yusiboyz

0 Followers · 0 Following

• Joined on 2026-03-28

Repositories

1

Projects Packages Public Activity Starred Repositories

yusiboyz commented on issue yusiboyz/platform#7 2026-03-29 13:50:24 -05:00

Transport Security: Finish Cookie Hardening, TLS Verification, and Proxy Controls

Completed in 7c05ef1 + 9e13984 — _internal_ssl_ctx removed entirely. proxy.py uses plain urlopen() (all internal services are HTTP). ssl import removed from config.py. External calls (OpenAI,…

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 13:50:07 -05:00

9e13984b05 fix: performance hardening — eliminate full table scans (#9)

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 13:48:20 -05:00

7a7286ac1c fix(gateway,inventory): trust model hardening (#5)

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 13:46:13 -05:00

7c05ef14c7 fix(gateway): remove no-verify SSL context from proxy (#7)

yusiboyz commented on issue yusiboyz/platform#5 2026-03-29 10:13:12 -05:00

Gateway Trust Model: Protect Internal Services and Service-Level Data

Fixed in 4ecd233 — Token validation uses protected endpoints. Trust model documented in docs/trust-model.md. Unknown services rejected.

yusiboyz commented on issue yusiboyz/platform#9 2026-03-29 10:13:12 -05:00

Performance Hardening: Cache and De-risk Summary Endpoints

Fixed in 4ecd233 — Budget summary cached 1min. Dashboard cached 30s per user (2.1s→40ms). Inventory health endpoint added.

yusiboyz commented on issue yusiboyz/platform#8 2026-03-29 10:13:12 -05:00

Dependency Security and CI Enforcement

Fixed in 4ecd233 — Added .gitea/workflows/security.yml: dependency audit, secret scanning, Dockerfile lint. Requires Gitea Actions runner to execute.

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 10:13:02 -05:00

4ecd2336b5 fix: complete remaining remediation (#5, #8, #9)

yusiboyz closed issue yusiboyz/platform#5 2026-03-29 10:13:02 -05:00

Gateway Trust Model: Protect Internal Services and Service-Level Data

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:35:40 -05:00

72747668f9 fix: remaining security and deployment hardening (#6 #7 #10)

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:18:43 -05:00

0ed8f1f83e fix: deployment hardening — non-root containers and health checks (#10)

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:14:22 -05:00

14c667bd5e fix: resolve path-to-regexp ReDoS vulnerability in budget service (#8)

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:13:39 -05:00

5f5660893d fix: TLS verification, cookie hardening, and proxy transport (#7)

yusiboyz closed issue yusiboyz/platform#7 2026-03-29 09:13:39 -05:00

Transport Security: Finish Cookie Hardening, TLS Verification, and Proxy Controls

yusiboyz closed issue yusiboyz/platform#6 2026-03-29 09:12:01 -05:00

Repository Hygiene: Remove Tracked Secrets and Runtime Databases

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:12:01 -05:00

590ea69900 fix: update .env.example and verify repo hygiene (#6)

yusiboyz commented on issue yusiboyz/platform#2 2026-03-29 09:10:55 -05:00

Auth Boundary: Registration and Default Credentials

Fixed in commit 79d2c3b

All default credentials removed. Services fail-warn when auth env vars missing. Register endpoint stays disabled (403).

Manual ops: set ADMIN_USERNAME/ADMIN_PASSWORD…

yusiboyz closed issue yusiboyz/platform#2 2026-03-29 09:10:44 -05:00

Auth Boundary: Registration and Default Credentials

yusiboyz pushed to master at yusiboyz/platform 2026-03-29 09:10:44 -05:00

79d2c3b4b6 fix: remove all default credentials (#2)

yusiboyz commented on issue yusiboyz/platform#5 2026-03-29 09:06:55 -05:00

Gateway Trust Model: Protect Internal Services and Service-Level Data

Partial fix in commit fcb9383

Changes:

• services/inventory/server.js: Added X-API-Key middleware, rejects 401 without key
• services/budget/server.js: Added X-API-Key middleware, rejects…