Skip to content

staging -> main#129

Merged
ducnmm merged 60 commits into
mainfrom
staging
Apr 30, 2026
Merged

staging -> main#129
ducnmm merged 60 commits into
mainfrom
staging

Conversation

@ducnmm

@ducnmm ducnmm commented Apr 30, 2026

Copy link
Copy Markdown
Collaborator

staging -> main

ducnmm and others added 30 commits April 9, 2026 16:24
fix(sec): add body-size limits on unauthenticated public endpoints
…ormational

feat(security): MEM-23 Phase 5 Informational.
fix(sec): HIGH-12 — block open redirect on guest sign-in redirectUrl
…(MED-3, MED-6, MED-13)

- MED-3: Cap recall and recall_manual limit at 100 (was unbounded)
  prevents full-table scan with limit=999999
- MED-6: Replace join_all() with buffer_unordered(10) in restore handler
  preventing OOM when restoring large namespaces with many blobs
- MED-13: Cap sidecar decrypt-batch items at 50 (was unbounded)
  prevents memory exhaustion via large batch payloads
…urrency-resource-bounds

fix(security): MEM-17 cap recall limit and bound restore concurrency
…et-private-keys-transmitted-per-request-to

Fix MEM-7: Transmit key_index instead of private_key
…s (MED-1, MED-2)

- MED-1: Add x-nonce header (UUID v4) to signed message on SDK side;
  server checks Redis SET NX (TTL=600s) to reject replayed nonces;
  signed message format updated: {ts}.{method}.{path}.{sha256}.{nonce}
- MED-2: Check MemWalAccount.active field in verify_delegate_key_onchain();
  deactivated accounts now return AccountDeactivated error (401),
  default=true for backward compat with pre-fix contract versions
- Add AccountDeactivated variant to OnchainVerifyError enum
- Add 4 unit tests for error variants
…ection-block-deactivated

fix(security): MEM-16 replay protection and block deactivated accounts
…, MED-20, MED-21)

- MED-19: replace fail-open (silent allow) with fail-closed (503) on Redis error
  in all 3 layers (delegate-key, burst, sustained); add pipe().atomic() in record_in_window
- MED-20: normalize trailing slash in endpoint_weight() to prevent cost bypass
- MED-21: add pg_advisory_lock per-owner in check_storage_quota() to prevent
  TOCTOU race where concurrent requests could exceed storage quota
- Add 7 unit tests (path normalization, hash stability, response codes)
…ng-hardening

fix(security): MEM-18 rate limiter fail-closed on Redis error
…ervers

feat: enable SEAL key-server verification across all SealClient insta…
   validation, CORS lockdown on /sponsor
fix(sec): rate limiting + input validation on /sponsor endpoints   (MEM-HIGH-4)
…ration-fix

fix(security): HIGH-11 remove user_exists status to prevent account e…
ducnmm and others added 24 commits April 16, 2026 07:34
…ty-fixes

fix(sec): Phase 3 P2 — resolve 20 low-severity & info audit findings
fix(sec): remove x-delegate-key from wire (ENG-1696 + ENG-1697)
fix: remove broken npm upgrade step for OIDC trusted publishing
Fix SDK trusted publishing workflow
@ducnmm ducnmm requested a review from daniellam258 April 30, 2026 02:43
@ducnmm ducnmm changed the title Staging staging -> main Apr 30, 2026
@ducnmm ducnmm merged commit 16906a7 into main Apr 30, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants