DmitrL-dev
9b2b05dfce
fix: persistUser preserves tenant_id (prevents overwrite on login)
2026-03-24 12:10:40 +10:00
DmitrL-dev
62ecc1c7a3
sec: fix C4/C5/M4/M5 + domain migration to syntrex.pro
...
C4: Remove localhost:9100 fallback from 27 dashboard files (use relative URLs)
C5: JWT token_type differentiation (access vs refresh) - middleware rejects refresh as Bearer
M4: Server-side registration gate via SOC_REGISTRATION_OPEN env var
M5: HTML tag stripping on name/org_name fields (XSS prevention)
Domain migration:
- users.go: admin@syntrex.pro
- zerotrust.go: SPIFFE trust domain
- sbom.go: namespace URL
- .env.production.example: all URLs updated
- identity_test.go: test email
2026-03-24 11:49:33 +10:00
DmitrL-dev
1b028099be
feat: migrate email to syntrex.pro + add RESEND/CORS env vars to prod compose
...
- Default from-address: noreply@syntrex.pro
- Password reset URL: syntrex.pro
- docker-compose.prod.yml: RESEND_API_KEY, EMAIL_FROM, SOC_CORS_ORIGIN
- CORS supports multi-origin (syntrex.pro + legacy domain)
2026-03-24 11:05:49 +10:00
DmitrL-dev
4a1bd09a13
fix: loadFromDB missing email_verified column in SELECT/Scan
2026-03-24 10:55:44 +10:00
DmitrL-dev
4ce94e9c77
SEC: Fix 3 CRITICAL + 3 MEDIUM red team findings
...
C1: Remove verification_code_dev from API response (CVSS 9.8)
- Code now logged server-side only when email service not configured
C2: Tenant isolation on /api/auth/users (CVSS 9.1)
- HandleListUsers filters by claims.TenantID
- TenantID added to User struct, DB migration, persistUser, loadFromDB
C3: Include TenantID in JWT tokens (CVSS 8.8)
- Login handler now uses Sign() with full Claims including TenantID
- Enables downstream RBAC tenant filtering
M1: nginx server_tokens off (hide version fingerprint)
M2: syntrex.pro added to server_name
M3: CORS multi-origin support (SOC_CORS_ORIGIN=origin1,origin2)
2026-03-24 10:32:50 +10:00
DmitrL-dev
8d87c453b0
feat: add free starter plan with 1000 scans/month quota tracking
2026-03-24 09:37:09 +10:00
DmitrL-dev
f581d65951
feat: wire Shield engine + 134K signatures into demo scanner pipeline
2026-03-23 21:28:54 +10:00
DmitrL-dev
f0c2b4133b
feat: wire FFI to real 54-engine SentinelEngine pipeline (replaces toy regex)
2026-03-23 20:52:28 +10:00
DmitrL-dev
a120aa2750
fix: add /api/v1/scan to JWT public paths (demo scanner bypass auth)
2026-03-23 20:32:11 +10:00
DmitrL-dev
b958ed07bd
feat: connect demo scanner to real SENTINEL engines via /api/v1/scan endpoint
2026-03-23 20:25:30 +10:00
DmitrL-dev
4a0f17873a
fix: convert auth users/tenants SQL from SQLite to PostgreSQL (BOOLEAN, ON CONFLICT, params, TIMESTAMPTZ)
2026-03-23 20:11:59 +10:00
DmitrL-dev
35cdb3be22
fix: make decision logger non-fatal in cmd/soc (continue without audit)
2026-03-23 19:53:06 +10:00
DmitrL-dev
2a6d8fbb5b
fix: remove unused unsafe import in ffi_shield.go
2026-03-23 19:20:40 +10:00
DmitrL-dev
a9e6553356
fix: Shield build - use standalone shield.cpp instead of full CMake, fix library names
2026-03-23 19:07:34 +10:00
DmitrL-dev
d71ada8977
Full-stack FFI: sentinel-core Rust + Shield C linked via CGo, production Dockerfile + deploy script
2026-03-23 17:08:41 +10:00
DmitrL-dev
41cbfd6e0a
Release prep: 54 engines, self-hosted signatures, i18n, dashboard updates
2026-03-23 16:45:40 +10:00
DmitrL-dev
694e32be26
refactor: rename identity to syntrex, add root orchestration and CI/CD
...
- Rename Go module: sentinel-community/gomcp -> syntrex/gomcp (50+ files)
- Rename npm package: sentinel-dashboard -> syntrex-dashboard
- Update Cargo.toml repository URL to syntrex/syntrex
- Update all doc references from DmitrL-dev/AISecurity to syntrex
- Add root Makefile (build-all, test-all, lint-all, clean-all)
- Add MIT LICENSE
- Add .editorconfig (Go/Rust/TS/C cross-language)
- Add .github/workflows/ci.yml (Go + Rust + Dashboard)
- Add dashboard next.config.ts and .env.example
- Clean ARCHITECTURE.md: remove brain/immune/strike/micro-swarm, fix 61->67 engines
2026-03-11 15:30:49 +10:00
DmitrL-dev
2c50c993b1
initial: Syntrex extraction from sentinel-community (615 files)
2026-03-11 15:12:02 +10:00
