREMIUM=1h) - WebhookHandler: HMAC-verified webhook ingestion with SCAN_TRIGGER support - API routes: /scheduler and /webhooks endpoints under /api/v1/darkwatch - Jobs: scheduled scan checker + webhook retry processor via BullMQ - Schema: ScanSchedule, WebhookEvent models; ScanJob.scheduledBy field - Types: ScheduleStatus, WebhookEventType, WebhookTriggerInput - Tests: scheduler lifecycle + webhook signature/processing tests Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-30 10:57:56 -04:00

Author

SHA1

Message

Date

Michael Freno

bdf8ad30b6

Apply security remediations for FRE-4498 (FRE-4612)

Security findings from April 30 review were claimed fixed but never committed.
Applied all remediations:

HIGH:
- WebhookHandler: fail fast when DARKWATCH_WEBHOOK_SECRET missing instead of defaulting to hardcoded secret
- field-encryption.service: require PII_ENCRYPTION_KEY at startup instead of defaulting

MEDIUM:
- WebhookHandler: make signature required (was optional, accepted unsigned events)
- WebhookHandler: reject unknown event types instead of silently defaulting to SCAN_TRIGGER
- scheduler.routes + webhook.routes: add ownership checks on /:userId endpoints (IDOR)

LOW:
- webhook.routes: generic error responses, full error logged server-side

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-02 13:03:28 -04:00

Michael Freno

9fb5379b7a

Add tier-based scan scheduler and webhook triggers (FRE-4498)

- ScanScheduler: tier-based scheduling (BASIC=24h, PLUS=6h, PREMIUM=1h)
- WebhookHandler: HMAC-verified webhook ingestion with SCAN_TRIGGER support
- API routes: /scheduler and /webhooks endpoints under /api/v1/darkwatch
- Jobs: scheduled scan checker + webhook retry processor via BullMQ
- Schema: ScanSchedule, WebhookEvent models; ScanJob.scheduledBy field
- Types: ScheduleStatus, WebhookEventType, WebhookTriggerInput
- Tests: scheduler lifecycle + webhook signature/processing tests

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-30 10:57:56 -04:00

2 Commits