core/php-uptelligence
8
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions
38 commits 2 branches 3 tags 257 KiB
Commit graph

5 commits

Author SHA1 Message Date
Snider
a187114d27 feat(uptelligence): add AltumCode vendor seeder with 17 entries 
Idempotent seeder using updateOrCreate for 4 licensed products
(66analytics, 66biolinks, 66pusher, 66socialproof) and 13 plugins.
All entries use placeholder version 0.0.0 pending sync from Task 4.

Also fixes Pest.php to use Tests\TestCase (loads Boot provider) so
database-dependent tests can run migrations via RefreshDatabase.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 08:47:07 +00:00
Snider
cb41d3fae6 fix(P2-058): complete migration column alignment with models 
- VersionRelease: add storage fields, file counters, timestamps
- UpstreamTodo: add branch_name, assigned_to, started_at
- DiffCache: add new_content, lines_added/removed, metadata casts
- AnalysisLog: use version_release_id and error_message
- Asset: add slug, name, licence fields, install details
- AssetVersion: add changelog, breaking_changes, paths
- Webhook tables: fix foreign key to uptelligence_vendors

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:05:38 +00:00
Snider
6f71edd14e fix(security): address P2 security items and migration mismatch 
P2-058: Migration Mismatch
- Created new migration for vendor tracking tables (000004)
- Added explicit $table property to all models with uptelligence_ prefix
- Clarified dual-purpose nature (uptime monitoring + vendor tracking)
- Added appropriate indexes for common query patterns

P2-059: Webhook Signature Timing Attack Audit
- Verified all signature verification uses hash_equals()
- Added comprehensive tests in WebhookSignatureVerificationTest.php
- Tests cover all providers, grace periods, edge cases

P2-060: API Key Exposure in Logs
- Added redactSensitiveData() to AIAnalyzerService
- Added redactSensitiveData() to IssueGeneratorService
- Added redactSensitiveData() to VendorUpdateCheckerService
- Redacts API keys, tokens, bearer tokens, auth headers

P2-061: Missing Webhook Payload Validation
- Added MAX_PAYLOAD_SIZE (1MB) and MAX_JSON_DEPTH (32) limits
- Added validatePayloadSize() for DoS protection
- Added parseAndValidateJson() with depth limit
- Added validatePayloadStructure() for provider-specific validation
- Added hasExcessiveArraySize() to prevent memory exhaustion
- Added tests in WebhookPayloadValidationTest.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:29:26 +00:00
Snider
40d893af44 monorepo sepration 2026-01-26 23:56:46 +00:00
Snider
737e705755
Initial commit 2026-01-26 23:25:24 +00:00