core/php-uptelligence
8
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
14 commits 2 branches 0 tags 301 KiB
Commit graph

14 commits

This branch
This branch
All branches
Author SHA1 Message Date
Claude
e02e3737bd
fix(ci): correct bash escaping in dependency checkout step
Some checks failed
CI / PHP 8.4 (push) Waiting to run
Details
CI / PHP 8.3 (push) Has been cancelled
Details 
The PHP variables inside php -r need \$ escaping, but shell
variables outside need bare $ for command substitution and
variable expansion.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 05:19:19 +00:00
Claude
34e388e2bf
ci: inline workflow to bypass reusable workflow cache
Some checks are pending
CI / PHP 8.3 (push) Waiting to run
Details
CI / PHP 8.4 (push) Waiting to run
Details 
The Forgejo act runner caches reusable workflow definitions,
preventing updates from being picked up. Inline the workflow
with dependency checkout step.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 05:11:51 +00:00
Claude
549b46b651
ci: trigger rebuild with fixed reusable workflow
Some checks failed
CI / tests (push) Failing after 1m33s
Details 
The reusable php-test.yml now detects pest/phpunit/pint availability
and clones path dependencies using the runner token.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 04:57:18 +00:00
Claude
f751905f22
chore: fix pint code style and add test config
Some checks failed
CI / tests (push) Failing after 1m22s
Details 
Add phpunit.xml and tests/Pest.php for standalone test execution.
Apply Laravel Pint formatting fixes across all source files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 03:50:07 +00:00
Claude
7c941060a5
ci: use reusable PHP test workflow from core/php
Some checks failed
CI / tests (push) Failing after 1m25s
Details 
Co-Authored-By: Charon <charon@lethean.io>
 2026-02-23 01:22:26 +00:00
Snider
bdba302441 docs(changelog): add completed P2 items for January 2026
Some checks failed
CI / PHP 8.2 / Laravel 11.* (push) Has been cancelled
Details
CI / PHP 8.3 / Laravel 11.* (push) Has been cancelled
Details
CI / PHP 8.4 / Laravel 11.* (push) Has been cancelled
Details
CI / PHP 8.3 / Laravel 12.* (push) Has been cancelled
Details
CI / PHP 8.4 / Laravel 12.* (push) Has been cancelled
Details 
Track completed improvements:
- P2-058 to P2-061: Migration fix, webhook timing, API key exposure, payload validation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:52:32 +00:00
Snider
cb41d3fae6 fix(P2-058): complete migration column alignment with models 
- VersionRelease: add storage fields, file counters, timestamps
- UpstreamTodo: add branch_name, assigned_to, started_at
- DiffCache: add new_content, lines_added/removed, metadata casts
- AnalysisLog: use version_release_id and error_message
- Asset: add slug, name, licence fields, install details
- AssetVersion: add changelog, breaking_changes, paths
- Webhook tables: fix foreign key to uptelligence_vendors

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 18:05:38 +00:00
Snider
6f71edd14e fix(security): address P2 security items and migration mismatch 
P2-058: Migration Mismatch
- Created new migration for vendor tracking tables (000004)
- Added explicit $table property to all models with uptelligence_ prefix
- Clarified dual-purpose nature (uptime monitoring + vendor tracking)
- Added appropriate indexes for common query patterns

P2-059: Webhook Signature Timing Attack Audit
- Verified all signature verification uses hash_equals()
- Added comprehensive tests in WebhookSignatureVerificationTest.php
- Tests cover all providers, grace periods, edge cases

P2-060: API Key Exposure in Logs
- Added redactSensitiveData() to AIAnalyzerService
- Added redactSensitiveData() to IssueGeneratorService
- Added redactSensitiveData() to VendorUpdateCheckerService
- Redacts API keys, tokens, bearer tokens, auth headers

P2-061: Missing Webhook Payload Validation
- Added MAX_PAYLOAD_SIZE (1MB) and MAX_JSON_DEPTH (32) limits
- Added validatePayloadSize() for DoS protection
- Added parseAndValidateJson() with depth limit
- Added validatePayloadStructure() for provider-specific validation
- Added hasExcessiveArraySize() to prevent memory exhaustion
- Added tests in WebhookPayloadValidationTest.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:29:26 +00:00
Snider
ef8a40829f security: fix shell injection in AssetTrackerService 
- Add package name validation with strict regex patterns
- Convert all Process::run() calls to array syntax
- Support Composer and NPM package name formats
- Add comprehensive shell injection tests (20 attack patterns)
- Update security docs and changelog

Fixes P2 shell injection vulnerability from security audit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:21:07 +00:00
Snider
256e0c38b7 docs: rewrite CLAUDE.md for core-uptelligence package 
Replace generic Core PHP Framework boilerplate with package-specific
documentation covering the vendor tracking module's architecture,
services, and commands.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 14:14:53 +00:00
Snider
6c17c39c97 refactor: update Tenant namespace imports to Core\Tenant 
Align with core-tenant namespace structure.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 17:42:11 +00:00
Snider
e0d2325a20 refactor: move namespace from Core\Uptelligence to Core\Mod\Uptelligence 
Aligns module namespace with Core PHP Framework conventions where
modules live under the Core\Mod\ namespace hierarchy. This follows
the monorepo separation work started in 40d893a.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:32:55 +00:00
Snider
40d893af44 monorepo sepration 2026-01-26 23:56:46 +00:00
Snider
737e705755
Initial commit 2026-01-26 23:25:24 +00:00