apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-05-05 09:12:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
58 commits 1 branch 1 tag 898 KiB
Commit graph

25 commits

Author SHA1 Message Date
DmitrL-dev
d1f844235e chore: add copyright headers, CI tests, and sanitize gitignore 2026-03-31 22:13:34 +10:00
DmitrL-dev
5cbb3d89d3 chore: migrate module path to syntrex-lab and prepare open source release 2026-03-31 22:01:51 +10:00
DmitrL-dev
a54c892736 security: deep audit fixes — error leak prevention, DOMPurify XSS guard, mutex race fix, i18n parity, HMAC warning 
- [C-1] Fix sync.Mutex copy in guard.GuardStats (go vet race condition)
- [C-2] Replace 3x raw err.Error() HTTP leaks with generic messages (tenant_handlers, ws_transport, immune)
- [M-1] Add isomorphic-dompurify to LegalPage and AIAssistant (XSS defense-in-depth)
- [M-4] Add swaggo/swag dependency for Swagger docs
- [L-4] Add slog.Warn for hardcoded dev HMAC key in tpmaudit
- [L-5] Add 2 missing i18n keys (nav.contacts, nav.start_free) — 365/365 parity
 2026-03-31 19:52:21 +10:00
DmitrL-dev
02b511a41e fix: resolve remaining localization, documentation routing bugs, and restore soc_handlers comments 2026-03-31 15:38:19 +10:00
DmitrL-dev
2c27cf1bf7 feat(docs): finalize SDD-110 localization and Next.js Markdown rendering 2026-03-31 15:02:15 +10:00
DmitrL-dev
54337f4593 Fix demo simulator and pricing UI bugs 2026-03-31 10:04:53 +10:00
DmitrL-dev
dc90f209fa feat: implement interactive demo mode and soc generator 2026-03-31 08:22:35 +10:00
DmitrL-dev
d0a02b1506 feat: Superadmin impersonation and env password override 2026-03-31 07:41:07 +10:00
DmitrL-dev
7bd08dc9be feat(security): SEC-015 Strict CORS Origin Validation and Specs Update 2026-03-27 20:58:59 +10:00
DmitrL-dev
dd977b7d46 fix(sec): critical tenant isolation - pgx placeholders, requireSOC hardening, plan upgrade guard 
- Fix pgx/v5 SQL placeholder bug (? -> /) in tenant_handlers.go
- tenant_id was silently failing to write/read, causing empty TenantID in JWT
- Harden requireSOC middleware to BLOCK when TenantID is empty (was pass-through)
- Block paid plan upgrades without Stripe payment verification
- Add in-memory cache update for tenant_id on registration
- Add fallback tenant_id read from User object in HandleVerifyEmail
 2026-03-27 19:11:55 +10:00
DmitrL-dev
1aa47da6a3 fix(quota): plan-aware scan limits + add quota stress test script 2026-03-27 18:48:27 +10:00
DmitrL-dev
5ddfa74771 chore: Apply dashboard audit remediations, sync engine counts, update APIs 2026-03-27 16:54:18 +10:00
DmitrL-dev
b8097d3f1b feat: SOC ghost sinkhole, rate limiter, RBAC, demo seed 2026-03-27 12:45:11 +10:00
DmitrL-dev
5c00ffef75 perf: full optimization pass for 10K battle 2026-03-26 14:26:17 +10:00
DmitrL-dev
af945d5008 perf: SOC hardening — CPU limits, scan semaphore, SEO, tenant_id migration 
- docker-compose.prod.yml: SOC CPU 1→3, GOMEMLIMIT 1200MiB, GOMAXPROCS 3, removed certbot
- server.go: scan semaphore (max 4 concurrent scans)
- soc_handlers.go: 503 backpressure + 30s scan timeout
- 003_add_tenant_id.sql: migration for soc_events/incidents/sensors
- SEO: Google/Yandex verification, expanded sitemap.xml, improved robots.txt
- SENTINEL_AI_SOC_SPEC.md: v2.3 — §18 Performance & Capacity section
 2026-03-26 14:02:55 +10:00
DmitrL-dev
0454dd4966 feat: auto-enrich SOC events with source IP from HTTP request 2026-03-26 12:22:00 +10:00
DmitrL-dev
11c0e42af7 fix: exclude auth/SSE/events from global rate limiter 2026-03-26 09:16:53 +10:00
DmitrL-dev
413fa8aa2c feat: POST /api/waitlist — backend endpoint for registration waitlist 
- server.go: route registration (public, rate-limited)
- soc_handlers.go: handleWaitlist with email validation, input sanitization
- service.go: AddWaitlistEntry with audit trail + structured logging
- Frontend form at /register already submits to this endpoint
 2026-03-24 15:46:59 +10:00
DmitrL-dev
4ce94e9c77 SEC: Fix 3 CRITICAL + 3 MEDIUM red team findings 
C1: Remove verification_code_dev from API response (CVSS 9.8)
    - Code now logged server-side only when email service not configured
C2: Tenant isolation on /api/auth/users (CVSS 9.1)
    - HandleListUsers filters by claims.TenantID
    - TenantID added to User struct, DB migration, persistUser, loadFromDB
C3: Include TenantID in JWT tokens (CVSS 8.8)
    - Login handler now uses Sign() with full Claims including TenantID
    - Enables downstream RBAC tenant filtering

M1: nginx server_tokens off (hide version fingerprint)
M2: syntrex.pro added to server_name
M3: CORS multi-origin support (SOC_CORS_ORIGIN=origin1,origin2)
 2026-03-24 10:32:50 +10:00
DmitrL-dev
8d87c453b0 feat: add free starter plan with 1000 scans/month quota tracking 2026-03-24 09:37:09 +10:00
DmitrL-dev
f581d65951 feat: wire Shield engine + 134K signatures into demo scanner pipeline 2026-03-23 21:28:54 +10:00
DmitrL-dev
b958ed07bd feat: connect demo scanner to real SENTINEL engines via /api/v1/scan endpoint 2026-03-23 20:25:30 +10:00
DmitrL-dev
41cbfd6e0a Release prep: 54 engines, self-hosted signatures, i18n, dashboard updates 2026-03-23 16:45:40 +10:00
DmitrL-dev
694e32be26 refactor: rename identity to syntrex, add root orchestration and CI/CD 
- Rename Go module: sentinel-community/gomcp -> syntrex/gomcp (50+ files)
- Rename npm package: sentinel-dashboard -> syntrex-dashboard
- Update Cargo.toml repository URL to syntrex/syntrex
- Update all doc references from DmitrL-dev/AISecurity to syntrex
- Add root Makefile (build-all, test-all, lint-all, clean-all)
- Add MIT LICENSE
- Add .editorconfig (Go/Rust/TS/C cross-language)
- Add .github/workflows/ci.yml (Go + Rust + Dashboard)
- Add dashboard next.config.ts and .env.example
- Clean ARCHITECTURE.md: remove brain/immune/strike/micro-swarm, fix 61->67 engines
 2026-03-11 15:30:49 +10:00
DmitrL-dev
2c50c993b1 initial: Syntrex extraction from sentinel-community (615 files) 2026-03-11 15:12:02 +10:00