jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/internal
History
Jeremie Fraeys a8180f1f26
feat(security): HIPAA compliance mode and PHI denylist validation 
Add compliance_mode field to Config with strict HIPAA validation:
- Requires SnapshotStore.Secure=true in HIPAA mode
- Requires NetworkMode="none" for tenant isolation
- Requires non-empty SeccompProfile
- Requires NoNewPrivileges=true
- Enforces credentials via environment variables only (no inline YAML)

Add PHI denylist validation for AllowedSecrets:
- Blocks secrets matching patterns: patient, ssn, mrn, medical_record,
  diagnosis, dob, birth, mrn_number, patient_id, patient_name
- Prevents accidental PHI exfiltration via secret channels

Add comprehensive test coverage in hipaa_validation_test.go:
- Network mode enforcement tests
- NoNewPrivileges requirement tests
- Seccomp profile validation tests
- Inline credential rejection tests
- PHI denylist validation tests

Closes: compliance_mode, PHI denylist items from security plan
2026-02-23 19:43:19 -05:00
..
api refactor(api): internal refactoring for TUI and worker modules 2026-02-20 15:51:23 -05:00
audit feat(security): implement comprehensive security hardening phases 1-5,7 2026-02-23 18:00:33 -05:00
auth fix(auth): make DeleteAPIKey resilient to keyring errors 2026-02-21 21:19:46 -05:00
config refactor(api): internal refactoring for TUI and worker modules 2026-02-20 15:51:23 -05:00
container feat(security): implement comprehensive security hardening phases 1-5,7 2026-02-23 18:00:33 -05:00
controller Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
crypto feat: implement Argon2id hashing and Ed25519 manifest signing 2026-02-19 15:34:20 -05:00
domain refactor(api): internal refactoring for TUI and worker modules 2026-02-20 15:51:23 -05:00
envpool feat(worker): add integrity checks, snapshot staging, and prewarm support 2026-01-05 12:31:13 -05:00
errtypes feat: implement research-grade maintainability phases 1,3,4,7 2026-02-18 15:27:50 -05:00
experiment refactor: adopt PathRegistry in experiment manager 2026-02-18 16:53:41 -05:00
fileutil feat(security): implement comprehensive security hardening phases 1-5,7 2026-02-23 18:00:33 -05:00
jupyter refactor: remove dead code and fix unused variables 2026-02-23 18:03:38 -05:00
logging refactor(api): internal refactoring for TUI and worker modules 2026-02-20 15:51:23 -05:00
manifest feat: add manifest signing and native hashing support 2026-02-19 15:34:39 -05:00
metrics refactor: Phase 6 - Complete migration, remove legacy files 2026-02-17 14:39:48 -05:00
middleware fix: resolve TODOs and standardize tests 2026-02-19 15:34:59 -05:00
network refactor(dependency-hygiene): Move path functions from config to storage 2026-02-17 21:15:23 -05:00
privacy feat: Privacy and PII detection 2026-02-18 21:27:23 -05:00
prommetrics feat(api): refactor websocket handlers; add health and prometheus middleware 2026-01-05 12:31:07 -05:00
queue feat: native GPU detection and NVML bridge for macOS and Linux 2026-02-21 17:59:59 -05:00
resources feat(worker): add integrity checks, snapshot staging, and prewarm support 2026-01-05 12:31:13 -05:00
security feat: add security monitoring and validation framework 2026-02-19 15:34:25 -05:00
storage feat(security): implement comprehensive security hardening phases 1-5,7 2026-02-23 18:00:33 -05:00
telemetry Fix multi-user authentication and clean up debug code 2025-12-06 12:35:32 -05:00
tracking feat(tracking): add pluggable tracking backends and audit support 2026-01-05 12:33:57 -05:00
validation feat: add security monitoring and validation framework 2026-02-19 15:34:25 -05:00
worker feat(security): HIPAA compliance mode and PHI denylist validation 2026-02-23 19:43:19 -05:00
workertest refactor(worker): update worker tests and native bridge 2026-02-23 18:04:22 -05:00