Michael Freno
bdf8ad30b6
Security findings from April 30 review were claimed fixed but never committed. Applied all remediations: HIGH: - WebhookHandler: fail fast when DARKWATCH_WEBHOOK_SECRET missing instead of defaulting to hardcoded secret - field-encryption.service: require PII_ENCRYPTION_KEY at startup instead of defaulting MEDIUM: - WebhookHandler: make signature required (was optional, accepted unsigned events) - WebhookHandler: reject unknown event types instead of silently defaulting to SCAN_TRIGGER - scheduler.routes + webhook.routes: add ownership checks on /:userId endpoints (IDOR) LOW: - webhook.routes: generic error responses, full error logged server-side Co-Authored-By: Paperclip <noreply@paperclip.ing>