Skip to content

fix(security): implement comprehensive security hardening baseline (v…#13

Merged
jonathanmagambo merged 1 commit into
mainfrom
fix/security-hardening
Mar 8, 2026
Merged

fix(security): implement comprehensive security hardening baseline (v…#13
jonathanmagambo merged 1 commit into
mainfrom
fix/security-hardening

Conversation

@jonathanmagambo
Copy link
Copy Markdown
Collaborator

@jonathanmagambo jonathanmagambo commented Mar 8, 2026

This commit addresses several critical security vulnerabilities and aligns the system with 'Secure by Default' principles:

  • HMAC-Signed Opaque Cursors: Replaced raw document IDs in pagination with signed envelopes to prevent ID guessing and cursor tampering.
  • Cedar UID Escaping: Prevented Cedar code injection by robustly escaping Entity UIDs in AuthContext.
  • Mandatory Policy Validation: Added strict schema validation at the engine level to catch policy logic bugs at startup.
  • Metadata Protection: Moved the schema introspection endpoint behind authentication.
  • DoS Mitigations: Enforced request body limits (5MiB) and implemented safe MessagePack-to-JSON transcoding to handle poisoned binary fields.
  • URI Normalization: Hardened segment extraction in authorization middleware to prevent spoofing via malformed paths.

@jonathanmagambo
fix(security): implement comprehensive security hardening baseline (v…
12ac60d 
…0.3.0)

This commit addresses several critical security vulnerabilities and aligns the
system with 'Secure by Default' principles:

- HMAC-Signed Opaque Cursors: Replaced raw document IDs in pagination with
  signed envelopes to prevent ID guessing and cursor tampering.
- Cedar UID Escaping: Prevented Cedar code injection by robustly escaping
  Entity UIDs in AuthContext.
- Mandatory Policy Validation: Added strict schema validation at the engine
  level to catch policy logic bugs at startup.
- Metadata Protection: Moved the schema introspection endpoint behind
  authentication.
- DoS Mitigations: Enforced request body limits (5MiB) and implemented safe
  MessagePack-to-JSON transcoding to handle poisoned binary fields.
- URI Normalization: Hardened segment extraction in authorization middleware
  to prevent spoofing via malformed paths.
@jonathanmagambo jonathanmagambo merged commit 918cfdb into main Mar 8, 2026
2 checks passed
@jonathanmagambo jonathanmagambo deleted the fix/security-hardening branch March 8, 2026 02:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonathanmagambo