Skip to content

Security: audit trail, dependency scanning, webhook signatures, lockouts#536

Merged
Smartdevs17 merged 2 commits into
Smartdevs17:mainfrom
BigDella:security/audit-deps-webhooks-lockout
Jun 26, 2026
Merged

Security: audit trail, dependency scanning, webhook signatures, lockouts#536
Smartdevs17 merged 2 commits into
Smartdevs17:mainfrom
BigDella:security/audit-deps-webhooks-lockout

Conversation

@BigDella

@BigDella BigDella commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add immutable audit hash-chain logging, verification, anchoring, export support, retention metadata, and admin audit viewer.
  • Add webhook HMAC-SHA256 signatures with timestamp replay protection, signature versions, body signature metadata, SDK verification helper, and optional payload encryption.
  • Add account/IP brute-force protection with progressive delays, lockouts, unlock flow hooks, login attempt audit events, and Prisma models.
  • Add dependency vulnerability scanning workflow, aggregation policy/reporting, scheduled scans, Slack/issue notifications, and expanded Dependabot coverage.

Verification

  • npm run build --workspace packages/sdk
  • npx tsc --module NodeNext --moduleResolution NodeNext --target ES2022 --strict --esModuleInterop --skipLibCheck --noEmit backend/src/audit/immutable-logger.ts backend/src/audit/chain-verifier.ts backend/src/audit/anchor-service.ts backend/src/audit/prisma-audit-store.ts backend/src/middleware/brute-force.ts backend/src/services/auth/lockout-manager.ts backend/src/services/webhooks/signer.ts backend/src/services/webhooks/encryption.ts
  • AUDIT_PERSISTENCE=memory npx tsx -e "...audit smoke test..."
  • SECURITY_REPORT_DIR=/tmp/agenticpay-empty-reports node scripts/security/aggregate-vulnerability-reports.mjs

Known existing blockers

  • Full backend build still fails on pre-existing project-wide TypeScript errors unrelated to this branch.
  • Full frontend build still fails on pre-existing missing UI modules (table/textarea) and dashboard layout client metadata/Sentry instrumentation issues unrelated to this branch.

Closes #515
Closes #516
Closes #517
Closes #518

@vercel

vercel Bot commented Jun 26, 2026

Copy link
Copy Markdown

@BigDella is attempting to deploy a commit to the smartdevs17's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave

drips-wave Bot commented Jun 26, 2026

Copy link
Copy Markdown

@BigDella Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Smartdevs17 Smartdevs17 merged commit 038925c into Smartdevs17:main Jun 26, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

2 participants

@BigDella @Smartdevs17