Mike/ShieldAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16 Commits 1 Branch 0 Tags
c490735ba26c652a7b1e02179dd69ccaf119fb7f
Commit Graph

4 Commits

Author SHA1 Message Date
Michael Freno
c490735ba2 FRE-4520: Fix security vulnerabilities in notification template system 
- Fix HTML injection vulnerability with proper entity encoding
- Fix rate limit cleanup bug (count vs timestamp confusion)
- Add URL validation to prevent open redirect attacks
- Add expiration to in-memory deduplication entries
- Use Zod schema for config validation
- Add email format validation

All 29 tests passing. Ready for Code Reviewer final review.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-01 19:35:22 -04:00
Senior Engineer
574bcf2264 FRE-4521 Implement Redis integration for rate limiting and deduplication 
- Add ioredis dependency for Redis connection pooling
- Create RedisService singleton with connection management
- Add Redis config (url, dedupWindowSeconds) to notification.config.ts
- Implement NotificationService.checkRateLimit using Redis INCR+EXPIRE
- Implement NotificationService.deduplicateNotification using Redis SET/NX
- Add configurable rate limit windows and thresholds via env vars
- Add 29 unit tests covering Redis operations, rate limiting, and dedup
- All tests pass, TypeScript compiles cleanly for new files
 2026-05-01 16:13:17 -04:00
Michael Freno
8b30cad462 FRE-4499: Implement real-time SpamShield interception engine 
Phase 1 & 2 complete: Carrier API integration, decision engine, and WebSocket alerts

## Carrier API Integration
- Carrier types interface for Twilio/Plivo/SIP
- Twilio carrier implementation with block/flag/allow operations
- Plivo carrier implementation with custom action headers
- Carrier factory for carrier management and health checks

## Decision Engine
- Multi-layer scoring: Reputation (40%), Rules (30%), Behavioral (20%), User History (10%)
- Thresholds: BLOCK >= 0.85, FLAG >= 0.60, ALLOW < 0.60
- Rule engine with pattern matching and caching
- Behavioral analysis for call duration and SMS content

## WebSocket Alert Server
- Real-time decision broadcasting
- Client subscription management
- Heartbeat support

## Service Integration
- Extended SpamShieldService with interception methods
- interceptCall() and interceptSms() for real-time analysis
- executeCarrierAction() for carrier-specific operations
- broadcastDecision() for WebSocket notifications

## Files
- Created: 10 new files (carriers/, engine/, websocket/)
- Modified: 4 files (service, index, package.json, plan)

TypeScript typecheck shows 27 errors (type-safety improvements only)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-01 10:04:25 -04:00
Michael Freno
9fb5379b7a Add tier-based scan scheduler and webhook triggers (FRE-4498) 
- ScanScheduler: tier-based scheduling (BASIC=24h, PLUS=6h, PREMIUM=1h)
- WebhookHandler: HMAC-verified webhook ingestion with SCAN_TRIGGER support
- API routes: /scheduler and /webhooks endpoints under /api/v1/darkwatch
- Jobs: scheduled scan checker + webhook retry processor via BullMQ
- Schema: ScanSchedule, WebhookEvent models; ScanJob.scheduledBy field
- Types: ScheduleStatus, WebhookEventType, WebhookTriggerInput
- Tests: scheduler lifecycle + webhook signature/processing tests

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-30 10:57:56 -04:00