mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 3 Actions Packages Projects Releases 2 Wiki Activity
274 Commits 81 Branches 4 Tags
7101864a15c141231775ac15b9c2ab5f25b8688b
Commit Graph

4 Commits

Author SHA1 Message Date
Jason Woltje
e3479aeffd fix(#188): sanitize Discord error logs to prevent secret exposure 
P1 SECURITY FIX - Prevents credential leakage through error logs

Changes:
1. Created comprehensive log sanitization utility (log-sanitizer.ts)
   - Detects and redacts API keys, tokens, passwords, emails
   - Deep object traversal with circular reference detection
   - Preserves Error objects and non-sensitive data
   - Performance optimized (<100ms for 1000+ keys)

2. Integrated sanitizer into Discord service error logging
   - All error logs automatically sanitized before Discord broadcast
   - Prevents bot tokens, API keys, passwords from being exposed

3. Comprehensive test suite (32 tests, 100% passing)
   - Tests all sensitive pattern detection
   - Verifies deep object sanitization
   - Validates performance requirements

Security Patterns Redacted:
- API keys (sk_live_*, pk_test_*)
- Bearer tokens and JWT tokens
- Discord bot tokens
- Authorization headers
- Database credentials
- Email addresses
- Environment secrets
- Generic password patterns

Test Coverage: 97.43% (exceeds 85% requirement)

Fixes #188

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 12:24:29 -06:00
Jason Woltje
cc6a5edfdf fix(#183): remove hardcoded workspace ID from Discord service 
Remove critical security vulnerability where Discord service used hardcoded
"default-workspace" ID, bypassing Row-Level Security policies and creating
potential for cross-tenant data leakage.

Changes:
- Add DISCORD_WORKSPACE_ID environment variable requirement
- Add validation in connect() to require workspace configuration
- Replace hardcoded workspace ID with configured value
- Add 3 new tests for workspace configuration
- Update .env.example with security documentation

Security Impact:
- Multi-tenant isolation now properly enforced
- Each Discord bot instance must be configured for specific workspace
- Service fails fast if workspace ID not configured

Breaking Change:
- Existing deployments must set DISCORD_WORKSPACE_ID environment variable

Tests: All 21 Discord service tests passing (100%)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-02 11:41:38 -06:00
Jason Woltje
e689a1379c feat(#171): Implement chat command parsing 
Add command parsing layer for chat integration (Discord, Mattermost, Slack).

Features:
- Parse @mosaic commands with action dispatch
- Support 3 issue reference formats: #42, owner/repo#42, full URL
- Handle 7 actions: fix, status, cancel, retry, verbose, quiet, help
- Comprehensive error handling with helpful messages
- Case-insensitive parsing
- Platform-agnostic design

Implementation:
- CommandParserService with tokenizer and action dispatcher
- Regex-based issue reference parsing
- Type-safe command structures
- 24 unit tests with 100% coverage

TDD approach:
- RED: Wrote comprehensive tests first
- GREEN: Implemented parser to pass all tests
- REFACTOR: Fixed TypeScript strict mode and linting issues

Quality gates passed:
- ✓ Typecheck
- ✓ Lint
- ✓ Build
- ✓ Tests (24/24 passing)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 21:32:53 -06:00
Jason Woltje
4ac21d1a3a feat(#170): Implement mosaic-bridge module for Discord 
Created the mosaic-bridge module to enable Discord integration for
chat-based control of Mosaic Stack. This module provides the foundation
for receiving commands via Discord and forwarding them to the stitcher
for job orchestration.

Key Features:
- Discord bot connection and authentication
- Command parsing (@mosaic fix, status, cancel, verbose, quiet, help)
- Thread management for job updates
- Chat provider interface for future platform extensibility
- Noise management (low/medium/high verbosity levels)

Implementation Details:
- Created IChatProvider interface for platform abstraction
- Implemented DiscordService with Discord.js
- Basic command parsing (detailed parsing in #171)
- Thread creation for job-specific updates
- Configuration via environment variables

Commands Supported:
- @mosaic fix <issue> - Start job for issue
- @mosaic status <job> - Get job status (placeholder)
- @mosaic cancel <job> - Cancel running job (placeholder)
- @mosaic verbose <job> - Stream full logs (placeholder)
- @mosaic quiet - Reduce notifications (placeholder)
- @mosaic help - Show available commands

Testing:
- 23/23 tests passing (TDD approach)
- Unit tests for Discord service
- Module integration tests
- 100% coverage of critical paths

Quality Gates:
- Typecheck: PASSED
- Lint: PASSED
- Build: PASSED
- Tests: PASSED (23/23)

Environment Variables:
- DISCORD_BOT_TOKEN - Bot authentication token
- DISCORD_GUILD_ID - Server/Guild ID (optional)
- DISCORD_CONTROL_CHANNEL_ID - Channel for commands

Files Created:
- apps/api/src/bridge/bridge.module.ts
- apps/api/src/bridge/discord/discord.service.ts
- apps/api/src/bridge/interfaces/chat-provider.interface.ts
- apps/api/src/bridge/index.ts
- Full test coverage

Dependencies Added:
- discord.js@latest

Next Steps:
- Issue #171: Implement detailed command parsing
- Issue #172: Add Herald integration for job updates
- Future: Add Slack, Matrix support via IChatProvider

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 21:26:40 -06:00