apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-04-24 20:06:21 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
50 commits 1 branch 1 tag 898 KiB
Commit graph

50 commits

This branch
This branch
All branches
Author SHA1 Message Date
DmitrL-dev
5cbb3d89d3 chore: migrate module path to syntrex-lab and prepare open source release 2026-03-31 22:01:51 +10:00
DmitrL-dev
a54c892736 security: deep audit fixes — error leak prevention, DOMPurify XSS guard, mutex race fix, i18n parity, HMAC warning 
- [C-1] Fix sync.Mutex copy in guard.GuardStats (go vet race condition)
- [C-2] Replace 3x raw err.Error() HTTP leaks with generic messages (tenant_handlers, ws_transport, immune)
- [M-1] Add isomorphic-dompurify to LegalPage and AIAssistant (XSS defense-in-depth)
- [M-4] Add swaggo/swag dependency for Swagger docs
- [L-4] Add slog.Warn for hardcoded dev HMAC key in tpmaudit
- [L-5] Add 2 missing i18n keys (nav.contacts, nav.start_free) — 365/365 parity
 2026-03-31 19:52:21 +10:00
DmitrL-dev
02b511a41e fix: resolve remaining localization, documentation routing bugs, and restore soc_handlers comments 2026-03-31 15:38:19 +10:00
DmitrL-dev
2c27cf1bf7 feat(docs): finalize SDD-110 localization and Next.js Markdown rendering 2026-03-31 15:02:15 +10:00
DmitrL-dev
fe9415ab74 feat(ci): implement SDD-107 GitHub Actions automation 2026-03-31 11:19:46 +10:00
DmitrL-dev
54337f4593 Fix demo simulator and pricing UI bugs 2026-03-31 10:04:53 +10:00
DmitrL-dev
4ce60a33d6 chore(docker): revert root user workaround 2026-03-31 09:19:15 +10:00
DmitrL-dev
237fce9504 fix(docker): revert container user to root to fix permission issue with existing volume 2026-03-31 08:54:30 +10:00
DmitrL-dev
4d6aeedccd fix(auth): whitelist /api/auth/demo in JWT middleware to fix demo login 2026-03-31 08:38:46 +10:00
DmitrL-dev
06e5c81dd7 feat: align landing page pricing with billing dashboard and fix Free tier limits 2026-03-31 08:29:25 +10:00
DmitrL-dev
dc90f209fa feat: implement interactive demo mode and soc generator 2026-03-31 08:22:35 +10:00
DmitrL-dev
d0a02b1506 feat: Superadmin impersonation and env password override 2026-03-31 07:41:07 +10:00
DmitrL-dev
f833602145 fix(auth): remove hardcoded admin password and use env var / random generation fallback 2026-03-30 20:34:24 +10:00
DmitrL-dev
05ee9859bf fix(gomcp): watchdog flood + SOC migration race condition 
- orchestrator: debounce WATCHDOG_RECOVERY writes to once/24h
  prevents runaway DB bloat (4510 records -> context deadline exceeded)
- orchestrator: memoryHygiene now purges aged watchdog markers
- soc_repo: move tenant_id indexes after ALTER TABLE migrations
  fixes 'no such column: tenant_id' crash on existing DBs
 2026-03-28 16:34:28 +10:00
DmitrL-dev
7bd08dc9be feat(security): SEC-015 Strict CORS Origin Validation and Specs Update 2026-03-27 20:58:59 +10:00
DmitrL-dev
2a3ed1c319 feat(security): enforce plan-based access, add Free tier API keys UI 2026-03-27 20:33:46 +10:00
DmitrL-dev
dd977b7d46 fix(sec): critical tenant isolation - pgx placeholders, requireSOC hardening, plan upgrade guard 
- Fix pgx/v5 SQL placeholder bug (? -> /) in tenant_handlers.go
- tenant_id was silently failing to write/read, causing empty TenantID in JWT
- Harden requireSOC middleware to BLOCK when TenantID is empty (was pass-through)
- Block paid plan upgrades without Stripe payment verification
- Add in-memory cache update for tenant_id on registration
- Add fallback tenant_id read from User object in HandleVerifyEmail
 2026-03-27 19:11:55 +10:00
DmitrL-dev
1aa47da6a3 fix(quota): plan-aware scan limits + add quota stress test script 2026-03-27 18:48:27 +10:00
DmitrL-dev
577fa9400a fix(auth): comprehensive sync of cookie-based sessions across register, verify, and middleware 2026-03-27 18:42:54 +10:00
DmitrL-dev
9abdd86540 fix: open registration by default and handle slug collision gracefully 2026-03-27 18:13:17 +10:00
DmitrL-dev
5ddfa74771 chore: Apply dashboard audit remediations, sync engine counts, update APIs 2026-03-27 16:54:18 +10:00
DmitrL-dev
53c87c972d fix(dashboard): sensors page calls /api/soc/sensors with correct field mapping; feat(shadow-ai): add Azure OpenAI, Bedrock, Meta Llama, xAI patterns 2026-03-27 13:32:59 +10:00
DmitrL-dev
b8097d3f1b feat: SOC ghost sinkhole, rate limiter, RBAC, demo seed 2026-03-27 12:45:11 +10:00
DmitrL-dev
cc7956d835 feat: TurboQuant VectorStore integration & Edge PQ KV cache prototype 
- QJL (1-bit) approximate filter for 2.3x fast search

- PolarQuant (4-bit/8-bit) compressed storage with PQDropFloat64 memory reclamation (15x heap reduction)

- Two-Phase SearchQJL with fallback to CompressedSimilarity

- Edge Deployment prototype (pq_attention.cu) for LLaMA 1.5M token context
 2026-03-26 22:00:49 +10:00
DmitrL-dev
5c00ffef75 perf: full optimization pass for 10K battle 2026-03-26 14:26:17 +10:00
DmitrL-dev
af945d5008 perf: SOC hardening — CPU limits, scan semaphore, SEO, tenant_id migration 
- docker-compose.prod.yml: SOC CPU 1→3, GOMEMLIMIT 1200MiB, GOMAXPROCS 3, removed certbot
- server.go: scan semaphore (max 4 concurrent scans)
- soc_handlers.go: 503 backpressure + 30s scan timeout
- 003_add_tenant_id.sql: migration for soc_events/incidents/sensors
- SEO: Google/Yandex verification, expanded sitemap.xml, improved robots.txt
- SENTINEL_AI_SOC_SPEC.md: v2.3 — §18 Performance & Capacity section
 2026-03-26 14:02:55 +10:00
DmitrL-dev
0454dd4966 feat: auto-enrich SOC events with source IP from HTTP request 2026-03-26 12:22:00 +10:00
DmitrL-dev
11c0e42af7 fix: exclude auth/SSE/events from global rate limiter 2026-03-26 09:16:53 +10:00
DmitrL-dev
ab55fe2b58 fix: make SOC ingest JWT-exempt for sensor access + battle script JWT login 2026-03-25 20:14:43 +10:00
DmitrL-dev
413fa8aa2c feat: POST /api/waitlist — backend endpoint for registration waitlist 
- server.go: route registration (public, rate-limited)
- soc_handlers.go: handleWaitlist with email validation, input sanitization
- service.go: AddWaitlistEntry with audit trail + structured logging
- Frontend form at /register already submits to this endpoint
 2026-03-24 15:46:59 +10:00
DmitrL-dev
29a0116125 feat: bilingual email templates + fix legacy domain in email.go 
- SendVerificationCodeLocalized with RU/EN support
- SendWelcome bilingual (dual-language body)
- Fix отражение.рус -> syntrex.pro in code comment
 2026-03-24 15:23:33 +10:00
DmitrL-dev
be06a32cfc sec: complete domain migration - chg@live.ru to contact@syntrex.pro, SPIFFE to syntrex.pro, CORS cleanup 2026-03-24 12:43:21 +10:00
DmitrL-dev
9b2b05dfce fix: persistUser preserves tenant_id (prevents overwrite on login) 2026-03-24 12:10:40 +10:00
DmitrL-dev
62ecc1c7a3 sec: fix C4/C5/M4/M5 + domain migration to syntrex.pro 
C4: Remove localhost:9100 fallback from 27 dashboard files (use relative URLs)
C5: JWT token_type differentiation (access vs refresh) - middleware rejects refresh as Bearer
M4: Server-side registration gate via SOC_REGISTRATION_OPEN env var
M5: HTML tag stripping on name/org_name fields (XSS prevention)

Domain migration:
- users.go: admin@syntrex.pro
- zerotrust.go: SPIFFE trust domain
- sbom.go: namespace URL
- .env.production.example: all URLs updated
- identity_test.go: test email
 2026-03-24 11:49:33 +10:00
DmitrL-dev
1b028099be feat: migrate email to syntrex.pro + add RESEND/CORS env vars to prod compose 
- Default from-address: noreply@syntrex.pro
- Password reset URL: syntrex.pro
- docker-compose.prod.yml: RESEND_API_KEY, EMAIL_FROM, SOC_CORS_ORIGIN
- CORS supports multi-origin (syntrex.pro + legacy domain)
 2026-03-24 11:05:49 +10:00
DmitrL-dev
4a1bd09a13 fix: loadFromDB missing email_verified column in SELECT/Scan 2026-03-24 10:55:44 +10:00
DmitrL-dev
4ce94e9c77 SEC: Fix 3 CRITICAL + 3 MEDIUM red team findings 
C1: Remove verification_code_dev from API response (CVSS 9.8)
    - Code now logged server-side only when email service not configured
C2: Tenant isolation on /api/auth/users (CVSS 9.1)
    - HandleListUsers filters by claims.TenantID
    - TenantID added to User struct, DB migration, persistUser, loadFromDB
C3: Include TenantID in JWT tokens (CVSS 8.8)
    - Login handler now uses Sign() with full Claims including TenantID
    - Enables downstream RBAC tenant filtering

M1: nginx server_tokens off (hide version fingerprint)
M2: syntrex.pro added to server_name
M3: CORS multi-origin support (SOC_CORS_ORIGIN=origin1,origin2)
 2026-03-24 10:32:50 +10:00
DmitrL-dev
8d87c453b0 feat: add free starter plan with 1000 scans/month quota tracking 2026-03-24 09:37:09 +10:00
DmitrL-dev
f581d65951 feat: wire Shield engine + 134K signatures into demo scanner pipeline 2026-03-23 21:28:54 +10:00
DmitrL-dev
f0c2b4133b feat: wire FFI to real 54-engine SentinelEngine pipeline (replaces toy regex) 2026-03-23 20:52:28 +10:00
DmitrL-dev
a120aa2750 fix: add /api/v1/scan to JWT public paths (demo scanner bypass auth) 2026-03-23 20:32:11 +10:00
DmitrL-dev
b958ed07bd feat: connect demo scanner to real SENTINEL engines via /api/v1/scan endpoint 2026-03-23 20:25:30 +10:00
DmitrL-dev
4a0f17873a fix: convert auth users/tenants SQL from SQLite to PostgreSQL (BOOLEAN, ON CONFLICT, params, TIMESTAMPTZ) 2026-03-23 20:11:59 +10:00
DmitrL-dev
35cdb3be22 fix: make decision logger non-fatal in cmd/soc (continue without audit) 2026-03-23 19:53:06 +10:00
DmitrL-dev
2a6d8fbb5b fix: remove unused unsafe import in ffi_shield.go 2026-03-23 19:20:40 +10:00
DmitrL-dev
a9e6553356 fix: Shield build - use standalone shield.cpp instead of full CMake, fix library names 2026-03-23 19:07:34 +10:00
DmitrL-dev
d71ada8977 Full-stack FFI: sentinel-core Rust + Shield C linked via CGo, production Dockerfile + deploy script 2026-03-23 17:08:41 +10:00
DmitrL-dev
41cbfd6e0a Release prep: 54 engines, self-hosted signatures, i18n, dashboard updates 2026-03-23 16:45:40 +10:00
DmitrL-dev
694e32be26 refactor: rename identity to syntrex, add root orchestration and CI/CD 
- Rename Go module: sentinel-community/gomcp -> syntrex/gomcp (50+ files)
- Rename npm package: sentinel-dashboard -> syntrex-dashboard
- Update Cargo.toml repository URL to syntrex/syntrex
- Update all doc references from DmitrL-dev/AISecurity to syntrex
- Add root Makefile (build-all, test-all, lint-all, clean-all)
- Add MIT LICENSE
- Add .editorconfig (Go/Rust/TS/C cross-language)
- Add .github/workflows/ci.yml (Go + Rust + Dashboard)
- Add dashboard next.config.ts and .env.example
- Clean ARCHITECTURE.md: remove brain/immune/strike/micro-swarm, fix 61->67 engines
 2026-03-11 15:30:49 +10:00
DmitrL-dev
2c50c993b1 initial: Syntrex extraction from sentinel-community (615 files) 2026-03-11 15:12:02 +10:00