Senior Engineer 91e4985a8e FRE-4474 Phase 5: Verify and resolve security review findings for SpamShield and Cross-Service Correlation ...

- FRE-4499 (SpamShield): Verified 6 security fixes (2 High, 4 Medium)
  - S01: Pre-compiled regex in RuleEngine (ReDoS fix)
  - S02: SmsClassifier accepts senderPhoneNumber context
  - S03: AlertServer JWT auth + origin validation
  - S04: SHA-256 phone hashing (PII protection)
  - S05: DecisionEngine timeout enforcement via Promise.race
  - S06: CarrierFactory.getAllCarriers properly async/await

- FRE-4500 (Correlation): Verified 7 security fixes (2 Critical, 2 High, 2 Medium, 1 Low)
  - C1: Ingest endpoints auth via request.user.id
  - C2: IDOR protection on group endpoints (userId filter)
  - H3: JWT middleware registered in server.ts
  - H4: Fastify schema validation on all routes
  - M6: Payload sanitization with depth limit and circular ref detection
  - L7: CORS origin restricted to env var

- Resolved liveness incidents FRE-4652 and FRE-4654
- All Phase 5 child issues now complete

2026-05-02 18:36:29 -04:00

..

src

Add cross-service alert correlation system FRE-4500

2026-05-02 01:10:44 -04:00

test

FRE-4520: Add unit tests for notification template system

2026-05-01 10:08:48 -04:00

package-lock.json

FRE-4517, FRE-4499: Complete SpamShield implementation and billing updates

2026-05-01 19:53:19 -04:00

package.json

FRE-4474 Phase 5: Verify and resolve security review findings for SpamShield and Cross-Service Correlation

2026-05-02 18:36:29 -04:00

SECURITY_REMEDIATION.md

FRE-4520: Fix security vulnerabilities in notification template system

2026-05-01 19:35:22 -04:00

tsconfig.json

Add tier-based scan scheduler and webhook triggers (FRE-4498)

2026-04-30 10:57:56 -04:00

vitest.config.ts

FRE-4474 Phase 5: Verify and resolve security review findings for SpamShield and Cross-Service Correlation

2026-05-02 18:36:29 -04:00