php-uptelligence

9 commits 2 branches 0 tags 200 KiB

Author	SHA1	Message	Date
Snider	bdba302441	docs(changelog): add completed P2 items for January 2026 Some checks are pending CI / PHP 8.2 / Laravel 11.* (push) Waiting to run Details CI / PHP 8.3 / Laravel 11.* (push) Waiting to run Details CI / PHP 8.4 / Laravel 11.* (push) Waiting to run Details CI / PHP 8.3 / Laravel 12.* (push) Waiting to run Details CI / PHP 8.4 / Laravel 12.* (push) Waiting to run Details Track completed improvements: - P2-058 to P2-061: Migration fix, webhook timing, API key exposure, payload validation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 19:52:32 +00:00
Snider	cb41d3fae6	fix(P2-058): complete migration column alignment with models - VersionRelease: add storage fields, file counters, timestamps - UpstreamTodo: add branch_name, assigned_to, started_at - DiffCache: add new_content, lines_added/removed, metadata casts - AnalysisLog: use version_release_id and error_message - Asset: add slug, name, licence fields, install details - AssetVersion: add changelog, breaking_changes, paths - Webhook tables: fix foreign key to uptelligence_vendors Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 18:05:38 +00:00
Snider	6f71edd14e	fix(security): address P2 security items and migration mismatch P2-058: Migration Mismatch - Created new migration for vendor tracking tables (000004) - Added explicit $table property to all models with uptelligence_ prefix - Clarified dual-purpose nature (uptime monitoring + vendor tracking) - Added appropriate indexes for common query patterns P2-059: Webhook Signature Timing Attack Audit - Verified all signature verification uses hash_equals() - Added comprehensive tests in WebhookSignatureVerificationTest.php - Tests cover all providers, grace periods, edge cases P2-060: API Key Exposure in Logs - Added redactSensitiveData() to AIAnalyzerService - Added redactSensitiveData() to IssueGeneratorService - Added redactSensitiveData() to VendorUpdateCheckerService - Redacts API keys, tokens, bearer tokens, auth headers P2-061: Missing Webhook Payload Validation - Added MAX_PAYLOAD_SIZE (1MB) and MAX_JSON_DEPTH (32) limits - Added validatePayloadSize() for DoS protection - Added parseAndValidateJson() with depth limit - Added validatePayloadStructure() for provider-specific validation - Added hasExcessiveArraySize() to prevent memory exhaustion - Added tests in WebhookPayloadValidationTest.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 13:29:26 +00:00
Snider	ef8a40829f	security: fix shell injection in AssetTrackerService - Add package name validation with strict regex patterns - Convert all Process::run() calls to array syntax - Support Composer and NPM package name formats - Add comprehensive shell injection tests (20 attack patterns) - Update security docs and changelog Fixes P2 shell injection vulnerability from security audit. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 12:21:07 +00:00
Snider	256e0c38b7	docs: rewrite CLAUDE.md for core-uptelligence package Replace generic Core PHP Framework boilerplate with package-specific documentation covering the vendor tracking module's architecture, services, and commands. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 14:14:53 +00:00
Snider	6c17c39c97	refactor: update Tenant namespace imports to Core\Tenant Align with core-tenant namespace structure. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-27 17:42:11 +00:00
Snider	e0d2325a20	refactor: move namespace from Core\Uptelligence to Core\Mod\Uptelligence Aligns module namespace with Core PHP Framework conventions where modules live under the Core\Mod\ namespace hierarchy. This follows the monorepo separation work started in `40d893a`. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-27 16:32:55 +00:00
Snider	40d893af44	monorepo sepration	2026-01-26 23:56:46 +00:00
Snider	737e705755	Initial commit	2026-01-26 23:25:24 +00:00