fetch_ml

jfraeysd/fetch_ml

Fork 0

Commit graph

Author	SHA1	Message	Date
Jeremie Fraeys	66f262d788	security: improve audit, crypto, and config handling - Enhance audit checkpoint system - Update KMS provider and tenant key management - Refine configuration constants - Improve TUI config handling	2026-03-04 13:23:42 -05:00
Jeremie Fraeys	e1ec255ad2	refactor(crypto): integrate KMS with TenantKeyManager Replace in-memory root keys with KMS interface: - GenerateDataEncryptionKey: generate DEK, wrap via KMS, cache - UnwrapDataEncryptionKey: cache check, KMS decrypt, cache store - EncryptArtifact/DecryptArtifact: use DEK from KMS - RotateTenantKey: create new KMS key, flush cache - RevokeTenant: disable KMS key, schedule deletion per ADR-015 Remove deprecated methods: wrapKey, unwrapKey (replaced by KMS)	2026-03-03 19:14:27 -05:00
Jeremie Fraeys	a981e89005	feat(security): add audit subsystem and tenant isolation Implement comprehensive audit and security infrastructure: - Immutable audit logs with platform-specific backends (Linux/Other) - Sealed log entries with tamper-evident checksums - Audit alert system for real-time security notifications - Log rotation with retention policies - Checkpoint-based audit verification Add multi-tenant security features: - Tenant manager with quota enforcement - Middleware for tenant authentication/authorization - Per-tenant cryptographic key isolation - Supply chain security for container verification - Cross-platform secure file utilities (Unix/Windows) Add test coverage: - Unit tests for audit alerts and sealed logs - Platform-specific audit backend tests	2026-02-26 12:03:45 -05:00

Author

SHA1

Message

Date

Jeremie Fraeys

66f262d788

security: improve audit, crypto, and config handling

- Enhance audit checkpoint system
- Update KMS provider and tenant key management
- Refine configuration constants
- Improve TUI config handling

2026-03-04 13:23:42 -05:00

Jeremie Fraeys

e1ec255ad2

refactor(crypto): integrate KMS with TenantKeyManager

Replace in-memory root keys with KMS interface:
- GenerateDataEncryptionKey: generate DEK, wrap via KMS, cache
- UnwrapDataEncryptionKey: cache check, KMS decrypt, cache store
- EncryptArtifact/DecryptArtifact: use DEK from KMS
- RotateTenantKey: create new KMS key, flush cache
- RevokeTenant: disable KMS key, schedule deletion per ADR-015

Remove deprecated methods: wrapKey, unwrapKey (replaced by KMS)

2026-03-03 19:14:27 -05:00

Jeremie Fraeys

a981e89005

feat(security): add audit subsystem and tenant isolation

Implement comprehensive audit and security infrastructure:
- Immutable audit logs with platform-specific backends (Linux/Other)
- Sealed log entries with tamper-evident checksums
- Audit alert system for real-time security notifications
- Log rotation with retention policies
- Checkpoint-based audit verification

Add multi-tenant security features:
- Tenant manager with quota enforcement
- Middleware for tenant authentication/authorization
- Per-tenant cryptographic key isolation
- Supply chain security for container verification
- Cross-platform secure file utilities (Unix/Windows)

Add test coverage:
- Unit tests for audit alerts and sealed logs
- Platform-specific audit backend tests

2026-02-26 12:03:45 -05:00

3 commits