core/php-uptelligence
8
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions
38 commits 2 branches 3 tags 257 KiB
Commit graph

8 commits

Author SHA1 Message Date
Snider
1d117c83e6 feat(uptelligence): add sync-altum-versions command to read deployed versions from disk 
Reads PRODUCT_VERSION from init.php and plugin versions from config.php,
then updates uptelligence_vendors to reflect what is actually deployed.
Supports --dry-run and --path options. 7 tests, 16 assertions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 08:54:37 +00:00
Snider
a187114d27 feat(uptelligence): add AltumCode vendor seeder with 17 entries 
Idempotent seeder using updateOrCreate for 4 licensed products
(66analytics, 66biolinks, 66pusher, 66socialproof) and 13 plugins.
All entries use placeholder version 0.0.0 pending sync from Task 4.

Also fixes Pest.php to use Tests\TestCase (loads Boot provider) so
database-dependent tests can run migrations via RefreshDatabase.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 08:47:07 +00:00
Snider
f0a2f3fd1a feat(uptelligence): add AltumCode vendor update checks 
Add automated version checking for AltumCode products and plugins:
- isAltumPlatform() routes altum vendors before OSS checks
- checkAltumProduct() fetches latest_release_version from product info.php
- checkAltumPlugin() looks up plugin versions from dev.altumcode.com
- In-memory cache avoids redundant HTTP calls for multiple plugins

14 Pest tests covering all paths (43 assertions).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-12 08:40:26 +00:00
Claude
9c8e804448 test: fix TestCase to use Orchestra Testbench for CI
Some checks failed
CI / PHP 8.4 (push) Waiting to run
Details
CI / PHP 8.3 (push) Has been cancelled
Details
2026-02-23 06:18:30 +00:00
Claude
f751905f22
chore: fix pint code style and add test config
Some checks failed
CI / tests (push) Failing after 1m22s
Details 
Add phpunit.xml and tests/Pest.php for standalone test execution.
Apply Laravel Pint formatting fixes across all source files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 03:50:07 +00:00
Snider
6f71edd14e fix(security): address P2 security items and migration mismatch 
P2-058: Migration Mismatch
- Created new migration for vendor tracking tables (000004)
- Added explicit $table property to all models with uptelligence_ prefix
- Clarified dual-purpose nature (uptime monitoring + vendor tracking)
- Added appropriate indexes for common query patterns

P2-059: Webhook Signature Timing Attack Audit
- Verified all signature verification uses hash_equals()
- Added comprehensive tests in WebhookSignatureVerificationTest.php
- Tests cover all providers, grace periods, edge cases

P2-060: API Key Exposure in Logs
- Added redactSensitiveData() to AIAnalyzerService
- Added redactSensitiveData() to IssueGeneratorService
- Added redactSensitiveData() to VendorUpdateCheckerService
- Redacts API keys, tokens, bearer tokens, auth headers

P2-061: Missing Webhook Payload Validation
- Added MAX_PAYLOAD_SIZE (1MB) and MAX_JSON_DEPTH (32) limits
- Added validatePayloadSize() for DoS protection
- Added parseAndValidateJson() with depth limit
- Added validatePayloadStructure() for provider-specific validation
- Added hasExcessiveArraySize() to prevent memory exhaustion
- Added tests in WebhookPayloadValidationTest.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:29:26 +00:00
Snider
ef8a40829f security: fix shell injection in AssetTrackerService 
- Add package name validation with strict regex patterns
- Convert all Process::run() calls to array syntax
- Support Composer and NPM package name formats
- Add comprehensive shell injection tests (20 attack patterns)
- Update security docs and changelog

Fixes P2 shell injection vulnerability from security audit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:21:07 +00:00
Snider
737e705755
Initial commit 2026-01-26 23:25:24 +00:00