Kordant

Mike/Kordant

Fork 0

Commit Graph

Author	SHA1	Message	Date
Senior Engineer	fb82dc68d7	Fix CORS origin trimming, unused import, and fragile error handling (FRE-4749) - P2: Add .map(s => s.trim()) to trim whitespace from comma-separated ALLOWED_ORIGINS - P3: Remove unused setSentryUser import from @shieldai/monitoring - P3: Replace fragile string prefix matching with boolean isValidProtocol sentinel Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-10 02:58:02 -04:00
Senior Engineer	a10ef7eb70	Harden CORS origin validation in production (FRE-4749) - Add ALLOWED_ORIGINS env var with comma-separated origin list - Validate origins at startup in production: reject wildcards, empty values, and malformed URLs (non-http/https protocol) - Update both server entry points (server.ts, index.ts) to use getCorsOrigins() - Development mode retains existing localhost fallback behavior Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-09 11:48:33 -04:00
Michael Freno	e704a9074a	FRE-4533: Merge apps/{api,web,mobile} and shared-db into ShieldAI repo Merge FrenoCorp apps into ShieldAI packages/: - packages/api: merged routes (notifications), middleware (auth, rate-limit, error, logging), config, services (darkwatch, spamshield, voiceprint), tests - packages/web: new SolidJS web app stub - packages/mobile: new SolidJS mobile app stub - packages/shared-db: new Prisma DB package (separate from existing packages/db) - pnpm-workspace.yaml: restored (apps/* removed, already covered by packages/*) Next: reconcile packages/shared-db with packages/db, and fix server.ts correlationRoutes import	2026-05-02 10:19:11 -04:00

Author

SHA1

Message

Date

Senior Engineer

fb82dc68d7

Fix CORS origin trimming, unused import, and fragile error handling (FRE-4749)

- P2: Add .map(s => s.trim()) to trim whitespace from comma-separated ALLOWED_ORIGINS
- P3: Remove unused setSentryUser import from @shieldai/monitoring
- P3: Replace fragile string prefix matching with boolean isValidProtocol sentinel

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-10 02:58:02 -04:00

Senior Engineer

a10ef7eb70

Harden CORS origin validation in production (FRE-4749)

- Add ALLOWED_ORIGINS env var with comma-separated origin list
- Validate origins at startup in production: reject wildcards, empty values,
  and malformed URLs (non-http/https protocol)
- Update both server entry points (server.ts, index.ts) to use getCorsOrigins()
- Development mode retains existing localhost fallback behavior

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-05-09 11:48:33 -04:00

Michael Freno

e704a9074a

FRE-4533: Merge apps/{api,web,mobile} and shared-db into ShieldAI repo

Merge FrenoCorp apps into ShieldAI packages/:
- packages/api: merged routes (notifications), middleware (auth, rate-limit, error, logging), config, services (darkwatch, spamshield, voiceprint), tests
- packages/web: new SolidJS web app stub
- packages/mobile: new SolidJS mobile app stub
- packages/shared-db: new Prisma DB package (separate from existing packages/db)
- pnpm-workspace.yaml: restored (apps/* removed, already covered by packages/*)

Next: reconcile packages/shared-db with packages/db, and fix server.ts correlationRoutes import

2026-05-02 10:19:11 -04:00

3 Commits