feat: fix critical gaps — security, audit logging, uploads, CI/CD#8
Merged
feat: fix critical gaps — security, audit logging, uploads, CI/CD#8
Conversation
…D, and more Security: - Add VerifiedOrgId dependency to all org-scoped routes preventing cross-tenant access - Wire audit logging (log_audit) into all 40+ mutation API endpoints Backend fixes: - Fix collector credentials passthrough (was hardcoded None, now reads from Integration model) - Expand Redis caching to risk_service and policy_service with TTL + invalidation - Add real SMTP email sending to notification_service (graceful fallback when unconfigured) - Add SMTP config settings (SMTP_HOST, SMTP_PORT, SMTP_USER, etc.) Frontend features: - Evidence page: add create evidence form + file upload + download buttons - Integrations page: add real connect flow with credential fields per provider - Public trust center: new /trust/[slug] page with hero, certifications, documents - API client: add multipart upload method for file uploads Infrastructure: - GitHub Actions CI: backend lint+test, frontend lint+typecheck+build, docker build, security scan - Makefile with dev, build, lint, test, migrate, seed, clean targets - Pre-commit hooks config (trailing whitespace, ruff lint+format) - Alembic migration 0000: base phase 1 tables (organizations, users, frameworks, controls, etc.) - Alembic migration 0006: v0.5 tables (notifications, auditor_profiles, embeddings) - Chain migration 0001 to depend on 0000 Version bumped to 0.6.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive gap-fix release addressing 12 issues found during deep audit of the codebase.
Security Fixes
VerifiedOrgIddependency to ALL org-scoped routes (20+ route files, 100+ endpoints). Previously, any authenticated user could access any org's data by changing the URL path parameter.log_audit()now called from all 40+ mutation endpoints (create/update/delete across controls, policies, risks, evidence, incidents, vendors, training, monitoring, integrations)Backend Fixes
credentials=Nonehardcode incollection_service.py— now reads real credentials fromIntegration.credentials_refrisk_serviceandpolicy_service(joins existingcontrol_serviceandframework_service)smtplibwith TLS support; graceful fallback to logging when SMTP not configuredSMTP_HOST,SMTP_PORT,SMTP_USER,SMTP_PASSWORD,SMTP_FROM_EMAIL,SMTP_USE_TLSFrontend Features
/trust/[slug]route — public page with hero, certifications grid, documents, NDA section, contactupload()method for multipart/form-data file uploadsInfrastructure
0000_phase1base migration (was missing) +0006_v05for notifications/auditor/embeddings tables. Fixed migration chain.Stats
Test plan
alembic upgrade headfrom clean DB🤖 Generated with Claude Code